# Flog Txt Version 1 # Analyzer Version: 3.1.1 # Analyzer Build Date: Sep 16 2019 10:43:25 # Log Creation Date: 24.09.2019 17:55:42.775 Process: id = "1" image_name = "454364vodafone-e-fatura.exe" filename = "c:\\users\\fd1hvy\\desktop\\454364vodafone-e-fatura.exe" page_root = "0x75177000" os_pid = "0xa98" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "analysis_target" parent_id = "0" os_parent_pid = "0x0" cmd_line = "\"C:\\Users\\FD1HVy\\Desktop\\454364vodafone-e-fatura.exe\" " cur_dir = "C:\\Users\\FD1HVy\\Desktop\\" os_username = "NQDPDE\\FD1HVy" bitness = "32" os_groups = "NQDPDE\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:000103c1" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 1 os_tid = 0xdf0 [0037.458] IsProcessorFeaturePresent (ProcessorFeature=0xa) returned 1 [0037.458] LoadLibraryExW (lpLibFileName="?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ鑮ýĀ") returned 256 [0037.507] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ鑮ýĀ", cchSrc=256, lpCharType=0x4ff17c | out: lpCharType=0x4ff17c) returned 1 [0037.507] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x4ff77c, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0037.507] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x4ff77c, cbMultiByte=256, lpWideCharStr=0x4feeb8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ琶ýĀ") returned 256 [0037.507] LoadLibraryExW (lpLibFileName="?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ琶ýĀ", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256 [0037.507] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ琶ýĀ", cchSrc=256, lpDestStr=0x4feca8, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȈ") returned 256 [0037.507] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȈ", cchWideChar=256, lpMultiByteStr=0x4ff67c, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ²X\n£¸øO", lpUsedDefaultChar=0x0) returned 256 [0037.507] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x4ff77c, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0037.507] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x4ff77c, cbMultiByte=256, lpWideCharStr=0x4feed8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0037.507] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256 [0037.507] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x4fecc8, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸȈ") returned 256 [0037.507] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸȈ", cchWideChar=256, lpMultiByteStr=0x4ff57c, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x8a\x9b\x8c\x9d\x8e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞ\x9f \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ²X\n£¸øO", lpUsedDefaultChar=0x0) returned 256 [0037.508] RtlAllocateHeap (HeapHandle=0x730000, Flags=0x0, Size=0x80) returned 0x734ca8 [0037.508] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x100add8, nSize=0x104 | out: lpFilename="C:\\Users\\FD1HVy\\Desktop\\454364vodafone-e-fatura.exe" (normalized: "c:\\users\\fd1hvy\\desktop\\454364vodafone-e-fatura.exe")) returned 0x33 [0037.508] RtlAllocateHeap (HeapHandle=0x730000, Flags=0x8, Size=0x3c) returned 0x734a20 [0037.508] RtlInitializeSListHead (in: ListHead=0x100a9d0 | out: ListHead=0x100a9d0) [0037.508] GetLastError () returned 0x0 [0037.508] SetLastError (dwErrCode=0x0) [0037.508] GetEnvironmentStringsW () returned 0x73fe50* [0037.508] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ALLUSERSPROFILE=C:\\ProgramData", cchWideChar=1381, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1381 [0037.508] RtlAllocateHeap (HeapHandle=0x730000, Flags=0x0, Size=0x565) returned 0x740928 [0037.508] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ALLUSERSPROFILE=C:\\ProgramData", cchWideChar=1381, lpMultiByteStr=0x740928, cbMultiByte=1381, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ALLUSERSPROFILE=C:\\ProgramData", lpUsedDefaultChar=0x0) returned 1381 [0037.508] FreeEnvironmentStringsW (penv=0x73fe50) returned 1 [0037.508] RtlAllocateHeap (HeapHandle=0x730000, Flags=0x8, Size=0x94) returned 0x734ed0 [0037.508] RtlAllocateHeap (HeapHandle=0x730000, Flags=0x8, Size=0x1f) returned 0x734c68 [0037.508] RtlAllocateHeap (HeapHandle=0x730000, Flags=0x8, Size=0x28) returned 0x734e80 [0037.508] RtlAllocateHeap (HeapHandle=0x730000, Flags=0x8, Size=0x37) returned 0x73d9c8 [0037.508] RtlAllocateHeap (HeapHandle=0x730000, Flags=0x8, Size=0x3c) returned 0x73a188 [0037.508] RtlAllocateHeap (HeapHandle=0x730000, Flags=0x8, Size=0x31) returned 0x73dbd0 [0037.508] RtlAllocateHeap (HeapHandle=0x730000, Flags=0x8, Size=0x14) returned 0x73a1d0 [0037.508] RtlAllocateHeap (HeapHandle=0x730000, Flags=0x8, Size=0x24) returned 0x7345a8 [0037.508] RtlAllocateHeap (HeapHandle=0x730000, Flags=0x8, Size=0xd) returned 0x7383d0 [0037.508] RtlAllocateHeap (HeapHandle=0x730000, Flags=0x8, Size=0x17) returned 0x7345d8 [0037.508] RtlAllocateHeap (HeapHandle=0x730000, Flags=0x8, Size=0x2b) returned 0x738cf8 [0037.508] RtlAllocateHeap (HeapHandle=0x730000, Flags=0x8, Size=0x15) returned 0x7345f8 [0037.508] RtlAllocateHeap (HeapHandle=0x730000, Flags=0x8, Size=0x17) returned 0x73feb8 [0037.508] RtlAllocateHeap (HeapHandle=0x730000, Flags=0x8, Size=0x22) returned 0x738978 [0037.508] RtlAllocateHeap (HeapHandle=0x730000, Flags=0x8, Size=0xe) returned 0x7383e8 [0037.508] RtlAllocateHeap (HeapHandle=0x730000, Flags=0x8, Size=0xc1) returned 0x738ef0 [0037.508] RtlAllocateHeap (HeapHandle=0x730000, Flags=0x8, Size=0x3e) returned 0x7389a8 [0037.509] RtlAllocateHeap (HeapHandle=0x730000, Flags=0x8, Size=0x1b) returned 0x7350a8 [0037.509] RtlAllocateHeap (HeapHandle=0x730000, Flags=0x8, Size=0x1d) returned 0x7350d0 [0037.509] RtlAllocateHeap (HeapHandle=0x730000, Flags=0x8, Size=0x48) returned 0x7347e0 [0037.509] RtlAllocateHeap (HeapHandle=0x730000, Flags=0x8, Size=0x12) returned 0x73ff58 [0037.509] RtlAllocateHeap (HeapHandle=0x730000, Flags=0x8, Size=0x18) returned 0x740038 [0037.509] RtlAllocateHeap (HeapHandle=0x730000, Flags=0x8, Size=0x1b) returned 0x734830 [0037.509] RtlAllocateHeap (HeapHandle=0x730000, Flags=0x8, Size=0x24) returned 0x7404f0 [0037.509] RtlAllocateHeap (HeapHandle=0x730000, Flags=0x8, Size=0x29) returned 0x738e10 [0037.509] RtlAllocateHeap (HeapHandle=0x730000, Flags=0x8, Size=0x1e) returned 0x7350f8 [0037.509] RtlAllocateHeap (HeapHandle=0x730000, Flags=0x8, Size=0x6b) returned 0x738800 [0037.509] RtlAllocateHeap (HeapHandle=0x730000, Flags=0x8, Size=0x17) returned 0x740158 [0037.509] RtlAllocateHeap (HeapHandle=0x730000, Flags=0x8, Size=0xf) returned 0x7382c8 [0037.509] RtlAllocateHeap (HeapHandle=0x730000, Flags=0x8, Size=0x16) returned 0x7400b8 [0037.509] RtlAllocateHeap (HeapHandle=0x730000, Flags=0x8, Size=0x28) returned 0x740610 [0037.509] RtlAllocateHeap (HeapHandle=0x730000, Flags=0x8, Size=0x27) returned 0x740400 [0037.509] RtlAllocateHeap (HeapHandle=0x730000, Flags=0x8, Size=0x12) returned 0x740178 [0037.509] RtlAllocateHeap (HeapHandle=0x730000, Flags=0x8, Size=0x21) returned 0x7403d0 [0037.509] RtlAllocateHeap (HeapHandle=0x730000, Flags=0x8, Size=0x10) returned 0x738298 [0037.509] RtlAllocateHeap (HeapHandle=0x730000, Flags=0x8, Size=0x1c) returned 0x7304b8 [0037.509] RtlAllocateHeap (HeapHandle=0x730000, Flags=0x8, Size=0x12) returned 0x73ff78 [0037.509] HeapFree (in: hHeap=0x730000, dwFlags=0x0, lpMem=0x740928 | out: hHeap=0x730000) returned 1 [0037.509] QueryPerformanceFrequency (in: lpFrequency=0x4ff8f8 | out: lpFrequency=0x4ff8f8*=100000000) returned 1 [0037.509] QueryPerformanceCounter (in: lpPerformanceCount=0x4ff8f0 | out: lpPerformanceCount=0x4ff8f0*=12873417597) returned 1 [0037.509] RtlAllocateHeap (HeapHandle=0x730000, Flags=0x8, Size=0x800) returned 0x740660 [0037.509] IsProcessorFeaturePresent (ProcessorFeature=0xa) returned 1 [0037.509] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0xfcdb6f) returned 0x0 [0037.510] GetCPInfo (in: CodePage=0x0, lpCPInfo=0x4ff8e4 | out: lpCPInfo=0x4ff8e4) returned 1 [0037.516] GetCurrentProcess () returned 0xffffffff [0037.516] GetProcessAffinityMask (in: hProcess=0xffffffff, lpProcessAffinityMask=0x4ff8a8, lpSystemAffinityMask=0x4ff8a4 | out: lpProcessAffinityMask=0x4ff8a8, lpSystemAffinityMask=0x4ff8a4) returned 1 [0037.517] GetCurrentProcess () returned 0xffffffff [0037.517] GetProcessAffinityMask (in: hProcess=0xffffffff, lpProcessAffinityMask=0x4ff8bc, lpSystemAffinityMask=0x4ff8b8 | out: lpProcessAffinityMask=0x4ff8bc, lpSystemAffinityMask=0x4ff8b8) returned 1 [0037.517] GetStartupInfoW (in: lpStartupInfo=0x4ff8d8 | out: lpStartupInfo=0x4ff8d8*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Users\\FD1HVy\\Desktop\\454364vodafone-e-fatura.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x401, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x10001, hStdError=0x0)) [0037.518] GetModuleHandleW (lpModuleName="kernel32") returned 0x75e90000 [0037.518] GetProcAddress (hModule=0x75e90000, lpProcName="SetDllDirectoryW") returned 0x75ee2580 [0037.518] SetDllDirectoryW (lpPathName="") returned 1 [0037.518] GetProcAddress (hModule=0x75e90000, lpProcName="SetDefaultDllDirectories") returned 0x7500d900 [0037.518] SetDefaultDllDirectories (DirectoryFlags=0x800) returned 1 [0037.519] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x4f4770, nSize=0x800 | out: lpFilename="C:\\Users\\FD1HVy\\Desktop\\454364vodafone-e-fatura.exe" (normalized: "c:\\users\\fd1hvy\\desktop\\454364vodafone-e-fatura.exe")) returned 0x33 [0037.519] GetVersionExW (in: lpVersionInformation=0x4f4340*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xe0000, dwMinorVersion=0x20, dwBuildNumber=0x9, dwPlatformId=0x75e90000, szCSDVersion="\x09") | out: lpVersionInformation=0x4f4340*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x3ad7, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0037.519] GetSystemDirectoryW (in: lpBuffer=0x4f3450, uSize=0x800 | out: lpBuffer="C:\\WINDOWS\\system32") returned 0x13 [0037.519] LoadLibraryW (lpLibFileName="C:\\WINDOWS\\system32\\version.dll") returned 0x74140000 [0037.712] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="version.dll", cchCount1=-1, lpString2="DXGIDebug.dll", cchCount2=-1) returned 3 [0037.714] GetSystemDirectoryW (in: lpBuffer=0x4f3450, uSize=0x800 | out: lpBuffer="C:\\WINDOWS\\system32") returned 0x13 [0037.714] LoadLibraryW (lpLibFileName="C:\\WINDOWS\\system32\\DXGIDebug.dll") returned 0x0 [0037.715] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\DXGIDebug.dll" (normalized: "c:\\users\\fd1hvy\\desktop\\dxgidebug.dll")) returned 0xffffffff [0037.715] GetSystemDirectoryW (in: lpBuffer=0x4f3450, uSize=0x800 | out: lpBuffer="C:\\WINDOWS\\system32") returned 0x13 [0037.715] LoadLibraryW (lpLibFileName="C:\\WINDOWS\\system32\\sfc_os.dll") returned 0x74130000 [0037.809] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="sfc_os.dll", cchCount1=-1, lpString2="DXGIDebug.dll", cchCount2=-1) returned 3 [0037.809] GetSystemDirectoryW (in: lpBuffer=0x4f3450, uSize=0x800 | out: lpBuffer="C:\\WINDOWS\\system32") returned 0x13 [0037.809] LoadLibraryW (lpLibFileName="C:\\WINDOWS\\system32\\SSPICLI.DLL") returned 0x74680000 [0037.809] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="SSPICLI.DLL", cchCount1=-1, lpString2="DXGIDebug.dll", cchCount2=-1) returned 3 [0037.809] GetSystemDirectoryW (in: lpBuffer=0x4f3450, uSize=0x800 | out: lpBuffer="C:\\WINDOWS\\system32") returned 0x13 [0037.809] LoadLibraryW (lpLibFileName="C:\\WINDOWS\\system32\\rsaenh.dll") returned 0x74100000 [0038.151] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="rsaenh.dll", cchCount1=-1, lpString2="DXGIDebug.dll", cchCount2=-1) returned 3 [0038.151] GetSystemDirectoryW (in: lpBuffer=0x4f3450, uSize=0x800 | out: lpBuffer="C:\\WINDOWS\\system32") returned 0x13 [0038.151] LoadLibraryW (lpLibFileName="C:\\WINDOWS\\system32\\UXTheme.dll") returned 0x74550000 [0038.879] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="UXTheme.dll", cchCount1=-1, lpString2="DXGIDebug.dll", cchCount2=-1) returned 3 [0038.879] GetSystemDirectoryW (in: lpBuffer=0x4f3450, uSize=0x800 | out: lpBuffer="C:\\WINDOWS\\system32") returned 0x13 [0038.879] LoadLibraryW (lpLibFileName="C:\\WINDOWS\\system32\\dwmapi.dll") returned 0x74520000 [0039.100] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="dwmapi.dll", cchCount1=-1, lpString2="DXGIDebug.dll", cchCount2=-1) returned 1 [0039.100] GetSystemDirectoryW (in: lpBuffer=0x4f3450, uSize=0x800 | out: lpBuffer="C:\\WINDOWS\\system32") returned 0x13 [0039.100] LoadLibraryW (lpLibFileName="C:\\WINDOWS\\system32\\cryptbase.dll") returned 0x74670000 [0039.100] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="cryptbase.dll", cchCount1=-1, lpString2="DXGIDebug.dll", cchCount2=-1) returned 1 [0039.100] GetCurrentDirectoryW (in: nBufferLength=0x800, lpBuffer=0xff2120 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop") returned 0x17 [0039.101] GetSystemDirectoryW (in: lpBuffer=0x4fe808, uSize=0x800 | out: lpBuffer="C:\\WINDOWS\\system32") returned 0x13 [0039.101] LoadLibraryW (lpLibFileName="C:\\WINDOWS\\system32\\riched20.dll") returned 0x744a0000 [0040.585] LoadLibraryExA (lpLibFileName="ole32.dll", hFile=0x0, dwFlags=0x0) returned 0x77920000 [0041.593] GetProcAddress (hModule=0x77920000, lpProcName="OleInitialize") returned 0x77953e50 [0041.593] OleInitialize (pvReserved=0x0) returned 0x0 [0042.033] LoadLibraryExA (lpLibFileName="COMCTL32.dll", hFile=0x0, dwFlags=0x0) returned 0x73ed0000 [0042.929] GetProcAddress (hModule=0x73ed0000, lpProcName="InitCommonControlsEx") returned 0x73f4a480 [0042.929] InitCommonControlsEx (picce=0x4ff82c) returned 1 [0042.933] GdiplusStartup (in: token=0x4ff834, input=0x4ff81c, output=0x0 | out: token=0x4ff834, output=0x0) returned 0x0 [0042.940] LoadLibraryExA (lpLibFileName="SHELL32.dll", hFile=0x0, dwFlags=0x0) returned 0x76480000 [0048.505] GetProcAddress (hModule=0x76480000, lpProcName="SHGetMalloc") returned 0x765edf80 [0048.506] SHGetMalloc (in: ppMalloc=0xff20e8 | out: ppMalloc=0xff20e8*=0x75e4d000) returned 0x0 [0048.506] GetCPInfo (in: CodePage=0x0, lpCPInfo=0x4ff824 | out: lpCPInfo=0x4ff824) returned 1 [0048.507] GetCommandLineW () returned="\"C:\\Users\\FD1HVy\\Desktop\\454364vodafone-e-fatura.exe\" " [0048.508] SetEnvironmentVariableW (lpName="sfxcmd", lpValue="\"C:\\Users\\FD1HVy\\Desktop\\454364vodafone-e-fatura.exe\" ") returned 1 [0048.508] SetEnvironmentVariableW (lpName="sfxpar", lpValue="") returned 1 [0048.508] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x1007938, nSize=0x800 | out: lpFilename="C:\\Users\\FD1HVy\\Desktop\\454364vodafone-e-fatura.exe" (normalized: "c:\\users\\fd1hvy\\desktop\\454364vodafone-e-fatura.exe")) returned 0x33 [0048.508] SetEnvironmentVariableW (lpName="sfxname", lpValue="C:\\Users\\FD1HVy\\Desktop\\454364vodafone-e-fatura.exe") returned 1 [0048.508] GetLocalTime (in: lpSystemTime=0x4ff84c | out: lpSystemTime=0x4ff84c*(wYear=0x7e3, wMonth=0x9, wDayOfWeek=0x2, wDay=0x18, wHour=0x13, wMinute=0x38, wSecond=0x1f, wMilliseconds=0x109)) [0048.508] GetLastError () returned 0x0 [0048.508] SetLastError (dwErrCode=0x0) [0048.508] SetEnvironmentVariableW (lpName="sfxstime", lpValue="2019-09-24-19-56-31-265") returned 1 [0048.508] GetModuleHandleW (lpModuleName=0x0) returned 0xfb0000 [0048.508] LoadLibraryExA (lpLibFileName="USER32.dll", hFile=0x0, dwFlags=0x0) returned 0x74b70000 [0048.509] GetProcAddress (hModule=0x74b70000, lpProcName="LoadIconW") returned 0x74b98420 [0048.509] LoadIconW (hInstance=0xfb0000, lpIconName=0x64) returned 0x130205 [0048.511] GetProcAddress (hModule=0x74b70000, lpProcName="LoadBitmapW") returned 0x74b92b80 [0048.511] LoadBitmapW (hInstance=0xfb0000, lpBitmapName=0x65) returned 0x0 [0048.511] FindResourceW (hModule=0xfb0000, lpName=0x65, lpType="PNG") returned 0x100d3c0 [0048.511] SizeofResource (hModule=0xfb0000, hResInfo=0x100d3c0) returned 0xb45 [0048.511] LoadResource (hModule=0xfb0000, hResInfo=0x100d3c0) returned 0x100d5e4 [0048.511] LockResource (hResData=0x100d5e4) returned 0x100d5e4 [0048.512] GlobalLock (hMem=0x2580004) returned 0x751828 [0048.512] GetProcAddress (hModule=0x77920000, lpProcName="CreateStreamOnHGlobal") returned 0x75d12af0 [0048.512] CreateStreamOnHGlobal (in: hGlobal=0x2580004, fDeleteOnRelease=0, ppstm=0x4ff814 | out: ppstm=0x4ff814*=0x748cc0) returned 0x0 [0048.514] GdipAlloc (size=0x10) returned 0x2571f08 [0048.515] GdipCreateBitmapFromStream (stream=0x748cc0, bitmap=0x4ff7d4) returned 0x0 [0048.914] CMemStm::Release () returned 0x2 [0048.915] GdipCreateHBITMAPFromBitmap (bitmap=0x2571f20, hbmReturn=0x4ff80c, background=0xffffff) returned 0x0 [0048.929] GdipDisposeImage (image=0x2571f20) returned 0x0 [0048.929] GdipFree (ptr=0x2571f08) [0048.929] GlobalUnlock (hMem=0x2580004) returned 0 [0048.929] LoadLibraryExA (lpLibFileName="GDI32.dll", hFile=0x0, dwFlags=0x0) returned 0x75b70000 [0048.929] GetProcAddress (hModule=0x75b70000, lpProcName="GetObjectW") returned 0x75b76d60 [0048.929] GetObjectW (in: h=0x2f050748, c=24, pv=0x4ff820 | out: pv=0x4ff820) returned 24 [0048.930] GetProcAddress (hModule=0x74b70000, lpProcName="GetDC") returned 0x74ba33c0 [0048.930] GetDC (hWnd=0x0) returned 0x10105d6 [0048.930] GetProcAddress (hModule=0x75b70000, lpProcName="GetDeviceCaps") returned 0x75b75c60 [0048.930] GetDeviceCaps (hdc=0x10105d6, index=88) returned 96 [0048.930] GetProcAddress (hModule=0x74b70000, lpProcName="ReleaseDC") returned 0x74b9a480 [0048.930] ReleaseDC (hWnd=0x0, hDC=0x10105d6) returned 1 [0048.930] GetDC (hWnd=0x0) returned 0x10105d6 [0048.930] GetDeviceCaps (hdc=0x10105d6, index=90) returned 96 [0048.930] ReleaseDC (hWnd=0x0, hDC=0x10105d6) returned 1 [0048.930] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\454364vodafone-e-fatura.exe" (normalized: "c:\\users\\fd1hvy\\desktop\\454364vodafone-e-fatura.exe"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8000000, hTemplateFile=0x0) returned 0x22c [0048.931] SetFilePointer (in: hFile=0x22c, lDistanceToMove=0, lpDistanceToMoveHigh=0x4fb7cc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x4fb7cc*=0) returned 0x0 [0048.931] ReadFile (in: hFile=0x22c, lpBuffer=0x4fb7e0, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x4fb79c, lpOverlapped=0x0 | out: lpBuffer=0x4fb7e0*, lpNumberOfBytesRead=0x4fb79c*=0x2000, lpOverlapped=0x0) returned 1 [0048.931] SetFilePointer (in: hFile=0x22c, lDistanceToMove=8176, lpDistanceToMoveHigh=0x4fb7bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x4fb7bc*=0) returned 0x1ff0 [0048.931] SetFilePointer (in: hFile=0x22c, lDistanceToMove=0, lpDistanceToMoveHigh=0x4fb7cc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x4fb7cc*=0) returned 0x1ff0 [0048.931] ReadFile (in: hFile=0x22c, lpBuffer=0x4fb7e0, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x4fb79c, lpOverlapped=0x0 | out: lpBuffer=0x4fb7e0*, lpNumberOfBytesRead=0x4fb79c*=0x2000, lpOverlapped=0x0) returned 1 [0048.931] SetFilePointer (in: hFile=0x22c, lDistanceToMove=16352, lpDistanceToMoveHigh=0x4fb7bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x4fb7bc*=0) returned 0x3fe0 [0048.931] SetFilePointer (in: hFile=0x22c, lDistanceToMove=0, lpDistanceToMoveHigh=0x4fb7cc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x4fb7cc*=0) returned 0x3fe0 [0048.931] ReadFile (in: hFile=0x22c, lpBuffer=0x4fb7e0, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x4fb79c, lpOverlapped=0x0 | out: lpBuffer=0x4fb7e0*, lpNumberOfBytesRead=0x4fb79c*=0x2000, lpOverlapped=0x0) returned 1 [0048.932] SetFilePointer (in: hFile=0x22c, lDistanceToMove=24528, lpDistanceToMoveHigh=0x4fb7bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x4fb7bc*=0) returned 0x5fd0 [0048.932] SetFilePointer (in: hFile=0x22c, lDistanceToMove=0, lpDistanceToMoveHigh=0x4fb7cc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x4fb7cc*=0) returned 0x5fd0 [0048.932] ReadFile (in: hFile=0x22c, lpBuffer=0x4fb7e0, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x4fb79c, lpOverlapped=0x0 | out: lpBuffer=0x4fb7e0*, lpNumberOfBytesRead=0x4fb79c*=0x2000, lpOverlapped=0x0) returned 1 [0048.932] SetFilePointer (in: hFile=0x22c, lDistanceToMove=32704, lpDistanceToMoveHigh=0x4fb7bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x4fb7bc*=0) returned 0x7fc0 [0048.932] SetFilePointer (in: hFile=0x22c, lDistanceToMove=0, lpDistanceToMoveHigh=0x4fb7cc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x4fb7cc*=0) returned 0x7fc0 [0048.932] ReadFile (in: hFile=0x22c, lpBuffer=0x4fb7e0, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x4fb79c, lpOverlapped=0x0 | out: lpBuffer=0x4fb7e0*, lpNumberOfBytesRead=0x4fb79c*=0x2000, lpOverlapped=0x0) returned 1 [0048.932] SetFilePointer (in: hFile=0x22c, lDistanceToMove=40880, lpDistanceToMoveHigh=0x4fb7bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x4fb7bc*=0) returned 0x9fb0 [0048.932] SetFilePointer (in: hFile=0x22c, lDistanceToMove=0, lpDistanceToMoveHigh=0x4fb7cc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x4fb7cc*=0) returned 0x9fb0 [0048.932] ReadFile (in: hFile=0x22c, lpBuffer=0x4fb7e0, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x4fb79c, lpOverlapped=0x0 | out: lpBuffer=0x4fb7e0*, lpNumberOfBytesRead=0x4fb79c*=0x2000, lpOverlapped=0x0) returned 1 [0048.932] SetFilePointer (in: hFile=0x22c, lDistanceToMove=49056, lpDistanceToMoveHigh=0x4fb7bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x4fb7bc*=0) returned 0xbfa0 [0048.932] SetFilePointer (in: hFile=0x22c, lDistanceToMove=0, lpDistanceToMoveHigh=0x4fb7cc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x4fb7cc*=0) returned 0xbfa0 [0048.932] ReadFile (in: hFile=0x22c, lpBuffer=0x4fb7e0, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x4fb79c, lpOverlapped=0x0 | out: lpBuffer=0x4fb7e0*, lpNumberOfBytesRead=0x4fb79c*=0x2000, lpOverlapped=0x0) returned 1 [0048.933] SetFilePointer (in: hFile=0x22c, lDistanceToMove=57232, lpDistanceToMoveHigh=0x4fb7bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x4fb7bc*=0) returned 0xdf90 [0048.933] SetFilePointer (in: hFile=0x22c, lDistanceToMove=0, lpDistanceToMoveHigh=0x4fb7cc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x4fb7cc*=0) returned 0xdf90 [0048.933] ReadFile (in: hFile=0x22c, lpBuffer=0x4fb7e0, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x4fb79c, lpOverlapped=0x0 | out: lpBuffer=0x4fb7e0*, lpNumberOfBytesRead=0x4fb79c*=0x2000, lpOverlapped=0x0) returned 1 [0048.933] SetFilePointer (in: hFile=0x22c, lDistanceToMove=65408, lpDistanceToMoveHigh=0x4fb7bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x4fb7bc*=0) returned 0xff80 [0048.933] SetFilePointer (in: hFile=0x22c, lDistanceToMove=0, lpDistanceToMoveHigh=0x4fb7cc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x4fb7cc*=0) returned 0xff80 [0048.933] ReadFile (in: hFile=0x22c, lpBuffer=0x4fb7e0, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x4fb79c, lpOverlapped=0x0 | out: lpBuffer=0x4fb7e0*, lpNumberOfBytesRead=0x4fb79c*=0x2000, lpOverlapped=0x0) returned 1 [0048.933] SetFilePointer (in: hFile=0x22c, lDistanceToMove=73584, lpDistanceToMoveHigh=0x4fb7bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x4fb7bc*=0) returned 0x11f70 [0048.933] SetFilePointer (in: hFile=0x22c, lDistanceToMove=0, lpDistanceToMoveHigh=0x4fb7cc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x4fb7cc*=0) returned 0x11f70 [0048.933] ReadFile (in: hFile=0x22c, lpBuffer=0x4fb7e0, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x4fb79c, lpOverlapped=0x0 | out: lpBuffer=0x4fb7e0*, lpNumberOfBytesRead=0x4fb79c*=0x2000, lpOverlapped=0x0) returned 1 [0048.933] SetFilePointer (in: hFile=0x22c, lDistanceToMove=81760, lpDistanceToMoveHigh=0x4fb7bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x4fb7bc*=0) returned 0x13f60 [0048.933] SetFilePointer (in: hFile=0x22c, lDistanceToMove=0, lpDistanceToMoveHigh=0x4fb7cc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x4fb7cc*=0) returned 0x13f60 [0048.933] ReadFile (in: hFile=0x22c, lpBuffer=0x4fb7e0, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x4fb79c, lpOverlapped=0x0 | out: lpBuffer=0x4fb7e0*, lpNumberOfBytesRead=0x4fb79c*=0x2000, lpOverlapped=0x0) returned 1 [0048.933] SetFilePointer (in: hFile=0x22c, lDistanceToMove=89936, lpDistanceToMoveHigh=0x4fb7bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x4fb7bc*=0) returned 0x15f50 [0048.933] SetFilePointer (in: hFile=0x22c, lDistanceToMove=0, lpDistanceToMoveHigh=0x4fb7cc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x4fb7cc*=0) returned 0x15f50 [0048.934] ReadFile (in: hFile=0x22c, lpBuffer=0x4fb7e0, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x4fb79c, lpOverlapped=0x0 | out: lpBuffer=0x4fb7e0*, lpNumberOfBytesRead=0x4fb79c*=0x2000, lpOverlapped=0x0) returned 1 [0048.934] SetFilePointer (in: hFile=0x22c, lDistanceToMove=98112, lpDistanceToMoveHigh=0x4fb7bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x4fb7bc*=0) returned 0x17f40 [0048.934] SetFilePointer (in: hFile=0x22c, lDistanceToMove=0, lpDistanceToMoveHigh=0x4fb7cc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x4fb7cc*=0) returned 0x17f40 [0048.934] ReadFile (in: hFile=0x22c, lpBuffer=0x4fb7e0, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x4fb79c, lpOverlapped=0x0 | out: lpBuffer=0x4fb7e0*, lpNumberOfBytesRead=0x4fb79c*=0x2000, lpOverlapped=0x0) returned 1 [0048.934] SetFilePointer (in: hFile=0x22c, lDistanceToMove=106288, lpDistanceToMoveHigh=0x4fb7bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x4fb7bc*=0) returned 0x19f30 [0048.934] SetFilePointer (in: hFile=0x22c, lDistanceToMove=0, lpDistanceToMoveHigh=0x4fb7cc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x4fb7cc*=0) returned 0x19f30 [0048.934] ReadFile (in: hFile=0x22c, lpBuffer=0x4fb7e0, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x4fb79c, lpOverlapped=0x0 | out: lpBuffer=0x4fb7e0*, lpNumberOfBytesRead=0x4fb79c*=0x2000, lpOverlapped=0x0) returned 1 [0048.934] SetFilePointer (in: hFile=0x22c, lDistanceToMove=114464, lpDistanceToMoveHigh=0x4fb7bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x4fb7bc*=0) returned 0x1bf20 [0048.934] SetFilePointer (in: hFile=0x22c, lDistanceToMove=0, lpDistanceToMoveHigh=0x4fb7cc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x4fb7cc*=0) returned 0x1bf20 [0048.934] ReadFile (in: hFile=0x22c, lpBuffer=0x4fb7e0, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x4fb79c, lpOverlapped=0x0 | out: lpBuffer=0x4fb7e0*, lpNumberOfBytesRead=0x4fb79c*=0x2000, lpOverlapped=0x0) returned 1 [0048.934] SetFilePointer (in: hFile=0x22c, lDistanceToMove=122640, lpDistanceToMoveHigh=0x4fb7bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x4fb7bc*=0) returned 0x1df10 [0048.934] SetFilePointer (in: hFile=0x22c, lDistanceToMove=0, lpDistanceToMoveHigh=0x4fb7cc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x4fb7cc*=0) returned 0x1df10 [0048.934] ReadFile (in: hFile=0x22c, lpBuffer=0x4fb7e0, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x4fb79c, lpOverlapped=0x0 | out: lpBuffer=0x4fb7e0*, lpNumberOfBytesRead=0x4fb79c*=0x2000, lpOverlapped=0x0) returned 1 [0048.935] SetFilePointer (in: hFile=0x22c, lDistanceToMove=130816, lpDistanceToMoveHigh=0x4fb7bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x4fb7bc*=0) returned 0x1ff00 [0048.935] SetFilePointer (in: hFile=0x22c, lDistanceToMove=0, lpDistanceToMoveHigh=0x4fb7cc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x4fb7cc*=0) returned 0x1ff00 [0048.935] ReadFile (in: hFile=0x22c, lpBuffer=0x4fb7e0, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x4fb79c, lpOverlapped=0x0 | out: lpBuffer=0x4fb7e0*, lpNumberOfBytesRead=0x4fb79c*=0x2000, lpOverlapped=0x0) returned 1 [0048.935] SetFilePointer (in: hFile=0x22c, lDistanceToMove=138992, lpDistanceToMoveHigh=0x4fb7bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x4fb7bc*=0) returned 0x21ef0 [0048.935] SetFilePointer (in: hFile=0x22c, lDistanceToMove=0, lpDistanceToMoveHigh=0x4fb7cc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x4fb7cc*=0) returned 0x21ef0 [0048.935] ReadFile (in: hFile=0x22c, lpBuffer=0x4fb7e0, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x4fb79c, lpOverlapped=0x0 | out: lpBuffer=0x4fb7e0*, lpNumberOfBytesRead=0x4fb79c*=0x2000, lpOverlapped=0x0) returned 1 [0048.935] SetFilePointer (in: hFile=0x22c, lDistanceToMove=147168, lpDistanceToMoveHigh=0x4fb7bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x4fb7bc*=0) returned 0x23ee0 [0048.935] SetFilePointer (in: hFile=0x22c, lDistanceToMove=0, lpDistanceToMoveHigh=0x4fb7cc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x4fb7cc*=0) returned 0x23ee0 [0048.935] ReadFile (in: hFile=0x22c, lpBuffer=0x4fb7e0, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x4fb79c, lpOverlapped=0x0 | out: lpBuffer=0x4fb7e0*, lpNumberOfBytesRead=0x4fb79c*=0x2000, lpOverlapped=0x0) returned 1 [0048.935] SetFilePointer (in: hFile=0x22c, lDistanceToMove=155344, lpDistanceToMoveHigh=0x4fb7bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x4fb7bc*=0) returned 0x25ed0 [0048.935] SetFilePointer (in: hFile=0x22c, lDistanceToMove=0, lpDistanceToMoveHigh=0x4fb7cc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x4fb7cc*=0) returned 0x25ed0 [0048.935] ReadFile (in: hFile=0x22c, lpBuffer=0x4fb7e0, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x4fb79c, lpOverlapped=0x0 | out: lpBuffer=0x4fb7e0*, lpNumberOfBytesRead=0x4fb79c*=0x2000, lpOverlapped=0x0) returned 1 [0048.935] SetFilePointer (in: hFile=0x22c, lDistanceToMove=163520, lpDistanceToMoveHigh=0x4fb7bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x4fb7bc*=0) returned 0x27ec0 [0048.936] SetFilePointer (in: hFile=0x22c, lDistanceToMove=0, lpDistanceToMoveHigh=0x4fb7cc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x4fb7cc*=0) returned 0x27ec0 [0048.936] ReadFile (in: hFile=0x22c, lpBuffer=0x4fb7e0, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x4fb79c, lpOverlapped=0x0 | out: lpBuffer=0x4fb7e0*, lpNumberOfBytesRead=0x4fb79c*=0x2000, lpOverlapped=0x0) returned 1 [0048.936] SetFilePointer (in: hFile=0x22c, lDistanceToMove=171696, lpDistanceToMoveHigh=0x4fb7bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x4fb7bc*=0) returned 0x29eb0 [0048.936] SetFilePointer (in: hFile=0x22c, lDistanceToMove=0, lpDistanceToMoveHigh=0x4fb7cc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x4fb7cc*=0) returned 0x29eb0 [0048.936] ReadFile (in: hFile=0x22c, lpBuffer=0x4fb7e0, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x4fb79c, lpOverlapped=0x0 | out: lpBuffer=0x4fb7e0*, lpNumberOfBytesRead=0x4fb79c*=0x2000, lpOverlapped=0x0) returned 1 [0048.936] SetFilePointer (in: hFile=0x22c, lDistanceToMove=179872, lpDistanceToMoveHigh=0x4fb7bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x4fb7bc*=0) returned 0x2bea0 [0048.936] SetFilePointer (in: hFile=0x22c, lDistanceToMove=0, lpDistanceToMoveHigh=0x4fb7cc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x4fb7cc*=0) returned 0x2bea0 [0048.936] ReadFile (in: hFile=0x22c, lpBuffer=0x4fb7e0, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x4fb79c, lpOverlapped=0x0 | out: lpBuffer=0x4fb7e0*, lpNumberOfBytesRead=0x4fb79c*=0x2000, lpOverlapped=0x0) returned 1 [0048.936] SetFilePointer (in: hFile=0x22c, lDistanceToMove=188048, lpDistanceToMoveHigh=0x4fb7bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x4fb7bc*=0) returned 0x2de90 [0048.936] SetFilePointer (in: hFile=0x22c, lDistanceToMove=0, lpDistanceToMoveHigh=0x4fb7cc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x4fb7cc*=0) returned 0x2de90 [0048.936] ReadFile (in: hFile=0x22c, lpBuffer=0x4fb7e0, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x4fb79c, lpOverlapped=0x0 | out: lpBuffer=0x4fb7e0*, lpNumberOfBytesRead=0x4fb79c*=0x2000, lpOverlapped=0x0) returned 1 [0048.937] SetFilePointer (in: hFile=0x22c, lDistanceToMove=196224, lpDistanceToMoveHigh=0x4fb7bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x4fb7bc*=0) returned 0x2fe80 [0048.937] SetFilePointer (in: hFile=0x22c, lDistanceToMove=0, lpDistanceToMoveHigh=0x4fb7cc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x4fb7cc*=0) returned 0x2fe80 [0048.937] ReadFile (in: hFile=0x22c, lpBuffer=0x4fb7e0, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x4fb79c, lpOverlapped=0x0 | out: lpBuffer=0x4fb7e0*, lpNumberOfBytesRead=0x4fb79c*=0x2000, lpOverlapped=0x0) returned 1 [0048.937] SetFilePointer (in: hFile=0x22c, lDistanceToMove=204400, lpDistanceToMoveHigh=0x4fb7bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x4fb7bc*=0) returned 0x31e70 [0048.937] SetFilePointer (in: hFile=0x22c, lDistanceToMove=0, lpDistanceToMoveHigh=0x4fb7cc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x4fb7cc*=0) returned 0x31e70 [0048.937] ReadFile (in: hFile=0x22c, lpBuffer=0x4fb7e0, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x4fb79c, lpOverlapped=0x0 | out: lpBuffer=0x4fb7e0*, lpNumberOfBytesRead=0x4fb79c*=0x2000, lpOverlapped=0x0) returned 1 [0048.937] SetFilePointer (in: hFile=0x22c, lDistanceToMove=212576, lpDistanceToMoveHigh=0x4fb7bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x4fb7bc*=0) returned 0x33e60 [0048.937] SetFilePointer (in: hFile=0x22c, lDistanceToMove=0, lpDistanceToMoveHigh=0x4fb7cc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x4fb7cc*=0) returned 0x33e60 [0048.937] ReadFile (in: hFile=0x22c, lpBuffer=0x4fb7e0, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x4fb79c, lpOverlapped=0x0 | out: lpBuffer=0x4fb7e0*, lpNumberOfBytesRead=0x4fb79c*=0x2000, lpOverlapped=0x0) returned 1 [0048.937] SetFilePointer (in: hFile=0x22c, lDistanceToMove=220752, lpDistanceToMoveHigh=0x4fb7bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x4fb7bc*=0) returned 0x35e50 [0048.937] SetFilePointer (in: hFile=0x22c, lDistanceToMove=0, lpDistanceToMoveHigh=0x4fb7cc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x4fb7cc*=0) returned 0x35e50 [0048.937] ReadFile (in: hFile=0x22c, lpBuffer=0x4fb7e0, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x4fb79c, lpOverlapped=0x0 | out: lpBuffer=0x4fb7e0*, lpNumberOfBytesRead=0x4fb79c*=0x2000, lpOverlapped=0x0) returned 1 [0048.938] SetFilePointer (in: hFile=0x22c, lDistanceToMove=228928, lpDistanceToMoveHigh=0x4fb7bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x4fb7bc*=0) returned 0x37e40 [0048.938] SetFilePointer (in: hFile=0x22c, lDistanceToMove=0, lpDistanceToMoveHigh=0x4fb7cc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x4fb7cc*=0) returned 0x37e40 [0048.938] ReadFile (in: hFile=0x22c, lpBuffer=0x4fb7e0, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x4fb79c, lpOverlapped=0x0 | out: lpBuffer=0x4fb7e0*, lpNumberOfBytesRead=0x4fb79c*=0x2000, lpOverlapped=0x0) returned 1 [0048.938] SetFilePointer (in: hFile=0x22c, lDistanceToMove=237104, lpDistanceToMoveHigh=0x4fb7bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x4fb7bc*=0) returned 0x39e30 [0048.938] SetFilePointer (in: hFile=0x22c, lDistanceToMove=0, lpDistanceToMoveHigh=0x4fb7cc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x4fb7cc*=0) returned 0x39e30 [0048.938] ReadFile (in: hFile=0x22c, lpBuffer=0x4fb7e0, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x4fb79c, lpOverlapped=0x0 | out: lpBuffer=0x4fb7e0*, lpNumberOfBytesRead=0x4fb79c*=0x2000, lpOverlapped=0x0) returned 1 [0048.938] SetFilePointer (in: hFile=0x22c, lDistanceToMove=245280, lpDistanceToMoveHigh=0x4fb7bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x4fb7bc*=0) returned 0x3be20 [0048.938] SetFilePointer (in: hFile=0x22c, lDistanceToMove=0, lpDistanceToMoveHigh=0x4fb7cc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x4fb7cc*=0) returned 0x3be20 [0048.938] ReadFile (in: hFile=0x22c, lpBuffer=0x4fb7e0, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x4fb79c, lpOverlapped=0x0 | out: lpBuffer=0x4fb7e0*, lpNumberOfBytesRead=0x4fb79c*=0x2000, lpOverlapped=0x0) returned 1 [0048.938] SetFilePointer (in: hFile=0x22c, lDistanceToMove=253456, lpDistanceToMoveHigh=0x4fb7bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x4fb7bc*=0) returned 0x3de10 [0048.938] SetFilePointer (in: hFile=0x22c, lDistanceToMove=0, lpDistanceToMoveHigh=0x4fb7cc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x4fb7cc*=0) returned 0x3de10 [0048.938] ReadFile (in: hFile=0x22c, lpBuffer=0x4fb7e0, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x4fb79c, lpOverlapped=0x0 | out: lpBuffer=0x4fb7e0*, lpNumberOfBytesRead=0x4fb79c*=0x2000, lpOverlapped=0x0) returned 1 [0048.938] SetFilePointer (in: hFile=0x22c, lDistanceToMove=261632, lpDistanceToMoveHigh=0x4fb7bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x4fb7bc*=0) returned 0x3fe00 [0048.938] SetFilePointer (in: hFile=0x22c, lDistanceToMove=0, lpDistanceToMoveHigh=0x4fb7cc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x4fb7cc*=0) returned 0x3fe00 [0048.939] ReadFile (in: hFile=0x22c, lpBuffer=0x4fb7e0, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x4fb79c, lpOverlapped=0x0 | out: lpBuffer=0x4fb7e0*, lpNumberOfBytesRead=0x4fb79c*=0x2000, lpOverlapped=0x0) returned 1 [0048.939] SetFilePointer (in: hFile=0x22c, lDistanceToMove=269808, lpDistanceToMoveHigh=0x4fb7bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x4fb7bc*=0) returned 0x41df0 [0048.939] SetFilePointer (in: hFile=0x22c, lDistanceToMove=0, lpDistanceToMoveHigh=0x4fb7cc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x4fb7cc*=0) returned 0x41df0 [0048.939] ReadFile (in: hFile=0x22c, lpBuffer=0x4fb7e0, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x4fb79c, lpOverlapped=0x0 | out: lpBuffer=0x4fb7e0*, lpNumberOfBytesRead=0x4fb79c*=0x2000, lpOverlapped=0x0) returned 1 [0048.939] SetFilePointer (in: hFile=0x22c, lDistanceToMove=277984, lpDistanceToMoveHigh=0x4fb7bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x4fb7bc*=0) returned 0x43de0 [0048.939] SetFilePointer (in: hFile=0x22c, lDistanceToMove=0, lpDistanceToMoveHigh=0x4fb7cc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x4fb7cc*=0) returned 0x43de0 [0049.067] ReadFile (in: hFile=0x22c, lpBuffer=0x4fb7e0, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x4fb79c, lpOverlapped=0x0 | out: lpBuffer=0x4fb7e0*, lpNumberOfBytesRead=0x4fb79c*=0x2000, lpOverlapped=0x0) returned 1 [0049.068] SetFilePointer (in: hFile=0x22c, lDistanceToMove=286160, lpDistanceToMoveHigh=0x4fb7bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x4fb7bc*=0) returned 0x45dd0 [0049.068] SetFilePointer (in: hFile=0x22c, lDistanceToMove=0, lpDistanceToMoveHigh=0x4fb7cc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x4fb7cc*=0) returned 0x45dd0 [0049.068] ReadFile (in: hFile=0x22c, lpBuffer=0x4fb7e0, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x4fb79c, lpOverlapped=0x0 | out: lpBuffer=0x4fb7e0*, lpNumberOfBytesRead=0x4fb79c*=0x2000, lpOverlapped=0x0) returned 1 [0049.068] SetFilePointer (in: hFile=0x22c, lDistanceToMove=294336, lpDistanceToMoveHigh=0x4fb7bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x4fb7bc*=0) returned 0x47dc0 [0049.068] SetFilePointer (in: hFile=0x22c, lDistanceToMove=0, lpDistanceToMoveHigh=0x4fb7cc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x4fb7cc*=0) returned 0x47dc0 [0049.068] ReadFile (in: hFile=0x22c, lpBuffer=0x4fb7e0, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x4fb79c, lpOverlapped=0x0 | out: lpBuffer=0x4fb7e0*, lpNumberOfBytesRead=0x4fb79c*=0x2000, lpOverlapped=0x0) returned 1 [0049.068] SetFilePointer (in: hFile=0x22c, lDistanceToMove=302512, lpDistanceToMoveHigh=0x4fb7bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x4fb7bc*=0) returned 0x49db0 [0049.068] SetFilePointer (in: hFile=0x22c, lDistanceToMove=0, lpDistanceToMoveHigh=0x4fb7cc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x4fb7cc*=0) returned 0x49db0 [0049.068] ReadFile (in: hFile=0x22c, lpBuffer=0x4fb7e0, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x4fb79c, lpOverlapped=0x0 | out: lpBuffer=0x4fb7e0*, lpNumberOfBytesRead=0x4fb79c*=0x2000, lpOverlapped=0x0) returned 1 [0049.068] SetFilePointer (in: hFile=0x22c, lDistanceToMove=310688, lpDistanceToMoveHigh=0x4fb7bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x4fb7bc*=0) returned 0x4bda0 [0049.068] SetFilePointer (in: hFile=0x22c, lDistanceToMove=0, lpDistanceToMoveHigh=0x4fb7cc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x4fb7cc*=0) returned 0x4bda0 [0049.068] ReadFile (in: hFile=0x22c, lpBuffer=0x4fb7e0, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x4fb79c, lpOverlapped=0x0 | out: lpBuffer=0x4fb7e0*, lpNumberOfBytesRead=0x4fb79c*=0x2000, lpOverlapped=0x0) returned 1 [0049.069] SetFilePointer (in: hFile=0x22c, lDistanceToMove=318864, lpDistanceToMoveHigh=0x4fb7bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x4fb7bc*=0) returned 0x4dd90 [0049.069] SetFilePointer (in: hFile=0x22c, lDistanceToMove=0, lpDistanceToMoveHigh=0x4fb7cc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x4fb7cc*=0) returned 0x4dd90 [0049.069] ReadFile (in: hFile=0x22c, lpBuffer=0x4fb7e0, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x4fb79c, lpOverlapped=0x0 | out: lpBuffer=0x4fb7e0*, lpNumberOfBytesRead=0x4fb79c*=0x2000, lpOverlapped=0x0) returned 1 [0049.069] SetFilePointer (in: hFile=0x22c, lDistanceToMove=327040, lpDistanceToMoveHigh=0x4fb7bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x4fb7bc*=0) returned 0x4fd80 [0049.069] SetFilePointer (in: hFile=0x22c, lDistanceToMove=0, lpDistanceToMoveHigh=0x4fb7cc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x4fb7cc*=0) returned 0x4fd80 [0049.069] ReadFile (in: hFile=0x22c, lpBuffer=0x4fb7e0, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x4fb79c, lpOverlapped=0x0 | out: lpBuffer=0x4fb7e0*, lpNumberOfBytesRead=0x4fb79c*=0x2000, lpOverlapped=0x0) returned 1 [0049.069] SetFilePointer (in: hFile=0x22c, lDistanceToMove=335216, lpDistanceToMoveHigh=0x4fb7bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x4fb7bc*=0) returned 0x51d70 [0049.069] SetFilePointer (in: hFile=0x22c, lDistanceToMove=0, lpDistanceToMoveHigh=0x4fb7cc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x4fb7cc*=0) returned 0x51d70 [0049.069] ReadFile (in: hFile=0x22c, lpBuffer=0x4fb7e0, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x4fb79c, lpOverlapped=0x0 | out: lpBuffer=0x4fb7e0*, lpNumberOfBytesRead=0x4fb79c*=0x2000, lpOverlapped=0x0) returned 1 [0049.069] SetFilePointer (in: hFile=0x22c, lDistanceToMove=343392, lpDistanceToMoveHigh=0x4fb7bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x4fb7bc*=0) returned 0x53d60 [0049.069] SetFilePointer (in: hFile=0x22c, lDistanceToMove=0, lpDistanceToMoveHigh=0x4fb7cc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x4fb7cc*=0) returned 0x53d60 [0049.069] ReadFile (in: hFile=0x22c, lpBuffer=0x4fb7e0, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x4fb79c, lpOverlapped=0x0 | out: lpBuffer=0x4fb7e0*, lpNumberOfBytesRead=0x4fb79c*=0x2000, lpOverlapped=0x0) returned 1 [0049.070] SetFilePointer (in: hFile=0x22c, lDistanceToMove=351568, lpDistanceToMoveHigh=0x4fb7bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x4fb7bc*=0) returned 0x55d50 [0049.070] SetFilePointer (in: hFile=0x22c, lDistanceToMove=0, lpDistanceToMoveHigh=0x4fb7cc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x4fb7cc*=0) returned 0x55d50 [0049.070] ReadFile (in: hFile=0x22c, lpBuffer=0x4fb7e0, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x4fb79c, lpOverlapped=0x0 | out: lpBuffer=0x4fb7e0*, lpNumberOfBytesRead=0x4fb79c*=0x2000, lpOverlapped=0x0) returned 1 [0049.071] SetFilePointer (in: hFile=0x22c, lDistanceToMove=359744, lpDistanceToMoveHigh=0x4fb7bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x4fb7bc*=0) returned 0x57d40 [0049.071] SetFilePointer (in: hFile=0x22c, lDistanceToMove=0, lpDistanceToMoveHigh=0x4fb7cc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x4fb7cc*=0) returned 0x57d40 [0049.072] ReadFile (in: hFile=0x22c, lpBuffer=0x4fb7e0, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x4fb79c, lpOverlapped=0x0 | out: lpBuffer=0x4fb7e0*, lpNumberOfBytesRead=0x4fb79c*=0x2000, lpOverlapped=0x0) returned 1 [0049.072] SetFilePointer (in: hFile=0x22c, lDistanceToMove=367920, lpDistanceToMoveHigh=0x4fb7bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x4fb7bc*=0) returned 0x59d30 [0049.073] SetFilePointer (in: hFile=0x22c, lDistanceToMove=362498, lpDistanceToMoveHigh=0x4fb7bc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x4fb7bc*=0) returned 0x58802 [0049.073] RtlAllocateHeap (HeapHandle=0x730000, Flags=0x0, Size=0x80002) returned 0x261e020 [0049.086] ReadFile (in: hFile=0x22c, lpBuffer=0x261e020, nNumberOfBytesToRead=0x80000, lpNumberOfBytesRead=0x4fb79c, lpOverlapped=0x0 | out: lpBuffer=0x261e020*, lpNumberOfBytesRead=0x4fb79c*=0x80000, lpOverlapped=0x0) returned 1 [0049.097] CloseHandle (hObject=0x22c) returned 1 [0049.098] GetModuleHandleW (lpModuleName=0x0) returned 0xfb0000 [0049.098] FindResourceW (hModule=0xfb0000, lpName="RTL", lpType=0x5) returned 0x0 [0049.098] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="LTR", cchWideChar=-1, lpMultiByteStr=0x4fe00c, cbMultiByte=4096, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="LTR", lpUsedDefaultChar=0x0) returned 4 [0049.098] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="LTR", cchWideChar=-1, lpMultiByteStr=0x4fd00c, cbMultiByte=4096, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="LTR", lpUsedDefaultChar=0x0) returned 4 [0049.098] GetLastError () returned 0x716 [0049.098] SetLastError (dwErrCode=0x716) [0049.098] GetProcAddress (hModule=0x74b70000, lpProcName="DialogBoxParamW") returned 0x74bc21c0 [0049.099] DialogBoxParamW (hInstance=0xfb0000, lpTemplateName="STARTDLG", hWndParent=0x0, lpDialogFunc=0xfc9b4e, dwInitParam=0x0) returned 0x1 [0049.503] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="STARTDLG", cchWideChar=-1, lpMultiByteStr=0x4eba60, cbMultiByte=4096, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="STARTDLG", lpUsedDefaultChar=0x0) returned 9 [0049.503] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="", cchWideChar=-1, lpMultiByteStr=0x4eaa60, cbMultiByte=4096, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="", lpUsedDefaultChar=0x0) returned 1 [0049.503] GetLastError () returned 0x0 [0049.503] SetLastError (dwErrCode=0x0) [0049.503] GetProcAddress (hModule=0x74b70000, lpProcName="GetWindowRect") returned 0x74b96c50 [0049.503] GetWindowRect (in: hWnd=0xf0216, lpRect=0x4ecec8 | out: lpRect=0x4ecec8) returned 1 [0049.504] GetProcAddress (hModule=0x74b70000, lpProcName="GetClientRect") returned 0x74b89650 [0049.504] GetClientRect (in: hWnd=0xf0216, lpRect=0x4ecee8 | out: lpRect=0x4ecee8) returned 1 [0049.504] GetProcAddress (hModule=0x74b70000, lpProcName="GetWindowTextW") returned 0x74b7eac0 [0049.504] GetWindowTextW (in: hWnd=0xf0216, lpString=0x4ecef8, nMaxCount=1024 | out: lpString="WinRAR self-extracting archive") returned 30 [0049.506] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="STARTDLG", cchWideChar=-1, lpMultiByteStr=0x4ebe80, cbMultiByte=4096, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="STARTDLG", lpUsedDefaultChar=0x0) returned 9 [0049.506] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="WinRAR self-extracting archive", cchWideChar=-1, lpMultiByteStr=0x4eae80, cbMultiByte=4096, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="WinRAR self-extracting archive", lpUsedDefaultChar=0x0) returned 31 [0049.506] GetLastError () returned 0x0 [0049.506] SetLastError (dwErrCode=0x0) [0049.506] GetProcAddress (hModule=0x74b70000, lpProcName="SetWindowTextW") returned 0x74b7d0c0 [0049.506] SetWindowTextW (hWnd=0xf0216, lpString="WinRAR kendi-açılan arşiv") returned 1 [0049.507] GetProcAddress (hModule=0x74b70000, lpProcName="GetSystemMetrics") returned 0x74b9ddc0 [0049.507] GetSystemMetrics (nIndex=8) returned 3 [0049.507] GetProcAddress (hModule=0x74b70000, lpProcName="GetWindow") returned 0x74b9d880 [0049.507] GetWindow (hWnd=0xf0216, uCmd=0x5) returned 0x901ec [0049.507] GetWindowTextW (in: hWnd=0x901ec, lpString=0x4ecef8, nMaxCount=1024 | out: lpString="") returned 0 [0049.508] GetWindow (hWnd=0x901ec, uCmd=0x2) returned 0x60030 [0049.508] GetWindowTextW (in: hWnd=0x60030, lpString=0x4ecef8, nMaxCount=1024 | out: lpString="&Destination folder") returned 19 [0049.508] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="STARTDLG", cchWideChar=-1, lpMultiByteStr=0x4ebe80, cbMultiByte=4096, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="STARTDLG", lpUsedDefaultChar=0x0) returned 9 [0049.508] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="&Destination folder", cchWideChar=-1, lpMultiByteStr=0x4eae80, cbMultiByte=4096, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="&Destination folder", lpUsedDefaultChar=0x0) returned 20 [0049.508] GetLastError () returned 0x0 [0049.508] SetLastError (dwErrCode=0x0) [0049.508] SetWindowTextW (hWnd=0x60030, lpString="Hedef klasör") returned 1 [0049.508] GetWindow (hWnd=0x60030, uCmd=0x2) returned 0x7002e [0049.508] GetWindowTextW (in: hWnd=0x7002e, lpString=0x4ecef8, nMaxCount=1024 | out: lpString="") returned 0 [0049.508] GetWindow (hWnd=0x7002e, uCmd=0x2) returned 0x50212 [0049.508] GetWindowTextW (in: hWnd=0x50212, lpString=0x4ecef8, nMaxCount=1024 | out: lpString="Bro&wse...") returned 10 [0049.508] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="STARTDLG", cchWideChar=-1, lpMultiByteStr=0x4ebe80, cbMultiByte=4096, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="STARTDLG", lpUsedDefaultChar=0x0) returned 9 [0049.508] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Bro&wse...", cchWideChar=-1, lpMultiByteStr=0x4eae80, cbMultiByte=4096, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Bro&wse...", lpUsedDefaultChar=0x0) returned 11 [0049.508] GetLastError () returned 0x0 [0049.508] SetLastError (dwErrCode=0x0) [0049.508] SetWindowTextW (hWnd=0x50212, lpString="Gözat...") returned 1 [0049.508] GetWindow (hWnd=0x50212, uCmd=0x2) returned 0x80016 [0049.508] GetWindowTextW (in: hWnd=0x80016, lpString=0x4ecef8, nMaxCount=1024 | out: lpString="") returned 0 [0049.508] GetWindow (hWnd=0x80016, uCmd=0x2) returned 0x20222 [0049.508] GetWindowTextW (in: hWnd=0x20222, lpString=0x4ecef8, nMaxCount=1024 | out: lpString="") returned 0 [0049.508] GetWindow (hWnd=0x20222, uCmd=0x2) returned 0x80126 [0049.508] GetWindowTextW (in: hWnd=0x80126, lpString=0x4ecef8, nMaxCount=1024 | out: lpString="Installation progress") returned 21 [0049.508] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="STARTDLG", cchWideChar=-1, lpMultiByteStr=0x4ebe80, cbMultiByte=4096, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="STARTDLG", lpUsedDefaultChar=0x0) returned 9 [0049.508] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Installation progress", cchWideChar=-1, lpMultiByteStr=0x4eae80, cbMultiByte=4096, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Installation progress", lpUsedDefaultChar=0x0) returned 22 [0049.508] GetLastError () returned 0x0 [0049.509] SetLastError (dwErrCode=0x0) [0049.509] SetWindowTextW (hWnd=0x80126, lpString="Yükleme ilerlemesi") returned 1 [0049.509] GetWindow (hWnd=0x80126, uCmd=0x2) returned 0x3021c [0049.509] GetWindowTextW (in: hWnd=0x3021c, lpString=0x4ecef8, nMaxCount=1024 | out: lpString="") returned 0 [0049.509] GetWindow (hWnd=0x3021c, uCmd=0x2) returned 0x20226 [0049.509] GetWindowTextW (in: hWnd=0x20226, lpString=0x4ecef8, nMaxCount=1024 | out: lpString="") returned 0 [0049.509] GetWindow (hWnd=0x20226, uCmd=0x2) returned 0x3021e [0049.509] GetWindowTextW (in: hWnd=0x3021e, lpString=0x4ecef8, nMaxCount=1024 | out: lpString="Install") returned 7 [0049.509] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="STARTDLG", cchWideChar=-1, lpMultiByteStr=0x4ebe80, cbMultiByte=4096, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="STARTDLG", lpUsedDefaultChar=0x0) returned 9 [0049.509] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Install", cchWideChar=-1, lpMultiByteStr=0x4eae80, cbMultiByte=4096, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Install", lpUsedDefaultChar=0x0) returned 8 [0049.509] GetLastError () returned 0x0 [0049.509] SetLastError (dwErrCode=0x0) [0049.509] SetWindowTextW (hWnd=0x3021e, lpString="Yükle") returned 1 [0049.509] GetWindow (hWnd=0x3021e, uCmd=0x2) returned 0x20220 [0049.509] GetWindowTextW (in: hWnd=0x20220, lpString=0x4ecef8, nMaxCount=1024 | out: lpString="Cancel") returned 6 [0049.509] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="STARTDLG", cchWideChar=-1, lpMultiByteStr=0x4ebe80, cbMultiByte=4096, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="STARTDLG", lpUsedDefaultChar=0x0) returned 9 [0049.509] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Cancel", cchWideChar=-1, lpMultiByteStr=0x4eae80, cbMultiByte=4096, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Cancel", lpUsedDefaultChar=0x0) returned 7 [0049.509] GetLastError () returned 0x0 [0049.509] SetLastError (dwErrCode=0x0) [0049.509] SetWindowTextW (hWnd=0x20220, lpString="İptal") returned 1 [0049.509] GetWindow (hWnd=0x20220, uCmd=0x2) returned 0x0 [0049.509] GetProcAddress (hModule=0x74b70000, lpProcName="SendMessageW") returned 0x74b807d0 [0049.510] SendMessageW (hWnd=0xf0216, Msg=0x80, wParam=0x1, lParam=0x130205) returned 0x0 [0049.512] GetProcAddress (hModule=0x74b70000, lpProcName="SendDlgItemMessageW") returned 0x74b79370 [0049.512] SendDlgItemMessageW (hDlg=0xf0216, nIDDlgItem=108, Msg=0x172, wParam=0x0, lParam=0x2f050748) returned 0x0 [0049.517] GetProcAddress (hModule=0x74b70000, lpProcName="GetDlgItem") returned 0x74b793b0 [0049.518] GetDlgItem (hDlg=0xf0216, nIDDlgItem=104) returned 0x80016 [0049.518] SendMessageW (hWnd=0x80016, Msg=0x435, wParam=0x0, lParam=0x400000) returned 0x0 [0049.518] GetCurrentDirectoryW (in: nBufferLength=0x800, lpBuffer=0x4fe274 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop") returned 0x17 [0049.518] GetProcAddress (hModule=0x74b70000, lpProcName="GetDlgItem") returned 0x74b793b0 [0049.518] GetDlgItem (hDlg=0xf0216, nIDDlgItem=102) returned 0x7002e [0049.518] SetWindowTextW (hWnd=0x7002e, lpString="C:\\Users\\FD1HVy\\Desktop") returned 1 [0049.518] GetProcAddress (hModule=0x74b70000, lpProcName="GetClassNameW") returned 0x74ba0310 [0049.518] GetClassNameW (in: hWnd=0x7002e, lpClassName=0x4ed680, nMaxCount=80 | out: lpClassName="ComboBox") returned 8 [0049.518] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="ComboBox", cchCount1=-1, lpString2="EDIT", cchCount2=-1) returned 1 [0049.519] GetProcAddress (hModule=0x74b70000, lpProcName="FindWindowExW") returned 0x74b92840 [0049.519] FindWindowExW (hWndParent=0x7002e, hWndChildAfter=0x0, lpszClass="EDIT", lpszWindow=0x0) returned 0x70044 [0049.519] LoadLibraryExA (lpLibFileName="SHLWAPI.dll", hFile=0x0, dwFlags=0x0) returned 0x75f60000 [0049.519] GetProcAddress (hModule=0x75f60000, lpProcName="SHAutoComplete") returned 0x75f86580 [0049.520] SHAutoComplete (hwndEdit=0x70044, dwFlags=0x10) returned 0x0 [0050.602] RtlAllocateHeap (HeapHandle=0x730000, Flags=0x0, Size=0x10c0) returned 0x767d48 [0050.603] RtlAllocateHeap (HeapHandle=0x730000, Flags=0x0, Size=0x10c0) returned 0x768e10 [0050.603] RtlAllocateHeap (HeapHandle=0x730000, Flags=0x0, Size=0x82e0) returned 0x771820 [0050.604] GetCurrentProcess () returned 0xffffffff [0050.604] GetProcessAffinityMask (in: hProcess=0xffffffff, lpProcessAffinityMask=0x4e5988, lpSystemAffinityMask=0x4e5984 | out: lpProcessAffinityMask=0x4e5988, lpSystemAffinityMask=0x4e5984) returned 1 [0050.604] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\454364vodafone-e-fatura.exe" (normalized: "c:\\users\\fd1hvy\\desktop\\454364vodafone-e-fatura.exe"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8000000, hTemplateFile=0x0) returned 0x2a0 [0050.604] ReadFile (in: hFile=0x2a0, lpBuffer=0x4e7be8, nNumberOfBytesToRead=0x7, lpNumberOfBytesRead=0x4e5958, lpOverlapped=0x0 | out: lpBuffer=0x4e7be8*, lpNumberOfBytesRead=0x4e5958*=0x7, lpOverlapped=0x0) returned 1 [0050.604] RtlAllocateHeap (HeapHandle=0x730000, Flags=0x0, Size=0x200000) returned 0x3de8020 [0050.609] SetFilePointer (in: hFile=0x2a0, lDistanceToMove=0, lpDistanceToMoveHigh=0x4e5988*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x4e5988*=0) returned 0x7 [0050.609] ReadFile (in: hFile=0x2a0, lpBuffer=0x3de8020, nNumberOfBytesToRead=0x1ffff0, lpNumberOfBytesRead=0x4e5958, lpOverlapped=0x0 | out: lpBuffer=0x3de8020*, lpNumberOfBytesRead=0x4e5958*=0x11aa12, lpOverlapped=0x0) returned 1 [0050.663] SetFilePointer (in: hFile=0x2a0, lDistanceToMove=371310, lpDistanceToMoveHigh=0x4e5978*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x4e5978*=0) returned 0x5aa6e [0050.663] ReadFile (in: hFile=0x2a0, lpBuffer=0x4e7be8, nNumberOfBytesToRead=0x7, lpNumberOfBytesRead=0x4e5958, lpOverlapped=0x0 | out: lpBuffer=0x4e7be8*, lpNumberOfBytesRead=0x4e5958*=0x7, lpOverlapped=0x0) returned 1 [0050.664] HeapFree (in: hHeap=0x730000, dwFlags=0x0, lpMem=0x3de8020 | out: hHeap=0x730000) returned 1 [0050.673] ReadFile (in: hFile=0x2a0, lpBuffer=0x4e7bef, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x4e5958, lpOverlapped=0x0 | out: lpBuffer=0x4e7bef*, lpNumberOfBytesRead=0x4e5958*=0x1, lpOverlapped=0x0) returned 1 [0050.673] SetFilePointer (in: hFile=0x2a0, lDistanceToMove=0, lpDistanceToMoveHigh=0x4e5980*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x4e5980*=0) returned 0x5aa76 [0050.673] RtlAllocateHeap (HeapHandle=0x730000, Flags=0x0, Size=0x20) returned 0x748ab8 [0050.673] ReadFile (in: hFile=0x2a0, lpBuffer=0x748ab8, nNumberOfBytesToRead=0x7, lpNumberOfBytesRead=0x4e3840, lpOverlapped=0x0 | out: lpBuffer=0x748ab8*, lpNumberOfBytesRead=0x4e3840*=0x7, lpOverlapped=0x0) returned 1 [0050.673] ReadFile (in: hFile=0x2a0, lpBuffer=0x748abf, nNumberOfBytesToRead=0xa, lpNumberOfBytesRead=0x4e3840, lpOverlapped=0x0 | out: lpBuffer=0x748abf*, lpNumberOfBytesRead=0x4e3840*=0xa, lpOverlapped=0x0) returned 1 [0050.673] HeapFree (in: hHeap=0x730000, dwFlags=0x0, lpMem=0x748ab8 | out: hHeap=0x730000) returned 1 [0050.673] SetFilePointer (in: hFile=0x2a0, lDistanceToMove=371335, lpDistanceToMoveHigh=0x4e5974*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x4e5974*=0) returned 0x5aa87 [0050.673] SetFilePointer (in: hFile=0x2a0, lDistanceToMove=0, lpDistanceToMoveHigh=0x4e5988*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x4e5988*=0) returned 0x5aa87 [0050.673] SetFilePointer (in: hFile=0x2a0, lDistanceToMove=0, lpDistanceToMoveHigh=0x4e5980*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x4e5980*=0) returned 0x5aa87 [0050.673] RtlAllocateHeap (HeapHandle=0x730000, Flags=0x0, Size=0x20) returned 0x748ab8 [0050.673] ReadFile (in: hFile=0x2a0, lpBuffer=0x748ab8, nNumberOfBytesToRead=0x7, lpNumberOfBytesRead=0x4e3840, lpOverlapped=0x0 | out: lpBuffer=0x748ab8*, lpNumberOfBytesRead=0x4e3840*=0x7, lpOverlapped=0x0) returned 1 [0050.673] ReadFile (in: hFile=0x2a0, lpBuffer=0x748abf, nNumberOfBytesToRead=0x11, lpNumberOfBytesRead=0x4e3840, lpOverlapped=0x0 | out: lpBuffer=0x748abf*, lpNumberOfBytesRead=0x4e3840*=0x11, lpOverlapped=0x0) returned 1 [0050.687] HeapFree (in: hHeap=0x730000, dwFlags=0x0, lpMem=0x748ab8 | out: hHeap=0x730000) returned 1 [0050.687] SetFilePointer (in: hFile=0x2a0, lDistanceToMove=371503, lpDistanceToMoveHigh=0x4e5974*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x4e5974*=0) returned 0x5ab2f [0050.687] SetFilePointer (in: hFile=0x2a0, lDistanceToMove=0, lpDistanceToMoveHigh=0x4e5980*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x4e5980*=0) returned 0x5ab2f [0050.687] RtlAllocateHeap (HeapHandle=0x730000, Flags=0x0, Size=0x20) returned 0x748ab8 [0050.687] ReadFile (in: hFile=0x2a0, lpBuffer=0x748ab8, nNumberOfBytesToRead=0x7, lpNumberOfBytesRead=0x4e3840, lpOverlapped=0x0 | out: lpBuffer=0x748ab8*, lpNumberOfBytesRead=0x4e3840*=0x7, lpOverlapped=0x0) returned 1 [0050.687] RtlReAllocateHeap (Heap=0x730000, Flags=0x0, Ptr=0x748ab8, Size=0x48) returned 0x7503f8 [0050.687] ReadFile (in: hFile=0x2a0, lpBuffer=0x7503ff, nNumberOfBytesToRead=0x26, lpNumberOfBytesRead=0x4e3840, lpOverlapped=0x0 | out: lpBuffer=0x7503ff*, lpNumberOfBytesRead=0x4e3840*=0x26, lpOverlapped=0x0) returned 1 [0050.687] HeapFree (in: hHeap=0x730000, dwFlags=0x0, lpMem=0x7503f8 | out: hHeap=0x730000) returned 1 [0050.687] SetFilePointer (in: hFile=0x2a0, lDistanceToMove=371335, lpDistanceToMoveHigh=0x4e5960*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x4e5960*=0) returned 0x5aa87 [0050.687] SetFilePointer (in: hFile=0x2a0, lDistanceToMove=0, lpDistanceToMoveHigh=0x4e59ac*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x4e59ac*=0) returned 0x5aa87 [0050.687] SetFilePointer (in: hFile=0x2a0, lDistanceToMove=371335, lpDistanceToMoveHigh=0x4e5998*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x4e5998*=0) returned 0x5aa87 [0050.687] SetFilePointer (in: hFile=0x2a0, lDistanceToMove=0, lpDistanceToMoveHigh=0x4e598c*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x4e598c*=0) returned 0x5aa87 [0050.687] RtlAllocateHeap (HeapHandle=0x730000, Flags=0x0, Size=0x20) returned 0x748ba8 [0050.687] ReadFile (in: hFile=0x2a0, lpBuffer=0x748ba8, nNumberOfBytesToRead=0x7, lpNumberOfBytesRead=0x4e384c, lpOverlapped=0x0 | out: lpBuffer=0x748ba8*, lpNumberOfBytesRead=0x4e384c*=0x7, lpOverlapped=0x0) returned 1 [0050.687] ReadFile (in: hFile=0x2a0, lpBuffer=0x748baf, nNumberOfBytesToRead=0x11, lpNumberOfBytesRead=0x4e384c, lpOverlapped=0x0 | out: lpBuffer=0x748baf*, lpNumberOfBytesRead=0x4e384c*=0x11, lpOverlapped=0x0) returned 1 [0050.687] HeapFree (in: hHeap=0x730000, dwFlags=0x0, lpMem=0x748ba8 | out: hHeap=0x730000) returned 1 [0050.688] RtlAllocateHeap (HeapHandle=0x730000, Flags=0x0, Size=0x8003) returned 0x779b08 [0050.688] RtlAllocateHeap (HeapHandle=0x730000, Flags=0x0, Size=0x8003) returned 0x781b18 [0050.689] RtlAllocateHeap (HeapHandle=0x730000, Flags=0x0, Size=0x1b8) returned 0x767818 [0050.690] CreateSemaphoreW (lpSemaphoreAttributes=0x0, lInitialCount=0, lMaximumCount=32, lpName=0x0) returned 0x2a4 [0050.690] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=1, lpName=0x0) returned 0x2a8 [0050.690] RtlAllocateHeap (HeapHandle=0x730000, Flags=0x0, Size=0x40000) returned 0x789b28 [0050.696] RtlAllocateHeap (HeapHandle=0x730000, Flags=0x0, Size=0x90) returned 0x764af8 [0050.696] RtlAllocateHeap (HeapHandle=0x730000, Flags=0x0, Size=0xb54) returned 0x7c9b30 [0050.696] RtlAllocateHeap (HeapHandle=0x730000, Flags=0x0, Size=0x100000) returned 0x3dee020 [0050.699] ReadFile (in: hFile=0x2a0, lpBuffer=0x3dee020, nNumberOfBytesToRead=0x90, lpNumberOfBytesRead=0x4d71e4, lpOverlapped=0x0 | out: lpBuffer=0x3dee020*, lpNumberOfBytesRead=0x4d71e4*=0x90, lpOverlapped=0x0) returned 1 [0050.699] GetProcAddress (hModule=0x74b70000, lpProcName="PeekMessageW") returned 0x74b9d180 [0050.699] PeekMessageW (in: lpMsg=0x4d71ec, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x4d71ec) returned 1 [0050.699] GetProcAddress (hModule=0x74b70000, lpProcName="GetMessageW") returned 0x74b9fea0 [0050.699] GetMessageW (in: lpMsg=0x4d71ec, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x4d71ec) returned 1 [0050.700] GetProcAddress (hModule=0x74b70000, lpProcName="TranslateMessage") returned 0x74b9f900 [0050.700] TranslateMessage (lpMsg=0x4d71ec) returned 0 [0050.700] GetProcAddress (hModule=0x74b70000, lpProcName="DispatchMessageW") returned 0x74b94840 [0050.700] DispatchMessageW (lpMsg=0x4d71ec) returned 0x0 [0050.702] SetThreadExecutionState (esFlags=0x1) returned 0x80000000 [0050.702] PeekMessageW (in: lpMsg=0x4d71f0, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x4d71f0) returned 1 [0050.702] GetMessageW (in: lpMsg=0x4d71f0, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x4d71f0) returned 1 [0050.702] TranslateMessage (lpMsg=0x4d71f0) returned 0 [0050.702] DispatchMessageW (lpMsg=0x4d71f0) returned 0x0 [0050.702] SetThreadExecutionState (esFlags=0x1) returned 0x80000000 [0050.702] PeekMessageW (in: lpMsg=0x4d71e4, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x4d71e4) returned 0 [0050.702] SetThreadExecutionState (esFlags=0x1) returned 0x80000000 [0050.702] HeapFree (in: hHeap=0x730000, dwFlags=0x0, lpMem=0x3dee020 | out: hHeap=0x730000) returned 1 [0050.705] HeapFree (in: hHeap=0x730000, dwFlags=0x0, lpMem=0x789b28 | out: hHeap=0x730000) returned 1 [0050.705] ReleaseSemaphore (in: hSemaphore=0x2a4, lReleaseCount=32, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0050.705] CloseHandle (hObject=0x2a4) returned 1 [0050.705] CloseHandle (hObject=0x2a8) returned 1 [0050.705] HeapFree (in: hHeap=0x730000, dwFlags=0x0, lpMem=0x767818 | out: hHeap=0x730000) returned 1 [0050.705] HeapFree (in: hHeap=0x730000, dwFlags=0x0, lpMem=0x781b18 | out: hHeap=0x730000) returned 1 [0050.707] HeapFree (in: hHeap=0x730000, dwFlags=0x0, lpMem=0x779b08 | out: hHeap=0x730000) returned 1 [0050.709] RtlReAllocateHeap (Heap=0x730000, Flags=0x0, Ptr=0x764af8, Size=0xd4) returned 0x764af8 [0050.709] RtlAllocateHeap (HeapHandle=0x730000, Flags=0x0, Size=0x122) returned 0x7ca690 [0050.709] HeapFree (in: hHeap=0x730000, dwFlags=0x0, lpMem=0x764af8 | out: hHeap=0x730000) returned 1 [0050.709] SetFilePointer (in: hFile=0x2a0, lDistanceToMove=371335, lpDistanceToMoveHigh=0x4e5984*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x4e5984*=0) returned 0x5aa87 [0050.709] RtlAllocateHeap (HeapHandle=0x730000, Flags=0x0, Size=0x112) returned 0x764af8 [0050.709] HeapFree (in: hHeap=0x730000, dwFlags=0x0, lpMem=0x7ca690 | out: hHeap=0x730000) returned 1 [0050.709] HeapFree (in: hHeap=0x730000, dwFlags=0x0, lpMem=0x771820 | out: hHeap=0x730000) returned 1 [0050.711] HeapFree (in: hHeap=0x730000, dwFlags=0x0, lpMem=0x767d48 | out: hHeap=0x730000) returned 1 [0050.711] HeapFree (in: hHeap=0x730000, dwFlags=0x0, lpMem=0x768e10 | out: hHeap=0x730000) returned 1 [0050.711] HeapFree (in: hHeap=0x730000, dwFlags=0x0, lpMem=0x7c9b30 | out: hHeap=0x730000) returned 1 [0050.712] CloseHandle (hObject=0x2a0) returned 1 [0050.713] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Bu açıklamadan sonraki kısım SFX kod komutlarını içerir", cchCount1=-1, lpString2="Delete", cchCount2=-1) returned 1 [0050.713] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Bu açıklamadan sonraki kısım SFX kod komutlarını içerir", cchCount1=-1, lpString2="Text", cchCount2=-1) returned 1 [0050.713] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Bu açıklamadan sonraki kısım SFX kod komutlarını içerir", cchCount1=-1, lpString2="Title", cchCount2=-1) returned 1 [0050.713] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Bu açıklamadan sonraki kısım SFX kod komutlarını içerir", cchCount1=-1, lpString2="Path", cchCount2=-1) returned 1 [0050.713] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Bu açıklamadan sonraki kısım SFX kod komutlarını içerir", cchCount1=-1, lpString2="Silent", cchCount2=-1) returned 1 [0050.713] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Bu açıklamadan sonraki kısım SFX kod komutlarını içerir", cchCount1=-1, lpString2="Overwrite", cchCount2=-1) returned 1 [0050.713] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Bu açıklamadan sonraki kısım SFX kod komutlarını içerir", cchCount1=-1, lpString2="Setup", cchCount2=-1) returned 1 [0050.713] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Bu açıklamadan sonraki kısım SFX kod komutlarını içerir", cchCount1=-1, lpString2="TempMode", cchCount2=-1) returned 1 [0050.713] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Bu açıklamadan sonraki kısım SFX kod komutlarını içerir", cchCount1=-1, lpString2="License", cchCount2=-1) returned 1 [0050.713] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Bu açıklamadan sonraki kısım SFX kod komutlarını içerir", cchCount1=-1, lpString2="Presetup", cchCount2=-1) returned 1 [0050.713] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Bu açıklamadan sonraki kısım SFX kod komutlarını içerir", cchCount1=-1, lpString2="Shortcut", cchCount2=-1) returned 1 [0050.713] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Bu açıklamadan sonraki kısım SFX kod komutlarını içerir", cchCount1=-1, lpString2="SavePath", cchCount2=-1) returned 1 [0050.713] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Bu açıklamadan sonraki kısım SFX kod komutlarını içerir", cchCount1=-1, lpString2="Update", cchCount2=-1) returned 1 [0050.713] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Bu açıklamadan sonraki kısım SFX kod komutlarını içerir", cchCount1=-1, lpString2="SetupCode", cchCount2=-1) returned 1 [0050.713] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Delete", cchCount2=-1) returned 1 [0050.713] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Text", cchCount2=-1) returned 1 [0050.713] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Title", cchCount2=-1) returned 1 [0050.713] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Path", cchCount2=-1) returned 1 [0050.713] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Silent", cchCount2=-1) returned 1 [0050.713] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Overwrite", cchCount2=-1) returned 1 [0050.713] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Setup", cchCount2=-1) returned 1 [0050.713] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="TempMode", cchCount2=-1) returned 1 [0050.713] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="License", cchCount2=-1) returned 1 [0050.713] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Presetup", cchCount2=-1) returned 1 [0050.713] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Shortcut", cchCount2=-1) returned 1 [0050.713] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="SavePath", cchCount2=-1) returned 1 [0050.713] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Update", cchCount2=-1) returned 1 [0050.713] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="SetupCode", cchCount2=-1) returned 1 [0050.713] ExpandEnvironmentStringsW (in: lpSrc="%temp%", lpDst=0x4cfa64, nSize=0x1000 | out: lpDst="C:\\Users\\FD1HVy\\AppData\\Local\\Temp") returned 0x23 [0050.713] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Path", cchCount1=-1, lpString2="Delete", cchCount2=-1) returned 3 [0050.714] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Path", cchCount1=-1, lpString2="Text", cchCount2=-1) returned 1 [0050.714] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Path", cchCount1=-1, lpString2="Title", cchCount2=-1) returned 1 [0050.714] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Path", cchCount1=-1, lpString2="Path", cchCount2=-1) returned 2 [0050.714] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="SavePath", cchCount1=-1, lpString2="Delete", cchCount2=-1) returned 3 [0050.714] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="SavePath", cchCount1=-1, lpString2="Text", cchCount2=-1) returned 1 [0050.714] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="SavePath", cchCount1=-1, lpString2="Title", cchCount2=-1) returned 1 [0050.714] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="SavePath", cchCount1=-1, lpString2="Path", cchCount2=-1) returned 3 [0050.714] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="SavePath", cchCount1=-1, lpString2="Silent", cchCount2=-1) returned 1 [0050.714] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="SavePath", cchCount1=-1, lpString2="Overwrite", cchCount2=-1) returned 3 [0050.714] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="SavePath", cchCount1=-1, lpString2="Setup", cchCount2=-1) returned 1 [0050.714] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="SavePath", cchCount1=-1, lpString2="TempMode", cchCount2=-1) returned 1 [0050.714] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="SavePath", cchCount1=-1, lpString2="License", cchCount2=-1) returned 3 [0050.714] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="SavePath", cchCount1=-1, lpString2="Presetup", cchCount2=-1) returned 3 [0050.714] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="SavePath", cchCount1=-1, lpString2="Shortcut", cchCount2=-1) returned 1 [0050.714] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="SavePath", cchCount1=-1, lpString2="SavePath", cchCount2=-1) returned 2 [0050.714] ExpandEnvironmentStringsW (in: lpSrc="vodafone.bat", lpDst=0x4cfa64, nSize=0x1000 | out: lpDst="vodafone.bat") returned 0xd [0050.714] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Setup", cchCount1=-1, lpString2="Delete", cchCount2=-1) returned 3 [0050.714] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Setup", cchCount1=-1, lpString2="Text", cchCount2=-1) returned 1 [0050.714] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Setup", cchCount1=-1, lpString2="Title", cchCount2=-1) returned 1 [0050.714] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Setup", cchCount1=-1, lpString2="Path", cchCount2=-1) returned 3 [0050.714] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Setup", cchCount1=-1, lpString2="Silent", cchCount2=-1) returned 1 [0050.714] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Setup", cchCount1=-1, lpString2="Overwrite", cchCount2=-1) returned 3 [0050.714] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Setup", cchCount1=-1, lpString2="Setup", cchCount2=-1) returned 2 [0050.715] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="TempMode", cchCount1=-1, lpString2="Delete", cchCount2=-1) returned 3 [0050.715] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="TempMode", cchCount1=-1, lpString2="Text", cchCount2=-1) returned 1 [0050.715] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="TempMode", cchCount1=-1, lpString2="Title", cchCount2=-1) returned 1 [0050.715] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="TempMode", cchCount1=-1, lpString2="Path", cchCount2=-1) returned 3 [0050.715] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="TempMode", cchCount1=-1, lpString2="Silent", cchCount2=-1) returned 3 [0050.715] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="TempMode", cchCount1=-1, lpString2="Overwrite", cchCount2=-1) returned 3 [0050.715] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="TempMode", cchCount1=-1, lpString2="Setup", cchCount2=-1) returned 3 [0050.715] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="TempMode", cchCount1=-1, lpString2="TempMode", cchCount2=-1) returned 2 [0050.715] ExpandEnvironmentStringsW (in: lpSrc="1", lpDst=0x4cfa64, nSize=0x1000 | out: lpDst="1") returned 0x2 [0050.715] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Silent", cchCount1=-1, lpString2="Delete", cchCount2=-1) returned 3 [0050.715] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Silent", cchCount1=-1, lpString2="Text", cchCount2=-1) returned 1 [0050.715] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Silent", cchCount1=-1, lpString2="Title", cchCount2=-1) returned 1 [0050.715] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Silent", cchCount1=-1, lpString2="Path", cchCount2=-1) returned 3 [0050.715] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Silent", cchCount1=-1, lpString2="Silent", cchCount2=-1) returned 2 [0050.715] ExpandEnvironmentStringsW (in: lpSrc="1", lpDst=0x4cfa64, nSize=0x1000 | out: lpDst="1") returned 0x2 [0050.715] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Overwrite", cchCount1=-1, lpString2="Delete", cchCount2=-1) returned 3 [0050.715] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Overwrite", cchCount1=-1, lpString2="Text", cchCount2=-1) returned 1 [0050.715] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Overwrite", cchCount1=-1, lpString2="Title", cchCount2=-1) returned 1 [0050.715] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Overwrite", cchCount1=-1, lpString2="Path", cchCount2=-1) returned 1 [0050.715] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Overwrite", cchCount1=-1, lpString2="Silent", cchCount2=-1) returned 1 [0050.715] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Overwrite", cchCount1=-1, lpString2="Overwrite", cchCount2=-1) returned 2 [0050.715] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Bu açıklamadan sonraki kısım SFX kod komutlarını içerir", cchCount1=-1, lpString2="Delete", cchCount2=-1) returned 1 [0050.715] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Bu açıklamadan sonraki kısım SFX kod komutlarını içerir", cchCount1=-1, lpString2="Text", cchCount2=-1) returned 1 [0050.715] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Bu açıklamadan sonraki kısım SFX kod komutlarını içerir", cchCount1=-1, lpString2="Title", cchCount2=-1) returned 1 [0050.715] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Bu açıklamadan sonraki kısım SFX kod komutlarını içerir", cchCount1=-1, lpString2="Path", cchCount2=-1) returned 1 [0050.715] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Bu açıklamadan sonraki kısım SFX kod komutlarını içerir", cchCount1=-1, lpString2="Silent", cchCount2=-1) returned 1 [0050.715] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Bu açıklamadan sonraki kısım SFX kod komutlarını içerir", cchCount1=-1, lpString2="Overwrite", cchCount2=-1) returned 1 [0050.716] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Bu açıklamadan sonraki kısım SFX kod komutlarını içerir", cchCount1=-1, lpString2="Setup", cchCount2=-1) returned 1 [0050.716] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Bu açıklamadan sonraki kısım SFX kod komutlarını içerir", cchCount1=-1, lpString2="TempMode", cchCount2=-1) returned 1 [0050.716] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Bu açıklamadan sonraki kısım SFX kod komutlarını içerir", cchCount1=-1, lpString2="License", cchCount2=-1) returned 1 [0050.716] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Bu açıklamadan sonraki kısım SFX kod komutlarını içerir", cchCount1=-1, lpString2="Presetup", cchCount2=-1) returned 1 [0050.716] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Bu açıklamadan sonraki kısım SFX kod komutlarını içerir", cchCount1=-1, lpString2="Shortcut", cchCount2=-1) returned 1 [0050.716] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Bu açıklamadan sonraki kısım SFX kod komutlarını içerir", cchCount1=-1, lpString2="SavePath", cchCount2=-1) returned 1 [0050.716] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Bu açıklamadan sonraki kısım SFX kod komutlarını içerir", cchCount1=-1, lpString2="Update", cchCount2=-1) returned 1 [0050.716] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Bu açıklamadan sonraki kısım SFX kod komutlarını içerir", cchCount1=-1, lpString2="SetupCode", cchCount2=-1) returned 1 [0050.716] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Delete", cchCount2=-1) returned 1 [0050.716] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Text", cchCount2=-1) returned 1 [0050.716] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Title", cchCount2=-1) returned 1 [0050.716] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Path", cchCount2=-1) returned 1 [0050.716] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Silent", cchCount2=-1) returned 1 [0050.716] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Overwrite", cchCount2=-1) returned 1 [0050.716] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Setup", cchCount2=-1) returned 1 [0050.716] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="TempMode", cchCount2=-1) returned 1 [0050.716] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="License", cchCount2=-1) returned 1 [0050.716] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Presetup", cchCount2=-1) returned 1 [0050.716] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Shortcut", cchCount2=-1) returned 1 [0050.716] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="SavePath", cchCount2=-1) returned 1 [0050.716] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Update", cchCount2=-1) returned 1 [0050.716] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="SetupCode", cchCount2=-1) returned 1 [0050.716] ExpandEnvironmentStringsW (in: lpSrc="%temp%", lpDst=0x4cfa64, nSize=0x1000 | out: lpDst="C:\\Users\\FD1HVy\\AppData\\Local\\Temp") returned 0x23 [0050.716] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Path", cchCount1=-1, lpString2="Delete", cchCount2=-1) returned 3 [0050.716] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Path", cchCount1=-1, lpString2="Text", cchCount2=-1) returned 1 [0050.716] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Path", cchCount1=-1, lpString2="Title", cchCount2=-1) returned 1 [0050.716] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Path", cchCount1=-1, lpString2="Path", cchCount2=-1) returned 2 [0050.716] LoadLibraryExA (lpLibFileName="ADVAPI32.dll", hFile=0x0, dwFlags=0x0) returned 0x761b0000 [0050.717] GetProcAddress (hModule=0x761b0000, lpProcName="RegOpenKeyExW") returned 0x761ce580 [0050.717] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\WinRAR SFX", ulOptions=0x0, samDesired=0x1, phkResult=0x4d1a68 | out: phkResult=0x4d1a68*=0x0) returned 0x2 [0050.717] GetDlgItem (hDlg=0xf0216, nIDDlgItem=102) returned 0x7002e [0050.717] SetWindowTextW (hWnd=0x7002e, lpString="C:\\Users\\FD1HVy\\AppData\\Local\\Temp") returned 1 [0050.725] SendMessageW (hWnd=0x7002e, Msg=0x143, wParam=0x0, lParam=0xff412a) returned 0x0 [0050.726] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="SavePath", cchCount1=-1, lpString2="Delete", cchCount2=-1) returned 3 [0050.726] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="SavePath", cchCount1=-1, lpString2="Text", cchCount2=-1) returned 1 [0050.726] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="SavePath", cchCount1=-1, lpString2="Title", cchCount2=-1) returned 1 [0050.726] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="SavePath", cchCount1=-1, lpString2="Path", cchCount2=-1) returned 3 [0050.726] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="SavePath", cchCount1=-1, lpString2="Silent", cchCount2=-1) returned 1 [0050.726] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="SavePath", cchCount1=-1, lpString2="Overwrite", cchCount2=-1) returned 3 [0050.726] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="SavePath", cchCount1=-1, lpString2="Setup", cchCount2=-1) returned 1 [0050.726] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="SavePath", cchCount1=-1, lpString2="TempMode", cchCount2=-1) returned 1 [0050.726] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="SavePath", cchCount1=-1, lpString2="License", cchCount2=-1) returned 3 [0050.726] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="SavePath", cchCount1=-1, lpString2="Presetup", cchCount2=-1) returned 3 [0050.726] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="SavePath", cchCount1=-1, lpString2="Shortcut", cchCount2=-1) returned 1 [0050.726] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="SavePath", cchCount1=-1, lpString2="SavePath", cchCount2=-1) returned 2 [0050.726] ExpandEnvironmentStringsW (in: lpSrc="vodafone.bat", lpDst=0x4cfa64, nSize=0x1000 | out: lpDst="vodafone.bat") returned 0xd [0050.726] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Setup", cchCount1=-1, lpString2="Delete", cchCount2=-1) returned 3 [0050.726] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Setup", cchCount1=-1, lpString2="Text", cchCount2=-1) returned 1 [0050.726] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Setup", cchCount1=-1, lpString2="Title", cchCount2=-1) returned 1 [0050.726] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Setup", cchCount1=-1, lpString2="Path", cchCount2=-1) returned 3 [0050.726] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Setup", cchCount1=-1, lpString2="Silent", cchCount2=-1) returned 1 [0050.726] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Setup", cchCount1=-1, lpString2="Overwrite", cchCount2=-1) returned 3 [0050.726] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Setup", cchCount1=-1, lpString2="Setup", cchCount2=-1) returned 2 [0050.726] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="TempMode", cchCount1=-1, lpString2="Delete", cchCount2=-1) returned 3 [0050.726] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="TempMode", cchCount1=-1, lpString2="Text", cchCount2=-1) returned 1 [0050.726] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="TempMode", cchCount1=-1, lpString2="Title", cchCount2=-1) returned 1 [0050.726] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="TempMode", cchCount1=-1, lpString2="Path", cchCount2=-1) returned 3 [0050.727] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="TempMode", cchCount1=-1, lpString2="Silent", cchCount2=-1) returned 3 [0050.727] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="TempMode", cchCount1=-1, lpString2="Overwrite", cchCount2=-1) returned 3 [0050.727] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="TempMode", cchCount1=-1, lpString2="Setup", cchCount2=-1) returned 3 [0050.727] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="TempMode", cchCount1=-1, lpString2="TempMode", cchCount2=-1) returned 2 [0050.727] ExpandEnvironmentStringsW (in: lpSrc="1", lpDst=0x4cfa64, nSize=0x1000 | out: lpDst="1") returned 0x2 [0050.727] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Silent", cchCount1=-1, lpString2="Delete", cchCount2=-1) returned 3 [0050.727] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Silent", cchCount1=-1, lpString2="Text", cchCount2=-1) returned 1 [0050.727] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Silent", cchCount1=-1, lpString2="Title", cchCount2=-1) returned 1 [0050.727] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Silent", cchCount1=-1, lpString2="Path", cchCount2=-1) returned 3 [0050.727] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Silent", cchCount1=-1, lpString2="Silent", cchCount2=-1) returned 2 [0050.727] ExpandEnvironmentStringsW (in: lpSrc="1", lpDst=0x4cfa64, nSize=0x1000 | out: lpDst="1") returned 0x2 [0050.727] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Overwrite", cchCount1=-1, lpString2="Delete", cchCount2=-1) returned 3 [0050.727] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Overwrite", cchCount1=-1, lpString2="Text", cchCount2=-1) returned 1 [0050.727] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Overwrite", cchCount1=-1, lpString2="Title", cchCount2=-1) returned 1 [0050.727] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Overwrite", cchCount1=-1, lpString2="Path", cchCount2=-1) returned 1 [0050.727] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Overwrite", cchCount1=-1, lpString2="Silent", cchCount2=-1) returned 1 [0050.727] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Overwrite", cchCount1=-1, lpString2="Overwrite", cchCount2=-1) returned 2 [0050.727] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Bu açıklamadan sonraki kısım SFX kod komutlarını içerir", cchCount1=-1, lpString2="Delete", cchCount2=-1) returned 1 [0050.727] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Bu açıklamadan sonraki kısım SFX kod komutlarını içerir", cchCount1=-1, lpString2="Text", cchCount2=-1) returned 1 [0050.727] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Bu açıklamadan sonraki kısım SFX kod komutlarını içerir", cchCount1=-1, lpString2="Title", cchCount2=-1) returned 1 [0050.727] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Bu açıklamadan sonraki kısım SFX kod komutlarını içerir", cchCount1=-1, lpString2="Path", cchCount2=-1) returned 1 [0050.727] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Bu açıklamadan sonraki kısım SFX kod komutlarını içerir", cchCount1=-1, lpString2="Silent", cchCount2=-1) returned 1 [0050.727] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Bu açıklamadan sonraki kısım SFX kod komutlarını içerir", cchCount1=-1, lpString2="Overwrite", cchCount2=-1) returned 1 [0050.727] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Bu açıklamadan sonraki kısım SFX kod komutlarını içerir", cchCount1=-1, lpString2="Setup", cchCount2=-1) returned 1 [0050.727] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Bu açıklamadan sonraki kısım SFX kod komutlarını içerir", cchCount1=-1, lpString2="TempMode", cchCount2=-1) returned 1 [0050.727] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Bu açıklamadan sonraki kısım SFX kod komutlarını içerir", cchCount1=-1, lpString2="License", cchCount2=-1) returned 1 [0050.727] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Bu açıklamadan sonraki kısım SFX kod komutlarını içerir", cchCount1=-1, lpString2="Presetup", cchCount2=-1) returned 1 [0050.727] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Bu açıklamadan sonraki kısım SFX kod komutlarını içerir", cchCount1=-1, lpString2="Shortcut", cchCount2=-1) returned 1 [0050.727] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Bu açıklamadan sonraki kısım SFX kod komutlarını içerir", cchCount1=-1, lpString2="SavePath", cchCount2=-1) returned 1 [0050.727] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Bu açıklamadan sonraki kısım SFX kod komutlarını içerir", cchCount1=-1, lpString2="Update", cchCount2=-1) returned 1 [0050.727] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Bu açıklamadan sonraki kısım SFX kod komutlarını içerir", cchCount1=-1, lpString2="SetupCode", cchCount2=-1) returned 1 [0050.727] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Delete", cchCount2=-1) returned 1 [0050.727] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Text", cchCount2=-1) returned 1 [0050.728] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Title", cchCount2=-1) returned 1 [0050.728] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Path", cchCount2=-1) returned 1 [0050.728] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Silent", cchCount2=-1) returned 1 [0050.728] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Overwrite", cchCount2=-1) returned 1 [0050.728] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Setup", cchCount2=-1) returned 1 [0050.728] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="TempMode", cchCount2=-1) returned 1 [0050.728] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="License", cchCount2=-1) returned 1 [0050.728] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Presetup", cchCount2=-1) returned 1 [0050.728] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Shortcut", cchCount2=-1) returned 1 [0050.728] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="SavePath", cchCount2=-1) returned 1 [0050.728] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Update", cchCount2=-1) returned 1 [0050.728] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="SetupCode", cchCount2=-1) returned 1 [0050.728] ExpandEnvironmentStringsW (in: lpSrc="%temp%", lpDst=0x4cfa64, nSize=0x1000 | out: lpDst="C:\\Users\\FD1HVy\\AppData\\Local\\Temp") returned 0x23 [0050.728] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Path", cchCount1=-1, lpString2="Delete", cchCount2=-1) returned 3 [0050.728] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Path", cchCount1=-1, lpString2="Text", cchCount2=-1) returned 1 [0050.728] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Path", cchCount1=-1, lpString2="Title", cchCount2=-1) returned 1 [0050.728] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Path", cchCount1=-1, lpString2="Path", cchCount2=-1) returned 2 [0050.728] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="SavePath", cchCount1=-1, lpString2="Delete", cchCount2=-1) returned 3 [0050.728] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="SavePath", cchCount1=-1, lpString2="Text", cchCount2=-1) returned 1 [0050.728] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="SavePath", cchCount1=-1, lpString2="Title", cchCount2=-1) returned 1 [0050.728] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="SavePath", cchCount1=-1, lpString2="Path", cchCount2=-1) returned 3 [0050.728] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="SavePath", cchCount1=-1, lpString2="Silent", cchCount2=-1) returned 1 [0050.728] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="SavePath", cchCount1=-1, lpString2="Overwrite", cchCount2=-1) returned 3 [0050.728] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="SavePath", cchCount1=-1, lpString2="Setup", cchCount2=-1) returned 1 [0050.728] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="SavePath", cchCount1=-1, lpString2="TempMode", cchCount2=-1) returned 1 [0050.728] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="SavePath", cchCount1=-1, lpString2="License", cchCount2=-1) returned 3 [0050.728] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="SavePath", cchCount1=-1, lpString2="Presetup", cchCount2=-1) returned 3 [0050.728] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="SavePath", cchCount1=-1, lpString2="Shortcut", cchCount2=-1) returned 1 [0050.728] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="SavePath", cchCount1=-1, lpString2="SavePath", cchCount2=-1) returned 2 [0050.728] ExpandEnvironmentStringsW (in: lpSrc="vodafone.bat", lpDst=0x4cfa64, nSize=0x1000 | out: lpDst="vodafone.bat") returned 0xd [0050.728] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Setup", cchCount1=-1, lpString2="Delete", cchCount2=-1) returned 3 [0050.728] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Setup", cchCount1=-1, lpString2="Text", cchCount2=-1) returned 1 [0050.729] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Setup", cchCount1=-1, lpString2="Title", cchCount2=-1) returned 1 [0050.729] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Setup", cchCount1=-1, lpString2="Path", cchCount2=-1) returned 3 [0050.729] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Setup", cchCount1=-1, lpString2="Silent", cchCount2=-1) returned 1 [0050.729] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Setup", cchCount1=-1, lpString2="Overwrite", cchCount2=-1) returned 3 [0050.729] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Setup", cchCount1=-1, lpString2="Setup", cchCount2=-1) returned 2 [0050.729] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="TempMode", cchCount1=-1, lpString2="Delete", cchCount2=-1) returned 3 [0050.729] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="TempMode", cchCount1=-1, lpString2="Text", cchCount2=-1) returned 1 [0050.729] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="TempMode", cchCount1=-1, lpString2="Title", cchCount2=-1) returned 1 [0050.729] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="TempMode", cchCount1=-1, lpString2="Path", cchCount2=-1) returned 3 [0050.729] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="TempMode", cchCount1=-1, lpString2="Silent", cchCount2=-1) returned 3 [0050.729] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="TempMode", cchCount1=-1, lpString2="Overwrite", cchCount2=-1) returned 3 [0050.729] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="TempMode", cchCount1=-1, lpString2="Setup", cchCount2=-1) returned 3 [0050.729] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="TempMode", cchCount1=-1, lpString2="TempMode", cchCount2=-1) returned 2 [0050.729] GetTempPathW (in: nBufferLength=0x800, lpBuffer=0x4e5a94 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\") returned 0x23 [0050.729] GetLastError () returned 0x0 [0050.729] SetLastError (dwErrCode=0x0) [0050.729] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\RarSFX0" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\rarsfx0")) returned 0xffffffff [0050.730] GetProcAddress (hModule=0x74b70000, lpProcName="CharUpperW") returned 0x74ba0f70 [0050.730] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\RarSFX0" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\rarsfx0")) returned 0xffffffff [0050.730] GetProcAddress (hModule=0x74b70000, lpProcName="SetDlgItemTextW") returned 0x74b79490 [0050.730] SetDlgItemTextW (hDlg=0xf0216, nIDDlgItem=102, lpString="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\RarSFX0") returned 1 [0050.730] ExpandEnvironmentStringsW (in: lpSrc="1", lpDst=0x4cfa64, nSize=0x1000 | out: lpDst="1") returned 0x2 [0050.730] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Silent", cchCount1=-1, lpString2="Delete", cchCount2=-1) returned 3 [0050.730] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Silent", cchCount1=-1, lpString2="Text", cchCount2=-1) returned 1 [0050.730] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Silent", cchCount1=-1, lpString2="Title", cchCount2=-1) returned 1 [0050.730] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Silent", cchCount1=-1, lpString2="Path", cchCount2=-1) returned 3 [0050.731] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Silent", cchCount1=-1, lpString2="Silent", cchCount2=-1) returned 2 [0050.731] ExpandEnvironmentStringsW (in: lpSrc="1", lpDst=0x4cfa64, nSize=0x1000 | out: lpDst="1") returned 0x2 [0050.731] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Overwrite", cchCount1=-1, lpString2="Delete", cchCount2=-1) returned 3 [0050.731] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Overwrite", cchCount1=-1, lpString2="Text", cchCount2=-1) returned 1 [0050.731] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Overwrite", cchCount1=-1, lpString2="Title", cchCount2=-1) returned 1 [0050.731] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Overwrite", cchCount1=-1, lpString2="Path", cchCount2=-1) returned 1 [0050.731] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Overwrite", cchCount1=-1, lpString2="Silent", cchCount2=-1) returned 1 [0050.731] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Overwrite", cchCount1=-1, lpString2="Overwrite", cchCount2=-1) returned 2 [0050.731] GetDlgItem (hDlg=0xf0216, nIDDlgItem=103) returned 0x50212 [0050.731] GetProcAddress (hModule=0x74b70000, lpProcName="EnableWindow") returned 0x74b90a60 [0050.731] EnableWindow (hWnd=0x50212, bEnable=0) returned 0 [0050.731] GetDlgItem (hDlg=0xf0216, nIDDlgItem=102) returned 0x7002e [0050.731] EnableWindow (hWnd=0x7002e, bEnable=0) returned 0 [0050.734] SendMessageW (hWnd=0xf0216, Msg=0x111, wParam=0x1, lParam=0x0) returned 0x0 [0050.734] GetProcAddress (hModule=0x74b70000, lpProcName="GetDlgItemTextW") returned 0x74b79340 [0050.734] GetDlgItemTextW (in: hDlg=0xf0216, nIDDlgItem=102, lpString=0x4eb2c4, cchMax=2048 | out: lpString="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\RarSFX0") returned 0x2a [0050.734] GetDlgItem (hDlg=0xf0216, nIDDlgItem=104) returned 0x80016 [0050.734] SendMessageW (hWnd=0x80016, Msg=0xb1, wParam=0x0, lParam=0xffffffff) returned 0x0 [0050.735] SendMessageW (hWnd=0x80016, Msg=0xc2, wParam=0x0, lParam=0xfe02e4) returned 0x0 [0050.735] GetProcAddress (hModule=0x74b70000, lpProcName="SetFocus") returned 0x74ba3d10 [0050.735] SetFocus (hWnd=0x80016) returned 0x0 [0050.791] GetProcAddress (hModule=0x74b70000, lpProcName="LoadStringW") returned 0x74ba0480 [0050.791] LoadStringW (in: hInstance=0xfb0000, uID=0xba, lpBuffer=0xfed030, cchBufferMax=512 | out: lpBuffer="Extracting files to temporary folder") returned 0x24 [0050.791] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Extracting files to temporary folder", cchWideChar=-1, lpMultiByteStr=0x4d9750, cbMultiByte=4096, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Extracting files to temporary folder", lpUsedDefaultChar=0x0) returned 37 [0050.792] GetLastError () returned 0x5 [0050.792] SetLastError (dwErrCode=0x5) [0050.792] GetDlgItem (hDlg=0xf0216, nIDDlgItem=104) returned 0x80016 [0050.792] GetProcAddress (hModule=0x74b70000, lpProcName="ShowWindow") returned 0x74ba3ee0 [0050.792] ShowWindow (hWnd=0x80016, nCmdShow=5) returned 1 [0050.792] SendMessageW (hWnd=0x80016, Msg=0xb1, wParam=0x0, lParam=0xffffffff) returned 0x0 [0050.792] SendMessageW (hWnd=0x80016, Msg=0xc2, wParam=0x0, lParam=0xfe02e4) returned 0x0 [0050.792] SendMessageW (hWnd=0x80016, Msg=0xb1, wParam=0x5f5e100, lParam=0x5f5e100) returned 0x0 [0050.793] SendMessageW (hWnd=0x80016, Msg=0x43a, wParam=0x0, lParam=0x4db714) returned 0xf800003f [0050.793] SendMessageW (hWnd=0x80016, Msg=0x444, wParam=0x1, lParam=0x4db714) returned 0x1 [0050.793] SendMessageW (hWnd=0x80016, Msg=0xc2, wParam=0x0, lParam=0xfed030) returned 0x24 [0050.800] SendMessageW (hWnd=0x80016, Msg=0xb1, wParam=0x5f5e100, lParam=0x5f5e100) returned 0x24 [0050.801] SendMessageW (hWnd=0x80016, Msg=0xc2, wParam=0x0, lParam=0xfe1368) returned 0x1 [0050.801] GetProcAddress (hModule=0x761b0000, lpProcName="RegCreateKeyExW") returned 0x761cf4f0 [0050.802] RegCreateKeyExW (in: hKey=0x80000001, lpSubKey="Software\\WinRAR SFX", Reserved=0x0, lpClass=0x0, dwOptions=0x0, samDesired=0x20006, lpSecurityAttributes=0x0, phkResult=0x4db76c, lpdwDisposition=0x4db768 | out: phkResult=0x4db76c*=0x2b0, lpdwDisposition=0x4db768*=0x1) returned 0x0 [0050.802] GetProcAddress (hModule=0x761b0000, lpProcName="RegSetValueExW") returned 0x761cf530 [0050.802] RegSetValueExW (in: hKey=0x2b0, lpValueName="C%%Users%FD1HVy%AppData%Local%Temp", Reserved=0x0, dwType=0x1, lpData="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\RarSFX0", cbData=0x56 | out: lpData="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\RarSFX0") returned 0x0 [0050.802] GetProcAddress (hModule=0x761b0000, lpProcName="RegCloseKey") returned 0x761ced60 [0050.802] RegCloseKey (hKey=0x2b0) returned 0x0 [0050.802] CreateDirectoryW (lpPathName="C:\\Users" (normalized: "c:\\users"), lpSecurityAttributes=0x0) returned 0 [0050.803] GetFileAttributesW (lpFileName="C:\\Users" (normalized: "c:\\users")) returned 0x11 [0050.804] GetLastError () returned 0xb7 [0050.804] CreateDirectoryW (lpPathName="C:\\Users\\FD1HVy" (normalized: "c:\\users\\fd1hvy"), lpSecurityAttributes=0x0) returned 0 [0050.804] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy" (normalized: "c:\\users\\fd1hvy")) returned 0x10 [0050.804] GetLastError () returned 0xb7 [0050.804] CreateDirectoryW (lpPathName="C:\\Users\\FD1HVy\\AppData" (normalized: "c:\\users\\fd1hvy\\appdata"), lpSecurityAttributes=0x0) returned 0 [0050.804] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData" (normalized: "c:\\users\\fd1hvy\\appdata")) returned 0x12 [0050.804] GetLastError () returned 0xb7 [0050.804] CreateDirectoryW (lpPathName="C:\\Users\\FD1HVy\\AppData\\Local" (normalized: "c:\\users\\fd1hvy\\appdata\\local"), lpSecurityAttributes=0x0) returned 0 [0050.804] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local" (normalized: "c:\\users\\fd1hvy\\appdata\\local")) returned 0x10 [0050.804] GetLastError () returned 0xb7 [0050.804] CreateDirectoryW (lpPathName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp"), lpSecurityAttributes=0x0) returned 0 [0050.804] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp")) returned 0x10 [0050.804] GetLastError () returned 0xb7 [0050.804] CreateDirectoryW (lpPathName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\RarSFX0" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\rarsfx0"), lpSecurityAttributes=0x0) returned 1 [0050.806] SetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\RarSFX0", dwFileAttributes=0x0) returned 1 [0050.806] SetCurrentDirectoryW (lpPathName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\RarSFX0" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\rarsfx0")) returned 1 [0050.806] GetTickCount () returned 0x114d330 [0050.806] GetLastError () returned 0xb7 [0050.806] SetLastError (dwErrCode=0xb7) [0050.807] CreateFileW (lpFileName="__tmp_rar_sfx_access_check_18142000" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\rarsfx0\\__tmp_rar_sfx_access_check_18142000"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x7c [0050.807] CloseHandle (hObject=0x7c) returned 1 [0050.808] DeleteFileW (lpFileName="__tmp_rar_sfx_access_check_18142000" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\rarsfx0\\__tmp_rar_sfx_access_check_18142000")) returned 1 [0050.808] GetDlgItem (hDlg=0xf0216, nIDDlgItem=103) returned 0x50212 [0050.808] ShowWindow (hWnd=0x50212, nCmdShow=0) returned 1 [0050.809] GetDlgItem (hDlg=0xf0216, nIDDlgItem=102) returned 0x7002e [0050.809] ShowWindow (hWnd=0x7002e, nCmdShow=0) returned 1 [0050.809] LoadStringW (in: hInstance=0xfb0000, uID=0xe6, lpBuffer=0xfed430, cchBufferMax=512 | out: lpBuffer="Pause") returned 0x5 [0050.809] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Pause", cchWideChar=-1, lpMultiByteStr=0x4d9750, cbMultiByte=4096, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Pause", lpUsedDefaultChar=0x0) returned 6 [0050.809] GetLastError () returned 0x0 [0050.809] SetLastError (dwErrCode=0x0) [0050.809] SetDlgItemTextW (hDlg=0xf0216, nIDDlgItem=1, lpString="Duraklat") returned 1 [0050.809] GetDlgItem (hDlg=0xf0216, nIDDlgItem=105) returned 0x20222 [0050.809] ShowWindow (hWnd=0x20222, nCmdShow=9) returned 0 [0050.810] SetDlgItemTextW (hDlg=0xf0216, nIDDlgItem=101, lpString="") returned 1 [0050.810] GetDlgItem (hDlg=0xf0216, nIDDlgItem=101) returned 0x60030 [0050.810] GetProcAddress (hModule=0x74b70000, lpProcName="GetWindowLongW") returned 0x74b937e0 [0050.810] GetWindowLongW (hWnd=0x60030, nIndex=-16) returned 1342341120 [0050.810] GetProcAddress (hModule=0x74b70000, lpProcName="SetWindowLongW") returned 0x74b958c0 [0050.810] SetWindowLongW (hWnd=0x60030, nIndex=-16, dwNewLong=1342341248) returned 1342341120 [0050.812] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Bu açıklamadan sonraki kısım SFX kod komutlarını içerir", cchCount1=-1, lpString2="Delete", cchCount2=-1) returned 1 [0050.812] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Bu açıklamadan sonraki kısım SFX kod komutlarını içerir", cchCount1=-1, lpString2="Text", cchCount2=-1) returned 1 [0050.812] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Bu açıklamadan sonraki kısım SFX kod komutlarını içerir", cchCount1=-1, lpString2="Title", cchCount2=-1) returned 1 [0050.812] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Bu açıklamadan sonraki kısım SFX kod komutlarını içerir", cchCount1=-1, lpString2="Path", cchCount2=-1) returned 1 [0050.812] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Bu açıklamadan sonraki kısım SFX kod komutlarını içerir", cchCount1=-1, lpString2="Silent", cchCount2=-1) returned 1 [0050.812] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Bu açıklamadan sonraki kısım SFX kod komutlarını içerir", cchCount1=-1, lpString2="Overwrite", cchCount2=-1) returned 1 [0050.812] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Bu açıklamadan sonraki kısım SFX kod komutlarını içerir", cchCount1=-1, lpString2="Setup", cchCount2=-1) returned 1 [0050.812] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Bu açıklamadan sonraki kısım SFX kod komutlarını içerir", cchCount1=-1, lpString2="TempMode", cchCount2=-1) returned 1 [0050.812] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Bu açıklamadan sonraki kısım SFX kod komutlarını içerir", cchCount1=-1, lpString2="License", cchCount2=-1) returned 1 [0050.812] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Bu açıklamadan sonraki kısım SFX kod komutlarını içerir", cchCount1=-1, lpString2="Presetup", cchCount2=-1) returned 1 [0050.812] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Bu açıklamadan sonraki kısım SFX kod komutlarını içerir", cchCount1=-1, lpString2="Shortcut", cchCount2=-1) returned 1 [0050.812] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Bu açıklamadan sonraki kısım SFX kod komutlarını içerir", cchCount1=-1, lpString2="SavePath", cchCount2=-1) returned 1 [0050.812] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Bu açıklamadan sonraki kısım SFX kod komutlarını içerir", cchCount1=-1, lpString2="Update", cchCount2=-1) returned 1 [0050.812] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Bu açıklamadan sonraki kısım SFX kod komutlarını içerir", cchCount1=-1, lpString2="SetupCode", cchCount2=-1) returned 1 [0050.812] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Delete", cchCount2=-1) returned 1 [0050.812] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Text", cchCount2=-1) returned 1 [0050.812] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Title", cchCount2=-1) returned 1 [0050.812] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Path", cchCount2=-1) returned 1 [0050.813] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Silent", cchCount2=-1) returned 1 [0050.813] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Overwrite", cchCount2=-1) returned 1 [0050.813] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Setup", cchCount2=-1) returned 1 [0050.813] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="TempMode", cchCount2=-1) returned 1 [0050.813] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="License", cchCount2=-1) returned 1 [0050.813] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Presetup", cchCount2=-1) returned 1 [0050.813] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Shortcut", cchCount2=-1) returned 1 [0050.813] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="SavePath", cchCount2=-1) returned 1 [0050.813] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Update", cchCount2=-1) returned 1 [0050.813] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="SetupCode", cchCount2=-1) returned 1 [0050.813] ExpandEnvironmentStringsW (in: lpSrc="%temp%", lpDst=0x4bdab4, nSize=0x1000 | out: lpDst="C:\\Users\\FD1HVy\\AppData\\Local\\Temp") returned 0x23 [0050.813] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Path", cchCount1=-1, lpString2="Delete", cchCount2=-1) returned 3 [0050.813] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Path", cchCount1=-1, lpString2="Text", cchCount2=-1) returned 1 [0050.813] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Path", cchCount1=-1, lpString2="Title", cchCount2=-1) returned 1 [0050.813] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Path", cchCount1=-1, lpString2="Path", cchCount2=-1) returned 2 [0050.813] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="SavePath", cchCount1=-1, lpString2="Delete", cchCount2=-1) returned 3 [0050.813] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="SavePath", cchCount1=-1, lpString2="Text", cchCount2=-1) returned 1 [0050.813] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="SavePath", cchCount1=-1, lpString2="Title", cchCount2=-1) returned 1 [0050.813] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="SavePath", cchCount1=-1, lpString2="Path", cchCount2=-1) returned 3 [0050.813] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="SavePath", cchCount1=-1, lpString2="Silent", cchCount2=-1) returned 1 [0050.813] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="SavePath", cchCount1=-1, lpString2="Overwrite", cchCount2=-1) returned 3 [0050.813] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="SavePath", cchCount1=-1, lpString2="Setup", cchCount2=-1) returned 1 [0050.813] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="SavePath", cchCount1=-1, lpString2="TempMode", cchCount2=-1) returned 1 [0050.813] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="SavePath", cchCount1=-1, lpString2="License", cchCount2=-1) returned 3 [0050.813] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="SavePath", cchCount1=-1, lpString2="Presetup", cchCount2=-1) returned 3 [0050.813] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="SavePath", cchCount1=-1, lpString2="Shortcut", cchCount2=-1) returned 1 [0050.813] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="SavePath", cchCount1=-1, lpString2="SavePath", cchCount2=-1) returned 2 [0050.813] ExpandEnvironmentStringsW (in: lpSrc="vodafone.bat", lpDst=0x4bdab4, nSize=0x1000 | out: lpDst="vodafone.bat") returned 0xd [0050.813] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Setup", cchCount1=-1, lpString2="Delete", cchCount2=-1) returned 3 [0050.813] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Setup", cchCount1=-1, lpString2="Text", cchCount2=-1) returned 1 [0050.813] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Setup", cchCount1=-1, lpString2="Title", cchCount2=-1) returned 1 [0050.813] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Setup", cchCount1=-1, lpString2="Path", cchCount2=-1) returned 3 [0050.814] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Setup", cchCount1=-1, lpString2="Silent", cchCount2=-1) returned 1 [0050.814] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Setup", cchCount1=-1, lpString2="Overwrite", cchCount2=-1) returned 3 [0050.814] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Setup", cchCount1=-1, lpString2="Setup", cchCount2=-1) returned 2 [0050.814] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="TempMode", cchCount1=-1, lpString2="Delete", cchCount2=-1) returned 3 [0050.814] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="TempMode", cchCount1=-1, lpString2="Text", cchCount2=-1) returned 1 [0050.814] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="TempMode", cchCount1=-1, lpString2="Title", cchCount2=-1) returned 1 [0050.814] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="TempMode", cchCount1=-1, lpString2="Path", cchCount2=-1) returned 3 [0050.814] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="TempMode", cchCount1=-1, lpString2="Silent", cchCount2=-1) returned 3 [0050.814] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="TempMode", cchCount1=-1, lpString2="Overwrite", cchCount2=-1) returned 3 [0050.814] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="TempMode", cchCount1=-1, lpString2="Setup", cchCount2=-1) returned 3 [0050.814] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="TempMode", cchCount1=-1, lpString2="TempMode", cchCount2=-1) returned 2 [0050.814] ExpandEnvironmentStringsW (in: lpSrc="1", lpDst=0x4bdab4, nSize=0x1000 | out: lpDst="1") returned 0x2 [0050.814] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Silent", cchCount1=-1, lpString2="Delete", cchCount2=-1) returned 3 [0050.814] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Silent", cchCount1=-1, lpString2="Text", cchCount2=-1) returned 1 [0050.814] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Silent", cchCount1=-1, lpString2="Title", cchCount2=-1) returned 1 [0050.814] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Silent", cchCount1=-1, lpString2="Path", cchCount2=-1) returned 3 [0050.814] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Silent", cchCount1=-1, lpString2="Silent", cchCount2=-1) returned 2 [0050.814] ExpandEnvironmentStringsW (in: lpSrc="1", lpDst=0x4bdab4, nSize=0x1000 | out: lpDst="1") returned 0x2 [0050.814] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Overwrite", cchCount1=-1, lpString2="Delete", cchCount2=-1) returned 3 [0050.814] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Overwrite", cchCount1=-1, lpString2="Text", cchCount2=-1) returned 1 [0050.814] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Overwrite", cchCount1=-1, lpString2="Title", cchCount2=-1) returned 1 [0050.814] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Overwrite", cchCount1=-1, lpString2="Path", cchCount2=-1) returned 1 [0050.814] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Overwrite", cchCount1=-1, lpString2="Silent", cchCount2=-1) returned 1 [0050.814] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Overwrite", cchCount1=-1, lpString2="Overwrite", cchCount2=-1) returned 2 [0050.814] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Bu açıklamadan sonraki kısım SFX kod komutlarını içerir", cchCount1=-1, lpString2="Delete", cchCount2=-1) returned 1 [0050.815] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Bu açıklamadan sonraki kısım SFX kod komutlarını içerir", cchCount1=-1, lpString2="Text", cchCount2=-1) returned 1 [0050.815] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Bu açıklamadan sonraki kısım SFX kod komutlarını içerir", cchCount1=-1, lpString2="Title", cchCount2=-1) returned 1 [0050.815] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Bu açıklamadan sonraki kısım SFX kod komutlarını içerir", cchCount1=-1, lpString2="Path", cchCount2=-1) returned 1 [0050.815] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Bu açıklamadan sonraki kısım SFX kod komutlarını içerir", cchCount1=-1, lpString2="Silent", cchCount2=-1) returned 1 [0050.815] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Bu açıklamadan sonraki kısım SFX kod komutlarını içerir", cchCount1=-1, lpString2="Overwrite", cchCount2=-1) returned 1 [0050.815] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Bu açıklamadan sonraki kısım SFX kod komutlarını içerir", cchCount1=-1, lpString2="Setup", cchCount2=-1) returned 1 [0050.815] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Bu açıklamadan sonraki kısım SFX kod komutlarını içerir", cchCount1=-1, lpString2="TempMode", cchCount2=-1) returned 1 [0050.815] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Bu açıklamadan sonraki kısım SFX kod komutlarını içerir", cchCount1=-1, lpString2="License", cchCount2=-1) returned 1 [0050.815] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Bu açıklamadan sonraki kısım SFX kod komutlarını içerir", cchCount1=-1, lpString2="Presetup", cchCount2=-1) returned 1 [0050.815] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Bu açıklamadan sonraki kısım SFX kod komutlarını içerir", cchCount1=-1, lpString2="Shortcut", cchCount2=-1) returned 1 [0050.815] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Bu açıklamadan sonraki kısım SFX kod komutlarını içerir", cchCount1=-1, lpString2="SavePath", cchCount2=-1) returned 1 [0050.815] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Bu açıklamadan sonraki kısım SFX kod komutlarını içerir", cchCount1=-1, lpString2="Update", cchCount2=-1) returned 1 [0050.815] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Bu açıklamadan sonraki kısım SFX kod komutlarını içerir", cchCount1=-1, lpString2="SetupCode", cchCount2=-1) returned 1 [0050.815] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Delete", cchCount2=-1) returned 1 [0050.815] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Text", cchCount2=-1) returned 1 [0050.815] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Title", cchCount2=-1) returned 1 [0050.815] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Path", cchCount2=-1) returned 1 [0050.815] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Silent", cchCount2=-1) returned 1 [0050.815] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Overwrite", cchCount2=-1) returned 1 [0050.815] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Setup", cchCount2=-1) returned 1 [0050.815] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="TempMode", cchCount2=-1) returned 1 [0050.815] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="License", cchCount2=-1) returned 1 [0050.815] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Presetup", cchCount2=-1) returned 1 [0050.815] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Shortcut", cchCount2=-1) returned 1 [0050.815] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="SavePath", cchCount2=-1) returned 1 [0050.815] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Update", cchCount2=-1) returned 1 [0050.815] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="SetupCode", cchCount2=-1) returned 1 [0050.815] ExpandEnvironmentStringsW (in: lpSrc="%temp%", lpDst=0x4bdab4, nSize=0x1000 | out: lpDst="C:\\Users\\FD1HVy\\AppData\\Local\\Temp") returned 0x23 [0050.815] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Path", cchCount1=-1, lpString2="Delete", cchCount2=-1) returned 3 [0050.815] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Path", cchCount1=-1, lpString2="Text", cchCount2=-1) returned 1 [0050.815] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Path", cchCount1=-1, lpString2="Title", cchCount2=-1) returned 1 [0050.815] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Path", cchCount1=-1, lpString2="Path", cchCount2=-1) returned 2 [0050.815] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="SavePath", cchCount1=-1, lpString2="Delete", cchCount2=-1) returned 3 [0050.816] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="SavePath", cchCount1=-1, lpString2="Text", cchCount2=-1) returned 1 [0050.816] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="SavePath", cchCount1=-1, lpString2="Title", cchCount2=-1) returned 1 [0050.816] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="SavePath", cchCount1=-1, lpString2="Path", cchCount2=-1) returned 3 [0050.816] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="SavePath", cchCount1=-1, lpString2="Silent", cchCount2=-1) returned 1 [0050.816] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="SavePath", cchCount1=-1, lpString2="Overwrite", cchCount2=-1) returned 3 [0050.816] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="SavePath", cchCount1=-1, lpString2="Setup", cchCount2=-1) returned 1 [0050.816] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="SavePath", cchCount1=-1, lpString2="TempMode", cchCount2=-1) returned 1 [0050.816] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="SavePath", cchCount1=-1, lpString2="License", cchCount2=-1) returned 3 [0050.816] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="SavePath", cchCount1=-1, lpString2="Presetup", cchCount2=-1) returned 3 [0050.816] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="SavePath", cchCount1=-1, lpString2="Shortcut", cchCount2=-1) returned 1 [0050.816] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="SavePath", cchCount1=-1, lpString2="SavePath", cchCount2=-1) returned 2 [0050.816] ExpandEnvironmentStringsW (in: lpSrc="vodafone.bat", lpDst=0x4bdab4, nSize=0x1000 | out: lpDst="vodafone.bat") returned 0xd [0050.816] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Setup", cchCount1=-1, lpString2="Delete", cchCount2=-1) returned 3 [0050.816] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Setup", cchCount1=-1, lpString2="Text", cchCount2=-1) returned 1 [0050.816] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Setup", cchCount1=-1, lpString2="Title", cchCount2=-1) returned 1 [0050.816] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Setup", cchCount1=-1, lpString2="Path", cchCount2=-1) returned 3 [0050.816] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Setup", cchCount1=-1, lpString2="Silent", cchCount2=-1) returned 1 [0050.816] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Setup", cchCount1=-1, lpString2="Overwrite", cchCount2=-1) returned 3 [0050.816] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Setup", cchCount1=-1, lpString2="Setup", cchCount2=-1) returned 2 [0050.816] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="TempMode", cchCount1=-1, lpString2="Delete", cchCount2=-1) returned 3 [0050.816] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="TempMode", cchCount1=-1, lpString2="Text", cchCount2=-1) returned 1 [0050.816] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="TempMode", cchCount1=-1, lpString2="Title", cchCount2=-1) returned 1 [0050.816] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="TempMode", cchCount1=-1, lpString2="Path", cchCount2=-1) returned 3 [0050.816] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="TempMode", cchCount1=-1, lpString2="Silent", cchCount2=-1) returned 3 [0050.816] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="TempMode", cchCount1=-1, lpString2="Overwrite", cchCount2=-1) returned 3 [0050.816] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="TempMode", cchCount1=-1, lpString2="Setup", cchCount2=-1) returned 3 [0050.816] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="TempMode", cchCount1=-1, lpString2="TempMode", cchCount2=-1) returned 2 [0050.816] ExpandEnvironmentStringsW (in: lpSrc="1", lpDst=0x4bdab4, nSize=0x1000 | out: lpDst="1") returned 0x2 [0050.816] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Silent", cchCount1=-1, lpString2="Delete", cchCount2=-1) returned 3 [0050.816] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Silent", cchCount1=-1, lpString2="Text", cchCount2=-1) returned 1 [0050.816] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Silent", cchCount1=-1, lpString2="Title", cchCount2=-1) returned 1 [0050.816] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Silent", cchCount1=-1, lpString2="Path", cchCount2=-1) returned 3 [0050.817] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Silent", cchCount1=-1, lpString2="Silent", cchCount2=-1) returned 2 [0050.817] ExpandEnvironmentStringsW (in: lpSrc="1", lpDst=0x4bdab4, nSize=0x1000 | out: lpDst="1") returned 0x2 [0050.817] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Overwrite", cchCount1=-1, lpString2="Delete", cchCount2=-1) returned 3 [0050.817] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Overwrite", cchCount1=-1, lpString2="Text", cchCount2=-1) returned 1 [0050.817] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Overwrite", cchCount1=-1, lpString2="Title", cchCount2=-1) returned 1 [0050.817] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Overwrite", cchCount1=-1, lpString2="Path", cchCount2=-1) returned 1 [0050.817] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Overwrite", cchCount1=-1, lpString2="Silent", cchCount2=-1) returned 1 [0050.817] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Overwrite", cchCount1=-1, lpString2="Overwrite", cchCount2=-1) returned 2 [0050.817] RtlAllocateHeap (HeapHandle=0x730000, Flags=0x0, Size=0x40) returned 0x75f220 [0050.817] RtlAllocateHeap (HeapHandle=0x730000, Flags=0x0, Size=0x68) returned 0x76c318 [0050.817] RtlAllocateHeap (HeapHandle=0x730000, Flags=0x0, Size=0x10c0) returned 0x76cb38 [0050.817] RtlAllocateHeap (HeapHandle=0x730000, Flags=0x0, Size=0x10c0) returned 0x771820 [0050.817] RtlAllocateHeap (HeapHandle=0x730000, Flags=0x0, Size=0xe6e0) returned 0x7728e8 [0050.817] RtlAllocateHeap (HeapHandle=0x730000, Flags=0x0, Size=0x8003) returned 0x780fd0 [0050.818] RtlAllocateHeap (HeapHandle=0x730000, Flags=0x0, Size=0x8003) returned 0x788fe0 [0050.818] RtlAllocateHeap (HeapHandle=0x730000, Flags=0x0, Size=0x1b8) returned 0x7670f8 [0050.818] CreateSemaphoreW (lpSemaphoreAttributes=0x0, lInitialCount=0, lMaximumCount=32, lpName=0x0) returned 0x7c [0050.818] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=1, lpName=0x0) returned 0x2b4 [0050.819] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\454364vodafone-e-fatura.exe", lpFindFileData=0x4d7388 | out: lpFindFileData=0x4d7388*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x46f63600, ftCreationTime.dwHighDateTime=0x1d57301, ftLastAccessTime.dwLowDateTime=0x46f63600, ftLastAccessTime.dwHighDateTime=0x1d57301, ftLastWriteTime.dwLowDateTime=0x4493dc00, ftLastWriteTime.dwHighDateTime=0x1d57301, nFileSizeHigh=0x0, nFileSizeLow=0x11aa19, dwReserved0=0x0, dwReserved1=0x0, cFileName="454364vodafone-e-fatura.exe", cAlternateFileName="454364~1.EXE")) returned 0x769250 [0050.819] FindClose (in: hFindFile=0x769250 | out: hFindFile=0x769250) returned 1 [0050.819] RtlAllocateHeap (HeapHandle=0x730000, Flags=0x0, Size=0x10c0) returned 0x790ff0 [0050.819] RtlAllocateHeap (HeapHandle=0x730000, Flags=0x0, Size=0x10c0) returned 0x7920b8 [0050.819] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\454364vodafone-e-fatura.exe" (normalized: "c:\\users\\fd1hvy\\desktop\\454364vodafone-e-fatura.exe"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8000000, hTemplateFile=0x0) returned 0x2b8 [0050.819] ReadFile (in: hFile=0x2b8, lpBuffer=0x4d0a94, nNumberOfBytesToRead=0x7, lpNumberOfBytesRead=0x4ce818, lpOverlapped=0x0 | out: lpBuffer=0x4d0a94*, lpNumberOfBytesRead=0x4ce818*=0x7, lpOverlapped=0x0) returned 1 [0050.820] RtlAllocateHeap (HeapHandle=0x730000, Flags=0x0, Size=0x200000) returned 0x3e14020 [0050.825] SetFilePointer (in: hFile=0x2b8, lDistanceToMove=0, lpDistanceToMoveHigh=0x4ce848*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x4ce848*=0) returned 0x7 [0050.825] ReadFile (in: hFile=0x2b8, lpBuffer=0x3e14020, nNumberOfBytesToRead=0x1ffff0, lpNumberOfBytesRead=0x4ce818, lpOverlapped=0x0 | out: lpBuffer=0x3e14020*, lpNumberOfBytesRead=0x4ce818*=0x11aa12, lpOverlapped=0x0) returned 1 [0050.858] SetFilePointer (in: hFile=0x2b8, lDistanceToMove=371310, lpDistanceToMoveHigh=0x4ce838*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x4ce838*=0) returned 0x5aa6e [0050.859] ReadFile (in: hFile=0x2b8, lpBuffer=0x4d0a94, nNumberOfBytesToRead=0x7, lpNumberOfBytesRead=0x4ce818, lpOverlapped=0x0 | out: lpBuffer=0x4d0a94*, lpNumberOfBytesRead=0x4ce818*=0x7, lpOverlapped=0x0) returned 1 [0050.859] HeapFree (in: hHeap=0x730000, dwFlags=0x0, lpMem=0x3e14020 | out: hHeap=0x730000) returned 1 [0050.870] ReadFile (in: hFile=0x2b8, lpBuffer=0x4d0a9b, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x4ce818, lpOverlapped=0x0 | out: lpBuffer=0x4d0a9b*, lpNumberOfBytesRead=0x4ce818*=0x1, lpOverlapped=0x0) returned 1 [0050.870] SetFilePointer (in: hFile=0x2b8, lDistanceToMove=0, lpDistanceToMoveHigh=0x4ce840*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x4ce840*=0) returned 0x5aa76 [0050.870] RtlAllocateHeap (HeapHandle=0x730000, Flags=0x0, Size=0x20) returned 0x76a438 [0050.870] ReadFile (in: hFile=0x2b8, lpBuffer=0x76a438, nNumberOfBytesToRead=0x7, lpNumberOfBytesRead=0x4cc700, lpOverlapped=0x0 | out: lpBuffer=0x76a438*, lpNumberOfBytesRead=0x4cc700*=0x7, lpOverlapped=0x0) returned 1 [0050.870] ReadFile (in: hFile=0x2b8, lpBuffer=0x76a43f, nNumberOfBytesToRead=0xa, lpNumberOfBytesRead=0x4cc700, lpOverlapped=0x0 | out: lpBuffer=0x76a43f*, lpNumberOfBytesRead=0x4cc700*=0xa, lpOverlapped=0x0) returned 1 [0050.870] HeapFree (in: hHeap=0x730000, dwFlags=0x0, lpMem=0x76a438 | out: hHeap=0x730000) returned 1 [0050.870] SetFilePointer (in: hFile=0x2b8, lDistanceToMove=371335, lpDistanceToMoveHigh=0x4ce834*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x4ce834*=0) returned 0x5aa87 [0050.870] SetFilePointer (in: hFile=0x2b8, lDistanceToMove=0, lpDistanceToMoveHigh=0x4ce848*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x4ce848*=0) returned 0x5aa87 [0050.870] SetFilePointer (in: hFile=0x2b8, lDistanceToMove=0, lpDistanceToMoveHigh=0x4ce840*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x4ce840*=0) returned 0x5aa87 [0050.870] RtlAllocateHeap (HeapHandle=0x730000, Flags=0x0, Size=0x20) returned 0x76a2f8 [0050.870] ReadFile (in: hFile=0x2b8, lpBuffer=0x76a2f8, nNumberOfBytesToRead=0x7, lpNumberOfBytesRead=0x4cc700, lpOverlapped=0x0 | out: lpBuffer=0x76a2f8*, lpNumberOfBytesRead=0x4cc700*=0x7, lpOverlapped=0x0) returned 1 [0050.870] ReadFile (in: hFile=0x2b8, lpBuffer=0x76a2ff, nNumberOfBytesToRead=0x11, lpNumberOfBytesRead=0x4cc700, lpOverlapped=0x0 | out: lpBuffer=0x76a2ff*, lpNumberOfBytesRead=0x4cc700*=0x11, lpOverlapped=0x0) returned 1 [0050.871] HeapFree (in: hHeap=0x730000, dwFlags=0x0, lpMem=0x76a2f8 | out: hHeap=0x730000) returned 1 [0050.871] SetFilePointer (in: hFile=0x2b8, lDistanceToMove=371503, lpDistanceToMoveHigh=0x4ce834*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x4ce834*=0) returned 0x5ab2f [0050.871] SetFilePointer (in: hFile=0x2b8, lDistanceToMove=0, lpDistanceToMoveHigh=0x4ce840*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x4ce840*=0) returned 0x5ab2f [0050.871] RtlAllocateHeap (HeapHandle=0x730000, Flags=0x0, Size=0x20) returned 0x76a2a8 [0050.871] ReadFile (in: hFile=0x2b8, lpBuffer=0x76a2a8, nNumberOfBytesToRead=0x7, lpNumberOfBytesRead=0x4cc700, lpOverlapped=0x0 | out: lpBuffer=0x76a2a8*, lpNumberOfBytesRead=0x4cc700*=0x7, lpOverlapped=0x0) returned 1 [0050.871] RtlReAllocateHeap (Heap=0x730000, Flags=0x0, Ptr=0x76a2a8, Size=0x48) returned 0x76b1b8 [0050.871] ReadFile (in: hFile=0x2b8, lpBuffer=0x76b1bf, nNumberOfBytesToRead=0x26, lpNumberOfBytesRead=0x4cc700, lpOverlapped=0x0 | out: lpBuffer=0x76b1bf*, lpNumberOfBytesRead=0x4cc700*=0x26, lpOverlapped=0x0) returned 1 [0050.871] HeapFree (in: hHeap=0x730000, dwFlags=0x0, lpMem=0x76b1b8 | out: hHeap=0x730000) returned 1 [0050.871] SetFilePointer (in: hFile=0x2b8, lDistanceToMove=371335, lpDistanceToMoveHigh=0x4ce820*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x4ce820*=0) returned 0x5aa87 [0050.871] SetFilePointer (in: hFile=0x2b8, lDistanceToMove=0, lpDistanceToMoveHigh=0x4ce84c*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x4ce84c*=0) returned 0x5aa87 [0050.871] SetFilePointer (in: hFile=0x2b8, lDistanceToMove=0, lpDistanceToMoveHigh=0x4ce83c*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x4ce83c*=0) returned 0x11aa19 [0050.871] SetFilePointer (in: hFile=0x2b8, lDistanceToMove=0, lpDistanceToMoveHigh=0x4ce84c*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x4ce84c*=0) returned 0x11aa19 [0050.871] SetFilePointer (in: hFile=0x2b8, lDistanceToMove=371335, lpDistanceToMoveHigh=0x4ce824*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x4ce824*=0) returned 0x5aa87 [0050.871] GetSystemTime (in: lpSystemTime=0x4ce860 | out: lpSystemTime=0x4ce860*(wYear=0x7e3, wMonth=0x9, wDayOfWeek=0x2, wDay=0x18, wHour=0x11, wMinute=0x38, wSecond=0x21, wMilliseconds=0x271)) [0050.871] SystemTimeToFileTime (in: lpSystemTime=0x4ce860, lpFileTime=0x4ce870 | out: lpFileTime=0x4ce870) returned 1 [0050.871] LoadStringW (in: hInstance=0xfb0000, uID=0x8d, lpBuffer=0xfed830, cchBufferMax=512 | out: lpBuffer="Extracting from %s") returned 0x12 [0050.871] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Extracting from %s", cchWideChar=-1, lpMultiByteStr=0x4cb44c, cbMultiByte=4096, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Extracting from %s", lpUsedDefaultChar=0x0) returned 19 [0050.871] GetLastError () returned 0x0 [0050.871] SetLastError (dwErrCode=0x0) [0050.871] GetLastError () returned 0x0 [0050.872] SetLastError (dwErrCode=0x0) [0050.872] GetDlgItem (hDlg=0xf0216, nIDDlgItem=104) returned 0x80016 [0050.872] SendMessageW (hWnd=0x80016, Msg=0xb1, wParam=0x5f5e100, lParam=0x5f5e100) returned 0x25 [0050.872] SendMessageW (hWnd=0x80016, Msg=0x43a, wParam=0x0, lParam=0x4cd414) returned 0xf800003f [0050.872] SendMessageW (hWnd=0x80016, Msg=0x444, wParam=0x1, lParam=0x4cd414) returned 0x1 [0050.872] SendMessageW (hWnd=0x80016, Msg=0xc2, wParam=0x0, lParam=0x4cd47c) returned 0x34 [0050.875] SendMessageW (hWnd=0x80016, Msg=0xb1, wParam=0x5f5e100, lParam=0x5f5e100) returned 0x59 [0050.876] SendMessageW (hWnd=0x80016, Msg=0xc2, wParam=0x0, lParam=0xfe1368) returned 0x1 [0050.914] SetFilePointer (in: hFile=0x2b8, lDistanceToMove=0, lpDistanceToMoveHigh=0x4ce838*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x4ce838*=0) returned 0x5aa87 [0050.914] SetFilePointer (in: hFile=0x2b8, lDistanceToMove=371335, lpDistanceToMoveHigh=0x4ce824*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x4ce824*=0) returned 0x5aa87 [0050.914] SetFilePointer (in: hFile=0x2b8, lDistanceToMove=0, lpDistanceToMoveHigh=0x4ce818*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x4ce818*=0) returned 0x5aa87 [0050.914] RtlAllocateHeap (HeapHandle=0x730000, Flags=0x0, Size=0x20) returned 0x76a528 [0050.914] ReadFile (in: hFile=0x2b8, lpBuffer=0x76a528, nNumberOfBytesToRead=0x7, lpNumberOfBytesRead=0x4cc6d8, lpOverlapped=0x0 | out: lpBuffer=0x76a528*, lpNumberOfBytesRead=0x4cc6d8*=0x7, lpOverlapped=0x0) returned 1 [0050.914] ReadFile (in: hFile=0x2b8, lpBuffer=0x76a52f, nNumberOfBytesToRead=0x11, lpNumberOfBytesRead=0x4cc6d8, lpOverlapped=0x0 | out: lpBuffer=0x76a52f*, lpNumberOfBytesRead=0x4cc6d8*=0x11, lpOverlapped=0x0) returned 1 [0050.914] HeapFree (in: hHeap=0x730000, dwFlags=0x0, lpMem=0x76a528 | out: hHeap=0x730000) returned 1 [0050.914] RtlAllocateHeap (HeapHandle=0x730000, Flags=0x0, Size=0x8003) returned 0x793180 [0050.915] RtlAllocateHeap (HeapHandle=0x730000, Flags=0x0, Size=0x8003) returned 0x79b190 [0050.915] RtlAllocateHeap (HeapHandle=0x730000, Flags=0x0, Size=0x40000) returned 0x7a31a0 [0050.920] RtlAllocateHeap (HeapHandle=0x730000, Flags=0x0, Size=0x90) returned 0x76c788 [0050.920] RtlAllocateHeap (HeapHandle=0x730000, Flags=0x0, Size=0xb54) returned 0x7e31a8 [0050.920] RtlAllocateHeap (HeapHandle=0x730000, Flags=0x0, Size=0x100000) returned 0x3e1b020 [0050.923] ReadFile (in: hFile=0x2b8, lpBuffer=0x3e1b020, nNumberOfBytesToRead=0x90, lpNumberOfBytesRead=0x4c0070, lpOverlapped=0x0 | out: lpBuffer=0x3e1b020*, lpNumberOfBytesRead=0x4c0070*=0x90, lpOverlapped=0x0) returned 1 [0050.923] PeekMessageW (in: lpMsg=0x4c0078, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x4c0078) returned 0 [0050.947] SetThreadExecutionState (esFlags=0x1) returned 0x80000000 [0050.947] PeekMessageW (in: lpMsg=0x4c007c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x4c007c) returned 0 [0050.948] SetThreadExecutionState (esFlags=0x1) returned 0x80000000 [0050.948] PeekMessageW (in: lpMsg=0x4c0070, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x4c0070) returned 0 [0050.948] SetThreadExecutionState (esFlags=0x1) returned 0x80000000 [0050.948] HeapFree (in: hHeap=0x730000, dwFlags=0x0, lpMem=0x3e1b020 | out: hHeap=0x730000) returned 1 [0050.951] HeapFree (in: hHeap=0x730000, dwFlags=0x0, lpMem=0x7a31a0 | out: hHeap=0x730000) returned 1 [0050.951] HeapFree (in: hHeap=0x730000, dwFlags=0x0, lpMem=0x79b190 | out: hHeap=0x730000) returned 1 [0050.953] HeapFree (in: hHeap=0x730000, dwFlags=0x0, lpMem=0x793180 | out: hHeap=0x730000) returned 1 [0050.954] RtlReAllocateHeap (Heap=0x730000, Flags=0x0, Ptr=0x76c788, Size=0xd4) returned 0x76c788 [0050.954] RtlAllocateHeap (HeapHandle=0x730000, Flags=0x0, Size=0x122) returned 0x732908 [0050.954] HeapFree (in: hHeap=0x730000, dwFlags=0x0, lpMem=0x76c788 | out: hHeap=0x730000) returned 1 [0050.954] SetFilePointer (in: hFile=0x2b8, lDistanceToMove=371335, lpDistanceToMoveHigh=0x4ce810*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x4ce810*=0) returned 0x5aa87 [0050.954] HeapFree (in: hHeap=0x730000, dwFlags=0x0, lpMem=0x732908 | out: hHeap=0x730000) returned 1 [0050.954] SetFilePointer (in: hFile=0x2b8, lDistanceToMove=0, lpDistanceToMoveHigh=0x4ce888*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x4ce888*=0) returned 0x5aa87 [0050.954] RtlAllocateHeap (HeapHandle=0x730000, Flags=0x0, Size=0x20) returned 0x76a3c0 [0050.954] ReadFile (in: hFile=0x2b8, lpBuffer=0x76a3c0, nNumberOfBytesToRead=0x7, lpNumberOfBytesRead=0x4cc748, lpOverlapped=0x0 | out: lpBuffer=0x76a3c0*, lpNumberOfBytesRead=0x4cc748*=0x7, lpOverlapped=0x0) returned 1 [0050.955] ReadFile (in: hFile=0x2b8, lpBuffer=0x76a3c7, nNumberOfBytesToRead=0x11, lpNumberOfBytesRead=0x4cc748, lpOverlapped=0x0 | out: lpBuffer=0x76a3c7*, lpNumberOfBytesRead=0x4cc748*=0x11, lpOverlapped=0x0) returned 1 [0050.956] HeapFree (in: hHeap=0x730000, dwFlags=0x0, lpMem=0x76a3c0 | out: hHeap=0x730000) returned 1 [0050.956] SetFilePointer (in: hFile=0x2b8, lDistanceToMove=371503, lpDistanceToMoveHigh=0x4c96c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x4c96c0*=0) returned 0x5ab2f [0050.956] SetFilePointer (in: hFile=0x2b8, lDistanceToMove=0, lpDistanceToMoveHigh=0x4ce888*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x4ce888*=0) returned 0x5ab2f [0050.956] RtlAllocateHeap (HeapHandle=0x730000, Flags=0x0, Size=0x20) returned 0x76a348 [0050.956] ReadFile (in: hFile=0x2b8, lpBuffer=0x76a348, nNumberOfBytesToRead=0x7, lpNumberOfBytesRead=0x4cc748, lpOverlapped=0x0 | out: lpBuffer=0x76a348*, lpNumberOfBytesRead=0x4cc748*=0x7, lpOverlapped=0x0) returned 1 [0050.956] RtlReAllocateHeap (Heap=0x730000, Flags=0x0, Ptr=0x76a348, Size=0x48) returned 0x76b118 [0050.956] ReadFile (in: hFile=0x2b8, lpBuffer=0x76b11f, nNumberOfBytesToRead=0x26, lpNumberOfBytesRead=0x4cc748, lpOverlapped=0x0 | out: lpBuffer=0x76b11f*, lpNumberOfBytesRead=0x4cc748*=0x26, lpOverlapped=0x0) returned 1 [0050.956] HeapFree (in: hHeap=0x730000, dwFlags=0x0, lpMem=0x76b118 | out: hHeap=0x730000) returned 1 [0050.956] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="*", cchCount1=1, lpString2="vodafone.bat", cchCount2=1) returned 1 [0050.956] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="*", cchCount1=-1, lpString2="vodafone.bat", cchCount2=-1) returned 1 [0050.956] SetFilePointer (in: hFile=0x2b8, lDistanceToMove=371548, lpDistanceToMoveHigh=0x4c96c4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x4c96c4*=0) returned 0x5ab5c [0050.956] LoadStringW (in: hInstance=0xfb0000, uID=0x65, lpBuffer=0xfedc30, cchBufferMax=512 | out: lpBuffer="Extracting %s") returned 0xd [0050.956] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Extracting %s", cchWideChar=-1, lpMultiByteStr=0x4c6294, cbMultiByte=4096, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Extracting %s", lpUsedDefaultChar=0x0) returned 14 [0050.956] GetLastError () returned 0x0 [0050.956] SetLastError (dwErrCode=0x0) [0050.956] GetLastError () returned 0x0 [0050.956] SetLastError (dwErrCode=0x0) [0050.956] SetDlgItemTextW (hDlg=0xf0216, nIDDlgItem=101, lpString="vodafone.bat çıkartılıyor") returned 1 [0050.957] PeekMessageW (in: lpMsg=0x4c82a0, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x4c82a0) returned 0 [0050.958] GetFileAttributesW (lpFileName="vodafone.bat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\rarsfx0\\vodafone.bat")) returned 0xffffffff [0050.958] GetCurrentDirectoryW (in: nBufferLength=0x7ff, lpBuffer=0x4c6658 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\RarSFX0") returned 0x2a [0050.958] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\RarSFX0\\vodafone.bat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\rarsfx0\\vodafone.bat")) returned 0xffffffff [0050.958] CreateFileW (lpFileName="vodafone.bat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\rarsfx0\\vodafone.bat"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2bc [0050.958] GetFileType (hFile=0x2bc) returned 0x1 [0050.958] RtlAllocateHeap (HeapHandle=0x730000, Flags=0x0, Size=0xb54) returned 0x7e3d08 [0050.959] RtlAllocateHeap (HeapHandle=0x730000, Flags=0x0, Size=0xb54) returned 0x7e4868 [0050.959] RtlAllocateHeap (HeapHandle=0x730000, Flags=0x0, Size=0x100000) returned 0x3e16020 [0050.984] RtlAllocateHeap (HeapHandle=0x730000, Flags=0x0, Size=0x400400) returned 0x3f2f020 [0051.123] RtlAllocateHeap (HeapHandle=0x730000, Flags=0x0, Size=0x25724) returned 0x7e53c8 [0051.125] RtlAllocateHeap (HeapHandle=0x730000, Flags=0x0, Size=0x30c00) returned 0x793180 [0051.126] RtlAllocateHeap (HeapHandle=0x730000, Flags=0x0, Size=0x30c00) returned 0x4340048 [0051.126] RtlAllocateHeap (HeapHandle=0x730000, Flags=0x0, Size=0x30c00) returned 0x4370c50 [0051.179] RtlAllocateHeap (HeapHandle=0x730000, Flags=0x0, Size=0x30c00) returned 0x43a1858 [0051.179] RtlAllocateHeap (HeapHandle=0x730000, Flags=0x0, Size=0x30c00) returned 0x43d2460 [0051.180] RtlAllocateHeap (HeapHandle=0x730000, Flags=0x0, Size=0x30c00) returned 0x4403068 [0051.182] RtlAllocateHeap (HeapHandle=0x730000, Flags=0x0, Size=0x30c00) returned 0x4440048 [0051.183] RtlAllocateHeap (HeapHandle=0x730000, Flags=0x0, Size=0x30c00) returned 0x4470c50 [0051.184] ReadFile (in: hFile=0x2b8, lpBuffer=0x3f2f020, nNumberOfBytesToRead=0x2a, lpNumberOfBytesRead=0x4c9534, lpOverlapped=0x0 | out: lpBuffer=0x3f2f020*, lpNumberOfBytesRead=0x4c9534*=0x2a, lpOverlapped=0x0) returned 1 [0051.184] SendDlgItemMessageW (hDlg=0xf0216, nIDDlgItem=106, Msg=0x402, wParam=0x20, lParam=0x0) returned 0x0 [0051.186] PeekMessageW (in: lpMsg=0x4c94d8, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x4c94d8) returned 1 [0051.235] GetMessageW (in: lpMsg=0x4c94d8, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x4c94d8) returned 1 [0051.235] TranslateMessage (lpMsg=0x4c94d8) returned 0 [0051.235] DispatchMessageW (lpMsg=0x4c94d8) returned 0x0 [0051.235] PeekMessageW (in: lpMsg=0x4c953c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x4c953c) returned 1 [0051.235] GetMessageW (in: lpMsg=0x4c953c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x4c953c) returned 1 [0051.235] TranslateMessage (lpMsg=0x4c953c) returned 0 [0051.235] DispatchMessageW (lpMsg=0x4c953c) returned 0x0 [0051.235] SetThreadExecutionState (esFlags=0x1) returned 0x80000000 [0051.235] SendDlgItemMessageW (hDlg=0xf0216, nIDDlgItem=106, Msg=0x402, wParam=0x20, lParam=0x0) returned 0x20 [0051.237] PeekMessageW (in: lpMsg=0x4c94d8, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x4c94d8) returned 1 [0051.237] GetMessageW (in: lpMsg=0x4c94d8, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x4c94d8) returned 1 [0051.237] TranslateMessage (lpMsg=0x4c94d8) returned 0 [0051.237] DispatchMessageW (lpMsg=0x4c94d8) returned 0x0 [0051.237] PeekMessageW (in: lpMsg=0x4c953c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x4c953c) returned 0 [0051.237] SetThreadExecutionState (esFlags=0x1) returned 0x80000000 [0051.237] WriteFile (in: hFile=0x2bc, lpBuffer=0x3e16020*, nNumberOfBytesToWrite=0x1e, lpNumberOfBytesWritten=0x4c950c, lpOverlapped=0x0 | out: lpBuffer=0x3e16020*, lpNumberOfBytesWritten=0x4c950c*=0x1e, lpOverlapped=0x0) returned 1 [0051.238] PeekMessageW (in: lpMsg=0x4c94e0, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x4c94e0) returned 0 [0051.238] SetThreadExecutionState (esFlags=0x1) returned 0x80000000 [0051.238] SetFilePointer (in: hFile=0x2b8, lDistanceToMove=371590, lpDistanceToMoveHigh=0x4c96c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x4c96c0*=0) returned 0x5ab86 [0051.238] SetFileTime (hFile=0x2bc, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x4c96b4) returned 1 [0051.238] CloseHandle (hObject=0x2bc) returned 1 [0051.239] SetFileAttributesW (lpFileName="vodafone.bat", dwFileAttributes=0x20) returned 1 [0051.240] SetFilePointer (in: hFile=0x2b8, lDistanceToMove=0, lpDistanceToMoveHigh=0x4ce888*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x4ce888*=0) returned 0x5ab86 [0051.240] RtlAllocateHeap (HeapHandle=0x730000, Flags=0x0, Size=0x20) returned 0x76a3c0 [0051.240] ReadFile (in: hFile=0x2b8, lpBuffer=0x76a3c0, nNumberOfBytesToRead=0x7, lpNumberOfBytesRead=0x4cc748, lpOverlapped=0x0 | out: lpBuffer=0x76a3c0*, lpNumberOfBytesRead=0x4cc748*=0x7, lpOverlapped=0x0) returned 1 [0051.240] RtlReAllocateHeap (Heap=0x730000, Flags=0x0, Ptr=0x76a3c0, Size=0x48) returned 0x76b438 [0051.240] ReadFile (in: hFile=0x2b8, lpBuffer=0x76b43f, nNumberOfBytesToRead=0x2a, lpNumberOfBytesRead=0x4cc748, lpOverlapped=0x0 | out: lpBuffer=0x76b43f*, lpNumberOfBytesRead=0x4cc748*=0x2a, lpOverlapped=0x0) returned 1 [0051.240] HeapFree (in: hHeap=0x730000, dwFlags=0x0, lpMem=0x76b438 | out: hHeap=0x730000) returned 1 [0051.240] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="*", cchCount1=1, lpString2="fatura.sfx.exe", cchCount2=1) returned 1 [0051.240] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="*", cchCount1=-1, lpString2="fatura.sfx.exe", cchCount2=-1) returned 1 [0051.240] SetFilePointer (in: hFile=0x2b8, lDistanceToMove=371639, lpDistanceToMoveHigh=0x4c96c4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x4c96c4*=0) returned 0x5abb7 [0051.240] LoadStringW (in: hInstance=0xfb0000, uID=0x65, lpBuffer=0xfee030, cchBufferMax=512 | out: lpBuffer="Extracting %s") returned 0xd [0051.240] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Extracting %s", cchWideChar=-1, lpMultiByteStr=0x4c6294, cbMultiByte=4096, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Extracting %s", lpUsedDefaultChar=0x0) returned 14 [0051.240] GetLastError () returned 0x0 [0051.240] SetLastError (dwErrCode=0x0) [0051.240] GetLastError () returned 0x0 [0051.240] SetLastError (dwErrCode=0x0) [0051.240] SetDlgItemTextW (hDlg=0xf0216, nIDDlgItem=101, lpString="fatura.sfx.exe çıkartılıyor") returned 1 [0051.241] PeekMessageW (in: lpMsg=0x4c82a0, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x4c82a0) returned 0 [0051.241] GetFileAttributesW (lpFileName="fatura.sfx.exe" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\rarsfx0\\fatura.sfx.exe")) returned 0xffffffff [0051.241] GetCurrentDirectoryW (in: nBufferLength=0x7ff, lpBuffer=0x4c6658 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\RarSFX0") returned 0x2a [0051.241] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\RarSFX0\\fatura.sfx.exe" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\rarsfx0\\fatura.sfx.exe")) returned 0xffffffff [0051.241] CreateFileW (lpFileName="fatura.sfx.exe" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\rarsfx0\\fatura.sfx.exe"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2bc [0051.241] GetFileType (hFile=0x2bc) returned 0x1 [0051.241] ReadFile (in: hFile=0x2b8, lpBuffer=0x3f2f020, nNumberOfBytesToRead=0xbfe0c, lpNumberOfBytesRead=0x4c9534, lpOverlapped=0x0 | out: lpBuffer=0x3f2f020*, lpNumberOfBytesRead=0x4c9534*=0xbfe0c, lpOverlapped=0x0) returned 1 [0051.242] SendDlgItemMessageW (hDlg=0xf0216, nIDDlgItem=106, Msg=0x402, wParam=0x63, lParam=0x0) returned 0x20 [0051.242] PeekMessageW (in: lpMsg=0x4c94d8, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x4c94d8) returned 0 [0051.242] PeekMessageW (in: lpMsg=0x4c953c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x4c953c) returned 0 [0051.242] SetThreadExecutionState (esFlags=0x1) returned 0x80000000 [0051.242] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x10000, lpStartAddress=0xfbfd4f, lpParameter=0x7670f8, dwCreationFlags=0x0, lpThreadId=0x4c9578 | out: lpThreadId=0x4c9578*=0xe5c) returned 0x2cc [0051.243] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x10000, lpStartAddress=0xfbfd4f, lpParameter=0x7670f8, dwCreationFlags=0x0, lpThreadId=0x4c9578 | out: lpThreadId=0x4c9578*=0xcd8) returned 0x2d0 [0051.243] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x10000, lpStartAddress=0xfbfd4f, lpParameter=0x7670f8, dwCreationFlags=0x0, lpThreadId=0x4c9578 | out: lpThreadId=0x4c9578*=0xcb8) returned 0x2d4 [0051.244] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x10000, lpStartAddress=0xfbfd4f, lpParameter=0x7670f8, dwCreationFlags=0x0, lpThreadId=0x4c9578 | out: lpThreadId=0x4c9578*=0xd08) returned 0x2d8 [0051.245] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x10000, lpStartAddress=0xfbfd4f, lpParameter=0x7670f8, dwCreationFlags=0x0, lpThreadId=0x4c9578 | out: lpThreadId=0x4c9578*=0xcf4) returned 0x2dc [0051.245] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x10000, lpStartAddress=0xfbfd4f, lpParameter=0x7670f8, dwCreationFlags=0x0, lpThreadId=0x4c9578 | out: lpThreadId=0x4c9578*=0x9b4) returned 0x2e0 [0051.246] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x10000, lpStartAddress=0xfbfd4f, lpParameter=0x7670f8, dwCreationFlags=0x0, lpThreadId=0x4c9578 | out: lpThreadId=0x4c9578*=0x7b8) returned 0x2e4 [0051.247] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x10000, lpStartAddress=0xfbfd4f, lpParameter=0x7670f8, dwCreationFlags=0x0, lpThreadId=0x4c9578 | out: lpThreadId=0x4c9578*=0x784) returned 0x2e8 [0051.247] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x10000, lpStartAddress=0xfbfd4f, lpParameter=0x7670f8, dwCreationFlags=0x0, lpThreadId=0x4c9578 | out: lpThreadId=0x4c9578*=0xd44) returned 0x2ec [0051.248] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x10000, lpStartAddress=0xfbfd4f, lpParameter=0x7670f8, dwCreationFlags=0x0, lpThreadId=0x4c9578 | out: lpThreadId=0x4c9578*=0xd24) returned 0x2f0 [0051.249] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x10000, lpStartAddress=0xfbfd4f, lpParameter=0x7670f8, dwCreationFlags=0x0, lpThreadId=0x4c9578 | out: lpThreadId=0x4c9578*=0x39c) returned 0x2f4 [0051.249] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x10000, lpStartAddress=0xfbfd4f, lpParameter=0x7670f8, dwCreationFlags=0x0, lpThreadId=0x4c9578 | out: lpThreadId=0x4c9578*=0xc34) returned 0x2f8 [0051.250] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x10000, lpStartAddress=0xfbfd4f, lpParameter=0x7670f8, dwCreationFlags=0x0, lpThreadId=0x4c9578 | out: lpThreadId=0x4c9578*=0x58) returned 0x2fc [0051.251] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x10000, lpStartAddress=0xfbfd4f, lpParameter=0x7670f8, dwCreationFlags=0x0, lpThreadId=0x4c9578 | out: lpThreadId=0x4c9578*=0xc58) returned 0x300 [0051.251] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x10000, lpStartAddress=0xfbfd4f, lpParameter=0x7670f8, dwCreationFlags=0x0, lpThreadId=0x4c9578 | out: lpThreadId=0x4c9578*=0xf64) returned 0x304 [0051.252] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x10000, lpStartAddress=0xfbfd4f, lpParameter=0x7670f8, dwCreationFlags=0x0, lpThreadId=0x4c9578 | out: lpThreadId=0x4c9578*=0xd30) returned 0x308 [0051.253] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x10000, lpStartAddress=0xfbfd4f, lpParameter=0x7670f8, dwCreationFlags=0x0, lpThreadId=0x4c9578 | out: lpThreadId=0x4c9578*=0xc38) returned 0x30c [0051.254] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x10000, lpStartAddress=0xfbfd4f, lpParameter=0x7670f8, dwCreationFlags=0x0, lpThreadId=0x4c9578 | out: lpThreadId=0x4c9578*=0x744) returned 0x310 [0051.254] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x10000, lpStartAddress=0xfbfd4f, lpParameter=0x7670f8, dwCreationFlags=0x0, lpThreadId=0x4c9578 | out: lpThreadId=0x4c9578*=0xf88) returned 0x314 [0051.255] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x10000, lpStartAddress=0xfbfd4f, lpParameter=0x7670f8, dwCreationFlags=0x0, lpThreadId=0x4c9578 | out: lpThreadId=0x4c9578*=0xcec) returned 0x318 [0051.256] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x10000, lpStartAddress=0xfbfd4f, lpParameter=0x7670f8, dwCreationFlags=0x0, lpThreadId=0x4c9578 | out: lpThreadId=0x4c9578*=0x37c) returned 0x31c [0051.256] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x10000, lpStartAddress=0xfbfd4f, lpParameter=0x7670f8, dwCreationFlags=0x0, lpThreadId=0x4c9578 | out: lpThreadId=0x4c9578*=0xa90) returned 0x320 [0051.257] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x10000, lpStartAddress=0xfbfd4f, lpParameter=0x7670f8, dwCreationFlags=0x0, lpThreadId=0x4c9578 | out: lpThreadId=0x4c9578*=0xdb0) returned 0x324 [0051.258] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x10000, lpStartAddress=0xfbfd4f, lpParameter=0x7670f8, dwCreationFlags=0x0, lpThreadId=0x4c9578 | out: lpThreadId=0x4c9578*=0x540) returned 0x328 [0051.258] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x10000, lpStartAddress=0xfbfd4f, lpParameter=0x7670f8, dwCreationFlags=0x0, lpThreadId=0x4c9578 | out: lpThreadId=0x4c9578*=0x840) returned 0x32c [0051.259] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x10000, lpStartAddress=0xfbfd4f, lpParameter=0x7670f8, dwCreationFlags=0x0, lpThreadId=0x4c9578 | out: lpThreadId=0x4c9578*=0xd20) returned 0x330 [0051.260] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x10000, lpStartAddress=0xfbfd4f, lpParameter=0x7670f8, dwCreationFlags=0x0, lpThreadId=0x4c9578 | out: lpThreadId=0x4c9578*=0x7a8) returned 0x334 [0051.260] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x10000, lpStartAddress=0xfbfd4f, lpParameter=0x7670f8, dwCreationFlags=0x0, lpThreadId=0x4c9578 | out: lpThreadId=0x4c9578*=0x6c8) returned 0x338 [0051.261] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x10000, lpStartAddress=0xfbfd4f, lpParameter=0x7670f8, dwCreationFlags=0x0, lpThreadId=0x4c9578 | out: lpThreadId=0x4c9578*=0x2ac) returned 0x33c [0051.262] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x10000, lpStartAddress=0xfbfd4f, lpParameter=0x7670f8, dwCreationFlags=0x0, lpThreadId=0x4c9578 | out: lpThreadId=0x4c9578*=0x344) returned 0x340 [0051.262] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x10000, lpStartAddress=0xfbfd4f, lpParameter=0x7670f8, dwCreationFlags=0x0, lpThreadId=0x4c9578 | out: lpThreadId=0x4c9578*=0xe00) returned 0x344 [0051.263] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x10000, lpStartAddress=0xfbfd4f, lpParameter=0x7670f8, dwCreationFlags=0x0, lpThreadId=0x4c9578 | out: lpThreadId=0x4c9578*=0xda4) returned 0x348 [0051.263] ResetEvent (hEvent=0x2b4) returned 1 [0051.264] ReleaseSemaphore (in: hSemaphore=0x7c, lReleaseCount=4, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.264] WaitForSingleObject (hHandle=0x2b4, dwMilliseconds=0xffffffff) returned 0x0 [0051.301] RtlAllocateHeap (HeapHandle=0x730000, Flags=0x0, Size=0x200) returned 0x44a2730 [0051.303] ResetEvent (hEvent=0x2b4) returned 1 [0051.303] ReleaseSemaphore (in: hSemaphore=0x7c, lReleaseCount=4, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.303] WaitForSingleObject (hHandle=0x2b4, dwMilliseconds=0xffffffff) returned 0x0 [0051.305] ResetEvent (hEvent=0x2b4) returned 1 [0051.305] ReleaseSemaphore (in: hSemaphore=0x7c, lReleaseCount=4, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.305] WaitForSingleObject (hHandle=0x2b4, dwMilliseconds=0xffffffff) returned 0x0 [0051.307] ResetEvent (hEvent=0x2b4) returned 1 [0051.307] ReleaseSemaphore (in: hSemaphore=0x7c, lReleaseCount=4, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.307] WaitForSingleObject (hHandle=0x2b4, dwMilliseconds=0xffffffff) returned 0x0 [0051.309] ResetEvent (hEvent=0x2b4) returned 1 [0051.309] ReleaseSemaphore (in: hSemaphore=0x7c, lReleaseCount=4, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.309] WaitForSingleObject (hHandle=0x2b4, dwMilliseconds=0xffffffff) returned 0x0 [0051.311] ResetEvent (hEvent=0x2b4) returned 1 [0051.311] ReleaseSemaphore (in: hSemaphore=0x7c, lReleaseCount=3, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.311] WaitForSingleObject (hHandle=0x2b4, dwMilliseconds=0xffffffff) returned 0x0 [0051.312] SendDlgItemMessageW (hDlg=0xf0216, nIDDlgItem=106, Msg=0x402, wParam=0x63, lParam=0x0) returned 0x63 [0051.313] PeekMessageW (in: lpMsg=0x4c94d8, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x4c94d8) returned 1 [0051.313] GetMessageW (in: lpMsg=0x4c94d8, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x4c94d8) returned 1 [0051.313] TranslateMessage (lpMsg=0x4c94d8) returned 0 [0051.313] DispatchMessageW (lpMsg=0x4c94d8) returned 0x0 [0051.313] PeekMessageW (in: lpMsg=0x4c953c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x4c953c) returned 0 [0051.313] SetThreadExecutionState (esFlags=0x1) returned 0x80000000 [0051.313] RtlAllocateHeap (HeapHandle=0x730000, Flags=0x0, Size=0x10000) returned 0x7c3d88 [0051.314] WriteFile (in: hFile=0x2bc, lpBuffer=0x7c3d88*, nNumberOfBytesToWrite=0x10000, lpNumberOfBytesWritten=0x4c953c, lpOverlapped=0x0 | out: lpBuffer=0x7c3d88*, lpNumberOfBytesWritten=0x4c953c*=0x10000, lpOverlapped=0x0) returned 1 [0051.317] PeekMessageW (in: lpMsg=0x4c9510, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x4c9510) returned 1 [0051.317] GetMessageW (in: lpMsg=0x4c9510, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x4c9510) returned 1 [0051.317] TranslateMessage (lpMsg=0x4c9510) returned 0 [0051.317] DispatchMessageW (lpMsg=0x4c9510) returned 0x0 [0051.317] SetThreadExecutionState (esFlags=0x1) returned 0x80000000 [0051.317] WriteFile (in: hFile=0x2bc, lpBuffer=0x7c3d88*, nNumberOfBytesToWrite=0x10000, lpNumberOfBytesWritten=0x4c953c, lpOverlapped=0x0 | out: lpBuffer=0x7c3d88*, lpNumberOfBytesWritten=0x4c953c*=0x10000, lpOverlapped=0x0) returned 1 [0051.318] PeekMessageW (in: lpMsg=0x4c9510, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x4c9510) returned 0 [0051.318] SetThreadExecutionState (esFlags=0x1) returned 0x80000000 [0051.318] WriteFile (in: hFile=0x2bc, lpBuffer=0x7c3d88*, nNumberOfBytesToWrite=0xee00, lpNumberOfBytesWritten=0x4c953c, lpOverlapped=0x0 | out: lpBuffer=0x7c3d88*, lpNumberOfBytesWritten=0x4c953c*=0xee00, lpOverlapped=0x0) returned 1 [0051.319] PeekMessageW (in: lpMsg=0x4c9510, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x4c9510) returned 0 [0051.319] SetThreadExecutionState (esFlags=0x1) returned 0x80000000 [0051.319] RtlAllocateHeap (HeapHandle=0x730000, Flags=0x0, Size=0x300) returned 0x44a2938 [0051.319] WriteFile (in: hFile=0x2bc, lpBuffer=0x44a2938*, nNumberOfBytesToWrite=0x300, lpNumberOfBytesWritten=0x4c953c, lpOverlapped=0x0 | out: lpBuffer=0x44a2938*, lpNumberOfBytesWritten=0x4c953c*=0x300, lpOverlapped=0x0) returned 1 [0051.320] PeekMessageW (in: lpMsg=0x4c9510, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x4c9510) returned 0 [0051.320] SetThreadExecutionState (esFlags=0x1) returned 0x80000000 [0051.320] WriteFile (in: hFile=0x2bc, lpBuffer=0x7c3d88*, nNumberOfBytesToWrite=0xf00, lpNumberOfBytesWritten=0x4c953c, lpOverlapped=0x0 | out: lpBuffer=0x7c3d88*, lpNumberOfBytesWritten=0x4c953c*=0xf00, lpOverlapped=0x0) returned 1 [0051.320] PeekMessageW (in: lpMsg=0x4c9510, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x4c9510) returned 0 [0051.320] SetThreadExecutionState (esFlags=0x1) returned 0x80000000 [0051.320] WriteFile (in: hFile=0x2bc, lpBuffer=0x3e4603e*, nNumberOfBytesToWrite=0x2e00, lpNumberOfBytesWritten=0x4c950c, lpOverlapped=0x0 | out: lpBuffer=0x3e4603e*, lpNumberOfBytesWritten=0x4c950c*=0x2e00, lpOverlapped=0x0) returned 1 [0051.320] PeekMessageW (in: lpMsg=0x4c94e0, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x4c94e0) returned 0 [0051.320] SetThreadExecutionState (esFlags=0x1) returned 0x80000000 [0051.320] RtlReAllocateHeap (Heap=0x730000, Flags=0x0, Ptr=0x44a2938, Size=0x2200) returned 0x4433c70 [0051.320] WriteFile (in: hFile=0x2bc, lpBuffer=0x4433c70*, nNumberOfBytesToWrite=0x2200, lpNumberOfBytesWritten=0x4c953c, lpOverlapped=0x0 | out: lpBuffer=0x4433c70*, lpNumberOfBytesWritten=0x4c953c*=0x2200, lpOverlapped=0x0) returned 1 [0051.321] PeekMessageW (in: lpMsg=0x4c9510, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x4c9510) returned 0 [0051.321] SetThreadExecutionState (esFlags=0x1) returned 0x80000000 [0051.321] WriteFile (in: hFile=0x2bc, lpBuffer=0x3e4b03e*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x4c950c, lpOverlapped=0x0 | out: lpBuffer=0x3e4b03e*, lpNumberOfBytesWritten=0x4c950c*=0x2000, lpOverlapped=0x0) returned 1 [0051.321] PeekMessageW (in: lpMsg=0x4c94e0, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x4c94e0) returned 0 [0051.321] SetThreadExecutionState (esFlags=0x1) returned 0x80000000 [0051.321] WriteFile (in: hFile=0x2bc, lpBuffer=0x4433c70*, nNumberOfBytesToWrite=0x300, lpNumberOfBytesWritten=0x4c953c, lpOverlapped=0x0 | out: lpBuffer=0x4433c70*, lpNumberOfBytesWritten=0x4c953c*=0x300, lpOverlapped=0x0) returned 1 [0051.321] PeekMessageW (in: lpMsg=0x4c9510, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x4c9510) returned 0 [0051.321] SetThreadExecutionState (esFlags=0x1) returned 0x80000000 [0051.321] WriteFile (in: hFile=0x2bc, lpBuffer=0x3e4d33e*, nNumberOfBytesToWrite=0x2100, lpNumberOfBytesWritten=0x4c950c, lpOverlapped=0x0 | out: lpBuffer=0x3e4d33e*, lpNumberOfBytesWritten=0x4c950c*=0x2100, lpOverlapped=0x0) returned 1 [0051.321] PeekMessageW (in: lpMsg=0x4c94e0, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x4c94e0) returned 0 [0051.321] SetThreadExecutionState (esFlags=0x1) returned 0x80000000 [0051.321] WriteFile (in: hFile=0x2bc, lpBuffer=0x4433c70*, nNumberOfBytesToWrite=0xa00, lpNumberOfBytesWritten=0x4c953c, lpOverlapped=0x0 | out: lpBuffer=0x4433c70*, lpNumberOfBytesWritten=0x4c953c*=0xa00, lpOverlapped=0x0) returned 1 [0051.322] PeekMessageW (in: lpMsg=0x4c9510, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x4c9510) returned 0 [0051.322] SetThreadExecutionState (esFlags=0x1) returned 0x80000000 [0051.322] WriteFile (in: hFile=0x2bc, lpBuffer=0x3e4fe3e*, nNumberOfBytesToWrite=0x2100, lpNumberOfBytesWritten=0x4c950c, lpOverlapped=0x0 | out: lpBuffer=0x3e4fe3e*, lpNumberOfBytesWritten=0x4c950c*=0x2100, lpOverlapped=0x0) returned 1 [0051.322] PeekMessageW (in: lpMsg=0x4c94e0, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x4c94e0) returned 0 [0051.322] SetThreadExecutionState (esFlags=0x1) returned 0x80000000 [0051.322] WriteFile (in: hFile=0x2bc, lpBuffer=0x4433c70*, nNumberOfBytesToWrite=0x300, lpNumberOfBytesWritten=0x4c953c, lpOverlapped=0x0 | out: lpBuffer=0x4433c70*, lpNumberOfBytesWritten=0x4c953c*=0x300, lpOverlapped=0x0) returned 1 [0051.322] PeekMessageW (in: lpMsg=0x4c9510, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x4c9510) returned 0 [0051.322] SetThreadExecutionState (esFlags=0x1) returned 0x80000000 [0051.322] WriteFile (in: hFile=0x2bc, lpBuffer=0x3e5223e*, nNumberOfBytesToWrite=0x300, lpNumberOfBytesWritten=0x4c950c, lpOverlapped=0x0 | out: lpBuffer=0x3e5223e*, lpNumberOfBytesWritten=0x4c950c*=0x300, lpOverlapped=0x0) returned 1 [0051.322] PeekMessageW (in: lpMsg=0x4c94e0, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x4c94e0) returned 0 [0051.322] SetThreadExecutionState (esFlags=0x1) returned 0x80000000 [0051.322] WriteFile (in: hFile=0x2bc, lpBuffer=0x4433c70*, nNumberOfBytesToWrite=0x300, lpNumberOfBytesWritten=0x4c953c, lpOverlapped=0x0 | out: lpBuffer=0x4433c70*, lpNumberOfBytesWritten=0x4c953c*=0x300, lpOverlapped=0x0) returned 1 [0051.323] PeekMessageW (in: lpMsg=0x4c9510, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x4c9510) returned 0 [0051.323] SetThreadExecutionState (esFlags=0x1) returned 0x80000000 [0051.323] WriteFile (in: hFile=0x2bc, lpBuffer=0x3e5283e*, nNumberOfBytesToWrite=0x500, lpNumberOfBytesWritten=0x4c950c, lpOverlapped=0x0 | out: lpBuffer=0x3e5283e*, lpNumberOfBytesWritten=0x4c950c*=0x500, lpOverlapped=0x0) returned 1 [0051.323] PeekMessageW (in: lpMsg=0x4c94e0, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x4c94e0) returned 0 [0051.323] SetThreadExecutionState (esFlags=0x1) returned 0x80000000 [0051.323] WriteFile (in: hFile=0x2bc, lpBuffer=0x4433c70*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x4c953c, lpOverlapped=0x0 | out: lpBuffer=0x4433c70*, lpNumberOfBytesWritten=0x4c953c*=0x400, lpOverlapped=0x0) returned 1 [0051.323] PeekMessageW (in: lpMsg=0x4c9510, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x4c9510) returned 0 [0051.323] SetThreadExecutionState (esFlags=0x1) returned 0x80000000 [0051.323] WriteFile (in: hFile=0x2bc, lpBuffer=0x3e5313e*, nNumberOfBytesToWrite=0x900, lpNumberOfBytesWritten=0x4c950c, lpOverlapped=0x0 | out: lpBuffer=0x3e5313e*, lpNumberOfBytesWritten=0x4c950c*=0x900, lpOverlapped=0x0) returned 1 [0051.323] PeekMessageW (in: lpMsg=0x4c94e0, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x4c94e0) returned 0 [0051.323] SetThreadExecutionState (esFlags=0x1) returned 0x80000000 [0051.323] WriteFile (in: hFile=0x2bc, lpBuffer=0x4433c70*, nNumberOfBytesToWrite=0xd00, lpNumberOfBytesWritten=0x4c953c, lpOverlapped=0x0 | out: lpBuffer=0x4433c70*, lpNumberOfBytesWritten=0x4c953c*=0xd00, lpOverlapped=0x0) returned 1 [0051.324] PeekMessageW (in: lpMsg=0x4c9510, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x4c9510) returned 0 [0051.324] SetThreadExecutionState (esFlags=0x1) returned 0x80000000 [0051.324] WriteFile (in: hFile=0x2bc, lpBuffer=0x3e5473e*, nNumberOfBytesToWrite=0x300, lpNumberOfBytesWritten=0x4c950c, lpOverlapped=0x0 | out: lpBuffer=0x3e5473e*, lpNumberOfBytesWritten=0x4c950c*=0x300, lpOverlapped=0x0) returned 1 [0051.324] PeekMessageW (in: lpMsg=0x4c94e0, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x4c94e0) returned 0 [0051.324] SetThreadExecutionState (esFlags=0x1) returned 0x80000000 [0051.324] WriteFile (in: hFile=0x2bc, lpBuffer=0x4433c70*, nNumberOfBytesToWrite=0x500, lpNumberOfBytesWritten=0x4c953c, lpOverlapped=0x0 | out: lpBuffer=0x4433c70*, lpNumberOfBytesWritten=0x4c953c*=0x500, lpOverlapped=0x0) returned 1 [0051.324] PeekMessageW (in: lpMsg=0x4c9510, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x4c9510) returned 0 [0051.324] SetThreadExecutionState (esFlags=0x1) returned 0x80000000 [0051.324] WriteFile (in: hFile=0x2bc, lpBuffer=0x3e54f3e*, nNumberOfBytesToWrite=0x500, lpNumberOfBytesWritten=0x4c950c, lpOverlapped=0x0 | out: lpBuffer=0x3e54f3e*, lpNumberOfBytesWritten=0x4c950c*=0x500, lpOverlapped=0x0) returned 1 [0051.324] PeekMessageW (in: lpMsg=0x4c94e0, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x4c94e0) returned 0 [0051.324] SetThreadExecutionState (esFlags=0x1) returned 0x80000000 [0051.324] WriteFile (in: hFile=0x2bc, lpBuffer=0x4433c70*, nNumberOfBytesToWrite=0xc00, lpNumberOfBytesWritten=0x4c953c, lpOverlapped=0x0 | out: lpBuffer=0x4433c70*, lpNumberOfBytesWritten=0x4c953c*=0xc00, lpOverlapped=0x0) returned 1 [0051.324] PeekMessageW (in: lpMsg=0x4c9510, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x4c9510) returned 0 [0051.324] SetThreadExecutionState (esFlags=0x1) returned 0x80000000 [0051.325] WriteFile (in: hFile=0x2bc, lpBuffer=0x3e5603e*, nNumberOfBytesToWrite=0x700, lpNumberOfBytesWritten=0x4c950c, lpOverlapped=0x0 | out: lpBuffer=0x3e5603e*, lpNumberOfBytesWritten=0x4c950c*=0x700, lpOverlapped=0x0) returned 1 [0051.325] PeekMessageW (in: lpMsg=0x4c94e0, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x4c94e0) returned 0 [0051.326] SetThreadExecutionState (esFlags=0x1) returned 0x80000000 [0051.326] WriteFile (in: hFile=0x2bc, lpBuffer=0x4433c70*, nNumberOfBytesToWrite=0xc00, lpNumberOfBytesWritten=0x4c953c, lpOverlapped=0x0 | out: lpBuffer=0x4433c70*, lpNumberOfBytesWritten=0x4c953c*=0xc00, lpOverlapped=0x0) returned 1 [0051.326] PeekMessageW (in: lpMsg=0x4c9510, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x4c9510) returned 0 [0051.326] SetThreadExecutionState (esFlags=0x1) returned 0x80000000 [0051.326] WriteFile (in: hFile=0x2bc, lpBuffer=0x3e5733e*, nNumberOfBytesToWrite=0x6400, lpNumberOfBytesWritten=0x4c950c, lpOverlapped=0x0 | out: lpBuffer=0x3e5733e*, lpNumberOfBytesWritten=0x4c950c*=0x6400, lpOverlapped=0x0) returned 1 [0051.327] PeekMessageW (in: lpMsg=0x4c94e0, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x4c94e0) returned 0 [0051.327] SetThreadExecutionState (esFlags=0x1) returned 0x80000000 [0051.327] WriteFile (in: hFile=0x2bc, lpBuffer=0x4433c70*, nNumberOfBytesToWrite=0x2100, lpNumberOfBytesWritten=0x4c953c, lpOverlapped=0x0 | out: lpBuffer=0x4433c70*, lpNumberOfBytesWritten=0x4c953c*=0x2100, lpOverlapped=0x0) returned 1 [0051.327] PeekMessageW (in: lpMsg=0x4c9510, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x4c9510) returned 0 [0051.327] SetThreadExecutionState (esFlags=0x1) returned 0x80000000 [0051.327] WriteFile (in: hFile=0x2bc, lpBuffer=0x3e5f83e*, nNumberOfBytesToWrite=0x99de4, lpNumberOfBytesWritten=0x4c950c, lpOverlapped=0x0 | out: lpBuffer=0x3e5f83e*, lpNumberOfBytesWritten=0x4c950c*=0x99de4, lpOverlapped=0x0) returned 1 [0051.341] PeekMessageW (in: lpMsg=0x4c94e0, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x4c94e0) returned 0 [0051.341] SetThreadExecutionState (esFlags=0x1) returned 0x80000000 [0051.341] SetFilePointer (in: hFile=0x2b8, lDistanceToMove=1157571, lpDistanceToMoveHigh=0x4c96c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x4c96c0*=0) returned 0x11a9c3 [0051.341] SetFileTime (hFile=0x2bc, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x4c96b4) returned 1 [0051.341] CloseHandle (hObject=0x2bc) returned 1 [0051.433] SetFileAttributesW (lpFileName="fatura.sfx.exe", dwFileAttributes=0x20) returned 1 [0051.433] SetFilePointer (in: hFile=0x2b8, lDistanceToMove=0, lpDistanceToMoveHigh=0x4ce888*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x4ce888*=0) returned 0x11a9c3 [0051.433] RtlAllocateHeap (HeapHandle=0x730000, Flags=0x0, Size=0x20) returned 0x76a3c0 [0051.433] ReadFile (in: hFile=0x2b8, lpBuffer=0x76a3c0, nNumberOfBytesToRead=0x7, lpNumberOfBytesRead=0x4cc748, lpOverlapped=0x0 | out: lpBuffer=0x76a3c0*, lpNumberOfBytesRead=0x4cc748*=0x7, lpOverlapped=0x0) returned 1 [0051.434] ReadFile (in: hFile=0x2b8, lpBuffer=0x76a3c7, nNumberOfBytesToRead=0xc, lpNumberOfBytesRead=0x4cc748, lpOverlapped=0x0 | out: lpBuffer=0x76a3c7*, lpNumberOfBytesRead=0x4cc748*=0xc, lpOverlapped=0x0) returned 1 [0051.434] HeapFree (in: hHeap=0x730000, dwFlags=0x0, lpMem=0x76a3c0 | out: hHeap=0x730000) returned 1 [0051.434] SetFilePointer (in: hFile=0x2b8, lDistanceToMove=1157649, lpDistanceToMoveHigh=0x4c96c0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x4c96c0*=0) returned 0x11aa11 [0051.434] SetFilePointer (in: hFile=0x2b8, lDistanceToMove=0, lpDistanceToMoveHigh=0x4ce888*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x4ce888*=0) returned 0x11aa11 [0051.434] RtlAllocateHeap (HeapHandle=0x730000, Flags=0x0, Size=0x20) returned 0x76a2f8 [0051.434] ReadFile (in: hFile=0x2b8, lpBuffer=0x76a2f8, nNumberOfBytesToRead=0x7, lpNumberOfBytesRead=0x4cc748, lpOverlapped=0x0 | out: lpBuffer=0x76a2f8*, lpNumberOfBytesRead=0x4cc748*=0x7, lpOverlapped=0x0) returned 1 [0051.434] ReadFile (in: hFile=0x2b8, lpBuffer=0x76a2ff, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x4cc748, lpOverlapped=0x0 | out: lpBuffer=0x76a2ff*, lpNumberOfBytesRead=0x4cc748*=0x1, lpOverlapped=0x0) returned 1 [0051.434] HeapFree (in: hHeap=0x730000, dwFlags=0x0, lpMem=0x76a2f8 | out: hHeap=0x730000) returned 1 [0051.434] HeapFree (in: hHeap=0x730000, dwFlags=0x0, lpMem=0x790ff0 | out: hHeap=0x730000) returned 1 [0051.434] HeapFree (in: hHeap=0x730000, dwFlags=0x0, lpMem=0x7920b8 | out: hHeap=0x730000) returned 1 [0051.434] HeapFree (in: hHeap=0x730000, dwFlags=0x0, lpMem=0x7e31a8 | out: hHeap=0x730000) returned 1 [0051.434] CloseHandle (hObject=0x2b8) returned 1 [0051.434] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\454364vodafone-e-fatura.exe", lpFindFileData=0x4d7388 | out: lpFindFileData=0x4d7388*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x46f63600, ftCreationTime.dwHighDateTime=0x1d57301, ftLastAccessTime.dwLowDateTime=0x46f63600, ftLastAccessTime.dwHighDateTime=0x1d57301, ftLastWriteTime.dwLowDateTime=0x4493dc00, ftLastWriteTime.dwHighDateTime=0x1d57301, nFileSizeHigh=0x0, nFileSizeLow=0x11aa19, dwReserved0=0x0, dwReserved1=0x0, cFileName="454364vodafone-e-fatura.exe", cAlternateFileName="454364~1.EXE")) returned 0x7691d0 [0051.434] FindClose (in: hFindFile=0x7691d0 | out: hFindFile=0x7691d0) returned 1 [0051.434] HeapFree (in: hHeap=0x730000, dwFlags=0x0, lpMem=0x3e16020 | out: hHeap=0x730000) returned 1 [0051.441] ReleaseSemaphore (in: hSemaphore=0x7c, lReleaseCount=32, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0051.460] WaitForSingleObject (hHandle=0x2cc, dwMilliseconds=0xffffffff) returned 0x0 [0051.460] CloseHandle (hObject=0x2cc) returned 1 [0051.460] WaitForSingleObject (hHandle=0x2d0, dwMilliseconds=0xffffffff) returned 0x0 [0051.460] CloseHandle (hObject=0x2d0) returned 1 [0051.461] WaitForSingleObject (hHandle=0x2d4, dwMilliseconds=0xffffffff) returned 0x0 [0051.461] CloseHandle (hObject=0x2d4) returned 1 [0051.461] WaitForSingleObject (hHandle=0x2d8, dwMilliseconds=0xffffffff) returned 0x0 [0051.461] CloseHandle (hObject=0x2d8) returned 1 [0051.461] WaitForSingleObject (hHandle=0x2dc, dwMilliseconds=0xffffffff) returned 0x0 [0051.461] CloseHandle (hObject=0x2dc) returned 1 [0051.461] WaitForSingleObject (hHandle=0x2e0, dwMilliseconds=0xffffffff) returned 0x0 [0051.461] CloseHandle (hObject=0x2e0) returned 1 [0051.461] WaitForSingleObject (hHandle=0x2e4, dwMilliseconds=0xffffffff) returned 0x0 [0051.461] CloseHandle (hObject=0x2e4) returned 1 [0051.461] WaitForSingleObject (hHandle=0x2e8, dwMilliseconds=0xffffffff) returned 0x0 [0051.461] CloseHandle (hObject=0x2e8) returned 1 [0051.461] WaitForSingleObject (hHandle=0x2ec, dwMilliseconds=0xffffffff) returned 0x0 [0051.461] CloseHandle (hObject=0x2ec) returned 1 [0051.461] WaitForSingleObject (hHandle=0x2f0, dwMilliseconds=0xffffffff) returned 0x0 [0051.461] CloseHandle (hObject=0x2f0) returned 1 [0051.461] WaitForSingleObject (hHandle=0x2f4, dwMilliseconds=0xffffffff) returned 0x0 [0051.461] CloseHandle (hObject=0x2f4) returned 1 [0051.461] WaitForSingleObject (hHandle=0x2f8, dwMilliseconds=0xffffffff) returned 0x0 [0051.461] CloseHandle (hObject=0x2f8) returned 1 [0051.461] WaitForSingleObject (hHandle=0x2fc, dwMilliseconds=0xffffffff) returned 0x0 [0051.462] CloseHandle (hObject=0x2fc) returned 1 [0051.462] WaitForSingleObject (hHandle=0x300, dwMilliseconds=0xffffffff) returned 0x0 [0051.462] CloseHandle (hObject=0x300) returned 1 [0051.462] WaitForSingleObject (hHandle=0x304, dwMilliseconds=0xffffffff) returned 0x0 [0051.462] CloseHandle (hObject=0x304) returned 1 [0051.462] WaitForSingleObject (hHandle=0x308, dwMilliseconds=0xffffffff) returned 0x0 [0051.462] CloseHandle (hObject=0x308) returned 1 [0051.462] WaitForSingleObject (hHandle=0x30c, dwMilliseconds=0xffffffff) returned 0x0 [0051.462] CloseHandle (hObject=0x30c) returned 1 [0051.462] WaitForSingleObject (hHandle=0x310, dwMilliseconds=0xffffffff) returned 0x0 [0051.462] CloseHandle (hObject=0x310) returned 1 [0051.462] WaitForSingleObject (hHandle=0x314, dwMilliseconds=0xffffffff) returned 0x0 [0051.462] CloseHandle (hObject=0x314) returned 1 [0051.462] WaitForSingleObject (hHandle=0x318, dwMilliseconds=0xffffffff) returned 0x0 [0051.462] CloseHandle (hObject=0x318) returned 1 [0051.462] WaitForSingleObject (hHandle=0x31c, dwMilliseconds=0xffffffff) returned 0x0 [0051.463] CloseHandle (hObject=0x31c) returned 1 [0051.463] WaitForSingleObject (hHandle=0x320, dwMilliseconds=0xffffffff) returned 0x0 [0051.463] CloseHandle (hObject=0x320) returned 1 [0051.463] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0051.463] CloseHandle (hObject=0x324) returned 1 [0051.463] WaitForSingleObject (hHandle=0x328, dwMilliseconds=0xffffffff) returned 0x0 [0051.463] CloseHandle (hObject=0x328) returned 1 [0051.463] WaitForSingleObject (hHandle=0x32c, dwMilliseconds=0xffffffff) returned 0x0 [0051.463] CloseHandle (hObject=0x32c) returned 1 [0051.463] WaitForSingleObject (hHandle=0x330, dwMilliseconds=0xffffffff) returned 0x0 [0051.463] CloseHandle (hObject=0x330) returned 1 [0051.463] WaitForSingleObject (hHandle=0x334, dwMilliseconds=0xffffffff) returned 0x0 [0051.463] CloseHandle (hObject=0x334) returned 1 [0051.463] WaitForSingleObject (hHandle=0x338, dwMilliseconds=0xffffffff) returned 0x0 [0051.463] CloseHandle (hObject=0x338) returned 1 [0051.463] WaitForSingleObject (hHandle=0x33c, dwMilliseconds=0xffffffff) returned 0x0 [0051.463] CloseHandle (hObject=0x33c) returned 1 [0051.464] WaitForSingleObject (hHandle=0x340, dwMilliseconds=0xffffffff) returned 0x0 [0051.464] CloseHandle (hObject=0x340) returned 1 [0051.464] WaitForSingleObject (hHandle=0x344, dwMilliseconds=0xffffffff) returned 0x0 [0051.464] CloseHandle (hObject=0x344) returned 1 [0051.464] WaitForSingleObject (hHandle=0x348, dwMilliseconds=0xffffffff) returned 0x0 [0051.464] CloseHandle (hObject=0x348) returned 1 [0051.464] CloseHandle (hObject=0x7c) returned 1 [0051.464] CloseHandle (hObject=0x2b4) returned 1 [0051.464] HeapFree (in: hHeap=0x730000, dwFlags=0x0, lpMem=0x7670f8 | out: hHeap=0x730000) returned 1 [0051.464] HeapFree (in: hHeap=0x730000, dwFlags=0x0, lpMem=0x3f2f020 | out: hHeap=0x730000) returned 1 [0051.506] HeapFree (in: hHeap=0x730000, dwFlags=0x0, lpMem=0x4470c50 | out: hHeap=0x730000) returned 1 [0051.507] HeapFree (in: hHeap=0x730000, dwFlags=0x0, lpMem=0x4440048 | out: hHeap=0x730000) returned 1 [0051.509] HeapFree (in: hHeap=0x730000, dwFlags=0x0, lpMem=0x4403068 | out: hHeap=0x730000) returned 1 [0051.510] HeapFree (in: hHeap=0x730000, dwFlags=0x0, lpMem=0x43d2460 | out: hHeap=0x730000) returned 1 [0051.511] HeapFree (in: hHeap=0x730000, dwFlags=0x0, lpMem=0x43a1858 | out: hHeap=0x730000) returned 1 [0051.514] HeapFree (in: hHeap=0x730000, dwFlags=0x0, lpMem=0x4370c50 | out: hHeap=0x730000) returned 1 [0051.515] HeapFree (in: hHeap=0x730000, dwFlags=0x0, lpMem=0x4340048 | out: hHeap=0x730000) returned 1 [0051.517] HeapFree (in: hHeap=0x730000, dwFlags=0x0, lpMem=0x793180 | out: hHeap=0x730000) returned 1 [0051.518] HeapFree (in: hHeap=0x730000, dwFlags=0x0, lpMem=0x7e53c8 | out: hHeap=0x730000) returned 1 [0051.519] HeapFree (in: hHeap=0x730000, dwFlags=0x0, lpMem=0x788fe0 | out: hHeap=0x730000) returned 1 [0051.520] HeapFree (in: hHeap=0x730000, dwFlags=0x0, lpMem=0x44a2730 | out: hHeap=0x730000) returned 1 [0051.520] HeapFree (in: hHeap=0x730000, dwFlags=0x0, lpMem=0x4433c70 | out: hHeap=0x730000) returned 1 [0051.520] HeapFree (in: hHeap=0x730000, dwFlags=0x0, lpMem=0x7c3d88 | out: hHeap=0x730000) returned 1 [0051.521] HeapFree (in: hHeap=0x730000, dwFlags=0x0, lpMem=0x780fd0 | out: hHeap=0x730000) returned 1 [0051.523] HeapFree (in: hHeap=0x730000, dwFlags=0x0, lpMem=0x7728e8 | out: hHeap=0x730000) returned 1 [0051.525] HeapFree (in: hHeap=0x730000, dwFlags=0x0, lpMem=0x76cb38 | out: hHeap=0x730000) returned 1 [0051.525] HeapFree (in: hHeap=0x730000, dwFlags=0x0, lpMem=0x771820 | out: hHeap=0x730000) returned 1 [0051.526] HeapFree (in: hHeap=0x730000, dwFlags=0x0, lpMem=0x7e3d08 | out: hHeap=0x730000) returned 1 [0051.526] HeapFree (in: hHeap=0x730000, dwFlags=0x0, lpMem=0x7e4868 | out: hHeap=0x730000) returned 1 [0051.527] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Bu açıklamadan sonraki kısım SFX kod komutlarını içerir", cchCount1=-1, lpString2="Delete", cchCount2=-1) returned 1 [0051.527] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Bu açıklamadan sonraki kısım SFX kod komutlarını içerir", cchCount1=-1, lpString2="Text", cchCount2=-1) returned 1 [0051.527] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Bu açıklamadan sonraki kısım SFX kod komutlarını içerir", cchCount1=-1, lpString2="Title", cchCount2=-1) returned 1 [0051.527] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Bu açıklamadan sonraki kısım SFX kod komutlarını içerir", cchCount1=-1, lpString2="Path", cchCount2=-1) returned 1 [0051.527] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Bu açıklamadan sonraki kısım SFX kod komutlarını içerir", cchCount1=-1, lpString2="Silent", cchCount2=-1) returned 1 [0051.527] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Bu açıklamadan sonraki kısım SFX kod komutlarını içerir", cchCount1=-1, lpString2="Overwrite", cchCount2=-1) returned 1 [0051.527] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Bu açıklamadan sonraki kısım SFX kod komutlarını içerir", cchCount1=-1, lpString2="Setup", cchCount2=-1) returned 1 [0051.527] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Bu açıklamadan sonraki kısım SFX kod komutlarını içerir", cchCount1=-1, lpString2="TempMode", cchCount2=-1) returned 1 [0051.527] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Bu açıklamadan sonraki kısım SFX kod komutlarını içerir", cchCount1=-1, lpString2="License", cchCount2=-1) returned 1 [0051.527] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Bu açıklamadan sonraki kısım SFX kod komutlarını içerir", cchCount1=-1, lpString2="Presetup", cchCount2=-1) returned 1 [0051.527] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Bu açıklamadan sonraki kısım SFX kod komutlarını içerir", cchCount1=-1, lpString2="Shortcut", cchCount2=-1) returned 1 [0051.527] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Bu açıklamadan sonraki kısım SFX kod komutlarını içerir", cchCount1=-1, lpString2="SavePath", cchCount2=-1) returned 1 [0051.527] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Bu açıklamadan sonraki kısım SFX kod komutlarını içerir", cchCount1=-1, lpString2="Update", cchCount2=-1) returned 1 [0051.527] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Bu açıklamadan sonraki kısım SFX kod komutlarını içerir", cchCount1=-1, lpString2="SetupCode", cchCount2=-1) returned 1 [0051.527] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Delete", cchCount2=-1) returned 1 [0051.527] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Text", cchCount2=-1) returned 1 [0051.527] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Title", cchCount2=-1) returned 1 [0051.527] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Path", cchCount2=-1) returned 1 [0051.527] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Silent", cchCount2=-1) returned 1 [0051.527] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Overwrite", cchCount2=-1) returned 1 [0051.527] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Setup", cchCount2=-1) returned 1 [0051.527] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="TempMode", cchCount2=-1) returned 1 [0051.527] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="License", cchCount2=-1) returned 1 [0051.527] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Presetup", cchCount2=-1) returned 1 [0051.527] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Shortcut", cchCount2=-1) returned 1 [0051.528] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="SavePath", cchCount2=-1) returned 1 [0051.528] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Update", cchCount2=-1) returned 1 [0051.528] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="SetupCode", cchCount2=-1) returned 1 [0051.528] ExpandEnvironmentStringsW (in: lpSrc="%temp%", lpDst=0x4bdab4, nSize=0x1000 | out: lpDst="C:\\Users\\FD1HVy\\AppData\\Local\\Temp") returned 0x23 [0051.528] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Path", cchCount1=-1, lpString2="Delete", cchCount2=-1) returned 3 [0051.528] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Path", cchCount1=-1, lpString2="Text", cchCount2=-1) returned 1 [0051.528] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Path", cchCount1=-1, lpString2="Title", cchCount2=-1) returned 1 [0051.528] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Path", cchCount1=-1, lpString2="Path", cchCount2=-1) returned 2 [0051.528] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="SavePath", cchCount1=-1, lpString2="Delete", cchCount2=-1) returned 3 [0051.528] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="SavePath", cchCount1=-1, lpString2="Text", cchCount2=-1) returned 1 [0051.528] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="SavePath", cchCount1=-1, lpString2="Title", cchCount2=-1) returned 1 [0051.528] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="SavePath", cchCount1=-1, lpString2="Path", cchCount2=-1) returned 3 [0051.528] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="SavePath", cchCount1=-1, lpString2="Silent", cchCount2=-1) returned 1 [0051.528] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="SavePath", cchCount1=-1, lpString2="Overwrite", cchCount2=-1) returned 3 [0051.528] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="SavePath", cchCount1=-1, lpString2="Setup", cchCount2=-1) returned 1 [0051.528] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="SavePath", cchCount1=-1, lpString2="TempMode", cchCount2=-1) returned 1 [0051.528] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="SavePath", cchCount1=-1, lpString2="License", cchCount2=-1) returned 3 [0051.528] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="SavePath", cchCount1=-1, lpString2="Presetup", cchCount2=-1) returned 3 [0051.528] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="SavePath", cchCount1=-1, lpString2="Shortcut", cchCount2=-1) returned 1 [0051.528] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="SavePath", cchCount1=-1, lpString2="SavePath", cchCount2=-1) returned 2 [0051.528] ExpandEnvironmentStringsW (in: lpSrc="vodafone.bat", lpDst=0x4bdab4, nSize=0x1000 | out: lpDst="vodafone.bat") returned 0xd [0051.528] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Setup", cchCount1=-1, lpString2="Delete", cchCount2=-1) returned 3 [0051.528] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Setup", cchCount1=-1, lpString2="Text", cchCount2=-1) returned 1 [0051.528] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Setup", cchCount1=-1, lpString2="Title", cchCount2=-1) returned 1 [0051.528] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Setup", cchCount1=-1, lpString2="Path", cchCount2=-1) returned 3 [0051.528] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Setup", cchCount1=-1, lpString2="Silent", cchCount2=-1) returned 1 [0051.528] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Setup", cchCount1=-1, lpString2="Overwrite", cchCount2=-1) returned 3 [0051.528] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Setup", cchCount1=-1, lpString2="Setup", cchCount2=-1) returned 2 [0051.528] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="TempMode", cchCount1=-1, lpString2="Delete", cchCount2=-1) returned 3 [0051.528] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="TempMode", cchCount1=-1, lpString2="Text", cchCount2=-1) returned 1 [0051.528] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="TempMode", cchCount1=-1, lpString2="Title", cchCount2=-1) returned 1 [0051.528] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="TempMode", cchCount1=-1, lpString2="Path", cchCount2=-1) returned 3 [0051.529] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="TempMode", cchCount1=-1, lpString2="Silent", cchCount2=-1) returned 3 [0051.529] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="TempMode", cchCount1=-1, lpString2="Overwrite", cchCount2=-1) returned 3 [0051.529] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="TempMode", cchCount1=-1, lpString2="Setup", cchCount2=-1) returned 3 [0051.529] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="TempMode", cchCount1=-1, lpString2="TempMode", cchCount2=-1) returned 2 [0051.529] ExpandEnvironmentStringsW (in: lpSrc="1", lpDst=0x4bdab4, nSize=0x1000 | out: lpDst="1") returned 0x2 [0051.529] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Silent", cchCount1=-1, lpString2="Delete", cchCount2=-1) returned 3 [0051.529] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Silent", cchCount1=-1, lpString2="Text", cchCount2=-1) returned 1 [0051.529] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Silent", cchCount1=-1, lpString2="Title", cchCount2=-1) returned 1 [0051.529] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Silent", cchCount1=-1, lpString2="Path", cchCount2=-1) returned 3 [0051.529] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Silent", cchCount1=-1, lpString2="Silent", cchCount2=-1) returned 2 [0051.529] ExpandEnvironmentStringsW (in: lpSrc="1", lpDst=0x4bdab4, nSize=0x1000 | out: lpDst="1") returned 0x2 [0051.529] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Overwrite", cchCount1=-1, lpString2="Delete", cchCount2=-1) returned 3 [0051.529] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Overwrite", cchCount1=-1, lpString2="Text", cchCount2=-1) returned 1 [0051.529] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Overwrite", cchCount1=-1, lpString2="Title", cchCount2=-1) returned 1 [0051.529] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Overwrite", cchCount1=-1, lpString2="Path", cchCount2=-1) returned 1 [0051.529] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Overwrite", cchCount1=-1, lpString2="Silent", cchCount2=-1) returned 1 [0051.529] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Overwrite", cchCount1=-1, lpString2="Overwrite", cchCount2=-1) returned 2 [0051.529] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Bu açıklamadan sonraki kısım SFX kod komutlarını içerir", cchCount1=-1, lpString2="Delete", cchCount2=-1) returned 1 [0051.529] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Bu açıklamadan sonraki kısım SFX kod komutlarını içerir", cchCount1=-1, lpString2="Text", cchCount2=-1) returned 1 [0051.529] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Bu açıklamadan sonraki kısım SFX kod komutlarını içerir", cchCount1=-1, lpString2="Title", cchCount2=-1) returned 1 [0051.529] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Bu açıklamadan sonraki kısım SFX kod komutlarını içerir", cchCount1=-1, lpString2="Path", cchCount2=-1) returned 1 [0051.529] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Bu açıklamadan sonraki kısım SFX kod komutlarını içerir", cchCount1=-1, lpString2="Silent", cchCount2=-1) returned 1 [0051.529] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Bu açıklamadan sonraki kısım SFX kod komutlarını içerir", cchCount1=-1, lpString2="Overwrite", cchCount2=-1) returned 1 [0051.529] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Bu açıklamadan sonraki kısım SFX kod komutlarını içerir", cchCount1=-1, lpString2="Setup", cchCount2=-1) returned 1 [0051.529] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Bu açıklamadan sonraki kısım SFX kod komutlarını içerir", cchCount1=-1, lpString2="TempMode", cchCount2=-1) returned 1 [0051.529] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Bu açıklamadan sonraki kısım SFX kod komutlarını içerir", cchCount1=-1, lpString2="License", cchCount2=-1) returned 1 [0051.529] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Bu açıklamadan sonraki kısım SFX kod komutlarını içerir", cchCount1=-1, lpString2="Presetup", cchCount2=-1) returned 1 [0051.529] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Bu açıklamadan sonraki kısım SFX kod komutlarını içerir", cchCount1=-1, lpString2="Shortcut", cchCount2=-1) returned 1 [0051.529] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Bu açıklamadan sonraki kısım SFX kod komutlarını içerir", cchCount1=-1, lpString2="SavePath", cchCount2=-1) returned 1 [0051.529] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Bu açıklamadan sonraki kısım SFX kod komutlarını içerir", cchCount1=-1, lpString2="Update", cchCount2=-1) returned 1 [0051.529] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Bu açıklamadan sonraki kısım SFX kod komutlarını içerir", cchCount1=-1, lpString2="SetupCode", cchCount2=-1) returned 1 [0051.529] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Delete", cchCount2=-1) returned 1 [0051.530] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Text", cchCount2=-1) returned 1 [0051.530] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Title", cchCount2=-1) returned 1 [0051.530] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Path", cchCount2=-1) returned 1 [0051.530] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Silent", cchCount2=-1) returned 1 [0051.530] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Overwrite", cchCount2=-1) returned 1 [0051.530] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Setup", cchCount2=-1) returned 1 [0051.530] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="TempMode", cchCount2=-1) returned 1 [0051.530] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="License", cchCount2=-1) returned 1 [0051.530] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Presetup", cchCount2=-1) returned 1 [0051.530] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Shortcut", cchCount2=-1) returned 1 [0051.530] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="SavePath", cchCount2=-1) returned 1 [0051.530] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Update", cchCount2=-1) returned 1 [0051.530] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="SetupCode", cchCount2=-1) returned 1 [0051.530] ExpandEnvironmentStringsW (in: lpSrc="%temp%", lpDst=0x4bdab4, nSize=0x1000 | out: lpDst="C:\\Users\\FD1HVy\\AppData\\Local\\Temp") returned 0x23 [0051.530] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Path", cchCount1=-1, lpString2="Delete", cchCount2=-1) returned 3 [0051.530] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Path", cchCount1=-1, lpString2="Text", cchCount2=-1) returned 1 [0051.530] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Path", cchCount1=-1, lpString2="Title", cchCount2=-1) returned 1 [0051.530] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Path", cchCount1=-1, lpString2="Path", cchCount2=-1) returned 2 [0051.530] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="SavePath", cchCount1=-1, lpString2="Delete", cchCount2=-1) returned 3 [0051.530] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="SavePath", cchCount1=-1, lpString2="Text", cchCount2=-1) returned 1 [0051.530] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="SavePath", cchCount1=-1, lpString2="Title", cchCount2=-1) returned 1 [0051.530] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="SavePath", cchCount1=-1, lpString2="Path", cchCount2=-1) returned 3 [0051.530] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="SavePath", cchCount1=-1, lpString2="Silent", cchCount2=-1) returned 1 [0051.530] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="SavePath", cchCount1=-1, lpString2="Overwrite", cchCount2=-1) returned 3 [0051.530] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="SavePath", cchCount1=-1, lpString2="Setup", cchCount2=-1) returned 1 [0051.530] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="SavePath", cchCount1=-1, lpString2="TempMode", cchCount2=-1) returned 1 [0051.530] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="SavePath", cchCount1=-1, lpString2="License", cchCount2=-1) returned 3 [0051.530] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="SavePath", cchCount1=-1, lpString2="Presetup", cchCount2=-1) returned 3 [0051.530] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="SavePath", cchCount1=-1, lpString2="Shortcut", cchCount2=-1) returned 1 [0051.530] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="SavePath", cchCount1=-1, lpString2="SavePath", cchCount2=-1) returned 2 [0051.530] ExpandEnvironmentStringsW (in: lpSrc="vodafone.bat", lpDst=0x4bdab4, nSize=0x1000 | out: lpDst="vodafone.bat") returned 0xd [0051.530] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Setup", cchCount1=-1, lpString2="Delete", cchCount2=-1) returned 3 [0051.531] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Setup", cchCount1=-1, lpString2="Text", cchCount2=-1) returned 1 [0051.531] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Setup", cchCount1=-1, lpString2="Title", cchCount2=-1) returned 1 [0051.531] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Setup", cchCount1=-1, lpString2="Path", cchCount2=-1) returned 3 [0051.531] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Setup", cchCount1=-1, lpString2="Silent", cchCount2=-1) returned 1 [0051.531] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Setup", cchCount1=-1, lpString2="Overwrite", cchCount2=-1) returned 3 [0051.531] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Setup", cchCount1=-1, lpString2="Setup", cchCount2=-1) returned 2 [0051.531] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=".bat", cchCount1=-1, lpString2=".inf", cchCount2=-1) returned 1 [0051.531] GetFileAttributesW (lpFileName="vodafone.bat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\rarsfx0\\vodafone.bat")) returned 0x20 [0051.531] GetFullPathNameW (in: lpFileName="vodafone.bat", nBufferLength=0x800, lpBuffer=0x4bca60, lpFilePart=0x4bca5c | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\RarSFX0\\vodafone.bat", lpFilePart=0x4bca5c*="vodafone.bat") returned 0x37 [0051.531] GetProcAddress (hModule=0x76480000, lpProcName="ShellExecuteExW") returned 0x765e4730 [0051.532] ShellExecuteExW (in: pExecInfo=0x4bea84*(cbSize=0x3c, fMask=0x1c0, hwnd=0x0, lpVerb=0x0, lpFile="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\RarSFX0\\vodafone.bat", lpParameters=0x0, lpDirectory=0x0, nShow=1, hInstApp=0x0, lpIDList=0x0, lpClass=0x0, hkeyClass=0x0, dwHotKey=0x0, hIcon=0x0, hMonitor=0x0, hProcess=0x0) | out: pExecInfo=0x4bea84*(cbSize=0x3c, fMask=0x1c0, hwnd=0x0, lpVerb=0x0, lpFile="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\RarSFX0\\vodafone.bat", lpParameters=0x0, lpDirectory=0x0, nShow=1, hInstApp=0x2a, lpIDList=0x0, lpClass=0x0, hkeyClass=0x0, dwHotKey=0x0, hIcon=0x0, hMonitor=0x0, hProcess=0x4c0)) returned 1 [0060.853] GetProcAddress (hModule=0x74b70000, lpProcName="IsWindowVisible") returned 0x74b877b0 [0060.853] IsWindowVisible (hWnd=0xf0216) returned 0 [0060.854] GetProcAddress (hModule=0x74b70000, lpProcName="WaitForInputIdle") returned 0x74beaee0 [0060.854] WaitForInputIdle (hProcess=0x4c0, dwMilliseconds=0x7d0) returned 0xffffffff [0060.855] WaitForSingleObject (hHandle=0x4c0, dwMilliseconds=0xa) returned 0x102 [0060.856] PeekMessageW (in: lpMsg=0x4bea48, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x4bea48) returned 1 [0060.857] WaitForSingleObject (hHandle=0x4c0, dwMilliseconds=0xa) returned 0x102 [0060.892] PeekMessageW (in: lpMsg=0x4bea48, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x4bea48) returned 1 [0060.892] WaitForSingleObject (hHandle=0x4c0, dwMilliseconds=0xa) returned 0x102 [0060.904] PeekMessageW (in: lpMsg=0x4bea48, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x4bea48) returned 1 [0060.904] WaitForSingleObject (hHandle=0x4c0, dwMilliseconds=0xa) returned 0x102 [0060.919] PeekMessageW (in: lpMsg=0x4bea48, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x4bea48) returned 1 [0060.919] WaitForSingleObject (hHandle=0x4c0, dwMilliseconds=0xa) returned 0x102 [0060.936] PeekMessageW (in: lpMsg=0x4bea48, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x4bea48) returned 1 [0060.936] WaitForSingleObject (hHandle=0x4c0, dwMilliseconds=0xa) returned 0x102 [0060.958] PeekMessageW (in: lpMsg=0x4bea48, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x4bea48) returned 0 [0060.958] WaitForSingleObject (hHandle=0x4c0, dwMilliseconds=0xa) returned 0x102 [0061.006] PeekMessageW (in: lpMsg=0x4bea48, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x4bea48) returned 1 [0061.006] WaitForSingleObject (hHandle=0x4c0, dwMilliseconds=0xa) returned 0x102 [0061.144] PeekMessageW (in: lpMsg=0x4bea48, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x4bea48) returned 1 [0061.144] WaitForSingleObject (hHandle=0x4c0, dwMilliseconds=0xa) returned 0x102 [0061.200] PeekMessageW (in: lpMsg=0x4bea48, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x4bea48) returned 1 [0061.200] WaitForSingleObject (hHandle=0x4c0, dwMilliseconds=0xa) returned 0x102 [0061.251] PeekMessageW (in: lpMsg=0x4bea48, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x4bea48) returned 1 [0061.251] WaitForSingleObject (hHandle=0x4c0, dwMilliseconds=0xa) returned 0x102 [0062.339] PeekMessageW (in: lpMsg=0x4bea48, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x4bea48) returned 1 [0062.339] WaitForSingleObject (hHandle=0x4c0, dwMilliseconds=0xa) returned 0x102 [0062.444] PeekMessageW (in: lpMsg=0x4bea48, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x4bea48) returned 1 [0062.444] WaitForSingleObject (hHandle=0x4c0, dwMilliseconds=0xa) returned 0x102 [0062.455] PeekMessageW (in: lpMsg=0x4bea48, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x4bea48) returned 1 [0062.455] WaitForSingleObject (hHandle=0x4c0, dwMilliseconds=0xa) returned 0x102 [0062.524] PeekMessageW (in: lpMsg=0x4bea48, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x4bea48) returned 1 [0062.524] WaitForSingleObject (hHandle=0x4c0, dwMilliseconds=0xa) returned 0x102 [0062.624] PeekMessageW (in: lpMsg=0x4bea48, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x4bea48) returned 1 [0062.625] WaitForSingleObject (hHandle=0x4c0, dwMilliseconds=0xa) returned 0x102 [0062.734] PeekMessageW (in: lpMsg=0x4bea48, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x4bea48) returned 1 [0062.735] WaitForSingleObject (hHandle=0x4c0, dwMilliseconds=0xa) returned 0x102 [0062.785] PeekMessageW (in: lpMsg=0x4bea48, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x4bea48) returned 1 [0062.785] WaitForSingleObject (hHandle=0x4c0, dwMilliseconds=0xa) returned 0x102 [0062.840] PeekMessageW (in: lpMsg=0x4bea48, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x4bea48) returned 1 [0062.840] WaitForSingleObject (hHandle=0x4c0, dwMilliseconds=0xa) returned 0x102 [0063.164] PeekMessageW (in: lpMsg=0x4bea48, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x4bea48) returned 1 [0063.164] WaitForSingleObject (hHandle=0x4c0, dwMilliseconds=0xa) returned 0x102 [0063.267] PeekMessageW (in: lpMsg=0x4bea48, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x4bea48) returned 1 [0063.267] WaitForSingleObject (hHandle=0x4c0, dwMilliseconds=0xa) returned 0x102 [0063.315] PeekMessageW (in: lpMsg=0x4bea48, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x4bea48) returned 1 [0063.315] WaitForSingleObject (hHandle=0x4c0, dwMilliseconds=0xa) returned 0x102 [0063.333] PeekMessageW (in: lpMsg=0x4bea48, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x4bea48) returned 1 [0063.333] WaitForSingleObject (hHandle=0x4c0, dwMilliseconds=0xa) returned 0x102 [0063.374] PeekMessageW (in: lpMsg=0x4bea48, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x4bea48) returned 1 [0063.374] WaitForSingleObject (hHandle=0x4c0, dwMilliseconds=0xa) returned 0x102 [0063.390] PeekMessageW (in: lpMsg=0x4bea48, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x4bea48) returned 1 [0063.390] WaitForSingleObject (hHandle=0x4c0, dwMilliseconds=0xa) returned 0x102 [0063.414] PeekMessageW (in: lpMsg=0x4bea48, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x4bea48) returned 0 [0063.414] WaitForSingleObject (hHandle=0x4c0, dwMilliseconds=0xa) returned 0x102 [0063.443] PeekMessageW (in: lpMsg=0x4bea48, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x4bea48) returned 1 [0063.443] WaitForSingleObject (hHandle=0x4c0, dwMilliseconds=0xa) returned 0x102 [0063.461] PeekMessageW (in: lpMsg=0x4bea48, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x4bea48) returned 0 [0063.461] WaitForSingleObject (hHandle=0x4c0, dwMilliseconds=0xa) returned 0x102 [0063.470] PeekMessageW (in: lpMsg=0x4bea48, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x4bea48) returned 1 [0063.470] WaitForSingleObject (hHandle=0x4c0, dwMilliseconds=0xa) returned 0x102 [0063.492] PeekMessageW (in: lpMsg=0x4bea48, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x4bea48) returned 0 [0063.492] WaitForSingleObject (hHandle=0x4c0, dwMilliseconds=0xa) returned 0x102 [0063.612] PeekMessageW (in: lpMsg=0x4bea48, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x4bea48) returned 1 [0063.612] WaitForSingleObject (hHandle=0x4c0, dwMilliseconds=0xa) returned 0x102 [0063.674] PeekMessageW (in: lpMsg=0x4bea48, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x4bea48) returned 1 [0063.674] WaitForSingleObject (hHandle=0x4c0, dwMilliseconds=0xa) returned 0x102 [0063.747] PeekMessageW (in: lpMsg=0x4bea48, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x4bea48) returned 1 [0063.747] WaitForSingleObject (hHandle=0x4c0, dwMilliseconds=0xa) returned 0x102 [0063.780] PeekMessageW (in: lpMsg=0x4bea48, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x4bea48) returned 1 [0063.780] WaitForSingleObject (hHandle=0x4c0, dwMilliseconds=0xa) returned 0x102 [0063.840] PeekMessageW (in: lpMsg=0x4bea48, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x4bea48) returned 1 [0063.841] WaitForSingleObject (hHandle=0x4c0, dwMilliseconds=0xa) returned 0x102 [0063.889] PeekMessageW (in: lpMsg=0x4bea48, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x4bea48) returned 1 [0063.889] WaitForSingleObject (hHandle=0x4c0, dwMilliseconds=0xa) returned 0x102 [0063.939] PeekMessageW (in: lpMsg=0x4bea48, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x4bea48) returned 1 [0063.939] WaitForSingleObject (hHandle=0x4c0, dwMilliseconds=0xa) returned 0x102 [0064.011] PeekMessageW (in: lpMsg=0x4bea48, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x4bea48) returned 1 [0064.011] WaitForSingleObject (hHandle=0x4c0, dwMilliseconds=0xa) returned 0x102 [0064.071] PeekMessageW (in: lpMsg=0x4bea48, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x4bea48) returned 1 [0064.071] WaitForSingleObject (hHandle=0x4c0, dwMilliseconds=0xa) returned 0x102 [0064.160] PeekMessageW (in: lpMsg=0x4bea48, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x4bea48) returned 1 [0064.160] WaitForSingleObject (hHandle=0x4c0, dwMilliseconds=0xa) returned 0x102 [0064.232] PeekMessageW (in: lpMsg=0x4bea48, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x4bea48) returned 1 [0064.232] WaitForSingleObject (hHandle=0x4c0, dwMilliseconds=0xa) returned 0x102 [0064.418] PeekMessageW (in: lpMsg=0x4bea48, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x4bea48) returned 1 [0064.418] WaitForSingleObject (hHandle=0x4c0, dwMilliseconds=0xa) returned 0x102 [0064.468] PeekMessageW (in: lpMsg=0x4bea48, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x4bea48) returned 1 [0064.468] WaitForSingleObject (hHandle=0x4c0, dwMilliseconds=0xa) returned 0x102 [0064.536] PeekMessageW (in: lpMsg=0x4bea48, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x4bea48) returned 1 [0064.536] WaitForSingleObject (hHandle=0x4c0, dwMilliseconds=0xa) returned 0x102 [0064.587] PeekMessageW (in: lpMsg=0x4bea48, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x4bea48) returned 1 [0064.587] WaitForSingleObject (hHandle=0x4c0, dwMilliseconds=0xa) returned 0x102 [0064.960] PeekMessageW (in: lpMsg=0x4bea48, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x4bea48) returned 1 [0064.960] WaitForSingleObject (hHandle=0x4c0, dwMilliseconds=0xa) returned 0x102 [0065.049] PeekMessageW (in: lpMsg=0x4bea48, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x4bea48) returned 1 [0065.049] WaitForSingleObject (hHandle=0x4c0, dwMilliseconds=0xa) returned 0x102 [0065.114] PeekMessageW (in: lpMsg=0x4bea48, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x4bea48) returned 1 [0065.114] WaitForSingleObject (hHandle=0x4c0, dwMilliseconds=0xa) returned 0x102 [0065.196] PeekMessageW (in: lpMsg=0x4bea48, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x4bea48) returned 1 [0065.196] WaitForSingleObject (hHandle=0x4c0, dwMilliseconds=0xa) returned 0x102 [0065.288] PeekMessageW (in: lpMsg=0x4bea48, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x4bea48) returned 1 [0065.288] WaitForSingleObject (hHandle=0x4c0, dwMilliseconds=0xa) returned 0x102 [0065.405] PeekMessageW (in: lpMsg=0x4bea48, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x4bea48) returned 1 [0065.405] WaitForSingleObject (hHandle=0x4c0, dwMilliseconds=0xa) returned 0x102 [0065.631] PeekMessageW (in: lpMsg=0x4bea48, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x4bea48) returned 1 [0065.631] WaitForSingleObject (hHandle=0x4c0, dwMilliseconds=0xa) returned 0x102 [0065.661] PeekMessageW (in: lpMsg=0x4bea48, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x4bea48) returned 1 [0065.661] WaitForSingleObject (hHandle=0x4c0, dwMilliseconds=0xa) returned 0x102 [0065.684] PeekMessageW (in: lpMsg=0x4bea48, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x4bea48) returned 1 [0065.687] WaitForSingleObject (hHandle=0x4c0, dwMilliseconds=0xa) returned 0x102 [0066.194] PeekMessageW (in: lpMsg=0x4bea48, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x4bea48) returned 1 [0066.194] WaitForSingleObject (hHandle=0x4c0, dwMilliseconds=0xa) returned 0x102 [0066.261] PeekMessageW (in: lpMsg=0x4bea48, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x4bea48) returned 1 [0066.261] WaitForSingleObject (hHandle=0x4c0, dwMilliseconds=0xa) returned 0x102 [0066.342] PeekMessageW (in: lpMsg=0x4bea48, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x4bea48) returned 1 [0066.342] WaitForSingleObject (hHandle=0x4c0, dwMilliseconds=0xa) returned 0x102 [0066.523] PeekMessageW (in: lpMsg=0x4bea48, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x4bea48) returned 1 [0066.534] WaitForSingleObject (hHandle=0x4c0, dwMilliseconds=0xa) returned 0x102 [0066.606] PeekMessageW (in: lpMsg=0x4bea48, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x4bea48) returned 1 [0066.606] WaitForSingleObject (hHandle=0x4c0, dwMilliseconds=0xa) returned 0x102 [0066.656] PeekMessageW (in: lpMsg=0x4bea48, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x4bea48) returned 1 [0066.656] WaitForSingleObject (hHandle=0x4c0, dwMilliseconds=0xa) returned 0x102 [0066.882] PeekMessageW (in: lpMsg=0x4bea48, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x4bea48) returned 1 [0066.882] WaitForSingleObject (hHandle=0x4c0, dwMilliseconds=0xa) returned 0x102 [0067.812] PeekMessageW (in: lpMsg=0x4bea48, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x4bea48) returned 1 [0067.813] WaitForSingleObject (hHandle=0x4c0, dwMilliseconds=0xa) returned 0x102 [0067.915] PeekMessageW (in: lpMsg=0x4bea48, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x4bea48) returned 1 [0067.915] WaitForSingleObject (hHandle=0x4c0, dwMilliseconds=0xa) returned 0x102 [0067.961] PeekMessageW (in: lpMsg=0x4bea48, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x4bea48) returned 1 [0067.961] WaitForSingleObject (hHandle=0x4c0, dwMilliseconds=0xa) returned 0x102 [0068.042] PeekMessageW (in: lpMsg=0x4bea48, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x4bea48) returned 1 [0068.042] WaitForSingleObject (hHandle=0x4c0, dwMilliseconds=0xa) returned 0x102 [0068.199] PeekMessageW (in: lpMsg=0x4bea48, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x4bea48) returned 1 [0068.199] WaitForSingleObject (hHandle=0x4c0, dwMilliseconds=0xa) returned 0x102 [0068.332] PeekMessageW (in: lpMsg=0x4bea48, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x4bea48) returned 1 [0068.332] WaitForSingleObject (hHandle=0x4c0, dwMilliseconds=0xa) returned 0x102 [0068.418] PeekMessageW (in: lpMsg=0x4bea48, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x4bea48) returned 1 [0068.418] WaitForSingleObject (hHandle=0x4c0, dwMilliseconds=0xa) returned 0x102 [0068.430] PeekMessageW (in: lpMsg=0x4bea48, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x4bea48) returned 1 [0068.430] WaitForSingleObject (hHandle=0x4c0, dwMilliseconds=0xa) returned 0x102 [0068.451] PeekMessageW (in: lpMsg=0x4bea48, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x4bea48) returned 0 [0068.451] WaitForSingleObject (hHandle=0x4c0, dwMilliseconds=0xa) returned 0x102 [0068.480] PeekMessageW (in: lpMsg=0x4bea48, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x4bea48) returned 1 [0068.481] WaitForSingleObject (hHandle=0x4c0, dwMilliseconds=0xa) returned 0x102 [0068.496] PeekMessageW (in: lpMsg=0x4bea48, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x4bea48) returned 0 [0068.496] WaitForSingleObject (hHandle=0x4c0, dwMilliseconds=0xa) returned 0x102 [0068.519] PeekMessageW (in: lpMsg=0x4bea48, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x4bea48) returned 1 [0068.519] WaitForSingleObject (hHandle=0x4c0, dwMilliseconds=0xa) returned 0x102 [0068.647] PeekMessageW (in: lpMsg=0x4bea48, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x4bea48) returned 1 [0068.647] WaitForSingleObject (hHandle=0x4c0, dwMilliseconds=0xa) returned 0x102 [0068.667] PeekMessageW (in: lpMsg=0x4bea48, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x4bea48) returned 1 [0068.667] WaitForSingleObject (hHandle=0x4c0, dwMilliseconds=0xa) returned 0x102 [0068.683] PeekMessageW (in: lpMsg=0x4bea48, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x4bea48) returned 0 [0068.683] WaitForSingleObject (hHandle=0x4c0, dwMilliseconds=0xa) returned 0x102 [0068.703] PeekMessageW (in: lpMsg=0x4bea48, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x4bea48) returned 0 [0068.703] WaitForSingleObject (hHandle=0x4c0, dwMilliseconds=0xa) returned 0x102 [0068.719] PeekMessageW (in: lpMsg=0x4bea48, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x4bea48) returned 1 [0068.720] WaitForSingleObject (hHandle=0x4c0, dwMilliseconds=0xa) returned 0x102 [0068.731] PeekMessageW (in: lpMsg=0x4bea48, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x4bea48) returned 0 [0068.731] WaitForSingleObject (hHandle=0x4c0, dwMilliseconds=0xa) returned 0x102 [0068.753] PeekMessageW (in: lpMsg=0x4bea48, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x4bea48) returned 0 [0068.753] WaitForSingleObject (hHandle=0x4c0, dwMilliseconds=0xa) returned 0x102 [0068.956] PeekMessageW (in: lpMsg=0x4bea48, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x4bea48) returned 1 [0068.956] WaitForSingleObject (hHandle=0x4c0, dwMilliseconds=0xa) returned 0x102 [0069.040] PeekMessageW (in: lpMsg=0x4bea48, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x4bea48) returned 1 [0069.040] WaitForSingleObject (hHandle=0x4c0, dwMilliseconds=0xa) returned 0x102 [0069.099] PeekMessageW (in: lpMsg=0x4bea48, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x4bea48) returned 1 [0069.099] WaitForSingleObject (hHandle=0x4c0, dwMilliseconds=0xa) returned 0x102 [0069.153] PeekMessageW (in: lpMsg=0x4bea48, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x4bea48) returned 1 [0069.153] WaitForSingleObject (hHandle=0x4c0, dwMilliseconds=0xa) returned 0x102 [0069.200] PeekMessageW (in: lpMsg=0x4bea48, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x4bea48) returned 1 [0069.201] WaitForSingleObject (hHandle=0x4c0, dwMilliseconds=0xa) returned 0x102 [0069.241] PeekMessageW (in: lpMsg=0x4bea48, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x4bea48) returned 1 [0069.241] WaitForSingleObject (hHandle=0x4c0, dwMilliseconds=0xa) returned 0x102 [0069.291] PeekMessageW (in: lpMsg=0x4bea48, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x4bea48) returned 1 [0069.291] WaitForSingleObject (hHandle=0x4c0, dwMilliseconds=0xa) returned 0x102 [0069.338] PeekMessageW (in: lpMsg=0x4bea48, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x4bea48) returned 1 [0069.338] WaitForSingleObject (hHandle=0x4c0, dwMilliseconds=0xa) returned 0x102 [0069.385] PeekMessageW (in: lpMsg=0x4bea48, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x4bea48) returned 1 [0069.385] WaitForSingleObject (hHandle=0x4c0, dwMilliseconds=0xa) returned 0x102 [0069.428] PeekMessageW (in: lpMsg=0x4bea48, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x4bea48) returned 1 [0069.428] WaitForSingleObject (hHandle=0x4c0, dwMilliseconds=0xa) returned 0x102 [0069.498] PeekMessageW (in: lpMsg=0x4bea48, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x4bea48) returned 1 [0069.498] WaitForSingleObject (hHandle=0x4c0, dwMilliseconds=0xa) returned 0x102 [0069.665] PeekMessageW (in: lpMsg=0x4bea48, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x4bea48) returned 1 [0069.666] WaitForSingleObject (hHandle=0x4c0, dwMilliseconds=0xa) returned 0x102 [0069.710] PeekMessageW (in: lpMsg=0x4bea48, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x4bea48) returned 1 [0069.710] WaitForSingleObject (hHandle=0x4c0, dwMilliseconds=0xa) returned 0x102 [0069.759] PeekMessageW (in: lpMsg=0x4bea48, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x4bea48) returned 1 [0069.759] WaitForSingleObject (hHandle=0x4c0, dwMilliseconds=0xa) returned 0x102 [0069.808] PeekMessageW (in: lpMsg=0x4bea48, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x4bea48) returned 1 [0069.808] WaitForSingleObject (hHandle=0x4c0, dwMilliseconds=0xa) returned 0x102 [0069.862] PeekMessageW (in: lpMsg=0x4bea48, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x4bea48) returned 1 [0069.862] WaitForSingleObject (hHandle=0x4c0, dwMilliseconds=0xa) returned 0x102 [0069.909] PeekMessageW (in: lpMsg=0x4bea48, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x4bea48) returned 1 [0069.909] WaitForSingleObject (hHandle=0x4c0, dwMilliseconds=0xa) returned 0x102 [0070.030] PeekMessageW (in: lpMsg=0x4bea48, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x4bea48) returned 1 [0070.030] WaitForSingleObject (hHandle=0x4c0, dwMilliseconds=0xa) returned 0x102 [0070.223] PeekMessageW (in: lpMsg=0x4bea48, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x4bea48) returned 1 [0070.223] WaitForSingleObject (hHandle=0x4c0, dwMilliseconds=0xa) returned 0x102 [0070.276] PeekMessageW (in: lpMsg=0x4bea48, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x4bea48) returned 1 [0070.276] WaitForSingleObject (hHandle=0x4c0, dwMilliseconds=0xa) returned 0x102 [0070.319] PeekMessageW (in: lpMsg=0x4bea48, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x4bea48) returned 1 [0070.319] WaitForSingleObject (hHandle=0x4c0, dwMilliseconds=0xa) returned 0x102 [0070.368] PeekMessageW (in: lpMsg=0x4bea48, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x4bea48) returned 1 [0070.369] WaitForSingleObject (hHandle=0x4c0, dwMilliseconds=0xa) returned 0x102 [0070.451] PeekMessageW (in: lpMsg=0x4bea48, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x4bea48) returned 1 [0070.452] WaitForSingleObject (hHandle=0x4c0, dwMilliseconds=0xa) returned 0x102 [0070.497] PeekMessageW (in: lpMsg=0x4bea48, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x4bea48) returned 1 [0070.497] WaitForSingleObject (hHandle=0x4c0, dwMilliseconds=0xa) returned 0x102 [0070.729] PeekMessageW (in: lpMsg=0x4bea48, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x4bea48) returned 1 [0070.729] WaitForSingleObject (hHandle=0x4c0, dwMilliseconds=0xa) returned 0x102 [0070.777] PeekMessageW (in: lpMsg=0x4bea48, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x4bea48) returned 1 [0070.777] WaitForSingleObject (hHandle=0x4c0, dwMilliseconds=0xa) returned 0x102 [0070.820] PeekMessageW (in: lpMsg=0x4bea48, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x4bea48) returned 1 [0070.820] WaitForSingleObject (hHandle=0x4c0, dwMilliseconds=0xa) returned 0x102 [0070.858] PeekMessageW (in: lpMsg=0x4bea48, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x4bea48) returned 0 [0070.858] WaitForSingleObject (hHandle=0x4c0, dwMilliseconds=0xa) returned 0x102 [0070.884] PeekMessageW (in: lpMsg=0x4bea48, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x4bea48) returned 1 [0070.884] WaitForSingleObject (hHandle=0x4c0, dwMilliseconds=0xa) returned 0x102 [0070.936] PeekMessageW (in: lpMsg=0x4bea48, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x4bea48) returned 1 [0070.936] WaitForSingleObject (hHandle=0x4c0, dwMilliseconds=0xa) returned 0x102 [0070.979] PeekMessageW (in: lpMsg=0x4bea48, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x4bea48) returned 1 [0070.979] WaitForSingleObject (hHandle=0x4c0, dwMilliseconds=0xa) returned 0x102 [0071.038] PeekMessageW (in: lpMsg=0x4bea48, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x4bea48) returned 1 [0071.038] WaitForSingleObject (hHandle=0x4c0, dwMilliseconds=0xa) returned 0x102 [0071.110] PeekMessageW (in: lpMsg=0x4bea48, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x4bea48) returned 1 [0071.110] WaitForSingleObject (hHandle=0x4c0, dwMilliseconds=0xa) returned 0x102 [0071.149] PeekMessageW (in: lpMsg=0x4bea48, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x4bea48) returned 1 [0071.149] WaitForSingleObject (hHandle=0x4c0, dwMilliseconds=0xa) returned 0x102 [0071.195] PeekMessageW (in: lpMsg=0x4bea48, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x4bea48) returned 1 [0071.195] WaitForSingleObject (hHandle=0x4c0, dwMilliseconds=0xa) returned 0x102 [0071.241] PeekMessageW (in: lpMsg=0x4bea48, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x4bea48) returned 1 [0071.241] WaitForSingleObject (hHandle=0x4c0, dwMilliseconds=0xa) returned 0x102 [0071.336] PeekMessageW (in: lpMsg=0x4bea48, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x4bea48) returned 1 [0071.336] WaitForSingleObject (hHandle=0x4c0, dwMilliseconds=0xa) returned 0x102 [0071.385] PeekMessageW (in: lpMsg=0x4bea48, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x4bea48) returned 1 [0071.385] WaitForSingleObject (hHandle=0x4c0, dwMilliseconds=0xa) returned 0x102 [0071.476] PeekMessageW (in: lpMsg=0x4bea48, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x4bea48) returned 1 [0071.477] WaitForSingleObject (hHandle=0x4c0, dwMilliseconds=0xa) returned 0x102 [0071.591] PeekMessageW (in: lpMsg=0x4bea48, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x4bea48) returned 1 [0071.591] WaitForSingleObject (hHandle=0x4c0, dwMilliseconds=0xa) returned 0x102 [0071.677] PeekMessageW (in: lpMsg=0x4bea48, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x4bea48) returned 1 [0071.678] WaitForSingleObject (hHandle=0x4c0, dwMilliseconds=0xa) returned 0x102 [0071.761] PeekMessageW (in: lpMsg=0x4bea48, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x4bea48) returned 1 [0071.761] WaitForSingleObject (hHandle=0x4c0, dwMilliseconds=0xa) returned 0x102 [0071.902] PeekMessageW (in: lpMsg=0x4bea48, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x4bea48) returned 1 [0071.902] WaitForSingleObject (hHandle=0x4c0, dwMilliseconds=0xa) returned 0x102 [0072.042] PeekMessageW (in: lpMsg=0x4bea48, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x4bea48) returned 1 [0072.042] WaitForSingleObject (hHandle=0x4c0, dwMilliseconds=0xa) returned 0x102 [0072.138] PeekMessageW (in: lpMsg=0x4bea48, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x4bea48) returned 1 [0072.138] WaitForSingleObject (hHandle=0x4c0, dwMilliseconds=0xa) returned 0x102 [0072.238] PeekMessageW (in: lpMsg=0x4bea48, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x4bea48) returned 1 [0072.239] WaitForSingleObject (hHandle=0x4c0, dwMilliseconds=0xa) returned 0x102 [0072.374] PeekMessageW (in: lpMsg=0x4bea48, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x4bea48) returned 1 [0072.374] WaitForSingleObject (hHandle=0x4c0, dwMilliseconds=0xa) returned 0x102 [0072.680] PeekMessageW (in: lpMsg=0x4bea48, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x4bea48) returned 1 [0072.681] WaitForSingleObject (hHandle=0x4c0, dwMilliseconds=0xa) returned 0x102 [0072.750] PeekMessageW (in: lpMsg=0x4bea48, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x4bea48) returned 1 [0072.750] WaitForSingleObject (hHandle=0x4c0, dwMilliseconds=0xa) returned 0x102 [0072.799] PeekMessageW (in: lpMsg=0x4bea48, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x4bea48) returned 1 [0072.799] WaitForSingleObject (hHandle=0x4c0, dwMilliseconds=0xa) returned 0x102 [0072.833] PeekMessageW (in: lpMsg=0x4bea48, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x4bea48) returned 1 [0072.833] WaitForSingleObject (hHandle=0x4c0, dwMilliseconds=0xa) returned 0x102 [0072.886] PeekMessageW (in: lpMsg=0x4bea48, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x4bea48) returned 1 [0072.886] WaitForSingleObject (hHandle=0x4c0, dwMilliseconds=0xa) returned 0x102 [0072.927] PeekMessageW (in: lpMsg=0x4bea48, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x4bea48) returned 1 [0072.927] WaitForSingleObject (hHandle=0x4c0, dwMilliseconds=0xa) returned 0x102 [0072.979] PeekMessageW (in: lpMsg=0x4bea48, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x4bea48) returned 1 [0072.979] WaitForSingleObject (hHandle=0x4c0, dwMilliseconds=0xa) returned 0x102 [0073.092] PeekMessageW (in: lpMsg=0x4bea48, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x4bea48) returned 1 [0073.092] WaitForSingleObject (hHandle=0x4c0, dwMilliseconds=0xa) returned 0x102 [0073.120] PeekMessageW (in: lpMsg=0x4bea48, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x4bea48) returned 1 [0073.120] WaitForSingleObject (hHandle=0x4c0, dwMilliseconds=0xa) returned 0x102 [0073.231] PeekMessageW (in: lpMsg=0x4bea48, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x4bea48) returned 1 [0073.231] WaitForSingleObject (hHandle=0x4c0, dwMilliseconds=0xa) returned 0x102 [0073.351] PeekMessageW (in: lpMsg=0x4bea48, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x4bea48) returned 1 [0073.351] WaitForSingleObject (hHandle=0x4c0, dwMilliseconds=0xa) returned 0x102 [0073.428] PeekMessageW (in: lpMsg=0x4bea48, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x4bea48) returned 1 [0073.428] WaitForSingleObject (hHandle=0x4c0, dwMilliseconds=0xa) returned 0x102 [0073.478] PeekMessageW (in: lpMsg=0x4bea48, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x4bea48) returned 1 [0073.543] WaitForSingleObject (hHandle=0x4c0, dwMilliseconds=0xa) returned 0x102 [0073.738] PeekMessageW (in: lpMsg=0x4bea48, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x4bea48) returned 1 [0073.741] WaitForSingleObject (hHandle=0x4c0, dwMilliseconds=0xa) returned 0x102 [0073.825] PeekMessageW (in: lpMsg=0x4bea48, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x4bea48) returned 1 [0073.825] WaitForSingleObject (hHandle=0x4c0, dwMilliseconds=0xa) returned 0x102 [0073.871] PeekMessageW (in: lpMsg=0x4bea48, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x4bea48) returned 1 [0073.871] WaitForSingleObject (hHandle=0x4c0, dwMilliseconds=0xa) returned 0x102 [0073.897] PeekMessageW (in: lpMsg=0x4bea48, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x4bea48) returned 1 [0073.897] WaitForSingleObject (hHandle=0x4c0, dwMilliseconds=0xa) returned 0x102 [0073.931] PeekMessageW (in: lpMsg=0x4bea48, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x4bea48) returned 0 [0073.932] WaitForSingleObject (hHandle=0x4c0, dwMilliseconds=0xa) returned 0x102 [0073.948] PeekMessageW (in: lpMsg=0x4bea48, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x4bea48) returned 1 [0073.948] WaitForSingleObject (hHandle=0x4c0, dwMilliseconds=0xa) returned 0x102 [0073.978] PeekMessageW (in: lpMsg=0x4bea48, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x4bea48) returned 0 [0073.978] WaitForSingleObject (hHandle=0x4c0, dwMilliseconds=0xa) returned 0x102 [0074.009] PeekMessageW (in: lpMsg=0x4bea48, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x4bea48) returned 1 [0074.009] WaitForSingleObject (hHandle=0x4c0, dwMilliseconds=0xa) returned 0x102 [0074.106] PeekMessageW (in: lpMsg=0x4bea48, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x1 | out: lpMsg=0x4bea48) returned 1 [0074.106] WaitForSingleObject (hHandle=0x4c0, dwMilliseconds=0xa) returned 0x0 [0074.122] CloseHandle (hObject=0x4c0) returned 1 [0074.122] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=".bat", cchCount1=-1, lpString2=".exe", cchCount2=-1) returned 1 [0074.122] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="TempMode", cchCount1=-1, lpString2="Delete", cchCount2=-1) returned 3 [0074.122] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="TempMode", cchCount1=-1, lpString2="Text", cchCount2=-1) returned 1 [0074.122] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="TempMode", cchCount1=-1, lpString2="Title", cchCount2=-1) returned 1 [0074.122] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="TempMode", cchCount1=-1, lpString2="Path", cchCount2=-1) returned 3 [0074.123] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="TempMode", cchCount1=-1, lpString2="Silent", cchCount2=-1) returned 3 [0074.123] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="TempMode", cchCount1=-1, lpString2="Overwrite", cchCount2=-1) returned 3 [0074.123] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="TempMode", cchCount1=-1, lpString2="Setup", cchCount2=-1) returned 3 [0074.123] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="TempMode", cchCount1=-1, lpString2="TempMode", cchCount2=-1) returned 2 [0074.123] ExpandEnvironmentStringsW (in: lpSrc="1", lpDst=0x4bdab4, nSize=0x1000 | out: lpDst="1") returned 0x2 [0074.123] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Silent", cchCount1=-1, lpString2="Delete", cchCount2=-1) returned 3 [0074.123] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Silent", cchCount1=-1, lpString2="Text", cchCount2=-1) returned 1 [0074.123] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Silent", cchCount1=-1, lpString2="Title", cchCount2=-1) returned 1 [0074.123] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Silent", cchCount1=-1, lpString2="Path", cchCount2=-1) returned 3 [0074.123] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Silent", cchCount1=-1, lpString2="Silent", cchCount2=-1) returned 2 [0074.123] ExpandEnvironmentStringsW (in: lpSrc="1", lpDst=0x4bdab4, nSize=0x1000 | out: lpDst="1") returned 0x2 [0074.123] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Overwrite", cchCount1=-1, lpString2="Delete", cchCount2=-1) returned 3 [0074.123] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Overwrite", cchCount1=-1, lpString2="Text", cchCount2=-1) returned 1 [0074.123] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Overwrite", cchCount1=-1, lpString2="Title", cchCount2=-1) returned 1 [0074.123] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Overwrite", cchCount1=-1, lpString2="Path", cchCount2=-1) returned 1 [0074.123] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Overwrite", cchCount1=-1, lpString2="Silent", cchCount2=-1) returned 1 [0074.123] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Overwrite", cchCount1=-1, lpString2="Overwrite", cchCount2=-1) returned 2 [0074.123] GetDlgItem (hDlg=0xf0216, nIDDlgItem=1) returned 0x3021e [0074.123] EnableWindow (hWnd=0x3021e, bEnable=1) returned 0 [0074.124] GetProcAddress (hModule=0x74b70000, lpProcName="EndDialog") returned 0x74b79080 [0074.124] EndDialog (hDlg=0xf0216, nResult=0x1) returned 1 [0074.182] Sleep (dwMilliseconds=0x1b58) [0081.194] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="RarSFX0", cchCount1=6, lpString2="RarSFX", cchCount2=6) returned 2 [0081.194] SetCurrentDirectoryW (lpPathName="C:\\Users\\FD1HVy\\Desktop" (normalized: "c:\\users\\fd1hvy\\desktop")) returned 1 [0081.195] GetProcAddress (hModule=0x76480000, lpProcName="SHFileOperationW") returned 0x76670a20 [0081.196] SHFileOperationW (in: lpFileOp=0x4ff818*(hwnd=0x0, wFunc=0x3, pFrom="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\RarSFX0", pTo=0x0, fFlags=0x14, fAnyOperationsAborted=0, hNameMappings=0x0, lpszProgressTitle="슋茋ῠ䖉诨쇂შ褟슋茕࿠褙슁޼") | out: lpFileOp=0x4ff818*(hwnd=0x0, wFunc=0x3, pFrom="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\RarSFX0", pTo=0x0, fFlags=0x14, fAnyOperationsAborted=0, hNameMappings=0x0, lpszProgressTitle="슋茋ῠ䖉诨쇂შ褟슋茕࿠褙슁޼")) returned 0 [0086.309] HeapFree (in: hHeap=0x730000, dwFlags=0x0, lpMem=0x764af8 | out: hHeap=0x730000) returned 1 [0086.309] GetProcAddress (hModule=0x75b70000, lpProcName="DeleteObject") returned 0x75b752b0 [0086.309] DeleteObject (ho=0x130205) returned 0 [0086.310] GetProcAddress (hModule=0x75b70000, lpProcName="DeleteObject") returned 0x75b752b0 [0086.310] DeleteObject (ho=0x2f050748) returned 1 [0086.310] IUnknown:AddRef (This=0x75e4d000) returned 0x1 [0086.310] GdiplusShutdown (token=0xfd50ee) [0086.321] GetProcAddress (hModule=0x77920000, lpProcName="OleUninitialize") returned 0x77954de0 [0086.321] OleUninitialize () [0086.326] GetModuleHandleW (lpModuleName=0x0) returned 0xfb0000 [0086.326] GetModuleHandleW (lpModuleName=0x0) returned 0xfb0000 [0086.326] HeapFree (in: hHeap=0x730000, dwFlags=0x0, lpMem=0x76c318 | out: hHeap=0x730000) returned 1 [0086.326] HeapFree (in: hHeap=0x730000, dwFlags=0x0, lpMem=0x75f220 | out: hHeap=0x730000) returned 1 [0086.327] HeapFree (in: hHeap=0x730000, dwFlags=0x0, lpMem=0x261e020 | out: hHeap=0x730000) returned 1 [0086.329] HeapFree (in: hHeap=0x730000, dwFlags=0x0, lpMem=0x734ca8 | out: hHeap=0x730000) returned 1 [0086.330] HeapFree (in: hHeap=0x730000, dwFlags=0x0, lpMem=0x740660 | out: hHeap=0x730000) returned 1 [0086.330] LoadLibraryExW (lpLibFileName="api-ms-win-appmodel-runtime-l1-1-1", hFile=0x0, dwFlags=0x800) returned 0x75ba0000 [0086.330] GetProcAddress (hModule=0x75ba0000, lpProcName="GetCurrentPackageId") returned 0x75ba3510 [0086.330] GetCurrentPackageId () returned 0x3d54 [0086.330] GetModuleHandleExW (in: dwFlags=0x0, lpModuleName="mscoree.dll", phModule=0x4ff8b8 | out: phModule=0x4ff8b8) returned 0 [0086.330] ExitProcess (uExitCode=0x0) [0086.331] HeapFree (in: hHeap=0x730000, dwFlags=0x0, lpMem=0x73ecb0 | out: hHeap=0x730000) returned 1 Thread: id = 2 os_tid = 0xd38 Thread: id = 3 os_tid = 0xdb4 Thread: id = 4 os_tid = 0xe5c [0051.283] WaitForSingleObject (hHandle=0x7c, dwMilliseconds=0xffffffff) returned 0x0 [0051.288] WaitForSingleObject (hHandle=0x7c, dwMilliseconds=0xffffffff) returned 0x0 [0051.293] WaitForSingleObject (hHandle=0x7c, dwMilliseconds=0xffffffff) returned 0x0 [0051.297] WaitForSingleObject (hHandle=0x7c, dwMilliseconds=0xffffffff) returned 0x0 [0051.301] SetEvent (hEvent=0x2b4) returned 1 [0051.303] WaitForSingleObject (hHandle=0x7c, dwMilliseconds=0xffffffff) returned 0x0 [0051.303] WaitForSingleObject (hHandle=0x7c, dwMilliseconds=0xffffffff) returned 0x0 [0051.304] WaitForSingleObject (hHandle=0x7c, dwMilliseconds=0xffffffff) returned 0x0 [0051.304] WaitForSingleObject (hHandle=0x7c, dwMilliseconds=0xffffffff) returned 0x0 [0051.305] SetEvent (hEvent=0x2b4) returned 1 [0051.305] WaitForSingleObject (hHandle=0x7c, dwMilliseconds=0xffffffff) returned 0x0 [0051.305] WaitForSingleObject (hHandle=0x7c, dwMilliseconds=0xffffffff) returned 0x0 [0051.306] WaitForSingleObject (hHandle=0x7c, dwMilliseconds=0xffffffff) returned 0x0 [0051.306] WaitForSingleObject (hHandle=0x7c, dwMilliseconds=0xffffffff) returned 0x0 [0051.307] SetEvent (hEvent=0x2b4) returned 1 [0051.307] WaitForSingleObject (hHandle=0x7c, dwMilliseconds=0xffffffff) returned 0x0 [0051.307] WaitForSingleObject (hHandle=0x7c, dwMilliseconds=0xffffffff) returned 0x0 [0051.308] WaitForSingleObject (hHandle=0x7c, dwMilliseconds=0xffffffff) returned 0x0 [0051.308] WaitForSingleObject (hHandle=0x7c, dwMilliseconds=0xffffffff) returned 0x0 [0051.309] SetEvent (hEvent=0x2b4) returned 1 [0051.309] WaitForSingleObject (hHandle=0x7c, dwMilliseconds=0xffffffff) returned 0x0 [0051.309] WaitForSingleObject (hHandle=0x7c, dwMilliseconds=0xffffffff) returned 0x0 [0051.310] WaitForSingleObject (hHandle=0x7c, dwMilliseconds=0xffffffff) returned 0x0 [0051.310] WaitForSingleObject (hHandle=0x7c, dwMilliseconds=0xffffffff) returned 0x0 [0051.311] SetEvent (hEvent=0x2b4) returned 1 [0051.311] WaitForSingleObject (hHandle=0x7c, dwMilliseconds=0xffffffff) returned 0x0 [0051.311] WaitForSingleObject (hHandle=0x7c, dwMilliseconds=0xffffffff) returned 0x0 [0051.312] WaitForSingleObject (hHandle=0x7c, dwMilliseconds=0xffffffff) returned 0x0 [0051.312] SetEvent (hEvent=0x2b4) returned 1 [0051.346] WaitForSingleObject (hHandle=0x7c, dwMilliseconds=0xffffffff) returned 0x0 Thread: id = 5 os_tid = 0xcd8 [0051.347] WaitForSingleObject (hHandle=0x7c, dwMilliseconds=0xffffffff) returned 0x0 Thread: id = 6 os_tid = 0xcb8 [0051.347] WaitForSingleObject (hHandle=0x7c, dwMilliseconds=0xffffffff) returned 0x0 Thread: id = 7 os_tid = 0xd08 [0051.348] WaitForSingleObject (hHandle=0x7c, dwMilliseconds=0xffffffff) returned 0x0 Thread: id = 8 os_tid = 0xcf4 [0051.348] WaitForSingleObject (hHandle=0x7c, dwMilliseconds=0xffffffff) returned 0x0 Thread: id = 9 os_tid = 0x9b4 [0051.349] WaitForSingleObject (hHandle=0x7c, dwMilliseconds=0xffffffff) returned 0x0 Thread: id = 10 os_tid = 0x7b8 [0051.349] WaitForSingleObject (hHandle=0x7c, dwMilliseconds=0xffffffff) returned 0x0 Thread: id = 11 os_tid = 0x784 [0051.349] WaitForSingleObject (hHandle=0x7c, dwMilliseconds=0xffffffff) returned 0x0 Thread: id = 12 os_tid = 0xd44 [0051.350] WaitForSingleObject (hHandle=0x7c, dwMilliseconds=0xffffffff) returned 0x0 Thread: id = 13 os_tid = 0xd24 [0051.350] WaitForSingleObject (hHandle=0x7c, dwMilliseconds=0xffffffff) returned 0x0 Thread: id = 14 os_tid = 0x39c [0051.350] WaitForSingleObject (hHandle=0x7c, dwMilliseconds=0xffffffff) returned 0x0 Thread: id = 15 os_tid = 0xc34 [0051.351] WaitForSingleObject (hHandle=0x7c, dwMilliseconds=0xffffffff) returned 0x0 Thread: id = 16 os_tid = 0x58 [0051.351] WaitForSingleObject (hHandle=0x7c, dwMilliseconds=0xffffffff) returned 0x0 Thread: id = 17 os_tid = 0xc58 [0051.352] WaitForSingleObject (hHandle=0x7c, dwMilliseconds=0xffffffff) returned 0x0 Thread: id = 18 os_tid = 0xf64 [0051.352] WaitForSingleObject (hHandle=0x7c, dwMilliseconds=0xffffffff) returned 0x0 Thread: id = 19 os_tid = 0xd30 [0051.353] WaitForSingleObject (hHandle=0x7c, dwMilliseconds=0xffffffff) returned 0x0 Thread: id = 20 os_tid = 0xc38 [0051.354] WaitForSingleObject (hHandle=0x7c, dwMilliseconds=0xffffffff) returned 0x0 Thread: id = 21 os_tid = 0x744 [0051.355] WaitForSingleObject (hHandle=0x7c, dwMilliseconds=0xffffffff) returned 0x0 Thread: id = 22 os_tid = 0xf88 [0051.355] WaitForSingleObject (hHandle=0x7c, dwMilliseconds=0xffffffff) returned 0x0 Thread: id = 23 os_tid = 0xcec [0051.355] WaitForSingleObject (hHandle=0x7c, dwMilliseconds=0xffffffff) returned 0x0 Thread: id = 24 os_tid = 0x37c [0051.356] WaitForSingleObject (hHandle=0x7c, dwMilliseconds=0xffffffff) returned 0x0 Thread: id = 25 os_tid = 0xa90 [0051.356] WaitForSingleObject (hHandle=0x7c, dwMilliseconds=0xffffffff) returned 0x0 Thread: id = 26 os_tid = 0xdb0 [0051.356] WaitForSingleObject (hHandle=0x7c, dwMilliseconds=0xffffffff) returned 0x0 Thread: id = 27 os_tid = 0x540 [0051.357] WaitForSingleObject (hHandle=0x7c, dwMilliseconds=0xffffffff) returned 0x0 Thread: id = 28 os_tid = 0x840 [0051.358] WaitForSingleObject (hHandle=0x7c, dwMilliseconds=0xffffffff) returned 0x0 Thread: id = 29 os_tid = 0xd20 [0051.358] WaitForSingleObject (hHandle=0x7c, dwMilliseconds=0xffffffff) returned 0x0 Thread: id = 30 os_tid = 0x7a8 [0051.358] WaitForSingleObject (hHandle=0x7c, dwMilliseconds=0xffffffff) returned 0x0 Thread: id = 31 os_tid = 0x6c8 [0051.359] WaitForSingleObject (hHandle=0x7c, dwMilliseconds=0xffffffff) returned 0x0 Thread: id = 32 os_tid = 0x2ac [0051.359] WaitForSingleObject (hHandle=0x7c, dwMilliseconds=0xffffffff) returned 0x0 Thread: id = 33 os_tid = 0x344 [0051.359] WaitForSingleObject (hHandle=0x7c, dwMilliseconds=0xffffffff) returned 0x0 Thread: id = 34 os_tid = 0xe00 [0051.361] WaitForSingleObject (hHandle=0x7c, dwMilliseconds=0xffffffff) returned 0x0 Thread: id = 35 os_tid = 0xda4 [0051.361] WaitForSingleObject (hHandle=0x7c, dwMilliseconds=0xffffffff) returned 0x0 Thread: id = 36 os_tid = 0xe88 Thread: id = 37 os_tid = 0xd1c Thread: id = 38 os_tid = 0xc9c Thread: id = 39 os_tid = 0x714 Process: id = "2" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0x49d1f000" os_pid = "0x5f0" os_integrity_level = "0x4000" os_privileges = "0x260814080" monitor_reason = "rpc_server" parent_id = "1" os_parent_pid = "0xa98" cmd_line = "C:\\WINDOWS\\system32\\svchost.exe -k appmodel" cur_dir = "C:\\WINDOWS\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" bitness = "64" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\EntAppSvc" [0xa], "NT SERVICE\\StateRepository" [0xe], "NT SERVICE\\tiledatamodelsvc" [0xa], "NT SERVICE\\WalletService" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000fac7" [0xc000000f], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe] Thread: id = 40 os_tid = 0xa2c Thread: id = 41 os_tid = 0xa14 Thread: id = 42 os_tid = 0x8dc Thread: id = 43 os_tid = 0x8d4 Thread: id = 44 os_tid = 0x520 Thread: id = 45 os_tid = 0x67c Thread: id = 46 os_tid = 0x678 Thread: id = 47 os_tid = 0x644 Thread: id = 48 os_tid = 0x640 Thread: id = 49 os_tid = 0x63c Thread: id = 50 os_tid = 0x5f4 Process: id = "3" image_name = "cmd.exe" filename = "c:\\windows\\syswow64\\cmd.exe" page_root = "0x650a0000" os_pid = "0x7cc" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "1" os_parent_pid = "0xa98" cmd_line = "C:\\WINDOWS\\system32\\cmd.exe /c \"\"C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\RarSFX0\\vodafone.bat\" \"" cur_dir = "C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\RarSFX0\\" os_username = "NQDPDE\\FD1HVy" bitness = "32" os_groups = "NQDPDE\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:000103c1" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 51 os_tid = 0x49c [0063.300] GetModuleHandleA (lpModuleName=0x0) returned 0x160000 [0063.301] __set_app_type (_Type=0x1) [0063.301] __p__fmode () returned 0x77ae3c14 [0063.301] __p__commode () returned 0x77ae49ec [0063.301] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x176fd0) returned 0x0 [0063.301] __getmainargs (in: _Argc=0x18d1a4, _Argv=0x18d1a8, _Env=0x18d1ac, _DoWildCard=0, _StartInfo=0x18d1b8 | out: _Argc=0x18d1a4, _Argv=0x18d1a8, _Env=0x18d1ac) returned 0 [0063.301] _onexit (_Func=0x178030) returned 0x178030 [0063.301] _onexit (_Func=0x178040) returned 0x178040 [0063.301] _onexit (_Func=0x178050) returned 0x178050 [0063.301] _onexit (_Func=0x178060) returned 0x178060 [0063.302] _onexit (_Func=0x178070) returned 0x178070 [0063.303] _onexit (_Func=0x178080) returned 0x178080 [0063.303] GetCurrentThreadId () returned 0x49c [0063.303] OpenThread (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwThreadId=0x49c) returned 0xbc [0063.303] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x75e90000 [0063.303] GetProcAddress (hModule=0x75e90000, lpProcName="SetThreadUILanguage") returned 0x75ea4f70 [0063.303] SetThreadUILanguage (LangId=0x0) returned 0x2370409 [0063.316] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0063.316] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Policies\\Microsoft\\Windows\\System", ulOptions=0x0, samDesired=0x20019, phkResult=0x24ffb7c | out: phkResult=0x24ffb7c*=0x0) returned 0x2 [0063.316] VirtualQuery (in: lpAddress=0x24ffb87, lpBuffer=0x24ffb34, dwLength=0x1c | out: lpBuffer=0x24ffb34*(BaseAddress=0x24ff000, AllocationBase=0x2400000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0063.316] VirtualQuery (in: lpAddress=0x2400000, lpBuffer=0x24ffb34, dwLength=0x1c | out: lpBuffer=0x24ffb34*(BaseAddress=0x2400000, AllocationBase=0x2400000, AllocationProtect=0x4, RegionSize=0x1000, State=0x2000, Protect=0x0, Type=0x20000)) returned 0x1c [0063.316] VirtualQuery (in: lpAddress=0x2401000, lpBuffer=0x24ffb34, dwLength=0x1c | out: lpBuffer=0x24ffb34*(BaseAddress=0x2401000, AllocationBase=0x2400000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x104, Type=0x20000)) returned 0x1c [0063.316] VirtualQuery (in: lpAddress=0x2403000, lpBuffer=0x24ffb34, dwLength=0x1c | out: lpBuffer=0x24ffb34*(BaseAddress=0x2403000, AllocationBase=0x2400000, AllocationProtect=0x4, RegionSize=0xfd000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0063.317] VirtualQuery (in: lpAddress=0x2500000, lpBuffer=0x24ffb34, dwLength=0x1c | out: lpBuffer=0x24ffb34*(BaseAddress=0x2500000, AllocationBase=0x2500000, AllocationProtect=0x2, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x40000)) returned 0x1c [0063.317] GetConsoleOutputCP () returned 0x1b5 [0063.332] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x193850 | out: lpCPInfo=0x193850) returned 1 [0063.332] SetConsoleCtrlHandler (HandlerRoutine=0x187260, Add=1) returned 1 [0063.332] _get_osfhandle (_FileHandle=1) returned 0x90 [0063.332] GetConsoleMode (in: hConsoleHandle=0x90, lpMode=0x19388c | out: lpMode=0x19388c) returned 1 [0063.347] _get_osfhandle (_FileHandle=0) returned 0x8c [0063.347] GetConsoleMode (in: hConsoleHandle=0x8c, lpMode=0x193888 | out: lpMode=0x193888) returned 1 [0063.374] _get_osfhandle (_FileHandle=1) returned 0x90 [0063.374] SetConsoleMode (hConsoleHandle=0x90, dwMode=0x0) returned 1 [0063.381] _get_osfhandle (_FileHandle=1) returned 0x90 [0063.381] GetConsoleMode (in: hConsoleHandle=0x90, lpMode=0x193890 | out: lpMode=0x193890) returned 1 [0063.390] _get_osfhandle (_FileHandle=1) returned 0x90 [0063.390] SetConsoleMode (hConsoleHandle=0x90, dwMode=0x7) returned 1 [0063.405] _get_osfhandle (_FileHandle=0) returned 0x8c [0063.405] GetConsoleMode (in: hConsoleHandle=0x8c, lpMode=0x193894 | out: lpMode=0x193894) returned 1 [0063.415] _get_osfhandle (_FileHandle=0) returned 0x8c [0063.415] SetConsoleMode (hConsoleHandle=0x8c, dwMode=0x1e7) returned 1 [0063.429] GetEnvironmentStringsW () returned 0x2784e88* [0063.429] GetProcessHeap () returned 0x2780000 [0063.429] RtlAllocateHeap (HeapHandle=0x2780000, Flags=0x8, Size=0xc10) returned 0x2785aa0 [0063.429] FreeEnvironmentStringsA (penv="A") returned 1 [0063.429] GetProcessHeap () returned 0x2780000 [0063.429] RtlAllocateHeap (HeapHandle=0x2780000, Flags=0x8, Size=0x4) returned 0x2784968 [0063.429] GetEnvironmentStringsW () returned 0x2784e88* [0063.429] GetProcessHeap () returned 0x2780000 [0063.429] RtlAllocateHeap (HeapHandle=0x2780000, Flags=0x8, Size=0xc10) returned 0x27866b8 [0063.429] FreeEnvironmentStringsA (penv="A") returned 1 [0063.430] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x24fead8 | out: phkResult=0x24fead8*=0xcc) returned 0x0 [0063.430] RegQueryValueExW (in: hKey=0xcc, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x24feae0, lpData=0x24feae4, lpcbData=0x24feadc*=0x1000 | out: lpType=0x24feae0*=0x0, lpData=0x24feae4*=0x68, lpcbData=0x24feadc*=0x1000) returned 0x2 [0063.430] RegQueryValueExW (in: hKey=0xcc, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x24feae0, lpData=0x24feae4, lpcbData=0x24feadc*=0x1000 | out: lpType=0x24feae0*=0x4, lpData=0x24feae4*=0x1, lpcbData=0x24feadc*=0x4) returned 0x0 [0063.430] RegQueryValueExW (in: hKey=0xcc, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x24feae0, lpData=0x24feae4, lpcbData=0x24feadc*=0x1000 | out: lpType=0x24feae0*=0x0, lpData=0x24feae4*=0x1, lpcbData=0x24feadc*=0x1000) returned 0x2 [0063.430] RegQueryValueExW (in: hKey=0xcc, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x24feae0, lpData=0x24feae4, lpcbData=0x24feadc*=0x1000 | out: lpType=0x24feae0*=0x4, lpData=0x24feae4*=0x0, lpcbData=0x24feadc*=0x4) returned 0x0 [0063.430] RegQueryValueExW (in: hKey=0xcc, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x24feae0, lpData=0x24feae4, lpcbData=0x24feadc*=0x1000 | out: lpType=0x24feae0*=0x4, lpData=0x24feae4*=0x40, lpcbData=0x24feadc*=0x4) returned 0x0 [0063.430] RegQueryValueExW (in: hKey=0xcc, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x24feae0, lpData=0x24feae4, lpcbData=0x24feadc*=0x1000 | out: lpType=0x24feae0*=0x4, lpData=0x24feae4*=0x40, lpcbData=0x24feadc*=0x4) returned 0x0 [0063.430] RegQueryValueExW (in: hKey=0xcc, lpValueName="AutoRun", lpReserved=0x0, lpType=0x24feae0, lpData=0x24feae4, lpcbData=0x24feadc*=0x1000 | out: lpType=0x24feae0*=0x0, lpData=0x24feae4*=0x40, lpcbData=0x24feadc*=0x1000) returned 0x2 [0063.430] RegCloseKey (hKey=0xcc) returned 0x0 [0063.430] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x24fead8 | out: phkResult=0x24fead8*=0xcc) returned 0x0 [0063.430] RegQueryValueExW (in: hKey=0xcc, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x24feae0, lpData=0x24feae4, lpcbData=0x24feadc*=0x1000 | out: lpType=0x24feae0*=0x0, lpData=0x24feae4*=0x40, lpcbData=0x24feadc*=0x1000) returned 0x2 [0063.430] RegQueryValueExW (in: hKey=0xcc, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x24feae0, lpData=0x24feae4, lpcbData=0x24feadc*=0x1000 | out: lpType=0x24feae0*=0x4, lpData=0x24feae4*=0x1, lpcbData=0x24feadc*=0x4) returned 0x0 [0063.430] RegQueryValueExW (in: hKey=0xcc, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x24feae0, lpData=0x24feae4, lpcbData=0x24feadc*=0x1000 | out: lpType=0x24feae0*=0x0, lpData=0x24feae4*=0x1, lpcbData=0x24feadc*=0x1000) returned 0x2 [0063.430] RegQueryValueExW (in: hKey=0xcc, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x24feae0, lpData=0x24feae4, lpcbData=0x24feadc*=0x1000 | out: lpType=0x24feae0*=0x4, lpData=0x24feae4*=0x0, lpcbData=0x24feadc*=0x4) returned 0x0 [0063.430] RegQueryValueExW (in: hKey=0xcc, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x24feae0, lpData=0x24feae4, lpcbData=0x24feadc*=0x1000 | out: lpType=0x24feae0*=0x4, lpData=0x24feae4*=0x9, lpcbData=0x24feadc*=0x4) returned 0x0 [0063.430] RegQueryValueExW (in: hKey=0xcc, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x24feae0, lpData=0x24feae4, lpcbData=0x24feadc*=0x1000 | out: lpType=0x24feae0*=0x4, lpData=0x24feae4*=0x9, lpcbData=0x24feadc*=0x4) returned 0x0 [0063.430] RegQueryValueExW (in: hKey=0xcc, lpValueName="AutoRun", lpReserved=0x0, lpType=0x24feae0, lpData=0x24feae4, lpcbData=0x24feadc*=0x1000 | out: lpType=0x24feae0*=0x0, lpData=0x24feae4*=0x9, lpcbData=0x24feadc*=0x1000) returned 0x2 [0063.430] RegCloseKey (hKey=0xcc) returned 0x0 [0063.431] time (in: timer=0x0 | out: timer=0x0) returned 0x5d8a58de [0063.431] srand (_Seed=0x5d8a58de) [0063.431] GetCommandLineW () returned="C:\\WINDOWS\\system32\\cmd.exe /c \"\"C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\RarSFX0\\vodafone.bat\" \"" [0063.431] malloc (_Size=0x4000) returned 0x2b523d0 [0063.434] GetCommandLineW () returned="C:\\WINDOWS\\system32\\cmd.exe /c \"\"C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\RarSFX0\\vodafone.bat\" \"" [0063.434] malloc (_Size=0xffce) returned 0x2980048 [0063.435] ??_V@YAXPAX@Z () returned 0x24ffabc [0063.435] GetCurrentDirectoryW (in: nBufferLength=0x7fe7, lpBuffer=0x2980048 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\RarSFX0") returned 0x2a [0063.436] malloc (_Size=0xffce) returned 0x2990020 [0063.436] ??_V@YAXPAX@Z () returned 0x24ff890 [0063.437] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x2990020, nSize=0x7fe7 | out: lpFilename="C:\\WINDOWS\\SysWOW64\\cmd.exe" (normalized: "c:\\windows\\syswow64\\cmd.exe")) returned 0x1b [0063.437] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x18f840, nSize=0x2000 | out: lpBuffer="C:\\ProgramData\\Oracle\\Java\\javapath;C:\\WINDOWS\\system32;C:\\WINDOWS;C:\\WINDOWS\\System32\\Wbem;C:\\WINDOWS\\System32\\WindowsPowerShell\\v1.0\\;C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\WindowsApps") returned 0xbb [0063.437] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x18f840, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0063.437] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x18f840, nSize=0x2000 | out: lpBuffer="") returned 0x0 [0063.437] _wcsicmp (_String1="PROMPT", _String2="CD") returned 13 [0063.437] _wcsicmp (_String1="PROMPT", _String2="ERRORLEVEL") returned 11 [0063.437] _wcsicmp (_String1="PROMPT", _String2="CMDEXTVERSION") returned 13 [0063.437] _wcsicmp (_String1="PROMPT", _String2="CMDCMDLINE") returned 13 [0063.437] _wcsicmp (_String1="PROMPT", _String2="DATE") returned 12 [0063.437] _wcsicmp (_String1="PROMPT", _String2="TIME") returned -4 [0063.437] _wcsicmp (_String1="PROMPT", _String2="RANDOM") returned -2 [0063.437] _wcsicmp (_String1="PROMPT", _String2="HIGHESTNUMANODENUMBER") returned 8 [0063.437] SetEnvironmentVariableW (lpName="PROMPT", lpValue="$P$G") returned 1 [0063.437] GetProcessHeap () returned 0x2780000 [0063.437] RtlFreeHeap (HeapHandle=0x2780000, Flags=0x0, BaseAddress=0x2785aa0) returned 1 [0063.437] GetEnvironmentStringsW () returned 0x2784e88* [0063.437] GetProcessHeap () returned 0x2780000 [0063.437] RtlAllocateHeap (HeapHandle=0x2780000, Flags=0x8, Size=0xc28) returned 0x2787f00 [0063.437] FreeEnvironmentStringsA (penv="A") returned 1 [0063.438] GetEnvironmentVariableW (in: lpName="COMSPEC", lpBuffer=0x18f840, nSize=0x2000 | out: lpBuffer="C:\\WINDOWS\\system32\\cmd.exe") returned 0x1b [0063.438] GetEnvironmentVariableW (in: lpName="KEYS", lpBuffer=0x18f840, nSize=0x2000 | out: lpBuffer="") returned 0x0 [0063.438] _wcsicmp (_String1="KEYS", _String2="CD") returned 8 [0063.438] _wcsicmp (_String1="KEYS", _String2="ERRORLEVEL") returned 6 [0063.438] _wcsicmp (_String1="KEYS", _String2="CMDEXTVERSION") returned 8 [0063.438] _wcsicmp (_String1="KEYS", _String2="CMDCMDLINE") returned 8 [0063.438] _wcsicmp (_String1="KEYS", _String2="DATE") returned 7 [0063.438] _wcsicmp (_String1="KEYS", _String2="TIME") returned -9 [0063.438] _wcsicmp (_String1="KEYS", _String2="RANDOM") returned -7 [0063.438] _wcsicmp (_String1="KEYS", _String2="HIGHESTNUMANODENUMBER") returned 3 [0063.438] malloc (_Size=0xffce) returned 0x299fff8 [0063.438] ??_V@YAXPAX@Z () returned 0x24ff628 [0063.438] GetProcessHeap () returned 0x2780000 [0063.438] RtlAllocateHeap (HeapHandle=0x2780000, Flags=0x8, Size=0x5e) returned 0x2788b30 [0063.439] GetCurrentDirectoryW (in: nBufferLength=0x7fe7, lpBuffer=0x299fff8 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\RarSFX0") returned 0x2a [0063.439] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\RarSFX0", nBufferLength=0x7fe7, lpBuffer=0x299fff8, lpFilePart=0x24ff674 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\RarSFX0", lpFilePart=0x24ff674*="RarSFX0") returned 0x2a [0063.439] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\RarSFX0" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\rarsfx0")) returned 0x10 [0063.439] FindFirstFileW (in: lpFileName="C:\\Users", lpFindFileData=0x24ff3f8 | out: lpFindFileData=0x24ff3f8*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x6c4849dd, ftCreationTime.dwHighDateTime=0x1d29fdc, ftLastAccessTime.dwLowDateTime=0x475bb883, ftLastAccessTime.dwHighDateTime=0x1d32742, ftLastWriteTime.dwLowDateTime=0x475bb883, ftLastWriteTime.dwHighDateTime=0x1d32742, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Users", cAlternateFileName="")) returned 0x2788b98 [0063.439] FindClose (in: hFindFile=0x2788b98 | out: hFindFile=0x2788b98) returned 1 [0063.439] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy", lpFindFileData=0x24ff3f8 | out: lpFindFileData=0x24ff3f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x20fc850f, ftCreationTime.dwHighDateTime=0x1d32742, ftLastAccessTime.dwLowDateTime=0x9de5855d, ftLastAccessTime.dwHighDateTime=0x1d32744, ftLastWriteTime.dwLowDateTime=0x9de5855d, ftLastWriteTime.dwHighDateTime=0x1d32744, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="FD1HVy", cAlternateFileName="")) returned 0x2788b98 [0063.440] FindClose (in: hFindFile=0x2788b98 | out: hFindFile=0x2788b98) returned 1 [0063.440] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\AppData", lpFindFileData=0x24ff3f8 | out: lpFindFileData=0x24ff3f8*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0x210870f2, ftCreationTime.dwHighDateTime=0x1d32742, ftLastAccessTime.dwLowDateTime=0x3b5a0677, ftLastAccessTime.dwHighDateTime=0x1d32742, ftLastWriteTime.dwLowDateTime=0x3b5a0677, ftLastWriteTime.dwHighDateTime=0x1d32742, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="AppData", cAlternateFileName="")) returned 0x2788b98 [0063.440] FindClose (in: hFindFile=0x2788b98 | out: hFindFile=0x2788b98) returned 1 [0063.440] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local", lpFindFileData=0x24ff3f8 | out: lpFindFileData=0x24ff3f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x210ad1cc, ftCreationTime.dwHighDateTime=0x1d32742, ftLastAccessTime.dwLowDateTime=0xd6a9d454, ftLastAccessTime.dwHighDateTime=0x1d35e03, ftLastWriteTime.dwLowDateTime=0xd6a9d454, ftLastWriteTime.dwHighDateTime=0x1d35e03, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Local", cAlternateFileName="")) returned 0x2788b98 [0063.440] FindClose (in: hFindFile=0x2788b98 | out: hFindFile=0x2788b98) returned 1 [0063.440] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp", lpFindFileData=0x24ff3f8 | out: lpFindFileData=0x24ff3f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x210ad1cc, ftCreationTime.dwHighDateTime=0x1d32742, ftLastAccessTime.dwLowDateTime=0x66e32c35, ftLastAccessTime.dwHighDateTime=0x1d57301, ftLastWriteTime.dwLowDateTime=0x66e32c35, ftLastWriteTime.dwHighDateTime=0x1d57301, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Temp", cAlternateFileName="")) returned 0x2788b98 [0063.440] FindClose (in: hFindFile=0x2788b98 | out: hFindFile=0x2788b98) returned 1 [0063.440] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\RarSFX0", lpFindFileData=0x24ff3f8 | out: lpFindFileData=0x24ff3f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x66e32c35, ftCreationTime.dwHighDateTime=0x1d57301, ftLastAccessTime.dwLowDateTime=0x6725efed, ftLastAccessTime.dwHighDateTime=0x1d57301, ftLastWriteTime.dwLowDateTime=0x6725efed, ftLastWriteTime.dwHighDateTime=0x1d57301, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="RarSFX0", cAlternateFileName="")) returned 0x2788b98 [0063.440] FindClose (in: hFindFile=0x2788b98 | out: hFindFile=0x2788b98) returned 1 [0063.440] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\RarSFX0" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\rarsfx0")) returned 0x10 [0063.440] SetCurrentDirectoryW (lpPathName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\RarSFX0" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\rarsfx0")) returned 1 [0063.441] SetEnvironmentVariableW (lpName="=C:", lpValue="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\RarSFX0") returned 1 [0063.441] GetProcessHeap () returned 0x2780000 [0063.441] RtlFreeHeap (HeapHandle=0x2780000, Flags=0x0, BaseAddress=0x2787f00) returned 1 [0063.441] GetEnvironmentStringsW () returned 0x27872d0* [0063.441] GetProcessHeap () returned 0x2780000 [0063.441] RtlAllocateHeap (HeapHandle=0x2780000, Flags=0x8, Size=0xc86) returned 0x2788b98 [0063.441] FreeEnvironmentStringsA (penv="=") returned 1 [0063.441] GetCurrentDirectoryW (in: nBufferLength=0x7fe7, lpBuffer=0x2980048 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\RarSFX0") returned 0x2a [0063.441] GetProcessHeap () returned 0x2780000 [0063.441] RtlFreeHeap (HeapHandle=0x2780000, Flags=0x0, BaseAddress=0x2788b30) returned 1 [0063.441] ??_V@YAXPAX@Z () returned 0x1 [0063.441] ??_V@YAXPAX@Z () returned 0x1 [0063.441] GetProcessHeap () returned 0x2780000 [0063.441] RtlAllocateHeap (HeapHandle=0x2780000, Flags=0x8, Size=0x400e) returned 0x2789828 [0063.441] GetProcessHeap () returned 0x2780000 [0063.441] RtlAllocateHeap (HeapHandle=0x2780000, Flags=0x8, Size=0x86) returned 0x2785b18 [0063.442] GetProcessHeap () returned 0x2780000 [0063.442] RtlAllocateHeap (HeapHandle=0x2780000, Flags=0x8, Size=0x4008) returned 0x278d840 [0063.442] GetProcessHeap () returned 0x2780000 [0063.442] RtlAllocateHeap (HeapHandle=0x2780000, Flags=0x8, Size=0x4008) returned 0x2791850 [0063.442] GetProcessHeap () returned 0x2780000 [0063.442] RtlFreeHeap (HeapHandle=0x2780000, Flags=0x0, BaseAddress=0x2789828) returned 1 [0063.442] GetConsoleOutputCP () returned 0x1b5 [0063.447] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x193850 | out: lpCPInfo=0x193850) returned 1 [0063.448] GetUserDefaultLCID () returned 0x409 [0063.448] GetLocaleInfoW (in: Locale=0x409, LCType=0x1e, lpLCData=0x18f82c, cchData=8 | out: lpLCData=":") returned 2 [0063.448] GetLocaleInfoW (in: Locale=0x409, LCType=0x23, lpLCData=0x24ff9e4, cchData=128 | out: lpLCData="0") returned 2 [0063.448] GetLocaleInfoW (in: Locale=0x409, LCType=0x21, lpLCData=0x24ff9e4, cchData=128 | out: lpLCData="0") returned 2 [0063.448] GetLocaleInfoW (in: Locale=0x409, LCType=0x24, lpLCData=0x24ff9e4, cchData=128 | out: lpLCData="1") returned 2 [0063.448] GetLocaleInfoW (in: Locale=0x409, LCType=0x1d, lpLCData=0x18f81c, cchData=8 | out: lpLCData="/") returned 2 [0063.448] GetLocaleInfoW (in: Locale=0x409, LCType=0x31, lpLCData=0x18f7b8, cchData=32 | out: lpLCData="Mon") returned 4 [0063.448] GetLocaleInfoW (in: Locale=0x409, LCType=0x32, lpLCData=0x18f778, cchData=32 | out: lpLCData="Tue") returned 4 [0063.448] GetLocaleInfoW (in: Locale=0x409, LCType=0x33, lpLCData=0x18f738, cchData=32 | out: lpLCData="Wed") returned 4 [0063.448] GetLocaleInfoW (in: Locale=0x409, LCType=0x34, lpLCData=0x18f6f8, cchData=32 | out: lpLCData="Thu") returned 4 [0063.448] GetLocaleInfoW (in: Locale=0x409, LCType=0x35, lpLCData=0x18f6b8, cchData=32 | out: lpLCData="Fri") returned 4 [0063.448] GetLocaleInfoW (in: Locale=0x409, LCType=0x36, lpLCData=0x18f678, cchData=32 | out: lpLCData="Sat") returned 4 [0063.448] GetLocaleInfoW (in: Locale=0x409, LCType=0x37, lpLCData=0x18f638, cchData=32 | out: lpLCData="Sun") returned 4 [0063.448] GetLocaleInfoW (in: Locale=0x409, LCType=0xe, lpLCData=0x18f80c, cchData=8 | out: lpLCData=".") returned 2 [0063.448] GetLocaleInfoW (in: Locale=0x409, LCType=0xf, lpLCData=0x18f7f8, cchData=8 | out: lpLCData=",") returned 2 [0063.448] setlocale (category=0, locale=".OCP") returned="English_United States.437" [0063.450] GetProcessHeap () returned 0x2780000 [0063.450] RtlAllocateHeap (HeapHandle=0x2780000, Flags=0x0, Size=0x20c) returned 0x2785bf0 [0063.450] GetConsoleTitleW (in: lpConsoleTitle=0x2785bf0, nSize=0x104 | out: lpConsoleTitle="C:\\WINDOWS\\system32\\cmd.exe") returned 0x1c [0063.464] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x75e90000 [0063.464] GetProcAddress (hModule=0x75e90000, lpProcName="CopyFileExW") returned 0x75ea4330 [0063.464] GetProcAddress (hModule=0x75e90000, lpProcName="IsDebuggerPresent") returned 0x75ea5930 [0063.464] GetProcAddress (hModule=0x75e90000, lpProcName="SetConsoleInputExeNameW") returned 0x74fe09d0 [0063.464] ??_V@YAXPAX@Z () returned 0x1 [0063.465] GetProcessHeap () returned 0x2780000 [0063.465] RtlAllocateHeap (HeapHandle=0x2780000, Flags=0x8, Size=0x400a) returned 0x2789828 [0063.465] GetProcessHeap () returned 0x2780000 [0063.465] RtlFreeHeap (HeapHandle=0x2780000, Flags=0x0, BaseAddress=0x2789828) returned 1 [0063.466] _wcsicmp (_String1="\"C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\RarSFX0\\vodafone.bat\"", _String2=")") returned -7 [0063.466] _wcsicmp (_String1="FOR", _String2="\"C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\RarSFX0\\vodafone.bat\"") returned 68 [0063.466] _wcsicmp (_String1="FOR/?", _String2="\"C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\RarSFX0\\vodafone.bat\"") returned 68 [0063.466] _wcsicmp (_String1="IF", _String2="\"C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\RarSFX0\\vodafone.bat\"") returned 71 [0063.466] _wcsicmp (_String1="IF/?", _String2="\"C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\RarSFX0\\vodafone.bat\"") returned 71 [0063.466] _wcsicmp (_String1="REM", _String2="\"C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\RarSFX0\\vodafone.bat\"") returned 80 [0063.466] _wcsicmp (_String1="REM/?", _String2="\"C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\RarSFX0\\vodafone.bat\"") returned 80 [0063.466] GetProcessHeap () returned 0x2780000 [0063.466] RtlAllocateHeap (HeapHandle=0x2780000, Flags=0x8, Size=0x58) returned 0x2785e08 [0063.466] GetProcessHeap () returned 0x2780000 [0063.466] RtlAllocateHeap (HeapHandle=0x2780000, Flags=0x8, Size=0x7c) returned 0x2785e68 [0063.466] GetProcessHeap () returned 0x2780000 [0063.466] RtlAllocateHeap (HeapHandle=0x2780000, Flags=0x8, Size=0xc) returned 0x2785ef0 [0063.467] GetConsoleTitleW (in: lpConsoleTitle=0x24ff8d8, nSize=0x104 | out: lpConsoleTitle="C:\\WINDOWS\\system32\\cmd.exe") returned 0x1c [0063.471] malloc (_Size=0xffce) returned 0x29926f8 [0063.471] ??_V@YAXPAX@Z () returned 0x24ff664 [0063.472] malloc (_Size=0xffce) returned 0x29a26d0 [0063.472] ??_V@YAXPAX@Z () returned 0x24ff41c [0063.472] GetFileAttributesW (lpFileName="\"C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\RarSFX0\\vodafone.bat\"" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\rarsfx0\\\"c:\\users\\fd1hvy\\appdata\\local\\temp\\rarsfx0\\vodafone.bat\"")) returned 0xffffffff [0063.473] _wcsicmp (_String1="\"C", _String2="DIR") returned -66 [0063.473] _wcsicmp (_String1="\"C", _String2="ERASE") returned -67 [0063.473] _wcsicmp (_String1="\"C", _String2="DEL") returned -66 [0063.473] _wcsicmp (_String1="\"C", _String2="TYPE") returned -82 [0063.473] _wcsicmp (_String1="\"C", _String2="COPY") returned -65 [0063.473] _wcsicmp (_String1="\"C", _String2="CD") returned -65 [0063.473] _wcsicmp (_String1="\"C", _String2="CHDIR") returned -65 [0063.473] _wcsicmp (_String1="\"C", _String2="RENAME") returned -80 [0063.473] _wcsicmp (_String1="\"C", _String2="REN") returned -80 [0063.473] _wcsicmp (_String1="\"C", _String2="ECHO") returned -67 [0063.473] _wcsicmp (_String1="\"C", _String2="SET") returned -81 [0063.473] _wcsicmp (_String1="\"C", _String2="PAUSE") returned -78 [0063.473] _wcsicmp (_String1="\"C", _String2="DATE") returned -66 [0063.473] _wcsicmp (_String1="\"C", _String2="TIME") returned -82 [0063.473] _wcsicmp (_String1="\"C", _String2="PROMPT") returned -78 [0063.473] _wcsicmp (_String1="\"C", _String2="MD") returned -75 [0063.473] _wcsicmp (_String1="\"C", _String2="MKDIR") returned -75 [0063.473] _wcsicmp (_String1="\"C", _String2="RD") returned -80 [0063.473] _wcsicmp (_String1="\"C", _String2="RMDIR") returned -80 [0063.473] _wcsicmp (_String1="\"C", _String2="PATH") returned -78 [0063.473] _wcsicmp (_String1="\"C", _String2="GOTO") returned -69 [0063.473] _wcsicmp (_String1="\"C", _String2="SHIFT") returned -81 [0063.473] _wcsicmp (_String1="\"C", _String2="CLS") returned -65 [0063.473] _wcsicmp (_String1="\"C", _String2="CALL") returned -65 [0063.473] _wcsicmp (_String1="\"C", _String2="VERIFY") returned -84 [0063.473] _wcsicmp (_String1="\"C", _String2="VER") returned -84 [0063.473] _wcsicmp (_String1="\"C", _String2="VOL") returned -84 [0063.473] _wcsicmp (_String1="\"C", _String2="EXIT") returned -67 [0063.473] _wcsicmp (_String1="\"C", _String2="SETLOCAL") returned -81 [0063.473] _wcsicmp (_String1="\"C", _String2="ENDLOCAL") returned -67 [0063.473] _wcsicmp (_String1="\"C", _String2="TITLE") returned -82 [0063.473] _wcsicmp (_String1="\"C", _String2="START") returned -81 [0063.474] _wcsicmp (_String1="\"C", _String2="DPATH") returned -66 [0063.474] _wcsicmp (_String1="\"C", _String2="KEYS") returned -73 [0063.474] _wcsicmp (_String1="\"C", _String2="MOVE") returned -75 [0063.474] _wcsicmp (_String1="\"C", _String2="PUSHD") returned -78 [0063.474] _wcsicmp (_String1="\"C", _String2="POPD") returned -78 [0063.474] _wcsicmp (_String1="\"C", _String2="ASSOC") returned -63 [0063.474] _wcsicmp (_String1="\"C", _String2="FTYPE") returned -68 [0063.474] _wcsicmp (_String1="\"C", _String2="BREAK") returned -64 [0063.474] _wcsicmp (_String1="\"C", _String2="COLOR") returned -65 [0063.474] _wcsicmp (_String1="\"C", _String2="MKLINK") returned -75 [0063.474] _wcsicmp (_String1="\"C", _String2="DIR") returned -66 [0063.474] _wcsicmp (_String1="\"C", _String2="ERASE") returned -67 [0063.474] _wcsicmp (_String1="\"C", _String2="DEL") returned -66 [0063.474] _wcsicmp (_String1="\"C", _String2="TYPE") returned -82 [0063.474] _wcsicmp (_String1="\"C", _String2="COPY") returned -65 [0063.474] _wcsicmp (_String1="\"C", _String2="CD") returned -65 [0063.474] _wcsicmp (_String1="\"C", _String2="CHDIR") returned -65 [0063.474] _wcsicmp (_String1="\"C", _String2="RENAME") returned -80 [0063.474] _wcsicmp (_String1="\"C", _String2="REN") returned -80 [0063.474] _wcsicmp (_String1="\"C", _String2="ECHO") returned -67 [0063.474] _wcsicmp (_String1="\"C", _String2="SET") returned -81 [0063.474] _wcsicmp (_String1="\"C", _String2="PAUSE") returned -78 [0063.474] _wcsicmp (_String1="\"C", _String2="DATE") returned -66 [0063.474] _wcsicmp (_String1="\"C", _String2="TIME") returned -82 [0063.474] _wcsicmp (_String1="\"C", _String2="PROMPT") returned -78 [0063.474] _wcsicmp (_String1="\"C", _String2="MD") returned -75 [0063.474] _wcsicmp (_String1="\"C", _String2="MKDIR") returned -75 [0063.474] _wcsicmp (_String1="\"C", _String2="RD") returned -80 [0063.474] _wcsicmp (_String1="\"C", _String2="RMDIR") returned -80 [0063.474] _wcsicmp (_String1="\"C", _String2="PATH") returned -78 [0063.474] _wcsicmp (_String1="\"C", _String2="GOTO") returned -69 [0063.474] _wcsicmp (_String1="\"C", _String2="SHIFT") returned -81 [0063.474] _wcsicmp (_String1="\"C", _String2="CLS") returned -65 [0063.474] _wcsicmp (_String1="\"C", _String2="CALL") returned -65 [0063.474] _wcsicmp (_String1="\"C", _String2="VERIFY") returned -84 [0063.475] _wcsicmp (_String1="\"C", _String2="VER") returned -84 [0063.475] _wcsicmp (_String1="\"C", _String2="VOL") returned -84 [0063.475] _wcsicmp (_String1="\"C", _String2="EXIT") returned -67 [0063.475] _wcsicmp (_String1="\"C", _String2="SETLOCAL") returned -81 [0063.475] _wcsicmp (_String1="\"C", _String2="ENDLOCAL") returned -67 [0063.475] _wcsicmp (_String1="\"C", _String2="TITLE") returned -82 [0063.475] _wcsicmp (_String1="\"C", _String2="START") returned -81 [0063.475] _wcsicmp (_String1="\"C", _String2="DPATH") returned -66 [0063.475] _wcsicmp (_String1="\"C", _String2="KEYS") returned -73 [0063.475] _wcsicmp (_String1="\"C", _String2="MOVE") returned -75 [0063.475] _wcsicmp (_String1="\"C", _String2="PUSHD") returned -78 [0063.475] _wcsicmp (_String1="\"C", _String2="POPD") returned -78 [0063.475] _wcsicmp (_String1="\"C", _String2="ASSOC") returned -63 [0063.475] _wcsicmp (_String1="\"C", _String2="FTYPE") returned -68 [0063.475] _wcsicmp (_String1="\"C", _String2="BREAK") returned -64 [0063.475] _wcsicmp (_String1="\"C", _String2="COLOR") returned -65 [0063.475] _wcsicmp (_String1="\"C", _String2="MKLINK") returned -75 [0063.475] _wcsicmp (_String1="\"C", _String2="FOR") returned -68 [0063.475] _wcsicmp (_String1="\"C", _String2="IF") returned -71 [0063.475] _wcsicmp (_String1="\"C", _String2="REM") returned -80 [0063.475] ??_V@YAXPAX@Z () returned 0x1 [0063.475] GetProcessHeap () returned 0x2780000 [0063.475] RtlAllocateHeap (HeapHandle=0x2780000, Flags=0x8, Size=0xffd6) returned 0x2795860 [0063.476] GetProcessHeap () returned 0x2780000 [0063.476] RtlAllocateHeap (HeapHandle=0x2780000, Flags=0x8, Size=0x80) returned 0x2785f08 [0063.477] _wcsnicmp (_String1="C:\\U", _String2="cmd ", _MaxCount=0x4) returned -51 [0063.477] malloc (_Size=0xffce) returned 0x29a26d0 [0063.477] ??_V@YAXPAX@Z () returned 0x24ff19c [0063.477] GetProcessHeap () returned 0x2780000 [0063.477] RtlAllocateHeap (HeapHandle=0x2780000, Flags=0x8, Size=0x1ffa4) returned 0x27a5840 [0063.479] SetErrorMode (uMode=0x0) returned 0x0 [0063.479] SetErrorMode (uMode=0x1) returned 0x0 [0063.479] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\RarSFX0\\.", nBufferLength=0xffce, lpBuffer=0x27a5848, lpFilePart=0x24ff1bc | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\RarSFX0", lpFilePart=0x24ff1bc*="RarSFX0") returned 0x2a [0063.479] SetErrorMode (uMode=0x0) returned 0x1 [0063.479] GetProcessHeap () returned 0x2780000 [0063.479] RtlReAllocateHeap (Heap=0x2780000, Flags=0x0, Ptr=0x27a5840, Size=0x78) returned 0x27a5840 [0063.479] GetProcessHeap () returned 0x2780000 [0063.479] RtlSizeHeap (HeapHandle=0x2780000, Flags=0x0, MemoryPointer=0x27a5840) returned 0x78 [0063.479] NeedCurrentDirectoryForExePathW (ExeName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\RarSFX0\\.") returned 1 [0063.479] GetProcessHeap () returned 0x2780000 [0063.479] RtlAllocateHeap (HeapHandle=0x2780000, Flags=0x8, Size=0x64) returned 0x2785f90 [0063.480] GetProcessHeap () returned 0x2780000 [0063.480] RtlAllocateHeap (HeapHandle=0x2780000, Flags=0x8, Size=0xbc) returned 0x2786000 [0063.480] GetProcessHeap () returned 0x2780000 [0063.480] RtlReAllocateHeap (Heap=0x2780000, Flags=0x0, Ptr=0x2786000, Size=0x64) returned 0x2786000 [0063.480] GetProcessHeap () returned 0x2780000 [0063.480] RtlSizeHeap (HeapHandle=0x2780000, Flags=0x0, MemoryPointer=0x2786000) returned 0x64 [0063.480] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x18f840, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0063.480] GetProcessHeap () returned 0x2780000 [0063.480] RtlAllocateHeap (HeapHandle=0x2780000, Flags=0x8, Size=0xe0) returned 0x2786070 [0063.483] GetProcessHeap () returned 0x2780000 [0063.483] RtlReAllocateHeap (Heap=0x2780000, Flags=0x0, Ptr=0x2786070, Size=0x76) returned 0x2786070 [0063.484] GetProcessHeap () returned 0x2780000 [0063.484] RtlSizeHeap (HeapHandle=0x2780000, Flags=0x0, MemoryPointer=0x2786070) returned 0x76 [0063.484] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0063.484] FindFirstFileExW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\RarSFX0\\vodafone.bat", fInfoLevelId=0x1, lpFindFileData=0x24fef68, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x24fef68) returned 0x27860f0 [0063.484] GetProcessHeap () returned 0x2780000 [0063.484] RtlAllocateHeap (HeapHandle=0x2780000, Flags=0x0, Size=0x14) returned 0x2786130 [0063.484] FindClose (in: hFindFile=0x27860f0 | out: hFindFile=0x27860f0) returned 1 [0063.484] _wcsicmp (_String1=".bat", _String2=".CMD") returned -1 [0063.484] _wcsicmp (_String1=".bat", _String2=".BAT") returned 0 [0063.484] ??_V@YAXPAX@Z () returned 0x1 [0063.484] GetConsoleTitleW (in: lpConsoleTitle=0x24ff44c, nSize=0x104 | out: lpConsoleTitle="C:\\WINDOWS\\system32\\cmd.exe") returned 0x1c [0063.492] GetProcessHeap () returned 0x2780000 [0063.492] RtlAllocateHeap (HeapHandle=0x2780000, Flags=0x8, Size=0x11c) returned 0x2786150 [0063.492] malloc (_Size=0xffce) returned 0x29a26d0 [0063.492] ??_V@YAXPAX@Z () returned 0x24ff1a4 [0063.492] ApiSetQueryApiSetPresence () returned 0x0 [0063.492] ResolveDelayLoadedAPI () returned 0x73391810 [0063.617] SaferWorker () returned 0x0 [0063.646] SetErrorMode (uMode=0x0) returned 0x0 [0063.646] SetErrorMode (uMode=0x1) returned 0x0 [0063.646] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\RarSFX0\\vodafone.bat", nBufferLength=0x7fe7, lpBuffer=0x2795868, lpFilePart=0x24ff0d4 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\RarSFX0\\vodafone.bat", lpFilePart=0x24ff0d4*="vodafone.bat") returned 0x37 [0063.646] SetErrorMode (uMode=0x0) returned 0x1 [0063.646] malloc (_Size=0x4000) returned 0x29b26a8 [0063.646] GetProcessHeap () returned 0x2780000 [0063.646] RtlAllocateHeap (HeapHandle=0x2780000, Flags=0x8, Size=0x7c) returned 0x2788408 [0063.646] wcsspn (_String=" ", _Control=" \x09") returned 0x1 [0063.646] GetProcessHeap () returned 0x2780000 [0063.647] RtlAllocateHeap (HeapHandle=0x2780000, Flags=0x8, Size=0xa) returned 0x278b868 [0063.647] GetProcessHeap () returned 0x2780000 [0063.647] RtlAllocateHeap (HeapHandle=0x2780000, Flags=0x8, Size=0xc) returned 0x278b9d0 [0063.647] GetProcessHeap () returned 0x2780000 [0063.647] RtlReAllocateHeap (Heap=0x2780000, Flags=0x0, Ptr=0x278b9d0, Size=0xc) returned 0x278b850 [0063.647] GetProcessHeap () returned 0x2780000 [0063.647] RtlSizeHeap (HeapHandle=0x2780000, Flags=0x0, MemoryPointer=0x278b850) returned 0xc [0063.647] ??_V@YAXPAX@Z () returned 0x1 [0063.648] CmdBatNotificationStub () returned 0x1 [0063.648] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\RarSFX0\\vodafone.bat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\rarsfx0\\vodafone.bat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x24fef48, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xf0 [0063.648] _open_osfhandle (_OSFileHandle=0xf0, _Flags=8) returned 3 [0063.648] _get_osfhandle (_FileHandle=3) returned 0xf0 [0063.648] SetFilePointer (in: hFile=0xf0, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0063.648] _get_osfhandle (_FileHandle=3) returned 0xf0 [0063.649] SetFilePointer (in: hFile=0xf0, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0063.649] ReadFile (in: hFile=0xf0, lpBuffer=0x18d630, nNumberOfBytesToRead=0x1fff, lpNumberOfBytesRead=0x24fef1c, lpOverlapped=0x0 | out: lpBuffer=0x18d630*, lpNumberOfBytesRead=0x24fef1c*=0x1e, lpOverlapped=0x0) returned 1 [0063.653] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x18d630, cbMultiByte=30, lpWideCharStr=0x1978b0, cchWideChar=8191 | out: lpWideCharStr="fatura.sfx.exe -p1234 -d%temp%") returned 30 [0063.654] GetProcessHeap () returned 0x2780000 [0063.654] RtlAllocateHeap (HeapHandle=0x2780000, Flags=0x8, Size=0x400a) returned 0x27a58c0 [0063.655] GetProcessHeap () returned 0x2780000 [0063.655] RtlAllocateHeap (HeapHandle=0x2780000, Flags=0x8, Size=0x4008) returned 0x27a98d8 [0063.655] GetProcessHeap () returned 0x2780000 [0063.655] RtlAllocateHeap (HeapHandle=0x2780000, Flags=0x8, Size=0x12) returned 0x2780518 [0063.655] GetEnvironmentVariableW (in: lpName="temp", lpBuffer=0x18f840, nSize=0x2000 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Temp") returned 0x22 [0063.655] GetProcessHeap () returned 0x2780000 [0063.655] RtlFreeHeap (HeapHandle=0x2780000, Flags=0x0, BaseAddress=0x2780518) returned 1 [0063.655] GetProcessHeap () returned 0x2780000 [0063.655] RtlFreeHeap (HeapHandle=0x2780000, Flags=0x0, BaseAddress=0x27a98d8) returned 1 [0063.655] GetProcessHeap () returned 0x2780000 [0063.655] RtlFreeHeap (HeapHandle=0x2780000, Flags=0x0, BaseAddress=0x27a58c0) returned 1 [0063.657] _wcsicmp (_String1="fatura.sfx.exe", _String2=")") returned 61 [0063.657] _wcsicmp (_String1="FOR", _String2="fatura.sfx.exe") returned 14 [0063.657] _wcsicmp (_String1="FOR/?", _String2="fatura.sfx.exe") returned 14 [0063.657] _wcsicmp (_String1="IF", _String2="fatura.sfx.exe") returned 3 [0063.657] _wcsicmp (_String1="IF/?", _String2="fatura.sfx.exe") returned 3 [0063.657] _wcsicmp (_String1="REM", _String2="fatura.sfx.exe") returned 12 [0063.657] _wcsicmp (_String1="REM/?", _String2="fatura.sfx.exe") returned 12 [0063.657] GetProcessHeap () returned 0x2780000 [0063.657] RtlAllocateHeap (HeapHandle=0x2780000, Flags=0x8, Size=0x58) returned 0x2786568 [0063.657] GetProcessHeap () returned 0x2780000 [0063.657] RtlAllocateHeap (HeapHandle=0x2780000, Flags=0x8, Size=0x26) returned 0x2780518 [0063.658] _get_osfhandle (_FileHandle=3) returned 0xf0 [0063.658] SetFilePointer (in: hFile=0xf0, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x1e [0063.659] ReadFile (in: hFile=0xf0, lpBuffer=0x18d630, nNumberOfBytesToRead=0x1fff, lpNumberOfBytesRead=0x24fee24, lpOverlapped=0x0 | out: lpBuffer=0x18d630*, lpNumberOfBytesRead=0x24fee24*=0x0, lpOverlapped=0x0) returned 1 [0063.659] GetLastError () returned 0x0 [0063.659] _get_osfhandle (_FileHandle=3) returned 0xf0 [0063.659] GetFileType (hFile=0xf0) returned 0x1 [0063.659] _get_osfhandle (_FileHandle=3) returned 0xf0 [0063.659] SetFilePointer (in: hFile=0xf0, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x1e [0063.659] GetProcessHeap () returned 0x2780000 [0063.659] RtlAllocateHeap (HeapHandle=0x2780000, Flags=0x8, Size=0x400a) returned 0x27a58c0 [0063.659] GetProcessHeap () returned 0x2780000 [0063.659] RtlFreeHeap (HeapHandle=0x2780000, Flags=0x0, BaseAddress=0x27a58c0) returned 1 [0063.659] GetProcessHeap () returned 0x2780000 [0063.659] RtlAllocateHeap (HeapHandle=0x2780000, Flags=0x8, Size=0x62) returned 0x27865c8 [0063.660] _tell (_FileHandle=3) returned 30 [0063.660] _close (_FileHandle=3) returned 0 [0063.660] _vsnwprintf (in: _Buffer=0x19b990, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x24fecd8 | out: _Buffer="\r\n") returned 2 [0063.660] _get_osfhandle (_FileHandle=1) returned 0x90 [0063.660] GetFileType (hFile=0x90) returned 0x2 [0063.660] GetStdHandle (nStdHandle=0xfffffff5) returned 0x90 [0063.660] GetConsoleMode (in: hConsoleHandle=0x90, lpMode=0x24fecb0 | out: lpMode=0x24fecb0) returned 1 [0063.675] _get_osfhandle (_FileHandle=1) returned 0x90 [0063.675] WriteConsoleW (in: hConsoleOutput=0x90, lpBuffer=0x19b990*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x24fecc8, lpReserved=0x0 | out: lpBuffer=0x19b990*, lpNumberOfCharsWritten=0x24fecc8*=0x2) returned 1 [0063.745] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x18f840, nSize=0x2000 | out: lpBuffer="$P$G") returned 0x4 [0063.745] GetCurrentDirectoryW (in: nBufferLength=0x7fe7, lpBuffer=0x2980048 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\RarSFX0") returned 0x2a [0063.746] malloc (_Size=0x107ce) returned 0x29b26a8 [0063.746] _vsnwprintf (in: _Buffer=0x29b26a8, _BufferCount=0x83e5, _Format="%s", _ArgList=0x24fecd4 | out: _Buffer="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\RarSFX0") returned 42 [0063.746] _vsnwprintf (in: _Buffer=0x29b26fc, _BufferCount=0x83bb, _Format="%c", _ArgList=0x24fecd4 | out: _Buffer=">") returned 1 [0063.746] _get_osfhandle (_FileHandle=1) returned 0x90 [0063.746] GetFileType (hFile=0x90) returned 0x2 [0063.746] GetStdHandle (nStdHandle=0xfffffff5) returned 0x90 [0063.746] GetConsoleMode (in: hConsoleHandle=0x90, lpMode=0x24fecb4 | out: lpMode=0x24fecb4) returned 1 [0063.753] _get_osfhandle (_FileHandle=1) returned 0x90 [0063.753] WriteConsoleW (in: hConsoleOutput=0x90, lpBuffer=0x29b26a8*, nNumberOfCharsToWrite=0x2b, lpNumberOfCharsWritten=0x24feccc, lpReserved=0x0 | out: lpBuffer=0x29b26a8*, lpNumberOfCharsWritten=0x24feccc*=0x2b) returned 1 [0063.778] _get_osfhandle (_FileHandle=1) returned 0x90 [0063.778] GetFileType (hFile=0x90) returned 0x2 [0063.778] GetStdHandle (nStdHandle=0xfffffff5) returned 0x90 [0063.778] GetConsoleMode (in: hConsoleHandle=0x90, lpMode=0x24fef5c | out: lpMode=0x24fef5c) returned 1 [0063.822] _get_osfhandle (_FileHandle=1) returned 0x90 [0063.822] WriteConsoleW (in: hConsoleOutput=0x90, lpBuffer=0x2780520*, nNumberOfCharsToWrite=0xe, lpNumberOfCharsWritten=0x24fef74, lpReserved=0x0 | out: lpBuffer=0x2780520*, lpNumberOfCharsWritten=0x24fef74*=0xe) returned 1 [0063.887] _vsnwprintf (in: _Buffer=0x19b990, _BufferCount=0x1fff, _Format="%s ", _ArgList=0x24fef7c | out: _Buffer=" -p1234 -dC:\\Users\\FD1HVy\\AppData\\Local\\Temp ") returned 45 [0063.887] _get_osfhandle (_FileHandle=1) returned 0x90 [0063.888] GetFileType (hFile=0x90) returned 0x2 [0063.888] GetStdHandle (nStdHandle=0xfffffff5) returned 0x90 [0063.888] GetConsoleMode (in: hConsoleHandle=0x90, lpMode=0x24fef54 | out: lpMode=0x24fef54) returned 1 [0063.931] _get_osfhandle (_FileHandle=1) returned 0x90 [0063.931] WriteConsoleW (in: hConsoleOutput=0x90, lpBuffer=0x19b990*, nNumberOfCharsToWrite=0x2d, lpNumberOfCharsWritten=0x24fef6c, lpReserved=0x0 | out: lpBuffer=0x19b990*, lpNumberOfCharsWritten=0x24fef6c*=0x2d) returned 1 [0064.009] _vsnwprintf (in: _Buffer=0x19b990, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x24fef90 | out: _Buffer="\r\n") returned 2 [0064.009] _get_osfhandle (_FileHandle=1) returned 0x90 [0064.009] GetFileType (hFile=0x90) returned 0x2 [0064.009] GetStdHandle (nStdHandle=0xfffffff5) returned 0x90 [0064.010] GetConsoleMode (in: hConsoleHandle=0x90, lpMode=0x24fef68 | out: lpMode=0x24fef68) returned 1 [0064.056] _get_osfhandle (_FileHandle=1) returned 0x90 [0064.056] WriteConsoleW (in: hConsoleOutput=0x90, lpBuffer=0x19b990*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0x24fef80, lpReserved=0x0 | out: lpBuffer=0x19b990*, lpNumberOfCharsWritten=0x24fef80*=0x2) returned 1 [0064.123] malloc (_Size=0xffce) returned 0x29c2e80 [0064.123] ??_V@YAXPAX@Z () returned 0x24fef5c [0064.124] _wcsicmp (_String1="fatura.sfx.exe", _String2="DIR") returned 2 [0064.124] _wcsicmp (_String1="fatura.sfx.exe", _String2="ERASE") returned 1 [0064.124] _wcsicmp (_String1="fatura.sfx.exe", _String2="DEL") returned 2 [0064.124] _wcsicmp (_String1="fatura.sfx.exe", _String2="TYPE") returned -14 [0064.124] _wcsicmp (_String1="fatura.sfx.exe", _String2="COPY") returned 3 [0064.124] _wcsicmp (_String1="fatura.sfx.exe", _String2="CD") returned 3 [0064.124] _wcsicmp (_String1="fatura.sfx.exe", _String2="CHDIR") returned 3 [0064.124] _wcsicmp (_String1="fatura.sfx.exe", _String2="RENAME") returned -12 [0064.124] _wcsicmp (_String1="fatura.sfx.exe", _String2="REN") returned -12 [0064.124] _wcsicmp (_String1="fatura.sfx.exe", _String2="ECHO") returned 1 [0064.124] _wcsicmp (_String1="fatura.sfx.exe", _String2="SET") returned -13 [0064.124] _wcsicmp (_String1="fatura.sfx.exe", _String2="PAUSE") returned -10 [0064.124] _wcsicmp (_String1="fatura.sfx.exe", _String2="DATE") returned 2 [0064.124] _wcsicmp (_String1="fatura.sfx.exe", _String2="TIME") returned -14 [0064.124] _wcsicmp (_String1="fatura.sfx.exe", _String2="PROMPT") returned -10 [0064.124] _wcsicmp (_String1="fatura.sfx.exe", _String2="MD") returned -7 [0064.124] _wcsicmp (_String1="fatura.sfx.exe", _String2="MKDIR") returned -7 [0064.124] _wcsicmp (_String1="fatura.sfx.exe", _String2="RD") returned -12 [0064.124] _wcsicmp (_String1="fatura.sfx.exe", _String2="RMDIR") returned -12 [0064.124] _wcsicmp (_String1="fatura.sfx.exe", _String2="PATH") returned -10 [0064.124] _wcsicmp (_String1="fatura.sfx.exe", _String2="GOTO") returned -1 [0064.124] _wcsicmp (_String1="fatura.sfx.exe", _String2="SHIFT") returned -13 [0064.124] _wcsicmp (_String1="fatura.sfx.exe", _String2="CLS") returned 3 [0064.125] _wcsicmp (_String1="fatura.sfx.exe", _String2="CALL") returned 3 [0064.125] _wcsicmp (_String1="fatura.sfx.exe", _String2="VERIFY") returned -16 [0064.125] _wcsicmp (_String1="fatura.sfx.exe", _String2="VER") returned -16 [0064.125] _wcsicmp (_String1="fatura.sfx.exe", _String2="VOL") returned -16 [0064.125] _wcsicmp (_String1="fatura.sfx.exe", _String2="EXIT") returned 1 [0064.125] _wcsicmp (_String1="fatura.sfx.exe", _String2="SETLOCAL") returned -13 [0064.125] _wcsicmp (_String1="fatura.sfx.exe", _String2="ENDLOCAL") returned 1 [0064.125] _wcsicmp (_String1="fatura.sfx.exe", _String2="TITLE") returned -14 [0064.125] _wcsicmp (_String1="fatura.sfx.exe", _String2="START") returned -13 [0064.125] _wcsicmp (_String1="fatura.sfx.exe", _String2="DPATH") returned 2 [0064.125] _wcsicmp (_String1="fatura.sfx.exe", _String2="KEYS") returned -5 [0064.125] _wcsicmp (_String1="fatura.sfx.exe", _String2="MOVE") returned -7 [0064.125] _wcsicmp (_String1="fatura.sfx.exe", _String2="PUSHD") returned -10 [0064.125] _wcsicmp (_String1="fatura.sfx.exe", _String2="POPD") returned -10 [0064.125] _wcsicmp (_String1="fatura.sfx.exe", _String2="ASSOC") returned 5 [0064.125] _wcsicmp (_String1="fatura.sfx.exe", _String2="FTYPE") returned -19 [0064.125] _wcsicmp (_String1="fatura.sfx.exe", _String2="BREAK") returned 4 [0064.125] _wcsicmp (_String1="fatura.sfx.exe", _String2="COLOR") returned 3 [0064.125] _wcsicmp (_String1="fatura.sfx.exe", _String2="MKLINK") returned -7 [0064.125] _wcsnicmp (_String1="fatu", _String2="cmd ", _MaxCount=0x4) returned 3 [0064.125] malloc (_Size=0xffce) returned 0x29d2e58 [0064.126] ??_V@YAXPAX@Z () returned 0x24fecfc [0064.127] GetProcessHeap () returned 0x2780000 [0064.127] RtlAllocateHeap (HeapHandle=0x2780000, Flags=0x8, Size=0x1ffa4) returned 0x27a58c0 [0064.128] SetErrorMode (uMode=0x0) returned 0x0 [0064.129] SetErrorMode (uMode=0x1) returned 0x0 [0064.129] GetFullPathNameW (in: lpFileName=".", nBufferLength=0xffce, lpBuffer=0x27a58c8, lpFilePart=0x24fed1c | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\RarSFX0", lpFilePart=0x24fed1c*="RarSFX0") returned 0x2a [0064.129] SetErrorMode (uMode=0x0) returned 0x1 [0064.129] GetProcessHeap () returned 0x2780000 [0064.129] RtlReAllocateHeap (Heap=0x2780000, Flags=0x0, Ptr=0x27a58c0, Size=0x7c) returned 0x27a58c0 [0064.129] GetProcessHeap () returned 0x2780000 [0064.129] RtlSizeHeap (HeapHandle=0x2780000, Flags=0x0, MemoryPointer=0x27a58c0) returned 0x7c [0064.129] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x18f840, nSize=0x2000 | out: lpBuffer="C:\\ProgramData\\Oracle\\Java\\javapath;C:\\WINDOWS\\system32;C:\\WINDOWS;C:\\WINDOWS\\System32\\Wbem;C:\\WINDOWS\\System32\\WindowsPowerShell\\v1.0\\;C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\WindowsApps") returned 0xbb [0064.129] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1 [0064.130] GetProcessHeap () returned 0x2780000 [0064.130] RtlAllocateHeap (HeapHandle=0x2780000, Flags=0x8, Size=0x1da) returned 0x278bb50 [0064.130] GetProcessHeap () returned 0x2780000 [0064.130] RtlAllocateHeap (HeapHandle=0x2780000, Flags=0x8, Size=0x3ac) returned 0x278c568 [0064.139] GetProcessHeap () returned 0x2780000 [0064.139] RtlReAllocateHeap (Heap=0x2780000, Flags=0x0, Ptr=0x278c568, Size=0x1dc) returned 0x278c568 [0064.139] GetProcessHeap () returned 0x2780000 [0064.139] RtlSizeHeap (HeapHandle=0x2780000, Flags=0x0, MemoryPointer=0x278c568) returned 0x1dc [0064.139] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x18f840, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0064.139] GetProcessHeap () returned 0x2780000 [0064.139] RtlAllocateHeap (HeapHandle=0x2780000, Flags=0x8, Size=0xe0) returned 0x2781360 [0064.139] GetProcessHeap () returned 0x2780000 [0064.139] RtlReAllocateHeap (Heap=0x2780000, Flags=0x0, Ptr=0x2781360, Size=0x76) returned 0x2781360 [0064.139] GetProcessHeap () returned 0x2780000 [0064.139] RtlSizeHeap (HeapHandle=0x2780000, Flags=0x0, MemoryPointer=0x2781360) returned 0x76 [0064.139] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0064.139] FindFirstFileExW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\RarSFX0\\fatura.sfx.exe", fInfoLevelId=0x1, lpFindFileData=0x24feac8, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x24feac8) returned 0x278c488 [0064.140] GetProcessHeap () returned 0x2780000 [0064.140] RtlReAllocateHeap (Heap=0x2780000, Flags=0x0, Ptr=0x2786130, Size=0x4) returned 0x2786130 [0064.140] FindClose (in: hFindFile=0x278c488 | out: hFindFile=0x278c488) returned 1 [0064.140] _wcsicmp (_String1=".exe", _String2=".CMD") returned 2 [0064.140] _wcsicmp (_String1=".exe", _String2=".BAT") returned 3 [0064.140] ??_V@YAXPAX@Z () returned 0x1 [0064.141] GetConsoleTitleW (in: lpConsoleTitle=0x24fed08, nSize=0x104 | out: lpConsoleTitle="C:\\WINDOWS\\system32\\cmd.exe") returned 0x1c [0064.200] malloc (_Size=0xffce) returned 0x29d2e58 [0064.201] ??_V@YAXPAX@Z () returned 0x24fea94 [0064.201] malloc (_Size=0xffce) returned 0x29e2e30 [0064.201] ??_V@YAXPAX@Z () returned 0x24fe84c [0064.202] GetFileAttributesW (lpFileName="fatura.sfx.exe" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\rarsfx0\\fatura.sfx.exe")) returned 0x20 [0064.202] _wcsicmp (_String1="fatura.sfx.exe", _String2="DIR") returned 2 [0064.202] _wcsicmp (_String1="fatura.sfx.exe", _String2="ERASE") returned 1 [0064.202] _wcsicmp (_String1="fatura.sfx.exe", _String2="DEL") returned 2 [0064.202] _wcsicmp (_String1="fatura.sfx.exe", _String2="TYPE") returned -14 [0064.202] _wcsicmp (_String1="fatura.sfx.exe", _String2="COPY") returned 3 [0064.202] _wcsicmp (_String1="fatura.sfx.exe", _String2="CD") returned 3 [0064.202] _wcsicmp (_String1="fatura.sfx.exe", _String2="CHDIR") returned 3 [0064.202] _wcsicmp (_String1="fatura.sfx.exe", _String2="RENAME") returned -12 [0064.202] _wcsicmp (_String1="fatura.sfx.exe", _String2="REN") returned -12 [0064.202] _wcsicmp (_String1="fatura.sfx.exe", _String2="ECHO") returned 1 [0064.202] _wcsicmp (_String1="fatura.sfx.exe", _String2="SET") returned -13 [0064.202] _wcsicmp (_String1="fatura.sfx.exe", _String2="PAUSE") returned -10 [0064.203] _wcsicmp (_String1="fatura.sfx.exe", _String2="DATE") returned 2 [0064.203] _wcsicmp (_String1="fatura.sfx.exe", _String2="TIME") returned -14 [0064.203] _wcsicmp (_String1="fatura.sfx.exe", _String2="PROMPT") returned -10 [0064.203] _wcsicmp (_String1="fatura.sfx.exe", _String2="MD") returned -7 [0064.203] _wcsicmp (_String1="fatura.sfx.exe", _String2="MKDIR") returned -7 [0064.203] _wcsicmp (_String1="fatura.sfx.exe", _String2="RD") returned -12 [0064.203] _wcsicmp (_String1="fatura.sfx.exe", _String2="RMDIR") returned -12 [0064.203] _wcsicmp (_String1="fatura.sfx.exe", _String2="PATH") returned -10 [0064.203] _wcsicmp (_String1="fatura.sfx.exe", _String2="GOTO") returned -1 [0064.203] _wcsicmp (_String1="fatura.sfx.exe", _String2="SHIFT") returned -13 [0064.203] _wcsicmp (_String1="fatura.sfx.exe", _String2="CLS") returned 3 [0064.203] _wcsicmp (_String1="fatura.sfx.exe", _String2="CALL") returned 3 [0064.203] _wcsicmp (_String1="fatura.sfx.exe", _String2="VERIFY") returned -16 [0064.203] _wcsicmp (_String1="fatura.sfx.exe", _String2="VER") returned -16 [0064.203] _wcsicmp (_String1="fatura.sfx.exe", _String2="VOL") returned -16 [0064.203] _wcsicmp (_String1="fatura.sfx.exe", _String2="EXIT") returned 1 [0064.203] _wcsicmp (_String1="fatura.sfx.exe", _String2="SETLOCAL") returned -13 [0064.203] _wcsicmp (_String1="fatura.sfx.exe", _String2="ENDLOCAL") returned 1 [0064.203] _wcsicmp (_String1="fatura.sfx.exe", _String2="TITLE") returned -14 [0064.203] _wcsicmp (_String1="fatura.sfx.exe", _String2="START") returned -13 [0064.203] _wcsicmp (_String1="fatura.sfx.exe", _String2="DPATH") returned 2 [0064.203] _wcsicmp (_String1="fatura.sfx.exe", _String2="KEYS") returned -5 [0064.203] _wcsicmp (_String1="fatura.sfx.exe", _String2="MOVE") returned -7 [0064.203] _wcsicmp (_String1="fatura.sfx.exe", _String2="PUSHD") returned -10 [0064.203] _wcsicmp (_String1="fatura.sfx.exe", _String2="POPD") returned -10 [0064.203] _wcsicmp (_String1="fatura.sfx.exe", _String2="ASSOC") returned 5 [0064.203] _wcsicmp (_String1="fatura.sfx.exe", _String2="FTYPE") returned -19 [0064.203] _wcsicmp (_String1="fatura.sfx.exe", _String2="BREAK") returned 4 [0064.203] _wcsicmp (_String1="fatura.sfx.exe", _String2="COLOR") returned 3 [0064.203] _wcsicmp (_String1="fatura.sfx.exe", _String2="MKLINK") returned -7 [0064.203] _wcsicmp (_String1="fatura.sfx.exe", _String2="DIR") returned 2 [0064.203] _wcsicmp (_String1="fatura.sfx.exe", _String2="ERASE") returned 1 [0064.204] _wcsicmp (_String1="fatura.sfx.exe", _String2="DEL") returned 2 [0064.204] _wcsicmp (_String1="fatura.sfx.exe", _String2="TYPE") returned -14 [0064.204] _wcsicmp (_String1="fatura.sfx.exe", _String2="COPY") returned 3 [0064.204] _wcsicmp (_String1="fatura.sfx.exe", _String2="CD") returned 3 [0064.204] _wcsicmp (_String1="fatura.sfx.exe", _String2="CHDIR") returned 3 [0064.204] _wcsicmp (_String1="fatura.sfx.exe", _String2="RENAME") returned -12 [0064.204] _wcsicmp (_String1="fatura.sfx.exe", _String2="REN") returned -12 [0064.204] _wcsicmp (_String1="fatura.sfx.exe", _String2="ECHO") returned 1 [0064.204] _wcsicmp (_String1="fatura.sfx.exe", _String2="SET") returned -13 [0064.204] _wcsicmp (_String1="fatura.sfx.exe", _String2="PAUSE") returned -10 [0064.204] _wcsicmp (_String1="fatura.sfx.exe", _String2="DATE") returned 2 [0064.204] _wcsicmp (_String1="fatura.sfx.exe", _String2="TIME") returned -14 [0064.204] _wcsicmp (_String1="fatura.sfx.exe", _String2="PROMPT") returned -10 [0064.204] _wcsicmp (_String1="fatura.sfx.exe", _String2="MD") returned -7 [0064.204] _wcsicmp (_String1="fatura.sfx.exe", _String2="MKDIR") returned -7 [0064.204] _wcsicmp (_String1="fatura.sfx.exe", _String2="RD") returned -12 [0064.204] _wcsicmp (_String1="fatura.sfx.exe", _String2="RMDIR") returned -12 [0064.204] _wcsicmp (_String1="fatura.sfx.exe", _String2="PATH") returned -10 [0064.204] _wcsicmp (_String1="fatura.sfx.exe", _String2="GOTO") returned -1 [0064.204] _wcsicmp (_String1="fatura.sfx.exe", _String2="SHIFT") returned -13 [0064.204] _wcsicmp (_String1="fatura.sfx.exe", _String2="CLS") returned 3 [0064.204] _wcsicmp (_String1="fatura.sfx.exe", _String2="CALL") returned 3 [0064.204] _wcsicmp (_String1="fatura.sfx.exe", _String2="VERIFY") returned -16 [0064.204] _wcsicmp (_String1="fatura.sfx.exe", _String2="VER") returned -16 [0064.204] _wcsicmp (_String1="fatura.sfx.exe", _String2="VOL") returned -16 [0064.204] _wcsicmp (_String1="fatura.sfx.exe", _String2="EXIT") returned 1 [0064.204] _wcsicmp (_String1="fatura.sfx.exe", _String2="SETLOCAL") returned -13 [0064.204] _wcsicmp (_String1="fatura.sfx.exe", _String2="ENDLOCAL") returned 1 [0064.204] _wcsicmp (_String1="fatura.sfx.exe", _String2="TITLE") returned -14 [0064.204] _wcsicmp (_String1="fatura.sfx.exe", _String2="START") returned -13 [0064.204] _wcsicmp (_String1="fatura.sfx.exe", _String2="DPATH") returned 2 [0064.204] _wcsicmp (_String1="fatura.sfx.exe", _String2="KEYS") returned -5 [0064.205] _wcsicmp (_String1="fatura.sfx.exe", _String2="MOVE") returned -7 [0064.205] _wcsicmp (_String1="fatura.sfx.exe", _String2="PUSHD") returned -10 [0064.205] _wcsicmp (_String1="fatura.sfx.exe", _String2="POPD") returned -10 [0064.205] _wcsicmp (_String1="fatura.sfx.exe", _String2="ASSOC") returned 5 [0064.205] _wcsicmp (_String1="fatura.sfx.exe", _String2="FTYPE") returned -19 [0064.205] _wcsicmp (_String1="fatura.sfx.exe", _String2="BREAK") returned 4 [0064.205] _wcsicmp (_String1="fatura.sfx.exe", _String2="COLOR") returned 3 [0064.205] _wcsicmp (_String1="fatura.sfx.exe", _String2="MKLINK") returned -7 [0064.205] _wcsicmp (_String1="fatura.sfx.exe", _String2="FOR") returned -14 [0064.205] _wcsicmp (_String1="fatura.sfx.exe", _String2="IF") returned -3 [0064.205] _wcsicmp (_String1="fatura.sfx.exe", _String2="REM") returned -12 [0064.205] ??_V@YAXPAX@Z () returned 0x1 [0064.205] GetProcessHeap () returned 0x2780000 [0064.205] RtlAllocateHeap (HeapHandle=0x2780000, Flags=0x8, Size=0xffd6) returned 0x27a5948 [0064.205] GetProcessHeap () returned 0x2780000 [0064.205] RtlAllocateHeap (HeapHandle=0x2780000, Flags=0x8, Size=0x80) returned 0x27813e0 [0064.205] _wcsnicmp (_String1="fatu", _String2="cmd ", _MaxCount=0x4) returned 3 [0064.205] malloc (_Size=0xffce) returned 0x29e2e30 [0064.205] ??_V@YAXPAX@Z () returned 0x24fe5cc [0064.205] GetProcessHeap () returned 0x2780000 [0064.205] RtlAllocateHeap (HeapHandle=0x2780000, Flags=0x8, Size=0x1ffa4) returned 0x27b5928 [0064.207] SetErrorMode (uMode=0x0) returned 0x0 [0064.207] SetErrorMode (uMode=0x1) returned 0x0 [0064.207] GetFullPathNameW (in: lpFileName=".", nBufferLength=0xffce, lpBuffer=0x27b5930, lpFilePart=0x24fe5ec | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\RarSFX0", lpFilePart=0x24fe5ec*="RarSFX0") returned 0x2a [0064.207] SetErrorMode (uMode=0x0) returned 0x1 [0064.207] GetProcessHeap () returned 0x2780000 [0064.207] RtlReAllocateHeap (Heap=0x2780000, Flags=0x0, Ptr=0x27b5928, Size=0x7c) returned 0x27b5928 [0064.207] GetProcessHeap () returned 0x2780000 [0064.207] RtlSizeHeap (HeapHandle=0x2780000, Flags=0x0, MemoryPointer=0x27b5928) returned 0x7c [0064.207] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x18f840, nSize=0x2000 | out: lpBuffer="C:\\ProgramData\\Oracle\\Java\\javapath;C:\\WINDOWS\\system32;C:\\WINDOWS;C:\\WINDOWS\\System32\\Wbem;C:\\WINDOWS\\System32\\WindowsPowerShell\\v1.0\\;C:\\Users\\FD1HVy\\AppData\\Local\\Microsoft\\WindowsApps") returned 0xbb [0064.207] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1 [0064.207] GetProcessHeap () returned 0x2780000 [0064.207] RtlAllocateHeap (HeapHandle=0x2780000, Flags=0x8, Size=0x1da) returned 0x2781468 [0064.207] GetProcessHeap () returned 0x2780000 [0064.207] RtlAllocateHeap (HeapHandle=0x2780000, Flags=0x8, Size=0x3ac) returned 0x278c750 [0064.207] GetProcessHeap () returned 0x2780000 [0064.207] RtlReAllocateHeap (Heap=0x2780000, Flags=0x0, Ptr=0x278c750, Size=0x1dc) returned 0x278c750 [0064.207] GetProcessHeap () returned 0x2780000 [0064.207] RtlSizeHeap (HeapHandle=0x2780000, Flags=0x0, MemoryPointer=0x278c750) returned 0x1dc [0064.207] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x18f840, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0064.207] GetProcessHeap () returned 0x2780000 [0064.207] RtlAllocateHeap (HeapHandle=0x2780000, Flags=0x8, Size=0xe0) returned 0x278c938 [0064.207] GetProcessHeap () returned 0x2780000 [0064.207] RtlReAllocateHeap (Heap=0x2780000, Flags=0x0, Ptr=0x278c938, Size=0x76) returned 0x278c938 [0064.207] GetProcessHeap () returned 0x2780000 [0064.207] RtlSizeHeap (HeapHandle=0x2780000, Flags=0x0, MemoryPointer=0x278c938) returned 0x76 [0064.208] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0064.208] FindFirstFileExW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\RarSFX0\\fatura.sfx.exe", fInfoLevelId=0x1, lpFindFileData=0x24fe398, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x24fe398) returned 0x278bd88 [0064.208] FindClose (in: hFindFile=0x278bd88 | out: hFindFile=0x278bd88) returned 1 [0064.208] _wcsicmp (_String1=".exe", _String2=".CMD") returned 2 [0064.208] _wcsicmp (_String1=".exe", _String2=".BAT") returned 3 [0064.208] ??_V@YAXPAX@Z () returned 0x1 [0064.208] GetConsoleTitleW (in: lpConsoleTitle=0x24fe87c, nSize=0x104 | out: lpConsoleTitle="C:\\WINDOWS\\system32\\cmd.exe") returned 0x1c [0064.398] InitializeProcThreadAttributeList (in: lpAttributeList=0x24fe7a8, dwAttributeCount=0x1, dwFlags=0x0, lpSize=0x24fe794 | out: lpAttributeList=0x24fe7a8, lpSize=0x24fe794) returned 1 [0064.398] UpdateProcThreadAttribute (in: lpAttributeList=0x24fe7a8, dwFlags=0x0, Attribute=0x60001, lpValue=0x24fe790, cbSize=0x4, lpPreviousValue=0x0, lpReturnSize=0x0 | out: lpAttributeList=0x24fe7a8, lpPreviousValue=0x0) returned 1 [0064.398] GetStartupInfoW (in: lpStartupInfo=0x24fe7e0 | out: lpStartupInfo=0x24fe7e0*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\WINDOWS\\system32\\cmd.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0)) [0064.398] GetProcessHeap () returned 0x2780000 [0064.398] RtlAllocateHeap (HeapHandle=0x2780000, Flags=0x8, Size=0x18) returned 0x278bd38 [0064.398] _wcsnicmp (_String1="COPYCMD", _String2="=C:=C:\\", _MaxCount=0x7) returned 38 [0064.398] _wcsnicmp (_String1="COPYCMD", _String2="ALLUSER", _MaxCount=0x7) returned 2 [0064.398] _wcsnicmp (_String1="COPYCMD", _String2="APPDATA", _MaxCount=0x7) returned 2 [0064.398] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0064.398] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0064.398] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0064.398] _wcsnicmp (_String1="COPYCMD", _String2="COMPUTE", _MaxCount=0x7) returned 3 [0064.398] _wcsnicmp (_String1="COPYCMD", _String2="ComSpec", _MaxCount=0x7) returned 3 [0064.398] _wcsnicmp (_String1="COPYCMD", _String2="HOMEDRI", _MaxCount=0x7) returned -5 [0064.398] _wcsnicmp (_String1="COPYCMD", _String2="HOMEPAT", _MaxCount=0x7) returned -5 [0064.398] _wcsnicmp (_String1="COPYCMD", _String2="LOCALAP", _MaxCount=0x7) returned -9 [0064.398] _wcsnicmp (_String1="COPYCMD", _String2="LOGONSE", _MaxCount=0x7) returned -9 [0064.399] _wcsnicmp (_String1="COPYCMD", _String2="NUMBER_", _MaxCount=0x7) returned -11 [0064.399] _wcsnicmp (_String1="COPYCMD", _String2="OneDriv", _MaxCount=0x7) returned -12 [0064.399] _wcsnicmp (_String1="COPYCMD", _String2="OS=Wind", _MaxCount=0x7) returned -12 [0064.399] _wcsnicmp (_String1="COPYCMD", _String2="Path=C:", _MaxCount=0x7) returned -13 [0064.399] _wcsnicmp (_String1="COPYCMD", _String2="PATHEXT", _MaxCount=0x7) returned -13 [0064.399] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0064.399] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0064.399] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0064.399] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0064.399] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0064.399] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0064.399] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0064.399] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0064.399] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0064.399] _wcsnicmp (_String1="COPYCMD", _String2="PROMPT=", _MaxCount=0x7) returned -13 [0064.399] _wcsnicmp (_String1="COPYCMD", _String2="PSModul", _MaxCount=0x7) returned -13 [0064.399] _wcsnicmp (_String1="COPYCMD", _String2="PUBLIC=", _MaxCount=0x7) returned -13 [0064.399] _wcsnicmp (_String1="COPYCMD", _String2="sfxcmd=", _MaxCount=0x7) returned -16 [0064.399] _wcsnicmp (_String1="COPYCMD", _String2="sfxname", _MaxCount=0x7) returned -16 [0064.399] _wcsnicmp (_String1="COPYCMD", _String2="sfxpar=", _MaxCount=0x7) returned -16 [0064.399] _wcsnicmp (_String1="COPYCMD", _String2="sfxstim", _MaxCount=0x7) returned -16 [0064.399] _wcsnicmp (_String1="COPYCMD", _String2="SystemD", _MaxCount=0x7) returned -16 [0064.399] _wcsnicmp (_String1="COPYCMD", _String2="SystemR", _MaxCount=0x7) returned -16 [0064.399] _wcsnicmp (_String1="COPYCMD", _String2="TEMP=C:", _MaxCount=0x7) returned -17 [0064.399] _wcsnicmp (_String1="COPYCMD", _String2="TMP=C:\\", _MaxCount=0x7) returned -17 [0064.399] _wcsnicmp (_String1="COPYCMD", _String2="USERDOM", _MaxCount=0x7) returned -18 [0064.399] _wcsnicmp (_String1="COPYCMD", _String2="USERDOM", _MaxCount=0x7) returned -18 [0064.399] _wcsnicmp (_String1="COPYCMD", _String2="USERNAM", _MaxCount=0x7) returned -18 [0064.399] _wcsnicmp (_String1="COPYCMD", _String2="USERPRO", _MaxCount=0x7) returned -18 [0064.399] _wcsnicmp (_String1="COPYCMD", _String2="windir=", _MaxCount=0x7) returned -20 [0064.399] GetProcessHeap () returned 0x2780000 [0064.399] RtlFreeHeap (HeapHandle=0x2780000, Flags=0x0, BaseAddress=0x278bd38) returned 1 [0064.399] GetProcessHeap () returned 0x2780000 [0064.399] RtlAllocateHeap (HeapHandle=0x2780000, Flags=0x8, Size=0xa) returned 0x278b940 [0064.400] lstrcmpW (lpString1="\\fatura.sfx.exe", lpString2="\\XCOPY.EXE") returned -1 [0064.401] _get_osfhandle (_FileHandle=1) returned 0x90 [0064.401] SetConsoleMode (hConsoleHandle=0x90, dwMode=0x3) returned 1 [0064.462] _get_osfhandle (_FileHandle=0) returned 0x8c [0064.463] SetConsoleMode (hConsoleHandle=0x8c, dwMode=0x1f7) returned 1 [0064.509] CreateProcessW (in: lpApplicationName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\RarSFX0\\fatura.sfx.exe", lpCommandLine="fatura.sfx.exe -p1234 -dC:\\Users\\FD1HVy\\AppData\\Local\\Temp", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x80000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\RarSFX0", lpStartupInfo=0x24fe730*(cb=0x48, lpReserved=0x0, lpDesktop="WinSta0\\Default", lpTitle="fatura.sfx.exe -p1234 -dC:\\Users\\FD1HVy\\AppData\\Local\\Temp", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x24fe77c | out: lpCommandLine="fatura.sfx.exe -p1234 -dC:\\Users\\FD1HVy\\AppData\\Local\\Temp", lpProcessInformation=0x24fe77c*(hProcess=0xf4, hThread=0xec, dwProcessId=0x784, dwThreadId=0xd44)) returned 1 [0065.046] CloseHandle (hObject=0xec) returned 1 [0065.046] SetEnvironmentVariableW (lpName="COPYCMD", lpValue=0x0) returned 1 [0065.046] GetProcessHeap () returned 0x2780000 [0065.046] RtlFreeHeap (HeapHandle=0x2780000, Flags=0x0, BaseAddress=0x2788b98) returned 1 [0065.046] GetEnvironmentStringsW () returned 0x2788b98* [0065.046] GetProcessHeap () returned 0x2780000 [0065.047] RtlAllocateHeap (HeapHandle=0x2780000, Flags=0x8, Size=0xc86) returned 0x27b59b0 [0065.047] FreeEnvironmentStringsA (penv="=") returned 1 [0065.047] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0xffffffff) returned 0x0 [0073.867] GetExitCodeProcess (in: hProcess=0xf4, lpExitCode=0x24fe714 | out: lpExitCode=0x24fe714*=0x0) returned 1 [0073.867] CloseHandle (hObject=0xf4) returned 1 [0073.867] _vsnwprintf (in: _Buffer=0x24fe7fc, _BufferCount=0x13, _Format="%08X", _ArgList=0x24fe71c | out: _Buffer="00000000") returned 8 [0073.867] SetEnvironmentVariableW (lpName="=ExitCode", lpValue="00000000") returned 1 [0073.867] GetProcessHeap () returned 0x2780000 [0073.867] RtlFreeHeap (HeapHandle=0x2780000, Flags=0x0, BaseAddress=0x27b59b0) returned 1 [0073.867] GetEnvironmentStringsW () returned 0x27b59b0* [0073.867] GetProcessHeap () returned 0x2780000 [0073.867] RtlAllocateHeap (HeapHandle=0x2780000, Flags=0x8, Size=0xcac) returned 0x27b8ce8 [0073.868] FreeEnvironmentStringsA (penv="=") returned 1 [0073.868] SetEnvironmentVariableW (lpName="=ExitCodeAscii", lpValue=0x0) returned 1 [0073.868] GetProcessHeap () returned 0x2780000 [0073.868] RtlFreeHeap (HeapHandle=0x2780000, Flags=0x0, BaseAddress=0x27b8ce8) returned 1 [0073.868] GetEnvironmentStringsW () returned 0x27b59b0* [0073.868] GetProcessHeap () returned 0x2780000 [0073.868] RtlAllocateHeap (HeapHandle=0x2780000, Flags=0x8, Size=0xcac) returned 0x27b8ce8 [0073.868] FreeEnvironmentStringsA (penv="=") returned 1 [0073.868] GetProcessHeap () returned 0x2780000 [0073.868] RtlFreeHeap (HeapHandle=0x2780000, Flags=0x0, BaseAddress=0x278b940) returned 1 [0073.868] DeleteProcThreadAttributeList (in: lpAttributeList=0x24fe7a8 | out: lpAttributeList=0x24fe7a8) [0073.868] ??_V@YAXPAX@Z () returned 0x1 [0073.869] _get_osfhandle (_FileHandle=1) returned 0x90 [0073.869] SetConsoleMode (hConsoleHandle=0x90, dwMode=0x3) returned 1 [0073.886] _get_osfhandle (_FileHandle=1) returned 0x90 [0073.886] GetConsoleMode (in: hConsoleHandle=0x90, lpMode=0x193890 | out: lpMode=0x193890) returned 1 [0073.896] _get_osfhandle (_FileHandle=1) returned 0x90 [0073.896] SetConsoleMode (hConsoleHandle=0x90, dwMode=0x7) returned 1 [0073.898] _get_osfhandle (_FileHandle=0) returned 0x8c [0073.898] GetConsoleMode (in: hConsoleHandle=0x8c, lpMode=0x193894 | out: lpMode=0x193894) returned 1 [0073.925] _get_osfhandle (_FileHandle=0) returned 0x8c [0073.925] SetConsoleMode (hConsoleHandle=0x8c, dwMode=0x1e7) returned 1 [0073.932] SetConsoleInputExeNameW () returned 0x1 [0073.932] GetConsoleOutputCP () returned 0x1b5 [0073.935] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x193850 | out: lpCPInfo=0x193850) returned 1 [0073.935] SetThreadUILanguage (LangId=0x0) returned 0x2370409 [0073.938] ??_V@YAXPAX@Z () returned 0x1 [0073.940] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\RarSFX0\\vodafone.bat" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\rarsfx0\\vodafone.bat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x24fef48, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xf4 [0073.940] _open_osfhandle (_OSFileHandle=0xf4, _Flags=8) returned 3 [0073.940] _get_osfhandle (_FileHandle=3) returned 0xf4 [0073.940] SetFilePointer (in: hFile=0xf4, lDistanceToMove=30, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x1e [0073.940] GetProcessHeap () returned 0x2780000 [0073.940] RtlFreeHeap (HeapHandle=0x2780000, Flags=0x0, BaseAddress=0x278c938) returned 1 [0073.940] GetProcessHeap () returned 0x2780000 [0073.940] RtlFreeHeap (HeapHandle=0x2780000, Flags=0x0, BaseAddress=0x278c750) returned 1 [0073.940] GetProcessHeap () returned 0x2780000 [0073.940] RtlFreeHeap (HeapHandle=0x2780000, Flags=0x0, BaseAddress=0x2781468) returned 1 [0073.940] GetProcessHeap () returned 0x2780000 [0073.940] RtlFreeHeap (HeapHandle=0x2780000, Flags=0x0, BaseAddress=0x27b5928) returned 1 [0073.940] GetProcessHeap () returned 0x2780000 [0073.940] RtlFreeHeap (HeapHandle=0x2780000, Flags=0x0, BaseAddress=0x27813e0) returned 1 [0073.940] GetProcessHeap () returned 0x2780000 [0073.940] RtlFreeHeap (HeapHandle=0x2780000, Flags=0x0, BaseAddress=0x27a5948) returned 1 [0073.940] GetProcessHeap () returned 0x2780000 [0073.940] RtlFreeHeap (HeapHandle=0x2780000, Flags=0x0, BaseAddress=0x2781360) returned 1 [0073.940] GetProcessHeap () returned 0x2780000 [0073.940] RtlFreeHeap (HeapHandle=0x2780000, Flags=0x0, BaseAddress=0x278c568) returned 1 [0073.940] GetProcessHeap () returned 0x2780000 [0073.940] RtlFreeHeap (HeapHandle=0x2780000, Flags=0x0, BaseAddress=0x278bb50) returned 1 [0073.940] GetProcessHeap () returned 0x2780000 [0073.940] RtlFreeHeap (HeapHandle=0x2780000, Flags=0x0, BaseAddress=0x27a58c0) returned 1 [0073.942] GetProcessHeap () returned 0x2780000 [0073.942] RtlFreeHeap (HeapHandle=0x2780000, Flags=0x0, BaseAddress=0x27865c8) returned 1 [0073.942] GetProcessHeap () returned 0x2780000 [0073.942] RtlFreeHeap (HeapHandle=0x2780000, Flags=0x0, BaseAddress=0x2780518) returned 1 [0073.942] GetProcessHeap () returned 0x2780000 [0073.942] RtlFreeHeap (HeapHandle=0x2780000, Flags=0x0, BaseAddress=0x2786568) returned 1 [0073.942] _get_osfhandle (_FileHandle=3) returned 0xf4 [0073.942] SetFilePointer (in: hFile=0xf4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x1e [0073.942] ReadFile (in: hFile=0xf4, lpBuffer=0x18d630, nNumberOfBytesToRead=0x1fff, lpNumberOfBytesRead=0x24fef1c, lpOverlapped=0x0 | out: lpBuffer=0x18d630*, lpNumberOfBytesRead=0x24fef1c*=0x0, lpOverlapped=0x0) returned 1 [0073.942] GetLastError () returned 0x0 [0073.942] _get_osfhandle (_FileHandle=3) returned 0xf4 [0073.942] GetFileType (hFile=0xf4) returned 0x1 [0073.942] _get_osfhandle (_FileHandle=3) returned 0xf4 [0073.942] SetFilePointer (in: hFile=0xf4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x1e [0073.942] GetProcessHeap () returned 0x2780000 [0073.942] RtlAllocateHeap (HeapHandle=0x2780000, Flags=0x8, Size=0x400a) returned 0x27a58c0 [0073.943] GetProcessHeap () returned 0x2780000 [0073.943] RtlFreeHeap (HeapHandle=0x2780000, Flags=0x0, BaseAddress=0x27a58c0) returned 1 [0073.943] _get_osfhandle (_FileHandle=3) returned 0xf4 [0073.943] SetFilePointer (in: hFile=0xf4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x1e [0073.943] ReadFile (in: hFile=0xf4, lpBuffer=0x18d630, nNumberOfBytesToRead=0x1fff, lpNumberOfBytesRead=0x24fef1c, lpOverlapped=0x0 | out: lpBuffer=0x18d630*, lpNumberOfBytesRead=0x24fef1c*=0x0, lpOverlapped=0x0) returned 1 [0073.943] GetLastError () returned 0x0 [0073.943] _get_osfhandle (_FileHandle=3) returned 0xf4 [0073.943] GetFileType (hFile=0xf4) returned 0x1 [0073.943] _get_osfhandle (_FileHandle=3) returned 0xf4 [0073.943] SetFilePointer (in: hFile=0xf4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x1e [0073.944] GetProcessHeap () returned 0x2780000 [0073.944] RtlAllocateHeap (HeapHandle=0x2780000, Flags=0x8, Size=0x400a) returned 0x27a58c0 [0073.944] GetProcessHeap () returned 0x2780000 [0073.944] RtlFreeHeap (HeapHandle=0x2780000, Flags=0x0, BaseAddress=0x27a58c0) returned 1 [0073.944] longjmp () [0073.944] _tell (_FileHandle=3) returned 30 [0073.944] _close (_FileHandle=3) returned 0 [0073.945] CmdBatNotificationStub () returned 0x1 [0073.945] ??_V@YAXPAX@Z () returned 0x1 [0073.945] ??_V@YAXPAX@Z () returned 0x1 [0073.945] _get_osfhandle (_FileHandle=1) returned 0x90 [0073.945] SetConsoleMode (hConsoleHandle=0x90, dwMode=0x7) returned 1 [0073.948] _get_osfhandle (_FileHandle=1) returned 0x90 [0073.948] GetConsoleMode (in: hConsoleHandle=0x90, lpMode=0x193890 | out: lpMode=0x193890) returned 1 [0073.953] _get_osfhandle (_FileHandle=0) returned 0x8c [0073.953] GetConsoleMode (in: hConsoleHandle=0x8c, lpMode=0x193894 | out: lpMode=0x193894) returned 1 [0073.978] SetConsoleInputExeNameW () returned 0x1 [0073.978] GetConsoleOutputCP () returned 0x1b5 [0073.980] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x193850 | out: lpCPInfo=0x193850) returned 1 [0073.980] SetThreadUILanguage (LangId=0x0) returned 0x2370409 [0073.995] exit (_Code=0) [0073.995] ??_V@YAXPAX@Z () returned 0x1 Thread: id = 57 os_tid = 0x9b4 Process: id = "4" image_name = "conhost.exe" filename = "c:\\windows\\system32\\conhost.exe" page_root = "0x6b30f000" os_pid = "0x384" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "3" os_parent_pid = "0x7cc" cmd_line = "\\??\\C:\\WINDOWS\\system32\\conhost.exe 0xffffffff -ForceV1" cur_dir = "C:\\WINDOWS" os_username = "NQDPDE\\FD1HVy" bitness = "64" os_groups = "NQDPDE\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:000103c1" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 52 os_tid = 0x86c Thread: id = 53 os_tid = 0xcac Thread: id = 54 os_tid = 0xd00 Thread: id = 55 os_tid = 0xe5c Thread: id = 56 os_tid = 0xcd8 Process: id = "5" image_name = "fatura.sfx.exe" filename = "c:\\users\\fd1hvy\\appdata\\local\\temp\\rarsfx0\\fatura.sfx.exe" page_root = "0x6fdf5000" os_pid = "0x784" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "3" os_parent_pid = "0x7cc" cmd_line = "fatura.sfx.exe -p1234 -dC:\\Users\\FD1HVy\\AppData\\Local\\Temp" cur_dir = "C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\RarSFX0\\" os_username = "NQDPDE\\FD1HVy" bitness = "32" os_groups = "NQDPDE\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:000103c1" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 58 os_tid = 0xd44 [0065.320] IsProcessorFeaturePresent (ProcessorFeature=0xa) returned 1 [0065.320] LoadLibraryExW (lpLibFileName="?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0065.536] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpCharType=0xaff1e8 | out: lpCharType=0xaff1e8) returned 1 [0065.536] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0xaff7e8, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0065.536] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0xaff7e8, cbMultiByte=256, lpWideCharStr=0xafef28, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0065.536] LoadLibraryExW (lpLibFileName="?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256 [0065.537] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0xafed18, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȈ") returned 256 [0065.537] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȈ", cchWideChar=256, lpMultiByteStr=0xaff6e8, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ³rÆo$ù¯", lpUsedDefaultChar=0x0) returned 256 [0065.537] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0xaff7e8, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0065.537] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0xaff7e8, cbMultiByte=256, lpWideCharStr=0xafef38, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0065.537] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256 [0065.537] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0xafed28, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸȈ") returned 256 [0065.537] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸȈ", cchWideChar=256, lpMultiByteStr=0xaff5e8, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x8a\x9b\x8c\x9d\x8e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞ\x9f \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ³rÆo$ù¯", lpUsedDefaultChar=0x0) returned 256 [0065.537] RtlAllocateHeap (HeapHandle=0x200000, Flags=0x0, Size=0x80) returned 0x204e50 [0065.537] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x137add8, nSize=0x104 | out: lpFilename="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\RarSFX0\\fatura.sfx.exe" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\rarsfx0\\fatura.sfx.exe")) returned 0x39 [0065.537] RtlAllocateHeap (HeapHandle=0x200000, Flags=0x8, Size=0x4b) returned 0x205250 [0065.538] RtlInitializeSListHead (in: ListHead=0x137a9d0 | out: ListHead=0x137a9d0) [0065.538] GetLastError () returned 0x0 [0065.538] SetLastError (dwErrCode=0x0) [0065.538] GetEnvironmentStringsW () returned 0x211a78* [0065.538] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="=C:=C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\RarSFX0", cchWideChar=1603, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1603 [0065.538] RtlAllocateHeap (HeapHandle=0x200000, Flags=0x0, Size=0x643) returned 0x212708 [0065.538] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="=C:=C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\RarSFX0", cchWideChar=1603, lpMultiByteStr=0x212708, cbMultiByte=1603, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="=C:=C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\RarSFX0", lpUsedDefaultChar=0x0) returned 1603 [0065.538] FreeEnvironmentStringsW (penv=0x211a78) returned 1 [0065.538] RtlAllocateHeap (HeapHandle=0x200000, Flags=0x8, Size=0xa8) returned 0x209e18 [0065.538] RtlAllocateHeap (HeapHandle=0x200000, Flags=0x8, Size=0x1f) returned 0x204e10 [0065.538] RtlAllocateHeap (HeapHandle=0x200000, Flags=0x8, Size=0x28) returned 0x205028 [0065.538] RtlAllocateHeap (HeapHandle=0x200000, Flags=0x8, Size=0x37) returned 0x204bc8 [0065.538] RtlAllocateHeap (HeapHandle=0x200000, Flags=0x8, Size=0x3c) returned 0x20eff8 [0065.538] RtlAllocateHeap (HeapHandle=0x200000, Flags=0x8, Size=0x31) returned 0x20a350 [0065.538] RtlAllocateHeap (HeapHandle=0x200000, Flags=0x8, Size=0x14) returned 0x204c08 [0065.538] RtlAllocateHeap (HeapHandle=0x200000, Flags=0x8, Size=0x24) returned 0x20d400 [0065.538] RtlAllocateHeap (HeapHandle=0x200000, Flags=0x8, Size=0xd) returned 0x208590 [0065.538] RtlAllocateHeap (HeapHandle=0x200000, Flags=0x8, Size=0x17) returned 0x20d030 [0065.538] RtlAllocateHeap (HeapHandle=0x200000, Flags=0x8, Size=0x2b) returned 0x208e50 [0065.538] RtlAllocateHeap (HeapHandle=0x200000, Flags=0x8, Size=0x15) returned 0x20a390 [0065.538] RtlAllocateHeap (HeapHandle=0x200000, Flags=0x8, Size=0x17) returned 0x211c20 [0065.538] RtlAllocateHeap (HeapHandle=0x200000, Flags=0x8, Size=0x22) returned 0x212058 [0065.538] RtlAllocateHeap (HeapHandle=0x200000, Flags=0x8, Size=0xe) returned 0x2085c0 [0065.538] RtlAllocateHeap (HeapHandle=0x200000, Flags=0x8, Size=0xc1) returned 0x2090b8 [0065.538] RtlAllocateHeap (HeapHandle=0x200000, Flags=0x8, Size=0x3e) returned 0x20f040 [0065.538] RtlAllocateHeap (HeapHandle=0x200000, Flags=0x8, Size=0x1b) returned 0x204750 [0065.538] RtlAllocateHeap (HeapHandle=0x200000, Flags=0x8, Size=0x1d) returned 0x204778 [0065.538] RtlAllocateHeap (HeapHandle=0x200000, Flags=0x8, Size=0x48) returned 0x203200 [0065.539] RtlAllocateHeap (HeapHandle=0x200000, Flags=0x8, Size=0x12) returned 0x211be0 [0065.539] RtlAllocateHeap (HeapHandle=0x200000, Flags=0x8, Size=0x18) returned 0x211b00 [0065.539] RtlAllocateHeap (HeapHandle=0x200000, Flags=0x8, Size=0x1b) returned 0x208b40 [0065.539] RtlAllocateHeap (HeapHandle=0x200000, Flags=0x8, Size=0x24) returned 0x212028 [0065.539] RtlAllocateHeap (HeapHandle=0x200000, Flags=0x8, Size=0x29) returned 0x208e88 [0065.539] RtlAllocateHeap (HeapHandle=0x200000, Flags=0x8, Size=0x1e) returned 0x208b68 [0065.539] RtlAllocateHeap (HeapHandle=0x200000, Flags=0x8, Size=0xc) returned 0x2086e0 [0065.539] RtlAllocateHeap (HeapHandle=0x200000, Flags=0x8, Size=0x6b) returned 0x204988 [0065.539] RtlAllocateHeap (HeapHandle=0x200000, Flags=0x8, Size=0x17) returned 0x211d20 [0065.539] RtlAllocateHeap (HeapHandle=0x200000, Flags=0x8, Size=0x3e) returned 0x20ed70 [0065.539] RtlAllocateHeap (HeapHandle=0x200000, Flags=0x8, Size=0x3c) returned 0x20ea58 [0065.539] RtlAllocateHeap (HeapHandle=0x200000, Flags=0x8, Size=0x8) returned 0x20e318 [0065.539] RtlAllocateHeap (HeapHandle=0x200000, Flags=0x8, Size=0x21) returned 0x211f08 [0065.539] RtlAllocateHeap (HeapHandle=0x200000, Flags=0x8, Size=0xf) returned 0x2086f8 [0065.539] RtlAllocateHeap (HeapHandle=0x200000, Flags=0x8, Size=0x16) returned 0x211b20 [0065.539] RtlAllocateHeap (HeapHandle=0x200000, Flags=0x8, Size=0x28) returned 0x211fc8 [0065.539] RtlAllocateHeap (HeapHandle=0x200000, Flags=0x8, Size=0x27) returned 0x212208 [0065.539] RtlAllocateHeap (HeapHandle=0x200000, Flags=0x8, Size=0x12) returned 0x211da0 [0065.539] RtlAllocateHeap (HeapHandle=0x200000, Flags=0x8, Size=0x21) returned 0x212088 [0065.539] RtlAllocateHeap (HeapHandle=0x200000, Flags=0x8, Size=0x10) returned 0x208710 [0065.539] RtlAllocateHeap (HeapHandle=0x200000, Flags=0x8, Size=0x1c) returned 0x208b90 [0065.539] RtlAllocateHeap (HeapHandle=0x200000, Flags=0x8, Size=0x12) returned 0x211bc0 [0065.539] HeapFree (in: hHeap=0x200000, dwFlags=0x0, lpMem=0x212708 | out: hHeap=0x200000) returned 1 [0065.539] QueryPerformanceFrequency (in: lpFrequency=0xaff964 | out: lpFrequency=0xaff964*=100000000) returned 1 [0065.539] QueryPerformanceCounter (in: lpPerformanceCount=0xaff95c | out: lpPerformanceCount=0xaff95c*=15676444510) returned 1 [0065.539] RtlAllocateHeap (HeapHandle=0x200000, Flags=0x8, Size=0x800) returned 0x212288 [0065.540] IsProcessorFeaturePresent (ProcessorFeature=0xa) returned 1 [0065.540] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x133db6f) returned 0x0 [0065.542] GetCPInfo (in: CodePage=0x0, lpCPInfo=0xaff950 | out: lpCPInfo=0xaff950) returned 1 [0065.548] GetCurrentProcess () returned 0xffffffff [0065.548] GetProcessAffinityMask (in: hProcess=0xffffffff, lpProcessAffinityMask=0xaff914, lpSystemAffinityMask=0xaff910 | out: lpProcessAffinityMask=0xaff914, lpSystemAffinityMask=0xaff910) returned 1 [0065.548] GetCurrentProcess () returned 0xffffffff [0065.548] GetProcessAffinityMask (in: hProcess=0xffffffff, lpProcessAffinityMask=0xaff928, lpSystemAffinityMask=0xaff924 | out: lpProcessAffinityMask=0xaff928, lpSystemAffinityMask=0xaff924) returned 1 [0065.549] GetStartupInfoW (in: lpStartupInfo=0xaff944 | out: lpStartupInfo=0xaff944*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="fatura.sfx.exe -p1234 -dC:\\Users\\FD1HVy\\AppData\\Local\\Temp", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0)) [0065.550] GetModuleHandleW (lpModuleName="kernel32") returned 0x75e90000 [0065.550] GetProcAddress (hModule=0x75e90000, lpProcName="SetDllDirectoryW") returned 0x75ee2580 [0065.550] SetDllDirectoryW (lpPathName="") returned 1 [0065.550] GetProcAddress (hModule=0x75e90000, lpProcName="SetDefaultDllDirectories") returned 0x7500d900 [0065.550] SetDefaultDllDirectories (DirectoryFlags=0x800) returned 1 [0065.550] GetModuleFileNameW (in: hModule=0x0, lpFilename=0xaf47dc, nSize=0x800 | out: lpFilename="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\RarSFX0\\fatura.sfx.exe" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\rarsfx0\\fatura.sfx.exe")) returned 0x39 [0065.550] GetVersionExW (in: lpVersionInformation=0xaf43ac*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x12, dwMinorVersion=0xf0000, dwBuildNumber=0x9, dwPlatformId=0x75e90000, szCSDVersion="\x09") | out: lpVersionInformation=0xaf43ac*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x3ad7, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0065.550] GetSystemDirectoryW (in: lpBuffer=0xaf34bc, uSize=0x800 | out: lpBuffer="C:\\WINDOWS\\system32") returned 0x13 [0065.551] LoadLibraryW (lpLibFileName="C:\\WINDOWS\\system32\\version.dll") returned 0x74140000 [0065.553] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="version.dll", cchCount1=-1, lpString2="DXGIDebug.dll", cchCount2=-1) returned 3 [0065.555] GetSystemDirectoryW (in: lpBuffer=0xaf34bc, uSize=0x800 | out: lpBuffer="C:\\WINDOWS\\system32") returned 0x13 [0065.555] LoadLibraryW (lpLibFileName="C:\\WINDOWS\\system32\\DXGIDebug.dll") returned 0x0 [0065.555] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\RarSFX0\\DXGIDebug.dll" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\rarsfx0\\dxgidebug.dll")) returned 0xffffffff [0065.555] GetSystemDirectoryW (in: lpBuffer=0xaf34bc, uSize=0x800 | out: lpBuffer="C:\\WINDOWS\\system32") returned 0x13 [0065.555] LoadLibraryW (lpLibFileName="C:\\WINDOWS\\system32\\sfc_os.dll") returned 0x74130000 [0065.562] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="sfc_os.dll", cchCount1=-1, lpString2="DXGIDebug.dll", cchCount2=-1) returned 3 [0065.562] GetSystemDirectoryW (in: lpBuffer=0xaf34bc, uSize=0x800 | out: lpBuffer="C:\\WINDOWS\\system32") returned 0x13 [0065.562] LoadLibraryW (lpLibFileName="C:\\WINDOWS\\system32\\SSPICLI.DLL") returned 0x74680000 [0065.562] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="SSPICLI.DLL", cchCount1=-1, lpString2="DXGIDebug.dll", cchCount2=-1) returned 3 [0065.562] GetSystemDirectoryW (in: lpBuffer=0xaf34bc, uSize=0x800 | out: lpBuffer="C:\\WINDOWS\\system32") returned 0x13 [0065.562] LoadLibraryW (lpLibFileName="C:\\WINDOWS\\system32\\rsaenh.dll") returned 0x74100000 [0065.567] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="rsaenh.dll", cchCount1=-1, lpString2="DXGIDebug.dll", cchCount2=-1) returned 3 [0065.567] GetSystemDirectoryW (in: lpBuffer=0xaf34bc, uSize=0x800 | out: lpBuffer="C:\\WINDOWS\\system32") returned 0x13 [0065.567] LoadLibraryW (lpLibFileName="C:\\WINDOWS\\system32\\UXTheme.dll") returned 0x74550000 [0065.570] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="UXTheme.dll", cchCount1=-1, lpString2="DXGIDebug.dll", cchCount2=-1) returned 3 [0065.570] GetSystemDirectoryW (in: lpBuffer=0xaf34bc, uSize=0x800 | out: lpBuffer="C:\\WINDOWS\\system32") returned 0x13 [0065.570] LoadLibraryW (lpLibFileName="C:\\WINDOWS\\system32\\dwmapi.dll") returned 0x74520000 [0065.573] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="dwmapi.dll", cchCount1=-1, lpString2="DXGIDebug.dll", cchCount2=-1) returned 1 [0065.573] GetSystemDirectoryW (in: lpBuffer=0xaf34bc, uSize=0x800 | out: lpBuffer="C:\\WINDOWS\\system32") returned 0x13 [0065.573] LoadLibraryW (lpLibFileName="C:\\WINDOWS\\system32\\cryptbase.dll") returned 0x74670000 [0065.573] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="cryptbase.dll", cchCount1=-1, lpString2="DXGIDebug.dll", cchCount2=-1) returned 1 [0065.573] GetCurrentDirectoryW (in: nBufferLength=0x800, lpBuffer=0x1362120 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\RarSFX0") returned 0x2a [0065.573] GetSystemDirectoryW (in: lpBuffer=0xafe874, uSize=0x800 | out: lpBuffer="C:\\WINDOWS\\system32") returned 0x13 [0065.573] LoadLibraryW (lpLibFileName="C:\\WINDOWS\\system32\\riched20.dll") returned 0x744a0000 [0065.580] LoadLibraryExA (lpLibFileName="ole32.dll", hFile=0x0, dwFlags=0x0) returned 0x77920000 [0065.585] GetProcAddress (hModule=0x77920000, lpProcName="OleInitialize") returned 0x77953e50 [0065.585] OleInitialize (pvReserved=0x0) returned 0x0 [0065.664] LoadLibraryExA (lpLibFileName="COMCTL32.dll", hFile=0x0, dwFlags=0x0) returned 0x73ed0000 [0065.671] GetProcAddress (hModule=0x73ed0000, lpProcName="InitCommonControlsEx") returned 0x73f4a480 [0065.671] InitCommonControlsEx (picce=0xaff898) returned 1 [0065.672] GdiplusStartup (in: token=0xaff8a0, input=0xaff888, output=0x0 | out: token=0xaff8a0, output=0x0) returned 0x0 [0065.675] LoadLibraryExA (lpLibFileName="SHELL32.dll", hFile=0x0, dwFlags=0x0) returned 0x76480000 [0065.749] GetProcAddress (hModule=0x76480000, lpProcName="SHGetMalloc") returned 0x765edf80 [0065.749] SHGetMalloc (in: ppMalloc=0x13620e8 | out: ppMalloc=0x13620e8*=0x75e4d000) returned 0x0 [0065.749] GetCPInfo (in: CodePage=0x0, lpCPInfo=0xaff890 | out: lpCPInfo=0xaff890) returned 1 [0065.751] GetCommandLineW () returned="fatura.sfx.exe -p1234 -dC:\\Users\\FD1HVy\\AppData\\Local\\Temp" [0065.751] LoadLibraryExA (lpLibFileName="USER32.dll", hFile=0x0, dwFlags=0x0) returned 0x74b70000 [0065.751] GetProcAddress (hModule=0x74b70000, lpProcName="CharUpperW") returned 0x74ba0f70 [0065.751] GetSystemDirectoryW (in: lpBuffer=0xafc838, uSize=0x800 | out: lpBuffer="C:\\WINDOWS\\system32") returned 0x13 [0065.751] LoadLibraryW (lpLibFileName="C:\\WINDOWS\\system32\\Crypt32.dll") returned 0x74940000 [0066.269] GetProcAddress (hModule=0x74940000, lpProcName="CryptProtectMemory") returned 0x73381d30 [0066.280] GetProcAddress (hModule=0x74940000, lpProcName="CryptUnprotectMemory") returned 0x73381d60 [0066.280] CryptProtectMemory (in: pDataIn=0x136612a, cbDataIn=0x100, dwFlags=0x0 | out: pDataIn=0x136612a) returned 1 [0066.281] SetEnvironmentVariableW (lpName="sfxcmd", lpValue="fatura.sfx.exe -p1234 -dC:\\Users\\FD1HVy\\AppData\\Local\\Temp") returned 1 [0066.281] SetEnvironmentVariableW (lpName="sfxpar", lpValue="-p1234 -dC:\\Users\\FD1HVy\\AppData\\Local\\Temp") returned 1 [0066.282] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x1377938, nSize=0x800 | out: lpFilename="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\RarSFX0\\fatura.sfx.exe" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\rarsfx0\\fatura.sfx.exe")) returned 0x39 [0066.282] SetEnvironmentVariableW (lpName="sfxname", lpValue="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\RarSFX0\\fatura.sfx.exe") returned 1 [0066.282] GetLocalTime (in: lpSystemTime=0xaff8b8 | out: lpSystemTime=0xaff8b8*(wYear=0x7e3, wMonth=0x9, wDayOfWeek=0x2, wDay=0x18, wHour=0x13, wMinute=0x38, wSecond=0x31, wMilliseconds=0x27)) [0066.282] GetLastError () returned 0x0 [0066.282] SetLastError (dwErrCode=0x0) [0066.282] SetEnvironmentVariableW (lpName="sfxstime", lpValue="2019-09-24-19-56-49-039") returned 1 [0066.282] GetModuleHandleW (lpModuleName=0x0) returned 0x1320000 [0066.282] GetProcAddress (hModule=0x74b70000, lpProcName="LoadIconW") returned 0x74b98420 [0066.282] LoadIconW (hInstance=0x1320000, lpIconName=0x64) returned 0x5023b [0066.284] GetProcAddress (hModule=0x74b70000, lpProcName="LoadBitmapW") returned 0x74b92b80 [0066.284] LoadBitmapW (hInstance=0x1320000, lpBitmapName=0x65) returned 0x0 [0066.284] FindResourceW (hModule=0x1320000, lpName=0x65, lpType="PNG") returned 0x137d400 [0066.284] SizeofResource (hModule=0x1320000, hResInfo=0x137d400) returned 0xb45 [0066.284] LoadResource (hModule=0x1320000, hResInfo=0x137d400) returned 0x137d650 [0066.284] LockResource (hResData=0x137d650) returned 0x137d650 [0066.284] GlobalLock (hMem=0x140004) returned 0x200ae0 [0066.284] GetProcAddress (hModule=0x77920000, lpProcName="CreateStreamOnHGlobal") returned 0x75d12af0 [0066.285] CreateStreamOnHGlobal (in: hGlobal=0x140004, fDeleteOnRelease=0, ppstm=0xaff880 | out: ppstm=0xaff880*=0x2190d8) returned 0x0 [0066.285] GdipAlloc (size=0x10) returned 0x3d1f08 [0066.286] GdipCreateBitmapFromStream (stream=0x2190d8, bitmap=0xaff840) returned 0x0 [0066.294] CMemStm::Release () returned 0x2 [0066.294] GdipCreateHBITMAPFromBitmap (bitmap=0x3d1f20, hbmReturn=0xaff878, background=0xffffff) returned 0x0 [0066.302] GdipDisposeImage (image=0x3d1f20) returned 0x0 [0066.302] GdipFree (ptr=0x3d1f08) [0066.302] GlobalUnlock (hMem=0x140004) returned 0 [0066.302] LoadLibraryExA (lpLibFileName="GDI32.dll", hFile=0x0, dwFlags=0x0) returned 0x75b70000 [0066.303] GetProcAddress (hModule=0x75b70000, lpProcName="GetObjectW") returned 0x75b76d60 [0066.303] GetObjectW (in: h=0x6050762, c=24, pv=0xaff88c | out: pv=0xaff88c) returned 24 [0066.303] GetProcAddress (hModule=0x74b70000, lpProcName="GetDC") returned 0x74ba33c0 [0066.303] GetDC (hWnd=0x0) returned 0x1b0106f5 [0066.303] GetProcAddress (hModule=0x75b70000, lpProcName="GetDeviceCaps") returned 0x75b75c60 [0066.303] GetDeviceCaps (hdc=0x1b0106f5, index=88) returned 96 [0066.303] GetProcAddress (hModule=0x74b70000, lpProcName="ReleaseDC") returned 0x74b9a480 [0066.303] ReleaseDC (hWnd=0x0, hDC=0x1b0106f5) returned 1 [0066.303] GetDC (hWnd=0x0) returned 0x1b0106f5 [0066.303] GetDeviceCaps (hdc=0x1b0106f5, index=90) returned 96 [0066.303] ReleaseDC (hWnd=0x0, hDC=0x1b0106f5) returned 1 [0066.303] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\RarSFX0\\fatura.sfx.exe" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\rarsfx0\\fatura.sfx.exe"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8000000, hTemplateFile=0x0) returned 0x234 [0066.304] SetFilePointer (in: hFile=0x234, lDistanceToMove=0, lpDistanceToMoveHigh=0xafb838*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0xafb838*=0) returned 0x0 [0066.304] ReadFile (in: hFile=0x234, lpBuffer=0xafb84c, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0xafb808, lpOverlapped=0x0 | out: lpBuffer=0xafb84c*, lpNumberOfBytesRead=0xafb808*=0x2000, lpOverlapped=0x0) returned 1 [0066.304] SetFilePointer (in: hFile=0x234, lDistanceToMove=8176, lpDistanceToMoveHigh=0xafb828*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0xafb828*=0) returned 0x1ff0 [0066.305] SetFilePointer (in: hFile=0x234, lDistanceToMove=0, lpDistanceToMoveHigh=0xafb838*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0xafb838*=0) returned 0x1ff0 [0066.305] ReadFile (in: hFile=0x234, lpBuffer=0xafb84c, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0xafb808, lpOverlapped=0x0 | out: lpBuffer=0xafb84c*, lpNumberOfBytesRead=0xafb808*=0x2000, lpOverlapped=0x0) returned 1 [0066.305] SetFilePointer (in: hFile=0x234, lDistanceToMove=16352, lpDistanceToMoveHigh=0xafb828*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0xafb828*=0) returned 0x3fe0 [0066.305] SetFilePointer (in: hFile=0x234, lDistanceToMove=0, lpDistanceToMoveHigh=0xafb838*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0xafb838*=0) returned 0x3fe0 [0066.305] ReadFile (in: hFile=0x234, lpBuffer=0xafb84c, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0xafb808, lpOverlapped=0x0 | out: lpBuffer=0xafb84c*, lpNumberOfBytesRead=0xafb808*=0x2000, lpOverlapped=0x0) returned 1 [0066.305] SetFilePointer (in: hFile=0x234, lDistanceToMove=24528, lpDistanceToMoveHigh=0xafb828*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0xafb828*=0) returned 0x5fd0 [0066.305] SetFilePointer (in: hFile=0x234, lDistanceToMove=0, lpDistanceToMoveHigh=0xafb838*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0xafb838*=0) returned 0x5fd0 [0066.305] ReadFile (in: hFile=0x234, lpBuffer=0xafb84c, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0xafb808, lpOverlapped=0x0 | out: lpBuffer=0xafb84c*, lpNumberOfBytesRead=0xafb808*=0x2000, lpOverlapped=0x0) returned 1 [0066.305] SetFilePointer (in: hFile=0x234, lDistanceToMove=32704, lpDistanceToMoveHigh=0xafb828*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0xafb828*=0) returned 0x7fc0 [0066.305] SetFilePointer (in: hFile=0x234, lDistanceToMove=0, lpDistanceToMoveHigh=0xafb838*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0xafb838*=0) returned 0x7fc0 [0066.305] ReadFile (in: hFile=0x234, lpBuffer=0xafb84c, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0xafb808, lpOverlapped=0x0 | out: lpBuffer=0xafb84c*, lpNumberOfBytesRead=0xafb808*=0x2000, lpOverlapped=0x0) returned 1 [0066.305] SetFilePointer (in: hFile=0x234, lDistanceToMove=40880, lpDistanceToMoveHigh=0xafb828*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0xafb828*=0) returned 0x9fb0 [0066.305] SetFilePointer (in: hFile=0x234, lDistanceToMove=0, lpDistanceToMoveHigh=0xafb838*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0xafb838*=0) returned 0x9fb0 [0066.305] ReadFile (in: hFile=0x234, lpBuffer=0xafb84c, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0xafb808, lpOverlapped=0x0 | out: lpBuffer=0xafb84c*, lpNumberOfBytesRead=0xafb808*=0x2000, lpOverlapped=0x0) returned 1 [0066.306] SetFilePointer (in: hFile=0x234, lDistanceToMove=49056, lpDistanceToMoveHigh=0xafb828*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0xafb828*=0) returned 0xbfa0 [0066.306] SetFilePointer (in: hFile=0x234, lDistanceToMove=0, lpDistanceToMoveHigh=0xafb838*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0xafb838*=0) returned 0xbfa0 [0066.306] ReadFile (in: hFile=0x234, lpBuffer=0xafb84c, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0xafb808, lpOverlapped=0x0 | out: lpBuffer=0xafb84c*, lpNumberOfBytesRead=0xafb808*=0x2000, lpOverlapped=0x0) returned 1 [0066.306] SetFilePointer (in: hFile=0x234, lDistanceToMove=57232, lpDistanceToMoveHigh=0xafb828*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0xafb828*=0) returned 0xdf90 [0066.342] SetFilePointer (in: hFile=0x234, lDistanceToMove=0, lpDistanceToMoveHigh=0xafb838*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0xafb838*=0) returned 0xdf90 [0066.342] ReadFile (in: hFile=0x234, lpBuffer=0xafb84c, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0xafb808, lpOverlapped=0x0 | out: lpBuffer=0xafb84c*, lpNumberOfBytesRead=0xafb808*=0x2000, lpOverlapped=0x0) returned 1 [0066.342] SetFilePointer (in: hFile=0x234, lDistanceToMove=65408, lpDistanceToMoveHigh=0xafb828*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0xafb828*=0) returned 0xff80 [0066.342] SetFilePointer (in: hFile=0x234, lDistanceToMove=0, lpDistanceToMoveHigh=0xafb838*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0xafb838*=0) returned 0xff80 [0066.342] ReadFile (in: hFile=0x234, lpBuffer=0xafb84c, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0xafb808, lpOverlapped=0x0 | out: lpBuffer=0xafb84c*, lpNumberOfBytesRead=0xafb808*=0x2000, lpOverlapped=0x0) returned 1 [0066.342] SetFilePointer (in: hFile=0x234, lDistanceToMove=73584, lpDistanceToMoveHigh=0xafb828*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0xafb828*=0) returned 0x11f70 [0066.342] SetFilePointer (in: hFile=0x234, lDistanceToMove=0, lpDistanceToMoveHigh=0xafb838*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0xafb838*=0) returned 0x11f70 [0066.342] ReadFile (in: hFile=0x234, lpBuffer=0xafb84c, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0xafb808, lpOverlapped=0x0 | out: lpBuffer=0xafb84c*, lpNumberOfBytesRead=0xafb808*=0x2000, lpOverlapped=0x0) returned 1 [0066.343] SetFilePointer (in: hFile=0x234, lDistanceToMove=81760, lpDistanceToMoveHigh=0xafb828*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0xafb828*=0) returned 0x13f60 [0066.343] SetFilePointer (in: hFile=0x234, lDistanceToMove=0, lpDistanceToMoveHigh=0xafb838*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0xafb838*=0) returned 0x13f60 [0066.343] ReadFile (in: hFile=0x234, lpBuffer=0xafb84c, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0xafb808, lpOverlapped=0x0 | out: lpBuffer=0xafb84c*, lpNumberOfBytesRead=0xafb808*=0x2000, lpOverlapped=0x0) returned 1 [0066.343] SetFilePointer (in: hFile=0x234, lDistanceToMove=89936, lpDistanceToMoveHigh=0xafb828*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0xafb828*=0) returned 0x15f50 [0066.343] SetFilePointer (in: hFile=0x234, lDistanceToMove=0, lpDistanceToMoveHigh=0xafb838*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0xafb838*=0) returned 0x15f50 [0066.343] ReadFile (in: hFile=0x234, lpBuffer=0xafb84c, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0xafb808, lpOverlapped=0x0 | out: lpBuffer=0xafb84c*, lpNumberOfBytesRead=0xafb808*=0x2000, lpOverlapped=0x0) returned 1 [0066.343] SetFilePointer (in: hFile=0x234, lDistanceToMove=98112, lpDistanceToMoveHigh=0xafb828*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0xafb828*=0) returned 0x17f40 [0066.343] SetFilePointer (in: hFile=0x234, lDistanceToMove=0, lpDistanceToMoveHigh=0xafb838*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0xafb838*=0) returned 0x17f40 [0066.343] ReadFile (in: hFile=0x234, lpBuffer=0xafb84c, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0xafb808, lpOverlapped=0x0 | out: lpBuffer=0xafb84c*, lpNumberOfBytesRead=0xafb808*=0x2000, lpOverlapped=0x0) returned 1 [0066.343] SetFilePointer (in: hFile=0x234, lDistanceToMove=106288, lpDistanceToMoveHigh=0xafb828*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0xafb828*=0) returned 0x19f30 [0066.343] SetFilePointer (in: hFile=0x234, lDistanceToMove=0, lpDistanceToMoveHigh=0xafb838*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0xafb838*=0) returned 0x19f30 [0066.343] ReadFile (in: hFile=0x234, lpBuffer=0xafb84c, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0xafb808, lpOverlapped=0x0 | out: lpBuffer=0xafb84c*, lpNumberOfBytesRead=0xafb808*=0x2000, lpOverlapped=0x0) returned 1 [0066.343] SetFilePointer (in: hFile=0x234, lDistanceToMove=114464, lpDistanceToMoveHigh=0xafb828*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0xafb828*=0) returned 0x1bf20 [0066.343] SetFilePointer (in: hFile=0x234, lDistanceToMove=0, lpDistanceToMoveHigh=0xafb838*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0xafb838*=0) returned 0x1bf20 [0066.344] ReadFile (in: hFile=0x234, lpBuffer=0xafb84c, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0xafb808, lpOverlapped=0x0 | out: lpBuffer=0xafb84c*, lpNumberOfBytesRead=0xafb808*=0x2000, lpOverlapped=0x0) returned 1 [0066.344] SetFilePointer (in: hFile=0x234, lDistanceToMove=122640, lpDistanceToMoveHigh=0xafb828*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0xafb828*=0) returned 0x1df10 [0066.344] SetFilePointer (in: hFile=0x234, lDistanceToMove=0, lpDistanceToMoveHigh=0xafb838*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0xafb838*=0) returned 0x1df10 [0066.344] ReadFile (in: hFile=0x234, lpBuffer=0xafb84c, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0xafb808, lpOverlapped=0x0 | out: lpBuffer=0xafb84c*, lpNumberOfBytesRead=0xafb808*=0x2000, lpOverlapped=0x0) returned 1 [0066.344] SetFilePointer (in: hFile=0x234, lDistanceToMove=130816, lpDistanceToMoveHigh=0xafb828*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0xafb828*=0) returned 0x1ff00 [0066.344] SetFilePointer (in: hFile=0x234, lDistanceToMove=0, lpDistanceToMoveHigh=0xafb838*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0xafb838*=0) returned 0x1ff00 [0066.344] ReadFile (in: hFile=0x234, lpBuffer=0xafb84c, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0xafb808, lpOverlapped=0x0 | out: lpBuffer=0xafb84c*, lpNumberOfBytesRead=0xafb808*=0x2000, lpOverlapped=0x0) returned 1 [0066.344] SetFilePointer (in: hFile=0x234, lDistanceToMove=138992, lpDistanceToMoveHigh=0xafb828*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0xafb828*=0) returned 0x21ef0 [0066.344] SetFilePointer (in: hFile=0x234, lDistanceToMove=0, lpDistanceToMoveHigh=0xafb838*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0xafb838*=0) returned 0x21ef0 [0066.344] ReadFile (in: hFile=0x234, lpBuffer=0xafb84c, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0xafb808, lpOverlapped=0x0 | out: lpBuffer=0xafb84c*, lpNumberOfBytesRead=0xafb808*=0x2000, lpOverlapped=0x0) returned 1 [0066.344] SetFilePointer (in: hFile=0x234, lDistanceToMove=147168, lpDistanceToMoveHigh=0xafb828*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0xafb828*=0) returned 0x23ee0 [0066.344] SetFilePointer (in: hFile=0x234, lDistanceToMove=0, lpDistanceToMoveHigh=0xafb838*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0xafb838*=0) returned 0x23ee0 [0066.344] ReadFile (in: hFile=0x234, lpBuffer=0xafb84c, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0xafb808, lpOverlapped=0x0 | out: lpBuffer=0xafb84c*, lpNumberOfBytesRead=0xafb808*=0x2000, lpOverlapped=0x0) returned 1 [0066.344] SetFilePointer (in: hFile=0x234, lDistanceToMove=155344, lpDistanceToMoveHigh=0xafb828*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0xafb828*=0) returned 0x25ed0 [0066.345] SetFilePointer (in: hFile=0x234, lDistanceToMove=0, lpDistanceToMoveHigh=0xafb838*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0xafb838*=0) returned 0x25ed0 [0066.345] ReadFile (in: hFile=0x234, lpBuffer=0xafb84c, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0xafb808, lpOverlapped=0x0 | out: lpBuffer=0xafb84c*, lpNumberOfBytesRead=0xafb808*=0x2000, lpOverlapped=0x0) returned 1 [0066.345] SetFilePointer (in: hFile=0x234, lDistanceToMove=163520, lpDistanceToMoveHigh=0xafb828*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0xafb828*=0) returned 0x27ec0 [0066.345] SetFilePointer (in: hFile=0x234, lDistanceToMove=0, lpDistanceToMoveHigh=0xafb838*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0xafb838*=0) returned 0x27ec0 [0066.345] ReadFile (in: hFile=0x234, lpBuffer=0xafb84c, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0xafb808, lpOverlapped=0x0 | out: lpBuffer=0xafb84c*, lpNumberOfBytesRead=0xafb808*=0x2000, lpOverlapped=0x0) returned 1 [0066.345] SetFilePointer (in: hFile=0x234, lDistanceToMove=171696, lpDistanceToMoveHigh=0xafb828*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0xafb828*=0) returned 0x29eb0 [0066.345] SetFilePointer (in: hFile=0x234, lDistanceToMove=0, lpDistanceToMoveHigh=0xafb838*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0xafb838*=0) returned 0x29eb0 [0066.345] ReadFile (in: hFile=0x234, lpBuffer=0xafb84c, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0xafb808, lpOverlapped=0x0 | out: lpBuffer=0xafb84c*, lpNumberOfBytesRead=0xafb808*=0x2000, lpOverlapped=0x0) returned 1 [0066.345] SetFilePointer (in: hFile=0x234, lDistanceToMove=179872, lpDistanceToMoveHigh=0xafb828*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0xafb828*=0) returned 0x2bea0 [0066.345] SetFilePointer (in: hFile=0x234, lDistanceToMove=0, lpDistanceToMoveHigh=0xafb838*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0xafb838*=0) returned 0x2bea0 [0066.345] ReadFile (in: hFile=0x234, lpBuffer=0xafb84c, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0xafb808, lpOverlapped=0x0 | out: lpBuffer=0xafb84c*, lpNumberOfBytesRead=0xafb808*=0x2000, lpOverlapped=0x0) returned 1 [0066.345] SetFilePointer (in: hFile=0x234, lDistanceToMove=188048, lpDistanceToMoveHigh=0xafb828*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0xafb828*=0) returned 0x2de90 [0066.345] SetFilePointer (in: hFile=0x234, lDistanceToMove=0, lpDistanceToMoveHigh=0xafb838*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0xafb838*=0) returned 0x2de90 [0066.345] ReadFile (in: hFile=0x234, lpBuffer=0xafb84c, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0xafb808, lpOverlapped=0x0 | out: lpBuffer=0xafb84c*, lpNumberOfBytesRead=0xafb808*=0x2000, lpOverlapped=0x0) returned 1 [0066.346] SetFilePointer (in: hFile=0x234, lDistanceToMove=196224, lpDistanceToMoveHigh=0xafb828*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0xafb828*=0) returned 0x2fe80 [0066.346] SetFilePointer (in: hFile=0x234, lDistanceToMove=0, lpDistanceToMoveHigh=0xafb838*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0xafb838*=0) returned 0x2fe80 [0066.346] ReadFile (in: hFile=0x234, lpBuffer=0xafb84c, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0xafb808, lpOverlapped=0x0 | out: lpBuffer=0xafb84c*, lpNumberOfBytesRead=0xafb808*=0x2000, lpOverlapped=0x0) returned 1 [0066.346] SetFilePointer (in: hFile=0x234, lDistanceToMove=204400, lpDistanceToMoveHigh=0xafb828*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0xafb828*=0) returned 0x31e70 [0066.346] SetFilePointer (in: hFile=0x234, lDistanceToMove=0, lpDistanceToMoveHigh=0xafb838*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0xafb838*=0) returned 0x31e70 [0066.346] ReadFile (in: hFile=0x234, lpBuffer=0xafb84c, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0xafb808, lpOverlapped=0x0 | out: lpBuffer=0xafb84c*, lpNumberOfBytesRead=0xafb808*=0x2000, lpOverlapped=0x0) returned 1 [0066.346] SetFilePointer (in: hFile=0x234, lDistanceToMove=212576, lpDistanceToMoveHigh=0xafb828*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0xafb828*=0) returned 0x33e60 [0066.346] SetFilePointer (in: hFile=0x234, lDistanceToMove=0, lpDistanceToMoveHigh=0xafb838*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0xafb838*=0) returned 0x33e60 [0066.346] ReadFile (in: hFile=0x234, lpBuffer=0xafb84c, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0xafb808, lpOverlapped=0x0 | out: lpBuffer=0xafb84c*, lpNumberOfBytesRead=0xafb808*=0x2000, lpOverlapped=0x0) returned 1 [0066.346] SetFilePointer (in: hFile=0x234, lDistanceToMove=220752, lpDistanceToMoveHigh=0xafb828*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0xafb828*=0) returned 0x35e50 [0066.346] SetFilePointer (in: hFile=0x234, lDistanceToMove=0, lpDistanceToMoveHigh=0xafb838*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0xafb838*=0) returned 0x35e50 [0066.346] ReadFile (in: hFile=0x234, lpBuffer=0xafb84c, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0xafb808, lpOverlapped=0x0 | out: lpBuffer=0xafb84c*, lpNumberOfBytesRead=0xafb808*=0x2000, lpOverlapped=0x0) returned 1 [0066.346] SetFilePointer (in: hFile=0x234, lDistanceToMove=228928, lpDistanceToMoveHigh=0xafb828*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0xafb828*=0) returned 0x37e40 [0066.347] SetFilePointer (in: hFile=0x234, lDistanceToMove=0, lpDistanceToMoveHigh=0xafb838*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0xafb838*=0) returned 0x37e40 [0066.347] ReadFile (in: hFile=0x234, lpBuffer=0xafb84c, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0xafb808, lpOverlapped=0x0 | out: lpBuffer=0xafb84c*, lpNumberOfBytesRead=0xafb808*=0x2000, lpOverlapped=0x0) returned 1 [0066.347] SetFilePointer (in: hFile=0x234, lDistanceToMove=237104, lpDistanceToMoveHigh=0xafb828*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0xafb828*=0) returned 0x39e30 [0066.347] SetFilePointer (in: hFile=0x234, lDistanceToMove=0, lpDistanceToMoveHigh=0xafb838*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0xafb838*=0) returned 0x39e30 [0066.347] ReadFile (in: hFile=0x234, lpBuffer=0xafb84c, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0xafb808, lpOverlapped=0x0 | out: lpBuffer=0xafb84c*, lpNumberOfBytesRead=0xafb808*=0x2000, lpOverlapped=0x0) returned 1 [0066.347] SetFilePointer (in: hFile=0x234, lDistanceToMove=245280, lpDistanceToMoveHigh=0xafb828*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0xafb828*=0) returned 0x3be20 [0066.347] SetFilePointer (in: hFile=0x234, lDistanceToMove=0, lpDistanceToMoveHigh=0xafb838*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0xafb838*=0) returned 0x3be20 [0066.347] ReadFile (in: hFile=0x234, lpBuffer=0xafb84c, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0xafb808, lpOverlapped=0x0 | out: lpBuffer=0xafb84c*, lpNumberOfBytesRead=0xafb808*=0x2000, lpOverlapped=0x0) returned 1 [0066.347] SetFilePointer (in: hFile=0x234, lDistanceToMove=253456, lpDistanceToMoveHigh=0xafb828*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0xafb828*=0) returned 0x3de10 [0066.347] SetFilePointer (in: hFile=0x234, lDistanceToMove=0, lpDistanceToMoveHigh=0xafb838*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0xafb838*=0) returned 0x3de10 [0066.347] ReadFile (in: hFile=0x234, lpBuffer=0xafb84c, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0xafb808, lpOverlapped=0x0 | out: lpBuffer=0xafb84c*, lpNumberOfBytesRead=0xafb808*=0x2000, lpOverlapped=0x0) returned 1 [0066.347] SetFilePointer (in: hFile=0x234, lDistanceToMove=261632, lpDistanceToMoveHigh=0xafb828*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0xafb828*=0) returned 0x3fe00 [0066.347] SetFilePointer (in: hFile=0x234, lDistanceToMove=0, lpDistanceToMoveHigh=0xafb838*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0xafb838*=0) returned 0x3fe00 [0066.347] ReadFile (in: hFile=0x234, lpBuffer=0xafb84c, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0xafb808, lpOverlapped=0x0 | out: lpBuffer=0xafb84c*, lpNumberOfBytesRead=0xafb808*=0x2000, lpOverlapped=0x0) returned 1 [0066.348] SetFilePointer (in: hFile=0x234, lDistanceToMove=269808, lpDistanceToMoveHigh=0xafb828*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0xafb828*=0) returned 0x41df0 [0066.348] SetFilePointer (in: hFile=0x234, lDistanceToMove=0, lpDistanceToMoveHigh=0xafb838*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0xafb838*=0) returned 0x41df0 [0066.348] ReadFile (in: hFile=0x234, lpBuffer=0xafb84c, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0xafb808, lpOverlapped=0x0 | out: lpBuffer=0xafb84c*, lpNumberOfBytesRead=0xafb808*=0x2000, lpOverlapped=0x0) returned 1 [0066.348] SetFilePointer (in: hFile=0x234, lDistanceToMove=277984, lpDistanceToMoveHigh=0xafb828*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0xafb828*=0) returned 0x43de0 [0066.349] SetFilePointer (in: hFile=0x234, lDistanceToMove=0, lpDistanceToMoveHigh=0xafb838*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0xafb838*=0) returned 0x43de0 [0066.349] ReadFile (in: hFile=0x234, lpBuffer=0xafb84c, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0xafb808, lpOverlapped=0x0 | out: lpBuffer=0xafb84c*, lpNumberOfBytesRead=0xafb808*=0x2000, lpOverlapped=0x0) returned 1 [0066.349] SetFilePointer (in: hFile=0x234, lDistanceToMove=286160, lpDistanceToMoveHigh=0xafb828*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0xafb828*=0) returned 0x45dd0 [0066.349] SetFilePointer (in: hFile=0x234, lDistanceToMove=0, lpDistanceToMoveHigh=0xafb838*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0xafb838*=0) returned 0x45dd0 [0066.349] ReadFile (in: hFile=0x234, lpBuffer=0xafb84c, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0xafb808, lpOverlapped=0x0 | out: lpBuffer=0xafb84c*, lpNumberOfBytesRead=0xafb808*=0x2000, lpOverlapped=0x0) returned 1 [0066.349] SetFilePointer (in: hFile=0x234, lDistanceToMove=294336, lpDistanceToMoveHigh=0xafb828*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0xafb828*=0) returned 0x47dc0 [0066.349] SetFilePointer (in: hFile=0x234, lDistanceToMove=0, lpDistanceToMoveHigh=0xafb838*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0xafb838*=0) returned 0x47dc0 [0066.349] ReadFile (in: hFile=0x234, lpBuffer=0xafb84c, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0xafb808, lpOverlapped=0x0 | out: lpBuffer=0xafb84c*, lpNumberOfBytesRead=0xafb808*=0x2000, lpOverlapped=0x0) returned 1 [0066.349] SetFilePointer (in: hFile=0x234, lDistanceToMove=302512, lpDistanceToMoveHigh=0xafb828*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0xafb828*=0) returned 0x49db0 [0066.349] SetFilePointer (in: hFile=0x234, lDistanceToMove=301058, lpDistanceToMoveHigh=0xafb828*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0xafb828*=0) returned 0x49802 [0066.349] RtlAllocateHeap (HeapHandle=0x200000, Flags=0x0, Size=0x80002) returned 0x334020 [0066.351] ReadFile (in: hFile=0x234, lpBuffer=0x334020, nNumberOfBytesToRead=0x80000, lpNumberOfBytesRead=0xafb808, lpOverlapped=0x0 | out: lpBuffer=0x334020*, lpNumberOfBytesRead=0xafb808*=0x80000, lpOverlapped=0x0) returned 1 [0066.360] CloseHandle (hObject=0x234) returned 1 [0066.360] GetModuleHandleW (lpModuleName=0x0) returned 0x1320000 [0066.361] FindResourceW (hModule=0x1320000, lpName="RTL", lpType=0x5) returned 0x0 [0066.361] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="LTR", cchWideChar=-1, lpMultiByteStr=0xafe078, cbMultiByte=4096, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="LTR", lpUsedDefaultChar=0x0) returned 4 [0066.361] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="LTR", cchWideChar=-1, lpMultiByteStr=0xafd078, cbMultiByte=4096, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="LTR", lpUsedDefaultChar=0x0) returned 4 [0066.361] GetLastError () returned 0x716 [0066.361] SetLastError (dwErrCode=0x716) [0066.361] GetProcAddress (hModule=0x74b70000, lpProcName="DialogBoxParamW") returned 0x74bc21c0 [0066.361] DialogBoxParamW (hInstance=0x1320000, lpTemplateName="STARTDLG", hWndParent=0x0, lpDialogFunc=0x1339b4e, dwInitParam=0x0) returned 0x1 [0066.448] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="STARTDLG", cchWideChar=-1, lpMultiByteStr=0xaebac8, cbMultiByte=4096, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="STARTDLG", lpUsedDefaultChar=0x0) returned 9 [0066.448] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="", cchWideChar=-1, lpMultiByteStr=0xaeaac8, cbMultiByte=4096, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="", lpUsedDefaultChar=0x0) returned 1 [0066.448] GetLastError () returned 0x0 [0066.448] SetLastError (dwErrCode=0x0) [0066.449] GetProcAddress (hModule=0x74b70000, lpProcName="GetWindowRect") returned 0x74b96c50 [0066.449] GetWindowRect (in: hWnd=0x1024c, lpRect=0xaecf30 | out: lpRect=0xaecf30) returned 1 [0066.449] GetProcAddress (hModule=0x74b70000, lpProcName="GetClientRect") returned 0x74b89650 [0066.449] GetClientRect (in: hWnd=0x1024c, lpRect=0xaecf50 | out: lpRect=0xaecf50) returned 1 [0066.449] GetProcAddress (hModule=0x74b70000, lpProcName="GetWindowTextW") returned 0x74b7eac0 [0066.449] GetWindowTextW (in: hWnd=0x1024c, lpString=0xaecf60, nMaxCount=1024 | out: lpString="WinRAR self-extracting archive") returned 30 [0066.450] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="STARTDLG", cchWideChar=-1, lpMultiByteStr=0xaebee8, cbMultiByte=4096, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="STARTDLG", lpUsedDefaultChar=0x0) returned 9 [0066.450] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="WinRAR self-extracting archive", cchWideChar=-1, lpMultiByteStr=0xaeaee8, cbMultiByte=4096, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="WinRAR self-extracting archive", lpUsedDefaultChar=0x0) returned 31 [0066.450] GetLastError () returned 0x0 [0066.450] SetLastError (dwErrCode=0x0) [0066.451] GetProcAddress (hModule=0x74b70000, lpProcName="SetWindowTextW") returned 0x74b7d0c0 [0066.451] SetWindowTextW (hWnd=0x1024c, lpString="WinRAR kendi-açılan arşiv") returned 1 [0066.451] GetProcAddress (hModule=0x74b70000, lpProcName="GetSystemMetrics") returned 0x74b9ddc0 [0066.451] GetSystemMetrics (nIndex=8) returned 3 [0066.452] GetProcAddress (hModule=0x74b70000, lpProcName="GetWindow") returned 0x74b9d880 [0066.452] GetWindow (hWnd=0x1024c, uCmd=0x5) returned 0x10250 [0066.452] GetWindowTextW (in: hWnd=0x10250, lpString=0xaecf60, nMaxCount=1024 | out: lpString="") returned 0 [0066.452] GetWindow (hWnd=0x10250, uCmd=0x2) returned 0x10252 [0066.452] GetWindowTextW (in: hWnd=0x10252, lpString=0xaecf60, nMaxCount=1024 | out: lpString="&Destination folder") returned 19 [0066.452] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="STARTDLG", cchWideChar=-1, lpMultiByteStr=0xaebee8, cbMultiByte=4096, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="STARTDLG", lpUsedDefaultChar=0x0) returned 9 [0066.452] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="&Destination folder", cchWideChar=-1, lpMultiByteStr=0xaeaee8, cbMultiByte=4096, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="&Destination folder", lpUsedDefaultChar=0x0) returned 20 [0066.452] GetLastError () returned 0x0 [0066.452] SetLastError (dwErrCode=0x0) [0066.452] SetWindowTextW (hWnd=0x10252, lpString="Hedef klasör") returned 1 [0066.452] GetWindow (hWnd=0x10252, uCmd=0x2) returned 0x10254 [0066.452] GetWindowTextW (in: hWnd=0x10254, lpString=0xaecf60, nMaxCount=1024 | out: lpString="") returned 0 [0066.452] GetWindow (hWnd=0x10254, uCmd=0x2) returned 0x1025a [0066.452] GetWindowTextW (in: hWnd=0x1025a, lpString=0xaecf60, nMaxCount=1024 | out: lpString="Bro&wse...") returned 10 [0066.452] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="STARTDLG", cchWideChar=-1, lpMultiByteStr=0xaebee8, cbMultiByte=4096, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="STARTDLG", lpUsedDefaultChar=0x0) returned 9 [0066.452] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Bro&wse...", cchWideChar=-1, lpMultiByteStr=0xaeaee8, cbMultiByte=4096, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Bro&wse...", lpUsedDefaultChar=0x0) returned 11 [0066.452] GetLastError () returned 0x0 [0066.452] SetLastError (dwErrCode=0x0) [0066.452] SetWindowTextW (hWnd=0x1025a, lpString="Gözat...") returned 1 [0066.452] GetWindow (hWnd=0x1025a, uCmd=0x2) returned 0x1025c [0066.452] GetWindowTextW (in: hWnd=0x1025c, lpString=0xaecf60, nMaxCount=1024 | out: lpString="") returned 0 [0066.452] GetWindow (hWnd=0x1025c, uCmd=0x2) returned 0x1025e [0066.452] GetWindowTextW (in: hWnd=0x1025e, lpString=0xaecf60, nMaxCount=1024 | out: lpString="") returned 0 [0066.452] GetWindow (hWnd=0x1025e, uCmd=0x2) returned 0x10260 [0066.452] GetWindowTextW (in: hWnd=0x10260, lpString=0xaecf60, nMaxCount=1024 | out: lpString="Installation progress") returned 21 [0066.452] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="STARTDLG", cchWideChar=-1, lpMultiByteStr=0xaebee8, cbMultiByte=4096, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="STARTDLG", lpUsedDefaultChar=0x0) returned 9 [0066.452] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Installation progress", cchWideChar=-1, lpMultiByteStr=0xaeaee8, cbMultiByte=4096, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Installation progress", lpUsedDefaultChar=0x0) returned 22 [0066.452] GetLastError () returned 0x0 [0066.453] SetLastError (dwErrCode=0x0) [0066.453] SetWindowTextW (hWnd=0x10260, lpString="Yükleme ilerlemesi") returned 1 [0066.453] GetWindow (hWnd=0x10260, uCmd=0x2) returned 0x10262 [0066.453] GetWindowTextW (in: hWnd=0x10262, lpString=0xaecf60, nMaxCount=1024 | out: lpString="") returned 0 [0066.453] GetWindow (hWnd=0x10262, uCmd=0x2) returned 0x10264 [0066.453] GetWindowTextW (in: hWnd=0x10264, lpString=0xaecf60, nMaxCount=1024 | out: lpString="") returned 0 [0066.453] GetWindow (hWnd=0x10264, uCmd=0x2) returned 0x10266 [0066.453] GetWindowTextW (in: hWnd=0x10266, lpString=0xaecf60, nMaxCount=1024 | out: lpString="Install") returned 7 [0066.453] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="STARTDLG", cchWideChar=-1, lpMultiByteStr=0xaebee8, cbMultiByte=4096, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="STARTDLG", lpUsedDefaultChar=0x0) returned 9 [0066.453] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Install", cchWideChar=-1, lpMultiByteStr=0xaeaee8, cbMultiByte=4096, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Install", lpUsedDefaultChar=0x0) returned 8 [0066.453] GetLastError () returned 0x0 [0066.453] SetLastError (dwErrCode=0x0) [0066.453] SetWindowTextW (hWnd=0x10266, lpString="Yükle") returned 1 [0066.453] GetWindow (hWnd=0x10266, uCmd=0x2) returned 0x10268 [0066.453] GetWindowTextW (in: hWnd=0x10268, lpString=0xaecf60, nMaxCount=1024 | out: lpString="Cancel") returned 6 [0066.453] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="STARTDLG", cchWideChar=-1, lpMultiByteStr=0xaebee8, cbMultiByte=4096, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="STARTDLG", lpUsedDefaultChar=0x0) returned 9 [0066.453] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Cancel", cchWideChar=-1, lpMultiByteStr=0xaeaee8, cbMultiByte=4096, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Cancel", lpUsedDefaultChar=0x0) returned 7 [0066.453] GetLastError () returned 0x0 [0066.453] SetLastError (dwErrCode=0x0) [0066.453] SetWindowTextW (hWnd=0x10268, lpString="İptal") returned 1 [0066.453] GetWindow (hWnd=0x10268, uCmd=0x2) returned 0x0 [0066.453] GetProcAddress (hModule=0x74b70000, lpProcName="SendMessageW") returned 0x74b807d0 [0066.453] SendMessageW (hWnd=0x1024c, Msg=0x80, wParam=0x1, lParam=0x5023b) returned 0x0 [0066.456] GetProcAddress (hModule=0x74b70000, lpProcName="SendDlgItemMessageW") returned 0x74b79370 [0066.456] SendDlgItemMessageW (hDlg=0x1024c, nIDDlgItem=108, Msg=0x172, wParam=0x0, lParam=0x6050762) returned 0x0 [0066.459] GetProcAddress (hModule=0x74b70000, lpProcName="GetDlgItem") returned 0x74b793b0 [0066.459] GetDlgItem (hDlg=0x1024c, nIDDlgItem=104) returned 0x1025c [0066.459] SendMessageW (hWnd=0x1025c, Msg=0x435, wParam=0x0, lParam=0x400000) returned 0x0 [0066.459] GetCurrentDirectoryW (in: nBufferLength=0x800, lpBuffer=0xafe2dc | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\RarSFX0") returned 0x2a [0066.459] GetProcAddress (hModule=0x74b70000, lpProcName="GetDlgItem") returned 0x74b793b0 [0066.459] GetDlgItem (hDlg=0x1024c, nIDDlgItem=102) returned 0x10254 [0066.459] SetWindowTextW (hWnd=0x10254, lpString="C:\\Users\\FD1HVy\\AppData\\Local\\Temp") returned 1 [0066.460] GetProcAddress (hModule=0x74b70000, lpProcName="GetClassNameW") returned 0x74ba0310 [0066.460] GetClassNameW (in: hWnd=0x10254, lpClassName=0xaed6e8, nMaxCount=80 | out: lpClassName="ComboBox") returned 8 [0066.460] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="ComboBox", cchCount1=-1, lpString2="EDIT", cchCount2=-1) returned 1 [0066.460] GetProcAddress (hModule=0x74b70000, lpProcName="FindWindowExW") returned 0x74b92840 [0066.460] FindWindowExW (hWndParent=0x10254, hWndChildAfter=0x0, lpszClass="EDIT", lpszWindow=0x0) returned 0x10258 [0066.460] LoadLibraryExA (lpLibFileName="SHLWAPI.dll", hFile=0x0, dwFlags=0x0) returned 0x75f60000 [0066.460] GetProcAddress (hModule=0x75f60000, lpProcName="SHAutoComplete") returned 0x75f86580 [0066.460] SHAutoComplete (hwndEdit=0x10258, dwFlags=0x10) returned 0x0 [0066.563] RtlAllocateHeap (HeapHandle=0x200000, Flags=0x0, Size=0x10c0) returned 0x238d80 [0066.564] RtlAllocateHeap (HeapHandle=0x200000, Flags=0x0, Size=0x10c0) returned 0x239e48 [0066.564] RtlAllocateHeap (HeapHandle=0x200000, Flags=0x0, Size=0x82e0) returned 0x242858 [0066.565] GetCurrentProcess () returned 0xffffffff [0066.565] GetProcessAffinityMask (in: hProcess=0xffffffff, lpProcessAffinityMask=0xae59f0, lpSystemAffinityMask=0xae59ec | out: lpProcessAffinityMask=0xae59f0, lpSystemAffinityMask=0xae59ec) returned 1 [0066.565] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\RarSFX0\\fatura.sfx.exe" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\rarsfx0\\fatura.sfx.exe"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8000000, hTemplateFile=0x0) returned 0x2a8 [0066.565] ReadFile (in: hFile=0x2a8, lpBuffer=0xae7c50, nNumberOfBytesToRead=0x7, lpNumberOfBytesRead=0xae59c0, lpOverlapped=0x0 | out: lpBuffer=0xae7c50*, lpNumberOfBytesRead=0xae59c0*=0x7, lpOverlapped=0x0) returned 1 [0066.565] RtlAllocateHeap (HeapHandle=0x200000, Flags=0x0, Size=0x200000) returned 0x3ddf020 [0066.570] SetFilePointer (in: hFile=0x2a8, lDistanceToMove=0, lpDistanceToMoveHigh=0xae59f0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0xae59f0*=0) returned 0x7 [0066.570] ReadFile (in: hFile=0x2a8, lpBuffer=0x3ddf020, nNumberOfBytesToRead=0x1ffff0, lpNumberOfBytesRead=0xae59c0, lpOverlapped=0x0 | out: lpBuffer=0x3ddf020*, lpNumberOfBytesRead=0xae59c0*=0xe35dd, lpOverlapped=0x0) returned 1 [0066.613] SetFilePointer (in: hFile=0x2a8, lDistanceToMove=309870, lpDistanceToMoveHigh=0xae59e0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0xae59e0*=0) returned 0x4ba6e [0066.613] ReadFile (in: hFile=0x2a8, lpBuffer=0xae7c50, nNumberOfBytesToRead=0x7, lpNumberOfBytesRead=0xae59c0, lpOverlapped=0x0 | out: lpBuffer=0xae7c50*, lpNumberOfBytesRead=0xae59c0*=0x7, lpOverlapped=0x0) returned 1 [0066.613] HeapFree (in: hHeap=0x200000, dwFlags=0x0, lpMem=0x3ddf020 | out: hHeap=0x200000) returned 1 [0066.623] ReadFile (in: hFile=0x2a8, lpBuffer=0xae7c57, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0xae59c0, lpOverlapped=0x0 | out: lpBuffer=0xae7c57*, lpNumberOfBytesRead=0xae59c0*=0x1, lpOverlapped=0x0) returned 1 [0066.623] SetFilePointer (in: hFile=0x2a8, lDistanceToMove=0, lpDistanceToMoveHigh=0xae59e8*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0xae59e8*=0) returned 0x4ba76 [0066.623] RtlAllocateHeap (HeapHandle=0x200000, Flags=0x0, Size=0x20) returned 0x2326f8 [0066.623] ReadFile (in: hFile=0x2a8, lpBuffer=0x2326f8, nNumberOfBytesToRead=0x7, lpNumberOfBytesRead=0xae38a8, lpOverlapped=0x0 | out: lpBuffer=0x2326f8*, lpNumberOfBytesRead=0xae38a8*=0x7, lpOverlapped=0x0) returned 1 [0066.623] ReadFile (in: hFile=0x2a8, lpBuffer=0x2326ff, nNumberOfBytesToRead=0xa, lpNumberOfBytesRead=0xae38a8, lpOverlapped=0x0 | out: lpBuffer=0x2326ff*, lpNumberOfBytesRead=0xae38a8*=0xa, lpOverlapped=0x0) returned 1 [0066.623] HeapFree (in: hHeap=0x200000, dwFlags=0x0, lpMem=0x2326f8 | out: hHeap=0x200000) returned 1 [0066.623] SetFilePointer (in: hFile=0x2a8, lDistanceToMove=309895, lpDistanceToMoveHigh=0xae59dc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0xae59dc*=0) returned 0x4ba87 [0066.623] SetFilePointer (in: hFile=0x2a8, lDistanceToMove=0, lpDistanceToMoveHigh=0xae59f0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0xae59f0*=0) returned 0x4ba87 [0066.623] SetFilePointer (in: hFile=0x2a8, lDistanceToMove=0, lpDistanceToMoveHigh=0xae59e8*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0xae59e8*=0) returned 0x4ba87 [0066.623] RtlAllocateHeap (HeapHandle=0x200000, Flags=0x0, Size=0x20) returned 0x232360 [0066.623] ReadFile (in: hFile=0x2a8, lpBuffer=0x232360, nNumberOfBytesToRead=0x7, lpNumberOfBytesRead=0xae38a8, lpOverlapped=0x0 | out: lpBuffer=0x232360*, lpNumberOfBytesRead=0xae38a8*=0x7, lpOverlapped=0x0) returned 1 [0066.623] ReadFile (in: hFile=0x2a8, lpBuffer=0x232367, nNumberOfBytesToRead=0x11, lpNumberOfBytesRead=0xae38a8, lpOverlapped=0x0 | out: lpBuffer=0x232367*, lpNumberOfBytesRead=0xae38a8*=0x11, lpOverlapped=0x0) returned 1 [0066.623] HeapFree (in: hHeap=0x200000, dwFlags=0x0, lpMem=0x232360 | out: hHeap=0x200000) returned 1 [0066.623] SetFilePointer (in: hFile=0x2a8, lDistanceToMove=310051, lpDistanceToMoveHigh=0xae59dc*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0xae59dc*=0) returned 0x4bb23 [0066.623] SetFilePointer (in: hFile=0x2a8, lDistanceToMove=0, lpDistanceToMoveHigh=0xae59e8*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0xae59e8*=0) returned 0x4bb23 [0066.623] RtlAllocateHeap (HeapHandle=0x200000, Flags=0x0, Size=0x20) returned 0x232310 [0066.623] ReadFile (in: hFile=0x2a8, lpBuffer=0x232310, nNumberOfBytesToRead=0x7, lpNumberOfBytesRead=0xae38a8, lpOverlapped=0x0 | out: lpBuffer=0x232310*, lpNumberOfBytesRead=0xae38a8*=0x7, lpOverlapped=0x0) returned 1 [0066.623] RtlReAllocateHeap (Heap=0x200000, Flags=0x0, Ptr=0x232310, Size=0x5e) returned 0x233118 [0066.623] ReadFile (in: hFile=0x2a8, lpBuffer=0x23311f, nNumberOfBytesToRead=0x57, lpNumberOfBytesRead=0xae38a8, lpOverlapped=0x0 | out: lpBuffer=0x23311f*, lpNumberOfBytesRead=0xae38a8*=0x57, lpOverlapped=0x0) returned 1 [0066.624] HeapFree (in: hHeap=0x200000, dwFlags=0x0, lpMem=0x233118 | out: hHeap=0x200000) returned 1 [0066.624] SetFilePointer (in: hFile=0x2a8, lDistanceToMove=309895, lpDistanceToMoveHigh=0xae59c8*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0xae59c8*=0) returned 0x4ba87 [0066.624] SetFilePointer (in: hFile=0x2a8, lDistanceToMove=0, lpDistanceToMoveHigh=0xae5a14*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0xae5a14*=0) returned 0x4ba87 [0066.624] SetFilePointer (in: hFile=0x2a8, lDistanceToMove=309895, lpDistanceToMoveHigh=0xae5a00*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0xae5a00*=0) returned 0x4ba87 [0066.624] SetFilePointer (in: hFile=0x2a8, lDistanceToMove=0, lpDistanceToMoveHigh=0xae59f4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0xae59f4*=0) returned 0x4ba87 [0066.624] RtlAllocateHeap (HeapHandle=0x200000, Flags=0x0, Size=0x20) returned 0x232540 [0066.624] ReadFile (in: hFile=0x2a8, lpBuffer=0x232540, nNumberOfBytesToRead=0x7, lpNumberOfBytesRead=0xae38b4, lpOverlapped=0x0 | out: lpBuffer=0x232540*, lpNumberOfBytesRead=0xae38b4*=0x7, lpOverlapped=0x0) returned 1 [0066.624] ReadFile (in: hFile=0x2a8, lpBuffer=0x232547, nNumberOfBytesToRead=0x11, lpNumberOfBytesRead=0xae38b4, lpOverlapped=0x0 | out: lpBuffer=0x232547*, lpNumberOfBytesRead=0xae38b4*=0x11, lpOverlapped=0x0) returned 1 [0066.624] HeapFree (in: hHeap=0x200000, dwFlags=0x0, lpMem=0x232540 | out: hHeap=0x200000) returned 1 [0066.624] RtlAllocateHeap (HeapHandle=0x200000, Flags=0x0, Size=0x8003) returned 0x24ab40 [0066.625] RtlAllocateHeap (HeapHandle=0x200000, Flags=0x0, Size=0x8003) returned 0x252b50 [0066.625] RtlAllocateHeap (HeapHandle=0x200000, Flags=0x0, Size=0x1b8) returned 0x237ef8 [0066.625] CreateSemaphoreW (lpSemaphoreAttributes=0x0, lInitialCount=0, lMaximumCount=32, lpName=0x0) returned 0x2ac [0066.625] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=1, lpName=0x0) returned 0x2b0 [0066.626] RtlAllocateHeap (HeapHandle=0x200000, Flags=0x0, Size=0x40000) returned 0x25ab60 [0066.630] RtlAllocateHeap (HeapHandle=0x200000, Flags=0x0, Size=0x84) returned 0x2356c0 [0066.630] RtlAllocateHeap (HeapHandle=0x200000, Flags=0x0, Size=0xb54) returned 0x29ab68 [0066.630] RtlAllocateHeap (HeapHandle=0x200000, Flags=0x0, Size=0x100000) returned 0x3dd4020 [0066.633] ReadFile (in: hFile=0x2a8, lpBuffer=0x3dd4020, nNumberOfBytesToRead=0x84, lpNumberOfBytesRead=0xad724c, lpOverlapped=0x0 | out: lpBuffer=0x3dd4020*, lpNumberOfBytesRead=0xad724c*=0x84, lpOverlapped=0x0) returned 1 [0066.633] GetProcAddress (hModule=0x74b70000, lpProcName="PeekMessageW") returned 0x74b9d180 [0066.633] PeekMessageW (in: lpMsg=0xad7254, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0xad7254) returned 1 [0066.633] GetProcAddress (hModule=0x74b70000, lpProcName="GetMessageW") returned 0x74b9fea0 [0066.633] GetMessageW (in: lpMsg=0xad7254, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0xad7254) returned 1 [0066.634] GetProcAddress (hModule=0x74b70000, lpProcName="TranslateMessage") returned 0x74b9f900 [0066.634] TranslateMessage (lpMsg=0xad7254) returned 0 [0066.634] GetProcAddress (hModule=0x74b70000, lpProcName="DispatchMessageW") returned 0x74b94840 [0066.634] DispatchMessageW (lpMsg=0xad7254) returned 0x0 [0066.636] SetThreadExecutionState (esFlags=0x1) returned 0x80000000 [0066.636] PeekMessageW (in: lpMsg=0xad7258, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0xad7258) returned 1 [0066.636] GetMessageW (in: lpMsg=0xad7258, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0xad7258) returned 1 [0066.636] TranslateMessage (lpMsg=0xad7258) returned 0 [0066.636] DispatchMessageW (lpMsg=0xad7258) returned 0x0 [0066.636] SetThreadExecutionState (esFlags=0x1) returned 0x80000000 [0066.636] PeekMessageW (in: lpMsg=0xad724c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0xad724c) returned 0 [0066.636] SetThreadExecutionState (esFlags=0x1) returned 0x80000000 [0066.636] HeapFree (in: hHeap=0x200000, dwFlags=0x0, lpMem=0x3dd4020 | out: hHeap=0x200000) returned 1 [0066.639] HeapFree (in: hHeap=0x200000, dwFlags=0x0, lpMem=0x25ab60 | out: hHeap=0x200000) returned 1 [0066.639] ReleaseSemaphore (in: hSemaphore=0x2ac, lReleaseCount=32, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0066.639] CloseHandle (hObject=0x2ac) returned 1 [0066.639] CloseHandle (hObject=0x2b0) returned 1 [0066.639] HeapFree (in: hHeap=0x200000, dwFlags=0x0, lpMem=0x237ef8 | out: hHeap=0x200000) returned 1 [0066.639] HeapFree (in: hHeap=0x200000, dwFlags=0x0, lpMem=0x252b50 | out: hHeap=0x200000) returned 1 [0066.639] HeapFree (in: hHeap=0x200000, dwFlags=0x0, lpMem=0x24ab40 | out: hHeap=0x200000) returned 1 [0066.642] RtlReAllocateHeap (Heap=0x200000, Flags=0x0, Ptr=0x2356c0, Size=0xc5) returned 0x2356c0 [0066.642] RtlAllocateHeap (HeapHandle=0x200000, Flags=0x0, Size=0x10a) returned 0x235790 [0066.642] HeapFree (in: hHeap=0x200000, dwFlags=0x0, lpMem=0x2356c0 | out: hHeap=0x200000) returned 1 [0066.642] SetFilePointer (in: hFile=0x2a8, lDistanceToMove=309895, lpDistanceToMoveHigh=0xae59ec*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0xae59ec*=0) returned 0x4ba87 [0066.642] RtlAllocateHeap (HeapHandle=0x200000, Flags=0x0, Size=0xfa) returned 0x29b6c8 [0066.642] HeapFree (in: hHeap=0x200000, dwFlags=0x0, lpMem=0x235790 | out: hHeap=0x200000) returned 1 [0066.642] HeapFree (in: hHeap=0x200000, dwFlags=0x0, lpMem=0x242858 | out: hHeap=0x200000) returned 1 [0066.644] HeapFree (in: hHeap=0x200000, dwFlags=0x0, lpMem=0x238d80 | out: hHeap=0x200000) returned 1 [0066.644] HeapFree (in: hHeap=0x200000, dwFlags=0x0, lpMem=0x239e48 | out: hHeap=0x200000) returned 1 [0066.644] HeapFree (in: hHeap=0x200000, dwFlags=0x0, lpMem=0x29ab68 | out: hHeap=0x200000) returned 1 [0066.645] CloseHandle (hObject=0x2a8) returned 1 [0066.645] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Bu açıklamadan sonraki kısım SFX kod komutlarını içerir", cchCount1=-1, lpString2="Delete", cchCount2=-1) returned 1 [0066.645] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Bu açıklamadan sonraki kısım SFX kod komutlarını içerir", cchCount1=-1, lpString2="Text", cchCount2=-1) returned 1 [0066.645] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Bu açıklamadan sonraki kısım SFX kod komutlarını içerir", cchCount1=-1, lpString2="Title", cchCount2=-1) returned 1 [0066.645] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Bu açıklamadan sonraki kısım SFX kod komutlarını içerir", cchCount1=-1, lpString2="Path", cchCount2=-1) returned 1 [0066.645] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Bu açıklamadan sonraki kısım SFX kod komutlarını içerir", cchCount1=-1, lpString2="Silent", cchCount2=-1) returned 1 [0066.645] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Bu açıklamadan sonraki kısım SFX kod komutlarını içerir", cchCount1=-1, lpString2="Overwrite", cchCount2=-1) returned 1 [0066.646] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Bu açıklamadan sonraki kısım SFX kod komutlarını içerir", cchCount1=-1, lpString2="Setup", cchCount2=-1) returned 1 [0066.646] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Bu açıklamadan sonraki kısım SFX kod komutlarını içerir", cchCount1=-1, lpString2="TempMode", cchCount2=-1) returned 1 [0066.646] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Bu açıklamadan sonraki kısım SFX kod komutlarını içerir", cchCount1=-1, lpString2="License", cchCount2=-1) returned 1 [0066.646] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Bu açıklamadan sonraki kısım SFX kod komutlarını içerir", cchCount1=-1, lpString2="Presetup", cchCount2=-1) returned 1 [0066.646] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Bu açıklamadan sonraki kısım SFX kod komutlarını içerir", cchCount1=-1, lpString2="Shortcut", cchCount2=-1) returned 1 [0066.646] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Bu açıklamadan sonraki kısım SFX kod komutlarını içerir", cchCount1=-1, lpString2="SavePath", cchCount2=-1) returned 1 [0066.646] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Bu açıklamadan sonraki kısım SFX kod komutlarını içerir", cchCount1=-1, lpString2="Update", cchCount2=-1) returned 1 [0066.646] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Bu açıklamadan sonraki kısım SFX kod komutlarını içerir", cchCount1=-1, lpString2="SetupCode", cchCount2=-1) returned 1 [0066.646] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Delete", cchCount2=-1) returned 1 [0066.646] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Text", cchCount2=-1) returned 1 [0066.646] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Title", cchCount2=-1) returned 1 [0066.646] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Path", cchCount2=-1) returned 1 [0066.646] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Silent", cchCount2=-1) returned 1 [0066.646] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Overwrite", cchCount2=-1) returned 1 [0066.646] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Setup", cchCount2=-1) returned 1 [0066.646] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="TempMode", cchCount2=-1) returned 1 [0066.646] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="License", cchCount2=-1) returned 1 [0066.646] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Presetup", cchCount2=-1) returned 1 [0066.646] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Shortcut", cchCount2=-1) returned 1 [0066.646] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="SavePath", cchCount2=-1) returned 1 [0066.646] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Update", cchCount2=-1) returned 1 [0066.646] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="SetupCode", cchCount2=-1) returned 1 [0066.646] ExpandEnvironmentStringsW (in: lpSrc="%temp%", lpDst=0xacfacc, nSize=0x1000 | out: lpDst="C:\\Users\\FD1HVy\\AppData\\Local\\Temp") returned 0x23 [0066.646] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Path", cchCount1=-1, lpString2="Delete", cchCount2=-1) returned 3 [0066.646] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Path", cchCount1=-1, lpString2="Text", cchCount2=-1) returned 1 [0066.646] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Path", cchCount1=-1, lpString2="Title", cchCount2=-1) returned 1 [0066.646] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Path", cchCount1=-1, lpString2="Path", cchCount2=-1) returned 2 [0066.646] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="SavePath", cchCount1=-1, lpString2="Delete", cchCount2=-1) returned 3 [0066.646] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="SavePath", cchCount1=-1, lpString2="Text", cchCount2=-1) returned 1 [0066.646] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="SavePath", cchCount1=-1, lpString2="Title", cchCount2=-1) returned 1 [0066.646] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="SavePath", cchCount1=-1, lpString2="Path", cchCount2=-1) returned 3 [0066.646] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="SavePath", cchCount1=-1, lpString2="Silent", cchCount2=-1) returned 1 [0066.646] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="SavePath", cchCount1=-1, lpString2="Overwrite", cchCount2=-1) returned 3 [0066.647] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="SavePath", cchCount1=-1, lpString2="Setup", cchCount2=-1) returned 1 [0066.647] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="SavePath", cchCount1=-1, lpString2="TempMode", cchCount2=-1) returned 1 [0066.647] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="SavePath", cchCount1=-1, lpString2="License", cchCount2=-1) returned 3 [0066.647] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="SavePath", cchCount1=-1, lpString2="Presetup", cchCount2=-1) returned 3 [0066.647] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="SavePath", cchCount1=-1, lpString2="Shortcut", cchCount2=-1) returned 1 [0066.647] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="SavePath", cchCount1=-1, lpString2="SavePath", cchCount2=-1) returned 2 [0066.647] ExpandEnvironmentStringsW (in: lpSrc="fatura.exe", lpDst=0xacfacc, nSize=0x1000 | out: lpDst="fatura.exe") returned 0xb [0066.647] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Setup", cchCount1=-1, lpString2="Delete", cchCount2=-1) returned 3 [0066.647] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Setup", cchCount1=-1, lpString2="Text", cchCount2=-1) returned 1 [0066.647] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Setup", cchCount1=-1, lpString2="Title", cchCount2=-1) returned 1 [0066.647] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Setup", cchCount1=-1, lpString2="Path", cchCount2=-1) returned 3 [0066.647] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Setup", cchCount1=-1, lpString2="Silent", cchCount2=-1) returned 1 [0066.647] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Setup", cchCount1=-1, lpString2="Overwrite", cchCount2=-1) returned 3 [0066.647] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Setup", cchCount1=-1, lpString2="Setup", cchCount2=-1) returned 2 [0066.647] ExpandEnvironmentStringsW (in: lpSrc="1", lpDst=0xacfacc, nSize=0x1000 | out: lpDst="1") returned 0x2 [0066.647] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Silent", cchCount1=-1, lpString2="Delete", cchCount2=-1) returned 3 [0066.647] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Silent", cchCount1=-1, lpString2="Text", cchCount2=-1) returned 1 [0066.647] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Silent", cchCount1=-1, lpString2="Title", cchCount2=-1) returned 1 [0066.647] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Silent", cchCount1=-1, lpString2="Path", cchCount2=-1) returned 3 [0066.647] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Silent", cchCount1=-1, lpString2="Silent", cchCount2=-1) returned 2 [0066.647] ExpandEnvironmentStringsW (in: lpSrc="1", lpDst=0xacfacc, nSize=0x1000 | out: lpDst="1") returned 0x2 [0066.647] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Overwrite", cchCount1=-1, lpString2="Delete", cchCount2=-1) returned 3 [0066.647] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Overwrite", cchCount1=-1, lpString2="Text", cchCount2=-1) returned 1 [0066.647] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Overwrite", cchCount1=-1, lpString2="Title", cchCount2=-1) returned 1 [0066.647] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Overwrite", cchCount1=-1, lpString2="Path", cchCount2=-1) returned 1 [0066.647] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Overwrite", cchCount1=-1, lpString2="Silent", cchCount2=-1) returned 1 [0066.647] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Overwrite", cchCount1=-1, lpString2="Overwrite", cchCount2=-1) returned 2 [0066.648] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Bu açıklamadan sonraki kısım SFX kod komutlarını içerir", cchCount1=-1, lpString2="Delete", cchCount2=-1) returned 1 [0066.648] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Bu açıklamadan sonraki kısım SFX kod komutlarını içerir", cchCount1=-1, lpString2="Text", cchCount2=-1) returned 1 [0066.648] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Bu açıklamadan sonraki kısım SFX kod komutlarını içerir", cchCount1=-1, lpString2="Title", cchCount2=-1) returned 1 [0066.648] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Bu açıklamadan sonraki kısım SFX kod komutlarını içerir", cchCount1=-1, lpString2="Path", cchCount2=-1) returned 1 [0066.648] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Bu açıklamadan sonraki kısım SFX kod komutlarını içerir", cchCount1=-1, lpString2="Silent", cchCount2=-1) returned 1 [0066.648] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Bu açıklamadan sonraki kısım SFX kod komutlarını içerir", cchCount1=-1, lpString2="Overwrite", cchCount2=-1) returned 1 [0066.648] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Bu açıklamadan sonraki kısım SFX kod komutlarını içerir", cchCount1=-1, lpString2="Setup", cchCount2=-1) returned 1 [0066.648] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Bu açıklamadan sonraki kısım SFX kod komutlarını içerir", cchCount1=-1, lpString2="TempMode", cchCount2=-1) returned 1 [0066.648] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Bu açıklamadan sonraki kısım SFX kod komutlarını içerir", cchCount1=-1, lpString2="License", cchCount2=-1) returned 1 [0066.648] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Bu açıklamadan sonraki kısım SFX kod komutlarını içerir", cchCount1=-1, lpString2="Presetup", cchCount2=-1) returned 1 [0066.648] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Bu açıklamadan sonraki kısım SFX kod komutlarını içerir", cchCount1=-1, lpString2="Shortcut", cchCount2=-1) returned 1 [0066.648] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Bu açıklamadan sonraki kısım SFX kod komutlarını içerir", cchCount1=-1, lpString2="SavePath", cchCount2=-1) returned 1 [0066.648] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Bu açıklamadan sonraki kısım SFX kod komutlarını içerir", cchCount1=-1, lpString2="Update", cchCount2=-1) returned 1 [0066.648] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Bu açıklamadan sonraki kısım SFX kod komutlarını içerir", cchCount1=-1, lpString2="SetupCode", cchCount2=-1) returned 1 [0066.648] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Delete", cchCount2=-1) returned 1 [0066.648] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Text", cchCount2=-1) returned 1 [0066.648] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Title", cchCount2=-1) returned 1 [0066.648] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Path", cchCount2=-1) returned 1 [0066.648] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Silent", cchCount2=-1) returned 1 [0066.648] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Overwrite", cchCount2=-1) returned 1 [0066.648] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Setup", cchCount2=-1) returned 1 [0066.648] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="TempMode", cchCount2=-1) returned 1 [0066.648] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="License", cchCount2=-1) returned 1 [0066.648] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Presetup", cchCount2=-1) returned 1 [0066.648] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Shortcut", cchCount2=-1) returned 1 [0066.648] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="SavePath", cchCount2=-1) returned 1 [0066.648] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Update", cchCount2=-1) returned 1 [0066.648] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="SetupCode", cchCount2=-1) returned 1 [0066.648] ExpandEnvironmentStringsW (in: lpSrc="%temp%", lpDst=0xacfacc, nSize=0x1000 | out: lpDst="C:\\Users\\FD1HVy\\AppData\\Local\\Temp") returned 0x23 [0066.648] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Path", cchCount1=-1, lpString2="Delete", cchCount2=-1) returned 3 [0066.648] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Path", cchCount1=-1, lpString2="Text", cchCount2=-1) returned 1 [0066.648] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Path", cchCount1=-1, lpString2="Title", cchCount2=-1) returned 1 [0066.648] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Path", cchCount1=-1, lpString2="Path", cchCount2=-1) returned 2 [0066.649] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="SavePath", cchCount1=-1, lpString2="Delete", cchCount2=-1) returned 3 [0066.649] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="SavePath", cchCount1=-1, lpString2="Text", cchCount2=-1) returned 1 [0066.649] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="SavePath", cchCount1=-1, lpString2="Title", cchCount2=-1) returned 1 [0066.649] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="SavePath", cchCount1=-1, lpString2="Path", cchCount2=-1) returned 3 [0066.649] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="SavePath", cchCount1=-1, lpString2="Silent", cchCount2=-1) returned 1 [0066.649] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="SavePath", cchCount1=-1, lpString2="Overwrite", cchCount2=-1) returned 3 [0066.649] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="SavePath", cchCount1=-1, lpString2="Setup", cchCount2=-1) returned 1 [0066.649] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="SavePath", cchCount1=-1, lpString2="TempMode", cchCount2=-1) returned 1 [0066.649] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="SavePath", cchCount1=-1, lpString2="License", cchCount2=-1) returned 3 [0066.649] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="SavePath", cchCount1=-1, lpString2="Presetup", cchCount2=-1) returned 3 [0066.649] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="SavePath", cchCount1=-1, lpString2="Shortcut", cchCount2=-1) returned 1 [0066.649] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="SavePath", cchCount1=-1, lpString2="SavePath", cchCount2=-1) returned 2 [0066.649] ExpandEnvironmentStringsW (in: lpSrc="fatura.exe", lpDst=0xacfacc, nSize=0x1000 | out: lpDst="fatura.exe") returned 0xb [0066.649] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Setup", cchCount1=-1, lpString2="Delete", cchCount2=-1) returned 3 [0066.649] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Setup", cchCount1=-1, lpString2="Text", cchCount2=-1) returned 1 [0066.649] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Setup", cchCount1=-1, lpString2="Title", cchCount2=-1) returned 1 [0066.649] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Setup", cchCount1=-1, lpString2="Path", cchCount2=-1) returned 3 [0066.649] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Setup", cchCount1=-1, lpString2="Silent", cchCount2=-1) returned 1 [0066.649] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Setup", cchCount1=-1, lpString2="Overwrite", cchCount2=-1) returned 3 [0066.649] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Setup", cchCount1=-1, lpString2="Setup", cchCount2=-1) returned 2 [0066.649] ExpandEnvironmentStringsW (in: lpSrc="1", lpDst=0xacfacc, nSize=0x1000 | out: lpDst="1") returned 0x2 [0066.649] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Silent", cchCount1=-1, lpString2="Delete", cchCount2=-1) returned 3 [0066.649] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Silent", cchCount1=-1, lpString2="Text", cchCount2=-1) returned 1 [0066.649] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Silent", cchCount1=-1, lpString2="Title", cchCount2=-1) returned 1 [0066.649] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Silent", cchCount1=-1, lpString2="Path", cchCount2=-1) returned 3 [0066.649] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Silent", cchCount1=-1, lpString2="Silent", cchCount2=-1) returned 2 [0066.649] ExpandEnvironmentStringsW (in: lpSrc="1", lpDst=0xacfacc, nSize=0x1000 | out: lpDst="1") returned 0x2 [0066.649] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Overwrite", cchCount1=-1, lpString2="Delete", cchCount2=-1) returned 3 [0066.649] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Overwrite", cchCount1=-1, lpString2="Text", cchCount2=-1) returned 1 [0066.649] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Overwrite", cchCount1=-1, lpString2="Title", cchCount2=-1) returned 1 [0066.649] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Overwrite", cchCount1=-1, lpString2="Path", cchCount2=-1) returned 1 [0066.649] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Overwrite", cchCount1=-1, lpString2="Silent", cchCount2=-1) returned 1 [0066.649] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Overwrite", cchCount1=-1, lpString2="Overwrite", cchCount2=-1) returned 2 [0066.650] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Bu açıklamadan sonraki kısım SFX kod komutlarını içerir", cchCount1=-1, lpString2="Delete", cchCount2=-1) returned 1 [0066.656] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Bu açıklamadan sonraki kısım SFX kod komutlarını içerir", cchCount1=-1, lpString2="Text", cchCount2=-1) returned 1 [0066.656] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Bu açıklamadan sonraki kısım SFX kod komutlarını içerir", cchCount1=-1, lpString2="Title", cchCount2=-1) returned 1 [0066.657] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Bu açıklamadan sonraki kısım SFX kod komutlarını içerir", cchCount1=-1, lpString2="Path", cchCount2=-1) returned 1 [0066.657] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Bu açıklamadan sonraki kısım SFX kod komutlarını içerir", cchCount1=-1, lpString2="Silent", cchCount2=-1) returned 1 [0066.657] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Bu açıklamadan sonraki kısım SFX kod komutlarını içerir", cchCount1=-1, lpString2="Overwrite", cchCount2=-1) returned 1 [0066.657] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Bu açıklamadan sonraki kısım SFX kod komutlarını içerir", cchCount1=-1, lpString2="Setup", cchCount2=-1) returned 1 [0066.657] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Bu açıklamadan sonraki kısım SFX kod komutlarını içerir", cchCount1=-1, lpString2="TempMode", cchCount2=-1) returned 1 [0066.657] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Bu açıklamadan sonraki kısım SFX kod komutlarını içerir", cchCount1=-1, lpString2="License", cchCount2=-1) returned 1 [0066.657] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Bu açıklamadan sonraki kısım SFX kod komutlarını içerir", cchCount1=-1, lpString2="Presetup", cchCount2=-1) returned 1 [0066.657] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Bu açıklamadan sonraki kısım SFX kod komutlarını içerir", cchCount1=-1, lpString2="Shortcut", cchCount2=-1) returned 1 [0066.657] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Bu açıklamadan sonraki kısım SFX kod komutlarını içerir", cchCount1=-1, lpString2="SavePath", cchCount2=-1) returned 1 [0066.657] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Bu açıklamadan sonraki kısım SFX kod komutlarını içerir", cchCount1=-1, lpString2="Update", cchCount2=-1) returned 1 [0066.657] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Bu açıklamadan sonraki kısım SFX kod komutlarını içerir", cchCount1=-1, lpString2="SetupCode", cchCount2=-1) returned 1 [0066.657] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Delete", cchCount2=-1) returned 1 [0066.657] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Text", cchCount2=-1) returned 1 [0066.657] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Title", cchCount2=-1) returned 1 [0066.657] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Path", cchCount2=-1) returned 1 [0066.657] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Silent", cchCount2=-1) returned 1 [0066.657] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Overwrite", cchCount2=-1) returned 1 [0066.657] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Setup", cchCount2=-1) returned 1 [0066.657] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="TempMode", cchCount2=-1) returned 1 [0066.657] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="License", cchCount2=-1) returned 1 [0066.657] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Presetup", cchCount2=-1) returned 1 [0066.657] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Shortcut", cchCount2=-1) returned 1 [0066.657] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="SavePath", cchCount2=-1) returned 1 [0066.657] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Update", cchCount2=-1) returned 1 [0066.657] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="SetupCode", cchCount2=-1) returned 1 [0066.657] ExpandEnvironmentStringsW (in: lpSrc="%temp%", lpDst=0xacfacc, nSize=0x1000 | out: lpDst="C:\\Users\\FD1HVy\\AppData\\Local\\Temp") returned 0x23 [0066.657] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Path", cchCount1=-1, lpString2="Delete", cchCount2=-1) returned 3 [0066.657] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Path", cchCount1=-1, lpString2="Text", cchCount2=-1) returned 1 [0066.657] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Path", cchCount1=-1, lpString2="Title", cchCount2=-1) returned 1 [0066.657] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Path", cchCount1=-1, lpString2="Path", cchCount2=-1) returned 2 [0066.658] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="SavePath", cchCount1=-1, lpString2="Delete", cchCount2=-1) returned 3 [0066.658] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="SavePath", cchCount1=-1, lpString2="Text", cchCount2=-1) returned 1 [0066.658] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="SavePath", cchCount1=-1, lpString2="Title", cchCount2=-1) returned 1 [0066.658] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="SavePath", cchCount1=-1, lpString2="Path", cchCount2=-1) returned 3 [0066.658] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="SavePath", cchCount1=-1, lpString2="Silent", cchCount2=-1) returned 1 [0066.658] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="SavePath", cchCount1=-1, lpString2="Overwrite", cchCount2=-1) returned 3 [0066.658] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="SavePath", cchCount1=-1, lpString2="Setup", cchCount2=-1) returned 1 [0066.658] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="SavePath", cchCount1=-1, lpString2="TempMode", cchCount2=-1) returned 1 [0066.658] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="SavePath", cchCount1=-1, lpString2="License", cchCount2=-1) returned 3 [0066.658] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="SavePath", cchCount1=-1, lpString2="Presetup", cchCount2=-1) returned 3 [0066.658] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="SavePath", cchCount1=-1, lpString2="Shortcut", cchCount2=-1) returned 1 [0066.658] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="SavePath", cchCount1=-1, lpString2="SavePath", cchCount2=-1) returned 2 [0066.658] ExpandEnvironmentStringsW (in: lpSrc="fatura.exe", lpDst=0xacfacc, nSize=0x1000 | out: lpDst="fatura.exe") returned 0xb [0066.658] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Setup", cchCount1=-1, lpString2="Delete", cchCount2=-1) returned 3 [0066.658] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Setup", cchCount1=-1, lpString2="Text", cchCount2=-1) returned 1 [0066.658] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Setup", cchCount1=-1, lpString2="Title", cchCount2=-1) returned 1 [0066.658] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Setup", cchCount1=-1, lpString2="Path", cchCount2=-1) returned 3 [0066.658] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Setup", cchCount1=-1, lpString2="Silent", cchCount2=-1) returned 1 [0066.658] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Setup", cchCount1=-1, lpString2="Overwrite", cchCount2=-1) returned 3 [0066.658] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Setup", cchCount1=-1, lpString2="Setup", cchCount2=-1) returned 2 [0066.658] ExpandEnvironmentStringsW (in: lpSrc="1", lpDst=0xacfacc, nSize=0x1000 | out: lpDst="1") returned 0x2 [0066.658] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Silent", cchCount1=-1, lpString2="Delete", cchCount2=-1) returned 3 [0066.658] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Silent", cchCount1=-1, lpString2="Text", cchCount2=-1) returned 1 [0066.658] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Silent", cchCount1=-1, lpString2="Title", cchCount2=-1) returned 1 [0066.658] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Silent", cchCount1=-1, lpString2="Path", cchCount2=-1) returned 3 [0066.658] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Silent", cchCount1=-1, lpString2="Silent", cchCount2=-1) returned 2 [0066.658] ExpandEnvironmentStringsW (in: lpSrc="1", lpDst=0xacfacc, nSize=0x1000 | out: lpDst="1") returned 0x2 [0066.658] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Overwrite", cchCount1=-1, lpString2="Delete", cchCount2=-1) returned 3 [0066.658] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Overwrite", cchCount1=-1, lpString2="Text", cchCount2=-1) returned 1 [0066.658] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Overwrite", cchCount1=-1, lpString2="Title", cchCount2=-1) returned 1 [0066.658] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Overwrite", cchCount1=-1, lpString2="Path", cchCount2=-1) returned 1 [0066.659] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Overwrite", cchCount1=-1, lpString2="Silent", cchCount2=-1) returned 1 [0066.659] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Overwrite", cchCount1=-1, lpString2="Overwrite", cchCount2=-1) returned 2 [0066.659] SendMessageW (hWnd=0x1024c, Msg=0x111, wParam=0x1, lParam=0x0) returned 0x0 [0066.659] GetProcAddress (hModule=0x74b70000, lpProcName="GetDlgItemTextW") returned 0x74b79340 [0066.659] GetDlgItemTextW (in: hDlg=0x1024c, nIDDlgItem=102, lpString=0xaeb32c, cchMax=2048 | out: lpString="C:\\Users\\FD1HVy\\AppData\\Local\\Temp") returned 0x22 [0066.659] GetDlgItem (hDlg=0x1024c, nIDDlgItem=104) returned 0x1025c [0066.659] SendMessageW (hWnd=0x1025c, Msg=0xb1, wParam=0x0, lParam=0xffffffff) returned 0x0 [0066.659] SendMessageW (hWnd=0x1025c, Msg=0xc2, wParam=0x0, lParam=0x13502e4) returned 0x0 [0066.660] GetProcAddress (hModule=0x74b70000, lpProcName="SetFocus") returned 0x74ba3d10 [0066.660] SetFocus (hWnd=0x1025c) returned 0x0 [0067.867] GetProcAddress (hModule=0x74b70000, lpProcName="LoadStringW") returned 0x74ba0480 [0067.867] LoadStringW (in: hInstance=0x1320000, uID=0xb9, lpBuffer=0x135d030, cchBufferMax=512 | out: lpBuffer="Extracting files to %s folder") returned 0x1d [0067.867] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Extracting files to %s folder", cchWideChar=-1, lpMultiByteStr=0xad97b4, cbMultiByte=4096, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Extracting files to %s folder", lpUsedDefaultChar=0x0) returned 30 [0067.867] GetLastError () returned 0x0 [0067.867] SetLastError (dwErrCode=0x0) [0067.867] GetLastError () returned 0x0 [0067.867] SetLastError (dwErrCode=0x0) [0067.867] GetDlgItem (hDlg=0x1024c, nIDDlgItem=104) returned 0x1025c [0067.868] GetProcAddress (hModule=0x74b70000, lpProcName="ShowWindow") returned 0x74ba3ee0 [0067.868] ShowWindow (hWnd=0x1025c, nCmdShow=5) returned 1 [0067.868] SendMessageW (hWnd=0x1025c, Msg=0xb1, wParam=0x0, lParam=0xffffffff) returned 0x0 [0067.868] SendMessageW (hWnd=0x1025c, Msg=0xc2, wParam=0x0, lParam=0x13502e4) returned 0x0 [0067.868] SendMessageW (hWnd=0x1025c, Msg=0xb1, wParam=0x5f5e100, lParam=0x5f5e100) returned 0x0 [0067.869] SendMessageW (hWnd=0x1025c, Msg=0x43a, wParam=0x0, lParam=0xadb77c) returned 0xf800003f [0067.869] SendMessageW (hWnd=0x1025c, Msg=0x444, wParam=0x1, lParam=0xadb77c) returned 0x1 [0067.869] SendMessageW (hWnd=0x1025c, Msg=0xc2, wParam=0x0, lParam=0xae9208) returned 0x42 [0067.875] SendMessageW (hWnd=0x1025c, Msg=0xb1, wParam=0x5f5e100, lParam=0x5f5e100) returned 0x42 [0067.876] SendMessageW (hWnd=0x1025c, Msg=0xc2, wParam=0x0, lParam=0x1351368) returned 0x1 [0067.877] LoadLibraryExA (lpLibFileName="ADVAPI32.dll", hFile=0x0, dwFlags=0x0) returned 0x761b0000 [0067.877] GetProcAddress (hModule=0x761b0000, lpProcName="RegCreateKeyExW") returned 0x761cf4f0 [0067.877] RegCreateKeyExW (in: hKey=0x80000001, lpSubKey="Software\\WinRAR SFX", Reserved=0x0, lpClass=0x0, dwOptions=0x0, samDesired=0x20006, lpSecurityAttributes=0x0, phkResult=0xadb7d4, lpdwDisposition=0xadb7d0 | out: phkResult=0xadb7d4*=0x334, lpdwDisposition=0xadb7d0*=0x2) returned 0x0 [0067.877] GetProcAddress (hModule=0x761b0000, lpProcName="RegSetValueExW") returned 0x761cf530 [0067.877] RegSetValueExW (in: hKey=0x334, lpValueName="C%%Users%FD1HVy%AppData%Local%Temp", Reserved=0x0, dwType=0x1, lpData="C:\\Users\\FD1HVy\\AppData\\Local\\Temp", cbData=0x46 | out: lpData="C:\\Users\\FD1HVy\\AppData\\Local\\Temp") returned 0x0 [0067.878] GetProcAddress (hModule=0x761b0000, lpProcName="RegCloseKey") returned 0x761ced60 [0067.878] RegCloseKey (hKey=0x334) returned 0x0 [0067.878] CreateDirectoryW (lpPathName="C:\\Users" (normalized: "c:\\users"), lpSecurityAttributes=0x0) returned 0 [0067.878] GetFileAttributesW (lpFileName="C:\\Users" (normalized: "c:\\users")) returned 0x11 [0067.878] GetLastError () returned 0xb7 [0067.878] CreateDirectoryW (lpPathName="C:\\Users\\FD1HVy" (normalized: "c:\\users\\fd1hvy"), lpSecurityAttributes=0x0) returned 0 [0067.878] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy" (normalized: "c:\\users\\fd1hvy")) returned 0x10 [0067.879] GetLastError () returned 0xb7 [0067.879] CreateDirectoryW (lpPathName="C:\\Users\\FD1HVy\\AppData" (normalized: "c:\\users\\fd1hvy\\appdata"), lpSecurityAttributes=0x0) returned 0 [0067.879] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData" (normalized: "c:\\users\\fd1hvy\\appdata")) returned 0x12 [0067.879] GetLastError () returned 0xb7 [0067.879] CreateDirectoryW (lpPathName="C:\\Users\\FD1HVy\\AppData\\Local" (normalized: "c:\\users\\fd1hvy\\appdata\\local"), lpSecurityAttributes=0x0) returned 0 [0067.879] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local" (normalized: "c:\\users\\fd1hvy\\appdata\\local")) returned 0x10 [0067.879] GetLastError () returned 0xb7 [0067.879] CreateDirectoryW (lpPathName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp"), lpSecurityAttributes=0x0) returned 0 [0067.879] GetFileAttributesW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp")) returned 0x10 [0067.879] GetLastError () returned 0xb7 [0067.879] GetLastError () returned 0xb7 [0067.879] SetCurrentDirectoryW (lpPathName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp")) returned 1 [0067.879] GetTickCount () returned 0x11515e6 [0067.879] GetLastError () returned 0xb7 [0067.879] SetLastError (dwErrCode=0xb7) [0067.879] CreateFileW (lpFileName="__tmp_rar_sfx_access_check_18159078" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\__tmp_rar_sfx_access_check_18159078"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x7c [0067.880] CloseHandle (hObject=0x7c) returned 1 [0067.880] DeleteFileW (lpFileName="__tmp_rar_sfx_access_check_18159078" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\__tmp_rar_sfx_access_check_18159078")) returned 1 [0067.880] GetDlgItem (hDlg=0x1024c, nIDDlgItem=103) returned 0x1025a [0067.880] ShowWindow (hWnd=0x1025a, nCmdShow=0) returned 1 [0067.880] GetDlgItem (hDlg=0x1024c, nIDDlgItem=102) returned 0x10254 [0067.880] ShowWindow (hWnd=0x10254, nCmdShow=0) returned 1 [0067.881] LoadStringW (in: hInstance=0x1320000, uID=0xe6, lpBuffer=0x135d430, cchBufferMax=512 | out: lpBuffer="Pause") returned 0x5 [0067.881] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Pause", cchWideChar=-1, lpMultiByteStr=0xad97b8, cbMultiByte=4096, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Pause", lpUsedDefaultChar=0x0) returned 6 [0067.881] GetLastError () returned 0x0 [0067.881] SetLastError (dwErrCode=0x0) [0067.881] GetProcAddress (hModule=0x74b70000, lpProcName="SetDlgItemTextW") returned 0x74b79490 [0067.881] SetDlgItemTextW (hDlg=0x1024c, nIDDlgItem=1, lpString="Duraklat") returned 1 [0067.881] GetDlgItem (hDlg=0x1024c, nIDDlgItem=105) returned 0x1025e [0067.881] ShowWindow (hWnd=0x1025e, nCmdShow=9) returned 0 [0067.881] GetProcAddress (hModule=0x74b70000, lpProcName="SetDlgItemTextW") returned 0x74b79490 [0067.881] SetDlgItemTextW (hDlg=0x1024c, nIDDlgItem=101, lpString="") returned 1 [0067.882] GetDlgItem (hDlg=0x1024c, nIDDlgItem=101) returned 0x10252 [0067.882] GetProcAddress (hModule=0x74b70000, lpProcName="GetWindowLongW") returned 0x74b937e0 [0067.882] GetWindowLongW (hWnd=0x10252, nIndex=-16) returned 1342341120 [0067.882] GetProcAddress (hModule=0x74b70000, lpProcName="SetWindowLongW") returned 0x74b958c0 [0067.882] SetWindowLongW (hWnd=0x10252, nIndex=-16, dwNewLong=1342341248) returned 1342341120 [0067.883] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Bu açıklamadan sonraki kısım SFX kod komutlarını içerir", cchCount1=-1, lpString2="Delete", cchCount2=-1) returned 1 [0067.883] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Bu açıklamadan sonraki kısım SFX kod komutlarını içerir", cchCount1=-1, lpString2="Text", cchCount2=-1) returned 1 [0067.883] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Bu açıklamadan sonraki kısım SFX kod komutlarını içerir", cchCount1=-1, lpString2="Title", cchCount2=-1) returned 1 [0067.883] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Bu açıklamadan sonraki kısım SFX kod komutlarını içerir", cchCount1=-1, lpString2="Path", cchCount2=-1) returned 1 [0067.883] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Bu açıklamadan sonraki kısım SFX kod komutlarını içerir", cchCount1=-1, lpString2="Silent", cchCount2=-1) returned 1 [0067.883] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Bu açıklamadan sonraki kısım SFX kod komutlarını içerir", cchCount1=-1, lpString2="Overwrite", cchCount2=-1) returned 1 [0067.883] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Bu açıklamadan sonraki kısım SFX kod komutlarını içerir", cchCount1=-1, lpString2="Setup", cchCount2=-1) returned 1 [0067.883] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Bu açıklamadan sonraki kısım SFX kod komutlarını içerir", cchCount1=-1, lpString2="TempMode", cchCount2=-1) returned 1 [0067.884] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Bu açıklamadan sonraki kısım SFX kod komutlarını içerir", cchCount1=-1, lpString2="License", cchCount2=-1) returned 1 [0067.884] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Bu açıklamadan sonraki kısım SFX kod komutlarını içerir", cchCount1=-1, lpString2="Presetup", cchCount2=-1) returned 1 [0067.884] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Bu açıklamadan sonraki kısım SFX kod komutlarını içerir", cchCount1=-1, lpString2="Shortcut", cchCount2=-1) returned 1 [0067.884] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Bu açıklamadan sonraki kısım SFX kod komutlarını içerir", cchCount1=-1, lpString2="SavePath", cchCount2=-1) returned 1 [0067.884] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Bu açıklamadan sonraki kısım SFX kod komutlarını içerir", cchCount1=-1, lpString2="Update", cchCount2=-1) returned 1 [0067.884] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Bu açıklamadan sonraki kısım SFX kod komutlarını içerir", cchCount1=-1, lpString2="SetupCode", cchCount2=-1) returned 1 [0067.884] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Delete", cchCount2=-1) returned 1 [0067.884] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Text", cchCount2=-1) returned 1 [0067.884] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Title", cchCount2=-1) returned 1 [0067.884] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Path", cchCount2=-1) returned 1 [0067.884] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Silent", cchCount2=-1) returned 1 [0067.884] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Overwrite", cchCount2=-1) returned 1 [0067.884] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Setup", cchCount2=-1) returned 1 [0067.884] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="TempMode", cchCount2=-1) returned 1 [0067.884] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="License", cchCount2=-1) returned 1 [0067.884] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Presetup", cchCount2=-1) returned 1 [0067.884] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Shortcut", cchCount2=-1) returned 1 [0067.884] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="SavePath", cchCount2=-1) returned 1 [0067.884] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Update", cchCount2=-1) returned 1 [0067.884] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="SetupCode", cchCount2=-1) returned 1 [0067.884] ExpandEnvironmentStringsW (in: lpSrc="%temp%", lpDst=0xabdb1c, nSize=0x1000 | out: lpDst="C:\\Users\\FD1HVy\\AppData\\Local\\Temp") returned 0x23 [0067.884] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Path", cchCount1=-1, lpString2="Delete", cchCount2=-1) returned 3 [0067.884] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Path", cchCount1=-1, lpString2="Text", cchCount2=-1) returned 1 [0067.884] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Path", cchCount1=-1, lpString2="Title", cchCount2=-1) returned 1 [0067.884] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Path", cchCount1=-1, lpString2="Path", cchCount2=-1) returned 2 [0067.884] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="SavePath", cchCount1=-1, lpString2="Delete", cchCount2=-1) returned 3 [0067.884] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="SavePath", cchCount1=-1, lpString2="Text", cchCount2=-1) returned 1 [0067.884] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="SavePath", cchCount1=-1, lpString2="Title", cchCount2=-1) returned 1 [0067.884] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="SavePath", cchCount1=-1, lpString2="Path", cchCount2=-1) returned 3 [0067.884] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="SavePath", cchCount1=-1, lpString2="Silent", cchCount2=-1) returned 1 [0067.884] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="SavePath", cchCount1=-1, lpString2="Overwrite", cchCount2=-1) returned 3 [0067.884] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="SavePath", cchCount1=-1, lpString2="Setup", cchCount2=-1) returned 1 [0067.885] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="SavePath", cchCount1=-1, lpString2="TempMode", cchCount2=-1) returned 1 [0067.885] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="SavePath", cchCount1=-1, lpString2="License", cchCount2=-1) returned 3 [0067.885] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="SavePath", cchCount1=-1, lpString2="Presetup", cchCount2=-1) returned 3 [0067.885] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="SavePath", cchCount1=-1, lpString2="Shortcut", cchCount2=-1) returned 1 [0067.885] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="SavePath", cchCount1=-1, lpString2="SavePath", cchCount2=-1) returned 2 [0067.885] ExpandEnvironmentStringsW (in: lpSrc="fatura.exe", lpDst=0xabdb1c, nSize=0x1000 | out: lpDst="fatura.exe") returned 0xb [0067.885] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Setup", cchCount1=-1, lpString2="Delete", cchCount2=-1) returned 3 [0067.885] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Setup", cchCount1=-1, lpString2="Text", cchCount2=-1) returned 1 [0067.885] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Setup", cchCount1=-1, lpString2="Title", cchCount2=-1) returned 1 [0067.885] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Setup", cchCount1=-1, lpString2="Path", cchCount2=-1) returned 3 [0067.885] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Setup", cchCount1=-1, lpString2="Silent", cchCount2=-1) returned 1 [0067.885] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Setup", cchCount1=-1, lpString2="Overwrite", cchCount2=-1) returned 3 [0067.885] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Setup", cchCount1=-1, lpString2="Setup", cchCount2=-1) returned 2 [0067.885] ExpandEnvironmentStringsW (in: lpSrc="1", lpDst=0xabdb1c, nSize=0x1000 | out: lpDst="1") returned 0x2 [0067.885] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Silent", cchCount1=-1, lpString2="Delete", cchCount2=-1) returned 3 [0067.885] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Silent", cchCount1=-1, lpString2="Text", cchCount2=-1) returned 1 [0067.885] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Silent", cchCount1=-1, lpString2="Title", cchCount2=-1) returned 1 [0067.885] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Silent", cchCount1=-1, lpString2="Path", cchCount2=-1) returned 3 [0067.885] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Silent", cchCount1=-1, lpString2="Silent", cchCount2=-1) returned 2 [0067.885] ExpandEnvironmentStringsW (in: lpSrc="1", lpDst=0xabdb1c, nSize=0x1000 | out: lpDst="1") returned 0x2 [0067.885] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Overwrite", cchCount1=-1, lpString2="Delete", cchCount2=-1) returned 3 [0067.885] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Overwrite", cchCount1=-1, lpString2="Text", cchCount2=-1) returned 1 [0067.885] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Overwrite", cchCount1=-1, lpString2="Title", cchCount2=-1) returned 1 [0067.885] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Overwrite", cchCount1=-1, lpString2="Path", cchCount2=-1) returned 1 [0067.885] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Overwrite", cchCount1=-1, lpString2="Silent", cchCount2=-1) returned 1 [0067.885] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Overwrite", cchCount1=-1, lpString2="Overwrite", cchCount2=-1) returned 2 [0067.885] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Bu açıklamadan sonraki kısım SFX kod komutlarını içerir", cchCount1=-1, lpString2="Delete", cchCount2=-1) returned 1 [0067.885] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Bu açıklamadan sonraki kısım SFX kod komutlarını içerir", cchCount1=-1, lpString2="Text", cchCount2=-1) returned 1 [0067.885] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Bu açıklamadan sonraki kısım SFX kod komutlarını içerir", cchCount1=-1, lpString2="Title", cchCount2=-1) returned 1 [0067.885] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Bu açıklamadan sonraki kısım SFX kod komutlarını içerir", cchCount1=-1, lpString2="Path", cchCount2=-1) returned 1 [0067.885] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Bu açıklamadan sonraki kısım SFX kod komutlarını içerir", cchCount1=-1, lpString2="Silent", cchCount2=-1) returned 1 [0067.886] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Bu açıklamadan sonraki kısım SFX kod komutlarını içerir", cchCount1=-1, lpString2="Overwrite", cchCount2=-1) returned 1 [0067.886] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Bu açıklamadan sonraki kısım SFX kod komutlarını içerir", cchCount1=-1, lpString2="Setup", cchCount2=-1) returned 1 [0067.886] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Bu açıklamadan sonraki kısım SFX kod komutlarını içerir", cchCount1=-1, lpString2="TempMode", cchCount2=-1) returned 1 [0067.886] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Bu açıklamadan sonraki kısım SFX kod komutlarını içerir", cchCount1=-1, lpString2="License", cchCount2=-1) returned 1 [0067.886] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Bu açıklamadan sonraki kısım SFX kod komutlarını içerir", cchCount1=-1, lpString2="Presetup", cchCount2=-1) returned 1 [0067.886] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Bu açıklamadan sonraki kısım SFX kod komutlarını içerir", cchCount1=-1, lpString2="Shortcut", cchCount2=-1) returned 1 [0067.886] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Bu açıklamadan sonraki kısım SFX kod komutlarını içerir", cchCount1=-1, lpString2="SavePath", cchCount2=-1) returned 1 [0067.886] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Bu açıklamadan sonraki kısım SFX kod komutlarını içerir", cchCount1=-1, lpString2="Update", cchCount2=-1) returned 1 [0067.886] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Bu açıklamadan sonraki kısım SFX kod komutlarını içerir", cchCount1=-1, lpString2="SetupCode", cchCount2=-1) returned 1 [0067.886] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Delete", cchCount2=-1) returned 1 [0067.886] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Text", cchCount2=-1) returned 1 [0067.886] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Title", cchCount2=-1) returned 1 [0067.886] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Path", cchCount2=-1) returned 1 [0067.886] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Silent", cchCount2=-1) returned 1 [0067.886] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Overwrite", cchCount2=-1) returned 1 [0067.886] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Setup", cchCount2=-1) returned 1 [0067.886] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="TempMode", cchCount2=-1) returned 1 [0067.886] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="License", cchCount2=-1) returned 1 [0067.886] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Presetup", cchCount2=-1) returned 1 [0067.886] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Shortcut", cchCount2=-1) returned 1 [0067.886] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="SavePath", cchCount2=-1) returned 1 [0067.886] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Update", cchCount2=-1) returned 1 [0067.886] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="SetupCode", cchCount2=-1) returned 1 [0067.886] ExpandEnvironmentStringsW (in: lpSrc="%temp%", lpDst=0xabdb1c, nSize=0x1000 | out: lpDst="C:\\Users\\FD1HVy\\AppData\\Local\\Temp") returned 0x23 [0067.886] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Path", cchCount1=-1, lpString2="Delete", cchCount2=-1) returned 3 [0067.886] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Path", cchCount1=-1, lpString2="Text", cchCount2=-1) returned 1 [0067.886] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Path", cchCount1=-1, lpString2="Title", cchCount2=-1) returned 1 [0067.886] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Path", cchCount1=-1, lpString2="Path", cchCount2=-1) returned 2 [0067.886] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="SavePath", cchCount1=-1, lpString2="Delete", cchCount2=-1) returned 3 [0067.886] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="SavePath", cchCount1=-1, lpString2="Text", cchCount2=-1) returned 1 [0067.886] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="SavePath", cchCount1=-1, lpString2="Title", cchCount2=-1) returned 1 [0067.886] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="SavePath", cchCount1=-1, lpString2="Path", cchCount2=-1) returned 3 [0067.887] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="SavePath", cchCount1=-1, lpString2="Silent", cchCount2=-1) returned 1 [0067.887] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="SavePath", cchCount1=-1, lpString2="Overwrite", cchCount2=-1) returned 3 [0067.887] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="SavePath", cchCount1=-1, lpString2="Setup", cchCount2=-1) returned 1 [0067.887] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="SavePath", cchCount1=-1, lpString2="TempMode", cchCount2=-1) returned 1 [0067.887] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="SavePath", cchCount1=-1, lpString2="License", cchCount2=-1) returned 3 [0067.887] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="SavePath", cchCount1=-1, lpString2="Presetup", cchCount2=-1) returned 3 [0067.887] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="SavePath", cchCount1=-1, lpString2="Shortcut", cchCount2=-1) returned 1 [0067.887] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="SavePath", cchCount1=-1, lpString2="SavePath", cchCount2=-1) returned 2 [0067.887] ExpandEnvironmentStringsW (in: lpSrc="fatura.exe", lpDst=0xabdb1c, nSize=0x1000 | out: lpDst="fatura.exe") returned 0xb [0067.887] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Setup", cchCount1=-1, lpString2="Delete", cchCount2=-1) returned 3 [0067.887] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Setup", cchCount1=-1, lpString2="Text", cchCount2=-1) returned 1 [0067.887] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Setup", cchCount1=-1, lpString2="Title", cchCount2=-1) returned 1 [0067.887] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Setup", cchCount1=-1, lpString2="Path", cchCount2=-1) returned 3 [0067.887] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Setup", cchCount1=-1, lpString2="Silent", cchCount2=-1) returned 1 [0067.887] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Setup", cchCount1=-1, lpString2="Overwrite", cchCount2=-1) returned 3 [0067.887] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Setup", cchCount1=-1, lpString2="Setup", cchCount2=-1) returned 2 [0067.887] ExpandEnvironmentStringsW (in: lpSrc="1", lpDst=0xabdb1c, nSize=0x1000 | out: lpDst="1") returned 0x2 [0067.887] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Silent", cchCount1=-1, lpString2="Delete", cchCount2=-1) returned 3 [0067.887] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Silent", cchCount1=-1, lpString2="Text", cchCount2=-1) returned 1 [0067.887] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Silent", cchCount1=-1, lpString2="Title", cchCount2=-1) returned 1 [0067.887] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Silent", cchCount1=-1, lpString2="Path", cchCount2=-1) returned 3 [0067.887] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Silent", cchCount1=-1, lpString2="Silent", cchCount2=-1) returned 2 [0067.887] ExpandEnvironmentStringsW (in: lpSrc="1", lpDst=0xabdb1c, nSize=0x1000 | out: lpDst="1") returned 0x2 [0067.887] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Overwrite", cchCount1=-1, lpString2="Delete", cchCount2=-1) returned 3 [0067.887] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Overwrite", cchCount1=-1, lpString2="Text", cchCount2=-1) returned 1 [0067.887] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Overwrite", cchCount1=-1, lpString2="Title", cchCount2=-1) returned 1 [0067.887] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Overwrite", cchCount1=-1, lpString2="Path", cchCount2=-1) returned 1 [0067.887] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Overwrite", cchCount1=-1, lpString2="Silent", cchCount2=-1) returned 1 [0067.887] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Overwrite", cchCount1=-1, lpString2="Overwrite", cchCount2=-1) returned 2 [0067.887] RtlAllocateHeap (HeapHandle=0x200000, Flags=0x0, Size=0x40) returned 0x221928 [0067.887] RtlAllocateHeap (HeapHandle=0x200000, Flags=0x0, Size=0x74) returned 0x210d18 [0067.888] RtlAllocateHeap (HeapHandle=0x200000, Flags=0x0, Size=0x10c0) returned 0x2493d8 [0067.888] RtlAllocateHeap (HeapHandle=0x200000, Flags=0x0, Size=0x10c0) returned 0x24a4a0 [0067.888] RtlAllocateHeap (HeapHandle=0x200000, Flags=0x0, Size=0xe6e0) returned 0x24b568 [0067.888] RtlAllocateHeap (HeapHandle=0x200000, Flags=0x0, Size=0x8003) returned 0x259c50 [0067.888] RtlAllocateHeap (HeapHandle=0x200000, Flags=0x0, Size=0x8003) returned 0x261c60 [0067.889] RtlAllocateHeap (HeapHandle=0x200000, Flags=0x0, Size=0x1b8) returned 0x238288 [0067.889] CreateSemaphoreW (lpSemaphoreAttributes=0x0, lInitialCount=0, lMaximumCount=32, lpName=0x0) returned 0x7c [0067.889] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=1, lpName=0x0) returned 0x338 [0067.889] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\RarSFX0\\fatura.sfx.exe", lpFindFileData=0xad73f0 | out: lpFindFileData=0xad73f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6725efed, ftCreationTime.dwHighDateTime=0x1d57301, ftLastAccessTime.dwLowDateTime=0x6725efed, ftLastAccessTime.dwHighDateTime=0x1d57301, ftLastWriteTime.dwLowDateTime=0xb163ad30, ftLastWriteTime.dwHighDateTime=0x1d56d82, nFileSizeHigh=0x0, nFileSizeLow=0xe35e4, dwReserved0=0x0, dwReserved1=0x0, cFileName="fatura.sfx.exe", cAlternateFileName="FATURA~1.EXE")) returned 0x29cb38 [0067.889] FindClose (in: hFindFile=0x29cb38 | out: hFindFile=0x29cb38) returned 1 [0067.890] RtlAllocateHeap (HeapHandle=0x200000, Flags=0x0, Size=0x10c0) returned 0x269c70 [0067.890] RtlAllocateHeap (HeapHandle=0x200000, Flags=0x0, Size=0x10c0) returned 0x26ad38 [0067.890] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\RarSFX0\\fatura.sfx.exe" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\rarsfx0\\fatura.sfx.exe"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8000000, hTemplateFile=0x0) returned 0x33c [0067.890] ReadFile (in: hFile=0x33c, lpBuffer=0xad0afc, nNumberOfBytesToRead=0x7, lpNumberOfBytesRead=0xace880, lpOverlapped=0x0 | out: lpBuffer=0xad0afc*, lpNumberOfBytesRead=0xace880*=0x7, lpOverlapped=0x0) returned 1 [0067.890] RtlAllocateHeap (HeapHandle=0x200000, Flags=0x0, Size=0x200000) returned 0x46de020 [0067.895] SetFilePointer (in: hFile=0x33c, lDistanceToMove=0, lpDistanceToMoveHigh=0xace8b0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0xace8b0*=0) returned 0x7 [0067.895] ReadFile (in: hFile=0x33c, lpBuffer=0x46de020, nNumberOfBytesToRead=0x1ffff0, lpNumberOfBytesRead=0xace880, lpOverlapped=0x0 | out: lpBuffer=0x46de020*, lpNumberOfBytesRead=0xace880*=0xe35dd, lpOverlapped=0x0) returned 1 [0067.931] SetFilePointer (in: hFile=0x33c, lDistanceToMove=309870, lpDistanceToMoveHigh=0xace8a0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0xace8a0*=0) returned 0x4ba6e [0067.931] ReadFile (in: hFile=0x33c, lpBuffer=0xad0afc, nNumberOfBytesToRead=0x7, lpNumberOfBytesRead=0xace880, lpOverlapped=0x0 | out: lpBuffer=0xad0afc*, lpNumberOfBytesRead=0xace880*=0x7, lpOverlapped=0x0) returned 1 [0067.931] HeapFree (in: hHeap=0x200000, dwFlags=0x0, lpMem=0x46de020 | out: hHeap=0x200000) returned 1 [0067.942] ReadFile (in: hFile=0x33c, lpBuffer=0xad0b03, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0xace880, lpOverlapped=0x0 | out: lpBuffer=0xad0b03*, lpNumberOfBytesRead=0xace880*=0x1, lpOverlapped=0x0) returned 1 [0067.942] SetFilePointer (in: hFile=0x33c, lDistanceToMove=0, lpDistanceToMoveHigh=0xace8a8*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0xace8a8*=0) returned 0x4ba76 [0067.942] RtlAllocateHeap (HeapHandle=0x200000, Flags=0x0, Size=0x20) returned 0x244870 [0067.942] ReadFile (in: hFile=0x33c, lpBuffer=0x244870, nNumberOfBytesToRead=0x7, lpNumberOfBytesRead=0xacc768, lpOverlapped=0x0 | out: lpBuffer=0x244870*, lpNumberOfBytesRead=0xacc768*=0x7, lpOverlapped=0x0) returned 1 [0067.942] ReadFile (in: hFile=0x33c, lpBuffer=0x244877, nNumberOfBytesToRead=0xa, lpNumberOfBytesRead=0xacc768, lpOverlapped=0x0 | out: lpBuffer=0x244877*, lpNumberOfBytesRead=0xacc768*=0xa, lpOverlapped=0x0) returned 1 [0067.942] HeapFree (in: hHeap=0x200000, dwFlags=0x0, lpMem=0x244870 | out: hHeap=0x200000) returned 1 [0067.942] SetFilePointer (in: hFile=0x33c, lDistanceToMove=309895, lpDistanceToMoveHigh=0xace89c*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0xace89c*=0) returned 0x4ba87 [0067.942] SetFilePointer (in: hFile=0x33c, lDistanceToMove=0, lpDistanceToMoveHigh=0xace8b0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0xace8b0*=0) returned 0x4ba87 [0067.942] SetFilePointer (in: hFile=0x33c, lDistanceToMove=0, lpDistanceToMoveHigh=0xace8a8*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0xace8a8*=0) returned 0x4ba87 [0067.942] RtlAllocateHeap (HeapHandle=0x200000, Flags=0x0, Size=0x20) returned 0x2445c8 [0067.942] ReadFile (in: hFile=0x33c, lpBuffer=0x2445c8, nNumberOfBytesToRead=0x7, lpNumberOfBytesRead=0xacc768, lpOverlapped=0x0 | out: lpBuffer=0x2445c8*, lpNumberOfBytesRead=0xacc768*=0x7, lpOverlapped=0x0) returned 1 [0067.942] ReadFile (in: hFile=0x33c, lpBuffer=0x2445cf, nNumberOfBytesToRead=0x11, lpNumberOfBytesRead=0xacc768, lpOverlapped=0x0 | out: lpBuffer=0x2445cf*, lpNumberOfBytesRead=0xacc768*=0x11, lpOverlapped=0x0) returned 1 [0067.942] HeapFree (in: hHeap=0x200000, dwFlags=0x0, lpMem=0x2445c8 | out: hHeap=0x200000) returned 1 [0067.942] SetFilePointer (in: hFile=0x33c, lDistanceToMove=310051, lpDistanceToMoveHigh=0xace89c*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0xace89c*=0) returned 0x4bb23 [0067.943] SetFilePointer (in: hFile=0x33c, lDistanceToMove=0, lpDistanceToMoveHigh=0xace8a8*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0xace8a8*=0) returned 0x4bb23 [0067.943] RtlAllocateHeap (HeapHandle=0x200000, Flags=0x0, Size=0x20) returned 0x244870 [0067.943] ReadFile (in: hFile=0x33c, lpBuffer=0x244870, nNumberOfBytesToRead=0x7, lpNumberOfBytesRead=0xacc768, lpOverlapped=0x0 | out: lpBuffer=0x244870*, lpNumberOfBytesRead=0xacc768*=0x7, lpOverlapped=0x0) returned 1 [0067.943] RtlReAllocateHeap (Heap=0x200000, Flags=0x0, Ptr=0x244870, Size=0x5e) returned 0x245748 [0067.943] ReadFile (in: hFile=0x33c, lpBuffer=0x24574f, nNumberOfBytesToRead=0x57, lpNumberOfBytesRead=0xacc768, lpOverlapped=0x0 | out: lpBuffer=0x24574f*, lpNumberOfBytesRead=0xacc768*=0x57, lpOverlapped=0x0) returned 1 [0067.943] HeapFree (in: hHeap=0x200000, dwFlags=0x0, lpMem=0x245748 | out: hHeap=0x200000) returned 1 [0067.943] SetFilePointer (in: hFile=0x33c, lDistanceToMove=309895, lpDistanceToMoveHigh=0xace888*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0xace888*=0) returned 0x4ba87 [0067.943] SetFilePointer (in: hFile=0x33c, lDistanceToMove=0, lpDistanceToMoveHigh=0xace8b4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0xace8b4*=0) returned 0x4ba87 [0067.943] SetFilePointer (in: hFile=0x33c, lDistanceToMove=0, lpDistanceToMoveHigh=0xace8a4*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0xace8a4*=0) returned 0xe35e4 [0067.943] SetFilePointer (in: hFile=0x33c, lDistanceToMove=0, lpDistanceToMoveHigh=0xace8b4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0xace8b4*=0) returned 0xe35e4 [0067.943] SetFilePointer (in: hFile=0x33c, lDistanceToMove=309895, lpDistanceToMoveHigh=0xace88c*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0xace88c*=0) returned 0x4ba87 [0067.943] GetSystemTime (in: lpSystemTime=0xace8c8 | out: lpSystemTime=0xace8c8*(wYear=0x7e3, wMonth=0x9, wDayOfWeek=0x2, wDay=0x18, wHour=0x11, wMinute=0x38, wSecond=0x32, wMilliseconds=0x2bc)) [0067.943] SystemTimeToFileTime (in: lpSystemTime=0xace8c8, lpFileTime=0xace8d8 | out: lpFileTime=0xace8d8) returned 1 [0067.943] LoadStringW (in: hInstance=0x1320000, uID=0x8d, lpBuffer=0x135d830, cchBufferMax=512 | out: lpBuffer="Extracting from %s") returned 0x12 [0067.943] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Extracting from %s", cchWideChar=-1, lpMultiByteStr=0xacb4b4, cbMultiByte=4096, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Extracting from %s", lpUsedDefaultChar=0x0) returned 19 [0067.943] GetLastError () returned 0x0 [0067.943] SetLastError (dwErrCode=0x0) [0067.943] GetLastError () returned 0x0 [0067.943] SetLastError (dwErrCode=0x0) [0067.943] GetDlgItem (hDlg=0x1024c, nIDDlgItem=104) returned 0x1025c [0067.943] SendMessageW (hWnd=0x1025c, Msg=0xb1, wParam=0x5f5e100, lParam=0x5f5e100) returned 0x43 [0067.944] SendMessageW (hWnd=0x1025c, Msg=0x43a, wParam=0x0, lParam=0xacd47c) returned 0xf800003f [0067.944] SendMessageW (hWnd=0x1025c, Msg=0x444, wParam=0x1, lParam=0xacd47c) returned 0x1 [0067.944] SendMessageW (hWnd=0x1025c, Msg=0xc2, wParam=0x0, lParam=0xacd4e4) returned 0x27 [0067.945] SendMessageW (hWnd=0x1025c, Msg=0xb1, wParam=0x5f5e100, lParam=0x5f5e100) returned 0x6a [0067.946] SendMessageW (hWnd=0x1025c, Msg=0xc2, wParam=0x0, lParam=0x1351368) returned 0x1 [0067.947] SetFilePointer (in: hFile=0x33c, lDistanceToMove=0, lpDistanceToMoveHigh=0xace8a0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0xace8a0*=0) returned 0x4ba87 [0067.947] SetFilePointer (in: hFile=0x33c, lDistanceToMove=309895, lpDistanceToMoveHigh=0xace88c*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0xace88c*=0) returned 0x4ba87 [0067.947] SetFilePointer (in: hFile=0x33c, lDistanceToMove=0, lpDistanceToMoveHigh=0xace880*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0xace880*=0) returned 0x4ba87 [0067.947] RtlAllocateHeap (HeapHandle=0x200000, Flags=0x0, Size=0x20) returned 0x2445f0 [0067.947] ReadFile (in: hFile=0x33c, lpBuffer=0x2445f0, nNumberOfBytesToRead=0x7, lpNumberOfBytesRead=0xacc740, lpOverlapped=0x0 | out: lpBuffer=0x2445f0*, lpNumberOfBytesRead=0xacc740*=0x7, lpOverlapped=0x0) returned 1 [0067.947] ReadFile (in: hFile=0x33c, lpBuffer=0x2445f7, nNumberOfBytesToRead=0x11, lpNumberOfBytesRead=0xacc740, lpOverlapped=0x0 | out: lpBuffer=0x2445f7*, lpNumberOfBytesRead=0xacc740*=0x11, lpOverlapped=0x0) returned 1 [0067.947] HeapFree (in: hHeap=0x200000, dwFlags=0x0, lpMem=0x2445f0 | out: hHeap=0x200000) returned 1 [0067.947] RtlAllocateHeap (HeapHandle=0x200000, Flags=0x0, Size=0x8003) returned 0x26be00 [0067.948] RtlAllocateHeap (HeapHandle=0x200000, Flags=0x0, Size=0x8003) returned 0x273e10 [0067.949] RtlAllocateHeap (HeapHandle=0x200000, Flags=0x0, Size=0x40000) returned 0x29efa0 [0067.954] RtlAllocateHeap (HeapHandle=0x200000, Flags=0x0, Size=0x84) returned 0x245748 [0067.954] RtlAllocateHeap (HeapHandle=0x200000, Flags=0x0, Size=0xb54) returned 0x2defa8 [0067.954] RtlAllocateHeap (HeapHandle=0x200000, Flags=0x0, Size=0x100000) returned 0x46dc020 [0067.957] ReadFile (in: hFile=0x33c, lpBuffer=0x46dc020, nNumberOfBytesToRead=0x84, lpNumberOfBytesRead=0xac00d8, lpOverlapped=0x0 | out: lpBuffer=0x46dc020*, lpNumberOfBytesRead=0xac00d8*=0x84, lpOverlapped=0x0) returned 1 [0067.957] PeekMessageW (in: lpMsg=0xac00e0, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0xac00e0) returned 1 [0067.958] GetMessageW (in: lpMsg=0xac00e0, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0xac00e0) returned 1 [0067.958] TranslateMessage (lpMsg=0xac00e0) returned 0 [0067.958] DispatchMessageW (lpMsg=0xac00e0) returned 0x0 [0067.958] SetThreadExecutionState (esFlags=0x1) returned 0x80000000 [0067.958] PeekMessageW (in: lpMsg=0xac00e4, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0xac00e4) returned 1 [0067.963] GetMessageW (in: lpMsg=0xac00e4, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0xac00e4) returned 1 [0067.963] TranslateMessage (lpMsg=0xac00e4) returned 0 [0067.963] DispatchMessageW (lpMsg=0xac00e4) returned 0x0 [0067.963] SetThreadExecutionState (esFlags=0x1) returned 0x80000000 [0067.963] PeekMessageW (in: lpMsg=0xac00d8, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0xac00d8) returned 1 [0067.963] GetMessageW (in: lpMsg=0xac00d8, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0xac00d8) returned 1 [0067.963] TranslateMessage (lpMsg=0xac00d8) returned 0 [0067.963] DispatchMessageW (lpMsg=0xac00d8) returned 0x0 [0067.963] SetThreadExecutionState (esFlags=0x1) returned 0x80000000 [0067.963] HeapFree (in: hHeap=0x200000, dwFlags=0x0, lpMem=0x46dc020 | out: hHeap=0x200000) returned 1 [0067.966] HeapFree (in: hHeap=0x200000, dwFlags=0x0, lpMem=0x29efa0 | out: hHeap=0x200000) returned 1 [0067.966] HeapFree (in: hHeap=0x200000, dwFlags=0x0, lpMem=0x273e10 | out: hHeap=0x200000) returned 1 [0067.966] HeapFree (in: hHeap=0x200000, dwFlags=0x0, lpMem=0x26be00 | out: hHeap=0x200000) returned 1 [0067.969] RtlReAllocateHeap (Heap=0x200000, Flags=0x0, Ptr=0x245748, Size=0xc5) returned 0x245748 [0067.969] RtlAllocateHeap (HeapHandle=0x200000, Flags=0x0, Size=0x10a) returned 0x249008 [0067.969] HeapFree (in: hHeap=0x200000, dwFlags=0x0, lpMem=0x245748 | out: hHeap=0x200000) returned 1 [0067.969] SetFilePointer (in: hFile=0x33c, lDistanceToMove=309895, lpDistanceToMoveHigh=0xace878*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0xace878*=0) returned 0x4ba87 [0067.969] HeapFree (in: hHeap=0x200000, dwFlags=0x0, lpMem=0x249008 | out: hHeap=0x200000) returned 1 [0067.969] SetFilePointer (in: hFile=0x33c, lDistanceToMove=0, lpDistanceToMoveHigh=0xace8f0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0xace8f0*=0) returned 0x4ba87 [0067.969] RtlAllocateHeap (HeapHandle=0x200000, Flags=0x0, Size=0x20) returned 0x244758 [0067.969] ReadFile (in: hFile=0x33c, lpBuffer=0x244758, nNumberOfBytesToRead=0x7, lpNumberOfBytesRead=0xacc7b0, lpOverlapped=0x0 | out: lpBuffer=0x244758*, lpNumberOfBytesRead=0xacc7b0*=0x7, lpOverlapped=0x0) returned 1 [0067.969] ReadFile (in: hFile=0x33c, lpBuffer=0x24475f, nNumberOfBytesToRead=0x11, lpNumberOfBytesRead=0xacc7b0, lpOverlapped=0x0 | out: lpBuffer=0x24475f*, lpNumberOfBytesRead=0xacc7b0*=0x11, lpOverlapped=0x0) returned 1 [0067.969] HeapFree (in: hHeap=0x200000, dwFlags=0x0, lpMem=0x244758 | out: hHeap=0x200000) returned 1 [0067.969] SetFilePointer (in: hFile=0x33c, lDistanceToMove=310051, lpDistanceToMoveHigh=0xac9728*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0xac9728*=0) returned 0x4bb23 [0067.969] SetFilePointer (in: hFile=0x33c, lDistanceToMove=0, lpDistanceToMoveHigh=0xace8f0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0xace8f0*=0) returned 0x4bb23 [0067.969] RtlAllocateHeap (HeapHandle=0x200000, Flags=0x0, Size=0x20) returned 0x244758 [0067.969] ReadFile (in: hFile=0x33c, lpBuffer=0x244758, nNumberOfBytesToRead=0x7, lpNumberOfBytesRead=0xacc7b0, lpOverlapped=0x0 | out: lpBuffer=0x244758*, lpNumberOfBytesRead=0xacc7b0*=0x7, lpOverlapped=0x0) returned 1 [0067.969] RtlReAllocateHeap (Heap=0x200000, Flags=0x0, Ptr=0x244758, Size=0x5e) returned 0x245748 [0067.969] ReadFile (in: hFile=0x33c, lpBuffer=0x24574f, nNumberOfBytesToRead=0x57, lpNumberOfBytesRead=0xacc7b0, lpOverlapped=0x0 | out: lpBuffer=0x24574f*, lpNumberOfBytesRead=0xacc7b0*=0x57, lpOverlapped=0x0) returned 1 [0067.969] HeapFree (in: hHeap=0x200000, dwFlags=0x0, lpMem=0x245748 | out: hHeap=0x200000) returned 1 [0067.969] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="*", cchCount1=1, lpString2="fatura.exe", cchCount2=1) returned 1 [0067.969] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="*", cchCount1=-1, lpString2="fatura.exe", cchCount2=-1) returned 1 [0067.969] SetFilePointer (in: hFile=0x33c, lDistanceToMove=310145, lpDistanceToMoveHigh=0xac972c*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0xac972c*=0) returned 0x4bb81 [0067.969] LoadStringW (in: hInstance=0x1320000, uID=0x65, lpBuffer=0x135dc30, cchBufferMax=512 | out: lpBuffer="Extracting %s") returned 0xd [0067.970] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Extracting %s", cchWideChar=-1, lpMultiByteStr=0xac62fc, cbMultiByte=4096, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Extracting %s", lpUsedDefaultChar=0x0) returned 14 [0067.970] GetLastError () returned 0x0 [0067.970] SetLastError (dwErrCode=0x0) [0067.970] GetLastError () returned 0x0 [0067.970] SetLastError (dwErrCode=0x0) [0067.970] SetDlgItemTextW (hDlg=0x1024c, nIDDlgItem=101, lpString="fatura.exe çıkartılıyor") returned 1 [0067.970] PeekMessageW (in: lpMsg=0xac8308, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0xac8308) returned 1 [0067.970] GetMessageW (in: lpMsg=0xac8308, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0xac8308) returned 1 [0067.970] TranslateMessage (lpMsg=0xac8308) returned 0 [0067.970] DispatchMessageW (lpMsg=0xac8308) returned 0x0 [0067.972] CryptUnprotectMemory (in: pDataIn=0xac9574, cbDataIn=0x100, dwFlags=0x0 | out: pDataIn=0xac9574) returned 1 [0067.972] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="1234", cchWideChar=-1, lpMultiByteStr=0xac9674, cbMultiByte=128, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="1234", lpUsedDefaultChar=0x0) returned 5 [0068.003] CryptProtectMemory (in: pDataIn=0x24aa66, cbDataIn=0x20, dwFlags=0x0 | out: pDataIn=0x24aa66) returned 1 [0068.003] GetFileAttributesW (lpFileName="fatura.exe" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\fatura.exe")) returned 0xffffffff [0068.003] GetCurrentDirectoryW (in: nBufferLength=0x7ff, lpBuffer=0xac66c0 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Temp") returned 0x22 [0068.003] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\fatura.exe" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\fatura.exe")) returned 0xffffffff [0068.003] CreateFileW (lpFileName="fatura.exe" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\fatura.exe"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x344 [0068.004] GetFileType (hFile=0x344) returned 0x1 [0068.004] RtlAllocateHeap (HeapHandle=0x200000, Flags=0x0, Size=0xb54) returned 0x26be00 [0068.004] RtlAllocateHeap (HeapHandle=0x200000, Flags=0x0, Size=0xb54) returned 0x26c960 [0068.004] RtlAllocateHeap (HeapHandle=0x200000, Flags=0x0, Size=0x100000) returned 0x46d7020 [0068.024] RtlAllocateHeap (HeapHandle=0x200000, Flags=0x0, Size=0x400400) returned 0x47e6020 [0068.087] RtlAllocateHeap (HeapHandle=0x200000, Flags=0x0, Size=0x25724) returned 0x29efa0 [0068.089] RtlAllocateHeap (HeapHandle=0x200000, Flags=0x0, Size=0x30c00) returned 0x4bf0048 [0068.090] RtlAllocateHeap (HeapHandle=0x200000, Flags=0x0, Size=0x30c00) returned 0x4c20c50 [0068.091] RtlAllocateHeap (HeapHandle=0x200000, Flags=0x0, Size=0x30c00) returned 0x4c51858 [0068.091] RtlAllocateHeap (HeapHandle=0x200000, Flags=0x0, Size=0x30c00) returned 0x4c82460 [0068.092] RtlAllocateHeap (HeapHandle=0x200000, Flags=0x0, Size=0x30c00) returned 0x4cb3068 [0068.093] RtlAllocateHeap (HeapHandle=0x200000, Flags=0x0, Size=0x30c00) returned 0x4cf0048 [0068.094] RtlAllocateHeap (HeapHandle=0x200000, Flags=0x0, Size=0x30c00) returned 0x4d20c50 [0068.095] RtlAllocateHeap (HeapHandle=0x200000, Flags=0x0, Size=0x30c00) returned 0x4d51858 [0068.096] ReadFile (in: hFile=0x33c, lpBuffer=0x47e6020, nNumberOfBytesToRead=0x979e0, lpNumberOfBytesRead=0xac959c, lpOverlapped=0x0 | out: lpBuffer=0x47e6020*, lpNumberOfBytesRead=0xac959c*=0x979e0, lpOverlapped=0x0) returned 1 [0068.096] SendDlgItemMessageW (hDlg=0x1024c, nIDDlgItem=106, Msg=0x402, wParam=0x63, lParam=0x0) returned 0x0 [0068.098] PeekMessageW (in: lpMsg=0xac9540, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0xac9540) returned 1 [0068.098] GetMessageW (in: lpMsg=0xac9540, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0xac9540) returned 1 [0068.098] TranslateMessage (lpMsg=0xac9540) returned 0 [0068.098] DispatchMessageW (lpMsg=0xac9540) returned 0x0 [0068.099] PeekMessageW (in: lpMsg=0xac95a4, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0xac95a4) returned 1 [0068.099] GetMessageW (in: lpMsg=0xac95a4, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0xac95a4) returned 1 [0068.099] TranslateMessage (lpMsg=0xac95a4) returned 0 [0068.099] DispatchMessageW (lpMsg=0xac95a4) returned 0x0 [0068.099] SetThreadExecutionState (esFlags=0x1) returned 0x80000000 [0068.099] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x10000, lpStartAddress=0x132fd4f, lpParameter=0x238288, dwCreationFlags=0x0, lpThreadId=0xac95e0 | out: lpThreadId=0xac95e0*=0xf88) returned 0x354 [0068.100] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x10000, lpStartAddress=0x132fd4f, lpParameter=0x238288, dwCreationFlags=0x0, lpThreadId=0xac95e0 | out: lpThreadId=0xac95e0*=0xcec) returned 0x358 [0068.100] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x10000, lpStartAddress=0x132fd4f, lpParameter=0x238288, dwCreationFlags=0x0, lpThreadId=0xac95e0 | out: lpThreadId=0xac95e0*=0x37c) returned 0x35c [0068.101] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x10000, lpStartAddress=0x132fd4f, lpParameter=0x238288, dwCreationFlags=0x0, lpThreadId=0xac95e0 | out: lpThreadId=0xac95e0*=0xa90) returned 0x360 [0068.101] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x10000, lpStartAddress=0x132fd4f, lpParameter=0x238288, dwCreationFlags=0x0, lpThreadId=0xac95e0 | out: lpThreadId=0xac95e0*=0xdb0) returned 0x364 [0068.102] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x10000, lpStartAddress=0x132fd4f, lpParameter=0x238288, dwCreationFlags=0x0, lpThreadId=0xac95e0 | out: lpThreadId=0xac95e0*=0x540) returned 0x368 [0068.102] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x10000, lpStartAddress=0x132fd4f, lpParameter=0x238288, dwCreationFlags=0x0, lpThreadId=0xac95e0 | out: lpThreadId=0xac95e0*=0x840) returned 0x36c [0068.103] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x10000, lpStartAddress=0x132fd4f, lpParameter=0x238288, dwCreationFlags=0x0, lpThreadId=0xac95e0 | out: lpThreadId=0xac95e0*=0xd20) returned 0x370 [0068.104] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x10000, lpStartAddress=0x132fd4f, lpParameter=0x238288, dwCreationFlags=0x0, lpThreadId=0xac95e0 | out: lpThreadId=0xac95e0*=0x7a8) returned 0x374 [0068.104] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x10000, lpStartAddress=0x132fd4f, lpParameter=0x238288, dwCreationFlags=0x0, lpThreadId=0xac95e0 | out: lpThreadId=0xac95e0*=0x6c8) returned 0x378 [0068.105] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x10000, lpStartAddress=0x132fd4f, lpParameter=0x238288, dwCreationFlags=0x0, lpThreadId=0xac95e0 | out: lpThreadId=0xac95e0*=0x2ac) returned 0x37c [0068.105] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x10000, lpStartAddress=0x132fd4f, lpParameter=0x238288, dwCreationFlags=0x0, lpThreadId=0xac95e0 | out: lpThreadId=0xac95e0*=0x344) returned 0x380 [0068.106] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x10000, lpStartAddress=0x132fd4f, lpParameter=0x238288, dwCreationFlags=0x0, lpThreadId=0xac95e0 | out: lpThreadId=0xac95e0*=0xe00) returned 0x384 [0068.106] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x10000, lpStartAddress=0x132fd4f, lpParameter=0x238288, dwCreationFlags=0x0, lpThreadId=0xac95e0 | out: lpThreadId=0xac95e0*=0xda4) returned 0x388 [0068.107] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x10000, lpStartAddress=0x132fd4f, lpParameter=0x238288, dwCreationFlags=0x0, lpThreadId=0xac95e0 | out: lpThreadId=0xac95e0*=0xf6c) returned 0x38c [0068.107] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x10000, lpStartAddress=0x132fd4f, lpParameter=0x238288, dwCreationFlags=0x0, lpThreadId=0xac95e0 | out: lpThreadId=0xac95e0*=0xf58) returned 0x390 [0068.108] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x10000, lpStartAddress=0x132fd4f, lpParameter=0x238288, dwCreationFlags=0x0, lpThreadId=0xac95e0 | out: lpThreadId=0xac95e0*=0xc04) returned 0x394 [0068.109] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x10000, lpStartAddress=0x132fd4f, lpParameter=0x238288, dwCreationFlags=0x0, lpThreadId=0xac95e0 | out: lpThreadId=0xac95e0*=0xf60) returned 0x398 [0068.109] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x10000, lpStartAddress=0x132fd4f, lpParameter=0x238288, dwCreationFlags=0x0, lpThreadId=0xac95e0 | out: lpThreadId=0xac95e0*=0x9e4) returned 0x39c [0068.110] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x10000, lpStartAddress=0x132fd4f, lpParameter=0x238288, dwCreationFlags=0x0, lpThreadId=0xac95e0 | out: lpThreadId=0xac95e0*=0x8ac) returned 0x3a0 [0068.111] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x10000, lpStartAddress=0x132fd4f, lpParameter=0x238288, dwCreationFlags=0x0, lpThreadId=0xac95e0 | out: lpThreadId=0xac95e0*=0xcbc) returned 0x3a4 [0068.111] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x10000, lpStartAddress=0x132fd4f, lpParameter=0x238288, dwCreationFlags=0x0, lpThreadId=0xac95e0 | out: lpThreadId=0xac95e0*=0xf70) returned 0x3a8 [0068.112] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x10000, lpStartAddress=0x132fd4f, lpParameter=0x238288, dwCreationFlags=0x0, lpThreadId=0xac95e0 | out: lpThreadId=0xac95e0*=0xc6c) returned 0x3ac [0068.112] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x10000, lpStartAddress=0x132fd4f, lpParameter=0x238288, dwCreationFlags=0x0, lpThreadId=0xac95e0 | out: lpThreadId=0xac95e0*=0xfb4) returned 0x3b0 [0068.114] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x10000, lpStartAddress=0x132fd4f, lpParameter=0x238288, dwCreationFlags=0x0, lpThreadId=0xac95e0 | out: lpThreadId=0xac95e0*=0xb0c) returned 0x3b4 [0068.114] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x10000, lpStartAddress=0x132fd4f, lpParameter=0x238288, dwCreationFlags=0x0, lpThreadId=0xac95e0 | out: lpThreadId=0xac95e0*=0x7ec) returned 0x3b8 [0068.115] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x10000, lpStartAddress=0x132fd4f, lpParameter=0x238288, dwCreationFlags=0x0, lpThreadId=0xac95e0 | out: lpThreadId=0xac95e0*=0xf14) returned 0x3bc [0068.116] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x10000, lpStartAddress=0x132fd4f, lpParameter=0x238288, dwCreationFlags=0x0, lpThreadId=0xac95e0 | out: lpThreadId=0xac95e0*=0x7bc) returned 0x3c0 [0068.116] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x10000, lpStartAddress=0x132fd4f, lpParameter=0x238288, dwCreationFlags=0x0, lpThreadId=0xac95e0 | out: lpThreadId=0xac95e0*=0xd84) returned 0x3c4 [0068.117] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x10000, lpStartAddress=0x132fd4f, lpParameter=0x238288, dwCreationFlags=0x0, lpThreadId=0xac95e0 | out: lpThreadId=0xac95e0*=0xa80) returned 0x3c8 [0068.118] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x10000, lpStartAddress=0x132fd4f, lpParameter=0x238288, dwCreationFlags=0x0, lpThreadId=0xac95e0 | out: lpThreadId=0xac95e0*=0xfc8) returned 0x3cc [0068.118] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x10000, lpStartAddress=0x132fd4f, lpParameter=0x238288, dwCreationFlags=0x0, lpThreadId=0xac95e0 | out: lpThreadId=0xac95e0*=0xfb0) returned 0x3d0 [0068.119] ResetEvent (hEvent=0x338) returned 1 [0068.119] ReleaseSemaphore (in: hSemaphore=0x7c, lReleaseCount=4, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0068.119] WaitForSingleObject (hHandle=0x338, dwMilliseconds=0xffffffff) returned 0x0 [0068.131] RtlAllocateHeap (HeapHandle=0x200000, Flags=0x0, Size=0x200) returned 0x4d82e50 [0068.131] ResetEvent (hEvent=0x338) returned 1 [0068.131] ReleaseSemaphore (in: hSemaphore=0x7c, lReleaseCount=4, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0068.131] WaitForSingleObject (hHandle=0x338, dwMilliseconds=0xffffffff) returned 0x0 [0068.133] ResetEvent (hEvent=0x338) returned 1 [0068.133] ReleaseSemaphore (in: hSemaphore=0x7c, lReleaseCount=4, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0068.133] WaitForSingleObject (hHandle=0x338, dwMilliseconds=0xffffffff) returned 0x0 [0068.135] ResetEvent (hEvent=0x338) returned 1 [0068.135] ReleaseSemaphore (in: hSemaphore=0x7c, lReleaseCount=4, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0068.135] WaitForSingleObject (hHandle=0x338, dwMilliseconds=0xffffffff) returned 0x0 [0068.138] ResetEvent (hEvent=0x338) returned 1 [0068.138] ReleaseSemaphore (in: hSemaphore=0x7c, lReleaseCount=3, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0068.138] WaitForSingleObject (hHandle=0x338, dwMilliseconds=0xffffffff) returned 0x0 [0068.140] WriteFile (in: hFile=0x344, lpBuffer=0x46d7020*, nNumberOfBytesToWrite=0x92f00, lpNumberOfBytesWritten=0xac9574, lpOverlapped=0x0 | out: lpBuffer=0x46d7020*, lpNumberOfBytesWritten=0xac9574*=0x92f00, lpOverlapped=0x0) returned 1 [0068.152] PeekMessageW (in: lpMsg=0xac9548, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0xac9548) returned 1 [0068.154] GetMessageW (in: lpMsg=0xac9548, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0xac9548) returned 1 [0068.154] TranslateMessage (lpMsg=0xac9548) returned 0 [0068.154] DispatchMessageW (lpMsg=0xac9548) returned 0x0 [0068.155] SetThreadExecutionState (esFlags=0x1) returned 0x80000000 [0068.156] RtlAllocateHeap (HeapHandle=0x200000, Flags=0x0, Size=0x500) returned 0x4d83058 [0068.156] RtlAllocateHeap (HeapHandle=0x200000, Flags=0x0, Size=0x500) returned 0x4d83560 [0068.156] WriteFile (in: hFile=0x344, lpBuffer=0x4d83560*, nNumberOfBytesToWrite=0x500, lpNumberOfBytesWritten=0xac95a4, lpOverlapped=0x0 | out: lpBuffer=0x4d83560*, lpNumberOfBytesWritten=0xac95a4*=0x500, lpOverlapped=0x0) returned 1 [0068.156] PeekMessageW (in: lpMsg=0xac9578, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0xac9578) returned 1 [0068.156] GetMessageW (in: lpMsg=0xac9578, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0xac9578) returned 1 [0068.156] TranslateMessage (lpMsg=0xac9578) returned 0 [0068.156] DispatchMessageW (lpMsg=0xac9578) returned 0x0 [0068.156] SetThreadExecutionState (esFlags=0x1) returned 0x80000000 [0068.156] WriteFile (in: hFile=0x344, lpBuffer=0x476a420*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0xac9574, lpOverlapped=0x0 | out: lpBuffer=0x476a420*, lpNumberOfBytesWritten=0xac9574*=0x100, lpOverlapped=0x0) returned 1 [0068.156] PeekMessageW (in: lpMsg=0xac9548, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0xac9548) returned 1 [0068.156] GetMessageW (in: lpMsg=0xac9548, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0xac9548) returned 1 [0068.156] TranslateMessage (lpMsg=0xac9548) returned 0 [0068.156] DispatchMessageW (lpMsg=0xac9548) returned 0x0 [0068.157] SetThreadExecutionState (esFlags=0x1) returned 0x80000000 [0068.157] RtlReAllocateHeap (Heap=0x200000, Flags=0x0, Ptr=0x4d83058, Size=0x800) returned 0x4ce3c70 [0068.157] RtlReAllocateHeap (Heap=0x200000, Flags=0x0, Ptr=0x4d83560, Size=0x800) returned 0x4d83560 [0068.157] WriteFile (in: hFile=0x344, lpBuffer=0x4d83560*, nNumberOfBytesToWrite=0x800, lpNumberOfBytesWritten=0xac95a4, lpOverlapped=0x0 | out: lpBuffer=0x4d83560*, lpNumberOfBytesWritten=0xac95a4*=0x800, lpOverlapped=0x0) returned 1 [0068.157] PeekMessageW (in: lpMsg=0xac9578, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0xac9578) returned 1 [0068.157] GetMessageW (in: lpMsg=0xac9578, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0xac9578) returned 1 [0068.157] TranslateMessage (lpMsg=0xac9578) returned 0 [0068.157] DispatchMessageW (lpMsg=0xac9578) returned 0x0 [0068.157] SetThreadExecutionState (esFlags=0x1) returned 0x80000000 [0068.157] WriteFile (in: hFile=0x344, lpBuffer=0x476ad20*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0xac9574, lpOverlapped=0x0 | out: lpBuffer=0x476ad20*, lpNumberOfBytesWritten=0xac9574*=0x1000, lpOverlapped=0x0) returned 1 [0068.157] PeekMessageW (in: lpMsg=0xac9548, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0xac9548) returned 1 [0068.158] GetMessageW (in: lpMsg=0xac9548, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0xac9548) returned 1 [0068.158] TranslateMessage (lpMsg=0xac9548) returned 0 [0068.158] DispatchMessageW (lpMsg=0xac9548) returned 0x0 [0068.159] SetThreadExecutionState (esFlags=0x1) returned 0x80000000 [0068.159] WriteFile (in: hFile=0x344, lpBuffer=0x4d83560*, nNumberOfBytesToWrite=0x300, lpNumberOfBytesWritten=0xac95a4, lpOverlapped=0x0 | out: lpBuffer=0x4d83560*, lpNumberOfBytesWritten=0xac95a4*=0x300, lpOverlapped=0x0) returned 1 [0068.159] PeekMessageW (in: lpMsg=0xac9578, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0xac9578) returned 1 [0068.159] GetMessageW (in: lpMsg=0xac9578, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0xac9578) returned 1 [0068.159] TranslateMessage (lpMsg=0xac9578) returned 0 [0068.159] DispatchMessageW (lpMsg=0xac9578) returned 0x0 [0068.159] SetThreadExecutionState (esFlags=0x1) returned 0x80000000 [0068.159] WriteFile (in: hFile=0x344, lpBuffer=0x476c020*, nNumberOfBytesToWrite=0xb000, lpNumberOfBytesWritten=0xac9574, lpOverlapped=0x0 | out: lpBuffer=0x476c020*, lpNumberOfBytesWritten=0xac9574*=0xb000, lpOverlapped=0x0) returned 1 [0068.160] PeekMessageW (in: lpMsg=0xac9548, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0xac9548) returned 1 [0068.160] GetMessageW (in: lpMsg=0xac9548, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0xac9548) returned 1 [0068.160] TranslateMessage (lpMsg=0xac9548) returned 0 [0068.160] DispatchMessageW (lpMsg=0xac9548) returned 0x0 [0068.160] SetThreadExecutionState (esFlags=0x1) returned 0x80000000 [0068.160] RtlReAllocateHeap (Heap=0x200000, Flags=0x0, Ptr=0x4ce3c70, Size=0x1800) returned 0x4ce3c70 [0068.160] RtlReAllocateHeap (Heap=0x200000, Flags=0x0, Ptr=0x4d83560, Size=0x1800) returned 0x26d4c0 [0068.161] WriteFile (in: hFile=0x344, lpBuffer=0x26d4c0*, nNumberOfBytesToWrite=0x1800, lpNumberOfBytesWritten=0xac95a4, lpOverlapped=0x0 | out: lpBuffer=0x26d4c0*, lpNumberOfBytesWritten=0xac95a4*=0x1800, lpOverlapped=0x0) returned 1 [0068.161] PeekMessageW (in: lpMsg=0xac9578, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0xac9578) returned 1 [0068.161] GetMessageW (in: lpMsg=0xac9578, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0xac9578) returned 1 [0068.161] TranslateMessage (lpMsg=0xac9578) returned 0 [0068.161] DispatchMessageW (lpMsg=0xac9578) returned 0x0 [0068.161] SetThreadExecutionState (esFlags=0x1) returned 0x80000000 [0068.161] WriteFile (in: hFile=0x344, lpBuffer=0x4778820*, nNumberOfBytesToWrite=0x5b00, lpNumberOfBytesWritten=0xac9574, lpOverlapped=0x0 | out: lpBuffer=0x4778820*, lpNumberOfBytesWritten=0xac9574*=0x5b00, lpOverlapped=0x0) returned 1 [0068.162] PeekMessageW (in: lpMsg=0xac9548, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0xac9548) returned 1 [0068.162] GetMessageW (in: lpMsg=0xac9548, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0xac9548) returned 1 [0068.162] TranslateMessage (lpMsg=0xac9548) returned 0 [0068.162] DispatchMessageW (lpMsg=0xac9548) returned 0x0 [0068.162] SetThreadExecutionState (esFlags=0x1) returned 0x80000000 [0068.162] WriteFile (in: hFile=0x344, lpBuffer=0x26d4c0*, nNumberOfBytesToWrite=0x500, lpNumberOfBytesWritten=0xac95a4, lpOverlapped=0x0 | out: lpBuffer=0x26d4c0*, lpNumberOfBytesWritten=0xac95a4*=0x500, lpOverlapped=0x0) returned 1 [0068.163] PeekMessageW (in: lpMsg=0xac9578, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0xac9578) returned 1 [0068.163] GetMessageW (in: lpMsg=0xac9578, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0xac9578) returned 1 [0068.163] TranslateMessage (lpMsg=0xac9578) returned 0 [0068.163] DispatchMessageW (lpMsg=0xac9578) returned 0x0 [0068.163] SetThreadExecutionState (esFlags=0x1) returned 0x80000000 [0068.163] WriteFile (in: hFile=0x344, lpBuffer=0x477e820*, nNumberOfBytesToWrite=0x500, lpNumberOfBytesWritten=0xac9574, lpOverlapped=0x0 | out: lpBuffer=0x477e820*, lpNumberOfBytesWritten=0xac9574*=0x500, lpOverlapped=0x0) returned 1 [0068.163] PeekMessageW (in: lpMsg=0xac9548, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0xac9548) returned 1 [0068.163] GetMessageW (in: lpMsg=0xac9548, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0xac9548) returned 1 [0068.163] TranslateMessage (lpMsg=0xac9548) returned 0 [0068.163] DispatchMessageW (lpMsg=0xac9548) returned 0x0 [0068.164] SetThreadExecutionState (esFlags=0x1) returned 0x80000000 [0068.164] WriteFile (in: hFile=0x344, lpBuffer=0x26d4c0*, nNumberOfBytesToWrite=0xb00, lpNumberOfBytesWritten=0xac95a4, lpOverlapped=0x0 | out: lpBuffer=0x26d4c0*, lpNumberOfBytesWritten=0xac95a4*=0xb00, lpOverlapped=0x0) returned 1 [0068.164] PeekMessageW (in: lpMsg=0xac9578, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0xac9578) returned 1 [0068.164] GetMessageW (in: lpMsg=0xac9578, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0xac9578) returned 1 [0068.164] TranslateMessage (lpMsg=0xac9578) returned 0 [0068.164] DispatchMessageW (lpMsg=0xac9578) returned 0x0 [0068.164] SetThreadExecutionState (esFlags=0x1) returned 0x80000000 [0068.164] WriteFile (in: hFile=0x344, lpBuffer=0x477f820*, nNumberOfBytesToWrite=0x8a00, lpNumberOfBytesWritten=0xac9574, lpOverlapped=0x0 | out: lpBuffer=0x477f820*, lpNumberOfBytesWritten=0xac9574*=0x8a00, lpOverlapped=0x0) returned 1 [0068.165] PeekMessageW (in: lpMsg=0xac9548, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0xac9548) returned 1 [0068.165] GetMessageW (in: lpMsg=0xac9548, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0xac9548) returned 1 [0068.165] TranslateMessage (lpMsg=0xac9548) returned 0 [0068.165] DispatchMessageW (lpMsg=0xac9548) returned 0x0 [0068.165] SetThreadExecutionState (esFlags=0x1) returned 0x80000000 [0068.166] SetFilePointer (in: hFile=0x33c, lDistanceToMove=931169, lpDistanceToMoveHigh=0xac9728*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0xac9728*=0) returned 0xe3561 [0068.166] SetFileTime (hFile=0x344, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0xac971c) returned 1 [0068.166] CloseHandle (hObject=0x344) returned 1 [0068.211] SetFileAttributesW (lpFileName="fatura.exe", dwFileAttributes=0x20) returned 1 [0068.211] SetFilePointer (in: hFile=0x33c, lDistanceToMove=0, lpDistanceToMoveHigh=0xace8f0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0xace8f0*=0) returned 0xe3561 [0068.211] RtlAllocateHeap (HeapHandle=0x200000, Flags=0x0, Size=0x20) returned 0x244a28 [0068.211] ReadFile (in: hFile=0x33c, lpBuffer=0x244a28, nNumberOfBytesToRead=0x7, lpNumberOfBytesRead=0xacc7b0, lpOverlapped=0x0 | out: lpBuffer=0x244a28*, lpNumberOfBytesRead=0xacc7b0*=0x7, lpOverlapped=0x0) returned 1 [0068.212] ReadFile (in: hFile=0x33c, lpBuffer=0x244a2f, nNumberOfBytesToRead=0xc, lpNumberOfBytesRead=0xacc7b0, lpOverlapped=0x0 | out: lpBuffer=0x244a2f*, lpNumberOfBytesRead=0xacc7b0*=0xc, lpOverlapped=0x0) returned 1 [0068.212] HeapFree (in: hHeap=0x200000, dwFlags=0x0, lpMem=0x244a28 | out: hHeap=0x200000) returned 1 [0068.212] SetFilePointer (in: hFile=0x33c, lDistanceToMove=931292, lpDistanceToMoveHigh=0xac9728*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0xac9728*=0) returned 0xe35dc [0068.212] SetFilePointer (in: hFile=0x33c, lDistanceToMove=0, lpDistanceToMoveHigh=0xace8f0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0xace8f0*=0) returned 0xe35dc [0068.212] RtlAllocateHeap (HeapHandle=0x200000, Flags=0x0, Size=0x20) returned 0x244b90 [0068.212] ReadFile (in: hFile=0x33c, lpBuffer=0x244b90, nNumberOfBytesToRead=0x7, lpNumberOfBytesRead=0xacc7b0, lpOverlapped=0x0 | out: lpBuffer=0x244b90*, lpNumberOfBytesRead=0xacc7b0*=0x7, lpOverlapped=0x0) returned 1 [0068.212] ReadFile (in: hFile=0x33c, lpBuffer=0x244b97, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0xacc7b0, lpOverlapped=0x0 | out: lpBuffer=0x244b97*, lpNumberOfBytesRead=0xacc7b0*=0x1, lpOverlapped=0x0) returned 1 [0068.212] HeapFree (in: hHeap=0x200000, dwFlags=0x0, lpMem=0x244b90 | out: hHeap=0x200000) returned 1 [0068.212] HeapFree (in: hHeap=0x200000, dwFlags=0x0, lpMem=0x269c70 | out: hHeap=0x200000) returned 1 [0068.212] HeapFree (in: hHeap=0x200000, dwFlags=0x0, lpMem=0x26ad38 | out: hHeap=0x200000) returned 1 [0068.212] HeapFree (in: hHeap=0x200000, dwFlags=0x0, lpMem=0x2defa8 | out: hHeap=0x200000) returned 1 [0068.212] CloseHandle (hObject=0x33c) returned 1 [0068.212] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\RarSFX0\\fatura.sfx.exe", lpFindFileData=0xad73f0 | out: lpFindFileData=0xad73f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6725efed, ftCreationTime.dwHighDateTime=0x1d57301, ftLastAccessTime.dwLowDateTime=0x6725efed, ftLastAccessTime.dwHighDateTime=0x1d57301, ftLastWriteTime.dwLowDateTime=0xb163ad30, ftLastWriteTime.dwHighDateTime=0x1d56d82, nFileSizeHigh=0x0, nFileSizeLow=0xe35e4, dwReserved0=0x0, dwReserved1=0x0, cFileName="fatura.sfx.exe", cAlternateFileName="FATURA~1.EXE")) returned 0x29c878 [0068.212] FindClose (in: hFindFile=0x29c878 | out: hFindFile=0x29c878) returned 1 [0068.212] HeapFree (in: hHeap=0x200000, dwFlags=0x0, lpMem=0x46d7020 | out: hHeap=0x200000) returned 1 [0068.219] ReleaseSemaphore (in: hSemaphore=0x7c, lReleaseCount=32, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0068.240] WaitForSingleObject (hHandle=0x354, dwMilliseconds=0xffffffff) returned 0x0 [0068.240] CloseHandle (hObject=0x354) returned 1 [0068.242] WaitForSingleObject (hHandle=0x358, dwMilliseconds=0xffffffff) returned 0x0 [0068.242] CloseHandle (hObject=0x358) returned 1 [0068.242] WaitForSingleObject (hHandle=0x35c, dwMilliseconds=0xffffffff) returned 0x0 [0068.242] CloseHandle (hObject=0x35c) returned 1 [0068.242] WaitForSingleObject (hHandle=0x360, dwMilliseconds=0xffffffff) returned 0x0 [0068.242] CloseHandle (hObject=0x360) returned 1 [0068.242] WaitForSingleObject (hHandle=0x364, dwMilliseconds=0xffffffff) returned 0x0 [0068.242] CloseHandle (hObject=0x364) returned 1 [0068.242] WaitForSingleObject (hHandle=0x368, dwMilliseconds=0xffffffff) returned 0x0 [0068.243] CloseHandle (hObject=0x368) returned 1 [0068.243] WaitForSingleObject (hHandle=0x36c, dwMilliseconds=0xffffffff) returned 0x0 [0068.243] CloseHandle (hObject=0x36c) returned 1 [0068.243] WaitForSingleObject (hHandle=0x370, dwMilliseconds=0xffffffff) returned 0x0 [0068.243] CloseHandle (hObject=0x370) returned 1 [0068.243] WaitForSingleObject (hHandle=0x374, dwMilliseconds=0xffffffff) returned 0x0 [0068.243] CloseHandle (hObject=0x374) returned 1 [0068.243] WaitForSingleObject (hHandle=0x378, dwMilliseconds=0xffffffff) returned 0x0 [0068.243] CloseHandle (hObject=0x378) returned 1 [0068.243] WaitForSingleObject (hHandle=0x37c, dwMilliseconds=0xffffffff) returned 0x0 [0068.243] CloseHandle (hObject=0x37c) returned 1 [0068.243] WaitForSingleObject (hHandle=0x380, dwMilliseconds=0xffffffff) returned 0x0 [0068.243] CloseHandle (hObject=0x380) returned 1 [0068.243] WaitForSingleObject (hHandle=0x384, dwMilliseconds=0xffffffff) returned 0x0 [0068.243] CloseHandle (hObject=0x384) returned 1 [0068.243] WaitForSingleObject (hHandle=0x388, dwMilliseconds=0xffffffff) returned 0x0 [0068.243] CloseHandle (hObject=0x388) returned 1 [0068.243] WaitForSingleObject (hHandle=0x38c, dwMilliseconds=0xffffffff) returned 0x0 [0068.243] CloseHandle (hObject=0x38c) returned 1 [0068.243] WaitForSingleObject (hHandle=0x390, dwMilliseconds=0xffffffff) returned 0x0 [0068.243] CloseHandle (hObject=0x390) returned 1 [0068.243] WaitForSingleObject (hHandle=0x394, dwMilliseconds=0xffffffff) returned 0x0 [0068.244] CloseHandle (hObject=0x394) returned 1 [0068.244] WaitForSingleObject (hHandle=0x398, dwMilliseconds=0xffffffff) returned 0x0 [0068.244] CloseHandle (hObject=0x398) returned 1 [0068.244] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0068.244] CloseHandle (hObject=0x39c) returned 1 [0068.244] WaitForSingleObject (hHandle=0x3a0, dwMilliseconds=0xffffffff) returned 0x0 [0068.244] CloseHandle (hObject=0x3a0) returned 1 [0068.244] WaitForSingleObject (hHandle=0x3a4, dwMilliseconds=0xffffffff) returned 0x0 [0068.244] CloseHandle (hObject=0x3a4) returned 1 [0068.244] WaitForSingleObject (hHandle=0x3a8, dwMilliseconds=0xffffffff) returned 0x0 [0068.244] CloseHandle (hObject=0x3a8) returned 1 [0068.244] WaitForSingleObject (hHandle=0x3ac, dwMilliseconds=0xffffffff) returned 0x0 [0068.244] CloseHandle (hObject=0x3ac) returned 1 [0068.244] WaitForSingleObject (hHandle=0x3b0, dwMilliseconds=0xffffffff) returned 0x0 [0068.244] CloseHandle (hObject=0x3b0) returned 1 [0068.244] WaitForSingleObject (hHandle=0x3b4, dwMilliseconds=0xffffffff) returned 0x0 [0068.244] CloseHandle (hObject=0x3b4) returned 1 [0068.244] WaitForSingleObject (hHandle=0x3b8, dwMilliseconds=0xffffffff) returned 0x0 [0068.244] CloseHandle (hObject=0x3b8) returned 1 [0068.244] WaitForSingleObject (hHandle=0x3bc, dwMilliseconds=0xffffffff) returned 0x0 [0068.244] CloseHandle (hObject=0x3bc) returned 1 [0068.244] WaitForSingleObject (hHandle=0x3c0, dwMilliseconds=0xffffffff) returned 0x0 [0068.245] CloseHandle (hObject=0x3c0) returned 1 [0068.245] WaitForSingleObject (hHandle=0x3c4, dwMilliseconds=0xffffffff) returned 0x0 [0068.245] CloseHandle (hObject=0x3c4) returned 1 [0068.245] WaitForSingleObject (hHandle=0x3c8, dwMilliseconds=0xffffffff) returned 0x0 [0068.245] CloseHandle (hObject=0x3c8) returned 1 [0068.245] WaitForSingleObject (hHandle=0x3cc, dwMilliseconds=0xffffffff) returned 0x0 [0068.245] CloseHandle (hObject=0x3cc) returned 1 [0068.245] WaitForSingleObject (hHandle=0x3d0, dwMilliseconds=0xffffffff) returned 0x0 [0068.245] CloseHandle (hObject=0x3d0) returned 1 [0068.245] CloseHandle (hObject=0x7c) returned 1 [0068.245] CloseHandle (hObject=0x338) returned 1 [0068.245] HeapFree (in: hHeap=0x200000, dwFlags=0x0, lpMem=0x238288 | out: hHeap=0x200000) returned 1 [0068.245] HeapFree (in: hHeap=0x200000, dwFlags=0x0, lpMem=0x47e6020 | out: hHeap=0x200000) returned 1 [0068.273] HeapFree (in: hHeap=0x200000, dwFlags=0x0, lpMem=0x4d51858 | out: hHeap=0x200000) returned 1 [0068.275] HeapFree (in: hHeap=0x200000, dwFlags=0x0, lpMem=0x4d20c50 | out: hHeap=0x200000) returned 1 [0068.276] HeapFree (in: hHeap=0x200000, dwFlags=0x0, lpMem=0x4cf0048 | out: hHeap=0x200000) returned 1 [0068.279] HeapFree (in: hHeap=0x200000, dwFlags=0x0, lpMem=0x4cb3068 | out: hHeap=0x200000) returned 1 [0068.280] HeapFree (in: hHeap=0x200000, dwFlags=0x0, lpMem=0x4c82460 | out: hHeap=0x200000) returned 1 [0068.282] HeapFree (in: hHeap=0x200000, dwFlags=0x0, lpMem=0x4c51858 | out: hHeap=0x200000) returned 1 [0068.284] HeapFree (in: hHeap=0x200000, dwFlags=0x0, lpMem=0x4c20c50 | out: hHeap=0x200000) returned 1 [0068.285] HeapFree (in: hHeap=0x200000, dwFlags=0x0, lpMem=0x4bf0048 | out: hHeap=0x200000) returned 1 [0068.287] HeapFree (in: hHeap=0x200000, dwFlags=0x0, lpMem=0x29efa0 | out: hHeap=0x200000) returned 1 [0068.288] HeapFree (in: hHeap=0x200000, dwFlags=0x0, lpMem=0x261c60 | out: hHeap=0x200000) returned 1 [0068.288] HeapFree (in: hHeap=0x200000, dwFlags=0x0, lpMem=0x4d82e50 | out: hHeap=0x200000) returned 1 [0068.288] HeapFree (in: hHeap=0x200000, dwFlags=0x0, lpMem=0x26d4c0 | out: hHeap=0x200000) returned 1 [0068.289] HeapFree (in: hHeap=0x200000, dwFlags=0x0, lpMem=0x4ce3c70 | out: hHeap=0x200000) returned 1 [0068.289] HeapFree (in: hHeap=0x200000, dwFlags=0x0, lpMem=0x259c50 | out: hHeap=0x200000) returned 1 [0068.290] HeapFree (in: hHeap=0x200000, dwFlags=0x0, lpMem=0x24b568 | out: hHeap=0x200000) returned 1 [0068.290] HeapFree (in: hHeap=0x200000, dwFlags=0x0, lpMem=0x2493d8 | out: hHeap=0x200000) returned 1 [0068.290] HeapFree (in: hHeap=0x200000, dwFlags=0x0, lpMem=0x24a4a0 | out: hHeap=0x200000) returned 1 [0068.291] HeapFree (in: hHeap=0x200000, dwFlags=0x0, lpMem=0x26be00 | out: hHeap=0x200000) returned 1 [0068.291] HeapFree (in: hHeap=0x200000, dwFlags=0x0, lpMem=0x26c960 | out: hHeap=0x200000) returned 1 [0068.291] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Bu açıklamadan sonraki kısım SFX kod komutlarını içerir", cchCount1=-1, lpString2="Delete", cchCount2=-1) returned 1 [0068.291] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Bu açıklamadan sonraki kısım SFX kod komutlarını içerir", cchCount1=-1, lpString2="Text", cchCount2=-1) returned 1 [0068.291] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Bu açıklamadan sonraki kısım SFX kod komutlarını içerir", cchCount1=-1, lpString2="Title", cchCount2=-1) returned 1 [0068.291] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Bu açıklamadan sonraki kısım SFX kod komutlarını içerir", cchCount1=-1, lpString2="Path", cchCount2=-1) returned 1 [0068.291] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Bu açıklamadan sonraki kısım SFX kod komutlarını içerir", cchCount1=-1, lpString2="Silent", cchCount2=-1) returned 1 [0068.291] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Bu açıklamadan sonraki kısım SFX kod komutlarını içerir", cchCount1=-1, lpString2="Overwrite", cchCount2=-1) returned 1 [0068.291] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Bu açıklamadan sonraki kısım SFX kod komutlarını içerir", cchCount1=-1, lpString2="Setup", cchCount2=-1) returned 1 [0068.291] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Bu açıklamadan sonraki kısım SFX kod komutlarını içerir", cchCount1=-1, lpString2="TempMode", cchCount2=-1) returned 1 [0068.291] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Bu açıklamadan sonraki kısım SFX kod komutlarını içerir", cchCount1=-1, lpString2="License", cchCount2=-1) returned 1 [0068.291] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Bu açıklamadan sonraki kısım SFX kod komutlarını içerir", cchCount1=-1, lpString2="Presetup", cchCount2=-1) returned 1 [0068.291] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Bu açıklamadan sonraki kısım SFX kod komutlarını içerir", cchCount1=-1, lpString2="Shortcut", cchCount2=-1) returned 1 [0068.291] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Bu açıklamadan sonraki kısım SFX kod komutlarını içerir", cchCount1=-1, lpString2="SavePath", cchCount2=-1) returned 1 [0068.291] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Bu açıklamadan sonraki kısım SFX kod komutlarını içerir", cchCount1=-1, lpString2="Update", cchCount2=-1) returned 1 [0068.291] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Bu açıklamadan sonraki kısım SFX kod komutlarını içerir", cchCount1=-1, lpString2="SetupCode", cchCount2=-1) returned 1 [0068.291] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Delete", cchCount2=-1) returned 1 [0068.291] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Text", cchCount2=-1) returned 1 [0068.292] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Title", cchCount2=-1) returned 1 [0068.292] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Path", cchCount2=-1) returned 1 [0068.292] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Silent", cchCount2=-1) returned 1 [0068.292] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Overwrite", cchCount2=-1) returned 1 [0068.292] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Setup", cchCount2=-1) returned 1 [0068.292] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="TempMode", cchCount2=-1) returned 1 [0068.292] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="License", cchCount2=-1) returned 1 [0068.292] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Presetup", cchCount2=-1) returned 1 [0068.292] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Shortcut", cchCount2=-1) returned 1 [0068.292] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="SavePath", cchCount2=-1) returned 1 [0068.292] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Update", cchCount2=-1) returned 1 [0068.292] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="SetupCode", cchCount2=-1) returned 1 [0068.292] ExpandEnvironmentStringsW (in: lpSrc="%temp%", lpDst=0xabdb1c, nSize=0x1000 | out: lpDst="C:\\Users\\FD1HVy\\AppData\\Local\\Temp") returned 0x23 [0068.292] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Path", cchCount1=-1, lpString2="Delete", cchCount2=-1) returned 3 [0068.292] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Path", cchCount1=-1, lpString2="Text", cchCount2=-1) returned 1 [0068.292] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Path", cchCount1=-1, lpString2="Title", cchCount2=-1) returned 1 [0068.292] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Path", cchCount1=-1, lpString2="Path", cchCount2=-1) returned 2 [0068.292] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="SavePath", cchCount1=-1, lpString2="Delete", cchCount2=-1) returned 3 [0068.292] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="SavePath", cchCount1=-1, lpString2="Text", cchCount2=-1) returned 1 [0068.292] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="SavePath", cchCount1=-1, lpString2="Title", cchCount2=-1) returned 1 [0068.292] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="SavePath", cchCount1=-1, lpString2="Path", cchCount2=-1) returned 3 [0068.292] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="SavePath", cchCount1=-1, lpString2="Silent", cchCount2=-1) returned 1 [0068.292] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="SavePath", cchCount1=-1, lpString2="Overwrite", cchCount2=-1) returned 3 [0068.292] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="SavePath", cchCount1=-1, lpString2="Setup", cchCount2=-1) returned 1 [0068.292] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="SavePath", cchCount1=-1, lpString2="TempMode", cchCount2=-1) returned 1 [0068.292] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="SavePath", cchCount1=-1, lpString2="License", cchCount2=-1) returned 3 [0068.292] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="SavePath", cchCount1=-1, lpString2="Presetup", cchCount2=-1) returned 3 [0068.292] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="SavePath", cchCount1=-1, lpString2="Shortcut", cchCount2=-1) returned 1 [0068.292] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="SavePath", cchCount1=-1, lpString2="SavePath", cchCount2=-1) returned 2 [0068.292] ExpandEnvironmentStringsW (in: lpSrc="fatura.exe", lpDst=0xabdb1c, nSize=0x1000 | out: lpDst="fatura.exe") returned 0xb [0068.292] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Setup", cchCount1=-1, lpString2="Delete", cchCount2=-1) returned 3 [0068.292] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Setup", cchCount1=-1, lpString2="Text", cchCount2=-1) returned 1 [0068.292] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Setup", cchCount1=-1, lpString2="Title", cchCount2=-1) returned 1 [0068.292] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Setup", cchCount1=-1, lpString2="Path", cchCount2=-1) returned 3 [0068.293] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Setup", cchCount1=-1, lpString2="Silent", cchCount2=-1) returned 1 [0068.293] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Setup", cchCount1=-1, lpString2="Overwrite", cchCount2=-1) returned 3 [0068.293] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Setup", cchCount1=-1, lpString2="Setup", cchCount2=-1) returned 2 [0068.293] ExpandEnvironmentStringsW (in: lpSrc="1", lpDst=0xabdb1c, nSize=0x1000 | out: lpDst="1") returned 0x2 [0068.293] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Silent", cchCount1=-1, lpString2="Delete", cchCount2=-1) returned 3 [0068.293] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Silent", cchCount1=-1, lpString2="Text", cchCount2=-1) returned 1 [0068.293] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Silent", cchCount1=-1, lpString2="Title", cchCount2=-1) returned 1 [0068.293] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Silent", cchCount1=-1, lpString2="Path", cchCount2=-1) returned 3 [0068.293] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Silent", cchCount1=-1, lpString2="Silent", cchCount2=-1) returned 2 [0068.293] ExpandEnvironmentStringsW (in: lpSrc="1", lpDst=0xabdb1c, nSize=0x1000 | out: lpDst="1") returned 0x2 [0068.293] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Overwrite", cchCount1=-1, lpString2="Delete", cchCount2=-1) returned 3 [0068.293] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Overwrite", cchCount1=-1, lpString2="Text", cchCount2=-1) returned 1 [0068.293] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Overwrite", cchCount1=-1, lpString2="Title", cchCount2=-1) returned 1 [0068.293] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Overwrite", cchCount1=-1, lpString2="Path", cchCount2=-1) returned 1 [0068.293] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Overwrite", cchCount1=-1, lpString2="Silent", cchCount2=-1) returned 1 [0068.293] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Overwrite", cchCount1=-1, lpString2="Overwrite", cchCount2=-1) returned 2 [0068.293] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Bu açıklamadan sonraki kısım SFX kod komutlarını içerir", cchCount1=-1, lpString2="Delete", cchCount2=-1) returned 1 [0068.293] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Bu açıklamadan sonraki kısım SFX kod komutlarını içerir", cchCount1=-1, lpString2="Text", cchCount2=-1) returned 1 [0068.293] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Bu açıklamadan sonraki kısım SFX kod komutlarını içerir", cchCount1=-1, lpString2="Title", cchCount2=-1) returned 1 [0068.293] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Bu açıklamadan sonraki kısım SFX kod komutlarını içerir", cchCount1=-1, lpString2="Path", cchCount2=-1) returned 1 [0068.293] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Bu açıklamadan sonraki kısım SFX kod komutlarını içerir", cchCount1=-1, lpString2="Silent", cchCount2=-1) returned 1 [0068.293] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Bu açıklamadan sonraki kısım SFX kod komutlarını içerir", cchCount1=-1, lpString2="Overwrite", cchCount2=-1) returned 1 [0068.293] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Bu açıklamadan sonraki kısım SFX kod komutlarını içerir", cchCount1=-1, lpString2="Setup", cchCount2=-1) returned 1 [0068.293] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Bu açıklamadan sonraki kısım SFX kod komutlarını içerir", cchCount1=-1, lpString2="TempMode", cchCount2=-1) returned 1 [0068.293] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Bu açıklamadan sonraki kısım SFX kod komutlarını içerir", cchCount1=-1, lpString2="License", cchCount2=-1) returned 1 [0068.293] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Bu açıklamadan sonraki kısım SFX kod komutlarını içerir", cchCount1=-1, lpString2="Presetup", cchCount2=-1) returned 1 [0068.293] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Bu açıklamadan sonraki kısım SFX kod komutlarını içerir", cchCount1=-1, lpString2="Shortcut", cchCount2=-1) returned 1 [0068.293] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Bu açıklamadan sonraki kısım SFX kod komutlarını içerir", cchCount1=-1, lpString2="SavePath", cchCount2=-1) returned 1 [0068.293] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Bu açıklamadan sonraki kısım SFX kod komutlarını içerir", cchCount1=-1, lpString2="Update", cchCount2=-1) returned 1 [0068.293] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Bu açıklamadan sonraki kısım SFX kod komutlarını içerir", cchCount1=-1, lpString2="SetupCode", cchCount2=-1) returned 1 [0068.293] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Delete", cchCount2=-1) returned 1 [0068.293] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Text", cchCount2=-1) returned 1 [0068.293] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Title", cchCount2=-1) returned 1 [0068.294] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Path", cchCount2=-1) returned 1 [0068.294] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Silent", cchCount2=-1) returned 1 [0068.294] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Overwrite", cchCount2=-1) returned 1 [0068.294] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Setup", cchCount2=-1) returned 1 [0068.294] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="TempMode", cchCount2=-1) returned 1 [0068.294] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="License", cchCount2=-1) returned 1 [0068.294] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Presetup", cchCount2=-1) returned 1 [0068.294] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Shortcut", cchCount2=-1) returned 1 [0068.294] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="SavePath", cchCount2=-1) returned 1 [0068.294] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Update", cchCount2=-1) returned 1 [0068.294] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="SetupCode", cchCount2=-1) returned 1 [0068.294] ExpandEnvironmentStringsW (in: lpSrc="%temp%", lpDst=0xabdb1c, nSize=0x1000 | out: lpDst="C:\\Users\\FD1HVy\\AppData\\Local\\Temp") returned 0x23 [0068.294] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Path", cchCount1=-1, lpString2="Delete", cchCount2=-1) returned 3 [0068.294] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Path", cchCount1=-1, lpString2="Text", cchCount2=-1) returned 1 [0068.294] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Path", cchCount1=-1, lpString2="Title", cchCount2=-1) returned 1 [0068.294] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Path", cchCount1=-1, lpString2="Path", cchCount2=-1) returned 2 [0068.294] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="SavePath", cchCount1=-1, lpString2="Delete", cchCount2=-1) returned 3 [0068.294] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="SavePath", cchCount1=-1, lpString2="Text", cchCount2=-1) returned 1 [0068.294] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="SavePath", cchCount1=-1, lpString2="Title", cchCount2=-1) returned 1 [0068.294] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="SavePath", cchCount1=-1, lpString2="Path", cchCount2=-1) returned 3 [0068.294] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="SavePath", cchCount1=-1, lpString2="Silent", cchCount2=-1) returned 1 [0068.294] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="SavePath", cchCount1=-1, lpString2="Overwrite", cchCount2=-1) returned 3 [0068.294] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="SavePath", cchCount1=-1, lpString2="Setup", cchCount2=-1) returned 1 [0068.294] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="SavePath", cchCount1=-1, lpString2="TempMode", cchCount2=-1) returned 1 [0068.294] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="SavePath", cchCount1=-1, lpString2="License", cchCount2=-1) returned 3 [0068.294] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="SavePath", cchCount1=-1, lpString2="Presetup", cchCount2=-1) returned 3 [0068.294] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="SavePath", cchCount1=-1, lpString2="Shortcut", cchCount2=-1) returned 1 [0068.294] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="SavePath", cchCount1=-1, lpString2="SavePath", cchCount2=-1) returned 2 [0068.294] ExpandEnvironmentStringsW (in: lpSrc="fatura.exe", lpDst=0xabdb1c, nSize=0x1000 | out: lpDst="fatura.exe") returned 0xb [0068.294] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Setup", cchCount1=-1, lpString2="Delete", cchCount2=-1) returned 3 [0068.294] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Setup", cchCount1=-1, lpString2="Text", cchCount2=-1) returned 1 [0068.294] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Setup", cchCount1=-1, lpString2="Title", cchCount2=-1) returned 1 [0068.294] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Setup", cchCount1=-1, lpString2="Path", cchCount2=-1) returned 3 [0068.295] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Setup", cchCount1=-1, lpString2="Silent", cchCount2=-1) returned 1 [0068.295] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Setup", cchCount1=-1, lpString2="Overwrite", cchCount2=-1) returned 3 [0068.295] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Setup", cchCount1=-1, lpString2="Setup", cchCount2=-1) returned 2 [0068.295] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=".exe", cchCount1=-1, lpString2=".inf", cchCount2=-1) returned 1 [0068.295] GetFileAttributesW (lpFileName="fatura.exe" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\fatura.exe")) returned 0x20 [0068.295] GetFullPathNameW (in: lpFileName="fatura.exe", nBufferLength=0x800, lpBuffer=0xabcac8, lpFilePart=0xabcac4 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\fatura.exe", lpFilePart=0xabcac4*="fatura.exe") returned 0x2d [0068.295] GetProcAddress (hModule=0x76480000, lpProcName="ShellExecuteExW") returned 0x765e4730 [0068.295] ShellExecuteExW (in: pExecInfo=0xabeaec*(cbSize=0x3c, fMask=0x1c0, hwnd=0x0, lpVerb=0x0, lpFile="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\fatura.exe", lpParameters=0x0, lpDirectory=0x0, nShow=1, hInstApp=0x0, lpIDList=0x0, lpClass=0x0, hkeyClass=0x0, dwHotKey=0x0, hIcon=0x0, hMonitor=0x0, hProcess=0x0) | out: pExecInfo=0xabeaec*(cbSize=0x3c, fMask=0x1c0, hwnd=0x0, lpVerb=0x0, lpFile="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\fatura.exe", lpParameters=0x0, lpDirectory=0x0, nShow=1, hInstApp=0x2a, lpIDList=0x0, lpClass=0x0, hkeyClass=0x0, dwHotKey=0x0, hIcon=0x0, hMonitor=0x0, hProcess=0x538)) returned 1 [0073.177] CloseHandle (hObject=0x538) returned 1 [0073.177] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=".exe", cchCount1=-1, lpString2=".exe", cchCount2=-1) returned 2 [0073.177] ExpandEnvironmentStringsW (in: lpSrc="1", lpDst=0xabdb1c, nSize=0x1000 | out: lpDst="1") returned 0x2 [0073.177] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Silent", cchCount1=-1, lpString2="Delete", cchCount2=-1) returned 3 [0073.177] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Silent", cchCount1=-1, lpString2="Text", cchCount2=-1) returned 1 [0073.177] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Silent", cchCount1=-1, lpString2="Title", cchCount2=-1) returned 1 [0073.177] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Silent", cchCount1=-1, lpString2="Path", cchCount2=-1) returned 3 [0073.177] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Silent", cchCount1=-1, lpString2="Silent", cchCount2=-1) returned 2 [0073.177] ExpandEnvironmentStringsW (in: lpSrc="1", lpDst=0xabdb1c, nSize=0x1000 | out: lpDst="1") returned 0x2 [0073.177] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Overwrite", cchCount1=-1, lpString2="Delete", cchCount2=-1) returned 3 [0073.177] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Overwrite", cchCount1=-1, lpString2="Text", cchCount2=-1) returned 1 [0073.177] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Overwrite", cchCount1=-1, lpString2="Title", cchCount2=-1) returned 1 [0073.177] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Overwrite", cchCount1=-1, lpString2="Path", cchCount2=-1) returned 1 [0073.177] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Overwrite", cchCount1=-1, lpString2="Silent", cchCount2=-1) returned 1 [0073.177] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Overwrite", cchCount1=-1, lpString2="Overwrite", cchCount2=-1) returned 2 [0073.177] GetDlgItem (hDlg=0x1024c, nIDDlgItem=1) returned 0x10266 [0073.177] GetProcAddress (hModule=0x74b70000, lpProcName="EnableWindow") returned 0x74b90a60 [0073.177] EnableWindow (hWnd=0x10266, bEnable=1) returned 0 [0073.178] GetProcAddress (hModule=0x74b70000, lpProcName="EndDialog") returned 0x74b79080 [0073.178] EndDialog (hDlg=0x1024c, nResult=0x1) returned 1 [0073.336] HeapFree (in: hHeap=0x200000, dwFlags=0x0, lpMem=0x29b6c8 | out: hHeap=0x200000) returned 1 [0073.337] GetProcAddress (hModule=0x75b70000, lpProcName="DeleteObject") returned 0x75b752b0 [0073.337] DeleteObject (ho=0x5023b) returned 1 [0073.337] GetProcAddress (hModule=0x75b70000, lpProcName="DeleteObject") returned 0x75b752b0 [0073.337] DeleteObject (ho=0x6050762) returned 1 [0073.338] IUnknown:AddRef (This=0x75e4d000) returned 0x1 [0073.338] GdiplusShutdown (token=0x13450ee) [0073.344] GetProcAddress (hModule=0x77920000, lpProcName="OleUninitialize") returned 0x77954de0 [0073.344] OleUninitialize () [0073.388] GetModuleHandleW (lpModuleName=0x0) returned 0x1320000 [0073.389] GetModuleHandleW (lpModuleName=0x0) returned 0x1320000 [0073.389] HeapFree (in: hHeap=0x200000, dwFlags=0x0, lpMem=0x210d18 | out: hHeap=0x200000) returned 1 [0073.389] HeapFree (in: hHeap=0x200000, dwFlags=0x0, lpMem=0x221928 | out: hHeap=0x200000) returned 1 [0073.389] FreeLibrary (hLibModule=0x74940000) returned 1 [0073.393] HeapFree (in: hHeap=0x200000, dwFlags=0x0, lpMem=0x334020 | out: hHeap=0x200000) returned 1 [0073.396] HeapFree (in: hHeap=0x200000, dwFlags=0x0, lpMem=0x204e50 | out: hHeap=0x200000) returned 1 [0073.396] HeapFree (in: hHeap=0x200000, dwFlags=0x0, lpMem=0x212288 | out: hHeap=0x200000) returned 1 [0073.396] LoadLibraryExW (lpLibFileName="api-ms-win-appmodel-runtime-l1-1-1", hFile=0x0, dwFlags=0x800) returned 0x75ba0000 [0073.397] GetProcAddress (hModule=0x75ba0000, lpProcName="GetCurrentPackageId") returned 0x75ba3510 [0073.397] GetCurrentPackageId () returned 0x3d54 [0073.397] GetModuleHandleExW (in: dwFlags=0x0, lpModuleName="mscoree.dll", phModule=0xaff924 | out: phModule=0xaff924) returned 0 [0073.397] ExitProcess (uExitCode=0x0) [0073.397] HeapFree (in: hHeap=0x200000, dwFlags=0x0, lpMem=0x20f8d0 | out: hHeap=0x200000) returned 1 Thread: id = 59 os_tid = 0xc34 Thread: id = 60 os_tid = 0xc38 Thread: id = 61 os_tid = 0xf88 [0068.125] WaitForSingleObject (hHandle=0x7c, dwMilliseconds=0xffffffff) returned 0x0 [0068.127] WaitForSingleObject (hHandle=0x7c, dwMilliseconds=0xffffffff) returned 0x0 [0068.128] WaitForSingleObject (hHandle=0x7c, dwMilliseconds=0xffffffff) returned 0x0 [0068.130] WaitForSingleObject (hHandle=0x7c, dwMilliseconds=0xffffffff) returned 0x0 [0068.131] SetEvent (hEvent=0x338) returned 1 [0068.131] WaitForSingleObject (hHandle=0x7c, dwMilliseconds=0xffffffff) returned 0x0 [0068.132] WaitForSingleObject (hHandle=0x7c, dwMilliseconds=0xffffffff) returned 0x0 [0068.132] WaitForSingleObject (hHandle=0x7c, dwMilliseconds=0xffffffff) returned 0x0 [0068.133] WaitForSingleObject (hHandle=0x7c, dwMilliseconds=0xffffffff) returned 0x0 [0068.133] SetEvent (hEvent=0x338) returned 1 [0068.133] WaitForSingleObject (hHandle=0x7c, dwMilliseconds=0xffffffff) returned 0x0 [0068.134] WaitForSingleObject (hHandle=0x7c, dwMilliseconds=0xffffffff) returned 0x0 [0068.134] WaitForSingleObject (hHandle=0x7c, dwMilliseconds=0xffffffff) returned 0x0 [0068.135] WaitForSingleObject (hHandle=0x7c, dwMilliseconds=0xffffffff) returned 0x0 [0068.135] SetEvent (hEvent=0x338) returned 1 [0068.135] WaitForSingleObject (hHandle=0x7c, dwMilliseconds=0xffffffff) returned 0x0 [0068.136] WaitForSingleObject (hHandle=0x7c, dwMilliseconds=0xffffffff) returned 0x0 [0068.136] WaitForSingleObject (hHandle=0x7c, dwMilliseconds=0xffffffff) returned 0x0 [0068.137] WaitForSingleObject (hHandle=0x7c, dwMilliseconds=0xffffffff) returned 0x0 [0068.137] SetEvent (hEvent=0x338) returned 1 [0068.138] WaitForSingleObject (hHandle=0x7c, dwMilliseconds=0xffffffff) returned 0x0 [0068.138] WaitForSingleObject (hHandle=0x7c, dwMilliseconds=0xffffffff) returned 0x0 [0068.139] WaitForSingleObject (hHandle=0x7c, dwMilliseconds=0xffffffff) returned 0x0 [0068.140] SetEvent (hEvent=0x338) returned 1 [0068.171] WaitForSingleObject (hHandle=0x7c, dwMilliseconds=0xffffffff) returned 0x0 Thread: id = 62 os_tid = 0xcec [0068.171] WaitForSingleObject (hHandle=0x7c, dwMilliseconds=0xffffffff) returned 0x0 Thread: id = 63 os_tid = 0x37c [0068.175] WaitForSingleObject (hHandle=0x7c, dwMilliseconds=0xffffffff) returned 0x0 Thread: id = 64 os_tid = 0xa90 [0068.175] WaitForSingleObject (hHandle=0x7c, dwMilliseconds=0xffffffff) returned 0x0 Thread: id = 65 os_tid = 0xdb0 [0068.175] WaitForSingleObject (hHandle=0x7c, dwMilliseconds=0xffffffff) returned 0x0 Thread: id = 66 os_tid = 0x540 [0068.176] WaitForSingleObject (hHandle=0x7c, dwMilliseconds=0xffffffff) returned 0x0 Thread: id = 67 os_tid = 0x840 [0068.176] WaitForSingleObject (hHandle=0x7c, dwMilliseconds=0xffffffff) returned 0x0 Thread: id = 68 os_tid = 0xd20 [0068.176] WaitForSingleObject (hHandle=0x7c, dwMilliseconds=0xffffffff) returned 0x0 Thread: id = 69 os_tid = 0x7a8 [0068.177] WaitForSingleObject (hHandle=0x7c, dwMilliseconds=0xffffffff) returned 0x0 Thread: id = 70 os_tid = 0x6c8 [0068.177] WaitForSingleObject (hHandle=0x7c, dwMilliseconds=0xffffffff) returned 0x0 Thread: id = 71 os_tid = 0x2ac [0068.177] WaitForSingleObject (hHandle=0x7c, dwMilliseconds=0xffffffff) returned 0x0 Thread: id = 72 os_tid = 0x344 [0068.177] WaitForSingleObject (hHandle=0x7c, dwMilliseconds=0xffffffff) returned 0x0 Thread: id = 73 os_tid = 0xe00 [0068.178] WaitForSingleObject (hHandle=0x7c, dwMilliseconds=0xffffffff) returned 0x0 Thread: id = 74 os_tid = 0xda4 [0068.180] WaitForSingleObject (hHandle=0x7c, dwMilliseconds=0xffffffff) returned 0x0 Thread: id = 75 os_tid = 0xf6c [0068.181] WaitForSingleObject (hHandle=0x7c, dwMilliseconds=0xffffffff) returned 0x0 Thread: id = 76 os_tid = 0xf58 [0068.182] WaitForSingleObject (hHandle=0x7c, dwMilliseconds=0xffffffff) returned 0x0 Thread: id = 77 os_tid = 0xc04 [0068.182] WaitForSingleObject (hHandle=0x7c, dwMilliseconds=0xffffffff) returned 0x0 Thread: id = 78 os_tid = 0xf60 [0068.183] WaitForSingleObject (hHandle=0x7c, dwMilliseconds=0xffffffff) returned 0x0 Thread: id = 79 os_tid = 0x9e4 [0068.183] WaitForSingleObject (hHandle=0x7c, dwMilliseconds=0xffffffff) returned 0x0 Thread: id = 80 os_tid = 0x8ac [0068.183] WaitForSingleObject (hHandle=0x7c, dwMilliseconds=0xffffffff) returned 0x0 Thread: id = 81 os_tid = 0xcbc [0068.183] WaitForSingleObject (hHandle=0x7c, dwMilliseconds=0xffffffff) returned 0x0 Thread: id = 82 os_tid = 0xf70 [0068.184] WaitForSingleObject (hHandle=0x7c, dwMilliseconds=0xffffffff) returned 0x0 Thread: id = 83 os_tid = 0xc6c [0068.184] WaitForSingleObject (hHandle=0x7c, dwMilliseconds=0xffffffff) returned 0x0 Thread: id = 84 os_tid = 0xfb4 [0068.184] WaitForSingleObject (hHandle=0x7c, dwMilliseconds=0xffffffff) returned 0x0 Thread: id = 85 os_tid = 0xb0c [0068.185] WaitForSingleObject (hHandle=0x7c, dwMilliseconds=0xffffffff) returned 0x0 Thread: id = 86 os_tid = 0x7ec [0068.185] WaitForSingleObject (hHandle=0x7c, dwMilliseconds=0xffffffff) returned 0x0 Thread: id = 87 os_tid = 0xf14 [0068.185] WaitForSingleObject (hHandle=0x7c, dwMilliseconds=0xffffffff) returned 0x0 Thread: id = 88 os_tid = 0x7bc [0068.185] WaitForSingleObject (hHandle=0x7c, dwMilliseconds=0xffffffff) returned 0x0 Thread: id = 89 os_tid = 0xd84 [0068.186] WaitForSingleObject (hHandle=0x7c, dwMilliseconds=0xffffffff) returned 0x0 Thread: id = 90 os_tid = 0xa80 [0068.189] WaitForSingleObject (hHandle=0x7c, dwMilliseconds=0xffffffff) returned 0x0 Thread: id = 91 os_tid = 0xfc8 [0068.191] WaitForSingleObject (hHandle=0x7c, dwMilliseconds=0xffffffff) returned 0x0 Thread: id = 92 os_tid = 0xfb0 [0068.191] WaitForSingleObject (hHandle=0x7c, dwMilliseconds=0xffffffff) returned 0x0 Thread: id = 93 os_tid = 0xe9c Thread: id = 94 os_tid = 0x498 Thread: id = 95 os_tid = 0xedc Thread: id = 96 os_tid = 0xe60 Process: id = "6" image_name = "fatura.exe" filename = "c:\\users\\fd1hvy\\appdata\\local\\temp\\fatura.exe" page_root = "0x125fe000" os_pid = "0x7f0" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "5" os_parent_pid = "0x784" cmd_line = "\"C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\fatura.exe\" " cur_dir = "C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\" os_username = "NQDPDE\\FD1HVy" bitness = "32" os_groups = "NQDPDE\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:000103c1" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 97 os_tid = 0xf88 [0077.074] CoInitializeEx (pvReserved=0x0, dwCoInit=0x2) returned 0x0 [0077.105] RoInitialize () returned 0x1 [0077.105] RoUninitialize () returned 0x0 [0078.367] BCryptGetFipsAlgorithmMode (in: pfEnabled=0xafef8c | out: pfEnabled=0xafef8c) returned 0x0 [0078.568] GetCurrentProcessId () returned 0x7f0 [0078.579] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeDebugPrivilege", lpLuid=0xafe87c | out: lpLuid=0xafe87c*(LowPart=0x14, HighPart=0)) returned 1 [0078.581] GetCurrentProcess () returned 0xffffffff [0078.582] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x20, TokenHandle=0xafe878 | out: TokenHandle=0xafe878*=0x2f0) returned 1 [0078.582] AdjustTokenPrivileges (in: TokenHandle=0x2f0, DisableAllPrivileges=0, NewState=0x2994f38*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1 [0078.584] CloseHandle (hObject=0x2f0) returned 1 [0078.587] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x7f0) returned 0x2f0 [0078.609] EnumProcessModules (in: hProcess=0x2f0, lphModule=0x2994f7c, cb=0x100, lpcbNeeded=0xafefe8 | out: lphModule=0x2994f7c, lpcbNeeded=0xafefe8) returned 1 [0078.611] GetModuleInformation (in: hProcess=0x2f0, hModule=0x6b0000, lpmodinfo=0x29950c8, cb=0xc | out: lpmodinfo=0x29950c8*(lpBaseOfDll=0x6b0000, SizeOfImage=0xb6000, EntryPoint=0x0)) returned 1 [0078.613] CoTaskMemAlloc (cb=0x804) returned 0xd653e8 [0078.613] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x6b0000, lpBaseName=0xd653e8, nSize=0x800 | out: lpBaseName="fatura.exe") returned 0xa [0078.614] CoTaskMemFree (pv=0xd653e8) [0078.614] CoTaskMemAlloc (cb=0x804) returned 0xd653e8 [0078.614] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x6b0000, lpFilename=0xd653e8, nSize=0x800 | out: lpFilename="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\fatura.exe" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\fatura.exe")) returned 0x2d [0078.614] CoTaskMemFree (pv=0xd653e8) [0078.652] CloseHandle (hObject=0x2f0) returned 1 [0078.654] GetCurrentProcessId () returned 0x7f0 [0078.654] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x7f0) returned 0x2f0 [0078.654] EnumProcessModules (in: hProcess=0x2f0, lphModule=0x29974a0, cb=0x100, lpcbNeeded=0xafefe8 | out: lphModule=0x29974a0, lpcbNeeded=0xafefe8) returned 1 [0078.654] GetModuleInformation (in: hProcess=0x2f0, hModule=0x6b0000, lpmodinfo=0x29975e0, cb=0xc | out: lpmodinfo=0x29975e0*(lpBaseOfDll=0x6b0000, SizeOfImage=0xb6000, EntryPoint=0x0)) returned 1 [0078.654] CoTaskMemAlloc (cb=0x804) returned 0xd653e8 [0078.654] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x6b0000, lpBaseName=0xd653e8, nSize=0x800 | out: lpBaseName="fatura.exe") returned 0xa [0078.654] CoTaskMemFree (pv=0xd653e8) [0078.655] CoTaskMemAlloc (cb=0x804) returned 0xd653e8 [0078.655] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x6b0000, lpFilename=0xd653e8, nSize=0x800 | out: lpFilename="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\fatura.exe" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\fatura.exe")) returned 0x2d [0078.655] CoTaskMemFree (pv=0xd653e8) [0078.655] CloseHandle (hObject=0x2f0) returned 1 [0078.753] GetCurrentProcessId () returned 0x7f0 [0078.757] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x7f0) returned 0x2f0 [0078.757] EnumProcessModules (in: hProcess=0x2f0, lphModule=0x2999c2c, cb=0x100, lpcbNeeded=0xafd6d8 | out: lphModule=0x2999c2c, lpcbNeeded=0xafd6d8) returned 1 [0078.757] GetModuleInformation (in: hProcess=0x2f0, hModule=0x6b0000, lpmodinfo=0x2999d6c, cb=0xc | out: lpmodinfo=0x2999d6c*(lpBaseOfDll=0x6b0000, SizeOfImage=0xb6000, EntryPoint=0x0)) returned 1 [0078.757] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.757] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x6b0000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="fatura.exe") returned 0xa [0078.757] CoTaskMemFree (pv=0xd66600) [0078.757] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.757] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x6b0000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\fatura.exe" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\fatura.exe")) returned 0x2d [0078.758] CoTaskMemFree (pv=0xd66600) [0078.758] GetModuleInformation (in: hProcess=0x2f0, hModule=0x77bb0000, lpmodinfo=0x299beb0, cb=0xc | out: lpmodinfo=0x299beb0*(lpBaseOfDll=0x77bb0000, SizeOfImage=0x18e000, EntryPoint=0x0)) returned 1 [0078.758] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.758] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x77bb0000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0078.758] CoTaskMemFree (pv=0xd66600) [0078.758] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.758] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x77bb0000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0078.758] CoTaskMemFree (pv=0xd66600) [0078.758] GetModuleInformation (in: hProcess=0x2f0, hModule=0x71b40000, lpmodinfo=0x299dfb4, cb=0xc | out: lpmodinfo=0x299dfb4*(lpBaseOfDll=0x71b40000, SizeOfImage=0x55000, EntryPoint=0x71b70a30)) returned 1 [0078.758] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.758] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x71b40000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="MSCOREE.DLL") returned 0xb [0078.758] CoTaskMemFree (pv=0xd66600) [0078.758] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.758] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x71b40000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\SYSTEM32\\MSCOREE.DLL" (normalized: "c:\\windows\\system32\\mscoree.dll")) returned 0x1f [0078.759] CoTaskMemFree (pv=0xd66600) [0078.759] GetModuleInformation (in: hProcess=0x2f0, hModule=0x75e90000, lpmodinfo=0x29a00c0, cb=0xc | out: lpmodinfo=0x29a00c0*(lpBaseOfDll=0x75e90000, SizeOfImage=0xd0000, EntryPoint=0x75ea06a0)) returned 1 [0078.759] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.759] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x75e90000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="KERNEL32.dll") returned 0xc [0078.759] CoTaskMemFree (pv=0xd66600) [0078.759] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.759] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x75e90000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\System32\\KERNEL32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")) returned 0x20 [0078.759] CoTaskMemFree (pv=0xd66600) [0078.759] GetModuleInformation (in: hProcess=0x2f0, hModule=0x74ea0000, lpmodinfo=0x29a21d4, cb=0xc | out: lpmodinfo=0x29a21d4*(lpBaseOfDll=0x74ea0000, SizeOfImage=0x1c2000, EntryPoint=0x74f8ff30)) returned 1 [0078.759] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.759] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x74ea0000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="KERNELBASE.dll") returned 0xe [0078.760] CoTaskMemFree (pv=0xd66600) [0078.760] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.760] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x74ea0000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\System32\\KERNELBASE.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")) returned 0x22 [0078.760] CoTaskMemFree (pv=0xd66600) [0078.760] GetModuleInformation (in: hProcess=0x2f0, hModule=0x745d0000, lpmodinfo=0x29a431c, cb=0xc | out: lpmodinfo=0x29a431c*(lpBaseOfDll=0x745d0000, SizeOfImage=0x93000, EntryPoint=0x74604270)) returned 1 [0078.760] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.760] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x745d0000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="apphelp.dll") returned 0xb [0078.760] CoTaskMemFree (pv=0xd66600) [0078.760] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.760] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x745d0000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\SYSTEM32\\apphelp.dll" (normalized: "c:\\windows\\system32\\apphelp.dll")) returned 0x1f [0078.760] CoTaskMemFree (pv=0xd66600) [0078.760] GetModuleInformation (in: hProcess=0x2f0, hModule=0x761b0000, lpmodinfo=0x29a6428, cb=0xc | out: lpmodinfo=0x29a6428*(lpBaseOfDll=0x761b0000, SizeOfImage=0x77000, EntryPoint=0x761ce5b0)) returned 1 [0078.761] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.761] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x761b0000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="ADVAPI32.dll") returned 0xc [0078.761] CoTaskMemFree (pv=0xd66600) [0078.761] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.761] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x761b0000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\System32\\ADVAPI32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")) returned 0x20 [0078.761] CoTaskMemFree (pv=0xd66600) [0078.761] GetModuleInformation (in: hProcess=0x2f0, hModule=0x77a30000, lpmodinfo=0x29a853c, cb=0xc | out: lpmodinfo=0x29a853c*(lpBaseOfDll=0x77a30000, SizeOfImage=0xbd000, EntryPoint=0x77a655e0)) returned 1 [0078.761] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.761] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x77a30000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="msvcrt.dll") returned 0xa [0078.761] CoTaskMemFree (pv=0xd66600) [0078.761] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.761] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x77a30000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")) returned 0x1e [0078.761] CoTaskMemFree (pv=0xd66600) [0078.761] GetModuleInformation (in: hProcess=0x2f0, hModule=0x75fb0000, lpmodinfo=0x29aa648, cb=0xc | out: lpmodinfo=0x29aa648*(lpBaseOfDll=0x75fb0000, SizeOfImage=0x41000, EntryPoint=0x75fc3400)) returned 1 [0078.762] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.762] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x75fb0000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="sechost.dll") returned 0xb [0078.762] CoTaskMemFree (pv=0xd66600) [0078.762] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.762] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x75fb0000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")) returned 0x1f [0078.762] CoTaskMemFree (pv=0xd66600) [0078.762] GetModuleInformation (in: hProcess=0x2f0, hModule=0x74710000, lpmodinfo=0x29ac7a0, cb=0xc | out: lpmodinfo=0x29ac7a0*(lpBaseOfDll=0x74710000, SizeOfImage=0xc0000, EntryPoint=0x7473fb20)) returned 1 [0078.762] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.762] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x74710000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="RPCRT4.dll") returned 0xa [0078.762] CoTaskMemFree (pv=0xd66600) [0078.762] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.762] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x74710000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\System32\\RPCRT4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")) returned 0x1e [0078.762] CoTaskMemFree (pv=0xd66600) [0078.763] GetModuleInformation (in: hProcess=0x2f0, hModule=0x74680000, lpmodinfo=0x29ae8ac, cb=0xc | out: lpmodinfo=0x29ae8ac*(lpBaseOfDll=0x74680000, SizeOfImage=0x20000, EntryPoint=0x7468c9a0)) returned 1 [0078.763] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.763] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x74680000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="SspiCli.dll") returned 0xb [0078.763] CoTaskMemFree (pv=0xd66600) [0078.763] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.763] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x74680000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\System32\\SspiCli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll")) returned 0x1f [0078.763] CoTaskMemFree (pv=0xd66600) [0078.763] GetModuleInformation (in: hProcess=0x2f0, hModule=0x74670000, lpmodinfo=0x29b09b8, cb=0xc | out: lpmodinfo=0x29b09b8*(lpBaseOfDll=0x74670000, SizeOfImage=0xa000, EntryPoint=0x74672a00)) returned 1 [0078.763] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.763] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x74670000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="CRYPTBASE.dll") returned 0xd [0078.763] CoTaskMemFree (pv=0xd66600) [0078.764] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.764] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x74670000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\System32\\CRYPTBASE.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll")) returned 0x21 [0078.764] CoTaskMemFree (pv=0xd66600) [0078.764] GetModuleInformation (in: hProcess=0x2f0, hModule=0x74da0000, lpmodinfo=0x29b2acc, cb=0xc | out: lpmodinfo=0x29b2acc*(lpBaseOfDll=0x74da0000, SizeOfImage=0x57000, EntryPoint=0x74ddde40)) returned 1 [0078.764] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.764] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x74da0000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="bcryptPrimitives.dll") returned 0x14 [0078.764] CoTaskMemFree (pv=0xd66600) [0078.764] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.764] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x74da0000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\System32\\bcryptPrimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll")) returned 0x28 [0078.764] CoTaskMemFree (pv=0xd66600) [0078.764] GetModuleInformation (in: hProcess=0x2f0, hModule=0x71ac0000, lpmodinfo=0x29b4c00, cb=0xc | out: lpmodinfo=0x29b4c00*(lpBaseOfDll=0x71ac0000, SizeOfImage=0x7d000, EntryPoint=0x71ac3c80)) returned 1 [0078.764] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.764] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x71ac0000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="mscoreei.dll") returned 0xc [0078.765] CoTaskMemFree (pv=0xd66600) [0078.765] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.765] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x71ac0000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscoreei.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\mscoreei.dll")) returned 0x3a [0078.765] CoTaskMemFree (pv=0xd66600) [0078.765] GetModuleInformation (in: hProcess=0x2f0, hModule=0x75f60000, lpmodinfo=0x29b6d48, cb=0xc | out: lpmodinfo=0x29b6d48*(lpBaseOfDll=0x75f60000, SizeOfImage=0x45000, EntryPoint=0x75f79260)) returned 1 [0078.765] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.765] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x75f60000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="SHLWAPI.dll") returned 0xb [0078.765] CoTaskMemFree (pv=0xd66600) [0078.765] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.765] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x75f60000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\System32\\SHLWAPI.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll")) returned 0x1f [0078.765] CoTaskMemFree (pv=0xd66600) [0078.765] GetModuleInformation (in: hProcess=0x2f0, hModule=0x75c50000, lpmodinfo=0x29b8e54, cb=0xc | out: lpmodinfo=0x29b8e54*(lpBaseOfDll=0x75c50000, SizeOfImage=0x238000, EntryPoint=0x75d6e060)) returned 1 [0078.765] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.765] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x75c50000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="combase.dll") returned 0xb [0078.766] CoTaskMemFree (pv=0xd66600) [0078.766] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.766] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x75c50000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll")) returned 0x1f [0078.766] CoTaskMemFree (pv=0xd66600) [0078.766] GetModuleInformation (in: hProcess=0x2f0, hModule=0x76000000, lpmodinfo=0x29baf60, cb=0xc | out: lpmodinfo=0x29baf60*(lpBaseOfDll=0x76000000, SizeOfImage=0x118000, EntryPoint=0x7602a3c0)) returned 1 [0078.766] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.766] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x76000000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="ucrtbase.dll") returned 0xc [0078.766] CoTaskMemFree (pv=0xd66600) [0078.766] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.766] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x76000000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\System32\\ucrtbase.dll" (normalized: "c:\\windows\\system32\\ucrtbase.dll")) returned 0x20 [0078.766] CoTaskMemFree (pv=0xd66600) [0078.766] GetModuleInformation (in: hProcess=0x2f0, hModule=0x75b70000, lpmodinfo=0x29bd100, cb=0xc | out: lpmodinfo=0x29bd100*(lpBaseOfDll=0x75b70000, SizeOfImage=0x21000, EntryPoint=0x75b76900)) returned 1 [0078.767] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.767] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x75b70000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="GDI32.dll") returned 0x9 [0078.767] CoTaskMemFree (pv=0xd66600) [0078.767] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.767] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x75b70000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\System32\\GDI32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")) returned 0x1d [0078.767] CoTaskMemFree (pv=0xd66600) [0078.767] GetModuleInformation (in: hProcess=0x2f0, hModule=0x76290000, lpmodinfo=0x29bf204, cb=0xc | out: lpmodinfo=0x29bf204*(lpBaseOfDll=0x76290000, SizeOfImage=0x158000, EntryPoint=0x7634a9c0)) returned 1 [0078.767] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.767] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x76290000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="gdi32full.dll") returned 0xd [0078.767] CoTaskMemFree (pv=0xd66600) [0078.767] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.767] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x76290000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\System32\\gdi32full.dll" (normalized: "c:\\windows\\system32\\gdi32full.dll")) returned 0x21 [0078.768] CoTaskMemFree (pv=0xd66600) [0078.768] GetModuleInformation (in: hProcess=0x2f0, hModule=0x77b30000, lpmodinfo=0x29c1318, cb=0xc | out: lpmodinfo=0x29c1318*(lpBaseOfDll=0x77b30000, SizeOfImage=0x79000, EntryPoint=0x77b44180)) returned 1 [0078.768] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.768] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x77b30000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="msvcp_win.dll") returned 0xd [0078.768] CoTaskMemFree (pv=0xd66600) [0078.768] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.768] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x77b30000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\System32\\msvcp_win.dll" (normalized: "c:\\windows\\system32\\msvcp_win.dll")) returned 0x21 [0078.768] CoTaskMemFree (pv=0xd66600) [0078.768] GetModuleInformation (in: hProcess=0x2f0, hModule=0x74b70000, lpmodinfo=0x29c342c, cb=0xc | out: lpmodinfo=0x29c342c*(lpBaseOfDll=0x74b70000, SizeOfImage=0x13c000, EntryPoint=0x74b9b3d0)) returned 1 [0078.768] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.768] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x74b70000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="USER32.dll") returned 0xa [0078.769] CoTaskMemFree (pv=0xd66600) [0078.769] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.769] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x74b70000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\System32\\USER32.dll" (normalized: "c:\\windows\\system32\\user32.dll")) returned 0x1e [0078.769] CoTaskMemFree (pv=0xd66600) [0078.769] GetModuleInformation (in: hProcess=0x2f0, hModule=0x74ac0000, lpmodinfo=0x29c5538, cb=0xc | out: lpmodinfo=0x29c5538*(lpBaseOfDll=0x74ac0000, SizeOfImage=0x16000, EntryPoint=0x0)) returned 1 [0078.769] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.769] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x74ac0000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="win32u.dll") returned 0xa [0078.769] CoTaskMemFree (pv=0xd66600) [0078.769] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.769] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x74ac0000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\System32\\win32u.dll" (normalized: "c:\\windows\\system32\\win32u.dll")) returned 0x1e [0078.769] CoTaskMemFree (pv=0xd66600) [0078.769] GetModuleInformation (in: hProcess=0x2f0, hModule=0x74e20000, lpmodinfo=0x29c7644, cb=0xc | out: lpmodinfo=0x29c7644*(lpBaseOfDll=0x74e20000, SizeOfImage=0x25000, EntryPoint=0x74e247d0)) returned 1 [0078.769] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.769] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x74e20000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="IMM32.DLL") returned 0x9 [0078.770] CoTaskMemFree (pv=0xd66600) [0078.770] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.770] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x74e20000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\System32\\IMM32.DLL" (normalized: "c:\\windows\\system32\\imm32.dll")) returned 0x1d [0078.770] CoTaskMemFree (pv=0xd66600) [0078.770] GetModuleInformation (in: hProcess=0x2f0, hModule=0x75ba0000, lpmodinfo=0x29c9748, cb=0xc | out: lpmodinfo=0x29c9748*(lpBaseOfDll=0x75ba0000, SizeOfImage=0xe000, EntryPoint=0x75ba3e30)) returned 1 [0078.770] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.770] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x75ba0000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="kernel.appcore.dll") returned 0x12 [0078.770] CoTaskMemFree (pv=0xd66600) [0078.770] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.770] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x75ba0000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll")) returned 0x26 [0078.770] CoTaskMemFree (pv=0xd66600) [0078.770] GetModuleInformation (in: hProcess=0x2f0, hModule=0x74140000, lpmodinfo=0x29cb874, cb=0xc | out: lpmodinfo=0x29cb874*(lpBaseOfDll=0x74140000, SizeOfImage=0x8000, EntryPoint=0x741417c0)) returned 1 [0078.771] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.771] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x74140000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="VERSION.dll") returned 0xb [0078.772] CoTaskMemFree (pv=0xd66600) [0078.772] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.772] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x74140000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\SYSTEM32\\VERSION.dll" (normalized: "c:\\windows\\system32\\version.dll")) returned 0x1f [0078.773] CoTaskMemFree (pv=0xd66600) [0078.773] GetModuleInformation (in: hProcess=0x2f0, hModule=0x713d0000, lpmodinfo=0x29cd980, cb=0xc | out: lpmodinfo=0x29cd980*(lpBaseOfDll=0x713d0000, SizeOfImage=0x6e6000, EntryPoint=0x713e83d0)) returned 1 [0078.773] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.773] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x713d0000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="clr.dll") returned 0x7 [0078.773] CoTaskMemFree (pv=0xd66600) [0078.773] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.773] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x713d0000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clr.dll")) returned 0x35 [0078.773] CoTaskMemFree (pv=0xd66600) [0078.773] GetModuleInformation (in: hProcess=0x2f0, hModule=0x732a0000, lpmodinfo=0x29cfab0, cb=0xc | out: lpmodinfo=0x29cfab0*(lpBaseOfDll=0x732a0000, SizeOfImage=0xf5000, EntryPoint=0x732f4180)) returned 1 [0078.774] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.774] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x732a0000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="MSVCR120_CLR0400.dll") returned 0x14 [0078.774] CoTaskMemFree (pv=0xd66600) [0078.774] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.774] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x732a0000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\SYSTEM32\\MSVCR120_CLR0400.dll" (normalized: "c:\\windows\\system32\\msvcr120_clr0400.dll")) returned 0x28 [0078.774] CoTaskMemFree (pv=0xd66600) [0078.774] GetModuleInformation (in: hProcess=0x2f0, hModule=0x70040000, lpmodinfo=0x29d1be4, cb=0xc | out: lpmodinfo=0x29d1be4*(lpBaseOfDll=0x70040000, SizeOfImage=0x138d000, EntryPoint=0x0)) returned 1 [0078.774] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.774] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x70040000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="mscorlib.ni.dll") returned 0xf [0078.775] CoTaskMemFree (pv=0xd66600) [0078.775] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.775] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x70040000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\assembly\\NativeImages_v4.0.30319_32\\mscorlib\\f12799647dc4f4abd2f0f17790337f04\\mscorlib.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\mscorlib\\f12799647dc4f4abd2f0f17790337f04\\mscorlib.ni.dll")) returned 0x68 [0078.775] CoTaskMemFree (pv=0xd66600) [0078.775] GetModuleInformation (in: hProcess=0x2f0, hModule=0x77920000, lpmodinfo=0x29d3d8c, cb=0xc | out: lpmodinfo=0x29d3d8c*(lpBaseOfDll=0x77920000, SizeOfImage=0xf3000, EntryPoint=0x7795a100)) returned 1 [0078.775] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.775] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x77920000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="ole32.dll") returned 0x9 [0078.775] CoTaskMemFree (pv=0xd66600) [0078.775] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.775] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x77920000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll")) returned 0x1d [0078.775] CoTaskMemFree (pv=0xd66600) [0078.775] GetModuleInformation (in: hProcess=0x2f0, hModule=0x74550000, lpmodinfo=0x29d5e90, cb=0xc | out: lpmodinfo=0x29d5e90*(lpBaseOfDll=0x74550000, SizeOfImage=0x78000, EntryPoint=0x745885b0)) returned 1 [0078.775] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.775] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x74550000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="uxtheme.dll") returned 0xb [0078.776] CoTaskMemFree (pv=0xd66600) [0078.776] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.776] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x74550000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\system32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll")) returned 0x1f [0078.776] CoTaskMemFree (pv=0xd66600) [0078.776] GetModuleInformation (in: hProcess=0x2f0, hModule=0x73220000, lpmodinfo=0x29d7f9c, cb=0xc | out: lpmodinfo=0x29d7f9c*(lpBaseOfDll=0x73220000, SizeOfImage=0x80000, EntryPoint=0x73221180)) returned 1 [0078.776] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.776] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x73220000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="clrjit.dll") returned 0xa [0078.776] CoTaskMemFree (pv=0xd66600) [0078.776] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.776] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x73220000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clrjit.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clrjit.dll")) returned 0x38 [0078.776] CoTaskMemFree (pv=0xd66600) [0078.776] GetModuleInformation (in: hProcess=0x2f0, hModule=0x75bb0000, lpmodinfo=0x29da0dc, cb=0xc | out: lpmodinfo=0x29da0dc*(lpBaseOfDll=0x75bb0000, SizeOfImage=0x96000, EntryPoint=0x75be8f60)) returned 1 [0078.777] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.777] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x75bb0000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="OLEAUT32.dll") returned 0xc [0078.777] CoTaskMemFree (pv=0xd66600) [0078.777] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.777] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x75bb0000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\System32\\OLEAUT32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")) returned 0x20 [0078.777] CoTaskMemFree (pv=0xd66600) [0078.777] GetModuleInformation (in: hProcess=0x2f0, hModule=0x6f660000, lpmodinfo=0x29dc1f0, cb=0xc | out: lpmodinfo=0x29dc1f0*(lpBaseOfDll=0x6f660000, SizeOfImage=0x9df000, EntryPoint=0x0)) returned 1 [0078.777] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.777] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x6f660000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="System.ni.dll") returned 0xd [0078.777] CoTaskMemFree (pv=0xd66600) [0078.777] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.777] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x6f660000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\assembly\\NativeImages_v4.0.30319_32\\System\\fcfb8bac8ea9a0e69d72c350b22f8e3f\\System.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system\\fcfb8bac8ea9a0e69d72c350b22f8e3f\\system.ni.dll")) returned 0x64 [0078.777] CoTaskMemFree (pv=0xd66600) [0078.777] GetModuleInformation (in: hProcess=0x2f0, hModule=0x6ef00000, lpmodinfo=0x29de498, cb=0xc | out: lpmodinfo=0x29de498*(lpBaseOfDll=0x6ef00000, SizeOfImage=0x756000, EntryPoint=0x0)) returned 1 [0078.778] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.778] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x6ef00000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="System.Core.ni.dll") returned 0x12 [0078.778] CoTaskMemFree (pv=0xd66600) [0078.778] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.778] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x6ef00000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\assembly\\NativeImages_v4.0.30319_32\\System.Core\\7334607a1c01834b6f09c482bd20ff7e\\System.Core.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.core\\7334607a1c01834b6f09c482bd20ff7e\\system.core.ni.dll")) returned 0x6e [0078.778] CoTaskMemFree (pv=0xd66600) [0078.778] GetModuleInformation (in: hProcess=0x2f0, hModule=0x73200000, lpmodinfo=0x29e0654, cb=0xc | out: lpmodinfo=0x29e0654*(lpBaseOfDll=0x73200000, SizeOfImage=0x13000, EntryPoint=0x73206c40)) returned 1 [0078.778] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.778] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x73200000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="CRYPTSP.dll") returned 0xb [0078.778] CoTaskMemFree (pv=0xd66600) [0078.778] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.778] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x73200000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\SYSTEM32\\CRYPTSP.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll")) returned 0x1f [0078.779] CoTaskMemFree (pv=0xd66600) [0078.779] GetModuleInformation (in: hProcess=0x2f0, hModule=0x74100000, lpmodinfo=0x29e2760, cb=0xc | out: lpmodinfo=0x29e2760*(lpBaseOfDll=0x74100000, SizeOfImage=0x2f000, EntryPoint=0x7410c000)) returned 1 [0078.779] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.779] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x74100000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="rsaenh.dll") returned 0xa [0078.779] CoTaskMemFree (pv=0xd66600) [0078.779] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.779] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x74100000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\system32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")) returned 0x1e [0078.779] CoTaskMemFree (pv=0xd66600) [0078.779] GetModuleInformation (in: hProcess=0x2f0, hModule=0x740e0000, lpmodinfo=0x29e486c, cb=0xc | out: lpmodinfo=0x29e486c*(lpBaseOfDll=0x740e0000, SizeOfImage=0x18000, EntryPoint=0x740e8f30)) returned 1 [0078.779] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.779] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x740e0000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="bcrypt.dll") returned 0xa [0078.779] CoTaskMemFree (pv=0xd66600) [0078.780] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.780] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x740e0000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\SYSTEM32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll")) returned 0x1e [0078.780] CoTaskMemFree (pv=0xd66600) [0078.780] GetModuleInformation (in: hProcess=0x2f0, hModule=0x76180000, lpmodinfo=0x29e6978, cb=0xc | out: lpmodinfo=0x29e6978*(lpBaseOfDll=0x76180000, SizeOfImage=0x6000, EntryPoint=0x76181460)) returned 1 [0078.780] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.780] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x76180000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="psapi.dll") returned 0x9 [0078.780] CoTaskMemFree (pv=0xd66600) [0078.780] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.780] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x76180000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\System32\\psapi.dll" (normalized: "c:\\windows\\system32\\psapi.dll")) returned 0x1d [0078.780] CoTaskMemFree (pv=0xd66600) [0078.780] CloseHandle (hObject=0x2f0) returned 1 [0078.851] GetCurrentProcessId () returned 0x7f0 [0078.851] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x7f0) returned 0x2f0 [0078.851] EnumProcessModules (in: hProcess=0x2f0, lphModule=0x2ac0100, cb=0x100, lpcbNeeded=0xafd6d8 | out: lphModule=0x2ac0100, lpcbNeeded=0xafd6d8) returned 1 [0078.851] GetModuleInformation (in: hProcess=0x2f0, hModule=0x6b0000, lpmodinfo=0x2ac0240, cb=0xc | out: lpmodinfo=0x2ac0240*(lpBaseOfDll=0x6b0000, SizeOfImage=0xb6000, EntryPoint=0x0)) returned 1 [0078.851] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.851] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x6b0000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="fatura.exe") returned 0xa [0078.851] CoTaskMemFree (pv=0xd66600) [0078.851] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.851] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x6b0000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\fatura.exe" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\fatura.exe")) returned 0x2d [0078.852] CoTaskMemFree (pv=0xd66600) [0078.852] GetModuleInformation (in: hProcess=0x2f0, hModule=0x77bb0000, lpmodinfo=0x2ac2384, cb=0xc | out: lpmodinfo=0x2ac2384*(lpBaseOfDll=0x77bb0000, SizeOfImage=0x18e000, EntryPoint=0x0)) returned 1 [0078.852] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.852] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x77bb0000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0078.852] CoTaskMemFree (pv=0xd66600) [0078.852] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.852] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x77bb0000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0078.852] CoTaskMemFree (pv=0xd66600) [0078.852] GetModuleInformation (in: hProcess=0x2f0, hModule=0x71b40000, lpmodinfo=0x2ac4488, cb=0xc | out: lpmodinfo=0x2ac4488*(lpBaseOfDll=0x71b40000, SizeOfImage=0x55000, EntryPoint=0x71b70a30)) returned 1 [0078.852] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.852] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x71b40000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="MSCOREE.DLL") returned 0xb [0078.853] CoTaskMemFree (pv=0xd66600) [0078.853] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.853] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x71b40000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\SYSTEM32\\MSCOREE.DLL" (normalized: "c:\\windows\\system32\\mscoree.dll")) returned 0x1f [0078.853] CoTaskMemFree (pv=0xd66600) [0078.853] GetModuleInformation (in: hProcess=0x2f0, hModule=0x75e90000, lpmodinfo=0x2ac6594, cb=0xc | out: lpmodinfo=0x2ac6594*(lpBaseOfDll=0x75e90000, SizeOfImage=0xd0000, EntryPoint=0x75ea06a0)) returned 1 [0078.853] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.853] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x75e90000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="KERNEL32.dll") returned 0xc [0078.853] CoTaskMemFree (pv=0xd66600) [0078.853] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.853] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x75e90000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\System32\\KERNEL32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")) returned 0x20 [0078.853] CoTaskMemFree (pv=0xd66600) [0078.853] GetModuleInformation (in: hProcess=0x2f0, hModule=0x74ea0000, lpmodinfo=0x2ac86a8, cb=0xc | out: lpmodinfo=0x2ac86a8*(lpBaseOfDll=0x74ea0000, SizeOfImage=0x1c2000, EntryPoint=0x74f8ff30)) returned 1 [0078.853] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.853] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x74ea0000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="KERNELBASE.dll") returned 0xe [0078.854] CoTaskMemFree (pv=0xd66600) [0078.854] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.854] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x74ea0000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\System32\\KERNELBASE.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")) returned 0x22 [0078.854] CoTaskMemFree (pv=0xd66600) [0078.854] GetModuleInformation (in: hProcess=0x2f0, hModule=0x745d0000, lpmodinfo=0x2aca7f0, cb=0xc | out: lpmodinfo=0x2aca7f0*(lpBaseOfDll=0x745d0000, SizeOfImage=0x93000, EntryPoint=0x74604270)) returned 1 [0078.854] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.854] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x745d0000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="apphelp.dll") returned 0xb [0078.854] CoTaskMemFree (pv=0xd66600) [0078.854] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.854] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x745d0000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\SYSTEM32\\apphelp.dll" (normalized: "c:\\windows\\system32\\apphelp.dll")) returned 0x1f [0078.854] CoTaskMemFree (pv=0xd66600) [0078.854] GetModuleInformation (in: hProcess=0x2f0, hModule=0x761b0000, lpmodinfo=0x2acc8fc, cb=0xc | out: lpmodinfo=0x2acc8fc*(lpBaseOfDll=0x761b0000, SizeOfImage=0x77000, EntryPoint=0x761ce5b0)) returned 1 [0078.854] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.854] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x761b0000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="ADVAPI32.dll") returned 0xc [0078.855] CoTaskMemFree (pv=0xd66600) [0078.855] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.855] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x761b0000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\System32\\ADVAPI32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")) returned 0x20 [0078.855] CoTaskMemFree (pv=0xd66600) [0078.855] GetModuleInformation (in: hProcess=0x2f0, hModule=0x77a30000, lpmodinfo=0x2acea10, cb=0xc | out: lpmodinfo=0x2acea10*(lpBaseOfDll=0x77a30000, SizeOfImage=0xbd000, EntryPoint=0x77a655e0)) returned 1 [0078.855] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.855] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x77a30000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="msvcrt.dll") returned 0xa [0078.855] CoTaskMemFree (pv=0xd66600) [0078.855] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.855] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x77a30000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")) returned 0x1e [0078.855] CoTaskMemFree (pv=0xd66600) [0078.855] GetModuleInformation (in: hProcess=0x2f0, hModule=0x75fb0000, lpmodinfo=0x2ad0b1c, cb=0xc | out: lpmodinfo=0x2ad0b1c*(lpBaseOfDll=0x75fb0000, SizeOfImage=0x41000, EntryPoint=0x75fc3400)) returned 1 [0078.855] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.856] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x75fb0000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="sechost.dll") returned 0xb [0078.856] CoTaskMemFree (pv=0xd66600) [0078.856] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.856] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x75fb0000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")) returned 0x1f [0078.856] CoTaskMemFree (pv=0xd66600) [0078.856] GetModuleInformation (in: hProcess=0x2f0, hModule=0x74710000, lpmodinfo=0x2ad2c74, cb=0xc | out: lpmodinfo=0x2ad2c74*(lpBaseOfDll=0x74710000, SizeOfImage=0xc0000, EntryPoint=0x7473fb20)) returned 1 [0078.856] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.856] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x74710000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="RPCRT4.dll") returned 0xa [0078.856] CoTaskMemFree (pv=0xd66600) [0078.856] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.856] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x74710000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\System32\\RPCRT4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")) returned 0x1e [0078.857] CoTaskMemFree (pv=0xd66600) [0078.857] GetModuleInformation (in: hProcess=0x2f0, hModule=0x74680000, lpmodinfo=0x2ad4d80, cb=0xc | out: lpmodinfo=0x2ad4d80*(lpBaseOfDll=0x74680000, SizeOfImage=0x20000, EntryPoint=0x7468c9a0)) returned 1 [0078.857] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.857] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x74680000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="SspiCli.dll") returned 0xb [0078.857] CoTaskMemFree (pv=0xd66600) [0078.857] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.857] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x74680000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\System32\\SspiCli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll")) returned 0x1f [0078.857] CoTaskMemFree (pv=0xd66600) [0078.857] GetModuleInformation (in: hProcess=0x2f0, hModule=0x74670000, lpmodinfo=0x2ad6e8c, cb=0xc | out: lpmodinfo=0x2ad6e8c*(lpBaseOfDll=0x74670000, SizeOfImage=0xa000, EntryPoint=0x74672a00)) returned 1 [0078.857] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.857] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x74670000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="CRYPTBASE.dll") returned 0xd [0078.857] CoTaskMemFree (pv=0xd66600) [0078.858] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.858] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x74670000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\System32\\CRYPTBASE.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll")) returned 0x21 [0078.858] CoTaskMemFree (pv=0xd66600) [0078.858] GetModuleInformation (in: hProcess=0x2f0, hModule=0x74da0000, lpmodinfo=0x2ad8fa0, cb=0xc | out: lpmodinfo=0x2ad8fa0*(lpBaseOfDll=0x74da0000, SizeOfImage=0x57000, EntryPoint=0x74ddde40)) returned 1 [0078.858] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.858] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x74da0000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="bcryptPrimitives.dll") returned 0x14 [0078.858] CoTaskMemFree (pv=0xd66600) [0078.858] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.858] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x74da0000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\System32\\bcryptPrimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll")) returned 0x28 [0078.858] CoTaskMemFree (pv=0xd66600) [0078.858] GetModuleInformation (in: hProcess=0x2f0, hModule=0x71ac0000, lpmodinfo=0x2adb0d4, cb=0xc | out: lpmodinfo=0x2adb0d4*(lpBaseOfDll=0x71ac0000, SizeOfImage=0x7d000, EntryPoint=0x71ac3c80)) returned 1 [0078.858] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.858] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x71ac0000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="mscoreei.dll") returned 0xc [0078.859] CoTaskMemFree (pv=0xd66600) [0078.859] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.859] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x71ac0000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscoreei.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\mscoreei.dll")) returned 0x3a [0078.859] CoTaskMemFree (pv=0xd66600) [0078.859] GetModuleInformation (in: hProcess=0x2f0, hModule=0x75f60000, lpmodinfo=0x2add21c, cb=0xc | out: lpmodinfo=0x2add21c*(lpBaseOfDll=0x75f60000, SizeOfImage=0x45000, EntryPoint=0x75f79260)) returned 1 [0078.859] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.859] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x75f60000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="SHLWAPI.dll") returned 0xb [0078.859] CoTaskMemFree (pv=0xd66600) [0078.859] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.859] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x75f60000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\System32\\SHLWAPI.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll")) returned 0x1f [0078.859] CoTaskMemFree (pv=0xd66600) [0078.859] GetModuleInformation (in: hProcess=0x2f0, hModule=0x75c50000, lpmodinfo=0x2adf328, cb=0xc | out: lpmodinfo=0x2adf328*(lpBaseOfDll=0x75c50000, SizeOfImage=0x238000, EntryPoint=0x75d6e060)) returned 1 [0078.859] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.859] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x75c50000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="combase.dll") returned 0xb [0078.860] CoTaskMemFree (pv=0xd66600) [0078.860] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.860] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x75c50000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll")) returned 0x1f [0078.860] CoTaskMemFree (pv=0xd66600) [0078.860] GetModuleInformation (in: hProcess=0x2f0, hModule=0x76000000, lpmodinfo=0x2ae1434, cb=0xc | out: lpmodinfo=0x2ae1434*(lpBaseOfDll=0x76000000, SizeOfImage=0x118000, EntryPoint=0x7602a3c0)) returned 1 [0078.860] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.860] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x76000000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="ucrtbase.dll") returned 0xc [0078.860] CoTaskMemFree (pv=0xd66600) [0078.860] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.860] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x76000000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\System32\\ucrtbase.dll" (normalized: "c:\\windows\\system32\\ucrtbase.dll")) returned 0x20 [0078.860] CoTaskMemFree (pv=0xd66600) [0078.861] GetModuleInformation (in: hProcess=0x2f0, hModule=0x75b70000, lpmodinfo=0x2ae35d4, cb=0xc | out: lpmodinfo=0x2ae35d4*(lpBaseOfDll=0x75b70000, SizeOfImage=0x21000, EntryPoint=0x75b76900)) returned 1 [0078.861] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.861] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x75b70000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="GDI32.dll") returned 0x9 [0078.861] CoTaskMemFree (pv=0xd66600) [0078.861] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.861] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x75b70000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\System32\\GDI32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")) returned 0x1d [0078.861] CoTaskMemFree (pv=0xd66600) [0078.861] GetModuleInformation (in: hProcess=0x2f0, hModule=0x76290000, lpmodinfo=0x2ae56d8, cb=0xc | out: lpmodinfo=0x2ae56d8*(lpBaseOfDll=0x76290000, SizeOfImage=0x158000, EntryPoint=0x7634a9c0)) returned 1 [0078.861] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.861] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x76290000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="gdi32full.dll") returned 0xd [0078.861] CoTaskMemFree (pv=0xd66600) [0078.861] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.861] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x76290000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\System32\\gdi32full.dll" (normalized: "c:\\windows\\system32\\gdi32full.dll")) returned 0x21 [0078.862] CoTaskMemFree (pv=0xd66600) [0078.862] GetModuleInformation (in: hProcess=0x2f0, hModule=0x77b30000, lpmodinfo=0x2ae77ec, cb=0xc | out: lpmodinfo=0x2ae77ec*(lpBaseOfDll=0x77b30000, SizeOfImage=0x79000, EntryPoint=0x77b44180)) returned 1 [0078.862] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.862] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x77b30000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="msvcp_win.dll") returned 0xd [0078.862] CoTaskMemFree (pv=0xd66600) [0078.862] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.862] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x77b30000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\System32\\msvcp_win.dll" (normalized: "c:\\windows\\system32\\msvcp_win.dll")) returned 0x21 [0078.862] CoTaskMemFree (pv=0xd66600) [0078.862] GetModuleInformation (in: hProcess=0x2f0, hModule=0x74b70000, lpmodinfo=0x2ae9900, cb=0xc | out: lpmodinfo=0x2ae9900*(lpBaseOfDll=0x74b70000, SizeOfImage=0x13c000, EntryPoint=0x74b9b3d0)) returned 1 [0078.862] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.862] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x74b70000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="USER32.dll") returned 0xa [0078.862] CoTaskMemFree (pv=0xd66600) [0078.863] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.863] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x74b70000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\System32\\USER32.dll" (normalized: "c:\\windows\\system32\\user32.dll")) returned 0x1e [0078.863] CoTaskMemFree (pv=0xd66600) [0078.863] GetModuleInformation (in: hProcess=0x2f0, hModule=0x74ac0000, lpmodinfo=0x2aeba0c, cb=0xc | out: lpmodinfo=0x2aeba0c*(lpBaseOfDll=0x74ac0000, SizeOfImage=0x16000, EntryPoint=0x0)) returned 1 [0078.863] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.863] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x74ac0000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="win32u.dll") returned 0xa [0078.863] CoTaskMemFree (pv=0xd66600) [0078.863] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.863] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x74ac0000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\System32\\win32u.dll" (normalized: "c:\\windows\\system32\\win32u.dll")) returned 0x1e [0078.863] CoTaskMemFree (pv=0xd66600) [0078.863] GetModuleInformation (in: hProcess=0x2f0, hModule=0x74e20000, lpmodinfo=0x2aedb18, cb=0xc | out: lpmodinfo=0x2aedb18*(lpBaseOfDll=0x74e20000, SizeOfImage=0x25000, EntryPoint=0x74e247d0)) returned 1 [0078.863] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.863] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x74e20000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="IMM32.DLL") returned 0x9 [0078.864] CoTaskMemFree (pv=0xd66600) [0078.864] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.864] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x74e20000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\System32\\IMM32.DLL" (normalized: "c:\\windows\\system32\\imm32.dll")) returned 0x1d [0078.864] CoTaskMemFree (pv=0xd66600) [0078.864] GetModuleInformation (in: hProcess=0x2f0, hModule=0x75ba0000, lpmodinfo=0x2aefc1c, cb=0xc | out: lpmodinfo=0x2aefc1c*(lpBaseOfDll=0x75ba0000, SizeOfImage=0xe000, EntryPoint=0x75ba3e30)) returned 1 [0078.864] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.864] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x75ba0000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="kernel.appcore.dll") returned 0x12 [0078.864] CoTaskMemFree (pv=0xd66600) [0078.864] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.864] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x75ba0000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll")) returned 0x26 [0078.864] CoTaskMemFree (pv=0xd66600) [0078.864] GetModuleInformation (in: hProcess=0x2f0, hModule=0x74140000, lpmodinfo=0x2af1d48, cb=0xc | out: lpmodinfo=0x2af1d48*(lpBaseOfDll=0x74140000, SizeOfImage=0x8000, EntryPoint=0x741417c0)) returned 1 [0078.866] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.866] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x74140000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="VERSION.dll") returned 0xb [0078.866] CoTaskMemFree (pv=0xd66600) [0078.866] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.866] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x74140000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\SYSTEM32\\VERSION.dll" (normalized: "c:\\windows\\system32\\version.dll")) returned 0x1f [0078.866] CoTaskMemFree (pv=0xd66600) [0078.866] GetModuleInformation (in: hProcess=0x2f0, hModule=0x713d0000, lpmodinfo=0x2af3e54, cb=0xc | out: lpmodinfo=0x2af3e54*(lpBaseOfDll=0x713d0000, SizeOfImage=0x6e6000, EntryPoint=0x713e83d0)) returned 1 [0078.867] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.867] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x713d0000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="clr.dll") returned 0x7 [0078.867] CoTaskMemFree (pv=0xd66600) [0078.867] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.867] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x713d0000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clr.dll")) returned 0x35 [0078.867] CoTaskMemFree (pv=0xd66600) [0078.867] GetModuleInformation (in: hProcess=0x2f0, hModule=0x732a0000, lpmodinfo=0x2af5f84, cb=0xc | out: lpmodinfo=0x2af5f84*(lpBaseOfDll=0x732a0000, SizeOfImage=0xf5000, EntryPoint=0x732f4180)) returned 1 [0078.867] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.867] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x732a0000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="MSVCR120_CLR0400.dll") returned 0x14 [0078.867] CoTaskMemFree (pv=0xd66600) [0078.867] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.867] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x732a0000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\SYSTEM32\\MSVCR120_CLR0400.dll" (normalized: "c:\\windows\\system32\\msvcr120_clr0400.dll")) returned 0x28 [0078.868] CoTaskMemFree (pv=0xd66600) [0078.868] GetModuleInformation (in: hProcess=0x2f0, hModule=0x70040000, lpmodinfo=0x2af80b8, cb=0xc | out: lpmodinfo=0x2af80b8*(lpBaseOfDll=0x70040000, SizeOfImage=0x138d000, EntryPoint=0x0)) returned 1 [0078.868] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.868] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x70040000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="mscorlib.ni.dll") returned 0xf [0078.868] CoTaskMemFree (pv=0xd66600) [0078.868] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.868] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x70040000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\assembly\\NativeImages_v4.0.30319_32\\mscorlib\\f12799647dc4f4abd2f0f17790337f04\\mscorlib.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\mscorlib\\f12799647dc4f4abd2f0f17790337f04\\mscorlib.ni.dll")) returned 0x68 [0078.868] CoTaskMemFree (pv=0xd66600) [0078.868] GetModuleInformation (in: hProcess=0x2f0, hModule=0x77920000, lpmodinfo=0x2afa260, cb=0xc | out: lpmodinfo=0x2afa260*(lpBaseOfDll=0x77920000, SizeOfImage=0xf3000, EntryPoint=0x7795a100)) returned 1 [0078.868] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.868] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x77920000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="ole32.dll") returned 0x9 [0078.868] CoTaskMemFree (pv=0xd66600) [0078.868] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.868] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x77920000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll")) returned 0x1d [0078.869] CoTaskMemFree (pv=0xd66600) [0078.869] GetModuleInformation (in: hProcess=0x2f0, hModule=0x74550000, lpmodinfo=0x2afc364, cb=0xc | out: lpmodinfo=0x2afc364*(lpBaseOfDll=0x74550000, SizeOfImage=0x78000, EntryPoint=0x745885b0)) returned 1 [0078.869] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.869] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x74550000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="uxtheme.dll") returned 0xb [0078.869] CoTaskMemFree (pv=0xd66600) [0078.869] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.869] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x74550000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\system32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll")) returned 0x1f [0078.869] CoTaskMemFree (pv=0xd66600) [0078.869] GetModuleInformation (in: hProcess=0x2f0, hModule=0x73220000, lpmodinfo=0x2afe470, cb=0xc | out: lpmodinfo=0x2afe470*(lpBaseOfDll=0x73220000, SizeOfImage=0x80000, EntryPoint=0x73221180)) returned 1 [0078.869] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.869] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x73220000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="clrjit.dll") returned 0xa [0078.869] CoTaskMemFree (pv=0xd66600) [0078.869] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.869] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x73220000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clrjit.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clrjit.dll")) returned 0x38 [0078.870] CoTaskMemFree (pv=0xd66600) [0078.870] GetModuleInformation (in: hProcess=0x2f0, hModule=0x75bb0000, lpmodinfo=0x2b005b0, cb=0xc | out: lpmodinfo=0x2b005b0*(lpBaseOfDll=0x75bb0000, SizeOfImage=0x96000, EntryPoint=0x75be8f60)) returned 1 [0078.870] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.870] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x75bb0000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="OLEAUT32.dll") returned 0xc [0078.870] CoTaskMemFree (pv=0xd66600) [0078.870] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.870] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x75bb0000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\System32\\OLEAUT32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")) returned 0x20 [0078.871] CoTaskMemFree (pv=0xd66600) [0078.871] GetModuleInformation (in: hProcess=0x2f0, hModule=0x6f660000, lpmodinfo=0x2b026c4, cb=0xc | out: lpmodinfo=0x2b026c4*(lpBaseOfDll=0x6f660000, SizeOfImage=0x9df000, EntryPoint=0x0)) returned 1 [0078.871] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.871] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x6f660000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="System.ni.dll") returned 0xd [0078.871] CoTaskMemFree (pv=0xd66600) [0078.871] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.871] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x6f660000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\assembly\\NativeImages_v4.0.30319_32\\System\\fcfb8bac8ea9a0e69d72c350b22f8e3f\\System.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system\\fcfb8bac8ea9a0e69d72c350b22f8e3f\\system.ni.dll")) returned 0x64 [0078.871] CoTaskMemFree (pv=0xd66600) [0078.871] GetModuleInformation (in: hProcess=0x2f0, hModule=0x6ef00000, lpmodinfo=0x2b0496c, cb=0xc | out: lpmodinfo=0x2b0496c*(lpBaseOfDll=0x6ef00000, SizeOfImage=0x756000, EntryPoint=0x0)) returned 1 [0078.871] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.871] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x6ef00000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="System.Core.ni.dll") returned 0x12 [0078.872] CoTaskMemFree (pv=0xd66600) [0078.872] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.872] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x6ef00000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\assembly\\NativeImages_v4.0.30319_32\\System.Core\\7334607a1c01834b6f09c482bd20ff7e\\System.Core.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.core\\7334607a1c01834b6f09c482bd20ff7e\\system.core.ni.dll")) returned 0x6e [0078.872] CoTaskMemFree (pv=0xd66600) [0078.872] GetModuleInformation (in: hProcess=0x2f0, hModule=0x73200000, lpmodinfo=0x2b06b28, cb=0xc | out: lpmodinfo=0x2b06b28*(lpBaseOfDll=0x73200000, SizeOfImage=0x13000, EntryPoint=0x73206c40)) returned 1 [0078.872] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.872] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x73200000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="CRYPTSP.dll") returned 0xb [0078.872] CoTaskMemFree (pv=0xd66600) [0078.872] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.872] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x73200000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\SYSTEM32\\CRYPTSP.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll")) returned 0x1f [0078.872] CoTaskMemFree (pv=0xd66600) [0078.872] GetModuleInformation (in: hProcess=0x2f0, hModule=0x74100000, lpmodinfo=0x2b08c34, cb=0xc | out: lpmodinfo=0x2b08c34*(lpBaseOfDll=0x74100000, SizeOfImage=0x2f000, EntryPoint=0x7410c000)) returned 1 [0078.872] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.872] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x74100000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="rsaenh.dll") returned 0xa [0078.873] CoTaskMemFree (pv=0xd66600) [0078.873] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.873] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x74100000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\system32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")) returned 0x1e [0078.873] CoTaskMemFree (pv=0xd66600) [0078.873] GetModuleInformation (in: hProcess=0x2f0, hModule=0x740e0000, lpmodinfo=0x2b0ad40, cb=0xc | out: lpmodinfo=0x2b0ad40*(lpBaseOfDll=0x740e0000, SizeOfImage=0x18000, EntryPoint=0x740e8f30)) returned 1 [0078.873] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.873] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x740e0000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="bcrypt.dll") returned 0xa [0078.873] CoTaskMemFree (pv=0xd66600) [0078.873] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.873] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x740e0000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\SYSTEM32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll")) returned 0x1e [0078.873] CoTaskMemFree (pv=0xd66600) [0078.873] GetModuleInformation (in: hProcess=0x2f0, hModule=0x76180000, lpmodinfo=0x2b0ce4c, cb=0xc | out: lpmodinfo=0x2b0ce4c*(lpBaseOfDll=0x76180000, SizeOfImage=0x6000, EntryPoint=0x76181460)) returned 1 [0078.874] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.874] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x76180000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="psapi.dll") returned 0x9 [0078.874] CoTaskMemFree (pv=0xd66600) [0078.874] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.874] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x76180000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\System32\\psapi.dll" (normalized: "c:\\windows\\system32\\psapi.dll")) returned 0x1d [0078.874] CoTaskMemFree (pv=0xd66600) [0078.874] CloseHandle (hObject=0x2f0) returned 1 [0078.904] GetCurrentProcessId () returned 0x7f0 [0078.904] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x7f0) returned 0x2f0 [0078.904] EnumProcessModules (in: hProcess=0x2f0, lphModule=0x29638ec, cb=0x100, lpcbNeeded=0xafd6d8 | out: lphModule=0x29638ec, lpcbNeeded=0xafd6d8) returned 1 [0078.904] GetModuleInformation (in: hProcess=0x2f0, hModule=0x6b0000, lpmodinfo=0x2963a2c, cb=0xc | out: lpmodinfo=0x2963a2c*(lpBaseOfDll=0x6b0000, SizeOfImage=0xb6000, EntryPoint=0x0)) returned 1 [0078.904] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.904] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x6b0000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="fatura.exe") returned 0xa [0078.904] CoTaskMemFree (pv=0xd66600) [0078.904] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.904] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x6b0000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\fatura.exe" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\fatura.exe")) returned 0x2d [0078.904] CoTaskMemFree (pv=0xd66600) [0078.904] GetModuleInformation (in: hProcess=0x2f0, hModule=0x77bb0000, lpmodinfo=0x2965b70, cb=0xc | out: lpmodinfo=0x2965b70*(lpBaseOfDll=0x77bb0000, SizeOfImage=0x18e000, EntryPoint=0x0)) returned 1 [0078.904] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.904] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x77bb0000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0078.905] CoTaskMemFree (pv=0xd66600) [0078.905] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.905] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x77bb0000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0078.905] CoTaskMemFree (pv=0xd66600) [0078.905] GetModuleInformation (in: hProcess=0x2f0, hModule=0x71b40000, lpmodinfo=0x2967c74, cb=0xc | out: lpmodinfo=0x2967c74*(lpBaseOfDll=0x71b40000, SizeOfImage=0x55000, EntryPoint=0x71b70a30)) returned 1 [0078.905] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.905] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x71b40000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="MSCOREE.DLL") returned 0xb [0078.905] CoTaskMemFree (pv=0xd66600) [0078.905] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.905] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x71b40000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\SYSTEM32\\MSCOREE.DLL" (normalized: "c:\\windows\\system32\\mscoree.dll")) returned 0x1f [0078.905] CoTaskMemFree (pv=0xd66600) [0078.905] GetModuleInformation (in: hProcess=0x2f0, hModule=0x75e90000, lpmodinfo=0x2969d80, cb=0xc | out: lpmodinfo=0x2969d80*(lpBaseOfDll=0x75e90000, SizeOfImage=0xd0000, EntryPoint=0x75ea06a0)) returned 1 [0078.905] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.905] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x75e90000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="KERNEL32.dll") returned 0xc [0078.905] CoTaskMemFree (pv=0xd66600) [0078.905] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.905] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x75e90000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\System32\\KERNEL32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")) returned 0x20 [0078.906] CoTaskMemFree (pv=0xd66600) [0078.906] GetModuleInformation (in: hProcess=0x2f0, hModule=0x74ea0000, lpmodinfo=0x296be94, cb=0xc | out: lpmodinfo=0x296be94*(lpBaseOfDll=0x74ea0000, SizeOfImage=0x1c2000, EntryPoint=0x74f8ff30)) returned 1 [0078.906] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.906] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x74ea0000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="KERNELBASE.dll") returned 0xe [0078.906] CoTaskMemFree (pv=0xd66600) [0078.906] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.906] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x74ea0000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\System32\\KERNELBASE.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")) returned 0x22 [0078.906] CoTaskMemFree (pv=0xd66600) [0078.906] GetModuleInformation (in: hProcess=0x2f0, hModule=0x745d0000, lpmodinfo=0x296dfdc, cb=0xc | out: lpmodinfo=0x296dfdc*(lpBaseOfDll=0x745d0000, SizeOfImage=0x93000, EntryPoint=0x74604270)) returned 1 [0078.906] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.906] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x745d0000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="apphelp.dll") returned 0xb [0078.906] CoTaskMemFree (pv=0xd66600) [0078.906] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.906] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x745d0000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\SYSTEM32\\apphelp.dll" (normalized: "c:\\windows\\system32\\apphelp.dll")) returned 0x1f [0078.907] CoTaskMemFree (pv=0xd66600) [0078.907] GetModuleInformation (in: hProcess=0x2f0, hModule=0x761b0000, lpmodinfo=0x29700e8, cb=0xc | out: lpmodinfo=0x29700e8*(lpBaseOfDll=0x761b0000, SizeOfImage=0x77000, EntryPoint=0x761ce5b0)) returned 1 [0078.907] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.907] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x761b0000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="ADVAPI32.dll") returned 0xc [0078.907] CoTaskMemFree (pv=0xd66600) [0078.907] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.907] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x761b0000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\System32\\ADVAPI32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")) returned 0x20 [0078.907] CoTaskMemFree (pv=0xd66600) [0078.907] GetModuleInformation (in: hProcess=0x2f0, hModule=0x77a30000, lpmodinfo=0x29721fc, cb=0xc | out: lpmodinfo=0x29721fc*(lpBaseOfDll=0x77a30000, SizeOfImage=0xbd000, EntryPoint=0x77a655e0)) returned 1 [0078.907] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.907] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x77a30000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="msvcrt.dll") returned 0xa [0078.907] CoTaskMemFree (pv=0xd66600) [0078.907] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.907] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x77a30000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")) returned 0x1e [0078.908] CoTaskMemFree (pv=0xd66600) [0078.908] GetModuleInformation (in: hProcess=0x2f0, hModule=0x75fb0000, lpmodinfo=0x2974308, cb=0xc | out: lpmodinfo=0x2974308*(lpBaseOfDll=0x75fb0000, SizeOfImage=0x41000, EntryPoint=0x75fc3400)) returned 1 [0078.908] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.908] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x75fb0000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="sechost.dll") returned 0xb [0078.908] CoTaskMemFree (pv=0xd66600) [0078.908] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.908] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x75fb0000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")) returned 0x1f [0078.908] CoTaskMemFree (pv=0xd66600) [0078.908] GetModuleInformation (in: hProcess=0x2f0, hModule=0x74710000, lpmodinfo=0x2976460, cb=0xc | out: lpmodinfo=0x2976460*(lpBaseOfDll=0x74710000, SizeOfImage=0xc0000, EntryPoint=0x7473fb20)) returned 1 [0078.908] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.908] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x74710000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="RPCRT4.dll") returned 0xa [0078.908] CoTaskMemFree (pv=0xd66600) [0078.908] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.908] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x74710000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\System32\\RPCRT4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")) returned 0x1e [0078.908] CoTaskMemFree (pv=0xd66600) [0078.908] GetModuleInformation (in: hProcess=0x2f0, hModule=0x74680000, lpmodinfo=0x297856c, cb=0xc | out: lpmodinfo=0x297856c*(lpBaseOfDll=0x74680000, SizeOfImage=0x20000, EntryPoint=0x7468c9a0)) returned 1 [0078.908] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.909] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x74680000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="SspiCli.dll") returned 0xb [0078.909] CoTaskMemFree (pv=0xd66600) [0078.909] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.909] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x74680000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\System32\\SspiCli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll")) returned 0x1f [0078.909] CoTaskMemFree (pv=0xd66600) [0078.909] GetModuleInformation (in: hProcess=0x2f0, hModule=0x74670000, lpmodinfo=0x297a678, cb=0xc | out: lpmodinfo=0x297a678*(lpBaseOfDll=0x74670000, SizeOfImage=0xa000, EntryPoint=0x74672a00)) returned 1 [0078.909] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.909] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x74670000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="CRYPTBASE.dll") returned 0xd [0078.909] CoTaskMemFree (pv=0xd66600) [0078.909] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.909] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x74670000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\System32\\CRYPTBASE.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll")) returned 0x21 [0078.909] CoTaskMemFree (pv=0xd66600) [0078.909] GetModuleInformation (in: hProcess=0x2f0, hModule=0x74da0000, lpmodinfo=0x297c78c, cb=0xc | out: lpmodinfo=0x297c78c*(lpBaseOfDll=0x74da0000, SizeOfImage=0x57000, EntryPoint=0x74ddde40)) returned 1 [0078.909] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.909] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x74da0000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="bcryptPrimitives.dll") returned 0x14 [0078.909] CoTaskMemFree (pv=0xd66600) [0078.910] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.910] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x74da0000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\System32\\bcryptPrimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll")) returned 0x28 [0078.910] CoTaskMemFree (pv=0xd66600) [0078.910] GetModuleInformation (in: hProcess=0x2f0, hModule=0x71ac0000, lpmodinfo=0x297e8c0, cb=0xc | out: lpmodinfo=0x297e8c0*(lpBaseOfDll=0x71ac0000, SizeOfImage=0x7d000, EntryPoint=0x71ac3c80)) returned 1 [0078.910] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.910] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x71ac0000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="mscoreei.dll") returned 0xc [0078.910] CoTaskMemFree (pv=0xd66600) [0078.910] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.910] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x71ac0000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscoreei.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\mscoreei.dll")) returned 0x3a [0078.910] CoTaskMemFree (pv=0xd66600) [0078.910] GetModuleInformation (in: hProcess=0x2f0, hModule=0x75f60000, lpmodinfo=0x2980a08, cb=0xc | out: lpmodinfo=0x2980a08*(lpBaseOfDll=0x75f60000, SizeOfImage=0x45000, EntryPoint=0x75f79260)) returned 1 [0078.910] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.910] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x75f60000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="SHLWAPI.dll") returned 0xb [0078.910] CoTaskMemFree (pv=0xd66600) [0078.910] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.910] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x75f60000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\System32\\SHLWAPI.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll")) returned 0x1f [0078.911] CoTaskMemFree (pv=0xd66600) [0078.911] GetModuleInformation (in: hProcess=0x2f0, hModule=0x75c50000, lpmodinfo=0x2982b14, cb=0xc | out: lpmodinfo=0x2982b14*(lpBaseOfDll=0x75c50000, SizeOfImage=0x238000, EntryPoint=0x75d6e060)) returned 1 [0078.911] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.911] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x75c50000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="combase.dll") returned 0xb [0078.911] CoTaskMemFree (pv=0xd66600) [0078.911] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.911] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x75c50000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll")) returned 0x1f [0078.911] CoTaskMemFree (pv=0xd66600) [0078.911] GetModuleInformation (in: hProcess=0x2f0, hModule=0x76000000, lpmodinfo=0x2984c20, cb=0xc | out: lpmodinfo=0x2984c20*(lpBaseOfDll=0x76000000, SizeOfImage=0x118000, EntryPoint=0x7602a3c0)) returned 1 [0078.911] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.911] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x76000000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="ucrtbase.dll") returned 0xc [0078.913] CoTaskMemFree (pv=0xd66600) [0078.913] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.913] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x76000000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\System32\\ucrtbase.dll" (normalized: "c:\\windows\\system32\\ucrtbase.dll")) returned 0x20 [0078.913] CoTaskMemFree (pv=0xd66600) [0078.913] GetModuleInformation (in: hProcess=0x2f0, hModule=0x75b70000, lpmodinfo=0x2986dc0, cb=0xc | out: lpmodinfo=0x2986dc0*(lpBaseOfDll=0x75b70000, SizeOfImage=0x21000, EntryPoint=0x75b76900)) returned 1 [0078.913] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.913] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x75b70000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="GDI32.dll") returned 0x9 [0078.913] CoTaskMemFree (pv=0xd66600) [0078.913] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.913] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x75b70000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\System32\\GDI32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")) returned 0x1d [0078.913] CoTaskMemFree (pv=0xd66600) [0078.913] GetModuleInformation (in: hProcess=0x2f0, hModule=0x76290000, lpmodinfo=0x2988ec4, cb=0xc | out: lpmodinfo=0x2988ec4*(lpBaseOfDll=0x76290000, SizeOfImage=0x158000, EntryPoint=0x7634a9c0)) returned 1 [0078.913] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.913] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x76290000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="gdi32full.dll") returned 0xd [0078.913] CoTaskMemFree (pv=0xd66600) [0078.913] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.914] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x76290000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\System32\\gdi32full.dll" (normalized: "c:\\windows\\system32\\gdi32full.dll")) returned 0x21 [0078.914] CoTaskMemFree (pv=0xd66600) [0078.914] GetModuleInformation (in: hProcess=0x2f0, hModule=0x77b30000, lpmodinfo=0x298afd8, cb=0xc | out: lpmodinfo=0x298afd8*(lpBaseOfDll=0x77b30000, SizeOfImage=0x79000, EntryPoint=0x77b44180)) returned 1 [0078.914] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.914] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x77b30000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="msvcp_win.dll") returned 0xd [0078.914] CoTaskMemFree (pv=0xd66600) [0078.914] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.914] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x77b30000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\System32\\msvcp_win.dll" (normalized: "c:\\windows\\system32\\msvcp_win.dll")) returned 0x21 [0078.914] CoTaskMemFree (pv=0xd66600) [0078.914] GetModuleInformation (in: hProcess=0x2f0, hModule=0x74b70000, lpmodinfo=0x298d0ec, cb=0xc | out: lpmodinfo=0x298d0ec*(lpBaseOfDll=0x74b70000, SizeOfImage=0x13c000, EntryPoint=0x74b9b3d0)) returned 1 [0078.914] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.914] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x74b70000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="USER32.dll") returned 0xa [0078.914] CoTaskMemFree (pv=0xd66600) [0078.914] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.914] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x74b70000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\System32\\USER32.dll" (normalized: "c:\\windows\\system32\\user32.dll")) returned 0x1e [0078.915] CoTaskMemFree (pv=0xd66600) [0078.915] GetModuleInformation (in: hProcess=0x2f0, hModule=0x74ac0000, lpmodinfo=0x298f1f8, cb=0xc | out: lpmodinfo=0x298f1f8*(lpBaseOfDll=0x74ac0000, SizeOfImage=0x16000, EntryPoint=0x0)) returned 1 [0078.915] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.915] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x74ac0000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="win32u.dll") returned 0xa [0078.915] CoTaskMemFree (pv=0xd66600) [0078.915] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.915] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x74ac0000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\System32\\win32u.dll" (normalized: "c:\\windows\\system32\\win32u.dll")) returned 0x1e [0078.915] CoTaskMemFree (pv=0xd66600) [0078.915] GetModuleInformation (in: hProcess=0x2f0, hModule=0x74e20000, lpmodinfo=0x2991304, cb=0xc | out: lpmodinfo=0x2991304*(lpBaseOfDll=0x74e20000, SizeOfImage=0x25000, EntryPoint=0x74e247d0)) returned 1 [0078.915] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.915] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x74e20000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="IMM32.DLL") returned 0x9 [0078.915] CoTaskMemFree (pv=0xd66600) [0078.915] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.915] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x74e20000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\System32\\IMM32.DLL" (normalized: "c:\\windows\\system32\\imm32.dll")) returned 0x1d [0078.915] CoTaskMemFree (pv=0xd66600) [0078.915] GetModuleInformation (in: hProcess=0x2f0, hModule=0x75ba0000, lpmodinfo=0x2993408, cb=0xc | out: lpmodinfo=0x2993408*(lpBaseOfDll=0x75ba0000, SizeOfImage=0xe000, EntryPoint=0x75ba3e30)) returned 1 [0078.916] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.916] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x75ba0000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="kernel.appcore.dll") returned 0x12 [0078.916] CoTaskMemFree (pv=0xd66600) [0078.916] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.916] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x75ba0000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll")) returned 0x26 [0078.916] CoTaskMemFree (pv=0xd66600) [0078.916] GetModuleInformation (in: hProcess=0x2f0, hModule=0x74140000, lpmodinfo=0x2995534, cb=0xc | out: lpmodinfo=0x2995534*(lpBaseOfDll=0x74140000, SizeOfImage=0x8000, EntryPoint=0x741417c0)) returned 1 [0078.916] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.916] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x74140000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="VERSION.dll") returned 0xb [0078.917] CoTaskMemFree (pv=0xd66600) [0078.917] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.917] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x74140000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\SYSTEM32\\VERSION.dll" (normalized: "c:\\windows\\system32\\version.dll")) returned 0x1f [0078.917] CoTaskMemFree (pv=0xd66600) [0078.917] GetModuleInformation (in: hProcess=0x2f0, hModule=0x713d0000, lpmodinfo=0x2997640, cb=0xc | out: lpmodinfo=0x2997640*(lpBaseOfDll=0x713d0000, SizeOfImage=0x6e6000, EntryPoint=0x713e83d0)) returned 1 [0078.917] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.917] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x713d0000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="clr.dll") returned 0x7 [0078.917] CoTaskMemFree (pv=0xd66600) [0078.917] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.917] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x713d0000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clr.dll")) returned 0x35 [0078.918] CoTaskMemFree (pv=0xd66600) [0078.918] GetModuleInformation (in: hProcess=0x2f0, hModule=0x732a0000, lpmodinfo=0x2999770, cb=0xc | out: lpmodinfo=0x2999770*(lpBaseOfDll=0x732a0000, SizeOfImage=0xf5000, EntryPoint=0x732f4180)) returned 1 [0078.918] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.918] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x732a0000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="MSVCR120_CLR0400.dll") returned 0x14 [0078.918] CoTaskMemFree (pv=0xd66600) [0078.918] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.918] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x732a0000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\SYSTEM32\\MSVCR120_CLR0400.dll" (normalized: "c:\\windows\\system32\\msvcr120_clr0400.dll")) returned 0x28 [0078.918] CoTaskMemFree (pv=0xd66600) [0078.918] GetModuleInformation (in: hProcess=0x2f0, hModule=0x70040000, lpmodinfo=0x299b8a4, cb=0xc | out: lpmodinfo=0x299b8a4*(lpBaseOfDll=0x70040000, SizeOfImage=0x138d000, EntryPoint=0x0)) returned 1 [0078.919] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.919] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x70040000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="mscorlib.ni.dll") returned 0xf [0078.919] CoTaskMemFree (pv=0xd66600) [0078.919] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.919] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x70040000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\assembly\\NativeImages_v4.0.30319_32\\mscorlib\\f12799647dc4f4abd2f0f17790337f04\\mscorlib.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\mscorlib\\f12799647dc4f4abd2f0f17790337f04\\mscorlib.ni.dll")) returned 0x68 [0078.919] CoTaskMemFree (pv=0xd66600) [0078.919] GetModuleInformation (in: hProcess=0x2f0, hModule=0x77920000, lpmodinfo=0x299da4c, cb=0xc | out: lpmodinfo=0x299da4c*(lpBaseOfDll=0x77920000, SizeOfImage=0xf3000, EntryPoint=0x7795a100)) returned 1 [0078.919] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.919] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x77920000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="ole32.dll") returned 0x9 [0078.919] CoTaskMemFree (pv=0xd66600) [0078.919] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.920] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x77920000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll")) returned 0x1d [0078.920] CoTaskMemFree (pv=0xd66600) [0078.920] GetModuleInformation (in: hProcess=0x2f0, hModule=0x74550000, lpmodinfo=0x299fb50, cb=0xc | out: lpmodinfo=0x299fb50*(lpBaseOfDll=0x74550000, SizeOfImage=0x78000, EntryPoint=0x745885b0)) returned 1 [0078.920] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.920] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x74550000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="uxtheme.dll") returned 0xb [0078.920] CoTaskMemFree (pv=0xd66600) [0078.920] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.920] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x74550000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\system32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll")) returned 0x1f [0078.920] CoTaskMemFree (pv=0xd66600) [0078.920] GetModuleInformation (in: hProcess=0x2f0, hModule=0x73220000, lpmodinfo=0x29a1c5c, cb=0xc | out: lpmodinfo=0x29a1c5c*(lpBaseOfDll=0x73220000, SizeOfImage=0x80000, EntryPoint=0x73221180)) returned 1 [0078.920] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.920] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x73220000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="clrjit.dll") returned 0xa [0078.920] CoTaskMemFree (pv=0xd66600) [0078.920] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.920] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x73220000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clrjit.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clrjit.dll")) returned 0x38 [0078.921] CoTaskMemFree (pv=0xd66600) [0078.921] GetModuleInformation (in: hProcess=0x2f0, hModule=0x75bb0000, lpmodinfo=0x29a3d9c, cb=0xc | out: lpmodinfo=0x29a3d9c*(lpBaseOfDll=0x75bb0000, SizeOfImage=0x96000, EntryPoint=0x75be8f60)) returned 1 [0078.921] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.921] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x75bb0000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="OLEAUT32.dll") returned 0xc [0078.921] CoTaskMemFree (pv=0xd66600) [0078.921] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.921] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x75bb0000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\System32\\OLEAUT32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")) returned 0x20 [0078.921] CoTaskMemFree (pv=0xd66600) [0078.921] GetModuleInformation (in: hProcess=0x2f0, hModule=0x6f660000, lpmodinfo=0x29a5eb0, cb=0xc | out: lpmodinfo=0x29a5eb0*(lpBaseOfDll=0x6f660000, SizeOfImage=0x9df000, EntryPoint=0x0)) returned 1 [0078.921] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.921] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x6f660000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="System.ni.dll") returned 0xd [0078.921] CoTaskMemFree (pv=0xd66600) [0078.921] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.921] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x6f660000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\assembly\\NativeImages_v4.0.30319_32\\System\\fcfb8bac8ea9a0e69d72c350b22f8e3f\\System.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system\\fcfb8bac8ea9a0e69d72c350b22f8e3f\\system.ni.dll")) returned 0x64 [0078.921] CoTaskMemFree (pv=0xd66600) [0078.922] GetModuleInformation (in: hProcess=0x2f0, hModule=0x6ef00000, lpmodinfo=0x29a8158, cb=0xc | out: lpmodinfo=0x29a8158*(lpBaseOfDll=0x6ef00000, SizeOfImage=0x756000, EntryPoint=0x0)) returned 1 [0078.922] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.922] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x6ef00000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="System.Core.ni.dll") returned 0x12 [0078.922] CoTaskMemFree (pv=0xd66600) [0078.922] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.922] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x6ef00000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\assembly\\NativeImages_v4.0.30319_32\\System.Core\\7334607a1c01834b6f09c482bd20ff7e\\System.Core.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.core\\7334607a1c01834b6f09c482bd20ff7e\\system.core.ni.dll")) returned 0x6e [0078.922] CoTaskMemFree (pv=0xd66600) [0078.922] GetModuleInformation (in: hProcess=0x2f0, hModule=0x73200000, lpmodinfo=0x29aa314, cb=0xc | out: lpmodinfo=0x29aa314*(lpBaseOfDll=0x73200000, SizeOfImage=0x13000, EntryPoint=0x73206c40)) returned 1 [0078.922] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.922] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x73200000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="CRYPTSP.dll") returned 0xb [0078.922] CoTaskMemFree (pv=0xd66600) [0078.922] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.922] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x73200000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\SYSTEM32\\CRYPTSP.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll")) returned 0x1f [0078.922] CoTaskMemFree (pv=0xd66600) [0078.922] GetModuleInformation (in: hProcess=0x2f0, hModule=0x74100000, lpmodinfo=0x29ac420, cb=0xc | out: lpmodinfo=0x29ac420*(lpBaseOfDll=0x74100000, SizeOfImage=0x2f000, EntryPoint=0x7410c000)) returned 1 [0078.923] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.923] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x74100000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="rsaenh.dll") returned 0xa [0078.923] CoTaskMemFree (pv=0xd66600) [0078.923] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.923] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x74100000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\system32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")) returned 0x1e [0078.923] CoTaskMemFree (pv=0xd66600) [0078.923] GetModuleInformation (in: hProcess=0x2f0, hModule=0x740e0000, lpmodinfo=0x29ae52c, cb=0xc | out: lpmodinfo=0x29ae52c*(lpBaseOfDll=0x740e0000, SizeOfImage=0x18000, EntryPoint=0x740e8f30)) returned 1 [0078.923] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.923] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x740e0000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="bcrypt.dll") returned 0xa [0078.923] CoTaskMemFree (pv=0xd66600) [0078.923] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.923] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x740e0000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\SYSTEM32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll")) returned 0x1e [0078.923] CoTaskMemFree (pv=0xd66600) [0078.923] GetModuleInformation (in: hProcess=0x2f0, hModule=0x76180000, lpmodinfo=0x29b0638, cb=0xc | out: lpmodinfo=0x29b0638*(lpBaseOfDll=0x76180000, SizeOfImage=0x6000, EntryPoint=0x76181460)) returned 1 [0078.923] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.923] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x76180000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="psapi.dll") returned 0x9 [0078.924] CoTaskMemFree (pv=0xd66600) [0078.924] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.924] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x76180000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\System32\\psapi.dll" (normalized: "c:\\windows\\system32\\psapi.dll")) returned 0x1d [0078.924] CoTaskMemFree (pv=0xd66600) [0078.924] CloseHandle (hObject=0x2f0) returned 1 [0078.941] GetCurrentProcessId () returned 0x7f0 [0078.941] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x7f0) returned 0x2f0 [0078.941] EnumProcessModules (in: hProcess=0x2f0, lphModule=0x2ab6c3c, cb=0x100, lpcbNeeded=0xafd6d8 | out: lphModule=0x2ab6c3c, lpcbNeeded=0xafd6d8) returned 1 [0078.941] GetModuleInformation (in: hProcess=0x2f0, hModule=0x6b0000, lpmodinfo=0x2ab6d7c, cb=0xc | out: lpmodinfo=0x2ab6d7c*(lpBaseOfDll=0x6b0000, SizeOfImage=0xb6000, EntryPoint=0x0)) returned 1 [0078.941] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.941] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x6b0000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="fatura.exe") returned 0xa [0078.941] CoTaskMemFree (pv=0xd66600) [0078.941] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.941] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x6b0000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\fatura.exe" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\fatura.exe")) returned 0x2d [0078.941] CoTaskMemFree (pv=0xd66600) [0078.941] GetModuleInformation (in: hProcess=0x2f0, hModule=0x77bb0000, lpmodinfo=0x2ab8ec0, cb=0xc | out: lpmodinfo=0x2ab8ec0*(lpBaseOfDll=0x77bb0000, SizeOfImage=0x18e000, EntryPoint=0x0)) returned 1 [0078.942] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.942] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x77bb0000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0078.942] CoTaskMemFree (pv=0xd66600) [0078.942] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.942] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x77bb0000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0078.942] CoTaskMemFree (pv=0xd66600) [0078.942] GetModuleInformation (in: hProcess=0x2f0, hModule=0x71b40000, lpmodinfo=0x2abafc4, cb=0xc | out: lpmodinfo=0x2abafc4*(lpBaseOfDll=0x71b40000, SizeOfImage=0x55000, EntryPoint=0x71b70a30)) returned 1 [0078.942] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.942] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x71b40000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="MSCOREE.DLL") returned 0xb [0078.942] CoTaskMemFree (pv=0xd66600) [0078.942] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.942] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x71b40000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\SYSTEM32\\MSCOREE.DLL" (normalized: "c:\\windows\\system32\\mscoree.dll")) returned 0x1f [0078.942] CoTaskMemFree (pv=0xd66600) [0078.942] GetModuleInformation (in: hProcess=0x2f0, hModule=0x75e90000, lpmodinfo=0x2abd0d0, cb=0xc | out: lpmodinfo=0x2abd0d0*(lpBaseOfDll=0x75e90000, SizeOfImage=0xd0000, EntryPoint=0x75ea06a0)) returned 1 [0078.942] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.942] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x75e90000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="KERNEL32.dll") returned 0xc [0078.943] CoTaskMemFree (pv=0xd66600) [0078.943] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.943] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x75e90000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\System32\\KERNEL32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")) returned 0x20 [0078.943] CoTaskMemFree (pv=0xd66600) [0078.943] GetModuleInformation (in: hProcess=0x2f0, hModule=0x74ea0000, lpmodinfo=0x2abf1e4, cb=0xc | out: lpmodinfo=0x2abf1e4*(lpBaseOfDll=0x74ea0000, SizeOfImage=0x1c2000, EntryPoint=0x74f8ff30)) returned 1 [0078.943] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.943] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x74ea0000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="KERNELBASE.dll") returned 0xe [0078.943] CoTaskMemFree (pv=0xd66600) [0078.943] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.943] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x74ea0000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\System32\\KERNELBASE.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")) returned 0x22 [0078.943] CoTaskMemFree (pv=0xd66600) [0078.943] GetModuleInformation (in: hProcess=0x2f0, hModule=0x745d0000, lpmodinfo=0x2ac132c, cb=0xc | out: lpmodinfo=0x2ac132c*(lpBaseOfDll=0x745d0000, SizeOfImage=0x93000, EntryPoint=0x74604270)) returned 1 [0078.944] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.944] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x745d0000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="apphelp.dll") returned 0xb [0078.944] CoTaskMemFree (pv=0xd66600) [0078.944] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.944] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x745d0000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\SYSTEM32\\apphelp.dll" (normalized: "c:\\windows\\system32\\apphelp.dll")) returned 0x1f [0078.944] CoTaskMemFree (pv=0xd66600) [0078.944] GetModuleInformation (in: hProcess=0x2f0, hModule=0x761b0000, lpmodinfo=0x2ac3438, cb=0xc | out: lpmodinfo=0x2ac3438*(lpBaseOfDll=0x761b0000, SizeOfImage=0x77000, EntryPoint=0x761ce5b0)) returned 1 [0078.944] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.944] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x761b0000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="ADVAPI32.dll") returned 0xc [0078.944] CoTaskMemFree (pv=0xd66600) [0078.944] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.944] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x761b0000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\System32\\ADVAPI32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")) returned 0x20 [0078.944] CoTaskMemFree (pv=0xd66600) [0078.944] GetModuleInformation (in: hProcess=0x2f0, hModule=0x77a30000, lpmodinfo=0x2ac554c, cb=0xc | out: lpmodinfo=0x2ac554c*(lpBaseOfDll=0x77a30000, SizeOfImage=0xbd000, EntryPoint=0x77a655e0)) returned 1 [0078.944] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.944] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x77a30000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="msvcrt.dll") returned 0xa [0078.945] CoTaskMemFree (pv=0xd66600) [0078.945] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.945] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x77a30000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")) returned 0x1e [0078.945] CoTaskMemFree (pv=0xd66600) [0078.945] GetModuleInformation (in: hProcess=0x2f0, hModule=0x75fb0000, lpmodinfo=0x2ac7658, cb=0xc | out: lpmodinfo=0x2ac7658*(lpBaseOfDll=0x75fb0000, SizeOfImage=0x41000, EntryPoint=0x75fc3400)) returned 1 [0078.945] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.945] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x75fb0000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="sechost.dll") returned 0xb [0078.945] CoTaskMemFree (pv=0xd66600) [0078.945] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.945] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x75fb0000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")) returned 0x1f [0078.945] CoTaskMemFree (pv=0xd66600) [0078.945] GetModuleInformation (in: hProcess=0x2f0, hModule=0x74710000, lpmodinfo=0x2ac97b0, cb=0xc | out: lpmodinfo=0x2ac97b0*(lpBaseOfDll=0x74710000, SizeOfImage=0xc0000, EntryPoint=0x7473fb20)) returned 1 [0078.945] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.945] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x74710000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="RPCRT4.dll") returned 0xa [0078.946] CoTaskMemFree (pv=0xd66600) [0078.946] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.946] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x74710000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\System32\\RPCRT4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")) returned 0x1e [0078.946] CoTaskMemFree (pv=0xd66600) [0078.946] GetModuleInformation (in: hProcess=0x2f0, hModule=0x74680000, lpmodinfo=0x2acb8bc, cb=0xc | out: lpmodinfo=0x2acb8bc*(lpBaseOfDll=0x74680000, SizeOfImage=0x20000, EntryPoint=0x7468c9a0)) returned 1 [0078.946] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.946] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x74680000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="SspiCli.dll") returned 0xb [0078.946] CoTaskMemFree (pv=0xd66600) [0078.946] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.946] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x74680000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\System32\\SspiCli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll")) returned 0x1f [0078.946] CoTaskMemFree (pv=0xd66600) [0078.946] GetModuleInformation (in: hProcess=0x2f0, hModule=0x74670000, lpmodinfo=0x2acd9c8, cb=0xc | out: lpmodinfo=0x2acd9c8*(lpBaseOfDll=0x74670000, SizeOfImage=0xa000, EntryPoint=0x74672a00)) returned 1 [0078.946] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.947] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x74670000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="CRYPTBASE.dll") returned 0xd [0078.947] CoTaskMemFree (pv=0xd66600) [0078.947] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.947] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x74670000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\System32\\CRYPTBASE.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll")) returned 0x21 [0078.947] CoTaskMemFree (pv=0xd66600) [0078.947] GetModuleInformation (in: hProcess=0x2f0, hModule=0x74da0000, lpmodinfo=0x2acfadc, cb=0xc | out: lpmodinfo=0x2acfadc*(lpBaseOfDll=0x74da0000, SizeOfImage=0x57000, EntryPoint=0x74ddde40)) returned 1 [0078.947] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.947] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x74da0000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="bcryptPrimitives.dll") returned 0x14 [0078.947] CoTaskMemFree (pv=0xd66600) [0078.947] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.947] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x74da0000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\System32\\bcryptPrimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll")) returned 0x28 [0078.948] CoTaskMemFree (pv=0xd66600) [0078.948] GetModuleInformation (in: hProcess=0x2f0, hModule=0x71ac0000, lpmodinfo=0x2ad1c10, cb=0xc | out: lpmodinfo=0x2ad1c10*(lpBaseOfDll=0x71ac0000, SizeOfImage=0x7d000, EntryPoint=0x71ac3c80)) returned 1 [0078.948] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.948] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x71ac0000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="mscoreei.dll") returned 0xc [0078.948] CoTaskMemFree (pv=0xd66600) [0078.948] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.948] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x71ac0000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscoreei.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\mscoreei.dll")) returned 0x3a [0078.948] CoTaskMemFree (pv=0xd66600) [0078.948] GetModuleInformation (in: hProcess=0x2f0, hModule=0x75f60000, lpmodinfo=0x2ad3d58, cb=0xc | out: lpmodinfo=0x2ad3d58*(lpBaseOfDll=0x75f60000, SizeOfImage=0x45000, EntryPoint=0x75f79260)) returned 1 [0078.948] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.948] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x75f60000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="SHLWAPI.dll") returned 0xb [0078.948] CoTaskMemFree (pv=0xd66600) [0078.948] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.949] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x75f60000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\System32\\SHLWAPI.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll")) returned 0x1f [0078.949] CoTaskMemFree (pv=0xd66600) [0078.949] GetModuleInformation (in: hProcess=0x2f0, hModule=0x75c50000, lpmodinfo=0x2ad5e64, cb=0xc | out: lpmodinfo=0x2ad5e64*(lpBaseOfDll=0x75c50000, SizeOfImage=0x238000, EntryPoint=0x75d6e060)) returned 1 [0078.949] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.949] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x75c50000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="combase.dll") returned 0xb [0078.949] CoTaskMemFree (pv=0xd66600) [0078.949] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.949] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x75c50000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll")) returned 0x1f [0078.949] CoTaskMemFree (pv=0xd66600) [0078.949] GetModuleInformation (in: hProcess=0x2f0, hModule=0x76000000, lpmodinfo=0x2ad7f70, cb=0xc | out: lpmodinfo=0x2ad7f70*(lpBaseOfDll=0x76000000, SizeOfImage=0x118000, EntryPoint=0x7602a3c0)) returned 1 [0078.949] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.949] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x76000000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="ucrtbase.dll") returned 0xc [0078.950] CoTaskMemFree (pv=0xd66600) [0078.950] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.950] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x76000000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\System32\\ucrtbase.dll" (normalized: "c:\\windows\\system32\\ucrtbase.dll")) returned 0x20 [0078.950] CoTaskMemFree (pv=0xd66600) [0078.950] GetModuleInformation (in: hProcess=0x2f0, hModule=0x75b70000, lpmodinfo=0x2ada110, cb=0xc | out: lpmodinfo=0x2ada110*(lpBaseOfDll=0x75b70000, SizeOfImage=0x21000, EntryPoint=0x75b76900)) returned 1 [0078.950] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.950] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x75b70000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="GDI32.dll") returned 0x9 [0078.950] CoTaskMemFree (pv=0xd66600) [0078.950] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.950] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x75b70000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\System32\\GDI32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")) returned 0x1d [0078.950] CoTaskMemFree (pv=0xd66600) [0078.950] GetModuleInformation (in: hProcess=0x2f0, hModule=0x76290000, lpmodinfo=0x2adc214, cb=0xc | out: lpmodinfo=0x2adc214*(lpBaseOfDll=0x76290000, SizeOfImage=0x158000, EntryPoint=0x7634a9c0)) returned 1 [0078.950] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.950] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x76290000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="gdi32full.dll") returned 0xd [0078.950] CoTaskMemFree (pv=0xd66600) [0078.951] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.951] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x76290000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\System32\\gdi32full.dll" (normalized: "c:\\windows\\system32\\gdi32full.dll")) returned 0x21 [0078.951] CoTaskMemFree (pv=0xd66600) [0078.951] GetModuleInformation (in: hProcess=0x2f0, hModule=0x77b30000, lpmodinfo=0x2ade328, cb=0xc | out: lpmodinfo=0x2ade328*(lpBaseOfDll=0x77b30000, SizeOfImage=0x79000, EntryPoint=0x77b44180)) returned 1 [0078.951] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.951] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x77b30000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="msvcp_win.dll") returned 0xd [0078.951] CoTaskMemFree (pv=0xd66600) [0078.951] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.951] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x77b30000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\System32\\msvcp_win.dll" (normalized: "c:\\windows\\system32\\msvcp_win.dll")) returned 0x21 [0078.951] CoTaskMemFree (pv=0xd66600) [0078.951] GetModuleInformation (in: hProcess=0x2f0, hModule=0x74b70000, lpmodinfo=0x2ae043c, cb=0xc | out: lpmodinfo=0x2ae043c*(lpBaseOfDll=0x74b70000, SizeOfImage=0x13c000, EntryPoint=0x74b9b3d0)) returned 1 [0078.951] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.951] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x74b70000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="USER32.dll") returned 0xa [0078.951] CoTaskMemFree (pv=0xd66600) [0078.951] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.951] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x74b70000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\System32\\USER32.dll" (normalized: "c:\\windows\\system32\\user32.dll")) returned 0x1e [0078.952] CoTaskMemFree (pv=0xd66600) [0078.952] GetModuleInformation (in: hProcess=0x2f0, hModule=0x74ac0000, lpmodinfo=0x2ae2548, cb=0xc | out: lpmodinfo=0x2ae2548*(lpBaseOfDll=0x74ac0000, SizeOfImage=0x16000, EntryPoint=0x0)) returned 1 [0078.952] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.952] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x74ac0000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="win32u.dll") returned 0xa [0078.952] CoTaskMemFree (pv=0xd66600) [0078.952] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.952] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x74ac0000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\System32\\win32u.dll" (normalized: "c:\\windows\\system32\\win32u.dll")) returned 0x1e [0078.952] CoTaskMemFree (pv=0xd66600) [0078.952] GetModuleInformation (in: hProcess=0x2f0, hModule=0x74e20000, lpmodinfo=0x2ae4654, cb=0xc | out: lpmodinfo=0x2ae4654*(lpBaseOfDll=0x74e20000, SizeOfImage=0x25000, EntryPoint=0x74e247d0)) returned 1 [0078.952] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.952] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x74e20000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="IMM32.DLL") returned 0x9 [0078.953] CoTaskMemFree (pv=0xd66600) [0078.953] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.953] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x74e20000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\System32\\IMM32.DLL" (normalized: "c:\\windows\\system32\\imm32.dll")) returned 0x1d [0078.953] CoTaskMemFree (pv=0xd66600) [0078.953] GetModuleInformation (in: hProcess=0x2f0, hModule=0x75ba0000, lpmodinfo=0x2ae6758, cb=0xc | out: lpmodinfo=0x2ae6758*(lpBaseOfDll=0x75ba0000, SizeOfImage=0xe000, EntryPoint=0x75ba3e30)) returned 1 [0078.953] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.953] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x75ba0000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="kernel.appcore.dll") returned 0x12 [0078.953] CoTaskMemFree (pv=0xd66600) [0078.953] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.953] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x75ba0000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll")) returned 0x26 [0078.953] CoTaskMemFree (pv=0xd66600) [0078.953] GetModuleInformation (in: hProcess=0x2f0, hModule=0x74140000, lpmodinfo=0x2ae8884, cb=0xc | out: lpmodinfo=0x2ae8884*(lpBaseOfDll=0x74140000, SizeOfImage=0x8000, EntryPoint=0x741417c0)) returned 1 [0078.953] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.953] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x74140000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="VERSION.dll") returned 0xb [0078.954] CoTaskMemFree (pv=0xd66600) [0078.954] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.954] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x74140000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\SYSTEM32\\VERSION.dll" (normalized: "c:\\windows\\system32\\version.dll")) returned 0x1f [0078.954] CoTaskMemFree (pv=0xd66600) [0078.954] GetModuleInformation (in: hProcess=0x2f0, hModule=0x713d0000, lpmodinfo=0x2aea990, cb=0xc | out: lpmodinfo=0x2aea990*(lpBaseOfDll=0x713d0000, SizeOfImage=0x6e6000, EntryPoint=0x713e83d0)) returned 1 [0078.954] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.954] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x713d0000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="clr.dll") returned 0x7 [0078.954] CoTaskMemFree (pv=0xd66600) [0078.954] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.954] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x713d0000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clr.dll")) returned 0x35 [0078.954] CoTaskMemFree (pv=0xd66600) [0078.954] GetModuleInformation (in: hProcess=0x2f0, hModule=0x732a0000, lpmodinfo=0x2aecac0, cb=0xc | out: lpmodinfo=0x2aecac0*(lpBaseOfDll=0x732a0000, SizeOfImage=0xf5000, EntryPoint=0x732f4180)) returned 1 [0078.954] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.954] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x732a0000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="MSVCR120_CLR0400.dll") returned 0x14 [0078.954] CoTaskMemFree (pv=0xd66600) [0078.954] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.954] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x732a0000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\SYSTEM32\\MSVCR120_CLR0400.dll" (normalized: "c:\\windows\\system32\\msvcr120_clr0400.dll")) returned 0x28 [0078.955] CoTaskMemFree (pv=0xd66600) [0078.955] GetModuleInformation (in: hProcess=0x2f0, hModule=0x70040000, lpmodinfo=0x2aeebf4, cb=0xc | out: lpmodinfo=0x2aeebf4*(lpBaseOfDll=0x70040000, SizeOfImage=0x138d000, EntryPoint=0x0)) returned 1 [0078.955] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.955] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x70040000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="mscorlib.ni.dll") returned 0xf [0078.955] CoTaskMemFree (pv=0xd66600) [0078.955] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.955] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x70040000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\assembly\\NativeImages_v4.0.30319_32\\mscorlib\\f12799647dc4f4abd2f0f17790337f04\\mscorlib.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\mscorlib\\f12799647dc4f4abd2f0f17790337f04\\mscorlib.ni.dll")) returned 0x68 [0078.955] CoTaskMemFree (pv=0xd66600) [0078.955] GetModuleInformation (in: hProcess=0x2f0, hModule=0x77920000, lpmodinfo=0x2af0d9c, cb=0xc | out: lpmodinfo=0x2af0d9c*(lpBaseOfDll=0x77920000, SizeOfImage=0xf3000, EntryPoint=0x7795a100)) returned 1 [0078.955] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.955] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x77920000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="ole32.dll") returned 0x9 [0078.955] CoTaskMemFree (pv=0xd66600) [0078.955] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.955] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x77920000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll")) returned 0x1d [0078.956] CoTaskMemFree (pv=0xd66600) [0078.956] GetModuleInformation (in: hProcess=0x2f0, hModule=0x74550000, lpmodinfo=0x2af2ea0, cb=0xc | out: lpmodinfo=0x2af2ea0*(lpBaseOfDll=0x74550000, SizeOfImage=0x78000, EntryPoint=0x745885b0)) returned 1 [0078.956] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.956] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x74550000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="uxtheme.dll") returned 0xb [0078.956] CoTaskMemFree (pv=0xd66600) [0078.956] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.956] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x74550000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\system32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll")) returned 0x1f [0078.956] CoTaskMemFree (pv=0xd66600) [0078.956] GetModuleInformation (in: hProcess=0x2f0, hModule=0x73220000, lpmodinfo=0x2af4fac, cb=0xc | out: lpmodinfo=0x2af4fac*(lpBaseOfDll=0x73220000, SizeOfImage=0x80000, EntryPoint=0x73221180)) returned 1 [0078.956] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.956] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x73220000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="clrjit.dll") returned 0xa [0078.956] CoTaskMemFree (pv=0xd66600) [0078.956] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.956] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x73220000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clrjit.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clrjit.dll")) returned 0x38 [0078.956] CoTaskMemFree (pv=0xd66600) [0078.956] GetModuleInformation (in: hProcess=0x2f0, hModule=0x75bb0000, lpmodinfo=0x2af70ec, cb=0xc | out: lpmodinfo=0x2af70ec*(lpBaseOfDll=0x75bb0000, SizeOfImage=0x96000, EntryPoint=0x75be8f60)) returned 1 [0078.957] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.957] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x75bb0000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="OLEAUT32.dll") returned 0xc [0078.957] CoTaskMemFree (pv=0xd66600) [0078.957] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.957] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x75bb0000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\System32\\OLEAUT32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")) returned 0x20 [0078.957] CoTaskMemFree (pv=0xd66600) [0078.957] GetModuleInformation (in: hProcess=0x2f0, hModule=0x6f660000, lpmodinfo=0x2af9200, cb=0xc | out: lpmodinfo=0x2af9200*(lpBaseOfDll=0x6f660000, SizeOfImage=0x9df000, EntryPoint=0x0)) returned 1 [0078.957] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.957] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x6f660000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="System.ni.dll") returned 0xd [0078.957] CoTaskMemFree (pv=0xd66600) [0078.957] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.957] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x6f660000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\assembly\\NativeImages_v4.0.30319_32\\System\\fcfb8bac8ea9a0e69d72c350b22f8e3f\\System.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system\\fcfb8bac8ea9a0e69d72c350b22f8e3f\\system.ni.dll")) returned 0x64 [0078.957] CoTaskMemFree (pv=0xd66600) [0078.957] GetModuleInformation (in: hProcess=0x2f0, hModule=0x6ef00000, lpmodinfo=0x2afb4a8, cb=0xc | out: lpmodinfo=0x2afb4a8*(lpBaseOfDll=0x6ef00000, SizeOfImage=0x756000, EntryPoint=0x0)) returned 1 [0078.958] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.958] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x6ef00000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="System.Core.ni.dll") returned 0x12 [0078.958] CoTaskMemFree (pv=0xd66600) [0078.958] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.958] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x6ef00000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\assembly\\NativeImages_v4.0.30319_32\\System.Core\\7334607a1c01834b6f09c482bd20ff7e\\System.Core.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.core\\7334607a1c01834b6f09c482bd20ff7e\\system.core.ni.dll")) returned 0x6e [0078.958] CoTaskMemFree (pv=0xd66600) [0078.958] GetModuleInformation (in: hProcess=0x2f0, hModule=0x73200000, lpmodinfo=0x2afd664, cb=0xc | out: lpmodinfo=0x2afd664*(lpBaseOfDll=0x73200000, SizeOfImage=0x13000, EntryPoint=0x73206c40)) returned 1 [0078.958] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.958] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x73200000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="CRYPTSP.dll") returned 0xb [0078.958] CoTaskMemFree (pv=0xd66600) [0078.961] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.961] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x73200000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\SYSTEM32\\CRYPTSP.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll")) returned 0x1f [0078.961] CoTaskMemFree (pv=0xd66600) [0078.961] GetModuleInformation (in: hProcess=0x2f0, hModule=0x74100000, lpmodinfo=0x2aff770, cb=0xc | out: lpmodinfo=0x2aff770*(lpBaseOfDll=0x74100000, SizeOfImage=0x2f000, EntryPoint=0x7410c000)) returned 1 [0078.961] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.961] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x74100000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="rsaenh.dll") returned 0xa [0078.961] CoTaskMemFree (pv=0xd66600) [0078.961] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.961] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x74100000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\system32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")) returned 0x1e [0078.961] CoTaskMemFree (pv=0xd66600) [0078.961] GetModuleInformation (in: hProcess=0x2f0, hModule=0x740e0000, lpmodinfo=0x2b0187c, cb=0xc | out: lpmodinfo=0x2b0187c*(lpBaseOfDll=0x740e0000, SizeOfImage=0x18000, EntryPoint=0x740e8f30)) returned 1 [0078.961] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.961] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x740e0000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="bcrypt.dll") returned 0xa [0078.962] CoTaskMemFree (pv=0xd66600) [0078.962] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.962] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x740e0000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\SYSTEM32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll")) returned 0x1e [0078.962] CoTaskMemFree (pv=0xd66600) [0078.962] GetModuleInformation (in: hProcess=0x2f0, hModule=0x76180000, lpmodinfo=0x2b03988, cb=0xc | out: lpmodinfo=0x2b03988*(lpBaseOfDll=0x76180000, SizeOfImage=0x6000, EntryPoint=0x76181460)) returned 1 [0078.962] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.962] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x76180000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="psapi.dll") returned 0x9 [0078.962] CoTaskMemFree (pv=0xd66600) [0078.962] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.962] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x76180000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\System32\\psapi.dll" (normalized: "c:\\windows\\system32\\psapi.dll")) returned 0x1d [0078.962] CoTaskMemFree (pv=0xd66600) [0078.962] CloseHandle (hObject=0x2f0) returned 1 [0078.981] GetCurrentProcessId () returned 0x7f0 [0078.981] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x7f0) returned 0x2f0 [0078.981] EnumProcessModules (in: hProcess=0x2f0, lphModule=0x29d1b74, cb=0x100, lpcbNeeded=0xafd6d8 | out: lphModule=0x29d1b74, lpcbNeeded=0xafd6d8) returned 1 [0078.981] GetModuleInformation (in: hProcess=0x2f0, hModule=0x6b0000, lpmodinfo=0x29d1cb4, cb=0xc | out: lpmodinfo=0x29d1cb4*(lpBaseOfDll=0x6b0000, SizeOfImage=0xb6000, EntryPoint=0x0)) returned 1 [0078.981] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.981] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x6b0000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="fatura.exe") returned 0xa [0078.981] CoTaskMemFree (pv=0xd66600) [0078.981] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.981] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x6b0000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\fatura.exe" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\fatura.exe")) returned 0x2d [0078.981] CoTaskMemFree (pv=0xd66600) [0078.981] GetModuleInformation (in: hProcess=0x2f0, hModule=0x77bb0000, lpmodinfo=0x29d3df8, cb=0xc | out: lpmodinfo=0x29d3df8*(lpBaseOfDll=0x77bb0000, SizeOfImage=0x18e000, EntryPoint=0x0)) returned 1 [0078.982] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.982] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x77bb0000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0078.982] CoTaskMemFree (pv=0xd66600) [0078.982] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.982] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x77bb0000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0078.982] CoTaskMemFree (pv=0xd66600) [0078.982] GetModuleInformation (in: hProcess=0x2f0, hModule=0x71b40000, lpmodinfo=0x29d5efc, cb=0xc | out: lpmodinfo=0x29d5efc*(lpBaseOfDll=0x71b40000, SizeOfImage=0x55000, EntryPoint=0x71b70a30)) returned 1 [0078.982] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.982] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x71b40000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="MSCOREE.DLL") returned 0xb [0078.982] CoTaskMemFree (pv=0xd66600) [0078.982] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.982] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x71b40000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\SYSTEM32\\MSCOREE.DLL" (normalized: "c:\\windows\\system32\\mscoree.dll")) returned 0x1f [0078.982] CoTaskMemFree (pv=0xd66600) [0078.982] GetModuleInformation (in: hProcess=0x2f0, hModule=0x75e90000, lpmodinfo=0x29d8008, cb=0xc | out: lpmodinfo=0x29d8008*(lpBaseOfDll=0x75e90000, SizeOfImage=0xd0000, EntryPoint=0x75ea06a0)) returned 1 [0078.982] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.982] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x75e90000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="KERNEL32.dll") returned 0xc [0078.983] CoTaskMemFree (pv=0xd66600) [0078.983] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.983] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x75e90000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\System32\\KERNEL32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")) returned 0x20 [0078.983] CoTaskMemFree (pv=0xd66600) [0078.983] GetModuleInformation (in: hProcess=0x2f0, hModule=0x74ea0000, lpmodinfo=0x29da11c, cb=0xc | out: lpmodinfo=0x29da11c*(lpBaseOfDll=0x74ea0000, SizeOfImage=0x1c2000, EntryPoint=0x74f8ff30)) returned 1 [0078.983] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.983] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x74ea0000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="KERNELBASE.dll") returned 0xe [0078.983] CoTaskMemFree (pv=0xd66600) [0078.983] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.983] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x74ea0000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\System32\\KERNELBASE.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")) returned 0x22 [0078.983] CoTaskMemFree (pv=0xd66600) [0078.983] GetModuleInformation (in: hProcess=0x2f0, hModule=0x745d0000, lpmodinfo=0x29dc264, cb=0xc | out: lpmodinfo=0x29dc264*(lpBaseOfDll=0x745d0000, SizeOfImage=0x93000, EntryPoint=0x74604270)) returned 1 [0078.983] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.983] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x745d0000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="apphelp.dll") returned 0xb [0078.983] CoTaskMemFree (pv=0xd66600) [0078.983] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.983] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x745d0000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\SYSTEM32\\apphelp.dll" (normalized: "c:\\windows\\system32\\apphelp.dll")) returned 0x1f [0078.984] CoTaskMemFree (pv=0xd66600) [0078.984] GetModuleInformation (in: hProcess=0x2f0, hModule=0x761b0000, lpmodinfo=0x29de370, cb=0xc | out: lpmodinfo=0x29de370*(lpBaseOfDll=0x761b0000, SizeOfImage=0x77000, EntryPoint=0x761ce5b0)) returned 1 [0078.984] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.984] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x761b0000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="ADVAPI32.dll") returned 0xc [0078.984] CoTaskMemFree (pv=0xd66600) [0078.984] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.984] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x761b0000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\System32\\ADVAPI32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")) returned 0x20 [0078.984] CoTaskMemFree (pv=0xd66600) [0078.984] GetModuleInformation (in: hProcess=0x2f0, hModule=0x77a30000, lpmodinfo=0x29e0484, cb=0xc | out: lpmodinfo=0x29e0484*(lpBaseOfDll=0x77a30000, SizeOfImage=0xbd000, EntryPoint=0x77a655e0)) returned 1 [0078.984] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.984] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x77a30000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="msvcrt.dll") returned 0xa [0078.984] CoTaskMemFree (pv=0xd66600) [0078.984] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.984] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x77a30000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")) returned 0x1e [0078.984] CoTaskMemFree (pv=0xd66600) [0078.984] GetModuleInformation (in: hProcess=0x2f0, hModule=0x75fb0000, lpmodinfo=0x29e2590, cb=0xc | out: lpmodinfo=0x29e2590*(lpBaseOfDll=0x75fb0000, SizeOfImage=0x41000, EntryPoint=0x75fc3400)) returned 1 [0078.984] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.985] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x75fb0000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="sechost.dll") returned 0xb [0078.985] CoTaskMemFree (pv=0xd66600) [0078.985] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.985] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x75fb0000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")) returned 0x1f [0078.985] CoTaskMemFree (pv=0xd66600) [0078.985] GetModuleInformation (in: hProcess=0x2f0, hModule=0x74710000, lpmodinfo=0x29e46e8, cb=0xc | out: lpmodinfo=0x29e46e8*(lpBaseOfDll=0x74710000, SizeOfImage=0xc0000, EntryPoint=0x7473fb20)) returned 1 [0078.985] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.985] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x74710000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="RPCRT4.dll") returned 0xa [0078.985] CoTaskMemFree (pv=0xd66600) [0078.985] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.985] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x74710000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\System32\\RPCRT4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")) returned 0x1e [0078.985] CoTaskMemFree (pv=0xd66600) [0078.985] GetModuleInformation (in: hProcess=0x2f0, hModule=0x74680000, lpmodinfo=0x29e67f4, cb=0xc | out: lpmodinfo=0x29e67f4*(lpBaseOfDll=0x74680000, SizeOfImage=0x20000, EntryPoint=0x7468c9a0)) returned 1 [0078.985] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.985] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x74680000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="SspiCli.dll") returned 0xb [0078.985] CoTaskMemFree (pv=0xd66600) [0078.986] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.986] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x74680000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\System32\\SspiCli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll")) returned 0x1f [0078.986] CoTaskMemFree (pv=0xd66600) [0078.986] GetModuleInformation (in: hProcess=0x2f0, hModule=0x74670000, lpmodinfo=0x29e8900, cb=0xc | out: lpmodinfo=0x29e8900*(lpBaseOfDll=0x74670000, SizeOfImage=0xa000, EntryPoint=0x74672a00)) returned 1 [0078.986] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.986] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x74670000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="CRYPTBASE.dll") returned 0xd [0078.986] CoTaskMemFree (pv=0xd66600) [0078.986] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.986] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x74670000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\System32\\CRYPTBASE.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll")) returned 0x21 [0078.986] CoTaskMemFree (pv=0xd66600) [0078.986] GetModuleInformation (in: hProcess=0x2f0, hModule=0x74da0000, lpmodinfo=0x29eaa14, cb=0xc | out: lpmodinfo=0x29eaa14*(lpBaseOfDll=0x74da0000, SizeOfImage=0x57000, EntryPoint=0x74ddde40)) returned 1 [0078.986] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.986] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x74da0000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="bcryptPrimitives.dll") returned 0x14 [0078.986] CoTaskMemFree (pv=0xd66600) [0078.986] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.986] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x74da0000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\System32\\bcryptPrimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll")) returned 0x28 [0078.987] CoTaskMemFree (pv=0xd66600) [0078.987] GetModuleInformation (in: hProcess=0x2f0, hModule=0x71ac0000, lpmodinfo=0x29ecb48, cb=0xc | out: lpmodinfo=0x29ecb48*(lpBaseOfDll=0x71ac0000, SizeOfImage=0x7d000, EntryPoint=0x71ac3c80)) returned 1 [0078.987] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.987] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x71ac0000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="mscoreei.dll") returned 0xc [0078.987] CoTaskMemFree (pv=0xd66600) [0078.987] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.987] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x71ac0000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscoreei.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\mscoreei.dll")) returned 0x3a [0078.987] CoTaskMemFree (pv=0xd66600) [0078.987] GetModuleInformation (in: hProcess=0x2f0, hModule=0x75f60000, lpmodinfo=0x29eec90, cb=0xc | out: lpmodinfo=0x29eec90*(lpBaseOfDll=0x75f60000, SizeOfImage=0x45000, EntryPoint=0x75f79260)) returned 1 [0078.987] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.987] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x75f60000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="SHLWAPI.dll") returned 0xb [0078.987] CoTaskMemFree (pv=0xd66600) [0078.987] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.987] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x75f60000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\System32\\SHLWAPI.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll")) returned 0x1f [0078.987] CoTaskMemFree (pv=0xd66600) [0078.987] GetModuleInformation (in: hProcess=0x2f0, hModule=0x75c50000, lpmodinfo=0x29f0d9c, cb=0xc | out: lpmodinfo=0x29f0d9c*(lpBaseOfDll=0x75c50000, SizeOfImage=0x238000, EntryPoint=0x75d6e060)) returned 1 [0078.988] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.988] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x75c50000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="combase.dll") returned 0xb [0078.988] CoTaskMemFree (pv=0xd66600) [0078.988] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.988] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x75c50000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll")) returned 0x1f [0078.988] CoTaskMemFree (pv=0xd66600) [0078.988] GetModuleInformation (in: hProcess=0x2f0, hModule=0x76000000, lpmodinfo=0x29f2ea8, cb=0xc | out: lpmodinfo=0x29f2ea8*(lpBaseOfDll=0x76000000, SizeOfImage=0x118000, EntryPoint=0x7602a3c0)) returned 1 [0078.988] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.988] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x76000000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="ucrtbase.dll") returned 0xc [0078.988] CoTaskMemFree (pv=0xd66600) [0078.988] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.988] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x76000000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\System32\\ucrtbase.dll" (normalized: "c:\\windows\\system32\\ucrtbase.dll")) returned 0x20 [0078.988] CoTaskMemFree (pv=0xd66600) [0078.988] GetModuleInformation (in: hProcess=0x2f0, hModule=0x75b70000, lpmodinfo=0x29f5048, cb=0xc | out: lpmodinfo=0x29f5048*(lpBaseOfDll=0x75b70000, SizeOfImage=0x21000, EntryPoint=0x75b76900)) returned 1 [0078.988] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.988] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x75b70000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="GDI32.dll") returned 0x9 [0078.989] CoTaskMemFree (pv=0xd66600) [0078.989] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.989] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x75b70000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\System32\\GDI32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")) returned 0x1d [0078.989] CoTaskMemFree (pv=0xd66600) [0078.989] GetModuleInformation (in: hProcess=0x2f0, hModule=0x76290000, lpmodinfo=0x29f714c, cb=0xc | out: lpmodinfo=0x29f714c*(lpBaseOfDll=0x76290000, SizeOfImage=0x158000, EntryPoint=0x7634a9c0)) returned 1 [0078.989] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.989] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x76290000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="gdi32full.dll") returned 0xd [0078.989] CoTaskMemFree (pv=0xd66600) [0078.989] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.989] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x76290000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\System32\\gdi32full.dll" (normalized: "c:\\windows\\system32\\gdi32full.dll")) returned 0x21 [0078.989] CoTaskMemFree (pv=0xd66600) [0078.989] GetModuleInformation (in: hProcess=0x2f0, hModule=0x77b30000, lpmodinfo=0x29f9260, cb=0xc | out: lpmodinfo=0x29f9260*(lpBaseOfDll=0x77b30000, SizeOfImage=0x79000, EntryPoint=0x77b44180)) returned 1 [0078.989] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.989] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x77b30000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="msvcp_win.dll") returned 0xd [0078.994] CoTaskMemFree (pv=0xd66600) [0078.994] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.994] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x77b30000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\System32\\msvcp_win.dll" (normalized: "c:\\windows\\system32\\msvcp_win.dll")) returned 0x21 [0078.994] CoTaskMemFree (pv=0xd66600) [0078.994] GetModuleInformation (in: hProcess=0x2f0, hModule=0x74b70000, lpmodinfo=0x29fb374, cb=0xc | out: lpmodinfo=0x29fb374*(lpBaseOfDll=0x74b70000, SizeOfImage=0x13c000, EntryPoint=0x74b9b3d0)) returned 1 [0078.994] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.994] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x74b70000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="USER32.dll") returned 0xa [0078.994] CoTaskMemFree (pv=0xd66600) [0078.994] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.994] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x74b70000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\System32\\USER32.dll" (normalized: "c:\\windows\\system32\\user32.dll")) returned 0x1e [0078.994] CoTaskMemFree (pv=0xd66600) [0078.995] GetModuleInformation (in: hProcess=0x2f0, hModule=0x74ac0000, lpmodinfo=0x29fd480, cb=0xc | out: lpmodinfo=0x29fd480*(lpBaseOfDll=0x74ac0000, SizeOfImage=0x16000, EntryPoint=0x0)) returned 1 [0078.995] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.995] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x74ac0000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="win32u.dll") returned 0xa [0078.995] CoTaskMemFree (pv=0xd66600) [0078.995] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.995] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x74ac0000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\System32\\win32u.dll" (normalized: "c:\\windows\\system32\\win32u.dll")) returned 0x1e [0078.995] CoTaskMemFree (pv=0xd66600) [0078.995] GetModuleInformation (in: hProcess=0x2f0, hModule=0x74e20000, lpmodinfo=0x29ff58c, cb=0xc | out: lpmodinfo=0x29ff58c*(lpBaseOfDll=0x74e20000, SizeOfImage=0x25000, EntryPoint=0x74e247d0)) returned 1 [0078.995] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.995] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x74e20000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="IMM32.DLL") returned 0x9 [0078.995] CoTaskMemFree (pv=0xd66600) [0078.995] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.995] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x74e20000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\System32\\IMM32.DLL" (normalized: "c:\\windows\\system32\\imm32.dll")) returned 0x1d [0078.995] CoTaskMemFree (pv=0xd66600) [0078.995] GetModuleInformation (in: hProcess=0x2f0, hModule=0x75ba0000, lpmodinfo=0x2a01690, cb=0xc | out: lpmodinfo=0x2a01690*(lpBaseOfDll=0x75ba0000, SizeOfImage=0xe000, EntryPoint=0x75ba3e30)) returned 1 [0078.995] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.995] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x75ba0000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="kernel.appcore.dll") returned 0x12 [0078.996] CoTaskMemFree (pv=0xd66600) [0078.996] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.996] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x75ba0000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll")) returned 0x26 [0078.996] CoTaskMemFree (pv=0xd66600) [0078.996] GetModuleInformation (in: hProcess=0x2f0, hModule=0x74140000, lpmodinfo=0x2a037bc, cb=0xc | out: lpmodinfo=0x2a037bc*(lpBaseOfDll=0x74140000, SizeOfImage=0x8000, EntryPoint=0x741417c0)) returned 1 [0078.996] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.996] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x74140000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="VERSION.dll") returned 0xb [0078.996] CoTaskMemFree (pv=0xd66600) [0078.996] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.996] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x74140000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\SYSTEM32\\VERSION.dll" (normalized: "c:\\windows\\system32\\version.dll")) returned 0x1f [0078.996] CoTaskMemFree (pv=0xd66600) [0078.996] GetModuleInformation (in: hProcess=0x2f0, hModule=0x713d0000, lpmodinfo=0x2a058c8, cb=0xc | out: lpmodinfo=0x2a058c8*(lpBaseOfDll=0x713d0000, SizeOfImage=0x6e6000, EntryPoint=0x713e83d0)) returned 1 [0078.996] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.996] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x713d0000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="clr.dll") returned 0x7 [0078.997] CoTaskMemFree (pv=0xd66600) [0078.997] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.997] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x713d0000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clr.dll")) returned 0x35 [0078.997] CoTaskMemFree (pv=0xd66600) [0078.997] GetModuleInformation (in: hProcess=0x2f0, hModule=0x732a0000, lpmodinfo=0x2a079f8, cb=0xc | out: lpmodinfo=0x2a079f8*(lpBaseOfDll=0x732a0000, SizeOfImage=0xf5000, EntryPoint=0x732f4180)) returned 1 [0078.997] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.997] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x732a0000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="MSVCR120_CLR0400.dll") returned 0x14 [0078.997] CoTaskMemFree (pv=0xd66600) [0078.997] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.997] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x732a0000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\SYSTEM32\\MSVCR120_CLR0400.dll" (normalized: "c:\\windows\\system32\\msvcr120_clr0400.dll")) returned 0x28 [0078.997] CoTaskMemFree (pv=0xd66600) [0078.997] GetModuleInformation (in: hProcess=0x2f0, hModule=0x70040000, lpmodinfo=0x2a09b2c, cb=0xc | out: lpmodinfo=0x2a09b2c*(lpBaseOfDll=0x70040000, SizeOfImage=0x138d000, EntryPoint=0x0)) returned 1 [0078.997] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.997] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x70040000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="mscorlib.ni.dll") returned 0xf [0078.997] CoTaskMemFree (pv=0xd66600) [0078.997] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.997] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x70040000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\assembly\\NativeImages_v4.0.30319_32\\mscorlib\\f12799647dc4f4abd2f0f17790337f04\\mscorlib.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\mscorlib\\f12799647dc4f4abd2f0f17790337f04\\mscorlib.ni.dll")) returned 0x68 [0078.998] CoTaskMemFree (pv=0xd66600) [0078.998] GetModuleInformation (in: hProcess=0x2f0, hModule=0x77920000, lpmodinfo=0x2a0bcd4, cb=0xc | out: lpmodinfo=0x2a0bcd4*(lpBaseOfDll=0x77920000, SizeOfImage=0xf3000, EntryPoint=0x7795a100)) returned 1 [0078.998] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.998] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x77920000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="ole32.dll") returned 0x9 [0078.998] CoTaskMemFree (pv=0xd66600) [0078.998] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.998] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x77920000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll")) returned 0x1d [0078.998] CoTaskMemFree (pv=0xd66600) [0078.998] GetModuleInformation (in: hProcess=0x2f0, hModule=0x74550000, lpmodinfo=0x2a0ddd8, cb=0xc | out: lpmodinfo=0x2a0ddd8*(lpBaseOfDll=0x74550000, SizeOfImage=0x78000, EntryPoint=0x745885b0)) returned 1 [0078.998] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.998] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x74550000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="uxtheme.dll") returned 0xb [0078.998] CoTaskMemFree (pv=0xd66600) [0078.998] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.998] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x74550000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\system32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll")) returned 0x1f [0078.998] CoTaskMemFree (pv=0xd66600) [0078.999] GetModuleInformation (in: hProcess=0x2f0, hModule=0x73220000, lpmodinfo=0x2a0fee4, cb=0xc | out: lpmodinfo=0x2a0fee4*(lpBaseOfDll=0x73220000, SizeOfImage=0x80000, EntryPoint=0x73221180)) returned 1 [0078.999] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.999] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x73220000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="clrjit.dll") returned 0xa [0078.999] CoTaskMemFree (pv=0xd66600) [0078.999] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.999] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x73220000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clrjit.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clrjit.dll")) returned 0x38 [0078.999] CoTaskMemFree (pv=0xd66600) [0078.999] GetModuleInformation (in: hProcess=0x2f0, hModule=0x75bb0000, lpmodinfo=0x2a12024, cb=0xc | out: lpmodinfo=0x2a12024*(lpBaseOfDll=0x75bb0000, SizeOfImage=0x96000, EntryPoint=0x75be8f60)) returned 1 [0078.999] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.999] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x75bb0000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="OLEAUT32.dll") returned 0xc [0078.999] CoTaskMemFree (pv=0xd66600) [0078.999] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0078.999] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x75bb0000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\System32\\OLEAUT32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")) returned 0x20 [0078.999] CoTaskMemFree (pv=0xd66600) [0078.999] GetModuleInformation (in: hProcess=0x2f0, hModule=0x6f660000, lpmodinfo=0x2a14138, cb=0xc | out: lpmodinfo=0x2a14138*(lpBaseOfDll=0x6f660000, SizeOfImage=0x9df000, EntryPoint=0x0)) returned 1 [0079.000] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.000] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x6f660000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="System.ni.dll") returned 0xd [0079.000] CoTaskMemFree (pv=0xd66600) [0079.000] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.000] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x6f660000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\assembly\\NativeImages_v4.0.30319_32\\System\\fcfb8bac8ea9a0e69d72c350b22f8e3f\\System.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system\\fcfb8bac8ea9a0e69d72c350b22f8e3f\\system.ni.dll")) returned 0x64 [0079.000] CoTaskMemFree (pv=0xd66600) [0079.000] GetModuleInformation (in: hProcess=0x2f0, hModule=0x6ef00000, lpmodinfo=0x2a163e0, cb=0xc | out: lpmodinfo=0x2a163e0*(lpBaseOfDll=0x6ef00000, SizeOfImage=0x756000, EntryPoint=0x0)) returned 1 [0079.000] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.000] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x6ef00000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="System.Core.ni.dll") returned 0x12 [0079.000] CoTaskMemFree (pv=0xd66600) [0079.000] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.000] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x6ef00000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\assembly\\NativeImages_v4.0.30319_32\\System.Core\\7334607a1c01834b6f09c482bd20ff7e\\System.Core.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.core\\7334607a1c01834b6f09c482bd20ff7e\\system.core.ni.dll")) returned 0x6e [0079.000] CoTaskMemFree (pv=0xd66600) [0079.000] GetModuleInformation (in: hProcess=0x2f0, hModule=0x73200000, lpmodinfo=0x2a1859c, cb=0xc | out: lpmodinfo=0x2a1859c*(lpBaseOfDll=0x73200000, SizeOfImage=0x13000, EntryPoint=0x73206c40)) returned 1 [0079.000] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.000] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x73200000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="CRYPTSP.dll") returned 0xb [0079.001] CoTaskMemFree (pv=0xd66600) [0079.001] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.001] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x73200000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\SYSTEM32\\CRYPTSP.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll")) returned 0x1f [0079.001] CoTaskMemFree (pv=0xd66600) [0079.001] GetModuleInformation (in: hProcess=0x2f0, hModule=0x74100000, lpmodinfo=0x2a1a6a8, cb=0xc | out: lpmodinfo=0x2a1a6a8*(lpBaseOfDll=0x74100000, SizeOfImage=0x2f000, EntryPoint=0x7410c000)) returned 1 [0079.001] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.001] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x74100000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="rsaenh.dll") returned 0xa [0079.001] CoTaskMemFree (pv=0xd66600) [0079.001] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.001] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x74100000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\system32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")) returned 0x1e [0079.001] CoTaskMemFree (pv=0xd66600) [0079.001] GetModuleInformation (in: hProcess=0x2f0, hModule=0x740e0000, lpmodinfo=0x2a1c7b4, cb=0xc | out: lpmodinfo=0x2a1c7b4*(lpBaseOfDll=0x740e0000, SizeOfImage=0x18000, EntryPoint=0x740e8f30)) returned 1 [0079.001] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.001] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x740e0000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="bcrypt.dll") returned 0xa [0079.001] CoTaskMemFree (pv=0xd66600) [0079.001] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.002] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x740e0000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\SYSTEM32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll")) returned 0x1e [0079.002] CoTaskMemFree (pv=0xd66600) [0079.002] GetModuleInformation (in: hProcess=0x2f0, hModule=0x76180000, lpmodinfo=0x2a1e8c0, cb=0xc | out: lpmodinfo=0x2a1e8c0*(lpBaseOfDll=0x76180000, SizeOfImage=0x6000, EntryPoint=0x76181460)) returned 1 [0079.002] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.002] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x76180000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="psapi.dll") returned 0x9 [0079.002] CoTaskMemFree (pv=0xd66600) [0079.002] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.002] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x76180000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\System32\\psapi.dll" (normalized: "c:\\windows\\system32\\psapi.dll")) returned 0x1d [0079.002] CoTaskMemFree (pv=0xd66600) [0079.002] CloseHandle (hObject=0x2f0) returned 1 [0079.026] GetCurrentProcessId () returned 0x7f0 [0079.026] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x7f0) returned 0x2f0 [0079.026] EnumProcessModules (in: hProcess=0x2f0, lphModule=0x2b33448, cb=0x100, lpcbNeeded=0xafd6d8 | out: lphModule=0x2b33448, lpcbNeeded=0xafd6d8) returned 1 [0079.026] GetModuleInformation (in: hProcess=0x2f0, hModule=0x6b0000, lpmodinfo=0x2b33588, cb=0xc | out: lpmodinfo=0x2b33588*(lpBaseOfDll=0x6b0000, SizeOfImage=0xb6000, EntryPoint=0x0)) returned 1 [0079.026] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.026] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x6b0000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="fatura.exe") returned 0xa [0079.026] CoTaskMemFree (pv=0xd66600) [0079.026] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.026] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x6b0000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\fatura.exe" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\fatura.exe")) returned 0x2d [0079.026] CoTaskMemFree (pv=0xd66600) [0079.026] GetModuleInformation (in: hProcess=0x2f0, hModule=0x77bb0000, lpmodinfo=0x2b356cc, cb=0xc | out: lpmodinfo=0x2b356cc*(lpBaseOfDll=0x77bb0000, SizeOfImage=0x18e000, EntryPoint=0x0)) returned 1 [0079.026] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.027] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x77bb0000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0079.027] CoTaskMemFree (pv=0xd66600) [0079.027] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.027] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x77bb0000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0079.027] CoTaskMemFree (pv=0xd66600) [0079.027] GetModuleInformation (in: hProcess=0x2f0, hModule=0x71b40000, lpmodinfo=0x2b377d0, cb=0xc | out: lpmodinfo=0x2b377d0*(lpBaseOfDll=0x71b40000, SizeOfImage=0x55000, EntryPoint=0x71b70a30)) returned 1 [0079.027] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.027] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x71b40000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="MSCOREE.DLL") returned 0xb [0079.027] CoTaskMemFree (pv=0xd66600) [0079.027] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.027] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x71b40000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\SYSTEM32\\MSCOREE.DLL" (normalized: "c:\\windows\\system32\\mscoree.dll")) returned 0x1f [0079.027] CoTaskMemFree (pv=0xd66600) [0079.027] GetModuleInformation (in: hProcess=0x2f0, hModule=0x75e90000, lpmodinfo=0x2b398dc, cb=0xc | out: lpmodinfo=0x2b398dc*(lpBaseOfDll=0x75e90000, SizeOfImage=0xd0000, EntryPoint=0x75ea06a0)) returned 1 [0079.027] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.027] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x75e90000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="KERNEL32.dll") returned 0xc [0079.028] CoTaskMemFree (pv=0xd66600) [0079.028] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.028] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x75e90000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\System32\\KERNEL32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")) returned 0x20 [0079.028] CoTaskMemFree (pv=0xd66600) [0079.028] GetModuleInformation (in: hProcess=0x2f0, hModule=0x74ea0000, lpmodinfo=0x2b3b9f0, cb=0xc | out: lpmodinfo=0x2b3b9f0*(lpBaseOfDll=0x74ea0000, SizeOfImage=0x1c2000, EntryPoint=0x74f8ff30)) returned 1 [0079.028] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.028] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x74ea0000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="KERNELBASE.dll") returned 0xe [0079.028] CoTaskMemFree (pv=0xd66600) [0079.028] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.028] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x74ea0000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\System32\\KERNELBASE.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")) returned 0x22 [0079.028] CoTaskMemFree (pv=0xd66600) [0079.028] GetModuleInformation (in: hProcess=0x2f0, hModule=0x745d0000, lpmodinfo=0x2b3db38, cb=0xc | out: lpmodinfo=0x2b3db38*(lpBaseOfDll=0x745d0000, SizeOfImage=0x93000, EntryPoint=0x74604270)) returned 1 [0079.028] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.028] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x745d0000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="apphelp.dll") returned 0xb [0079.028] CoTaskMemFree (pv=0xd66600) [0079.028] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.028] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x745d0000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\SYSTEM32\\apphelp.dll" (normalized: "c:\\windows\\system32\\apphelp.dll")) returned 0x1f [0079.029] CoTaskMemFree (pv=0xd66600) [0079.029] GetModuleInformation (in: hProcess=0x2f0, hModule=0x761b0000, lpmodinfo=0x2b3fc44, cb=0xc | out: lpmodinfo=0x2b3fc44*(lpBaseOfDll=0x761b0000, SizeOfImage=0x77000, EntryPoint=0x761ce5b0)) returned 1 [0079.029] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.029] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x761b0000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="ADVAPI32.dll") returned 0xc [0079.029] CoTaskMemFree (pv=0xd66600) [0079.029] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.029] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x761b0000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\System32\\ADVAPI32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")) returned 0x20 [0079.029] CoTaskMemFree (pv=0xd66600) [0079.029] GetModuleInformation (in: hProcess=0x2f0, hModule=0x77a30000, lpmodinfo=0x2b41d58, cb=0xc | out: lpmodinfo=0x2b41d58*(lpBaseOfDll=0x77a30000, SizeOfImage=0xbd000, EntryPoint=0x77a655e0)) returned 1 [0079.029] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.029] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x77a30000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="msvcrt.dll") returned 0xa [0079.029] CoTaskMemFree (pv=0xd66600) [0079.029] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.029] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x77a30000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")) returned 0x1e [0079.029] CoTaskMemFree (pv=0xd66600) [0079.029] GetModuleInformation (in: hProcess=0x2f0, hModule=0x75fb0000, lpmodinfo=0x2b43e64, cb=0xc | out: lpmodinfo=0x2b43e64*(lpBaseOfDll=0x75fb0000, SizeOfImage=0x41000, EntryPoint=0x75fc3400)) returned 1 [0079.030] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.030] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x75fb0000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="sechost.dll") returned 0xb [0079.030] CoTaskMemFree (pv=0xd66600) [0079.030] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.030] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x75fb0000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")) returned 0x1f [0079.030] CoTaskMemFree (pv=0xd66600) [0079.030] GetModuleInformation (in: hProcess=0x2f0, hModule=0x74710000, lpmodinfo=0x2b45fbc, cb=0xc | out: lpmodinfo=0x2b45fbc*(lpBaseOfDll=0x74710000, SizeOfImage=0xc0000, EntryPoint=0x7473fb20)) returned 1 [0079.030] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.030] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x74710000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="RPCRT4.dll") returned 0xa [0079.030] CoTaskMemFree (pv=0xd66600) [0079.030] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.030] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x74710000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\System32\\RPCRT4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")) returned 0x1e [0079.030] CoTaskMemFree (pv=0xd66600) [0079.030] GetModuleInformation (in: hProcess=0x2f0, hModule=0x74680000, lpmodinfo=0x2b480c8, cb=0xc | out: lpmodinfo=0x2b480c8*(lpBaseOfDll=0x74680000, SizeOfImage=0x20000, EntryPoint=0x7468c9a0)) returned 1 [0079.030] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.030] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x74680000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="SspiCli.dll") returned 0xb [0079.031] CoTaskMemFree (pv=0xd66600) [0079.031] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.031] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x74680000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\System32\\SspiCli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll")) returned 0x1f [0079.031] CoTaskMemFree (pv=0xd66600) [0079.031] GetModuleInformation (in: hProcess=0x2f0, hModule=0x74670000, lpmodinfo=0x2b4a1d4, cb=0xc | out: lpmodinfo=0x2b4a1d4*(lpBaseOfDll=0x74670000, SizeOfImage=0xa000, EntryPoint=0x74672a00)) returned 1 [0079.031] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.031] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x74670000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="CRYPTBASE.dll") returned 0xd [0079.031] CoTaskMemFree (pv=0xd66600) [0079.031] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.031] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x74670000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\System32\\CRYPTBASE.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll")) returned 0x21 [0079.031] CoTaskMemFree (pv=0xd66600) [0079.031] GetModuleInformation (in: hProcess=0x2f0, hModule=0x74da0000, lpmodinfo=0x2b4c2e8, cb=0xc | out: lpmodinfo=0x2b4c2e8*(lpBaseOfDll=0x74da0000, SizeOfImage=0x57000, EntryPoint=0x74ddde40)) returned 1 [0079.031] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.031] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x74da0000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="bcryptPrimitives.dll") returned 0x14 [0079.032] CoTaskMemFree (pv=0xd66600) [0079.032] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.032] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x74da0000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\System32\\bcryptPrimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll")) returned 0x28 [0079.032] CoTaskMemFree (pv=0xd66600) [0079.032] GetModuleInformation (in: hProcess=0x2f0, hModule=0x71ac0000, lpmodinfo=0x2b4e41c, cb=0xc | out: lpmodinfo=0x2b4e41c*(lpBaseOfDll=0x71ac0000, SizeOfImage=0x7d000, EntryPoint=0x71ac3c80)) returned 1 [0079.032] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.032] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x71ac0000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="mscoreei.dll") returned 0xc [0079.032] CoTaskMemFree (pv=0xd66600) [0079.032] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.032] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x71ac0000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscoreei.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\mscoreei.dll")) returned 0x3a [0079.032] CoTaskMemFree (pv=0xd66600) [0079.032] GetModuleInformation (in: hProcess=0x2f0, hModule=0x75f60000, lpmodinfo=0x2b50564, cb=0xc | out: lpmodinfo=0x2b50564*(lpBaseOfDll=0x75f60000, SizeOfImage=0x45000, EntryPoint=0x75f79260)) returned 1 [0079.036] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.036] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x75f60000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="SHLWAPI.dll") returned 0xb [0079.036] CoTaskMemFree (pv=0xd66600) [0079.036] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.036] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x75f60000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\System32\\SHLWAPI.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll")) returned 0x1f [0079.036] CoTaskMemFree (pv=0xd66600) [0079.036] GetModuleInformation (in: hProcess=0x2f0, hModule=0x75c50000, lpmodinfo=0x2955100, cb=0xc | out: lpmodinfo=0x2955100*(lpBaseOfDll=0x75c50000, SizeOfImage=0x238000, EntryPoint=0x75d6e060)) returned 1 [0079.036] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.036] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x75c50000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="combase.dll") returned 0xb [0079.036] CoTaskMemFree (pv=0xd66600) [0079.036] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.036] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x75c50000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll")) returned 0x1f [0079.037] CoTaskMemFree (pv=0xd66600) [0079.037] GetModuleInformation (in: hProcess=0x2f0, hModule=0x76000000, lpmodinfo=0x295720c, cb=0xc | out: lpmodinfo=0x295720c*(lpBaseOfDll=0x76000000, SizeOfImage=0x118000, EntryPoint=0x7602a3c0)) returned 1 [0079.037] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.037] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x76000000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="ucrtbase.dll") returned 0xc [0079.037] CoTaskMemFree (pv=0xd66600) [0079.037] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.037] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x76000000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\System32\\ucrtbase.dll" (normalized: "c:\\windows\\system32\\ucrtbase.dll")) returned 0x20 [0079.037] CoTaskMemFree (pv=0xd66600) [0079.037] GetModuleInformation (in: hProcess=0x2f0, hModule=0x75b70000, lpmodinfo=0x29593ac, cb=0xc | out: lpmodinfo=0x29593ac*(lpBaseOfDll=0x75b70000, SizeOfImage=0x21000, EntryPoint=0x75b76900)) returned 1 [0079.037] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.037] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x75b70000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="GDI32.dll") returned 0x9 [0079.037] CoTaskMemFree (pv=0xd66600) [0079.037] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.037] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x75b70000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\System32\\GDI32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")) returned 0x1d [0079.037] CoTaskMemFree (pv=0xd66600) [0079.037] GetModuleInformation (in: hProcess=0x2f0, hModule=0x76290000, lpmodinfo=0x295b4b0, cb=0xc | out: lpmodinfo=0x295b4b0*(lpBaseOfDll=0x76290000, SizeOfImage=0x158000, EntryPoint=0x7634a9c0)) returned 1 [0079.038] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.038] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x76290000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="gdi32full.dll") returned 0xd [0079.038] CoTaskMemFree (pv=0xd66600) [0079.038] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.038] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x76290000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\System32\\gdi32full.dll" (normalized: "c:\\windows\\system32\\gdi32full.dll")) returned 0x21 [0079.038] CoTaskMemFree (pv=0xd66600) [0079.038] GetModuleInformation (in: hProcess=0x2f0, hModule=0x77b30000, lpmodinfo=0x295d5c4, cb=0xc | out: lpmodinfo=0x295d5c4*(lpBaseOfDll=0x77b30000, SizeOfImage=0x79000, EntryPoint=0x77b44180)) returned 1 [0079.038] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.038] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x77b30000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="msvcp_win.dll") returned 0xd [0079.038] CoTaskMemFree (pv=0xd66600) [0079.038] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.038] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x77b30000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\System32\\msvcp_win.dll" (normalized: "c:\\windows\\system32\\msvcp_win.dll")) returned 0x21 [0079.038] CoTaskMemFree (pv=0xd66600) [0079.038] GetModuleInformation (in: hProcess=0x2f0, hModule=0x74b70000, lpmodinfo=0x295f6d8, cb=0xc | out: lpmodinfo=0x295f6d8*(lpBaseOfDll=0x74b70000, SizeOfImage=0x13c000, EntryPoint=0x74b9b3d0)) returned 1 [0079.038] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.038] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x74b70000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="USER32.dll") returned 0xa [0079.039] CoTaskMemFree (pv=0xd66600) [0079.039] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.039] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x74b70000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\System32\\USER32.dll" (normalized: "c:\\windows\\system32\\user32.dll")) returned 0x1e [0079.039] CoTaskMemFree (pv=0xd66600) [0079.039] GetModuleInformation (in: hProcess=0x2f0, hModule=0x74ac0000, lpmodinfo=0x29617e4, cb=0xc | out: lpmodinfo=0x29617e4*(lpBaseOfDll=0x74ac0000, SizeOfImage=0x16000, EntryPoint=0x0)) returned 1 [0079.039] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.039] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x74ac0000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="win32u.dll") returned 0xa [0079.039] CoTaskMemFree (pv=0xd66600) [0079.039] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.039] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x74ac0000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\System32\\win32u.dll" (normalized: "c:\\windows\\system32\\win32u.dll")) returned 0x1e [0079.039] CoTaskMemFree (pv=0xd66600) [0079.039] GetModuleInformation (in: hProcess=0x2f0, hModule=0x74e20000, lpmodinfo=0x29638f0, cb=0xc | out: lpmodinfo=0x29638f0*(lpBaseOfDll=0x74e20000, SizeOfImage=0x25000, EntryPoint=0x74e247d0)) returned 1 [0079.039] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.039] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x74e20000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="IMM32.DLL") returned 0x9 [0079.039] CoTaskMemFree (pv=0xd66600) [0079.040] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.040] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x74e20000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\System32\\IMM32.DLL" (normalized: "c:\\windows\\system32\\imm32.dll")) returned 0x1d [0079.040] CoTaskMemFree (pv=0xd66600) [0079.040] GetModuleInformation (in: hProcess=0x2f0, hModule=0x75ba0000, lpmodinfo=0x29659f4, cb=0xc | out: lpmodinfo=0x29659f4*(lpBaseOfDll=0x75ba0000, SizeOfImage=0xe000, EntryPoint=0x75ba3e30)) returned 1 [0079.040] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.040] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x75ba0000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="kernel.appcore.dll") returned 0x12 [0079.040] CoTaskMemFree (pv=0xd66600) [0079.040] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.040] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x75ba0000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll")) returned 0x26 [0079.040] CoTaskMemFree (pv=0xd66600) [0079.040] GetModuleInformation (in: hProcess=0x2f0, hModule=0x74140000, lpmodinfo=0x2967b20, cb=0xc | out: lpmodinfo=0x2967b20*(lpBaseOfDll=0x74140000, SizeOfImage=0x8000, EntryPoint=0x741417c0)) returned 1 [0079.040] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.040] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x74140000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="VERSION.dll") returned 0xb [0079.040] CoTaskMemFree (pv=0xd66600) [0079.040] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.040] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x74140000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\SYSTEM32\\VERSION.dll" (normalized: "c:\\windows\\system32\\version.dll")) returned 0x1f [0079.041] CoTaskMemFree (pv=0xd66600) [0079.041] GetModuleInformation (in: hProcess=0x2f0, hModule=0x713d0000, lpmodinfo=0x2969c2c, cb=0xc | out: lpmodinfo=0x2969c2c*(lpBaseOfDll=0x713d0000, SizeOfImage=0x6e6000, EntryPoint=0x713e83d0)) returned 1 [0079.041] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.041] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x713d0000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="clr.dll") returned 0x7 [0079.041] CoTaskMemFree (pv=0xd66600) [0079.041] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.041] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x713d0000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clr.dll")) returned 0x35 [0079.041] CoTaskMemFree (pv=0xd66600) [0079.041] GetModuleInformation (in: hProcess=0x2f0, hModule=0x732a0000, lpmodinfo=0x296bd5c, cb=0xc | out: lpmodinfo=0x296bd5c*(lpBaseOfDll=0x732a0000, SizeOfImage=0xf5000, EntryPoint=0x732f4180)) returned 1 [0079.041] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.041] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x732a0000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="MSVCR120_CLR0400.dll") returned 0x14 [0079.041] CoTaskMemFree (pv=0xd66600) [0079.041] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.041] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x732a0000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\SYSTEM32\\MSVCR120_CLR0400.dll" (normalized: "c:\\windows\\system32\\msvcr120_clr0400.dll")) returned 0x28 [0079.041] CoTaskMemFree (pv=0xd66600) [0079.041] GetModuleInformation (in: hProcess=0x2f0, hModule=0x70040000, lpmodinfo=0x296de90, cb=0xc | out: lpmodinfo=0x296de90*(lpBaseOfDll=0x70040000, SizeOfImage=0x138d000, EntryPoint=0x0)) returned 1 [0079.042] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.042] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x70040000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="mscorlib.ni.dll") returned 0xf [0079.042] CoTaskMemFree (pv=0xd66600) [0079.042] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.042] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x70040000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\assembly\\NativeImages_v4.0.30319_32\\mscorlib\\f12799647dc4f4abd2f0f17790337f04\\mscorlib.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\mscorlib\\f12799647dc4f4abd2f0f17790337f04\\mscorlib.ni.dll")) returned 0x68 [0079.042] CoTaskMemFree (pv=0xd66600) [0079.042] GetModuleInformation (in: hProcess=0x2f0, hModule=0x77920000, lpmodinfo=0x2970038, cb=0xc | out: lpmodinfo=0x2970038*(lpBaseOfDll=0x77920000, SizeOfImage=0xf3000, EntryPoint=0x7795a100)) returned 1 [0079.042] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.042] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x77920000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="ole32.dll") returned 0x9 [0079.042] CoTaskMemFree (pv=0xd66600) [0079.042] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.042] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x77920000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll")) returned 0x1d [0079.042] CoTaskMemFree (pv=0xd66600) [0079.042] GetModuleInformation (in: hProcess=0x2f0, hModule=0x74550000, lpmodinfo=0x297213c, cb=0xc | out: lpmodinfo=0x297213c*(lpBaseOfDll=0x74550000, SizeOfImage=0x78000, EntryPoint=0x745885b0)) returned 1 [0079.042] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.042] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x74550000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="uxtheme.dll") returned 0xb [0079.043] CoTaskMemFree (pv=0xd66600) [0079.043] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.043] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x74550000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\system32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll")) returned 0x1f [0079.043] CoTaskMemFree (pv=0xd66600) [0079.043] GetModuleInformation (in: hProcess=0x2f0, hModule=0x73220000, lpmodinfo=0x2974248, cb=0xc | out: lpmodinfo=0x2974248*(lpBaseOfDll=0x73220000, SizeOfImage=0x80000, EntryPoint=0x73221180)) returned 1 [0079.043] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.043] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x73220000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="clrjit.dll") returned 0xa [0079.043] CoTaskMemFree (pv=0xd66600) [0079.043] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.043] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x73220000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clrjit.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clrjit.dll")) returned 0x38 [0079.043] CoTaskMemFree (pv=0xd66600) [0079.043] GetModuleInformation (in: hProcess=0x2f0, hModule=0x75bb0000, lpmodinfo=0x2976388, cb=0xc | out: lpmodinfo=0x2976388*(lpBaseOfDll=0x75bb0000, SizeOfImage=0x96000, EntryPoint=0x75be8f60)) returned 1 [0079.043] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.043] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x75bb0000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="OLEAUT32.dll") returned 0xc [0079.043] CoTaskMemFree (pv=0xd66600) [0079.044] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.044] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x75bb0000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\System32\\OLEAUT32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")) returned 0x20 [0079.044] CoTaskMemFree (pv=0xd66600) [0079.044] GetModuleInformation (in: hProcess=0x2f0, hModule=0x6f660000, lpmodinfo=0x297849c, cb=0xc | out: lpmodinfo=0x297849c*(lpBaseOfDll=0x6f660000, SizeOfImage=0x9df000, EntryPoint=0x0)) returned 1 [0079.044] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.044] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x6f660000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="System.ni.dll") returned 0xd [0079.044] CoTaskMemFree (pv=0xd66600) [0079.044] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.044] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x6f660000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\assembly\\NativeImages_v4.0.30319_32\\System\\fcfb8bac8ea9a0e69d72c350b22f8e3f\\System.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system\\fcfb8bac8ea9a0e69d72c350b22f8e3f\\system.ni.dll")) returned 0x64 [0079.044] CoTaskMemFree (pv=0xd66600) [0079.044] GetModuleInformation (in: hProcess=0x2f0, hModule=0x6ef00000, lpmodinfo=0x297a744, cb=0xc | out: lpmodinfo=0x297a744*(lpBaseOfDll=0x6ef00000, SizeOfImage=0x756000, EntryPoint=0x0)) returned 1 [0079.044] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.044] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x6ef00000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="System.Core.ni.dll") returned 0x12 [0079.044] CoTaskMemFree (pv=0xd66600) [0079.044] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.044] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x6ef00000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\assembly\\NativeImages_v4.0.30319_32\\System.Core\\7334607a1c01834b6f09c482bd20ff7e\\System.Core.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.core\\7334607a1c01834b6f09c482bd20ff7e\\system.core.ni.dll")) returned 0x6e [0079.045] CoTaskMemFree (pv=0xd66600) [0079.045] GetModuleInformation (in: hProcess=0x2f0, hModule=0x73200000, lpmodinfo=0x297c900, cb=0xc | out: lpmodinfo=0x297c900*(lpBaseOfDll=0x73200000, SizeOfImage=0x13000, EntryPoint=0x73206c40)) returned 1 [0079.045] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.045] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x73200000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="CRYPTSP.dll") returned 0xb [0079.045] CoTaskMemFree (pv=0xd66600) [0079.045] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.045] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x73200000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\SYSTEM32\\CRYPTSP.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll")) returned 0x1f [0079.045] CoTaskMemFree (pv=0xd66600) [0079.045] GetModuleInformation (in: hProcess=0x2f0, hModule=0x74100000, lpmodinfo=0x297ea0c, cb=0xc | out: lpmodinfo=0x297ea0c*(lpBaseOfDll=0x74100000, SizeOfImage=0x2f000, EntryPoint=0x7410c000)) returned 1 [0079.045] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.045] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x74100000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="rsaenh.dll") returned 0xa [0079.045] CoTaskMemFree (pv=0xd66600) [0079.045] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.045] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x74100000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\system32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")) returned 0x1e [0079.045] CoTaskMemFree (pv=0xd66600) [0079.045] GetModuleInformation (in: hProcess=0x2f0, hModule=0x740e0000, lpmodinfo=0x2980b18, cb=0xc | out: lpmodinfo=0x2980b18*(lpBaseOfDll=0x740e0000, SizeOfImage=0x18000, EntryPoint=0x740e8f30)) returned 1 [0079.046] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.046] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x740e0000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="bcrypt.dll") returned 0xa [0079.046] CoTaskMemFree (pv=0xd66600) [0079.046] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.046] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x740e0000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\SYSTEM32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll")) returned 0x1e [0079.046] CoTaskMemFree (pv=0xd66600) [0079.046] GetModuleInformation (in: hProcess=0x2f0, hModule=0x76180000, lpmodinfo=0x2982c24, cb=0xc | out: lpmodinfo=0x2982c24*(lpBaseOfDll=0x76180000, SizeOfImage=0x6000, EntryPoint=0x76181460)) returned 1 [0079.046] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.046] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x76180000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="psapi.dll") returned 0x9 [0079.046] CoTaskMemFree (pv=0xd66600) [0079.046] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.046] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x76180000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\System32\\psapi.dll" (normalized: "c:\\windows\\system32\\psapi.dll")) returned 0x1d [0079.046] CoTaskMemFree (pv=0xd66600) [0079.046] CloseHandle (hObject=0x2f0) returned 1 [0079.060] GetCurrentProcessId () returned 0x7f0 [0079.060] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x7f0) returned 0x2f0 [0079.060] EnumProcessModules (in: hProcess=0x2f0, lphModule=0x29f3270, cb=0x100, lpcbNeeded=0xafd6d8 | out: lphModule=0x29f3270, lpcbNeeded=0xafd6d8) returned 1 [0079.060] GetModuleInformation (in: hProcess=0x2f0, hModule=0x6b0000, lpmodinfo=0x29f33b0, cb=0xc | out: lpmodinfo=0x29f33b0*(lpBaseOfDll=0x6b0000, SizeOfImage=0xb6000, EntryPoint=0x0)) returned 1 [0079.060] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.060] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x6b0000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="fatura.exe") returned 0xa [0079.061] CoTaskMemFree (pv=0xd66600) [0079.061] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.061] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x6b0000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\fatura.exe" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\fatura.exe")) returned 0x2d [0079.061] CoTaskMemFree (pv=0xd66600) [0079.061] GetModuleInformation (in: hProcess=0x2f0, hModule=0x77bb0000, lpmodinfo=0x29f54f4, cb=0xc | out: lpmodinfo=0x29f54f4*(lpBaseOfDll=0x77bb0000, SizeOfImage=0x18e000, EntryPoint=0x0)) returned 1 [0079.061] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.061] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x77bb0000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0079.061] CoTaskMemFree (pv=0xd66600) [0079.061] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.061] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x77bb0000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0079.061] CoTaskMemFree (pv=0xd66600) [0079.061] GetModuleInformation (in: hProcess=0x2f0, hModule=0x71b40000, lpmodinfo=0x29f75f8, cb=0xc | out: lpmodinfo=0x29f75f8*(lpBaseOfDll=0x71b40000, SizeOfImage=0x55000, EntryPoint=0x71b70a30)) returned 1 [0079.061] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.061] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x71b40000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="MSCOREE.DLL") returned 0xb [0079.061] CoTaskMemFree (pv=0xd66600) [0079.061] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.061] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x71b40000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\SYSTEM32\\MSCOREE.DLL" (normalized: "c:\\windows\\system32\\mscoree.dll")) returned 0x1f [0079.062] CoTaskMemFree (pv=0xd66600) [0079.062] GetModuleInformation (in: hProcess=0x2f0, hModule=0x75e90000, lpmodinfo=0x29f9704, cb=0xc | out: lpmodinfo=0x29f9704*(lpBaseOfDll=0x75e90000, SizeOfImage=0xd0000, EntryPoint=0x75ea06a0)) returned 1 [0079.062] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.062] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x75e90000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="KERNEL32.dll") returned 0xc [0079.062] CoTaskMemFree (pv=0xd66600) [0079.062] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.062] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x75e90000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\System32\\KERNEL32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")) returned 0x20 [0079.062] CoTaskMemFree (pv=0xd66600) [0079.062] GetModuleInformation (in: hProcess=0x2f0, hModule=0x74ea0000, lpmodinfo=0x29fb818, cb=0xc | out: lpmodinfo=0x29fb818*(lpBaseOfDll=0x74ea0000, SizeOfImage=0x1c2000, EntryPoint=0x74f8ff30)) returned 1 [0079.062] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.062] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x74ea0000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="KERNELBASE.dll") returned 0xe [0079.062] CoTaskMemFree (pv=0xd66600) [0079.062] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.062] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x74ea0000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\System32\\KERNELBASE.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")) returned 0x22 [0079.062] CoTaskMemFree (pv=0xd66600) [0079.062] GetModuleInformation (in: hProcess=0x2f0, hModule=0x745d0000, lpmodinfo=0x29fd960, cb=0xc | out: lpmodinfo=0x29fd960*(lpBaseOfDll=0x745d0000, SizeOfImage=0x93000, EntryPoint=0x74604270)) returned 1 [0079.063] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.063] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x745d0000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="apphelp.dll") returned 0xb [0079.063] CoTaskMemFree (pv=0xd66600) [0079.063] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.063] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x745d0000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\SYSTEM32\\apphelp.dll" (normalized: "c:\\windows\\system32\\apphelp.dll")) returned 0x1f [0079.063] CoTaskMemFree (pv=0xd66600) [0079.063] GetModuleInformation (in: hProcess=0x2f0, hModule=0x761b0000, lpmodinfo=0x29ffa6c, cb=0xc | out: lpmodinfo=0x29ffa6c*(lpBaseOfDll=0x761b0000, SizeOfImage=0x77000, EntryPoint=0x761ce5b0)) returned 1 [0079.063] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.063] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x761b0000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="ADVAPI32.dll") returned 0xc [0079.063] CoTaskMemFree (pv=0xd66600) [0079.063] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.063] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x761b0000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\System32\\ADVAPI32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")) returned 0x20 [0079.063] CoTaskMemFree (pv=0xd66600) [0079.063] GetModuleInformation (in: hProcess=0x2f0, hModule=0x77a30000, lpmodinfo=0x2a01b80, cb=0xc | out: lpmodinfo=0x2a01b80*(lpBaseOfDll=0x77a30000, SizeOfImage=0xbd000, EntryPoint=0x77a655e0)) returned 1 [0079.063] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.063] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x77a30000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="msvcrt.dll") returned 0xa [0079.064] CoTaskMemFree (pv=0xd66600) [0079.064] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.064] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x77a30000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")) returned 0x1e [0079.064] CoTaskMemFree (pv=0xd66600) [0079.064] GetModuleInformation (in: hProcess=0x2f0, hModule=0x75fb0000, lpmodinfo=0x2a03c8c, cb=0xc | out: lpmodinfo=0x2a03c8c*(lpBaseOfDll=0x75fb0000, SizeOfImage=0x41000, EntryPoint=0x75fc3400)) returned 1 [0079.064] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.064] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x75fb0000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="sechost.dll") returned 0xb [0079.064] CoTaskMemFree (pv=0xd66600) [0079.064] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.064] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x75fb0000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")) returned 0x1f [0079.064] CoTaskMemFree (pv=0xd66600) [0079.064] GetModuleInformation (in: hProcess=0x2f0, hModule=0x74710000, lpmodinfo=0x2a05de4, cb=0xc | out: lpmodinfo=0x2a05de4*(lpBaseOfDll=0x74710000, SizeOfImage=0xc0000, EntryPoint=0x7473fb20)) returned 1 [0079.064] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.064] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x74710000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="RPCRT4.dll") returned 0xa [0079.064] CoTaskMemFree (pv=0xd66600) [0079.065] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.065] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x74710000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\System32\\RPCRT4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")) returned 0x1e [0079.065] CoTaskMemFree (pv=0xd66600) [0079.065] GetModuleInformation (in: hProcess=0x2f0, hModule=0x74680000, lpmodinfo=0x2a07ef0, cb=0xc | out: lpmodinfo=0x2a07ef0*(lpBaseOfDll=0x74680000, SizeOfImage=0x20000, EntryPoint=0x7468c9a0)) returned 1 [0079.065] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.065] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x74680000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="SspiCli.dll") returned 0xb [0079.065] CoTaskMemFree (pv=0xd66600) [0079.065] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.065] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x74680000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\System32\\SspiCli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll")) returned 0x1f [0079.065] CoTaskMemFree (pv=0xd66600) [0079.065] GetModuleInformation (in: hProcess=0x2f0, hModule=0x74670000, lpmodinfo=0x2a09ffc, cb=0xc | out: lpmodinfo=0x2a09ffc*(lpBaseOfDll=0x74670000, SizeOfImage=0xa000, EntryPoint=0x74672a00)) returned 1 [0079.065] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.065] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x74670000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="CRYPTBASE.dll") returned 0xd [0079.065] CoTaskMemFree (pv=0xd66600) [0079.065] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.065] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x74670000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\System32\\CRYPTBASE.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll")) returned 0x21 [0079.066] CoTaskMemFree (pv=0xd66600) [0079.066] GetModuleInformation (in: hProcess=0x2f0, hModule=0x74da0000, lpmodinfo=0x2a0c110, cb=0xc | out: lpmodinfo=0x2a0c110*(lpBaseOfDll=0x74da0000, SizeOfImage=0x57000, EntryPoint=0x74ddde40)) returned 1 [0079.066] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.066] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x74da0000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="bcryptPrimitives.dll") returned 0x14 [0079.066] CoTaskMemFree (pv=0xd66600) [0079.066] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.066] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x74da0000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\System32\\bcryptPrimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll")) returned 0x28 [0079.066] CoTaskMemFree (pv=0xd66600) [0079.066] GetModuleInformation (in: hProcess=0x2f0, hModule=0x71ac0000, lpmodinfo=0x2a0e244, cb=0xc | out: lpmodinfo=0x2a0e244*(lpBaseOfDll=0x71ac0000, SizeOfImage=0x7d000, EntryPoint=0x71ac3c80)) returned 1 [0079.066] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.066] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x71ac0000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="mscoreei.dll") returned 0xc [0079.066] CoTaskMemFree (pv=0xd66600) [0079.066] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.066] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x71ac0000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscoreei.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\mscoreei.dll")) returned 0x3a [0079.066] CoTaskMemFree (pv=0xd66600) [0079.066] GetModuleInformation (in: hProcess=0x2f0, hModule=0x75f60000, lpmodinfo=0x2a1038c, cb=0xc | out: lpmodinfo=0x2a1038c*(lpBaseOfDll=0x75f60000, SizeOfImage=0x45000, EntryPoint=0x75f79260)) returned 1 [0079.067] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.067] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x75f60000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="SHLWAPI.dll") returned 0xb [0079.067] CoTaskMemFree (pv=0xd66600) [0079.067] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.067] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x75f60000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\System32\\SHLWAPI.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll")) returned 0x1f [0079.067] CoTaskMemFree (pv=0xd66600) [0079.067] GetModuleInformation (in: hProcess=0x2f0, hModule=0x75c50000, lpmodinfo=0x2a12498, cb=0xc | out: lpmodinfo=0x2a12498*(lpBaseOfDll=0x75c50000, SizeOfImage=0x238000, EntryPoint=0x75d6e060)) returned 1 [0079.067] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.067] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x75c50000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="combase.dll") returned 0xb [0079.067] CoTaskMemFree (pv=0xd66600) [0079.067] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.067] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x75c50000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll")) returned 0x1f [0079.067] CoTaskMemFree (pv=0xd66600) [0079.067] GetModuleInformation (in: hProcess=0x2f0, hModule=0x76000000, lpmodinfo=0x2a145a4, cb=0xc | out: lpmodinfo=0x2a145a4*(lpBaseOfDll=0x76000000, SizeOfImage=0x118000, EntryPoint=0x7602a3c0)) returned 1 [0079.067] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.067] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x76000000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="ucrtbase.dll") returned 0xc [0079.068] CoTaskMemFree (pv=0xd66600) [0079.068] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.068] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x76000000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\System32\\ucrtbase.dll" (normalized: "c:\\windows\\system32\\ucrtbase.dll")) returned 0x20 [0079.068] CoTaskMemFree (pv=0xd66600) [0079.068] GetModuleInformation (in: hProcess=0x2f0, hModule=0x75b70000, lpmodinfo=0x2a16744, cb=0xc | out: lpmodinfo=0x2a16744*(lpBaseOfDll=0x75b70000, SizeOfImage=0x21000, EntryPoint=0x75b76900)) returned 1 [0079.068] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.068] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x75b70000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="GDI32.dll") returned 0x9 [0079.068] CoTaskMemFree (pv=0xd66600) [0079.068] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.068] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x75b70000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\System32\\GDI32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")) returned 0x1d [0079.068] CoTaskMemFree (pv=0xd66600) [0079.068] GetModuleInformation (in: hProcess=0x2f0, hModule=0x76290000, lpmodinfo=0x2a18848, cb=0xc | out: lpmodinfo=0x2a18848*(lpBaseOfDll=0x76290000, SizeOfImage=0x158000, EntryPoint=0x7634a9c0)) returned 1 [0079.069] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.069] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x76290000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="gdi32full.dll") returned 0xd [0079.069] CoTaskMemFree (pv=0xd66600) [0079.069] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.069] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x76290000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\System32\\gdi32full.dll" (normalized: "c:\\windows\\system32\\gdi32full.dll")) returned 0x21 [0079.069] CoTaskMemFree (pv=0xd66600) [0079.069] GetModuleInformation (in: hProcess=0x2f0, hModule=0x77b30000, lpmodinfo=0x2a1a95c, cb=0xc | out: lpmodinfo=0x2a1a95c*(lpBaseOfDll=0x77b30000, SizeOfImage=0x79000, EntryPoint=0x77b44180)) returned 1 [0079.069] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.069] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x77b30000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="msvcp_win.dll") returned 0xd [0079.069] CoTaskMemFree (pv=0xd66600) [0079.069] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.069] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x77b30000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\System32\\msvcp_win.dll" (normalized: "c:\\windows\\system32\\msvcp_win.dll")) returned 0x21 [0079.069] CoTaskMemFree (pv=0xd66600) [0079.069] GetModuleInformation (in: hProcess=0x2f0, hModule=0x74b70000, lpmodinfo=0x2a1ca70, cb=0xc | out: lpmodinfo=0x2a1ca70*(lpBaseOfDll=0x74b70000, SizeOfImage=0x13c000, EntryPoint=0x74b9b3d0)) returned 1 [0079.069] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.069] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x74b70000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="USER32.dll") returned 0xa [0079.070] CoTaskMemFree (pv=0xd66600) [0079.070] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.070] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x74b70000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\System32\\USER32.dll" (normalized: "c:\\windows\\system32\\user32.dll")) returned 0x1e [0079.070] CoTaskMemFree (pv=0xd66600) [0079.070] GetModuleInformation (in: hProcess=0x2f0, hModule=0x74ac0000, lpmodinfo=0x2a1eb7c, cb=0xc | out: lpmodinfo=0x2a1eb7c*(lpBaseOfDll=0x74ac0000, SizeOfImage=0x16000, EntryPoint=0x0)) returned 1 [0079.070] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.070] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x74ac0000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="win32u.dll") returned 0xa [0079.070] CoTaskMemFree (pv=0xd66600) [0079.070] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.070] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x74ac0000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\System32\\win32u.dll" (normalized: "c:\\windows\\system32\\win32u.dll")) returned 0x1e [0079.070] CoTaskMemFree (pv=0xd66600) [0079.070] GetModuleInformation (in: hProcess=0x2f0, hModule=0x74e20000, lpmodinfo=0x2a20c88, cb=0xc | out: lpmodinfo=0x2a20c88*(lpBaseOfDll=0x74e20000, SizeOfImage=0x25000, EntryPoint=0x74e247d0)) returned 1 [0079.070] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.070] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x74e20000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="IMM32.DLL") returned 0x9 [0079.070] CoTaskMemFree (pv=0xd66600) [0079.070] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.070] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x74e20000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\System32\\IMM32.DLL" (normalized: "c:\\windows\\system32\\imm32.dll")) returned 0x1d [0079.071] CoTaskMemFree (pv=0xd66600) [0079.071] GetModuleInformation (in: hProcess=0x2f0, hModule=0x75ba0000, lpmodinfo=0x2a22d8c, cb=0xc | out: lpmodinfo=0x2a22d8c*(lpBaseOfDll=0x75ba0000, SizeOfImage=0xe000, EntryPoint=0x75ba3e30)) returned 1 [0079.071] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.071] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x75ba0000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="kernel.appcore.dll") returned 0x12 [0079.071] CoTaskMemFree (pv=0xd66600) [0079.071] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.071] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x75ba0000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll")) returned 0x26 [0079.071] CoTaskMemFree (pv=0xd66600) [0079.071] GetModuleInformation (in: hProcess=0x2f0, hModule=0x74140000, lpmodinfo=0x2a24eb8, cb=0xc | out: lpmodinfo=0x2a24eb8*(lpBaseOfDll=0x74140000, SizeOfImage=0x8000, EntryPoint=0x741417c0)) returned 1 [0079.071] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.071] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x74140000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="VERSION.dll") returned 0xb [0079.071] CoTaskMemFree (pv=0xd66600) [0079.071] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.071] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x74140000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\SYSTEM32\\VERSION.dll" (normalized: "c:\\windows\\system32\\version.dll")) returned 0x1f [0079.071] CoTaskMemFree (pv=0xd66600) [0079.072] GetModuleInformation (in: hProcess=0x2f0, hModule=0x713d0000, lpmodinfo=0x2a26fc4, cb=0xc | out: lpmodinfo=0x2a26fc4*(lpBaseOfDll=0x713d0000, SizeOfImage=0x6e6000, EntryPoint=0x713e83d0)) returned 1 [0079.072] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.072] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x713d0000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="clr.dll") returned 0x7 [0079.072] CoTaskMemFree (pv=0xd66600) [0079.072] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.072] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x713d0000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clr.dll")) returned 0x35 [0079.072] CoTaskMemFree (pv=0xd66600) [0079.072] GetModuleInformation (in: hProcess=0x2f0, hModule=0x732a0000, lpmodinfo=0x2a290f4, cb=0xc | out: lpmodinfo=0x2a290f4*(lpBaseOfDll=0x732a0000, SizeOfImage=0xf5000, EntryPoint=0x732f4180)) returned 1 [0079.072] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.072] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x732a0000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="MSVCR120_CLR0400.dll") returned 0x14 [0079.072] CoTaskMemFree (pv=0xd66600) [0079.072] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.072] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x732a0000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\SYSTEM32\\MSVCR120_CLR0400.dll" (normalized: "c:\\windows\\system32\\msvcr120_clr0400.dll")) returned 0x28 [0079.072] CoTaskMemFree (pv=0xd66600) [0079.072] GetModuleInformation (in: hProcess=0x2f0, hModule=0x70040000, lpmodinfo=0x2a2b228, cb=0xc | out: lpmodinfo=0x2a2b228*(lpBaseOfDll=0x70040000, SizeOfImage=0x138d000, EntryPoint=0x0)) returned 1 [0079.073] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.073] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x70040000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="mscorlib.ni.dll") returned 0xf [0079.073] CoTaskMemFree (pv=0xd66600) [0079.073] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.073] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x70040000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\assembly\\NativeImages_v4.0.30319_32\\mscorlib\\f12799647dc4f4abd2f0f17790337f04\\mscorlib.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\mscorlib\\f12799647dc4f4abd2f0f17790337f04\\mscorlib.ni.dll")) returned 0x68 [0079.073] CoTaskMemFree (pv=0xd66600) [0079.073] GetModuleInformation (in: hProcess=0x2f0, hModule=0x77920000, lpmodinfo=0x2a2d3d0, cb=0xc | out: lpmodinfo=0x2a2d3d0*(lpBaseOfDll=0x77920000, SizeOfImage=0xf3000, EntryPoint=0x7795a100)) returned 1 [0079.073] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.073] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x77920000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="ole32.dll") returned 0x9 [0079.073] CoTaskMemFree (pv=0xd66600) [0079.073] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.073] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x77920000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll")) returned 0x1d [0079.073] CoTaskMemFree (pv=0xd66600) [0079.073] GetModuleInformation (in: hProcess=0x2f0, hModule=0x74550000, lpmodinfo=0x2a2f4d4, cb=0xc | out: lpmodinfo=0x2a2f4d4*(lpBaseOfDll=0x74550000, SizeOfImage=0x78000, EntryPoint=0x745885b0)) returned 1 [0079.073] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.073] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x74550000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="uxtheme.dll") returned 0xb [0079.074] CoTaskMemFree (pv=0xd66600) [0079.074] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.074] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x74550000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\system32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll")) returned 0x1f [0079.074] CoTaskMemFree (pv=0xd66600) [0079.074] GetModuleInformation (in: hProcess=0x2f0, hModule=0x73220000, lpmodinfo=0x2a315e0, cb=0xc | out: lpmodinfo=0x2a315e0*(lpBaseOfDll=0x73220000, SizeOfImage=0x80000, EntryPoint=0x73221180)) returned 1 [0079.074] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.074] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x73220000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="clrjit.dll") returned 0xa [0079.074] CoTaskMemFree (pv=0xd66600) [0079.074] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.074] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x73220000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clrjit.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clrjit.dll")) returned 0x38 [0079.074] CoTaskMemFree (pv=0xd66600) [0079.074] GetModuleInformation (in: hProcess=0x2f0, hModule=0x75bb0000, lpmodinfo=0x2a33720, cb=0xc | out: lpmodinfo=0x2a33720*(lpBaseOfDll=0x75bb0000, SizeOfImage=0x96000, EntryPoint=0x75be8f60)) returned 1 [0079.074] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.074] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x75bb0000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="OLEAUT32.dll") returned 0xc [0079.074] CoTaskMemFree (pv=0xd66600) [0079.074] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.074] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x75bb0000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\System32\\OLEAUT32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")) returned 0x20 [0079.075] CoTaskMemFree (pv=0xd66600) [0079.075] GetModuleInformation (in: hProcess=0x2f0, hModule=0x6f660000, lpmodinfo=0x2a35834, cb=0xc | out: lpmodinfo=0x2a35834*(lpBaseOfDll=0x6f660000, SizeOfImage=0x9df000, EntryPoint=0x0)) returned 1 [0079.075] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.075] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x6f660000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="System.ni.dll") returned 0xd [0079.075] CoTaskMemFree (pv=0xd66600) [0079.075] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.075] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x6f660000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\assembly\\NativeImages_v4.0.30319_32\\System\\fcfb8bac8ea9a0e69d72c350b22f8e3f\\System.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system\\fcfb8bac8ea9a0e69d72c350b22f8e3f\\system.ni.dll")) returned 0x64 [0079.075] CoTaskMemFree (pv=0xd66600) [0079.075] GetModuleInformation (in: hProcess=0x2f0, hModule=0x6ef00000, lpmodinfo=0x2a37adc, cb=0xc | out: lpmodinfo=0x2a37adc*(lpBaseOfDll=0x6ef00000, SizeOfImage=0x756000, EntryPoint=0x0)) returned 1 [0079.075] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.075] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x6ef00000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="System.Core.ni.dll") returned 0x12 [0079.075] CoTaskMemFree (pv=0xd66600) [0079.075] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.075] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x6ef00000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\assembly\\NativeImages_v4.0.30319_32\\System.Core\\7334607a1c01834b6f09c482bd20ff7e\\System.Core.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.core\\7334607a1c01834b6f09c482bd20ff7e\\system.core.ni.dll")) returned 0x6e [0079.076] CoTaskMemFree (pv=0xd66600) [0079.076] GetModuleInformation (in: hProcess=0x2f0, hModule=0x73200000, lpmodinfo=0x2a39c98, cb=0xc | out: lpmodinfo=0x2a39c98*(lpBaseOfDll=0x73200000, SizeOfImage=0x13000, EntryPoint=0x73206c40)) returned 1 [0079.076] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.076] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x73200000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="CRYPTSP.dll") returned 0xb [0079.076] CoTaskMemFree (pv=0xd66600) [0079.076] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.076] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x73200000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\SYSTEM32\\CRYPTSP.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll")) returned 0x1f [0079.076] CoTaskMemFree (pv=0xd66600) [0079.076] GetModuleInformation (in: hProcess=0x2f0, hModule=0x74100000, lpmodinfo=0x2a3bda4, cb=0xc | out: lpmodinfo=0x2a3bda4*(lpBaseOfDll=0x74100000, SizeOfImage=0x2f000, EntryPoint=0x7410c000)) returned 1 [0079.076] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.076] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x74100000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="rsaenh.dll") returned 0xa [0079.076] CoTaskMemFree (pv=0xd66600) [0079.076] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.076] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x74100000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\system32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")) returned 0x1e [0079.076] CoTaskMemFree (pv=0xd66600) [0079.076] GetModuleInformation (in: hProcess=0x2f0, hModule=0x740e0000, lpmodinfo=0x2a3deb0, cb=0xc | out: lpmodinfo=0x2a3deb0*(lpBaseOfDll=0x740e0000, SizeOfImage=0x18000, EntryPoint=0x740e8f30)) returned 1 [0079.077] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.077] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x740e0000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="bcrypt.dll") returned 0xa [0079.077] CoTaskMemFree (pv=0xd66600) [0079.077] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.077] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x740e0000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\SYSTEM32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll")) returned 0x1e [0079.077] CoTaskMemFree (pv=0xd66600) [0079.077] GetModuleInformation (in: hProcess=0x2f0, hModule=0x76180000, lpmodinfo=0x2a3ffbc, cb=0xc | out: lpmodinfo=0x2a3ffbc*(lpBaseOfDll=0x76180000, SizeOfImage=0x6000, EntryPoint=0x76181460)) returned 1 [0079.077] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.077] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x76180000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="psapi.dll") returned 0x9 [0079.077] CoTaskMemFree (pv=0xd66600) [0079.077] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.077] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x76180000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\System32\\psapi.dll" (normalized: "c:\\windows\\system32\\psapi.dll")) returned 0x1d [0079.077] CoTaskMemFree (pv=0xd66600) [0079.077] CloseHandle (hObject=0x2f0) returned 1 [0079.094] GetCurrentProcessId () returned 0x7f0 [0079.094] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x7f0) returned 0x2f0 [0079.094] EnumProcessModules (in: hProcess=0x2f0, lphModule=0x2b4543c, cb=0x100, lpcbNeeded=0xafd6d8 | out: lphModule=0x2b4543c, lpcbNeeded=0xafd6d8) returned 1 [0079.094] GetModuleInformation (in: hProcess=0x2f0, hModule=0x6b0000, lpmodinfo=0x2b4557c, cb=0xc | out: lpmodinfo=0x2b4557c*(lpBaseOfDll=0x6b0000, SizeOfImage=0xb6000, EntryPoint=0x0)) returned 1 [0079.094] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.094] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x6b0000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="fatura.exe") returned 0xa [0079.094] CoTaskMemFree (pv=0xd66600) [0079.094] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.094] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x6b0000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\fatura.exe" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\fatura.exe")) returned 0x2d [0079.094] CoTaskMemFree (pv=0xd66600) [0079.094] GetModuleInformation (in: hProcess=0x2f0, hModule=0x77bb0000, lpmodinfo=0x2b476c0, cb=0xc | out: lpmodinfo=0x2b476c0*(lpBaseOfDll=0x77bb0000, SizeOfImage=0x18e000, EntryPoint=0x0)) returned 1 [0079.094] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.094] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x77bb0000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0079.095] CoTaskMemFree (pv=0xd66600) [0079.095] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.095] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x77bb0000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0079.095] CoTaskMemFree (pv=0xd66600) [0079.095] GetModuleInformation (in: hProcess=0x2f0, hModule=0x71b40000, lpmodinfo=0x2b497c4, cb=0xc | out: lpmodinfo=0x2b497c4*(lpBaseOfDll=0x71b40000, SizeOfImage=0x55000, EntryPoint=0x71b70a30)) returned 1 [0079.095] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.095] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x71b40000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="MSCOREE.DLL") returned 0xb [0079.095] CoTaskMemFree (pv=0xd66600) [0079.095] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.095] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x71b40000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\SYSTEM32\\MSCOREE.DLL" (normalized: "c:\\windows\\system32\\mscoree.dll")) returned 0x1f [0079.095] CoTaskMemFree (pv=0xd66600) [0079.095] GetModuleInformation (in: hProcess=0x2f0, hModule=0x75e90000, lpmodinfo=0x2b4b8d0, cb=0xc | out: lpmodinfo=0x2b4b8d0*(lpBaseOfDll=0x75e90000, SizeOfImage=0xd0000, EntryPoint=0x75ea06a0)) returned 1 [0079.095] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.095] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x75e90000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="KERNEL32.dll") returned 0xc [0079.095] CoTaskMemFree (pv=0xd66600) [0079.095] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.096] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x75e90000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\System32\\KERNEL32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")) returned 0x20 [0079.096] CoTaskMemFree (pv=0xd66600) [0079.096] GetModuleInformation (in: hProcess=0x2f0, hModule=0x74ea0000, lpmodinfo=0x2b4d9e4, cb=0xc | out: lpmodinfo=0x2b4d9e4*(lpBaseOfDll=0x74ea0000, SizeOfImage=0x1c2000, EntryPoint=0x74f8ff30)) returned 1 [0079.096] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.096] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x74ea0000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="KERNELBASE.dll") returned 0xe [0079.096] CoTaskMemFree (pv=0xd66600) [0079.096] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.096] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x74ea0000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\System32\\KERNELBASE.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")) returned 0x22 [0079.096] CoTaskMemFree (pv=0xd66600) [0079.096] GetModuleInformation (in: hProcess=0x2f0, hModule=0x745d0000, lpmodinfo=0x2b4fb2c, cb=0xc | out: lpmodinfo=0x2b4fb2c*(lpBaseOfDll=0x745d0000, SizeOfImage=0x93000, EntryPoint=0x74604270)) returned 1 [0079.096] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.096] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x745d0000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="apphelp.dll") returned 0xb [0079.096] CoTaskMemFree (pv=0xd66600) [0079.096] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.096] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x745d0000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\SYSTEM32\\apphelp.dll" (normalized: "c:\\windows\\system32\\apphelp.dll")) returned 0x1f [0079.097] CoTaskMemFree (pv=0xd66600) [0079.097] GetModuleInformation (in: hProcess=0x2f0, hModule=0x761b0000, lpmodinfo=0x2b51c38, cb=0xc | out: lpmodinfo=0x2b51c38*(lpBaseOfDll=0x761b0000, SizeOfImage=0x77000, EntryPoint=0x761ce5b0)) returned 1 [0079.097] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.097] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x761b0000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="ADVAPI32.dll") returned 0xc [0079.097] CoTaskMemFree (pv=0xd66600) [0079.097] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.097] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x761b0000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\System32\\ADVAPI32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")) returned 0x20 [0079.120] CoTaskMemFree (pv=0xd66600) [0079.120] GetModuleInformation (in: hProcess=0x2f0, hModule=0x77a30000, lpmodinfo=0x29583e0, cb=0xc | out: lpmodinfo=0x29583e0*(lpBaseOfDll=0x77a30000, SizeOfImage=0xbd000, EntryPoint=0x77a655e0)) returned 1 [0079.120] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.120] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x77a30000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="msvcrt.dll") returned 0xa [0079.120] CoTaskMemFree (pv=0xd66600) [0079.120] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.120] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x77a30000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")) returned 0x1e [0079.120] CoTaskMemFree (pv=0xd66600) [0079.120] GetModuleInformation (in: hProcess=0x2f0, hModule=0x75fb0000, lpmodinfo=0x295a4ec, cb=0xc | out: lpmodinfo=0x295a4ec*(lpBaseOfDll=0x75fb0000, SizeOfImage=0x41000, EntryPoint=0x75fc3400)) returned 1 [0079.120] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.120] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x75fb0000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="sechost.dll") returned 0xb [0079.121] CoTaskMemFree (pv=0xd66600) [0079.121] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.121] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x75fb0000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")) returned 0x1f [0079.121] CoTaskMemFree (pv=0xd66600) [0079.121] GetModuleInformation (in: hProcess=0x2f0, hModule=0x74710000, lpmodinfo=0x295c644, cb=0xc | out: lpmodinfo=0x295c644*(lpBaseOfDll=0x74710000, SizeOfImage=0xc0000, EntryPoint=0x7473fb20)) returned 1 [0079.121] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.121] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x74710000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="RPCRT4.dll") returned 0xa [0079.121] CoTaskMemFree (pv=0xd66600) [0079.121] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.121] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x74710000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\System32\\RPCRT4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")) returned 0x1e [0079.121] CoTaskMemFree (pv=0xd66600) [0079.121] GetModuleInformation (in: hProcess=0x2f0, hModule=0x74680000, lpmodinfo=0x295e750, cb=0xc | out: lpmodinfo=0x295e750*(lpBaseOfDll=0x74680000, SizeOfImage=0x20000, EntryPoint=0x7468c9a0)) returned 1 [0079.121] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.121] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x74680000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="SspiCli.dll") returned 0xb [0079.121] CoTaskMemFree (pv=0xd66600) [0079.121] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.122] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x74680000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\System32\\SspiCli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll")) returned 0x1f [0079.122] CoTaskMemFree (pv=0xd66600) [0079.122] GetModuleInformation (in: hProcess=0x2f0, hModule=0x74670000, lpmodinfo=0x296085c, cb=0xc | out: lpmodinfo=0x296085c*(lpBaseOfDll=0x74670000, SizeOfImage=0xa000, EntryPoint=0x74672a00)) returned 1 [0079.122] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.122] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x74670000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="CRYPTBASE.dll") returned 0xd [0079.122] CoTaskMemFree (pv=0xd66600) [0079.122] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.122] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x74670000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\System32\\CRYPTBASE.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll")) returned 0x21 [0079.122] CoTaskMemFree (pv=0xd66600) [0079.122] GetModuleInformation (in: hProcess=0x2f0, hModule=0x74da0000, lpmodinfo=0x2962970, cb=0xc | out: lpmodinfo=0x2962970*(lpBaseOfDll=0x74da0000, SizeOfImage=0x57000, EntryPoint=0x74ddde40)) returned 1 [0079.122] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.122] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x74da0000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="bcryptPrimitives.dll") returned 0x14 [0079.122] CoTaskMemFree (pv=0xd66600) [0079.122] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.122] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x74da0000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\System32\\bcryptPrimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll")) returned 0x28 [0079.123] CoTaskMemFree (pv=0xd66600) [0079.123] GetModuleInformation (in: hProcess=0x2f0, hModule=0x71ac0000, lpmodinfo=0x2964aa4, cb=0xc | out: lpmodinfo=0x2964aa4*(lpBaseOfDll=0x71ac0000, SizeOfImage=0x7d000, EntryPoint=0x71ac3c80)) returned 1 [0079.123] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.123] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x71ac0000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="mscoreei.dll") returned 0xc [0079.123] CoTaskMemFree (pv=0xd66600) [0079.123] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.123] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x71ac0000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscoreei.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\mscoreei.dll")) returned 0x3a [0079.123] CoTaskMemFree (pv=0xd66600) [0079.123] GetModuleInformation (in: hProcess=0x2f0, hModule=0x75f60000, lpmodinfo=0x2966bec, cb=0xc | out: lpmodinfo=0x2966bec*(lpBaseOfDll=0x75f60000, SizeOfImage=0x45000, EntryPoint=0x75f79260)) returned 1 [0079.123] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.123] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x75f60000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="SHLWAPI.dll") returned 0xb [0079.123] CoTaskMemFree (pv=0xd66600) [0079.123] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.123] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x75f60000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\System32\\SHLWAPI.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll")) returned 0x1f [0079.123] CoTaskMemFree (pv=0xd66600) [0079.123] GetModuleInformation (in: hProcess=0x2f0, hModule=0x75c50000, lpmodinfo=0x2968cf8, cb=0xc | out: lpmodinfo=0x2968cf8*(lpBaseOfDll=0x75c50000, SizeOfImage=0x238000, EntryPoint=0x75d6e060)) returned 1 [0079.124] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.124] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x75c50000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="combase.dll") returned 0xb [0079.124] CoTaskMemFree (pv=0xd66600) [0079.124] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.124] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x75c50000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll")) returned 0x1f [0079.124] CoTaskMemFree (pv=0xd66600) [0079.124] GetModuleInformation (in: hProcess=0x2f0, hModule=0x76000000, lpmodinfo=0x296ae04, cb=0xc | out: lpmodinfo=0x296ae04*(lpBaseOfDll=0x76000000, SizeOfImage=0x118000, EntryPoint=0x7602a3c0)) returned 1 [0079.124] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.124] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x76000000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="ucrtbase.dll") returned 0xc [0079.124] CoTaskMemFree (pv=0xd66600) [0079.124] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.124] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x76000000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\System32\\ucrtbase.dll" (normalized: "c:\\windows\\system32\\ucrtbase.dll")) returned 0x20 [0079.124] CoTaskMemFree (pv=0xd66600) [0079.124] GetModuleInformation (in: hProcess=0x2f0, hModule=0x75b70000, lpmodinfo=0x296cfa4, cb=0xc | out: lpmodinfo=0x296cfa4*(lpBaseOfDll=0x75b70000, SizeOfImage=0x21000, EntryPoint=0x75b76900)) returned 1 [0079.124] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.124] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x75b70000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="GDI32.dll") returned 0x9 [0079.125] CoTaskMemFree (pv=0xd66600) [0079.125] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.125] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x75b70000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\System32\\GDI32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")) returned 0x1d [0079.125] CoTaskMemFree (pv=0xd66600) [0079.125] GetModuleInformation (in: hProcess=0x2f0, hModule=0x76290000, lpmodinfo=0x296f0a8, cb=0xc | out: lpmodinfo=0x296f0a8*(lpBaseOfDll=0x76290000, SizeOfImage=0x158000, EntryPoint=0x7634a9c0)) returned 1 [0079.125] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.125] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x76290000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="gdi32full.dll") returned 0xd [0079.125] CoTaskMemFree (pv=0xd66600) [0079.125] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.125] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x76290000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\System32\\gdi32full.dll" (normalized: "c:\\windows\\system32\\gdi32full.dll")) returned 0x21 [0079.125] CoTaskMemFree (pv=0xd66600) [0079.125] GetModuleInformation (in: hProcess=0x2f0, hModule=0x77b30000, lpmodinfo=0x29711bc, cb=0xc | out: lpmodinfo=0x29711bc*(lpBaseOfDll=0x77b30000, SizeOfImage=0x79000, EntryPoint=0x77b44180)) returned 1 [0079.125] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.125] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x77b30000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="msvcp_win.dll") returned 0xd [0079.125] CoTaskMemFree (pv=0xd66600) [0079.125] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.125] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x77b30000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\System32\\msvcp_win.dll" (normalized: "c:\\windows\\system32\\msvcp_win.dll")) returned 0x21 [0079.126] CoTaskMemFree (pv=0xd66600) [0079.126] GetModuleInformation (in: hProcess=0x2f0, hModule=0x74b70000, lpmodinfo=0x29732d0, cb=0xc | out: lpmodinfo=0x29732d0*(lpBaseOfDll=0x74b70000, SizeOfImage=0x13c000, EntryPoint=0x74b9b3d0)) returned 1 [0079.126] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.126] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x74b70000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="USER32.dll") returned 0xa [0079.126] CoTaskMemFree (pv=0xd66600) [0079.126] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.126] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x74b70000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\System32\\USER32.dll" (normalized: "c:\\windows\\system32\\user32.dll")) returned 0x1e [0079.126] CoTaskMemFree (pv=0xd66600) [0079.126] GetModuleInformation (in: hProcess=0x2f0, hModule=0x74ac0000, lpmodinfo=0x29753dc, cb=0xc | out: lpmodinfo=0x29753dc*(lpBaseOfDll=0x74ac0000, SizeOfImage=0x16000, EntryPoint=0x0)) returned 1 [0079.126] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.126] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x74ac0000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="win32u.dll") returned 0xa [0079.126] CoTaskMemFree (pv=0xd66600) [0079.126] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.126] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x74ac0000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\System32\\win32u.dll" (normalized: "c:\\windows\\system32\\win32u.dll")) returned 0x1e [0079.126] CoTaskMemFree (pv=0xd66600) [0079.127] GetModuleInformation (in: hProcess=0x2f0, hModule=0x74e20000, lpmodinfo=0x29774e8, cb=0xc | out: lpmodinfo=0x29774e8*(lpBaseOfDll=0x74e20000, SizeOfImage=0x25000, EntryPoint=0x74e247d0)) returned 1 [0079.127] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.127] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x74e20000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="IMM32.DLL") returned 0x9 [0079.127] CoTaskMemFree (pv=0xd66600) [0079.127] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.127] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x74e20000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\System32\\IMM32.DLL" (normalized: "c:\\windows\\system32\\imm32.dll")) returned 0x1d [0079.127] CoTaskMemFree (pv=0xd66600) [0079.127] GetModuleInformation (in: hProcess=0x2f0, hModule=0x75ba0000, lpmodinfo=0x29795ec, cb=0xc | out: lpmodinfo=0x29795ec*(lpBaseOfDll=0x75ba0000, SizeOfImage=0xe000, EntryPoint=0x75ba3e30)) returned 1 [0079.127] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.127] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x75ba0000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="kernel.appcore.dll") returned 0x12 [0079.127] CoTaskMemFree (pv=0xd66600) [0079.127] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.127] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x75ba0000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll")) returned 0x26 [0079.127] CoTaskMemFree (pv=0xd66600) [0079.127] GetModuleInformation (in: hProcess=0x2f0, hModule=0x74140000, lpmodinfo=0x297b718, cb=0xc | out: lpmodinfo=0x297b718*(lpBaseOfDll=0x74140000, SizeOfImage=0x8000, EntryPoint=0x741417c0)) returned 1 [0079.128] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.128] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x74140000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="VERSION.dll") returned 0xb [0079.128] CoTaskMemFree (pv=0xd66600) [0079.128] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.128] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x74140000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\SYSTEM32\\VERSION.dll" (normalized: "c:\\windows\\system32\\version.dll")) returned 0x1f [0079.128] CoTaskMemFree (pv=0xd66600) [0079.128] GetModuleInformation (in: hProcess=0x2f0, hModule=0x713d0000, lpmodinfo=0x297d824, cb=0xc | out: lpmodinfo=0x297d824*(lpBaseOfDll=0x713d0000, SizeOfImage=0x6e6000, EntryPoint=0x713e83d0)) returned 1 [0079.128] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.128] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x713d0000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="clr.dll") returned 0x7 [0079.128] CoTaskMemFree (pv=0xd66600) [0079.128] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.128] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x713d0000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clr.dll")) returned 0x35 [0079.128] CoTaskMemFree (pv=0xd66600) [0079.128] GetModuleInformation (in: hProcess=0x2f0, hModule=0x732a0000, lpmodinfo=0x297f954, cb=0xc | out: lpmodinfo=0x297f954*(lpBaseOfDll=0x732a0000, SizeOfImage=0xf5000, EntryPoint=0x732f4180)) returned 1 [0079.128] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.128] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x732a0000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="MSVCR120_CLR0400.dll") returned 0x14 [0079.129] CoTaskMemFree (pv=0xd66600) [0079.129] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.129] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x732a0000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\SYSTEM32\\MSVCR120_CLR0400.dll" (normalized: "c:\\windows\\system32\\msvcr120_clr0400.dll")) returned 0x28 [0079.129] CoTaskMemFree (pv=0xd66600) [0079.129] GetModuleInformation (in: hProcess=0x2f0, hModule=0x70040000, lpmodinfo=0x2981a88, cb=0xc | out: lpmodinfo=0x2981a88*(lpBaseOfDll=0x70040000, SizeOfImage=0x138d000, EntryPoint=0x0)) returned 1 [0079.129] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.129] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x70040000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="mscorlib.ni.dll") returned 0xf [0079.129] CoTaskMemFree (pv=0xd66600) [0079.129] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.129] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x70040000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\assembly\\NativeImages_v4.0.30319_32\\mscorlib\\f12799647dc4f4abd2f0f17790337f04\\mscorlib.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\mscorlib\\f12799647dc4f4abd2f0f17790337f04\\mscorlib.ni.dll")) returned 0x68 [0079.129] CoTaskMemFree (pv=0xd66600) [0079.129] GetModuleInformation (in: hProcess=0x2f0, hModule=0x77920000, lpmodinfo=0x2983c30, cb=0xc | out: lpmodinfo=0x2983c30*(lpBaseOfDll=0x77920000, SizeOfImage=0xf3000, EntryPoint=0x7795a100)) returned 1 [0079.129] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.129] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x77920000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="ole32.dll") returned 0x9 [0079.129] CoTaskMemFree (pv=0xd66600) [0079.129] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.130] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x77920000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll")) returned 0x1d [0079.130] CoTaskMemFree (pv=0xd66600) [0079.130] GetModuleInformation (in: hProcess=0x2f0, hModule=0x74550000, lpmodinfo=0x2985d34, cb=0xc | out: lpmodinfo=0x2985d34*(lpBaseOfDll=0x74550000, SizeOfImage=0x78000, EntryPoint=0x745885b0)) returned 1 [0079.130] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.130] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x74550000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="uxtheme.dll") returned 0xb [0079.130] CoTaskMemFree (pv=0xd66600) [0079.130] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.130] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x74550000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\system32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll")) returned 0x1f [0079.130] CoTaskMemFree (pv=0xd66600) [0079.130] GetModuleInformation (in: hProcess=0x2f0, hModule=0x73220000, lpmodinfo=0x2987e40, cb=0xc | out: lpmodinfo=0x2987e40*(lpBaseOfDll=0x73220000, SizeOfImage=0x80000, EntryPoint=0x73221180)) returned 1 [0079.130] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.130] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x73220000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="clrjit.dll") returned 0xa [0079.131] CoTaskMemFree (pv=0xd66600) [0079.131] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.131] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x73220000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clrjit.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clrjit.dll")) returned 0x38 [0079.131] CoTaskMemFree (pv=0xd66600) [0079.131] GetModuleInformation (in: hProcess=0x2f0, hModule=0x75bb0000, lpmodinfo=0x2989f80, cb=0xc | out: lpmodinfo=0x2989f80*(lpBaseOfDll=0x75bb0000, SizeOfImage=0x96000, EntryPoint=0x75be8f60)) returned 1 [0079.131] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.131] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x75bb0000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="OLEAUT32.dll") returned 0xc [0079.131] CoTaskMemFree (pv=0xd66600) [0079.131] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.131] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x75bb0000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\System32\\OLEAUT32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")) returned 0x20 [0079.131] CoTaskMemFree (pv=0xd66600) [0079.131] GetModuleInformation (in: hProcess=0x2f0, hModule=0x6f660000, lpmodinfo=0x298c094, cb=0xc | out: lpmodinfo=0x298c094*(lpBaseOfDll=0x6f660000, SizeOfImage=0x9df000, EntryPoint=0x0)) returned 1 [0079.131] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.131] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x6f660000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="System.ni.dll") returned 0xd [0079.131] CoTaskMemFree (pv=0xd66600) [0079.131] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.132] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x6f660000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\assembly\\NativeImages_v4.0.30319_32\\System\\fcfb8bac8ea9a0e69d72c350b22f8e3f\\System.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system\\fcfb8bac8ea9a0e69d72c350b22f8e3f\\system.ni.dll")) returned 0x64 [0079.132] CoTaskMemFree (pv=0xd66600) [0079.132] GetModuleInformation (in: hProcess=0x2f0, hModule=0x6ef00000, lpmodinfo=0x298e33c, cb=0xc | out: lpmodinfo=0x298e33c*(lpBaseOfDll=0x6ef00000, SizeOfImage=0x756000, EntryPoint=0x0)) returned 1 [0079.132] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.132] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x6ef00000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="System.Core.ni.dll") returned 0x12 [0079.132] CoTaskMemFree (pv=0xd66600) [0079.132] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.132] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x6ef00000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\assembly\\NativeImages_v4.0.30319_32\\System.Core\\7334607a1c01834b6f09c482bd20ff7e\\System.Core.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.core\\7334607a1c01834b6f09c482bd20ff7e\\system.core.ni.dll")) returned 0x6e [0079.132] CoTaskMemFree (pv=0xd66600) [0079.132] GetModuleInformation (in: hProcess=0x2f0, hModule=0x73200000, lpmodinfo=0x29904f8, cb=0xc | out: lpmodinfo=0x29904f8*(lpBaseOfDll=0x73200000, SizeOfImage=0x13000, EntryPoint=0x73206c40)) returned 1 [0079.132] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.132] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x73200000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="CRYPTSP.dll") returned 0xb [0079.132] CoTaskMemFree (pv=0xd66600) [0079.132] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.132] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x73200000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\SYSTEM32\\CRYPTSP.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll")) returned 0x1f [0079.133] CoTaskMemFree (pv=0xd66600) [0079.133] GetModuleInformation (in: hProcess=0x2f0, hModule=0x74100000, lpmodinfo=0x2992604, cb=0xc | out: lpmodinfo=0x2992604*(lpBaseOfDll=0x74100000, SizeOfImage=0x2f000, EntryPoint=0x7410c000)) returned 1 [0079.133] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.133] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x74100000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="rsaenh.dll") returned 0xa [0079.133] CoTaskMemFree (pv=0xd66600) [0079.133] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.133] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x74100000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\system32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")) returned 0x1e [0079.133] CoTaskMemFree (pv=0xd66600) [0079.133] GetModuleInformation (in: hProcess=0x2f0, hModule=0x740e0000, lpmodinfo=0x2994710, cb=0xc | out: lpmodinfo=0x2994710*(lpBaseOfDll=0x740e0000, SizeOfImage=0x18000, EntryPoint=0x740e8f30)) returned 1 [0079.133] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.133] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x740e0000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="bcrypt.dll") returned 0xa [0079.133] CoTaskMemFree (pv=0xd66600) [0079.133] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.133] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x740e0000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\SYSTEM32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll")) returned 0x1e [0079.133] CoTaskMemFree (pv=0xd66600) [0079.134] GetModuleInformation (in: hProcess=0x2f0, hModule=0x76180000, lpmodinfo=0x299681c, cb=0xc | out: lpmodinfo=0x299681c*(lpBaseOfDll=0x76180000, SizeOfImage=0x6000, EntryPoint=0x76181460)) returned 1 [0079.134] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.134] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x76180000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="psapi.dll") returned 0x9 [0079.134] CoTaskMemFree (pv=0xd66600) [0079.134] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.134] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x76180000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\System32\\psapi.dll" (normalized: "c:\\windows\\system32\\psapi.dll")) returned 0x1d [0079.134] CoTaskMemFree (pv=0xd66600) [0079.134] CloseHandle (hObject=0x2f0) returned 1 [0079.148] GetCurrentProcessId () returned 0x7f0 [0079.148] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x7f0) returned 0x2f0 [0079.148] EnumProcessModules (in: hProcess=0x2f0, lphModule=0x2a389ac, cb=0x100, lpcbNeeded=0xafd6d8 | out: lphModule=0x2a389ac, lpcbNeeded=0xafd6d8) returned 1 [0079.148] GetModuleInformation (in: hProcess=0x2f0, hModule=0x6b0000, lpmodinfo=0x2a38aec, cb=0xc | out: lpmodinfo=0x2a38aec*(lpBaseOfDll=0x6b0000, SizeOfImage=0xb6000, EntryPoint=0x0)) returned 1 [0079.148] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.148] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x6b0000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="fatura.exe") returned 0xa [0079.148] CoTaskMemFree (pv=0xd66600) [0079.148] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.148] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x6b0000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\fatura.exe" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\fatura.exe")) returned 0x2d [0079.149] CoTaskMemFree (pv=0xd66600) [0079.149] GetModuleInformation (in: hProcess=0x2f0, hModule=0x77bb0000, lpmodinfo=0x2a3ac30, cb=0xc | out: lpmodinfo=0x2a3ac30*(lpBaseOfDll=0x77bb0000, SizeOfImage=0x18e000, EntryPoint=0x0)) returned 1 [0079.149] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.149] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x77bb0000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0079.149] CoTaskMemFree (pv=0xd66600) [0079.149] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.149] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x77bb0000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0079.149] CoTaskMemFree (pv=0xd66600) [0079.149] GetModuleInformation (in: hProcess=0x2f0, hModule=0x71b40000, lpmodinfo=0x2a3cd34, cb=0xc | out: lpmodinfo=0x2a3cd34*(lpBaseOfDll=0x71b40000, SizeOfImage=0x55000, EntryPoint=0x71b70a30)) returned 1 [0079.149] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.149] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x71b40000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="MSCOREE.DLL") returned 0xb [0079.149] CoTaskMemFree (pv=0xd66600) [0079.149] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.149] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x71b40000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\SYSTEM32\\MSCOREE.DLL" (normalized: "c:\\windows\\system32\\mscoree.dll")) returned 0x1f [0079.149] CoTaskMemFree (pv=0xd66600) [0079.149] GetModuleInformation (in: hProcess=0x2f0, hModule=0x75e90000, lpmodinfo=0x2a3ee40, cb=0xc | out: lpmodinfo=0x2a3ee40*(lpBaseOfDll=0x75e90000, SizeOfImage=0xd0000, EntryPoint=0x75ea06a0)) returned 1 [0079.150] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.150] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x75e90000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="KERNEL32.dll") returned 0xc [0079.150] CoTaskMemFree (pv=0xd66600) [0079.150] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.150] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x75e90000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\System32\\KERNEL32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")) returned 0x20 [0079.150] CoTaskMemFree (pv=0xd66600) [0079.150] GetModuleInformation (in: hProcess=0x2f0, hModule=0x74ea0000, lpmodinfo=0x2a40f54, cb=0xc | out: lpmodinfo=0x2a40f54*(lpBaseOfDll=0x74ea0000, SizeOfImage=0x1c2000, EntryPoint=0x74f8ff30)) returned 1 [0079.150] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.150] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x74ea0000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="KERNELBASE.dll") returned 0xe [0079.150] CoTaskMemFree (pv=0xd66600) [0079.150] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.150] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x74ea0000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\System32\\KERNELBASE.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")) returned 0x22 [0079.150] CoTaskMemFree (pv=0xd66600) [0079.150] GetModuleInformation (in: hProcess=0x2f0, hModule=0x745d0000, lpmodinfo=0x2a4309c, cb=0xc | out: lpmodinfo=0x2a4309c*(lpBaseOfDll=0x745d0000, SizeOfImage=0x93000, EntryPoint=0x74604270)) returned 1 [0079.150] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.150] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x745d0000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="apphelp.dll") returned 0xb [0079.151] CoTaskMemFree (pv=0xd66600) [0079.151] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.151] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x745d0000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\SYSTEM32\\apphelp.dll" (normalized: "c:\\windows\\system32\\apphelp.dll")) returned 0x1f [0079.151] CoTaskMemFree (pv=0xd66600) [0079.151] GetModuleInformation (in: hProcess=0x2f0, hModule=0x761b0000, lpmodinfo=0x2a451a8, cb=0xc | out: lpmodinfo=0x2a451a8*(lpBaseOfDll=0x761b0000, SizeOfImage=0x77000, EntryPoint=0x761ce5b0)) returned 1 [0079.151] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.151] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x761b0000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="ADVAPI32.dll") returned 0xc [0079.151] CoTaskMemFree (pv=0xd66600) [0079.151] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.151] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x761b0000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\System32\\ADVAPI32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")) returned 0x20 [0079.151] CoTaskMemFree (pv=0xd66600) [0079.151] GetModuleInformation (in: hProcess=0x2f0, hModule=0x77a30000, lpmodinfo=0x2a472bc, cb=0xc | out: lpmodinfo=0x2a472bc*(lpBaseOfDll=0x77a30000, SizeOfImage=0xbd000, EntryPoint=0x77a655e0)) returned 1 [0079.151] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.151] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x77a30000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="msvcrt.dll") returned 0xa [0079.151] CoTaskMemFree (pv=0xd66600) [0079.151] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.151] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x77a30000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")) returned 0x1e [0079.152] CoTaskMemFree (pv=0xd66600) [0079.152] GetModuleInformation (in: hProcess=0x2f0, hModule=0x75fb0000, lpmodinfo=0x2a493c8, cb=0xc | out: lpmodinfo=0x2a493c8*(lpBaseOfDll=0x75fb0000, SizeOfImage=0x41000, EntryPoint=0x75fc3400)) returned 1 [0079.152] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.152] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x75fb0000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="sechost.dll") returned 0xb [0079.152] CoTaskMemFree (pv=0xd66600) [0079.152] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.152] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x75fb0000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")) returned 0x1f [0079.152] CoTaskMemFree (pv=0xd66600) [0079.152] GetModuleInformation (in: hProcess=0x2f0, hModule=0x74710000, lpmodinfo=0x2a4b520, cb=0xc | out: lpmodinfo=0x2a4b520*(lpBaseOfDll=0x74710000, SizeOfImage=0xc0000, EntryPoint=0x7473fb20)) returned 1 [0079.152] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.152] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x74710000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="RPCRT4.dll") returned 0xa [0079.152] CoTaskMemFree (pv=0xd66600) [0079.152] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.152] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x74710000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\System32\\RPCRT4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")) returned 0x1e [0079.152] CoTaskMemFree (pv=0xd66600) [0079.152] GetModuleInformation (in: hProcess=0x2f0, hModule=0x74680000, lpmodinfo=0x2a4d62c, cb=0xc | out: lpmodinfo=0x2a4d62c*(lpBaseOfDll=0x74680000, SizeOfImage=0x20000, EntryPoint=0x7468c9a0)) returned 1 [0079.153] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.153] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x74680000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="SspiCli.dll") returned 0xb [0079.153] CoTaskMemFree (pv=0xd66600) [0079.153] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.153] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x74680000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\System32\\SspiCli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll")) returned 0x1f [0079.153] CoTaskMemFree (pv=0xd66600) [0079.153] GetModuleInformation (in: hProcess=0x2f0, hModule=0x74670000, lpmodinfo=0x2a4f738, cb=0xc | out: lpmodinfo=0x2a4f738*(lpBaseOfDll=0x74670000, SizeOfImage=0xa000, EntryPoint=0x74672a00)) returned 1 [0079.153] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.153] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x74670000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="CRYPTBASE.dll") returned 0xd [0079.153] CoTaskMemFree (pv=0xd66600) [0079.153] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.153] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x74670000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\System32\\CRYPTBASE.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll")) returned 0x21 [0079.153] CoTaskMemFree (pv=0xd66600) [0079.153] GetModuleInformation (in: hProcess=0x2f0, hModule=0x74da0000, lpmodinfo=0x2a5184c, cb=0xc | out: lpmodinfo=0x2a5184c*(lpBaseOfDll=0x74da0000, SizeOfImage=0x57000, EntryPoint=0x74ddde40)) returned 1 [0079.153] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.153] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x74da0000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="bcryptPrimitives.dll") returned 0x14 [0079.154] CoTaskMemFree (pv=0xd66600) [0079.154] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.154] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x74da0000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\System32\\bcryptPrimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll")) returned 0x28 [0079.154] CoTaskMemFree (pv=0xd66600) [0079.154] GetModuleInformation (in: hProcess=0x2f0, hModule=0x71ac0000, lpmodinfo=0x2a53980, cb=0xc | out: lpmodinfo=0x2a53980*(lpBaseOfDll=0x71ac0000, SizeOfImage=0x7d000, EntryPoint=0x71ac3c80)) returned 1 [0079.154] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.154] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x71ac0000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="mscoreei.dll") returned 0xc [0079.154] CoTaskMemFree (pv=0xd66600) [0079.154] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.154] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x71ac0000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscoreei.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\mscoreei.dll")) returned 0x3a [0079.154] CoTaskMemFree (pv=0xd66600) [0079.154] GetModuleInformation (in: hProcess=0x2f0, hModule=0x75f60000, lpmodinfo=0x2a55ac8, cb=0xc | out: lpmodinfo=0x2a55ac8*(lpBaseOfDll=0x75f60000, SizeOfImage=0x45000, EntryPoint=0x75f79260)) returned 1 [0079.154] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.154] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x75f60000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="SHLWAPI.dll") returned 0xb [0079.154] CoTaskMemFree (pv=0xd66600) [0079.154] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.154] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x75f60000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\System32\\SHLWAPI.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll")) returned 0x1f [0079.155] CoTaskMemFree (pv=0xd66600) [0079.155] GetModuleInformation (in: hProcess=0x2f0, hModule=0x75c50000, lpmodinfo=0x2a57bd4, cb=0xc | out: lpmodinfo=0x2a57bd4*(lpBaseOfDll=0x75c50000, SizeOfImage=0x238000, EntryPoint=0x75d6e060)) returned 1 [0079.155] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.155] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x75c50000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="combase.dll") returned 0xb [0079.155] CoTaskMemFree (pv=0xd66600) [0079.155] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.155] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x75c50000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll")) returned 0x1f [0079.155] CoTaskMemFree (pv=0xd66600) [0079.155] GetModuleInformation (in: hProcess=0x2f0, hModule=0x76000000, lpmodinfo=0x2a59ce0, cb=0xc | out: lpmodinfo=0x2a59ce0*(lpBaseOfDll=0x76000000, SizeOfImage=0x118000, EntryPoint=0x7602a3c0)) returned 1 [0079.155] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.155] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x76000000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="ucrtbase.dll") returned 0xc [0079.155] CoTaskMemFree (pv=0xd66600) [0079.155] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.155] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x76000000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\System32\\ucrtbase.dll" (normalized: "c:\\windows\\system32\\ucrtbase.dll")) returned 0x20 [0079.156] CoTaskMemFree (pv=0xd66600) [0079.156] GetModuleInformation (in: hProcess=0x2f0, hModule=0x75b70000, lpmodinfo=0x2a5be80, cb=0xc | out: lpmodinfo=0x2a5be80*(lpBaseOfDll=0x75b70000, SizeOfImage=0x21000, EntryPoint=0x75b76900)) returned 1 [0079.156] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.156] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x75b70000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="GDI32.dll") returned 0x9 [0079.156] CoTaskMemFree (pv=0xd66600) [0079.156] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.156] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x75b70000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\System32\\GDI32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")) returned 0x1d [0079.156] CoTaskMemFree (pv=0xd66600) [0079.156] GetModuleInformation (in: hProcess=0x2f0, hModule=0x76290000, lpmodinfo=0x2a5df84, cb=0xc | out: lpmodinfo=0x2a5df84*(lpBaseOfDll=0x76290000, SizeOfImage=0x158000, EntryPoint=0x7634a9c0)) returned 1 [0079.156] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.156] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x76290000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="gdi32full.dll") returned 0xd [0079.156] CoTaskMemFree (pv=0xd66600) [0079.156] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.156] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x76290000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\System32\\gdi32full.dll" (normalized: "c:\\windows\\system32\\gdi32full.dll")) returned 0x21 [0079.156] CoTaskMemFree (pv=0xd66600) [0079.156] GetModuleInformation (in: hProcess=0x2f0, hModule=0x77b30000, lpmodinfo=0x2a60098, cb=0xc | out: lpmodinfo=0x2a60098*(lpBaseOfDll=0x77b30000, SizeOfImage=0x79000, EntryPoint=0x77b44180)) returned 1 [0079.156] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.157] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x77b30000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="msvcp_win.dll") returned 0xd [0079.157] CoTaskMemFree (pv=0xd66600) [0079.157] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.157] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x77b30000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\System32\\msvcp_win.dll" (normalized: "c:\\windows\\system32\\msvcp_win.dll")) returned 0x21 [0079.157] CoTaskMemFree (pv=0xd66600) [0079.157] GetModuleInformation (in: hProcess=0x2f0, hModule=0x74b70000, lpmodinfo=0x2a621ac, cb=0xc | out: lpmodinfo=0x2a621ac*(lpBaseOfDll=0x74b70000, SizeOfImage=0x13c000, EntryPoint=0x74b9b3d0)) returned 1 [0079.157] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.157] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x74b70000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="USER32.dll") returned 0xa [0079.157] CoTaskMemFree (pv=0xd66600) [0079.157] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.157] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x74b70000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\System32\\USER32.dll" (normalized: "c:\\windows\\system32\\user32.dll")) returned 0x1e [0079.157] CoTaskMemFree (pv=0xd66600) [0079.157] GetModuleInformation (in: hProcess=0x2f0, hModule=0x74ac0000, lpmodinfo=0x2a642b8, cb=0xc | out: lpmodinfo=0x2a642b8*(lpBaseOfDll=0x74ac0000, SizeOfImage=0x16000, EntryPoint=0x0)) returned 1 [0079.157] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.157] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x74ac0000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="win32u.dll") returned 0xa [0079.157] CoTaskMemFree (pv=0xd66600) [0079.158] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.158] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x74ac0000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\System32\\win32u.dll" (normalized: "c:\\windows\\system32\\win32u.dll")) returned 0x1e [0079.158] CoTaskMemFree (pv=0xd66600) [0079.158] GetModuleInformation (in: hProcess=0x2f0, hModule=0x74e20000, lpmodinfo=0x2a663c4, cb=0xc | out: lpmodinfo=0x2a663c4*(lpBaseOfDll=0x74e20000, SizeOfImage=0x25000, EntryPoint=0x74e247d0)) returned 1 [0079.158] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.158] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x74e20000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="IMM32.DLL") returned 0x9 [0079.158] CoTaskMemFree (pv=0xd66600) [0079.158] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.158] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x74e20000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\System32\\IMM32.DLL" (normalized: "c:\\windows\\system32\\imm32.dll")) returned 0x1d [0079.158] CoTaskMemFree (pv=0xd66600) [0079.158] GetModuleInformation (in: hProcess=0x2f0, hModule=0x75ba0000, lpmodinfo=0x2a684c8, cb=0xc | out: lpmodinfo=0x2a684c8*(lpBaseOfDll=0x75ba0000, SizeOfImage=0xe000, EntryPoint=0x75ba3e30)) returned 1 [0079.158] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.158] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x75ba0000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="kernel.appcore.dll") returned 0x12 [0079.158] CoTaskMemFree (pv=0xd66600) [0079.158] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.158] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x75ba0000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll")) returned 0x26 [0079.159] CoTaskMemFree (pv=0xd66600) [0079.159] GetModuleInformation (in: hProcess=0x2f0, hModule=0x74140000, lpmodinfo=0x2a6a5f4, cb=0xc | out: lpmodinfo=0x2a6a5f4*(lpBaseOfDll=0x74140000, SizeOfImage=0x8000, EntryPoint=0x741417c0)) returned 1 [0079.159] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.159] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x74140000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="VERSION.dll") returned 0xb [0079.159] CoTaskMemFree (pv=0xd66600) [0079.159] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.159] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x74140000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\SYSTEM32\\VERSION.dll" (normalized: "c:\\windows\\system32\\version.dll")) returned 0x1f [0079.159] CoTaskMemFree (pv=0xd66600) [0079.159] GetModuleInformation (in: hProcess=0x2f0, hModule=0x713d0000, lpmodinfo=0x2a6c700, cb=0xc | out: lpmodinfo=0x2a6c700*(lpBaseOfDll=0x713d0000, SizeOfImage=0x6e6000, EntryPoint=0x713e83d0)) returned 1 [0079.159] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.159] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x713d0000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="clr.dll") returned 0x7 [0079.159] CoTaskMemFree (pv=0xd66600) [0079.159] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.159] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x713d0000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clr.dll")) returned 0x35 [0079.159] CoTaskMemFree (pv=0xd66600) [0079.159] GetModuleInformation (in: hProcess=0x2f0, hModule=0x732a0000, lpmodinfo=0x2a6e830, cb=0xc | out: lpmodinfo=0x2a6e830*(lpBaseOfDll=0x732a0000, SizeOfImage=0xf5000, EntryPoint=0x732f4180)) returned 1 [0079.160] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.160] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x732a0000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="MSVCR120_CLR0400.dll") returned 0x14 [0079.160] CoTaskMemFree (pv=0xd66600) [0079.160] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.160] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x732a0000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\SYSTEM32\\MSVCR120_CLR0400.dll" (normalized: "c:\\windows\\system32\\msvcr120_clr0400.dll")) returned 0x28 [0079.160] CoTaskMemFree (pv=0xd66600) [0079.160] GetModuleInformation (in: hProcess=0x2f0, hModule=0x70040000, lpmodinfo=0x2a70964, cb=0xc | out: lpmodinfo=0x2a70964*(lpBaseOfDll=0x70040000, SizeOfImage=0x138d000, EntryPoint=0x0)) returned 1 [0079.160] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.160] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x70040000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="mscorlib.ni.dll") returned 0xf [0079.160] CoTaskMemFree (pv=0xd66600) [0079.160] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.160] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x70040000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\assembly\\NativeImages_v4.0.30319_32\\mscorlib\\f12799647dc4f4abd2f0f17790337f04\\mscorlib.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\mscorlib\\f12799647dc4f4abd2f0f17790337f04\\mscorlib.ni.dll")) returned 0x68 [0079.160] CoTaskMemFree (pv=0xd66600) [0079.160] GetModuleInformation (in: hProcess=0x2f0, hModule=0x77920000, lpmodinfo=0x2a72b0c, cb=0xc | out: lpmodinfo=0x2a72b0c*(lpBaseOfDll=0x77920000, SizeOfImage=0xf3000, EntryPoint=0x7795a100)) returned 1 [0079.160] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.160] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x77920000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="ole32.dll") returned 0x9 [0079.161] CoTaskMemFree (pv=0xd66600) [0079.161] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.161] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x77920000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll")) returned 0x1d [0079.161] CoTaskMemFree (pv=0xd66600) [0079.161] GetModuleInformation (in: hProcess=0x2f0, hModule=0x74550000, lpmodinfo=0x2a74c10, cb=0xc | out: lpmodinfo=0x2a74c10*(lpBaseOfDll=0x74550000, SizeOfImage=0x78000, EntryPoint=0x745885b0)) returned 1 [0079.161] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.161] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x74550000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="uxtheme.dll") returned 0xb [0079.161] CoTaskMemFree (pv=0xd66600) [0079.161] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.161] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x74550000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\system32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll")) returned 0x1f [0079.164] CoTaskMemFree (pv=0xd66600) [0079.164] GetModuleInformation (in: hProcess=0x2f0, hModule=0x73220000, lpmodinfo=0x2a76d1c, cb=0xc | out: lpmodinfo=0x2a76d1c*(lpBaseOfDll=0x73220000, SizeOfImage=0x80000, EntryPoint=0x73221180)) returned 1 [0079.164] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.164] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x73220000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="clrjit.dll") returned 0xa [0079.164] CoTaskMemFree (pv=0xd66600) [0079.164] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.164] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x73220000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clrjit.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clrjit.dll")) returned 0x38 [0079.164] CoTaskMemFree (pv=0xd66600) [0079.164] GetModuleInformation (in: hProcess=0x2f0, hModule=0x75bb0000, lpmodinfo=0x2a78e5c, cb=0xc | out: lpmodinfo=0x2a78e5c*(lpBaseOfDll=0x75bb0000, SizeOfImage=0x96000, EntryPoint=0x75be8f60)) returned 1 [0079.164] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.164] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x75bb0000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="OLEAUT32.dll") returned 0xc [0079.165] CoTaskMemFree (pv=0xd66600) [0079.165] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.165] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x75bb0000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\System32\\OLEAUT32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")) returned 0x20 [0079.165] CoTaskMemFree (pv=0xd66600) [0079.165] GetModuleInformation (in: hProcess=0x2f0, hModule=0x6f660000, lpmodinfo=0x2a7af70, cb=0xc | out: lpmodinfo=0x2a7af70*(lpBaseOfDll=0x6f660000, SizeOfImage=0x9df000, EntryPoint=0x0)) returned 1 [0079.165] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.165] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x6f660000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="System.ni.dll") returned 0xd [0079.165] CoTaskMemFree (pv=0xd66600) [0079.165] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.165] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x6f660000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\assembly\\NativeImages_v4.0.30319_32\\System\\fcfb8bac8ea9a0e69d72c350b22f8e3f\\System.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system\\fcfb8bac8ea9a0e69d72c350b22f8e3f\\system.ni.dll")) returned 0x64 [0079.165] CoTaskMemFree (pv=0xd66600) [0079.165] GetModuleInformation (in: hProcess=0x2f0, hModule=0x6ef00000, lpmodinfo=0x2a7d218, cb=0xc | out: lpmodinfo=0x2a7d218*(lpBaseOfDll=0x6ef00000, SizeOfImage=0x756000, EntryPoint=0x0)) returned 1 [0079.165] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.165] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x6ef00000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="System.Core.ni.dll") returned 0x12 [0079.166] CoTaskMemFree (pv=0xd66600) [0079.166] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.166] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x6ef00000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\assembly\\NativeImages_v4.0.30319_32\\System.Core\\7334607a1c01834b6f09c482bd20ff7e\\System.Core.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.core\\7334607a1c01834b6f09c482bd20ff7e\\system.core.ni.dll")) returned 0x6e [0079.166] CoTaskMemFree (pv=0xd66600) [0079.166] GetModuleInformation (in: hProcess=0x2f0, hModule=0x73200000, lpmodinfo=0x2a7f3d4, cb=0xc | out: lpmodinfo=0x2a7f3d4*(lpBaseOfDll=0x73200000, SizeOfImage=0x13000, EntryPoint=0x73206c40)) returned 1 [0079.166] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.166] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x73200000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="CRYPTSP.dll") returned 0xb [0079.166] CoTaskMemFree (pv=0xd66600) [0079.166] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.166] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x73200000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\SYSTEM32\\CRYPTSP.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll")) returned 0x1f [0079.167] CoTaskMemFree (pv=0xd66600) [0079.167] GetModuleInformation (in: hProcess=0x2f0, hModule=0x74100000, lpmodinfo=0x2a814e0, cb=0xc | out: lpmodinfo=0x2a814e0*(lpBaseOfDll=0x74100000, SizeOfImage=0x2f000, EntryPoint=0x7410c000)) returned 1 [0079.167] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.167] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x74100000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="rsaenh.dll") returned 0xa [0079.167] CoTaskMemFree (pv=0xd66600) [0079.167] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.167] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x74100000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\system32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")) returned 0x1e [0079.167] CoTaskMemFree (pv=0xd66600) [0079.167] GetModuleInformation (in: hProcess=0x2f0, hModule=0x740e0000, lpmodinfo=0x2a835ec, cb=0xc | out: lpmodinfo=0x2a835ec*(lpBaseOfDll=0x740e0000, SizeOfImage=0x18000, EntryPoint=0x740e8f30)) returned 1 [0079.167] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.167] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x740e0000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="bcrypt.dll") returned 0xa [0079.168] CoTaskMemFree (pv=0xd66600) [0079.168] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.168] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x740e0000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\SYSTEM32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll")) returned 0x1e [0079.168] CoTaskMemFree (pv=0xd66600) [0079.168] GetModuleInformation (in: hProcess=0x2f0, hModule=0x76180000, lpmodinfo=0x2a856f8, cb=0xc | out: lpmodinfo=0x2a856f8*(lpBaseOfDll=0x76180000, SizeOfImage=0x6000, EntryPoint=0x76181460)) returned 1 [0079.168] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.168] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x76180000, lpBaseName=0xd66600, nSize=0x800 | out: lpBaseName="psapi.dll") returned 0x9 [0079.168] CoTaskMemFree (pv=0xd66600) [0079.168] CoTaskMemAlloc (cb=0x804) returned 0xd66600 [0079.168] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x76180000, lpFilename=0xd66600, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\System32\\psapi.dll" (normalized: "c:\\windows\\system32\\psapi.dll")) returned 0x1d [0079.169] CoTaskMemFree (pv=0xd66600) [0079.169] CloseHandle (hObject=0x2f0) returned 1 [0079.191] GetCurrentProcessId () returned 0x7f0 [0079.192] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x7f0) returned 0x2f0 [0079.192] EnumProcessModules (in: hProcess=0x2f0, lphModule=0x2aaf524, cb=0x100, lpcbNeeded=0xafd6d8 | out: lphModule=0x2aaf524, lpcbNeeded=0xafd6d8) returned 1 [0079.192] GetModuleInformation (in: hProcess=0x2f0, hModule=0x6b0000, lpmodinfo=0x2aaf664, cb=0xc | out: lpmodinfo=0x2aaf664*(lpBaseOfDll=0x6b0000, SizeOfImage=0xb6000, EntryPoint=0x0)) returned 1 [0079.192] CoTaskMemAlloc (cb=0x804) returned 0xd69028 [0079.192] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x6b0000, lpBaseName=0xd69028, nSize=0x800 | out: lpBaseName="fatura.exe") returned 0xa [0079.192] CoTaskMemFree (pv=0xd69028) [0079.192] CoTaskMemAlloc (cb=0x804) returned 0xd69028 [0079.192] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x6b0000, lpFilename=0xd69028, nSize=0x800 | out: lpFilename="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\fatura.exe" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\fatura.exe")) returned 0x2d [0079.192] CoTaskMemFree (pv=0xd69028) [0079.192] GetModuleInformation (in: hProcess=0x2f0, hModule=0x77bb0000, lpmodinfo=0x2ab17a8, cb=0xc | out: lpmodinfo=0x2ab17a8*(lpBaseOfDll=0x77bb0000, SizeOfImage=0x18e000, EntryPoint=0x0)) returned 1 [0079.192] CoTaskMemAlloc (cb=0x804) returned 0xd69028 [0079.192] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x77bb0000, lpBaseName=0xd69028, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0079.192] CoTaskMemFree (pv=0xd69028) [0079.192] CoTaskMemAlloc (cb=0x804) returned 0xd69028 [0079.192] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x77bb0000, lpFilename=0xd69028, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0079.193] CoTaskMemFree (pv=0xd69028) [0079.193] GetModuleInformation (in: hProcess=0x2f0, hModule=0x71b40000, lpmodinfo=0x2ab38ac, cb=0xc | out: lpmodinfo=0x2ab38ac*(lpBaseOfDll=0x71b40000, SizeOfImage=0x55000, EntryPoint=0x71b70a30)) returned 1 [0079.193] CoTaskMemAlloc (cb=0x804) returned 0xd69028 [0079.193] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x71b40000, lpBaseName=0xd69028, nSize=0x800 | out: lpBaseName="MSCOREE.DLL") returned 0xb [0079.193] CoTaskMemFree (pv=0xd69028) [0079.193] CoTaskMemAlloc (cb=0x804) returned 0xd69028 [0079.193] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x71b40000, lpFilename=0xd69028, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\SYSTEM32\\MSCOREE.DLL" (normalized: "c:\\windows\\system32\\mscoree.dll")) returned 0x1f [0079.193] CoTaskMemFree (pv=0xd69028) [0079.193] GetModuleInformation (in: hProcess=0x2f0, hModule=0x75e90000, lpmodinfo=0x2ab59b8, cb=0xc | out: lpmodinfo=0x2ab59b8*(lpBaseOfDll=0x75e90000, SizeOfImage=0xd0000, EntryPoint=0x75ea06a0)) returned 1 [0079.193] CoTaskMemAlloc (cb=0x804) returned 0xd69028 [0079.193] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x75e90000, lpBaseName=0xd69028, nSize=0x800 | out: lpBaseName="KERNEL32.dll") returned 0xc [0079.193] CoTaskMemFree (pv=0xd69028) [0079.193] CoTaskMemAlloc (cb=0x804) returned 0xd69028 [0079.193] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x75e90000, lpFilename=0xd69028, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\System32\\KERNEL32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")) returned 0x20 [0079.194] CoTaskMemFree (pv=0xd69028) [0079.194] GetModuleInformation (in: hProcess=0x2f0, hModule=0x74ea0000, lpmodinfo=0x2ab7acc, cb=0xc | out: lpmodinfo=0x2ab7acc*(lpBaseOfDll=0x74ea0000, SizeOfImage=0x1c2000, EntryPoint=0x74f8ff30)) returned 1 [0079.194] CoTaskMemAlloc (cb=0x804) returned 0xd69028 [0079.194] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x74ea0000, lpBaseName=0xd69028, nSize=0x800 | out: lpBaseName="KERNELBASE.dll") returned 0xe [0079.194] CoTaskMemFree (pv=0xd69028) [0079.194] CoTaskMemAlloc (cb=0x804) returned 0xd69028 [0079.194] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x74ea0000, lpFilename=0xd69028, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\System32\\KERNELBASE.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")) returned 0x22 [0079.194] CoTaskMemFree (pv=0xd69028) [0079.194] GetModuleInformation (in: hProcess=0x2f0, hModule=0x745d0000, lpmodinfo=0x2ab9c14, cb=0xc | out: lpmodinfo=0x2ab9c14*(lpBaseOfDll=0x745d0000, SizeOfImage=0x93000, EntryPoint=0x74604270)) returned 1 [0079.194] CoTaskMemAlloc (cb=0x804) returned 0xd69028 [0079.194] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x745d0000, lpBaseName=0xd69028, nSize=0x800 | out: lpBaseName="apphelp.dll") returned 0xb [0079.194] CoTaskMemFree (pv=0xd69028) [0079.194] CoTaskMemAlloc (cb=0x804) returned 0xd69028 [0079.194] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x745d0000, lpFilename=0xd69028, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\SYSTEM32\\apphelp.dll" (normalized: "c:\\windows\\system32\\apphelp.dll")) returned 0x1f [0079.194] CoTaskMemFree (pv=0xd69028) [0079.195] GetModuleInformation (in: hProcess=0x2f0, hModule=0x761b0000, lpmodinfo=0x2abbd20, cb=0xc | out: lpmodinfo=0x2abbd20*(lpBaseOfDll=0x761b0000, SizeOfImage=0x77000, EntryPoint=0x761ce5b0)) returned 1 [0079.195] CoTaskMemAlloc (cb=0x804) returned 0xd69028 [0079.195] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x761b0000, lpBaseName=0xd69028, nSize=0x800 | out: lpBaseName="ADVAPI32.dll") returned 0xc [0079.195] CoTaskMemFree (pv=0xd69028) [0079.195] CoTaskMemAlloc (cb=0x804) returned 0xd69028 [0079.195] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x761b0000, lpFilename=0xd69028, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\System32\\ADVAPI32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")) returned 0x20 [0079.195] CoTaskMemFree (pv=0xd69028) [0079.195] GetModuleInformation (in: hProcess=0x2f0, hModule=0x77a30000, lpmodinfo=0x2abde34, cb=0xc | out: lpmodinfo=0x2abde34*(lpBaseOfDll=0x77a30000, SizeOfImage=0xbd000, EntryPoint=0x77a655e0)) returned 1 [0079.195] CoTaskMemAlloc (cb=0x804) returned 0xd69028 [0079.195] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x77a30000, lpBaseName=0xd69028, nSize=0x800 | out: lpBaseName="msvcrt.dll") returned 0xa [0079.195] CoTaskMemFree (pv=0xd69028) [0079.195] CoTaskMemAlloc (cb=0x804) returned 0xd69028 [0079.195] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x77a30000, lpFilename=0xd69028, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")) returned 0x1e [0079.195] CoTaskMemFree (pv=0xd69028) [0079.195] GetModuleInformation (in: hProcess=0x2f0, hModule=0x75fb0000, lpmodinfo=0x2abff40, cb=0xc | out: lpmodinfo=0x2abff40*(lpBaseOfDll=0x75fb0000, SizeOfImage=0x41000, EntryPoint=0x75fc3400)) returned 1 [0079.195] CoTaskMemAlloc (cb=0x804) returned 0xd69028 [0079.195] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x75fb0000, lpBaseName=0xd69028, nSize=0x800 | out: lpBaseName="sechost.dll") returned 0xb [0079.196] CoTaskMemFree (pv=0xd69028) [0079.196] CoTaskMemAlloc (cb=0x804) returned 0xd69028 [0079.196] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x75fb0000, lpFilename=0xd69028, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")) returned 0x1f [0079.196] CoTaskMemFree (pv=0xd69028) [0079.196] GetModuleInformation (in: hProcess=0x2f0, hModule=0x74710000, lpmodinfo=0x2ac2098, cb=0xc | out: lpmodinfo=0x2ac2098*(lpBaseOfDll=0x74710000, SizeOfImage=0xc0000, EntryPoint=0x7473fb20)) returned 1 [0079.196] CoTaskMemAlloc (cb=0x804) returned 0xd69028 [0079.196] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x74710000, lpBaseName=0xd69028, nSize=0x800 | out: lpBaseName="RPCRT4.dll") returned 0xa [0079.196] CoTaskMemFree (pv=0xd69028) [0079.196] CoTaskMemAlloc (cb=0x804) returned 0xd69028 [0079.196] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x74710000, lpFilename=0xd69028, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\System32\\RPCRT4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")) returned 0x1e [0079.196] CoTaskMemFree (pv=0xd69028) [0079.196] GetModuleInformation (in: hProcess=0x2f0, hModule=0x74680000, lpmodinfo=0x2ac41a4, cb=0xc | out: lpmodinfo=0x2ac41a4*(lpBaseOfDll=0x74680000, SizeOfImage=0x20000, EntryPoint=0x7468c9a0)) returned 1 [0079.196] CoTaskMemAlloc (cb=0x804) returned 0xd69028 [0079.196] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x74680000, lpBaseName=0xd69028, nSize=0x800 | out: lpBaseName="SspiCli.dll") returned 0xb [0079.196] CoTaskMemFree (pv=0xd69028) [0079.196] CoTaskMemAlloc (cb=0x804) returned 0xd69028 [0079.196] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x74680000, lpFilename=0xd69028, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\System32\\SspiCli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll")) returned 0x1f [0079.197] CoTaskMemFree (pv=0xd69028) [0079.197] GetModuleInformation (in: hProcess=0x2f0, hModule=0x74670000, lpmodinfo=0x2ac62b0, cb=0xc | out: lpmodinfo=0x2ac62b0*(lpBaseOfDll=0x74670000, SizeOfImage=0xa000, EntryPoint=0x74672a00)) returned 1 [0079.197] CoTaskMemAlloc (cb=0x804) returned 0xd69028 [0079.197] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x74670000, lpBaseName=0xd69028, nSize=0x800 | out: lpBaseName="CRYPTBASE.dll") returned 0xd [0079.197] CoTaskMemFree (pv=0xd69028) [0079.197] CoTaskMemAlloc (cb=0x804) returned 0xd69028 [0079.197] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x74670000, lpFilename=0xd69028, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\System32\\CRYPTBASE.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll")) returned 0x21 [0079.197] CoTaskMemFree (pv=0xd69028) [0079.197] GetModuleInformation (in: hProcess=0x2f0, hModule=0x74da0000, lpmodinfo=0x2ac83c4, cb=0xc | out: lpmodinfo=0x2ac83c4*(lpBaseOfDll=0x74da0000, SizeOfImage=0x57000, EntryPoint=0x74ddde40)) returned 1 [0079.197] CoTaskMemAlloc (cb=0x804) returned 0xd69028 [0079.197] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x74da0000, lpBaseName=0xd69028, nSize=0x800 | out: lpBaseName="bcryptPrimitives.dll") returned 0x14 [0079.197] CoTaskMemFree (pv=0xd69028) [0079.197] CoTaskMemAlloc (cb=0x804) returned 0xd69028 [0079.197] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x74da0000, lpFilename=0xd69028, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\System32\\bcryptPrimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll")) returned 0x28 [0079.198] CoTaskMemFree (pv=0xd69028) [0079.198] GetModuleInformation (in: hProcess=0x2f0, hModule=0x71ac0000, lpmodinfo=0x2aca4f8, cb=0xc | out: lpmodinfo=0x2aca4f8*(lpBaseOfDll=0x71ac0000, SizeOfImage=0x7d000, EntryPoint=0x71ac3c80)) returned 1 [0079.198] CoTaskMemAlloc (cb=0x804) returned 0xd69028 [0079.198] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x71ac0000, lpBaseName=0xd69028, nSize=0x800 | out: lpBaseName="mscoreei.dll") returned 0xc [0079.198] CoTaskMemFree (pv=0xd69028) [0079.198] CoTaskMemAlloc (cb=0x804) returned 0xd69028 [0079.198] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x71ac0000, lpFilename=0xd69028, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscoreei.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\mscoreei.dll")) returned 0x3a [0079.198] CoTaskMemFree (pv=0xd69028) [0079.198] GetModuleInformation (in: hProcess=0x2f0, hModule=0x75f60000, lpmodinfo=0x2acc640, cb=0xc | out: lpmodinfo=0x2acc640*(lpBaseOfDll=0x75f60000, SizeOfImage=0x45000, EntryPoint=0x75f79260)) returned 1 [0079.198] CoTaskMemAlloc (cb=0x804) returned 0xd69028 [0079.198] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x75f60000, lpBaseName=0xd69028, nSize=0x800 | out: lpBaseName="SHLWAPI.dll") returned 0xb [0079.198] CoTaskMemFree (pv=0xd69028) [0079.198] CoTaskMemAlloc (cb=0x804) returned 0xd69028 [0079.198] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x75f60000, lpFilename=0xd69028, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\System32\\SHLWAPI.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll")) returned 0x1f [0079.198] CoTaskMemFree (pv=0xd69028) [0079.198] GetModuleInformation (in: hProcess=0x2f0, hModule=0x75c50000, lpmodinfo=0x2ace74c, cb=0xc | out: lpmodinfo=0x2ace74c*(lpBaseOfDll=0x75c50000, SizeOfImage=0x238000, EntryPoint=0x75d6e060)) returned 1 [0079.199] CoTaskMemAlloc (cb=0x804) returned 0xd69028 [0079.199] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x75c50000, lpBaseName=0xd69028, nSize=0x800 | out: lpBaseName="combase.dll") returned 0xb [0079.199] CoTaskMemFree (pv=0xd69028) [0079.199] CoTaskMemAlloc (cb=0x804) returned 0xd69028 [0079.199] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x75c50000, lpFilename=0xd69028, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll")) returned 0x1f [0079.199] CoTaskMemFree (pv=0xd69028) [0079.199] GetModuleInformation (in: hProcess=0x2f0, hModule=0x76000000, lpmodinfo=0x2ad0858, cb=0xc | out: lpmodinfo=0x2ad0858*(lpBaseOfDll=0x76000000, SizeOfImage=0x118000, EntryPoint=0x7602a3c0)) returned 1 [0079.199] CoTaskMemAlloc (cb=0x804) returned 0xd69028 [0079.199] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x76000000, lpBaseName=0xd69028, nSize=0x800 | out: lpBaseName="ucrtbase.dll") returned 0xc [0079.199] CoTaskMemFree (pv=0xd69028) [0079.199] CoTaskMemAlloc (cb=0x804) returned 0xd69028 [0079.199] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x76000000, lpFilename=0xd69028, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\System32\\ucrtbase.dll" (normalized: "c:\\windows\\system32\\ucrtbase.dll")) returned 0x20 [0079.199] CoTaskMemFree (pv=0xd69028) [0079.199] GetModuleInformation (in: hProcess=0x2f0, hModule=0x75b70000, lpmodinfo=0x2ad29f8, cb=0xc | out: lpmodinfo=0x2ad29f8*(lpBaseOfDll=0x75b70000, SizeOfImage=0x21000, EntryPoint=0x75b76900)) returned 1 [0079.199] CoTaskMemAlloc (cb=0x804) returned 0xd69028 [0079.199] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x75b70000, lpBaseName=0xd69028, nSize=0x800 | out: lpBaseName="GDI32.dll") returned 0x9 [0079.200] CoTaskMemFree (pv=0xd69028) [0079.200] CoTaskMemAlloc (cb=0x804) returned 0xd69028 [0079.200] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x75b70000, lpFilename=0xd69028, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\System32\\GDI32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")) returned 0x1d [0079.200] CoTaskMemFree (pv=0xd69028) [0079.200] GetModuleInformation (in: hProcess=0x2f0, hModule=0x76290000, lpmodinfo=0x2ad4afc, cb=0xc | out: lpmodinfo=0x2ad4afc*(lpBaseOfDll=0x76290000, SizeOfImage=0x158000, EntryPoint=0x7634a9c0)) returned 1 [0079.200] CoTaskMemAlloc (cb=0x804) returned 0xd69028 [0079.200] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x76290000, lpBaseName=0xd69028, nSize=0x800 | out: lpBaseName="gdi32full.dll") returned 0xd [0079.200] CoTaskMemFree (pv=0xd69028) [0079.200] CoTaskMemAlloc (cb=0x804) returned 0xd69028 [0079.200] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x76290000, lpFilename=0xd69028, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\System32\\gdi32full.dll" (normalized: "c:\\windows\\system32\\gdi32full.dll")) returned 0x21 [0079.200] CoTaskMemFree (pv=0xd69028) [0079.200] GetModuleInformation (in: hProcess=0x2f0, hModule=0x77b30000, lpmodinfo=0x2ad6c10, cb=0xc | out: lpmodinfo=0x2ad6c10*(lpBaseOfDll=0x77b30000, SizeOfImage=0x79000, EntryPoint=0x77b44180)) returned 1 [0079.200] CoTaskMemAlloc (cb=0x804) returned 0xd69028 [0079.200] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x77b30000, lpBaseName=0xd69028, nSize=0x800 | out: lpBaseName="msvcp_win.dll") returned 0xd [0079.200] CoTaskMemFree (pv=0xd69028) [0079.200] CoTaskMemAlloc (cb=0x804) returned 0xd69028 [0079.200] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x77b30000, lpFilename=0xd69028, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\System32\\msvcp_win.dll" (normalized: "c:\\windows\\system32\\msvcp_win.dll")) returned 0x21 [0079.201] CoTaskMemFree (pv=0xd69028) [0079.201] GetModuleInformation (in: hProcess=0x2f0, hModule=0x74b70000, lpmodinfo=0x2ad8d24, cb=0xc | out: lpmodinfo=0x2ad8d24*(lpBaseOfDll=0x74b70000, SizeOfImage=0x13c000, EntryPoint=0x74b9b3d0)) returned 1 [0079.201] CoTaskMemAlloc (cb=0x804) returned 0xd69028 [0079.201] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x74b70000, lpBaseName=0xd69028, nSize=0x800 | out: lpBaseName="USER32.dll") returned 0xa [0079.201] CoTaskMemFree (pv=0xd69028) [0079.201] CoTaskMemAlloc (cb=0x804) returned 0xd69028 [0079.201] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x74b70000, lpFilename=0xd69028, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\System32\\USER32.dll" (normalized: "c:\\windows\\system32\\user32.dll")) returned 0x1e [0079.201] CoTaskMemFree (pv=0xd69028) [0079.201] GetModuleInformation (in: hProcess=0x2f0, hModule=0x74ac0000, lpmodinfo=0x2adae30, cb=0xc | out: lpmodinfo=0x2adae30*(lpBaseOfDll=0x74ac0000, SizeOfImage=0x16000, EntryPoint=0x0)) returned 1 [0079.201] CoTaskMemAlloc (cb=0x804) returned 0xd69028 [0079.201] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x74ac0000, lpBaseName=0xd69028, nSize=0x800 | out: lpBaseName="win32u.dll") returned 0xa [0079.201] CoTaskMemFree (pv=0xd69028) [0079.201] CoTaskMemAlloc (cb=0x804) returned 0xd69028 [0079.201] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x74ac0000, lpFilename=0xd69028, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\System32\\win32u.dll" (normalized: "c:\\windows\\system32\\win32u.dll")) returned 0x1e [0079.202] CoTaskMemFree (pv=0xd69028) [0079.202] GetModuleInformation (in: hProcess=0x2f0, hModule=0x74e20000, lpmodinfo=0x2adcf3c, cb=0xc | out: lpmodinfo=0x2adcf3c*(lpBaseOfDll=0x74e20000, SizeOfImage=0x25000, EntryPoint=0x74e247d0)) returned 1 [0079.202] CoTaskMemAlloc (cb=0x804) returned 0xd69028 [0079.202] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x74e20000, lpBaseName=0xd69028, nSize=0x800 | out: lpBaseName="IMM32.DLL") returned 0x9 [0079.202] CoTaskMemFree (pv=0xd69028) [0079.202] CoTaskMemAlloc (cb=0x804) returned 0xd69028 [0079.202] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x74e20000, lpFilename=0xd69028, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\System32\\IMM32.DLL" (normalized: "c:\\windows\\system32\\imm32.dll")) returned 0x1d [0079.202] CoTaskMemFree (pv=0xd69028) [0079.202] GetModuleInformation (in: hProcess=0x2f0, hModule=0x75ba0000, lpmodinfo=0x2adf040, cb=0xc | out: lpmodinfo=0x2adf040*(lpBaseOfDll=0x75ba0000, SizeOfImage=0xe000, EntryPoint=0x75ba3e30)) returned 1 [0079.202] CoTaskMemAlloc (cb=0x804) returned 0xd69028 [0079.202] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x75ba0000, lpBaseName=0xd69028, nSize=0x800 | out: lpBaseName="kernel.appcore.dll") returned 0x12 [0079.202] CoTaskMemFree (pv=0xd69028) [0079.202] CoTaskMemAlloc (cb=0x804) returned 0xd69028 [0079.202] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x75ba0000, lpFilename=0xd69028, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll")) returned 0x26 [0079.202] CoTaskMemFree (pv=0xd69028) [0079.202] GetModuleInformation (in: hProcess=0x2f0, hModule=0x74140000, lpmodinfo=0x2ae116c, cb=0xc | out: lpmodinfo=0x2ae116c*(lpBaseOfDll=0x74140000, SizeOfImage=0x8000, EntryPoint=0x741417c0)) returned 1 [0079.203] CoTaskMemAlloc (cb=0x804) returned 0xd69028 [0079.203] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x74140000, lpBaseName=0xd69028, nSize=0x800 | out: lpBaseName="VERSION.dll") returned 0xb [0079.203] CoTaskMemFree (pv=0xd69028) [0079.203] CoTaskMemAlloc (cb=0x804) returned 0xd69028 [0079.203] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x74140000, lpFilename=0xd69028, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\SYSTEM32\\VERSION.dll" (normalized: "c:\\windows\\system32\\version.dll")) returned 0x1f [0079.203] CoTaskMemFree (pv=0xd69028) [0079.203] GetModuleInformation (in: hProcess=0x2f0, hModule=0x713d0000, lpmodinfo=0x2ae3278, cb=0xc | out: lpmodinfo=0x2ae3278*(lpBaseOfDll=0x713d0000, SizeOfImage=0x6e6000, EntryPoint=0x713e83d0)) returned 1 [0079.203] CoTaskMemAlloc (cb=0x804) returned 0xd69028 [0079.203] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x713d0000, lpBaseName=0xd69028, nSize=0x800 | out: lpBaseName="clr.dll") returned 0x7 [0079.203] CoTaskMemFree (pv=0xd69028) [0079.203] CoTaskMemAlloc (cb=0x804) returned 0xd69028 [0079.203] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x713d0000, lpFilename=0xd69028, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clr.dll")) returned 0x35 [0079.203] CoTaskMemFree (pv=0xd69028) [0079.203] GetModuleInformation (in: hProcess=0x2f0, hModule=0x732a0000, lpmodinfo=0x2ae53a8, cb=0xc | out: lpmodinfo=0x2ae53a8*(lpBaseOfDll=0x732a0000, SizeOfImage=0xf5000, EntryPoint=0x732f4180)) returned 1 [0079.203] CoTaskMemAlloc (cb=0x804) returned 0xd69028 [0079.203] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x732a0000, lpBaseName=0xd69028, nSize=0x800 | out: lpBaseName="MSVCR120_CLR0400.dll") returned 0x14 [0079.204] CoTaskMemFree (pv=0xd69028) [0079.204] CoTaskMemAlloc (cb=0x804) returned 0xd69028 [0079.204] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x732a0000, lpFilename=0xd69028, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\SYSTEM32\\MSVCR120_CLR0400.dll" (normalized: "c:\\windows\\system32\\msvcr120_clr0400.dll")) returned 0x28 [0079.204] CoTaskMemFree (pv=0xd69028) [0079.204] GetModuleInformation (in: hProcess=0x2f0, hModule=0x70040000, lpmodinfo=0x2ae74dc, cb=0xc | out: lpmodinfo=0x2ae74dc*(lpBaseOfDll=0x70040000, SizeOfImage=0x138d000, EntryPoint=0x0)) returned 1 [0079.204] CoTaskMemAlloc (cb=0x804) returned 0xd69028 [0079.204] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x70040000, lpBaseName=0xd69028, nSize=0x800 | out: lpBaseName="mscorlib.ni.dll") returned 0xf [0079.204] CoTaskMemFree (pv=0xd69028) [0079.204] CoTaskMemAlloc (cb=0x804) returned 0xd69028 [0079.204] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x70040000, lpFilename=0xd69028, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\assembly\\NativeImages_v4.0.30319_32\\mscorlib\\f12799647dc4f4abd2f0f17790337f04\\mscorlib.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\mscorlib\\f12799647dc4f4abd2f0f17790337f04\\mscorlib.ni.dll")) returned 0x68 [0079.204] CoTaskMemFree (pv=0xd69028) [0079.204] GetModuleInformation (in: hProcess=0x2f0, hModule=0x77920000, lpmodinfo=0x2ae9684, cb=0xc | out: lpmodinfo=0x2ae9684*(lpBaseOfDll=0x77920000, SizeOfImage=0xf3000, EntryPoint=0x7795a100)) returned 1 [0079.204] CoTaskMemAlloc (cb=0x804) returned 0xd69028 [0079.204] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x77920000, lpBaseName=0xd69028, nSize=0x800 | out: lpBaseName="ole32.dll") returned 0x9 [0079.205] CoTaskMemFree (pv=0xd69028) [0079.205] CoTaskMemAlloc (cb=0x804) returned 0xd69028 [0079.205] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x77920000, lpFilename=0xd69028, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll")) returned 0x1d [0079.205] CoTaskMemFree (pv=0xd69028) [0079.205] GetModuleInformation (in: hProcess=0x2f0, hModule=0x74550000, lpmodinfo=0x2aeb788, cb=0xc | out: lpmodinfo=0x2aeb788*(lpBaseOfDll=0x74550000, SizeOfImage=0x78000, EntryPoint=0x745885b0)) returned 1 [0079.205] CoTaskMemAlloc (cb=0x804) returned 0xd69028 [0079.205] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x74550000, lpBaseName=0xd69028, nSize=0x800 | out: lpBaseName="uxtheme.dll") returned 0xb [0079.205] CoTaskMemFree (pv=0xd69028) [0079.205] CoTaskMemAlloc (cb=0x804) returned 0xd69028 [0079.205] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x74550000, lpFilename=0xd69028, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\system32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll")) returned 0x1f [0079.205] CoTaskMemFree (pv=0xd69028) [0079.205] GetModuleInformation (in: hProcess=0x2f0, hModule=0x73220000, lpmodinfo=0x2aed894, cb=0xc | out: lpmodinfo=0x2aed894*(lpBaseOfDll=0x73220000, SizeOfImage=0x80000, EntryPoint=0x73221180)) returned 1 [0079.205] CoTaskMemAlloc (cb=0x804) returned 0xd69028 [0079.205] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x73220000, lpBaseName=0xd69028, nSize=0x800 | out: lpBaseName="clrjit.dll") returned 0xa [0079.205] CoTaskMemFree (pv=0xd69028) [0079.205] CoTaskMemAlloc (cb=0x804) returned 0xd69028 [0079.206] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x73220000, lpFilename=0xd69028, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clrjit.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clrjit.dll")) returned 0x38 [0079.206] CoTaskMemFree (pv=0xd69028) [0079.206] GetModuleInformation (in: hProcess=0x2f0, hModule=0x75bb0000, lpmodinfo=0x2aef9d4, cb=0xc | out: lpmodinfo=0x2aef9d4*(lpBaseOfDll=0x75bb0000, SizeOfImage=0x96000, EntryPoint=0x75be8f60)) returned 1 [0079.206] CoTaskMemAlloc (cb=0x804) returned 0xd69028 [0079.206] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x75bb0000, lpBaseName=0xd69028, nSize=0x800 | out: lpBaseName="OLEAUT32.dll") returned 0xc [0079.206] CoTaskMemFree (pv=0xd69028) [0079.206] CoTaskMemAlloc (cb=0x804) returned 0xd69028 [0079.206] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x75bb0000, lpFilename=0xd69028, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\System32\\OLEAUT32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")) returned 0x20 [0079.206] CoTaskMemFree (pv=0xd69028) [0079.206] GetModuleInformation (in: hProcess=0x2f0, hModule=0x6f660000, lpmodinfo=0x2af1ae8, cb=0xc | out: lpmodinfo=0x2af1ae8*(lpBaseOfDll=0x6f660000, SizeOfImage=0x9df000, EntryPoint=0x0)) returned 1 [0079.206] CoTaskMemAlloc (cb=0x804) returned 0xd69028 [0079.206] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x6f660000, lpBaseName=0xd69028, nSize=0x800 | out: lpBaseName="System.ni.dll") returned 0xd [0079.206] CoTaskMemFree (pv=0xd69028) [0079.206] CoTaskMemAlloc (cb=0x804) returned 0xd69028 [0079.206] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x6f660000, lpFilename=0xd69028, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\assembly\\NativeImages_v4.0.30319_32\\System\\fcfb8bac8ea9a0e69d72c350b22f8e3f\\System.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system\\fcfb8bac8ea9a0e69d72c350b22f8e3f\\system.ni.dll")) returned 0x64 [0079.207] CoTaskMemFree (pv=0xd69028) [0079.207] GetModuleInformation (in: hProcess=0x2f0, hModule=0x6ef00000, lpmodinfo=0x2af3d90, cb=0xc | out: lpmodinfo=0x2af3d90*(lpBaseOfDll=0x6ef00000, SizeOfImage=0x756000, EntryPoint=0x0)) returned 1 [0079.207] CoTaskMemAlloc (cb=0x804) returned 0xd69028 [0079.207] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x6ef00000, lpBaseName=0xd69028, nSize=0x800 | out: lpBaseName="System.Core.ni.dll") returned 0x12 [0079.207] CoTaskMemFree (pv=0xd69028) [0079.207] CoTaskMemAlloc (cb=0x804) returned 0xd69028 [0079.207] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x6ef00000, lpFilename=0xd69028, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\assembly\\NativeImages_v4.0.30319_32\\System.Core\\7334607a1c01834b6f09c482bd20ff7e\\System.Core.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.core\\7334607a1c01834b6f09c482bd20ff7e\\system.core.ni.dll")) returned 0x6e [0079.207] CoTaskMemFree (pv=0xd69028) [0079.207] GetModuleInformation (in: hProcess=0x2f0, hModule=0x73200000, lpmodinfo=0x2af5f4c, cb=0xc | out: lpmodinfo=0x2af5f4c*(lpBaseOfDll=0x73200000, SizeOfImage=0x13000, EntryPoint=0x73206c40)) returned 1 [0079.207] CoTaskMemAlloc (cb=0x804) returned 0xd69028 [0079.207] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x73200000, lpBaseName=0xd69028, nSize=0x800 | out: lpBaseName="CRYPTSP.dll") returned 0xb [0079.207] CoTaskMemFree (pv=0xd69028) [0079.207] CoTaskMemAlloc (cb=0x804) returned 0xd69028 [0079.207] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x73200000, lpFilename=0xd69028, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\SYSTEM32\\CRYPTSP.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll")) returned 0x1f [0079.207] CoTaskMemFree (pv=0xd69028) [0079.207] GetModuleInformation (in: hProcess=0x2f0, hModule=0x74100000, lpmodinfo=0x2af8058, cb=0xc | out: lpmodinfo=0x2af8058*(lpBaseOfDll=0x74100000, SizeOfImage=0x2f000, EntryPoint=0x7410c000)) returned 1 [0079.208] CoTaskMemAlloc (cb=0x804) returned 0xd69028 [0079.208] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x74100000, lpBaseName=0xd69028, nSize=0x800 | out: lpBaseName="rsaenh.dll") returned 0xa [0079.208] CoTaskMemFree (pv=0xd69028) [0079.208] CoTaskMemAlloc (cb=0x804) returned 0xd69028 [0079.208] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x74100000, lpFilename=0xd69028, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\system32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")) returned 0x1e [0079.208] CoTaskMemFree (pv=0xd69028) [0079.208] GetModuleInformation (in: hProcess=0x2f0, hModule=0x740e0000, lpmodinfo=0x2afa164, cb=0xc | out: lpmodinfo=0x2afa164*(lpBaseOfDll=0x740e0000, SizeOfImage=0x18000, EntryPoint=0x740e8f30)) returned 1 [0079.208] CoTaskMemAlloc (cb=0x804) returned 0xd69028 [0079.208] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x740e0000, lpBaseName=0xd69028, nSize=0x800 | out: lpBaseName="bcrypt.dll") returned 0xa [0079.223] CoTaskMemFree (pv=0xd69028) [0079.223] CoTaskMemAlloc (cb=0x804) returned 0xd69028 [0079.223] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x740e0000, lpFilename=0xd69028, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\SYSTEM32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll")) returned 0x1e [0079.224] CoTaskMemFree (pv=0xd69028) [0079.224] GetModuleInformation (in: hProcess=0x2f0, hModule=0x76180000, lpmodinfo=0x2afc270, cb=0xc | out: lpmodinfo=0x2afc270*(lpBaseOfDll=0x76180000, SizeOfImage=0x6000, EntryPoint=0x76181460)) returned 1 [0079.224] CoTaskMemAlloc (cb=0x804) returned 0xd69028 [0079.224] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x76180000, lpBaseName=0xd69028, nSize=0x800 | out: lpBaseName="psapi.dll") returned 0x9 [0079.224] CoTaskMemFree (pv=0xd69028) [0079.224] CoTaskMemAlloc (cb=0x804) returned 0xd69028 [0079.224] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x76180000, lpFilename=0xd69028, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\System32\\psapi.dll" (normalized: "c:\\windows\\system32\\psapi.dll")) returned 0x1d [0079.224] CoTaskMemFree (pv=0xd69028) [0079.224] CloseHandle (hObject=0x2f0) returned 1 [0079.239] GetCurrentProcessId () returned 0x7f0 [0079.239] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x7f0) returned 0x2f0 [0079.239] EnumProcessModules (in: hProcess=0x2f0, lphModule=0x2b4f9c4, cb=0x100, lpcbNeeded=0xafd6d8 | out: lphModule=0x2b4f9c4, lpcbNeeded=0xafd6d8) returned 1 [0079.239] GetModuleInformation (in: hProcess=0x2f0, hModule=0x6b0000, lpmodinfo=0x2b4fb04, cb=0xc | out: lpmodinfo=0x2b4fb04*(lpBaseOfDll=0x6b0000, SizeOfImage=0xb6000, EntryPoint=0x0)) returned 1 [0079.239] CoTaskMemAlloc (cb=0x804) returned 0xd69028 [0079.240] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x6b0000, lpBaseName=0xd69028, nSize=0x800 | out: lpBaseName="fatura.exe") returned 0xa [0079.240] CoTaskMemFree (pv=0xd69028) [0079.240] CoTaskMemAlloc (cb=0x804) returned 0xd69028 [0079.240] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x6b0000, lpFilename=0xd69028, nSize=0x800 | out: lpFilename="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\fatura.exe" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\fatura.exe")) returned 0x2d [0079.240] CoTaskMemFree (pv=0xd69028) [0079.240] GetModuleInformation (in: hProcess=0x2f0, hModule=0x77bb0000, lpmodinfo=0x2b51c48, cb=0xc | out: lpmodinfo=0x2b51c48*(lpBaseOfDll=0x77bb0000, SizeOfImage=0x18e000, EntryPoint=0x0)) returned 1 [0079.240] CoTaskMemAlloc (cb=0x804) returned 0xd69028 [0079.240] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x77bb0000, lpBaseName=0xd69028, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0079.240] CoTaskMemFree (pv=0xd69028) [0079.240] CoTaskMemAlloc (cb=0x804) returned 0xd69028 [0079.240] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x77bb0000, lpFilename=0xd69028, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0079.240] CoTaskMemFree (pv=0xd69028) [0079.240] GetModuleInformation (in: hProcess=0x2f0, hModule=0x71b40000, lpmodinfo=0x2b53d4c, cb=0xc | out: lpmodinfo=0x2b53d4c*(lpBaseOfDll=0x71b40000, SizeOfImage=0x55000, EntryPoint=0x71b70a30)) returned 1 [0079.240] CoTaskMemAlloc (cb=0x804) returned 0xd69028 [0079.241] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x71b40000, lpBaseName=0xd69028, nSize=0x800 | out: lpBaseName="MSCOREE.DLL") returned 0xb [0079.241] CoTaskMemFree (pv=0xd69028) [0079.241] CoTaskMemAlloc (cb=0x804) returned 0xd69028 [0079.241] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x71b40000, lpFilename=0xd69028, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\SYSTEM32\\MSCOREE.DLL" (normalized: "c:\\windows\\system32\\mscoree.dll")) returned 0x1f [0079.241] CoTaskMemFree (pv=0xd69028) [0079.241] GetModuleInformation (in: hProcess=0x2f0, hModule=0x75e90000, lpmodinfo=0x2b55e58, cb=0xc | out: lpmodinfo=0x2b55e58*(lpBaseOfDll=0x75e90000, SizeOfImage=0xd0000, EntryPoint=0x75ea06a0)) returned 1 [0079.241] CoTaskMemAlloc (cb=0x804) returned 0xd69028 [0079.241] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x75e90000, lpBaseName=0xd69028, nSize=0x800 | out: lpBaseName="KERNEL32.dll") returned 0xc [0079.241] CoTaskMemFree (pv=0xd69028) [0079.241] CoTaskMemAlloc (cb=0x804) returned 0xd69028 [0079.241] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x75e90000, lpFilename=0xd69028, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\System32\\KERNEL32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")) returned 0x20 [0079.241] CoTaskMemFree (pv=0xd69028) [0079.241] GetModuleInformation (in: hProcess=0x2f0, hModule=0x74ea0000, lpmodinfo=0x2b57f6c, cb=0xc | out: lpmodinfo=0x2b57f6c*(lpBaseOfDll=0x74ea0000, SizeOfImage=0x1c2000, EntryPoint=0x74f8ff30)) returned 1 [0079.243] CoTaskMemAlloc (cb=0x804) returned 0xd69028 [0079.243] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x74ea0000, lpBaseName=0xd69028, nSize=0x800 | out: lpBaseName="KERNELBASE.dll") returned 0xe [0079.243] CoTaskMemFree (pv=0xd69028) [0079.243] CoTaskMemAlloc (cb=0x804) returned 0xd69028 [0079.243] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x74ea0000, lpFilename=0xd69028, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\System32\\KERNELBASE.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")) returned 0x22 [0079.243] CoTaskMemFree (pv=0xd69028) [0079.243] GetModuleInformation (in: hProcess=0x2f0, hModule=0x745d0000, lpmodinfo=0x29601b8, cb=0xc | out: lpmodinfo=0x29601b8*(lpBaseOfDll=0x745d0000, SizeOfImage=0x93000, EntryPoint=0x74604270)) returned 1 [0079.243] CoTaskMemAlloc (cb=0x804) returned 0xd69028 [0079.243] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x745d0000, lpBaseName=0xd69028, nSize=0x800 | out: lpBaseName="apphelp.dll") returned 0xb [0079.243] CoTaskMemFree (pv=0xd69028) [0079.243] CoTaskMemAlloc (cb=0x804) returned 0xd69028 [0079.243] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x745d0000, lpFilename=0xd69028, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\SYSTEM32\\apphelp.dll" (normalized: "c:\\windows\\system32\\apphelp.dll")) returned 0x1f [0079.244] CoTaskMemFree (pv=0xd69028) [0079.244] GetModuleInformation (in: hProcess=0x2f0, hModule=0x761b0000, lpmodinfo=0x29622c4, cb=0xc | out: lpmodinfo=0x29622c4*(lpBaseOfDll=0x761b0000, SizeOfImage=0x77000, EntryPoint=0x761ce5b0)) returned 1 [0079.244] CoTaskMemAlloc (cb=0x804) returned 0xd69028 [0079.244] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x761b0000, lpBaseName=0xd69028, nSize=0x800 | out: lpBaseName="ADVAPI32.dll") returned 0xc [0079.244] CoTaskMemFree (pv=0xd69028) [0079.244] CoTaskMemAlloc (cb=0x804) returned 0xd69028 [0079.244] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x761b0000, lpFilename=0xd69028, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\System32\\ADVAPI32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")) returned 0x20 [0079.244] CoTaskMemFree (pv=0xd69028) [0079.244] GetModuleInformation (in: hProcess=0x2f0, hModule=0x77a30000, lpmodinfo=0x29643d8, cb=0xc | out: lpmodinfo=0x29643d8*(lpBaseOfDll=0x77a30000, SizeOfImage=0xbd000, EntryPoint=0x77a655e0)) returned 1 [0079.244] CoTaskMemAlloc (cb=0x804) returned 0xd69028 [0079.244] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x77a30000, lpBaseName=0xd69028, nSize=0x800 | out: lpBaseName="msvcrt.dll") returned 0xa [0079.244] CoTaskMemFree (pv=0xd69028) [0079.244] CoTaskMemAlloc (cb=0x804) returned 0xd69028 [0079.244] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x77a30000, lpFilename=0xd69028, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")) returned 0x1e [0079.245] CoTaskMemFree (pv=0xd69028) [0079.245] GetModuleInformation (in: hProcess=0x2f0, hModule=0x75fb0000, lpmodinfo=0x29664e4, cb=0xc | out: lpmodinfo=0x29664e4*(lpBaseOfDll=0x75fb0000, SizeOfImage=0x41000, EntryPoint=0x75fc3400)) returned 1 [0079.245] CoTaskMemAlloc (cb=0x804) returned 0xd69028 [0079.245] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x75fb0000, lpBaseName=0xd69028, nSize=0x800 | out: lpBaseName="sechost.dll") returned 0xb [0079.245] CoTaskMemFree (pv=0xd69028) [0079.245] CoTaskMemAlloc (cb=0x804) returned 0xd69028 [0079.245] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x75fb0000, lpFilename=0xd69028, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")) returned 0x1f [0079.245] CoTaskMemFree (pv=0xd69028) [0079.245] GetModuleInformation (in: hProcess=0x2f0, hModule=0x74710000, lpmodinfo=0x296863c, cb=0xc | out: lpmodinfo=0x296863c*(lpBaseOfDll=0x74710000, SizeOfImage=0xc0000, EntryPoint=0x7473fb20)) returned 1 [0079.245] CoTaskMemAlloc (cb=0x804) returned 0xd69028 [0079.245] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x74710000, lpBaseName=0xd69028, nSize=0x800 | out: lpBaseName="RPCRT4.dll") returned 0xa [0079.245] CoTaskMemFree (pv=0xd69028) [0079.245] CoTaskMemAlloc (cb=0x804) returned 0xd69028 [0079.245] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x74710000, lpFilename=0xd69028, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\System32\\RPCRT4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")) returned 0x1e [0079.246] CoTaskMemFree (pv=0xd69028) [0079.246] GetModuleInformation (in: hProcess=0x2f0, hModule=0x74680000, lpmodinfo=0x296a748, cb=0xc | out: lpmodinfo=0x296a748*(lpBaseOfDll=0x74680000, SizeOfImage=0x20000, EntryPoint=0x7468c9a0)) returned 1 [0079.246] CoTaskMemAlloc (cb=0x804) returned 0xd69028 [0079.246] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x74680000, lpBaseName=0xd69028, nSize=0x800 | out: lpBaseName="SspiCli.dll") returned 0xb [0079.246] CoTaskMemFree (pv=0xd69028) [0079.246] CoTaskMemAlloc (cb=0x804) returned 0xd69028 [0079.246] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x74680000, lpFilename=0xd69028, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\System32\\SspiCli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll")) returned 0x1f [0079.246] CoTaskMemFree (pv=0xd69028) [0079.246] GetModuleInformation (in: hProcess=0x2f0, hModule=0x74670000, lpmodinfo=0x296c854, cb=0xc | out: lpmodinfo=0x296c854*(lpBaseOfDll=0x74670000, SizeOfImage=0xa000, EntryPoint=0x74672a00)) returned 1 [0079.246] CoTaskMemAlloc (cb=0x804) returned 0xd69028 [0079.246] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x74670000, lpBaseName=0xd69028, nSize=0x800 | out: lpBaseName="CRYPTBASE.dll") returned 0xd [0079.246] CoTaskMemFree (pv=0xd69028) [0079.246] CoTaskMemAlloc (cb=0x804) returned 0xd69028 [0079.246] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x74670000, lpFilename=0xd69028, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\System32\\CRYPTBASE.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll")) returned 0x21 [0079.246] CoTaskMemFree (pv=0xd69028) [0079.246] GetModuleInformation (in: hProcess=0x2f0, hModule=0x74da0000, lpmodinfo=0x296e968, cb=0xc | out: lpmodinfo=0x296e968*(lpBaseOfDll=0x74da0000, SizeOfImage=0x57000, EntryPoint=0x74ddde40)) returned 1 [0079.247] CoTaskMemAlloc (cb=0x804) returned 0xd69028 [0079.247] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x74da0000, lpBaseName=0xd69028, nSize=0x800 | out: lpBaseName="bcryptPrimitives.dll") returned 0x14 [0079.247] CoTaskMemFree (pv=0xd69028) [0079.247] CoTaskMemAlloc (cb=0x804) returned 0xd69028 [0079.247] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x74da0000, lpFilename=0xd69028, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\System32\\bcryptPrimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll")) returned 0x28 [0079.247] CoTaskMemFree (pv=0xd69028) [0079.247] GetModuleInformation (in: hProcess=0x2f0, hModule=0x71ac0000, lpmodinfo=0x2970a9c, cb=0xc | out: lpmodinfo=0x2970a9c*(lpBaseOfDll=0x71ac0000, SizeOfImage=0x7d000, EntryPoint=0x71ac3c80)) returned 1 [0079.247] CoTaskMemAlloc (cb=0x804) returned 0xd69028 [0079.247] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x71ac0000, lpBaseName=0xd69028, nSize=0x800 | out: lpBaseName="mscoreei.dll") returned 0xc [0079.247] CoTaskMemFree (pv=0xd69028) [0079.247] CoTaskMemAlloc (cb=0x804) returned 0xd69028 [0079.247] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x71ac0000, lpFilename=0xd69028, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscoreei.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\mscoreei.dll")) returned 0x3a [0079.247] CoTaskMemFree (pv=0xd69028) [0079.247] GetModuleInformation (in: hProcess=0x2f0, hModule=0x75f60000, lpmodinfo=0x2972be4, cb=0xc | out: lpmodinfo=0x2972be4*(lpBaseOfDll=0x75f60000, SizeOfImage=0x45000, EntryPoint=0x75f79260)) returned 1 [0079.247] CoTaskMemAlloc (cb=0x804) returned 0xd69028 [0079.247] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x75f60000, lpBaseName=0xd69028, nSize=0x800 | out: lpBaseName="SHLWAPI.dll") returned 0xb [0079.248] CoTaskMemFree (pv=0xd69028) [0079.248] CoTaskMemAlloc (cb=0x804) returned 0xd69028 [0079.248] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x75f60000, lpFilename=0xd69028, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\System32\\SHLWAPI.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll")) returned 0x1f [0079.248] CoTaskMemFree (pv=0xd69028) [0079.248] GetModuleInformation (in: hProcess=0x2f0, hModule=0x75c50000, lpmodinfo=0x2974cf0, cb=0xc | out: lpmodinfo=0x2974cf0*(lpBaseOfDll=0x75c50000, SizeOfImage=0x238000, EntryPoint=0x75d6e060)) returned 1 [0079.248] CoTaskMemAlloc (cb=0x804) returned 0xd69028 [0079.248] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x75c50000, lpBaseName=0xd69028, nSize=0x800 | out: lpBaseName="combase.dll") returned 0xb [0079.248] CoTaskMemFree (pv=0xd69028) [0079.248] CoTaskMemAlloc (cb=0x804) returned 0xd69028 [0079.248] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x75c50000, lpFilename=0xd69028, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll")) returned 0x1f [0079.248] CoTaskMemFree (pv=0xd69028) [0079.248] GetModuleInformation (in: hProcess=0x2f0, hModule=0x76000000, lpmodinfo=0x2976dfc, cb=0xc | out: lpmodinfo=0x2976dfc*(lpBaseOfDll=0x76000000, SizeOfImage=0x118000, EntryPoint=0x7602a3c0)) returned 1 [0079.248] CoTaskMemAlloc (cb=0x804) returned 0xd69028 [0079.248] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x76000000, lpBaseName=0xd69028, nSize=0x800 | out: lpBaseName="ucrtbase.dll") returned 0xc [0079.248] CoTaskMemFree (pv=0xd69028) [0079.249] CoTaskMemAlloc (cb=0x804) returned 0xd69028 [0079.249] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x76000000, lpFilename=0xd69028, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\System32\\ucrtbase.dll" (normalized: "c:\\windows\\system32\\ucrtbase.dll")) returned 0x20 [0079.249] CoTaskMemFree (pv=0xd69028) [0079.249] GetModuleInformation (in: hProcess=0x2f0, hModule=0x75b70000, lpmodinfo=0x2978f9c, cb=0xc | out: lpmodinfo=0x2978f9c*(lpBaseOfDll=0x75b70000, SizeOfImage=0x21000, EntryPoint=0x75b76900)) returned 1 [0079.249] CoTaskMemAlloc (cb=0x804) returned 0xd69028 [0079.249] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x75b70000, lpBaseName=0xd69028, nSize=0x800 | out: lpBaseName="GDI32.dll") returned 0x9 [0079.249] CoTaskMemFree (pv=0xd69028) [0079.249] CoTaskMemAlloc (cb=0x804) returned 0xd69028 [0079.249] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x75b70000, lpFilename=0xd69028, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\System32\\GDI32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")) returned 0x1d [0079.249] CoTaskMemFree (pv=0xd69028) [0079.249] GetModuleInformation (in: hProcess=0x2f0, hModule=0x76290000, lpmodinfo=0x297b0a0, cb=0xc | out: lpmodinfo=0x297b0a0*(lpBaseOfDll=0x76290000, SizeOfImage=0x158000, EntryPoint=0x7634a9c0)) returned 1 [0079.249] CoTaskMemAlloc (cb=0x804) returned 0xd69028 [0079.249] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x76290000, lpBaseName=0xd69028, nSize=0x800 | out: lpBaseName="gdi32full.dll") returned 0xd [0079.249] CoTaskMemFree (pv=0xd69028) [0079.249] CoTaskMemAlloc (cb=0x804) returned 0xd69028 [0079.249] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x76290000, lpFilename=0xd69028, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\System32\\gdi32full.dll" (normalized: "c:\\windows\\system32\\gdi32full.dll")) returned 0x21 [0079.250] CoTaskMemFree (pv=0xd69028) [0079.250] GetModuleInformation (in: hProcess=0x2f0, hModule=0x77b30000, lpmodinfo=0x297d1b4, cb=0xc | out: lpmodinfo=0x297d1b4*(lpBaseOfDll=0x77b30000, SizeOfImage=0x79000, EntryPoint=0x77b44180)) returned 1 [0079.250] CoTaskMemAlloc (cb=0x804) returned 0xd69028 [0079.250] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x77b30000, lpBaseName=0xd69028, nSize=0x800 | out: lpBaseName="msvcp_win.dll") returned 0xd [0079.250] CoTaskMemFree (pv=0xd69028) [0079.250] CoTaskMemAlloc (cb=0x804) returned 0xd69028 [0079.250] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x77b30000, lpFilename=0xd69028, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\System32\\msvcp_win.dll" (normalized: "c:\\windows\\system32\\msvcp_win.dll")) returned 0x21 [0079.250] CoTaskMemFree (pv=0xd69028) [0079.250] GetModuleInformation (in: hProcess=0x2f0, hModule=0x74b70000, lpmodinfo=0x297f2c8, cb=0xc | out: lpmodinfo=0x297f2c8*(lpBaseOfDll=0x74b70000, SizeOfImage=0x13c000, EntryPoint=0x74b9b3d0)) returned 1 [0079.250] CoTaskMemAlloc (cb=0x804) returned 0xd69028 [0079.250] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x74b70000, lpBaseName=0xd69028, nSize=0x800 | out: lpBaseName="USER32.dll") returned 0xa [0079.250] CoTaskMemFree (pv=0xd69028) [0079.250] CoTaskMemAlloc (cb=0x804) returned 0xd69028 [0079.250] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x74b70000, lpFilename=0xd69028, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\System32\\USER32.dll" (normalized: "c:\\windows\\system32\\user32.dll")) returned 0x1e [0079.250] CoTaskMemFree (pv=0xd69028) [0079.250] GetModuleInformation (in: hProcess=0x2f0, hModule=0x74ac0000, lpmodinfo=0x29813d4, cb=0xc | out: lpmodinfo=0x29813d4*(lpBaseOfDll=0x74ac0000, SizeOfImage=0x16000, EntryPoint=0x0)) returned 1 [0079.251] CoTaskMemAlloc (cb=0x804) returned 0xd69028 [0079.251] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x74ac0000, lpBaseName=0xd69028, nSize=0x800 | out: lpBaseName="win32u.dll") returned 0xa [0079.251] CoTaskMemFree (pv=0xd69028) [0079.251] CoTaskMemAlloc (cb=0x804) returned 0xd69028 [0079.251] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x74ac0000, lpFilename=0xd69028, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\System32\\win32u.dll" (normalized: "c:\\windows\\system32\\win32u.dll")) returned 0x1e [0079.251] CoTaskMemFree (pv=0xd69028) [0079.251] GetModuleInformation (in: hProcess=0x2f0, hModule=0x74e20000, lpmodinfo=0x29834e0, cb=0xc | out: lpmodinfo=0x29834e0*(lpBaseOfDll=0x74e20000, SizeOfImage=0x25000, EntryPoint=0x74e247d0)) returned 1 [0079.251] CoTaskMemAlloc (cb=0x804) returned 0xd69028 [0079.251] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x74e20000, lpBaseName=0xd69028, nSize=0x800 | out: lpBaseName="IMM32.DLL") returned 0x9 [0079.251] CoTaskMemFree (pv=0xd69028) [0079.251] CoTaskMemAlloc (cb=0x804) returned 0xd69028 [0079.251] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x74e20000, lpFilename=0xd69028, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\System32\\IMM32.DLL" (normalized: "c:\\windows\\system32\\imm32.dll")) returned 0x1d [0079.251] CoTaskMemFree (pv=0xd69028) [0079.251] GetModuleInformation (in: hProcess=0x2f0, hModule=0x75ba0000, lpmodinfo=0x29855e4, cb=0xc | out: lpmodinfo=0x29855e4*(lpBaseOfDll=0x75ba0000, SizeOfImage=0xe000, EntryPoint=0x75ba3e30)) returned 1 [0079.251] CoTaskMemAlloc (cb=0x804) returned 0xd69028 [0079.252] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x75ba0000, lpBaseName=0xd69028, nSize=0x800 | out: lpBaseName="kernel.appcore.dll") returned 0x12 [0079.252] CoTaskMemFree (pv=0xd69028) [0079.252] CoTaskMemAlloc (cb=0x804) returned 0xd69028 [0079.252] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x75ba0000, lpFilename=0xd69028, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll")) returned 0x26 [0079.252] CoTaskMemFree (pv=0xd69028) [0079.252] GetModuleInformation (in: hProcess=0x2f0, hModule=0x74140000, lpmodinfo=0x2987710, cb=0xc | out: lpmodinfo=0x2987710*(lpBaseOfDll=0x74140000, SizeOfImage=0x8000, EntryPoint=0x741417c0)) returned 1 [0079.252] CoTaskMemAlloc (cb=0x804) returned 0xd69028 [0079.252] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x74140000, lpBaseName=0xd69028, nSize=0x800 | out: lpBaseName="VERSION.dll") returned 0xb [0079.252] CoTaskMemFree (pv=0xd69028) [0079.252] CoTaskMemAlloc (cb=0x804) returned 0xd69028 [0079.252] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x74140000, lpFilename=0xd69028, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\SYSTEM32\\VERSION.dll" (normalized: "c:\\windows\\system32\\version.dll")) returned 0x1f [0079.252] CoTaskMemFree (pv=0xd69028) [0079.252] GetModuleInformation (in: hProcess=0x2f0, hModule=0x713d0000, lpmodinfo=0x298981c, cb=0xc | out: lpmodinfo=0x298981c*(lpBaseOfDll=0x713d0000, SizeOfImage=0x6e6000, EntryPoint=0x713e83d0)) returned 1 [0079.252] CoTaskMemAlloc (cb=0x804) returned 0xd69028 [0079.252] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x713d0000, lpBaseName=0xd69028, nSize=0x800 | out: lpBaseName="clr.dll") returned 0x7 [0079.253] CoTaskMemFree (pv=0xd69028) [0079.253] CoTaskMemAlloc (cb=0x804) returned 0xd69028 [0079.253] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x713d0000, lpFilename=0xd69028, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clr.dll")) returned 0x35 [0079.253] CoTaskMemFree (pv=0xd69028) [0079.253] GetModuleInformation (in: hProcess=0x2f0, hModule=0x732a0000, lpmodinfo=0x298b94c, cb=0xc | out: lpmodinfo=0x298b94c*(lpBaseOfDll=0x732a0000, SizeOfImage=0xf5000, EntryPoint=0x732f4180)) returned 1 [0079.253] CoTaskMemAlloc (cb=0x804) returned 0xd69028 [0079.253] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x732a0000, lpBaseName=0xd69028, nSize=0x800 | out: lpBaseName="MSVCR120_CLR0400.dll") returned 0x14 [0079.253] CoTaskMemFree (pv=0xd69028) [0079.253] CoTaskMemAlloc (cb=0x804) returned 0xd69028 [0079.253] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x732a0000, lpFilename=0xd69028, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\SYSTEM32\\MSVCR120_CLR0400.dll" (normalized: "c:\\windows\\system32\\msvcr120_clr0400.dll")) returned 0x28 [0079.253] CoTaskMemFree (pv=0xd69028) [0079.253] GetModuleInformation (in: hProcess=0x2f0, hModule=0x70040000, lpmodinfo=0x298da80, cb=0xc | out: lpmodinfo=0x298da80*(lpBaseOfDll=0x70040000, SizeOfImage=0x138d000, EntryPoint=0x0)) returned 1 [0079.253] CoTaskMemAlloc (cb=0x804) returned 0xd69028 [0079.253] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x70040000, lpBaseName=0xd69028, nSize=0x800 | out: lpBaseName="mscorlib.ni.dll") returned 0xf [0079.253] CoTaskMemFree (pv=0xd69028) [0079.253] CoTaskMemAlloc (cb=0x804) returned 0xd69028 [0079.253] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x70040000, lpFilename=0xd69028, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\assembly\\NativeImages_v4.0.30319_32\\mscorlib\\f12799647dc4f4abd2f0f17790337f04\\mscorlib.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\mscorlib\\f12799647dc4f4abd2f0f17790337f04\\mscorlib.ni.dll")) returned 0x68 [0079.254] CoTaskMemFree (pv=0xd69028) [0079.254] GetModuleInformation (in: hProcess=0x2f0, hModule=0x77920000, lpmodinfo=0x298fc28, cb=0xc | out: lpmodinfo=0x298fc28*(lpBaseOfDll=0x77920000, SizeOfImage=0xf3000, EntryPoint=0x7795a100)) returned 1 [0079.254] CoTaskMemAlloc (cb=0x804) returned 0xd69028 [0079.254] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x77920000, lpBaseName=0xd69028, nSize=0x800 | out: lpBaseName="ole32.dll") returned 0x9 [0079.254] CoTaskMemFree (pv=0xd69028) [0079.254] CoTaskMemAlloc (cb=0x804) returned 0xd69028 [0079.254] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x77920000, lpFilename=0xd69028, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll")) returned 0x1d [0079.254] CoTaskMemFree (pv=0xd69028) [0079.254] GetModuleInformation (in: hProcess=0x2f0, hModule=0x74550000, lpmodinfo=0x2991d2c, cb=0xc | out: lpmodinfo=0x2991d2c*(lpBaseOfDll=0x74550000, SizeOfImage=0x78000, EntryPoint=0x745885b0)) returned 1 [0079.254] CoTaskMemAlloc (cb=0x804) returned 0xd69028 [0079.254] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x74550000, lpBaseName=0xd69028, nSize=0x800 | out: lpBaseName="uxtheme.dll") returned 0xb [0079.254] CoTaskMemFree (pv=0xd69028) [0079.254] CoTaskMemAlloc (cb=0x804) returned 0xd69028 [0079.254] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x74550000, lpFilename=0xd69028, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\system32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll")) returned 0x1f [0079.254] CoTaskMemFree (pv=0xd69028) [0079.255] GetModuleInformation (in: hProcess=0x2f0, hModule=0x73220000, lpmodinfo=0x2993e38, cb=0xc | out: lpmodinfo=0x2993e38*(lpBaseOfDll=0x73220000, SizeOfImage=0x80000, EntryPoint=0x73221180)) returned 1 [0079.255] CoTaskMemAlloc (cb=0x804) returned 0xd69028 [0079.255] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x73220000, lpBaseName=0xd69028, nSize=0x800 | out: lpBaseName="clrjit.dll") returned 0xa [0079.255] CoTaskMemFree (pv=0xd69028) [0079.255] CoTaskMemAlloc (cb=0x804) returned 0xd69028 [0079.255] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x73220000, lpFilename=0xd69028, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clrjit.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clrjit.dll")) returned 0x38 [0079.255] CoTaskMemFree (pv=0xd69028) [0079.255] GetModuleInformation (in: hProcess=0x2f0, hModule=0x75bb0000, lpmodinfo=0x2995f78, cb=0xc | out: lpmodinfo=0x2995f78*(lpBaseOfDll=0x75bb0000, SizeOfImage=0x96000, EntryPoint=0x75be8f60)) returned 1 [0079.260] CoTaskMemAlloc (cb=0x804) returned 0xd69028 [0079.260] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x75bb0000, lpBaseName=0xd69028, nSize=0x800 | out: lpBaseName="OLEAUT32.dll") returned 0xc [0079.260] CoTaskMemFree (pv=0xd69028) [0079.260] CoTaskMemAlloc (cb=0x804) returned 0xd69028 [0079.260] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x75bb0000, lpFilename=0xd69028, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\System32\\OLEAUT32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")) returned 0x20 [0079.260] CoTaskMemFree (pv=0xd69028) [0079.260] GetModuleInformation (in: hProcess=0x2f0, hModule=0x6f660000, lpmodinfo=0x299808c, cb=0xc | out: lpmodinfo=0x299808c*(lpBaseOfDll=0x6f660000, SizeOfImage=0x9df000, EntryPoint=0x0)) returned 1 [0079.260] CoTaskMemAlloc (cb=0x804) returned 0xd69028 [0079.260] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x6f660000, lpBaseName=0xd69028, nSize=0x800 | out: lpBaseName="System.ni.dll") returned 0xd [0079.261] CoTaskMemFree (pv=0xd69028) [0079.261] CoTaskMemAlloc (cb=0x804) returned 0xd69028 [0079.261] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x6f660000, lpFilename=0xd69028, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\assembly\\NativeImages_v4.0.30319_32\\System\\fcfb8bac8ea9a0e69d72c350b22f8e3f\\System.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system\\fcfb8bac8ea9a0e69d72c350b22f8e3f\\system.ni.dll")) returned 0x64 [0079.261] CoTaskMemFree (pv=0xd69028) [0079.261] GetModuleInformation (in: hProcess=0x2f0, hModule=0x6ef00000, lpmodinfo=0x299a334, cb=0xc | out: lpmodinfo=0x299a334*(lpBaseOfDll=0x6ef00000, SizeOfImage=0x756000, EntryPoint=0x0)) returned 1 [0079.261] CoTaskMemAlloc (cb=0x804) returned 0xd69028 [0079.261] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x6ef00000, lpBaseName=0xd69028, nSize=0x800 | out: lpBaseName="System.Core.ni.dll") returned 0x12 [0079.261] CoTaskMemFree (pv=0xd69028) [0079.261] CoTaskMemAlloc (cb=0x804) returned 0xd69028 [0079.261] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x6ef00000, lpFilename=0xd69028, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\assembly\\NativeImages_v4.0.30319_32\\System.Core\\7334607a1c01834b6f09c482bd20ff7e\\System.Core.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.core\\7334607a1c01834b6f09c482bd20ff7e\\system.core.ni.dll")) returned 0x6e [0079.261] CoTaskMemFree (pv=0xd69028) [0079.261] GetModuleInformation (in: hProcess=0x2f0, hModule=0x73200000, lpmodinfo=0x299c4f0, cb=0xc | out: lpmodinfo=0x299c4f0*(lpBaseOfDll=0x73200000, SizeOfImage=0x13000, EntryPoint=0x73206c40)) returned 1 [0079.261] CoTaskMemAlloc (cb=0x804) returned 0xd69028 [0079.261] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x73200000, lpBaseName=0xd69028, nSize=0x800 | out: lpBaseName="CRYPTSP.dll") returned 0xb [0079.262] CoTaskMemFree (pv=0xd69028) [0079.262] CoTaskMemAlloc (cb=0x804) returned 0xd69028 [0079.262] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x73200000, lpFilename=0xd69028, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\SYSTEM32\\CRYPTSP.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll")) returned 0x1f [0079.262] CoTaskMemFree (pv=0xd69028) [0079.262] GetModuleInformation (in: hProcess=0x2f0, hModule=0x74100000, lpmodinfo=0x299e5fc, cb=0xc | out: lpmodinfo=0x299e5fc*(lpBaseOfDll=0x74100000, SizeOfImage=0x2f000, EntryPoint=0x7410c000)) returned 1 [0079.262] CoTaskMemAlloc (cb=0x804) returned 0xd69028 [0079.262] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x74100000, lpBaseName=0xd69028, nSize=0x800 | out: lpBaseName="rsaenh.dll") returned 0xa [0079.262] CoTaskMemFree (pv=0xd69028) [0079.262] CoTaskMemAlloc (cb=0x804) returned 0xd69028 [0079.262] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x74100000, lpFilename=0xd69028, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\system32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")) returned 0x1e [0079.262] CoTaskMemFree (pv=0xd69028) [0079.262] GetModuleInformation (in: hProcess=0x2f0, hModule=0x740e0000, lpmodinfo=0x29a0708, cb=0xc | out: lpmodinfo=0x29a0708*(lpBaseOfDll=0x740e0000, SizeOfImage=0x18000, EntryPoint=0x740e8f30)) returned 1 [0079.262] CoTaskMemAlloc (cb=0x804) returned 0xd69028 [0079.262] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x740e0000, lpBaseName=0xd69028, nSize=0x800 | out: lpBaseName="bcrypt.dll") returned 0xa [0079.263] CoTaskMemFree (pv=0xd69028) [0079.263] CoTaskMemAlloc (cb=0x804) returned 0xd69028 [0079.263] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x740e0000, lpFilename=0xd69028, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\SYSTEM32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll")) returned 0x1e [0079.263] CoTaskMemFree (pv=0xd69028) [0079.263] GetModuleInformation (in: hProcess=0x2f0, hModule=0x76180000, lpmodinfo=0x29a2814, cb=0xc | out: lpmodinfo=0x29a2814*(lpBaseOfDll=0x76180000, SizeOfImage=0x6000, EntryPoint=0x76181460)) returned 1 [0079.263] CoTaskMemAlloc (cb=0x804) returned 0xd69028 [0079.263] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x76180000, lpBaseName=0xd69028, nSize=0x800 | out: lpBaseName="psapi.dll") returned 0x9 [0079.263] CoTaskMemFree (pv=0xd69028) [0079.263] CoTaskMemAlloc (cb=0x804) returned 0xd69028 [0079.263] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x76180000, lpFilename=0xd69028, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\System32\\psapi.dll" (normalized: "c:\\windows\\system32\\psapi.dll")) returned 0x1d [0079.263] CoTaskMemFree (pv=0xd69028) [0079.263] CloseHandle (hObject=0x2f0) returned 1 [0079.287] GetCurrentProcessId () returned 0x7f0 [0079.287] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x7f0) returned 0x2f0 [0079.288] EnumProcessModules (in: hProcess=0x2f0, lphModule=0x29f5f70, cb=0x100, lpcbNeeded=0xafd6d8 | out: lphModule=0x29f5f70, lpcbNeeded=0xafd6d8) returned 1 [0079.288] GetModuleInformation (in: hProcess=0x2f0, hModule=0x6b0000, lpmodinfo=0x29f60b0, cb=0xc | out: lpmodinfo=0x29f60b0*(lpBaseOfDll=0x6b0000, SizeOfImage=0xb6000, EntryPoint=0x0)) returned 1 [0079.288] CoTaskMemAlloc (cb=0x804) returned 0xd69028 [0079.288] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x6b0000, lpBaseName=0xd69028, nSize=0x800 | out: lpBaseName="fatura.exe") returned 0xa [0079.288] CoTaskMemFree (pv=0xd69028) [0079.288] CoTaskMemAlloc (cb=0x804) returned 0xd69028 [0079.288] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x6b0000, lpFilename=0xd69028, nSize=0x800 | out: lpFilename="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\fatura.exe" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\fatura.exe")) returned 0x2d [0079.288] CoTaskMemFree (pv=0xd69028) [0079.288] GetModuleInformation (in: hProcess=0x2f0, hModule=0x77bb0000, lpmodinfo=0x29f81f4, cb=0xc | out: lpmodinfo=0x29f81f4*(lpBaseOfDll=0x77bb0000, SizeOfImage=0x18e000, EntryPoint=0x0)) returned 1 [0079.288] CoTaskMemAlloc (cb=0x804) returned 0xd69028 [0079.288] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x77bb0000, lpBaseName=0xd69028, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0079.288] CoTaskMemFree (pv=0xd69028) [0079.288] CoTaskMemAlloc (cb=0x804) returned 0xd69028 [0079.288] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x77bb0000, lpFilename=0xd69028, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0079.289] CoTaskMemFree (pv=0xd69028) [0079.289] GetModuleInformation (in: hProcess=0x2f0, hModule=0x71b40000, lpmodinfo=0x29fa2f8, cb=0xc | out: lpmodinfo=0x29fa2f8*(lpBaseOfDll=0x71b40000, SizeOfImage=0x55000, EntryPoint=0x71b70a30)) returned 1 [0079.289] CoTaskMemAlloc (cb=0x804) returned 0xd69028 [0079.289] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x71b40000, lpBaseName=0xd69028, nSize=0x800 | out: lpBaseName="MSCOREE.DLL") returned 0xb [0079.289] CoTaskMemFree (pv=0xd69028) [0079.289] CoTaskMemAlloc (cb=0x804) returned 0xd69028 [0079.289] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x71b40000, lpFilename=0xd69028, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\SYSTEM32\\MSCOREE.DLL" (normalized: "c:\\windows\\system32\\mscoree.dll")) returned 0x1f [0079.289] CoTaskMemFree (pv=0xd69028) [0079.289] GetModuleInformation (in: hProcess=0x2f0, hModule=0x75e90000, lpmodinfo=0x29fc404, cb=0xc | out: lpmodinfo=0x29fc404*(lpBaseOfDll=0x75e90000, SizeOfImage=0xd0000, EntryPoint=0x75ea06a0)) returned 1 [0079.289] CoTaskMemAlloc (cb=0x804) returned 0xd69028 [0079.289] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x75e90000, lpBaseName=0xd69028, nSize=0x800 | out: lpBaseName="KERNEL32.dll") returned 0xc [0079.289] CoTaskMemFree (pv=0xd69028) [0079.289] CoTaskMemAlloc (cb=0x804) returned 0xd69028 [0079.289] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x75e90000, lpFilename=0xd69028, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\System32\\KERNEL32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")) returned 0x20 [0079.289] CoTaskMemFree (pv=0xd69028) [0079.289] GetModuleInformation (in: hProcess=0x2f0, hModule=0x74ea0000, lpmodinfo=0x29fe518, cb=0xc | out: lpmodinfo=0x29fe518*(lpBaseOfDll=0x74ea0000, SizeOfImage=0x1c2000, EntryPoint=0x74f8ff30)) returned 1 [0079.290] CoTaskMemAlloc (cb=0x804) returned 0xd69028 [0079.290] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x74ea0000, lpBaseName=0xd69028, nSize=0x800 | out: lpBaseName="KERNELBASE.dll") returned 0xe [0079.290] CoTaskMemFree (pv=0xd69028) [0079.290] CoTaskMemAlloc (cb=0x804) returned 0xd69028 [0079.290] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x74ea0000, lpFilename=0xd69028, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\System32\\KERNELBASE.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")) returned 0x22 [0079.290] CoTaskMemFree (pv=0xd69028) [0079.290] GetModuleInformation (in: hProcess=0x2f0, hModule=0x745d0000, lpmodinfo=0x2a00660, cb=0xc | out: lpmodinfo=0x2a00660*(lpBaseOfDll=0x745d0000, SizeOfImage=0x93000, EntryPoint=0x74604270)) returned 1 [0079.290] CoTaskMemAlloc (cb=0x804) returned 0xd69028 [0079.290] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x745d0000, lpBaseName=0xd69028, nSize=0x800 | out: lpBaseName="apphelp.dll") returned 0xb [0079.290] CoTaskMemFree (pv=0xd69028) [0079.290] CoTaskMemAlloc (cb=0x804) returned 0xd69028 [0079.290] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x745d0000, lpFilename=0xd69028, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\SYSTEM32\\apphelp.dll" (normalized: "c:\\windows\\system32\\apphelp.dll")) returned 0x1f [0079.290] CoTaskMemFree (pv=0xd69028) [0079.290] GetModuleInformation (in: hProcess=0x2f0, hModule=0x761b0000, lpmodinfo=0x2a0276c, cb=0xc | out: lpmodinfo=0x2a0276c*(lpBaseOfDll=0x761b0000, SizeOfImage=0x77000, EntryPoint=0x761ce5b0)) returned 1 [0079.290] CoTaskMemAlloc (cb=0x804) returned 0xd69028 [0079.291] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x761b0000, lpBaseName=0xd69028, nSize=0x800 | out: lpBaseName="ADVAPI32.dll") returned 0xc [0079.291] CoTaskMemFree (pv=0xd69028) [0079.291] CoTaskMemAlloc (cb=0x804) returned 0xd69028 [0079.291] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x761b0000, lpFilename=0xd69028, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\System32\\ADVAPI32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")) returned 0x20 [0079.291] CoTaskMemFree (pv=0xd69028) [0079.291] GetModuleInformation (in: hProcess=0x2f0, hModule=0x77a30000, lpmodinfo=0x2a04880, cb=0xc | out: lpmodinfo=0x2a04880*(lpBaseOfDll=0x77a30000, SizeOfImage=0xbd000, EntryPoint=0x77a655e0)) returned 1 [0079.291] CoTaskMemAlloc (cb=0x804) returned 0xd69028 [0079.291] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x77a30000, lpBaseName=0xd69028, nSize=0x800 | out: lpBaseName="msvcrt.dll") returned 0xa [0079.291] CoTaskMemFree (pv=0xd69028) [0079.291] CoTaskMemAlloc (cb=0x804) returned 0xd69028 [0079.291] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x77a30000, lpFilename=0xd69028, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")) returned 0x1e [0079.291] CoTaskMemFree (pv=0xd69028) [0079.291] GetModuleInformation (in: hProcess=0x2f0, hModule=0x75fb0000, lpmodinfo=0x2a0698c, cb=0xc | out: lpmodinfo=0x2a0698c*(lpBaseOfDll=0x75fb0000, SizeOfImage=0x41000, EntryPoint=0x75fc3400)) returned 1 [0079.291] CoTaskMemAlloc (cb=0x804) returned 0xd69028 [0079.291] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x75fb0000, lpBaseName=0xd69028, nSize=0x800 | out: lpBaseName="sechost.dll") returned 0xb [0079.292] CoTaskMemFree (pv=0xd69028) [0079.292] CoTaskMemAlloc (cb=0x804) returned 0xd69028 [0079.292] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x75fb0000, lpFilename=0xd69028, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")) returned 0x1f [0079.292] CoTaskMemFree (pv=0xd69028) [0079.292] GetModuleInformation (in: hProcess=0x2f0, hModule=0x74710000, lpmodinfo=0x2a08ae4, cb=0xc | out: lpmodinfo=0x2a08ae4*(lpBaseOfDll=0x74710000, SizeOfImage=0xc0000, EntryPoint=0x7473fb20)) returned 1 [0079.292] CoTaskMemAlloc (cb=0x804) returned 0xd69028 [0079.292] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x74710000, lpBaseName=0xd69028, nSize=0x800 | out: lpBaseName="RPCRT4.dll") returned 0xa [0079.292] CoTaskMemFree (pv=0xd69028) [0079.292] CoTaskMemAlloc (cb=0x804) returned 0xd69028 [0079.292] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x74710000, lpFilename=0xd69028, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\System32\\RPCRT4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")) returned 0x1e [0079.292] CoTaskMemFree (pv=0xd69028) [0079.292] GetModuleInformation (in: hProcess=0x2f0, hModule=0x74680000, lpmodinfo=0x2a0abf0, cb=0xc | out: lpmodinfo=0x2a0abf0*(lpBaseOfDll=0x74680000, SizeOfImage=0x20000, EntryPoint=0x7468c9a0)) returned 1 [0079.292] CoTaskMemAlloc (cb=0x804) returned 0xd69028 [0079.292] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x74680000, lpBaseName=0xd69028, nSize=0x800 | out: lpBaseName="SspiCli.dll") returned 0xb [0079.292] CoTaskMemFree (pv=0xd69028) [0079.292] CoTaskMemAlloc (cb=0x804) returned 0xd69028 [0079.293] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x74680000, lpFilename=0xd69028, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\System32\\SspiCli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll")) returned 0x1f [0079.293] CoTaskMemFree (pv=0xd69028) [0079.293] GetModuleInformation (in: hProcess=0x2f0, hModule=0x74670000, lpmodinfo=0x2a0ccfc, cb=0xc | out: lpmodinfo=0x2a0ccfc*(lpBaseOfDll=0x74670000, SizeOfImage=0xa000, EntryPoint=0x74672a00)) returned 1 [0079.293] CoTaskMemAlloc (cb=0x804) returned 0xd69028 [0079.293] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x74670000, lpBaseName=0xd69028, nSize=0x800 | out: lpBaseName="CRYPTBASE.dll") returned 0xd [0079.293] CoTaskMemFree (pv=0xd69028) [0079.293] CoTaskMemAlloc (cb=0x804) returned 0xd69028 [0079.293] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x74670000, lpFilename=0xd69028, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\System32\\CRYPTBASE.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll")) returned 0x21 [0079.293] CoTaskMemFree (pv=0xd69028) [0079.293] GetModuleInformation (in: hProcess=0x2f0, hModule=0x74da0000, lpmodinfo=0x2a0ee10, cb=0xc | out: lpmodinfo=0x2a0ee10*(lpBaseOfDll=0x74da0000, SizeOfImage=0x57000, EntryPoint=0x74ddde40)) returned 1 [0079.293] CoTaskMemAlloc (cb=0x804) returned 0xd69028 [0079.293] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x74da0000, lpBaseName=0xd69028, nSize=0x800 | out: lpBaseName="bcryptPrimitives.dll") returned 0x14 [0079.293] CoTaskMemFree (pv=0xd69028) [0079.293] CoTaskMemAlloc (cb=0x804) returned 0xd69028 [0079.293] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x74da0000, lpFilename=0xd69028, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\System32\\bcryptPrimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll")) returned 0x28 [0079.294] CoTaskMemFree (pv=0xd69028) [0079.294] GetModuleInformation (in: hProcess=0x2f0, hModule=0x71ac0000, lpmodinfo=0x2a10f44, cb=0xc | out: lpmodinfo=0x2a10f44*(lpBaseOfDll=0x71ac0000, SizeOfImage=0x7d000, EntryPoint=0x71ac3c80)) returned 1 [0079.294] CoTaskMemAlloc (cb=0x804) returned 0xd69028 [0079.294] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x71ac0000, lpBaseName=0xd69028, nSize=0x800 | out: lpBaseName="mscoreei.dll") returned 0xc [0079.294] CoTaskMemFree (pv=0xd69028) [0079.294] CoTaskMemAlloc (cb=0x804) returned 0xd69028 [0079.294] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x71ac0000, lpFilename=0xd69028, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscoreei.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\mscoreei.dll")) returned 0x3a [0079.294] CoTaskMemFree (pv=0xd69028) [0079.294] GetModuleInformation (in: hProcess=0x2f0, hModule=0x75f60000, lpmodinfo=0x2a1308c, cb=0xc | out: lpmodinfo=0x2a1308c*(lpBaseOfDll=0x75f60000, SizeOfImage=0x45000, EntryPoint=0x75f79260)) returned 1 [0079.294] CoTaskMemAlloc (cb=0x804) returned 0xd69028 [0079.294] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x75f60000, lpBaseName=0xd69028, nSize=0x800 | out: lpBaseName="SHLWAPI.dll") returned 0xb [0079.294] CoTaskMemFree (pv=0xd69028) [0079.294] CoTaskMemAlloc (cb=0x804) returned 0xd69028 [0079.294] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x75f60000, lpFilename=0xd69028, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\System32\\SHLWAPI.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll")) returned 0x1f [0079.294] CoTaskMemFree (pv=0xd69028) [0079.294] GetModuleInformation (in: hProcess=0x2f0, hModule=0x75c50000, lpmodinfo=0x2a15198, cb=0xc | out: lpmodinfo=0x2a15198*(lpBaseOfDll=0x75c50000, SizeOfImage=0x238000, EntryPoint=0x75d6e060)) returned 1 [0079.295] CoTaskMemAlloc (cb=0x804) returned 0xd69028 [0079.295] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x75c50000, lpBaseName=0xd69028, nSize=0x800 | out: lpBaseName="combase.dll") returned 0xb [0079.295] CoTaskMemFree (pv=0xd69028) [0079.295] CoTaskMemAlloc (cb=0x804) returned 0xd69028 [0079.295] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x75c50000, lpFilename=0xd69028, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll")) returned 0x1f [0079.295] CoTaskMemFree (pv=0xd69028) [0079.295] GetModuleInformation (in: hProcess=0x2f0, hModule=0x76000000, lpmodinfo=0x2a172a4, cb=0xc | out: lpmodinfo=0x2a172a4*(lpBaseOfDll=0x76000000, SizeOfImage=0x118000, EntryPoint=0x7602a3c0)) returned 1 [0079.295] CoTaskMemAlloc (cb=0x804) returned 0xd69028 [0079.295] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x76000000, lpBaseName=0xd69028, nSize=0x800 | out: lpBaseName="ucrtbase.dll") returned 0xc [0079.295] CoTaskMemFree (pv=0xd69028) [0079.295] CoTaskMemAlloc (cb=0x804) returned 0xd69028 [0079.295] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x76000000, lpFilename=0xd69028, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\System32\\ucrtbase.dll" (normalized: "c:\\windows\\system32\\ucrtbase.dll")) returned 0x20 [0079.295] CoTaskMemFree (pv=0xd69028) [0079.295] GetModuleInformation (in: hProcess=0x2f0, hModule=0x75b70000, lpmodinfo=0x2a19444, cb=0xc | out: lpmodinfo=0x2a19444*(lpBaseOfDll=0x75b70000, SizeOfImage=0x21000, EntryPoint=0x75b76900)) returned 1 [0079.295] CoTaskMemAlloc (cb=0x804) returned 0xd69028 [0079.295] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x75b70000, lpBaseName=0xd69028, nSize=0x800 | out: lpBaseName="GDI32.dll") returned 0x9 [0079.296] CoTaskMemFree (pv=0xd69028) [0079.296] CoTaskMemAlloc (cb=0x804) returned 0xd69028 [0079.296] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x75b70000, lpFilename=0xd69028, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\System32\\GDI32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")) returned 0x1d [0079.296] CoTaskMemFree (pv=0xd69028) [0079.296] GetModuleInformation (in: hProcess=0x2f0, hModule=0x76290000, lpmodinfo=0x2a1b548, cb=0xc | out: lpmodinfo=0x2a1b548*(lpBaseOfDll=0x76290000, SizeOfImage=0x158000, EntryPoint=0x7634a9c0)) returned 1 [0079.296] CoTaskMemAlloc (cb=0x804) returned 0xd69028 [0079.296] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x76290000, lpBaseName=0xd69028, nSize=0x800 | out: lpBaseName="gdi32full.dll") returned 0xd [0079.296] CoTaskMemFree (pv=0xd69028) [0079.296] CoTaskMemAlloc (cb=0x804) returned 0xd69028 [0079.296] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x76290000, lpFilename=0xd69028, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\System32\\gdi32full.dll" (normalized: "c:\\windows\\system32\\gdi32full.dll")) returned 0x21 [0079.296] CoTaskMemFree (pv=0xd69028) [0079.296] GetModuleInformation (in: hProcess=0x2f0, hModule=0x77b30000, lpmodinfo=0x2a1d65c, cb=0xc | out: lpmodinfo=0x2a1d65c*(lpBaseOfDll=0x77b30000, SizeOfImage=0x79000, EntryPoint=0x77b44180)) returned 1 [0079.296] CoTaskMemAlloc (cb=0x804) returned 0xd69028 [0079.296] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x77b30000, lpBaseName=0xd69028, nSize=0x800 | out: lpBaseName="msvcp_win.dll") returned 0xd [0079.296] CoTaskMemFree (pv=0xd69028) [0079.297] CoTaskMemAlloc (cb=0x804) returned 0xd69028 [0079.297] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x77b30000, lpFilename=0xd69028, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\System32\\msvcp_win.dll" (normalized: "c:\\windows\\system32\\msvcp_win.dll")) returned 0x21 [0079.297] CoTaskMemFree (pv=0xd69028) [0079.297] GetModuleInformation (in: hProcess=0x2f0, hModule=0x74b70000, lpmodinfo=0x2a1f770, cb=0xc | out: lpmodinfo=0x2a1f770*(lpBaseOfDll=0x74b70000, SizeOfImage=0x13c000, EntryPoint=0x74b9b3d0)) returned 1 [0079.297] CoTaskMemAlloc (cb=0x804) returned 0xd69028 [0079.297] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x74b70000, lpBaseName=0xd69028, nSize=0x800 | out: lpBaseName="USER32.dll") returned 0xa [0079.297] CoTaskMemFree (pv=0xd69028) [0079.297] CoTaskMemAlloc (cb=0x804) returned 0xd69028 [0079.297] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x74b70000, lpFilename=0xd69028, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\System32\\USER32.dll" (normalized: "c:\\windows\\system32\\user32.dll")) returned 0x1e [0079.297] CoTaskMemFree (pv=0xd69028) [0079.297] GetModuleInformation (in: hProcess=0x2f0, hModule=0x74ac0000, lpmodinfo=0x2a2187c, cb=0xc | out: lpmodinfo=0x2a2187c*(lpBaseOfDll=0x74ac0000, SizeOfImage=0x16000, EntryPoint=0x0)) returned 1 [0079.297] CoTaskMemAlloc (cb=0x804) returned 0xd69028 [0079.297] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x74ac0000, lpBaseName=0xd69028, nSize=0x800 | out: lpBaseName="win32u.dll") returned 0xa [0079.297] CoTaskMemFree (pv=0xd69028) [0079.297] CoTaskMemAlloc (cb=0x804) returned 0xd69028 [0079.297] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x74ac0000, lpFilename=0xd69028, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\System32\\win32u.dll" (normalized: "c:\\windows\\system32\\win32u.dll")) returned 0x1e [0079.298] CoTaskMemFree (pv=0xd69028) [0079.298] GetModuleInformation (in: hProcess=0x2f0, hModule=0x74e20000, lpmodinfo=0x2a23988, cb=0xc | out: lpmodinfo=0x2a23988*(lpBaseOfDll=0x74e20000, SizeOfImage=0x25000, EntryPoint=0x74e247d0)) returned 1 [0079.298] CoTaskMemAlloc (cb=0x804) returned 0xd69028 [0079.298] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x74e20000, lpBaseName=0xd69028, nSize=0x800 | out: lpBaseName="IMM32.DLL") returned 0x9 [0079.298] CoTaskMemFree (pv=0xd69028) [0079.298] CoTaskMemAlloc (cb=0x804) returned 0xd69028 [0079.298] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x74e20000, lpFilename=0xd69028, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\System32\\IMM32.DLL" (normalized: "c:\\windows\\system32\\imm32.dll")) returned 0x1d [0079.298] CoTaskMemFree (pv=0xd69028) [0079.298] GetModuleInformation (in: hProcess=0x2f0, hModule=0x75ba0000, lpmodinfo=0x2a25a8c, cb=0xc | out: lpmodinfo=0x2a25a8c*(lpBaseOfDll=0x75ba0000, SizeOfImage=0xe000, EntryPoint=0x75ba3e30)) returned 1 [0079.298] CoTaskMemAlloc (cb=0x804) returned 0xd69028 [0079.298] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x75ba0000, lpBaseName=0xd69028, nSize=0x800 | out: lpBaseName="kernel.appcore.dll") returned 0x12 [0079.298] CoTaskMemFree (pv=0xd69028) [0079.298] CoTaskMemAlloc (cb=0x804) returned 0xd69028 [0079.298] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x75ba0000, lpFilename=0xd69028, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll")) returned 0x26 [0079.298] CoTaskMemFree (pv=0xd69028) [0079.298] GetModuleInformation (in: hProcess=0x2f0, hModule=0x74140000, lpmodinfo=0x2a27bb8, cb=0xc | out: lpmodinfo=0x2a27bb8*(lpBaseOfDll=0x74140000, SizeOfImage=0x8000, EntryPoint=0x741417c0)) returned 1 [0079.299] CoTaskMemAlloc (cb=0x804) returned 0xd69028 [0079.299] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x74140000, lpBaseName=0xd69028, nSize=0x800 | out: lpBaseName="VERSION.dll") returned 0xb [0079.299] CoTaskMemFree (pv=0xd69028) [0079.299] CoTaskMemAlloc (cb=0x804) returned 0xd69028 [0079.299] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x74140000, lpFilename=0xd69028, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\SYSTEM32\\VERSION.dll" (normalized: "c:\\windows\\system32\\version.dll")) returned 0x1f [0079.299] CoTaskMemFree (pv=0xd69028) [0079.299] GetModuleInformation (in: hProcess=0x2f0, hModule=0x713d0000, lpmodinfo=0x2a29cc4, cb=0xc | out: lpmodinfo=0x2a29cc4*(lpBaseOfDll=0x713d0000, SizeOfImage=0x6e6000, EntryPoint=0x713e83d0)) returned 1 [0079.299] CoTaskMemAlloc (cb=0x804) returned 0xd69028 [0079.299] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x713d0000, lpBaseName=0xd69028, nSize=0x800 | out: lpBaseName="clr.dll") returned 0x7 [0079.299] CoTaskMemFree (pv=0xd69028) [0079.299] CoTaskMemAlloc (cb=0x804) returned 0xd69028 [0079.299] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x713d0000, lpFilename=0xd69028, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clr.dll")) returned 0x35 [0079.299] CoTaskMemFree (pv=0xd69028) [0079.299] GetModuleInformation (in: hProcess=0x2f0, hModule=0x732a0000, lpmodinfo=0x2a2bdf4, cb=0xc | out: lpmodinfo=0x2a2bdf4*(lpBaseOfDll=0x732a0000, SizeOfImage=0xf5000, EntryPoint=0x732f4180)) returned 1 [0079.299] CoTaskMemAlloc (cb=0x804) returned 0xd69028 [0079.299] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x732a0000, lpBaseName=0xd69028, nSize=0x800 | out: lpBaseName="MSVCR120_CLR0400.dll") returned 0x14 [0079.300] CoTaskMemFree (pv=0xd69028) [0079.300] CoTaskMemAlloc (cb=0x804) returned 0xd69028 [0079.300] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x732a0000, lpFilename=0xd69028, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\SYSTEM32\\MSVCR120_CLR0400.dll" (normalized: "c:\\windows\\system32\\msvcr120_clr0400.dll")) returned 0x28 [0079.300] CoTaskMemFree (pv=0xd69028) [0079.300] GetModuleInformation (in: hProcess=0x2f0, hModule=0x70040000, lpmodinfo=0x2a2df28, cb=0xc | out: lpmodinfo=0x2a2df28*(lpBaseOfDll=0x70040000, SizeOfImage=0x138d000, EntryPoint=0x0)) returned 1 [0079.300] CoTaskMemAlloc (cb=0x804) returned 0xd69028 [0079.300] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x70040000, lpBaseName=0xd69028, nSize=0x800 | out: lpBaseName="mscorlib.ni.dll") returned 0xf [0079.300] CoTaskMemFree (pv=0xd69028) [0079.300] CoTaskMemAlloc (cb=0x804) returned 0xd69028 [0079.300] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x70040000, lpFilename=0xd69028, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\assembly\\NativeImages_v4.0.30319_32\\mscorlib\\f12799647dc4f4abd2f0f17790337f04\\mscorlib.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\mscorlib\\f12799647dc4f4abd2f0f17790337f04\\mscorlib.ni.dll")) returned 0x68 [0079.300] CoTaskMemFree (pv=0xd69028) [0079.300] GetModuleInformation (in: hProcess=0x2f0, hModule=0x77920000, lpmodinfo=0x2a300d0, cb=0xc | out: lpmodinfo=0x2a300d0*(lpBaseOfDll=0x77920000, SizeOfImage=0xf3000, EntryPoint=0x7795a100)) returned 1 [0079.300] CoTaskMemAlloc (cb=0x804) returned 0xd69028 [0079.300] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x77920000, lpBaseName=0xd69028, nSize=0x800 | out: lpBaseName="ole32.dll") returned 0x9 [0079.300] CoTaskMemFree (pv=0xd69028) [0079.301] CoTaskMemAlloc (cb=0x804) returned 0xd69028 [0079.301] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x77920000, lpFilename=0xd69028, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll")) returned 0x1d [0079.301] CoTaskMemFree (pv=0xd69028) [0079.301] GetModuleInformation (in: hProcess=0x2f0, hModule=0x74550000, lpmodinfo=0x2a321d4, cb=0xc | out: lpmodinfo=0x2a321d4*(lpBaseOfDll=0x74550000, SizeOfImage=0x78000, EntryPoint=0x745885b0)) returned 1 [0079.301] CoTaskMemAlloc (cb=0x804) returned 0xd69028 [0079.301] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x74550000, lpBaseName=0xd69028, nSize=0x800 | out: lpBaseName="uxtheme.dll") returned 0xb [0079.301] CoTaskMemFree (pv=0xd69028) [0079.301] CoTaskMemAlloc (cb=0x804) returned 0xd69028 [0079.301] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x74550000, lpFilename=0xd69028, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\system32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll")) returned 0x1f [0079.301] CoTaskMemFree (pv=0xd69028) [0079.301] GetModuleInformation (in: hProcess=0x2f0, hModule=0x73220000, lpmodinfo=0x2a342e0, cb=0xc | out: lpmodinfo=0x2a342e0*(lpBaseOfDll=0x73220000, SizeOfImage=0x80000, EntryPoint=0x73221180)) returned 1 [0079.301] CoTaskMemAlloc (cb=0x804) returned 0xd69028 [0079.301] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x73220000, lpBaseName=0xd69028, nSize=0x800 | out: lpBaseName="clrjit.dll") returned 0xa [0079.301] CoTaskMemFree (pv=0xd69028) [0079.301] CoTaskMemAlloc (cb=0x804) returned 0xd69028 [0079.301] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x73220000, lpFilename=0xd69028, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clrjit.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clrjit.dll")) returned 0x38 [0079.302] CoTaskMemFree (pv=0xd69028) [0079.302] GetModuleInformation (in: hProcess=0x2f0, hModule=0x75bb0000, lpmodinfo=0x2a36420, cb=0xc | out: lpmodinfo=0x2a36420*(lpBaseOfDll=0x75bb0000, SizeOfImage=0x96000, EntryPoint=0x75be8f60)) returned 1 [0079.302] CoTaskMemAlloc (cb=0x804) returned 0xd69028 [0079.302] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x75bb0000, lpBaseName=0xd69028, nSize=0x800 | out: lpBaseName="OLEAUT32.dll") returned 0xc [0079.325] CoTaskMemFree (pv=0xd69028) [0079.325] CoTaskMemAlloc (cb=0x804) returned 0xd69028 [0079.326] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x75bb0000, lpFilename=0xd69028, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\System32\\OLEAUT32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")) returned 0x20 [0079.326] CoTaskMemFree (pv=0xd69028) [0079.326] GetModuleInformation (in: hProcess=0x2f0, hModule=0x6f660000, lpmodinfo=0x2a38534, cb=0xc | out: lpmodinfo=0x2a38534*(lpBaseOfDll=0x6f660000, SizeOfImage=0x9df000, EntryPoint=0x0)) returned 1 [0079.326] CoTaskMemAlloc (cb=0x804) returned 0xd69028 [0079.326] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x6f660000, lpBaseName=0xd69028, nSize=0x800 | out: lpBaseName="System.ni.dll") returned 0xd [0079.326] CoTaskMemFree (pv=0xd69028) [0079.326] CoTaskMemAlloc (cb=0x804) returned 0xd69028 [0079.326] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x6f660000, lpFilename=0xd69028, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\assembly\\NativeImages_v4.0.30319_32\\System\\fcfb8bac8ea9a0e69d72c350b22f8e3f\\System.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system\\fcfb8bac8ea9a0e69d72c350b22f8e3f\\system.ni.dll")) returned 0x64 [0079.326] CoTaskMemFree (pv=0xd69028) [0079.326] GetModuleInformation (in: hProcess=0x2f0, hModule=0x6ef00000, lpmodinfo=0x2a3a7dc, cb=0xc | out: lpmodinfo=0x2a3a7dc*(lpBaseOfDll=0x6ef00000, SizeOfImage=0x756000, EntryPoint=0x0)) returned 1 [0079.326] CoTaskMemAlloc (cb=0x804) returned 0xd69028 [0079.326] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x6ef00000, lpBaseName=0xd69028, nSize=0x800 | out: lpBaseName="System.Core.ni.dll") returned 0x12 [0079.326] CoTaskMemFree (pv=0xd69028) [0079.326] CoTaskMemAlloc (cb=0x804) returned 0xd69028 [0079.327] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x6ef00000, lpFilename=0xd69028, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\assembly\\NativeImages_v4.0.30319_32\\System.Core\\7334607a1c01834b6f09c482bd20ff7e\\System.Core.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.core\\7334607a1c01834b6f09c482bd20ff7e\\system.core.ni.dll")) returned 0x6e [0079.327] CoTaskMemFree (pv=0xd69028) [0079.327] GetModuleInformation (in: hProcess=0x2f0, hModule=0x73200000, lpmodinfo=0x2a3c998, cb=0xc | out: lpmodinfo=0x2a3c998*(lpBaseOfDll=0x73200000, SizeOfImage=0x13000, EntryPoint=0x73206c40)) returned 1 [0079.327] CoTaskMemAlloc (cb=0x804) returned 0xd69028 [0079.327] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x73200000, lpBaseName=0xd69028, nSize=0x800 | out: lpBaseName="CRYPTSP.dll") returned 0xb [0079.327] CoTaskMemFree (pv=0xd69028) [0079.327] CoTaskMemAlloc (cb=0x804) returned 0xd69028 [0079.327] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x73200000, lpFilename=0xd69028, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\SYSTEM32\\CRYPTSP.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll")) returned 0x1f [0079.327] CoTaskMemFree (pv=0xd69028) [0079.327] GetModuleInformation (in: hProcess=0x2f0, hModule=0x74100000, lpmodinfo=0x2a3eaa4, cb=0xc | out: lpmodinfo=0x2a3eaa4*(lpBaseOfDll=0x74100000, SizeOfImage=0x2f000, EntryPoint=0x7410c000)) returned 1 [0079.327] CoTaskMemAlloc (cb=0x804) returned 0xd69028 [0079.327] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x74100000, lpBaseName=0xd69028, nSize=0x800 | out: lpBaseName="rsaenh.dll") returned 0xa [0079.327] CoTaskMemFree (pv=0xd69028) [0079.327] CoTaskMemAlloc (cb=0x804) returned 0xd69028 [0079.327] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x74100000, lpFilename=0xd69028, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\system32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")) returned 0x1e [0079.328] CoTaskMemFree (pv=0xd69028) [0079.328] GetModuleInformation (in: hProcess=0x2f0, hModule=0x740e0000, lpmodinfo=0x2a40bb0, cb=0xc | out: lpmodinfo=0x2a40bb0*(lpBaseOfDll=0x740e0000, SizeOfImage=0x18000, EntryPoint=0x740e8f30)) returned 1 [0079.328] CoTaskMemAlloc (cb=0x804) returned 0xd69028 [0079.328] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x740e0000, lpBaseName=0xd69028, nSize=0x800 | out: lpBaseName="bcrypt.dll") returned 0xa [0079.328] CoTaskMemFree (pv=0xd69028) [0079.328] CoTaskMemAlloc (cb=0x804) returned 0xd69028 [0079.328] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x740e0000, lpFilename=0xd69028, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\SYSTEM32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll")) returned 0x1e [0079.328] CoTaskMemFree (pv=0xd69028) [0079.328] GetModuleInformation (in: hProcess=0x2f0, hModule=0x76180000, lpmodinfo=0x2a42cbc, cb=0xc | out: lpmodinfo=0x2a42cbc*(lpBaseOfDll=0x76180000, SizeOfImage=0x6000, EntryPoint=0x76181460)) returned 1 [0079.328] CoTaskMemAlloc (cb=0x804) returned 0xd69028 [0079.328] GetModuleBaseNameW (in: hProcess=0x2f0, hModule=0x76180000, lpBaseName=0xd69028, nSize=0x800 | out: lpBaseName="psapi.dll") returned 0x9 [0079.328] CoTaskMemFree (pv=0xd69028) [0079.328] CoTaskMemAlloc (cb=0x804) returned 0xd69028 [0079.328] GetModuleFileNameExW (in: hProcess=0x2f0, hModule=0x76180000, lpFilename=0xd69028, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\System32\\psapi.dll" (normalized: "c:\\windows\\system32\\psapi.dll")) returned 0x1d [0079.328] CoTaskMemFree (pv=0xd69028) [0079.329] CloseHandle (hObject=0x2f0) returned 1 [0079.393] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\AppContext", ulOptions=0x0, samDesired=0x20019, phkResult=0xafe3b0 | out: phkResult=0xafe3b0*=0x0) returned 0x2 [0079.393] RegCloseKey (hKey=0x80000002) returned 0x0 [0079.395] CoTaskMemAlloc (cb=0x20e) returned 0xd69d10 [0079.395] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0xd69d10 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Temp") returned 0x22 [0079.395] CoTaskMemFree (pv=0xd69d10) [0079.400] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="\"fatura.exe\"", cchWideChar=12, lpMultiByteStr=0xafea28, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\"fatura.exe\"`\"\x8e\x02fatura.exe", lpUsedDefaultChar=0x0) returned 12 [0079.400] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Users\\FD1HVy\\AppData\\Local\\Temp", cchWideChar=34, lpMultiByteStr=0xafea04, cbMultiByte=36, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\x8e\x02\"fatura.exe\"", lpUsedDefaultChar=0x0) returned 34 [0079.400] CreateProcessA (in: lpApplicationName="fatura.exe", lpCommandLine="\"fatura.exe\"", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000004, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\FD1HVy\\AppData\\Local\\Temp", lpStartupInfo=0xafeaa0*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0xafefe0 | out: lpCommandLine="\"fatura.exe\"", lpProcessInformation=0xafefe0*(hProcess=0x2f0, hThread=0xe4, dwProcessId=0x7a8, dwThreadId=0x6c8)) returned 1 [0079.424] NtQueryInformationProcess (in: ProcessHandle=0x2f0, ProcessInformationClass=0x0, ProcessInformation=0xafefa0, ProcessInformationLength=0x18, ReturnLength=0xafeb6c | out: ProcessInformation=0xafefa0, ReturnLength=0xafeb6c) returned 0x0 [0079.424] ReadProcessMemory (in: hProcess=0x2f0, lpBaseAddress=0x2eb008, lpBuffer=0x2aee530, nSize=0x4, lpNumberOfBytesRead=0xafef8c | out: lpBuffer=0x2aee530*, lpNumberOfBytesRead=0xafef8c*=0x4) returned 1 [0079.430] ReadProcessMemory (in: hProcess=0x2f0, lpBaseAddress=0x13003c, lpBuffer=0x2aee554, nSize=0x4, lpNumberOfBytesRead=0xafeb70 | out: lpBuffer=0x2aee554*, lpNumberOfBytesRead=0xafeb70*=0x4) returned 1 [0079.430] ReadProcessMemory (in: hProcess=0x2f0, lpBaseAddress=0x1300a8, lpBuffer=0x2aee554, nSize=0x4, lpNumberOfBytesRead=0xafeb70 | out: lpBuffer=0x2aee554*, lpNumberOfBytesRead=0xafeb70*=0x4) returned 1 [0079.437] ReadProcessMemory (in: hProcess=0x2f0, lpBaseAddress=0x13003c, lpBuffer=0x2aee564, nSize=0x4, lpNumberOfBytesRead=0xafef8c | out: lpBuffer=0x2aee564*, lpNumberOfBytesRead=0xafef8c*=0x4) returned 1 [0079.437] ReadProcessMemory (in: hProcess=0x2f0, lpBaseAddress=0x1300d0, lpBuffer=0x2aee564, nSize=0x4, lpNumberOfBytesRead=0xafef8c | out: lpBuffer=0x2aee564*, lpNumberOfBytesRead=0xafef8c*=0x4) returned 1 [0079.460] VirtualAllocEx (hProcess=0x2f0, lpAddress=0x400000, dwSize=0x96000, flAllocationType=0x3000, flProtect=0x40) returned 0x0 [0079.466] EnumProcesses (in: lpidProcess=0x2aee618, cb=0x400, lpcbNeeded=0xafea8c | out: lpidProcess=0x2aee618, lpcbNeeded=0xafea8c) returned 1 [0079.475] OpenProcess (dwDesiredAccess=0x1, bInheritHandle=0, dwProcessId=0x7a8) returned 0x2f8 [0079.478] TerminateProcess (hProcess=0x2f8, uExitCode=0xffffffff) returned 1 [0079.479] CloseHandle (hObject=0x2f8) returned 1 [0079.479] CoTaskMemAlloc (cb=0x20e) returned 0xd69d10 [0079.479] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0xd69d10 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Temp") returned 0x22 [0079.480] CoTaskMemFree (pv=0xd69d10) [0079.480] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="fatura.exe", cchWideChar=10, lpMultiByteStr=0xafea38, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="fatura.exe\x8e\x02º\"\nÞðù=q`ò¯", lpUsedDefaultChar=0x0) returned 10 [0079.480] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="\"fatura.exe\"", cchWideChar=12, lpMultiByteStr=0xafea28, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\"fatura.exe\"`\"\x8e\x02fatura.exe", lpUsedDefaultChar=0x0) returned 12 [0079.480] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Users\\FD1HVy\\AppData\\Local\\Temp", cchWideChar=34, lpMultiByteStr=0xafea04, cbMultiByte=36, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\x8e\x02\"fatura.exe\"", lpUsedDefaultChar=0x0) returned 34 [0079.480] CreateProcessA (in: lpApplicationName="fatura.exe", lpCommandLine="\"fatura.exe\"", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000004, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\FD1HVy\\AppData\\Local\\Temp", lpStartupInfo=0xafeaa0*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0xafefe0 | out: lpCommandLine="\"fatura.exe\"", lpProcessInformation=0xafefe0*(hProcess=0x2f4, hThread=0x2f8, dwProcessId=0x2ac, dwThreadId=0x344)) returned 1 [0079.487] NtQueryInformationProcess (in: ProcessHandle=0x2f4, ProcessInformationClass=0x0, ProcessInformation=0xafefa0, ProcessInformationLength=0x18, ReturnLength=0xafeb6c | out: ProcessInformation=0xafefa0, ReturnLength=0xafeb6c) returned 0x0 [0079.487] ReadProcessMemory (in: hProcess=0x2f4, lpBaseAddress=0xbb8008, lpBuffer=0x2aeef0c, nSize=0x4, lpNumberOfBytesRead=0xafef8c | out: lpBuffer=0x2aeef0c*, lpNumberOfBytesRead=0xafef8c*=0x4) returned 1 [0079.487] ReadProcessMemory (in: hProcess=0x2f4, lpBaseAddress=0x86003c, lpBuffer=0x2aeef30, nSize=0x4, lpNumberOfBytesRead=0xafeb70 | out: lpBuffer=0x2aeef30*, lpNumberOfBytesRead=0xafeb70*=0x4) returned 1 [0079.487] ReadProcessMemory (in: hProcess=0x2f4, lpBaseAddress=0x8600a8, lpBuffer=0x2aeef30, nSize=0x4, lpNumberOfBytesRead=0xafeb70 | out: lpBuffer=0x2aeef30*, lpNumberOfBytesRead=0xafeb70*=0x4) returned 1 [0079.487] ReadProcessMemory (in: hProcess=0x2f4, lpBaseAddress=0x86003c, lpBuffer=0x2aeef40, nSize=0x4, lpNumberOfBytesRead=0xafef8c | out: lpBuffer=0x2aeef40*, lpNumberOfBytesRead=0xafef8c*=0x4) returned 1 [0079.488] ReadProcessMemory (in: hProcess=0x2f4, lpBaseAddress=0x8600d0, lpBuffer=0x2aeef40, nSize=0x4, lpNumberOfBytesRead=0xafef8c | out: lpBuffer=0x2aeef40*, lpNumberOfBytesRead=0xafef8c*=0x4) returned 1 [0079.491] VirtualAllocEx (hProcess=0x2f4, lpAddress=0x400000, dwSize=0x96000, flAllocationType=0x3000, flProtect=0x40) returned 0x400000 [0079.495] WriteProcessMemory (in: hProcess=0x2f4, lpBaseAddress=0x400000, lpBuffer=0x3af6768*, nSize=0x200, lpNumberOfBytesWritten=0xafef8c | out: lpBuffer=0x3af6768*, lpNumberOfBytesWritten=0xafef8c*=0x200) returned 1 [0079.517] WriteProcessMemory (in: hProcess=0x2f4, lpBaseAddress=0x402000, lpBuffer=0x3b86d88*, nSize=0x60400, lpNumberOfBytesWritten=0xafef8c | out: lpBuffer=0x3b86d88*, lpNumberOfBytesWritten=0xafef8c*=0x60400) returned 1 [0079.550] WriteProcessMemory (in: hProcess=0x2f4, lpBaseAddress=0x464000, lpBuffer=0x3be71a8*, nSize=0x2fe00, lpNumberOfBytesWritten=0xafef8c | out: lpBuffer=0x3be71a8*, lpNumberOfBytesWritten=0xafef8c*=0x2fe00) returned 1 [0079.563] WriteProcessMemory (in: hProcess=0x2f4, lpBaseAddress=0x494000, lpBuffer=0x2aeef50*, nSize=0x200, lpNumberOfBytesWritten=0xafef8c | out: lpBuffer=0x2aeef50*, lpNumberOfBytesWritten=0xafef8c*=0x200) returned 1 [0079.713] WriteProcessMemory (in: hProcess=0x2f4, lpBaseAddress=0xbb8008, lpBuffer=0x2aef15c*, nSize=0x4, lpNumberOfBytesWritten=0xafef8c | out: lpBuffer=0x2aef15c*, lpNumberOfBytesWritten=0xafef8c*=0x4) returned 1 [0079.715] VirtualProtectEx (in: hProcess=0x2f4, lpAddress=0x8f9e4e, dwSize=0x5, flNewProtect=0x40, lpflOldProtect=0xafef50 | out: lpflOldProtect=0xafef50*=0x2) returned 1 [0079.716] WriteProcessMemory (in: hProcess=0x2f4, lpBaseAddress=0x8f9e4e, lpBuffer=0x2aef17c*, nSize=0x5, lpNumberOfBytesWritten=0xafef8c | out: lpBuffer=0x2aef17c*, lpNumberOfBytesWritten=0xafef8c*=0x5) returned 1 [0079.716] VirtualProtectEx (in: hProcess=0x2f4, lpAddress=0x8f9e4e, dwSize=0x5, flNewProtect=0x2, lpflOldProtect=0xafef8c | out: lpflOldProtect=0xafef8c*=0x40) returned 1 [0079.716] VirtualProtectEx (in: hProcess=0x2f4, lpAddress=0x400000, dwSize=0x96000, flNewProtect=0x20, lpflOldProtect=0xafef8c | out: lpflOldProtect=0xafef8c*=0x40) returned 1 [0079.728] FlushInstructionCache (hProcess=0x2f4, lpBaseAddress=0x0, dwSize=0x0) returned 1 [0079.728] ResumeThread (hThread=0x2f8) returned 0x1 [0079.728] EnumProcesses (in: lpidProcess=0x2aef1b0, cb=0x400, lpcbNeeded=0xafeb54 | out: lpidProcess=0x2aef1b0, lpcbNeeded=0xafeb54) returned 1 [0079.735] CoGetContextToken (in: pToken=0xaff9b0 | out: pToken=0xaff9b0) returned 0x0 [0079.735] CObjectContext::QueryInterface () returned 0x0 [0079.735] CObjectContext::GetCurrentThreadType () returned 0x0 [0079.735] Release () returned 0x0 [0079.736] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x13880, cHandles=0x1, pHandles=0xd1ca90*=0x198, lpdwindex=0xaff854 | out: lpdwindex=0xaff854) returned 0x0 Thread: id = 98 os_tid = 0xcec Thread: id = 99 os_tid = 0xa90 Thread: id = 100 os_tid = 0xdb0 [0077.107] CoGetContextToken (in: pToken=0x4a3f824 | out: pToken=0x4a3f824) returned 0x800401f0 [0077.107] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0077.107] RoInitialize () returned 0x1 [0077.107] RoUninitialize () returned 0x0 [0079.824] SleepEx (dwMilliseconds=0xffffffff, bAlertable=0) Thread: id = 103 os_tid = 0xe00 [0079.826] SleepEx (dwMilliseconds=0x14, bAlertable=0) returned 0x0 [0079.889] SleepEx (dwMilliseconds=0x14, bAlertable=0) returned 0x0 [0079.936] SleepEx (dwMilliseconds=0x14, bAlertable=0) Thread: id = 105 os_tid = 0xf6c Thread: id = 106 os_tid = 0xf58 Thread: id = 107 os_tid = 0xc04 Process: id = "7" image_name = "fatura.exe" filename = "c:\\users\\fd1hvy\\appdata\\local\\temp\\fatura.exe" page_root = "0x18d78000" os_pid = "0x7a8" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "6" os_parent_pid = "0x7f0" cmd_line = "\"fatura.exe\"" cur_dir = "C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\" os_username = "NQDPDE\\FD1HVy" bitness = "32" os_groups = "NQDPDE\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:000103c1" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 101 os_tid = 0x6c8 Process: id = "8" image_name = "fatura.exe" filename = "c:\\users\\fd1hvy\\appdata\\local\\temp\\fatura.exe" page_root = "0x18c7f000" os_pid = "0x2ac" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "6" os_parent_pid = "0x7f0" cmd_line = "\"fatura.exe\"" cur_dir = "C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\" os_username = "NQDPDE\\FD1HVy" bitness = "32" os_groups = "NQDPDE\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:000103c1" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 102 os_tid = 0x344 [0080.478] CoInitializeEx (pvReserved=0x0, dwCoInit=0x2) returned 0x0 [0080.515] RoInitialize () returned 0x1 [0080.515] RoUninitialize () returned 0x0 [0081.601] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\AppContext", ulOptions=0x0, samDesired=0x20019, phkResult=0xcfeb80 | out: phkResult=0xcfeb80*=0x0) returned 0x2 [0081.601] RegCloseKey (hKey=0x80000002) returned 0x0 [0081.607] GetFullPathNameW (in: lpFileName="C:\\WINDOWS\\Microsoft.Net\\assembly\\GAC_MSIL\\System.Windows.Forms\\v4.0_4.0.0.0__b77a5c561934e089\\System.Windows.Forms.dll", nBufferLength=0x105, lpBuffer=0xcfedd8, lpFilePart=0x0 | out: lpBuffer="C:\\WINDOWS\\Microsoft.Net\\assembly\\GAC_MSIL\\System.Windows.Forms\\v4.0_4.0.0.0__b77a5c561934e089\\System.Windows.Forms.dll", lpFilePart=0x0) returned 0x77 [0081.653] IsAppThemed () returned 0x1 [0081.655] CoTaskMemAlloc (cb=0xf0) returned 0xfdf7d8 [0081.655] CreateActCtxA (pActCtx=0xcff328) returned 0xfdf9cc [0081.732] CoTaskMemFree (pv=0xfdf7d8) [0081.740] RegisterClipboardFormatW (lpszFormat="WM_GETCONTROLNAME") returned 0xc189 [0081.740] RegisterClipboardFormatW (lpszFormat="WM_GETCONTROLTYPE") returned 0xc18a [0081.749] GetUserNameW (in: lpBuffer=0xcff150, pcbBuffer=0xcff3c8 | out: lpBuffer="FD1HVy", pcbBuffer=0xcff3c8) returned 1 [0081.759] GetComputerNameW (in: lpBuffer=0xcff150, nSize=0xcff3c8 | out: lpBuffer="NQDPDE", nSize=0xcff3c8) returned 1 [0082.044] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\fatura.exe.config", nBufferLength=0x105, lpBuffer=0xcfec28, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\fatura.exe.config", lpFilePart=0x0) returned 0x34 [0083.201] GetCurrentProcess () returned 0xffffffff [0083.201] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0xcfef90 | out: TokenHandle=0xcfef90*=0x2b4) returned 1 [0083.205] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\", nBufferLength=0x105, lpBuffer=0xcfea1c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\", lpFilePart=0x0) returned 0x2e [0083.215] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0xcfef88 | out: lpFileInformation=0xcfef88*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x56a29ff, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97df7583, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97df7583, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x8c8f)) returned 1 [0083.216] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", nBufferLength=0x105, lpBuffer=0xcfe9e8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", lpFilePart=0x0) returned 0x43 [0083.216] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0xcfef90 | out: lpFileInformation=0xcfef90*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x56a29ff, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97df7583, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97df7583, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x8c8f)) returned 1 [0083.217] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", nBufferLength=0x105, lpBuffer=0xcfe984, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", lpFilePart=0x0) returned 0x43 [0083.218] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeec8) returned 1 [0083.219] CreateFileW (lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2b8 [0083.219] GetFileType (hFile=0x2b8) returned 0x1 [0083.219] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeec4) returned 1 [0083.219] GetFileType (hFile=0x2b8) returned 0x1 [0083.243] GetFileSize (in: hFile=0x2b8, lpFileSizeHigh=0xcfef84 | out: lpFileSizeHigh=0xcfef84*=0x0) returned 0x8c8f [0083.243] ReadFile (in: hFile=0x2b8, lpBuffer=0x2ba9cc0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcfef40, lpOverlapped=0x0 | out: lpBuffer=0x2ba9cc0*, lpNumberOfBytesRead=0xcfef40*=0x1000, lpOverlapped=0x0) returned 1 [0083.458] ReadFile (in: hFile=0x2b8, lpBuffer=0x2ba9cc0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcfedec, lpOverlapped=0x0 | out: lpBuffer=0x2ba9cc0*, lpNumberOfBytesRead=0xcfedec*=0x1000, lpOverlapped=0x0) returned 1 [0083.460] ReadFile (in: hFile=0x2b8, lpBuffer=0x2ba9cc0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcfeca0, lpOverlapped=0x0 | out: lpBuffer=0x2ba9cc0*, lpNumberOfBytesRead=0xcfeca0*=0x1000, lpOverlapped=0x0) returned 1 [0083.461] ReadFile (in: hFile=0x2b8, lpBuffer=0x2ba9cc0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcfeca0, lpOverlapped=0x0 | out: lpBuffer=0x2ba9cc0*, lpNumberOfBytesRead=0xcfeca0*=0x1000, lpOverlapped=0x0) returned 1 [0083.462] ReadFile (in: hFile=0x2b8, lpBuffer=0x2ba9cc0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcfeca0, lpOverlapped=0x0 | out: lpBuffer=0x2ba9cc0*, lpNumberOfBytesRead=0xcfeca0*=0x1000, lpOverlapped=0x0) returned 1 [0083.462] ReadFile (in: hFile=0x2b8, lpBuffer=0x2ba9cc0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcfebd8, lpOverlapped=0x0 | out: lpBuffer=0x2ba9cc0*, lpNumberOfBytesRead=0xcfebd8*=0x1000, lpOverlapped=0x0) returned 1 [0083.465] ReadFile (in: hFile=0x2b8, lpBuffer=0x2ba9cc0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcfed5c, lpOverlapped=0x0 | out: lpBuffer=0x2ba9cc0*, lpNumberOfBytesRead=0xcfed5c*=0x1000, lpOverlapped=0x0) returned 1 [0083.467] ReadFile (in: hFile=0x2b8, lpBuffer=0x2ba9cc0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcfec68, lpOverlapped=0x0 | out: lpBuffer=0x2ba9cc0*, lpNumberOfBytesRead=0xcfec68*=0x1000, lpOverlapped=0x0) returned 1 [0083.467] ReadFile (in: hFile=0x2b8, lpBuffer=0x2ba9cc0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcfec68, lpOverlapped=0x0 | out: lpBuffer=0x2ba9cc0*, lpNumberOfBytesRead=0xcfec68*=0xc8f, lpOverlapped=0x0) returned 1 [0083.467] ReadFile (in: hFile=0x2b8, lpBuffer=0x2ba9cc0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcfed2c, lpOverlapped=0x0 | out: lpBuffer=0x2ba9cc0*, lpNumberOfBytesRead=0xcfed2c*=0x0, lpOverlapped=0x0) returned 1 [0083.467] CloseHandle (hObject=0x2b8) returned 1 [0083.469] GetCurrentProcess () returned 0xffffffff [0083.469] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0xcff0d8 | out: TokenHandle=0xcff0d8*=0x2b8) returned 1 [0083.470] GetCurrentProcess () returned 0xffffffff [0083.470] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0xcff0d8 | out: TokenHandle=0xcff0d8*=0x2bc) returned 1 [0083.470] GetCurrentProcess () returned 0xffffffff [0083.470] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0xcfef90 | out: TokenHandle=0xcfef90*=0x2c0) returned 1 [0083.471] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\fatura.exe.config" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\fatura.exe.config"), fInfoLevelId=0x0, lpFileInformation=0xcfef88 | out: lpFileInformation=0xcfef88*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0083.471] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\fatura.exe.config", nBufferLength=0x105, lpBuffer=0xcfe9e8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\fatura.exe.config", lpFilePart=0x0) returned 0x34 [0083.471] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\fatura.exe.config" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\fatura.exe.config"), fInfoLevelId=0x0, lpFileInformation=0xcfef90 | out: lpFileInformation=0xcfef90*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0083.471] GetCurrentProcess () returned 0xffffffff [0083.471] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0xcff0d8 | out: TokenHandle=0xcff0d8*=0x2c4) returned 1 [0083.472] GetCurrentProcess () returned 0xffffffff [0083.472] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0xcff0d8 | out: TokenHandle=0xcff0d8*=0x2c8) returned 1 [0083.488] GetCurrentProcess () returned 0xffffffff [0083.488] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0xcfef38 | out: TokenHandle=0xcfef38*=0x2cc) returned 1 [0083.493] GetCurrentProcess () returned 0xffffffff [0083.493] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0xcfef48 | out: TokenHandle=0xcfef48*=0x2d0) returned 1 [0083.645] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x0 [0083.647] LoadLibraryW (lpLibFileName="comctl32.dll") returned 0x6d940000 [0084.281] AdjustWindowRectEx (in: lpRect=0xcff368, dwStyle=0x56cf0000, bMenu=0, dwExStyle=0x50081 | out: lpRect=0xcff368) returned 1 [0084.283] GetCurrentProcess () returned 0xffffffff [0084.283] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0xfffffffe, hTargetProcessHandle=0xffffffff, lpTargetHandle=0xcff27c, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0xcff27c*=0x2d8) returned 1 [0084.295] GetCurrentActCtx (in: lphActCtx=0xcff1dc | out: lphActCtx=0xcff1dc*=0x0) returned 1 [0084.295] ActivateActCtx (in: hActCtx=0xfdf9cc, lpCookie=0xcff1ec | out: hActCtx=0xfdf9cc, lpCookie=0xcff1ec) returned 1 [0084.295] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x0 [0084.651] LoadLibraryW (lpLibFileName="comctl32.dll") returned 0x73ed0000 [0084.659] GetModuleHandleW (lpModuleName="user32.dll") returned 0x74b70000 [0084.659] GetProcAddress (hModule=0x74b70000, lpProcName="DefWindowProcW") returned 0x77c35690 [0084.660] GetStockObject (i=5) returned 0x900015 [0084.664] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0084.666] CoTaskMemAlloc (cb=0x5a) returned 0xfed738 [0084.666] RegisterClassW (lpWndClass=0xcff090) returned 0xc18b [0084.667] CoTaskMemFree (pv=0xfed738) [0084.667] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0084.668] CreateWindowExW (dwExStyle=0x0, lpClassName="WindowsForms10.Window.8.app.0.141b42a_r9_ad1", lpWindowName=0x0, dwStyle=0x2010000, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0xfffffffd, hMenu=0x0, hInstance=0x400000, lpParam=0x0) returned 0x20244 [0084.669] SetWindowLongW (hWnd=0x20244, nIndex=-4, dwNewLong=2009290384) returned 86377918 [0084.670] GetWindowLongW (hWnd=0x20244, nIndex=-4) returned 2009290384 [0084.673] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\.NETFramework", ulOptions=0x0, samDesired=0x20019, phkResult=0xcfe8b0 | out: phkResult=0xcfe8b0*=0x2f0) returned 0x0 [0084.674] RegQueryValueExW (in: hKey=0x2f0, lpValueName="DbgJITDebugLaunchSetting", lpReserved=0x0, lpType=0xcfe8d0, lpData=0x0, lpcbData=0xcfe8cc*=0x0 | out: lpType=0xcfe8d0*=0x0, lpData=0x0, lpcbData=0xcfe8cc*=0x0) returned 0x2 [0084.674] RegQueryValueExW (in: hKey=0x2f0, lpValueName="DbgManagedDebugger", lpReserved=0x0, lpType=0xcfe8d0, lpData=0x0, lpcbData=0xcfe8cc*=0x0 | out: lpType=0xcfe8d0*=0x0, lpData=0x0, lpcbData=0xcfe8cc*=0x0) returned 0x2 [0084.674] RegCloseKey (hKey=0x2f0) returned 0x0 [0084.675] SetWindowLongW (hWnd=0x20244, nIndex=-4, dwNewLong=86377958) returned 2009290384 [0084.675] GetWindowLongW (hWnd=0x20244, nIndex=-4) returned 86377958 [0084.675] GetWindowLongW (hWnd=0x20244, nIndex=-16) returned 113311744 [0084.676] RegisterClipboardFormatW (lpszFormat="WinFormsMouseEnter") returned 0xc18c [0084.676] RegisterClipboardFormatW (lpszFormat="WinFormsUnSubclass") returned 0xc18d [0084.677] CallWindowProcW (lpPrevWndFunc=0x77c35690, hWnd=0x20244, Msg=0x81, wParam=0x0, lParam=0xcfec00) returned 0x1 [0084.677] CallWindowProcW (lpPrevWndFunc=0x77c35690, hWnd=0x20244, Msg=0x83, wParam=0x0, lParam=0xcfebec) returned 0x0 [0084.681] CallWindowProcW (lpPrevWndFunc=0x77c35690, hWnd=0x20244, Msg=0x1, wParam=0x0, lParam=0xcfec00) returned 0x0 [0084.681] GetClientRect (in: hWnd=0x20244, lpRect=0xcfe8e8 | out: lpRect=0xcfe8e8) returned 1 [0084.681] GetWindowRect (in: hWnd=0x20244, lpRect=0xcfe8e8 | out: lpRect=0xcfe8e8) returned 1 [0084.683] GetParent (hWnd=0x20244) returned 0x0 [0084.683] DeactivateActCtx (dwFlags=0x0, ulCookie=0x1be80001) returned 1 [0084.860] EtwEventRegister (in: ProviderId=0x2bc5f44, EnableCallback=0x526060e, CallbackContext=0x0, RegHandle=0x2bc5f20 | out: RegHandle=0x2bc5f20) returned 0x0 [0084.871] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6d940000 [0084.871] AdjustWindowRectEx (in: lpRect=0xcff300, dwStyle=0x2cf0000, bMenu=0, dwExStyle=0x50080 | out: lpRect=0xcff300) returned 1 [0084.871] GetSystemMetrics (nIndex=59) returned 1460 [0084.871] GetSystemMetrics (nIndex=60) returned 920 [0084.871] GetSystemMetrics (nIndex=34) returned 136 [0084.871] GetSystemMetrics (nIndex=35) returned 39 [0084.872] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6d940000 [0084.872] AdjustWindowRectEx (in: lpRect=0xcff200, dwStyle=0x2cf0000, bMenu=0, dwExStyle=0x50080 | out: lpRect=0xcff200) returned 1 [0084.876] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\fatura.exe.config", nBufferLength=0x105, lpBuffer=0xcfebd4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\fatura.exe.config", lpFilePart=0x0) returned 0x34 [0084.876] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcff090) returned 1 [0084.876] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\fatura.exe.config" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\fatura.exe.config"), fInfoLevelId=0x0, lpFileInformation=0xcff10c | out: lpFileInformation=0xcff10c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0084.876] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcff08c) returned 1 [0086.446] GetSystemMetrics (nIndex=11) returned 32 [0086.446] GetSystemMetrics (nIndex=12) returned 32 [0086.447] GetDC (hWnd=0x0) returned 0x1b0106f5 [0086.450] GetDeviceCaps (hdc=0x1b0106f5, index=12) returned 32 [0086.450] GetDeviceCaps (hdc=0x1b0106f5, index=14) returned 1 [0086.450] ReleaseDC (hWnd=0x0, hDC=0x1b0106f5) returned 1 [0086.451] CreateIconFromResourceEx (presbits=0x3bd5f24, dwResSize=0x10a8, fIcon=1, dwVer=0x30000, cxDesired=0, cyDesired=0, Flags=0x0) returned 0xb0121 [0086.462] CreateCompatibleDC (hdc=0x0) returned 0x4401052f [0086.467] GetSystemDefaultLCID () returned 0x409 [0086.467] GetStockObject (i=17) returned 0xa01c1 [0086.468] GetObjectW (in: h=0xa01c1, c=92, pv=0xcff050 | out: pv=0xcff050) returned 92 [0086.469] GetDC (hWnd=0x0) returned 0x1b0106f5 [0086.473] GdiplusStartup (in: token=0xe45ee8, input=0xcfe608, output=0xcfe658 | out: token=0xe45ee8, output=0xcfe658) returned 0x0 [0086.477] CoTaskMemAlloc (cb=0x5c) returned 0xfedbb0 [0086.477] GdipCreateFontFromLogfontW (hdc=0x1b0106f5, logfont=0xfedbb0, font=0xcff118) returned 0x0 [0087.119] CoTaskMemFree (pv=0xfedbb0) [0087.120] CoTaskMemAlloc (cb=0x5c) returned 0xfedc80 [0087.120] CoTaskMemFree (pv=0xfedc80) [0087.121] CoTaskMemAlloc (cb=0x5c) returned 0xfedc80 [0087.121] CoTaskMemFree (pv=0xfedc80) [0087.121] GdipGetFontUnit (font=0x51f1f08, unit=0xcff0e0) returned 0x0 [0087.121] GdipGetFontSize (font=0x51f1f08, size=0xcff0e4) returned 0x0 [0087.121] GdipGetFontStyle (font=0x51f1f08, style=0xcff0dc) returned 0x0 [0087.121] GdipGetFamily (font=0x51f1f08, family=0xcff0d8) returned 0x0 [0087.122] GdipGetFontSize (font=0x51f1f08, size=0x2bd95a8) returned 0x0 [0087.122] ReleaseDC (hWnd=0x0, hDC=0x1b0106f5) returned 1 [0087.122] GetDC (hWnd=0x0) returned 0x10105d6 [0087.122] GdipCreateFromHDC (hdc=0x10105d6, graphics=0xcff0f4) returned 0x0 [0087.124] GdipGetDpiY (graphics=0x64af260, dpi=0x2bd9684) returned 0x0 [0087.140] GdipGetFontHeight (font=0x51f1f08, graphics=0x64af260, height=0xcff0ec) returned 0x0 [0087.140] GdipGetEmHeight (family=0x51f8ee0, style=0, EmHeight=0xcff0f4) returned 0x0 [0087.140] GdipGetLineSpacing (family=0x51f8ee0, style=0, LineSpacing=0xcff0f4) returned 0x0 [0087.141] GdipDeleteGraphics (graphics=0x64af260) returned 0x0 [0087.141] ReleaseDC (hWnd=0x0, hDC=0x10105d6) returned 1 [0087.141] GdipCreateFont (fontFamily=0x51f8ee0, emSize=0x41040000, style=0, unit=0x3, font=0x2bd96a0) returned 0x0 [0087.141] GdipGetFontSize (font=0x51fef48, size=0x2bd96a4) returned 0x0 [0087.141] GdipDeleteFont (font=0x51f1f08) returned 0x0 [0087.142] GetDC (hWnd=0x0) returned 0x10105d6 [0087.142] GdipCreateFromHDC (hdc=0x10105d6, graphics=0xcff128) returned 0x0 [0087.142] CoTaskMemAlloc (cb=0x5c) returned 0xfed738 [0087.143] GdipGetLogFontW (font=0x51fef48, graphics=0x64af260, logfontW=0xfed738) returned 0x0 [0087.145] CoTaskMemFree (pv=0xfed738) [0087.145] CoTaskMemAlloc (cb=0x5c) returned 0xfede20 [0087.145] CoTaskMemFree (pv=0xfede20) [0087.145] CoTaskMemAlloc (cb=0x5c) returned 0xfedce8 [0087.145] CoTaskMemFree (pv=0xfedce8) [0087.145] GdipDeleteGraphics (graphics=0x64af260) returned 0x0 [0087.145] ReleaseDC (hWnd=0x0, hDC=0x10105d6) returned 1 [0087.146] CoTaskMemAlloc (cb=0x5c) returned 0xfed8d8 [0087.146] CreateFontIndirectW (lplf=0xfed8d8) returned 0x280a072c [0087.146] CoTaskMemFree (pv=0xfed8d8) [0087.146] SelectObject (hdc=0x4401052f, h=0x280a072c) returned 0x8a01c2 [0087.146] GetTextMetricsW (in: hdc=0x4401052f, lptm=0xcff234 | out: lptm=0xcff234) returned 1 [0087.147] GetTextExtentPoint32W (in: hdc=0x4401052f, lpString="abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ", c=52, psizl=0x2bd98cc | out: psizl=0x2bd98cc) returned 1 [0087.148] SelectObject (hdc=0x4401052f, h=0x8a01c2) returned 0x280a072c [0087.150] DeleteDC (hdc=0x4401052f) returned 1 [0087.151] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6d940000 [0087.151] AdjustWindowRectEx (in: lpRect=0xcfef7c, dwStyle=0x2cf0000, bMenu=0, dwExStyle=0x50000 | out: lpRect=0xcfef7c) returned 1 [0087.151] AdjustWindowRectEx (in: lpRect=0xcff1c0, dwStyle=0x2cf0000, bMenu=0, dwExStyle=0x50080 | out: lpRect=0xcff1c0) returned 1 [0087.151] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6d940000 [0087.151] AdjustWindowRectEx (in: lpRect=0xcfeef4, dwStyle=0x2cf0000, bMenu=0, dwExStyle=0x50000 | out: lpRect=0xcfeef4) returned 1 [0087.151] AdjustWindowRectEx (in: lpRect=0xcfeff8, dwStyle=0x2cf0000, bMenu=0, dwExStyle=0x50080 | out: lpRect=0xcfeff8) returned 1 [0087.152] GetSystemMetrics (nIndex=59) returned 1460 [0087.152] GetSystemMetrics (nIndex=60) returned 920 [0087.152] GetSystemMetrics (nIndex=34) returned 136 [0087.153] GetSystemMetrics (nIndex=35) returned 39 [0087.153] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x6d940000 [0087.153] AdjustWindowRectEx (in: lpRect=0xcfee84, dwStyle=0x2cf0000, bMenu=0, dwExStyle=0x50000 | out: lpRect=0xcfee84) returned 1 [0087.153] AdjustWindowRectEx (in: lpRect=0xcfef6c, dwStyle=0x2cf0000, bMenu=0, dwExStyle=0x50080 | out: lpRect=0xcfef6c) returned 1 [0087.153] GetCurrentActCtx (in: lphActCtx=0xcff39c | out: lphActCtx=0xcff39c*=0x0) returned 1 [0087.153] ActivateActCtx (in: hActCtx=0xfdf9cc, lpCookie=0xcff3ac | out: hActCtx=0xfdf9cc, lpCookie=0xcff3ac) returned 1 [0087.153] GetCurrentActCtx (in: lphActCtx=0xcff1bc | out: lphActCtx=0xcff1bc*=0xfdf9cc) returned 1 [0087.154] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x73ed0000 [0087.154] AdjustWindowRectEx (in: lpRect=0xcff0fc, dwStyle=0x2cf0000, bMenu=0, dwExStyle=0x50000 | out: lpRect=0xcff0fc) returned 1 [0087.154] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0087.154] CreateWindowExW (dwExStyle=0x50080, lpClassName="WindowsForms10.Window.8.app.0.141b42a_r9_ad1", lpWindowName="shade", dwStyle=0x2cf0000, X=-2147483648, Y=-2147483648, nWidth=168, nHeight=112, hWndParent=0x0, hMenu=0x0, hInstance=0x400000, lpParam=0x0) returned 0x40218 [0087.154] SetWindowLongW (hWnd=0x40218, nIndex=-4, dwNewLong=2009290384) returned 86377918 [0087.154] GetWindowLongW (hWnd=0x40218, nIndex=-4) returned 2009290384 [0087.157] SetWindowLongW (hWnd=0x40218, nIndex=-4, dwNewLong=86378038) returned 2009290384 [0087.158] GetWindowLongW (hWnd=0x40218, nIndex=-4) returned 86378038 [0087.158] GetWindowLongW (hWnd=0x40218, nIndex=-16) returned 114229248 [0087.158] CallWindowProcW (lpPrevWndFunc=0x77c35690, hWnd=0x40218, Msg=0x81, wParam=0x0, lParam=0xcfebe0) returned 0x1 [0087.161] CallWindowProcW (lpPrevWndFunc=0x77c35690, hWnd=0x40218, Msg=0x83, wParam=0x0, lParam=0xcfebcc) returned 0x0 [0087.162] CallWindowProcW (lpPrevWndFunc=0x77c35690, hWnd=0x40218, Msg=0x1, wParam=0x0, lParam=0xcfebe0) returned 0x0 [0087.162] GetClientRect (in: hWnd=0x40218, lpRect=0xcfe898 | out: lpRect=0xcfe898) returned 1 [0087.162] GetWindowRect (in: hWnd=0x40218, lpRect=0xcfe898 | out: lpRect=0xcfe898) returned 1 [0087.162] SetWindowTextW (hWnd=0x40218, lpString="shade") returned 1 [0087.162] CallWindowProcW (lpPrevWndFunc=0x77c35690, hWnd=0x40218, Msg=0xc, wParam=0x0, lParam=0x2bc5b94) returned 0x1 [0087.173] GetUserObjectInformationA (in: hObj=0x11c, nIndex=1, pvInfo=0x2bd9ddc, nLength=0xc, lpnLengthNeeded=0xcfe790 | out: pvInfo=0x2bd9ddc, lpnLengthNeeded=0xcfe790) returned 1 [0087.175] SetConsoleCtrlHandler (HandlerRoutine=0x526065e, Add=1) returned 1 [0087.176] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0087.176] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0087.178] GetClassInfoW (in: hInstance=0x400000, lpClassName=".NET-BroadcastEventWindow.4.0.0.0.141b42a.0", lpWndClass=0x2bd9e40 | out: lpWndClass=0x2bd9e40) returned 0 [0087.179] CoTaskMemAlloc (cb=0x58) returned 0xfe1790 [0087.179] RegisterClassW (lpWndClass=0xcfe6e0) returned 0xc17c [0087.180] CoTaskMemFree (pv=0xfe1790) [0087.180] CreateWindowExW (dwExStyle=0x0, lpClassName=".NET-BroadcastEventWindow.4.0.0.0.141b42a.0", lpWindowName=".NET-BroadcastEventWindow.4.0.0.0.141b42a.0", dwStyle=0x80000000, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0x0, hMenu=0x0, hInstance=0x400000, lpParam=0x0) returned 0x4021e [0087.182] NtdllDefWindowProc_W (hWnd=0x4021e, Msg=0x83, wParam=0x0, lParam=0xcfe20c) returned 0x0 [0087.182] NtdllDefWindowProc_W (hWnd=0x4021e, Msg=0x1, wParam=0x0, lParam=0xcfe220) returned 0x0 [0087.182] NtdllDefWindowProc_W (hWnd=0x4021e, Msg=0x5, wParam=0x0, lParam=0x0) returned 0x0 [0087.182] NtdllDefWindowProc_W (hWnd=0x4021e, Msg=0x3, wParam=0x0, lParam=0x0) returned 0x0 [0087.186] GetStartupInfoW (in: lpStartupInfo=0x2bda298 | out: lpStartupInfo=0x2bda298*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="fatura.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0)) [0087.193] GetParent (hWnd=0x40218) returned 0x0 [0087.193] SetWindowLongW (hWnd=0x40218, nIndex=-8, dwNewLong=0) returned 0 [0087.194] GetSystemMetrics (nIndex=49) returned 16 [0087.194] GetSystemMetrics (nIndex=50) returned 16 [0087.195] CreateIconFromResourceEx (presbits=0x3bd7954, dwResSize=0x468, fIcon=1, dwVer=0x30000, cxDesired=0, cyDesired=0, Flags=0x0) returned 0x140205 [0087.196] SendMessageW (hWnd=0x40218, Msg=0x80, wParam=0x0, lParam=0x140205) returned 0x0 [0087.196] CallWindowProcW (lpPrevWndFunc=0x77c35690, hWnd=0x40218, Msg=0x80, wParam=0x0, lParam=0x140205) returned 0x0 [0087.197] SendMessageW (hWnd=0x40218, Msg=0x80, wParam=0x1, lParam=0xb0121) returned 0x0 [0087.197] CallWindowProcW (lpPrevWndFunc=0x77c35690, hWnd=0x40218, Msg=0x80, wParam=0x1, lParam=0xb0121) returned 0x0 [0087.197] GetSystemMenu (hWnd=0x40218, bRevert=0) returned 0xa008f [0087.199] GetWindowPlacement (in: hWnd=0x40218, lpwndpl=0xcff1cc | out: lpwndpl=0xcff1cc) returned 1 [0087.199] EnableMenuItem (hMenu=0xa008f, uIDEnableItem=0xf020, uEnable=0x0) returned 0 [0087.199] EnableMenuItem (hMenu=0xa008f, uIDEnableItem=0xf030, uEnable=0x0) returned 0 [0087.199] EnableMenuItem (hMenu=0xa008f, uIDEnableItem=0xf060, uEnable=0x0) returned 0 [0087.199] EnableMenuItem (hMenu=0xa008f, uIDEnableItem=0xf120, uEnable=0x1) returned 0 [0087.199] EnableMenuItem (hMenu=0xa008f, uIDEnableItem=0xf000, uEnable=0x0) returned 0 [0087.199] GetClientRect (in: hWnd=0x40218, lpRect=0xcff210 | out: lpRect=0xcff210) returned 1 [0087.199] GetClientRect (in: hWnd=0x40218, lpRect=0xcff170 | out: lpRect=0xcff170) returned 1 [0087.200] GetWindowRect (in: hWnd=0x40218, lpRect=0xcff170 | out: lpRect=0xcff170) returned 1 [0087.200] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x73ed0000 [0087.200] GetWindowLongW (hWnd=0x40218, nIndex=-16) returned 114229248 [0087.200] GetWindowTextLengthW (hWnd=0x40218) returned 5 [0087.200] CallWindowProcW (lpPrevWndFunc=0x77c35690, hWnd=0x40218, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x5 [0087.200] GetSystemMetrics (nIndex=42) returned 0 [0087.201] GetWindowTextW (in: hWnd=0x40218, lpString=0xcff0f4, nMaxCount=6 | out: lpString="shade") returned 5 [0087.201] CallWindowProcW (lpPrevWndFunc=0x77c35690, hWnd=0x40218, Msg=0xd, wParam=0x6, lParam=0xcff0f4) returned 0x5 [0087.201] GetWindowTextLengthW (hWnd=0x40218) returned 5 [0087.201] CallWindowProcW (lpPrevWndFunc=0x77c35690, hWnd=0x40218, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x5 [0087.201] GetSystemMetrics (nIndex=42) returned 0 [0087.201] GetWindowTextW (in: hWnd=0x40218, lpString=0xcff0f4, nMaxCount=6 | out: lpString="shade") returned 5 [0087.201] CallWindowProcW (lpPrevWndFunc=0x77c35690, hWnd=0x40218, Msg=0xd, wParam=0x6, lParam=0xcff0f4) returned 0x5 [0087.201] GetWindowLongW (hWnd=0x40218, nIndex=-16) returned 114229248 [0087.201] GetWindowLongW (hWnd=0x40218, nIndex=-20) returned 328064 [0087.201] SetWindowLongW (hWnd=0x40218, nIndex=-16, dwNewLong=47120384) returned 114229248 [0087.202] CallWindowProcW (lpPrevWndFunc=0x77c35690, hWnd=0x40218, Msg=0x7c, wParam=0xfffffff0, lParam=0xcff16c) returned 0x0 [0087.202] CallWindowProcW (lpPrevWndFunc=0x77c35690, hWnd=0x40218, Msg=0x7d, wParam=0xfffffff0, lParam=0xcff16c) returned 0x0 [0087.205] SetWindowLongW (hWnd=0x40218, nIndex=-20, dwNewLong=327808) returned 328064 [0087.205] CallWindowProcW (lpPrevWndFunc=0x77c35690, hWnd=0x40218, Msg=0x7c, wParam=0xffffffec, lParam=0xcff16c) returned 0x0 [0087.205] CallWindowProcW (lpPrevWndFunc=0x77c35690, hWnd=0x40218, Msg=0x7d, wParam=0xffffffec, lParam=0xcff16c) returned 0x0 [0087.206] SetWindowPos (hWnd=0x40218, hWndInsertAfter=0x0, X=0, Y=0, cx=0, cy=0, uFlags=0x37) returned 1 [0087.206] CallWindowProcW (lpPrevWndFunc=0x77c35690, hWnd=0x40218, Msg=0x46, wParam=0x0, lParam=0xcff184) returned 0x0 [0087.206] CallWindowProcW (lpPrevWndFunc=0x77c35690, hWnd=0x40218, Msg=0x83, wParam=0x1, lParam=0xcff15c) returned 0x0 [0087.208] GetWindowPlacement (in: hWnd=0x40218, lpwndpl=0xcfeeb0 | out: lpwndpl=0xcfeeb0) returned 1 [0087.208] CallWindowProcW (lpPrevWndFunc=0x77c35690, hWnd=0x40218, Msg=0x47, wParam=0x0, lParam=0xcff184) returned 0x0 [0087.208] GetClientRect (in: hWnd=0x40218, lpRect=0xcfee60 | out: lpRect=0xcfee60) returned 1 [0087.208] GetWindowRect (in: hWnd=0x40218, lpRect=0xcfee60 | out: lpRect=0xcfee60) returned 1 [0087.209] RedrawWindow (hWnd=0x40218, lprcUpdate=0x0, hrgnUpdate=0x0, flags=0x85) returned 1 [0087.209] GetSystemMenu (hWnd=0x40218, bRevert=0) returned 0xa008f [0087.209] GetWindowPlacement (in: hWnd=0x40218, lpwndpl=0xcff1bc | out: lpwndpl=0xcff1bc) returned 1 [0087.209] EnableMenuItem (hMenu=0xa008f, uIDEnableItem=0xf020, uEnable=0x0) returned 0 [0087.209] EnableMenuItem (hMenu=0xa008f, uIDEnableItem=0xf030, uEnable=0x0) returned 0 [0087.209] EnableMenuItem (hMenu=0xa008f, uIDEnableItem=0xf060, uEnable=0x0) returned 0 [0087.209] EnableMenuItem (hMenu=0xa008f, uIDEnableItem=0xf120, uEnable=0x1) returned 1 [0087.209] EnableMenuItem (hMenu=0xa008f, uIDEnableItem=0xf000, uEnable=0x0) returned 0 [0087.209] ShowWindow (hWnd=0x40218, nCmdShow=5) returned 0 [0087.209] CallWindowProcW (lpPrevWndFunc=0x77c35690, hWnd=0x40218, Msg=0x18, wParam=0x1, lParam=0x0) returned 0x0 [0087.210] GetWindowTextLengthW (hWnd=0x40218) returned 5 [0087.210] CallWindowProcW (lpPrevWndFunc=0x77c35690, hWnd=0x40218, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x5 [0087.210] GetSystemMetrics (nIndex=42) returned 0 [0087.210] GetWindowTextW (in: hWnd=0x40218, lpString=0xcfedb8, nMaxCount=6 | out: lpString="shade") returned 5 [0087.210] CallWindowProcW (lpPrevWndFunc=0x77c35690, hWnd=0x40218, Msg=0xd, wParam=0x6, lParam=0xcfedb8) returned 0x5 [0087.217] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x73ed0000 [0087.217] GetWindowLongW (hWnd=0x40218, nIndex=-16) returned 114229248 [0087.217] GetWindowTextLengthW (hWnd=0x40218) returned 5 [0087.217] CallWindowProcW (lpPrevWndFunc=0x77c35690, hWnd=0x40218, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x5 [0087.217] GetSystemMetrics (nIndex=42) returned 0 [0087.217] GetWindowTextW (in: hWnd=0x40218, lpString=0xcfec98, nMaxCount=6 | out: lpString="shade") returned 5 [0087.217] CallWindowProcW (lpPrevWndFunc=0x77c35690, hWnd=0x40218, Msg=0xd, wParam=0x6, lParam=0xcfec98) returned 0x5 [0087.217] GetWindowTextLengthW (hWnd=0x40218) returned 5 [0087.217] CallWindowProcW (lpPrevWndFunc=0x77c35690, hWnd=0x40218, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x5 [0087.217] GetSystemMetrics (nIndex=42) returned 0 [0087.217] GetWindowTextW (in: hWnd=0x40218, lpString=0xcfec98, nMaxCount=6 | out: lpString="shade") returned 5 [0087.217] CallWindowProcW (lpPrevWndFunc=0x77c35690, hWnd=0x40218, Msg=0xd, wParam=0x6, lParam=0xcfec98) returned 0x5 [0087.217] GetWindowLongW (hWnd=0x40218, nIndex=-16) returned 114229248 [0087.217] GetWindowLongW (hWnd=0x40218, nIndex=-20) returned 328064 [0087.218] SetWindowLongW (hWnd=0x40218, nIndex=-16, dwNewLong=315555840) returned 114229248 [0087.218] CallWindowProcW (lpPrevWndFunc=0x77c35690, hWnd=0x40218, Msg=0x7c, wParam=0xfffffff0, lParam=0xcfed14) returned 0x0 [0087.230] CallWindowProcW (lpPrevWndFunc=0x77c35690, hWnd=0x40218, Msg=0x7d, wParam=0xfffffff0, lParam=0xcfed14) returned 0x0 [0087.231] SetWindowLongW (hWnd=0x40218, nIndex=-20, dwNewLong=852096) returned 328064 [0087.231] CallWindowProcW (lpPrevWndFunc=0x77c35690, hWnd=0x40218, Msg=0x7c, wParam=0xffffffec, lParam=0xcfed14) returned 0x0 [0087.232] CallWindowProcW (lpPrevWndFunc=0x77c35690, hWnd=0x40218, Msg=0x7d, wParam=0xffffffec, lParam=0xcfed14) returned 0x0 [0087.232] SetWindowPos (hWnd=0x40218, hWndInsertAfter=0x0, X=0, Y=0, cx=0, cy=0, uFlags=0x37) returned 1 [0087.232] CallWindowProcW (lpPrevWndFunc=0x77c35690, hWnd=0x40218, Msg=0x46, wParam=0x0, lParam=0xcfed2c) returned 0x0 [0087.232] CallWindowProcW (lpPrevWndFunc=0x77c35690, hWnd=0x40218, Msg=0x83, wParam=0x1, lParam=0xcfed04) returned 0x0 [0087.259] CallWindowProcW (lpPrevWndFunc=0x77c35690, hWnd=0x40218, Msg=0x85, wParam=0x3904073b, lParam=0x0) returned 0x0 [0087.260] GetWindowPlacement (in: hWnd=0x40218, lpwndpl=0xcfea74 | out: lpwndpl=0xcfea74) returned 1 [0087.260] GetClientRect (in: hWnd=0x40218, lpRect=0xcfea20 | out: lpRect=0xcfea20) returned 1 [0087.260] GetWindowTextLengthW (hWnd=0x40218) returned 5 [0087.260] CallWindowProcW (lpPrevWndFunc=0x77c35690, hWnd=0x40218, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x5 [0087.260] GetSystemMetrics (nIndex=42) returned 0 [0087.261] GetWindowTextW (in: hWnd=0x40218, lpString=0xcfe8ec, nMaxCount=6 | out: lpString="shade") returned 5 [0087.261] CallWindowProcW (lpPrevWndFunc=0x77c35690, hWnd=0x40218, Msg=0xd, wParam=0x6, lParam=0xcfe8ec) returned 0x5 [0087.261] GetClientRect (in: hWnd=0x40218, lpRect=0xcfe928 | out: lpRect=0xcfe928) returned 1 [0087.262] GetSysColor (nIndex=10) returned 0xb4b4b4 [0087.262] GetSysColor (nIndex=2) returned 0xd1b499 [0087.262] GetSysColor (nIndex=9) returned 0x0 [0087.262] GetSysColor (nIndex=12) returned 0xababab [0087.262] GetSysColor (nIndex=15) returned 0xf0f0f0 [0087.262] GetSysColor (nIndex=20) returned 0xffffff [0087.262] GetSysColor (nIndex=16) returned 0xa0a0a0 [0087.262] GetSysColor (nIndex=15) returned 0xf0f0f0 [0087.262] GetSysColor (nIndex=16) returned 0xa0a0a0 [0087.262] GetSysColor (nIndex=21) returned 0x696969 [0087.262] GetSysColor (nIndex=22) returned 0xe3e3e3 [0087.262] GetSysColor (nIndex=20) returned 0xffffff [0087.262] GetSysColor (nIndex=18) returned 0x0 [0087.263] GetSysColor (nIndex=1) returned 0x0 [0087.263] GetSysColor (nIndex=27) returned 0xead1b9 [0087.263] GetSysColor (nIndex=28) returned 0xf2e4d7 [0087.263] GetSysColor (nIndex=17) returned 0x6d6d6d [0087.263] GetSysColor (nIndex=13) returned 0xd77800 [0087.263] GetSysColor (nIndex=14) returned 0xffffff [0087.263] GetSysColor (nIndex=26) returned 0xcc6600 [0087.263] GetSysColor (nIndex=11) returned 0xfcf7f4 [0087.263] GetSysColor (nIndex=3) returned 0xdbcdbf [0087.263] GetSysColor (nIndex=19) returned 0x0 [0087.263] GetSysColor (nIndex=24) returned 0xe1ffff [0087.263] GetSysColor (nIndex=23) returned 0x0 [0087.263] GetSysColor (nIndex=4) returned 0xf0f0f0 [0087.263] GetSysColor (nIndex=30) returned 0xf0f0f0 [0087.263] GetSysColor (nIndex=29) returned 0xd77800 [0087.263] GetSysColor (nIndex=7) returned 0x0 [0087.263] GetSysColor (nIndex=0) returned 0xc8c8c8 [0087.263] GetSysColor (nIndex=5) returned 0xffffff [0087.263] GetSysColor (nIndex=6) returned 0x646464 [0087.263] GetSysColor (nIndex=8) returned 0x0 [0087.267] GetSystemMetrics (nIndex=80) returned 1 [0087.274] EnumDisplayMonitors (hdc=0x0, lprcClip=0x0, lpfnEnum=0x52606ae, dwData=0x0) returned 1 [0087.276] GetMonitorInfoW (in: hMonitor=0x10001, lpmi=0xcfe588 | out: lpmi=0xcfe588) returned 1 [0087.277] CreateDCW (pwszDriver="\\\\.\\DISPLAY1", pwszDevice=0x0, pszPort=0x0, pdm=0x0) returned 0x16010741 [0087.277] GetDeviceCaps (hdc=0x16010741, index=12) returned 32 [0087.277] GetDeviceCaps (hdc=0x16010741, index=14) returned 1 [0087.277] DeleteDC (hdc=0x16010741) returned 1 [0087.278] GetCurrentObject (hdc=0x10105d6, type=0x1) returned 0xb00017 [0087.278] GetCurrentObject (hdc=0x10105d6, type=0x2) returned 0x900010 [0087.278] GetCurrentObject (hdc=0x10105d6, type=0x7) returned 0x260504fb [0087.278] GetCurrentObject (hdc=0x10105d6, type=0x6) returned 0x8a01c2 [0087.278] SaveDC (hdc=0x10105d6) returned 1 [0087.279] GetNearestColor (hdc=0x10105d6, color=0xf0f0f0) returned 0xf0f0f0 [0087.279] CreateSolidBrush (color=0xf0f0f0) returned 0x2b100677 [0087.280] FillRect (hDC=0x10105d6, lprc=0xcfe7c8, hbr=0x2b100677) returned 1 [0087.281] DeleteObject (ho=0x2b100677) returned 1 [0087.281] RestoreDC (hdc=0x10105d6, nSavedDC=-1) returned 1 [0087.298] GetWindowPlacement (in: hWnd=0x40218, lpwndpl=0xcfea58 | out: lpwndpl=0xcfea58) returned 1 [0087.298] CallWindowProcW (lpPrevWndFunc=0x77c35690, hWnd=0x40218, Msg=0x47, wParam=0x0, lParam=0xcfed2c) returned 0x0 [0087.298] GetClientRect (in: hWnd=0x40218, lpRect=0xcfea08 | out: lpRect=0xcfea08) returned 1 [0087.298] GetWindowRect (in: hWnd=0x40218, lpRect=0xcfea08 | out: lpRect=0xcfea08) returned 1 [0087.299] RedrawWindow (hWnd=0x40218, lprcUpdate=0x0, hrgnUpdate=0x0, flags=0x85) returned 1 [0087.299] GetSystemMenu (hWnd=0x40218, bRevert=0) returned 0xa008f [0087.299] GetWindowPlacement (in: hWnd=0x40218, lpwndpl=0xcfed60 | out: lpwndpl=0xcfed60) returned 1 [0087.299] EnableMenuItem (hMenu=0xa008f, uIDEnableItem=0xf020, uEnable=0x0) returned 0 [0087.299] EnableMenuItem (hMenu=0xa008f, uIDEnableItem=0xf030, uEnable=0x0) returned 0 [0087.299] EnableMenuItem (hMenu=0xa008f, uIDEnableItem=0xf060, uEnable=0x0) returned 0 [0087.299] EnableMenuItem (hMenu=0xa008f, uIDEnableItem=0xf120, uEnable=0x1) returned 1 [0087.299] EnableMenuItem (hMenu=0xa008f, uIDEnableItem=0xf000, uEnable=0x0) returned 0 [0087.303] SetLayeredWindowAttributes (hwnd=0x40218, crKey=0x0, bAlpha=0x0, dwFlags=0x2) returned 1 [0087.306] GetCurrentThreadId () returned 0x344 [0087.310] EnumThreadWindows (dwThreadId=0x344, lpfn=0x52606d6, lParam=0x40218) returned 1 [0087.364] GetWindowLongW (hWnd=0x4021e, nIndex=-8) returned 0 [0087.364] GetWindowLongW (hWnd=0x40218, nIndex=-8) returned 0 [0087.364] GetWindowLongW (hWnd=0x40220, nIndex=-8) returned 262680 [0087.394] SetWindowLongW (hWnd=0x40220, nIndex=-8, dwNewLong=0) returned 262680 [0087.398] GetParent (hWnd=0x40218) returned 0x0 [0087.398] GetWindowLongW (hWnd=0x40218, nIndex=-20) returned 852352 [0087.398] DestroyWindow (hWnd=0x40218) returned 1 [0087.398] CallWindowProcW (lpPrevWndFunc=0x77c35690, hWnd=0x40218, Msg=0x90, wParam=0x0, lParam=0x0) returned 0x0 [0087.398] CallWindowProcW (lpPrevWndFunc=0x77c35690, hWnd=0x40218, Msg=0x46, wParam=0x0, lParam=0xcfec5c) returned 0x0 [0087.401] GetWindowPlacement (in: hWnd=0x40218, lpwndpl=0xcfe988 | out: lpwndpl=0xcfe988) returned 1 [0087.401] CallWindowProcW (lpPrevWndFunc=0x77c35690, hWnd=0x40218, Msg=0x47, wParam=0x0, lParam=0xcfec5c) returned 0x0 [0087.401] GetClientRect (in: hWnd=0x40218, lpRect=0xcfe938 | out: lpRect=0xcfe938) returned 1 [0087.401] GetWindowRect (in: hWnd=0x40218, lpRect=0xcfe938 | out: lpRect=0xcfe938) returned 1 [0087.402] GetWindowTextLengthW (hWnd=0x40218) returned 5 [0087.402] CallWindowProcW (lpPrevWndFunc=0x77c35690, hWnd=0x40218, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x5 [0087.402] GetSystemMetrics (nIndex=42) returned 0 [0087.402] GetWindowTextW (in: hWnd=0x40218, lpString=0xcfe868, nMaxCount=6 | out: lpString="shade") returned 5 [0087.402] CallWindowProcW (lpPrevWndFunc=0x77c35690, hWnd=0x40218, Msg=0xd, wParam=0x6, lParam=0xcfe868) returned 0x5 [0087.403] CallWindowProcW (lpPrevWndFunc=0x77c35690, hWnd=0x40218, Msg=0x2, wParam=0x0, lParam=0x0) returned 0x0 [0087.403] CallWindowProcW (lpPrevWndFunc=0x77c35690, hWnd=0x40218, Msg=0x82, wParam=0x0, lParam=0x0) returned 0x0 [0087.408] GetCurrentActCtx (in: lphActCtx=0xcfecc0 | out: lphActCtx=0xcfecc0*=0xfdf9cc) returned 1 [0087.409] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x73ed0000 [0087.409] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0087.409] CreateWindowExW (dwExStyle=0x90080, lpClassName="WindowsForms10.Window.8.app.0.141b42a_r9_ad1", lpWindowName="shade", dwStyle=0x2cf0000, X=208, Y=208, nWidth=168, nHeight=112, hWndParent=0x0, hMenu=0x0, hInstance=0x400000, lpParam=0x0) returned 0x30226 [0087.409] SetWindowLongW (hWnd=0x30226, nIndex=-4, dwNewLong=2009290384) returned 86377918 [0087.409] GetWindowLongW (hWnd=0x30226, nIndex=-4) returned 2009290384 [0087.410] SetWindowLongW (hWnd=0x30226, nIndex=-4, dwNewLong=86378238) returned 2009290384 [0087.410] GetWindowLongW (hWnd=0x30226, nIndex=-4) returned 86378238 [0087.410] GetWindowLongW (hWnd=0x30226, nIndex=-16) returned 114229248 [0087.411] CallWindowProcW (lpPrevWndFunc=0x77c35690, hWnd=0x30226, Msg=0x81, wParam=0x0, lParam=0xcfe6e0) returned 0x1 [0087.411] CallWindowProcW (lpPrevWndFunc=0x77c35690, hWnd=0x30226, Msg=0x83, wParam=0x0, lParam=0xcfe6cc) returned 0x0 [0087.412] CallWindowProcW (lpPrevWndFunc=0x77c35690, hWnd=0x30226, Msg=0x1, wParam=0x0, lParam=0xcfe6e0) returned 0x0 [0087.412] GetClientRect (in: hWnd=0x30226, lpRect=0xcfe398 | out: lpRect=0xcfe398) returned 1 [0087.412] GetWindowRect (in: hWnd=0x30226, lpRect=0xcfe398 | out: lpRect=0xcfe398) returned 1 [0087.412] SetWindowTextW (hWnd=0x30226, lpString="shade") returned 1 [0087.412] CallWindowProcW (lpPrevWndFunc=0x77c35690, hWnd=0x30226, Msg=0xc, wParam=0x0, lParam=0x2bdb23c) returned 0x1 [0087.412] SetLayeredWindowAttributes (hwnd=0x30226, crKey=0x0, bAlpha=0x0, dwFlags=0x2) returned 1 [0087.414] GetStartupInfoW (in: lpStartupInfo=0x2bdb50c | out: lpStartupInfo=0x2bdb50c*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="fatura.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0)) [0087.415] GetParent (hWnd=0x30226) returned 0x0 [0087.415] GetStockObject (i=5) returned 0x900015 [0087.415] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0087.416] CoTaskMemAlloc (cb=0x5a) returned 0xfed8d8 [0087.416] RegisterClassW (lpWndClass=0xcfeb9c) returned 0xc186 [0087.418] CoTaskMemFree (pv=0xfed8d8) [0087.418] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0087.418] CreateWindowExW (dwExStyle=0x80, lpClassName="WindowsForms10.Window.0.app.0.141b42a_r9_ad1", lpWindowName=0x0, dwStyle=0x0, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0x0, hMenu=0x0, hInstance=0x400000, lpParam=0x0) returned 0x4021c [0087.419] SetWindowLongW (hWnd=0x4021c, nIndex=-4, dwNewLong=2009290384) returned 86378278 [0087.419] GetWindowLongW (hWnd=0x4021c, nIndex=-4) returned 2009290384 [0087.419] SetWindowLongW (hWnd=0x4021c, nIndex=-4, dwNewLong=86378318) returned 2009290384 [0087.419] GetWindowLongW (hWnd=0x4021c, nIndex=-4) returned 86378318 [0087.419] GetWindowLongW (hWnd=0x4021c, nIndex=-16) returned 79691776 [0087.420] CallWindowProcW (lpPrevWndFunc=0x77c35690, hWnd=0x4021c, Msg=0x24, wParam=0x0, lParam=0xcfe714) returned 0x0 [0087.421] CallWindowProcW (lpPrevWndFunc=0x77c35690, hWnd=0x4021c, Msg=0x81, wParam=0x0, lParam=0xcfe708) returned 0x1 [0087.421] CallWindowProcW (lpPrevWndFunc=0x77c35690, hWnd=0x4021c, Msg=0x83, wParam=0x0, lParam=0xcfe6f4) returned 0x0 [0087.422] CallWindowProcW (lpPrevWndFunc=0x77c35690, hWnd=0x4021c, Msg=0x1, wParam=0x0, lParam=0xcfe708) returned 0x0 [0087.422] SetWindowLongW (hWnd=0x30226, nIndex=-8, dwNewLong=262684) returned 0 [0087.424] SendMessageW (hWnd=0x30226, Msg=0x80, wParam=0x0, lParam=0x140205) returned 0x0 [0087.424] CallWindowProcW (lpPrevWndFunc=0x77c35690, hWnd=0x30226, Msg=0x80, wParam=0x0, lParam=0x140205) returned 0x0 [0087.424] SendMessageW (hWnd=0x30226, Msg=0x80, wParam=0x1, lParam=0xb0121) returned 0x0 [0087.424] CallWindowProcW (lpPrevWndFunc=0x77c35690, hWnd=0x30226, Msg=0x80, wParam=0x1, lParam=0xb0121) returned 0x0 [0087.473] GetSystemMenu (hWnd=0x30226, bRevert=0) returned 0xb008f [0087.474] GetWindowPlacement (in: hWnd=0x30226, lpwndpl=0xcfecd0 | out: lpwndpl=0xcfecd0) returned 1 [0087.474] EnableMenuItem (hMenu=0xb008f, uIDEnableItem=0xf020, uEnable=0x0) returned 0 [0087.474] EnableMenuItem (hMenu=0xb008f, uIDEnableItem=0xf030, uEnable=0x0) returned 0 [0087.474] EnableMenuItem (hMenu=0xb008f, uIDEnableItem=0xf060, uEnable=0x0) returned 0 [0087.474] EnableMenuItem (hMenu=0xb008f, uIDEnableItem=0xf120, uEnable=0x1) returned 0 [0087.474] EnableMenuItem (hMenu=0xb008f, uIDEnableItem=0xf000, uEnable=0x0) returned 0 [0087.474] GetClientRect (in: hWnd=0x30226, lpRect=0xcfed14 | out: lpRect=0xcfed14) returned 1 [0087.474] GetClientRect (in: hWnd=0x30226, lpRect=0xcfec74 | out: lpRect=0xcfec74) returned 1 [0087.474] GetWindowRect (in: hWnd=0x30226, lpRect=0xcfec74 | out: lpRect=0xcfec74) returned 1 [0087.474] SetWindowPos (hWnd=0x30226, hWndInsertAfter=0x0, X=0, Y=0, cx=0, cy=0, uFlags=0x57) returned 1 [0087.474] CallWindowProcW (lpPrevWndFunc=0x77c35690, hWnd=0x30226, Msg=0x46, wParam=0x0, lParam=0xcfebdc) returned 0x0 [0087.484] CallWindowProcW (lpPrevWndFunc=0x77c35690, hWnd=0x30226, Msg=0x85, wParam=0x1, lParam=0x0) returned 0x0 [0087.485] GetWindowPlacement (in: hWnd=0x30226, lpwndpl=0xcfe924 | out: lpwndpl=0xcfe924) returned 1 [0087.485] GetClientRect (in: hWnd=0x30226, lpRect=0xcfe8d0 | out: lpRect=0xcfe8d0) returned 1 [0087.486] GetWindowTextLengthW (hWnd=0x30226) returned 5 [0087.486] CallWindowProcW (lpPrevWndFunc=0x77c35690, hWnd=0x30226, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x5 [0087.486] GetSystemMetrics (nIndex=42) returned 0 [0087.486] GetWindowTextW (in: hWnd=0x30226, lpString=0xcfe79c, nMaxCount=6 | out: lpString="shade") returned 5 [0087.486] CallWindowProcW (lpPrevWndFunc=0x77c35690, hWnd=0x30226, Msg=0xd, wParam=0x6, lParam=0xcfe79c) returned 0x5 [0087.486] GetClientRect (in: hWnd=0x30226, lpRect=0xcfe7d8 | out: lpRect=0xcfe7d8) returned 1 [0087.486] GetCurrentObject (hdc=0x1b0106f5, type=0x1) returned 0xb00017 [0087.486] GetCurrentObject (hdc=0x1b0106f5, type=0x2) returned 0x900010 [0087.486] GetCurrentObject (hdc=0x1b0106f5, type=0x7) returned 0x32050730 [0087.486] GetCurrentObject (hdc=0x1b0106f5, type=0x6) returned 0x8a01c2 [0087.486] SaveDC (hdc=0x1b0106f5) returned 1 [0087.486] GetNearestColor (hdc=0x1b0106f5, color=0xf0f0f0) returned 0xf0f0f0 [0087.486] CreateSolidBrush (color=0xf0f0f0) returned 0x2c100677 [0087.486] FillRect (hDC=0x1b0106f5, lprc=0xcfe678, hbr=0x2c100677) returned 1 [0087.486] DeleteObject (ho=0x2c100677) returned 1 [0087.486] RestoreDC (hdc=0x1b0106f5, nSavedDC=-1) returned 1 [0087.486] GetWindowPlacement (in: hWnd=0x30226, lpwndpl=0xcfe908 | out: lpwndpl=0xcfe908) returned 1 [0087.487] CallWindowProcW (lpPrevWndFunc=0x77c35690, hWnd=0x30226, Msg=0x47, wParam=0x0, lParam=0xcfebdc) returned 0x0 [0087.487] GetClientRect (in: hWnd=0x30226, lpRect=0xcfe8b8 | out: lpRect=0xcfe8b8) returned 1 [0087.487] GetWindowRect (in: hWnd=0x30226, lpRect=0xcfe8b8 | out: lpRect=0xcfe8b8) returned 1 [0087.489] CallWindowProcW (lpPrevWndFunc=0x77c35690, hWnd=0x30226, Msg=0x83, wParam=0x1, lParam=0xcfe6f4) returned 0x0 [0087.490] CallWindowProcW (lpPrevWndFunc=0x77c35690, hWnd=0x30226, Msg=0x85, wParam=0x1, lParam=0x0) returned 0x0 [0087.492] GetWindowPlacement (in: hWnd=0x30226, lpwndpl=0xcfe464 | out: lpwndpl=0xcfe464) returned 1 [0087.492] GetClientRect (in: hWnd=0x30226, lpRect=0xcfe410 | out: lpRect=0xcfe410) returned 1 [0087.492] GetWindowTextLengthW (hWnd=0x30226) returned 5 [0087.492] CallWindowProcW (lpPrevWndFunc=0x77c35690, hWnd=0x30226, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x5 [0087.492] GetSystemMetrics (nIndex=42) returned 0 [0087.492] GetWindowTextW (in: hWnd=0x30226, lpString=0xcfe2dc, nMaxCount=6 | out: lpString="shade") returned 5 [0087.492] CallWindowProcW (lpPrevWndFunc=0x77c35690, hWnd=0x30226, Msg=0xd, wParam=0x6, lParam=0xcfe2dc) returned 0x5 [0087.492] GetClientRect (in: hWnd=0x30226, lpRect=0xcfe318 | out: lpRect=0xcfe318) returned 1 [0087.492] GetCurrentObject (hdc=0x60100ce, type=0x1) returned 0xb00017 [0087.492] GetCurrentObject (hdc=0x60100ce, type=0x2) returned 0x900010 [0087.492] GetCurrentObject (hdc=0x60100ce, type=0x7) returned 0x32050730 [0087.492] GetCurrentObject (hdc=0x60100ce, type=0x6) returned 0x8a01c2 [0087.492] SaveDC (hdc=0x60100ce) returned 1 [0087.492] GetNearestColor (hdc=0x60100ce, color=0xf0f0f0) returned 0xf0f0f0 [0087.493] CreateSolidBrush (color=0xf0f0f0) returned 0x2d100677 [0087.493] FillRect (hDC=0x60100ce, lprc=0xcfe1b8, hbr=0x2d100677) returned 1 [0087.493] DeleteObject (ho=0x2d100677) returned 1 [0087.493] RestoreDC (hdc=0x60100ce, nSavedDC=-1) returned 1 [0087.493] SetWindowLongW (hWnd=0x30226, nIndex=-8, dwNewLong=262684) returned 262684 [0087.494] SendMessageW (hWnd=0x4021c, Msg=0x80, wParam=0x1, lParam=0xb0121) returned 0x0 [0087.494] CallWindowProcW (lpPrevWndFunc=0x77c35690, hWnd=0x4021c, Msg=0x80, wParam=0x1, lParam=0xb0121) returned 0x0 [0087.496] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x73ed0000 [0087.496] GetWindowLongW (hWnd=0x30226, nIndex=-16) returned 382664704 [0087.496] GetWindowTextLengthW (hWnd=0x30226) returned 5 [0087.496] CallWindowProcW (lpPrevWndFunc=0x77c35690, hWnd=0x30226, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x5 [0087.496] GetSystemMetrics (nIndex=42) returned 0 [0087.496] GetWindowTextW (in: hWnd=0x30226, lpString=0xcfebf8, nMaxCount=6 | out: lpString="shade") returned 5 [0087.496] CallWindowProcW (lpPrevWndFunc=0x77c35690, hWnd=0x30226, Msg=0xd, wParam=0x6, lParam=0xcfebf8) returned 0x5 [0087.496] GetWindowTextLengthW (hWnd=0x30226) returned 5 [0087.496] CallWindowProcW (lpPrevWndFunc=0x77c35690, hWnd=0x30226, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x5 [0087.496] GetSystemMetrics (nIndex=42) returned 0 [0087.496] GetWindowTextW (in: hWnd=0x30226, lpString=0xcfebf8, nMaxCount=6 | out: lpString="shade") returned 5 [0087.496] CallWindowProcW (lpPrevWndFunc=0x77c35690, hWnd=0x30226, Msg=0xd, wParam=0x6, lParam=0xcfebf8) returned 0x5 [0087.497] GetWindowLongW (hWnd=0x30226, nIndex=-16) returned 382664704 [0087.497] GetWindowLongW (hWnd=0x30226, nIndex=-20) returned 590208 [0087.497] SetWindowLongW (hWnd=0x30226, nIndex=-16, dwNewLong=315555840) returned 382664704 [0087.497] CallWindowProcW (lpPrevWndFunc=0x77c35690, hWnd=0x30226, Msg=0x7c, wParam=0xfffffff0, lParam=0xcfec74) returned 0x0 [0087.497] CallWindowProcW (lpPrevWndFunc=0x77c35690, hWnd=0x30226, Msg=0x7d, wParam=0xfffffff0, lParam=0xcfec74) returned 0x0 [0087.498] SetWindowLongW (hWnd=0x30226, nIndex=-20, dwNewLong=589952) returned 590208 [0087.498] CallWindowProcW (lpPrevWndFunc=0x77c35690, hWnd=0x30226, Msg=0x7c, wParam=0xffffffec, lParam=0xcfec74) returned 0x0 [0087.498] CallWindowProcW (lpPrevWndFunc=0x77c35690, hWnd=0x30226, Msg=0x7d, wParam=0xffffffec, lParam=0xcfec74) returned 0x0 [0087.498] SetWindowPos (hWnd=0x30226, hWndInsertAfter=0x0, X=0, Y=0, cx=0, cy=0, uFlags=0x37) returned 1 [0087.499] CallWindowProcW (lpPrevWndFunc=0x77c35690, hWnd=0x30226, Msg=0x46, wParam=0x0, lParam=0xcfec8c) returned 0x0 [0087.500] CallWindowProcW (lpPrevWndFunc=0x77c35690, hWnd=0x30226, Msg=0x83, wParam=0x1, lParam=0xcfec64) returned 0x0 [0087.501] CallWindowProcW (lpPrevWndFunc=0x77c35690, hWnd=0x30226, Msg=0x85, wParam=0x1, lParam=0x0) returned 0x0 [0087.502] GetWindowPlacement (in: hWnd=0x30226, lpwndpl=0xcfe9d4 | out: lpwndpl=0xcfe9d4) returned 1 [0087.502] GetClientRect (in: hWnd=0x30226, lpRect=0xcfe980 | out: lpRect=0xcfe980) returned 1 [0087.502] GetWindowTextLengthW (hWnd=0x30226) returned 5 [0087.502] CallWindowProcW (lpPrevWndFunc=0x77c35690, hWnd=0x30226, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x5 [0087.502] GetSystemMetrics (nIndex=42) returned 0 [0087.502] GetWindowTextW (in: hWnd=0x30226, lpString=0xcfe84c, nMaxCount=6 | out: lpString="shade") returned 5 [0087.502] CallWindowProcW (lpPrevWndFunc=0x77c35690, hWnd=0x30226, Msg=0xd, wParam=0x6, lParam=0xcfe84c) returned 0x5 [0087.502] GetClientRect (in: hWnd=0x30226, lpRect=0xcfe888 | out: lpRect=0xcfe888) returned 1 [0087.502] GetCurrentObject (hdc=0x1b0106f5, type=0x1) returned 0xb00017 [0087.502] GetCurrentObject (hdc=0x1b0106f5, type=0x2) returned 0x900010 [0087.502] GetCurrentObject (hdc=0x1b0106f5, type=0x7) returned 0x32050730 [0087.502] GetCurrentObject (hdc=0x1b0106f5, type=0x6) returned 0x8a01c2 [0087.503] SaveDC (hdc=0x1b0106f5) returned 1 [0087.503] GetNearestColor (hdc=0x1b0106f5, color=0xf0f0f0) returned 0xf0f0f0 [0087.503] CreateSolidBrush (color=0xf0f0f0) returned 0x2e100677 [0087.503] FillRect (hDC=0x1b0106f5, lprc=0xcfe728, hbr=0x2e100677) returned 1 [0087.503] DeleteObject (ho=0x2e100677) returned 1 [0087.503] RestoreDC (hdc=0x1b0106f5, nSavedDC=-1) returned 1 [0087.503] GetWindowPlacement (in: hWnd=0x30226, lpwndpl=0xcfe9b8 | out: lpwndpl=0xcfe9b8) returned 1 [0087.503] CallWindowProcW (lpPrevWndFunc=0x77c35690, hWnd=0x30226, Msg=0x47, wParam=0x0, lParam=0xcfec8c) returned 0x0 [0087.503] GetClientRect (in: hWnd=0x30226, lpRect=0xcfe968 | out: lpRect=0xcfe968) returned 1 [0087.503] GetWindowRect (in: hWnd=0x30226, lpRect=0xcfe968 | out: lpRect=0xcfe968) returned 1 [0087.504] RedrawWindow (hWnd=0x30226, lprcUpdate=0x0, hrgnUpdate=0x0, flags=0x85) returned 1 [0087.504] GetSystemMenu (hWnd=0x30226, bRevert=0) returned 0xb008f [0087.504] GetWindowPlacement (in: hWnd=0x30226, lpwndpl=0xcfecc0 | out: lpwndpl=0xcfecc0) returned 1 [0087.504] EnableMenuItem (hMenu=0xb008f, uIDEnableItem=0xf020, uEnable=0x0) returned 0 [0087.504] EnableMenuItem (hMenu=0xb008f, uIDEnableItem=0xf030, uEnable=0x0) returned 0 [0087.504] EnableMenuItem (hMenu=0xb008f, uIDEnableItem=0xf060, uEnable=0x0) returned 0 [0087.504] EnableMenuItem (hMenu=0xb008f, uIDEnableItem=0xf120, uEnable=0x1) returned 1 [0087.504] EnableMenuItem (hMenu=0xb008f, uIDEnableItem=0xf000, uEnable=0x0) returned 0 [0087.504] SetWindowLongW (hWnd=0x40220, nIndex=-8, dwNewLong=197158) returned 262686 [0087.526] GetFullPathNameW (in: lpFileName="C:\\FD1HVy\\The1234", nBufferLength=0x105, lpBuffer=0xcfe844, lpFilePart=0x0 | out: lpBuffer="C:\\FD1HVy\\The1234", lpFilePart=0x0) returned 0x11 [0087.526] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfecf4) returned 1 [0087.526] GetFileAttributesExW (in: lpFileName="C:\\FD1HVy\\The1234" (normalized: "c:\\fd1hvy\\the1234"), fInfoLevelId=0x0, lpFileInformation=0xcfed70 | out: lpFileInformation=0xcfed70*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0087.526] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfecf0) returned 1 [0087.526] GetFullPathNameW (in: lpFileName="C:\\FD1HVy\\The1234", nBufferLength=0x105, lpBuffer=0xcfe84c, lpFilePart=0x0 | out: lpBuffer="C:\\FD1HVy\\The1234", lpFilePart=0x0) returned 0x11 [0087.526] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfec88) returned 1 [0087.527] GetFileAttributesExW (in: lpFileName="C:\\FD1HVy\\The1234" (normalized: "c:\\fd1hvy\\the1234"), fInfoLevelId=0x0, lpFileInformation=0xcfed04 | out: lpFileInformation=0xcfed04*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0087.527] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfec84) returned 1 [0087.527] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfec88) returned 1 [0087.527] GetFileAttributesExW (in: lpFileName="C:\\FD1HVy\\The1234" (normalized: "c:\\fd1hvy\\the1234"), fInfoLevelId=0x0, lpFileInformation=0xcfed04 | out: lpFileInformation=0xcfed04*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0087.527] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfec84) returned 1 [0087.527] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfec88) returned 1 [0087.527] GetFileAttributesExW (in: lpFileName="C:\\FD1HVy" (normalized: "c:\\fd1hvy"), fInfoLevelId=0x0, lpFileInformation=0xcfed04 | out: lpFileInformation=0xcfed04*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0087.527] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfec84) returned 1 [0087.533] CreateDirectoryW (lpPathName="C:\\FD1HVy" (normalized: "c:\\fd1hvy"), lpSecurityAttributes=0x0) returned 1 [0087.533] CreateDirectoryW (lpPathName="C:\\FD1HVy\\The1234" (normalized: "c:\\fd1hvy\\the1234"), lpSecurityAttributes=0x0) returned 1 [0087.534] GetCurrentProcessId () returned 0x2ac [0087.535] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeDebugPrivilege", lpLuid=0xcfe67c | out: lpLuid=0xcfe67c*(LowPart=0x14, HighPart=0)) returned 1 [0087.537] GetCurrentProcess () returned 0xffffffff [0087.537] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x20, TokenHandle=0xcfe678 | out: TokenHandle=0xcfe678*=0x338) returned 1 [0087.538] AdjustTokenPrivileges (in: TokenHandle=0x338, DisableAllPrivileges=0, NewState=0x2bdc334*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1 [0087.538] CloseHandle (hObject=0x338) returned 1 [0087.545] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3bd7dd8, Length=0x20000, ResultLength=0xcfed64 | out: SystemInformation=0x3bd7dd8, ResultLength=0xcfed64*=0x14d60) returned 0x0 [0087.570] CoTaskMemAlloc (cb=0x20e) returned 0x1011ce0 [0087.570] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x1011ce0 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Temp") returned 0x22 [0087.571] CoTaskMemFree (pv=0x1011ce0) [0087.576] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\fatura.exe", nBufferLength=0x105, lpBuffer=0xcfe858, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\fatura.exe", lpFilePart=0x0) returned 0x2d [0087.576] GetFullPathNameW (in: lpFileName="C:\\FD1HVy\\The1234\\local.exe", nBufferLength=0x105, lpBuffer=0xcfe858, lpFilePart=0x0 | out: lpBuffer="C:\\FD1HVy\\The1234\\local.exe", lpFilePart=0x0) returned 0x1b [0087.576] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfed0c) returned 1 [0087.576] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\fatura.exe" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\fatura.exe"), fInfoLevelId=0x0, lpFileInformation=0xcfed88 | out: lpFileInformation=0xcfed88*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7123ba45, ftCreationTime.dwHighDateTime=0x1d57301, ftLastAccessTime.dwLowDateTime=0x7123ba45, ftLastAccessTime.dwHighDateTime=0x1d57301, ftLastWriteTime.dwLowDateTime=0x768e25fb, ftLastWriteTime.dwHighDateTime=0x1d56d81, nFileSizeHigh=0x0, nFileSizeLow=0xb1200)) returned 1 [0087.576] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfed08) returned 1 [0087.578] MoveFileW (lpExistingFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\fatura.exe" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\fatura.exe"), lpNewFileName="C:\\FD1HVy\\The1234\\local.exe" (normalized: "c:\\fd1hvy\\the1234\\local.exe")) returned 1 [0087.620] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfecb8) returned 1 [0087.622] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop", nBufferLength=0x105, lpBuffer=0xcfe76c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop", lpFilePart=0x0) returned 0x17 [0087.622] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\*", lpFindFileData=0xcfe9e0 | out: lpFindFileData=0xcfe9e0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x3476bd48, ftCreationTime.dwHighDateTime=0x1d32722, ftLastAccessTime.dwLowDateTime=0x515f2e6c, ftLastAccessTime.dwHighDateTime=0x1d57301, ftLastWriteTime.dwLowDateTime=0x515f2e6c, ftLastWriteTime.dwHighDateTime=0x1d57301, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xfe6060 [0087.623] FindNextFileW (in: hFindFile=0xfe6060, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x3476bd48, ftCreationTime.dwHighDateTime=0x1d32722, ftLastAccessTime.dwLowDateTime=0x515f2e6c, ftLastAccessTime.dwHighDateTime=0x1d57301, ftLastWriteTime.dwLowDateTime=0x515f2e6c, ftLastWriteTime.dwHighDateTime=0x1d57301, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0087.624] FindNextFileW (in: hFindFile=0xfe6060, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf6df6c00, ftCreationTime.dwHighDateTime=0x1d4c8ff, ftLastAccessTime.dwLowDateTime=0x7f8f4ef0, ftLastAccessTime.dwHighDateTime=0x1d4d4e3, ftLastWriteTime.dwLowDateTime=0x7f8f4ef0, ftLastWriteTime.dwHighDateTime=0x1d4d4e3, nFileSizeHigh=0x0, nFileSizeLow=0x15f99, dwReserved0=0x0, dwReserved1=0x0, cFileName="1uiG9tEKao-CdI8b.flv", cAlternateFileName="1UIG9T~1.FLV")) returned 1 [0087.625] FindNextFileW (in: hFindFile=0xfe6060, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xaea41d50, ftCreationTime.dwHighDateTime=0x1d4c8af, ftLastAccessTime.dwLowDateTime=0x9c88a120, ftLastAccessTime.dwHighDateTime=0x1d4d16c, ftLastWriteTime.dwLowDateTime=0x9c88a120, ftLastWriteTime.dwHighDateTime=0x1d4d16c, nFileSizeHigh=0x0, nFileSizeLow=0x13e2a, dwReserved0=0x0, dwReserved1=0x0, cFileName="42TxdJ1y5Teq5CEIz.wav", cAlternateFileName="42TXDJ~1.WAV")) returned 1 [0087.625] FindNextFileW (in: hFindFile=0xfe6060, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x46f63600, ftCreationTime.dwHighDateTime=0x1d57301, ftLastAccessTime.dwLowDateTime=0x46f63600, ftLastAccessTime.dwHighDateTime=0x1d57301, ftLastWriteTime.dwLowDateTime=0x4493dc00, ftLastWriteTime.dwHighDateTime=0x1d57301, nFileSizeHigh=0x0, nFileSizeLow=0x11aa19, dwReserved0=0x0, dwReserved1=0x0, cFileName="454364vodafone-e-fatura.exe", cAlternateFileName="454364~1.EXE")) returned 1 [0087.625] FindNextFileW (in: hFindFile=0xfe6060, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3ccc4e30, ftCreationTime.dwHighDateTime=0x1d4d4d2, ftLastAccessTime.dwLowDateTime=0x65da9560, ftLastAccessTime.dwHighDateTime=0x1d4cfd3, ftLastWriteTime.dwLowDateTime=0x65da9560, ftLastWriteTime.dwHighDateTime=0x1d4cfd3, nFileSizeHigh=0x0, nFileSizeLow=0x85d8, dwReserved0=0x0, dwReserved1=0x0, cFileName="7cYIG7R_Bg.csv", cAlternateFileName="7CYIG7~1.CSV")) returned 1 [0087.625] FindNextFileW (in: hFindFile=0xfe6060, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa2fbd9f0, ftCreationTime.dwHighDateTime=0x1d4cf73, ftLastAccessTime.dwLowDateTime=0x37106840, ftLastAccessTime.dwHighDateTime=0x1d4cc27, ftLastWriteTime.dwLowDateTime=0x37106840, ftLastWriteTime.dwHighDateTime=0x1d4cc27, nFileSizeHigh=0x0, nFileSizeLow=0xaed9, dwReserved0=0x0, dwReserved1=0x0, cFileName="7ZIEneEWitQXloMb.mkv", cAlternateFileName="7ZIENE~1.MKV")) returned 1 [0087.625] FindNextFileW (in: hFindFile=0xfe6060, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x471cf3a0, ftCreationTime.dwHighDateTime=0x1d4d2aa, ftLastAccessTime.dwLowDateTime=0x71be5080, ftLastAccessTime.dwHighDateTime=0x1d4c761, ftLastWriteTime.dwLowDateTime=0x71be5080, ftLastWriteTime.dwHighDateTime=0x1d4c761, nFileSizeHigh=0x0, nFileSizeLow=0xa815, dwReserved0=0x0, dwReserved1=0x0, cFileName="9i094uEf.m4a", cAlternateFileName="")) returned 1 [0087.626] FindNextFileW (in: hFindFile=0xfe6060, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3495ef90, ftCreationTime.dwHighDateTime=0x1d4cede, ftLastAccessTime.dwLowDateTime=0xbd1b9850, ftLastAccessTime.dwHighDateTime=0x1d4cf07, ftLastWriteTime.dwLowDateTime=0xbd1b9850, ftLastWriteTime.dwHighDateTime=0x1d4cf07, nFileSizeHigh=0x0, nFileSizeLow=0x165cc, dwReserved0=0x0, dwReserved1=0x0, cFileName="9VuxeAuC.gif", cAlternateFileName="")) returned 1 [0087.626] FindNextFileW (in: hFindFile=0xfe6060, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf3710cd0, ftCreationTime.dwHighDateTime=0x1d4ccbb, ftLastAccessTime.dwLowDateTime=0xdc888070, ftLastAccessTime.dwHighDateTime=0x1d4c84c, ftLastWriteTime.dwLowDateTime=0xdc888070, ftLastWriteTime.dwHighDateTime=0x1d4c84c, nFileSizeHigh=0x0, nFileSizeLow=0x3ce5, dwReserved0=0x0, dwReserved1=0x0, cFileName="aaEh1XjueF.png", cAlternateFileName="AAEH1X~1.PNG")) returned 1 [0087.626] FindNextFileW (in: hFindFile=0xfe6060, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x701b9e30, ftCreationTime.dwHighDateTime=0x1d4cece, ftLastAccessTime.dwLowDateTime=0xc0bf6d10, ftLastAccessTime.dwHighDateTime=0x1d4cc14, ftLastWriteTime.dwLowDateTime=0xc0bf6d10, ftLastWriteTime.dwHighDateTime=0x1d4cc14, nFileSizeHigh=0x0, nFileSizeLow=0x1367f, dwReserved0=0x0, dwReserved1=0x0, cFileName="AcxbjLr4LDb.jpg", cAlternateFileName="ACXBJL~1.JPG")) returned 1 [0087.626] FindNextFileW (in: hFindFile=0xfe6060, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3bdc1760, ftCreationTime.dwHighDateTime=0x1d4d5ba, ftLastAccessTime.dwLowDateTime=0x64b0d8f0, ftLastAccessTime.dwHighDateTime=0x1d4ca21, ftLastWriteTime.dwLowDateTime=0x64b0d8f0, ftLastWriteTime.dwHighDateTime=0x1d4ca21, nFileSizeHigh=0x0, nFileSizeLow=0xc1b1, dwReserved0=0x0, dwReserved1=0x0, cFileName="aLZ8SjeBW.ots", cAlternateFileName="ALZ8SJ~1.OTS")) returned 1 [0087.626] FindNextFileW (in: hFindFile=0xfe6060, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd0064e80, ftCreationTime.dwHighDateTime=0x1d4d5b8, ftLastAccessTime.dwLowDateTime=0xce24b240, ftLastAccessTime.dwHighDateTime=0x1d4d3c0, ftLastWriteTime.dwLowDateTime=0xce24b240, ftLastWriteTime.dwHighDateTime=0x1d4d3c0, nFileSizeHigh=0x0, nFileSizeLow=0xf736, dwReserved0=0x0, dwReserved1=0x0, cFileName="bnfqHdQMvbV9fl.odt", cAlternateFileName="BNFQHD~1.ODT")) returned 1 [0087.626] FindNextFileW (in: hFindFile=0xfe6060, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x24d56d00, ftCreationTime.dwHighDateTime=0x1d4c93a, ftLastAccessTime.dwLowDateTime=0x8c374430, ftLastAccessTime.dwHighDateTime=0x1d4ca9f, ftLastWriteTime.dwLowDateTime=0x8c374430, ftLastWriteTime.dwHighDateTime=0x1d4ca9f, nFileSizeHigh=0x0, nFileSizeLow=0x10a9, dwReserved0=0x0, dwReserved1=0x0, cFileName="CL5bvtjh3F v7q6k.flv", cAlternateFileName="CL5BVT~1.FLV")) returned 1 [0087.627] FindNextFileW (in: hFindFile=0xfe6060, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd4688720, ftCreationTime.dwHighDateTime=0x1d4caf7, ftLastAccessTime.dwLowDateTime=0x680b6ba0, ftLastAccessTime.dwHighDateTime=0x1d4d453, ftLastWriteTime.dwLowDateTime=0x680b6ba0, ftLastWriteTime.dwHighDateTime=0x1d4d453, nFileSizeHigh=0x0, nFileSizeLow=0x8ff3, dwReserved0=0x0, dwReserved1=0x0, cFileName="cnPcqpR6mYKwWbfY5xX.bmp", cAlternateFileName="CNPCQP~1.BMP")) returned 1 [0087.627] FindNextFileW (in: hFindFile=0xfe6060, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x440792d0, ftCreationTime.dwHighDateTime=0x1d32722, ftLastAccessTime.dwLowDateTime=0x440792d0, ftLastAccessTime.dwHighDateTime=0x1d32722, ftLastWriteTime.dwLowDateTime=0xce389e99, ftLastWriteTime.dwHighDateTime=0x1d32743, nFileSizeHigh=0x0, nFileSizeLow=0x11a, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0087.627] FindNextFileW (in: hFindFile=0xfe6060, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2e07d450, ftCreationTime.dwHighDateTime=0x1d4d19e, ftLastAccessTime.dwLowDateTime=0xdd4114a0, ftLastAccessTime.dwHighDateTime=0x1d4c6e4, ftLastWriteTime.dwLowDateTime=0xdd4114a0, ftLastWriteTime.dwHighDateTime=0x1d4c6e4, nFileSizeHigh=0x0, nFileSizeLow=0x6319, dwReserved0=0x0, dwReserved1=0x0, cFileName="D_BOLwQrlF.jpg", cAlternateFileName="D_BOLW~1.JPG")) returned 1 [0087.627] FindNextFileW (in: hFindFile=0xfe6060, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8b405cd0, ftCreationTime.dwHighDateTime=0x1d4cb6a, ftLastAccessTime.dwLowDateTime=0xa93bbcf0, ftLastAccessTime.dwHighDateTime=0x1d4d0cb, ftLastWriteTime.dwLowDateTime=0xa93bbcf0, ftLastWriteTime.dwHighDateTime=0x1d4d0cb, nFileSizeHigh=0x0, nFileSizeLow=0x10175, dwReserved0=0x0, dwReserved1=0x0, cFileName="Eywiwg7gGH5NGq V.gif", cAlternateFileName="EYWIWG~1.GIF")) returned 1 [0087.627] FindNextFileW (in: hFindFile=0xfe6060, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x55853140, ftCreationTime.dwHighDateTime=0x1d4c6cb, ftLastAccessTime.dwLowDateTime=0x56e5b0b0, ftLastAccessTime.dwHighDateTime=0x1d4c5d0, ftLastWriteTime.dwLowDateTime=0x56e5b0b0, ftLastWriteTime.dwHighDateTime=0x1d4c5d0, nFileSizeHigh=0x0, nFileSizeLow=0x14ba3, dwReserved0=0x0, dwReserved1=0x0, cFileName="fMiJX.wav", cAlternateFileName="")) returned 1 [0087.627] FindNextFileW (in: hFindFile=0xfe6060, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x90634b40, ftCreationTime.dwHighDateTime=0x1d4c729, ftLastAccessTime.dwLowDateTime=0xb56e0de0, ftLastAccessTime.dwHighDateTime=0x1d4c804, ftLastWriteTime.dwLowDateTime=0xb56e0de0, ftLastWriteTime.dwHighDateTime=0x1d4c804, nFileSizeHigh=0x0, nFileSizeLow=0x16b8f, dwReserved0=0x0, dwReserved1=0x0, cFileName="hgKQ-JLkIVj.flv", cAlternateFileName="HGKQ-J~1.FLV")) returned 1 [0087.627] FindNextFileW (in: hFindFile=0xfe6060, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb85c5440, ftCreationTime.dwHighDateTime=0x1d4d5e6, ftLastAccessTime.dwLowDateTime=0xda470850, ftLastAccessTime.dwHighDateTime=0x1d4d0c5, ftLastWriteTime.dwLowDateTime=0xda470850, ftLastWriteTime.dwHighDateTime=0x1d4d0c5, nFileSizeHigh=0x0, nFileSizeLow=0x189a6, dwReserved0=0x0, dwReserved1=0x0, cFileName="HPHwP47hxepAcykl.m4a", cAlternateFileName="HPHWP4~1.M4A")) returned 1 [0087.628] FindNextFileW (in: hFindFile=0xfe6060, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x18a8d830, ftCreationTime.dwHighDateTime=0x1d4d5c1, ftLastAccessTime.dwLowDateTime=0x106dad90, ftLastAccessTime.dwHighDateTime=0x1d4d14c, ftLastWriteTime.dwLowDateTime=0x106dad90, ftLastWriteTime.dwHighDateTime=0x1d4d14c, nFileSizeHigh=0x0, nFileSizeLow=0x189cd, dwReserved0=0x0, dwReserved1=0x0, cFileName="Hvq8LtKn_XVWH2w m.mp3", cAlternateFileName="HVQ8LT~1.MP3")) returned 1 [0087.628] FindNextFileW (in: hFindFile=0xfe6060, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf530d470, ftCreationTime.dwHighDateTime=0x1d4cb2a, ftLastAccessTime.dwLowDateTime=0x32b9aaa0, ftLastAccessTime.dwHighDateTime=0x1d4d2b1, ftLastWriteTime.dwLowDateTime=0x32b9aaa0, ftLastWriteTime.dwHighDateTime=0x1d4d2b1, nFileSizeHigh=0x0, nFileSizeLow=0x6b2d, dwReserved0=0x0, dwReserved1=0x0, cFileName="johsiurt.avi", cAlternateFileName="")) returned 1 [0087.628] FindNextFileW (in: hFindFile=0xfe6060, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe3cf20f0, ftCreationTime.dwHighDateTime=0x1d4cb58, ftLastAccessTime.dwLowDateTime=0x70370fc0, ftLastAccessTime.dwHighDateTime=0x1d4c8cb, ftLastWriteTime.dwLowDateTime=0x70370fc0, ftLastWriteTime.dwHighDateTime=0x1d4c8cb, nFileSizeHigh=0x0, nFileSizeLow=0x1ae4, dwReserved0=0x0, dwReserved1=0x0, cFileName="nsv C_SWnxDSit.avi", cAlternateFileName="NSVC_S~1.AVI")) returned 1 [0087.628] FindNextFileW (in: hFindFile=0xfe6060, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4074cc0, ftCreationTime.dwHighDateTime=0x1d4d29e, ftLastAccessTime.dwLowDateTime=0xf0dc80c0, ftLastAccessTime.dwHighDateTime=0x1d4c901, ftLastWriteTime.dwLowDateTime=0xf0dc80c0, ftLastWriteTime.dwHighDateTime=0x1d4c901, nFileSizeHigh=0x0, nFileSizeLow=0x10274, dwReserved0=0x0, dwReserved1=0x0, cFileName="NYqfMfCSQ6IrgqU.xls", cAlternateFileName="NYQFMF~1.XLS")) returned 1 [0087.628] FindNextFileW (in: hFindFile=0xfe6060, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf9011c90, ftCreationTime.dwHighDateTime=0x1d4cf2b, ftLastAccessTime.dwLowDateTime=0x562ed9e0, ftLastAccessTime.dwHighDateTime=0x1d4d420, ftLastWriteTime.dwLowDateTime=0x562ed9e0, ftLastWriteTime.dwHighDateTime=0x1d4d420, nFileSizeHigh=0x0, nFileSizeLow=0xe5a5, dwReserved0=0x0, dwReserved1=0x0, cFileName="oYnk87aLwYtycgmkN.csv", cAlternateFileName="OYNK87~1.CSV")) returned 1 [0087.628] FindNextFileW (in: hFindFile=0xfe6060, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x446809a0, ftCreationTime.dwHighDateTime=0x1d4d035, ftLastAccessTime.dwLowDateTime=0x9c90bf50, ftLastAccessTime.dwHighDateTime=0x1d4cdba, ftLastWriteTime.dwLowDateTime=0x9c90bf50, ftLastWriteTime.dwHighDateTime=0x1d4cdba, nFileSizeHigh=0x0, nFileSizeLow=0xc090, dwReserved0=0x0, dwReserved1=0x0, cFileName="pXpjuP 7 T_.gif", cAlternateFileName="PXPJUP~1.GIF")) returned 1 [0087.628] FindNextFileW (in: hFindFile=0xfe6060, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfb937050, ftCreationTime.dwHighDateTime=0x1d4ca82, ftLastAccessTime.dwLowDateTime=0xfc617b40, ftLastAccessTime.dwHighDateTime=0x1d4d1c0, ftLastWriteTime.dwLowDateTime=0xfc617b40, ftLastWriteTime.dwHighDateTime=0x1d4d1c0, nFileSizeHigh=0x0, nFileSizeLow=0xad7f, dwReserved0=0x0, dwReserved1=0x0, cFileName="QP2lx_xY.mp3", cAlternateFileName="")) returned 1 [0087.628] FindNextFileW (in: hFindFile=0xfe6060, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xbc550480, ftCreationTime.dwHighDateTime=0x1d4d5cc, ftLastAccessTime.dwLowDateTime=0x6d8ae410, ftLastAccessTime.dwHighDateTime=0x1d4d035, ftLastWriteTime.dwLowDateTime=0x6d8ae410, ftLastWriteTime.dwHighDateTime=0x1d4d035, nFileSizeHigh=0x0, nFileSizeLow=0xfb7d, dwReserved0=0x0, dwReserved1=0x0, cFileName="S haJTF1lXspyoz7qPK.mkv", cAlternateFileName="SHAJTF~1.MKV")) returned 1 [0087.629] FindNextFileW (in: hFindFile=0xfe6060, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdc12f910, ftCreationTime.dwHighDateTime=0x1d4d583, ftLastAccessTime.dwLowDateTime=0x1f3eda90, ftLastAccessTime.dwHighDateTime=0x1d4c8ac, ftLastWriteTime.dwLowDateTime=0x1f3eda90, ftLastWriteTime.dwHighDateTime=0x1d4c8ac, nFileSizeHigh=0x0, nFileSizeLow=0x11174, dwReserved0=0x0, dwReserved1=0x0, cFileName="sFcFU74qF9pyfWW2.swf", cAlternateFileName="SFCFU7~1.SWF")) returned 1 [0087.629] FindNextFileW (in: hFindFile=0xfe6060, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8641afa0, ftCreationTime.dwHighDateTime=0x1d4c952, ftLastAccessTime.dwLowDateTime=0x42a7ab10, ftLastAccessTime.dwHighDateTime=0x1d4cb4a, ftLastWriteTime.dwLowDateTime=0x42a7ab10, ftLastWriteTime.dwHighDateTime=0x1d4cb4a, nFileSizeHigh=0x0, nFileSizeLow=0x78b7, dwReserved0=0x0, dwReserved1=0x0, cFileName="TvcyfsELusy6tf19.pdf", cAlternateFileName="TVCYFS~1.PDF")) returned 1 [0087.629] FindNextFileW (in: hFindFile=0xfe6060, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x59134fe0, ftCreationTime.dwHighDateTime=0x1d4cc43, ftLastAccessTime.dwLowDateTime=0x2ba99030, ftLastAccessTime.dwHighDateTime=0x1d4c5f1, ftLastWriteTime.dwLowDateTime=0x2ba99030, ftLastWriteTime.dwHighDateTime=0x1d4c5f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="vce 2GsJTpiqc3s3", cAlternateFileName="VCE2GS~1")) returned 1 [0087.630] FindNextFileW (in: hFindFile=0xfe6060, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe529f430, ftCreationTime.dwHighDateTime=0x1d4d2e6, ftLastAccessTime.dwLowDateTime=0xdb9c8de0, ftLastAccessTime.dwHighDateTime=0x1d4cf5f, ftLastWriteTime.dwLowDateTime=0xdb9c8de0, ftLastWriteTime.dwHighDateTime=0x1d4cf5f, nFileSizeHigh=0x0, nFileSizeLow=0xb9ca, dwReserved0=0x0, dwReserved1=0x0, cFileName="XIbP.mkv", cAlternateFileName="")) returned 1 [0087.630] FindNextFileW (in: hFindFile=0xfe6060, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x316a6240, ftCreationTime.dwHighDateTime=0x1d4d188, ftLastAccessTime.dwLowDateTime=0xc10d3ec0, ftLastAccessTime.dwHighDateTime=0x1d4ce60, ftLastWriteTime.dwLowDateTime=0xc10d3ec0, ftLastWriteTime.dwHighDateTime=0x1d4ce60, nFileSizeHigh=0x0, nFileSizeLow=0x874e, dwReserved0=0x0, dwReserved1=0x0, cFileName="ZLjW0uKgw4lGL.flv", cAlternateFileName="ZLJW0U~1.FLV")) returned 1 [0087.630] FindNextFileW (in: hFindFile=0xfe6060, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8b1e11d0, ftCreationTime.dwHighDateTime=0x1d4c7c7, ftLastAccessTime.dwLowDateTime=0x2de83620, ftLastAccessTime.dwHighDateTime=0x1d4d295, ftLastWriteTime.dwLowDateTime=0x2de83620, ftLastWriteTime.dwHighDateTime=0x1d4d295, nFileSizeHigh=0x0, nFileSizeLow=0x67f0, dwReserved0=0x0, dwReserved1=0x0, cFileName="_kjl.jpg", cAlternateFileName="")) returned 1 [0087.630] FindNextFileW (in: hFindFile=0xfe6060, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0087.630] FindClose (in: hFindFile=0xfe6060 | out: hFindFile=0xfe6060) returned 1 [0087.630] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfec74) returned 1 [0087.630] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfec80) returned 1 [0087.630] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfecb8) returned 1 [0087.631] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop", nBufferLength=0x105, lpBuffer=0xcfe76c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop", lpFilePart=0x0) returned 0x17 [0087.631] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\*", lpFindFileData=0xcfe9e0 | out: lpFindFileData=0xcfe9e0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x3476bd48, ftCreationTime.dwHighDateTime=0x1d32722, ftLastAccessTime.dwLowDateTime=0x515f2e6c, ftLastAccessTime.dwHighDateTime=0x1d57301, ftLastWriteTime.dwLowDateTime=0x515f2e6c, ftLastWriteTime.dwHighDateTime=0x1d57301, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xfe62a0 [0087.631] FindNextFileW (in: hFindFile=0xfe62a0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x3476bd48, ftCreationTime.dwHighDateTime=0x1d32722, ftLastAccessTime.dwLowDateTime=0x515f2e6c, ftLastAccessTime.dwHighDateTime=0x1d57301, ftLastWriteTime.dwLowDateTime=0x515f2e6c, ftLastWriteTime.dwHighDateTime=0x1d57301, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0087.631] FindNextFileW (in: hFindFile=0xfe62a0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf6df6c00, ftCreationTime.dwHighDateTime=0x1d4c8ff, ftLastAccessTime.dwLowDateTime=0x7f8f4ef0, ftLastAccessTime.dwHighDateTime=0x1d4d4e3, ftLastWriteTime.dwLowDateTime=0x7f8f4ef0, ftLastWriteTime.dwHighDateTime=0x1d4d4e3, nFileSizeHigh=0x0, nFileSizeLow=0x15f99, dwReserved0=0x0, dwReserved1=0x0, cFileName="1uiG9tEKao-CdI8b.flv", cAlternateFileName="1UIG9T~1.FLV")) returned 1 [0087.631] FindNextFileW (in: hFindFile=0xfe62a0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xaea41d50, ftCreationTime.dwHighDateTime=0x1d4c8af, ftLastAccessTime.dwLowDateTime=0x9c88a120, ftLastAccessTime.dwHighDateTime=0x1d4d16c, ftLastWriteTime.dwLowDateTime=0x9c88a120, ftLastWriteTime.dwHighDateTime=0x1d4d16c, nFileSizeHigh=0x0, nFileSizeLow=0x13e2a, dwReserved0=0x0, dwReserved1=0x0, cFileName="42TxdJ1y5Teq5CEIz.wav", cAlternateFileName="42TXDJ~1.WAV")) returned 1 [0087.632] FindNextFileW (in: hFindFile=0xfe62a0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x46f63600, ftCreationTime.dwHighDateTime=0x1d57301, ftLastAccessTime.dwLowDateTime=0x46f63600, ftLastAccessTime.dwHighDateTime=0x1d57301, ftLastWriteTime.dwLowDateTime=0x4493dc00, ftLastWriteTime.dwHighDateTime=0x1d57301, nFileSizeHigh=0x0, nFileSizeLow=0x11aa19, dwReserved0=0x0, dwReserved1=0x0, cFileName="454364vodafone-e-fatura.exe", cAlternateFileName="454364~1.EXE")) returned 1 [0087.632] FindNextFileW (in: hFindFile=0xfe62a0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3ccc4e30, ftCreationTime.dwHighDateTime=0x1d4d4d2, ftLastAccessTime.dwLowDateTime=0x65da9560, ftLastAccessTime.dwHighDateTime=0x1d4cfd3, ftLastWriteTime.dwLowDateTime=0x65da9560, ftLastWriteTime.dwHighDateTime=0x1d4cfd3, nFileSizeHigh=0x0, nFileSizeLow=0x85d8, dwReserved0=0x0, dwReserved1=0x0, cFileName="7cYIG7R_Bg.csv", cAlternateFileName="7CYIG7~1.CSV")) returned 1 [0087.632] FindNextFileW (in: hFindFile=0xfe62a0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa2fbd9f0, ftCreationTime.dwHighDateTime=0x1d4cf73, ftLastAccessTime.dwLowDateTime=0x37106840, ftLastAccessTime.dwHighDateTime=0x1d4cc27, ftLastWriteTime.dwLowDateTime=0x37106840, ftLastWriteTime.dwHighDateTime=0x1d4cc27, nFileSizeHigh=0x0, nFileSizeLow=0xaed9, dwReserved0=0x0, dwReserved1=0x0, cFileName="7ZIEneEWitQXloMb.mkv", cAlternateFileName="7ZIENE~1.MKV")) returned 1 [0087.632] FindNextFileW (in: hFindFile=0xfe62a0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x471cf3a0, ftCreationTime.dwHighDateTime=0x1d4d2aa, ftLastAccessTime.dwLowDateTime=0x71be5080, ftLastAccessTime.dwHighDateTime=0x1d4c761, ftLastWriteTime.dwLowDateTime=0x71be5080, ftLastWriteTime.dwHighDateTime=0x1d4c761, nFileSizeHigh=0x0, nFileSizeLow=0xa815, dwReserved0=0x0, dwReserved1=0x0, cFileName="9i094uEf.m4a", cAlternateFileName="")) returned 1 [0087.632] FindNextFileW (in: hFindFile=0xfe62a0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3495ef90, ftCreationTime.dwHighDateTime=0x1d4cede, ftLastAccessTime.dwLowDateTime=0xbd1b9850, ftLastAccessTime.dwHighDateTime=0x1d4cf07, ftLastWriteTime.dwLowDateTime=0xbd1b9850, ftLastWriteTime.dwHighDateTime=0x1d4cf07, nFileSizeHigh=0x0, nFileSizeLow=0x165cc, dwReserved0=0x0, dwReserved1=0x0, cFileName="9VuxeAuC.gif", cAlternateFileName="")) returned 1 [0087.632] FindNextFileW (in: hFindFile=0xfe62a0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf3710cd0, ftCreationTime.dwHighDateTime=0x1d4ccbb, ftLastAccessTime.dwLowDateTime=0xdc888070, ftLastAccessTime.dwHighDateTime=0x1d4c84c, ftLastWriteTime.dwLowDateTime=0xdc888070, ftLastWriteTime.dwHighDateTime=0x1d4c84c, nFileSizeHigh=0x0, nFileSizeLow=0x3ce5, dwReserved0=0x0, dwReserved1=0x0, cFileName="aaEh1XjueF.png", cAlternateFileName="AAEH1X~1.PNG")) returned 1 [0087.633] FindNextFileW (in: hFindFile=0xfe62a0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x701b9e30, ftCreationTime.dwHighDateTime=0x1d4cece, ftLastAccessTime.dwLowDateTime=0xc0bf6d10, ftLastAccessTime.dwHighDateTime=0x1d4cc14, ftLastWriteTime.dwLowDateTime=0xc0bf6d10, ftLastWriteTime.dwHighDateTime=0x1d4cc14, nFileSizeHigh=0x0, nFileSizeLow=0x1367f, dwReserved0=0x0, dwReserved1=0x0, cFileName="AcxbjLr4LDb.jpg", cAlternateFileName="ACXBJL~1.JPG")) returned 1 [0087.633] FindNextFileW (in: hFindFile=0xfe62a0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3bdc1760, ftCreationTime.dwHighDateTime=0x1d4d5ba, ftLastAccessTime.dwLowDateTime=0x64b0d8f0, ftLastAccessTime.dwHighDateTime=0x1d4ca21, ftLastWriteTime.dwLowDateTime=0x64b0d8f0, ftLastWriteTime.dwHighDateTime=0x1d4ca21, nFileSizeHigh=0x0, nFileSizeLow=0xc1b1, dwReserved0=0x0, dwReserved1=0x0, cFileName="aLZ8SjeBW.ots", cAlternateFileName="ALZ8SJ~1.OTS")) returned 1 [0087.633] FindNextFileW (in: hFindFile=0xfe62a0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd0064e80, ftCreationTime.dwHighDateTime=0x1d4d5b8, ftLastAccessTime.dwLowDateTime=0xce24b240, ftLastAccessTime.dwHighDateTime=0x1d4d3c0, ftLastWriteTime.dwLowDateTime=0xce24b240, ftLastWriteTime.dwHighDateTime=0x1d4d3c0, nFileSizeHigh=0x0, nFileSizeLow=0xf736, dwReserved0=0x0, dwReserved1=0x0, cFileName="bnfqHdQMvbV9fl.odt", cAlternateFileName="BNFQHD~1.ODT")) returned 1 [0087.633] FindNextFileW (in: hFindFile=0xfe62a0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x24d56d00, ftCreationTime.dwHighDateTime=0x1d4c93a, ftLastAccessTime.dwLowDateTime=0x8c374430, ftLastAccessTime.dwHighDateTime=0x1d4ca9f, ftLastWriteTime.dwLowDateTime=0x8c374430, ftLastWriteTime.dwHighDateTime=0x1d4ca9f, nFileSizeHigh=0x0, nFileSizeLow=0x10a9, dwReserved0=0x0, dwReserved1=0x0, cFileName="CL5bvtjh3F v7q6k.flv", cAlternateFileName="CL5BVT~1.FLV")) returned 1 [0087.633] FindNextFileW (in: hFindFile=0xfe62a0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd4688720, ftCreationTime.dwHighDateTime=0x1d4caf7, ftLastAccessTime.dwLowDateTime=0x680b6ba0, ftLastAccessTime.dwHighDateTime=0x1d4d453, ftLastWriteTime.dwLowDateTime=0x680b6ba0, ftLastWriteTime.dwHighDateTime=0x1d4d453, nFileSizeHigh=0x0, nFileSizeLow=0x8ff3, dwReserved0=0x0, dwReserved1=0x0, cFileName="cnPcqpR6mYKwWbfY5xX.bmp", cAlternateFileName="CNPCQP~1.BMP")) returned 1 [0087.633] FindNextFileW (in: hFindFile=0xfe62a0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x440792d0, ftCreationTime.dwHighDateTime=0x1d32722, ftLastAccessTime.dwLowDateTime=0x440792d0, ftLastAccessTime.dwHighDateTime=0x1d32722, ftLastWriteTime.dwLowDateTime=0xce389e99, ftLastWriteTime.dwHighDateTime=0x1d32743, nFileSizeHigh=0x0, nFileSizeLow=0x11a, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0087.634] FindNextFileW (in: hFindFile=0xfe62a0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2e07d450, ftCreationTime.dwHighDateTime=0x1d4d19e, ftLastAccessTime.dwLowDateTime=0xdd4114a0, ftLastAccessTime.dwHighDateTime=0x1d4c6e4, ftLastWriteTime.dwLowDateTime=0xdd4114a0, ftLastWriteTime.dwHighDateTime=0x1d4c6e4, nFileSizeHigh=0x0, nFileSizeLow=0x6319, dwReserved0=0x0, dwReserved1=0x0, cFileName="D_BOLwQrlF.jpg", cAlternateFileName="D_BOLW~1.JPG")) returned 1 [0087.634] FindNextFileW (in: hFindFile=0xfe62a0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8b405cd0, ftCreationTime.dwHighDateTime=0x1d4cb6a, ftLastAccessTime.dwLowDateTime=0xa93bbcf0, ftLastAccessTime.dwHighDateTime=0x1d4d0cb, ftLastWriteTime.dwLowDateTime=0xa93bbcf0, ftLastWriteTime.dwHighDateTime=0x1d4d0cb, nFileSizeHigh=0x0, nFileSizeLow=0x10175, dwReserved0=0x0, dwReserved1=0x0, cFileName="Eywiwg7gGH5NGq V.gif", cAlternateFileName="EYWIWG~1.GIF")) returned 1 [0087.634] FindNextFileW (in: hFindFile=0xfe62a0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x55853140, ftCreationTime.dwHighDateTime=0x1d4c6cb, ftLastAccessTime.dwLowDateTime=0x56e5b0b0, ftLastAccessTime.dwHighDateTime=0x1d4c5d0, ftLastWriteTime.dwLowDateTime=0x56e5b0b0, ftLastWriteTime.dwHighDateTime=0x1d4c5d0, nFileSizeHigh=0x0, nFileSizeLow=0x14ba3, dwReserved0=0x0, dwReserved1=0x0, cFileName="fMiJX.wav", cAlternateFileName="")) returned 1 [0087.634] FindNextFileW (in: hFindFile=0xfe62a0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x90634b40, ftCreationTime.dwHighDateTime=0x1d4c729, ftLastAccessTime.dwLowDateTime=0xb56e0de0, ftLastAccessTime.dwHighDateTime=0x1d4c804, ftLastWriteTime.dwLowDateTime=0xb56e0de0, ftLastWriteTime.dwHighDateTime=0x1d4c804, nFileSizeHigh=0x0, nFileSizeLow=0x16b8f, dwReserved0=0x0, dwReserved1=0x0, cFileName="hgKQ-JLkIVj.flv", cAlternateFileName="HGKQ-J~1.FLV")) returned 1 [0087.634] FindNextFileW (in: hFindFile=0xfe62a0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb85c5440, ftCreationTime.dwHighDateTime=0x1d4d5e6, ftLastAccessTime.dwLowDateTime=0xda470850, ftLastAccessTime.dwHighDateTime=0x1d4d0c5, ftLastWriteTime.dwLowDateTime=0xda470850, ftLastWriteTime.dwHighDateTime=0x1d4d0c5, nFileSizeHigh=0x0, nFileSizeLow=0x189a6, dwReserved0=0x0, dwReserved1=0x0, cFileName="HPHwP47hxepAcykl.m4a", cAlternateFileName="HPHWP4~1.M4A")) returned 1 [0087.634] FindNextFileW (in: hFindFile=0xfe62a0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x18a8d830, ftCreationTime.dwHighDateTime=0x1d4d5c1, ftLastAccessTime.dwLowDateTime=0x106dad90, ftLastAccessTime.dwHighDateTime=0x1d4d14c, ftLastWriteTime.dwLowDateTime=0x106dad90, ftLastWriteTime.dwHighDateTime=0x1d4d14c, nFileSizeHigh=0x0, nFileSizeLow=0x189cd, dwReserved0=0x0, dwReserved1=0x0, cFileName="Hvq8LtKn_XVWH2w m.mp3", cAlternateFileName="HVQ8LT~1.MP3")) returned 1 [0087.635] FindNextFileW (in: hFindFile=0xfe62a0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf530d470, ftCreationTime.dwHighDateTime=0x1d4cb2a, ftLastAccessTime.dwLowDateTime=0x32b9aaa0, ftLastAccessTime.dwHighDateTime=0x1d4d2b1, ftLastWriteTime.dwLowDateTime=0x32b9aaa0, ftLastWriteTime.dwHighDateTime=0x1d4d2b1, nFileSizeHigh=0x0, nFileSizeLow=0x6b2d, dwReserved0=0x0, dwReserved1=0x0, cFileName="johsiurt.avi", cAlternateFileName="")) returned 1 [0087.635] FindNextFileW (in: hFindFile=0xfe62a0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe3cf20f0, ftCreationTime.dwHighDateTime=0x1d4cb58, ftLastAccessTime.dwLowDateTime=0x70370fc0, ftLastAccessTime.dwHighDateTime=0x1d4c8cb, ftLastWriteTime.dwLowDateTime=0x70370fc0, ftLastWriteTime.dwHighDateTime=0x1d4c8cb, nFileSizeHigh=0x0, nFileSizeLow=0x1ae4, dwReserved0=0x0, dwReserved1=0x0, cFileName="nsv C_SWnxDSit.avi", cAlternateFileName="NSVC_S~1.AVI")) returned 1 [0087.635] FindNextFileW (in: hFindFile=0xfe62a0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4074cc0, ftCreationTime.dwHighDateTime=0x1d4d29e, ftLastAccessTime.dwLowDateTime=0xf0dc80c0, ftLastAccessTime.dwHighDateTime=0x1d4c901, ftLastWriteTime.dwLowDateTime=0xf0dc80c0, ftLastWriteTime.dwHighDateTime=0x1d4c901, nFileSizeHigh=0x0, nFileSizeLow=0x10274, dwReserved0=0x0, dwReserved1=0x0, cFileName="NYqfMfCSQ6IrgqU.xls", cAlternateFileName="NYQFMF~1.XLS")) returned 1 [0087.635] FindNextFileW (in: hFindFile=0xfe62a0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf9011c90, ftCreationTime.dwHighDateTime=0x1d4cf2b, ftLastAccessTime.dwLowDateTime=0x562ed9e0, ftLastAccessTime.dwHighDateTime=0x1d4d420, ftLastWriteTime.dwLowDateTime=0x562ed9e0, ftLastWriteTime.dwHighDateTime=0x1d4d420, nFileSizeHigh=0x0, nFileSizeLow=0xe5a5, dwReserved0=0x0, dwReserved1=0x0, cFileName="oYnk87aLwYtycgmkN.csv", cAlternateFileName="OYNK87~1.CSV")) returned 1 [0087.635] FindNextFileW (in: hFindFile=0xfe62a0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x446809a0, ftCreationTime.dwHighDateTime=0x1d4d035, ftLastAccessTime.dwLowDateTime=0x9c90bf50, ftLastAccessTime.dwHighDateTime=0x1d4cdba, ftLastWriteTime.dwLowDateTime=0x9c90bf50, ftLastWriteTime.dwHighDateTime=0x1d4cdba, nFileSizeHigh=0x0, nFileSizeLow=0xc090, dwReserved0=0x0, dwReserved1=0x0, cFileName="pXpjuP 7 T_.gif", cAlternateFileName="PXPJUP~1.GIF")) returned 1 [0087.636] FindNextFileW (in: hFindFile=0xfe62a0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfb937050, ftCreationTime.dwHighDateTime=0x1d4ca82, ftLastAccessTime.dwLowDateTime=0xfc617b40, ftLastAccessTime.dwHighDateTime=0x1d4d1c0, ftLastWriteTime.dwLowDateTime=0xfc617b40, ftLastWriteTime.dwHighDateTime=0x1d4d1c0, nFileSizeHigh=0x0, nFileSizeLow=0xad7f, dwReserved0=0x0, dwReserved1=0x0, cFileName="QP2lx_xY.mp3", cAlternateFileName="")) returned 1 [0087.636] FindNextFileW (in: hFindFile=0xfe62a0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xbc550480, ftCreationTime.dwHighDateTime=0x1d4d5cc, ftLastAccessTime.dwLowDateTime=0x6d8ae410, ftLastAccessTime.dwHighDateTime=0x1d4d035, ftLastWriteTime.dwLowDateTime=0x6d8ae410, ftLastWriteTime.dwHighDateTime=0x1d4d035, nFileSizeHigh=0x0, nFileSizeLow=0xfb7d, dwReserved0=0x0, dwReserved1=0x0, cFileName="S haJTF1lXspyoz7qPK.mkv", cAlternateFileName="SHAJTF~1.MKV")) returned 1 [0087.636] FindNextFileW (in: hFindFile=0xfe62a0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdc12f910, ftCreationTime.dwHighDateTime=0x1d4d583, ftLastAccessTime.dwLowDateTime=0x1f3eda90, ftLastAccessTime.dwHighDateTime=0x1d4c8ac, ftLastWriteTime.dwLowDateTime=0x1f3eda90, ftLastWriteTime.dwHighDateTime=0x1d4c8ac, nFileSizeHigh=0x0, nFileSizeLow=0x11174, dwReserved0=0x0, dwReserved1=0x0, cFileName="sFcFU74qF9pyfWW2.swf", cAlternateFileName="SFCFU7~1.SWF")) returned 1 [0087.636] FindNextFileW (in: hFindFile=0xfe62a0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8641afa0, ftCreationTime.dwHighDateTime=0x1d4c952, ftLastAccessTime.dwLowDateTime=0x42a7ab10, ftLastAccessTime.dwHighDateTime=0x1d4cb4a, ftLastWriteTime.dwLowDateTime=0x42a7ab10, ftLastWriteTime.dwHighDateTime=0x1d4cb4a, nFileSizeHigh=0x0, nFileSizeLow=0x78b7, dwReserved0=0x0, dwReserved1=0x0, cFileName="TvcyfsELusy6tf19.pdf", cAlternateFileName="TVCYFS~1.PDF")) returned 1 [0087.636] FindNextFileW (in: hFindFile=0xfe62a0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x59134fe0, ftCreationTime.dwHighDateTime=0x1d4cc43, ftLastAccessTime.dwLowDateTime=0x2ba99030, ftLastAccessTime.dwHighDateTime=0x1d4c5f1, ftLastWriteTime.dwLowDateTime=0x2ba99030, ftLastWriteTime.dwHighDateTime=0x1d4c5f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="vce 2GsJTpiqc3s3", cAlternateFileName="VCE2GS~1")) returned 1 [0087.636] FindNextFileW (in: hFindFile=0xfe62a0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe529f430, ftCreationTime.dwHighDateTime=0x1d4d2e6, ftLastAccessTime.dwLowDateTime=0xdb9c8de0, ftLastAccessTime.dwHighDateTime=0x1d4cf5f, ftLastWriteTime.dwLowDateTime=0xdb9c8de0, ftLastWriteTime.dwHighDateTime=0x1d4cf5f, nFileSizeHigh=0x0, nFileSizeLow=0xb9ca, dwReserved0=0x0, dwReserved1=0x0, cFileName="XIbP.mkv", cAlternateFileName="")) returned 1 [0087.637] FindNextFileW (in: hFindFile=0xfe62a0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x316a6240, ftCreationTime.dwHighDateTime=0x1d4d188, ftLastAccessTime.dwLowDateTime=0xc10d3ec0, ftLastAccessTime.dwHighDateTime=0x1d4ce60, ftLastWriteTime.dwLowDateTime=0xc10d3ec0, ftLastWriteTime.dwHighDateTime=0x1d4ce60, nFileSizeHigh=0x0, nFileSizeLow=0x874e, dwReserved0=0x0, dwReserved1=0x0, cFileName="ZLjW0uKgw4lGL.flv", cAlternateFileName="ZLJW0U~1.FLV")) returned 1 [0087.637] FindNextFileW (in: hFindFile=0xfe62a0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8b1e11d0, ftCreationTime.dwHighDateTime=0x1d4c7c7, ftLastAccessTime.dwLowDateTime=0x2de83620, ftLastAccessTime.dwHighDateTime=0x1d4d295, ftLastWriteTime.dwLowDateTime=0x2de83620, ftLastWriteTime.dwHighDateTime=0x1d4d295, nFileSizeHigh=0x0, nFileSizeLow=0x67f0, dwReserved0=0x0, dwReserved1=0x0, cFileName="_kjl.jpg", cAlternateFileName="")) returned 1 [0087.637] FindNextFileW (in: hFindFile=0xfe62a0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8b1e11d0, ftCreationTime.dwHighDateTime=0x1d4c7c7, ftLastAccessTime.dwLowDateTime=0x2de83620, ftLastAccessTime.dwHighDateTime=0x1d4d295, ftLastWriteTime.dwLowDateTime=0x2de83620, ftLastWriteTime.dwHighDateTime=0x1d4d295, nFileSizeHigh=0x0, nFileSizeLow=0x67f0, dwReserved0=0x0, dwReserved1=0x0, cFileName="_kjl.jpg", cAlternateFileName="")) returned 0 [0087.637] FindClose (in: hFindFile=0xfe62a0 | out: hFindFile=0xfe62a0) returned 1 [0087.637] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfec74) returned 1 [0087.637] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfec80) returned 1 [0087.649] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\454364vodafone-e-fatura.exe", nBufferLength=0x105, lpBuffer=0xcfe620, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\454364vodafone-e-fatura.exe", lpFilePart=0x0) returned 0x33 [0087.649] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeb64) returned 1 [0087.649] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\454364vodafone-e-fatura.exe" (normalized: "c:\\users\\fd1hvy\\desktop\\454364vodafone-e-fatura.exe"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x338 [0087.649] GetFileType (hFile=0x338) returned 0x1 [0087.650] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeb60) returned 1 [0087.650] GetFileType (hFile=0x338) returned 0x1 [0087.650] GetFileSize (in: hFile=0x338, lpFileSizeHigh=0xcfec60 | out: lpFileSizeHigh=0xcfec60*=0x0) returned 0x11aa19 [0087.652] ReadFile (in: hFile=0x338, lpBuffer=0x3bf7df8, nNumberOfBytesToRead=0x11aa19, lpNumberOfBytesRead=0xcfec0c, lpOverlapped=0x0 | out: lpBuffer=0x3bf7df8*, lpNumberOfBytesRead=0xcfec0c*=0x11aa19, lpOverlapped=0x0) returned 1 [0087.693] CloseHandle (hObject=0x338) returned 1 [0087.912] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", nBufferLength=0x105, lpBuffer=0xcfe5b4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", lpFilePart=0x0) returned 0x43 [0087.912] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", nBufferLength=0x105, lpBuffer=0xcfe618, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", lpFilePart=0x0) returned 0x43 [0087.912] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeacc) returned 1 [0087.912] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0xcfeb48 | out: lpFileInformation=0xcfeb48*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x56a29ff, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97df7583, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97df7583, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x8c8f)) returned 1 [0087.912] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeac8) returned 1 [0088.166] BCryptGetFipsAlgorithmMode (in: pfEnabled=0xcfea24 | out: pfEnabled=0xcfea24) returned 0x0 [0088.431] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", nBufferLength=0x105, lpBuffer=0xcfe724, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", lpFilePart=0x0) returned 0x2c [0088.431] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfebd8) returned 1 [0088.431] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8" (normalized: "c:\\users\\fd1hvy\\desktop\\read_this.txt.shade8"), fInfoLevelId=0x0, lpFileInformation=0xcfec54 | out: lpFileInformation=0xcfec54*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0088.431] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfebd4) returned 1 [0088.431] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\454364vodafone-e-fatura.exe", nBufferLength=0x105, lpBuffer=0xcfe60c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\454364vodafone-e-fatura.exe", lpFilePart=0x0) returned 0x33 [0088.431] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeb50) returned 1 [0088.431] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\454364vodafone-e-fatura.exe" (normalized: "c:\\users\\fd1hvy\\desktop\\454364vodafone-e-fatura.exe"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2c8 [0088.445] GetFileType (hFile=0x2c8) returned 0x1 [0088.445] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeb4c) returned 1 [0088.445] GetFileType (hFile=0x2c8) returned 0x1 [0088.445] WriteFile (in: hFile=0x2c8, lpBuffer=0x417d0d0*, nNumberOfBytesToWrite=0x11aa20, lpNumberOfBytesWritten=0xcfec00, lpOverlapped=0x0 | out: lpBuffer=0x417d0d0*, lpNumberOfBytesWritten=0xcfec00*=0x11aa20, lpOverlapped=0x0) returned 1 [0088.463] CloseHandle (hObject=0x2c8) returned 1 [0088.498] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\454364vodafone-e-fatura.exe", nBufferLength=0x105, lpBuffer=0xcfe730, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\454364vodafone-e-fatura.exe", lpFilePart=0x0) returned 0x33 [0088.498] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\454364vodafone-e-fatura.exe.shade8", nBufferLength=0x105, lpBuffer=0xcfe730, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\454364vodafone-e-fatura.exe.shade8", lpFilePart=0x0) returned 0x3a [0088.498] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfebe4) returned 1 [0088.498] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\454364vodafone-e-fatura.exe" (normalized: "c:\\users\\fd1hvy\\desktop\\454364vodafone-e-fatura.exe"), fInfoLevelId=0x0, lpFileInformation=0xcfec60 | out: lpFileInformation=0xcfec60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x46f63600, ftCreationTime.dwHighDateTime=0x1d57301, ftLastAccessTime.dwLowDateTime=0x46f63600, ftLastAccessTime.dwHighDateTime=0x1d57301, ftLastWriteTime.dwLowDateTime=0x7d593c68, ftLastWriteTime.dwHighDateTime=0x1d57301, nFileSizeHigh=0x0, nFileSizeLow=0x11aa20)) returned 1 [0088.498] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfebe0) returned 1 [0088.498] MoveFileW (lpExistingFileName="C:\\Users\\FD1HVy\\Desktop\\454364vodafone-e-fatura.exe" (normalized: "c:\\users\\fd1hvy\\desktop\\454364vodafone-e-fatura.exe"), lpNewFileName="C:\\Users\\FD1HVy\\Desktop\\454364vodafone-e-fatura.exe.shade8" (normalized: "c:\\users\\fd1hvy\\desktop\\454364vodafone-e-fatura.exe.shade8")) returned 1 [0088.508] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\7cYIG7R_Bg.csv", nBufferLength=0x105, lpBuffer=0xcfe620, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\7cYIG7R_Bg.csv", lpFilePart=0x0) returned 0x26 [0088.508] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeb64) returned 1 [0088.508] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\7cYIG7R_Bg.csv" (normalized: "c:\\users\\fd1hvy\\desktop\\7cyig7r_bg.csv"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2c8 [0088.508] GetFileType (hFile=0x2c8) returned 0x1 [0088.508] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeb60) returned 1 [0088.508] GetFileType (hFile=0x2c8) returned 0x1 [0088.509] GetFileSize (in: hFile=0x2c8, lpFileSizeHigh=0xcfec60 | out: lpFileSizeHigh=0xcfec60*=0x0) returned 0x85d8 [0088.509] ReadFile (in: hFile=0x2c8, lpBuffer=0x2bccbf4, nNumberOfBytesToRead=0x85d8, lpNumberOfBytesRead=0xcfec0c, lpOverlapped=0x0 | out: lpBuffer=0x2bccbf4*, lpNumberOfBytesRead=0xcfec0c*=0x85d8, lpOverlapped=0x0) returned 1 [0088.509] CloseHandle (hObject=0x2c8) returned 1 [0088.569] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", nBufferLength=0x105, lpBuffer=0xcfe724, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", lpFilePart=0x0) returned 0x2c [0088.569] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfebd8) returned 1 [0088.569] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8" (normalized: "c:\\users\\fd1hvy\\desktop\\read_this.txt.shade8"), fInfoLevelId=0x0, lpFileInformation=0xcfec54 | out: lpFileInformation=0xcfec54*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0088.569] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfebd4) returned 1 [0088.569] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\7cYIG7R_Bg.csv", nBufferLength=0x105, lpBuffer=0xcfe60c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\7cYIG7R_Bg.csv", lpFilePart=0x0) returned 0x26 [0088.569] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeb50) returned 1 [0088.570] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\7cYIG7R_Bg.csv" (normalized: "c:\\users\\fd1hvy\\desktop\\7cyig7r_bg.csv"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2c8 [0088.573] GetFileType (hFile=0x2c8) returned 0x1 [0088.573] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeb4c) returned 1 [0088.573] GetFileType (hFile=0x2c8) returned 0x1 [0088.573] WriteFile (in: hFile=0x2c8, lpBuffer=0x2c43898*, nNumberOfBytesToWrite=0x85e0, lpNumberOfBytesWritten=0xcfec00, lpOverlapped=0x0 | out: lpBuffer=0x2c43898*, lpNumberOfBytesWritten=0xcfec00*=0x85e0, lpOverlapped=0x0) returned 1 [0088.575] CloseHandle (hObject=0x2c8) returned 1 [0088.581] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\7cYIG7R_Bg.csv", nBufferLength=0x105, lpBuffer=0xcfe730, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\7cYIG7R_Bg.csv", lpFilePart=0x0) returned 0x26 [0088.581] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\7cYIG7R_Bg.csv.shade8", nBufferLength=0x105, lpBuffer=0xcfe730, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\7cYIG7R_Bg.csv.shade8", lpFilePart=0x0) returned 0x2d [0088.581] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfebe4) returned 1 [0088.581] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\7cYIG7R_Bg.csv" (normalized: "c:\\users\\fd1hvy\\desktop\\7cyig7r_bg.csv"), fInfoLevelId=0x0, lpFileInformation=0xcfec60 | out: lpFileInformation=0xcfec60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3ccc4e30, ftCreationTime.dwHighDateTime=0x1d4d4d2, ftLastAccessTime.dwLowDateTime=0x65da9560, ftLastAccessTime.dwHighDateTime=0x1d4cfd3, ftLastWriteTime.dwLowDateTime=0x7d679578, ftLastWriteTime.dwHighDateTime=0x1d57301, nFileSizeHigh=0x0, nFileSizeLow=0x85e0)) returned 1 [0088.581] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfebe0) returned 1 [0088.581] MoveFileW (lpExistingFileName="C:\\Users\\FD1HVy\\Desktop\\7cYIG7R_Bg.csv" (normalized: "c:\\users\\fd1hvy\\desktop\\7cyig7r_bg.csv"), lpNewFileName="C:\\Users\\FD1HVy\\Desktop\\7cYIG7R_Bg.csv.shade8" (normalized: "c:\\users\\fd1hvy\\desktop\\7cyig7r_bg.csv.shade8")) returned 1 [0088.592] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\7ZIEneEWitQXloMb.mkv", nBufferLength=0x105, lpBuffer=0xcfe620, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\7ZIEneEWitQXloMb.mkv", lpFilePart=0x0) returned 0x2c [0088.592] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeb64) returned 1 [0088.592] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\7ZIEneEWitQXloMb.mkv" (normalized: "c:\\users\\fd1hvy\\desktop\\7zieneewitqxlomb.mkv"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2c8 [0088.592] GetFileType (hFile=0x2c8) returned 0x1 [0088.592] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeb60) returned 1 [0088.592] GetFileType (hFile=0x2c8) returned 0x1 [0088.592] GetFileSize (in: hFile=0x2c8, lpFileSizeHigh=0xcfec60 | out: lpFileSizeHigh=0xcfec60*=0x0) returned 0xaed9 [0088.592] ReadFile (in: hFile=0x2c8, lpBuffer=0x2c4c2d8, nNumberOfBytesToRead=0xaed9, lpNumberOfBytesRead=0xcfec0c, lpOverlapped=0x0 | out: lpBuffer=0x2c4c2d8*, lpNumberOfBytesRead=0xcfec0c*=0xaed9, lpOverlapped=0x0) returned 1 [0088.593] CloseHandle (hObject=0x2c8) returned 1 [0088.616] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", nBufferLength=0x105, lpBuffer=0xcfe724, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", lpFilePart=0x0) returned 0x2c [0088.616] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfebd8) returned 1 [0088.616] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8" (normalized: "c:\\users\\fd1hvy\\desktop\\read_this.txt.shade8"), fInfoLevelId=0x0, lpFileInformation=0xcfec54 | out: lpFileInformation=0xcfec54*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0088.616] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfebd4) returned 1 [0088.616] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\7ZIEneEWitQXloMb.mkv", nBufferLength=0x105, lpBuffer=0xcfe60c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\7ZIEneEWitQXloMb.mkv", lpFilePart=0x0) returned 0x2c [0088.616] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeb50) returned 1 [0088.616] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\7ZIEneEWitQXloMb.mkv" (normalized: "c:\\users\\fd1hvy\\desktop\\7zieneewitqxlomb.mkv"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2c8 [0088.744] GetFileType (hFile=0x2c8) returned 0x1 [0088.744] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeb4c) returned 1 [0088.744] GetFileType (hFile=0x2c8) returned 0x1 [0088.744] WriteFile (in: hFile=0x2c8, lpBuffer=0x2cb9d78*, nNumberOfBytesToWrite=0xaee0, lpNumberOfBytesWritten=0xcfec00, lpOverlapped=0x0 | out: lpBuffer=0x2cb9d78*, lpNumberOfBytesWritten=0xcfec00*=0xaee0, lpOverlapped=0x0) returned 1 [0088.746] CloseHandle (hObject=0x2c8) returned 1 [0088.748] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\7ZIEneEWitQXloMb.mkv", nBufferLength=0x105, lpBuffer=0xcfe730, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\7ZIEneEWitQXloMb.mkv", lpFilePart=0x0) returned 0x2c [0088.748] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\7ZIEneEWitQXloMb.mkv.shade8", nBufferLength=0x105, lpBuffer=0xcfe730, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\7ZIEneEWitQXloMb.mkv.shade8", lpFilePart=0x0) returned 0x33 [0088.748] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfebe4) returned 1 [0088.748] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\7ZIEneEWitQXloMb.mkv" (normalized: "c:\\users\\fd1hvy\\desktop\\7zieneewitqxlomb.mkv"), fInfoLevelId=0x0, lpFileInformation=0xcfec60 | out: lpFileInformation=0xcfec60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa2fbd9f0, ftCreationTime.dwHighDateTime=0x1d4cf73, ftLastAccessTime.dwLowDateTime=0x37106840, ftLastAccessTime.dwHighDateTime=0x1d4cc27, ftLastWriteTime.dwLowDateTime=0x7d7f6224, ftLastWriteTime.dwHighDateTime=0x1d57301, nFileSizeHigh=0x0, nFileSizeLow=0xaee0)) returned 1 [0088.748] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfebe0) returned 1 [0088.748] MoveFileW (lpExistingFileName="C:\\Users\\FD1HVy\\Desktop\\7ZIEneEWitQXloMb.mkv" (normalized: "c:\\users\\fd1hvy\\desktop\\7zieneewitqxlomb.mkv"), lpNewFileName="C:\\Users\\FD1HVy\\Desktop\\7ZIEneEWitQXloMb.mkv.shade8" (normalized: "c:\\users\\fd1hvy\\desktop\\7zieneewitqxlomb.mkv.shade8")) returned 1 [0088.749] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\aaEh1XjueF.png", nBufferLength=0x105, lpBuffer=0xcfe620, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\aaEh1XjueF.png", lpFilePart=0x0) returned 0x26 [0088.749] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeb64) returned 1 [0088.749] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\aaEh1XjueF.png" (normalized: "c:\\users\\fd1hvy\\desktop\\aaeh1xjuef.png"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2c8 [0088.749] GetFileType (hFile=0x2c8) returned 0x1 [0088.749] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeb60) returned 1 [0088.749] GetFileType (hFile=0x2c8) returned 0x1 [0088.749] GetFileSize (in: hFile=0x2c8, lpFileSizeHigh=0xcfec60 | out: lpFileSizeHigh=0xcfec60*=0x0) returned 0x3ce5 [0088.750] ReadFile (in: hFile=0x2c8, lpBuffer=0x2cc510c, nNumberOfBytesToRead=0x3ce5, lpNumberOfBytesRead=0xcfec0c, lpOverlapped=0x0 | out: lpBuffer=0x2cc510c*, lpNumberOfBytesRead=0xcfec0c*=0x3ce5, lpOverlapped=0x0) returned 1 [0088.750] CloseHandle (hObject=0x2c8) returned 1 [0088.849] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", nBufferLength=0x105, lpBuffer=0xcfe724, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", lpFilePart=0x0) returned 0x2c [0088.849] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfebd8) returned 1 [0088.849] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8" (normalized: "c:\\users\\fd1hvy\\desktop\\read_this.txt.shade8"), fInfoLevelId=0x0, lpFileInformation=0xcfec54 | out: lpFileInformation=0xcfec54*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0088.849] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfebd4) returned 1 [0088.849] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\aaEh1XjueF.png", nBufferLength=0x105, lpBuffer=0xcfe60c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\aaEh1XjueF.png", lpFilePart=0x0) returned 0x26 [0088.850] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeb50) returned 1 [0088.850] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\aaEh1XjueF.png" (normalized: "c:\\users\\fd1hvy\\desktop\\aaeh1xjuef.png"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2c8 [0088.851] GetFileType (hFile=0x2c8) returned 0x1 [0088.851] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeb4c) returned 1 [0088.851] GetFileType (hFile=0x2c8) returned 0x1 [0088.851] WriteFile (in: hFile=0x2c8, lpBuffer=0x2d24fa8*, nNumberOfBytesToWrite=0x3cf0, lpNumberOfBytesWritten=0xcfec00, lpOverlapped=0x0 | out: lpBuffer=0x2d24fa8*, lpNumberOfBytesWritten=0xcfec00*=0x3cf0, lpOverlapped=0x0) returned 1 [0088.852] CloseHandle (hObject=0x2c8) returned 1 [0088.853] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\aaEh1XjueF.png", nBufferLength=0x105, lpBuffer=0xcfe730, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\aaEh1XjueF.png", lpFilePart=0x0) returned 0x26 [0088.853] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\aaEh1XjueF.png.shade8", nBufferLength=0x105, lpBuffer=0xcfe730, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\aaEh1XjueF.png.shade8", lpFilePart=0x0) returned 0x2d [0088.853] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfebe4) returned 1 [0088.853] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\aaEh1XjueF.png" (normalized: "c:\\users\\fd1hvy\\desktop\\aaeh1xjuef.png"), fInfoLevelId=0x0, lpFileInformation=0xcfec60 | out: lpFileInformation=0xcfec60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf3710cd0, ftCreationTime.dwHighDateTime=0x1d4ccbb, ftLastAccessTime.dwLowDateTime=0xdc888070, ftLastAccessTime.dwHighDateTime=0x1d4c84c, ftLastWriteTime.dwLowDateTime=0x7d901265, ftLastWriteTime.dwHighDateTime=0x1d57301, nFileSizeHigh=0x0, nFileSizeLow=0x3cf0)) returned 1 [0088.853] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfebe0) returned 1 [0088.853] MoveFileW (lpExistingFileName="C:\\Users\\FD1HVy\\Desktop\\aaEh1XjueF.png" (normalized: "c:\\users\\fd1hvy\\desktop\\aaeh1xjuef.png"), lpNewFileName="C:\\Users\\FD1HVy\\Desktop\\aaEh1XjueF.png.shade8" (normalized: "c:\\users\\fd1hvy\\desktop\\aaeh1xjuef.png.shade8")) returned 1 [0088.854] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\AcxbjLr4LDb.jpg", nBufferLength=0x105, lpBuffer=0xcfe620, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\AcxbjLr4LDb.jpg", lpFilePart=0x0) returned 0x27 [0088.854] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeb64) returned 1 [0088.854] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\AcxbjLr4LDb.jpg" (normalized: "c:\\users\\fd1hvy\\desktop\\acxbjlr4ldb.jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2c8 [0088.854] GetFileType (hFile=0x2c8) returned 0x1 [0088.854] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeb60) returned 1 [0088.854] GetFileType (hFile=0x2c8) returned 0x1 [0088.854] GetFileSize (in: hFile=0x2c8, lpFileSizeHigh=0xcfec60 | out: lpFileSizeHigh=0xcfec60*=0x0) returned 0x1367f [0088.855] ReadFile (in: hFile=0x2c8, lpBuffer=0x2d290e0, nNumberOfBytesToRead=0x1367f, lpNumberOfBytesRead=0xcfec0c, lpOverlapped=0x0 | out: lpBuffer=0x2d290e0*, lpNumberOfBytesRead=0xcfec0c*=0x1367f, lpOverlapped=0x0) returned 1 [0088.862] CloseHandle (hObject=0x2c8) returned 1 [0088.894] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", nBufferLength=0x105, lpBuffer=0xcfe724, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", lpFilePart=0x0) returned 0x2c [0088.894] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfebd8) returned 1 [0088.894] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8" (normalized: "c:\\users\\fd1hvy\\desktop\\read_this.txt.shade8"), fInfoLevelId=0x0, lpFileInformation=0xcfec54 | out: lpFileInformation=0xcfec54*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0088.895] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfebd4) returned 1 [0088.895] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\AcxbjLr4LDb.jpg", nBufferLength=0x105, lpBuffer=0xcfe60c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\AcxbjLr4LDb.jpg", lpFilePart=0x0) returned 0x27 [0088.895] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeb50) returned 1 [0088.895] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\AcxbjLr4LDb.jpg" (normalized: "c:\\users\\fd1hvy\\desktop\\acxbjlr4ldb.jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2c8 [0088.896] GetFileType (hFile=0x2c8) returned 0x1 [0088.896] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeb4c) returned 1 [0088.896] GetFileType (hFile=0x2c8) returned 0x1 [0088.896] WriteFile (in: hFile=0x2c8, lpBuffer=0x2db0260*, nNumberOfBytesToWrite=0x13680, lpNumberOfBytesWritten=0xcfec00, lpOverlapped=0x0 | out: lpBuffer=0x2db0260*, lpNumberOfBytesWritten=0xcfec00*=0x13680, lpOverlapped=0x0) returned 1 [0088.898] CloseHandle (hObject=0x2c8) returned 1 [0088.901] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\AcxbjLr4LDb.jpg", nBufferLength=0x105, lpBuffer=0xcfe730, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\AcxbjLr4LDb.jpg", lpFilePart=0x0) returned 0x27 [0088.901] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\AcxbjLr4LDb.jpg.shade8", nBufferLength=0x105, lpBuffer=0xcfe730, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\AcxbjLr4LDb.jpg.shade8", lpFilePart=0x0) returned 0x2e [0088.901] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfebe4) returned 1 [0088.901] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\AcxbjLr4LDb.jpg" (normalized: "c:\\users\\fd1hvy\\desktop\\acxbjlr4ldb.jpg"), fInfoLevelId=0x0, lpFileInformation=0xcfec60 | out: lpFileInformation=0xcfec60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x701b9e30, ftCreationTime.dwHighDateTime=0x1d4cece, ftLastAccessTime.dwLowDateTime=0xc0bf6d10, ftLastAccessTime.dwHighDateTime=0x1d4cc14, ftLastWriteTime.dwLowDateTime=0x7d973a03, ftLastWriteTime.dwHighDateTime=0x1d57301, nFileSizeHigh=0x0, nFileSizeLow=0x13680)) returned 1 [0088.901] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfebe0) returned 1 [0088.901] MoveFileW (lpExistingFileName="C:\\Users\\FD1HVy\\Desktop\\AcxbjLr4LDb.jpg" (normalized: "c:\\users\\fd1hvy\\desktop\\acxbjlr4ldb.jpg"), lpNewFileName="C:\\Users\\FD1HVy\\Desktop\\AcxbjLr4LDb.jpg.shade8" (normalized: "c:\\users\\fd1hvy\\desktop\\acxbjlr4ldb.jpg.shade8")) returned 1 [0088.902] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\bnfqHdQMvbV9fl.odt", nBufferLength=0x105, lpBuffer=0xcfe620, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\bnfqHdQMvbV9fl.odt", lpFilePart=0x0) returned 0x2a [0088.902] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeb64) returned 1 [0088.902] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\bnfqHdQMvbV9fl.odt" (normalized: "c:\\users\\fd1hvy\\desktop\\bnfqhdqmvbv9fl.odt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2c8 [0088.902] GetFileType (hFile=0x2c8) returned 0x1 [0088.902] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeb60) returned 1 [0088.902] GetFileType (hFile=0x2c8) returned 0x1 [0088.902] GetFileSize (in: hFile=0x2c8, lpFileSizeHigh=0xcfec60 | out: lpFileSizeHigh=0xcfec60*=0x0) returned 0xf736 [0088.903] ReadFile (in: hFile=0x2c8, lpBuffer=0x2dc3d58, nNumberOfBytesToRead=0xf736, lpNumberOfBytesRead=0xcfec0c, lpOverlapped=0x0 | out: lpBuffer=0x2dc3d58*, lpNumberOfBytesRead=0xcfec0c*=0xf736, lpOverlapped=0x0) returned 1 [0088.909] CloseHandle (hObject=0x2c8) returned 1 [0088.939] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", nBufferLength=0x105, lpBuffer=0xcfe724, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", lpFilePart=0x0) returned 0x2c [0088.939] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfebd8) returned 1 [0088.939] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8" (normalized: "c:\\users\\fd1hvy\\desktop\\read_this.txt.shade8"), fInfoLevelId=0x0, lpFileInformation=0xcfec54 | out: lpFileInformation=0xcfec54*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0088.939] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfebd4) returned 1 [0088.939] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\bnfqHdQMvbV9fl.odt", nBufferLength=0x105, lpBuffer=0xcfe60c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\bnfqHdQMvbV9fl.odt", lpFilePart=0x0) returned 0x2a [0088.939] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeb50) returned 1 [0088.939] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\bnfqHdQMvbV9fl.odt" (normalized: "c:\\users\\fd1hvy\\desktop\\bnfqhdqmvbv9fl.odt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2c8 [0088.941] GetFileType (hFile=0x2c8) returned 0x1 [0088.941] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeb4c) returned 1 [0088.941] GetFileType (hFile=0x2c8) returned 0x1 [0088.941] WriteFile (in: hFile=0x2c8, lpBuffer=0x2e3f118*, nNumberOfBytesToWrite=0xf740, lpNumberOfBytesWritten=0xcfec00, lpOverlapped=0x0 | out: lpBuffer=0x2e3f118*, lpNumberOfBytesWritten=0xcfec00*=0xf740, lpOverlapped=0x0) returned 1 [0088.942] CloseHandle (hObject=0x2c8) returned 1 [0088.944] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\bnfqHdQMvbV9fl.odt", nBufferLength=0x105, lpBuffer=0xcfe730, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\bnfqHdQMvbV9fl.odt", lpFilePart=0x0) returned 0x2a [0088.944] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\bnfqHdQMvbV9fl.odt.shade8", nBufferLength=0x105, lpBuffer=0xcfe730, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\bnfqHdQMvbV9fl.odt.shade8", lpFilePart=0x0) returned 0x31 [0088.944] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfebe4) returned 1 [0088.944] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\bnfqHdQMvbV9fl.odt" (normalized: "c:\\users\\fd1hvy\\desktop\\bnfqhdqmvbv9fl.odt"), fInfoLevelId=0x0, lpFileInformation=0xcfec60 | out: lpFileInformation=0xcfec60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd0064e80, ftCreationTime.dwHighDateTime=0x1d4d5b8, ftLastAccessTime.dwLowDateTime=0xce24b240, ftLastAccessTime.dwHighDateTime=0x1d4d3c0, ftLastWriteTime.dwLowDateTime=0x7d9e611b, ftLastWriteTime.dwHighDateTime=0x1d57301, nFileSizeHigh=0x0, nFileSizeLow=0xf740)) returned 1 [0088.945] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfebe0) returned 1 [0088.945] MoveFileW (lpExistingFileName="C:\\Users\\FD1HVy\\Desktop\\bnfqHdQMvbV9fl.odt" (normalized: "c:\\users\\fd1hvy\\desktop\\bnfqhdqmvbv9fl.odt"), lpNewFileName="C:\\Users\\FD1HVy\\Desktop\\bnfqHdQMvbV9fl.odt.shade8" (normalized: "c:\\users\\fd1hvy\\desktop\\bnfqhdqmvbv9fl.odt.shade8")) returned 1 [0088.945] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\cnPcqpR6mYKwWbfY5xX.bmp", nBufferLength=0x105, lpBuffer=0xcfe620, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\cnPcqpR6mYKwWbfY5xX.bmp", lpFilePart=0x0) returned 0x2f [0088.945] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeb64) returned 1 [0088.945] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\cnPcqpR6mYKwWbfY5xX.bmp" (normalized: "c:\\users\\fd1hvy\\desktop\\cnpcqpr6mykwwbfy5xx.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2c8 [0088.945] GetFileType (hFile=0x2c8) returned 0x1 [0088.945] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeb60) returned 1 [0088.945] GetFileType (hFile=0x2c8) returned 0x1 [0088.945] GetFileSize (in: hFile=0x2c8, lpFileSizeHigh=0xcfec60 | out: lpFileSizeHigh=0xcfec60*=0x0) returned 0x8ff3 [0088.946] ReadFile (in: hFile=0x2c8, lpBuffer=0x2e4ed00, nNumberOfBytesToRead=0x8ff3, lpNumberOfBytesRead=0xcfec0c, lpOverlapped=0x0 | out: lpBuffer=0x2e4ed00*, lpNumberOfBytesRead=0xcfec0c*=0x8ff3, lpOverlapped=0x0) returned 1 [0088.952] CloseHandle (hObject=0x2c8) returned 1 [0089.096] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", nBufferLength=0x105, lpBuffer=0xcfe724, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", lpFilePart=0x0) returned 0x2c [0089.097] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfebd8) returned 1 [0089.097] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8" (normalized: "c:\\users\\fd1hvy\\desktop\\read_this.txt.shade8"), fInfoLevelId=0x0, lpFileInformation=0xcfec54 | out: lpFileInformation=0xcfec54*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0089.097] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfebd4) returned 1 [0089.097] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\cnPcqpR6mYKwWbfY5xX.bmp", nBufferLength=0x105, lpBuffer=0xcfe60c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\cnPcqpR6mYKwWbfY5xX.bmp", lpFilePart=0x0) returned 0x2f [0089.097] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeb50) returned 1 [0089.097] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\cnPcqpR6mYKwWbfY5xX.bmp" (normalized: "c:\\users\\fd1hvy\\desktop\\cnpcqpr6mykwwbfy5xx.bmp"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2c8 [0089.098] GetFileType (hFile=0x2c8) returned 0x1 [0089.098] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeb4c) returned 1 [0089.098] GetFileType (hFile=0x2c8) returned 0x1 [0089.098] WriteFile (in: hFile=0x2c8, lpBuffer=0x2c3cf60*, nNumberOfBytesToWrite=0x9000, lpNumberOfBytesWritten=0xcfec00, lpOverlapped=0x0 | out: lpBuffer=0x2c3cf60*, lpNumberOfBytesWritten=0xcfec00*=0x9000, lpOverlapped=0x0) returned 1 [0089.100] CloseHandle (hObject=0x2c8) returned 1 [0089.101] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\cnPcqpR6mYKwWbfY5xX.bmp", nBufferLength=0x105, lpBuffer=0xcfe730, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\cnPcqpR6mYKwWbfY5xX.bmp", lpFilePart=0x0) returned 0x2f [0089.101] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\cnPcqpR6mYKwWbfY5xX.bmp.shade8", nBufferLength=0x105, lpBuffer=0xcfe730, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\cnPcqpR6mYKwWbfY5xX.bmp.shade8", lpFilePart=0x0) returned 0x36 [0089.101] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfebe4) returned 1 [0089.102] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\cnPcqpR6mYKwWbfY5xX.bmp" (normalized: "c:\\users\\fd1hvy\\desktop\\cnpcqpr6mykwwbfy5xx.bmp"), fInfoLevelId=0x0, lpFileInformation=0xcfec60 | out: lpFileInformation=0xcfec60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd4688720, ftCreationTime.dwHighDateTime=0x1d4caf7, ftLastAccessTime.dwLowDateTime=0x680b6ba0, ftLastAccessTime.dwHighDateTime=0x1d4d453, ftLastWriteTime.dwLowDateTime=0x7db637a6, ftLastWriteTime.dwHighDateTime=0x1d57301, nFileSizeHigh=0x0, nFileSizeLow=0x9000)) returned 1 [0089.102] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfebe0) returned 1 [0089.102] MoveFileW (lpExistingFileName="C:\\Users\\FD1HVy\\Desktop\\cnPcqpR6mYKwWbfY5xX.bmp" (normalized: "c:\\users\\fd1hvy\\desktop\\cnpcqpr6mykwwbfy5xx.bmp"), lpNewFileName="C:\\Users\\FD1HVy\\Desktop\\cnPcqpR6mYKwWbfY5xX.bmp.shade8" (normalized: "c:\\users\\fd1hvy\\desktop\\cnpcqpr6mykwwbfy5xx.bmp.shade8")) returned 1 [0089.102] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\D_BOLwQrlF.jpg", nBufferLength=0x105, lpBuffer=0xcfe620, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\D_BOLwQrlF.jpg", lpFilePart=0x0) returned 0x26 [0089.102] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeb64) returned 1 [0089.102] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\D_BOLwQrlF.jpg" (normalized: "c:\\users\\fd1hvy\\desktop\\d_bolwqrlf.jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2c8 [0089.102] GetFileType (hFile=0x2c8) returned 0x1 [0089.102] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeb60) returned 1 [0089.103] GetFileType (hFile=0x2c8) returned 0x1 [0089.103] GetFileSize (in: hFile=0x2c8, lpFileSizeHigh=0xcfec60 | out: lpFileSizeHigh=0xcfec60*=0x0) returned 0x6319 [0089.103] ReadFile (in: hFile=0x2c8, lpBuffer=0x2c46418, nNumberOfBytesToRead=0x6319, lpNumberOfBytesRead=0xcfec0c, lpOverlapped=0x0 | out: lpBuffer=0x2c46418*, lpNumberOfBytesRead=0xcfec0c*=0x6319, lpOverlapped=0x0) returned 1 [0089.103] CloseHandle (hObject=0x2c8) returned 1 [0089.119] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", nBufferLength=0x105, lpBuffer=0xcfe724, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", lpFilePart=0x0) returned 0x2c [0089.119] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfebd8) returned 1 [0089.119] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8" (normalized: "c:\\users\\fd1hvy\\desktop\\read_this.txt.shade8"), fInfoLevelId=0x0, lpFileInformation=0xcfec54 | out: lpFileInformation=0xcfec54*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0089.119] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfebd4) returned 1 [0089.119] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\D_BOLwQrlF.jpg", nBufferLength=0x105, lpBuffer=0xcfe60c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\D_BOLwQrlF.jpg", lpFilePart=0x0) returned 0x26 [0089.119] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeb50) returned 1 [0089.119] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\D_BOLwQrlF.jpg" (normalized: "c:\\users\\fd1hvy\\desktop\\d_bolwqrlf.jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2c8 [0089.120] GetFileType (hFile=0x2c8) returned 0x1 [0089.120] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeb4c) returned 1 [0089.120] GetFileType (hFile=0x2c8) returned 0x1 [0089.121] WriteFile (in: hFile=0x2c8, lpBuffer=0x2cb2300*, nNumberOfBytesToWrite=0x6320, lpNumberOfBytesWritten=0xcfec00, lpOverlapped=0x0 | out: lpBuffer=0x2cb2300*, lpNumberOfBytesWritten=0xcfec00*=0x6320, lpOverlapped=0x0) returned 1 [0089.122] CloseHandle (hObject=0x2c8) returned 1 [0089.126] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\D_BOLwQrlF.jpg", nBufferLength=0x105, lpBuffer=0xcfe730, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\D_BOLwQrlF.jpg", lpFilePart=0x0) returned 0x26 [0089.126] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\D_BOLwQrlF.jpg.shade8", nBufferLength=0x105, lpBuffer=0xcfe730, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\D_BOLwQrlF.jpg.shade8", lpFilePart=0x0) returned 0x2d [0089.126] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfebe4) returned 1 [0089.126] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\D_BOLwQrlF.jpg" (normalized: "c:\\users\\fd1hvy\\desktop\\d_bolwqrlf.jpg"), fInfoLevelId=0x0, lpFileInformation=0xcfec60 | out: lpFileInformation=0xcfec60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2e07d450, ftCreationTime.dwHighDateTime=0x1d4d19e, ftLastAccessTime.dwLowDateTime=0xdd4114a0, ftLastAccessTime.dwHighDateTime=0x1d4c6e4, ftLastWriteTime.dwLowDateTime=0x7dbb0ed1, ftLastWriteTime.dwHighDateTime=0x1d57301, nFileSizeHigh=0x0, nFileSizeLow=0x6320)) returned 1 [0089.127] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfebe0) returned 1 [0089.127] MoveFileW (lpExistingFileName="C:\\Users\\FD1HVy\\Desktop\\D_BOLwQrlF.jpg" (normalized: "c:\\users\\fd1hvy\\desktop\\d_bolwqrlf.jpg"), lpNewFileName="C:\\Users\\FD1HVy\\Desktop\\D_BOLwQrlF.jpg.shade8" (normalized: "c:\\users\\fd1hvy\\desktop\\d_bolwqrlf.jpg.shade8")) returned 1 [0089.127] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\Hvq8LtKn_XVWH2w m.mp3", nBufferLength=0x105, lpBuffer=0xcfe620, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\Hvq8LtKn_XVWH2w m.mp3", lpFilePart=0x0) returned 0x2d [0089.128] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeb64) returned 1 [0089.128] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\Hvq8LtKn_XVWH2w m.mp3" (normalized: "c:\\users\\fd1hvy\\desktop\\hvq8ltkn_xvwh2w m.mp3"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2c8 [0089.128] GetFileType (hFile=0x2c8) returned 0x1 [0089.128] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeb60) returned 1 [0089.128] GetFileType (hFile=0x2c8) returned 0x1 [0089.128] GetFileSize (in: hFile=0x2c8, lpFileSizeHigh=0xcfec60 | out: lpFileSizeHigh=0xcfec60*=0x0) returned 0x189cd [0089.128] ReadFile (in: hFile=0x2c8, lpBuffer=0x3d6e170, nNumberOfBytesToRead=0x189cd, lpNumberOfBytesRead=0xcfec0c, lpOverlapped=0x0 | out: lpBuffer=0x3d6e170*, lpNumberOfBytesRead=0xcfec0c*=0x189cd, lpOverlapped=0x0) returned 1 [0089.129] CloseHandle (hObject=0x2c8) returned 1 [0089.147] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", nBufferLength=0x105, lpBuffer=0xcfe724, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", lpFilePart=0x0) returned 0x2c [0089.147] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfebd8) returned 1 [0089.147] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8" (normalized: "c:\\users\\fd1hvy\\desktop\\read_this.txt.shade8"), fInfoLevelId=0x0, lpFileInformation=0xcfec54 | out: lpFileInformation=0xcfec54*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0089.147] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfebd4) returned 1 [0089.147] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\Hvq8LtKn_XVWH2w m.mp3", nBufferLength=0x105, lpBuffer=0xcfe60c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\Hvq8LtKn_XVWH2w m.mp3", lpFilePart=0x0) returned 0x2d [0089.147] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeb50) returned 1 [0089.147] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\Hvq8LtKn_XVWH2w m.mp3" (normalized: "c:\\users\\fd1hvy\\desktop\\hvq8ltkn_xvwh2w m.mp3"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2c8 [0089.149] GetFileType (hFile=0x2c8) returned 0x1 [0089.149] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeb4c) returned 1 [0089.149] GetFileType (hFile=0x2c8) returned 0x1 [0089.149] WriteFile (in: hFile=0x2c8, lpBuffer=0x3de92c0*, nNumberOfBytesToWrite=0x189d0, lpNumberOfBytesWritten=0xcfec00, lpOverlapped=0x0 | out: lpBuffer=0x3de92c0*, lpNumberOfBytesWritten=0xcfec00*=0x189d0, lpOverlapped=0x0) returned 1 [0089.151] CloseHandle (hObject=0x2c8) returned 1 [0089.155] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\Hvq8LtKn_XVWH2w m.mp3", nBufferLength=0x105, lpBuffer=0xcfe730, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\Hvq8LtKn_XVWH2w m.mp3", lpFilePart=0x0) returned 0x2d [0089.155] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\Hvq8LtKn_XVWH2w m.mp3.shade8", nBufferLength=0x105, lpBuffer=0xcfe730, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\Hvq8LtKn_XVWH2w m.mp3.shade8", lpFilePart=0x0) returned 0x34 [0089.155] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfebe4) returned 1 [0089.155] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\Hvq8LtKn_XVWH2w m.mp3" (normalized: "c:\\users\\fd1hvy\\desktop\\hvq8ltkn_xvwh2w m.mp3"), fInfoLevelId=0x0, lpFileInformation=0xcfec60 | out: lpFileInformation=0xcfec60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x18a8d830, ftCreationTime.dwHighDateTime=0x1d4d5c1, ftLastAccessTime.dwLowDateTime=0x106dad90, ftLastAccessTime.dwHighDateTime=0x1d4d14c, ftLastWriteTime.dwLowDateTime=0x7dbfc229, ftLastWriteTime.dwHighDateTime=0x1d57301, nFileSizeHigh=0x0, nFileSizeLow=0x189d0)) returned 1 [0089.155] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfebe0) returned 1 [0089.155] MoveFileW (lpExistingFileName="C:\\Users\\FD1HVy\\Desktop\\Hvq8LtKn_XVWH2w m.mp3" (normalized: "c:\\users\\fd1hvy\\desktop\\hvq8ltkn_xvwh2w m.mp3"), lpNewFileName="C:\\Users\\FD1HVy\\Desktop\\Hvq8LtKn_XVWH2w m.mp3.shade8" (normalized: "c:\\users\\fd1hvy\\desktop\\hvq8ltkn_xvwh2w m.mp3.shade8")) returned 1 [0089.155] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\johsiurt.avi", nBufferLength=0x105, lpBuffer=0xcfe620, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\johsiurt.avi", lpFilePart=0x0) returned 0x24 [0089.155] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeb64) returned 1 [0089.155] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\johsiurt.avi" (normalized: "c:\\users\\fd1hvy\\desktop\\johsiurt.avi"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2c8 [0089.156] GetFileType (hFile=0x2c8) returned 0x1 [0089.156] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeb60) returned 1 [0089.156] GetFileType (hFile=0x2c8) returned 0x1 [0089.156] GetFileSize (in: hFile=0x2c8, lpFileSizeHigh=0xcfec60 | out: lpFileSizeHigh=0xcfec60*=0x0) returned 0x6b2d [0089.156] ReadFile (in: hFile=0x2c8, lpBuffer=0x2d05d54, nNumberOfBytesToRead=0x6b2d, lpNumberOfBytesRead=0xcfec0c, lpOverlapped=0x0 | out: lpBuffer=0x2d05d54*, lpNumberOfBytesRead=0xcfec0c*=0x6b2d, lpOverlapped=0x0) returned 1 [0089.156] CloseHandle (hObject=0x2c8) returned 1 [0089.206] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", nBufferLength=0x105, lpBuffer=0xcfe724, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", lpFilePart=0x0) returned 0x2c [0089.206] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfebd8) returned 1 [0089.206] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8" (normalized: "c:\\users\\fd1hvy\\desktop\\read_this.txt.shade8"), fInfoLevelId=0x0, lpFileInformation=0xcfec54 | out: lpFileInformation=0xcfec54*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0089.206] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfebd4) returned 1 [0089.206] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\johsiurt.avi", nBufferLength=0x105, lpBuffer=0xcfe60c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\johsiurt.avi", lpFilePart=0x0) returned 0x24 [0089.206] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeb50) returned 1 [0089.207] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\johsiurt.avi" (normalized: "c:\\users\\fd1hvy\\desktop\\johsiurt.avi"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2c8 [0089.208] GetFileType (hFile=0x2c8) returned 0x1 [0089.208] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeb4c) returned 1 [0089.208] GetFileType (hFile=0x2c8) returned 0x1 [0089.208] WriteFile (in: hFile=0x2c8, lpBuffer=0x2d74330*, nNumberOfBytesToWrite=0x6b30, lpNumberOfBytesWritten=0xcfec00, lpOverlapped=0x0 | out: lpBuffer=0x2d74330*, lpNumberOfBytesWritten=0xcfec00*=0x6b30, lpOverlapped=0x0) returned 1 [0089.209] CloseHandle (hObject=0x2c8) returned 1 [0089.210] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\johsiurt.avi", nBufferLength=0x105, lpBuffer=0xcfe730, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\johsiurt.avi", lpFilePart=0x0) returned 0x24 [0089.210] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\johsiurt.avi.shade8", nBufferLength=0x105, lpBuffer=0xcfe730, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\johsiurt.avi.shade8", lpFilePart=0x0) returned 0x2b [0089.210] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfebe4) returned 1 [0089.211] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\johsiurt.avi" (normalized: "c:\\users\\fd1hvy\\desktop\\johsiurt.avi"), fInfoLevelId=0x0, lpFileInformation=0xcfec60 | out: lpFileInformation=0xcfec60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf530d470, ftCreationTime.dwHighDateTime=0x1d4cb2a, ftLastAccessTime.dwLowDateTime=0x32b9aaa0, ftLastAccessTime.dwHighDateTime=0x1d4d2b1, ftLastWriteTime.dwLowDateTime=0x7dc6e85e, ftLastWriteTime.dwHighDateTime=0x1d57301, nFileSizeHigh=0x0, nFileSizeLow=0x6b30)) returned 1 [0089.211] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfebe0) returned 1 [0089.211] MoveFileW (lpExistingFileName="C:\\Users\\FD1HVy\\Desktop\\johsiurt.avi" (normalized: "c:\\users\\fd1hvy\\desktop\\johsiurt.avi"), lpNewFileName="C:\\Users\\FD1HVy\\Desktop\\johsiurt.avi.shade8" (normalized: "c:\\users\\fd1hvy\\desktop\\johsiurt.avi.shade8")) returned 1 [0089.211] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\nsv C_SWnxDSit.avi", nBufferLength=0x105, lpBuffer=0xcfe620, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\nsv C_SWnxDSit.avi", lpFilePart=0x0) returned 0x2a [0089.211] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeb64) returned 1 [0089.211] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\nsv C_SWnxDSit.avi" (normalized: "c:\\users\\fd1hvy\\desktop\\nsv c_swnxdsit.avi"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2c8 [0089.211] GetFileType (hFile=0x2c8) returned 0x1 [0089.211] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeb60) returned 1 [0089.212] GetFileType (hFile=0x2c8) returned 0x1 [0089.212] GetFileSize (in: hFile=0x2c8, lpFileSizeHigh=0xcfec60 | out: lpFileSizeHigh=0xcfec60*=0x0) returned 0x1ae4 [0089.212] ReadFile (in: hFile=0x2c8, lpBuffer=0x2d7b2a4, nNumberOfBytesToRead=0x1ae4, lpNumberOfBytesRead=0xcfec0c, lpOverlapped=0x0 | out: lpBuffer=0x2d7b2a4*, lpNumberOfBytesRead=0xcfec0c*=0x1ae4, lpOverlapped=0x0) returned 1 [0089.212] CloseHandle (hObject=0x2c8) returned 1 [0089.227] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", nBufferLength=0x105, lpBuffer=0xcfe724, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", lpFilePart=0x0) returned 0x2c [0089.227] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfebd8) returned 1 [0089.227] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8" (normalized: "c:\\users\\fd1hvy\\desktop\\read_this.txt.shade8"), fInfoLevelId=0x0, lpFileInformation=0xcfec54 | out: lpFileInformation=0xcfec54*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0089.227] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfebd4) returned 1 [0089.227] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\nsv C_SWnxDSit.avi", nBufferLength=0x105, lpBuffer=0xcfe60c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\nsv C_SWnxDSit.avi", lpFilePart=0x0) returned 0x2a [0089.227] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeb50) returned 1 [0089.228] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\nsv C_SWnxDSit.avi" (normalized: "c:\\users\\fd1hvy\\desktop\\nsv c_swnxdsit.avi"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2c8 [0089.228] GetFileType (hFile=0x2c8) returned 0x1 [0089.228] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeb4c) returned 1 [0089.229] GetFileType (hFile=0x2c8) returned 0x1 [0089.229] WriteFile (in: hFile=0x2c8, lpBuffer=0x2dd073c*, nNumberOfBytesToWrite=0x1af0, lpNumberOfBytesWritten=0xcfec00, lpOverlapped=0x0 | out: lpBuffer=0x2dd073c*, lpNumberOfBytesWritten=0xcfec00*=0x1af0, lpOverlapped=0x0) returned 1 [0089.230] CloseHandle (hObject=0x2c8) returned 1 [0089.231] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\nsv C_SWnxDSit.avi", nBufferLength=0x105, lpBuffer=0xcfe730, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\nsv C_SWnxDSit.avi", lpFilePart=0x0) returned 0x2a [0089.231] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\nsv C_SWnxDSit.avi.shade8", nBufferLength=0x105, lpBuffer=0xcfe730, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\nsv C_SWnxDSit.avi.shade8", lpFilePart=0x0) returned 0x31 [0089.231] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfebe4) returned 1 [0089.231] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\nsv C_SWnxDSit.avi" (normalized: "c:\\users\\fd1hvy\\desktop\\nsv c_swnxdsit.avi"), fInfoLevelId=0x0, lpFileInformation=0xcfec60 | out: lpFileInformation=0xcfec60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe3cf20f0, ftCreationTime.dwHighDateTime=0x1d4cb58, ftLastAccessTime.dwLowDateTime=0x70370fc0, ftLastAccessTime.dwHighDateTime=0x1d4c8cb, ftLastWriteTime.dwLowDateTime=0x7dc94aff, ftLastWriteTime.dwHighDateTime=0x1d57301, nFileSizeHigh=0x0, nFileSizeLow=0x1af0)) returned 1 [0089.231] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfebe0) returned 1 [0089.231] MoveFileW (lpExistingFileName="C:\\Users\\FD1HVy\\Desktop\\nsv C_SWnxDSit.avi" (normalized: "c:\\users\\fd1hvy\\desktop\\nsv c_swnxdsit.avi"), lpNewFileName="C:\\Users\\FD1HVy\\Desktop\\nsv C_SWnxDSit.avi.shade8" (normalized: "c:\\users\\fd1hvy\\desktop\\nsv c_swnxdsit.avi.shade8")) returned 1 [0089.232] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\NYqfMfCSQ6IrgqU.xls", nBufferLength=0x105, lpBuffer=0xcfe620, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\NYqfMfCSQ6IrgqU.xls", lpFilePart=0x0) returned 0x2b [0089.232] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeb64) returned 1 [0089.232] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\NYqfMfCSQ6IrgqU.xls" (normalized: "c:\\users\\fd1hvy\\desktop\\nyqfmfcsq6irgqu.xls"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2c8 [0089.232] GetFileType (hFile=0x2c8) returned 0x1 [0089.252] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeb60) returned 1 [0089.253] GetFileType (hFile=0x2c8) returned 0x1 [0089.253] GetFileSize (in: hFile=0x2c8, lpFileSizeHigh=0xcfec60 | out: lpFileSizeHigh=0xcfec60*=0x0) returned 0x10274 [0089.253] ReadFile (in: hFile=0x2c8, lpBuffer=0x2dd26ac, nNumberOfBytesToRead=0x10274, lpNumberOfBytesRead=0xcfec0c, lpOverlapped=0x0 | out: lpBuffer=0x2dd26ac*, lpNumberOfBytesRead=0xcfec0c*=0x10274, lpOverlapped=0x0) returned 1 [0089.254] CloseHandle (hObject=0x2c8) returned 1 [0089.394] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", nBufferLength=0x105, lpBuffer=0xcfe724, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", lpFilePart=0x0) returned 0x2c [0089.394] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfebd8) returned 1 [0089.394] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8" (normalized: "c:\\users\\fd1hvy\\desktop\\read_this.txt.shade8"), fInfoLevelId=0x0, lpFileInformation=0xcfec54 | out: lpFileInformation=0xcfec54*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0089.394] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfebd4) returned 1 [0089.394] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\NYqfMfCSQ6IrgqU.xls", nBufferLength=0x105, lpBuffer=0xcfe60c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\NYqfMfCSQ6IrgqU.xls", lpFilePart=0x0) returned 0x2b [0089.394] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeb50) returned 1 [0089.394] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\NYqfMfCSQ6IrgqU.xls" (normalized: "c:\\users\\fd1hvy\\desktop\\nyqfmfcsq6irgqu.xls"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2c8 [0089.396] GetFileType (hFile=0x2c8) returned 0x1 [0089.396] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeb4c) returned 1 [0089.396] GetFileType (hFile=0x2c8) returned 0x1 [0089.396] WriteFile (in: hFile=0x2c8, lpBuffer=0x2c481b8*, nNumberOfBytesToWrite=0x10280, lpNumberOfBytesWritten=0xcfec00, lpOverlapped=0x0 | out: lpBuffer=0x2c481b8*, lpNumberOfBytesWritten=0xcfec00*=0x10280, lpOverlapped=0x0) returned 1 [0089.398] CloseHandle (hObject=0x2c8) returned 1 [0089.400] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\NYqfMfCSQ6IrgqU.xls", nBufferLength=0x105, lpBuffer=0xcfe730, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\NYqfMfCSQ6IrgqU.xls", lpFilePart=0x0) returned 0x2b [0089.400] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\NYqfMfCSQ6IrgqU.xls.shade8", nBufferLength=0x105, lpBuffer=0xcfe730, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\NYqfMfCSQ6IrgqU.xls.shade8", lpFilePart=0x0) returned 0x32 [0089.400] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfebe4) returned 1 [0089.400] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\NYqfMfCSQ6IrgqU.xls" (normalized: "c:\\users\\fd1hvy\\desktop\\nyqfmfcsq6irgqu.xls"), fInfoLevelId=0x0, lpFileInformation=0xcfec60 | out: lpFileInformation=0xcfec60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4074cc0, ftCreationTime.dwHighDateTime=0x1d4d29e, ftLastAccessTime.dwLowDateTime=0xf0dc80c0, ftLastAccessTime.dwHighDateTime=0x1d4c901, ftLastWriteTime.dwLowDateTime=0x7de3800f, ftLastWriteTime.dwHighDateTime=0x1d57301, nFileSizeHigh=0x0, nFileSizeLow=0x10280)) returned 1 [0089.400] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfebe0) returned 1 [0089.401] MoveFileW (lpExistingFileName="C:\\Users\\FD1HVy\\Desktop\\NYqfMfCSQ6IrgqU.xls" (normalized: "c:\\users\\fd1hvy\\desktop\\nyqfmfcsq6irgqu.xls"), lpNewFileName="C:\\Users\\FD1HVy\\Desktop\\NYqfMfCSQ6IrgqU.xls.shade8" (normalized: "c:\\users\\fd1hvy\\desktop\\nyqfmfcsq6irgqu.xls.shade8")) returned 1 [0089.401] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\oYnk87aLwYtycgmkN.csv", nBufferLength=0x105, lpBuffer=0xcfe620, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\oYnk87aLwYtycgmkN.csv", lpFilePart=0x0) returned 0x2d [0089.401] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeb64) returned 1 [0089.401] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\oYnk87aLwYtycgmkN.csv" (normalized: "c:\\users\\fd1hvy\\desktop\\oynk87alwytycgmkn.csv"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2c8 [0089.401] GetFileType (hFile=0x2c8) returned 0x1 [0089.401] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeb60) returned 1 [0089.401] GetFileType (hFile=0x2c8) returned 0x1 [0089.401] GetFileSize (in: hFile=0x2c8, lpFileSizeHigh=0xcfec60 | out: lpFileSizeHigh=0xcfec60*=0x0) returned 0xe5a5 [0089.402] ReadFile (in: hFile=0x2c8, lpBuffer=0x2c588c8, nNumberOfBytesToRead=0xe5a5, lpNumberOfBytesRead=0xcfec0c, lpOverlapped=0x0 | out: lpBuffer=0x2c588c8*, lpNumberOfBytesRead=0xcfec0c*=0xe5a5, lpOverlapped=0x0) returned 1 [0089.402] CloseHandle (hObject=0x2c8) returned 1 [0089.430] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", nBufferLength=0x105, lpBuffer=0xcfe724, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", lpFilePart=0x0) returned 0x2c [0089.430] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfebd8) returned 1 [0089.430] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8" (normalized: "c:\\users\\fd1hvy\\desktop\\read_this.txt.shade8"), fInfoLevelId=0x0, lpFileInformation=0xcfec54 | out: lpFileInformation=0xcfec54*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0089.430] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfebd4) returned 1 [0089.430] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\oYnk87aLwYtycgmkN.csv", nBufferLength=0x105, lpBuffer=0xcfe60c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\oYnk87aLwYtycgmkN.csv", lpFilePart=0x0) returned 0x2d [0089.430] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeb50) returned 1 [0089.430] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\oYnk87aLwYtycgmkN.csv" (normalized: "c:\\users\\fd1hvy\\desktop\\oynk87alwytycgmkn.csv"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2c8 [0089.432] GetFileType (hFile=0x2c8) returned 0x1 [0089.432] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeb4c) returned 1 [0089.432] GetFileType (hFile=0x2c8) returned 0x1 [0089.432] WriteFile (in: hFile=0x2c8, lpBuffer=0x2cd0934*, nNumberOfBytesToWrite=0xe5b0, lpNumberOfBytesWritten=0xcfec00, lpOverlapped=0x0 | out: lpBuffer=0x2cd0934*, lpNumberOfBytesWritten=0xcfec00*=0xe5b0, lpOverlapped=0x0) returned 1 [0089.434] CloseHandle (hObject=0x2c8) returned 1 [0089.437] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\oYnk87aLwYtycgmkN.csv", nBufferLength=0x105, lpBuffer=0xcfe730, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\oYnk87aLwYtycgmkN.csv", lpFilePart=0x0) returned 0x2d [0089.437] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\oYnk87aLwYtycgmkN.csv.shade8", nBufferLength=0x105, lpBuffer=0xcfe730, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\oYnk87aLwYtycgmkN.csv.shade8", lpFilePart=0x0) returned 0x34 [0089.437] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfebe4) returned 1 [0089.437] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\oYnk87aLwYtycgmkN.csv" (normalized: "c:\\users\\fd1hvy\\desktop\\oynk87alwytycgmkn.csv"), fInfoLevelId=0x0, lpFileInformation=0xcfec60 | out: lpFileInformation=0xcfec60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf9011c90, ftCreationTime.dwHighDateTime=0x1d4cf2b, ftLastAccessTime.dwLowDateTime=0x562ed9e0, ftLastAccessTime.dwHighDateTime=0x1d4d420, ftLastWriteTime.dwLowDateTime=0x7deae63f, ftLastWriteTime.dwHighDateTime=0x1d57301, nFileSizeHigh=0x0, nFileSizeLow=0xe5b0)) returned 1 [0089.437] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfebe0) returned 1 [0089.437] MoveFileW (lpExistingFileName="C:\\Users\\FD1HVy\\Desktop\\oYnk87aLwYtycgmkN.csv" (normalized: "c:\\users\\fd1hvy\\desktop\\oynk87alwytycgmkn.csv"), lpNewFileName="C:\\Users\\FD1HVy\\Desktop\\oYnk87aLwYtycgmkN.csv.shade8" (normalized: "c:\\users\\fd1hvy\\desktop\\oynk87alwytycgmkn.csv.shade8")) returned 1 [0089.438] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\QP2lx_xY.mp3", nBufferLength=0x105, lpBuffer=0xcfe620, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\QP2lx_xY.mp3", lpFilePart=0x0) returned 0x24 [0089.438] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeb64) returned 1 [0089.438] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\QP2lx_xY.mp3" (normalized: "c:\\users\\fd1hvy\\desktop\\qp2lx_xy.mp3"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2c8 [0089.438] GetFileType (hFile=0x2c8) returned 0x1 [0089.438] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeb60) returned 1 [0089.438] GetFileType (hFile=0x2c8) returned 0x1 [0089.438] GetFileSize (in: hFile=0x2c8, lpFileSizeHigh=0xcfec60 | out: lpFileSizeHigh=0xcfec60*=0x0) returned 0xad7f [0089.438] ReadFile (in: hFile=0x2c8, lpBuffer=0x2cdf380, nNumberOfBytesToRead=0xad7f, lpNumberOfBytesRead=0xcfec0c, lpOverlapped=0x0 | out: lpBuffer=0x2cdf380*, lpNumberOfBytesRead=0xcfec0c*=0xad7f, lpOverlapped=0x0) returned 1 [0089.439] CloseHandle (hObject=0x2c8) returned 1 [0089.458] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", nBufferLength=0x105, lpBuffer=0xcfe724, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", lpFilePart=0x0) returned 0x2c [0089.458] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfebd8) returned 1 [0089.458] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8" (normalized: "c:\\users\\fd1hvy\\desktop\\read_this.txt.shade8"), fInfoLevelId=0x0, lpFileInformation=0xcfec54 | out: lpFileInformation=0xcfec54*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0089.458] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfebd4) returned 1 [0089.458] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\QP2lx_xY.mp3", nBufferLength=0x105, lpBuffer=0xcfe60c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\QP2lx_xY.mp3", lpFilePart=0x0) returned 0x24 [0089.458] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeb50) returned 1 [0089.458] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\QP2lx_xY.mp3" (normalized: "c:\\users\\fd1hvy\\desktop\\qp2lx_xy.mp3"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2c8 [0089.460] GetFileType (hFile=0x2c8) returned 0x1 [0089.460] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeb4c) returned 1 [0089.460] GetFileType (hFile=0x2c8) returned 0x1 [0089.460] WriteFile (in: hFile=0x2c8, lpBuffer=0x2d4ca00*, nNumberOfBytesToWrite=0xad80, lpNumberOfBytesWritten=0xcfec00, lpOverlapped=0x0 | out: lpBuffer=0x2d4ca00*, lpNumberOfBytesWritten=0xcfec00*=0xad80, lpOverlapped=0x0) returned 1 [0089.461] CloseHandle (hObject=0x2c8) returned 1 [0089.463] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\QP2lx_xY.mp3", nBufferLength=0x105, lpBuffer=0xcfe730, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\QP2lx_xY.mp3", lpFilePart=0x0) returned 0x24 [0089.463] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\QP2lx_xY.mp3.shade8", nBufferLength=0x105, lpBuffer=0xcfe730, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\QP2lx_xY.mp3.shade8", lpFilePart=0x0) returned 0x2b [0089.463] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfebe4) returned 1 [0089.463] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\QP2lx_xY.mp3" (normalized: "c:\\users\\fd1hvy\\desktop\\qp2lx_xy.mp3"), fInfoLevelId=0x0, lpFileInformation=0xcfec60 | out: lpFileInformation=0xcfec60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfb937050, ftCreationTime.dwHighDateTime=0x1d4ca82, ftLastAccessTime.dwLowDateTime=0xfc617b40, ftLastAccessTime.dwHighDateTime=0x1d4d1c0, ftLastWriteTime.dwLowDateTime=0x7dee20ac, ftLastWriteTime.dwHighDateTime=0x1d57301, nFileSizeHigh=0x0, nFileSizeLow=0xad80)) returned 1 [0089.463] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfebe0) returned 1 [0089.463] MoveFileW (lpExistingFileName="C:\\Users\\FD1HVy\\Desktop\\QP2lx_xY.mp3" (normalized: "c:\\users\\fd1hvy\\desktop\\qp2lx_xy.mp3"), lpNewFileName="C:\\Users\\FD1HVy\\Desktop\\QP2lx_xY.mp3.shade8" (normalized: "c:\\users\\fd1hvy\\desktop\\qp2lx_xy.mp3.shade8")) returned 1 [0089.483] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\S haJTF1lXspyoz7qPK.mkv", nBufferLength=0x105, lpBuffer=0xcfe620, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\S haJTF1lXspyoz7qPK.mkv", lpFilePart=0x0) returned 0x2f [0089.483] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeb64) returned 1 [0089.483] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\S haJTF1lXspyoz7qPK.mkv" (normalized: "c:\\users\\fd1hvy\\desktop\\s hajtf1lxspyoz7qpk.mkv"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2c8 [0089.483] GetFileType (hFile=0x2c8) returned 0x1 [0089.483] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeb60) returned 1 [0089.483] GetFileType (hFile=0x2c8) returned 0x1 [0089.483] GetFileSize (in: hFile=0x2c8, lpFileSizeHigh=0xcfec60 | out: lpFileSizeHigh=0xcfec60*=0x0) returned 0xfb7d [0089.483] ReadFile (in: hFile=0x2c8, lpBuffer=0x2d57bd4, nNumberOfBytesToRead=0xfb7d, lpNumberOfBytesRead=0xcfec0c, lpOverlapped=0x0 | out: lpBuffer=0x2d57bd4*, lpNumberOfBytesRead=0xcfec0c*=0xfb7d, lpOverlapped=0x0) returned 1 [0089.484] CloseHandle (hObject=0x2c8) returned 1 [0089.504] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", nBufferLength=0x105, lpBuffer=0xcfe724, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", lpFilePart=0x0) returned 0x2c [0089.504] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfebd8) returned 1 [0089.504] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8" (normalized: "c:\\users\\fd1hvy\\desktop\\read_this.txt.shade8"), fInfoLevelId=0x0, lpFileInformation=0xcfec54 | out: lpFileInformation=0xcfec54*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0089.504] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfebd4) returned 1 [0089.504] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\S haJTF1lXspyoz7qPK.mkv", nBufferLength=0x105, lpBuffer=0xcfe60c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\S haJTF1lXspyoz7qPK.mkv", lpFilePart=0x0) returned 0x2f [0089.504] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeb50) returned 1 [0089.504] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\S haJTF1lXspyoz7qPK.mkv" (normalized: "c:\\users\\fd1hvy\\desktop\\s hajtf1lxspyoz7qpk.mkv"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2c8 [0089.506] GetFileType (hFile=0x2c8) returned 0x1 [0089.506] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeb4c) returned 1 [0089.506] GetFileType (hFile=0x2c8) returned 0x1 [0089.506] WriteFile (in: hFile=0x2c8, lpBuffer=0x2dd3c54*, nNumberOfBytesToWrite=0xfb80, lpNumberOfBytesWritten=0xcfec00, lpOverlapped=0x0 | out: lpBuffer=0x2dd3c54*, lpNumberOfBytesWritten=0xcfec00*=0xfb80, lpOverlapped=0x0) returned 1 [0089.508] CloseHandle (hObject=0x2c8) returned 1 [0089.512] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\S haJTF1lXspyoz7qPK.mkv", nBufferLength=0x105, lpBuffer=0xcfe730, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\S haJTF1lXspyoz7qPK.mkv", lpFilePart=0x0) returned 0x2f [0089.512] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\S haJTF1lXspyoz7qPK.mkv.shade8", nBufferLength=0x105, lpBuffer=0xcfe730, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\S haJTF1lXspyoz7qPK.mkv.shade8", lpFilePart=0x0) returned 0x36 [0089.512] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfebe4) returned 1 [0089.512] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\S haJTF1lXspyoz7qPK.mkv" (normalized: "c:\\users\\fd1hvy\\desktop\\s hajtf1lxspyoz7qpk.mkv"), fInfoLevelId=0x0, lpFileInformation=0xcfec60 | out: lpFileInformation=0xcfec60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xbc550480, ftCreationTime.dwHighDateTime=0x1d4d5cc, ftLastAccessTime.dwLowDateTime=0x6d8ae410, ftLastAccessTime.dwHighDateTime=0x1d4d035, ftLastWriteTime.dwLowDateTime=0x7df54758, ftLastWriteTime.dwHighDateTime=0x1d57301, nFileSizeHigh=0x0, nFileSizeLow=0xfb80)) returned 1 [0089.512] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfebe0) returned 1 [0089.512] MoveFileW (lpExistingFileName="C:\\Users\\FD1HVy\\Desktop\\S haJTF1lXspyoz7qPK.mkv" (normalized: "c:\\users\\fd1hvy\\desktop\\s hajtf1lxspyoz7qpk.mkv"), lpNewFileName="C:\\Users\\FD1HVy\\Desktop\\S haJTF1lXspyoz7qPK.mkv.shade8" (normalized: "c:\\users\\fd1hvy\\desktop\\s hajtf1lxspyoz7qpk.mkv.shade8")) returned 1 [0089.513] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\TvcyfsELusy6tf19.pdf", nBufferLength=0x105, lpBuffer=0xcfe620, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\TvcyfsELusy6tf19.pdf", lpFilePart=0x0) returned 0x2c [0089.513] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeb64) returned 1 [0089.513] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\TvcyfsELusy6tf19.pdf" (normalized: "c:\\users\\fd1hvy\\desktop\\tvcyfselusy6tf19.pdf"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2c8 [0089.513] GetFileType (hFile=0x2c8) returned 0x1 [0089.513] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeb60) returned 1 [0089.513] GetFileType (hFile=0x2c8) returned 0x1 [0089.513] GetFileSize (in: hFile=0x2c8, lpFileSizeHigh=0xcfec60 | out: lpFileSizeHigh=0xcfec60*=0x0) returned 0x78b7 [0089.543] ReadFile (in: hFile=0x2c8, lpBuffer=0x2bdc314, nNumberOfBytesToRead=0x78b7, lpNumberOfBytesRead=0xcfec0c, lpOverlapped=0x0 | out: lpBuffer=0x2bdc314*, lpNumberOfBytesRead=0xcfec0c*=0x78b7, lpOverlapped=0x0) returned 1 [0089.544] CloseHandle (hObject=0x2c8) returned 1 [0089.623] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", nBufferLength=0x105, lpBuffer=0xcfe724, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", lpFilePart=0x0) returned 0x2c [0089.623] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfebd8) returned 1 [0089.623] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8" (normalized: "c:\\users\\fd1hvy\\desktop\\read_this.txt.shade8"), fInfoLevelId=0x0, lpFileInformation=0xcfec54 | out: lpFileInformation=0xcfec54*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0089.624] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfebd4) returned 1 [0089.624] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\TvcyfsELusy6tf19.pdf", nBufferLength=0x105, lpBuffer=0xcfe60c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\TvcyfsELusy6tf19.pdf", lpFilePart=0x0) returned 0x2c [0089.624] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeb50) returned 1 [0089.624] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\TvcyfsELusy6tf19.pdf" (normalized: "c:\\users\\fd1hvy\\desktop\\tvcyfselusy6tf19.pdf"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2c8 [0089.625] GetFileType (hFile=0x2c8) returned 0x1 [0089.625] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeb4c) returned 1 [0089.625] GetFileType (hFile=0x2c8) returned 0x1 [0089.625] WriteFile (in: hFile=0x2c8, lpBuffer=0x2c4ee1c*, nNumberOfBytesToWrite=0x78c0, lpNumberOfBytesWritten=0xcfec00, lpOverlapped=0x0 | out: lpBuffer=0x2c4ee1c*, lpNumberOfBytesWritten=0xcfec00*=0x78c0, lpOverlapped=0x0) returned 1 [0089.627] CloseHandle (hObject=0x2c8) returned 1 [0089.629] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\TvcyfsELusy6tf19.pdf", nBufferLength=0x105, lpBuffer=0xcfe730, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\TvcyfsELusy6tf19.pdf", lpFilePart=0x0) returned 0x2c [0089.629] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\TvcyfsELusy6tf19.pdf.shade8", nBufferLength=0x105, lpBuffer=0xcfe730, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\TvcyfsELusy6tf19.pdf.shade8", lpFilePart=0x0) returned 0x33 [0089.629] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfebe4) returned 1 [0089.629] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\TvcyfsELusy6tf19.pdf" (normalized: "c:\\users\\fd1hvy\\desktop\\tvcyfselusy6tf19.pdf"), fInfoLevelId=0x0, lpFileInformation=0xcfec60 | out: lpFileInformation=0xcfec60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8641afa0, ftCreationTime.dwHighDateTime=0x1d4c952, ftLastAccessTime.dwLowDateTime=0x42a7ab10, ftLastAccessTime.dwHighDateTime=0x1d4cb4a, ftLastWriteTime.dwLowDateTime=0x7e05f82e, ftLastWriteTime.dwHighDateTime=0x1d57301, nFileSizeHigh=0x0, nFileSizeLow=0x78c0)) returned 1 [0089.629] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfebe0) returned 1 [0089.629] MoveFileW (lpExistingFileName="C:\\Users\\FD1HVy\\Desktop\\TvcyfsELusy6tf19.pdf" (normalized: "c:\\users\\fd1hvy\\desktop\\tvcyfselusy6tf19.pdf"), lpNewFileName="C:\\Users\\FD1HVy\\Desktop\\TvcyfsELusy6tf19.pdf.shade8" (normalized: "c:\\users\\fd1hvy\\desktop\\tvcyfselusy6tf19.pdf.shade8")) returned 1 [0089.630] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\XIbP.mkv", nBufferLength=0x105, lpBuffer=0xcfe620, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\XIbP.mkv", lpFilePart=0x0) returned 0x20 [0089.630] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeb64) returned 1 [0089.631] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\XIbP.mkv" (normalized: "c:\\users\\fd1hvy\\desktop\\xibp.mkv"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2c8 [0089.631] GetFileType (hFile=0x2c8) returned 0x1 [0089.631] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeb60) returned 1 [0089.631] GetFileType (hFile=0x2c8) returned 0x1 [0089.631] GetFileSize (in: hFile=0x2c8, lpFileSizeHigh=0xcfec60 | out: lpFileSizeHigh=0xcfec60*=0x0) returned 0xb9ca [0089.631] ReadFile (in: hFile=0x2c8, lpBuffer=0x2c56b48, nNumberOfBytesToRead=0xb9ca, lpNumberOfBytesRead=0xcfec0c, lpOverlapped=0x0 | out: lpBuffer=0x2c56b48*, lpNumberOfBytesRead=0xcfec0c*=0xb9ca, lpOverlapped=0x0) returned 1 [0089.671] CloseHandle (hObject=0x2c8) returned 1 [0089.689] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", nBufferLength=0x105, lpBuffer=0xcfe724, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", lpFilePart=0x0) returned 0x2c [0089.689] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfebd8) returned 1 [0089.689] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8" (normalized: "c:\\users\\fd1hvy\\desktop\\read_this.txt.shade8"), fInfoLevelId=0x0, lpFileInformation=0xcfec54 | out: lpFileInformation=0xcfec54*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0089.690] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfebd4) returned 1 [0089.690] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\XIbP.mkv", nBufferLength=0x105, lpBuffer=0xcfe60c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\XIbP.mkv", lpFilePart=0x0) returned 0x20 [0089.690] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeb50) returned 1 [0089.690] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\XIbP.mkv" (normalized: "c:\\users\\fd1hvy\\desktop\\xibp.mkv"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2c8 [0089.691] GetFileType (hFile=0x2c8) returned 0x1 [0089.691] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeb4c) returned 1 [0089.691] GetFileType (hFile=0x2c8) returned 0x1 [0089.691] WriteFile (in: hFile=0x2c8, lpBuffer=0x2cc66b8*, nNumberOfBytesToWrite=0xb9d0, lpNumberOfBytesWritten=0xcfec00, lpOverlapped=0x0 | out: lpBuffer=0x2cc66b8*, lpNumberOfBytesWritten=0xcfec00*=0xb9d0, lpOverlapped=0x0) returned 1 [0089.693] CloseHandle (hObject=0x2c8) returned 1 [0089.695] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\XIbP.mkv", nBufferLength=0x105, lpBuffer=0xcfe730, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\XIbP.mkv", lpFilePart=0x0) returned 0x20 [0089.695] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\XIbP.mkv.shade8", nBufferLength=0x105, lpBuffer=0xcfe730, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\XIbP.mkv.shade8", lpFilePart=0x0) returned 0x27 [0089.695] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfebe4) returned 1 [0089.695] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\XIbP.mkv" (normalized: "c:\\users\\fd1hvy\\desktop\\xibp.mkv"), fInfoLevelId=0x0, lpFileInformation=0xcfec60 | out: lpFileInformation=0xcfec60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe529f430, ftCreationTime.dwHighDateTime=0x1d4d2e6, ftLastAccessTime.dwLowDateTime=0xdb9c8de0, ftLastAccessTime.dwHighDateTime=0x1d4cf5f, ftLastWriteTime.dwLowDateTime=0x7e11e361, ftLastWriteTime.dwHighDateTime=0x1d57301, nFileSizeHigh=0x0, nFileSizeLow=0xb9d0)) returned 1 [0089.695] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfebe0) returned 1 [0089.695] MoveFileW (lpExistingFileName="C:\\Users\\FD1HVy\\Desktop\\XIbP.mkv" (normalized: "c:\\users\\fd1hvy\\desktop\\xibp.mkv"), lpNewFileName="C:\\Users\\FD1HVy\\Desktop\\XIbP.mkv.shade8" (normalized: "c:\\users\\fd1hvy\\desktop\\xibp.mkv.shade8")) returned 1 [0089.696] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\_kjl.jpg", nBufferLength=0x105, lpBuffer=0xcfe620, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\_kjl.jpg", lpFilePart=0x0) returned 0x20 [0089.696] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeb64) returned 1 [0089.696] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\_kjl.jpg" (normalized: "c:\\users\\fd1hvy\\desktop\\_kjl.jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2c8 [0089.696] GetFileType (hFile=0x2c8) returned 0x1 [0089.696] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeb60) returned 1 [0089.696] GetFileType (hFile=0x2c8) returned 0x1 [0089.696] GetFileSize (in: hFile=0x2c8, lpFileSizeHigh=0xcfec60 | out: lpFileSizeHigh=0xcfec60*=0x0) returned 0x67f0 [0089.696] ReadFile (in: hFile=0x2c8, lpBuffer=0x2cd2494, nNumberOfBytesToRead=0x67f0, lpNumberOfBytesRead=0xcfec0c, lpOverlapped=0x0 | out: lpBuffer=0x2cd2494*, lpNumberOfBytesRead=0xcfec0c*=0x67f0, lpOverlapped=0x0) returned 1 [0089.696] CloseHandle (hObject=0x2c8) returned 1 [0089.761] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", nBufferLength=0x105, lpBuffer=0xcfe724, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", lpFilePart=0x0) returned 0x2c [0089.761] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfebd8) returned 1 [0089.761] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8" (normalized: "c:\\users\\fd1hvy\\desktop\\read_this.txt.shade8"), fInfoLevelId=0x0, lpFileInformation=0xcfec54 | out: lpFileInformation=0xcfec54*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0089.761] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfebd4) returned 1 [0089.761] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\_kjl.jpg", nBufferLength=0x105, lpBuffer=0xcfe60c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\_kjl.jpg", lpFilePart=0x0) returned 0x20 [0089.761] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeb50) returned 1 [0089.761] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\_kjl.jpg" (normalized: "c:\\users\\fd1hvy\\desktop\\_kjl.jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2c8 [0089.762] GetFileType (hFile=0x2c8) returned 0x1 [0089.762] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeb4c) returned 1 [0089.762] GetFileType (hFile=0x2c8) returned 0x1 [0089.762] WriteFile (in: hFile=0x2c8, lpBuffer=0x2d3fa7c*, nNumberOfBytesToWrite=0x6800, lpNumberOfBytesWritten=0xcfec00, lpOverlapped=0x0 | out: lpBuffer=0x2d3fa7c*, lpNumberOfBytesWritten=0xcfec00*=0x6800, lpOverlapped=0x0) returned 1 [0089.764] CloseHandle (hObject=0x2c8) returned 1 [0089.765] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\_kjl.jpg", nBufferLength=0x105, lpBuffer=0xcfe730, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\_kjl.jpg", lpFilePart=0x0) returned 0x20 [0089.765] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\_kjl.jpg.shade8", nBufferLength=0x105, lpBuffer=0xcfe730, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\_kjl.jpg.shade8", lpFilePart=0x0) returned 0x27 [0089.765] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfebe4) returned 1 [0089.765] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\_kjl.jpg" (normalized: "c:\\users\\fd1hvy\\desktop\\_kjl.jpg"), fInfoLevelId=0x0, lpFileInformation=0xcfec60 | out: lpFileInformation=0xcfec60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8b1e11d0, ftCreationTime.dwHighDateTime=0x1d4c7c7, ftLastAccessTime.dwLowDateTime=0x2de83620, ftLastAccessTime.dwHighDateTime=0x1d4d295, ftLastWriteTime.dwLowDateTime=0x7e1b6ce2, ftLastWriteTime.dwHighDateTime=0x1d57301, nFileSizeHigh=0x0, nFileSizeLow=0x6800)) returned 1 [0089.765] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfebe0) returned 1 [0089.765] MoveFileW (lpExistingFileName="C:\\Users\\FD1HVy\\Desktop\\_kjl.jpg" (normalized: "c:\\users\\fd1hvy\\desktop\\_kjl.jpg"), lpNewFileName="C:\\Users\\FD1HVy\\Desktop\\_kjl.jpg.shade8" (normalized: "c:\\users\\fd1hvy\\desktop\\_kjl.jpg.shade8")) returned 1 [0089.766] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfec44) returned 1 [0089.766] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\vce 2GsJTpiqc3s3", nBufferLength=0x105, lpBuffer=0xcfe6f8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\vce 2GsJTpiqc3s3", lpFilePart=0x0) returned 0x28 [0089.766] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\vce 2GsJTpiqc3s3\\*", lpFindFileData=0xcfe96c | out: lpFindFileData=0xcfe96c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x59134fe0, ftCreationTime.dwHighDateTime=0x1d4cc43, ftLastAccessTime.dwLowDateTime=0x2ba99030, ftLastAccessTime.dwHighDateTime=0x1d4c5f1, ftLastWriteTime.dwLowDateTime=0x2ba99030, ftLastWriteTime.dwHighDateTime=0x1d4c5f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xfe67e0 [0089.766] FindNextFileW (in: hFindFile=0xfe67e0, lpFindFileData=0xcfe978 | out: lpFindFileData=0xcfe978*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x59134fe0, ftCreationTime.dwHighDateTime=0x1d4cc43, ftLastAccessTime.dwLowDateTime=0x2ba99030, ftLastAccessTime.dwHighDateTime=0x1d4c5f1, ftLastWriteTime.dwLowDateTime=0x2ba99030, ftLastWriteTime.dwHighDateTime=0x1d4c5f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0089.767] FindNextFileW (in: hFindFile=0xfe67e0, lpFindFileData=0xcfe978 | out: lpFindFileData=0xcfe978*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe45bf0a0, ftCreationTime.dwHighDateTime=0x1d4c934, ftLastAccessTime.dwLowDateTime=0x867e75f0, ftLastAccessTime.dwHighDateTime=0x1d4cfb2, ftLastWriteTime.dwLowDateTime=0x867e75f0, ftLastWriteTime.dwHighDateTime=0x1d4cfb2, nFileSizeHigh=0x0, nFileSizeLow=0xbf3f, dwReserved0=0x0, dwReserved1=0x0, cFileName="0KK9327_mBsbZ.mkv", cAlternateFileName="0KK932~1.MKV")) returned 1 [0089.767] FindNextFileW (in: hFindFile=0xfe67e0, lpFindFileData=0xcfe978 | out: lpFindFileData=0xcfe978*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd85fcf00, ftCreationTime.dwHighDateTime=0x1d4d2b8, ftLastAccessTime.dwLowDateTime=0x6d72d8b0, ftLastAccessTime.dwHighDateTime=0x1d4d59a, ftLastWriteTime.dwLowDateTime=0x6d72d8b0, ftLastWriteTime.dwHighDateTime=0x1d4d59a, nFileSizeHigh=0x0, nFileSizeLow=0x2831, dwReserved0=0x0, dwReserved1=0x0, cFileName="1r1gMtsv0blVRJ.mkv", cAlternateFileName="1R1GMT~1.MKV")) returned 1 [0089.767] FindNextFileW (in: hFindFile=0xfe67e0, lpFindFileData=0xcfe978 | out: lpFindFileData=0xcfe978*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd98b020, ftCreationTime.dwHighDateTime=0x1d4c93f, ftLastAccessTime.dwLowDateTime=0xb58b30c0, ftLastAccessTime.dwHighDateTime=0x1d4d513, ftLastWriteTime.dwLowDateTime=0xb58b30c0, ftLastWriteTime.dwHighDateTime=0x1d4d513, nFileSizeHigh=0x0, nFileSizeLow=0xf740, dwReserved0=0x0, dwReserved1=0x0, cFileName="8NlrPY 2lz9e1LIBf04f.mp3", cAlternateFileName="8NLRPY~1.MP3")) returned 1 [0089.767] FindNextFileW (in: hFindFile=0xfe67e0, lpFindFileData=0xcfe978 | out: lpFindFileData=0xcfe978*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x102ea570, ftCreationTime.dwHighDateTime=0x1d4d2d0, ftLastAccessTime.dwLowDateTime=0xc1397700, ftLastAccessTime.dwHighDateTime=0x1d4cfa1, ftLastWriteTime.dwLowDateTime=0xc1397700, ftLastWriteTime.dwHighDateTime=0x1d4cfa1, nFileSizeHigh=0x0, nFileSizeLow=0x2121, dwReserved0=0x0, dwReserved1=0x0, cFileName="B-7fcvmTF rMY1g.ods", cAlternateFileName="B-7FCV~1.ODS")) returned 1 [0089.767] FindNextFileW (in: hFindFile=0xfe67e0, lpFindFileData=0xcfe978 | out: lpFindFileData=0xcfe978*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd1041700, ftCreationTime.dwHighDateTime=0x1d4ce87, ftLastAccessTime.dwLowDateTime=0x67def1d0, ftLastAccessTime.dwHighDateTime=0x1d4c6c8, ftLastWriteTime.dwLowDateTime=0x67def1d0, ftLastWriteTime.dwHighDateTime=0x1d4c6c8, nFileSizeHigh=0x0, nFileSizeLow=0x100dc, dwReserved0=0x0, dwReserved1=0x0, cFileName="bGG4.png", cAlternateFileName="")) returned 1 [0089.767] FindNextFileW (in: hFindFile=0xfe67e0, lpFindFileData=0xcfe978 | out: lpFindFileData=0xcfe978*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5fed2140, ftCreationTime.dwHighDateTime=0x1d4cc90, ftLastAccessTime.dwLowDateTime=0x41685be0, ftLastAccessTime.dwHighDateTime=0x1d4c7ea, ftLastWriteTime.dwLowDateTime=0x41685be0, ftLastWriteTime.dwHighDateTime=0x1d4c7ea, nFileSizeHigh=0x0, nFileSizeLow=0x1355e, dwReserved0=0x0, dwReserved1=0x0, cFileName="f uWn9d-fNEm8xF6.mkv", cAlternateFileName="FUWN9D~1.MKV")) returned 1 [0089.767] FindNextFileW (in: hFindFile=0xfe67e0, lpFindFileData=0xcfe978 | out: lpFindFileData=0xcfe978*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x37a06790, ftCreationTime.dwHighDateTime=0x1d4cdb9, ftLastAccessTime.dwLowDateTime=0x62e90530, ftLastAccessTime.dwHighDateTime=0x1d4cb69, ftLastWriteTime.dwLowDateTime=0x62e90530, ftLastWriteTime.dwHighDateTime=0x1d4cb69, nFileSizeHigh=0x0, nFileSizeLow=0x16c7c, dwReserved0=0x0, dwReserved1=0x0, cFileName="J34cZFnSlsenRizP.swf", cAlternateFileName="J34CZF~1.SWF")) returned 1 [0089.767] FindNextFileW (in: hFindFile=0xfe67e0, lpFindFileData=0xcfe978 | out: lpFindFileData=0xcfe978*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb2b61a60, ftCreationTime.dwHighDateTime=0x1d4cd55, ftLastAccessTime.dwLowDateTime=0x156a7190, ftLastAccessTime.dwHighDateTime=0x1d4d249, ftLastWriteTime.dwLowDateTime=0x156a7190, ftLastWriteTime.dwHighDateTime=0x1d4d249, nFileSizeHigh=0x0, nFileSizeLow=0x1719b, dwReserved0=0x0, dwReserved1=0x0, cFileName="KniDwCaO21uYk4IPWV.csv", cAlternateFileName="KNIDWC~1.CSV")) returned 1 [0089.768] FindNextFileW (in: hFindFile=0xfe67e0, lpFindFileData=0xcfe978 | out: lpFindFileData=0xcfe978*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe1c3490, ftCreationTime.dwHighDateTime=0x1d4c9da, ftLastAccessTime.dwLowDateTime=0x75ffa680, ftLastAccessTime.dwHighDateTime=0x1d4ce6e, ftLastWriteTime.dwLowDateTime=0x75ffa680, ftLastWriteTime.dwHighDateTime=0x1d4ce6e, nFileSizeHigh=0x0, nFileSizeLow=0x6157, dwReserved0=0x0, dwReserved1=0x0, cFileName="kxBStavGoFqxZbfmF.m4a", cAlternateFileName="KXBSTA~1.M4A")) returned 1 [0089.768] FindNextFileW (in: hFindFile=0xfe67e0, lpFindFileData=0xcfe978 | out: lpFindFileData=0xcfe978*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6d3f7d30, ftCreationTime.dwHighDateTime=0x1d4cb95, ftLastAccessTime.dwLowDateTime=0xc79c5220, ftLastAccessTime.dwHighDateTime=0x1d4cba5, ftLastWriteTime.dwLowDateTime=0xc79c5220, ftLastWriteTime.dwHighDateTime=0x1d4cba5, nFileSizeHigh=0x0, nFileSizeLow=0x2549, dwReserved0=0x0, dwReserved1=0x0, cFileName="niLsZ6.flv", cAlternateFileName="")) returned 1 [0089.768] FindNextFileW (in: hFindFile=0xfe67e0, lpFindFileData=0xcfe978 | out: lpFindFileData=0xcfe978*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3bdab2d0, ftCreationTime.dwHighDateTime=0x1d4ce9e, ftLastAccessTime.dwLowDateTime=0xe3b96b30, ftLastAccessTime.dwHighDateTime=0x1d4ca49, ftLastWriteTime.dwLowDateTime=0xe3b96b30, ftLastWriteTime.dwHighDateTime=0x1d4ca49, nFileSizeHigh=0x0, nFileSizeLow=0x15e3a, dwReserved0=0x0, dwReserved1=0x0, cFileName="pUkJm_a4a0qy.pdf", cAlternateFileName="PUKJM_~1.PDF")) returned 1 [0089.768] FindNextFileW (in: hFindFile=0xfe67e0, lpFindFileData=0xcfe978 | out: lpFindFileData=0xcfe978*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd9ebb620, ftCreationTime.dwHighDateTime=0x1d4c7f7, ftLastAccessTime.dwLowDateTime=0xc56b240, ftLastAccessTime.dwHighDateTime=0x1d4c997, ftLastWriteTime.dwLowDateTime=0xc56b240, ftLastWriteTime.dwHighDateTime=0x1d4c997, nFileSizeHigh=0x0, nFileSizeLow=0xa96b, dwReserved0=0x0, dwReserved1=0x0, cFileName="x4I7Fbqe-kLQzd1fUt-V.mkv", cAlternateFileName="X4I7FB~1.MKV")) returned 1 [0089.768] FindNextFileW (in: hFindFile=0xfe67e0, lpFindFileData=0xcfe978 | out: lpFindFileData=0xcfe978*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x75193a00, ftCreationTime.dwHighDateTime=0x1d4c8cf, ftLastAccessTime.dwLowDateTime=0x7a6f84e0, ftLastAccessTime.dwHighDateTime=0x1d4c588, ftLastWriteTime.dwLowDateTime=0x7a6f84e0, ftLastWriteTime.dwHighDateTime=0x1d4c588, nFileSizeHigh=0x0, nFileSizeLow=0x1767e, dwReserved0=0x0, dwReserved1=0x0, cFileName="XYpIBn0x4VZkFFRvx.avi", cAlternateFileName="XYPIBN~1.AVI")) returned 1 [0089.768] FindNextFileW (in: hFindFile=0xfe67e0, lpFindFileData=0xcfe978 | out: lpFindFileData=0xcfe978*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x25712c60, ftCreationTime.dwHighDateTime=0x1d4ca2d, ftLastAccessTime.dwLowDateTime=0x785afb10, ftLastAccessTime.dwHighDateTime=0x1d4cdff, ftLastWriteTime.dwLowDateTime=0x785afb10, ftLastWriteTime.dwHighDateTime=0x1d4cdff, nFileSizeHigh=0x0, nFileSizeLow=0x935c, dwReserved0=0x0, dwReserved1=0x0, cFileName="YXcOXvN.wav", cAlternateFileName="")) returned 1 [0089.768] FindNextFileW (in: hFindFile=0xfe67e0, lpFindFileData=0xcfe978 | out: lpFindFileData=0xcfe978*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0089.769] FindClose (in: hFindFile=0xfe67e0 | out: hFindFile=0xfe67e0) returned 1 [0089.769] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfec00) returned 1 [0089.769] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfec0c) returned 1 [0089.769] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfec44) returned 1 [0089.769] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\vce 2GsJTpiqc3s3", nBufferLength=0x105, lpBuffer=0xcfe6f8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\vce 2GsJTpiqc3s3", lpFilePart=0x0) returned 0x28 [0089.769] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\vce 2GsJTpiqc3s3\\*", lpFindFileData=0xcfe96c | out: lpFindFileData=0xcfe96c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x59134fe0, ftCreationTime.dwHighDateTime=0x1d4cc43, ftLastAccessTime.dwLowDateTime=0x2ba99030, ftLastAccessTime.dwHighDateTime=0x1d4c5f1, ftLastWriteTime.dwLowDateTime=0x2ba99030, ftLastWriteTime.dwHighDateTime=0x1d4c5f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xfe68a0 [0089.769] FindNextFileW (in: hFindFile=0xfe68a0, lpFindFileData=0xcfe978 | out: lpFindFileData=0xcfe978*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x59134fe0, ftCreationTime.dwHighDateTime=0x1d4cc43, ftLastAccessTime.dwLowDateTime=0x2ba99030, ftLastAccessTime.dwHighDateTime=0x1d4c5f1, ftLastWriteTime.dwLowDateTime=0x2ba99030, ftLastWriteTime.dwHighDateTime=0x1d4c5f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0089.769] FindNextFileW (in: hFindFile=0xfe68a0, lpFindFileData=0xcfe978 | out: lpFindFileData=0xcfe978*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe45bf0a0, ftCreationTime.dwHighDateTime=0x1d4c934, ftLastAccessTime.dwLowDateTime=0x867e75f0, ftLastAccessTime.dwHighDateTime=0x1d4cfb2, ftLastWriteTime.dwLowDateTime=0x867e75f0, ftLastWriteTime.dwHighDateTime=0x1d4cfb2, nFileSizeHigh=0x0, nFileSizeLow=0xbf3f, dwReserved0=0x0, dwReserved1=0x0, cFileName="0KK9327_mBsbZ.mkv", cAlternateFileName="0KK932~1.MKV")) returned 1 [0089.769] FindNextFileW (in: hFindFile=0xfe68a0, lpFindFileData=0xcfe978 | out: lpFindFileData=0xcfe978*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd85fcf00, ftCreationTime.dwHighDateTime=0x1d4d2b8, ftLastAccessTime.dwLowDateTime=0x6d72d8b0, ftLastAccessTime.dwHighDateTime=0x1d4d59a, ftLastWriteTime.dwLowDateTime=0x6d72d8b0, ftLastWriteTime.dwHighDateTime=0x1d4d59a, nFileSizeHigh=0x0, nFileSizeLow=0x2831, dwReserved0=0x0, dwReserved1=0x0, cFileName="1r1gMtsv0blVRJ.mkv", cAlternateFileName="1R1GMT~1.MKV")) returned 1 [0089.770] FindNextFileW (in: hFindFile=0xfe68a0, lpFindFileData=0xcfe978 | out: lpFindFileData=0xcfe978*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd98b020, ftCreationTime.dwHighDateTime=0x1d4c93f, ftLastAccessTime.dwLowDateTime=0xb58b30c0, ftLastAccessTime.dwHighDateTime=0x1d4d513, ftLastWriteTime.dwLowDateTime=0xb58b30c0, ftLastWriteTime.dwHighDateTime=0x1d4d513, nFileSizeHigh=0x0, nFileSizeLow=0xf740, dwReserved0=0x0, dwReserved1=0x0, cFileName="8NlrPY 2lz9e1LIBf04f.mp3", cAlternateFileName="8NLRPY~1.MP3")) returned 1 [0089.770] FindNextFileW (in: hFindFile=0xfe68a0, lpFindFileData=0xcfe978 | out: lpFindFileData=0xcfe978*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x102ea570, ftCreationTime.dwHighDateTime=0x1d4d2d0, ftLastAccessTime.dwLowDateTime=0xc1397700, ftLastAccessTime.dwHighDateTime=0x1d4cfa1, ftLastWriteTime.dwLowDateTime=0xc1397700, ftLastWriteTime.dwHighDateTime=0x1d4cfa1, nFileSizeHigh=0x0, nFileSizeLow=0x2121, dwReserved0=0x0, dwReserved1=0x0, cFileName="B-7fcvmTF rMY1g.ods", cAlternateFileName="B-7FCV~1.ODS")) returned 1 [0089.770] FindNextFileW (in: hFindFile=0xfe68a0, lpFindFileData=0xcfe978 | out: lpFindFileData=0xcfe978*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd1041700, ftCreationTime.dwHighDateTime=0x1d4ce87, ftLastAccessTime.dwLowDateTime=0x67def1d0, ftLastAccessTime.dwHighDateTime=0x1d4c6c8, ftLastWriteTime.dwLowDateTime=0x67def1d0, ftLastWriteTime.dwHighDateTime=0x1d4c6c8, nFileSizeHigh=0x0, nFileSizeLow=0x100dc, dwReserved0=0x0, dwReserved1=0x0, cFileName="bGG4.png", cAlternateFileName="")) returned 1 [0089.770] FindNextFileW (in: hFindFile=0xfe68a0, lpFindFileData=0xcfe978 | out: lpFindFileData=0xcfe978*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5fed2140, ftCreationTime.dwHighDateTime=0x1d4cc90, ftLastAccessTime.dwLowDateTime=0x41685be0, ftLastAccessTime.dwHighDateTime=0x1d4c7ea, ftLastWriteTime.dwLowDateTime=0x41685be0, ftLastWriteTime.dwHighDateTime=0x1d4c7ea, nFileSizeHigh=0x0, nFileSizeLow=0x1355e, dwReserved0=0x0, dwReserved1=0x0, cFileName="f uWn9d-fNEm8xF6.mkv", cAlternateFileName="FUWN9D~1.MKV")) returned 1 [0089.772] FindNextFileW (in: hFindFile=0xfe68a0, lpFindFileData=0xcfe978 | out: lpFindFileData=0xcfe978*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x37a06790, ftCreationTime.dwHighDateTime=0x1d4cdb9, ftLastAccessTime.dwLowDateTime=0x62e90530, ftLastAccessTime.dwHighDateTime=0x1d4cb69, ftLastWriteTime.dwLowDateTime=0x62e90530, ftLastWriteTime.dwHighDateTime=0x1d4cb69, nFileSizeHigh=0x0, nFileSizeLow=0x16c7c, dwReserved0=0x0, dwReserved1=0x0, cFileName="J34cZFnSlsenRizP.swf", cAlternateFileName="J34CZF~1.SWF")) returned 1 [0089.773] FindNextFileW (in: hFindFile=0xfe68a0, lpFindFileData=0xcfe978 | out: lpFindFileData=0xcfe978*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb2b61a60, ftCreationTime.dwHighDateTime=0x1d4cd55, ftLastAccessTime.dwLowDateTime=0x156a7190, ftLastAccessTime.dwHighDateTime=0x1d4d249, ftLastWriteTime.dwLowDateTime=0x156a7190, ftLastWriteTime.dwHighDateTime=0x1d4d249, nFileSizeHigh=0x0, nFileSizeLow=0x1719b, dwReserved0=0x0, dwReserved1=0x0, cFileName="KniDwCaO21uYk4IPWV.csv", cAlternateFileName="KNIDWC~1.CSV")) returned 1 [0089.773] FindNextFileW (in: hFindFile=0xfe68a0, lpFindFileData=0xcfe978 | out: lpFindFileData=0xcfe978*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe1c3490, ftCreationTime.dwHighDateTime=0x1d4c9da, ftLastAccessTime.dwLowDateTime=0x75ffa680, ftLastAccessTime.dwHighDateTime=0x1d4ce6e, ftLastWriteTime.dwLowDateTime=0x75ffa680, ftLastWriteTime.dwHighDateTime=0x1d4ce6e, nFileSizeHigh=0x0, nFileSizeLow=0x6157, dwReserved0=0x0, dwReserved1=0x0, cFileName="kxBStavGoFqxZbfmF.m4a", cAlternateFileName="KXBSTA~1.M4A")) returned 1 [0089.773] FindNextFileW (in: hFindFile=0xfe68a0, lpFindFileData=0xcfe978 | out: lpFindFileData=0xcfe978*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6d3f7d30, ftCreationTime.dwHighDateTime=0x1d4cb95, ftLastAccessTime.dwLowDateTime=0xc79c5220, ftLastAccessTime.dwHighDateTime=0x1d4cba5, ftLastWriteTime.dwLowDateTime=0xc79c5220, ftLastWriteTime.dwHighDateTime=0x1d4cba5, nFileSizeHigh=0x0, nFileSizeLow=0x2549, dwReserved0=0x0, dwReserved1=0x0, cFileName="niLsZ6.flv", cAlternateFileName="")) returned 1 [0089.773] FindNextFileW (in: hFindFile=0xfe68a0, lpFindFileData=0xcfe978 | out: lpFindFileData=0xcfe978*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3bdab2d0, ftCreationTime.dwHighDateTime=0x1d4ce9e, ftLastAccessTime.dwLowDateTime=0xe3b96b30, ftLastAccessTime.dwHighDateTime=0x1d4ca49, ftLastWriteTime.dwLowDateTime=0xe3b96b30, ftLastWriteTime.dwHighDateTime=0x1d4ca49, nFileSizeHigh=0x0, nFileSizeLow=0x15e3a, dwReserved0=0x0, dwReserved1=0x0, cFileName="pUkJm_a4a0qy.pdf", cAlternateFileName="PUKJM_~1.PDF")) returned 1 [0089.773] FindNextFileW (in: hFindFile=0xfe68a0, lpFindFileData=0xcfe978 | out: lpFindFileData=0xcfe978*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd9ebb620, ftCreationTime.dwHighDateTime=0x1d4c7f7, ftLastAccessTime.dwLowDateTime=0xc56b240, ftLastAccessTime.dwHighDateTime=0x1d4c997, ftLastWriteTime.dwLowDateTime=0xc56b240, ftLastWriteTime.dwHighDateTime=0x1d4c997, nFileSizeHigh=0x0, nFileSizeLow=0xa96b, dwReserved0=0x0, dwReserved1=0x0, cFileName="x4I7Fbqe-kLQzd1fUt-V.mkv", cAlternateFileName="X4I7FB~1.MKV")) returned 1 [0089.773] FindNextFileW (in: hFindFile=0xfe68a0, lpFindFileData=0xcfe978 | out: lpFindFileData=0xcfe978*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x75193a00, ftCreationTime.dwHighDateTime=0x1d4c8cf, ftLastAccessTime.dwLowDateTime=0x7a6f84e0, ftLastAccessTime.dwHighDateTime=0x1d4c588, ftLastWriteTime.dwLowDateTime=0x7a6f84e0, ftLastWriteTime.dwHighDateTime=0x1d4c588, nFileSizeHigh=0x0, nFileSizeLow=0x1767e, dwReserved0=0x0, dwReserved1=0x0, cFileName="XYpIBn0x4VZkFFRvx.avi", cAlternateFileName="XYPIBN~1.AVI")) returned 1 [0089.774] FindNextFileW (in: hFindFile=0xfe68a0, lpFindFileData=0xcfe978 | out: lpFindFileData=0xcfe978*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x25712c60, ftCreationTime.dwHighDateTime=0x1d4ca2d, ftLastAccessTime.dwLowDateTime=0x785afb10, ftLastAccessTime.dwHighDateTime=0x1d4cdff, ftLastWriteTime.dwLowDateTime=0x785afb10, ftLastWriteTime.dwHighDateTime=0x1d4cdff, nFileSizeHigh=0x0, nFileSizeLow=0x935c, dwReserved0=0x0, dwReserved1=0x0, cFileName="YXcOXvN.wav", cAlternateFileName="")) returned 1 [0089.774] FindNextFileW (in: hFindFile=0xfe68a0, lpFindFileData=0xcfe978 | out: lpFindFileData=0xcfe978*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x25712c60, ftCreationTime.dwHighDateTime=0x1d4ca2d, ftLastAccessTime.dwLowDateTime=0x785afb10, ftLastAccessTime.dwHighDateTime=0x1d4cdff, ftLastWriteTime.dwLowDateTime=0x785afb10, ftLastWriteTime.dwHighDateTime=0x1d4cdff, nFileSizeHigh=0x0, nFileSizeLow=0x935c, dwReserved0=0x0, dwReserved1=0x0, cFileName="YXcOXvN.wav", cAlternateFileName="")) returned 0 [0089.774] FindClose (in: hFindFile=0xfe68a0 | out: hFindFile=0xfe68a0) returned 1 [0089.774] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfec00) returned 1 [0089.774] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfec0c) returned 1 [0089.774] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\vce 2GsJTpiqc3s3\\0KK9327_mBsbZ.mkv", nBufferLength=0x105, lpBuffer=0xcfe5ac, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\vce 2GsJTpiqc3s3\\0KK9327_mBsbZ.mkv", lpFilePart=0x0) returned 0x3a [0089.774] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeaf0) returned 1 [0089.774] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\vce 2GsJTpiqc3s3\\0KK9327_mBsbZ.mkv" (normalized: "c:\\users\\fd1hvy\\desktop\\vce 2gsjtpiqc3s3\\0kk9327_mbsbz.mkv"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2c8 [0089.774] GetFileType (hFile=0x2c8) returned 0x1 [0089.774] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeaec) returned 1 [0089.775] GetFileType (hFile=0x2c8) returned 0x1 [0089.775] GetFileSize (in: hFile=0x2c8, lpFileSizeHigh=0xcfebec | out: lpFileSizeHigh=0xcfebec*=0x0) returned 0xbf3f [0089.775] ReadFile (in: hFile=0x2c8, lpBuffer=0x2d4a018, nNumberOfBytesToRead=0xbf3f, lpNumberOfBytesRead=0xcfeb98, lpOverlapped=0x0 | out: lpBuffer=0x2d4a018*, lpNumberOfBytesRead=0xcfeb98*=0xbf3f, lpOverlapped=0x0) returned 1 [0089.775] CloseHandle (hObject=0x2c8) returned 1 [0089.793] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", nBufferLength=0x105, lpBuffer=0xcfe6b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", lpFilePart=0x0) returned 0x2c [0089.793] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeb64) returned 1 [0089.793] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8" (normalized: "c:\\users\\fd1hvy\\desktop\\read_this.txt.shade8"), fInfoLevelId=0x0, lpFileInformation=0xcfebe0 | out: lpFileInformation=0xcfebe0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0089.793] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeb60) returned 1 [0089.793] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\vce 2GsJTpiqc3s3\\0KK9327_mBsbZ.mkv", nBufferLength=0x105, lpBuffer=0xcfe598, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\vce 2GsJTpiqc3s3\\0KK9327_mBsbZ.mkv", lpFilePart=0x0) returned 0x3a [0089.793] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeadc) returned 1 [0089.793] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\vce 2GsJTpiqc3s3\\0KK9327_mBsbZ.mkv" (normalized: "c:\\users\\fd1hvy\\desktop\\vce 2gsjtpiqc3s3\\0kk9327_mbsbz.mkv"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2c8 [0089.795] GetFileType (hFile=0x2c8) returned 0x1 [0089.795] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfead8) returned 1 [0089.795] GetFileType (hFile=0x2c8) returned 0x1 [0089.795] WriteFile (in: hFile=0x2c8, lpBuffer=0x2dbabd8*, nNumberOfBytesToWrite=0xbf40, lpNumberOfBytesWritten=0xcfeb8c, lpOverlapped=0x0 | out: lpBuffer=0x2dbabd8*, lpNumberOfBytesWritten=0xcfeb8c*=0xbf40, lpOverlapped=0x0) returned 1 [0089.796] CloseHandle (hObject=0x2c8) returned 1 [0089.798] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\vce 2GsJTpiqc3s3\\0KK9327_mBsbZ.mkv", nBufferLength=0x105, lpBuffer=0xcfe6bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\vce 2GsJTpiqc3s3\\0KK9327_mBsbZ.mkv", lpFilePart=0x0) returned 0x3a [0089.798] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\vce 2GsJTpiqc3s3\\0KK9327_mBsbZ.mkv.shade8", nBufferLength=0x105, lpBuffer=0xcfe6bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\vce 2GsJTpiqc3s3\\0KK9327_mBsbZ.mkv.shade8", lpFilePart=0x0) returned 0x41 [0089.798] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeb70) returned 1 [0089.798] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\vce 2GsJTpiqc3s3\\0KK9327_mBsbZ.mkv" (normalized: "c:\\users\\fd1hvy\\desktop\\vce 2gsjtpiqc3s3\\0kk9327_mbsbz.mkv"), fInfoLevelId=0x0, lpFileInformation=0xcfebec | out: lpFileInformation=0xcfebec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe45bf0a0, ftCreationTime.dwHighDateTime=0x1d4c934, ftLastAccessTime.dwLowDateTime=0x867e75f0, ftLastAccessTime.dwHighDateTime=0x1d4cfb2, ftLastWriteTime.dwLowDateTime=0x7e2031f8, ftLastWriteTime.dwHighDateTime=0x1d57301, nFileSizeHigh=0x0, nFileSizeLow=0xbf40)) returned 1 [0089.798] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeb6c) returned 1 [0089.798] MoveFileW (lpExistingFileName="C:\\Users\\FD1HVy\\Desktop\\vce 2GsJTpiqc3s3\\0KK9327_mBsbZ.mkv" (normalized: "c:\\users\\fd1hvy\\desktop\\vce 2gsjtpiqc3s3\\0kk9327_mbsbz.mkv"), lpNewFileName="C:\\Users\\FD1HVy\\Desktop\\vce 2GsJTpiqc3s3\\0KK9327_mBsbZ.mkv.shade8" (normalized: "c:\\users\\fd1hvy\\desktop\\vce 2gsjtpiqc3s3\\0kk9327_mbsbz.mkv.shade8")) returned 1 [0089.799] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\vce 2GsJTpiqc3s3\\1r1gMtsv0blVRJ.mkv", nBufferLength=0x105, lpBuffer=0xcfe5ac, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\vce 2GsJTpiqc3s3\\1r1gMtsv0blVRJ.mkv", lpFilePart=0x0) returned 0x3b [0089.799] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeaf0) returned 1 [0089.799] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\vce 2GsJTpiqc3s3\\1r1gMtsv0blVRJ.mkv" (normalized: "c:\\users\\fd1hvy\\desktop\\vce 2gsjtpiqc3s3\\1r1gmtsv0blvrj.mkv"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2c8 [0089.799] GetFileType (hFile=0x2c8) returned 0x1 [0089.799] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeaec) returned 1 [0089.799] GetFileType (hFile=0x2c8) returned 0x1 [0089.799] GetFileSize (in: hFile=0x2c8, lpFileSizeHigh=0xcfebec | out: lpFileSizeHigh=0xcfebec*=0x0) returned 0x2831 [0089.799] ReadFile (in: hFile=0x2c8, lpBuffer=0x2dc7034, nNumberOfBytesToRead=0x2831, lpNumberOfBytesRead=0xcfeb98, lpOverlapped=0x0 | out: lpBuffer=0x2dc7034*, lpNumberOfBytesRead=0xcfeb98*=0x2831, lpOverlapped=0x0) returned 1 [0089.812] CloseHandle (hObject=0x2c8) returned 1 [0089.883] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", nBufferLength=0x105, lpBuffer=0xcfe6b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", lpFilePart=0x0) returned 0x2c [0089.883] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeb64) returned 1 [0089.883] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8" (normalized: "c:\\users\\fd1hvy\\desktop\\read_this.txt.shade8"), fInfoLevelId=0x0, lpFileInformation=0xcfebe0 | out: lpFileInformation=0xcfebe0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0089.883] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeb60) returned 1 [0089.883] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\vce 2GsJTpiqc3s3\\1r1gMtsv0blVRJ.mkv", nBufferLength=0x105, lpBuffer=0xcfe598, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\vce 2GsJTpiqc3s3\\1r1gMtsv0blVRJ.mkv", lpFilePart=0x0) returned 0x3b [0089.883] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeadc) returned 1 [0089.883] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\vce 2GsJTpiqc3s3\\1r1gMtsv0blVRJ.mkv" (normalized: "c:\\users\\fd1hvy\\desktop\\vce 2gsjtpiqc3s3\\1r1gmtsv0blvrj.mkv"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2c8 [0089.885] GetFileType (hFile=0x2c8) returned 0x1 [0089.885] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfead8) returned 1 [0089.885] GetFileType (hFile=0x2c8) returned 0x1 [0089.885] WriteFile (in: hFile=0x2c8, lpBuffer=0x2c23e90*, nNumberOfBytesToWrite=0x2840, lpNumberOfBytesWritten=0xcfeb8c, lpOverlapped=0x0 | out: lpBuffer=0x2c23e90*, lpNumberOfBytesWritten=0xcfeb8c*=0x2840, lpOverlapped=0x0) returned 1 [0089.886] CloseHandle (hObject=0x2c8) returned 1 [0089.887] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\vce 2GsJTpiqc3s3\\1r1gMtsv0blVRJ.mkv", nBufferLength=0x105, lpBuffer=0xcfe6bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\vce 2GsJTpiqc3s3\\1r1gMtsv0blVRJ.mkv", lpFilePart=0x0) returned 0x3b [0089.887] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\vce 2GsJTpiqc3s3\\1r1gMtsv0blVRJ.mkv.shade8", nBufferLength=0x105, lpBuffer=0xcfe6bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\vce 2GsJTpiqc3s3\\1r1gMtsv0blVRJ.mkv.shade8", lpFilePart=0x0) returned 0x42 [0089.887] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeb70) returned 1 [0089.887] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\vce 2GsJTpiqc3s3\\1r1gMtsv0blVRJ.mkv" (normalized: "c:\\users\\fd1hvy\\desktop\\vce 2gsjtpiqc3s3\\1r1gmtsv0blvrj.mkv"), fInfoLevelId=0x0, lpFileInformation=0xcfebec | out: lpFileInformation=0xcfebec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd85fcf00, ftCreationTime.dwHighDateTime=0x1d4d2b8, ftLastAccessTime.dwLowDateTime=0x6d72d8b0, ftLastAccessTime.dwHighDateTime=0x1d4d59a, ftLastWriteTime.dwLowDateTime=0x7e2e7f1b, ftLastWriteTime.dwHighDateTime=0x1d57301, nFileSizeHigh=0x0, nFileSizeLow=0x2840)) returned 1 [0089.887] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeb6c) returned 1 [0089.887] MoveFileW (lpExistingFileName="C:\\Users\\FD1HVy\\Desktop\\vce 2GsJTpiqc3s3\\1r1gMtsv0blVRJ.mkv" (normalized: "c:\\users\\fd1hvy\\desktop\\vce 2gsjtpiqc3s3\\1r1gmtsv0blvrj.mkv"), lpNewFileName="C:\\Users\\FD1HVy\\Desktop\\vce 2GsJTpiqc3s3\\1r1gMtsv0blVRJ.mkv.shade8" (normalized: "c:\\users\\fd1hvy\\desktop\\vce 2gsjtpiqc3s3\\1r1gmtsv0blvrj.mkv.shade8")) returned 1 [0089.888] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\vce 2GsJTpiqc3s3\\8NlrPY 2lz9e1LIBf04f.mp3", nBufferLength=0x105, lpBuffer=0xcfe5ac, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\vce 2GsJTpiqc3s3\\8NlrPY 2lz9e1LIBf04f.mp3", lpFilePart=0x0) returned 0x41 [0089.888] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeaf0) returned 1 [0089.888] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\vce 2GsJTpiqc3s3\\8NlrPY 2lz9e1LIBf04f.mp3" (normalized: "c:\\users\\fd1hvy\\desktop\\vce 2gsjtpiqc3s3\\8nlrpy 2lz9e1libf04f.mp3"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2c8 [0089.888] GetFileType (hFile=0x2c8) returned 0x1 [0089.888] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeaec) returned 1 [0089.888] GetFileType (hFile=0x2c8) returned 0x1 [0089.888] GetFileSize (in: hFile=0x2c8, lpFileSizeHigh=0xcfebec | out: lpFileSizeHigh=0xcfebec*=0x0) returned 0xf740 [0089.888] ReadFile (in: hFile=0x2c8, lpBuffer=0x2c26c10, nNumberOfBytesToRead=0xf740, lpNumberOfBytesRead=0xcfeb98, lpOverlapped=0x0 | out: lpBuffer=0x2c26c10*, lpNumberOfBytesRead=0xcfeb98*=0xf740, lpOverlapped=0x0) returned 1 [0089.889] CloseHandle (hObject=0x2c8) returned 1 [0089.913] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", nBufferLength=0x105, lpBuffer=0xcfe6b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", lpFilePart=0x0) returned 0x2c [0089.914] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeb64) returned 1 [0089.914] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8" (normalized: "c:\\users\\fd1hvy\\desktop\\read_this.txt.shade8"), fInfoLevelId=0x0, lpFileInformation=0xcfebe0 | out: lpFileInformation=0xcfebe0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0089.914] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeb60) returned 1 [0089.914] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\vce 2GsJTpiqc3s3\\8NlrPY 2lz9e1LIBf04f.mp3", nBufferLength=0x105, lpBuffer=0xcfe598, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\vce 2GsJTpiqc3s3\\8NlrPY 2lz9e1LIBf04f.mp3", lpFilePart=0x0) returned 0x41 [0089.914] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeadc) returned 1 [0089.914] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\vce 2GsJTpiqc3s3\\8NlrPY 2lz9e1LIBf04f.mp3" (normalized: "c:\\users\\fd1hvy\\desktop\\vce 2gsjtpiqc3s3\\8nlrpy 2lz9e1libf04f.mp3"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2c8 [0089.915] GetFileType (hFile=0x2c8) returned 0x1 [0089.915] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfead8) returned 1 [0089.916] GetFileType (hFile=0x2c8) returned 0x1 [0089.916] WriteFile (in: hFile=0x2c8, lpBuffer=0x2ca2158*, nNumberOfBytesToWrite=0xf750, lpNumberOfBytesWritten=0xcfeb8c, lpOverlapped=0x0 | out: lpBuffer=0x2ca2158*, lpNumberOfBytesWritten=0xcfeb8c*=0xf750, lpOverlapped=0x0) returned 1 [0089.918] CloseHandle (hObject=0x2c8) returned 1 [0089.920] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\vce 2GsJTpiqc3s3\\8NlrPY 2lz9e1LIBf04f.mp3", nBufferLength=0x105, lpBuffer=0xcfe6bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\vce 2GsJTpiqc3s3\\8NlrPY 2lz9e1LIBf04f.mp3", lpFilePart=0x0) returned 0x41 [0089.920] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\vce 2GsJTpiqc3s3\\8NlrPY 2lz9e1LIBf04f.mp3.shade8", nBufferLength=0x105, lpBuffer=0xcfe6bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\vce 2GsJTpiqc3s3\\8NlrPY 2lz9e1LIBf04f.mp3.shade8", lpFilePart=0x0) returned 0x48 [0089.920] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeb70) returned 1 [0089.920] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\vce 2GsJTpiqc3s3\\8NlrPY 2lz9e1LIBf04f.mp3" (normalized: "c:\\users\\fd1hvy\\desktop\\vce 2gsjtpiqc3s3\\8nlrpy 2lz9e1libf04f.mp3"), fInfoLevelId=0x0, lpFileInformation=0xcfebec | out: lpFileInformation=0xcfebec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd98b020, ftCreationTime.dwHighDateTime=0x1d4c93f, ftLastAccessTime.dwLowDateTime=0xb58b30c0, ftLastAccessTime.dwHighDateTime=0x1d4d513, ftLastWriteTime.dwLowDateTime=0x7e33438f, ftLastWriteTime.dwHighDateTime=0x1d57301, nFileSizeHigh=0x0, nFileSizeLow=0xf750)) returned 1 [0089.920] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeb6c) returned 1 [0089.920] MoveFileW (lpExistingFileName="C:\\Users\\FD1HVy\\Desktop\\vce 2GsJTpiqc3s3\\8NlrPY 2lz9e1LIBf04f.mp3" (normalized: "c:\\users\\fd1hvy\\desktop\\vce 2gsjtpiqc3s3\\8nlrpy 2lz9e1libf04f.mp3"), lpNewFileName="C:\\Users\\FD1HVy\\Desktop\\vce 2GsJTpiqc3s3\\8NlrPY 2lz9e1LIBf04f.mp3.shade8" (normalized: "c:\\users\\fd1hvy\\desktop\\vce 2gsjtpiqc3s3\\8nlrpy 2lz9e1libf04f.mp3.shade8")) returned 1 [0089.924] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\vce 2GsJTpiqc3s3\\bGG4.png", nBufferLength=0x105, lpBuffer=0xcfe5ac, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\vce 2GsJTpiqc3s3\\bGG4.png", lpFilePart=0x0) returned 0x31 [0089.924] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeaf0) returned 1 [0089.925] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\vce 2GsJTpiqc3s3\\bGG4.png" (normalized: "c:\\users\\fd1hvy\\desktop\\vce 2gsjtpiqc3s3\\bgg4.png"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2c8 [0089.925] GetFileType (hFile=0x2c8) returned 0x1 [0089.925] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeaec) returned 1 [0089.925] GetFileType (hFile=0x2c8) returned 0x1 [0089.925] GetFileSize (in: hFile=0x2c8, lpFileSizeHigh=0xcfebec | out: lpFileSizeHigh=0xcfebec*=0x0) returned 0x100dc [0089.925] ReadFile (in: hFile=0x2c8, lpBuffer=0x2cb1dfc, nNumberOfBytesToRead=0x100dc, lpNumberOfBytesRead=0xcfeb98, lpOverlapped=0x0 | out: lpBuffer=0x2cb1dfc*, lpNumberOfBytesRead=0xcfeb98*=0x100dc, lpOverlapped=0x0) returned 1 [0089.926] CloseHandle (hObject=0x2c8) returned 1 [0090.085] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", nBufferLength=0x105, lpBuffer=0xcfe6b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", lpFilePart=0x0) returned 0x2c [0090.085] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeb64) returned 1 [0090.085] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8" (normalized: "c:\\users\\fd1hvy\\desktop\\read_this.txt.shade8"), fInfoLevelId=0x0, lpFileInformation=0xcfebe0 | out: lpFileInformation=0xcfebe0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0090.085] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeb60) returned 1 [0090.085] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\vce 2GsJTpiqc3s3\\bGG4.png", nBufferLength=0x105, lpBuffer=0xcfe598, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\vce 2GsJTpiqc3s3\\bGG4.png", lpFilePart=0x0) returned 0x31 [0090.085] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeadc) returned 1 [0090.085] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\vce 2GsJTpiqc3s3\\bGG4.png" (normalized: "c:\\users\\fd1hvy\\desktop\\vce 2gsjtpiqc3s3\\bgg4.png"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2b8 [0090.086] GetFileType (hFile=0x2b8) returned 0x1 [0090.086] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfead8) returned 1 [0090.086] GetFileType (hFile=0x2b8) returned 0x1 [0090.086] WriteFile (in: hFile=0x2b8, lpBuffer=0x2d2ee98*, nNumberOfBytesToWrite=0x100e0, lpNumberOfBytesWritten=0xcfeb8c, lpOverlapped=0x0 | out: lpBuffer=0x2d2ee98*, lpNumberOfBytesWritten=0xcfeb8c*=0x100e0, lpOverlapped=0x0) returned 1 [0090.088] CloseHandle (hObject=0x2b8) returned 1 [0090.090] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\vce 2GsJTpiqc3s3\\bGG4.png", nBufferLength=0x105, lpBuffer=0xcfe6bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\vce 2GsJTpiqc3s3\\bGG4.png", lpFilePart=0x0) returned 0x31 [0090.090] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\vce 2GsJTpiqc3s3\\bGG4.png.shade8", nBufferLength=0x105, lpBuffer=0xcfe6bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\vce 2GsJTpiqc3s3\\bGG4.png.shade8", lpFilePart=0x0) returned 0x38 [0090.090] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeb70) returned 1 [0090.090] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\vce 2GsJTpiqc3s3\\bGG4.png" (normalized: "c:\\users\\fd1hvy\\desktop\\vce 2gsjtpiqc3s3\\bgg4.png"), fInfoLevelId=0x0, lpFileInformation=0xcfebec | out: lpFileInformation=0xcfebec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd1041700, ftCreationTime.dwHighDateTime=0x1d4ce87, ftLastAccessTime.dwLowDateTime=0x67def1d0, ftLastAccessTime.dwHighDateTime=0x1d4c6c8, ftLastWriteTime.dwLowDateTime=0x7e4d7dd7, ftLastWriteTime.dwHighDateTime=0x1d57301, nFileSizeHigh=0x0, nFileSizeLow=0x100e0)) returned 1 [0090.091] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeb6c) returned 1 [0090.091] MoveFileW (lpExistingFileName="C:\\Users\\FD1HVy\\Desktop\\vce 2GsJTpiqc3s3\\bGG4.png" (normalized: "c:\\users\\fd1hvy\\desktop\\vce 2gsjtpiqc3s3\\bgg4.png"), lpNewFileName="C:\\Users\\FD1HVy\\Desktop\\vce 2GsJTpiqc3s3\\bGG4.png.shade8" (normalized: "c:\\users\\fd1hvy\\desktop\\vce 2gsjtpiqc3s3\\bgg4.png.shade8")) returned 1 [0090.091] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\vce 2GsJTpiqc3s3\\f uWn9d-fNEm8xF6.mkv", nBufferLength=0x105, lpBuffer=0xcfe5ac, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\vce 2GsJTpiqc3s3\\f uWn9d-fNEm8xF6.mkv", lpFilePart=0x0) returned 0x3d [0090.091] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeaf0) returned 1 [0090.091] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\vce 2GsJTpiqc3s3\\f uWn9d-fNEm8xF6.mkv" (normalized: "c:\\users\\fd1hvy\\desktop\\vce 2gsjtpiqc3s3\\f uwn9d-fnem8xf6.mkv"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2b8 [0090.091] GetFileType (hFile=0x2b8) returned 0x1 [0090.091] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeaec) returned 1 [0090.091] GetFileType (hFile=0x2b8) returned 0x1 [0090.091] GetFileSize (in: hFile=0x2b8, lpFileSizeHigh=0xcfebec | out: lpFileSizeHigh=0xcfebec*=0x0) returned 0x1355e [0090.092] ReadFile (in: hFile=0x2b8, lpBuffer=0x2d3f444, nNumberOfBytesToRead=0x1355e, lpNumberOfBytesRead=0xcfeb98, lpOverlapped=0x0 | out: lpBuffer=0x2d3f444*, lpNumberOfBytesRead=0xcfeb98*=0x1355e, lpOverlapped=0x0) returned 1 [0090.092] CloseHandle (hObject=0x2b8) returned 1 [0090.213] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", nBufferLength=0x105, lpBuffer=0xcfe6b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", lpFilePart=0x0) returned 0x2c [0090.213] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeb64) returned 1 [0090.213] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8" (normalized: "c:\\users\\fd1hvy\\desktop\\read_this.txt.shade8"), fInfoLevelId=0x0, lpFileInformation=0xcfebe0 | out: lpFileInformation=0xcfebe0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0090.213] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeb60) returned 1 [0090.213] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\vce 2GsJTpiqc3s3\\f uWn9d-fNEm8xF6.mkv", nBufferLength=0x105, lpBuffer=0xcfe598, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\vce 2GsJTpiqc3s3\\f uWn9d-fNEm8xF6.mkv", lpFilePart=0x0) returned 0x3d [0090.213] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeadc) returned 1 [0090.213] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\vce 2GsJTpiqc3s3\\f uWn9d-fNEm8xF6.mkv" (normalized: "c:\\users\\fd1hvy\\desktop\\vce 2gsjtpiqc3s3\\f uwn9d-fnem8xf6.mkv"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2b8 [0090.215] GetFileType (hFile=0x2b8) returned 0x1 [0090.215] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfead8) returned 1 [0090.215] GetFileType (hFile=0x2b8) returned 0x1 [0090.215] WriteFile (in: hFile=0x2b8, lpBuffer=0x2c45840*, nNumberOfBytesToWrite=0x13560, lpNumberOfBytesWritten=0xcfeb8c, lpOverlapped=0x0 | out: lpBuffer=0x2c45840*, lpNumberOfBytesWritten=0xcfeb8c*=0x13560, lpOverlapped=0x0) returned 1 [0090.217] CloseHandle (hObject=0x2b8) returned 1 [0090.220] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\vce 2GsJTpiqc3s3\\f uWn9d-fNEm8xF6.mkv", nBufferLength=0x105, lpBuffer=0xcfe6bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\vce 2GsJTpiqc3s3\\f uWn9d-fNEm8xF6.mkv", lpFilePart=0x0) returned 0x3d [0090.220] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\vce 2GsJTpiqc3s3\\f uWn9d-fNEm8xF6.mkv.shade8", nBufferLength=0x105, lpBuffer=0xcfe6bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\vce 2GsJTpiqc3s3\\f uWn9d-fNEm8xF6.mkv.shade8", lpFilePart=0x0) returned 0x44 [0090.220] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeb70) returned 1 [0090.220] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\vce 2GsJTpiqc3s3\\f uWn9d-fNEm8xF6.mkv" (normalized: "c:\\users\\fd1hvy\\desktop\\vce 2gsjtpiqc3s3\\f uwn9d-fnem8xf6.mkv"), fInfoLevelId=0x0, lpFileInformation=0xcfebec | out: lpFileInformation=0xcfebec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5fed2140, ftCreationTime.dwHighDateTime=0x1d4cc90, ftLastAccessTime.dwLowDateTime=0x41685be0, ftLastAccessTime.dwHighDateTime=0x1d4c7ea, ftLastWriteTime.dwLowDateTime=0x7e609010, ftLastWriteTime.dwHighDateTime=0x1d57301, nFileSizeHigh=0x0, nFileSizeLow=0x13560)) returned 1 [0090.220] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeb6c) returned 1 [0090.220] MoveFileW (lpExistingFileName="C:\\Users\\FD1HVy\\Desktop\\vce 2GsJTpiqc3s3\\f uWn9d-fNEm8xF6.mkv" (normalized: "c:\\users\\fd1hvy\\desktop\\vce 2gsjtpiqc3s3\\f uwn9d-fnem8xf6.mkv"), lpNewFileName="C:\\Users\\FD1HVy\\Desktop\\vce 2GsJTpiqc3s3\\f uWn9d-fNEm8xF6.mkv.shade8" (normalized: "c:\\users\\fd1hvy\\desktop\\vce 2gsjtpiqc3s3\\f uwn9d-fnem8xf6.mkv.shade8")) returned 1 [0090.221] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\vce 2GsJTpiqc3s3\\KniDwCaO21uYk4IPWV.csv", nBufferLength=0x105, lpBuffer=0xcfe5ac, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\vce 2GsJTpiqc3s3\\KniDwCaO21uYk4IPWV.csv", lpFilePart=0x0) returned 0x3f [0090.221] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeaf0) returned 1 [0090.221] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\vce 2GsJTpiqc3s3\\KniDwCaO21uYk4IPWV.csv" (normalized: "c:\\users\\fd1hvy\\desktop\\vce 2gsjtpiqc3s3\\knidwcao21uyk4ipwv.csv"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2b8 [0090.221] GetFileType (hFile=0x2b8) returned 0x1 [0090.221] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeaec) returned 1 [0090.221] GetFileType (hFile=0x2b8) returned 0x1 [0090.221] GetFileSize (in: hFile=0x2b8, lpFileSizeHigh=0xcfebec | out: lpFileSizeHigh=0xcfebec*=0x0) returned 0x1719b [0090.221] ReadFile (in: hFile=0x2b8, lpBuffer=0x3c1e8b8, nNumberOfBytesToRead=0x1719b, lpNumberOfBytesRead=0xcfeb98, lpOverlapped=0x0 | out: lpBuffer=0x3c1e8b8*, lpNumberOfBytesRead=0xcfeb98*=0x1719b, lpOverlapped=0x0) returned 1 [0090.222] CloseHandle (hObject=0x2b8) returned 1 [0090.343] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", nBufferLength=0x105, lpBuffer=0xcfe6b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", lpFilePart=0x0) returned 0x2c [0090.343] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeb64) returned 1 [0090.343] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8" (normalized: "c:\\users\\fd1hvy\\desktop\\read_this.txt.shade8"), fInfoLevelId=0x0, lpFileInformation=0xcfebe0 | out: lpFileInformation=0xcfebe0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0090.344] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeb60) returned 1 [0090.344] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\vce 2GsJTpiqc3s3\\KniDwCaO21uYk4IPWV.csv", nBufferLength=0x105, lpBuffer=0xcfe598, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\vce 2GsJTpiqc3s3\\KniDwCaO21uYk4IPWV.csv", lpFilePart=0x0) returned 0x3f [0090.344] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeadc) returned 1 [0090.344] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\vce 2GsJTpiqc3s3\\KniDwCaO21uYk4IPWV.csv" (normalized: "c:\\users\\fd1hvy\\desktop\\vce 2gsjtpiqc3s3\\knidwcao21uyk4ipwv.csv"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2b8 [0090.346] GetFileType (hFile=0x2b8) returned 0x1 [0090.346] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfead8) returned 1 [0090.346] GetFileType (hFile=0x2b8) returned 0x1 [0090.346] WriteFile (in: hFile=0x2b8, lpBuffer=0x3c92110*, nNumberOfBytesToWrite=0x171a0, lpNumberOfBytesWritten=0xcfeb8c, lpOverlapped=0x0 | out: lpBuffer=0x3c92110*, lpNumberOfBytesWritten=0xcfeb8c*=0x171a0, lpOverlapped=0x0) returned 1 [0090.349] CloseHandle (hObject=0x2b8) returned 1 [0090.352] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\vce 2GsJTpiqc3s3\\KniDwCaO21uYk4IPWV.csv", nBufferLength=0x105, lpBuffer=0xcfe6bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\vce 2GsJTpiqc3s3\\KniDwCaO21uYk4IPWV.csv", lpFilePart=0x0) returned 0x3f [0090.352] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\vce 2GsJTpiqc3s3\\KniDwCaO21uYk4IPWV.csv.shade8", nBufferLength=0x105, lpBuffer=0xcfe6bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\vce 2GsJTpiqc3s3\\KniDwCaO21uYk4IPWV.csv.shade8", lpFilePart=0x0) returned 0x46 [0090.352] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeb70) returned 1 [0090.352] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\vce 2GsJTpiqc3s3\\KniDwCaO21uYk4IPWV.csv" (normalized: "c:\\users\\fd1hvy\\desktop\\vce 2gsjtpiqc3s3\\knidwcao21uyk4ipwv.csv"), fInfoLevelId=0x0, lpFileInformation=0xcfebec | out: lpFileInformation=0xcfebec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb2b61a60, ftCreationTime.dwHighDateTime=0x1d4cd55, ftLastAccessTime.dwLowDateTime=0x156a7190, ftLastAccessTime.dwHighDateTime=0x1d4d249, ftLastWriteTime.dwLowDateTime=0x7e760860, ftLastWriteTime.dwHighDateTime=0x1d57301, nFileSizeHigh=0x0, nFileSizeLow=0x171a0)) returned 1 [0090.352] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeb6c) returned 1 [0090.352] MoveFileW (lpExistingFileName="C:\\Users\\FD1HVy\\Desktop\\vce 2GsJTpiqc3s3\\KniDwCaO21uYk4IPWV.csv" (normalized: "c:\\users\\fd1hvy\\desktop\\vce 2gsjtpiqc3s3\\knidwcao21uyk4ipwv.csv"), lpNewFileName="C:\\Users\\FD1HVy\\Desktop\\vce 2GsJTpiqc3s3\\KniDwCaO21uYk4IPWV.csv.shade8" (normalized: "c:\\users\\fd1hvy\\desktop\\vce 2gsjtpiqc3s3\\knidwcao21uyk4ipwv.csv.shade8")) returned 1 [0090.353] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\vce 2GsJTpiqc3s3\\pUkJm_a4a0qy.pdf", nBufferLength=0x105, lpBuffer=0xcfe5ac, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\vce 2GsJTpiqc3s3\\pUkJm_a4a0qy.pdf", lpFilePart=0x0) returned 0x39 [0090.353] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeaf0) returned 1 [0090.353] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\vce 2GsJTpiqc3s3\\pUkJm_a4a0qy.pdf" (normalized: "c:\\users\\fd1hvy\\desktop\\vce 2gsjtpiqc3s3\\pukjm_a4a0qy.pdf"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2b8 [0090.353] GetFileType (hFile=0x2b8) returned 0x1 [0090.353] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeaec) returned 1 [0090.353] GetFileType (hFile=0x2b8) returned 0x1 [0090.353] GetFileSize (in: hFile=0x2b8, lpFileSizeHigh=0xcfebec | out: lpFileSizeHigh=0xcfebec*=0x0) returned 0x15e3a [0090.354] ReadFile (in: hFile=0x2b8, lpBuffer=0x3ca92d0, nNumberOfBytesToRead=0x15e3a, lpNumberOfBytesRead=0xcfeb98, lpOverlapped=0x0 | out: lpBuffer=0x3ca92d0*, lpNumberOfBytesRead=0xcfeb98*=0x15e3a, lpOverlapped=0x0) returned 1 [0090.354] CloseHandle (hObject=0x2b8) returned 1 [0090.379] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", nBufferLength=0x105, lpBuffer=0xcfe6b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", lpFilePart=0x0) returned 0x2c [0090.379] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeb64) returned 1 [0090.379] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8" (normalized: "c:\\users\\fd1hvy\\desktop\\read_this.txt.shade8"), fInfoLevelId=0x0, lpFileInformation=0xcfebe0 | out: lpFileInformation=0xcfebe0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0090.379] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeb60) returned 1 [0090.379] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\vce 2GsJTpiqc3s3\\pUkJm_a4a0qy.pdf", nBufferLength=0x105, lpBuffer=0xcfe598, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\vce 2GsJTpiqc3s3\\pUkJm_a4a0qy.pdf", lpFilePart=0x0) returned 0x39 [0090.379] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeadc) returned 1 [0090.379] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\vce 2GsJTpiqc3s3\\pUkJm_a4a0qy.pdf" (normalized: "c:\\users\\fd1hvy\\desktop\\vce 2gsjtpiqc3s3\\pukjm_a4a0qy.pdf"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2b8 [0090.483] GetFileType (hFile=0x2b8) returned 0x1 [0090.483] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfead8) returned 1 [0090.484] GetFileType (hFile=0x2b8) returned 0x1 [0090.484] WriteFile (in: hFile=0x2b8, lpBuffer=0x3d16a48*, nNumberOfBytesToWrite=0x15e40, lpNumberOfBytesWritten=0xcfeb8c, lpOverlapped=0x0 | out: lpBuffer=0x3d16a48*, lpNumberOfBytesWritten=0xcfeb8c*=0x15e40, lpOverlapped=0x0) returned 1 [0090.486] CloseHandle (hObject=0x2b8) returned 1 [0090.489] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\vce 2GsJTpiqc3s3\\pUkJm_a4a0qy.pdf", nBufferLength=0x105, lpBuffer=0xcfe6bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\vce 2GsJTpiqc3s3\\pUkJm_a4a0qy.pdf", lpFilePart=0x0) returned 0x39 [0090.489] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\vce 2GsJTpiqc3s3\\pUkJm_a4a0qy.pdf.shade8", nBufferLength=0x105, lpBuffer=0xcfe6bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\vce 2GsJTpiqc3s3\\pUkJm_a4a0qy.pdf.shade8", lpFilePart=0x0) returned 0x40 [0090.489] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeb70) returned 1 [0090.489] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\vce 2GsJTpiqc3s3\\pUkJm_a4a0qy.pdf" (normalized: "c:\\users\\fd1hvy\\desktop\\vce 2gsjtpiqc3s3\\pukjm_a4a0qy.pdf"), fInfoLevelId=0x0, lpFileInformation=0xcfebec | out: lpFileInformation=0xcfebec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3bdab2d0, ftCreationTime.dwHighDateTime=0x1d4ce9e, ftLastAccessTime.dwLowDateTime=0xe3b96b30, ftLastAccessTime.dwHighDateTime=0x1d4ca49, ftLastWriteTime.dwLowDateTime=0x7e8b7b65, ftLastWriteTime.dwHighDateTime=0x1d57301, nFileSizeHigh=0x0, nFileSizeLow=0x15e40)) returned 1 [0090.490] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeb6c) returned 1 [0090.490] MoveFileW (lpExistingFileName="C:\\Users\\FD1HVy\\Desktop\\vce 2GsJTpiqc3s3\\pUkJm_a4a0qy.pdf" (normalized: "c:\\users\\fd1hvy\\desktop\\vce 2gsjtpiqc3s3\\pukjm_a4a0qy.pdf"), lpNewFileName="C:\\Users\\FD1HVy\\Desktop\\vce 2GsJTpiqc3s3\\pUkJm_a4a0qy.pdf.shade8" (normalized: "c:\\users\\fd1hvy\\desktop\\vce 2gsjtpiqc3s3\\pukjm_a4a0qy.pdf.shade8")) returned 1 [0090.490] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\vce 2GsJTpiqc3s3\\x4I7Fbqe-kLQzd1fUt-V.mkv", nBufferLength=0x105, lpBuffer=0xcfe5ac, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\vce 2GsJTpiqc3s3\\x4I7Fbqe-kLQzd1fUt-V.mkv", lpFilePart=0x0) returned 0x41 [0090.490] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeaf0) returned 1 [0090.490] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\vce 2GsJTpiqc3s3\\x4I7Fbqe-kLQzd1fUt-V.mkv" (normalized: "c:\\users\\fd1hvy\\desktop\\vce 2gsjtpiqc3s3\\x4i7fbqe-klqzd1fut-v.mkv"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2b8 [0090.490] GetFileType (hFile=0x2b8) returned 0x1 [0090.490] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeaec) returned 1 [0090.491] GetFileType (hFile=0x2b8) returned 0x1 [0090.491] GetFileSize (in: hFile=0x2b8, lpFileSizeHigh=0xcfebec | out: lpFileSizeHigh=0xcfebec*=0x0) returned 0xa96b [0090.491] ReadFile (in: hFile=0x2b8, lpBuffer=0x2c75c04, nNumberOfBytesToRead=0xa96b, lpNumberOfBytesRead=0xcfeb98, lpOverlapped=0x0 | out: lpBuffer=0x2c75c04*, lpNumberOfBytesRead=0xcfeb98*=0xa96b, lpOverlapped=0x0) returned 1 [0090.491] CloseHandle (hObject=0x2b8) returned 1 [0090.512] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", nBufferLength=0x105, lpBuffer=0xcfe6b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", lpFilePart=0x0) returned 0x2c [0090.512] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeb64) returned 1 [0090.512] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8" (normalized: "c:\\users\\fd1hvy\\desktop\\read_this.txt.shade8"), fInfoLevelId=0x0, lpFileInformation=0xcfebe0 | out: lpFileInformation=0xcfebe0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0090.512] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeb60) returned 1 [0090.512] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\vce 2GsJTpiqc3s3\\x4I7Fbqe-kLQzd1fUt-V.mkv", nBufferLength=0x105, lpBuffer=0xcfe598, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\vce 2GsJTpiqc3s3\\x4I7Fbqe-kLQzd1fUt-V.mkv", lpFilePart=0x0) returned 0x41 [0090.512] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeadc) returned 1 [0090.512] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\vce 2GsJTpiqc3s3\\x4I7Fbqe-kLQzd1fUt-V.mkv" (normalized: "c:\\users\\fd1hvy\\desktop\\vce 2gsjtpiqc3s3\\x4i7fbqe-klqzd1fut-v.mkv"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2b8 [0090.514] GetFileType (hFile=0x2b8) returned 0x1 [0090.514] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfead8) returned 1 [0090.514] GetFileType (hFile=0x2b8) returned 0x1 [0090.514] WriteFile (in: hFile=0x2b8, lpBuffer=0x2ce2654*, nNumberOfBytesToWrite=0xa970, lpNumberOfBytesWritten=0xcfeb8c, lpOverlapped=0x0 | out: lpBuffer=0x2ce2654*, lpNumberOfBytesWritten=0xcfeb8c*=0xa970, lpOverlapped=0x0) returned 1 [0090.516] CloseHandle (hObject=0x2b8) returned 1 [0090.518] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\vce 2GsJTpiqc3s3\\x4I7Fbqe-kLQzd1fUt-V.mkv", nBufferLength=0x105, lpBuffer=0xcfe6bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\vce 2GsJTpiqc3s3\\x4I7Fbqe-kLQzd1fUt-V.mkv", lpFilePart=0x0) returned 0x41 [0090.518] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\vce 2GsJTpiqc3s3\\x4I7Fbqe-kLQzd1fUt-V.mkv.shade8", nBufferLength=0x105, lpBuffer=0xcfe6bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\vce 2GsJTpiqc3s3\\x4I7Fbqe-kLQzd1fUt-V.mkv.shade8", lpFilePart=0x0) returned 0x48 [0090.518] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeb70) returned 1 [0090.518] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\vce 2GsJTpiqc3s3\\x4I7Fbqe-kLQzd1fUt-V.mkv" (normalized: "c:\\users\\fd1hvy\\desktop\\vce 2gsjtpiqc3s3\\x4i7fbqe-klqzd1fut-v.mkv"), fInfoLevelId=0x0, lpFileInformation=0xcfebec | out: lpFileInformation=0xcfebec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd9ebb620, ftCreationTime.dwHighDateTime=0x1d4c7f7, ftLastAccessTime.dwLowDateTime=0xc56b240, ftLastAccessTime.dwHighDateTime=0x1d4c997, ftLastWriteTime.dwLowDateTime=0x7e8ddda4, ftLastWriteTime.dwHighDateTime=0x1d57301, nFileSizeHigh=0x0, nFileSizeLow=0xa970)) returned 1 [0090.518] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeb6c) returned 1 [0090.518] MoveFileW (lpExistingFileName="C:\\Users\\FD1HVy\\Desktop\\vce 2GsJTpiqc3s3\\x4I7Fbqe-kLQzd1fUt-V.mkv" (normalized: "c:\\users\\fd1hvy\\desktop\\vce 2gsjtpiqc3s3\\x4i7fbqe-klqzd1fut-v.mkv"), lpNewFileName="C:\\Users\\FD1HVy\\Desktop\\vce 2GsJTpiqc3s3\\x4I7Fbqe-kLQzd1fUt-V.mkv.shade8" (normalized: "c:\\users\\fd1hvy\\desktop\\vce 2gsjtpiqc3s3\\x4i7fbqe-klqzd1fut-v.mkv.shade8")) returned 1 [0090.519] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\vce 2GsJTpiqc3s3\\XYpIBn0x4VZkFFRvx.avi", nBufferLength=0x105, lpBuffer=0xcfe5ac, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\vce 2GsJTpiqc3s3\\XYpIBn0x4VZkFFRvx.avi", lpFilePart=0x0) returned 0x3e [0090.519] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeaf0) returned 1 [0090.519] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\vce 2GsJTpiqc3s3\\XYpIBn0x4VZkFFRvx.avi" (normalized: "c:\\users\\fd1hvy\\desktop\\vce 2gsjtpiqc3s3\\xypibn0x4vzkffrvx.avi"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2b8 [0090.519] GetFileType (hFile=0x2b8) returned 0x1 [0090.519] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeaec) returned 1 [0090.519] GetFileType (hFile=0x2b8) returned 0x1 [0090.519] GetFileSize (in: hFile=0x2b8, lpFileSizeHigh=0xcfebec | out: lpFileSizeHigh=0xcfebec*=0x0) returned 0x1767e [0090.520] ReadFile (in: hFile=0x2b8, lpBuffer=0x3d41b88, nNumberOfBytesToRead=0x1767e, lpNumberOfBytesRead=0xcfeb98, lpOverlapped=0x0 | out: lpBuffer=0x3d41b88*, lpNumberOfBytesRead=0xcfeb98*=0x1767e, lpOverlapped=0x0) returned 1 [0090.670] CloseHandle (hObject=0x2b8) returned 1 [0090.689] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", nBufferLength=0x105, lpBuffer=0xcfe6b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", lpFilePart=0x0) returned 0x2c [0090.689] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeb64) returned 1 [0090.690] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8" (normalized: "c:\\users\\fd1hvy\\desktop\\read_this.txt.shade8"), fInfoLevelId=0x0, lpFileInformation=0xcfebe0 | out: lpFileInformation=0xcfebe0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0090.690] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeb60) returned 1 [0090.690] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\vce 2GsJTpiqc3s3\\XYpIBn0x4VZkFFRvx.avi", nBufferLength=0x105, lpBuffer=0xcfe598, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\vce 2GsJTpiqc3s3\\XYpIBn0x4VZkFFRvx.avi", lpFilePart=0x0) returned 0x3e [0090.690] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeadc) returned 1 [0090.690] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\vce 2GsJTpiqc3s3\\XYpIBn0x4VZkFFRvx.avi" (normalized: "c:\\users\\fd1hvy\\desktop\\vce 2gsjtpiqc3s3\\xypibn0x4vzkffrvx.avi"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2b8 [0090.767] GetFileType (hFile=0x2b8) returned 0x1 [0090.767] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfead8) returned 1 [0090.767] GetFileType (hFile=0x2b8) returned 0x1 [0090.767] WriteFile (in: hFile=0x2b8, lpBuffer=0x3db6c48*, nNumberOfBytesToWrite=0x17680, lpNumberOfBytesWritten=0xcfeb8c, lpOverlapped=0x0 | out: lpBuffer=0x3db6c48*, lpNumberOfBytesWritten=0xcfeb8c*=0x17680, lpOverlapped=0x0) returned 1 [0090.777] CloseHandle (hObject=0x2b8) returned 1 [0090.822] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\vce 2GsJTpiqc3s3\\XYpIBn0x4VZkFFRvx.avi", nBufferLength=0x105, lpBuffer=0xcfe6bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\vce 2GsJTpiqc3s3\\XYpIBn0x4VZkFFRvx.avi", lpFilePart=0x0) returned 0x3e [0090.822] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\vce 2GsJTpiqc3s3\\XYpIBn0x4VZkFFRvx.avi.shade8", nBufferLength=0x105, lpBuffer=0xcfe6bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\vce 2GsJTpiqc3s3\\XYpIBn0x4VZkFFRvx.avi.shade8", lpFilePart=0x0) returned 0x45 [0090.822] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeb70) returned 1 [0090.822] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\vce 2GsJTpiqc3s3\\XYpIBn0x4VZkFFRvx.avi" (normalized: "c:\\users\\fd1hvy\\desktop\\vce 2gsjtpiqc3s3\\xypibn0x4vzkffrvx.avi"), fInfoLevelId=0x0, lpFileInformation=0xcfebec | out: lpFileInformation=0xcfebec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x75193a00, ftCreationTime.dwHighDateTime=0x1d4c8cf, ftLastAccessTime.dwLowDateTime=0x7a6f84e0, ftLastAccessTime.dwHighDateTime=0x1d4c588, ftLastWriteTime.dwLowDateTime=0x7eb6650c, ftLastWriteTime.dwHighDateTime=0x1d57301, nFileSizeHigh=0x0, nFileSizeLow=0x17680)) returned 1 [0090.822] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeb6c) returned 1 [0090.822] MoveFileW (lpExistingFileName="C:\\Users\\FD1HVy\\Desktop\\vce 2GsJTpiqc3s3\\XYpIBn0x4VZkFFRvx.avi" (normalized: "c:\\users\\fd1hvy\\desktop\\vce 2gsjtpiqc3s3\\xypibn0x4vzkffrvx.avi"), lpNewFileName="C:\\Users\\FD1HVy\\Desktop\\vce 2GsJTpiqc3s3\\XYpIBn0x4VZkFFRvx.avi.shade8" (normalized: "c:\\users\\fd1hvy\\desktop\\vce 2gsjtpiqc3s3\\xypibn0x4vzkffrvx.avi.shade8")) returned 1 [0090.939] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfecb8) returned 1 [0090.939] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Links", nBufferLength=0x105, lpBuffer=0xcfe76c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Links", lpFilePart=0x0) returned 0x15 [0090.939] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\Links\\*", lpFindFileData=0xcfe9e0 | out: lpFindFileData=0xcfe9e0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x3476bd48, ftCreationTime.dwHighDateTime=0x1d32722, ftLastAccessTime.dwLowDateTime=0x9463e5c0, ftLastAccessTime.dwHighDateTime=0x1d39f5d, ftLastWriteTime.dwLowDateTime=0x9463e5c0, ftLastWriteTime.dwHighDateTime=0x1d39f5d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xfe6760 [0090.939] FindNextFileW (in: hFindFile=0xfe6760, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x3476bd48, ftCreationTime.dwHighDateTime=0x1d32722, ftLastAccessTime.dwLowDateTime=0x9463e5c0, ftLastAccessTime.dwHighDateTime=0x1d39f5d, ftLastWriteTime.dwLowDateTime=0x9463e5c0, ftLastWriteTime.dwHighDateTime=0x1d39f5d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0090.939] FindNextFileW (in: hFindFile=0xfe6760, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x6, ftCreationTime.dwLowDateTime=0x441f699e, ftCreationTime.dwHighDateTime=0x1d32722, ftLastAccessTime.dwLowDateTime=0x441f699e, ftLastAccessTime.dwHighDateTime=0x1d32722, ftLastWriteTime.dwLowDateTime=0xcee4480b, ftLastWriteTime.dwHighDateTime=0x1d32743, nFileSizeHigh=0x0, nFileSizeLow=0x1f8, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0090.939] FindNextFileW (in: hFindFile=0xfe6760, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4428f2bb, ftCreationTime.dwHighDateTime=0x1d32722, ftLastAccessTime.dwLowDateTime=0x4428f2bb, ftLastAccessTime.dwHighDateTime=0x1d32722, ftLastWriteTime.dwLowDateTime=0xce90d59d, ftLastWriteTime.dwHighDateTime=0x1d32743, nFileSizeHigh=0x0, nFileSizeLow=0x1f5, dwReserved0=0x0, dwReserved1=0x0, cFileName="Desktop.lnk", cAlternateFileName="")) returned 1 [0090.940] FindNextFileW (in: hFindFile=0xfe6760, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x442b54f3, ftCreationTime.dwHighDateTime=0x1d32722, ftLastAccessTime.dwLowDateTime=0x442b54f3, ftLastAccessTime.dwHighDateTime=0x1d32722, ftLastWriteTime.dwLowDateTime=0xcec7abde, ftLastWriteTime.dwHighDateTime=0x1d32743, nFileSizeHigh=0x0, nFileSizeLow=0x3ae, dwReserved0=0x0, dwReserved1=0x0, cFileName="Downloads.lnk", cAlternateFileName="DOWNLO~1.LNK")) returned 1 [0090.940] FindNextFileW (in: hFindFile=0xfe6760, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3190fb5, ftCreationTime.dwHighDateTime=0x1d327b5, ftLastAccessTime.dwLowDateTime=0x9463e5c0, ftLastAccessTime.dwHighDateTime=0x1d39f5d, ftLastWriteTime.dwLowDateTime=0x94664823, ftLastWriteTime.dwHighDateTime=0x1d39f5d, nFileSizeHigh=0x0, nFileSizeLow=0x53a, dwReserved0=0x0, dwReserved1=0x0, cFileName="OneDrive.lnk", cAlternateFileName="")) returned 1 [0090.940] FindNextFileW (in: hFindFile=0xfe6760, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0090.940] FindClose (in: hFindFile=0xfe6760 | out: hFindFile=0xfe6760) returned 1 [0090.940] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfec74) returned 1 [0090.940] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfec80) returned 1 [0090.940] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfecb8) returned 1 [0090.940] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Links", nBufferLength=0x105, lpBuffer=0xcfe76c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Links", lpFilePart=0x0) returned 0x15 [0090.941] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\Links\\*", lpFindFileData=0xcfe9e0 | out: lpFindFileData=0xcfe9e0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x3476bd48, ftCreationTime.dwHighDateTime=0x1d32722, ftLastAccessTime.dwLowDateTime=0x9463e5c0, ftLastAccessTime.dwHighDateTime=0x1d39f5d, ftLastWriteTime.dwLowDateTime=0x9463e5c0, ftLastWriteTime.dwHighDateTime=0x1d39f5d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xfe6520 [0090.941] FindNextFileW (in: hFindFile=0xfe6520, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x3476bd48, ftCreationTime.dwHighDateTime=0x1d32722, ftLastAccessTime.dwLowDateTime=0x9463e5c0, ftLastAccessTime.dwHighDateTime=0x1d39f5d, ftLastWriteTime.dwLowDateTime=0x9463e5c0, ftLastWriteTime.dwHighDateTime=0x1d39f5d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0090.941] FindNextFileW (in: hFindFile=0xfe6520, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x6, ftCreationTime.dwLowDateTime=0x441f699e, ftCreationTime.dwHighDateTime=0x1d32722, ftLastAccessTime.dwLowDateTime=0x441f699e, ftLastAccessTime.dwHighDateTime=0x1d32722, ftLastWriteTime.dwLowDateTime=0xcee4480b, ftLastWriteTime.dwHighDateTime=0x1d32743, nFileSizeHigh=0x0, nFileSizeLow=0x1f8, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0090.941] FindNextFileW (in: hFindFile=0xfe6520, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4428f2bb, ftCreationTime.dwHighDateTime=0x1d32722, ftLastAccessTime.dwLowDateTime=0x4428f2bb, ftLastAccessTime.dwHighDateTime=0x1d32722, ftLastWriteTime.dwLowDateTime=0xce90d59d, ftLastWriteTime.dwHighDateTime=0x1d32743, nFileSizeHigh=0x0, nFileSizeLow=0x1f5, dwReserved0=0x0, dwReserved1=0x0, cFileName="Desktop.lnk", cAlternateFileName="")) returned 1 [0090.941] FindNextFileW (in: hFindFile=0xfe6520, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x442b54f3, ftCreationTime.dwHighDateTime=0x1d32722, ftLastAccessTime.dwLowDateTime=0x442b54f3, ftLastAccessTime.dwHighDateTime=0x1d32722, ftLastWriteTime.dwLowDateTime=0xcec7abde, ftLastWriteTime.dwHighDateTime=0x1d32743, nFileSizeHigh=0x0, nFileSizeLow=0x3ae, dwReserved0=0x0, dwReserved1=0x0, cFileName="Downloads.lnk", cAlternateFileName="DOWNLO~1.LNK")) returned 1 [0090.942] FindNextFileW (in: hFindFile=0xfe6520, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3190fb5, ftCreationTime.dwHighDateTime=0x1d327b5, ftLastAccessTime.dwLowDateTime=0x9463e5c0, ftLastAccessTime.dwHighDateTime=0x1d39f5d, ftLastWriteTime.dwLowDateTime=0x94664823, ftLastWriteTime.dwHighDateTime=0x1d39f5d, nFileSizeHigh=0x0, nFileSizeLow=0x53a, dwReserved0=0x0, dwReserved1=0x0, cFileName="OneDrive.lnk", cAlternateFileName="")) returned 1 [0090.942] FindNextFileW (in: hFindFile=0xfe6520, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3190fb5, ftCreationTime.dwHighDateTime=0x1d327b5, ftLastAccessTime.dwLowDateTime=0x9463e5c0, ftLastAccessTime.dwHighDateTime=0x1d39f5d, ftLastWriteTime.dwLowDateTime=0x94664823, ftLastWriteTime.dwHighDateTime=0x1d39f5d, nFileSizeHigh=0x0, nFileSizeLow=0x53a, dwReserved0=0x0, dwReserved1=0x0, cFileName="OneDrive.lnk", cAlternateFileName="")) returned 0 [0090.942] FindClose (in: hFindFile=0xfe6520 | out: hFindFile=0xfe6520) returned 1 [0090.942] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfec74) returned 1 [0090.943] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfec80) returned 1 [0090.943] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Links\\Desktop.lnk", nBufferLength=0x105, lpBuffer=0xcfe620, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Links\\Desktop.lnk", lpFilePart=0x0) returned 0x21 [0090.943] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeb64) returned 1 [0090.943] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Links\\Desktop.lnk" (normalized: "c:\\users\\fd1hvy\\links\\desktop.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2b8 [0090.943] GetFileType (hFile=0x2b8) returned 0x1 [0090.944] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeb60) returned 1 [0090.944] GetFileType (hFile=0x2b8) returned 0x1 [0090.944] GetFileSize (in: hFile=0x2b8, lpFileSizeHigh=0xcfec60 | out: lpFileSizeHigh=0xcfec60*=0x0) returned 0x1f5 [0090.944] ReadFile (in: hFile=0x2b8, lpBuffer=0x2d3bc70, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcfec0c, lpOverlapped=0x0 | out: lpBuffer=0x2d3bc70*, lpNumberOfBytesRead=0xcfec0c*=0x1f5, lpOverlapped=0x0) returned 1 [0090.945] CloseHandle (hObject=0x2b8) returned 1 [0090.960] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", nBufferLength=0x105, lpBuffer=0xcfe724, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", lpFilePart=0x0) returned 0x2c [0090.960] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfebd8) returned 1 [0090.960] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8" (normalized: "c:\\users\\fd1hvy\\desktop\\read_this.txt.shade8"), fInfoLevelId=0x0, lpFileInformation=0xcfec54 | out: lpFileInformation=0xcfec54*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0090.961] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfebd4) returned 1 [0090.961] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Links\\Desktop.lnk", nBufferLength=0x105, lpBuffer=0xcfe60c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Links\\Desktop.lnk", lpFilePart=0x0) returned 0x21 [0090.961] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeb50) returned 1 [0090.961] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Links\\Desktop.lnk" (normalized: "c:\\users\\fd1hvy\\links\\desktop.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2b8 [0090.962] GetFileType (hFile=0x2b8) returned 0x1 [0090.962] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeb4c) returned 1 [0090.962] GetFileType (hFile=0x2b8) returned 0x1 [0090.962] WriteFile (in: hFile=0x2b8, lpBuffer=0x2d8a670*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0xcfebd4, lpOverlapped=0x0 | out: lpBuffer=0x2d8a670*, lpNumberOfBytesWritten=0xcfebd4*=0x200, lpOverlapped=0x0) returned 1 [0090.963] CloseHandle (hObject=0x2b8) returned 1 [0090.964] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Links\\Desktop.lnk", nBufferLength=0x105, lpBuffer=0xcfe730, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Links\\Desktop.lnk", lpFilePart=0x0) returned 0x21 [0090.964] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Links\\Desktop.lnk.shade8", nBufferLength=0x105, lpBuffer=0xcfe730, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Links\\Desktop.lnk.shade8", lpFilePart=0x0) returned 0x28 [0090.964] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfebe4) returned 1 [0090.964] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Links\\Desktop.lnk" (normalized: "c:\\users\\fd1hvy\\links\\desktop.lnk"), fInfoLevelId=0x0, lpFileInformation=0xcfec60 | out: lpFileInformation=0xcfec60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4428f2bb, ftCreationTime.dwHighDateTime=0x1d32722, ftLastAccessTime.dwLowDateTime=0x4428f2bb, ftLastAccessTime.dwHighDateTime=0x1d32722, ftLastWriteTime.dwLowDateTime=0x7ed301c9, ftLastWriteTime.dwHighDateTime=0x1d57301, nFileSizeHigh=0x0, nFileSizeLow=0x200)) returned 1 [0090.964] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfebe0) returned 1 [0090.964] MoveFileW (lpExistingFileName="C:\\Users\\FD1HVy\\Links\\Desktop.lnk" (normalized: "c:\\users\\fd1hvy\\links\\desktop.lnk"), lpNewFileName="C:\\Users\\FD1HVy\\Links\\Desktop.lnk.shade8" (normalized: "c:\\users\\fd1hvy\\links\\desktop.lnk.shade8")) returned 1 [0090.965] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Links\\Downloads.lnk", nBufferLength=0x105, lpBuffer=0xcfe620, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Links\\Downloads.lnk", lpFilePart=0x0) returned 0x23 [0090.965] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeb64) returned 1 [0090.965] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Links\\Downloads.lnk" (normalized: "c:\\users\\fd1hvy\\links\\downloads.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2b8 [0090.965] GetFileType (hFile=0x2b8) returned 0x1 [0090.965] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeb60) returned 1 [0090.965] GetFileType (hFile=0x2b8) returned 0x1 [0090.965] GetFileSize (in: hFile=0x2b8, lpFileSizeHigh=0xcfec60 | out: lpFileSizeHigh=0xcfec60*=0x0) returned 0x3ae [0090.965] ReadFile (in: hFile=0x2b8, lpBuffer=0x2d8bc38, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcfec0c, lpOverlapped=0x0 | out: lpBuffer=0x2d8bc38*, lpNumberOfBytesRead=0xcfec0c*=0x3ae, lpOverlapped=0x0) returned 1 [0091.063] CloseHandle (hObject=0x2b8) returned 1 [0091.081] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", nBufferLength=0x105, lpBuffer=0xcfe724, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", lpFilePart=0x0) returned 0x2c [0091.082] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfebd8) returned 1 [0091.082] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8" (normalized: "c:\\users\\fd1hvy\\desktop\\read_this.txt.shade8"), fInfoLevelId=0x0, lpFileInformation=0xcfec54 | out: lpFileInformation=0xcfec54*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0091.082] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfebd4) returned 1 [0091.082] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Links\\Downloads.lnk", nBufferLength=0x105, lpBuffer=0xcfe60c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Links\\Downloads.lnk", lpFilePart=0x0) returned 0x23 [0091.082] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeb50) returned 1 [0091.082] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Links\\Downloads.lnk" (normalized: "c:\\users\\fd1hvy\\links\\downloads.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2b8 [0091.083] GetFileType (hFile=0x2b8) returned 0x1 [0091.083] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeb4c) returned 1 [0091.083] GetFileType (hFile=0x2b8) returned 0x1 [0091.084] WriteFile (in: hFile=0x2b8, lpBuffer=0x2ddaea8*, nNumberOfBytesToWrite=0x3b0, lpNumberOfBytesWritten=0xcfebd4, lpOverlapped=0x0 | out: lpBuffer=0x2ddaea8*, lpNumberOfBytesWritten=0xcfebd4*=0x3b0, lpOverlapped=0x0) returned 1 [0091.084] CloseHandle (hObject=0x2b8) returned 1 [0091.087] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Links\\Downloads.lnk", nBufferLength=0x105, lpBuffer=0xcfe730, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Links\\Downloads.lnk", lpFilePart=0x0) returned 0x23 [0091.087] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Links\\Downloads.lnk.shade8", nBufferLength=0x105, lpBuffer=0xcfe730, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Links\\Downloads.lnk.shade8", lpFilePart=0x0) returned 0x2a [0091.087] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfebe4) returned 1 [0091.087] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Links\\Downloads.lnk" (normalized: "c:\\users\\fd1hvy\\links\\downloads.lnk"), fInfoLevelId=0x0, lpFileInformation=0xcfec60 | out: lpFileInformation=0xcfec60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x442b54f3, ftCreationTime.dwHighDateTime=0x1d32722, ftLastAccessTime.dwLowDateTime=0x442b54f3, ftLastAccessTime.dwHighDateTime=0x1d32722, ftLastWriteTime.dwLowDateTime=0x7ee61499, ftLastWriteTime.dwHighDateTime=0x1d57301, nFileSizeHigh=0x0, nFileSizeLow=0x3b0)) returned 1 [0091.087] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfebe0) returned 1 [0091.087] MoveFileW (lpExistingFileName="C:\\Users\\FD1HVy\\Links\\Downloads.lnk" (normalized: "c:\\users\\fd1hvy\\links\\downloads.lnk"), lpNewFileName="C:\\Users\\FD1HVy\\Links\\Downloads.lnk.shade8" (normalized: "c:\\users\\fd1hvy\\links\\downloads.lnk.shade8")) returned 1 [0091.087] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Links\\OneDrive.lnk", nBufferLength=0x105, lpBuffer=0xcfe620, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Links\\OneDrive.lnk", lpFilePart=0x0) returned 0x22 [0091.087] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeb64) returned 1 [0091.088] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Links\\OneDrive.lnk" (normalized: "c:\\users\\fd1hvy\\links\\onedrive.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2b8 [0091.089] GetFileType (hFile=0x2b8) returned 0x1 [0091.089] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeb60) returned 1 [0091.089] GetFileType (hFile=0x2b8) returned 0x1 [0091.089] GetFileSize (in: hFile=0x2b8, lpFileSizeHigh=0xcfec60 | out: lpFileSizeHigh=0xcfec60*=0x0) returned 0x53a [0091.089] ReadFile (in: hFile=0x2b8, lpBuffer=0x2ddc608, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcfec0c, lpOverlapped=0x0 | out: lpBuffer=0x2ddc608*, lpNumberOfBytesRead=0xcfec0c*=0x53a, lpOverlapped=0x0) returned 1 [0091.440] CloseHandle (hObject=0x2b8) returned 1 [0091.703] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", nBufferLength=0x105, lpBuffer=0xcfe724, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", lpFilePart=0x0) returned 0x2c [0091.703] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfebd8) returned 1 [0091.703] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8" (normalized: "c:\\users\\fd1hvy\\desktop\\read_this.txt.shade8"), fInfoLevelId=0x0, lpFileInformation=0xcfec54 | out: lpFileInformation=0xcfec54*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0091.703] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfebd4) returned 1 [0091.703] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Links\\OneDrive.lnk", nBufferLength=0x105, lpBuffer=0xcfe60c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Links\\OneDrive.lnk", lpFilePart=0x0) returned 0x22 [0091.703] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeb50) returned 1 [0091.703] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Links\\OneDrive.lnk" (normalized: "c:\\users\\fd1hvy\\links\\onedrive.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2b8 [0091.705] GetFileType (hFile=0x2b8) returned 0x1 [0091.705] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeb4c) returned 1 [0091.705] GetFileType (hFile=0x2b8) returned 0x1 [0091.705] WriteFile (in: hFile=0x2b8, lpBuffer=0x2c2c04c*, nNumberOfBytesToWrite=0x540, lpNumberOfBytesWritten=0xcfebd4, lpOverlapped=0x0 | out: lpBuffer=0x2c2c04c*, lpNumberOfBytesWritten=0xcfebd4*=0x540, lpOverlapped=0x0) returned 1 [0091.706] CloseHandle (hObject=0x2b8) returned 1 [0091.707] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Links\\OneDrive.lnk", nBufferLength=0x105, lpBuffer=0xcfe730, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Links\\OneDrive.lnk", lpFilePart=0x0) returned 0x22 [0091.707] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Links\\OneDrive.lnk.shade8", nBufferLength=0x105, lpBuffer=0xcfe730, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Links\\OneDrive.lnk.shade8", lpFilePart=0x0) returned 0x29 [0091.707] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfebe4) returned 1 [0091.707] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Links\\OneDrive.lnk" (normalized: "c:\\users\\fd1hvy\\links\\onedrive.lnk"), fInfoLevelId=0x0, lpFileInformation=0xcfec60 | out: lpFileInformation=0xcfec60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3190fb5, ftCreationTime.dwHighDateTime=0x1d327b5, ftLastAccessTime.dwLowDateTime=0x9463e5c0, ftLastAccessTime.dwHighDateTime=0x1d39f5d, ftLastWriteTime.dwLowDateTime=0x7f431060, ftLastWriteTime.dwHighDateTime=0x1d57301, nFileSizeHigh=0x0, nFileSizeLow=0x540)) returned 1 [0091.707] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfebe0) returned 1 [0091.707] MoveFileW (lpExistingFileName="C:\\Users\\FD1HVy\\Links\\OneDrive.lnk" (normalized: "c:\\users\\fd1hvy\\links\\onedrive.lnk"), lpNewFileName="C:\\Users\\FD1HVy\\Links\\OneDrive.lnk.shade8" (normalized: "c:\\users\\fd1hvy\\links\\onedrive.lnk.shade8")) returned 1 [0091.710] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfecb8) returned 1 [0091.710] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Contacts", nBufferLength=0x105, lpBuffer=0xcfe76c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Contacts", lpFilePart=0x0) returned 0x18 [0091.710] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\Contacts\\*", lpFindFileData=0xcfe9e0 | out: lpFindFileData=0xcfe9e0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x440792d0, ftCreationTime.dwHighDateTime=0x1d32722, ftLastAccessTime.dwLowDateTime=0xd43ecce6, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xce2cb2cd, ftLastWriteTime.dwHighDateTime=0x1d32743, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xfe65e0 [0091.710] FindNextFileW (in: hFindFile=0xfe65e0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x440792d0, ftCreationTime.dwHighDateTime=0x1d32722, ftLastAccessTime.dwLowDateTime=0xd43ecce6, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xce2cb2cd, ftLastWriteTime.dwHighDateTime=0x1d32743, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0091.710] FindNextFileW (in: hFindFile=0xfe65e0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x440792d0, ftCreationTime.dwHighDateTime=0x1d32722, ftLastAccessTime.dwLowDateTime=0x440792d0, ftLastAccessTime.dwHighDateTime=0x1d32722, ftLastWriteTime.dwLowDateTime=0xce2f1526, ftLastWriteTime.dwHighDateTime=0x1d32743, nFileSizeHigh=0x0, nFileSizeLow=0x19c, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0091.710] FindNextFileW (in: hFindFile=0xfe65e0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0091.711] FindClose (in: hFindFile=0xfe65e0 | out: hFindFile=0xfe65e0) returned 1 [0091.711] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfec74) returned 1 [0091.711] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfec80) returned 1 [0091.711] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfecb8) returned 1 [0091.711] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Contacts", nBufferLength=0x105, lpBuffer=0xcfe76c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Contacts", lpFilePart=0x0) returned 0x18 [0091.711] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\Contacts\\*", lpFindFileData=0xcfe9e0 | out: lpFindFileData=0xcfe9e0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x440792d0, ftCreationTime.dwHighDateTime=0x1d32722, ftLastAccessTime.dwLowDateTime=0xd43ecce6, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xce2cb2cd, ftLastWriteTime.dwHighDateTime=0x1d32743, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xfe67a0 [0091.711] FindNextFileW (in: hFindFile=0xfe67a0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x440792d0, ftCreationTime.dwHighDateTime=0x1d32722, ftLastAccessTime.dwLowDateTime=0xd43ecce6, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xce2cb2cd, ftLastWriteTime.dwHighDateTime=0x1d32743, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0091.711] FindNextFileW (in: hFindFile=0xfe67a0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x440792d0, ftCreationTime.dwHighDateTime=0x1d32722, ftLastAccessTime.dwLowDateTime=0x440792d0, ftLastAccessTime.dwHighDateTime=0x1d32722, ftLastWriteTime.dwLowDateTime=0xce2f1526, ftLastWriteTime.dwHighDateTime=0x1d32743, nFileSizeHigh=0x0, nFileSizeLow=0x19c, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0091.712] FindNextFileW (in: hFindFile=0xfe67a0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x440792d0, ftCreationTime.dwHighDateTime=0x1d32722, ftLastAccessTime.dwLowDateTime=0x440792d0, ftLastAccessTime.dwHighDateTime=0x1d32722, ftLastWriteTime.dwLowDateTime=0xce2f1526, ftLastWriteTime.dwHighDateTime=0x1d32743, nFileSizeHigh=0x0, nFileSizeLow=0x19c, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 0 [0091.712] FindClose (in: hFindFile=0xfe67a0 | out: hFindFile=0xfe67a0) returned 1 [0091.712] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfec74) returned 1 [0091.712] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfec80) returned 1 [0091.712] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfecb8) returned 1 [0091.712] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop", nBufferLength=0x105, lpBuffer=0xcfe76c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop", lpFilePart=0x0) returned 0x17 [0091.712] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\*", lpFindFileData=0xcfe9e0 | out: lpFindFileData=0xcfe9e0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x3476bd48, ftCreationTime.dwHighDateTime=0x1d32722, ftLastAccessTime.dwLowDateTime=0x7e1b6ce2, ftLastAccessTime.dwHighDateTime=0x1d57301, ftLastWriteTime.dwLowDateTime=0x7e1b6ce2, ftLastWriteTime.dwHighDateTime=0x1d57301, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xfe65a0 [0091.712] FindNextFileW (in: hFindFile=0xfe65a0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x3476bd48, ftCreationTime.dwHighDateTime=0x1d32722, ftLastAccessTime.dwLowDateTime=0x7e1b6ce2, ftLastAccessTime.dwHighDateTime=0x1d57301, ftLastWriteTime.dwLowDateTime=0x7e1b6ce2, ftLastWriteTime.dwHighDateTime=0x1d57301, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0091.713] FindNextFileW (in: hFindFile=0xfe65a0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf6df6c00, ftCreationTime.dwHighDateTime=0x1d4c8ff, ftLastAccessTime.dwLowDateTime=0x7f8f4ef0, ftLastAccessTime.dwHighDateTime=0x1d4d4e3, ftLastWriteTime.dwLowDateTime=0x7f8f4ef0, ftLastWriteTime.dwHighDateTime=0x1d4d4e3, nFileSizeHigh=0x0, nFileSizeLow=0x15f99, dwReserved0=0x0, dwReserved1=0x0, cFileName="1uiG9tEKao-CdI8b.flv", cAlternateFileName="1UIG9T~1.FLV")) returned 1 [0091.713] FindNextFileW (in: hFindFile=0xfe65a0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xaea41d50, ftCreationTime.dwHighDateTime=0x1d4c8af, ftLastAccessTime.dwLowDateTime=0x9c88a120, ftLastAccessTime.dwHighDateTime=0x1d4d16c, ftLastWriteTime.dwLowDateTime=0x9c88a120, ftLastWriteTime.dwHighDateTime=0x1d4d16c, nFileSizeHigh=0x0, nFileSizeLow=0x13e2a, dwReserved0=0x0, dwReserved1=0x0, cFileName="42TxdJ1y5Teq5CEIz.wav", cAlternateFileName="42TXDJ~1.WAV")) returned 1 [0091.713] FindNextFileW (in: hFindFile=0xfe65a0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x46f63600, ftCreationTime.dwHighDateTime=0x1d57301, ftLastAccessTime.dwLowDateTime=0x46f63600, ftLastAccessTime.dwHighDateTime=0x1d57301, ftLastWriteTime.dwLowDateTime=0x7d593c68, ftLastWriteTime.dwHighDateTime=0x1d57301, nFileSizeHigh=0x0, nFileSizeLow=0x11aa20, dwReserved0=0x0, dwReserved1=0x0, cFileName="454364vodafone-e-fatura.exe.shade8", cAlternateFileName="454364~1.SHA")) returned 1 [0091.713] FindNextFileW (in: hFindFile=0xfe65a0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3ccc4e30, ftCreationTime.dwHighDateTime=0x1d4d4d2, ftLastAccessTime.dwLowDateTime=0x65da9560, ftLastAccessTime.dwHighDateTime=0x1d4cfd3, ftLastWriteTime.dwLowDateTime=0x7d679578, ftLastWriteTime.dwHighDateTime=0x1d57301, nFileSizeHigh=0x0, nFileSizeLow=0x85e0, dwReserved0=0x0, dwReserved1=0x0, cFileName="7cYIG7R_Bg.csv.shade8", cAlternateFileName="7CYIG7~1.SHA")) returned 1 [0091.713] FindNextFileW (in: hFindFile=0xfe65a0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa2fbd9f0, ftCreationTime.dwHighDateTime=0x1d4cf73, ftLastAccessTime.dwLowDateTime=0x37106840, ftLastAccessTime.dwHighDateTime=0x1d4cc27, ftLastWriteTime.dwLowDateTime=0x7d7f6224, ftLastWriteTime.dwHighDateTime=0x1d57301, nFileSizeHigh=0x0, nFileSizeLow=0xaee0, dwReserved0=0x0, dwReserved1=0x0, cFileName="7ZIEneEWitQXloMb.mkv.shade8", cAlternateFileName="7ZIENE~1.SHA")) returned 1 [0091.714] FindNextFileW (in: hFindFile=0xfe65a0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x471cf3a0, ftCreationTime.dwHighDateTime=0x1d4d2aa, ftLastAccessTime.dwLowDateTime=0x71be5080, ftLastAccessTime.dwHighDateTime=0x1d4c761, ftLastWriteTime.dwLowDateTime=0x71be5080, ftLastWriteTime.dwHighDateTime=0x1d4c761, nFileSizeHigh=0x0, nFileSizeLow=0xa815, dwReserved0=0x0, dwReserved1=0x0, cFileName="9i094uEf.m4a", cAlternateFileName="")) returned 1 [0091.714] FindNextFileW (in: hFindFile=0xfe65a0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3495ef90, ftCreationTime.dwHighDateTime=0x1d4cede, ftLastAccessTime.dwLowDateTime=0xbd1b9850, ftLastAccessTime.dwHighDateTime=0x1d4cf07, ftLastWriteTime.dwLowDateTime=0xbd1b9850, ftLastWriteTime.dwHighDateTime=0x1d4cf07, nFileSizeHigh=0x0, nFileSizeLow=0x165cc, dwReserved0=0x0, dwReserved1=0x0, cFileName="9VuxeAuC.gif", cAlternateFileName="")) returned 1 [0091.714] FindNextFileW (in: hFindFile=0xfe65a0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf3710cd0, ftCreationTime.dwHighDateTime=0x1d4ccbb, ftLastAccessTime.dwLowDateTime=0xdc888070, ftLastAccessTime.dwHighDateTime=0x1d4c84c, ftLastWriteTime.dwLowDateTime=0x7d901265, ftLastWriteTime.dwHighDateTime=0x1d57301, nFileSizeHigh=0x0, nFileSizeLow=0x3cf0, dwReserved0=0x0, dwReserved1=0x0, cFileName="aaEh1XjueF.png.shade8", cAlternateFileName="AAEH1X~1.SHA")) returned 1 [0091.714] FindNextFileW (in: hFindFile=0xfe65a0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x701b9e30, ftCreationTime.dwHighDateTime=0x1d4cece, ftLastAccessTime.dwLowDateTime=0xc0bf6d10, ftLastAccessTime.dwHighDateTime=0x1d4cc14, ftLastWriteTime.dwLowDateTime=0x7d973a03, ftLastWriteTime.dwHighDateTime=0x1d57301, nFileSizeHigh=0x0, nFileSizeLow=0x13680, dwReserved0=0x0, dwReserved1=0x0, cFileName="AcxbjLr4LDb.jpg.shade8", cAlternateFileName="ACXBJL~1.SHA")) returned 1 [0091.714] FindNextFileW (in: hFindFile=0xfe65a0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3bdc1760, ftCreationTime.dwHighDateTime=0x1d4d5ba, ftLastAccessTime.dwLowDateTime=0x64b0d8f0, ftLastAccessTime.dwHighDateTime=0x1d4ca21, ftLastWriteTime.dwLowDateTime=0x64b0d8f0, ftLastWriteTime.dwHighDateTime=0x1d4ca21, nFileSizeHigh=0x0, nFileSizeLow=0xc1b1, dwReserved0=0x0, dwReserved1=0x0, cFileName="aLZ8SjeBW.ots", cAlternateFileName="ALZ8SJ~1.OTS")) returned 1 [0091.714] FindNextFileW (in: hFindFile=0xfe65a0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd0064e80, ftCreationTime.dwHighDateTime=0x1d4d5b8, ftLastAccessTime.dwLowDateTime=0xce24b240, ftLastAccessTime.dwHighDateTime=0x1d4d3c0, ftLastWriteTime.dwLowDateTime=0x7d9e611b, ftLastWriteTime.dwHighDateTime=0x1d57301, nFileSizeHigh=0x0, nFileSizeLow=0xf740, dwReserved0=0x0, dwReserved1=0x0, cFileName="bnfqHdQMvbV9fl.odt.shade8", cAlternateFileName="BNFQHD~1.SHA")) returned 1 [0091.715] FindNextFileW (in: hFindFile=0xfe65a0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x24d56d00, ftCreationTime.dwHighDateTime=0x1d4c93a, ftLastAccessTime.dwLowDateTime=0x8c374430, ftLastAccessTime.dwHighDateTime=0x1d4ca9f, ftLastWriteTime.dwLowDateTime=0x8c374430, ftLastWriteTime.dwHighDateTime=0x1d4ca9f, nFileSizeHigh=0x0, nFileSizeLow=0x10a9, dwReserved0=0x0, dwReserved1=0x0, cFileName="CL5bvtjh3F v7q6k.flv", cAlternateFileName="CL5BVT~1.FLV")) returned 1 [0091.715] FindNextFileW (in: hFindFile=0xfe65a0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd4688720, ftCreationTime.dwHighDateTime=0x1d4caf7, ftLastAccessTime.dwLowDateTime=0x680b6ba0, ftLastAccessTime.dwHighDateTime=0x1d4d453, ftLastWriteTime.dwLowDateTime=0x7db637a6, ftLastWriteTime.dwHighDateTime=0x1d57301, nFileSizeHigh=0x0, nFileSizeLow=0x9000, dwReserved0=0x0, dwReserved1=0x0, cFileName="cnPcqpR6mYKwWbfY5xX.bmp.shade8", cAlternateFileName="CNPCQP~1.SHA")) returned 1 [0091.715] FindNextFileW (in: hFindFile=0xfe65a0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x440792d0, ftCreationTime.dwHighDateTime=0x1d32722, ftLastAccessTime.dwLowDateTime=0x440792d0, ftLastAccessTime.dwHighDateTime=0x1d32722, ftLastWriteTime.dwLowDateTime=0xce389e99, ftLastWriteTime.dwHighDateTime=0x1d32743, nFileSizeHigh=0x0, nFileSizeLow=0x11a, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0091.715] FindNextFileW (in: hFindFile=0xfe65a0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2e07d450, ftCreationTime.dwHighDateTime=0x1d4d19e, ftLastAccessTime.dwLowDateTime=0xdd4114a0, ftLastAccessTime.dwHighDateTime=0x1d4c6e4, ftLastWriteTime.dwLowDateTime=0x7dbb0ed1, ftLastWriteTime.dwHighDateTime=0x1d57301, nFileSizeHigh=0x0, nFileSizeLow=0x6320, dwReserved0=0x0, dwReserved1=0x0, cFileName="D_BOLwQrlF.jpg.shade8", cAlternateFileName="D_BOLW~1.SHA")) returned 1 [0091.715] FindNextFileW (in: hFindFile=0xfe65a0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8b405cd0, ftCreationTime.dwHighDateTime=0x1d4cb6a, ftLastAccessTime.dwLowDateTime=0xa93bbcf0, ftLastAccessTime.dwHighDateTime=0x1d4d0cb, ftLastWriteTime.dwLowDateTime=0xa93bbcf0, ftLastWriteTime.dwHighDateTime=0x1d4d0cb, nFileSizeHigh=0x0, nFileSizeLow=0x10175, dwReserved0=0x0, dwReserved1=0x0, cFileName="Eywiwg7gGH5NGq V.gif", cAlternateFileName="EYWIWG~1.GIF")) returned 1 [0091.715] FindNextFileW (in: hFindFile=0xfe65a0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x55853140, ftCreationTime.dwHighDateTime=0x1d4c6cb, ftLastAccessTime.dwLowDateTime=0x56e5b0b0, ftLastAccessTime.dwHighDateTime=0x1d4c5d0, ftLastWriteTime.dwLowDateTime=0x56e5b0b0, ftLastWriteTime.dwHighDateTime=0x1d4c5d0, nFileSizeHigh=0x0, nFileSizeLow=0x14ba3, dwReserved0=0x0, dwReserved1=0x0, cFileName="fMiJX.wav", cAlternateFileName="")) returned 1 [0091.716] FindNextFileW (in: hFindFile=0xfe65a0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x90634b40, ftCreationTime.dwHighDateTime=0x1d4c729, ftLastAccessTime.dwLowDateTime=0xb56e0de0, ftLastAccessTime.dwHighDateTime=0x1d4c804, ftLastWriteTime.dwLowDateTime=0xb56e0de0, ftLastWriteTime.dwHighDateTime=0x1d4c804, nFileSizeHigh=0x0, nFileSizeLow=0x16b8f, dwReserved0=0x0, dwReserved1=0x0, cFileName="hgKQ-JLkIVj.flv", cAlternateFileName="HGKQ-J~1.FLV")) returned 1 [0091.716] FindNextFileW (in: hFindFile=0xfe65a0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb85c5440, ftCreationTime.dwHighDateTime=0x1d4d5e6, ftLastAccessTime.dwLowDateTime=0xda470850, ftLastAccessTime.dwHighDateTime=0x1d4d0c5, ftLastWriteTime.dwLowDateTime=0xda470850, ftLastWriteTime.dwHighDateTime=0x1d4d0c5, nFileSizeHigh=0x0, nFileSizeLow=0x189a6, dwReserved0=0x0, dwReserved1=0x0, cFileName="HPHwP47hxepAcykl.m4a", cAlternateFileName="HPHWP4~1.M4A")) returned 1 [0091.716] FindNextFileW (in: hFindFile=0xfe65a0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x18a8d830, ftCreationTime.dwHighDateTime=0x1d4d5c1, ftLastAccessTime.dwLowDateTime=0x106dad90, ftLastAccessTime.dwHighDateTime=0x1d4d14c, ftLastWriteTime.dwLowDateTime=0x7dbfc229, ftLastWriteTime.dwHighDateTime=0x1d57301, nFileSizeHigh=0x0, nFileSizeLow=0x189d0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Hvq8LtKn_XVWH2w m.mp3.shade8", cAlternateFileName="HVQ8LT~1.SHA")) returned 1 [0091.716] FindNextFileW (in: hFindFile=0xfe65a0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf530d470, ftCreationTime.dwHighDateTime=0x1d4cb2a, ftLastAccessTime.dwLowDateTime=0x32b9aaa0, ftLastAccessTime.dwHighDateTime=0x1d4d2b1, ftLastWriteTime.dwLowDateTime=0x7dc6e85e, ftLastWriteTime.dwHighDateTime=0x1d57301, nFileSizeHigh=0x0, nFileSizeLow=0x6b30, dwReserved0=0x0, dwReserved1=0x0, cFileName="johsiurt.avi.shade8", cAlternateFileName="JOHSIU~1.SHA")) returned 1 [0091.716] FindNextFileW (in: hFindFile=0xfe65a0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe3cf20f0, ftCreationTime.dwHighDateTime=0x1d4cb58, ftLastAccessTime.dwLowDateTime=0x70370fc0, ftLastAccessTime.dwHighDateTime=0x1d4c8cb, ftLastWriteTime.dwLowDateTime=0x7dc94aff, ftLastWriteTime.dwHighDateTime=0x1d57301, nFileSizeHigh=0x0, nFileSizeLow=0x1af0, dwReserved0=0x0, dwReserved1=0x0, cFileName="nsv C_SWnxDSit.avi.shade8", cAlternateFileName="NSVC_S~1.SHA")) returned 1 [0091.716] FindNextFileW (in: hFindFile=0xfe65a0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4074cc0, ftCreationTime.dwHighDateTime=0x1d4d29e, ftLastAccessTime.dwLowDateTime=0xf0dc80c0, ftLastAccessTime.dwHighDateTime=0x1d4c901, ftLastWriteTime.dwLowDateTime=0x7de3800f, ftLastWriteTime.dwHighDateTime=0x1d57301, nFileSizeHigh=0x0, nFileSizeLow=0x10280, dwReserved0=0x0, dwReserved1=0x0, cFileName="NYqfMfCSQ6IrgqU.xls.shade8", cAlternateFileName="NYQFMF~1.SHA")) returned 1 [0091.717] FindNextFileW (in: hFindFile=0xfe65a0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf9011c90, ftCreationTime.dwHighDateTime=0x1d4cf2b, ftLastAccessTime.dwLowDateTime=0x562ed9e0, ftLastAccessTime.dwHighDateTime=0x1d4d420, ftLastWriteTime.dwLowDateTime=0x7deae63f, ftLastWriteTime.dwHighDateTime=0x1d57301, nFileSizeHigh=0x0, nFileSizeLow=0xe5b0, dwReserved0=0x0, dwReserved1=0x0, cFileName="oYnk87aLwYtycgmkN.csv.shade8", cAlternateFileName="OYNK87~1.SHA")) returned 1 [0091.717] FindNextFileW (in: hFindFile=0xfe65a0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x446809a0, ftCreationTime.dwHighDateTime=0x1d4d035, ftLastAccessTime.dwLowDateTime=0x9c90bf50, ftLastAccessTime.dwHighDateTime=0x1d4cdba, ftLastWriteTime.dwLowDateTime=0x9c90bf50, ftLastWriteTime.dwHighDateTime=0x1d4cdba, nFileSizeHigh=0x0, nFileSizeLow=0xc090, dwReserved0=0x0, dwReserved1=0x0, cFileName="pXpjuP 7 T_.gif", cAlternateFileName="PXPJUP~1.GIF")) returned 1 [0091.717] FindNextFileW (in: hFindFile=0xfe65a0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfb937050, ftCreationTime.dwHighDateTime=0x1d4ca82, ftLastAccessTime.dwLowDateTime=0xfc617b40, ftLastAccessTime.dwHighDateTime=0x1d4d1c0, ftLastWriteTime.dwLowDateTime=0x7dee20ac, ftLastWriteTime.dwHighDateTime=0x1d57301, nFileSizeHigh=0x0, nFileSizeLow=0xad80, dwReserved0=0x0, dwReserved1=0x0, cFileName="QP2lx_xY.mp3.shade8", cAlternateFileName="QP2LX_~1.SHA")) returned 1 [0091.717] FindNextFileW (in: hFindFile=0xfe65a0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xbc550480, ftCreationTime.dwHighDateTime=0x1d4d5cc, ftLastAccessTime.dwLowDateTime=0x6d8ae410, ftLastAccessTime.dwHighDateTime=0x1d4d035, ftLastWriteTime.dwLowDateTime=0x7df54758, ftLastWriteTime.dwHighDateTime=0x1d57301, nFileSizeHigh=0x0, nFileSizeLow=0xfb80, dwReserved0=0x0, dwReserved1=0x0, cFileName="S haJTF1lXspyoz7qPK.mkv.shade8", cAlternateFileName="SHAJTF~1.SHA")) returned 1 [0091.717] FindNextFileW (in: hFindFile=0xfe65a0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdc12f910, ftCreationTime.dwHighDateTime=0x1d4d583, ftLastAccessTime.dwLowDateTime=0x1f3eda90, ftLastAccessTime.dwHighDateTime=0x1d4c8ac, ftLastWriteTime.dwLowDateTime=0x1f3eda90, ftLastWriteTime.dwHighDateTime=0x1d4c8ac, nFileSizeHigh=0x0, nFileSizeLow=0x11174, dwReserved0=0x0, dwReserved1=0x0, cFileName="sFcFU74qF9pyfWW2.swf", cAlternateFileName="SFCFU7~1.SWF")) returned 1 [0091.718] FindNextFileW (in: hFindFile=0xfe65a0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8641afa0, ftCreationTime.dwHighDateTime=0x1d4c952, ftLastAccessTime.dwLowDateTime=0x42a7ab10, ftLastAccessTime.dwHighDateTime=0x1d4cb4a, ftLastWriteTime.dwLowDateTime=0x7e05f82e, ftLastWriteTime.dwHighDateTime=0x1d57301, nFileSizeHigh=0x0, nFileSizeLow=0x78c0, dwReserved0=0x0, dwReserved1=0x0, cFileName="TvcyfsELusy6tf19.pdf.shade8", cAlternateFileName="TVCYFS~1.SHA")) returned 1 [0091.718] FindNextFileW (in: hFindFile=0xfe65a0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x59134fe0, ftCreationTime.dwHighDateTime=0x1d4cc43, ftLastAccessTime.dwLowDateTime=0x7ebd8c27, ftLastAccessTime.dwHighDateTime=0x1d57301, ftLastWriteTime.dwLowDateTime=0x7ebd8c27, ftLastWriteTime.dwHighDateTime=0x1d57301, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="vce 2GsJTpiqc3s3", cAlternateFileName="VCE2GS~1")) returned 1 [0091.718] FindNextFileW (in: hFindFile=0xfe65a0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe529f430, ftCreationTime.dwHighDateTime=0x1d4d2e6, ftLastAccessTime.dwLowDateTime=0xdb9c8de0, ftLastAccessTime.dwHighDateTime=0x1d4cf5f, ftLastWriteTime.dwLowDateTime=0x7e11e361, ftLastWriteTime.dwHighDateTime=0x1d57301, nFileSizeHigh=0x0, nFileSizeLow=0xb9d0, dwReserved0=0x0, dwReserved1=0x0, cFileName="XIbP.mkv.shade8", cAlternateFileName="XIBPMK~1.SHA")) returned 1 [0091.718] FindNextFileW (in: hFindFile=0xfe65a0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x316a6240, ftCreationTime.dwHighDateTime=0x1d4d188, ftLastAccessTime.dwLowDateTime=0xc10d3ec0, ftLastAccessTime.dwHighDateTime=0x1d4ce60, ftLastWriteTime.dwLowDateTime=0xc10d3ec0, ftLastWriteTime.dwHighDateTime=0x1d4ce60, nFileSizeHigh=0x0, nFileSizeLow=0x874e, dwReserved0=0x0, dwReserved1=0x0, cFileName="ZLjW0uKgw4lGL.flv", cAlternateFileName="ZLJW0U~1.FLV")) returned 1 [0091.718] FindNextFileW (in: hFindFile=0xfe65a0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8b1e11d0, ftCreationTime.dwHighDateTime=0x1d4c7c7, ftLastAccessTime.dwLowDateTime=0x2de83620, ftLastAccessTime.dwHighDateTime=0x1d4d295, ftLastWriteTime.dwLowDateTime=0x7e1b6ce2, ftLastWriteTime.dwHighDateTime=0x1d57301, nFileSizeHigh=0x0, nFileSizeLow=0x6800, dwReserved0=0x0, dwReserved1=0x0, cFileName="_kjl.jpg.shade8", cAlternateFileName="_KJLJP~1.SHA")) returned 1 [0091.718] FindNextFileW (in: hFindFile=0xfe65a0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0091.719] FindClose (in: hFindFile=0xfe65a0 | out: hFindFile=0xfe65a0) returned 1 [0091.719] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfec74) returned 1 [0091.719] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfec80) returned 1 [0091.719] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfecb8) returned 1 [0091.719] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop", nBufferLength=0x105, lpBuffer=0xcfe76c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop", lpFilePart=0x0) returned 0x17 [0091.719] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\*", lpFindFileData=0xcfe9e0 | out: lpFindFileData=0xcfe9e0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x3476bd48, ftCreationTime.dwHighDateTime=0x1d32722, ftLastAccessTime.dwLowDateTime=0x7e1b6ce2, ftLastAccessTime.dwHighDateTime=0x1d57301, ftLastWriteTime.dwLowDateTime=0x7e1b6ce2, ftLastWriteTime.dwHighDateTime=0x1d57301, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xfe65a0 [0091.719] FindNextFileW (in: hFindFile=0xfe65a0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x3476bd48, ftCreationTime.dwHighDateTime=0x1d32722, ftLastAccessTime.dwLowDateTime=0x7e1b6ce2, ftLastAccessTime.dwHighDateTime=0x1d57301, ftLastWriteTime.dwLowDateTime=0x7e1b6ce2, ftLastWriteTime.dwHighDateTime=0x1d57301, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0091.720] FindNextFileW (in: hFindFile=0xfe65a0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf6df6c00, ftCreationTime.dwHighDateTime=0x1d4c8ff, ftLastAccessTime.dwLowDateTime=0x7f8f4ef0, ftLastAccessTime.dwHighDateTime=0x1d4d4e3, ftLastWriteTime.dwLowDateTime=0x7f8f4ef0, ftLastWriteTime.dwHighDateTime=0x1d4d4e3, nFileSizeHigh=0x0, nFileSizeLow=0x15f99, dwReserved0=0x0, dwReserved1=0x0, cFileName="1uiG9tEKao-CdI8b.flv", cAlternateFileName="1UIG9T~1.FLV")) returned 1 [0091.720] FindNextFileW (in: hFindFile=0xfe65a0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xaea41d50, ftCreationTime.dwHighDateTime=0x1d4c8af, ftLastAccessTime.dwLowDateTime=0x9c88a120, ftLastAccessTime.dwHighDateTime=0x1d4d16c, ftLastWriteTime.dwLowDateTime=0x9c88a120, ftLastWriteTime.dwHighDateTime=0x1d4d16c, nFileSizeHigh=0x0, nFileSizeLow=0x13e2a, dwReserved0=0x0, dwReserved1=0x0, cFileName="42TxdJ1y5Teq5CEIz.wav", cAlternateFileName="42TXDJ~1.WAV")) returned 1 [0091.720] FindNextFileW (in: hFindFile=0xfe65a0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x46f63600, ftCreationTime.dwHighDateTime=0x1d57301, ftLastAccessTime.dwLowDateTime=0x46f63600, ftLastAccessTime.dwHighDateTime=0x1d57301, ftLastWriteTime.dwLowDateTime=0x7d593c68, ftLastWriteTime.dwHighDateTime=0x1d57301, nFileSizeHigh=0x0, nFileSizeLow=0x11aa20, dwReserved0=0x0, dwReserved1=0x0, cFileName="454364vodafone-e-fatura.exe.shade8", cAlternateFileName="454364~1.SHA")) returned 1 [0091.720] FindNextFileW (in: hFindFile=0xfe65a0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3ccc4e30, ftCreationTime.dwHighDateTime=0x1d4d4d2, ftLastAccessTime.dwLowDateTime=0x65da9560, ftLastAccessTime.dwHighDateTime=0x1d4cfd3, ftLastWriteTime.dwLowDateTime=0x7d679578, ftLastWriteTime.dwHighDateTime=0x1d57301, nFileSizeHigh=0x0, nFileSizeLow=0x85e0, dwReserved0=0x0, dwReserved1=0x0, cFileName="7cYIG7R_Bg.csv.shade8", cAlternateFileName="7CYIG7~1.SHA")) returned 1 [0091.720] FindNextFileW (in: hFindFile=0xfe65a0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa2fbd9f0, ftCreationTime.dwHighDateTime=0x1d4cf73, ftLastAccessTime.dwLowDateTime=0x37106840, ftLastAccessTime.dwHighDateTime=0x1d4cc27, ftLastWriteTime.dwLowDateTime=0x7d7f6224, ftLastWriteTime.dwHighDateTime=0x1d57301, nFileSizeHigh=0x0, nFileSizeLow=0xaee0, dwReserved0=0x0, dwReserved1=0x0, cFileName="7ZIEneEWitQXloMb.mkv.shade8", cAlternateFileName="7ZIENE~1.SHA")) returned 1 [0091.721] FindNextFileW (in: hFindFile=0xfe65a0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x471cf3a0, ftCreationTime.dwHighDateTime=0x1d4d2aa, ftLastAccessTime.dwLowDateTime=0x71be5080, ftLastAccessTime.dwHighDateTime=0x1d4c761, ftLastWriteTime.dwLowDateTime=0x71be5080, ftLastWriteTime.dwHighDateTime=0x1d4c761, nFileSizeHigh=0x0, nFileSizeLow=0xa815, dwReserved0=0x0, dwReserved1=0x0, cFileName="9i094uEf.m4a", cAlternateFileName="")) returned 1 [0091.721] FindNextFileW (in: hFindFile=0xfe65a0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3495ef90, ftCreationTime.dwHighDateTime=0x1d4cede, ftLastAccessTime.dwLowDateTime=0xbd1b9850, ftLastAccessTime.dwHighDateTime=0x1d4cf07, ftLastWriteTime.dwLowDateTime=0xbd1b9850, ftLastWriteTime.dwHighDateTime=0x1d4cf07, nFileSizeHigh=0x0, nFileSizeLow=0x165cc, dwReserved0=0x0, dwReserved1=0x0, cFileName="9VuxeAuC.gif", cAlternateFileName="")) returned 1 [0091.721] FindNextFileW (in: hFindFile=0xfe65a0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf3710cd0, ftCreationTime.dwHighDateTime=0x1d4ccbb, ftLastAccessTime.dwLowDateTime=0xdc888070, ftLastAccessTime.dwHighDateTime=0x1d4c84c, ftLastWriteTime.dwLowDateTime=0x7d901265, ftLastWriteTime.dwHighDateTime=0x1d57301, nFileSizeHigh=0x0, nFileSizeLow=0x3cf0, dwReserved0=0x0, dwReserved1=0x0, cFileName="aaEh1XjueF.png.shade8", cAlternateFileName="AAEH1X~1.SHA")) returned 1 [0091.721] FindNextFileW (in: hFindFile=0xfe65a0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x701b9e30, ftCreationTime.dwHighDateTime=0x1d4cece, ftLastAccessTime.dwLowDateTime=0xc0bf6d10, ftLastAccessTime.dwHighDateTime=0x1d4cc14, ftLastWriteTime.dwLowDateTime=0x7d973a03, ftLastWriteTime.dwHighDateTime=0x1d57301, nFileSizeHigh=0x0, nFileSizeLow=0x13680, dwReserved0=0x0, dwReserved1=0x0, cFileName="AcxbjLr4LDb.jpg.shade8", cAlternateFileName="ACXBJL~1.SHA")) returned 1 [0091.721] FindNextFileW (in: hFindFile=0xfe65a0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3bdc1760, ftCreationTime.dwHighDateTime=0x1d4d5ba, ftLastAccessTime.dwLowDateTime=0x64b0d8f0, ftLastAccessTime.dwHighDateTime=0x1d4ca21, ftLastWriteTime.dwLowDateTime=0x64b0d8f0, ftLastWriteTime.dwHighDateTime=0x1d4ca21, nFileSizeHigh=0x0, nFileSizeLow=0xc1b1, dwReserved0=0x0, dwReserved1=0x0, cFileName="aLZ8SjeBW.ots", cAlternateFileName="ALZ8SJ~1.OTS")) returned 1 [0091.722] FindNextFileW (in: hFindFile=0xfe65a0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd0064e80, ftCreationTime.dwHighDateTime=0x1d4d5b8, ftLastAccessTime.dwLowDateTime=0xce24b240, ftLastAccessTime.dwHighDateTime=0x1d4d3c0, ftLastWriteTime.dwLowDateTime=0x7d9e611b, ftLastWriteTime.dwHighDateTime=0x1d57301, nFileSizeHigh=0x0, nFileSizeLow=0xf740, dwReserved0=0x0, dwReserved1=0x0, cFileName="bnfqHdQMvbV9fl.odt.shade8", cAlternateFileName="BNFQHD~1.SHA")) returned 1 [0091.722] FindNextFileW (in: hFindFile=0xfe65a0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x24d56d00, ftCreationTime.dwHighDateTime=0x1d4c93a, ftLastAccessTime.dwLowDateTime=0x8c374430, ftLastAccessTime.dwHighDateTime=0x1d4ca9f, ftLastWriteTime.dwLowDateTime=0x8c374430, ftLastWriteTime.dwHighDateTime=0x1d4ca9f, nFileSizeHigh=0x0, nFileSizeLow=0x10a9, dwReserved0=0x0, dwReserved1=0x0, cFileName="CL5bvtjh3F v7q6k.flv", cAlternateFileName="CL5BVT~1.FLV")) returned 1 [0091.722] FindNextFileW (in: hFindFile=0xfe65a0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd4688720, ftCreationTime.dwHighDateTime=0x1d4caf7, ftLastAccessTime.dwLowDateTime=0x680b6ba0, ftLastAccessTime.dwHighDateTime=0x1d4d453, ftLastWriteTime.dwLowDateTime=0x7db637a6, ftLastWriteTime.dwHighDateTime=0x1d57301, nFileSizeHigh=0x0, nFileSizeLow=0x9000, dwReserved0=0x0, dwReserved1=0x0, cFileName="cnPcqpR6mYKwWbfY5xX.bmp.shade8", cAlternateFileName="CNPCQP~1.SHA")) returned 1 [0091.722] FindNextFileW (in: hFindFile=0xfe65a0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x440792d0, ftCreationTime.dwHighDateTime=0x1d32722, ftLastAccessTime.dwLowDateTime=0x440792d0, ftLastAccessTime.dwHighDateTime=0x1d32722, ftLastWriteTime.dwLowDateTime=0xce389e99, ftLastWriteTime.dwHighDateTime=0x1d32743, nFileSizeHigh=0x0, nFileSizeLow=0x11a, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0091.723] FindNextFileW (in: hFindFile=0xfe65a0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2e07d450, ftCreationTime.dwHighDateTime=0x1d4d19e, ftLastAccessTime.dwLowDateTime=0xdd4114a0, ftLastAccessTime.dwHighDateTime=0x1d4c6e4, ftLastWriteTime.dwLowDateTime=0x7dbb0ed1, ftLastWriteTime.dwHighDateTime=0x1d57301, nFileSizeHigh=0x0, nFileSizeLow=0x6320, dwReserved0=0x0, dwReserved1=0x0, cFileName="D_BOLwQrlF.jpg.shade8", cAlternateFileName="D_BOLW~1.SHA")) returned 1 [0091.723] FindNextFileW (in: hFindFile=0xfe65a0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8b405cd0, ftCreationTime.dwHighDateTime=0x1d4cb6a, ftLastAccessTime.dwLowDateTime=0xa93bbcf0, ftLastAccessTime.dwHighDateTime=0x1d4d0cb, ftLastWriteTime.dwLowDateTime=0xa93bbcf0, ftLastWriteTime.dwHighDateTime=0x1d4d0cb, nFileSizeHigh=0x0, nFileSizeLow=0x10175, dwReserved0=0x0, dwReserved1=0x0, cFileName="Eywiwg7gGH5NGq V.gif", cAlternateFileName="EYWIWG~1.GIF")) returned 1 [0091.723] FindNextFileW (in: hFindFile=0xfe65a0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x55853140, ftCreationTime.dwHighDateTime=0x1d4c6cb, ftLastAccessTime.dwLowDateTime=0x56e5b0b0, ftLastAccessTime.dwHighDateTime=0x1d4c5d0, ftLastWriteTime.dwLowDateTime=0x56e5b0b0, ftLastWriteTime.dwHighDateTime=0x1d4c5d0, nFileSizeHigh=0x0, nFileSizeLow=0x14ba3, dwReserved0=0x0, dwReserved1=0x0, cFileName="fMiJX.wav", cAlternateFileName="")) returned 1 [0091.723] FindNextFileW (in: hFindFile=0xfe65a0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x90634b40, ftCreationTime.dwHighDateTime=0x1d4c729, ftLastAccessTime.dwLowDateTime=0xb56e0de0, ftLastAccessTime.dwHighDateTime=0x1d4c804, ftLastWriteTime.dwLowDateTime=0xb56e0de0, ftLastWriteTime.dwHighDateTime=0x1d4c804, nFileSizeHigh=0x0, nFileSizeLow=0x16b8f, dwReserved0=0x0, dwReserved1=0x0, cFileName="hgKQ-JLkIVj.flv", cAlternateFileName="HGKQ-J~1.FLV")) returned 1 [0091.724] FindNextFileW (in: hFindFile=0xfe65a0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb85c5440, ftCreationTime.dwHighDateTime=0x1d4d5e6, ftLastAccessTime.dwLowDateTime=0xda470850, ftLastAccessTime.dwHighDateTime=0x1d4d0c5, ftLastWriteTime.dwLowDateTime=0xda470850, ftLastWriteTime.dwHighDateTime=0x1d4d0c5, nFileSizeHigh=0x0, nFileSizeLow=0x189a6, dwReserved0=0x0, dwReserved1=0x0, cFileName="HPHwP47hxepAcykl.m4a", cAlternateFileName="HPHWP4~1.M4A")) returned 1 [0091.724] FindNextFileW (in: hFindFile=0xfe65a0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x18a8d830, ftCreationTime.dwHighDateTime=0x1d4d5c1, ftLastAccessTime.dwLowDateTime=0x106dad90, ftLastAccessTime.dwHighDateTime=0x1d4d14c, ftLastWriteTime.dwLowDateTime=0x7dbfc229, ftLastWriteTime.dwHighDateTime=0x1d57301, nFileSizeHigh=0x0, nFileSizeLow=0x189d0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Hvq8LtKn_XVWH2w m.mp3.shade8", cAlternateFileName="HVQ8LT~1.SHA")) returned 1 [0091.725] FindNextFileW (in: hFindFile=0xfe65a0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf530d470, ftCreationTime.dwHighDateTime=0x1d4cb2a, ftLastAccessTime.dwLowDateTime=0x32b9aaa0, ftLastAccessTime.dwHighDateTime=0x1d4d2b1, ftLastWriteTime.dwLowDateTime=0x7dc6e85e, ftLastWriteTime.dwHighDateTime=0x1d57301, nFileSizeHigh=0x0, nFileSizeLow=0x6b30, dwReserved0=0x0, dwReserved1=0x0, cFileName="johsiurt.avi.shade8", cAlternateFileName="JOHSIU~1.SHA")) returned 1 [0091.725] FindNextFileW (in: hFindFile=0xfe65a0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe3cf20f0, ftCreationTime.dwHighDateTime=0x1d4cb58, ftLastAccessTime.dwLowDateTime=0x70370fc0, ftLastAccessTime.dwHighDateTime=0x1d4c8cb, ftLastWriteTime.dwLowDateTime=0x7dc94aff, ftLastWriteTime.dwHighDateTime=0x1d57301, nFileSizeHigh=0x0, nFileSizeLow=0x1af0, dwReserved0=0x0, dwReserved1=0x0, cFileName="nsv C_SWnxDSit.avi.shade8", cAlternateFileName="NSVC_S~1.SHA")) returned 1 [0091.725] FindNextFileW (in: hFindFile=0xfe65a0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4074cc0, ftCreationTime.dwHighDateTime=0x1d4d29e, ftLastAccessTime.dwLowDateTime=0xf0dc80c0, ftLastAccessTime.dwHighDateTime=0x1d4c901, ftLastWriteTime.dwLowDateTime=0x7de3800f, ftLastWriteTime.dwHighDateTime=0x1d57301, nFileSizeHigh=0x0, nFileSizeLow=0x10280, dwReserved0=0x0, dwReserved1=0x0, cFileName="NYqfMfCSQ6IrgqU.xls.shade8", cAlternateFileName="NYQFMF~1.SHA")) returned 1 [0091.725] FindNextFileW (in: hFindFile=0xfe65a0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf9011c90, ftCreationTime.dwHighDateTime=0x1d4cf2b, ftLastAccessTime.dwLowDateTime=0x562ed9e0, ftLastAccessTime.dwHighDateTime=0x1d4d420, ftLastWriteTime.dwLowDateTime=0x7deae63f, ftLastWriteTime.dwHighDateTime=0x1d57301, nFileSizeHigh=0x0, nFileSizeLow=0xe5b0, dwReserved0=0x0, dwReserved1=0x0, cFileName="oYnk87aLwYtycgmkN.csv.shade8", cAlternateFileName="OYNK87~1.SHA")) returned 1 [0091.725] FindNextFileW (in: hFindFile=0xfe65a0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x446809a0, ftCreationTime.dwHighDateTime=0x1d4d035, ftLastAccessTime.dwLowDateTime=0x9c90bf50, ftLastAccessTime.dwHighDateTime=0x1d4cdba, ftLastWriteTime.dwLowDateTime=0x9c90bf50, ftLastWriteTime.dwHighDateTime=0x1d4cdba, nFileSizeHigh=0x0, nFileSizeLow=0xc090, dwReserved0=0x0, dwReserved1=0x0, cFileName="pXpjuP 7 T_.gif", cAlternateFileName="PXPJUP~1.GIF")) returned 1 [0091.726] FindNextFileW (in: hFindFile=0xfe65a0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfb937050, ftCreationTime.dwHighDateTime=0x1d4ca82, ftLastAccessTime.dwLowDateTime=0xfc617b40, ftLastAccessTime.dwHighDateTime=0x1d4d1c0, ftLastWriteTime.dwLowDateTime=0x7dee20ac, ftLastWriteTime.dwHighDateTime=0x1d57301, nFileSizeHigh=0x0, nFileSizeLow=0xad80, dwReserved0=0x0, dwReserved1=0x0, cFileName="QP2lx_xY.mp3.shade8", cAlternateFileName="QP2LX_~1.SHA")) returned 1 [0091.726] FindNextFileW (in: hFindFile=0xfe65a0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xbc550480, ftCreationTime.dwHighDateTime=0x1d4d5cc, ftLastAccessTime.dwLowDateTime=0x6d8ae410, ftLastAccessTime.dwHighDateTime=0x1d4d035, ftLastWriteTime.dwLowDateTime=0x7df54758, ftLastWriteTime.dwHighDateTime=0x1d57301, nFileSizeHigh=0x0, nFileSizeLow=0xfb80, dwReserved0=0x0, dwReserved1=0x0, cFileName="S haJTF1lXspyoz7qPK.mkv.shade8", cAlternateFileName="SHAJTF~1.SHA")) returned 1 [0091.726] FindNextFileW (in: hFindFile=0xfe65a0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdc12f910, ftCreationTime.dwHighDateTime=0x1d4d583, ftLastAccessTime.dwLowDateTime=0x1f3eda90, ftLastAccessTime.dwHighDateTime=0x1d4c8ac, ftLastWriteTime.dwLowDateTime=0x1f3eda90, ftLastWriteTime.dwHighDateTime=0x1d4c8ac, nFileSizeHigh=0x0, nFileSizeLow=0x11174, dwReserved0=0x0, dwReserved1=0x0, cFileName="sFcFU74qF9pyfWW2.swf", cAlternateFileName="SFCFU7~1.SWF")) returned 1 [0091.726] FindNextFileW (in: hFindFile=0xfe65a0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8641afa0, ftCreationTime.dwHighDateTime=0x1d4c952, ftLastAccessTime.dwLowDateTime=0x42a7ab10, ftLastAccessTime.dwHighDateTime=0x1d4cb4a, ftLastWriteTime.dwLowDateTime=0x7e05f82e, ftLastWriteTime.dwHighDateTime=0x1d57301, nFileSizeHigh=0x0, nFileSizeLow=0x78c0, dwReserved0=0x0, dwReserved1=0x0, cFileName="TvcyfsELusy6tf19.pdf.shade8", cAlternateFileName="TVCYFS~1.SHA")) returned 1 [0091.726] FindNextFileW (in: hFindFile=0xfe65a0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x59134fe0, ftCreationTime.dwHighDateTime=0x1d4cc43, ftLastAccessTime.dwLowDateTime=0x7ebd8c27, ftLastAccessTime.dwHighDateTime=0x1d57301, ftLastWriteTime.dwLowDateTime=0x7ebd8c27, ftLastWriteTime.dwHighDateTime=0x1d57301, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="vce 2GsJTpiqc3s3", cAlternateFileName="VCE2GS~1")) returned 1 [0091.726] FindNextFileW (in: hFindFile=0xfe65a0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe529f430, ftCreationTime.dwHighDateTime=0x1d4d2e6, ftLastAccessTime.dwLowDateTime=0xdb9c8de0, ftLastAccessTime.dwHighDateTime=0x1d4cf5f, ftLastWriteTime.dwLowDateTime=0x7e11e361, ftLastWriteTime.dwHighDateTime=0x1d57301, nFileSizeHigh=0x0, nFileSizeLow=0xb9d0, dwReserved0=0x0, dwReserved1=0x0, cFileName="XIbP.mkv.shade8", cAlternateFileName="XIBPMK~1.SHA")) returned 1 [0091.727] FindNextFileW (in: hFindFile=0xfe65a0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x316a6240, ftCreationTime.dwHighDateTime=0x1d4d188, ftLastAccessTime.dwLowDateTime=0xc10d3ec0, ftLastAccessTime.dwHighDateTime=0x1d4ce60, ftLastWriteTime.dwLowDateTime=0xc10d3ec0, ftLastWriteTime.dwHighDateTime=0x1d4ce60, nFileSizeHigh=0x0, nFileSizeLow=0x874e, dwReserved0=0x0, dwReserved1=0x0, cFileName="ZLjW0uKgw4lGL.flv", cAlternateFileName="ZLJW0U~1.FLV")) returned 1 [0091.727] FindNextFileW (in: hFindFile=0xfe65a0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8b1e11d0, ftCreationTime.dwHighDateTime=0x1d4c7c7, ftLastAccessTime.dwLowDateTime=0x2de83620, ftLastAccessTime.dwHighDateTime=0x1d4d295, ftLastWriteTime.dwLowDateTime=0x7e1b6ce2, ftLastWriteTime.dwHighDateTime=0x1d57301, nFileSizeHigh=0x0, nFileSizeLow=0x6800, dwReserved0=0x0, dwReserved1=0x0, cFileName="_kjl.jpg.shade8", cAlternateFileName="_KJLJP~1.SHA")) returned 1 [0091.727] FindNextFileW (in: hFindFile=0xfe65a0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8b1e11d0, ftCreationTime.dwHighDateTime=0x1d4c7c7, ftLastAccessTime.dwLowDateTime=0x2de83620, ftLastAccessTime.dwHighDateTime=0x1d4d295, ftLastWriteTime.dwLowDateTime=0x7e1b6ce2, ftLastWriteTime.dwHighDateTime=0x1d57301, nFileSizeHigh=0x0, nFileSizeLow=0x6800, dwReserved0=0x0, dwReserved1=0x0, cFileName="_kjl.jpg.shade8", cAlternateFileName="_KJLJP~1.SHA")) returned 0 [0091.727] FindClose (in: hFindFile=0xfe65a0 | out: hFindFile=0xfe65a0) returned 1 [0091.727] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfec74) returned 1 [0091.727] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfec80) returned 1 [0091.727] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfec44) returned 1 [0091.727] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\vce 2GsJTpiqc3s3", nBufferLength=0x105, lpBuffer=0xcfe6f8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\vce 2GsJTpiqc3s3", lpFilePart=0x0) returned 0x28 [0091.728] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\vce 2GsJTpiqc3s3\\*", lpFindFileData=0xcfe96c | out: lpFindFileData=0xcfe96c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x59134fe0, ftCreationTime.dwHighDateTime=0x1d4cc43, ftLastAccessTime.dwLowDateTime=0x7ebd8c27, ftLastAccessTime.dwHighDateTime=0x1d57301, ftLastWriteTime.dwLowDateTime=0x7ebd8c27, ftLastWriteTime.dwHighDateTime=0x1d57301, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xfe64e0 [0091.728] FindNextFileW (in: hFindFile=0xfe64e0, lpFindFileData=0xcfe978 | out: lpFindFileData=0xcfe978*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x59134fe0, ftCreationTime.dwHighDateTime=0x1d4cc43, ftLastAccessTime.dwLowDateTime=0x7ebd8c27, ftLastAccessTime.dwHighDateTime=0x1d57301, ftLastWriteTime.dwLowDateTime=0x7ebd8c27, ftLastWriteTime.dwHighDateTime=0x1d57301, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0091.728] FindNextFileW (in: hFindFile=0xfe64e0, lpFindFileData=0xcfe978 | out: lpFindFileData=0xcfe978*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe45bf0a0, ftCreationTime.dwHighDateTime=0x1d4c934, ftLastAccessTime.dwLowDateTime=0x867e75f0, ftLastAccessTime.dwHighDateTime=0x1d4cfb2, ftLastWriteTime.dwLowDateTime=0x7e2031f8, ftLastWriteTime.dwHighDateTime=0x1d57301, nFileSizeHigh=0x0, nFileSizeLow=0xbf40, dwReserved0=0x0, dwReserved1=0x0, cFileName="0KK9327_mBsbZ.mkv.shade8", cAlternateFileName="0KK932~1.SHA")) returned 1 [0091.728] FindNextFileW (in: hFindFile=0xfe64e0, lpFindFileData=0xcfe978 | out: lpFindFileData=0xcfe978*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd85fcf00, ftCreationTime.dwHighDateTime=0x1d4d2b8, ftLastAccessTime.dwLowDateTime=0x6d72d8b0, ftLastAccessTime.dwHighDateTime=0x1d4d59a, ftLastWriteTime.dwLowDateTime=0x7e2e7f1b, ftLastWriteTime.dwHighDateTime=0x1d57301, nFileSizeHigh=0x0, nFileSizeLow=0x2840, dwReserved0=0x0, dwReserved1=0x0, cFileName="1r1gMtsv0blVRJ.mkv.shade8", cAlternateFileName="1R1GMT~1.SHA")) returned 1 [0091.728] FindNextFileW (in: hFindFile=0xfe64e0, lpFindFileData=0xcfe978 | out: lpFindFileData=0xcfe978*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd98b020, ftCreationTime.dwHighDateTime=0x1d4c93f, ftLastAccessTime.dwLowDateTime=0xb58b30c0, ftLastAccessTime.dwHighDateTime=0x1d4d513, ftLastWriteTime.dwLowDateTime=0x7e33438f, ftLastWriteTime.dwHighDateTime=0x1d57301, nFileSizeHigh=0x0, nFileSizeLow=0xf750, dwReserved0=0x0, dwReserved1=0x0, cFileName="8NlrPY 2lz9e1LIBf04f.mp3.shade8", cAlternateFileName="8NLRPY~1.SHA")) returned 1 [0091.729] FindNextFileW (in: hFindFile=0xfe64e0, lpFindFileData=0xcfe978 | out: lpFindFileData=0xcfe978*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x102ea570, ftCreationTime.dwHighDateTime=0x1d4d2d0, ftLastAccessTime.dwLowDateTime=0xc1397700, ftLastAccessTime.dwHighDateTime=0x1d4cfa1, ftLastWriteTime.dwLowDateTime=0xc1397700, ftLastWriteTime.dwHighDateTime=0x1d4cfa1, nFileSizeHigh=0x0, nFileSizeLow=0x2121, dwReserved0=0x0, dwReserved1=0x0, cFileName="B-7fcvmTF rMY1g.ods", cAlternateFileName="B-7FCV~1.ODS")) returned 1 [0091.729] FindNextFileW (in: hFindFile=0xfe64e0, lpFindFileData=0xcfe978 | out: lpFindFileData=0xcfe978*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd1041700, ftCreationTime.dwHighDateTime=0x1d4ce87, ftLastAccessTime.dwLowDateTime=0x67def1d0, ftLastAccessTime.dwHighDateTime=0x1d4c6c8, ftLastWriteTime.dwLowDateTime=0x7e4d7dd7, ftLastWriteTime.dwHighDateTime=0x1d57301, nFileSizeHigh=0x0, nFileSizeLow=0x100e0, dwReserved0=0x0, dwReserved1=0x0, cFileName="bGG4.png.shade8", cAlternateFileName="BGG4PN~1.SHA")) returned 1 [0091.729] FindNextFileW (in: hFindFile=0xfe64e0, lpFindFileData=0xcfe978 | out: lpFindFileData=0xcfe978*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5fed2140, ftCreationTime.dwHighDateTime=0x1d4cc90, ftLastAccessTime.dwLowDateTime=0x41685be0, ftLastAccessTime.dwHighDateTime=0x1d4c7ea, ftLastWriteTime.dwLowDateTime=0x7e609010, ftLastWriteTime.dwHighDateTime=0x1d57301, nFileSizeHigh=0x0, nFileSizeLow=0x13560, dwReserved0=0x0, dwReserved1=0x0, cFileName="f uWn9d-fNEm8xF6.mkv.shade8", cAlternateFileName="FUWN9D~1.SHA")) returned 1 [0091.729] FindNextFileW (in: hFindFile=0xfe64e0, lpFindFileData=0xcfe978 | out: lpFindFileData=0xcfe978*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x37a06790, ftCreationTime.dwHighDateTime=0x1d4cdb9, ftLastAccessTime.dwLowDateTime=0x62e90530, ftLastAccessTime.dwHighDateTime=0x1d4cb69, ftLastWriteTime.dwLowDateTime=0x62e90530, ftLastWriteTime.dwHighDateTime=0x1d4cb69, nFileSizeHigh=0x0, nFileSizeLow=0x16c7c, dwReserved0=0x0, dwReserved1=0x0, cFileName="J34cZFnSlsenRizP.swf", cAlternateFileName="J34CZF~1.SWF")) returned 1 [0091.729] FindNextFileW (in: hFindFile=0xfe64e0, lpFindFileData=0xcfe978 | out: lpFindFileData=0xcfe978*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb2b61a60, ftCreationTime.dwHighDateTime=0x1d4cd55, ftLastAccessTime.dwLowDateTime=0x156a7190, ftLastAccessTime.dwHighDateTime=0x1d4d249, ftLastWriteTime.dwLowDateTime=0x7e760860, ftLastWriteTime.dwHighDateTime=0x1d57301, nFileSizeHigh=0x0, nFileSizeLow=0x171a0, dwReserved0=0x0, dwReserved1=0x0, cFileName="KniDwCaO21uYk4IPWV.csv.shade8", cAlternateFileName="KNIDWC~1.SHA")) returned 1 [0091.730] FindNextFileW (in: hFindFile=0xfe64e0, lpFindFileData=0xcfe978 | out: lpFindFileData=0xcfe978*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe1c3490, ftCreationTime.dwHighDateTime=0x1d4c9da, ftLastAccessTime.dwLowDateTime=0x75ffa680, ftLastAccessTime.dwHighDateTime=0x1d4ce6e, ftLastWriteTime.dwLowDateTime=0x75ffa680, ftLastWriteTime.dwHighDateTime=0x1d4ce6e, nFileSizeHigh=0x0, nFileSizeLow=0x6157, dwReserved0=0x0, dwReserved1=0x0, cFileName="kxBStavGoFqxZbfmF.m4a", cAlternateFileName="KXBSTA~1.M4A")) returned 1 [0091.730] FindNextFileW (in: hFindFile=0xfe64e0, lpFindFileData=0xcfe978 | out: lpFindFileData=0xcfe978*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6d3f7d30, ftCreationTime.dwHighDateTime=0x1d4cb95, ftLastAccessTime.dwLowDateTime=0xc79c5220, ftLastAccessTime.dwHighDateTime=0x1d4cba5, ftLastWriteTime.dwLowDateTime=0xc79c5220, ftLastWriteTime.dwHighDateTime=0x1d4cba5, nFileSizeHigh=0x0, nFileSizeLow=0x2549, dwReserved0=0x0, dwReserved1=0x0, cFileName="niLsZ6.flv", cAlternateFileName="")) returned 1 [0091.730] FindNextFileW (in: hFindFile=0xfe64e0, lpFindFileData=0xcfe978 | out: lpFindFileData=0xcfe978*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3bdab2d0, ftCreationTime.dwHighDateTime=0x1d4ce9e, ftLastAccessTime.dwLowDateTime=0xe3b96b30, ftLastAccessTime.dwHighDateTime=0x1d4ca49, ftLastWriteTime.dwLowDateTime=0x7e8b7b65, ftLastWriteTime.dwHighDateTime=0x1d57301, nFileSizeHigh=0x0, nFileSizeLow=0x15e40, dwReserved0=0x0, dwReserved1=0x0, cFileName="pUkJm_a4a0qy.pdf.shade8", cAlternateFileName="PUKJM_~1.SHA")) returned 1 [0091.730] FindNextFileW (in: hFindFile=0xfe64e0, lpFindFileData=0xcfe978 | out: lpFindFileData=0xcfe978*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd9ebb620, ftCreationTime.dwHighDateTime=0x1d4c7f7, ftLastAccessTime.dwLowDateTime=0xc56b240, ftLastAccessTime.dwHighDateTime=0x1d4c997, ftLastWriteTime.dwLowDateTime=0x7e8ddda4, ftLastWriteTime.dwHighDateTime=0x1d57301, nFileSizeHigh=0x0, nFileSizeLow=0xa970, dwReserved0=0x0, dwReserved1=0x0, cFileName="x4I7Fbqe-kLQzd1fUt-V.mkv.shade8", cAlternateFileName="X4I7FB~1.SHA")) returned 1 [0091.730] FindNextFileW (in: hFindFile=0xfe64e0, lpFindFileData=0xcfe978 | out: lpFindFileData=0xcfe978*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x75193a00, ftCreationTime.dwHighDateTime=0x1d4c8cf, ftLastAccessTime.dwLowDateTime=0x7a6f84e0, ftLastAccessTime.dwHighDateTime=0x1d4c588, ftLastWriteTime.dwLowDateTime=0x7eb6650c, ftLastWriteTime.dwHighDateTime=0x1d57301, nFileSizeHigh=0x0, nFileSizeLow=0x17680, dwReserved0=0x0, dwReserved1=0x0, cFileName="XYpIBn0x4VZkFFRvx.avi.shade8", cAlternateFileName="XYPIBN~1.SHA")) returned 1 [0091.730] FindNextFileW (in: hFindFile=0xfe64e0, lpFindFileData=0xcfe978 | out: lpFindFileData=0xcfe978*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x25712c60, ftCreationTime.dwHighDateTime=0x1d4ca2d, ftLastAccessTime.dwLowDateTime=0x785afb10, ftLastAccessTime.dwHighDateTime=0x1d4cdff, ftLastWriteTime.dwLowDateTime=0x785afb10, ftLastWriteTime.dwHighDateTime=0x1d4cdff, nFileSizeHigh=0x0, nFileSizeLow=0x935c, dwReserved0=0x0, dwReserved1=0x0, cFileName="YXcOXvN.wav", cAlternateFileName="")) returned 1 [0091.731] FindNextFileW (in: hFindFile=0xfe64e0, lpFindFileData=0xcfe978 | out: lpFindFileData=0xcfe978*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0091.731] FindClose (in: hFindFile=0xfe64e0 | out: hFindFile=0xfe64e0) returned 1 [0091.731] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfec00) returned 1 [0091.731] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfec0c) returned 1 [0091.731] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfec44) returned 1 [0091.731] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\vce 2GsJTpiqc3s3", nBufferLength=0x105, lpBuffer=0xcfe6f8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\vce 2GsJTpiqc3s3", lpFilePart=0x0) returned 0x28 [0091.731] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\vce 2GsJTpiqc3s3\\*", lpFindFileData=0xcfe96c | out: lpFindFileData=0xcfe96c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x59134fe0, ftCreationTime.dwHighDateTime=0x1d4cc43, ftLastAccessTime.dwLowDateTime=0x7ebd8c27, ftLastAccessTime.dwHighDateTime=0x1d57301, ftLastWriteTime.dwLowDateTime=0x7ebd8c27, ftLastWriteTime.dwHighDateTime=0x1d57301, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xfe6a60 [0091.731] FindNextFileW (in: hFindFile=0xfe6a60, lpFindFileData=0xcfe978 | out: lpFindFileData=0xcfe978*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x59134fe0, ftCreationTime.dwHighDateTime=0x1d4cc43, ftLastAccessTime.dwLowDateTime=0x7ebd8c27, ftLastAccessTime.dwHighDateTime=0x1d57301, ftLastWriteTime.dwLowDateTime=0x7ebd8c27, ftLastWriteTime.dwHighDateTime=0x1d57301, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0091.732] FindNextFileW (in: hFindFile=0xfe6a60, lpFindFileData=0xcfe978 | out: lpFindFileData=0xcfe978*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe45bf0a0, ftCreationTime.dwHighDateTime=0x1d4c934, ftLastAccessTime.dwLowDateTime=0x867e75f0, ftLastAccessTime.dwHighDateTime=0x1d4cfb2, ftLastWriteTime.dwLowDateTime=0x7e2031f8, ftLastWriteTime.dwHighDateTime=0x1d57301, nFileSizeHigh=0x0, nFileSizeLow=0xbf40, dwReserved0=0x0, dwReserved1=0x0, cFileName="0KK9327_mBsbZ.mkv.shade8", cAlternateFileName="0KK932~1.SHA")) returned 1 [0091.732] FindNextFileW (in: hFindFile=0xfe6a60, lpFindFileData=0xcfe978 | out: lpFindFileData=0xcfe978*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd85fcf00, ftCreationTime.dwHighDateTime=0x1d4d2b8, ftLastAccessTime.dwLowDateTime=0x6d72d8b0, ftLastAccessTime.dwHighDateTime=0x1d4d59a, ftLastWriteTime.dwLowDateTime=0x7e2e7f1b, ftLastWriteTime.dwHighDateTime=0x1d57301, nFileSizeHigh=0x0, nFileSizeLow=0x2840, dwReserved0=0x0, dwReserved1=0x0, cFileName="1r1gMtsv0blVRJ.mkv.shade8", cAlternateFileName="1R1GMT~1.SHA")) returned 1 [0091.732] FindNextFileW (in: hFindFile=0xfe6a60, lpFindFileData=0xcfe978 | out: lpFindFileData=0xcfe978*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd98b020, ftCreationTime.dwHighDateTime=0x1d4c93f, ftLastAccessTime.dwLowDateTime=0xb58b30c0, ftLastAccessTime.dwHighDateTime=0x1d4d513, ftLastWriteTime.dwLowDateTime=0x7e33438f, ftLastWriteTime.dwHighDateTime=0x1d57301, nFileSizeHigh=0x0, nFileSizeLow=0xf750, dwReserved0=0x0, dwReserved1=0x0, cFileName="8NlrPY 2lz9e1LIBf04f.mp3.shade8", cAlternateFileName="8NLRPY~1.SHA")) returned 1 [0091.732] FindNextFileW (in: hFindFile=0xfe6a60, lpFindFileData=0xcfe978 | out: lpFindFileData=0xcfe978*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x102ea570, ftCreationTime.dwHighDateTime=0x1d4d2d0, ftLastAccessTime.dwLowDateTime=0xc1397700, ftLastAccessTime.dwHighDateTime=0x1d4cfa1, ftLastWriteTime.dwLowDateTime=0xc1397700, ftLastWriteTime.dwHighDateTime=0x1d4cfa1, nFileSizeHigh=0x0, nFileSizeLow=0x2121, dwReserved0=0x0, dwReserved1=0x0, cFileName="B-7fcvmTF rMY1g.ods", cAlternateFileName="B-7FCV~1.ODS")) returned 1 [0091.732] FindNextFileW (in: hFindFile=0xfe6a60, lpFindFileData=0xcfe978 | out: lpFindFileData=0xcfe978*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd1041700, ftCreationTime.dwHighDateTime=0x1d4ce87, ftLastAccessTime.dwLowDateTime=0x67def1d0, ftLastAccessTime.dwHighDateTime=0x1d4c6c8, ftLastWriteTime.dwLowDateTime=0x7e4d7dd7, ftLastWriteTime.dwHighDateTime=0x1d57301, nFileSizeHigh=0x0, nFileSizeLow=0x100e0, dwReserved0=0x0, dwReserved1=0x0, cFileName="bGG4.png.shade8", cAlternateFileName="BGG4PN~1.SHA")) returned 1 [0091.733] FindNextFileW (in: hFindFile=0xfe6a60, lpFindFileData=0xcfe978 | out: lpFindFileData=0xcfe978*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5fed2140, ftCreationTime.dwHighDateTime=0x1d4cc90, ftLastAccessTime.dwLowDateTime=0x41685be0, ftLastAccessTime.dwHighDateTime=0x1d4c7ea, ftLastWriteTime.dwLowDateTime=0x7e609010, ftLastWriteTime.dwHighDateTime=0x1d57301, nFileSizeHigh=0x0, nFileSizeLow=0x13560, dwReserved0=0x0, dwReserved1=0x0, cFileName="f uWn9d-fNEm8xF6.mkv.shade8", cAlternateFileName="FUWN9D~1.SHA")) returned 1 [0091.733] FindNextFileW (in: hFindFile=0xfe6a60, lpFindFileData=0xcfe978 | out: lpFindFileData=0xcfe978*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x37a06790, ftCreationTime.dwHighDateTime=0x1d4cdb9, ftLastAccessTime.dwLowDateTime=0x62e90530, ftLastAccessTime.dwHighDateTime=0x1d4cb69, ftLastWriteTime.dwLowDateTime=0x62e90530, ftLastWriteTime.dwHighDateTime=0x1d4cb69, nFileSizeHigh=0x0, nFileSizeLow=0x16c7c, dwReserved0=0x0, dwReserved1=0x0, cFileName="J34cZFnSlsenRizP.swf", cAlternateFileName="J34CZF~1.SWF")) returned 1 [0091.733] FindNextFileW (in: hFindFile=0xfe6a60, lpFindFileData=0xcfe978 | out: lpFindFileData=0xcfe978*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb2b61a60, ftCreationTime.dwHighDateTime=0x1d4cd55, ftLastAccessTime.dwLowDateTime=0x156a7190, ftLastAccessTime.dwHighDateTime=0x1d4d249, ftLastWriteTime.dwLowDateTime=0x7e760860, ftLastWriteTime.dwHighDateTime=0x1d57301, nFileSizeHigh=0x0, nFileSizeLow=0x171a0, dwReserved0=0x0, dwReserved1=0x0, cFileName="KniDwCaO21uYk4IPWV.csv.shade8", cAlternateFileName="KNIDWC~1.SHA")) returned 1 [0091.733] FindNextFileW (in: hFindFile=0xfe6a60, lpFindFileData=0xcfe978 | out: lpFindFileData=0xcfe978*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe1c3490, ftCreationTime.dwHighDateTime=0x1d4c9da, ftLastAccessTime.dwLowDateTime=0x75ffa680, ftLastAccessTime.dwHighDateTime=0x1d4ce6e, ftLastWriteTime.dwLowDateTime=0x75ffa680, ftLastWriteTime.dwHighDateTime=0x1d4ce6e, nFileSizeHigh=0x0, nFileSizeLow=0x6157, dwReserved0=0x0, dwReserved1=0x0, cFileName="kxBStavGoFqxZbfmF.m4a", cAlternateFileName="KXBSTA~1.M4A")) returned 1 [0091.734] FindNextFileW (in: hFindFile=0xfe6a60, lpFindFileData=0xcfe978 | out: lpFindFileData=0xcfe978*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6d3f7d30, ftCreationTime.dwHighDateTime=0x1d4cb95, ftLastAccessTime.dwLowDateTime=0xc79c5220, ftLastAccessTime.dwHighDateTime=0x1d4cba5, ftLastWriteTime.dwLowDateTime=0xc79c5220, ftLastWriteTime.dwHighDateTime=0x1d4cba5, nFileSizeHigh=0x0, nFileSizeLow=0x2549, dwReserved0=0x0, dwReserved1=0x0, cFileName="niLsZ6.flv", cAlternateFileName="")) returned 1 [0091.734] FindNextFileW (in: hFindFile=0xfe6a60, lpFindFileData=0xcfe978 | out: lpFindFileData=0xcfe978*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3bdab2d0, ftCreationTime.dwHighDateTime=0x1d4ce9e, ftLastAccessTime.dwLowDateTime=0xe3b96b30, ftLastAccessTime.dwHighDateTime=0x1d4ca49, ftLastWriteTime.dwLowDateTime=0x7e8b7b65, ftLastWriteTime.dwHighDateTime=0x1d57301, nFileSizeHigh=0x0, nFileSizeLow=0x15e40, dwReserved0=0x0, dwReserved1=0x0, cFileName="pUkJm_a4a0qy.pdf.shade8", cAlternateFileName="PUKJM_~1.SHA")) returned 1 [0091.734] FindNextFileW (in: hFindFile=0xfe6a60, lpFindFileData=0xcfe978 | out: lpFindFileData=0xcfe978*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd9ebb620, ftCreationTime.dwHighDateTime=0x1d4c7f7, ftLastAccessTime.dwLowDateTime=0xc56b240, ftLastAccessTime.dwHighDateTime=0x1d4c997, ftLastWriteTime.dwLowDateTime=0x7e8ddda4, ftLastWriteTime.dwHighDateTime=0x1d57301, nFileSizeHigh=0x0, nFileSizeLow=0xa970, dwReserved0=0x0, dwReserved1=0x0, cFileName="x4I7Fbqe-kLQzd1fUt-V.mkv.shade8", cAlternateFileName="X4I7FB~1.SHA")) returned 1 [0091.734] FindNextFileW (in: hFindFile=0xfe6a60, lpFindFileData=0xcfe978 | out: lpFindFileData=0xcfe978*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x75193a00, ftCreationTime.dwHighDateTime=0x1d4c8cf, ftLastAccessTime.dwLowDateTime=0x7a6f84e0, ftLastAccessTime.dwHighDateTime=0x1d4c588, ftLastWriteTime.dwLowDateTime=0x7eb6650c, ftLastWriteTime.dwHighDateTime=0x1d57301, nFileSizeHigh=0x0, nFileSizeLow=0x17680, dwReserved0=0x0, dwReserved1=0x0, cFileName="XYpIBn0x4VZkFFRvx.avi.shade8", cAlternateFileName="XYPIBN~1.SHA")) returned 1 [0091.734] FindNextFileW (in: hFindFile=0xfe6a60, lpFindFileData=0xcfe978 | out: lpFindFileData=0xcfe978*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x25712c60, ftCreationTime.dwHighDateTime=0x1d4ca2d, ftLastAccessTime.dwLowDateTime=0x785afb10, ftLastAccessTime.dwHighDateTime=0x1d4cdff, ftLastWriteTime.dwLowDateTime=0x785afb10, ftLastWriteTime.dwHighDateTime=0x1d4cdff, nFileSizeHigh=0x0, nFileSizeLow=0x935c, dwReserved0=0x0, dwReserved1=0x0, cFileName="YXcOXvN.wav", cAlternateFileName="")) returned 1 [0091.735] FindNextFileW (in: hFindFile=0xfe6a60, lpFindFileData=0xcfe978 | out: lpFindFileData=0xcfe978*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x25712c60, ftCreationTime.dwHighDateTime=0x1d4ca2d, ftLastAccessTime.dwLowDateTime=0x785afb10, ftLastAccessTime.dwHighDateTime=0x1d4cdff, ftLastWriteTime.dwLowDateTime=0x785afb10, ftLastWriteTime.dwHighDateTime=0x1d4cdff, nFileSizeHigh=0x0, nFileSizeLow=0x935c, dwReserved0=0x0, dwReserved1=0x0, cFileName="YXcOXvN.wav", cAlternateFileName="")) returned 0 [0091.735] FindClose (in: hFindFile=0xfe6a60 | out: hFindFile=0xfe6a60) returned 1 [0091.735] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfec00) returned 1 [0091.735] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfec0c) returned 1 [0091.735] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfecb8) returned 1 [0091.735] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents", nBufferLength=0x105, lpBuffer=0xcfe76c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents", lpFilePart=0x0) returned 0x19 [0091.735] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\*", lpFindFileData=0xcfe9e0 | out: lpFindFileData=0xcfe9e0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x3476bd48, ftCreationTime.dwHighDateTime=0x1d32722, ftLastAccessTime.dwLowDateTime=0x4c45eca0, ftLastAccessTime.dwHighDateTime=0x1d57301, ftLastWriteTime.dwLowDateTime=0x4c45eca0, ftLastWriteTime.dwHighDateTime=0x1d57301, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xfe68a0 [0091.735] FindNextFileW (in: hFindFile=0xfe68a0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x3476bd48, ftCreationTime.dwHighDateTime=0x1d32722, ftLastAccessTime.dwLowDateTime=0x4c45eca0, ftLastAccessTime.dwHighDateTime=0x1d57301, ftLastWriteTime.dwLowDateTime=0x4c45eca0, ftLastWriteTime.dwHighDateTime=0x1d57301, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0091.736] FindNextFileW (in: hFindFile=0xfe68a0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa2da3740, ftCreationTime.dwHighDateTime=0x1d4f409, ftLastAccessTime.dwLowDateTime=0xda285c80, ftLastAccessTime.dwHighDateTime=0x1d52466, ftLastWriteTime.dwLowDateTime=0xda285c80, ftLastWriteTime.dwHighDateTime=0x1d52466, nFileSizeHigh=0x0, nFileSizeLow=0x15ce7, dwReserved0=0x0, dwReserved1=0x0, cFileName="-e05mO6ck.docx", cAlternateFileName="-E05MO~1.DOC")) returned 1 [0091.736] FindNextFileW (in: hFindFile=0xfe68a0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd527a750, ftCreationTime.dwHighDateTime=0x1d52a00, ftLastAccessTime.dwLowDateTime=0xaa45e6c0, ftLastAccessTime.dwHighDateTime=0x1d56c57, ftLastWriteTime.dwLowDateTime=0xaa45e6c0, ftLastWriteTime.dwHighDateTime=0x1d56c57, nFileSizeHigh=0x0, nFileSizeLow=0x52df, dwReserved0=0x0, dwReserved1=0x0, cFileName="0dNa9Ipg4OF.xlsx", cAlternateFileName="0DNA9I~1.XLS")) returned 1 [0091.736] FindNextFileW (in: hFindFile=0xfe68a0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3934ce10, ftCreationTime.dwHighDateTime=0x1d51f59, ftLastAccessTime.dwLowDateTime=0xb845fa00, ftLastAccessTime.dwHighDateTime=0x1d5684a, ftLastWriteTime.dwLowDateTime=0xb845fa00, ftLastWriteTime.dwHighDateTime=0x1d5684a, nFileSizeHigh=0x0, nFileSizeLow=0xca54, dwReserved0=0x0, dwReserved1=0x0, cFileName="5iEScw-P-bt0zvH0.docx", cAlternateFileName="5IESCW~1.DOC")) returned 1 [0091.736] FindNextFileW (in: hFindFile=0xfe68a0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe7cfa830, ftCreationTime.dwHighDateTime=0x1d5050c, ftLastAccessTime.dwLowDateTime=0x7bfd81d0, ftLastAccessTime.dwHighDateTime=0x1d529f7, ftLastWriteTime.dwLowDateTime=0x7bfd81d0, ftLastWriteTime.dwHighDateTime=0x1d529f7, nFileSizeHigh=0x0, nFileSizeLow=0x8e4d, dwReserved0=0x0, dwReserved1=0x0, cFileName="aghE1.pptx", cAlternateFileName="AGHE1~1.PPT")) returned 1 [0091.736] FindNextFileW (in: hFindFile=0xfe68a0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xec70ba90, ftCreationTime.dwHighDateTime=0x1d52669, ftLastAccessTime.dwLowDateTime=0x5ba534e0, ftLastAccessTime.dwHighDateTime=0x1d4fa23, ftLastWriteTime.dwLowDateTime=0x5ba534e0, ftLastWriteTime.dwHighDateTime=0x1d4fa23, nFileSizeHigh=0x0, nFileSizeLow=0x11ddf, dwReserved0=0x0, dwReserved1=0x0, cFileName="C-o7_Ql2VxIC6.xlsx", cAlternateFileName="C-O7_Q~1.XLS")) returned 1 [0091.737] FindNextFileW (in: hFindFile=0xfe68a0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x42650820, ftCreationTime.dwHighDateTime=0x1d4cd8c, ftLastAccessTime.dwLowDateTime=0x271862f0, ftLastAccessTime.dwHighDateTime=0x1d4c62b, ftLastWriteTime.dwLowDateTime=0x271862f0, ftLastWriteTime.dwHighDateTime=0x1d4c62b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="CPoDMpxr", cAlternateFileName="")) returned 1 [0091.737] FindNextFileW (in: hFindFile=0xfe68a0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3340555c, ftCreationTime.dwHighDateTime=0x1d327b6, ftLastAccessTime.dwLowDateTime=0x3396299d, ftLastAccessTime.dwHighDateTime=0x1d327b6, ftLastWriteTime.dwLowDateTime=0x9daec75b, ftLastWriteTime.dwHighDateTime=0x1d3aafb, nFileSizeHigh=0x0, nFileSizeLow=0x55000, dwReserved0=0x0, dwReserved1=0x0, cFileName="Database1.accdb", cAlternateFileName="DATABA~1.ACC")) returned 1 [0091.737] FindNextFileW (in: hFindFile=0xfe68a0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x63a76450, ftCreationTime.dwHighDateTime=0x1d513c4, ftLastAccessTime.dwLowDateTime=0xd160aac0, ftLastAccessTime.dwHighDateTime=0x1d55040, ftLastWriteTime.dwLowDateTime=0xd160aac0, ftLastWriteTime.dwHighDateTime=0x1d55040, nFileSizeHigh=0x0, nFileSizeLow=0x18a69, dwReserved0=0x0, dwReserved1=0x0, cFileName="Dcqxyjv.docx", cAlternateFileName="DCQXYJ~1.DOC")) returned 1 [0091.737] FindNextFileW (in: hFindFile=0xfe68a0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x440c5760, ftCreationTime.dwHighDateTime=0x1d32722, ftLastAccessTime.dwLowDateTime=0x440c5760, ftLastAccessTime.dwHighDateTime=0x1d32722, ftLastWriteTime.dwLowDateTime=0xce494f1d, ftLastWriteTime.dwHighDateTime=0x1d32743, nFileSizeHigh=0x0, nFileSizeLow=0x192, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0091.737] FindNextFileW (in: hFindFile=0xfe68a0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x14945ac0, ftCreationTime.dwHighDateTime=0x1d4cc94, ftLastAccessTime.dwLowDateTime=0x640d0e70, ftLastAccessTime.dwHighDateTime=0x1d4c669, ftLastWriteTime.dwLowDateTime=0x640d0e70, ftLastWriteTime.dwHighDateTime=0x1d4c669, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="EASk6o6CF0e kL2L", cAlternateFileName="EASK6O~1")) returned 1 [0091.737] FindNextFileW (in: hFindFile=0xfe68a0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xaa60eab0, ftCreationTime.dwHighDateTime=0x1d4fd7b, ftLastAccessTime.dwLowDateTime=0x73531550, ftLastAccessTime.dwHighDateTime=0x1d56b78, ftLastWriteTime.dwLowDateTime=0x73531550, ftLastWriteTime.dwHighDateTime=0x1d56b78, nFileSizeHigh=0x0, nFileSizeLow=0x16cd4, dwReserved0=0x0, dwReserved1=0x0, cFileName="fIXeG1fjMw4VQ-SeI4sD.docx", cAlternateFileName="FIXEG1~1.DOC")) returned 1 [0091.737] FindNextFileW (in: hFindFile=0xfe68a0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x900107e0, ftCreationTime.dwHighDateTime=0x1d4f227, ftLastAccessTime.dwLowDateTime=0x1d20a000, ftLastAccessTime.dwHighDateTime=0x1d544e3, ftLastWriteTime.dwLowDateTime=0x1d20a000, ftLastWriteTime.dwHighDateTime=0x1d544e3, nFileSizeHigh=0x0, nFileSizeLow=0x18fe4, dwReserved0=0x0, dwReserved1=0x0, cFileName="Ip RLazdND.pptx", cAlternateFileName="IPRLAZ~1.PPT")) returned 1 [0091.738] FindNextFileW (in: hFindFile=0xfe68a0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd3c99140, ftCreationTime.dwHighDateTime=0x1d4c9f5, ftLastAccessTime.dwLowDateTime=0xb6748de0, ftLastAccessTime.dwHighDateTime=0x1d4d277, ftLastWriteTime.dwLowDateTime=0xb6748de0, ftLastWriteTime.dwHighDateTime=0x1d4d277, nFileSizeHigh=0x0, nFileSizeLow=0x5b3a, dwReserved0=0x0, dwReserved1=0x0, cFileName="jk6OBCNGIaAnb0.odt", cAlternateFileName="JK6OBC~1.ODT")) returned 1 [0091.738] FindNextFileW (in: hFindFile=0xfe68a0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4a6b5c90, ftCreationTime.dwHighDateTime=0x1d53137, ftLastAccessTime.dwLowDateTime=0xb2c7d880, ftLastAccessTime.dwHighDateTime=0x1d56833, ftLastWriteTime.dwLowDateTime=0xb2c7d880, ftLastWriteTime.dwHighDateTime=0x1d56833, nFileSizeHigh=0x0, nFileSizeLow=0x149b, dwReserved0=0x0, dwReserved1=0x0, cFileName="lCpJ6WuB.docx", cAlternateFileName="LCPJ6W~1.DOC")) returned 1 [0091.738] FindNextFileW (in: hFindFile=0xfe68a0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1b0a5df0, ftCreationTime.dwHighDateTime=0x1d54fca, ftLastAccessTime.dwLowDateTime=0xb735bf80, ftLastAccessTime.dwHighDateTime=0x1d506c3, ftLastWriteTime.dwLowDateTime=0xb735bf80, ftLastWriteTime.dwHighDateTime=0x1d506c3, nFileSizeHigh=0x0, nFileSizeLow=0xc97d, dwReserved0=0x0, dwReserved1=0x0, cFileName="lWFh8--ly.pptx", cAlternateFileName="LWFH8-~1.PPT")) returned 1 [0091.738] FindNextFileW (in: hFindFile=0xfe68a0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf76ad6c0, ftCreationTime.dwHighDateTime=0x1d4c939, ftLastAccessTime.dwLowDateTime=0x220d6680, ftLastAccessTime.dwHighDateTime=0x1d4cf94, ftLastWriteTime.dwLowDateTime=0x220d6680, ftLastWriteTime.dwHighDateTime=0x1d4cf94, nFileSizeHigh=0x0, nFileSizeLow=0x10c4f, dwReserved0=0x0, dwReserved1=0x0, cFileName="mv3ytnTVP.ppt", cAlternateFileName="MV3YTN~1.PPT")) returned 1 [0091.738] FindNextFileW (in: hFindFile=0xfe68a0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x211de47b, ftCreationTime.dwHighDateTime=0x1d32742, ftLastAccessTime.dwLowDateTime=0x211de47b, ftLastAccessTime.dwHighDateTime=0x1d32742, ftLastWriteTime.dwLowDateTime=0x211de47b, ftLastWriteTime.dwHighDateTime=0x1d32742, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="My Music", cAlternateFileName="MYMUSI~1")) returned 1 [0091.738] FindNextFileW (in: hFindFile=0xfe68a0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x211de47b, ftCreationTime.dwHighDateTime=0x1d32742, ftLastAccessTime.dwLowDateTime=0x211de47b, ftLastAccessTime.dwHighDateTime=0x1d32742, ftLastWriteTime.dwLowDateTime=0x211de47b, ftLastWriteTime.dwHighDateTime=0x1d32742, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="My Pictures", cAlternateFileName="MYPICT~1")) returned 1 [0091.738] FindNextFileW (in: hFindFile=0xfe68a0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc1a0f60e, ftCreationTime.dwHighDateTime=0x1d47c35, ftLastAccessTime.dwLowDateTime=0xc1bc4716, ftLastAccessTime.dwHighDateTime=0x1d47c35, ftLastWriteTime.dwLowDateTime=0xc1bc4716, ftLastWriteTime.dwHighDateTime=0x1d47c35, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="My Shapes", cAlternateFileName="MYSHAP~1")) returned 1 [0091.738] FindNextFileW (in: hFindFile=0xfe68a0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x211de47b, ftCreationTime.dwHighDateTime=0x1d32742, ftLastAccessTime.dwLowDateTime=0x211de47b, ftLastAccessTime.dwHighDateTime=0x1d32742, ftLastWriteTime.dwLowDateTime=0x211de47b, ftLastWriteTime.dwHighDateTime=0x1d32742, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="My Videos", cAlternateFileName="MYVIDE~1")) returned 1 [0091.738] FindNextFileW (in: hFindFile=0xfe68a0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb65e330, ftCreationTime.dwHighDateTime=0x1d4ccc4, ftLastAccessTime.dwLowDateTime=0xa7f0b070, ftLastAccessTime.dwHighDateTime=0x1d4ce88, ftLastWriteTime.dwLowDateTime=0xa7f0b070, ftLastWriteTime.dwHighDateTime=0x1d4ce88, nFileSizeHigh=0x0, nFileSizeLow=0xe265, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="NowuucUWH88.csv", cAlternateFileName="NOWUUC~1.CSV")) returned 1 [0091.738] FindNextFileW (in: hFindFile=0xfe68a0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa73182d0, ftCreationTime.dwHighDateTime=0x1d327c8, ftLastAccessTime.dwLowDateTime=0xa87f514a, ftLastAccessTime.dwHighDateTime=0x1d327c8, ftLastWriteTime.dwLowDateTime=0xddc1fe1e, ftLastWriteTime.dwHighDateTime=0x1d327c8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Outlook Files", cAlternateFileName="OUTLOO~1")) returned 1 [0091.738] FindNextFileW (in: hFindFile=0xfe68a0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x9d712fb0, ftCreationTime.dwHighDateTime=0x1d4cfe8, ftLastAccessTime.dwLowDateTime=0xc4b15cf0, ftLastAccessTime.dwHighDateTime=0x1d4d405, ftLastWriteTime.dwLowDateTime=0xc4b15cf0, ftLastWriteTime.dwHighDateTime=0x1d4d405, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="p6BQ5-YjI-RteFLY", cAlternateFileName="P6BQ5-~1")) returned 1 [0091.739] FindNextFileW (in: hFindFile=0xfe68a0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4a402760, ftCreationTime.dwHighDateTime=0x1d50ba7, ftLastAccessTime.dwLowDateTime=0x19e8c6f0, ftLastAccessTime.dwHighDateTime=0x1d51e6a, ftLastWriteTime.dwLowDateTime=0x19e8c6f0, ftLastWriteTime.dwHighDateTime=0x1d51e6a, nFileSizeHigh=0x0, nFileSizeLow=0xe356, dwReserved0=0x0, dwReserved1=0x0, cFileName="QycCod3aKy.xlsx", cAlternateFileName="QYCCOD~1.XLS")) returned 1 [0091.739] FindNextFileW (in: hFindFile=0xfe68a0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4c7e16f0, ftCreationTime.dwHighDateTime=0x1d51d62, ftLastAccessTime.dwLowDateTime=0xc5506280, ftLastAccessTime.dwHighDateTime=0x1d55990, ftLastWriteTime.dwLowDateTime=0xc5506280, ftLastWriteTime.dwHighDateTime=0x1d55990, nFileSizeHigh=0x0, nFileSizeLow=0xd72c, dwReserved0=0x0, dwReserved1=0x0, cFileName="RnOng_uUANEZhdiVwxzo.xlsx", cAlternateFileName="RNONG_~1.XLS")) returned 1 [0091.739] FindNextFileW (in: hFindFile=0xfe68a0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4ffdd6b0, ftCreationTime.dwHighDateTime=0x1d4c8d2, ftLastAccessTime.dwLowDateTime=0x5db94b90, ftLastAccessTime.dwHighDateTime=0x1d4d115, ftLastWriteTime.dwLowDateTime=0x5db94b90, ftLastWriteTime.dwHighDateTime=0x1d4d115, nFileSizeHigh=0x0, nFileSizeLow=0x12f49, dwReserved0=0x0, dwReserved1=0x0, cFileName="T1d-p3JxMF.pdf", cAlternateFileName="T1D-P3~1.PDF")) returned 1 [0091.739] FindNextFileW (in: hFindFile=0xfe68a0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe2a38450, ftCreationTime.dwHighDateTime=0x1d4c699, ftLastAccessTime.dwLowDateTime=0xb86b8150, ftLastAccessTime.dwHighDateTime=0x1d4d437, ftLastWriteTime.dwLowDateTime=0xb86b8150, ftLastWriteTime.dwHighDateTime=0x1d4d437, nFileSizeHigh=0x0, nFileSizeLow=0xb1d2, dwReserved0=0x0, dwReserved1=0x0, cFileName="un6rxRVJiqSaIj.rtf", cAlternateFileName="UN6RXR~1.RTF")) returned 1 [0091.739] FindNextFileW (in: hFindFile=0xfe68a0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x625c1100, ftCreationTime.dwHighDateTime=0x1d54a69, ftLastAccessTime.dwLowDateTime=0xdbea2e60, ftLastAccessTime.dwHighDateTime=0x1d57252, ftLastWriteTime.dwLowDateTime=0xdbea2e60, ftLastWriteTime.dwHighDateTime=0x1d57252, nFileSizeHigh=0x0, nFileSizeLow=0xfe7f, dwReserved0=0x0, dwReserved1=0x0, cFileName="vjEnRfg-8iJV5S9s6yM5.pptx", cAlternateFileName="VJENRF~1.PPT")) returned 1 [0091.856] FindNextFileW (in: hFindFile=0xfe68a0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1e9e410, ftCreationTime.dwHighDateTime=0x1d538b1, ftLastAccessTime.dwLowDateTime=0x40a6c560, ftLastAccessTime.dwHighDateTime=0x1d51cb4, ftLastWriteTime.dwLowDateTime=0x40a6c560, ftLastWriteTime.dwHighDateTime=0x1d51cb4, nFileSizeHigh=0x0, nFileSizeLow=0x113ed, dwReserved0=0x0, dwReserved1=0x0, cFileName="z7sO5.xlsx", cAlternateFileName="Z7SO5~1.XLS")) returned 1 [0091.856] FindNextFileW (in: hFindFile=0xfe68a0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa3831f0, ftCreationTime.dwHighDateTime=0x1d4f2be, ftLastAccessTime.dwLowDateTime=0x1afc4a70, ftLastAccessTime.dwHighDateTime=0x1d5324d, ftLastWriteTime.dwLowDateTime=0x1afc4a70, ftLastWriteTime.dwHighDateTime=0x1d5324d, nFileSizeHigh=0x0, nFileSizeLow=0x18d96, dwReserved0=0x0, dwReserved1=0x0, cFileName="_Uvn6DNHmH.pptx", cAlternateFileName="_UVN6D~1.PPT")) returned 1 [0091.856] FindNextFileW (in: hFindFile=0xfe68a0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0091.856] FindClose (in: hFindFile=0xfe68a0 | out: hFindFile=0xfe68a0) returned 1 [0091.857] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfec74) returned 1 [0091.857] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfec80) returned 1 [0091.857] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfecb8) returned 1 [0091.857] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents", nBufferLength=0x105, lpBuffer=0xcfe76c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents", lpFilePart=0x0) returned 0x19 [0091.857] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\*", lpFindFileData=0xcfe9e0 | out: lpFindFileData=0xcfe9e0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x3476bd48, ftCreationTime.dwHighDateTime=0x1d32722, ftLastAccessTime.dwLowDateTime=0x4c45eca0, ftLastAccessTime.dwHighDateTime=0x1d57301, ftLastWriteTime.dwLowDateTime=0x4c45eca0, ftLastWriteTime.dwHighDateTime=0x1d57301, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xfe65a0 [0091.857] FindNextFileW (in: hFindFile=0xfe65a0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x3476bd48, ftCreationTime.dwHighDateTime=0x1d32722, ftLastAccessTime.dwLowDateTime=0x4c45eca0, ftLastAccessTime.dwHighDateTime=0x1d57301, ftLastWriteTime.dwLowDateTime=0x4c45eca0, ftLastWriteTime.dwHighDateTime=0x1d57301, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0091.857] FindNextFileW (in: hFindFile=0xfe65a0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa2da3740, ftCreationTime.dwHighDateTime=0x1d4f409, ftLastAccessTime.dwLowDateTime=0xda285c80, ftLastAccessTime.dwHighDateTime=0x1d52466, ftLastWriteTime.dwLowDateTime=0xda285c80, ftLastWriteTime.dwHighDateTime=0x1d52466, nFileSizeHigh=0x0, nFileSizeLow=0x15ce7, dwReserved0=0x0, dwReserved1=0x0, cFileName="-e05mO6ck.docx", cAlternateFileName="-E05MO~1.DOC")) returned 1 [0091.857] FindNextFileW (in: hFindFile=0xfe65a0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd527a750, ftCreationTime.dwHighDateTime=0x1d52a00, ftLastAccessTime.dwLowDateTime=0xaa45e6c0, ftLastAccessTime.dwHighDateTime=0x1d56c57, ftLastWriteTime.dwLowDateTime=0xaa45e6c0, ftLastWriteTime.dwHighDateTime=0x1d56c57, nFileSizeHigh=0x0, nFileSizeLow=0x52df, dwReserved0=0x0, dwReserved1=0x0, cFileName="0dNa9Ipg4OF.xlsx", cAlternateFileName="0DNA9I~1.XLS")) returned 1 [0091.857] FindNextFileW (in: hFindFile=0xfe65a0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3934ce10, ftCreationTime.dwHighDateTime=0x1d51f59, ftLastAccessTime.dwLowDateTime=0xb845fa00, ftLastAccessTime.dwHighDateTime=0x1d5684a, ftLastWriteTime.dwLowDateTime=0xb845fa00, ftLastWriteTime.dwHighDateTime=0x1d5684a, nFileSizeHigh=0x0, nFileSizeLow=0xca54, dwReserved0=0x0, dwReserved1=0x0, cFileName="5iEScw-P-bt0zvH0.docx", cAlternateFileName="5IESCW~1.DOC")) returned 1 [0091.857] FindNextFileW (in: hFindFile=0xfe65a0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe7cfa830, ftCreationTime.dwHighDateTime=0x1d5050c, ftLastAccessTime.dwLowDateTime=0x7bfd81d0, ftLastAccessTime.dwHighDateTime=0x1d529f7, ftLastWriteTime.dwLowDateTime=0x7bfd81d0, ftLastWriteTime.dwHighDateTime=0x1d529f7, nFileSizeHigh=0x0, nFileSizeLow=0x8e4d, dwReserved0=0x0, dwReserved1=0x0, cFileName="aghE1.pptx", cAlternateFileName="AGHE1~1.PPT")) returned 1 [0091.857] FindNextFileW (in: hFindFile=0xfe65a0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xec70ba90, ftCreationTime.dwHighDateTime=0x1d52669, ftLastAccessTime.dwLowDateTime=0x5ba534e0, ftLastAccessTime.dwHighDateTime=0x1d4fa23, ftLastWriteTime.dwLowDateTime=0x5ba534e0, ftLastWriteTime.dwHighDateTime=0x1d4fa23, nFileSizeHigh=0x0, nFileSizeLow=0x11ddf, dwReserved0=0x0, dwReserved1=0x0, cFileName="C-o7_Ql2VxIC6.xlsx", cAlternateFileName="C-O7_Q~1.XLS")) returned 1 [0091.857] FindNextFileW (in: hFindFile=0xfe65a0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x42650820, ftCreationTime.dwHighDateTime=0x1d4cd8c, ftLastAccessTime.dwLowDateTime=0x271862f0, ftLastAccessTime.dwHighDateTime=0x1d4c62b, ftLastWriteTime.dwLowDateTime=0x271862f0, ftLastWriteTime.dwHighDateTime=0x1d4c62b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="CPoDMpxr", cAlternateFileName="")) returned 1 [0091.858] FindNextFileW (in: hFindFile=0xfe65a0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3340555c, ftCreationTime.dwHighDateTime=0x1d327b6, ftLastAccessTime.dwLowDateTime=0x3396299d, ftLastAccessTime.dwHighDateTime=0x1d327b6, ftLastWriteTime.dwLowDateTime=0x9daec75b, ftLastWriteTime.dwHighDateTime=0x1d3aafb, nFileSizeHigh=0x0, nFileSizeLow=0x55000, dwReserved0=0x0, dwReserved1=0x0, cFileName="Database1.accdb", cAlternateFileName="DATABA~1.ACC")) returned 1 [0091.858] FindNextFileW (in: hFindFile=0xfe65a0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x63a76450, ftCreationTime.dwHighDateTime=0x1d513c4, ftLastAccessTime.dwLowDateTime=0xd160aac0, ftLastAccessTime.dwHighDateTime=0x1d55040, ftLastWriteTime.dwLowDateTime=0xd160aac0, ftLastWriteTime.dwHighDateTime=0x1d55040, nFileSizeHigh=0x0, nFileSizeLow=0x18a69, dwReserved0=0x0, dwReserved1=0x0, cFileName="Dcqxyjv.docx", cAlternateFileName="DCQXYJ~1.DOC")) returned 1 [0091.858] FindNextFileW (in: hFindFile=0xfe65a0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x440c5760, ftCreationTime.dwHighDateTime=0x1d32722, ftLastAccessTime.dwLowDateTime=0x440c5760, ftLastAccessTime.dwHighDateTime=0x1d32722, ftLastWriteTime.dwLowDateTime=0xce494f1d, ftLastWriteTime.dwHighDateTime=0x1d32743, nFileSizeHigh=0x0, nFileSizeLow=0x192, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0091.858] FindNextFileW (in: hFindFile=0xfe65a0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x14945ac0, ftCreationTime.dwHighDateTime=0x1d4cc94, ftLastAccessTime.dwLowDateTime=0x640d0e70, ftLastAccessTime.dwHighDateTime=0x1d4c669, ftLastWriteTime.dwLowDateTime=0x640d0e70, ftLastWriteTime.dwHighDateTime=0x1d4c669, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="EASk6o6CF0e kL2L", cAlternateFileName="EASK6O~1")) returned 1 [0091.858] FindNextFileW (in: hFindFile=0xfe65a0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xaa60eab0, ftCreationTime.dwHighDateTime=0x1d4fd7b, ftLastAccessTime.dwLowDateTime=0x73531550, ftLastAccessTime.dwHighDateTime=0x1d56b78, ftLastWriteTime.dwLowDateTime=0x73531550, ftLastWriteTime.dwHighDateTime=0x1d56b78, nFileSizeHigh=0x0, nFileSizeLow=0x16cd4, dwReserved0=0x0, dwReserved1=0x0, cFileName="fIXeG1fjMw4VQ-SeI4sD.docx", cAlternateFileName="FIXEG1~1.DOC")) returned 1 [0091.858] FindNextFileW (in: hFindFile=0xfe65a0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x900107e0, ftCreationTime.dwHighDateTime=0x1d4f227, ftLastAccessTime.dwLowDateTime=0x1d20a000, ftLastAccessTime.dwHighDateTime=0x1d544e3, ftLastWriteTime.dwLowDateTime=0x1d20a000, ftLastWriteTime.dwHighDateTime=0x1d544e3, nFileSizeHigh=0x0, nFileSizeLow=0x18fe4, dwReserved0=0x0, dwReserved1=0x0, cFileName="Ip RLazdND.pptx", cAlternateFileName="IPRLAZ~1.PPT")) returned 1 [0091.858] FindNextFileW (in: hFindFile=0xfe65a0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd3c99140, ftCreationTime.dwHighDateTime=0x1d4c9f5, ftLastAccessTime.dwLowDateTime=0xb6748de0, ftLastAccessTime.dwHighDateTime=0x1d4d277, ftLastWriteTime.dwLowDateTime=0xb6748de0, ftLastWriteTime.dwHighDateTime=0x1d4d277, nFileSizeHigh=0x0, nFileSizeLow=0x5b3a, dwReserved0=0x0, dwReserved1=0x0, cFileName="jk6OBCNGIaAnb0.odt", cAlternateFileName="JK6OBC~1.ODT")) returned 1 [0091.858] FindNextFileW (in: hFindFile=0xfe65a0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4a6b5c90, ftCreationTime.dwHighDateTime=0x1d53137, ftLastAccessTime.dwLowDateTime=0xb2c7d880, ftLastAccessTime.dwHighDateTime=0x1d56833, ftLastWriteTime.dwLowDateTime=0xb2c7d880, ftLastWriteTime.dwHighDateTime=0x1d56833, nFileSizeHigh=0x0, nFileSizeLow=0x149b, dwReserved0=0x0, dwReserved1=0x0, cFileName="lCpJ6WuB.docx", cAlternateFileName="LCPJ6W~1.DOC")) returned 1 [0091.858] FindNextFileW (in: hFindFile=0xfe65a0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1b0a5df0, ftCreationTime.dwHighDateTime=0x1d54fca, ftLastAccessTime.dwLowDateTime=0xb735bf80, ftLastAccessTime.dwHighDateTime=0x1d506c3, ftLastWriteTime.dwLowDateTime=0xb735bf80, ftLastWriteTime.dwHighDateTime=0x1d506c3, nFileSizeHigh=0x0, nFileSizeLow=0xc97d, dwReserved0=0x0, dwReserved1=0x0, cFileName="lWFh8--ly.pptx", cAlternateFileName="LWFH8-~1.PPT")) returned 1 [0091.858] FindNextFileW (in: hFindFile=0xfe65a0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf76ad6c0, ftCreationTime.dwHighDateTime=0x1d4c939, ftLastAccessTime.dwLowDateTime=0x220d6680, ftLastAccessTime.dwHighDateTime=0x1d4cf94, ftLastWriteTime.dwLowDateTime=0x220d6680, ftLastWriteTime.dwHighDateTime=0x1d4cf94, nFileSizeHigh=0x0, nFileSizeLow=0x10c4f, dwReserved0=0x0, dwReserved1=0x0, cFileName="mv3ytnTVP.ppt", cAlternateFileName="MV3YTN~1.PPT")) returned 1 [0091.858] FindNextFileW (in: hFindFile=0xfe65a0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x211de47b, ftCreationTime.dwHighDateTime=0x1d32742, ftLastAccessTime.dwLowDateTime=0x211de47b, ftLastAccessTime.dwHighDateTime=0x1d32742, ftLastWriteTime.dwLowDateTime=0x211de47b, ftLastWriteTime.dwHighDateTime=0x1d32742, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="My Music", cAlternateFileName="MYMUSI~1")) returned 1 [0091.858] FindNextFileW (in: hFindFile=0xfe65a0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x211de47b, ftCreationTime.dwHighDateTime=0x1d32742, ftLastAccessTime.dwLowDateTime=0x211de47b, ftLastAccessTime.dwHighDateTime=0x1d32742, ftLastWriteTime.dwLowDateTime=0x211de47b, ftLastWriteTime.dwHighDateTime=0x1d32742, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="My Pictures", cAlternateFileName="MYPICT~1")) returned 1 [0091.858] FindNextFileW (in: hFindFile=0xfe65a0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc1a0f60e, ftCreationTime.dwHighDateTime=0x1d47c35, ftLastAccessTime.dwLowDateTime=0xc1bc4716, ftLastAccessTime.dwHighDateTime=0x1d47c35, ftLastWriteTime.dwLowDateTime=0xc1bc4716, ftLastWriteTime.dwHighDateTime=0x1d47c35, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="My Shapes", cAlternateFileName="MYSHAP~1")) returned 1 [0091.858] FindNextFileW (in: hFindFile=0xfe65a0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x211de47b, ftCreationTime.dwHighDateTime=0x1d32742, ftLastAccessTime.dwLowDateTime=0x211de47b, ftLastAccessTime.dwHighDateTime=0x1d32742, ftLastWriteTime.dwLowDateTime=0x211de47b, ftLastWriteTime.dwHighDateTime=0x1d32742, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="My Videos", cAlternateFileName="MYVIDE~1")) returned 1 [0091.858] FindNextFileW (in: hFindFile=0xfe65a0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb65e330, ftCreationTime.dwHighDateTime=0x1d4ccc4, ftLastAccessTime.dwLowDateTime=0xa7f0b070, ftLastAccessTime.dwHighDateTime=0x1d4ce88, ftLastWriteTime.dwLowDateTime=0xa7f0b070, ftLastWriteTime.dwHighDateTime=0x1d4ce88, nFileSizeHigh=0x0, nFileSizeLow=0xe265, dwReserved0=0x0, dwReserved1=0x0, cFileName="NowuucUWH88.csv", cAlternateFileName="NOWUUC~1.CSV")) returned 1 [0091.859] FindNextFileW (in: hFindFile=0xfe65a0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa73182d0, ftCreationTime.dwHighDateTime=0x1d327c8, ftLastAccessTime.dwLowDateTime=0xa87f514a, ftLastAccessTime.dwHighDateTime=0x1d327c8, ftLastWriteTime.dwLowDateTime=0xddc1fe1e, ftLastWriteTime.dwHighDateTime=0x1d327c8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Outlook Files", cAlternateFileName="OUTLOO~1")) returned 1 [0091.859] FindNextFileW (in: hFindFile=0xfe65a0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x9d712fb0, ftCreationTime.dwHighDateTime=0x1d4cfe8, ftLastAccessTime.dwLowDateTime=0xc4b15cf0, ftLastAccessTime.dwHighDateTime=0x1d4d405, ftLastWriteTime.dwLowDateTime=0xc4b15cf0, ftLastWriteTime.dwHighDateTime=0x1d4d405, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="p6BQ5-YjI-RteFLY", cAlternateFileName="P6BQ5-~1")) returned 1 [0091.859] FindNextFileW (in: hFindFile=0xfe65a0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4a402760, ftCreationTime.dwHighDateTime=0x1d50ba7, ftLastAccessTime.dwLowDateTime=0x19e8c6f0, ftLastAccessTime.dwHighDateTime=0x1d51e6a, ftLastWriteTime.dwLowDateTime=0x19e8c6f0, ftLastWriteTime.dwHighDateTime=0x1d51e6a, nFileSizeHigh=0x0, nFileSizeLow=0xe356, dwReserved0=0x0, dwReserved1=0x0, cFileName="QycCod3aKy.xlsx", cAlternateFileName="QYCCOD~1.XLS")) returned 1 [0091.859] FindNextFileW (in: hFindFile=0xfe65a0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4c7e16f0, ftCreationTime.dwHighDateTime=0x1d51d62, ftLastAccessTime.dwLowDateTime=0xc5506280, ftLastAccessTime.dwHighDateTime=0x1d55990, ftLastWriteTime.dwLowDateTime=0xc5506280, ftLastWriteTime.dwHighDateTime=0x1d55990, nFileSizeHigh=0x0, nFileSizeLow=0xd72c, dwReserved0=0x0, dwReserved1=0x0, cFileName="RnOng_uUANEZhdiVwxzo.xlsx", cAlternateFileName="RNONG_~1.XLS")) returned 1 [0091.859] FindNextFileW (in: hFindFile=0xfe65a0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4ffdd6b0, ftCreationTime.dwHighDateTime=0x1d4c8d2, ftLastAccessTime.dwLowDateTime=0x5db94b90, ftLastAccessTime.dwHighDateTime=0x1d4d115, ftLastWriteTime.dwLowDateTime=0x5db94b90, ftLastWriteTime.dwHighDateTime=0x1d4d115, nFileSizeHigh=0x0, nFileSizeLow=0x12f49, dwReserved0=0x0, dwReserved1=0x0, cFileName="T1d-p3JxMF.pdf", cAlternateFileName="T1D-P3~1.PDF")) returned 1 [0091.859] FindNextFileW (in: hFindFile=0xfe65a0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe2a38450, ftCreationTime.dwHighDateTime=0x1d4c699, ftLastAccessTime.dwLowDateTime=0xb86b8150, ftLastAccessTime.dwHighDateTime=0x1d4d437, ftLastWriteTime.dwLowDateTime=0xb86b8150, ftLastWriteTime.dwHighDateTime=0x1d4d437, nFileSizeHigh=0x0, nFileSizeLow=0xb1d2, dwReserved0=0x0, dwReserved1=0x0, cFileName="un6rxRVJiqSaIj.rtf", cAlternateFileName="UN6RXR~1.RTF")) returned 1 [0091.859] FindNextFileW (in: hFindFile=0xfe65a0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x625c1100, ftCreationTime.dwHighDateTime=0x1d54a69, ftLastAccessTime.dwLowDateTime=0xdbea2e60, ftLastAccessTime.dwHighDateTime=0x1d57252, ftLastWriteTime.dwLowDateTime=0xdbea2e60, ftLastWriteTime.dwHighDateTime=0x1d57252, nFileSizeHigh=0x0, nFileSizeLow=0xfe7f, dwReserved0=0x0, dwReserved1=0x0, cFileName="vjEnRfg-8iJV5S9s6yM5.pptx", cAlternateFileName="VJENRF~1.PPT")) returned 1 [0091.859] FindNextFileW (in: hFindFile=0xfe65a0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1e9e410, ftCreationTime.dwHighDateTime=0x1d538b1, ftLastAccessTime.dwLowDateTime=0x40a6c560, ftLastAccessTime.dwHighDateTime=0x1d51cb4, ftLastWriteTime.dwLowDateTime=0x40a6c560, ftLastWriteTime.dwHighDateTime=0x1d51cb4, nFileSizeHigh=0x0, nFileSizeLow=0x113ed, dwReserved0=0x0, dwReserved1=0x0, cFileName="z7sO5.xlsx", cAlternateFileName="Z7SO5~1.XLS")) returned 1 [0091.859] FindNextFileW (in: hFindFile=0xfe65a0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa3831f0, ftCreationTime.dwHighDateTime=0x1d4f2be, ftLastAccessTime.dwLowDateTime=0x1afc4a70, ftLastAccessTime.dwHighDateTime=0x1d5324d, ftLastWriteTime.dwLowDateTime=0x1afc4a70, ftLastWriteTime.dwHighDateTime=0x1d5324d, nFileSizeHigh=0x0, nFileSizeLow=0x18d96, dwReserved0=0x0, dwReserved1=0x0, cFileName="_Uvn6DNHmH.pptx", cAlternateFileName="_UVN6D~1.PPT")) returned 1 [0091.859] FindNextFileW (in: hFindFile=0xfe65a0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa3831f0, ftCreationTime.dwHighDateTime=0x1d4f2be, ftLastAccessTime.dwLowDateTime=0x1afc4a70, ftLastAccessTime.dwHighDateTime=0x1d5324d, ftLastWriteTime.dwLowDateTime=0x1afc4a70, ftLastWriteTime.dwHighDateTime=0x1d5324d, nFileSizeHigh=0x0, nFileSizeLow=0x18d96, dwReserved0=0x0, dwReserved1=0x0, cFileName="_Uvn6DNHmH.pptx", cAlternateFileName="_UVN6D~1.PPT")) returned 0 [0091.859] FindClose (in: hFindFile=0xfe65a0 | out: hFindFile=0xfe65a0) returned 1 [0091.859] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfec74) returned 1 [0091.859] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfec80) returned 1 [0091.859] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\-e05mO6ck.docx", nBufferLength=0x105, lpBuffer=0xcfe620, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\-e05mO6ck.docx", lpFilePart=0x0) returned 0x28 [0091.859] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeb64) returned 1 [0091.860] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Documents\\-e05mO6ck.docx" (normalized: "c:\\users\\fd1hvy\\documents\\-e05mo6ck.docx"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2b8 [0091.860] GetFileType (hFile=0x2b8) returned 0x1 [0091.860] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeb60) returned 1 [0091.860] GetFileType (hFile=0x2b8) returned 0x1 [0091.860] GetFileSize (in: hFile=0x2b8, lpFileSizeHigh=0xcfec60 | out: lpFileSizeHigh=0xcfec60*=0x0) returned 0x15ce7 [0091.860] ReadFile (in: hFile=0x2b8, lpBuffer=0x3dce2e8, nNumberOfBytesToRead=0x15ce7, lpNumberOfBytesRead=0xcfec0c, lpOverlapped=0x0 | out: lpBuffer=0x3dce2e8*, lpNumberOfBytesRead=0xcfec0c*=0x15ce7, lpOverlapped=0x0) returned 1 [0091.861] CloseHandle (hObject=0x2b8) returned 1 [0091.879] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", nBufferLength=0x105, lpBuffer=0xcfe724, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", lpFilePart=0x0) returned 0x2c [0091.879] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfebd8) returned 1 [0091.879] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8" (normalized: "c:\\users\\fd1hvy\\desktop\\read_this.txt.shade8"), fInfoLevelId=0x0, lpFileInformation=0xcfec54 | out: lpFileInformation=0xcfec54*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0091.880] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfebd4) returned 1 [0091.880] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\-e05mO6ck.docx", nBufferLength=0x105, lpBuffer=0xcfe60c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\-e05mO6ck.docx", lpFilePart=0x0) returned 0x28 [0091.880] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeb50) returned 1 [0091.880] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Documents\\-e05mO6ck.docx" (normalized: "c:\\users\\fd1hvy\\documents\\-e05mo6ck.docx"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2b8 [0091.882] GetFileType (hFile=0x2b8) returned 0x1 [0091.882] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeb4c) returned 1 [0091.882] GetFileType (hFile=0x2b8) returned 0x1 [0091.882] WriteFile (in: hFile=0x2b8, lpBuffer=0x3e3b3d0*, nNumberOfBytesToWrite=0x15cf0, lpNumberOfBytesWritten=0xcfec00, lpOverlapped=0x0 | out: lpBuffer=0x3e3b3d0*, lpNumberOfBytesWritten=0xcfec00*=0x15cf0, lpOverlapped=0x0) returned 1 [0091.884] CloseHandle (hObject=0x2b8) returned 1 [0091.887] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\-e05mO6ck.docx", nBufferLength=0x105, lpBuffer=0xcfe730, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\-e05mO6ck.docx", lpFilePart=0x0) returned 0x28 [0091.887] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\-e05mO6ck.docx.shade8", nBufferLength=0x105, lpBuffer=0xcfe730, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\-e05mO6ck.docx.shade8", lpFilePart=0x0) returned 0x2f [0091.887] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfebe4) returned 1 [0091.887] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\-e05mO6ck.docx" (normalized: "c:\\users\\fd1hvy\\documents\\-e05mo6ck.docx"), fInfoLevelId=0x0, lpFileInformation=0xcfec60 | out: lpFileInformation=0xcfec60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa2da3740, ftCreationTime.dwHighDateTime=0x1d4f409, ftLastAccessTime.dwLowDateTime=0xda285c80, ftLastAccessTime.dwHighDateTime=0x1d52466, ftLastWriteTime.dwLowDateTime=0x7f5facbf, ftLastWriteTime.dwHighDateTime=0x1d57301, nFileSizeHigh=0x0, nFileSizeLow=0x15cf0)) returned 1 [0091.887] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfebe0) returned 1 [0091.887] MoveFileW (lpExistingFileName="C:\\Users\\FD1HVy\\Documents\\-e05mO6ck.docx" (normalized: "c:\\users\\fd1hvy\\documents\\-e05mo6ck.docx"), lpNewFileName="C:\\Users\\FD1HVy\\Documents\\-e05mO6ck.docx.shade8" (normalized: "c:\\users\\fd1hvy\\documents\\-e05mo6ck.docx.shade8")) returned 1 [0091.887] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\0dNa9Ipg4OF.xlsx", nBufferLength=0x105, lpBuffer=0xcfe620, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\0dNa9Ipg4OF.xlsx", lpFilePart=0x0) returned 0x2a [0091.888] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeb64) returned 1 [0091.888] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Documents\\0dNa9Ipg4OF.xlsx" (normalized: "c:\\users\\fd1hvy\\documents\\0dna9ipg4of.xlsx"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2b8 [0091.888] GetFileType (hFile=0x2b8) returned 0x1 [0091.888] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeb60) returned 1 [0091.888] GetFileType (hFile=0x2b8) returned 0x1 [0091.888] GetFileSize (in: hFile=0x2b8, lpFileSizeHigh=0xcfec60 | out: lpFileSizeHigh=0xcfec60*=0x0) returned 0x52df [0091.888] ReadFile (in: hFile=0x2b8, lpBuffer=0x2c8b204, nNumberOfBytesToRead=0x52df, lpNumberOfBytesRead=0xcfec0c, lpOverlapped=0x0 | out: lpBuffer=0x2c8b204*, lpNumberOfBytesRead=0xcfec0c*=0x52df, lpOverlapped=0x0) returned 1 [0091.888] CloseHandle (hObject=0x2b8) returned 1 [0091.960] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", nBufferLength=0x105, lpBuffer=0xcfe724, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", lpFilePart=0x0) returned 0x2c [0091.960] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfebd8) returned 1 [0091.960] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8" (normalized: "c:\\users\\fd1hvy\\desktop\\read_this.txt.shade8"), fInfoLevelId=0x0, lpFileInformation=0xcfec54 | out: lpFileInformation=0xcfec54*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0091.960] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfebd4) returned 1 [0091.960] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\0dNa9Ipg4OF.xlsx", nBufferLength=0x105, lpBuffer=0xcfe60c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\0dNa9Ipg4OF.xlsx", lpFilePart=0x0) returned 0x2a [0091.961] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeb50) returned 1 [0091.961] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Documents\\0dNa9Ipg4OF.xlsx" (normalized: "c:\\users\\fd1hvy\\documents\\0dna9ipg4of.xlsx"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2b8 [0091.962] GetFileType (hFile=0x2b8) returned 0x1 [0091.962] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeb4c) returned 1 [0091.962] GetFileType (hFile=0x2b8) returned 0x1 [0091.962] WriteFile (in: hFile=0x2b8, lpBuffer=0x2cf1e50*, nNumberOfBytesToWrite=0x52e0, lpNumberOfBytesWritten=0xcfec00, lpOverlapped=0x0 | out: lpBuffer=0x2cf1e50*, lpNumberOfBytesWritten=0xcfec00*=0x52e0, lpOverlapped=0x0) returned 1 [0091.963] CloseHandle (hObject=0x2b8) returned 1 [0091.968] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\0dNa9Ipg4OF.xlsx", nBufferLength=0x105, lpBuffer=0xcfe730, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\0dNa9Ipg4OF.xlsx", lpFilePart=0x0) returned 0x2a [0091.968] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\0dNa9Ipg4OF.xlsx.shade8", nBufferLength=0x105, lpBuffer=0xcfe730, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\0dNa9Ipg4OF.xlsx.shade8", lpFilePart=0x0) returned 0x31 [0091.968] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfebe4) returned 1 [0091.968] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\0dNa9Ipg4OF.xlsx" (normalized: "c:\\users\\fd1hvy\\documents\\0dna9ipg4of.xlsx"), fInfoLevelId=0x0, lpFileInformation=0xcfec60 | out: lpFileInformation=0xcfec60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd527a750, ftCreationTime.dwHighDateTime=0x1d52a00, ftLastAccessTime.dwLowDateTime=0xaa45e6c0, ftLastAccessTime.dwHighDateTime=0x1d56c57, ftLastWriteTime.dwLowDateTime=0x7f6b9793, ftLastWriteTime.dwHighDateTime=0x1d57301, nFileSizeHigh=0x0, nFileSizeLow=0x52e0)) returned 1 [0091.968] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfebe0) returned 1 [0091.968] MoveFileW (lpExistingFileName="C:\\Users\\FD1HVy\\Documents\\0dNa9Ipg4OF.xlsx" (normalized: "c:\\users\\fd1hvy\\documents\\0dna9ipg4of.xlsx"), lpNewFileName="C:\\Users\\FD1HVy\\Documents\\0dNa9Ipg4OF.xlsx.shade8" (normalized: "c:\\users\\fd1hvy\\documents\\0dna9ipg4of.xlsx.shade8")) returned 1 [0091.968] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\5iEScw-P-bt0zvH0.docx", nBufferLength=0x105, lpBuffer=0xcfe620, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\5iEScw-P-bt0zvH0.docx", lpFilePart=0x0) returned 0x2f [0091.968] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeb64) returned 1 [0091.969] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Documents\\5iEScw-P-bt0zvH0.docx" (normalized: "c:\\users\\fd1hvy\\documents\\5iescw-p-bt0zvh0.docx"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2b8 [0091.969] GetFileType (hFile=0x2b8) returned 0x1 [0091.969] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeb60) returned 1 [0091.969] GetFileType (hFile=0x2b8) returned 0x1 [0091.969] GetFileSize (in: hFile=0x2b8, lpFileSizeHigh=0xcfec60 | out: lpFileSizeHigh=0xcfec60*=0x0) returned 0xca54 [0091.969] ReadFile (in: hFile=0x2b8, lpBuffer=0x2cf75b8, nNumberOfBytesToRead=0xca54, lpNumberOfBytesRead=0xcfec0c, lpOverlapped=0x0 | out: lpBuffer=0x2cf75b8*, lpNumberOfBytesRead=0xcfec0c*=0xca54, lpOverlapped=0x0) returned 1 [0091.969] CloseHandle (hObject=0x2b8) returned 1 [0091.987] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", nBufferLength=0x105, lpBuffer=0xcfe724, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", lpFilePart=0x0) returned 0x2c [0091.987] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfebd8) returned 1 [0091.987] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8" (normalized: "c:\\users\\fd1hvy\\desktop\\read_this.txt.shade8"), fInfoLevelId=0x0, lpFileInformation=0xcfec54 | out: lpFileInformation=0xcfec54*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0091.987] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfebd4) returned 1 [0091.987] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\5iEScw-P-bt0zvH0.docx", nBufferLength=0x105, lpBuffer=0xcfe60c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\5iEScw-P-bt0zvH0.docx", lpFilePart=0x0) returned 0x2f [0091.987] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeb50) returned 1 [0091.987] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Documents\\5iEScw-P-bt0zvH0.docx" (normalized: "c:\\users\\fd1hvy\\documents\\5iescw-p-bt0zvh0.docx"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2b8 [0091.989] GetFileType (hFile=0x2b8) returned 0x1 [0091.989] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeb4c) returned 1 [0092.068] GetFileType (hFile=0x2b8) returned 0x1 [0092.068] WriteFile (in: hFile=0x2b8, lpBuffer=0x2d6a2d4*, nNumberOfBytesToWrite=0xca60, lpNumberOfBytesWritten=0xcfec00, lpOverlapped=0x0 | out: lpBuffer=0x2d6a2d4*, lpNumberOfBytesWritten=0xcfec00*=0xca60, lpOverlapped=0x0) returned 1 [0092.070] CloseHandle (hObject=0x2b8) returned 1 [0092.072] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\5iEScw-P-bt0zvH0.docx", nBufferLength=0x105, lpBuffer=0xcfe730, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\5iEScw-P-bt0zvH0.docx", lpFilePart=0x0) returned 0x2f [0092.072] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\5iEScw-P-bt0zvH0.docx.shade8", nBufferLength=0x105, lpBuffer=0xcfe730, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\5iEScw-P-bt0zvH0.docx.shade8", lpFilePart=0x0) returned 0x36 [0092.072] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfebe4) returned 1 [0092.072] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\5iEScw-P-bt0zvH0.docx" (normalized: "c:\\users\\fd1hvy\\documents\\5iescw-p-bt0zvh0.docx"), fInfoLevelId=0x0, lpFileInformation=0xcfec60 | out: lpFileInformation=0xcfec60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3934ce10, ftCreationTime.dwHighDateTime=0x1d51f59, ftLastAccessTime.dwLowDateTime=0xb845fa00, ftLastAccessTime.dwHighDateTime=0x1d5684a, ftLastWriteTime.dwLowDateTime=0x7f7c473b, ftLastWriteTime.dwHighDateTime=0x1d57301, nFileSizeHigh=0x0, nFileSizeLow=0xca60)) returned 1 [0092.072] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfebe0) returned 1 [0092.073] MoveFileW (lpExistingFileName="C:\\Users\\FD1HVy\\Documents\\5iEScw-P-bt0zvH0.docx" (normalized: "c:\\users\\fd1hvy\\documents\\5iescw-p-bt0zvh0.docx"), lpNewFileName="C:\\Users\\FD1HVy\\Documents\\5iEScw-P-bt0zvH0.docx.shade8" (normalized: "c:\\users\\fd1hvy\\documents\\5iescw-p-bt0zvh0.docx.shade8")) returned 1 [0092.073] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\aghE1.pptx", nBufferLength=0x105, lpBuffer=0xcfe620, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\aghE1.pptx", lpFilePart=0x0) returned 0x24 [0092.073] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeb64) returned 1 [0092.073] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Documents\\aghE1.pptx" (normalized: "c:\\users\\fd1hvy\\documents\\aghe1.pptx"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2b8 [0092.073] GetFileType (hFile=0x2b8) returned 0x1 [0092.073] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeb60) returned 1 [0092.074] GetFileType (hFile=0x2b8) returned 0x1 [0092.074] GetFileSize (in: hFile=0x2b8, lpFileSizeHigh=0xcfec60 | out: lpFileSizeHigh=0xcfec60*=0x0) returned 0x8e4d [0092.074] ReadFile (in: hFile=0x2b8, lpBuffer=0x2d771c4, nNumberOfBytesToRead=0x8e4d, lpNumberOfBytesRead=0xcfec0c, lpOverlapped=0x0 | out: lpBuffer=0x2d771c4*, lpNumberOfBytesRead=0xcfec0c*=0x8e4d, lpOverlapped=0x0) returned 1 [0092.074] CloseHandle (hObject=0x2b8) returned 1 [0092.095] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", nBufferLength=0x105, lpBuffer=0xcfe724, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", lpFilePart=0x0) returned 0x2c [0092.095] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfebd8) returned 1 [0092.095] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8" (normalized: "c:\\users\\fd1hvy\\desktop\\read_this.txt.shade8"), fInfoLevelId=0x0, lpFileInformation=0xcfec54 | out: lpFileInformation=0xcfec54*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0092.096] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfebd4) returned 1 [0092.096] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\aghE1.pptx", nBufferLength=0x105, lpBuffer=0xcfe60c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\aghE1.pptx", lpFilePart=0x0) returned 0x24 [0092.096] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeb50) returned 1 [0092.096] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Documents\\aghE1.pptx" (normalized: "c:\\users\\fd1hvy\\documents\\aghe1.pptx"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2b8 [0092.097] GetFileType (hFile=0x2b8) returned 0x1 [0092.097] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeb4c) returned 1 [0092.097] GetFileType (hFile=0x2b8) returned 0x1 [0092.097] WriteFile (in: hFile=0x2b8, lpBuffer=0x2bfa550*, nNumberOfBytesToWrite=0x8e50, lpNumberOfBytesWritten=0xcfec00, lpOverlapped=0x0 | out: lpBuffer=0x2bfa550*, lpNumberOfBytesWritten=0xcfec00*=0x8e50, lpOverlapped=0x0) returned 1 [0092.099] CloseHandle (hObject=0x2b8) returned 1 [0092.100] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\aghE1.pptx", nBufferLength=0x105, lpBuffer=0xcfe730, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\aghE1.pptx", lpFilePart=0x0) returned 0x24 [0092.100] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\aghE1.pptx.shade8", nBufferLength=0x105, lpBuffer=0xcfe730, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\aghE1.pptx.shade8", lpFilePart=0x0) returned 0x2b [0092.100] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfebe4) returned 1 [0092.101] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\aghE1.pptx" (normalized: "c:\\users\\fd1hvy\\documents\\aghe1.pptx"), fInfoLevelId=0x0, lpFileInformation=0xcfec60 | out: lpFileInformation=0xcfec60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe7cfa830, ftCreationTime.dwHighDateTime=0x1d5050c, ftLastAccessTime.dwLowDateTime=0x7bfd81d0, ftLastAccessTime.dwHighDateTime=0x1d529f7, ftLastWriteTime.dwLowDateTime=0x7f810d42, ftLastWriteTime.dwHighDateTime=0x1d57301, nFileSizeHigh=0x0, nFileSizeLow=0x8e50)) returned 1 [0092.101] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfebe0) returned 1 [0092.101] MoveFileW (lpExistingFileName="C:\\Users\\FD1HVy\\Documents\\aghE1.pptx" (normalized: "c:\\users\\fd1hvy\\documents\\aghe1.pptx"), lpNewFileName="C:\\Users\\FD1HVy\\Documents\\aghE1.pptx.shade8" (normalized: "c:\\users\\fd1hvy\\documents\\aghe1.pptx.shade8")) returned 1 [0092.101] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\C-o7_Ql2VxIC6.xlsx", nBufferLength=0x105, lpBuffer=0xcfe620, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\C-o7_Ql2VxIC6.xlsx", lpFilePart=0x0) returned 0x2c [0092.101] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeb64) returned 1 [0092.101] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Documents\\C-o7_Ql2VxIC6.xlsx" (normalized: "c:\\users\\fd1hvy\\documents\\c-o7_ql2vxic6.xlsx"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2b8 [0092.102] GetFileType (hFile=0x2b8) returned 0x1 [0092.102] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeb60) returned 1 [0092.102] GetFileType (hFile=0x2b8) returned 0x1 [0092.102] GetFileSize (in: hFile=0x2b8, lpFileSizeHigh=0xcfec60 | out: lpFileSizeHigh=0xcfec60*=0x0) returned 0x11ddf [0092.102] ReadFile (in: hFile=0x2b8, lpBuffer=0x2c037e4, nNumberOfBytesToRead=0x11ddf, lpNumberOfBytesRead=0xcfec0c, lpOverlapped=0x0 | out: lpBuffer=0x2c037e4*, lpNumberOfBytesRead=0xcfec0c*=0x11ddf, lpOverlapped=0x0) returned 1 [0092.102] CloseHandle (hObject=0x2b8) returned 1 [0092.201] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", nBufferLength=0x105, lpBuffer=0xcfe724, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", lpFilePart=0x0) returned 0x2c [0092.201] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfebd8) returned 1 [0092.201] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8" (normalized: "c:\\users\\fd1hvy\\desktop\\read_this.txt.shade8"), fInfoLevelId=0x0, lpFileInformation=0xcfec54 | out: lpFileInformation=0xcfec54*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0092.202] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfebd4) returned 1 [0092.202] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\C-o7_Ql2VxIC6.xlsx", nBufferLength=0x105, lpBuffer=0xcfe60c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\C-o7_Ql2VxIC6.xlsx", lpFilePart=0x0) returned 0x2c [0092.202] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeb50) returned 1 [0092.202] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Documents\\C-o7_Ql2VxIC6.xlsx" (normalized: "c:\\users\\fd1hvy\\documents\\c-o7_ql2vxic6.xlsx"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2b8 [0092.203] GetFileType (hFile=0x2b8) returned 0x1 [0092.204] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeb4c) returned 1 [0092.204] GetFileType (hFile=0x2b8) returned 0x1 [0092.204] WriteFile (in: hFile=0x2b8, lpBuffer=0x2c860e0*, nNumberOfBytesToWrite=0x11de0, lpNumberOfBytesWritten=0xcfec00, lpOverlapped=0x0 | out: lpBuffer=0x2c860e0*, lpNumberOfBytesWritten=0xcfec00*=0x11de0, lpOverlapped=0x0) returned 1 [0092.206] CloseHandle (hObject=0x2b8) returned 1 [0092.209] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\C-o7_Ql2VxIC6.xlsx", nBufferLength=0x105, lpBuffer=0xcfe730, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\C-o7_Ql2VxIC6.xlsx", lpFilePart=0x0) returned 0x2c [0092.209] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\C-o7_Ql2VxIC6.xlsx.shade8", nBufferLength=0x105, lpBuffer=0xcfe730, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\C-o7_Ql2VxIC6.xlsx.shade8", lpFilePart=0x0) returned 0x33 [0092.209] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfebe4) returned 1 [0092.209] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\C-o7_Ql2VxIC6.xlsx" (normalized: "c:\\users\\fd1hvy\\documents\\c-o7_ql2vxic6.xlsx"), fInfoLevelId=0x0, lpFileInformation=0xcfec60 | out: lpFileInformation=0xcfec60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xec70ba90, ftCreationTime.dwHighDateTime=0x1d52669, ftLastAccessTime.dwLowDateTime=0x5ba534e0, ftLastAccessTime.dwHighDateTime=0x1d4fa23, ftLastWriteTime.dwLowDateTime=0x7f91e1d4, ftLastWriteTime.dwHighDateTime=0x1d57301, nFileSizeHigh=0x0, nFileSizeLow=0x11de0)) returned 1 [0092.210] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfebe0) returned 1 [0092.210] MoveFileW (lpExistingFileName="C:\\Users\\FD1HVy\\Documents\\C-o7_Ql2VxIC6.xlsx" (normalized: "c:\\users\\fd1hvy\\documents\\c-o7_ql2vxic6.xlsx"), lpNewFileName="C:\\Users\\FD1HVy\\Documents\\C-o7_Ql2VxIC6.xlsx.shade8" (normalized: "c:\\users\\fd1hvy\\documents\\c-o7_ql2vxic6.xlsx.shade8")) returned 1 [0092.210] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\Dcqxyjv.docx", nBufferLength=0x105, lpBuffer=0xcfe620, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\Dcqxyjv.docx", lpFilePart=0x0) returned 0x26 [0092.210] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeb64) returned 1 [0092.211] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Documents\\Dcqxyjv.docx" (normalized: "c:\\users\\fd1hvy\\documents\\dcqxyjv.docx"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2b8 [0092.211] GetFileType (hFile=0x2b8) returned 0x1 [0092.211] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeb60) returned 1 [0092.211] GetFileType (hFile=0x2b8) returned 0x1 [0092.211] GetFileSize (in: hFile=0x2b8, lpFileSizeHigh=0xcfec60 | out: lpFileSizeHigh=0xcfec60*=0x0) returned 0x18a69 [0092.211] ReadFile (in: hFile=0x2b8, lpBuffer=0x3e8e160, nNumberOfBytesToRead=0x18a69, lpNumberOfBytesRead=0xcfec0c, lpOverlapped=0x0 | out: lpBuffer=0x3e8e160*, lpNumberOfBytesRead=0xcfec0c*=0x18a69, lpOverlapped=0x0) returned 1 [0092.212] CloseHandle (hObject=0x2b8) returned 1 [0092.301] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", nBufferLength=0x105, lpBuffer=0xcfe724, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", lpFilePart=0x0) returned 0x2c [0092.302] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfebd8) returned 1 [0092.302] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8" (normalized: "c:\\users\\fd1hvy\\desktop\\read_this.txt.shade8"), fInfoLevelId=0x0, lpFileInformation=0xcfec54 | out: lpFileInformation=0xcfec54*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0092.302] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfebd4) returned 1 [0092.302] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\Dcqxyjv.docx", nBufferLength=0x105, lpBuffer=0xcfe60c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\Dcqxyjv.docx", lpFilePart=0x0) returned 0x26 [0092.302] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeb50) returned 1 [0092.302] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Documents\\Dcqxyjv.docx" (normalized: "c:\\users\\fd1hvy\\documents\\dcqxyjv.docx"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2b8 [0092.304] GetFileType (hFile=0x2b8) returned 0x1 [0092.304] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeb4c) returned 1 [0092.304] GetFileType (hFile=0x2b8) returned 0x1 [0092.304] WriteFile (in: hFile=0x2b8, lpBuffer=0x3ea6be8*, nNumberOfBytesToWrite=0x18a70, lpNumberOfBytesWritten=0xcfec00, lpOverlapped=0x0 | out: lpBuffer=0x3ea6be8*, lpNumberOfBytesWritten=0xcfec00*=0x18a70, lpOverlapped=0x0) returned 1 [0092.306] CloseHandle (hObject=0x2b8) returned 1 [0092.309] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\Dcqxyjv.docx", nBufferLength=0x105, lpBuffer=0xcfe730, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\Dcqxyjv.docx", lpFilePart=0x0) returned 0x26 [0092.309] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\Dcqxyjv.docx.shade8", nBufferLength=0x105, lpBuffer=0xcfe730, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\Dcqxyjv.docx.shade8", lpFilePart=0x0) returned 0x2d [0092.309] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfebe4) returned 1 [0092.309] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\Dcqxyjv.docx" (normalized: "c:\\users\\fd1hvy\\documents\\dcqxyjv.docx"), fInfoLevelId=0x0, lpFileInformation=0xcfec60 | out: lpFileInformation=0xcfec60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x63a76450, ftCreationTime.dwHighDateTime=0x1d513c4, ftLastAccessTime.dwLowDateTime=0xd160aac0, ftLastAccessTime.dwHighDateTime=0x1d55040, ftLastWriteTime.dwLowDateTime=0x7fa00d2d, ftLastWriteTime.dwHighDateTime=0x1d57301, nFileSizeHigh=0x0, nFileSizeLow=0x18a70)) returned 1 [0092.309] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfebe0) returned 1 [0092.309] MoveFileW (lpExistingFileName="C:\\Users\\FD1HVy\\Documents\\Dcqxyjv.docx" (normalized: "c:\\users\\fd1hvy\\documents\\dcqxyjv.docx"), lpNewFileName="C:\\Users\\FD1HVy\\Documents\\Dcqxyjv.docx.shade8" (normalized: "c:\\users\\fd1hvy\\documents\\dcqxyjv.docx.shade8")) returned 1 [0092.310] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\fIXeG1fjMw4VQ-SeI4sD.docx", nBufferLength=0x105, lpBuffer=0xcfe620, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\fIXeG1fjMw4VQ-SeI4sD.docx", lpFilePart=0x0) returned 0x33 [0092.310] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeb64) returned 1 [0092.310] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Documents\\fIXeG1fjMw4VQ-SeI4sD.docx" (normalized: "c:\\users\\fd1hvy\\documents\\fixeg1fjmw4vq-sei4sd.docx"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2b8 [0092.310] GetFileType (hFile=0x2b8) returned 0x1 [0092.310] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeb60) returned 1 [0092.310] GetFileType (hFile=0x2b8) returned 0x1 [0092.310] GetFileSize (in: hFile=0x2b8, lpFileSizeHigh=0xcfec60 | out: lpFileSizeHigh=0xcfec60*=0x0) returned 0x16cd4 [0092.310] ReadFile (in: hFile=0x2b8, lpBuffer=0x3ebf678, nNumberOfBytesToRead=0x16cd4, lpNumberOfBytesRead=0xcfec0c, lpOverlapped=0x0 | out: lpBuffer=0x3ebf678*, lpNumberOfBytesRead=0xcfec0c*=0x16cd4, lpOverlapped=0x0) returned 1 [0092.311] CloseHandle (hObject=0x2b8) returned 1 [0092.414] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", nBufferLength=0x105, lpBuffer=0xcfe724, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", lpFilePart=0x0) returned 0x2c [0092.414] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfebd8) returned 1 [0092.414] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8" (normalized: "c:\\users\\fd1hvy\\desktop\\read_this.txt.shade8"), fInfoLevelId=0x0, lpFileInformation=0xcfec54 | out: lpFileInformation=0xcfec54*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0092.414] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfebd4) returned 1 [0092.414] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\fIXeG1fjMw4VQ-SeI4sD.docx", nBufferLength=0x105, lpBuffer=0xcfe60c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\fIXeG1fjMw4VQ-SeI4sD.docx", lpFilePart=0x0) returned 0x33 [0092.414] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeb50) returned 1 [0092.414] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Documents\\fIXeG1fjMw4VQ-SeI4sD.docx" (normalized: "c:\\users\\fd1hvy\\documents\\fixeg1fjmw4vq-sei4sd.docx"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2b8 [0092.416] GetFileType (hFile=0x2b8) returned 0x1 [0092.416] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeb4c) returned 1 [0092.416] GetFileType (hFile=0x2b8) returned 0x1 [0092.416] WriteFile (in: hFile=0x2b8, lpBuffer=0x3c53198*, nNumberOfBytesToWrite=0x16ce0, lpNumberOfBytesWritten=0xcfec00, lpOverlapped=0x0 | out: lpBuffer=0x3c53198*, lpNumberOfBytesWritten=0xcfec00*=0x16ce0, lpOverlapped=0x0) returned 1 [0092.418] CloseHandle (hObject=0x2b8) returned 1 [0092.421] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\fIXeG1fjMw4VQ-SeI4sD.docx", nBufferLength=0x105, lpBuffer=0xcfe730, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\fIXeG1fjMw4VQ-SeI4sD.docx", lpFilePart=0x0) returned 0x33 [0092.421] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\fIXeG1fjMw4VQ-SeI4sD.docx.shade8", nBufferLength=0x105, lpBuffer=0xcfe730, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\fIXeG1fjMw4VQ-SeI4sD.docx.shade8", lpFilePart=0x0) returned 0x3a [0092.421] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfebe4) returned 1 [0092.421] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\fIXeG1fjMw4VQ-SeI4sD.docx" (normalized: "c:\\users\\fd1hvy\\documents\\fixeg1fjmw4vq-sei4sd.docx"), fInfoLevelId=0x0, lpFileInformation=0xcfec60 | out: lpFileInformation=0xcfec60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xaa60eab0, ftCreationTime.dwHighDateTime=0x1d4fd7b, ftLastAccessTime.dwLowDateTime=0x73531550, ftLastAccessTime.dwHighDateTime=0x1d56b78, ftLastWriteTime.dwLowDateTime=0x7fb0bbc9, ftLastWriteTime.dwHighDateTime=0x1d57301, nFileSizeHigh=0x0, nFileSizeLow=0x16ce0)) returned 1 [0092.421] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfebe0) returned 1 [0092.421] MoveFileW (lpExistingFileName="C:\\Users\\FD1HVy\\Documents\\fIXeG1fjMw4VQ-SeI4sD.docx" (normalized: "c:\\users\\fd1hvy\\documents\\fixeg1fjmw4vq-sei4sd.docx"), lpNewFileName="C:\\Users\\FD1HVy\\Documents\\fIXeG1fjMw4VQ-SeI4sD.docx.shade8" (normalized: "c:\\users\\fd1hvy\\documents\\fixeg1fjmw4vq-sei4sd.docx.shade8")) returned 1 [0092.422] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\Ip RLazdND.pptx", nBufferLength=0x105, lpBuffer=0xcfe620, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\Ip RLazdND.pptx", lpFilePart=0x0) returned 0x29 [0092.422] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeb64) returned 1 [0092.422] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Documents\\Ip RLazdND.pptx" (normalized: "c:\\users\\fd1hvy\\documents\\ip rlazdnd.pptx"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2b8 [0092.422] GetFileType (hFile=0x2b8) returned 0x1 [0092.422] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeb60) returned 1 [0092.422] GetFileType (hFile=0x2b8) returned 0x1 [0092.422] GetFileSize (in: hFile=0x2b8, lpFileSizeHigh=0xcfec60 | out: lpFileSizeHigh=0xcfec60*=0x0) returned 0x18fe4 [0092.422] ReadFile (in: hFile=0x2b8, lpBuffer=0x3c69e98, nNumberOfBytesToRead=0x18fe4, lpNumberOfBytesRead=0xcfec0c, lpOverlapped=0x0 | out: lpBuffer=0x3c69e98*, lpNumberOfBytesRead=0xcfec0c*=0x18fe4, lpOverlapped=0x0) returned 1 [0092.423] CloseHandle (hObject=0x2b8) returned 1 [0092.539] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", nBufferLength=0x105, lpBuffer=0xcfe724, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", lpFilePart=0x0) returned 0x2c [0092.539] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfebd8) returned 1 [0092.539] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8" (normalized: "c:\\users\\fd1hvy\\desktop\\read_this.txt.shade8"), fInfoLevelId=0x0, lpFileInformation=0xcfec54 | out: lpFileInformation=0xcfec54*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0092.539] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfebd4) returned 1 [0092.539] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\Ip RLazdND.pptx", nBufferLength=0x105, lpBuffer=0xcfe60c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\Ip RLazdND.pptx", lpFilePart=0x0) returned 0x29 [0092.539] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeb50) returned 1 [0092.539] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Documents\\Ip RLazdND.pptx" (normalized: "c:\\users\\fd1hvy\\documents\\ip rlazdnd.pptx"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2b8 [0092.541] GetFileType (hFile=0x2b8) returned 0x1 [0092.541] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeb4c) returned 1 [0092.541] GetFileType (hFile=0x2b8) returned 0x1 [0092.541] WriteFile (in: hFile=0x2b8, lpBuffer=0x3ce6e78*, nNumberOfBytesToWrite=0x18ff0, lpNumberOfBytesWritten=0xcfec00, lpOverlapped=0x0 | out: lpBuffer=0x3ce6e78*, lpNumberOfBytesWritten=0xcfec00*=0x18ff0, lpOverlapped=0x0) returned 1 [0092.543] CloseHandle (hObject=0x2b8) returned 1 [0092.546] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\Ip RLazdND.pptx", nBufferLength=0x105, lpBuffer=0xcfe730, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\Ip RLazdND.pptx", lpFilePart=0x0) returned 0x29 [0092.546] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\Ip RLazdND.pptx.shade8", nBufferLength=0x105, lpBuffer=0xcfe730, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\Ip RLazdND.pptx.shade8", lpFilePart=0x0) returned 0x30 [0092.546] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfebe4) returned 1 [0092.546] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\Ip RLazdND.pptx" (normalized: "c:\\users\\fd1hvy\\documents\\ip rlazdnd.pptx"), fInfoLevelId=0x0, lpFileInformation=0xcfec60 | out: lpFileInformation=0xcfec60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x900107e0, ftCreationTime.dwHighDateTime=0x1d4f227, ftLastAccessTime.dwLowDateTime=0x1d20a000, ftLastAccessTime.dwHighDateTime=0x1d544e3, ftLastWriteTime.dwLowDateTime=0x7fc3cf1a, ftLastWriteTime.dwHighDateTime=0x1d57301, nFileSizeHigh=0x0, nFileSizeLow=0x18ff0)) returned 1 [0092.546] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfebe0) returned 1 [0092.546] MoveFileW (lpExistingFileName="C:\\Users\\FD1HVy\\Documents\\Ip RLazdND.pptx" (normalized: "c:\\users\\fd1hvy\\documents\\ip rlazdnd.pptx"), lpNewFileName="C:\\Users\\FD1HVy\\Documents\\Ip RLazdND.pptx.shade8" (normalized: "c:\\users\\fd1hvy\\documents\\ip rlazdnd.pptx.shade8")) returned 1 [0092.547] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\jk6OBCNGIaAnb0.odt", nBufferLength=0x105, lpBuffer=0xcfe620, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\jk6OBCNGIaAnb0.odt", lpFilePart=0x0) returned 0x2c [0092.547] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeb64) returned 1 [0092.547] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Documents\\jk6OBCNGIaAnb0.odt" (normalized: "c:\\users\\fd1hvy\\documents\\jk6obcngiaanb0.odt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2b8 [0092.547] GetFileType (hFile=0x2b8) returned 0x1 [0092.547] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeb60) returned 1 [0092.547] GetFileType (hFile=0x2b8) returned 0x1 [0092.547] GetFileSize (in: hFile=0x2b8, lpFileSizeHigh=0xcfec60 | out: lpFileSizeHigh=0xcfec60*=0x0) returned 0x5b3a [0092.547] ReadFile (in: hFile=0x2b8, lpBuffer=0x2c66c1c, nNumberOfBytesToRead=0x5b3a, lpNumberOfBytesRead=0xcfec0c, lpOverlapped=0x0 | out: lpBuffer=0x2c66c1c*, lpNumberOfBytesRead=0xcfec0c*=0x5b3a, lpOverlapped=0x0) returned 1 [0092.548] CloseHandle (hObject=0x2b8) returned 1 [0092.563] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", nBufferLength=0x105, lpBuffer=0xcfe724, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", lpFilePart=0x0) returned 0x2c [0092.564] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfebd8) returned 1 [0092.564] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8" (normalized: "c:\\users\\fd1hvy\\desktop\\read_this.txt.shade8"), fInfoLevelId=0x0, lpFileInformation=0xcfec54 | out: lpFileInformation=0xcfec54*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0092.564] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfebd4) returned 1 [0092.564] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\jk6OBCNGIaAnb0.odt", nBufferLength=0x105, lpBuffer=0xcfe60c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\jk6OBCNGIaAnb0.odt", lpFilePart=0x0) returned 0x2c [0092.564] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeb50) returned 1 [0092.564] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Documents\\jk6OBCNGIaAnb0.odt" (normalized: "c:\\users\\fd1hvy\\documents\\jk6obcngiaanb0.odt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2b8 [0092.565] GetFileType (hFile=0x2b8) returned 0x1 [0092.565] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeb4c) returned 1 [0092.565] GetFileType (hFile=0x2b8) returned 0x1 [0092.565] WriteFile (in: hFile=0x2b8, lpBuffer=0x2cd0248*, nNumberOfBytesToWrite=0x5b40, lpNumberOfBytesWritten=0xcfec00, lpOverlapped=0x0 | out: lpBuffer=0x2cd0248*, lpNumberOfBytesWritten=0xcfec00*=0x5b40, lpOverlapped=0x0) returned 1 [0092.654] CloseHandle (hObject=0x2b8) returned 1 [0092.655] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\jk6OBCNGIaAnb0.odt", nBufferLength=0x105, lpBuffer=0xcfe730, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\jk6OBCNGIaAnb0.odt", lpFilePart=0x0) returned 0x2c [0092.655] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\jk6OBCNGIaAnb0.odt.shade8", nBufferLength=0x105, lpBuffer=0xcfe730, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\jk6OBCNGIaAnb0.odt.shade8", lpFilePart=0x0) returned 0x33 [0092.655] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfebe4) returned 1 [0092.655] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\jk6OBCNGIaAnb0.odt" (normalized: "c:\\users\\fd1hvy\\documents\\jk6obcngiaanb0.odt"), fInfoLevelId=0x0, lpFileInformation=0xcfec60 | out: lpFileInformation=0xcfec60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd3c99140, ftCreationTime.dwHighDateTime=0x1d4c9f5, ftLastAccessTime.dwLowDateTime=0xb6748de0, ftLastAccessTime.dwHighDateTime=0x1d4d277, ftLastWriteTime.dwLowDateTime=0x7fd47e5e, ftLastWriteTime.dwHighDateTime=0x1d57301, nFileSizeHigh=0x0, nFileSizeLow=0x5b40)) returned 1 [0092.656] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfebe0) returned 1 [0092.656] MoveFileW (lpExistingFileName="C:\\Users\\FD1HVy\\Documents\\jk6OBCNGIaAnb0.odt" (normalized: "c:\\users\\fd1hvy\\documents\\jk6obcngiaanb0.odt"), lpNewFileName="C:\\Users\\FD1HVy\\Documents\\jk6OBCNGIaAnb0.odt.shade8" (normalized: "c:\\users\\fd1hvy\\documents\\jk6obcngiaanb0.odt.shade8")) returned 1 [0092.656] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\lCpJ6WuB.docx", nBufferLength=0x105, lpBuffer=0xcfe620, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\lCpJ6WuB.docx", lpFilePart=0x0) returned 0x27 [0092.657] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeb64) returned 1 [0092.657] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Documents\\lCpJ6WuB.docx" (normalized: "c:\\users\\fd1hvy\\documents\\lcpj6wub.docx"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2b8 [0092.657] GetFileType (hFile=0x2b8) returned 0x1 [0092.657] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeb60) returned 1 [0092.657] GetFileType (hFile=0x2b8) returned 0x1 [0092.657] GetFileSize (in: hFile=0x2b8, lpFileSizeHigh=0xcfec60 | out: lpFileSizeHigh=0xcfec60*=0x0) returned 0x149b [0092.657] ReadFile (in: hFile=0x2b8, lpBuffer=0x2cd6204, nNumberOfBytesToRead=0x149b, lpNumberOfBytesRead=0xcfec0c, lpOverlapped=0x0 | out: lpBuffer=0x2cd6204*, lpNumberOfBytesRead=0xcfec0c*=0x149b, lpOverlapped=0x0) returned 1 [0092.657] CloseHandle (hObject=0x2b8) returned 1 [0092.675] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", nBufferLength=0x105, lpBuffer=0xcfe724, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", lpFilePart=0x0) returned 0x2c [0092.675] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfebd8) returned 1 [0092.675] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8" (normalized: "c:\\users\\fd1hvy\\desktop\\read_this.txt.shade8"), fInfoLevelId=0x0, lpFileInformation=0xcfec54 | out: lpFileInformation=0xcfec54*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0092.675] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfebd4) returned 1 [0092.675] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\lCpJ6WuB.docx", nBufferLength=0x105, lpBuffer=0xcfe60c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\lCpJ6WuB.docx", lpFilePart=0x0) returned 0x27 [0092.675] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeb50) returned 1 [0092.675] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Documents\\lCpJ6WuB.docx" (normalized: "c:\\users\\fd1hvy\\documents\\lcpj6wub.docx"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2b8 [0092.676] GetFileType (hFile=0x2b8) returned 0x1 [0092.677] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeb4c) returned 1 [0092.677] GetFileType (hFile=0x2b8) returned 0x1 [0092.677] WriteFile (in: hFile=0x2b8, lpBuffer=0x2d29710*, nNumberOfBytesToWrite=0x14a0, lpNumberOfBytesWritten=0xcfec00, lpOverlapped=0x0 | out: lpBuffer=0x2d29710*, lpNumberOfBytesWritten=0xcfec00*=0x14a0, lpOverlapped=0x0) returned 1 [0092.678] CloseHandle (hObject=0x2b8) returned 1 [0092.679] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\lCpJ6WuB.docx", nBufferLength=0x105, lpBuffer=0xcfe730, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\lCpJ6WuB.docx", lpFilePart=0x0) returned 0x27 [0092.679] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\lCpJ6WuB.docx.shade8", nBufferLength=0x105, lpBuffer=0xcfe730, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\lCpJ6WuB.docx.shade8", lpFilePart=0x0) returned 0x2e [0092.679] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfebe4) returned 1 [0092.679] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\lCpJ6WuB.docx" (normalized: "c:\\users\\fd1hvy\\documents\\lcpj6wub.docx"), fInfoLevelId=0x0, lpFileInformation=0xcfec60 | out: lpFileInformation=0xcfec60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4a6b5c90, ftCreationTime.dwHighDateTime=0x1d53137, ftLastAccessTime.dwLowDateTime=0xb2c7d880, ftLastAccessTime.dwHighDateTime=0x1d56833, ftLastWriteTime.dwLowDateTime=0x7fd9444b, ftLastWriteTime.dwHighDateTime=0x1d57301, nFileSizeHigh=0x0, nFileSizeLow=0x14a0)) returned 1 [0092.679] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfebe0) returned 1 [0092.679] MoveFileW (lpExistingFileName="C:\\Users\\FD1HVy\\Documents\\lCpJ6WuB.docx" (normalized: "c:\\users\\fd1hvy\\documents\\lcpj6wub.docx"), lpNewFileName="C:\\Users\\FD1HVy\\Documents\\lCpJ6WuB.docx.shade8" (normalized: "c:\\users\\fd1hvy\\documents\\lcpj6wub.docx.shade8")) returned 1 [0092.680] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\lWFh8--ly.pptx", nBufferLength=0x105, lpBuffer=0xcfe620, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\lWFh8--ly.pptx", lpFilePart=0x0) returned 0x28 [0092.680] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeb64) returned 1 [0092.680] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Documents\\lWFh8--ly.pptx" (normalized: "c:\\users\\fd1hvy\\documents\\lwfh8--ly.pptx"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2b8 [0092.680] GetFileType (hFile=0x2b8) returned 0x1 [0092.680] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeb60) returned 1 [0092.680] GetFileType (hFile=0x2b8) returned 0x1 [0092.680] GetFileSize (in: hFile=0x2b8, lpFileSizeHigh=0xcfec60 | out: lpFileSizeHigh=0xcfec60*=0x0) returned 0xc97d [0092.680] ReadFile (in: hFile=0x2b8, lpBuffer=0x2d2b000, nNumberOfBytesToRead=0xc97d, lpNumberOfBytesRead=0xcfec0c, lpOverlapped=0x0 | out: lpBuffer=0x2d2b000*, lpNumberOfBytesRead=0xcfec0c*=0xc97d, lpOverlapped=0x0) returned 1 [0092.681] CloseHandle (hObject=0x2b8) returned 1 [0092.848] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", nBufferLength=0x105, lpBuffer=0xcfe724, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", lpFilePart=0x0) returned 0x2c [0092.848] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfebd8) returned 1 [0092.848] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8" (normalized: "c:\\users\\fd1hvy\\desktop\\read_this.txt.shade8"), fInfoLevelId=0x0, lpFileInformation=0xcfec54 | out: lpFileInformation=0xcfec54*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0092.922] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfebd4) returned 1 [0092.922] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\lWFh8--ly.pptx", nBufferLength=0x105, lpBuffer=0xcfe60c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\lWFh8--ly.pptx", lpFilePart=0x0) returned 0x28 [0092.922] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeb50) returned 1 [0092.922] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Documents\\lWFh8--ly.pptx" (normalized: "c:\\users\\fd1hvy\\documents\\lwfh8--ly.pptx"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2b8 [0092.923] GetFileType (hFile=0x2b8) returned 0x1 [0092.923] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeb4c) returned 1 [0092.923] GetFileType (hFile=0x2b8) returned 0x1 [0092.924] WriteFile (in: hFile=0x2b8, lpBuffer=0x2d9da80*, nNumberOfBytesToWrite=0xc980, lpNumberOfBytesWritten=0xcfec00, lpOverlapped=0x0 | out: lpBuffer=0x2d9da80*, lpNumberOfBytesWritten=0xcfec00*=0xc980, lpOverlapped=0x0) returned 1 [0092.925] CloseHandle (hObject=0x2b8) returned 1 [0092.927] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\lWFh8--ly.pptx", nBufferLength=0x105, lpBuffer=0xcfe730, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\lWFh8--ly.pptx", lpFilePart=0x0) returned 0x28 [0092.927] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\lWFh8--ly.pptx.shade8", nBufferLength=0x105, lpBuffer=0xcfe730, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\lWFh8--ly.pptx.shade8", lpFilePart=0x0) returned 0x2f [0092.928] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfebe4) returned 1 [0092.928] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\lWFh8--ly.pptx" (normalized: "c:\\users\\fd1hvy\\documents\\lwfh8--ly.pptx"), fInfoLevelId=0x0, lpFileInformation=0xcfec60 | out: lpFileInformation=0xcfec60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1b0a5df0, ftCreationTime.dwHighDateTime=0x1d54fca, ftLastAccessTime.dwLowDateTime=0xb735bf80, ftLastAccessTime.dwHighDateTime=0x1d506c3, ftLastWriteTime.dwLowDateTime=0x7fff7cc1, ftLastWriteTime.dwHighDateTime=0x1d57301, nFileSizeHigh=0x0, nFileSizeLow=0xc980)) returned 1 [0092.928] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfebe0) returned 1 [0092.928] MoveFileW (lpExistingFileName="C:\\Users\\FD1HVy\\Documents\\lWFh8--ly.pptx" (normalized: "c:\\users\\fd1hvy\\documents\\lwfh8--ly.pptx"), lpNewFileName="C:\\Users\\FD1HVy\\Documents\\lWFh8--ly.pptx.shade8" (normalized: "c:\\users\\fd1hvy\\documents\\lwfh8--ly.pptx.shade8")) returned 1 [0092.928] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\mv3ytnTVP.ppt", nBufferLength=0x105, lpBuffer=0xcfe620, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\mv3ytnTVP.ppt", lpFilePart=0x0) returned 0x27 [0092.928] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeb64) returned 1 [0092.928] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Documents\\mv3ytnTVP.ppt" (normalized: "c:\\users\\fd1hvy\\documents\\mv3ytntvp.ppt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2b8 [0092.929] GetFileType (hFile=0x2b8) returned 0x1 [0092.929] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeb60) returned 1 [0092.929] GetFileType (hFile=0x2b8) returned 0x1 [0092.929] GetFileSize (in: hFile=0x2b8, lpFileSizeHigh=0xcfec60 | out: lpFileSizeHigh=0xcfec60*=0x0) returned 0x10c4f [0092.929] ReadFile (in: hFile=0x2b8, lpBuffer=0x2daa854, nNumberOfBytesToRead=0x10c4f, lpNumberOfBytesRead=0xcfec0c, lpOverlapped=0x0 | out: lpBuffer=0x2daa854*, lpNumberOfBytesRead=0xcfec0c*=0x10c4f, lpOverlapped=0x0) returned 1 [0092.929] CloseHandle (hObject=0x2b8) returned 1 [0093.156] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", nBufferLength=0x105, lpBuffer=0xcfe724, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", lpFilePart=0x0) returned 0x2c [0093.156] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfebd8) returned 1 [0093.157] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8" (normalized: "c:\\users\\fd1hvy\\desktop\\read_this.txt.shade8"), fInfoLevelId=0x0, lpFileInformation=0xcfec54 | out: lpFileInformation=0xcfec54*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0093.157] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfebd4) returned 1 [0093.157] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\mv3ytnTVP.ppt", nBufferLength=0x105, lpBuffer=0xcfe60c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\mv3ytnTVP.ppt", lpFilePart=0x0) returned 0x27 [0093.157] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeb50) returned 1 [0093.157] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Documents\\mv3ytnTVP.ppt" (normalized: "c:\\users\\fd1hvy\\documents\\mv3ytntvp.ppt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2b8 [0093.158] GetFileType (hFile=0x2b8) returned 0x1 [0093.158] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeb4c) returned 1 [0093.158] GetFileType (hFile=0x2b8) returned 0x1 [0093.159] WriteFile (in: hFile=0x2b8, lpBuffer=0x2c3adc8*, nNumberOfBytesToWrite=0x10c50, lpNumberOfBytesWritten=0xcfec00, lpOverlapped=0x0 | out: lpBuffer=0x2c3adc8*, lpNumberOfBytesWritten=0xcfec00*=0x10c50, lpOverlapped=0x0) returned 1 [0093.160] CloseHandle (hObject=0x2b8) returned 1 [0093.163] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\mv3ytnTVP.ppt", nBufferLength=0x105, lpBuffer=0xcfe730, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\mv3ytnTVP.ppt", lpFilePart=0x0) returned 0x27 [0093.163] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\mv3ytnTVP.ppt.shade8", nBufferLength=0x105, lpBuffer=0xcfe730, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\mv3ytnTVP.ppt.shade8", lpFilePart=0x0) returned 0x2e [0093.163] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfebe4) returned 1 [0093.163] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\mv3ytnTVP.ppt" (normalized: "c:\\users\\fd1hvy\\documents\\mv3ytntvp.ppt"), fInfoLevelId=0x0, lpFileInformation=0xcfec60 | out: lpFileInformation=0xcfec60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf76ad6c0, ftCreationTime.dwHighDateTime=0x1d4c939, ftLastAccessTime.dwLowDateTime=0x220d6680, ftLastAccessTime.dwHighDateTime=0x1d4cf94, ftLastWriteTime.dwLowDateTime=0x80223ce9, ftLastWriteTime.dwHighDateTime=0x1d57301, nFileSizeHigh=0x0, nFileSizeLow=0x10c50)) returned 1 [0093.163] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfebe0) returned 1 [0093.163] MoveFileW (lpExistingFileName="C:\\Users\\FD1HVy\\Documents\\mv3ytnTVP.ppt" (normalized: "c:\\users\\fd1hvy\\documents\\mv3ytntvp.ppt"), lpNewFileName="C:\\Users\\FD1HVy\\Documents\\mv3ytnTVP.ppt.shade8" (normalized: "c:\\users\\fd1hvy\\documents\\mv3ytntvp.ppt.shade8")) returned 1 [0093.163] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\NowuucUWH88.csv", nBufferLength=0x105, lpBuffer=0xcfe620, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\NowuucUWH88.csv", lpFilePart=0x0) returned 0x29 [0093.163] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeb64) returned 1 [0093.164] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Documents\\NowuucUWH88.csv" (normalized: "c:\\users\\fd1hvy\\documents\\nowuucuwh88.csv"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2b8 [0093.164] GetFileType (hFile=0x2b8) returned 0x1 [0093.164] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeb60) returned 1 [0093.164] GetFileType (hFile=0x2b8) returned 0x1 [0093.164] GetFileSize (in: hFile=0x2b8, lpFileSizeHigh=0xcfec60 | out: lpFileSizeHigh=0xcfec60*=0x0) returned 0xe265 [0093.164] ReadFile (in: hFile=0x2b8, lpBuffer=0x2c4be68, nNumberOfBytesToRead=0xe265, lpNumberOfBytesRead=0xcfec0c, lpOverlapped=0x0 | out: lpBuffer=0x2c4be68*, lpNumberOfBytesRead=0xcfec0c*=0xe265, lpOverlapped=0x0) returned 1 [0093.164] CloseHandle (hObject=0x2b8) returned 1 [0093.266] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", nBufferLength=0x105, lpBuffer=0xcfe724, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", lpFilePart=0x0) returned 0x2c [0093.267] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfebd8) returned 1 [0093.267] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8" (normalized: "c:\\users\\fd1hvy\\desktop\\read_this.txt.shade8"), fInfoLevelId=0x0, lpFileInformation=0xcfec54 | out: lpFileInformation=0xcfec54*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0093.267] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfebd4) returned 1 [0093.267] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\NowuucUWH88.csv", nBufferLength=0x105, lpBuffer=0xcfe60c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\NowuucUWH88.csv", lpFilePart=0x0) returned 0x29 [0093.267] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeb50) returned 1 [0093.267] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Documents\\NowuucUWH88.csv" (normalized: "c:\\users\\fd1hvy\\documents\\nowuucuwh88.csv"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2b8 [0093.269] GetFileType (hFile=0x2b8) returned 0x1 [0093.269] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeb4c) returned 1 [0093.269] GetFileType (hFile=0x2b8) returned 0x1 [0093.269] WriteFile (in: hFile=0x2b8, lpBuffer=0x2cc3514*, nNumberOfBytesToWrite=0xe270, lpNumberOfBytesWritten=0xcfec00, lpOverlapped=0x0 | out: lpBuffer=0x2cc3514*, lpNumberOfBytesWritten=0xcfec00*=0xe270, lpOverlapped=0x0) returned 1 [0093.271] CloseHandle (hObject=0x2b8) returned 1 [0093.273] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\NowuucUWH88.csv", nBufferLength=0x105, lpBuffer=0xcfe730, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\NowuucUWH88.csv", lpFilePart=0x0) returned 0x29 [0093.273] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\NowuucUWH88.csv.shade8", nBufferLength=0x105, lpBuffer=0xcfe730, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\NowuucUWH88.csv.shade8", lpFilePart=0x0) returned 0x30 [0093.273] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfebe4) returned 1 [0093.273] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\NowuucUWH88.csv" (normalized: "c:\\users\\fd1hvy\\documents\\nowuucuwh88.csv"), fInfoLevelId=0x0, lpFileInformation=0xcfec60 | out: lpFileInformation=0xcfec60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb65e330, ftCreationTime.dwHighDateTime=0x1d4ccc4, ftLastAccessTime.dwLowDateTime=0xa7f0b070, ftLastAccessTime.dwHighDateTime=0x1d4ce88, ftLastWriteTime.dwLowDateTime=0x8032ed86, ftLastWriteTime.dwHighDateTime=0x1d57301, nFileSizeHigh=0x0, nFileSizeLow=0xe270)) returned 1 [0093.273] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfebe0) returned 1 [0093.273] MoveFileW (lpExistingFileName="C:\\Users\\FD1HVy\\Documents\\NowuucUWH88.csv" (normalized: "c:\\users\\fd1hvy\\documents\\nowuucuwh88.csv"), lpNewFileName="C:\\Users\\FD1HVy\\Documents\\NowuucUWH88.csv.shade8" (normalized: "c:\\users\\fd1hvy\\documents\\nowuucuwh88.csv.shade8")) returned 1 [0093.274] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\QycCod3aKy.xlsx", nBufferLength=0x105, lpBuffer=0xcfe620, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\QycCod3aKy.xlsx", lpFilePart=0x0) returned 0x29 [0093.274] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeb64) returned 1 [0093.274] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Documents\\QycCod3aKy.xlsx" (normalized: "c:\\users\\fd1hvy\\documents\\qyccod3aky.xlsx"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2b8 [0093.274] GetFileType (hFile=0x2b8) returned 0x1 [0093.274] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeb60) returned 1 [0093.274] GetFileType (hFile=0x2b8) returned 0x1 [0093.274] GetFileSize (in: hFile=0x2b8, lpFileSizeHigh=0xcfec60 | out: lpFileSizeHigh=0xcfec60*=0x0) returned 0xe356 [0093.274] ReadFile (in: hFile=0x2b8, lpBuffer=0x2cd1be8, nNumberOfBytesToRead=0xe356, lpNumberOfBytesRead=0xcfec0c, lpOverlapped=0x0 | out: lpBuffer=0x2cd1be8*, lpNumberOfBytesRead=0xcfec0c*=0xe356, lpOverlapped=0x0) returned 1 [0093.275] CloseHandle (hObject=0x2b8) returned 1 [0093.292] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", nBufferLength=0x105, lpBuffer=0xcfe724, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", lpFilePart=0x0) returned 0x2c [0093.293] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfebd8) returned 1 [0093.293] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8" (normalized: "c:\\users\\fd1hvy\\desktop\\read_this.txt.shade8"), fInfoLevelId=0x0, lpFileInformation=0xcfec54 | out: lpFileInformation=0xcfec54*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0093.293] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfebd4) returned 1 [0093.293] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\QycCod3aKy.xlsx", nBufferLength=0x105, lpBuffer=0xcfe60c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\QycCod3aKy.xlsx", lpFilePart=0x0) returned 0x29 [0093.293] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeb50) returned 1 [0093.293] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Documents\\QycCod3aKy.xlsx" (normalized: "c:\\users\\fd1hvy\\documents\\qyccod3aky.xlsx"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2b8 [0093.347] GetFileType (hFile=0x2b8) returned 0x1 [0093.347] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeb4c) returned 1 [0093.347] GetFileType (hFile=0x2b8) returned 0x1 [0093.347] WriteFile (in: hFile=0x2b8, lpBuffer=0x2d49408*, nNumberOfBytesToWrite=0xe360, lpNumberOfBytesWritten=0xcfec00, lpOverlapped=0x0 | out: lpBuffer=0x2d49408*, lpNumberOfBytesWritten=0xcfec00*=0xe360, lpOverlapped=0x0) returned 1 [0093.349] CloseHandle (hObject=0x2b8) returned 1 [0093.351] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\QycCod3aKy.xlsx", nBufferLength=0x105, lpBuffer=0xcfe730, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\QycCod3aKy.xlsx", lpFilePart=0x0) returned 0x29 [0093.351] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\QycCod3aKy.xlsx.shade8", nBufferLength=0x105, lpBuffer=0xcfe730, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\QycCod3aKy.xlsx.shade8", lpFilePart=0x0) returned 0x30 [0093.351] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfebe4) returned 1 [0093.352] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\QycCod3aKy.xlsx" (normalized: "c:\\users\\fd1hvy\\documents\\qyccod3aky.xlsx"), fInfoLevelId=0x0, lpFileInformation=0xcfec60 | out: lpFileInformation=0xcfec60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4a402760, ftCreationTime.dwHighDateTime=0x1d50ba7, ftLastAccessTime.dwLowDateTime=0x19e8c6f0, ftLastAccessTime.dwHighDateTime=0x1d51e6a, ftLastWriteTime.dwLowDateTime=0x803ed948, ftLastWriteTime.dwHighDateTime=0x1d57301, nFileSizeHigh=0x0, nFileSizeLow=0xe360)) returned 1 [0093.352] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfebe0) returned 1 [0093.352] MoveFileW (lpExistingFileName="C:\\Users\\FD1HVy\\Documents\\QycCod3aKy.xlsx" (normalized: "c:\\users\\fd1hvy\\documents\\qyccod3aky.xlsx"), lpNewFileName="C:\\Users\\FD1HVy\\Documents\\QycCod3aKy.xlsx.shade8" (normalized: "c:\\users\\fd1hvy\\documents\\qyccod3aky.xlsx.shade8")) returned 1 [0093.352] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\RnOng_uUANEZhdiVwxzo.xlsx", nBufferLength=0x105, lpBuffer=0xcfe620, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\RnOng_uUANEZhdiVwxzo.xlsx", lpFilePart=0x0) returned 0x33 [0093.353] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeb64) returned 1 [0093.353] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Documents\\RnOng_uUANEZhdiVwxzo.xlsx" (normalized: "c:\\users\\fd1hvy\\documents\\rnong_uuanezhdivwxzo.xlsx"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2b8 [0093.353] GetFileType (hFile=0x2b8) returned 0x1 [0093.353] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeb60) returned 1 [0093.353] GetFileType (hFile=0x2b8) returned 0x1 [0093.353] GetFileSize (in: hFile=0x2b8, lpFileSizeHigh=0xcfec60 | out: lpFileSizeHigh=0xcfec60*=0x0) returned 0xd72c [0093.353] ReadFile (in: hFile=0x2b8, lpBuffer=0x2d57bf4, nNumberOfBytesToRead=0xd72c, lpNumberOfBytesRead=0xcfec0c, lpOverlapped=0x0 | out: lpBuffer=0x2d57bf4*, lpNumberOfBytesRead=0xcfec0c*=0xd72c, lpOverlapped=0x0) returned 1 [0093.354] CloseHandle (hObject=0x2b8) returned 1 [0093.378] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", nBufferLength=0x105, lpBuffer=0xcfe724, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", lpFilePart=0x0) returned 0x2c [0093.378] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfebd8) returned 1 [0093.378] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8" (normalized: "c:\\users\\fd1hvy\\desktop\\read_this.txt.shade8"), fInfoLevelId=0x0, lpFileInformation=0xcfec54 | out: lpFileInformation=0xcfec54*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0093.379] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfebd4) returned 1 [0093.379] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\RnOng_uUANEZhdiVwxzo.xlsx", nBufferLength=0x105, lpBuffer=0xcfe60c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\RnOng_uUANEZhdiVwxzo.xlsx", lpFilePart=0x0) returned 0x33 [0093.379] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeb50) returned 1 [0093.379] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Documents\\RnOng_uUANEZhdiVwxzo.xlsx" (normalized: "c:\\users\\fd1hvy\\documents\\rnong_uuanezhdivwxzo.xlsx"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2b8 [0093.380] GetFileType (hFile=0x2b8) returned 0x1 [0093.380] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeb4c) returned 1 [0093.381] GetFileType (hFile=0x2b8) returned 0x1 [0093.381] WriteFile (in: hFile=0x2b8, lpBuffer=0x2dccf80*, nNumberOfBytesToWrite=0xd730, lpNumberOfBytesWritten=0xcfec00, lpOverlapped=0x0 | out: lpBuffer=0x2dccf80*, lpNumberOfBytesWritten=0xcfec00*=0xd730, lpOverlapped=0x0) returned 1 [0093.444] CloseHandle (hObject=0x2b8) returned 1 [0093.446] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\RnOng_uUANEZhdiVwxzo.xlsx", nBufferLength=0x105, lpBuffer=0xcfe730, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\RnOng_uUANEZhdiVwxzo.xlsx", lpFilePart=0x0) returned 0x33 [0093.446] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\RnOng_uUANEZhdiVwxzo.xlsx.shade8", nBufferLength=0x105, lpBuffer=0xcfe730, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\RnOng_uUANEZhdiVwxzo.xlsx.shade8", lpFilePart=0x0) returned 0x3a [0093.446] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfebe4) returned 1 [0093.446] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\RnOng_uUANEZhdiVwxzo.xlsx" (normalized: "c:\\users\\fd1hvy\\documents\\rnong_uuanezhdivwxzo.xlsx"), fInfoLevelId=0x0, lpFileInformation=0xcfec60 | out: lpFileInformation=0xcfec60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4c7e16f0, ftCreationTime.dwHighDateTime=0x1d51d62, ftLastAccessTime.dwLowDateTime=0xc5506280, ftLastAccessTime.dwHighDateTime=0x1d55990, ftLastWriteTime.dwLowDateTime=0x804d27b8, ftLastWriteTime.dwHighDateTime=0x1d57301, nFileSizeHigh=0x0, nFileSizeLow=0xd730)) returned 1 [0093.447] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfebe0) returned 1 [0093.447] MoveFileW (lpExistingFileName="C:\\Users\\FD1HVy\\Documents\\RnOng_uUANEZhdiVwxzo.xlsx" (normalized: "c:\\users\\fd1hvy\\documents\\rnong_uuanezhdivwxzo.xlsx"), lpNewFileName="C:\\Users\\FD1HVy\\Documents\\RnOng_uUANEZhdiVwxzo.xlsx.shade8" (normalized: "c:\\users\\fd1hvy\\documents\\rnong_uuanezhdivwxzo.xlsx.shade8")) returned 1 [0093.447] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\T1d-p3JxMF.pdf", nBufferLength=0x105, lpBuffer=0xcfe620, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\T1d-p3JxMF.pdf", lpFilePart=0x0) returned 0x28 [0093.447] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeb64) returned 1 [0093.447] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Documents\\T1d-p3JxMF.pdf" (normalized: "c:\\users\\fd1hvy\\documents\\t1d-p3jxmf.pdf"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2b8 [0093.448] GetFileType (hFile=0x2b8) returned 0x1 [0093.448] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeb60) returned 1 [0093.448] GetFileType (hFile=0x2b8) returned 0x1 [0093.448] GetFileSize (in: hFile=0x2b8, lpFileSizeHigh=0xcfec60 | out: lpFileSizeHigh=0xcfec60*=0x0) returned 0x12f49 [0093.448] ReadFile (in: hFile=0x2b8, lpBuffer=0x2ddab78, nNumberOfBytesToRead=0x12f49, lpNumberOfBytesRead=0xcfec0c, lpOverlapped=0x0 | out: lpBuffer=0x2ddab78*, lpNumberOfBytesRead=0xcfec0c*=0x12f49, lpOverlapped=0x0) returned 1 [0093.449] CloseHandle (hObject=0x2b8) returned 1 [0093.645] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", nBufferLength=0x105, lpBuffer=0xcfe724, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", lpFilePart=0x0) returned 0x2c [0093.645] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfebd8) returned 1 [0093.645] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8" (normalized: "c:\\users\\fd1hvy\\desktop\\read_this.txt.shade8"), fInfoLevelId=0x0, lpFileInformation=0xcfec54 | out: lpFileInformation=0xcfec54*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0093.645] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfebd4) returned 1 [0093.645] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\T1d-p3JxMF.pdf", nBufferLength=0x105, lpBuffer=0xcfe60c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\T1d-p3JxMF.pdf", lpFilePart=0x0) returned 0x28 [0093.645] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeb50) returned 1 [0093.646] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Documents\\T1d-p3JxMF.pdf" (normalized: "c:\\users\\fd1hvy\\documents\\t1d-p3jxmf.pdf"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2b8 [0093.647] GetFileType (hFile=0x2b8) returned 0x1 [0093.647] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeb4c) returned 1 [0093.647] GetFileType (hFile=0x2b8) returned 0x1 [0093.647] WriteFile (in: hFile=0x2b8, lpBuffer=0x2c6304c*, nNumberOfBytesToWrite=0x12f50, lpNumberOfBytesWritten=0xcfec00, lpOverlapped=0x0 | out: lpBuffer=0x2c6304c*, lpNumberOfBytesWritten=0xcfec00*=0x12f50, lpOverlapped=0x0) returned 1 [0093.650] CloseHandle (hObject=0x2b8) returned 1 [0093.653] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\T1d-p3JxMF.pdf", nBufferLength=0x105, lpBuffer=0xcfe730, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\T1d-p3JxMF.pdf", lpFilePart=0x0) returned 0x28 [0093.653] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\T1d-p3JxMF.pdf.shade8", nBufferLength=0x105, lpBuffer=0xcfe730, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\T1d-p3JxMF.pdf.shade8", lpFilePart=0x0) returned 0x2f [0093.653] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfebe4) returned 1 [0093.653] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\T1d-p3JxMF.pdf" (normalized: "c:\\users\\fd1hvy\\documents\\t1d-p3jxmf.pdf"), fInfoLevelId=0x0, lpFileInformation=0xcfec60 | out: lpFileInformation=0xcfec60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4ffdd6b0, ftCreationTime.dwHighDateTime=0x1d4c8d2, ftLastAccessTime.dwLowDateTime=0x5db94b90, ftLastAccessTime.dwHighDateTime=0x1d4d115, ftLastWriteTime.dwLowDateTime=0x806c288f, ftLastWriteTime.dwHighDateTime=0x1d57301, nFileSizeHigh=0x0, nFileSizeLow=0x12f50)) returned 1 [0093.653] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfebe0) returned 1 [0093.653] MoveFileW (lpExistingFileName="C:\\Users\\FD1HVy\\Documents\\T1d-p3JxMF.pdf" (normalized: "c:\\users\\fd1hvy\\documents\\t1d-p3jxmf.pdf"), lpNewFileName="C:\\Users\\FD1HVy\\Documents\\T1d-p3JxMF.pdf.shade8" (normalized: "c:\\users\\fd1hvy\\documents\\t1d-p3jxmf.pdf.shade8")) returned 1 [0093.654] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\un6rxRVJiqSaIj.rtf", nBufferLength=0x105, lpBuffer=0xcfe620, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\un6rxRVJiqSaIj.rtf", lpFilePart=0x0) returned 0x2c [0093.654] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeb64) returned 1 [0093.654] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Documents\\un6rxRVJiqSaIj.rtf" (normalized: "c:\\users\\fd1hvy\\documents\\un6rxrvjiqsaij.rtf"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2b8 [0093.654] GetFileType (hFile=0x2b8) returned 0x1 [0093.654] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeb60) returned 1 [0093.654] GetFileType (hFile=0x2b8) returned 0x1 [0093.654] GetFileSize (in: hFile=0x2b8, lpFileSizeHigh=0xcfec60 | out: lpFileSizeHigh=0xcfec60*=0x0) returned 0xb1d2 [0093.654] ReadFile (in: hFile=0x2b8, lpBuffer=0x2c76408, nNumberOfBytesToRead=0xb1d2, lpNumberOfBytesRead=0xcfec0c, lpOverlapped=0x0 | out: lpBuffer=0x2c76408*, lpNumberOfBytesRead=0xcfec0c*=0xb1d2, lpOverlapped=0x0) returned 1 [0093.655] CloseHandle (hObject=0x2b8) returned 1 [0093.678] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", nBufferLength=0x105, lpBuffer=0xcfe724, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", lpFilePart=0x0) returned 0x2c [0093.679] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfebd8) returned 1 [0093.679] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8" (normalized: "c:\\users\\fd1hvy\\desktop\\read_this.txt.shade8"), fInfoLevelId=0x0, lpFileInformation=0xcfec54 | out: lpFileInformation=0xcfec54*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0093.679] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfebd4) returned 1 [0093.679] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\un6rxRVJiqSaIj.rtf", nBufferLength=0x105, lpBuffer=0xcfe60c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\un6rxRVJiqSaIj.rtf", lpFilePart=0x0) returned 0x2c [0093.679] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeb50) returned 1 [0093.679] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Documents\\un6rxRVJiqSaIj.rtf" (normalized: "c:\\users\\fd1hvy\\documents\\un6rxrvjiqsaij.rtf"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2b8 [0093.680] GetFileType (hFile=0x2b8) returned 0x1 [0093.681] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeb4c) returned 1 [0093.681] GetFileType (hFile=0x2b8) returned 0x1 [0093.681] WriteFile (in: hFile=0x2b8, lpBuffer=0x2ce4904*, nNumberOfBytesToWrite=0xb1e0, lpNumberOfBytesWritten=0xcfec00, lpOverlapped=0x0 | out: lpBuffer=0x2ce4904*, lpNumberOfBytesWritten=0xcfec00*=0xb1e0, lpOverlapped=0x0) returned 1 [0093.683] CloseHandle (hObject=0x2b8) returned 1 [0093.685] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\un6rxRVJiqSaIj.rtf", nBufferLength=0x105, lpBuffer=0xcfe730, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\un6rxRVJiqSaIj.rtf", lpFilePart=0x0) returned 0x2c [0093.685] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\un6rxRVJiqSaIj.rtf.shade8", nBufferLength=0x105, lpBuffer=0xcfe730, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\un6rxRVJiqSaIj.rtf.shade8", lpFilePart=0x0) returned 0x33 [0093.685] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfebe4) returned 1 [0093.685] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\un6rxRVJiqSaIj.rtf" (normalized: "c:\\users\\fd1hvy\\documents\\un6rxrvjiqsaij.rtf"), fInfoLevelId=0x0, lpFileInformation=0xcfec60 | out: lpFileInformation=0xcfec60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe2a38450, ftCreationTime.dwHighDateTime=0x1d4c699, ftLastAccessTime.dwLowDateTime=0xb86b8150, ftLastAccessTime.dwHighDateTime=0x1d4d437, ftLastWriteTime.dwLowDateTime=0x8070ebbb, ftLastWriteTime.dwHighDateTime=0x1d57301, nFileSizeHigh=0x0, nFileSizeLow=0xb1e0)) returned 1 [0093.685] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfebe0) returned 1 [0093.685] MoveFileW (lpExistingFileName="C:\\Users\\FD1HVy\\Documents\\un6rxRVJiqSaIj.rtf" (normalized: "c:\\users\\fd1hvy\\documents\\un6rxrvjiqsaij.rtf"), lpNewFileName="C:\\Users\\FD1HVy\\Documents\\un6rxRVJiqSaIj.rtf.shade8" (normalized: "c:\\users\\fd1hvy\\documents\\un6rxrvjiqsaij.rtf.shade8")) returned 1 [0093.686] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\vjEnRfg-8iJV5S9s6yM5.pptx", nBufferLength=0x105, lpBuffer=0xcfe620, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\vjEnRfg-8iJV5S9s6yM5.pptx", lpFilePart=0x0) returned 0x33 [0093.686] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeb64) returned 1 [0093.686] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Documents\\vjEnRfg-8iJV5S9s6yM5.pptx" (normalized: "c:\\users\\fd1hvy\\documents\\vjenrfg-8ijv5s9s6ym5.pptx"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2b8 [0093.741] GetFileType (hFile=0x2b8) returned 0x1 [0093.741] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeb60) returned 1 [0093.741] GetFileType (hFile=0x2b8) returned 0x1 [0093.741] GetFileSize (in: hFile=0x2b8, lpFileSizeHigh=0xcfec60 | out: lpFileSizeHigh=0xcfec60*=0x0) returned 0xfe7f [0093.741] ReadFile (in: hFile=0x2b8, lpBuffer=0x2ceff90, nNumberOfBytesToRead=0xfe7f, lpNumberOfBytesRead=0xcfec0c, lpOverlapped=0x0 | out: lpBuffer=0x2ceff90*, lpNumberOfBytesRead=0xcfec0c*=0xfe7f, lpOverlapped=0x0) returned 1 [0093.742] CloseHandle (hObject=0x2b8) returned 1 [0093.767] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", nBufferLength=0x105, lpBuffer=0xcfe724, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", lpFilePart=0x0) returned 0x2c [0093.767] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfebd8) returned 1 [0093.767] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8" (normalized: "c:\\users\\fd1hvy\\desktop\\read_this.txt.shade8"), fInfoLevelId=0x0, lpFileInformation=0xcfec54 | out: lpFileInformation=0xcfec54*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0093.767] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfebd4) returned 1 [0093.767] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\vjEnRfg-8iJV5S9s6yM5.pptx", nBufferLength=0x105, lpBuffer=0xcfe60c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\vjEnRfg-8iJV5S9s6yM5.pptx", lpFilePart=0x0) returned 0x33 [0093.767] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeb50) returned 1 [0093.767] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Documents\\vjEnRfg-8iJV5S9s6yM5.pptx" (normalized: "c:\\users\\fd1hvy\\documents\\vjenrfg-8ijv5s9s6ym5.pptx"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2b8 [0093.769] GetFileType (hFile=0x2b8) returned 0x1 [0093.769] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeb4c) returned 1 [0093.769] GetFileType (hFile=0x2b8) returned 0x1 [0093.769] WriteFile (in: hFile=0x2b8, lpBuffer=0x2d6c910*, nNumberOfBytesToWrite=0xfe80, lpNumberOfBytesWritten=0xcfec00, lpOverlapped=0x0 | out: lpBuffer=0x2d6c910*, lpNumberOfBytesWritten=0xcfec00*=0xfe80, lpOverlapped=0x0) returned 1 [0093.771] CloseHandle (hObject=0x2b8) returned 1 [0093.773] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\vjEnRfg-8iJV5S9s6yM5.pptx", nBufferLength=0x105, lpBuffer=0xcfe730, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\vjEnRfg-8iJV5S9s6yM5.pptx", lpFilePart=0x0) returned 0x33 [0093.774] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\vjEnRfg-8iJV5S9s6yM5.pptx.shade8", nBufferLength=0x105, lpBuffer=0xcfe730, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\vjEnRfg-8iJV5S9s6yM5.pptx.shade8", lpFilePart=0x0) returned 0x3a [0093.774] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfebe4) returned 1 [0093.774] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\vjEnRfg-8iJV5S9s6yM5.pptx" (normalized: "c:\\users\\fd1hvy\\documents\\vjenrfg-8ijv5s9s6ym5.pptx"), fInfoLevelId=0x0, lpFileInformation=0xcfec60 | out: lpFileInformation=0xcfec60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x625c1100, ftCreationTime.dwHighDateTime=0x1d54a69, ftLastAccessTime.dwLowDateTime=0xdbea2e60, ftLastAccessTime.dwHighDateTime=0x1d57252, ftLastWriteTime.dwLowDateTime=0x807f38c2, ftLastWriteTime.dwHighDateTime=0x1d57301, nFileSizeHigh=0x0, nFileSizeLow=0xfe80)) returned 1 [0093.774] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfebe0) returned 1 [0093.774] MoveFileW (lpExistingFileName="C:\\Users\\FD1HVy\\Documents\\vjEnRfg-8iJV5S9s6yM5.pptx" (normalized: "c:\\users\\fd1hvy\\documents\\vjenrfg-8ijv5s9s6ym5.pptx"), lpNewFileName="C:\\Users\\FD1HVy\\Documents\\vjEnRfg-8iJV5S9s6yM5.pptx.shade8" (normalized: "c:\\users\\fd1hvy\\documents\\vjenrfg-8ijv5s9s6ym5.pptx.shade8")) returned 1 [0093.775] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\z7sO5.xlsx", nBufferLength=0x105, lpBuffer=0xcfe620, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\z7sO5.xlsx", lpFilePart=0x0) returned 0x24 [0093.775] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeb64) returned 1 [0093.775] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Documents\\z7sO5.xlsx" (normalized: "c:\\users\\fd1hvy\\documents\\z7so5.xlsx"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2b8 [0093.775] GetFileType (hFile=0x2b8) returned 0x1 [0093.775] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeb60) returned 1 [0093.775] GetFileType (hFile=0x2b8) returned 0x1 [0093.775] GetFileSize (in: hFile=0x2b8, lpFileSizeHigh=0xcfec60 | out: lpFileSizeHigh=0xcfec60*=0x0) returned 0x113ed [0093.775] ReadFile (in: hFile=0x2b8, lpBuffer=0x2d7cc48, nNumberOfBytesToRead=0x113ed, lpNumberOfBytesRead=0xcfec0c, lpOverlapped=0x0 | out: lpBuffer=0x2d7cc48*, lpNumberOfBytesRead=0xcfec0c*=0x113ed, lpOverlapped=0x0) returned 1 [0093.776] CloseHandle (hObject=0x2b8) returned 1 [0093.878] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", nBufferLength=0x105, lpBuffer=0xcfe724, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", lpFilePart=0x0) returned 0x2c [0093.878] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfebd8) returned 1 [0093.878] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8" (normalized: "c:\\users\\fd1hvy\\desktop\\read_this.txt.shade8"), fInfoLevelId=0x0, lpFileInformation=0xcfec54 | out: lpFileInformation=0xcfec54*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0093.878] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfebd4) returned 1 [0093.878] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\z7sO5.xlsx", nBufferLength=0x105, lpBuffer=0xcfe60c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\z7sO5.xlsx", lpFilePart=0x0) returned 0x24 [0093.879] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeb50) returned 1 [0093.879] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Documents\\z7sO5.xlsx" (normalized: "c:\\users\\fd1hvy\\documents\\z7so5.xlsx"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2b8 [0093.880] GetFileType (hFile=0x2b8) returned 0x1 [0093.880] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeb4c) returned 1 [0093.880] GetFileType (hFile=0x2b8) returned 0x1 [0093.880] WriteFile (in: hFile=0x2b8, lpBuffer=0x2c0239c*, nNumberOfBytesToWrite=0x113f0, lpNumberOfBytesWritten=0xcfec00, lpOverlapped=0x0 | out: lpBuffer=0x2c0239c*, lpNumberOfBytesWritten=0xcfec00*=0x113f0, lpOverlapped=0x0) returned 1 [0093.883] CloseHandle (hObject=0x2b8) returned 1 [0093.886] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\z7sO5.xlsx", nBufferLength=0x105, lpBuffer=0xcfe730, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\z7sO5.xlsx", lpFilePart=0x0) returned 0x24 [0093.886] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\z7sO5.xlsx.shade8", nBufferLength=0x105, lpBuffer=0xcfe730, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\z7sO5.xlsx.shade8", lpFilePart=0x0) returned 0x2b [0093.886] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfebe4) returned 1 [0093.886] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\z7sO5.xlsx" (normalized: "c:\\users\\fd1hvy\\documents\\z7so5.xlsx"), fInfoLevelId=0x0, lpFileInformation=0xcfec60 | out: lpFileInformation=0xcfec60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1e9e410, ftCreationTime.dwHighDateTime=0x1d538b1, ftLastAccessTime.dwLowDateTime=0x40a6c560, ftLastAccessTime.dwHighDateTime=0x1d51cb4, ftLastWriteTime.dwLowDateTime=0x808fe8ea, ftLastWriteTime.dwHighDateTime=0x1d57301, nFileSizeHigh=0x0, nFileSizeLow=0x113f0)) returned 1 [0093.886] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfebe0) returned 1 [0093.886] MoveFileW (lpExistingFileName="C:\\Users\\FD1HVy\\Documents\\z7sO5.xlsx" (normalized: "c:\\users\\fd1hvy\\documents\\z7so5.xlsx"), lpNewFileName="C:\\Users\\FD1HVy\\Documents\\z7sO5.xlsx.shade8" (normalized: "c:\\users\\fd1hvy\\documents\\z7so5.xlsx.shade8")) returned 1 [0093.887] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\_Uvn6DNHmH.pptx", nBufferLength=0x105, lpBuffer=0xcfe620, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\_Uvn6DNHmH.pptx", lpFilePart=0x0) returned 0x29 [0093.887] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeb64) returned 1 [0093.887] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Documents\\_Uvn6DNHmH.pptx" (normalized: "c:\\users\\fd1hvy\\documents\\_uvn6dnhmh.pptx"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2b8 [0093.887] GetFileType (hFile=0x2b8) returned 0x1 [0093.887] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeb60) returned 1 [0093.887] GetFileType (hFile=0x2b8) returned 0x1 [0093.887] GetFileSize (in: hFile=0x2b8, lpFileSizeHigh=0xcfec60 | out: lpFileSizeHigh=0xcfec60*=0x0) returned 0x18d96 [0093.887] ReadFile (in: hFile=0x2b8, lpBuffer=0x3e0cb68, nNumberOfBytesToRead=0x18d96, lpNumberOfBytesRead=0xcfec0c, lpOverlapped=0x0 | out: lpBuffer=0x3e0cb68*, lpNumberOfBytesRead=0xcfec0c*=0x18d96, lpOverlapped=0x0) returned 1 [0093.888] CloseHandle (hObject=0x2b8) returned 1 [0093.963] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", nBufferLength=0x105, lpBuffer=0xcfe724, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", lpFilePart=0x0) returned 0x2c [0093.963] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfebd8) returned 1 [0093.963] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8" (normalized: "c:\\users\\fd1hvy\\desktop\\read_this.txt.shade8"), fInfoLevelId=0x0, lpFileInformation=0xcfec54 | out: lpFileInformation=0xcfec54*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0093.963] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfebd4) returned 1 [0093.963] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\_Uvn6DNHmH.pptx", nBufferLength=0x105, lpBuffer=0xcfe60c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\_Uvn6DNHmH.pptx", lpFilePart=0x0) returned 0x29 [0093.963] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeb50) returned 1 [0093.963] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Documents\\_Uvn6DNHmH.pptx" (normalized: "c:\\users\\fd1hvy\\documents\\_uvn6dnhmh.pptx"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2b8 [0093.966] GetFileType (hFile=0x2b8) returned 0x1 [0093.966] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeb4c) returned 1 [0093.966] GetFileType (hFile=0x2b8) returned 0x1 [0093.966] WriteFile (in: hFile=0x2b8, lpBuffer=0x3f095c8*, nNumberOfBytesToWrite=0x18da0, lpNumberOfBytesWritten=0xcfec00, lpOverlapped=0x0 | out: lpBuffer=0x3f095c8*, lpNumberOfBytesWritten=0xcfec00*=0x18da0, lpOverlapped=0x0) returned 1 [0093.970] CloseHandle (hObject=0x2b8) returned 1 [0093.974] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\_Uvn6DNHmH.pptx", nBufferLength=0x105, lpBuffer=0xcfe730, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\_Uvn6DNHmH.pptx", lpFilePart=0x0) returned 0x29 [0093.974] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\_Uvn6DNHmH.pptx.shade8", nBufferLength=0x105, lpBuffer=0xcfe730, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\_Uvn6DNHmH.pptx.shade8", lpFilePart=0x0) returned 0x30 [0093.974] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfebe4) returned 1 [0093.974] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\_Uvn6DNHmH.pptx" (normalized: "c:\\users\\fd1hvy\\documents\\_uvn6dnhmh.pptx"), fInfoLevelId=0x0, lpFileInformation=0xcfec60 | out: lpFileInformation=0xcfec60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa3831f0, ftCreationTime.dwHighDateTime=0x1d4f2be, ftLastAccessTime.dwLowDateTime=0x1afc4a70, ftLastAccessTime.dwHighDateTime=0x1d5324d, ftLastWriteTime.dwLowDateTime=0x809e394e, ftLastWriteTime.dwHighDateTime=0x1d57301, nFileSizeHigh=0x0, nFileSizeLow=0x18da0)) returned 1 [0093.974] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfebe0) returned 1 [0093.974] MoveFileW (lpExistingFileName="C:\\Users\\FD1HVy\\Documents\\_Uvn6DNHmH.pptx" (normalized: "c:\\users\\fd1hvy\\documents\\_uvn6dnhmh.pptx"), lpNewFileName="C:\\Users\\FD1HVy\\Documents\\_Uvn6DNHmH.pptx.shade8" (normalized: "c:\\users\\fd1hvy\\documents\\_uvn6dnhmh.pptx.shade8")) returned 1 [0093.975] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfec44) returned 1 [0093.975] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\CPoDMpxr", nBufferLength=0x105, lpBuffer=0xcfe6f8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\CPoDMpxr", lpFilePart=0x0) returned 0x22 [0093.975] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\CPoDMpxr\\*", lpFindFileData=0xcfe96c | out: lpFindFileData=0xcfe96c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x42650820, ftCreationTime.dwHighDateTime=0x1d4cd8c, ftLastAccessTime.dwLowDateTime=0x271862f0, ftLastAccessTime.dwHighDateTime=0x1d4c62b, ftLastWriteTime.dwLowDateTime=0x271862f0, ftLastWriteTime.dwHighDateTime=0x1d4c62b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xfe65a0 [0093.976] FindNextFileW (in: hFindFile=0xfe65a0, lpFindFileData=0xcfe978 | out: lpFindFileData=0xcfe978*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x42650820, ftCreationTime.dwHighDateTime=0x1d4cd8c, ftLastAccessTime.dwLowDateTime=0x271862f0, ftLastAccessTime.dwHighDateTime=0x1d4c62b, ftLastWriteTime.dwLowDateTime=0x271862f0, ftLastWriteTime.dwHighDateTime=0x1d4c62b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0093.976] FindNextFileW (in: hFindFile=0xfe65a0, lpFindFileData=0xcfe978 | out: lpFindFileData=0xcfe978*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x56c858b0, ftCreationTime.dwHighDateTime=0x1d4c8c5, ftLastAccessTime.dwLowDateTime=0x2eaf24a0, ftLastAccessTime.dwHighDateTime=0x1d4c6d9, ftLastWriteTime.dwLowDateTime=0x2eaf24a0, ftLastWriteTime.dwHighDateTime=0x1d4c6d9, nFileSizeHigh=0x0, nFileSizeLow=0x1541, dwReserved0=0x0, dwReserved1=0x0, cFileName="-aBZ8McYzkEqjFDQ.odp", cAlternateFileName="-ABZ8M~1.ODP")) returned 1 [0093.976] FindNextFileW (in: hFindFile=0xfe65a0, lpFindFileData=0xcfe978 | out: lpFindFileData=0xcfe978*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x9e94bfe0, ftCreationTime.dwHighDateTime=0x1d4d0df, ftLastAccessTime.dwLowDateTime=0x7b3c16f0, ftLastAccessTime.dwHighDateTime=0x1d4d41e, ftLastWriteTime.dwLowDateTime=0x7b3c16f0, ftLastWriteTime.dwHighDateTime=0x1d4d41e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="AwH9xAzq7HnZYaALibUA", cAlternateFileName="AWH9XA~1")) returned 1 [0093.976] FindNextFileW (in: hFindFile=0xfe65a0, lpFindFileData=0xcfe978 | out: lpFindFileData=0xcfe978*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x4bf1a7f0, ftCreationTime.dwHighDateTime=0x1d4c9bc, ftLastAccessTime.dwLowDateTime=0xd23b9fe0, ftLastAccessTime.dwHighDateTime=0x1d4c724, ftLastWriteTime.dwLowDateTime=0xd23b9fe0, ftLastWriteTime.dwHighDateTime=0x1d4c724, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="e4fndvcoLqNRAFIaMJ", cAlternateFileName="E4FNDV~1")) returned 1 [0093.976] FindNextFileW (in: hFindFile=0xfe65a0, lpFindFileData=0xcfe978 | out: lpFindFileData=0xcfe978*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4577bd60, ftCreationTime.dwHighDateTime=0x1d4d542, ftLastAccessTime.dwLowDateTime=0x85be9f0, ftLastAccessTime.dwHighDateTime=0x1d4cb84, ftLastWriteTime.dwLowDateTime=0x85be9f0, ftLastWriteTime.dwHighDateTime=0x1d4cb84, nFileSizeHigh=0x0, nFileSizeLow=0x14232, dwReserved0=0x0, dwReserved1=0x0, cFileName="t-s39t4kjHqVYI_7oPz.xlsx", cAlternateFileName="T-S39T~1.XLS")) returned 1 [0093.977] FindNextFileW (in: hFindFile=0xfe65a0, lpFindFileData=0xcfe978 | out: lpFindFileData=0xcfe978*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x9c2852d0, ftCreationTime.dwHighDateTime=0x1d4cb44, ftLastAccessTime.dwLowDateTime=0xee8b98e0, ftLastAccessTime.dwHighDateTime=0x1d4c872, ftLastWriteTime.dwLowDateTime=0xee8b98e0, ftLastWriteTime.dwHighDateTime=0x1d4c872, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="YEjsT", cAlternateFileName="")) returned 1 [0093.977] FindNextFileW (in: hFindFile=0xfe65a0, lpFindFileData=0xcfe978 | out: lpFindFileData=0xcfe978*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc5cde300, ftCreationTime.dwHighDateTime=0x1d4ce7f, ftLastAccessTime.dwLowDateTime=0x521459f0, ftLastAccessTime.dwHighDateTime=0x1d4c77a, ftLastWriteTime.dwLowDateTime=0x521459f0, ftLastWriteTime.dwHighDateTime=0x1d4c77a, nFileSizeHigh=0x0, nFileSizeLow=0xfcbf, dwReserved0=0x0, dwReserved1=0x0, cFileName="ZKhqtyFMKDwyQgewHY1N.csv", cAlternateFileName="ZKHQTY~1.CSV")) returned 1 [0093.977] FindNextFileW (in: hFindFile=0xfe65a0, lpFindFileData=0xcfe978 | out: lpFindFileData=0xcfe978*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0093.977] FindClose (in: hFindFile=0xfe65a0 | out: hFindFile=0xfe65a0) returned 1 [0093.977] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfec00) returned 1 [0093.977] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfec0c) returned 1 [0093.977] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfec44) returned 1 [0093.978] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\CPoDMpxr", nBufferLength=0x105, lpBuffer=0xcfe6f8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\CPoDMpxr", lpFilePart=0x0) returned 0x22 [0093.978] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\CPoDMpxr\\*", lpFindFileData=0xcfe96c | out: lpFindFileData=0xcfe96c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x42650820, ftCreationTime.dwHighDateTime=0x1d4cd8c, ftLastAccessTime.dwLowDateTime=0x271862f0, ftLastAccessTime.dwHighDateTime=0x1d4c62b, ftLastWriteTime.dwLowDateTime=0x271862f0, ftLastWriteTime.dwHighDateTime=0x1d4c62b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xfe6660 [0093.978] FindNextFileW (in: hFindFile=0xfe6660, lpFindFileData=0xcfe978 | out: lpFindFileData=0xcfe978*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x42650820, ftCreationTime.dwHighDateTime=0x1d4cd8c, ftLastAccessTime.dwLowDateTime=0x271862f0, ftLastAccessTime.dwHighDateTime=0x1d4c62b, ftLastWriteTime.dwLowDateTime=0x271862f0, ftLastWriteTime.dwHighDateTime=0x1d4c62b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0093.978] FindNextFileW (in: hFindFile=0xfe6660, lpFindFileData=0xcfe978 | out: lpFindFileData=0xcfe978*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x56c858b0, ftCreationTime.dwHighDateTime=0x1d4c8c5, ftLastAccessTime.dwLowDateTime=0x2eaf24a0, ftLastAccessTime.dwHighDateTime=0x1d4c6d9, ftLastWriteTime.dwLowDateTime=0x2eaf24a0, ftLastWriteTime.dwHighDateTime=0x1d4c6d9, nFileSizeHigh=0x0, nFileSizeLow=0x1541, dwReserved0=0x0, dwReserved1=0x0, cFileName="-aBZ8McYzkEqjFDQ.odp", cAlternateFileName="-ABZ8M~1.ODP")) returned 1 [0093.978] FindNextFileW (in: hFindFile=0xfe6660, lpFindFileData=0xcfe978 | out: lpFindFileData=0xcfe978*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x9e94bfe0, ftCreationTime.dwHighDateTime=0x1d4d0df, ftLastAccessTime.dwLowDateTime=0x7b3c16f0, ftLastAccessTime.dwHighDateTime=0x1d4d41e, ftLastWriteTime.dwLowDateTime=0x7b3c16f0, ftLastWriteTime.dwHighDateTime=0x1d4d41e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="AwH9xAzq7HnZYaALibUA", cAlternateFileName="AWH9XA~1")) returned 1 [0093.978] FindNextFileW (in: hFindFile=0xfe6660, lpFindFileData=0xcfe978 | out: lpFindFileData=0xcfe978*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x4bf1a7f0, ftCreationTime.dwHighDateTime=0x1d4c9bc, ftLastAccessTime.dwLowDateTime=0xd23b9fe0, ftLastAccessTime.dwHighDateTime=0x1d4c724, ftLastWriteTime.dwLowDateTime=0xd23b9fe0, ftLastWriteTime.dwHighDateTime=0x1d4c724, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="e4fndvcoLqNRAFIaMJ", cAlternateFileName="E4FNDV~1")) returned 1 [0093.979] FindNextFileW (in: hFindFile=0xfe6660, lpFindFileData=0xcfe978 | out: lpFindFileData=0xcfe978*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4577bd60, ftCreationTime.dwHighDateTime=0x1d4d542, ftLastAccessTime.dwLowDateTime=0x85be9f0, ftLastAccessTime.dwHighDateTime=0x1d4cb84, ftLastWriteTime.dwLowDateTime=0x85be9f0, ftLastWriteTime.dwHighDateTime=0x1d4cb84, nFileSizeHigh=0x0, nFileSizeLow=0x14232, dwReserved0=0x0, dwReserved1=0x0, cFileName="t-s39t4kjHqVYI_7oPz.xlsx", cAlternateFileName="T-S39T~1.XLS")) returned 1 [0093.979] FindNextFileW (in: hFindFile=0xfe6660, lpFindFileData=0xcfe978 | out: lpFindFileData=0xcfe978*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x9c2852d0, ftCreationTime.dwHighDateTime=0x1d4cb44, ftLastAccessTime.dwLowDateTime=0xee8b98e0, ftLastAccessTime.dwHighDateTime=0x1d4c872, ftLastWriteTime.dwLowDateTime=0xee8b98e0, ftLastWriteTime.dwHighDateTime=0x1d4c872, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="YEjsT", cAlternateFileName="")) returned 1 [0093.979] FindNextFileW (in: hFindFile=0xfe6660, lpFindFileData=0xcfe978 | out: lpFindFileData=0xcfe978*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc5cde300, ftCreationTime.dwHighDateTime=0x1d4ce7f, ftLastAccessTime.dwLowDateTime=0x521459f0, ftLastAccessTime.dwHighDateTime=0x1d4c77a, ftLastWriteTime.dwLowDateTime=0x521459f0, ftLastWriteTime.dwHighDateTime=0x1d4c77a, nFileSizeHigh=0x0, nFileSizeLow=0xfcbf, dwReserved0=0x0, dwReserved1=0x0, cFileName="ZKhqtyFMKDwyQgewHY1N.csv", cAlternateFileName="ZKHQTY~1.CSV")) returned 1 [0093.979] FindNextFileW (in: hFindFile=0xfe6660, lpFindFileData=0xcfe978 | out: lpFindFileData=0xcfe978*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc5cde300, ftCreationTime.dwHighDateTime=0x1d4ce7f, ftLastAccessTime.dwLowDateTime=0x521459f0, ftLastAccessTime.dwHighDateTime=0x1d4c77a, ftLastWriteTime.dwLowDateTime=0x521459f0, ftLastWriteTime.dwHighDateTime=0x1d4c77a, nFileSizeHigh=0x0, nFileSizeLow=0xfcbf, dwReserved0=0x0, dwReserved1=0x0, cFileName="ZKhqtyFMKDwyQgewHY1N.csv", cAlternateFileName="ZKHQTY~1.CSV")) returned 0 [0093.979] FindClose (in: hFindFile=0xfe6660 | out: hFindFile=0xfe6660) returned 1 [0093.980] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfec00) returned 1 [0093.980] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfec0c) returned 1 [0093.980] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\CPoDMpxr\\t-s39t4kjHqVYI_7oPz.xlsx", nBufferLength=0x105, lpBuffer=0xcfe5ac, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\CPoDMpxr\\t-s39t4kjHqVYI_7oPz.xlsx", lpFilePart=0x0) returned 0x3b [0093.980] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeaf0) returned 1 [0093.980] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Documents\\CPoDMpxr\\t-s39t4kjHqVYI_7oPz.xlsx" (normalized: "c:\\users\\fd1hvy\\documents\\cpodmpxr\\t-s39t4kjhqvyi_7opz.xlsx"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2b8 [0093.980] GetFileType (hFile=0x2b8) returned 0x1 [0093.980] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeaec) returned 1 [0093.980] GetFileType (hFile=0x2b8) returned 0x1 [0093.980] GetFileSize (in: hFile=0x2b8, lpFileSizeHigh=0xcfebec | out: lpFileSizeHigh=0xcfebec*=0x0) returned 0x14232 [0093.980] ReadFile (in: hFile=0x2b8, lpBuffer=0x2c62e0c, nNumberOfBytesToRead=0x14232, lpNumberOfBytesRead=0xcfeb98, lpOverlapped=0x0 | out: lpBuffer=0x2c62e0c*, lpNumberOfBytesRead=0xcfeb98*=0x14232, lpOverlapped=0x0) returned 1 [0093.981] CloseHandle (hObject=0x2b8) returned 1 [0094.242] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", nBufferLength=0x105, lpBuffer=0xcfe6b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", lpFilePart=0x0) returned 0x2c [0094.242] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeb64) returned 1 [0094.242] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8" (normalized: "c:\\users\\fd1hvy\\desktop\\read_this.txt.shade8"), fInfoLevelId=0x0, lpFileInformation=0xcfebe0 | out: lpFileInformation=0xcfebe0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0094.242] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeb60) returned 1 [0094.242] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\CPoDMpxr\\t-s39t4kjHqVYI_7oPz.xlsx", nBufferLength=0x105, lpBuffer=0xcfe598, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\CPoDMpxr\\t-s39t4kjHqVYI_7oPz.xlsx", lpFilePart=0x0) returned 0x3b [0094.242] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeadc) returned 1 [0094.242] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Documents\\CPoDMpxr\\t-s39t4kjHqVYI_7oPz.xlsx" (normalized: "c:\\users\\fd1hvy\\documents\\cpodmpxr\\t-s39t4kjhqvyi_7opz.xlsx"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2b8 [0094.243] GetFileType (hFile=0x2b8) returned 0x1 [0094.244] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfead8) returned 1 [0094.244] GetFileType (hFile=0x2b8) returned 0x1 [0094.244] WriteFile (in: hFile=0x2b8, lpBuffer=0x2cec2cc*, nNumberOfBytesToWrite=0x14240, lpNumberOfBytesWritten=0xcfeb8c, lpOverlapped=0x0 | out: lpBuffer=0x2cec2cc*, lpNumberOfBytesWritten=0xcfeb8c*=0x14240, lpOverlapped=0x0) returned 1 [0094.246] CloseHandle (hObject=0x2b8) returned 1 [0094.248] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\CPoDMpxr\\t-s39t4kjHqVYI_7oPz.xlsx", nBufferLength=0x105, lpBuffer=0xcfe6bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\CPoDMpxr\\t-s39t4kjHqVYI_7oPz.xlsx", lpFilePart=0x0) returned 0x3b [0094.248] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\CPoDMpxr\\t-s39t4kjHqVYI_7oPz.xlsx.shade8", nBufferLength=0x105, lpBuffer=0xcfe6bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\CPoDMpxr\\t-s39t4kjHqVYI_7oPz.xlsx.shade8", lpFilePart=0x0) returned 0x42 [0094.248] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeb70) returned 1 [0094.248] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\CPoDMpxr\\t-s39t4kjHqVYI_7oPz.xlsx" (normalized: "c:\\users\\fd1hvy\\documents\\cpodmpxr\\t-s39t4kjhqvyi_7opz.xlsx"), fInfoLevelId=0x0, lpFileInformation=0xcfebec | out: lpFileInformation=0xcfebec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4577bd60, ftCreationTime.dwHighDateTime=0x1d4d542, ftLastAccessTime.dwLowDateTime=0x85be9f0, ftLastAccessTime.dwHighDateTime=0x1d4cb84, ftLastWriteTime.dwLowDateTime=0x80c6bf33, ftLastWriteTime.dwHighDateTime=0x1d57301, nFileSizeHigh=0x0, nFileSizeLow=0x14240)) returned 1 [0094.248] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeb6c) returned 1 [0094.248] MoveFileW (lpExistingFileName="C:\\Users\\FD1HVy\\Documents\\CPoDMpxr\\t-s39t4kjHqVYI_7oPz.xlsx" (normalized: "c:\\users\\fd1hvy\\documents\\cpodmpxr\\t-s39t4kjhqvyi_7opz.xlsx"), lpNewFileName="C:\\Users\\FD1HVy\\Documents\\CPoDMpxr\\t-s39t4kjHqVYI_7oPz.xlsx.shade8" (normalized: "c:\\users\\fd1hvy\\documents\\cpodmpxr\\t-s39t4kjhqvyi_7opz.xlsx.shade8")) returned 1 [0094.260] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\CPoDMpxr\\ZKhqtyFMKDwyQgewHY1N.csv", nBufferLength=0x105, lpBuffer=0xcfe5ac, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\CPoDMpxr\\ZKhqtyFMKDwyQgewHY1N.csv", lpFilePart=0x0) returned 0x3b [0094.260] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeaf0) returned 1 [0094.260] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Documents\\CPoDMpxr\\ZKhqtyFMKDwyQgewHY1N.csv" (normalized: "c:\\users\\fd1hvy\\documents\\cpodmpxr\\zkhqtyfmkdwyqgewhy1n.csv"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2b8 [0094.260] GetFileType (hFile=0x2b8) returned 0x1 [0094.260] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeaec) returned 1 [0094.260] GetFileType (hFile=0x2b8) returned 0x1 [0094.260] GetFileSize (in: hFile=0x2b8, lpFileSizeHigh=0xcfebec | out: lpFileSizeHigh=0xcfebec*=0x0) returned 0xfcbf [0094.261] ReadFile (in: hFile=0x2b8, lpBuffer=0x2d00a4c, nNumberOfBytesToRead=0xfcbf, lpNumberOfBytesRead=0xcfeb98, lpOverlapped=0x0 | out: lpBuffer=0x2d00a4c*, lpNumberOfBytesRead=0xcfeb98*=0xfcbf, lpOverlapped=0x0) returned 1 [0094.261] CloseHandle (hObject=0x2b8) returned 1 [0094.350] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", nBufferLength=0x105, lpBuffer=0xcfe6b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", lpFilePart=0x0) returned 0x2c [0094.350] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeb64) returned 1 [0094.350] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8" (normalized: "c:\\users\\fd1hvy\\desktop\\read_this.txt.shade8"), fInfoLevelId=0x0, lpFileInformation=0xcfebe0 | out: lpFileInformation=0xcfebe0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0094.351] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeb60) returned 1 [0094.351] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\CPoDMpxr\\ZKhqtyFMKDwyQgewHY1N.csv", nBufferLength=0x105, lpBuffer=0xcfe598, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\CPoDMpxr\\ZKhqtyFMKDwyQgewHY1N.csv", lpFilePart=0x0) returned 0x3b [0094.351] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeadc) returned 1 [0094.351] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Documents\\CPoDMpxr\\ZKhqtyFMKDwyQgewHY1N.csv" (normalized: "c:\\users\\fd1hvy\\documents\\cpodmpxr\\zkhqtyfmkdwyqgewhy1n.csv"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2b8 [0094.352] GetFileType (hFile=0x2b8) returned 0x1 [0094.352] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfead8) returned 1 [0094.352] GetFileType (hFile=0x2b8) returned 0x1 [0094.352] WriteFile (in: hFile=0x2b8, lpBuffer=0x2bebf88*, nNumberOfBytesToWrite=0xfcc0, lpNumberOfBytesWritten=0xcfeb8c, lpOverlapped=0x0 | out: lpBuffer=0x2bebf88*, lpNumberOfBytesWritten=0xcfeb8c*=0xfcc0, lpOverlapped=0x0) returned 1 [0094.354] CloseHandle (hObject=0x2b8) returned 1 [0094.356] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\CPoDMpxr\\ZKhqtyFMKDwyQgewHY1N.csv", nBufferLength=0x105, lpBuffer=0xcfe6bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\CPoDMpxr\\ZKhqtyFMKDwyQgewHY1N.csv", lpFilePart=0x0) returned 0x3b [0094.356] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\CPoDMpxr\\ZKhqtyFMKDwyQgewHY1N.csv.shade8", nBufferLength=0x105, lpBuffer=0xcfe6bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\CPoDMpxr\\ZKhqtyFMKDwyQgewHY1N.csv.shade8", lpFilePart=0x0) returned 0x42 [0094.356] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeb70) returned 1 [0094.356] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\CPoDMpxr\\ZKhqtyFMKDwyQgewHY1N.csv" (normalized: "c:\\users\\fd1hvy\\documents\\cpodmpxr\\zkhqtyfmkdwyqgewhy1n.csv"), fInfoLevelId=0x0, lpFileInformation=0xcfebec | out: lpFileInformation=0xcfebec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc5cde300, ftCreationTime.dwHighDateTime=0x1d4ce7f, ftLastAccessTime.dwLowDateTime=0x521459f0, ftLastAccessTime.dwHighDateTime=0x1d4c77a, ftLastWriteTime.dwLowDateTime=0x80d77068, ftLastWriteTime.dwHighDateTime=0x1d57301, nFileSizeHigh=0x0, nFileSizeLow=0xfcc0)) returned 1 [0094.356] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeb6c) returned 1 [0094.356] MoveFileW (lpExistingFileName="C:\\Users\\FD1HVy\\Documents\\CPoDMpxr\\ZKhqtyFMKDwyQgewHY1N.csv" (normalized: "c:\\users\\fd1hvy\\documents\\cpodmpxr\\zkhqtyfmkdwyqgewhy1n.csv"), lpNewFileName="C:\\Users\\FD1HVy\\Documents\\CPoDMpxr\\ZKhqtyFMKDwyQgewHY1N.csv.shade8" (normalized: "c:\\users\\fd1hvy\\documents\\cpodmpxr\\zkhqtyfmkdwyqgewhy1n.csv.shade8")) returned 1 [0094.357] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfebd0) returned 1 [0094.357] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\CPoDMpxr\\AwH9xAzq7HnZYaALibUA", nBufferLength=0x105, lpBuffer=0xcfe684, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\CPoDMpxr\\AwH9xAzq7HnZYaALibUA", lpFilePart=0x0) returned 0x37 [0094.357] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\CPoDMpxr\\AwH9xAzq7HnZYaALibUA\\*", lpFindFileData=0xcfe8f8 | out: lpFindFileData=0xcfe8f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x9e94bfe0, ftCreationTime.dwHighDateTime=0x1d4d0df, ftLastAccessTime.dwLowDateTime=0x7b3c16f0, ftLastAccessTime.dwHighDateTime=0x1d4d41e, ftLastWriteTime.dwLowDateTime=0x7b3c16f0, ftLastWriteTime.dwHighDateTime=0x1d4d41e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xfe65a0 [0094.357] FindNextFileW (in: hFindFile=0xfe65a0, lpFindFileData=0xcfe904 | out: lpFindFileData=0xcfe904*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x9e94bfe0, ftCreationTime.dwHighDateTime=0x1d4d0df, ftLastAccessTime.dwLowDateTime=0x7b3c16f0, ftLastAccessTime.dwHighDateTime=0x1d4d41e, ftLastWriteTime.dwLowDateTime=0x7b3c16f0, ftLastWriteTime.dwHighDateTime=0x1d4d41e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0094.357] FindNextFileW (in: hFindFile=0xfe65a0, lpFindFileData=0xcfe904 | out: lpFindFileData=0xcfe904*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc26f7c40, ftCreationTime.dwHighDateTime=0x1d4c81d, ftLastAccessTime.dwLowDateTime=0xfee868c0, ftLastAccessTime.dwHighDateTime=0x1d4ce95, ftLastWriteTime.dwLowDateTime=0xfee868c0, ftLastWriteTime.dwHighDateTime=0x1d4ce95, nFileSizeHigh=0x0, nFileSizeLow=0xf6cb, dwReserved0=0x0, dwReserved1=0x0, cFileName="J_owSVG.odt", cAlternateFileName="")) returned 1 [0094.357] FindNextFileW (in: hFindFile=0xfe65a0, lpFindFileData=0xcfe904 | out: lpFindFileData=0xcfe904*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x590a0cc0, ftCreationTime.dwHighDateTime=0x1d4d204, ftLastAccessTime.dwLowDateTime=0xc8031870, ftLastAccessTime.dwHighDateTime=0x1d4c7ae, ftLastWriteTime.dwLowDateTime=0xc8031870, ftLastWriteTime.dwHighDateTime=0x1d4c7ae, nFileSizeHigh=0x0, nFileSizeLow=0x11899, dwReserved0=0x0, dwReserved1=0x0, cFileName="xVM60I8qBed.odp", cAlternateFileName="XVM60I~1.ODP")) returned 1 [0094.358] FindNextFileW (in: hFindFile=0xfe65a0, lpFindFileData=0xcfe904 | out: lpFindFileData=0xcfe904*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6d36bdc0, ftCreationTime.dwHighDateTime=0x1d4c82b, ftLastAccessTime.dwLowDateTime=0x25e80c60, ftLastAccessTime.dwHighDateTime=0x1d4d278, ftLastWriteTime.dwLowDateTime=0x25e80c60, ftLastWriteTime.dwHighDateTime=0x1d4d278, nFileSizeHigh=0x0, nFileSizeLow=0x10688, dwReserved0=0x0, dwReserved1=0x0, cFileName="_nKpG_jSbg1oMX.ppt", cAlternateFileName="_NKPG_~1.PPT")) returned 1 [0094.358] FindNextFileW (in: hFindFile=0xfe65a0, lpFindFileData=0xcfe904 | out: lpFindFileData=0xcfe904*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0094.358] FindClose (in: hFindFile=0xfe65a0 | out: hFindFile=0xfe65a0) returned 1 [0094.358] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeb8c) returned 1 [0094.358] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeb98) returned 1 [0094.358] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfebd0) returned 1 [0094.358] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\CPoDMpxr\\AwH9xAzq7HnZYaALibUA", nBufferLength=0x105, lpBuffer=0xcfe684, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\CPoDMpxr\\AwH9xAzq7HnZYaALibUA", lpFilePart=0x0) returned 0x37 [0094.358] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\CPoDMpxr\\AwH9xAzq7HnZYaALibUA\\*", lpFindFileData=0xcfe8f8 | out: lpFindFileData=0xcfe8f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x9e94bfe0, ftCreationTime.dwHighDateTime=0x1d4d0df, ftLastAccessTime.dwLowDateTime=0x7b3c16f0, ftLastAccessTime.dwHighDateTime=0x1d4d41e, ftLastWriteTime.dwLowDateTime=0x7b3c16f0, ftLastWriteTime.dwHighDateTime=0x1d4d41e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xfe64a0 [0094.358] FindNextFileW (in: hFindFile=0xfe64a0, lpFindFileData=0xcfe904 | out: lpFindFileData=0xcfe904*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x9e94bfe0, ftCreationTime.dwHighDateTime=0x1d4d0df, ftLastAccessTime.dwLowDateTime=0x7b3c16f0, ftLastAccessTime.dwHighDateTime=0x1d4d41e, ftLastWriteTime.dwLowDateTime=0x7b3c16f0, ftLastWriteTime.dwHighDateTime=0x1d4d41e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0094.359] FindNextFileW (in: hFindFile=0xfe64a0, lpFindFileData=0xcfe904 | out: lpFindFileData=0xcfe904*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc26f7c40, ftCreationTime.dwHighDateTime=0x1d4c81d, ftLastAccessTime.dwLowDateTime=0xfee868c0, ftLastAccessTime.dwHighDateTime=0x1d4ce95, ftLastWriteTime.dwLowDateTime=0xfee868c0, ftLastWriteTime.dwHighDateTime=0x1d4ce95, nFileSizeHigh=0x0, nFileSizeLow=0xf6cb, dwReserved0=0x0, dwReserved1=0x0, cFileName="J_owSVG.odt", cAlternateFileName="")) returned 1 [0094.359] FindNextFileW (in: hFindFile=0xfe64a0, lpFindFileData=0xcfe904 | out: lpFindFileData=0xcfe904*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x590a0cc0, ftCreationTime.dwHighDateTime=0x1d4d204, ftLastAccessTime.dwLowDateTime=0xc8031870, ftLastAccessTime.dwHighDateTime=0x1d4c7ae, ftLastWriteTime.dwLowDateTime=0xc8031870, ftLastWriteTime.dwHighDateTime=0x1d4c7ae, nFileSizeHigh=0x0, nFileSizeLow=0x11899, dwReserved0=0x0, dwReserved1=0x0, cFileName="xVM60I8qBed.odp", cAlternateFileName="XVM60I~1.ODP")) returned 1 [0094.359] FindNextFileW (in: hFindFile=0xfe64a0, lpFindFileData=0xcfe904 | out: lpFindFileData=0xcfe904*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6d36bdc0, ftCreationTime.dwHighDateTime=0x1d4c82b, ftLastAccessTime.dwLowDateTime=0x25e80c60, ftLastAccessTime.dwHighDateTime=0x1d4d278, ftLastWriteTime.dwLowDateTime=0x25e80c60, ftLastWriteTime.dwHighDateTime=0x1d4d278, nFileSizeHigh=0x0, nFileSizeLow=0x10688, dwReserved0=0x0, dwReserved1=0x0, cFileName="_nKpG_jSbg1oMX.ppt", cAlternateFileName="_NKPG_~1.PPT")) returned 1 [0094.359] FindNextFileW (in: hFindFile=0xfe64a0, lpFindFileData=0xcfe904 | out: lpFindFileData=0xcfe904*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6d36bdc0, ftCreationTime.dwHighDateTime=0x1d4c82b, ftLastAccessTime.dwLowDateTime=0x25e80c60, ftLastAccessTime.dwHighDateTime=0x1d4d278, ftLastWriteTime.dwLowDateTime=0x25e80c60, ftLastWriteTime.dwHighDateTime=0x1d4d278, nFileSizeHigh=0x0, nFileSizeLow=0x10688, dwReserved0=0x0, dwReserved1=0x0, cFileName="_nKpG_jSbg1oMX.ppt", cAlternateFileName="_NKPG_~1.PPT")) returned 0 [0094.359] FindClose (in: hFindFile=0xfe64a0 | out: hFindFile=0xfe64a0) returned 1 [0094.359] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeb8c) returned 1 [0094.359] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeb98) returned 1 [0094.359] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\CPoDMpxr\\AwH9xAzq7HnZYaALibUA\\J_owSVG.odt", nBufferLength=0x105, lpBuffer=0xcfe538, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\CPoDMpxr\\AwH9xAzq7HnZYaALibUA\\J_owSVG.odt", lpFilePart=0x0) returned 0x43 [0094.359] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfea7c) returned 1 [0094.360] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Documents\\CPoDMpxr\\AwH9xAzq7HnZYaALibUA\\J_owSVG.odt" (normalized: "c:\\users\\fd1hvy\\documents\\cpodmpxr\\awh9xazq7hnzyaalibua\\j_owsvg.odt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2b8 [0094.360] GetFileType (hFile=0x2b8) returned 0x1 [0094.360] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfea78) returned 1 [0094.360] GetFileType (hFile=0x2b8) returned 0x1 [0094.360] GetFileSize (in: hFile=0x2b8, lpFileSizeHigh=0xcfeb78 | out: lpFileSizeHigh=0xcfeb78*=0x0) returned 0xf6cb [0094.360] ReadFile (in: hFile=0x2b8, lpBuffer=0x2bfdb90, nNumberOfBytesToRead=0xf6cb, lpNumberOfBytesRead=0xcfeb24, lpOverlapped=0x0 | out: lpBuffer=0x2bfdb90*, lpNumberOfBytesRead=0xcfeb24*=0xf6cb, lpOverlapped=0x0) returned 1 [0094.360] CloseHandle (hObject=0x2b8) returned 1 [0094.463] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", nBufferLength=0x105, lpBuffer=0xcfe63c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", lpFilePart=0x0) returned 0x2c [0094.463] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeaf0) returned 1 [0094.463] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8" (normalized: "c:\\users\\fd1hvy\\desktop\\read_this.txt.shade8"), fInfoLevelId=0x0, lpFileInformation=0xcfeb6c | out: lpFileInformation=0xcfeb6c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0094.463] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeaec) returned 1 [0094.463] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\CPoDMpxr\\AwH9xAzq7HnZYaALibUA\\J_owSVG.odt", nBufferLength=0x105, lpBuffer=0xcfe524, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\CPoDMpxr\\AwH9xAzq7HnZYaALibUA\\J_owSVG.odt", lpFilePart=0x0) returned 0x43 [0094.463] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfea68) returned 1 [0094.463] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Documents\\CPoDMpxr\\AwH9xAzq7HnZYaALibUA\\J_owSVG.odt" (normalized: "c:\\users\\fd1hvy\\documents\\cpodmpxr\\awh9xazq7hnzyaalibua\\j_owsvg.odt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2b8 [0094.680] GetFileType (hFile=0x2b8) returned 0x1 [0094.680] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfea64) returned 1 [0094.680] GetFileType (hFile=0x2b8) returned 0x1 [0094.680] WriteFile (in: hFile=0x2b8, lpBuffer=0x2c78f5c*, nNumberOfBytesToWrite=0xf6d0, lpNumberOfBytesWritten=0xcfeb18, lpOverlapped=0x0 | out: lpBuffer=0x2c78f5c*, lpNumberOfBytesWritten=0xcfeb18*=0xf6d0, lpOverlapped=0x0) returned 1 [0094.682] CloseHandle (hObject=0x2b8) returned 1 [0094.684] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\CPoDMpxr\\AwH9xAzq7HnZYaALibUA\\J_owSVG.odt", nBufferLength=0x105, lpBuffer=0xcfe648, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\CPoDMpxr\\AwH9xAzq7HnZYaALibUA\\J_owSVG.odt", lpFilePart=0x0) returned 0x43 [0094.684] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\CPoDMpxr\\AwH9xAzq7HnZYaALibUA\\J_owSVG.odt.shade8", nBufferLength=0x105, lpBuffer=0xcfe648, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\CPoDMpxr\\AwH9xAzq7HnZYaALibUA\\J_owSVG.odt.shade8", lpFilePart=0x0) returned 0x4a [0094.684] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeafc) returned 1 [0094.684] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\CPoDMpxr\\AwH9xAzq7HnZYaALibUA\\J_owSVG.odt" (normalized: "c:\\users\\fd1hvy\\documents\\cpodmpxr\\awh9xazq7hnzyaalibua\\j_owsvg.odt"), fInfoLevelId=0x0, lpFileInformation=0xcfeb78 | out: lpFileInformation=0xcfeb78*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc26f7c40, ftCreationTime.dwHighDateTime=0x1d4c81d, ftLastAccessTime.dwLowDateTime=0xfee868c0, ftLastAccessTime.dwHighDateTime=0x1d4ce95, ftLastWriteTime.dwLowDateTime=0x810981c8, ftLastWriteTime.dwHighDateTime=0x1d57301, nFileSizeHigh=0x0, nFileSizeLow=0xf6d0)) returned 1 [0094.684] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeaf8) returned 1 [0094.684] MoveFileW (lpExistingFileName="C:\\Users\\FD1HVy\\Documents\\CPoDMpxr\\AwH9xAzq7HnZYaALibUA\\J_owSVG.odt" (normalized: "c:\\users\\fd1hvy\\documents\\cpodmpxr\\awh9xazq7hnzyaalibua\\j_owsvg.odt"), lpNewFileName="C:\\Users\\FD1HVy\\Documents\\CPoDMpxr\\AwH9xAzq7HnZYaALibUA\\J_owSVG.odt.shade8" (normalized: "c:\\users\\fd1hvy\\documents\\cpodmpxr\\awh9xazq7hnzyaalibua\\j_owsvg.odt.shade8")) returned 1 [0094.685] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\CPoDMpxr\\AwH9xAzq7HnZYaALibUA\\_nKpG_jSbg1oMX.ppt", nBufferLength=0x105, lpBuffer=0xcfe538, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\CPoDMpxr\\AwH9xAzq7HnZYaALibUA\\_nKpG_jSbg1oMX.ppt", lpFilePart=0x0) returned 0x4a [0094.685] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfea7c) returned 1 [0094.685] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Documents\\CPoDMpxr\\AwH9xAzq7HnZYaALibUA\\_nKpG_jSbg1oMX.ppt" (normalized: "c:\\users\\fd1hvy\\documents\\cpodmpxr\\awh9xazq7hnzyaalibua\\_nkpg_jsbg1omx.ppt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2b8 [0094.685] GetFileType (hFile=0x2b8) returned 0x1 [0094.685] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfea78) returned 1 [0094.685] GetFileType (hFile=0x2b8) returned 0x1 [0094.685] GetFileSize (in: hFile=0x2b8, lpFileSizeHigh=0xcfeb78 | out: lpFileSizeHigh=0xcfeb78*=0x0) returned 0x10688 [0094.685] ReadFile (in: hFile=0x2b8, lpBuffer=0x2c88bbc, nNumberOfBytesToRead=0x10688, lpNumberOfBytesRead=0xcfeb24, lpOverlapped=0x0 | out: lpBuffer=0x2c88bbc*, lpNumberOfBytesRead=0xcfeb24*=0x10688, lpOverlapped=0x0) returned 1 [0094.686] CloseHandle (hObject=0x2b8) returned 1 [0094.704] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", nBufferLength=0x105, lpBuffer=0xcfe63c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", lpFilePart=0x0) returned 0x2c [0094.704] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeaf0) returned 1 [0094.704] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8" (normalized: "c:\\users\\fd1hvy\\desktop\\read_this.txt.shade8"), fInfoLevelId=0x0, lpFileInformation=0xcfeb6c | out: lpFileInformation=0xcfeb6c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0094.704] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeaec) returned 1 [0094.704] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\CPoDMpxr\\AwH9xAzq7HnZYaALibUA\\_nKpG_jSbg1oMX.ppt", nBufferLength=0x105, lpBuffer=0xcfe524, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\CPoDMpxr\\AwH9xAzq7HnZYaALibUA\\_nKpG_jSbg1oMX.ppt", lpFilePart=0x0) returned 0x4a [0094.704] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfea68) returned 1 [0094.704] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Documents\\CPoDMpxr\\AwH9xAzq7HnZYaALibUA\\_nKpG_jSbg1oMX.ppt" (normalized: "c:\\users\\fd1hvy\\documents\\cpodmpxr\\awh9xazq7hnzyaalibua\\_nkpg_jsbg1omx.ppt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2b8 [0094.706] GetFileType (hFile=0x2b8) returned 0x1 [0094.706] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfea64) returned 1 [0094.706] GetFileType (hFile=0x2b8) returned 0x1 [0094.706] WriteFile (in: hFile=0x2b8, lpBuffer=0x2d06d68*, nNumberOfBytesToWrite=0x10690, lpNumberOfBytesWritten=0xcfeb18, lpOverlapped=0x0 | out: lpBuffer=0x2d06d68*, lpNumberOfBytesWritten=0xcfeb18*=0x10690, lpOverlapped=0x0) returned 1 [0094.708] CloseHandle (hObject=0x2b8) returned 1 [0094.710] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\CPoDMpxr\\AwH9xAzq7HnZYaALibUA\\_nKpG_jSbg1oMX.ppt", nBufferLength=0x105, lpBuffer=0xcfe648, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\CPoDMpxr\\AwH9xAzq7HnZYaALibUA\\_nKpG_jSbg1oMX.ppt", lpFilePart=0x0) returned 0x4a [0094.710] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\CPoDMpxr\\AwH9xAzq7HnZYaALibUA\\_nKpG_jSbg1oMX.ppt.shade8", nBufferLength=0x105, lpBuffer=0xcfe648, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\CPoDMpxr\\AwH9xAzq7HnZYaALibUA\\_nKpG_jSbg1oMX.ppt.shade8", lpFilePart=0x0) returned 0x51 [0094.710] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeafc) returned 1 [0094.710] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\CPoDMpxr\\AwH9xAzq7HnZYaALibUA\\_nKpG_jSbg1oMX.ppt" (normalized: "c:\\users\\fd1hvy\\documents\\cpodmpxr\\awh9xazq7hnzyaalibua\\_nkpg_jsbg1omx.ppt"), fInfoLevelId=0x0, lpFileInformation=0xcfeb78 | out: lpFileInformation=0xcfeb78*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6d36bdc0, ftCreationTime.dwHighDateTime=0x1d4c82b, ftLastAccessTime.dwLowDateTime=0x25e80c60, ftLastAccessTime.dwHighDateTime=0x1d4d278, ftLastWriteTime.dwLowDateTime=0x810e4631, ftLastWriteTime.dwHighDateTime=0x1d57301, nFileSizeHigh=0x0, nFileSizeLow=0x10690)) returned 1 [0094.710] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeaf8) returned 1 [0094.710] MoveFileW (lpExistingFileName="C:\\Users\\FD1HVy\\Documents\\CPoDMpxr\\AwH9xAzq7HnZYaALibUA\\_nKpG_jSbg1oMX.ppt" (normalized: "c:\\users\\fd1hvy\\documents\\cpodmpxr\\awh9xazq7hnzyaalibua\\_nkpg_jsbg1omx.ppt"), lpNewFileName="C:\\Users\\FD1HVy\\Documents\\CPoDMpxr\\AwH9xAzq7HnZYaALibUA\\_nKpG_jSbg1oMX.ppt.shade8" (normalized: "c:\\users\\fd1hvy\\documents\\cpodmpxr\\awh9xazq7hnzyaalibua\\_nkpg_jsbg1omx.ppt.shade8")) returned 1 [0094.711] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfebd0) returned 1 [0094.711] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\CPoDMpxr\\e4fndvcoLqNRAFIaMJ", nBufferLength=0x105, lpBuffer=0xcfe684, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\CPoDMpxr\\e4fndvcoLqNRAFIaMJ", lpFilePart=0x0) returned 0x35 [0094.711] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\CPoDMpxr\\e4fndvcoLqNRAFIaMJ\\*", lpFindFileData=0xcfe8f8 | out: lpFindFileData=0xcfe8f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x4bf1a7f0, ftCreationTime.dwHighDateTime=0x1d4c9bc, ftLastAccessTime.dwLowDateTime=0xd23b9fe0, ftLastAccessTime.dwHighDateTime=0x1d4c724, ftLastWriteTime.dwLowDateTime=0xd23b9fe0, ftLastWriteTime.dwHighDateTime=0x1d4c724, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xfe65a0 [0094.711] FindNextFileW (in: hFindFile=0xfe65a0, lpFindFileData=0xcfe904 | out: lpFindFileData=0xcfe904*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x4bf1a7f0, ftCreationTime.dwHighDateTime=0x1d4c9bc, ftLastAccessTime.dwLowDateTime=0xd23b9fe0, ftLastAccessTime.dwHighDateTime=0x1d4c724, ftLastWriteTime.dwLowDateTime=0xd23b9fe0, ftLastWriteTime.dwHighDateTime=0x1d4c724, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0094.711] FindNextFileW (in: hFindFile=0xfe65a0, lpFindFileData=0xcfe904 | out: lpFindFileData=0xcfe904*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc5a59160, ftCreationTime.dwHighDateTime=0x1d4c6a6, ftLastAccessTime.dwLowDateTime=0xac56fb40, ftLastAccessTime.dwHighDateTime=0x1d4d42f, ftLastWriteTime.dwLowDateTime=0xac56fb40, ftLastWriteTime.dwHighDateTime=0x1d4d42f, nFileSizeHigh=0x0, nFileSizeLow=0x16fcb, dwReserved0=0x0, dwReserved1=0x0, cFileName="aSoY7_s WdduV.docx", cAlternateFileName="ASOY7_~1.DOC")) returned 1 [0094.712] FindNextFileW (in: hFindFile=0xfe65a0, lpFindFileData=0xcfe904 | out: lpFindFileData=0xcfe904*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb2f7efa0, ftCreationTime.dwHighDateTime=0x1d4cb37, ftLastAccessTime.dwLowDateTime=0x289b3550, ftLastAccessTime.dwHighDateTime=0x1d4ce21, ftLastWriteTime.dwLowDateTime=0x289b3550, ftLastWriteTime.dwHighDateTime=0x1d4ce21, nFileSizeHigh=0x0, nFileSizeLow=0x4236, dwReserved0=0x0, dwReserved1=0x0, cFileName="Oqycu_.ots", cAlternateFileName="")) returned 1 [0094.712] FindNextFileW (in: hFindFile=0xfe65a0, lpFindFileData=0xcfe904 | out: lpFindFileData=0xcfe904*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6f08b2c0, ftCreationTime.dwHighDateTime=0x1d4ce7a, ftLastAccessTime.dwLowDateTime=0xec62ef40, ftLastAccessTime.dwHighDateTime=0x1d4c67f, ftLastWriteTime.dwLowDateTime=0xec62ef40, ftLastWriteTime.dwHighDateTime=0x1d4c67f, nFileSizeHigh=0x0, nFileSizeLow=0x466e, dwReserved0=0x0, dwReserved1=0x0, cFileName="Q_VI.doc", cAlternateFileName="")) returned 1 [0094.712] FindNextFileW (in: hFindFile=0xfe65a0, lpFindFileData=0xcfe904 | out: lpFindFileData=0xcfe904*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3d499910, ftCreationTime.dwHighDateTime=0x1d4d515, ftLastAccessTime.dwLowDateTime=0xf5e14d00, ftLastAccessTime.dwHighDateTime=0x1d4c67a, ftLastWriteTime.dwLowDateTime=0xf5e14d00, ftLastWriteTime.dwHighDateTime=0x1d4c67a, nFileSizeHigh=0x0, nFileSizeLow=0xd92d, dwReserved0=0x0, dwReserved1=0x0, cFileName="yU6_OHjg.docx", cAlternateFileName="YU6_OH~1.DOC")) returned 1 [0094.712] FindNextFileW (in: hFindFile=0xfe65a0, lpFindFileData=0xcfe904 | out: lpFindFileData=0xcfe904*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0094.712] FindClose (in: hFindFile=0xfe65a0 | out: hFindFile=0xfe65a0) returned 1 [0094.712] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeb8c) returned 1 [0094.712] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeb98) returned 1 [0094.712] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfebd0) returned 1 [0094.712] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\CPoDMpxr\\e4fndvcoLqNRAFIaMJ", nBufferLength=0x105, lpBuffer=0xcfe684, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\CPoDMpxr\\e4fndvcoLqNRAFIaMJ", lpFilePart=0x0) returned 0x35 [0094.712] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\CPoDMpxr\\e4fndvcoLqNRAFIaMJ\\*", lpFindFileData=0xcfe8f8 | out: lpFindFileData=0xcfe8f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x4bf1a7f0, ftCreationTime.dwHighDateTime=0x1d4c9bc, ftLastAccessTime.dwLowDateTime=0xd23b9fe0, ftLastAccessTime.dwHighDateTime=0x1d4c724, ftLastWriteTime.dwLowDateTime=0xd23b9fe0, ftLastWriteTime.dwHighDateTime=0x1d4c724, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xfe6960 [0094.713] FindNextFileW (in: hFindFile=0xfe6960, lpFindFileData=0xcfe904 | out: lpFindFileData=0xcfe904*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x4bf1a7f0, ftCreationTime.dwHighDateTime=0x1d4c9bc, ftLastAccessTime.dwLowDateTime=0xd23b9fe0, ftLastAccessTime.dwHighDateTime=0x1d4c724, ftLastWriteTime.dwLowDateTime=0xd23b9fe0, ftLastWriteTime.dwHighDateTime=0x1d4c724, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0094.713] FindNextFileW (in: hFindFile=0xfe6960, lpFindFileData=0xcfe904 | out: lpFindFileData=0xcfe904*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc5a59160, ftCreationTime.dwHighDateTime=0x1d4c6a6, ftLastAccessTime.dwLowDateTime=0xac56fb40, ftLastAccessTime.dwHighDateTime=0x1d4d42f, ftLastWriteTime.dwLowDateTime=0xac56fb40, ftLastWriteTime.dwHighDateTime=0x1d4d42f, nFileSizeHigh=0x0, nFileSizeLow=0x16fcb, dwReserved0=0x0, dwReserved1=0x0, cFileName="aSoY7_s WdduV.docx", cAlternateFileName="ASOY7_~1.DOC")) returned 1 [0094.713] FindNextFileW (in: hFindFile=0xfe6960, lpFindFileData=0xcfe904 | out: lpFindFileData=0xcfe904*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb2f7efa0, ftCreationTime.dwHighDateTime=0x1d4cb37, ftLastAccessTime.dwLowDateTime=0x289b3550, ftLastAccessTime.dwHighDateTime=0x1d4ce21, ftLastWriteTime.dwLowDateTime=0x289b3550, ftLastWriteTime.dwHighDateTime=0x1d4ce21, nFileSizeHigh=0x0, nFileSizeLow=0x4236, dwReserved0=0x0, dwReserved1=0x0, cFileName="Oqycu_.ots", cAlternateFileName="")) returned 1 [0094.713] FindNextFileW (in: hFindFile=0xfe6960, lpFindFileData=0xcfe904 | out: lpFindFileData=0xcfe904*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6f08b2c0, ftCreationTime.dwHighDateTime=0x1d4ce7a, ftLastAccessTime.dwLowDateTime=0xec62ef40, ftLastAccessTime.dwHighDateTime=0x1d4c67f, ftLastWriteTime.dwLowDateTime=0xec62ef40, ftLastWriteTime.dwHighDateTime=0x1d4c67f, nFileSizeHigh=0x0, nFileSizeLow=0x466e, dwReserved0=0x0, dwReserved1=0x0, cFileName="Q_VI.doc", cAlternateFileName="")) returned 1 [0094.713] FindNextFileW (in: hFindFile=0xfe6960, lpFindFileData=0xcfe904 | out: lpFindFileData=0xcfe904*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3d499910, ftCreationTime.dwHighDateTime=0x1d4d515, ftLastAccessTime.dwLowDateTime=0xf5e14d00, ftLastAccessTime.dwHighDateTime=0x1d4c67a, ftLastWriteTime.dwLowDateTime=0xf5e14d00, ftLastWriteTime.dwHighDateTime=0x1d4c67a, nFileSizeHigh=0x0, nFileSizeLow=0xd92d, dwReserved0=0x0, dwReserved1=0x0, cFileName="yU6_OHjg.docx", cAlternateFileName="YU6_OH~1.DOC")) returned 1 [0094.714] FindNextFileW (in: hFindFile=0xfe6960, lpFindFileData=0xcfe904 | out: lpFindFileData=0xcfe904*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3d499910, ftCreationTime.dwHighDateTime=0x1d4d515, ftLastAccessTime.dwLowDateTime=0xf5e14d00, ftLastAccessTime.dwHighDateTime=0x1d4c67a, ftLastWriteTime.dwLowDateTime=0xf5e14d00, ftLastWriteTime.dwHighDateTime=0x1d4c67a, nFileSizeHigh=0x0, nFileSizeLow=0xd92d, dwReserved0=0x0, dwReserved1=0x0, cFileName="yU6_OHjg.docx", cAlternateFileName="YU6_OH~1.DOC")) returned 0 [0094.714] FindClose (in: hFindFile=0xfe6960 | out: hFindFile=0xfe6960) returned 1 [0094.714] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeb8c) returned 1 [0094.714] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeb98) returned 1 [0094.714] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\CPoDMpxr\\e4fndvcoLqNRAFIaMJ\\aSoY7_s WdduV.docx", nBufferLength=0x105, lpBuffer=0xcfe538, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\CPoDMpxr\\e4fndvcoLqNRAFIaMJ\\aSoY7_s WdduV.docx", lpFilePart=0x0) returned 0x48 [0094.714] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfea7c) returned 1 [0094.714] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Documents\\CPoDMpxr\\e4fndvcoLqNRAFIaMJ\\aSoY7_s WdduV.docx" (normalized: "c:\\users\\fd1hvy\\documents\\cpodmpxr\\e4fndvcolqnrafiamj\\asoy7_s wdduv.docx"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2b8 [0094.714] GetFileType (hFile=0x2b8) returned 0x1 [0094.714] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfea78) returned 1 [0094.714] GetFileType (hFile=0x2b8) returned 0x1 [0094.714] GetFileSize (in: hFile=0x2b8, lpFileSizeHigh=0xcfeb78 | out: lpFileSizeHigh=0xcfeb78*=0x0) returned 0x16fcb [0094.715] ReadFile (in: hFile=0x2b8, lpBuffer=0x3c57238, nNumberOfBytesToRead=0x16fcb, lpNumberOfBytesRead=0xcfeb24, lpOverlapped=0x0 | out: lpBuffer=0x3c57238*, lpNumberOfBytesRead=0xcfeb24*=0x16fcb, lpOverlapped=0x0) returned 1 [0094.717] CloseHandle (hObject=0x2b8) returned 1 [0094.796] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", nBufferLength=0x105, lpBuffer=0xcfe63c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", lpFilePart=0x0) returned 0x2c [0094.796] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeaf0) returned 1 [0094.796] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8" (normalized: "c:\\users\\fd1hvy\\desktop\\read_this.txt.shade8"), fInfoLevelId=0x0, lpFileInformation=0xcfeb6c | out: lpFileInformation=0xcfeb6c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0094.796] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeaec) returned 1 [0094.796] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\CPoDMpxr\\e4fndvcoLqNRAFIaMJ\\aSoY7_s WdduV.docx", nBufferLength=0x105, lpBuffer=0xcfe524, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\CPoDMpxr\\e4fndvcoLqNRAFIaMJ\\aSoY7_s WdduV.docx", lpFilePart=0x0) returned 0x48 [0094.796] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfea68) returned 1 [0094.796] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Documents\\CPoDMpxr\\e4fndvcoLqNRAFIaMJ\\aSoY7_s WdduV.docx" (normalized: "c:\\users\\fd1hvy\\documents\\cpodmpxr\\e4fndvcolqnrafiamj\\asoy7_s wdduv.docx"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2b8 [0094.798] GetFileType (hFile=0x2b8) returned 0x1 [0094.798] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfea64) returned 1 [0094.798] GetFileType (hFile=0x2b8) returned 0x1 [0094.798] WriteFile (in: hFile=0x2b8, lpBuffer=0x3cca180*, nNumberOfBytesToWrite=0x16fd0, lpNumberOfBytesWritten=0xcfeb18, lpOverlapped=0x0 | out: lpBuffer=0x3cca180*, lpNumberOfBytesWritten=0xcfeb18*=0x16fd0, lpOverlapped=0x0) returned 1 [0094.800] CloseHandle (hObject=0x2b8) returned 1 [0094.805] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\CPoDMpxr\\e4fndvcoLqNRAFIaMJ\\aSoY7_s WdduV.docx", nBufferLength=0x105, lpBuffer=0xcfe648, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\CPoDMpxr\\e4fndvcoLqNRAFIaMJ\\aSoY7_s WdduV.docx", lpFilePart=0x0) returned 0x48 [0094.805] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\CPoDMpxr\\e4fndvcoLqNRAFIaMJ\\aSoY7_s WdduV.docx.shade8", nBufferLength=0x105, lpBuffer=0xcfe648, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\CPoDMpxr\\e4fndvcoLqNRAFIaMJ\\aSoY7_s WdduV.docx.shade8", lpFilePart=0x0) returned 0x4f [0094.805] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeafc) returned 1 [0094.806] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\CPoDMpxr\\e4fndvcoLqNRAFIaMJ\\aSoY7_s WdduV.docx" (normalized: "c:\\users\\fd1hvy\\documents\\cpodmpxr\\e4fndvcolqnrafiamj\\asoy7_s wdduv.docx"), fInfoLevelId=0x0, lpFileInformation=0xcfeb78 | out: lpFileInformation=0xcfeb78*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc5a59160, ftCreationTime.dwHighDateTime=0x1d4c6a6, ftLastAccessTime.dwLowDateTime=0xac56fb40, ftLastAccessTime.dwHighDateTime=0x1d4d42f, ftLastWriteTime.dwLowDateTime=0x811c94ee, ftLastWriteTime.dwHighDateTime=0x1d57301, nFileSizeHigh=0x0, nFileSizeLow=0x16fd0)) returned 1 [0094.806] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeaf8) returned 1 [0094.806] MoveFileW (lpExistingFileName="C:\\Users\\FD1HVy\\Documents\\CPoDMpxr\\e4fndvcoLqNRAFIaMJ\\aSoY7_s WdduV.docx" (normalized: "c:\\users\\fd1hvy\\documents\\cpodmpxr\\e4fndvcolqnrafiamj\\asoy7_s wdduv.docx"), lpNewFileName="C:\\Users\\FD1HVy\\Documents\\CPoDMpxr\\e4fndvcoLqNRAFIaMJ\\aSoY7_s WdduV.docx.shade8" (normalized: "c:\\users\\fd1hvy\\documents\\cpodmpxr\\e4fndvcolqnrafiamj\\asoy7_s wdduv.docx.shade8")) returned 1 [0094.806] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\CPoDMpxr\\e4fndvcoLqNRAFIaMJ\\Q_VI.doc", nBufferLength=0x105, lpBuffer=0xcfe538, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\CPoDMpxr\\e4fndvcoLqNRAFIaMJ\\Q_VI.doc", lpFilePart=0x0) returned 0x3e [0094.806] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfea7c) returned 1 [0094.806] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Documents\\CPoDMpxr\\e4fndvcoLqNRAFIaMJ\\Q_VI.doc" (normalized: "c:\\users\\fd1hvy\\documents\\cpodmpxr\\e4fndvcolqnrafiamj\\q_vi.doc"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2b8 [0094.807] GetFileType (hFile=0x2b8) returned 0x1 [0094.807] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfea78) returned 1 [0094.807] GetFileType (hFile=0x2b8) returned 0x1 [0094.807] GetFileSize (in: hFile=0x2b8, lpFileSizeHigh=0xcfeb78 | out: lpFileSizeHigh=0xcfeb78*=0x0) returned 0x466e [0094.807] ReadFile (in: hFile=0x2b8, lpBuffer=0x2d66984, nNumberOfBytesToRead=0x466e, lpNumberOfBytesRead=0xcfeb24, lpOverlapped=0x0 | out: lpBuffer=0x2d66984*, lpNumberOfBytesRead=0xcfeb24*=0x466e, lpOverlapped=0x0) returned 1 [0094.807] CloseHandle (hObject=0x2b8) returned 1 [0094.870] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", nBufferLength=0x105, lpBuffer=0xcfe63c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", lpFilePart=0x0) returned 0x2c [0094.870] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeaf0) returned 1 [0094.870] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8" (normalized: "c:\\users\\fd1hvy\\desktop\\read_this.txt.shade8"), fInfoLevelId=0x0, lpFileInformation=0xcfeb6c | out: lpFileInformation=0xcfeb6c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0094.870] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeaec) returned 1 [0094.870] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\CPoDMpxr\\e4fndvcoLqNRAFIaMJ\\Q_VI.doc", nBufferLength=0x105, lpBuffer=0xcfe524, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\CPoDMpxr\\e4fndvcoLqNRAFIaMJ\\Q_VI.doc", lpFilePart=0x0) returned 0x3e [0094.870] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfea68) returned 1 [0094.870] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Documents\\CPoDMpxr\\e4fndvcoLqNRAFIaMJ\\Q_VI.doc" (normalized: "c:\\users\\fd1hvy\\documents\\cpodmpxr\\e4fndvcolqnrafiamj\\q_vi.doc"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2b8 [0094.872] GetFileType (hFile=0x2b8) returned 0x1 [0094.872] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfea64) returned 1 [0094.872] GetFileType (hFile=0x2b8) returned 0x1 [0094.872] WriteFile (in: hFile=0x2b8, lpBuffer=0x2dc97a0*, nNumberOfBytesToWrite=0x4670, lpNumberOfBytesWritten=0xcfeb18, lpOverlapped=0x0 | out: lpBuffer=0x2dc97a0*, lpNumberOfBytesWritten=0xcfeb18*=0x4670, lpOverlapped=0x0) returned 1 [0094.873] CloseHandle (hObject=0x2b8) returned 1 [0094.875] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\CPoDMpxr\\e4fndvcoLqNRAFIaMJ\\Q_VI.doc", nBufferLength=0x105, lpBuffer=0xcfe648, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\CPoDMpxr\\e4fndvcoLqNRAFIaMJ\\Q_VI.doc", lpFilePart=0x0) returned 0x3e [0094.875] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\CPoDMpxr\\e4fndvcoLqNRAFIaMJ\\Q_VI.doc.shade8", nBufferLength=0x105, lpBuffer=0xcfe648, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\CPoDMpxr\\e4fndvcoLqNRAFIaMJ\\Q_VI.doc.shade8", lpFilePart=0x0) returned 0x45 [0094.875] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeafc) returned 1 [0094.875] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\CPoDMpxr\\e4fndvcoLqNRAFIaMJ\\Q_VI.doc" (normalized: "c:\\users\\fd1hvy\\documents\\cpodmpxr\\e4fndvcolqnrafiamj\\q_vi.doc"), fInfoLevelId=0x0, lpFileInformation=0xcfeb78 | out: lpFileInformation=0xcfeb78*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6f08b2c0, ftCreationTime.dwHighDateTime=0x1d4ce7a, ftLastAccessTime.dwLowDateTime=0xec62ef40, ftLastAccessTime.dwHighDateTime=0x1d4c67f, ftLastWriteTime.dwLowDateTime=0x8128b802, ftLastWriteTime.dwHighDateTime=0x1d57301, nFileSizeHigh=0x0, nFileSizeLow=0x4670)) returned 1 [0094.876] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeaf8) returned 1 [0094.876] MoveFileW (lpExistingFileName="C:\\Users\\FD1HVy\\Documents\\CPoDMpxr\\e4fndvcoLqNRAFIaMJ\\Q_VI.doc" (normalized: "c:\\users\\fd1hvy\\documents\\cpodmpxr\\e4fndvcolqnrafiamj\\q_vi.doc"), lpNewFileName="C:\\Users\\FD1HVy\\Documents\\CPoDMpxr\\e4fndvcoLqNRAFIaMJ\\Q_VI.doc.shade8" (normalized: "c:\\users\\fd1hvy\\documents\\cpodmpxr\\e4fndvcolqnrafiamj\\q_vi.doc.shade8")) returned 1 [0094.876] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\CPoDMpxr\\e4fndvcoLqNRAFIaMJ\\yU6_OHjg.docx", nBufferLength=0x105, lpBuffer=0xcfe538, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\CPoDMpxr\\e4fndvcoLqNRAFIaMJ\\yU6_OHjg.docx", lpFilePart=0x0) returned 0x43 [0094.876] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfea7c) returned 1 [0094.876] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Documents\\CPoDMpxr\\e4fndvcoLqNRAFIaMJ\\yU6_OHjg.docx" (normalized: "c:\\users\\fd1hvy\\documents\\cpodmpxr\\e4fndvcolqnrafiamj\\yu6_ohjg.docx"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2b8 [0094.876] GetFileType (hFile=0x2b8) returned 0x1 [0094.876] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfea78) returned 1 [0094.876] GetFileType (hFile=0x2b8) returned 0x1 [0094.876] GetFileSize (in: hFile=0x2b8, lpFileSizeHigh=0xcfeb78 | out: lpFileSizeHigh=0xcfeb78*=0x0) returned 0xd92d [0094.877] ReadFile (in: hFile=0x2b8, lpBuffer=0x2dce340, nNumberOfBytesToRead=0xd92d, lpNumberOfBytesRead=0xcfeb24, lpOverlapped=0x0 | out: lpBuffer=0x2dce340*, lpNumberOfBytesRead=0xcfeb24*=0xd92d, lpOverlapped=0x0) returned 1 [0094.877] CloseHandle (hObject=0x2b8) returned 1 [0094.983] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", nBufferLength=0x105, lpBuffer=0xcfe63c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", lpFilePart=0x0) returned 0x2c [0094.983] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeaf0) returned 1 [0094.983] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8" (normalized: "c:\\users\\fd1hvy\\desktop\\read_this.txt.shade8"), fInfoLevelId=0x0, lpFileInformation=0xcfeb6c | out: lpFileInformation=0xcfeb6c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0095.092] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeaec) returned 1 [0095.092] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\CPoDMpxr\\e4fndvcoLqNRAFIaMJ\\yU6_OHjg.docx", nBufferLength=0x105, lpBuffer=0xcfe524, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\CPoDMpxr\\e4fndvcoLqNRAFIaMJ\\yU6_OHjg.docx", lpFilePart=0x0) returned 0x43 [0095.092] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfea68) returned 1 [0095.092] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Documents\\CPoDMpxr\\e4fndvcoLqNRAFIaMJ\\yU6_OHjg.docx" (normalized: "c:\\users\\fd1hvy\\documents\\cpodmpxr\\e4fndvcolqnrafiamj\\yu6_ohjg.docx"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2b8 [0095.094] GetFileType (hFile=0x2b8) returned 0x1 [0095.094] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfea64) returned 1 [0095.094] GetFileType (hFile=0x2b8) returned 0x1 [0095.094] WriteFile (in: hFile=0x2b8, lpBuffer=0x2e43cd0*, nNumberOfBytesToWrite=0xd930, lpNumberOfBytesWritten=0xcfeb18, lpOverlapped=0x0 | out: lpBuffer=0x2e43cd0*, lpNumberOfBytesWritten=0xcfeb18*=0xd930, lpOverlapped=0x0) returned 1 [0095.096] CloseHandle (hObject=0x2b8) returned 1 [0095.098] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\CPoDMpxr\\e4fndvcoLqNRAFIaMJ\\yU6_OHjg.docx", nBufferLength=0x105, lpBuffer=0xcfe648, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\CPoDMpxr\\e4fndvcoLqNRAFIaMJ\\yU6_OHjg.docx", lpFilePart=0x0) returned 0x43 [0095.098] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\CPoDMpxr\\e4fndvcoLqNRAFIaMJ\\yU6_OHjg.docx.shade8", nBufferLength=0x105, lpBuffer=0xcfe648, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\CPoDMpxr\\e4fndvcoLqNRAFIaMJ\\yU6_OHjg.docx.shade8", lpFilePart=0x0) returned 0x4a [0095.098] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeafc) returned 1 [0095.098] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\CPoDMpxr\\e4fndvcoLqNRAFIaMJ\\yU6_OHjg.docx" (normalized: "c:\\users\\fd1hvy\\documents\\cpodmpxr\\e4fndvcolqnrafiamj\\yu6_ohjg.docx"), fInfoLevelId=0x0, lpFileInformation=0xcfeb78 | out: lpFileInformation=0xcfeb78*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3d499910, ftCreationTime.dwHighDateTime=0x1d4d515, ftLastAccessTime.dwLowDateTime=0xf5e14d00, ftLastAccessTime.dwHighDateTime=0x1d4c67a, ftLastWriteTime.dwLowDateTime=0x8149e1d9, ftLastWriteTime.dwHighDateTime=0x1d57301, nFileSizeHigh=0x0, nFileSizeLow=0xd930)) returned 1 [0095.098] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeaf8) returned 1 [0095.098] MoveFileW (lpExistingFileName="C:\\Users\\FD1HVy\\Documents\\CPoDMpxr\\e4fndvcoLqNRAFIaMJ\\yU6_OHjg.docx" (normalized: "c:\\users\\fd1hvy\\documents\\cpodmpxr\\e4fndvcolqnrafiamj\\yu6_ohjg.docx"), lpNewFileName="C:\\Users\\FD1HVy\\Documents\\CPoDMpxr\\e4fndvcoLqNRAFIaMJ\\yU6_OHjg.docx.shade8" (normalized: "c:\\users\\fd1hvy\\documents\\cpodmpxr\\e4fndvcolqnrafiamj\\yu6_ohjg.docx.shade8")) returned 1 [0095.099] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfebd0) returned 1 [0095.099] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\CPoDMpxr\\YEjsT", nBufferLength=0x105, lpBuffer=0xcfe684, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\CPoDMpxr\\YEjsT", lpFilePart=0x0) returned 0x28 [0095.185] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\CPoDMpxr\\YEjsT\\*", lpFindFileData=0xcfe8f8 | out: lpFindFileData=0xcfe8f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x9c2852d0, ftCreationTime.dwHighDateTime=0x1d4cb44, ftLastAccessTime.dwLowDateTime=0xee8b98e0, ftLastAccessTime.dwHighDateTime=0x1d4c872, ftLastWriteTime.dwLowDateTime=0xee8b98e0, ftLastWriteTime.dwHighDateTime=0x1d4c872, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xfe6660 [0095.185] FindNextFileW (in: hFindFile=0xfe6660, lpFindFileData=0xcfe904 | out: lpFindFileData=0xcfe904*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x9c2852d0, ftCreationTime.dwHighDateTime=0x1d4cb44, ftLastAccessTime.dwLowDateTime=0xee8b98e0, ftLastAccessTime.dwHighDateTime=0x1d4c872, ftLastWriteTime.dwLowDateTime=0xee8b98e0, ftLastWriteTime.dwHighDateTime=0x1d4c872, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0095.185] FindNextFileW (in: hFindFile=0xfe6660, lpFindFileData=0xcfe904 | out: lpFindFileData=0xcfe904*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6d95f840, ftCreationTime.dwHighDateTime=0x1d4c93d, ftLastAccessTime.dwLowDateTime=0x7a5dede0, ftLastAccessTime.dwHighDateTime=0x1d4cfea, ftLastWriteTime.dwLowDateTime=0x7a5dede0, ftLastWriteTime.dwHighDateTime=0x1d4cfea, nFileSizeHigh=0x0, nFileSizeLow=0x13f1a, dwReserved0=0x0, dwReserved1=0x0, cFileName="MrNSPQHeK1G_YpPYKJD.xls", cAlternateFileName="MRNSPQ~1.XLS")) returned 1 [0095.186] FindNextFileW (in: hFindFile=0xfe6660, lpFindFileData=0xcfe904 | out: lpFindFileData=0xcfe904*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xedd26280, ftCreationTime.dwHighDateTime=0x1d4c6e7, ftLastAccessTime.dwLowDateTime=0xd76cd880, ftLastAccessTime.dwHighDateTime=0x1d4ce4f, ftLastWriteTime.dwLowDateTime=0xd76cd880, ftLastWriteTime.dwHighDateTime=0x1d4ce4f, nFileSizeHigh=0x0, nFileSizeLow=0xf049, dwReserved0=0x0, dwReserved1=0x0, cFileName="SI4zBwZk2879i6WhNLa.pptx", cAlternateFileName="SI4ZBW~1.PPT")) returned 1 [0095.186] FindNextFileW (in: hFindFile=0xfe6660, lpFindFileData=0xcfe904 | out: lpFindFileData=0xcfe904*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x437fb840, ftCreationTime.dwHighDateTime=0x1d4c57b, ftLastAccessTime.dwLowDateTime=0xc7064220, ftLastAccessTime.dwHighDateTime=0x1d4cbf1, ftLastWriteTime.dwLowDateTime=0xc7064220, ftLastWriteTime.dwHighDateTime=0x1d4cbf1, nFileSizeHigh=0x0, nFileSizeLow=0x17488, dwReserved0=0x0, dwReserved1=0x0, cFileName="zhnGqRD-rZtgNp.rtf", cAlternateFileName="ZHNGQR~1.RTF")) returned 1 [0095.186] FindNextFileW (in: hFindFile=0xfe6660, lpFindFileData=0xcfe904 | out: lpFindFileData=0xcfe904*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0095.186] FindClose (in: hFindFile=0xfe6660 | out: hFindFile=0xfe6660) returned 1 [0095.186] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeb8c) returned 1 [0095.186] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeb98) returned 1 [0095.186] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfebd0) returned 1 [0095.187] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\CPoDMpxr\\YEjsT", nBufferLength=0x105, lpBuffer=0xcfe684, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\CPoDMpxr\\YEjsT", lpFilePart=0x0) returned 0x28 [0095.187] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\CPoDMpxr\\YEjsT\\*", lpFindFileData=0xcfe8f8 | out: lpFindFileData=0xcfe8f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x9c2852d0, ftCreationTime.dwHighDateTime=0x1d4cb44, ftLastAccessTime.dwLowDateTime=0xee8b98e0, ftLastAccessTime.dwHighDateTime=0x1d4c872, ftLastWriteTime.dwLowDateTime=0xee8b98e0, ftLastWriteTime.dwHighDateTime=0x1d4c872, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xfe64e0 [0095.187] FindNextFileW (in: hFindFile=0xfe64e0, lpFindFileData=0xcfe904 | out: lpFindFileData=0xcfe904*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x9c2852d0, ftCreationTime.dwHighDateTime=0x1d4cb44, ftLastAccessTime.dwLowDateTime=0xee8b98e0, ftLastAccessTime.dwHighDateTime=0x1d4c872, ftLastWriteTime.dwLowDateTime=0xee8b98e0, ftLastWriteTime.dwHighDateTime=0x1d4c872, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0095.187] FindNextFileW (in: hFindFile=0xfe64e0, lpFindFileData=0xcfe904 | out: lpFindFileData=0xcfe904*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6d95f840, ftCreationTime.dwHighDateTime=0x1d4c93d, ftLastAccessTime.dwLowDateTime=0x7a5dede0, ftLastAccessTime.dwHighDateTime=0x1d4cfea, ftLastWriteTime.dwLowDateTime=0x7a5dede0, ftLastWriteTime.dwHighDateTime=0x1d4cfea, nFileSizeHigh=0x0, nFileSizeLow=0x13f1a, dwReserved0=0x0, dwReserved1=0x0, cFileName="MrNSPQHeK1G_YpPYKJD.xls", cAlternateFileName="MRNSPQ~1.XLS")) returned 1 [0095.187] FindNextFileW (in: hFindFile=0xfe64e0, lpFindFileData=0xcfe904 | out: lpFindFileData=0xcfe904*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xedd26280, ftCreationTime.dwHighDateTime=0x1d4c6e7, ftLastAccessTime.dwLowDateTime=0xd76cd880, ftLastAccessTime.dwHighDateTime=0x1d4ce4f, ftLastWriteTime.dwLowDateTime=0xd76cd880, ftLastWriteTime.dwHighDateTime=0x1d4ce4f, nFileSizeHigh=0x0, nFileSizeLow=0xf049, dwReserved0=0x0, dwReserved1=0x0, cFileName="SI4zBwZk2879i6WhNLa.pptx", cAlternateFileName="SI4ZBW~1.PPT")) returned 1 [0095.187] FindNextFileW (in: hFindFile=0xfe64e0, lpFindFileData=0xcfe904 | out: lpFindFileData=0xcfe904*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x437fb840, ftCreationTime.dwHighDateTime=0x1d4c57b, ftLastAccessTime.dwLowDateTime=0xc7064220, ftLastAccessTime.dwHighDateTime=0x1d4cbf1, ftLastWriteTime.dwLowDateTime=0xc7064220, ftLastWriteTime.dwHighDateTime=0x1d4cbf1, nFileSizeHigh=0x0, nFileSizeLow=0x17488, dwReserved0=0x0, dwReserved1=0x0, cFileName="zhnGqRD-rZtgNp.rtf", cAlternateFileName="ZHNGQR~1.RTF")) returned 1 [0095.188] FindNextFileW (in: hFindFile=0xfe64e0, lpFindFileData=0xcfe904 | out: lpFindFileData=0xcfe904*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x437fb840, ftCreationTime.dwHighDateTime=0x1d4c57b, ftLastAccessTime.dwLowDateTime=0xc7064220, ftLastAccessTime.dwHighDateTime=0x1d4cbf1, ftLastWriteTime.dwLowDateTime=0xc7064220, ftLastWriteTime.dwHighDateTime=0x1d4cbf1, nFileSizeHigh=0x0, nFileSizeLow=0x17488, dwReserved0=0x0, dwReserved1=0x0, cFileName="zhnGqRD-rZtgNp.rtf", cAlternateFileName="ZHNGQR~1.RTF")) returned 0 [0095.188] FindClose (in: hFindFile=0xfe64e0 | out: hFindFile=0xfe64e0) returned 1 [0095.188] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeb8c) returned 1 [0095.188] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeb98) returned 1 [0095.188] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\CPoDMpxr\\YEjsT\\MrNSPQHeK1G_YpPYKJD.xls", nBufferLength=0x105, lpBuffer=0xcfe538, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\CPoDMpxr\\YEjsT\\MrNSPQHeK1G_YpPYKJD.xls", lpFilePart=0x0) returned 0x40 [0095.188] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfea7c) returned 1 [0095.188] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Documents\\CPoDMpxr\\YEjsT\\MrNSPQHeK1G_YpPYKJD.xls" (normalized: "c:\\users\\fd1hvy\\documents\\cpodmpxr\\yejst\\mrnspqhek1g_yppykjd.xls"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2b8 [0095.188] GetFileType (hFile=0x2b8) returned 0x1 [0095.188] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfea78) returned 1 [0095.188] GetFileType (hFile=0x2b8) returned 0x1 [0095.188] GetFileSize (in: hFile=0x2b8, lpFileSizeHigh=0xcfeb78 | out: lpFileSizeHigh=0xcfeb78*=0x0) returned 0x13f1a [0095.188] ReadFile (in: hFile=0x2b8, lpBuffer=0x2bed774, nNumberOfBytesToRead=0x13f1a, lpNumberOfBytesRead=0xcfeb24, lpOverlapped=0x0 | out: lpBuffer=0x2bed774*, lpNumberOfBytesRead=0xcfeb24*=0x13f1a, lpOverlapped=0x0) returned 1 [0095.189] CloseHandle (hObject=0x2b8) returned 1 [0095.364] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", nBufferLength=0x105, lpBuffer=0xcfe63c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", lpFilePart=0x0) returned 0x2c [0095.364] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeaf0) returned 1 [0095.364] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8" (normalized: "c:\\users\\fd1hvy\\desktop\\read_this.txt.shade8"), fInfoLevelId=0x0, lpFileInformation=0xcfeb6c | out: lpFileInformation=0xcfeb6c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0095.364] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeaec) returned 1 [0095.364] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\CPoDMpxr\\YEjsT\\MrNSPQHeK1G_YpPYKJD.xls", nBufferLength=0x105, lpBuffer=0xcfe524, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\CPoDMpxr\\YEjsT\\MrNSPQHeK1G_YpPYKJD.xls", lpFilePart=0x0) returned 0x40 [0095.364] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfea68) returned 1 [0095.364] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Documents\\CPoDMpxr\\YEjsT\\MrNSPQHeK1G_YpPYKJD.xls" (normalized: "c:\\users\\fd1hvy\\documents\\cpodmpxr\\yejst\\mrnspqhek1g_yppykjd.xls"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2b8 [0095.366] GetFileType (hFile=0x2b8) returned 0x1 [0095.366] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfea64) returned 1 [0095.366] GetFileType (hFile=0x2b8) returned 0x1 [0095.366] WriteFile (in: hFile=0x2b8, lpBuffer=0x2c76430*, nNumberOfBytesToWrite=0x13f20, lpNumberOfBytesWritten=0xcfeb18, lpOverlapped=0x0 | out: lpBuffer=0x2c76430*, lpNumberOfBytesWritten=0xcfeb18*=0x13f20, lpOverlapped=0x0) returned 1 [0095.368] CloseHandle (hObject=0x2b8) returned 1 [0095.370] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\CPoDMpxr\\YEjsT\\MrNSPQHeK1G_YpPYKJD.xls", nBufferLength=0x105, lpBuffer=0xcfe648, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\CPoDMpxr\\YEjsT\\MrNSPQHeK1G_YpPYKJD.xls", lpFilePart=0x0) returned 0x40 [0095.370] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\CPoDMpxr\\YEjsT\\MrNSPQHeK1G_YpPYKJD.xls.shade8", nBufferLength=0x105, lpBuffer=0xcfe648, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\CPoDMpxr\\YEjsT\\MrNSPQHeK1G_YpPYKJD.xls.shade8", lpFilePart=0x0) returned 0x47 [0095.370] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeafc) returned 1 [0095.371] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\CPoDMpxr\\YEjsT\\MrNSPQHeK1G_YpPYKJD.xls" (normalized: "c:\\users\\fd1hvy\\documents\\cpodmpxr\\yejst\\mrnspqhek1g_yppykjd.xls"), fInfoLevelId=0x0, lpFileInformation=0xcfeb78 | out: lpFileInformation=0xcfeb78*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6d95f840, ftCreationTime.dwHighDateTime=0x1d4c93d, ftLastAccessTime.dwLowDateTime=0x7a5dede0, ftLastAccessTime.dwHighDateTime=0x1d4cfea, ftLastWriteTime.dwLowDateTime=0x81726931, ftLastWriteTime.dwHighDateTime=0x1d57301, nFileSizeHigh=0x0, nFileSizeLow=0x13f20)) returned 1 [0095.371] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeaf8) returned 1 [0095.371] MoveFileW (lpExistingFileName="C:\\Users\\FD1HVy\\Documents\\CPoDMpxr\\YEjsT\\MrNSPQHeK1G_YpPYKJD.xls" (normalized: "c:\\users\\fd1hvy\\documents\\cpodmpxr\\yejst\\mrnspqhek1g_yppykjd.xls"), lpNewFileName="C:\\Users\\FD1HVy\\Documents\\CPoDMpxr\\YEjsT\\MrNSPQHeK1G_YpPYKJD.xls.shade8" (normalized: "c:\\users\\fd1hvy\\documents\\cpodmpxr\\yejst\\mrnspqhek1g_yppykjd.xls.shade8")) returned 1 [0095.371] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\CPoDMpxr\\YEjsT\\SI4zBwZk2879i6WhNLa.pptx", nBufferLength=0x105, lpBuffer=0xcfe538, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\CPoDMpxr\\YEjsT\\SI4zBwZk2879i6WhNLa.pptx", lpFilePart=0x0) returned 0x41 [0095.371] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfea7c) returned 1 [0095.371] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Documents\\CPoDMpxr\\YEjsT\\SI4zBwZk2879i6WhNLa.pptx" (normalized: "c:\\users\\fd1hvy\\documents\\cpodmpxr\\yejst\\si4zbwzk2879i6whnla.pptx"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2b8 [0095.372] GetFileType (hFile=0x2b8) returned 0x1 [0095.372] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfea78) returned 1 [0095.372] GetFileType (hFile=0x2b8) returned 0x1 [0095.372] GetFileSize (in: hFile=0x2b8, lpFileSizeHigh=0xcfeb78 | out: lpFileSizeHigh=0xcfeb78*=0x0) returned 0xf049 [0095.372] ReadFile (in: hFile=0x2b8, lpBuffer=0x2c8a8c0, nNumberOfBytesToRead=0xf049, lpNumberOfBytesRead=0xcfeb24, lpOverlapped=0x0 | out: lpBuffer=0x2c8a8c0*, lpNumberOfBytesRead=0xcfeb24*=0xf049, lpOverlapped=0x0) returned 1 [0095.372] CloseHandle (hObject=0x2b8) returned 1 [0095.440] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", nBufferLength=0x105, lpBuffer=0xcfe63c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", lpFilePart=0x0) returned 0x2c [0095.440] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeaf0) returned 1 [0095.440] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8" (normalized: "c:\\users\\fd1hvy\\desktop\\read_this.txt.shade8"), fInfoLevelId=0x0, lpFileInformation=0xcfeb6c | out: lpFileInformation=0xcfeb6c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0095.441] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeaec) returned 1 [0095.441] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\CPoDMpxr\\YEjsT\\SI4zBwZk2879i6WhNLa.pptx", nBufferLength=0x105, lpBuffer=0xcfe524, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\CPoDMpxr\\YEjsT\\SI4zBwZk2879i6WhNLa.pptx", lpFilePart=0x0) returned 0x41 [0095.441] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfea68) returned 1 [0095.441] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Documents\\CPoDMpxr\\YEjsT\\SI4zBwZk2879i6WhNLa.pptx" (normalized: "c:\\users\\fd1hvy\\documents\\cpodmpxr\\yejst\\si4zbwzk2879i6whnla.pptx"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2b8 [0095.442] GetFileType (hFile=0x2b8) returned 0x1 [0095.442] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfea64) returned 1 [0095.442] GetFileType (hFile=0x2b8) returned 0x1 [0095.442] WriteFile (in: hFile=0x2b8, lpBuffer=0x2d047b0*, nNumberOfBytesToWrite=0xf050, lpNumberOfBytesWritten=0xcfeb18, lpOverlapped=0x0 | out: lpBuffer=0x2d047b0*, lpNumberOfBytesWritten=0xcfeb18*=0xf050, lpOverlapped=0x0) returned 1 [0095.444] CloseHandle (hObject=0x2b8) returned 1 [0095.446] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\CPoDMpxr\\YEjsT\\SI4zBwZk2879i6WhNLa.pptx", nBufferLength=0x105, lpBuffer=0xcfe648, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\CPoDMpxr\\YEjsT\\SI4zBwZk2879i6WhNLa.pptx", lpFilePart=0x0) returned 0x41 [0095.446] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\CPoDMpxr\\YEjsT\\SI4zBwZk2879i6WhNLa.pptx.shade8", nBufferLength=0x105, lpBuffer=0xcfe648, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\CPoDMpxr\\YEjsT\\SI4zBwZk2879i6WhNLa.pptx.shade8", lpFilePart=0x0) returned 0x48 [0095.446] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeafc) returned 1 [0095.446] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\CPoDMpxr\\YEjsT\\SI4zBwZk2879i6WhNLa.pptx" (normalized: "c:\\users\\fd1hvy\\documents\\cpodmpxr\\yejst\\si4zbwzk2879i6whnla.pptx"), fInfoLevelId=0x0, lpFileInformation=0xcfeb78 | out: lpFileInformation=0xcfeb78*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xedd26280, ftCreationTime.dwHighDateTime=0x1d4c6e7, ftLastAccessTime.dwLowDateTime=0xd76cd880, ftLastAccessTime.dwHighDateTime=0x1d4ce4f, ftLastWriteTime.dwLowDateTime=0x817e54d8, ftLastWriteTime.dwHighDateTime=0x1d57301, nFileSizeHigh=0x0, nFileSizeLow=0xf050)) returned 1 [0095.447] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeaf8) returned 1 [0095.447] MoveFileW (lpExistingFileName="C:\\Users\\FD1HVy\\Documents\\CPoDMpxr\\YEjsT\\SI4zBwZk2879i6WhNLa.pptx" (normalized: "c:\\users\\fd1hvy\\documents\\cpodmpxr\\yejst\\si4zbwzk2879i6whnla.pptx"), lpNewFileName="C:\\Users\\FD1HVy\\Documents\\CPoDMpxr\\YEjsT\\SI4zBwZk2879i6WhNLa.pptx.shade8" (normalized: "c:\\users\\fd1hvy\\documents\\cpodmpxr\\yejst\\si4zbwzk2879i6whnla.pptx.shade8")) returned 1 [0095.447] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\CPoDMpxr\\YEjsT\\zhnGqRD-rZtgNp.rtf", nBufferLength=0x105, lpBuffer=0xcfe538, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\CPoDMpxr\\YEjsT\\zhnGqRD-rZtgNp.rtf", lpFilePart=0x0) returned 0x3b [0095.447] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfea7c) returned 1 [0095.447] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Documents\\CPoDMpxr\\YEjsT\\zhnGqRD-rZtgNp.rtf" (normalized: "c:\\users\\fd1hvy\\documents\\cpodmpxr\\yejst\\zhngqrd-rztgnp.rtf"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2b8 [0095.447] GetFileType (hFile=0x2b8) returned 0x1 [0095.447] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfea78) returned 1 [0095.447] GetFileType (hFile=0x2b8) returned 0x1 [0095.447] GetFileSize (in: hFile=0x2b8, lpFileSizeHigh=0xcfeb78 | out: lpFileSizeHigh=0xcfeb78*=0x0) returned 0x17488 [0095.448] ReadFile (in: hFile=0x2b8, lpBuffer=0x3d422b0, nNumberOfBytesToRead=0x17488, lpNumberOfBytesRead=0xcfeb24, lpOverlapped=0x0 | out: lpBuffer=0x3d422b0*, lpNumberOfBytesRead=0xcfeb24*=0x17488, lpOverlapped=0x0) returned 1 [0095.450] CloseHandle (hObject=0x2b8) returned 1 [0095.511] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", nBufferLength=0x105, lpBuffer=0xcfe63c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", lpFilePart=0x0) returned 0x2c [0095.512] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeaf0) returned 1 [0095.512] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8" (normalized: "c:\\users\\fd1hvy\\desktop\\read_this.txt.shade8"), fInfoLevelId=0x0, lpFileInformation=0xcfeb6c | out: lpFileInformation=0xcfeb6c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0095.512] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeaec) returned 1 [0095.512] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\CPoDMpxr\\YEjsT\\zhnGqRD-rZtgNp.rtf", nBufferLength=0x105, lpBuffer=0xcfe524, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\CPoDMpxr\\YEjsT\\zhnGqRD-rZtgNp.rtf", lpFilePart=0x0) returned 0x3b [0095.512] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfea68) returned 1 [0095.512] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Documents\\CPoDMpxr\\YEjsT\\zhnGqRD-rZtgNp.rtf" (normalized: "c:\\users\\fd1hvy\\documents\\cpodmpxr\\yejst\\zhngqrd-rztgnp.rtf"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2b8 [0095.514] GetFileType (hFile=0x2b8) returned 0x1 [0095.514] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfea64) returned 1 [0095.514] GetFileType (hFile=0x2b8) returned 0x1 [0095.514] WriteFile (in: hFile=0x2b8, lpBuffer=0x3db69b8*, nNumberOfBytesToWrite=0x17490, lpNumberOfBytesWritten=0xcfeb18, lpOverlapped=0x0 | out: lpBuffer=0x3db69b8*, lpNumberOfBytesWritten=0xcfeb18*=0x17490, lpOverlapped=0x0) returned 1 [0095.516] CloseHandle (hObject=0x2b8) returned 1 [0095.519] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\CPoDMpxr\\YEjsT\\zhnGqRD-rZtgNp.rtf", nBufferLength=0x105, lpBuffer=0xcfe648, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\CPoDMpxr\\YEjsT\\zhnGqRD-rZtgNp.rtf", lpFilePart=0x0) returned 0x3b [0095.519] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\CPoDMpxr\\YEjsT\\zhnGqRD-rZtgNp.rtf.shade8", nBufferLength=0x105, lpBuffer=0xcfe648, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\CPoDMpxr\\YEjsT\\zhnGqRD-rZtgNp.rtf.shade8", lpFilePart=0x0) returned 0x42 [0095.519] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeafc) returned 1 [0095.519] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\CPoDMpxr\\YEjsT\\zhnGqRD-rZtgNp.rtf" (normalized: "c:\\users\\fd1hvy\\documents\\cpodmpxr\\yejst\\zhngqrd-rztgnp.rtf"), fInfoLevelId=0x0, lpFileInformation=0xcfeb78 | out: lpFileInformation=0xcfeb78*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x437fb840, ftCreationTime.dwHighDateTime=0x1d4c57b, ftLastAccessTime.dwLowDateTime=0xc7064220, ftLastAccessTime.dwHighDateTime=0x1d4cbf1, ftLastWriteTime.dwLowDateTime=0x818a4124, ftLastWriteTime.dwHighDateTime=0x1d57301, nFileSizeHigh=0x0, nFileSizeLow=0x17490)) returned 1 [0095.520] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeaf8) returned 1 [0095.520] MoveFileW (lpExistingFileName="C:\\Users\\FD1HVy\\Documents\\CPoDMpxr\\YEjsT\\zhnGqRD-rZtgNp.rtf" (normalized: "c:\\users\\fd1hvy\\documents\\cpodmpxr\\yejst\\zhngqrd-rztgnp.rtf"), lpNewFileName="C:\\Users\\FD1HVy\\Documents\\CPoDMpxr\\YEjsT\\zhnGqRD-rZtgNp.rtf.shade8" (normalized: "c:\\users\\fd1hvy\\documents\\cpodmpxr\\yejst\\zhngqrd-rztgnp.rtf.shade8")) returned 1 [0095.520] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfec44) returned 1 [0095.520] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\EASk6o6CF0e kL2L", nBufferLength=0x105, lpBuffer=0xcfe6f8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\EASk6o6CF0e kL2L", lpFilePart=0x0) returned 0x2a [0095.520] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\EASk6o6CF0e kL2L\\*", lpFindFileData=0xcfe96c | out: lpFindFileData=0xcfe96c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x14945ac0, ftCreationTime.dwHighDateTime=0x1d4cc94, ftLastAccessTime.dwLowDateTime=0x640d0e70, ftLastAccessTime.dwHighDateTime=0x1d4c669, ftLastWriteTime.dwLowDateTime=0x640d0e70, ftLastWriteTime.dwHighDateTime=0x1d4c669, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xfe65e0 [0095.521] FindNextFileW (in: hFindFile=0xfe65e0, lpFindFileData=0xcfe978 | out: lpFindFileData=0xcfe978*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x14945ac0, ftCreationTime.dwHighDateTime=0x1d4cc94, ftLastAccessTime.dwLowDateTime=0x640d0e70, ftLastAccessTime.dwHighDateTime=0x1d4c669, ftLastWriteTime.dwLowDateTime=0x640d0e70, ftLastWriteTime.dwHighDateTime=0x1d4c669, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0095.521] FindNextFileW (in: hFindFile=0xfe65e0, lpFindFileData=0xcfe978 | out: lpFindFileData=0xcfe978*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc9788f70, ftCreationTime.dwHighDateTime=0x1d4c603, ftLastAccessTime.dwLowDateTime=0xf49b3220, ftLastAccessTime.dwHighDateTime=0x1d4cd01, ftLastWriteTime.dwLowDateTime=0xf49b3220, ftLastWriteTime.dwHighDateTime=0x1d4cd01, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="BZnu1veNVTy5ewM0", cAlternateFileName="BZNU1V~1")) returned 1 [0095.521] FindNextFileW (in: hFindFile=0xfe65e0, lpFindFileData=0xcfe978 | out: lpFindFileData=0xcfe978*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x4339b1b0, ftCreationTime.dwHighDateTime=0x1d4c8b4, ftLastAccessTime.dwLowDateTime=0x9a70ff50, ftLastAccessTime.dwHighDateTime=0x1d4cb17, ftLastWriteTime.dwLowDateTime=0x9a70ff50, ftLastWriteTime.dwHighDateTime=0x1d4cb17, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="dwU1sWDrwwAwtXWPjN8E", cAlternateFileName="DWU1SW~1")) returned 1 [0095.521] FindNextFileW (in: hFindFile=0xfe65e0, lpFindFileData=0xcfe978 | out: lpFindFileData=0xcfe978*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1a687060, ftCreationTime.dwHighDateTime=0x1d4cf5c, ftLastAccessTime.dwLowDateTime=0x57897d00, ftLastAccessTime.dwHighDateTime=0x1d4ce2f, ftLastWriteTime.dwLowDateTime=0x57897d00, ftLastWriteTime.dwHighDateTime=0x1d4ce2f, nFileSizeHigh=0x0, nFileSizeLow=0x9e7f, dwReserved0=0x0, dwReserved1=0x0, cFileName="jBWrGIz2vRaowKZllk.ppt", cAlternateFileName="JBWRGI~1.PPT")) returned 1 [0095.521] FindNextFileW (in: hFindFile=0xfe65e0, lpFindFileData=0xcfe978 | out: lpFindFileData=0xcfe978*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcdf3b970, ftCreationTime.dwHighDateTime=0x1d4d09a, ftLastAccessTime.dwLowDateTime=0xebb95f40, ftLastAccessTime.dwHighDateTime=0x1d4cb55, ftLastWriteTime.dwLowDateTime=0xebb95f40, ftLastWriteTime.dwHighDateTime=0x1d4cb55, nFileSizeHigh=0x0, nFileSizeLow=0x109bb, dwReserved0=0x0, dwReserved1=0x0, cFileName="QHZGdI7aI.ods", cAlternateFileName="QHZGDI~1.ODS")) returned 1 [0095.521] FindNextFileW (in: hFindFile=0xfe65e0, lpFindFileData=0xcfe978 | out: lpFindFileData=0xcfe978*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x53179580, ftCreationTime.dwHighDateTime=0x1d4cf43, ftLastAccessTime.dwLowDateTime=0xf4b83c50, ftLastAccessTime.dwHighDateTime=0x1d4cd8b, ftLastWriteTime.dwLowDateTime=0xf4b83c50, ftLastWriteTime.dwHighDateTime=0x1d4cd8b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="wJpBbkO-ZoXM", cAlternateFileName="WJPBBK~1")) returned 1 [0095.522] FindNextFileW (in: hFindFile=0xfe65e0, lpFindFileData=0xcfe978 | out: lpFindFileData=0xcfe978*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xefc3d320, ftCreationTime.dwHighDateTime=0x1d4d499, ftLastAccessTime.dwLowDateTime=0xa8437c40, ftLastAccessTime.dwHighDateTime=0x1d4c6f1, ftLastWriteTime.dwLowDateTime=0xa8437c40, ftLastWriteTime.dwHighDateTime=0x1d4c6f1, nFileSizeHigh=0x0, nFileSizeLow=0x14d04, dwReserved0=0x0, dwReserved1=0x0, cFileName="xQmghAcjXDckSt.odt", cAlternateFileName="XQMGHA~1.ODT")) returned 1 [0095.522] FindNextFileW (in: hFindFile=0xfe65e0, lpFindFileData=0xcfe978 | out: lpFindFileData=0xcfe978*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0095.522] FindClose (in: hFindFile=0xfe65e0 | out: hFindFile=0xfe65e0) returned 1 [0095.522] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfec00) returned 1 [0095.522] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfec0c) returned 1 [0095.522] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfec44) returned 1 [0095.522] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\EASk6o6CF0e kL2L", nBufferLength=0x105, lpBuffer=0xcfe6f8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\EASk6o6CF0e kL2L", lpFilePart=0x0) returned 0x2a [0095.522] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\EASk6o6CF0e kL2L\\*", lpFindFileData=0xcfe96c | out: lpFindFileData=0xcfe96c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x14945ac0, ftCreationTime.dwHighDateTime=0x1d4cc94, ftLastAccessTime.dwLowDateTime=0x640d0e70, ftLastAccessTime.dwHighDateTime=0x1d4c669, ftLastWriteTime.dwLowDateTime=0x640d0e70, ftLastWriteTime.dwHighDateTime=0x1d4c669, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xfe67a0 [0095.522] FindNextFileW (in: hFindFile=0xfe67a0, lpFindFileData=0xcfe978 | out: lpFindFileData=0xcfe978*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x14945ac0, ftCreationTime.dwHighDateTime=0x1d4cc94, ftLastAccessTime.dwLowDateTime=0x640d0e70, ftLastAccessTime.dwHighDateTime=0x1d4c669, ftLastWriteTime.dwLowDateTime=0x640d0e70, ftLastWriteTime.dwHighDateTime=0x1d4c669, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0095.523] FindNextFileW (in: hFindFile=0xfe67a0, lpFindFileData=0xcfe978 | out: lpFindFileData=0xcfe978*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc9788f70, ftCreationTime.dwHighDateTime=0x1d4c603, ftLastAccessTime.dwLowDateTime=0xf49b3220, ftLastAccessTime.dwHighDateTime=0x1d4cd01, ftLastWriteTime.dwLowDateTime=0xf49b3220, ftLastWriteTime.dwHighDateTime=0x1d4cd01, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="BZnu1veNVTy5ewM0", cAlternateFileName="BZNU1V~1")) returned 1 [0095.523] FindNextFileW (in: hFindFile=0xfe67a0, lpFindFileData=0xcfe978 | out: lpFindFileData=0xcfe978*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x4339b1b0, ftCreationTime.dwHighDateTime=0x1d4c8b4, ftLastAccessTime.dwLowDateTime=0x9a70ff50, ftLastAccessTime.dwHighDateTime=0x1d4cb17, ftLastWriteTime.dwLowDateTime=0x9a70ff50, ftLastWriteTime.dwHighDateTime=0x1d4cb17, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="dwU1sWDrwwAwtXWPjN8E", cAlternateFileName="DWU1SW~1")) returned 1 [0095.523] FindNextFileW (in: hFindFile=0xfe67a0, lpFindFileData=0xcfe978 | out: lpFindFileData=0xcfe978*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1a687060, ftCreationTime.dwHighDateTime=0x1d4cf5c, ftLastAccessTime.dwLowDateTime=0x57897d00, ftLastAccessTime.dwHighDateTime=0x1d4ce2f, ftLastWriteTime.dwLowDateTime=0x57897d00, ftLastWriteTime.dwHighDateTime=0x1d4ce2f, nFileSizeHigh=0x0, nFileSizeLow=0x9e7f, dwReserved0=0x0, dwReserved1=0x0, cFileName="jBWrGIz2vRaowKZllk.ppt", cAlternateFileName="JBWRGI~1.PPT")) returned 1 [0095.523] FindNextFileW (in: hFindFile=0xfe67a0, lpFindFileData=0xcfe978 | out: lpFindFileData=0xcfe978*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcdf3b970, ftCreationTime.dwHighDateTime=0x1d4d09a, ftLastAccessTime.dwLowDateTime=0xebb95f40, ftLastAccessTime.dwHighDateTime=0x1d4cb55, ftLastWriteTime.dwLowDateTime=0xebb95f40, ftLastWriteTime.dwHighDateTime=0x1d4cb55, nFileSizeHigh=0x0, nFileSizeLow=0x109bb, dwReserved0=0x0, dwReserved1=0x0, cFileName="QHZGdI7aI.ods", cAlternateFileName="QHZGDI~1.ODS")) returned 1 [0095.523] FindNextFileW (in: hFindFile=0xfe67a0, lpFindFileData=0xcfe978 | out: lpFindFileData=0xcfe978*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x53179580, ftCreationTime.dwHighDateTime=0x1d4cf43, ftLastAccessTime.dwLowDateTime=0xf4b83c50, ftLastAccessTime.dwHighDateTime=0x1d4cd8b, ftLastWriteTime.dwLowDateTime=0xf4b83c50, ftLastWriteTime.dwHighDateTime=0x1d4cd8b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="wJpBbkO-ZoXM", cAlternateFileName="WJPBBK~1")) returned 1 [0095.523] FindNextFileW (in: hFindFile=0xfe67a0, lpFindFileData=0xcfe978 | out: lpFindFileData=0xcfe978*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xefc3d320, ftCreationTime.dwHighDateTime=0x1d4d499, ftLastAccessTime.dwLowDateTime=0xa8437c40, ftLastAccessTime.dwHighDateTime=0x1d4c6f1, ftLastWriteTime.dwLowDateTime=0xa8437c40, ftLastWriteTime.dwHighDateTime=0x1d4c6f1, nFileSizeHigh=0x0, nFileSizeLow=0x14d04, dwReserved0=0x0, dwReserved1=0x0, cFileName="xQmghAcjXDckSt.odt", cAlternateFileName="XQMGHA~1.ODT")) returned 1 [0095.523] FindNextFileW (in: hFindFile=0xfe67a0, lpFindFileData=0xcfe978 | out: lpFindFileData=0xcfe978*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xefc3d320, ftCreationTime.dwHighDateTime=0x1d4d499, ftLastAccessTime.dwLowDateTime=0xa8437c40, ftLastAccessTime.dwHighDateTime=0x1d4c6f1, ftLastWriteTime.dwLowDateTime=0xa8437c40, ftLastWriteTime.dwHighDateTime=0x1d4c6f1, nFileSizeHigh=0x0, nFileSizeLow=0x14d04, dwReserved0=0x0, dwReserved1=0x0, cFileName="xQmghAcjXDckSt.odt", cAlternateFileName="XQMGHA~1.ODT")) returned 0 [0095.524] FindClose (in: hFindFile=0xfe67a0 | out: hFindFile=0xfe67a0) returned 1 [0095.524] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfec00) returned 1 [0095.524] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfec0c) returned 1 [0095.524] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\EASk6o6CF0e kL2L\\jBWrGIz2vRaowKZllk.ppt", nBufferLength=0x105, lpBuffer=0xcfe5ac, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\EASk6o6CF0e kL2L\\jBWrGIz2vRaowKZllk.ppt", lpFilePart=0x0) returned 0x41 [0095.524] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeaf0) returned 1 [0095.524] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Documents\\EASk6o6CF0e kL2L\\jBWrGIz2vRaowKZllk.ppt" (normalized: "c:\\users\\fd1hvy\\documents\\eask6o6cf0e kl2l\\jbwrgiz2vraowkzllk.ppt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2b8 [0095.524] GetFileType (hFile=0x2b8) returned 0x1 [0095.524] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeaec) returned 1 [0095.524] GetFileType (hFile=0x2b8) returned 0x1 [0095.524] GetFileSize (in: hFile=0x2b8, lpFileSizeHigh=0xcfebec | out: lpFileSizeHigh=0xcfebec*=0x0) returned 0x9e7f [0095.524] ReadFile (in: hFile=0x2b8, lpBuffer=0x2d63174, nNumberOfBytesToRead=0x9e7f, lpNumberOfBytesRead=0xcfeb98, lpOverlapped=0x0 | out: lpBuffer=0x2d63174*, lpNumberOfBytesRead=0xcfeb98*=0x9e7f, lpOverlapped=0x0) returned 1 [0095.525] CloseHandle (hObject=0x2b8) returned 1 [0095.541] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", nBufferLength=0x105, lpBuffer=0xcfe6b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", lpFilePart=0x0) returned 0x2c [0095.541] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeb64) returned 1 [0095.541] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8" (normalized: "c:\\users\\fd1hvy\\desktop\\read_this.txt.shade8"), fInfoLevelId=0x0, lpFileInformation=0xcfebe0 | out: lpFileInformation=0xcfebe0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0095.541] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeb60) returned 1 [0095.542] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\EASk6o6CF0e kL2L\\jBWrGIz2vRaowKZllk.ppt", nBufferLength=0x105, lpBuffer=0xcfe598, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\EASk6o6CF0e kL2L\\jBWrGIz2vRaowKZllk.ppt", lpFilePart=0x0) returned 0x41 [0095.542] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeadc) returned 1 [0095.542] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Documents\\EASk6o6CF0e kL2L\\jBWrGIz2vRaowKZllk.ppt" (normalized: "c:\\users\\fd1hvy\\documents\\eask6o6cf0e kl2l\\jbwrgiz2vraowkzllk.ppt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2b8 [0095.543] GetFileType (hFile=0x2b8) returned 0x1 [0095.543] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfead8) returned 1 [0095.543] GetFileType (hFile=0x2b8) returned 0x1 [0095.543] WriteFile (in: hFile=0x2b8, lpBuffer=0x2de17e0*, nNumberOfBytesToWrite=0x9e80, lpNumberOfBytesWritten=0xcfeb8c, lpOverlapped=0x0 | out: lpBuffer=0x2de17e0*, lpNumberOfBytesWritten=0xcfeb8c*=0x9e80, lpOverlapped=0x0) returned 1 [0095.544] CloseHandle (hObject=0x2b8) returned 1 [0095.620] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\EASk6o6CF0e kL2L\\jBWrGIz2vRaowKZllk.ppt", nBufferLength=0x105, lpBuffer=0xcfe6bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\EASk6o6CF0e kL2L\\jBWrGIz2vRaowKZllk.ppt", lpFilePart=0x0) returned 0x41 [0095.620] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\EASk6o6CF0e kL2L\\jBWrGIz2vRaowKZllk.ppt.shade8", nBufferLength=0x105, lpBuffer=0xcfe6bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\EASk6o6CF0e kL2L\\jBWrGIz2vRaowKZllk.ppt.shade8", lpFilePart=0x0) returned 0x48 [0095.621] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeb70) returned 1 [0095.621] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\EASk6o6CF0e kL2L\\jBWrGIz2vRaowKZllk.ppt" (normalized: "c:\\users\\fd1hvy\\documents\\eask6o6cf0e kl2l\\jbwrgiz2vraowkzllk.ppt"), fInfoLevelId=0x0, lpFileInformation=0xcfebec | out: lpFileInformation=0xcfebec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1a687060, ftCreationTime.dwHighDateTime=0x1d4cf5c, ftLastAccessTime.dwLowDateTime=0x57897d00, ftLastAccessTime.dwHighDateTime=0x1d4ce2f, ftLastWriteTime.dwLowDateTime=0x81988f4f, ftLastWriteTime.dwHighDateTime=0x1d57301, nFileSizeHigh=0x0, nFileSizeLow=0x9e80)) returned 1 [0095.621] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeb6c) returned 1 [0095.621] MoveFileW (lpExistingFileName="C:\\Users\\FD1HVy\\Documents\\EASk6o6CF0e kL2L\\jBWrGIz2vRaowKZllk.ppt" (normalized: "c:\\users\\fd1hvy\\documents\\eask6o6cf0e kl2l\\jbwrgiz2vraowkzllk.ppt"), lpNewFileName="C:\\Users\\FD1HVy\\Documents\\EASk6o6CF0e kL2L\\jBWrGIz2vRaowKZllk.ppt.shade8" (normalized: "c:\\users\\fd1hvy\\documents\\eask6o6cf0e kl2l\\jbwrgiz2vraowkzllk.ppt.shade8")) returned 1 [0095.621] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\EASk6o6CF0e kL2L\\xQmghAcjXDckSt.odt", nBufferLength=0x105, lpBuffer=0xcfe5ac, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\EASk6o6CF0e kL2L\\xQmghAcjXDckSt.odt", lpFilePart=0x0) returned 0x3d [0095.621] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeaf0) returned 1 [0095.622] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Documents\\EASk6o6CF0e kL2L\\xQmghAcjXDckSt.odt" (normalized: "c:\\users\\fd1hvy\\documents\\eask6o6cf0e kl2l\\xqmghacjxdckst.odt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2b8 [0095.622] GetFileType (hFile=0x2b8) returned 0x1 [0095.622] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeaec) returned 1 [0095.622] GetFileType (hFile=0x2b8) returned 0x1 [0095.622] GetFileSize (in: hFile=0x2b8, lpFileSizeHigh=0xcfebec | out: lpFileSizeHigh=0xcfebec*=0x0) returned 0x14d04 [0095.622] ReadFile (in: hFile=0x2b8, lpBuffer=0x3dcde68, nNumberOfBytesToRead=0x14d04, lpNumberOfBytesRead=0xcfeb98, lpOverlapped=0x0 | out: lpBuffer=0x3dcde68*, lpNumberOfBytesRead=0xcfeb98*=0x14d04, lpOverlapped=0x0) returned 1 [0095.624] CloseHandle (hObject=0x2b8) returned 1 [0095.743] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", nBufferLength=0x105, lpBuffer=0xcfe6b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", lpFilePart=0x0) returned 0x2c [0095.743] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeb64) returned 1 [0095.743] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8" (normalized: "c:\\users\\fd1hvy\\desktop\\read_this.txt.shade8"), fInfoLevelId=0x0, lpFileInformation=0xcfebe0 | out: lpFileInformation=0xcfebe0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0095.744] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeb60) returned 1 [0095.744] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\EASk6o6CF0e kL2L\\xQmghAcjXDckSt.odt", nBufferLength=0x105, lpBuffer=0xcfe598, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\EASk6o6CF0e kL2L\\xQmghAcjXDckSt.odt", lpFilePart=0x0) returned 0x3d [0095.744] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeadc) returned 1 [0095.744] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Documents\\EASk6o6CF0e kL2L\\xQmghAcjXDckSt.odt" (normalized: "c:\\users\\fd1hvy\\documents\\eask6o6cf0e kl2l\\xqmghacjxdckst.odt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2b8 [0095.745] GetFileType (hFile=0x2b8) returned 0x1 [0095.745] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfead8) returned 1 [0095.745] GetFileType (hFile=0x2b8) returned 0x1 [0095.745] WriteFile (in: hFile=0x2b8, lpBuffer=0x3e35fe8*, nNumberOfBytesToWrite=0x14d10, lpNumberOfBytesWritten=0xcfeb8c, lpOverlapped=0x0 | out: lpBuffer=0x3e35fe8*, lpNumberOfBytesWritten=0xcfeb8c*=0x14d10, lpOverlapped=0x0) returned 1 [0095.748] CloseHandle (hObject=0x2b8) returned 1 [0095.808] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\EASk6o6CF0e kL2L\\xQmghAcjXDckSt.odt", nBufferLength=0x105, lpBuffer=0xcfe6bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\EASk6o6CF0e kL2L\\xQmghAcjXDckSt.odt", lpFilePart=0x0) returned 0x3d [0095.808] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\EASk6o6CF0e kL2L\\xQmghAcjXDckSt.odt.shade8", nBufferLength=0x105, lpBuffer=0xcfe6bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\EASk6o6CF0e kL2L\\xQmghAcjXDckSt.odt.shade8", lpFilePart=0x0) returned 0x44 [0095.808] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeb70) returned 1 [0095.808] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\EASk6o6CF0e kL2L\\xQmghAcjXDckSt.odt" (normalized: "c:\\users\\fd1hvy\\documents\\eask6o6cf0e kl2l\\xqmghacjxdckst.odt"), fInfoLevelId=0x0, lpFileInformation=0xcfebec | out: lpFileInformation=0xcfebec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xefc3d320, ftCreationTime.dwHighDateTime=0x1d4d499, ftLastAccessTime.dwLowDateTime=0xa8437c40, ftLastAccessTime.dwHighDateTime=0x1d4c6f1, ftLastWriteTime.dwLowDateTime=0x81b52a3c, ftLastWriteTime.dwHighDateTime=0x1d57301, nFileSizeHigh=0x0, nFileSizeLow=0x14d10)) returned 1 [0095.809] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeb6c) returned 1 [0095.809] MoveFileW (lpExistingFileName="C:\\Users\\FD1HVy\\Documents\\EASk6o6CF0e kL2L\\xQmghAcjXDckSt.odt" (normalized: "c:\\users\\fd1hvy\\documents\\eask6o6cf0e kl2l\\xqmghacjxdckst.odt"), lpNewFileName="C:\\Users\\FD1HVy\\Documents\\EASk6o6CF0e kL2L\\xQmghAcjXDckSt.odt.shade8" (normalized: "c:\\users\\fd1hvy\\documents\\eask6o6cf0e kl2l\\xqmghacjxdckst.odt.shade8")) returned 1 [0095.809] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfebd0) returned 1 [0095.809] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\EASk6o6CF0e kL2L\\BZnu1veNVTy5ewM0", nBufferLength=0x105, lpBuffer=0xcfe684, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\EASk6o6CF0e kL2L\\BZnu1veNVTy5ewM0", lpFilePart=0x0) returned 0x3b [0095.809] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\EASk6o6CF0e kL2L\\BZnu1veNVTy5ewM0\\*", lpFindFileData=0xcfe8f8 | out: lpFindFileData=0xcfe8f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc9788f70, ftCreationTime.dwHighDateTime=0x1d4c603, ftLastAccessTime.dwLowDateTime=0xf49b3220, ftLastAccessTime.dwHighDateTime=0x1d4cd01, ftLastWriteTime.dwLowDateTime=0xf49b3220, ftLastWriteTime.dwHighDateTime=0x1d4cd01, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xfe67e0 [0095.810] FindNextFileW (in: hFindFile=0xfe67e0, lpFindFileData=0xcfe904 | out: lpFindFileData=0xcfe904*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc9788f70, ftCreationTime.dwHighDateTime=0x1d4c603, ftLastAccessTime.dwLowDateTime=0xf49b3220, ftLastAccessTime.dwHighDateTime=0x1d4cd01, ftLastWriteTime.dwLowDateTime=0xf49b3220, ftLastWriteTime.dwHighDateTime=0x1d4cd01, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0095.810] FindNextFileW (in: hFindFile=0xfe67e0, lpFindFileData=0xcfe904 | out: lpFindFileData=0xcfe904*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb7e9f5b0, ftCreationTime.dwHighDateTime=0x1d4cedb, ftLastAccessTime.dwLowDateTime=0x3d7abf80, ftLastAccessTime.dwHighDateTime=0x1d4d386, ftLastWriteTime.dwLowDateTime=0x3d7abf80, ftLastWriteTime.dwHighDateTime=0x1d4d386, nFileSizeHigh=0x0, nFileSizeLow=0x14f3a, dwReserved0=0x0, dwReserved1=0x0, cFileName="1xNULIT8.docx", cAlternateFileName="1XNULI~1.DOC")) returned 1 [0095.810] FindNextFileW (in: hFindFile=0xfe67e0, lpFindFileData=0xcfe904 | out: lpFindFileData=0xcfe904*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa8f92ac0, ftCreationTime.dwHighDateTime=0x1d4ce0f, ftLastAccessTime.dwLowDateTime=0xb40bfe10, ftLastAccessTime.dwHighDateTime=0x1d4c65d, ftLastWriteTime.dwLowDateTime=0xb40bfe10, ftLastWriteTime.dwHighDateTime=0x1d4c65d, nFileSizeHigh=0x0, nFileSizeLow=0x3f5f, dwReserved0=0x0, dwReserved1=0x0, cFileName="tj_hul_qLkbpy.xlsx", cAlternateFileName="TJ_HUL~1.XLS")) returned 1 [0095.810] FindNextFileW (in: hFindFile=0xfe67e0, lpFindFileData=0xcfe904 | out: lpFindFileData=0xcfe904*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xbc04fd0, ftCreationTime.dwHighDateTime=0x1d4cde3, ftLastAccessTime.dwLowDateTime=0xacb8f8e0, ftLastAccessTime.dwHighDateTime=0x1d4cb51, ftLastWriteTime.dwLowDateTime=0xacb8f8e0, ftLastWriteTime.dwHighDateTime=0x1d4cb51, nFileSizeHigh=0x0, nFileSizeLow=0x1398c, dwReserved0=0x0, dwReserved1=0x0, cFileName="tpFZbCSDUo9qaQQRzjfD.odp", cAlternateFileName="TPFZBC~1.ODP")) returned 1 [0095.810] FindNextFileW (in: hFindFile=0xfe67e0, lpFindFileData=0xcfe904 | out: lpFindFileData=0xcfe904*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0095.811] FindClose (in: hFindFile=0xfe67e0 | out: hFindFile=0xfe67e0) returned 1 [0095.811] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeb8c) returned 1 [0095.811] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeb98) returned 1 [0095.811] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfebd0) returned 1 [0095.811] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\EASk6o6CF0e kL2L\\BZnu1veNVTy5ewM0", nBufferLength=0x105, lpBuffer=0xcfe684, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\EASk6o6CF0e kL2L\\BZnu1veNVTy5ewM0", lpFilePart=0x0) returned 0x3b [0095.811] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\EASk6o6CF0e kL2L\\BZnu1veNVTy5ewM0\\*", lpFindFileData=0xcfe8f8 | out: lpFindFileData=0xcfe8f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc9788f70, ftCreationTime.dwHighDateTime=0x1d4c603, ftLastAccessTime.dwLowDateTime=0xf49b3220, ftLastAccessTime.dwHighDateTime=0x1d4cd01, ftLastWriteTime.dwLowDateTime=0xf49b3220, ftLastWriteTime.dwHighDateTime=0x1d4cd01, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xfe6a20 [0095.811] FindNextFileW (in: hFindFile=0xfe6a20, lpFindFileData=0xcfe904 | out: lpFindFileData=0xcfe904*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc9788f70, ftCreationTime.dwHighDateTime=0x1d4c603, ftLastAccessTime.dwLowDateTime=0xf49b3220, ftLastAccessTime.dwHighDateTime=0x1d4cd01, ftLastWriteTime.dwLowDateTime=0xf49b3220, ftLastWriteTime.dwHighDateTime=0x1d4cd01, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0095.812] FindNextFileW (in: hFindFile=0xfe6a20, lpFindFileData=0xcfe904 | out: lpFindFileData=0xcfe904*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb7e9f5b0, ftCreationTime.dwHighDateTime=0x1d4cedb, ftLastAccessTime.dwLowDateTime=0x3d7abf80, ftLastAccessTime.dwHighDateTime=0x1d4d386, ftLastWriteTime.dwLowDateTime=0x3d7abf80, ftLastWriteTime.dwHighDateTime=0x1d4d386, nFileSizeHigh=0x0, nFileSizeLow=0x14f3a, dwReserved0=0x0, dwReserved1=0x0, cFileName="1xNULIT8.docx", cAlternateFileName="1XNULI~1.DOC")) returned 1 [0095.812] FindNextFileW (in: hFindFile=0xfe6a20, lpFindFileData=0xcfe904 | out: lpFindFileData=0xcfe904*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa8f92ac0, ftCreationTime.dwHighDateTime=0x1d4ce0f, ftLastAccessTime.dwLowDateTime=0xb40bfe10, ftLastAccessTime.dwHighDateTime=0x1d4c65d, ftLastWriteTime.dwLowDateTime=0xb40bfe10, ftLastWriteTime.dwHighDateTime=0x1d4c65d, nFileSizeHigh=0x0, nFileSizeLow=0x3f5f, dwReserved0=0x0, dwReserved1=0x0, cFileName="tj_hul_qLkbpy.xlsx", cAlternateFileName="TJ_HUL~1.XLS")) returned 1 [0095.812] FindNextFileW (in: hFindFile=0xfe6a20, lpFindFileData=0xcfe904 | out: lpFindFileData=0xcfe904*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xbc04fd0, ftCreationTime.dwHighDateTime=0x1d4cde3, ftLastAccessTime.dwLowDateTime=0xacb8f8e0, ftLastAccessTime.dwHighDateTime=0x1d4cb51, ftLastWriteTime.dwLowDateTime=0xacb8f8e0, ftLastWriteTime.dwHighDateTime=0x1d4cb51, nFileSizeHigh=0x0, nFileSizeLow=0x1398c, dwReserved0=0x0, dwReserved1=0x0, cFileName="tpFZbCSDUo9qaQQRzjfD.odp", cAlternateFileName="TPFZBC~1.ODP")) returned 1 [0095.812] FindNextFileW (in: hFindFile=0xfe6a20, lpFindFileData=0xcfe904 | out: lpFindFileData=0xcfe904*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xbc04fd0, ftCreationTime.dwHighDateTime=0x1d4cde3, ftLastAccessTime.dwLowDateTime=0xacb8f8e0, ftLastAccessTime.dwHighDateTime=0x1d4cb51, ftLastWriteTime.dwLowDateTime=0xacb8f8e0, ftLastWriteTime.dwHighDateTime=0x1d4cb51, nFileSizeHigh=0x0, nFileSizeLow=0x1398c, dwReserved0=0x0, dwReserved1=0x0, cFileName="tpFZbCSDUo9qaQQRzjfD.odp", cAlternateFileName="TPFZBC~1.ODP")) returned 0 [0095.812] FindClose (in: hFindFile=0xfe6a20 | out: hFindFile=0xfe6a20) returned 1 [0095.812] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeb8c) returned 1 [0095.812] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeb98) returned 1 [0095.813] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\EASk6o6CF0e kL2L\\BZnu1veNVTy5ewM0\\1xNULIT8.docx", nBufferLength=0x105, lpBuffer=0xcfe538, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\EASk6o6CF0e kL2L\\BZnu1veNVTy5ewM0\\1xNULIT8.docx", lpFilePart=0x0) returned 0x49 [0095.813] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfea7c) returned 1 [0095.813] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Documents\\EASk6o6CF0e kL2L\\BZnu1veNVTy5ewM0\\1xNULIT8.docx" (normalized: "c:\\users\\fd1hvy\\documents\\eask6o6cf0e kl2l\\bznu1venvty5ewm0\\1xnulit8.docx"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2b8 [0095.813] GetFileType (hFile=0x2b8) returned 0x1 [0095.813] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfea78) returned 1 [0095.813] GetFileType (hFile=0x2b8) returned 0x1 [0095.813] GetFileSize (in: hFile=0x2b8, lpFileSizeHigh=0xcfeb78 | out: lpFileSizeHigh=0xcfeb78*=0x0) returned 0x14f3a [0095.813] ReadFile (in: hFile=0x2b8, lpBuffer=0x3e4ad18, nNumberOfBytesToRead=0x14f3a, lpNumberOfBytesRead=0xcfeb24, lpOverlapped=0x0 | out: lpBuffer=0x3e4ad18*, lpNumberOfBytesRead=0xcfeb24*=0x14f3a, lpOverlapped=0x0) returned 1 [0095.815] CloseHandle (hObject=0x2b8) returned 1 [0095.837] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", nBufferLength=0x105, lpBuffer=0xcfe63c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", lpFilePart=0x0) returned 0x2c [0095.837] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeaf0) returned 1 [0095.837] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8" (normalized: "c:\\users\\fd1hvy\\desktop\\read_this.txt.shade8"), fInfoLevelId=0x0, lpFileInformation=0xcfeb6c | out: lpFileInformation=0xcfeb6c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0095.837] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeaec) returned 1 [0095.837] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\EASk6o6CF0e kL2L\\BZnu1veNVTy5ewM0\\1xNULIT8.docx", nBufferLength=0x105, lpBuffer=0xcfe524, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\EASk6o6CF0e kL2L\\BZnu1veNVTy5ewM0\\1xNULIT8.docx", lpFilePart=0x0) returned 0x49 [0095.837] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfea68) returned 1 [0095.837] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Documents\\EASk6o6CF0e kL2L\\BZnu1veNVTy5ewM0\\1xNULIT8.docx" (normalized: "c:\\users\\fd1hvy\\documents\\eask6o6cf0e kl2l\\bznu1venvty5ewm0\\1xnulit8.docx"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2b8 [0095.839] GetFileType (hFile=0x2b8) returned 0x1 [0095.839] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfea64) returned 1 [0095.839] GetFileType (hFile=0x2b8) returned 0x1 [0095.839] WriteFile (in: hFile=0x2b8, lpBuffer=0x3eb3990*, nNumberOfBytesToWrite=0x14f40, lpNumberOfBytesWritten=0xcfeb18, lpOverlapped=0x0 | out: lpBuffer=0x3eb3990*, lpNumberOfBytesWritten=0xcfeb18*=0x14f40, lpOverlapped=0x0) returned 1 [0095.841] CloseHandle (hObject=0x2b8) returned 1 [0095.902] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\EASk6o6CF0e kL2L\\BZnu1veNVTy5ewM0\\1xNULIT8.docx", nBufferLength=0x105, lpBuffer=0xcfe648, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\EASk6o6CF0e kL2L\\BZnu1veNVTy5ewM0\\1xNULIT8.docx", lpFilePart=0x0) returned 0x49 [0095.902] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\EASk6o6CF0e kL2L\\BZnu1veNVTy5ewM0\\1xNULIT8.docx.shade8", nBufferLength=0x105, lpBuffer=0xcfe648, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\EASk6o6CF0e kL2L\\BZnu1veNVTy5ewM0\\1xNULIT8.docx.shade8", lpFilePart=0x0) returned 0x50 [0095.902] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeafc) returned 1 [0095.902] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\EASk6o6CF0e kL2L\\BZnu1veNVTy5ewM0\\1xNULIT8.docx" (normalized: "c:\\users\\fd1hvy\\documents\\eask6o6cf0e kl2l\\bznu1venvty5ewm0\\1xnulit8.docx"), fInfoLevelId=0x0, lpFileInformation=0xcfeb78 | out: lpFileInformation=0xcfeb78*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb7e9f5b0, ftCreationTime.dwHighDateTime=0x1d4cedb, ftLastAccessTime.dwLowDateTime=0x3d7abf80, ftLastAccessTime.dwHighDateTime=0x1d4d386, ftLastWriteTime.dwLowDateTime=0x81c377fd, ftLastWriteTime.dwHighDateTime=0x1d57301, nFileSizeHigh=0x0, nFileSizeLow=0x14f40)) returned 1 [0095.903] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeaf8) returned 1 [0095.903] MoveFileW (lpExistingFileName="C:\\Users\\FD1HVy\\Documents\\EASk6o6CF0e kL2L\\BZnu1veNVTy5ewM0\\1xNULIT8.docx" (normalized: "c:\\users\\fd1hvy\\documents\\eask6o6cf0e kl2l\\bznu1venvty5ewm0\\1xnulit8.docx"), lpNewFileName="C:\\Users\\FD1HVy\\Documents\\EASk6o6CF0e kL2L\\BZnu1veNVTy5ewM0\\1xNULIT8.docx.shade8" (normalized: "c:\\users\\fd1hvy\\documents\\eask6o6cf0e kl2l\\bznu1venvty5ewm0\\1xnulit8.docx.shade8")) returned 1 [0095.903] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\EASk6o6CF0e kL2L\\BZnu1veNVTy5ewM0\\tj_hul_qLkbpy.xlsx", nBufferLength=0x105, lpBuffer=0xcfe538, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\EASk6o6CF0e kL2L\\BZnu1veNVTy5ewM0\\tj_hul_qLkbpy.xlsx", lpFilePart=0x0) returned 0x4e [0095.903] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfea7c) returned 1 [0095.903] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Documents\\EASk6o6CF0e kL2L\\BZnu1veNVTy5ewM0\\tj_hul_qLkbpy.xlsx" (normalized: "c:\\users\\fd1hvy\\documents\\eask6o6cf0e kl2l\\bznu1venvty5ewm0\\tj_hul_qlkbpy.xlsx"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2b8 [0095.903] GetFileType (hFile=0x2b8) returned 0x1 [0095.903] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfea78) returned 1 [0095.904] GetFileType (hFile=0x2b8) returned 0x1 [0095.904] GetFileSize (in: hFile=0x2b8, lpFileSizeHigh=0xcfeb78 | out: lpFileSizeHigh=0xcfeb78*=0x0) returned 0x3f5f [0095.904] ReadFile (in: hFile=0x2b8, lpBuffer=0x2c8878c, nNumberOfBytesToRead=0x3f5f, lpNumberOfBytesRead=0xcfeb24, lpOverlapped=0x0 | out: lpBuffer=0x2c8878c*, lpNumberOfBytesRead=0xcfeb24*=0x3f5f, lpOverlapped=0x0) returned 1 [0095.904] CloseHandle (hObject=0x2b8) returned 1 [0095.919] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", nBufferLength=0x105, lpBuffer=0xcfe63c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", lpFilePart=0x0) returned 0x2c [0095.919] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeaf0) returned 1 [0095.920] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8" (normalized: "c:\\users\\fd1hvy\\desktop\\read_this.txt.shade8"), fInfoLevelId=0x0, lpFileInformation=0xcfeb6c | out: lpFileInformation=0xcfeb6c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0095.920] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeaec) returned 1 [0095.920] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\EASk6o6CF0e kL2L\\BZnu1veNVTy5ewM0\\tj_hul_qLkbpy.xlsx", nBufferLength=0x105, lpBuffer=0xcfe524, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\EASk6o6CF0e kL2L\\BZnu1veNVTy5ewM0\\tj_hul_qLkbpy.xlsx", lpFilePart=0x0) returned 0x4e [0095.920] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfea68) returned 1 [0095.920] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Documents\\EASk6o6CF0e kL2L\\BZnu1veNVTy5ewM0\\tj_hul_qLkbpy.xlsx" (normalized: "c:\\users\\fd1hvy\\documents\\eask6o6cf0e kl2l\\bznu1venvty5ewm0\\tj_hul_qlkbpy.xlsx"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2b8 [0095.921] GetFileType (hFile=0x2b8) returned 0x1 [0095.921] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfea64) returned 1 [0095.921] GetFileType (hFile=0x2b8) returned 0x1 [0095.921] WriteFile (in: hFile=0x2b8, lpBuffer=0x2ce9258*, nNumberOfBytesToWrite=0x3f60, lpNumberOfBytesWritten=0xcfeb18, lpOverlapped=0x0 | out: lpBuffer=0x2ce9258*, lpNumberOfBytesWritten=0xcfeb18*=0x3f60, lpOverlapped=0x0) returned 1 [0095.922] CloseHandle (hObject=0x2b8) returned 1 [0095.923] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\EASk6o6CF0e kL2L\\BZnu1veNVTy5ewM0\\tj_hul_qLkbpy.xlsx", nBufferLength=0x105, lpBuffer=0xcfe648, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\EASk6o6CF0e kL2L\\BZnu1veNVTy5ewM0\\tj_hul_qLkbpy.xlsx", lpFilePart=0x0) returned 0x4e [0095.923] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\EASk6o6CF0e kL2L\\BZnu1veNVTy5ewM0\\tj_hul_qLkbpy.xlsx.shade8", nBufferLength=0x105, lpBuffer=0xcfe648, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\EASk6o6CF0e kL2L\\BZnu1veNVTy5ewM0\\tj_hul_qLkbpy.xlsx.shade8", lpFilePart=0x0) returned 0x55 [0095.924] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeafc) returned 1 [0095.924] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\EASk6o6CF0e kL2L\\BZnu1veNVTy5ewM0\\tj_hul_qLkbpy.xlsx" (normalized: "c:\\users\\fd1hvy\\documents\\eask6o6cf0e kl2l\\bznu1venvty5ewm0\\tj_hul_qlkbpy.xlsx"), fInfoLevelId=0x0, lpFileInformation=0xcfeb78 | out: lpFileInformation=0xcfeb78*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa8f92ac0, ftCreationTime.dwHighDateTime=0x1d4ce0f, ftLastAccessTime.dwLowDateTime=0xb40bfe10, ftLastAccessTime.dwHighDateTime=0x1d4c65d, ftLastWriteTime.dwLowDateTime=0x81c83cc1, ftLastWriteTime.dwHighDateTime=0x1d57301, nFileSizeHigh=0x0, nFileSizeLow=0x3f60)) returned 1 [0095.924] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeaf8) returned 1 [0095.924] MoveFileW (lpExistingFileName="C:\\Users\\FD1HVy\\Documents\\EASk6o6CF0e kL2L\\BZnu1veNVTy5ewM0\\tj_hul_qLkbpy.xlsx" (normalized: "c:\\users\\fd1hvy\\documents\\eask6o6cf0e kl2l\\bznu1venvty5ewm0\\tj_hul_qlkbpy.xlsx"), lpNewFileName="C:\\Users\\FD1HVy\\Documents\\EASk6o6CF0e kL2L\\BZnu1veNVTy5ewM0\\tj_hul_qLkbpy.xlsx.shade8" (normalized: "c:\\users\\fd1hvy\\documents\\eask6o6cf0e kl2l\\bznu1venvty5ewm0\\tj_hul_qlkbpy.xlsx.shade8")) returned 1 [0095.924] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfebd0) returned 1 [0095.924] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\EASk6o6CF0e kL2L\\dwU1sWDrwwAwtXWPjN8E", nBufferLength=0x105, lpBuffer=0xcfe684, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\EASk6o6CF0e kL2L\\dwU1sWDrwwAwtXWPjN8E", lpFilePart=0x0) returned 0x3f [0095.924] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\EASk6o6CF0e kL2L\\dwU1sWDrwwAwtXWPjN8E\\*", lpFindFileData=0xcfe8f8 | out: lpFindFileData=0xcfe8f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x4339b1b0, ftCreationTime.dwHighDateTime=0x1d4c8b4, ftLastAccessTime.dwLowDateTime=0x9a70ff50, ftLastAccessTime.dwHighDateTime=0x1d4cb17, ftLastWriteTime.dwLowDateTime=0x9a70ff50, ftLastWriteTime.dwHighDateTime=0x1d4cb17, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xfe6a60 [0095.925] FindNextFileW (in: hFindFile=0xfe6a60, lpFindFileData=0xcfe904 | out: lpFindFileData=0xcfe904*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x4339b1b0, ftCreationTime.dwHighDateTime=0x1d4c8b4, ftLastAccessTime.dwLowDateTime=0x9a70ff50, ftLastAccessTime.dwHighDateTime=0x1d4cb17, ftLastWriteTime.dwLowDateTime=0x9a70ff50, ftLastWriteTime.dwHighDateTime=0x1d4cb17, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0095.925] FindNextFileW (in: hFindFile=0xfe6a60, lpFindFileData=0xcfe904 | out: lpFindFileData=0xcfe904*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9d14b0c0, ftCreationTime.dwHighDateTime=0x1d4c9a6, ftLastAccessTime.dwLowDateTime=0xbbe10090, ftLastAccessTime.dwHighDateTime=0x1d4cd06, ftLastWriteTime.dwLowDateTime=0xbbe10090, ftLastWriteTime.dwHighDateTime=0x1d4cd06, nFileSizeHigh=0x0, nFileSizeLow=0x155f3, dwReserved0=0x0, dwReserved1=0x0, cFileName="1rLLqRHdtcPWKpIg-.rtf", cAlternateFileName="1RLLQR~1.RTF")) returned 1 [0095.925] FindNextFileW (in: hFindFile=0xfe6a60, lpFindFileData=0xcfe904 | out: lpFindFileData=0xcfe904*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcc7b1620, ftCreationTime.dwHighDateTime=0x1d4c829, ftLastAccessTime.dwLowDateTime=0x5a2314b0, ftLastAccessTime.dwHighDateTime=0x1d4cfd1, ftLastWriteTime.dwLowDateTime=0x5a2314b0, ftLastWriteTime.dwHighDateTime=0x1d4cfd1, nFileSizeHigh=0x0, nFileSizeLow=0x10dea, dwReserved0=0x0, dwReserved1=0x0, cFileName="E2jqZ1hPuAZ9fkvPz_fp.xlsx", cAlternateFileName="E2JQZ1~1.XLS")) returned 1 [0095.925] FindNextFileW (in: hFindFile=0xfe6a60, lpFindFileData=0xcfe904 | out: lpFindFileData=0xcfe904*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf1e042a0, ftCreationTime.dwHighDateTime=0x1d4c9a5, ftLastAccessTime.dwLowDateTime=0xca238a80, ftLastAccessTime.dwHighDateTime=0x1d4d2fe, ftLastWriteTime.dwLowDateTime=0xca238a80, ftLastWriteTime.dwHighDateTime=0x1d4d2fe, nFileSizeHigh=0x0, nFileSizeLow=0x25e6, dwReserved0=0x0, dwReserved1=0x0, cFileName="hTOQeXyXkMxYLs2DOjmP.pptx", cAlternateFileName="HTOQEX~1.PPT")) returned 1 [0095.925] FindNextFileW (in: hFindFile=0xfe6a60, lpFindFileData=0xcfe904 | out: lpFindFileData=0xcfe904*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd36ad2d0, ftCreationTime.dwHighDateTime=0x1d4c7ad, ftLastAccessTime.dwLowDateTime=0x74147fe0, ftLastAccessTime.dwHighDateTime=0x1d4d5e3, ftLastWriteTime.dwLowDateTime=0x74147fe0, ftLastWriteTime.dwHighDateTime=0x1d4d5e3, nFileSizeHigh=0x0, nFileSizeLow=0x1492b, dwReserved0=0x0, dwReserved1=0x0, cFileName="j54pS.pptx", cAlternateFileName="J54PS~1.PPT")) returned 1 [0095.926] FindNextFileW (in: hFindFile=0xfe6a60, lpFindFileData=0xcfe904 | out: lpFindFileData=0xcfe904*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0095.926] FindClose (in: hFindFile=0xfe6a60 | out: hFindFile=0xfe6a60) returned 1 [0095.926] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeb8c) returned 1 [0095.926] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeb98) returned 1 [0095.926] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfebd0) returned 1 [0095.926] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\EASk6o6CF0e kL2L\\dwU1sWDrwwAwtXWPjN8E", nBufferLength=0x105, lpBuffer=0xcfe684, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\EASk6o6CF0e kL2L\\dwU1sWDrwwAwtXWPjN8E", lpFilePart=0x0) returned 0x3f [0095.926] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\EASk6o6CF0e kL2L\\dwU1sWDrwwAwtXWPjN8E\\*", lpFindFileData=0xcfe8f8 | out: lpFindFileData=0xcfe8f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x4339b1b0, ftCreationTime.dwHighDateTime=0x1d4c8b4, ftLastAccessTime.dwLowDateTime=0x9a70ff50, ftLastAccessTime.dwHighDateTime=0x1d4cb17, ftLastWriteTime.dwLowDateTime=0x9a70ff50, ftLastWriteTime.dwHighDateTime=0x1d4cb17, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xfe69a0 [0095.926] FindNextFileW (in: hFindFile=0xfe69a0, lpFindFileData=0xcfe904 | out: lpFindFileData=0xcfe904*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x4339b1b0, ftCreationTime.dwHighDateTime=0x1d4c8b4, ftLastAccessTime.dwLowDateTime=0x9a70ff50, ftLastAccessTime.dwHighDateTime=0x1d4cb17, ftLastWriteTime.dwLowDateTime=0x9a70ff50, ftLastWriteTime.dwHighDateTime=0x1d4cb17, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0095.926] FindNextFileW (in: hFindFile=0xfe69a0, lpFindFileData=0xcfe904 | out: lpFindFileData=0xcfe904*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9d14b0c0, ftCreationTime.dwHighDateTime=0x1d4c9a6, ftLastAccessTime.dwLowDateTime=0xbbe10090, ftLastAccessTime.dwHighDateTime=0x1d4cd06, ftLastWriteTime.dwLowDateTime=0xbbe10090, ftLastWriteTime.dwHighDateTime=0x1d4cd06, nFileSizeHigh=0x0, nFileSizeLow=0x155f3, dwReserved0=0x0, dwReserved1=0x0, cFileName="1rLLqRHdtcPWKpIg-.rtf", cAlternateFileName="1RLLQR~1.RTF")) returned 1 [0095.927] FindNextFileW (in: hFindFile=0xfe69a0, lpFindFileData=0xcfe904 | out: lpFindFileData=0xcfe904*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcc7b1620, ftCreationTime.dwHighDateTime=0x1d4c829, ftLastAccessTime.dwLowDateTime=0x5a2314b0, ftLastAccessTime.dwHighDateTime=0x1d4cfd1, ftLastWriteTime.dwLowDateTime=0x5a2314b0, ftLastWriteTime.dwHighDateTime=0x1d4cfd1, nFileSizeHigh=0x0, nFileSizeLow=0x10dea, dwReserved0=0x0, dwReserved1=0x0, cFileName="E2jqZ1hPuAZ9fkvPz_fp.xlsx", cAlternateFileName="E2JQZ1~1.XLS")) returned 1 [0095.927] FindNextFileW (in: hFindFile=0xfe69a0, lpFindFileData=0xcfe904 | out: lpFindFileData=0xcfe904*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf1e042a0, ftCreationTime.dwHighDateTime=0x1d4c9a5, ftLastAccessTime.dwLowDateTime=0xca238a80, ftLastAccessTime.dwHighDateTime=0x1d4d2fe, ftLastWriteTime.dwLowDateTime=0xca238a80, ftLastWriteTime.dwHighDateTime=0x1d4d2fe, nFileSizeHigh=0x0, nFileSizeLow=0x25e6, dwReserved0=0x0, dwReserved1=0x0, cFileName="hTOQeXyXkMxYLs2DOjmP.pptx", cAlternateFileName="HTOQEX~1.PPT")) returned 1 [0095.927] FindNextFileW (in: hFindFile=0xfe69a0, lpFindFileData=0xcfe904 | out: lpFindFileData=0xcfe904*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd36ad2d0, ftCreationTime.dwHighDateTime=0x1d4c7ad, ftLastAccessTime.dwLowDateTime=0x74147fe0, ftLastAccessTime.dwHighDateTime=0x1d4d5e3, ftLastWriteTime.dwLowDateTime=0x74147fe0, ftLastWriteTime.dwHighDateTime=0x1d4d5e3, nFileSizeHigh=0x0, nFileSizeLow=0x1492b, dwReserved0=0x0, dwReserved1=0x0, cFileName="j54pS.pptx", cAlternateFileName="J54PS~1.PPT")) returned 1 [0095.927] FindNextFileW (in: hFindFile=0xfe69a0, lpFindFileData=0xcfe904 | out: lpFindFileData=0xcfe904*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd36ad2d0, ftCreationTime.dwHighDateTime=0x1d4c7ad, ftLastAccessTime.dwLowDateTime=0x74147fe0, ftLastAccessTime.dwHighDateTime=0x1d4d5e3, ftLastWriteTime.dwLowDateTime=0x74147fe0, ftLastWriteTime.dwHighDateTime=0x1d4d5e3, nFileSizeHigh=0x0, nFileSizeLow=0x1492b, dwReserved0=0x0, dwReserved1=0x0, cFileName="j54pS.pptx", cAlternateFileName="J54PS~1.PPT")) returned 0 [0095.927] FindClose (in: hFindFile=0xfe69a0 | out: hFindFile=0xfe69a0) returned 1 [0095.928] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeb8c) returned 1 [0095.928] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeb98) returned 1 [0095.928] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\EASk6o6CF0e kL2L\\dwU1sWDrwwAwtXWPjN8E\\1rLLqRHdtcPWKpIg-.rtf", nBufferLength=0x105, lpBuffer=0xcfe538, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\EASk6o6CF0e kL2L\\dwU1sWDrwwAwtXWPjN8E\\1rLLqRHdtcPWKpIg-.rtf", lpFilePart=0x0) returned 0x55 [0095.928] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfea7c) returned 1 [0095.928] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Documents\\EASk6o6CF0e kL2L\\dwU1sWDrwwAwtXWPjN8E\\1rLLqRHdtcPWKpIg-.rtf" (normalized: "c:\\users\\fd1hvy\\documents\\eask6o6cf0e kl2l\\dwu1swdrwwawtxwpjn8e\\1rllqrhdtcpwkpig-.rtf"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2b8 [0095.928] GetFileType (hFile=0x2b8) returned 0x1 [0095.928] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfea78) returned 1 [0095.928] GetFileType (hFile=0x2b8) returned 0x1 [0095.928] GetFileSize (in: hFile=0x2b8, lpFileSizeHigh=0xcfeb78 | out: lpFileSizeHigh=0xcfeb78*=0x0) returned 0x155f3 [0095.929] ReadFile (in: hFile=0x2b8, lpBuffer=0x3ec88f0, nNumberOfBytesToRead=0x155f3, lpNumberOfBytesRead=0xcfeb24, lpOverlapped=0x0 | out: lpBuffer=0x3ec88f0*, lpNumberOfBytesRead=0xcfeb24*=0x155f3, lpOverlapped=0x0) returned 1 [0095.930] CloseHandle (hObject=0x2b8) returned 1 [0096.128] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", nBufferLength=0x105, lpBuffer=0xcfe63c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", lpFilePart=0x0) returned 0x2c [0096.128] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeaf0) returned 1 [0096.128] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8" (normalized: "c:\\users\\fd1hvy\\desktop\\read_this.txt.shade8"), fInfoLevelId=0x0, lpFileInformation=0xcfeb6c | out: lpFileInformation=0xcfeb6c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0096.128] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeaec) returned 1 [0096.128] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\EASk6o6CF0e kL2L\\dwU1sWDrwwAwtXWPjN8E\\1rLLqRHdtcPWKpIg-.rtf", nBufferLength=0x105, lpBuffer=0xcfe524, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\EASk6o6CF0e kL2L\\dwU1sWDrwwAwtXWPjN8E\\1rLLqRHdtcPWKpIg-.rtf", lpFilePart=0x0) returned 0x55 [0096.128] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfea68) returned 1 [0096.128] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Documents\\EASk6o6CF0e kL2L\\dwU1sWDrwwAwtXWPjN8E\\1rLLqRHdtcPWKpIg-.rtf" (normalized: "c:\\users\\fd1hvy\\documents\\eask6o6cf0e kl2l\\dwu1swdrwwawtxwpjn8e\\1rllqrhdtcpwkpig-.rtf"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2b8 [0096.130] GetFileType (hFile=0x2b8) returned 0x1 [0096.130] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfea64) returned 1 [0096.130] GetFileType (hFile=0x2b8) returned 0x1 [0096.130] WriteFile (in: hFile=0x2b8, lpBuffer=0x3c229f8*, nNumberOfBytesToWrite=0x15600, lpNumberOfBytesWritten=0xcfeb18, lpOverlapped=0x0 | out: lpBuffer=0x3c229f8*, lpNumberOfBytesWritten=0xcfeb18*=0x15600, lpOverlapped=0x0) returned 1 [0096.132] CloseHandle (hObject=0x2b8) returned 1 [0096.134] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\EASk6o6CF0e kL2L\\dwU1sWDrwwAwtXWPjN8E\\1rLLqRHdtcPWKpIg-.rtf", nBufferLength=0x105, lpBuffer=0xcfe648, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\EASk6o6CF0e kL2L\\dwU1sWDrwwAwtXWPjN8E\\1rLLqRHdtcPWKpIg-.rtf", lpFilePart=0x0) returned 0x55 [0096.134] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\EASk6o6CF0e kL2L\\dwU1sWDrwwAwtXWPjN8E\\1rLLqRHdtcPWKpIg-.rtf.shade8", nBufferLength=0x105, lpBuffer=0xcfe648, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\EASk6o6CF0e kL2L\\dwU1sWDrwwAwtXWPjN8E\\1rLLqRHdtcPWKpIg-.rtf.shade8", lpFilePart=0x0) returned 0x5c [0096.135] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeafc) returned 1 [0096.135] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\EASk6o6CF0e kL2L\\dwU1sWDrwwAwtXWPjN8E\\1rLLqRHdtcPWKpIg-.rtf" (normalized: "c:\\users\\fd1hvy\\documents\\eask6o6cf0e kl2l\\dwu1swdrwwawtxwpjn8e\\1rllqrhdtcpwkpig-.rtf"), fInfoLevelId=0x0, lpFileInformation=0xcfeb78 | out: lpFileInformation=0xcfeb78*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9d14b0c0, ftCreationTime.dwHighDateTime=0x1d4c9a6, ftLastAccessTime.dwLowDateTime=0xbbe10090, ftLastAccessTime.dwHighDateTime=0x1d4cd06, ftLastWriteTime.dwLowDateTime=0x81e73c7d, ftLastWriteTime.dwHighDateTime=0x1d57301, nFileSizeHigh=0x0, nFileSizeLow=0x15600)) returned 1 [0096.135] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeaf8) returned 1 [0096.135] MoveFileW (lpExistingFileName="C:\\Users\\FD1HVy\\Documents\\EASk6o6CF0e kL2L\\dwU1sWDrwwAwtXWPjN8E\\1rLLqRHdtcPWKpIg-.rtf" (normalized: "c:\\users\\fd1hvy\\documents\\eask6o6cf0e kl2l\\dwu1swdrwwawtxwpjn8e\\1rllqrhdtcpwkpig-.rtf"), lpNewFileName="C:\\Users\\FD1HVy\\Documents\\EASk6o6CF0e kL2L\\dwU1sWDrwwAwtXWPjN8E\\1rLLqRHdtcPWKpIg-.rtf.shade8" (normalized: "c:\\users\\fd1hvy\\documents\\eask6o6cf0e kl2l\\dwu1swdrwwawtxwpjn8e\\1rllqrhdtcpwkpig-.rtf.shade8")) returned 1 [0096.135] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\EASk6o6CF0e kL2L\\dwU1sWDrwwAwtXWPjN8E\\E2jqZ1hPuAZ9fkvPz_fp.xlsx", nBufferLength=0x105, lpBuffer=0xcfe538, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\EASk6o6CF0e kL2L\\dwU1sWDrwwAwtXWPjN8E\\E2jqZ1hPuAZ9fkvPz_fp.xlsx", lpFilePart=0x0) returned 0x59 [0096.135] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfea7c) returned 1 [0096.135] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Documents\\EASk6o6CF0e kL2L\\dwU1sWDrwwAwtXWPjN8E\\E2jqZ1hPuAZ9fkvPz_fp.xlsx" (normalized: "c:\\users\\fd1hvy\\documents\\eask6o6cf0e kl2l\\dwu1swdrwwawtxwpjn8e\\e2jqz1hpuaz9fkvpz_fp.xlsx"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2b8 [0096.136] GetFileType (hFile=0x2b8) returned 0x1 [0096.136] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfea78) returned 1 [0096.136] GetFileType (hFile=0x2b8) returned 0x1 [0096.136] GetFileSize (in: hFile=0x2b8, lpFileSizeHigh=0xcfeb78 | out: lpFileSizeHigh=0xcfeb78*=0x0) returned 0x10dea [0096.136] ReadFile (in: hFile=0x2b8, lpBuffer=0x2bcd088, nNumberOfBytesToRead=0x10dea, lpNumberOfBytesRead=0xcfeb24, lpOverlapped=0x0 | out: lpBuffer=0x2bcd088*, lpNumberOfBytesRead=0xcfeb24*=0x10dea, lpOverlapped=0x0) returned 1 [0096.136] CloseHandle (hObject=0x2b8) returned 1 [0096.242] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", nBufferLength=0x105, lpBuffer=0xcfe63c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", lpFilePart=0x0) returned 0x2c [0096.243] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeaf0) returned 1 [0096.243] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8" (normalized: "c:\\users\\fd1hvy\\desktop\\read_this.txt.shade8"), fInfoLevelId=0x0, lpFileInformation=0xcfeb6c | out: lpFileInformation=0xcfeb6c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0096.243] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeaec) returned 1 [0096.243] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\EASk6o6CF0e kL2L\\dwU1sWDrwwAwtXWPjN8E\\E2jqZ1hPuAZ9fkvPz_fp.xlsx", nBufferLength=0x105, lpBuffer=0xcfe524, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\EASk6o6CF0e kL2L\\dwU1sWDrwwAwtXWPjN8E\\E2jqZ1hPuAZ9fkvPz_fp.xlsx", lpFilePart=0x0) returned 0x59 [0096.243] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfea68) returned 1 [0096.243] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Documents\\EASk6o6CF0e kL2L\\dwU1sWDrwwAwtXWPjN8E\\E2jqZ1hPuAZ9fkvPz_fp.xlsx" (normalized: "c:\\users\\fd1hvy\\documents\\eask6o6cf0e kl2l\\dwu1swdrwwawtxwpjn8e\\e2jqz1hpuaz9fkvpz_fp.xlsx"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2b8 [0096.244] GetFileType (hFile=0x2b8) returned 0x1 [0096.244] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfea64) returned 1 [0096.245] GetFileType (hFile=0x2b8) returned 0x1 [0096.245] WriteFile (in: hFile=0x2b8, lpBuffer=0x2c4c9b4*, nNumberOfBytesToWrite=0x10df0, lpNumberOfBytesWritten=0xcfeb18, lpOverlapped=0x0 | out: lpBuffer=0x2c4c9b4*, lpNumberOfBytesWritten=0xcfeb18*=0x10df0, lpOverlapped=0x0) returned 1 [0096.247] CloseHandle (hObject=0x2b8) returned 1 [0096.281] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\EASk6o6CF0e kL2L\\dwU1sWDrwwAwtXWPjN8E\\E2jqZ1hPuAZ9fkvPz_fp.xlsx", nBufferLength=0x105, lpBuffer=0xcfe648, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\EASk6o6CF0e kL2L\\dwU1sWDrwwAwtXWPjN8E\\E2jqZ1hPuAZ9fkvPz_fp.xlsx", lpFilePart=0x0) returned 0x59 [0096.282] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\EASk6o6CF0e kL2L\\dwU1sWDrwwAwtXWPjN8E\\E2jqZ1hPuAZ9fkvPz_fp.xlsx.shade8", nBufferLength=0x105, lpBuffer=0xcfe648, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\EASk6o6CF0e kL2L\\dwU1sWDrwwAwtXWPjN8E\\E2jqZ1hPuAZ9fkvPz_fp.xlsx.shade8", lpFilePart=0x0) returned 0x60 [0096.282] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeafc) returned 1 [0096.282] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\EASk6o6CF0e kL2L\\dwU1sWDrwwAwtXWPjN8E\\E2jqZ1hPuAZ9fkvPz_fp.xlsx" (normalized: "c:\\users\\fd1hvy\\documents\\eask6o6cf0e kl2l\\dwu1swdrwwawtxwpjn8e\\e2jqz1hpuaz9fkvpz_fp.xlsx"), fInfoLevelId=0x0, lpFileInformation=0xcfeb78 | out: lpFileInformation=0xcfeb78*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcc7b1620, ftCreationTime.dwHighDateTime=0x1d4c829, ftLastAccessTime.dwLowDateTime=0x5a2314b0, ftLastAccessTime.dwHighDateTime=0x1d4cfd1, ftLastWriteTime.dwLowDateTime=0x81ff13eb, ftLastWriteTime.dwHighDateTime=0x1d57301, nFileSizeHigh=0x0, nFileSizeLow=0x10df0)) returned 1 [0096.282] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeaf8) returned 1 [0096.282] MoveFileW (lpExistingFileName="C:\\Users\\FD1HVy\\Documents\\EASk6o6CF0e kL2L\\dwU1sWDrwwAwtXWPjN8E\\E2jqZ1hPuAZ9fkvPz_fp.xlsx" (normalized: "c:\\users\\fd1hvy\\documents\\eask6o6cf0e kl2l\\dwu1swdrwwawtxwpjn8e\\e2jqz1hpuaz9fkvpz_fp.xlsx"), lpNewFileName="C:\\Users\\FD1HVy\\Documents\\EASk6o6CF0e kL2L\\dwU1sWDrwwAwtXWPjN8E\\E2jqZ1hPuAZ9fkvPz_fp.xlsx.shade8" (normalized: "c:\\users\\fd1hvy\\documents\\eask6o6cf0e kl2l\\dwu1swdrwwawtxwpjn8e\\e2jqz1hpuaz9fkvpz_fp.xlsx.shade8")) returned 1 [0096.283] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\EASk6o6CF0e kL2L\\dwU1sWDrwwAwtXWPjN8E\\hTOQeXyXkMxYLs2DOjmP.pptx", nBufferLength=0x105, lpBuffer=0xcfe538, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\EASk6o6CF0e kL2L\\dwU1sWDrwwAwtXWPjN8E\\hTOQeXyXkMxYLs2DOjmP.pptx", lpFilePart=0x0) returned 0x59 [0096.283] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfea7c) returned 1 [0096.283] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Documents\\EASk6o6CF0e kL2L\\dwU1sWDrwwAwtXWPjN8E\\hTOQeXyXkMxYLs2DOjmP.pptx" (normalized: "c:\\users\\fd1hvy\\documents\\eask6o6cf0e kl2l\\dwu1swdrwwawtxwpjn8e\\htoqexyxkmxyls2dojmp.pptx"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2b8 [0096.283] GetFileType (hFile=0x2b8) returned 0x1 [0096.283] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfea78) returned 1 [0096.283] GetFileType (hFile=0x2b8) returned 0x1 [0096.283] GetFileSize (in: hFile=0x2b8, lpFileSizeHigh=0xcfeb78 | out: lpFileSizeHigh=0xcfeb78*=0x0) returned 0x25e6 [0096.283] ReadFile (in: hFile=0x2b8, lpBuffer=0x2c5de10, nNumberOfBytesToRead=0x25e6, lpNumberOfBytesRead=0xcfeb24, lpOverlapped=0x0 | out: lpBuffer=0x2c5de10*, lpNumberOfBytesRead=0xcfeb24*=0x25e6, lpOverlapped=0x0) returned 1 [0096.283] CloseHandle (hObject=0x2b8) returned 1 [0096.299] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", nBufferLength=0x105, lpBuffer=0xcfe63c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", lpFilePart=0x0) returned 0x2c [0096.299] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeaf0) returned 1 [0096.299] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8" (normalized: "c:\\users\\fd1hvy\\desktop\\read_this.txt.shade8"), fInfoLevelId=0x0, lpFileInformation=0xcfeb6c | out: lpFileInformation=0xcfeb6c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0096.299] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeaec) returned 1 [0096.299] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\EASk6o6CF0e kL2L\\dwU1sWDrwwAwtXWPjN8E\\hTOQeXyXkMxYLs2DOjmP.pptx", nBufferLength=0x105, lpBuffer=0xcfe524, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\EASk6o6CF0e kL2L\\dwU1sWDrwwAwtXWPjN8E\\hTOQeXyXkMxYLs2DOjmP.pptx", lpFilePart=0x0) returned 0x59 [0096.299] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfea68) returned 1 [0096.299] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Documents\\EASk6o6CF0e kL2L\\dwU1sWDrwwAwtXWPjN8E\\hTOQeXyXkMxYLs2DOjmP.pptx" (normalized: "c:\\users\\fd1hvy\\documents\\eask6o6cf0e kl2l\\dwu1swdrwwawtxwpjn8e\\htoqexyxkmxyls2dojmp.pptx"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2b8 [0096.300] GetFileType (hFile=0x2b8) returned 0x1 [0096.300] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfea64) returned 1 [0096.300] GetFileType (hFile=0x2b8) returned 0x1 [0096.300] WriteFile (in: hFile=0x2b8, lpBuffer=0x2cb69ac*, nNumberOfBytesToWrite=0x25f0, lpNumberOfBytesWritten=0xcfeb18, lpOverlapped=0x0 | out: lpBuffer=0x2cb69ac*, lpNumberOfBytesWritten=0xcfeb18*=0x25f0, lpOverlapped=0x0) returned 1 [0096.301] CloseHandle (hObject=0x2b8) returned 1 [0096.302] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\EASk6o6CF0e kL2L\\dwU1sWDrwwAwtXWPjN8E\\hTOQeXyXkMxYLs2DOjmP.pptx", nBufferLength=0x105, lpBuffer=0xcfe648, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\EASk6o6CF0e kL2L\\dwU1sWDrwwAwtXWPjN8E\\hTOQeXyXkMxYLs2DOjmP.pptx", lpFilePart=0x0) returned 0x59 [0096.302] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\EASk6o6CF0e kL2L\\dwU1sWDrwwAwtXWPjN8E\\hTOQeXyXkMxYLs2DOjmP.pptx.shade8", nBufferLength=0x105, lpBuffer=0xcfe648, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\EASk6o6CF0e kL2L\\dwU1sWDrwwAwtXWPjN8E\\hTOQeXyXkMxYLs2DOjmP.pptx.shade8", lpFilePart=0x0) returned 0x60 [0096.302] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeafc) returned 1 [0096.302] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\EASk6o6CF0e kL2L\\dwU1sWDrwwAwtXWPjN8E\\hTOQeXyXkMxYLs2DOjmP.pptx" (normalized: "c:\\users\\fd1hvy\\documents\\eask6o6cf0e kl2l\\dwu1swdrwwawtxwpjn8e\\htoqexyxkmxyls2dojmp.pptx"), fInfoLevelId=0x0, lpFileInformation=0xcfeb78 | out: lpFileInformation=0xcfeb78*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf1e042a0, ftCreationTime.dwHighDateTime=0x1d4c9a5, ftLastAccessTime.dwLowDateTime=0xca238a80, ftLastAccessTime.dwHighDateTime=0x1d4d2fe, ftLastWriteTime.dwLowDateTime=0x8201761d, ftLastWriteTime.dwHighDateTime=0x1d57301, nFileSizeHigh=0x0, nFileSizeLow=0x25f0)) returned 1 [0096.303] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeaf8) returned 1 [0096.303] MoveFileW (lpExistingFileName="C:\\Users\\FD1HVy\\Documents\\EASk6o6CF0e kL2L\\dwU1sWDrwwAwtXWPjN8E\\hTOQeXyXkMxYLs2DOjmP.pptx" (normalized: "c:\\users\\fd1hvy\\documents\\eask6o6cf0e kl2l\\dwu1swdrwwawtxwpjn8e\\htoqexyxkmxyls2dojmp.pptx"), lpNewFileName="C:\\Users\\FD1HVy\\Documents\\EASk6o6CF0e kL2L\\dwU1sWDrwwAwtXWPjN8E\\hTOQeXyXkMxYLs2DOjmP.pptx.shade8" (normalized: "c:\\users\\fd1hvy\\documents\\eask6o6cf0e kl2l\\dwu1swdrwwawtxwpjn8e\\htoqexyxkmxyls2dojmp.pptx.shade8")) returned 1 [0096.303] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\EASk6o6CF0e kL2L\\dwU1sWDrwwAwtXWPjN8E\\j54pS.pptx", nBufferLength=0x105, lpBuffer=0xcfe538, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\EASk6o6CF0e kL2L\\dwU1sWDrwwAwtXWPjN8E\\j54pS.pptx", lpFilePart=0x0) returned 0x4a [0096.303] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfea7c) returned 1 [0096.303] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Documents\\EASk6o6CF0e kL2L\\dwU1sWDrwwAwtXWPjN8E\\j54pS.pptx" (normalized: "c:\\users\\fd1hvy\\documents\\eask6o6cf0e kl2l\\dwu1swdrwwawtxwpjn8e\\j54ps.pptx"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2b8 [0096.303] GetFileType (hFile=0x2b8) returned 0x1 [0096.303] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfea78) returned 1 [0096.303] GetFileType (hFile=0x2b8) returned 0x1 [0096.304] GetFileSize (in: hFile=0x2b8, lpFileSizeHigh=0xcfeb78 | out: lpFileSizeHigh=0xcfeb78*=0x0) returned 0x1492b [0096.304] ReadFile (in: hFile=0x2b8, lpBuffer=0x2cb95d0, nNumberOfBytesToRead=0x1492b, lpNumberOfBytesRead=0xcfeb24, lpOverlapped=0x0 | out: lpBuffer=0x2cb95d0*, lpNumberOfBytesRead=0xcfeb24*=0x1492b, lpOverlapped=0x0) returned 1 [0096.304] CloseHandle (hObject=0x2b8) returned 1 [0096.322] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", nBufferLength=0x105, lpBuffer=0xcfe63c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", lpFilePart=0x0) returned 0x2c [0096.322] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeaf0) returned 1 [0096.322] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8" (normalized: "c:\\users\\fd1hvy\\desktop\\read_this.txt.shade8"), fInfoLevelId=0x0, lpFileInformation=0xcfeb6c | out: lpFileInformation=0xcfeb6c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0096.322] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeaec) returned 1 [0096.322] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\EASk6o6CF0e kL2L\\dwU1sWDrwwAwtXWPjN8E\\j54pS.pptx", nBufferLength=0x105, lpBuffer=0xcfe524, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\EASk6o6CF0e kL2L\\dwU1sWDrwwAwtXWPjN8E\\j54pS.pptx", lpFilePart=0x0) returned 0x4a [0096.322] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfea68) returned 1 [0096.322] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Documents\\EASk6o6CF0e kL2L\\dwU1sWDrwwAwtXWPjN8E\\j54pS.pptx" (normalized: "c:\\users\\fd1hvy\\documents\\eask6o6cf0e kl2l\\dwu1swdrwwawtxwpjn8e\\j54ps.pptx"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2b8 [0096.323] GetFileType (hFile=0x2b8) returned 0x1 [0096.324] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfea64) returned 1 [0096.324] GetFileType (hFile=0x2b8) returned 0x1 [0096.324] WriteFile (in: hFile=0x2b8, lpBuffer=0x2d43f60*, nNumberOfBytesToWrite=0x14930, lpNumberOfBytesWritten=0xcfeb18, lpOverlapped=0x0 | out: lpBuffer=0x2d43f60*, lpNumberOfBytesWritten=0xcfeb18*=0x14930, lpOverlapped=0x0) returned 1 [0096.326] CloseHandle (hObject=0x2b8) returned 1 [0096.382] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\EASk6o6CF0e kL2L\\dwU1sWDrwwAwtXWPjN8E\\j54pS.pptx", nBufferLength=0x105, lpBuffer=0xcfe648, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\EASk6o6CF0e kL2L\\dwU1sWDrwwAwtXWPjN8E\\j54pS.pptx", lpFilePart=0x0) returned 0x4a [0096.382] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\EASk6o6CF0e kL2L\\dwU1sWDrwwAwtXWPjN8E\\j54pS.pptx.shade8", nBufferLength=0x105, lpBuffer=0xcfe648, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\EASk6o6CF0e kL2L\\dwU1sWDrwwAwtXWPjN8E\\j54pS.pptx.shade8", lpFilePart=0x0) returned 0x51 [0096.382] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeafc) returned 1 [0096.382] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\EASk6o6CF0e kL2L\\dwU1sWDrwwAwtXWPjN8E\\j54pS.pptx" (normalized: "c:\\users\\fd1hvy\\documents\\eask6o6cf0e kl2l\\dwu1swdrwwawtxwpjn8e\\j54ps.pptx"), fInfoLevelId=0x0, lpFileInformation=0xcfeb78 | out: lpFileInformation=0xcfeb78*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd36ad2d0, ftCreationTime.dwHighDateTime=0x1d4c7ad, ftLastAccessTime.dwLowDateTime=0x74147fe0, ftLastAccessTime.dwHighDateTime=0x1d4d5e3, ftLastWriteTime.dwLowDateTime=0x820dd16a, ftLastWriteTime.dwHighDateTime=0x1d57301, nFileSizeHigh=0x0, nFileSizeLow=0x14930)) returned 1 [0096.382] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeaf8) returned 1 [0096.382] MoveFileW (lpExistingFileName="C:\\Users\\FD1HVy\\Documents\\EASk6o6CF0e kL2L\\dwU1sWDrwwAwtXWPjN8E\\j54pS.pptx" (normalized: "c:\\users\\fd1hvy\\documents\\eask6o6cf0e kl2l\\dwu1swdrwwawtxwpjn8e\\j54ps.pptx"), lpNewFileName="C:\\Users\\FD1HVy\\Documents\\EASk6o6CF0e kL2L\\dwU1sWDrwwAwtXWPjN8E\\j54pS.pptx.shade8" (normalized: "c:\\users\\fd1hvy\\documents\\eask6o6cf0e kl2l\\dwu1swdrwwawtxwpjn8e\\j54ps.pptx.shade8")) returned 1 [0096.383] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfebd0) returned 1 [0096.383] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\EASk6o6CF0e kL2L\\wJpBbkO-ZoXM", nBufferLength=0x105, lpBuffer=0xcfe684, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\EASk6o6CF0e kL2L\\wJpBbkO-ZoXM", lpFilePart=0x0) returned 0x37 [0096.383] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\EASk6o6CF0e kL2L\\wJpBbkO-ZoXM\\*", lpFindFileData=0xcfe8f8 | out: lpFindFileData=0xcfe8f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x53179580, ftCreationTime.dwHighDateTime=0x1d4cf43, ftLastAccessTime.dwLowDateTime=0xf4b83c50, ftLastAccessTime.dwHighDateTime=0x1d4cd8b, ftLastWriteTime.dwLowDateTime=0xf4b83c50, ftLastWriteTime.dwHighDateTime=0x1d4cd8b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xfe69a0 [0096.383] FindNextFileW (in: hFindFile=0xfe69a0, lpFindFileData=0xcfe904 | out: lpFindFileData=0xcfe904*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x53179580, ftCreationTime.dwHighDateTime=0x1d4cf43, ftLastAccessTime.dwLowDateTime=0xf4b83c50, ftLastAccessTime.dwHighDateTime=0x1d4cd8b, ftLastWriteTime.dwLowDateTime=0xf4b83c50, ftLastWriteTime.dwHighDateTime=0x1d4cd8b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0096.383] FindNextFileW (in: hFindFile=0xfe69a0, lpFindFileData=0xcfe904 | out: lpFindFileData=0xcfe904*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x983b9a40, ftCreationTime.dwHighDateTime=0x1d4c59c, ftLastAccessTime.dwLowDateTime=0x53103940, ftLastAccessTime.dwHighDateTime=0x1d4c8f2, ftLastWriteTime.dwLowDateTime=0x53103940, ftLastWriteTime.dwHighDateTime=0x1d4c8f2, nFileSizeHigh=0x0, nFileSizeLow=0x8cff, dwReserved0=0x0, dwReserved1=0x0, cFileName="DKBSIs0RzHs4awqD.xlsx", cAlternateFileName="DKBSIS~1.XLS")) returned 1 [0096.384] FindNextFileW (in: hFindFile=0xfe69a0, lpFindFileData=0xcfe904 | out: lpFindFileData=0xcfe904*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x93e95730, ftCreationTime.dwHighDateTime=0x1d4c9ba, ftLastAccessTime.dwLowDateTime=0xf48d83b0, ftLastAccessTime.dwHighDateTime=0x1d4d179, ftLastWriteTime.dwLowDateTime=0xf48d83b0, ftLastWriteTime.dwHighDateTime=0x1d4d179, nFileSizeHigh=0x0, nFileSizeLow=0x5c35, dwReserved0=0x0, dwReserved1=0x0, cFileName="G0s5gRTbdhtMVv.pdf", cAlternateFileName="G0S5GR~1.PDF")) returned 1 [0096.384] FindNextFileW (in: hFindFile=0xfe69a0, lpFindFileData=0xcfe904 | out: lpFindFileData=0xcfe904*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x449dea70, ftCreationTime.dwHighDateTime=0x1d4d319, ftLastAccessTime.dwLowDateTime=0x8909dd0, ftLastAccessTime.dwHighDateTime=0x1d4c70b, ftLastWriteTime.dwLowDateTime=0x8909dd0, ftLastWriteTime.dwHighDateTime=0x1d4c70b, nFileSizeHigh=0x0, nFileSizeLow=0x708d, dwReserved0=0x0, dwReserved1=0x0, cFileName="hWLk0ZUxjX.odp", cAlternateFileName="HWLK0Z~1.ODP")) returned 1 [0096.384] FindNextFileW (in: hFindFile=0xfe69a0, lpFindFileData=0xcfe904 | out: lpFindFileData=0xcfe904*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x990122f0, ftCreationTime.dwHighDateTime=0x1d4c967, ftLastAccessTime.dwLowDateTime=0x510c8ca0, ftLastAccessTime.dwHighDateTime=0x1d4d40c, ftLastWriteTime.dwLowDateTime=0x510c8ca0, ftLastWriteTime.dwHighDateTime=0x1d4d40c, nFileSizeHigh=0x0, nFileSizeLow=0x6ad5, dwReserved0=0x0, dwReserved1=0x0, cFileName="LDesP3 g3nRtMBVX22el.pptx", cAlternateFileName="LDESP3~1.PPT")) returned 1 [0096.384] FindNextFileW (in: hFindFile=0xfe69a0, lpFindFileData=0xcfe904 | out: lpFindFileData=0xcfe904*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa3241300, ftCreationTime.dwHighDateTime=0x1d4cbb0, ftLastAccessTime.dwLowDateTime=0x24fca670, ftLastAccessTime.dwHighDateTime=0x1d4c6fd, ftLastWriteTime.dwLowDateTime=0x24fca670, ftLastWriteTime.dwHighDateTime=0x1d4c6fd, nFileSizeHigh=0x0, nFileSizeLow=0xee08, dwReserved0=0x0, dwReserved1=0x0, cFileName="_rgf.docx", cAlternateFileName="_RGF~1.DOC")) returned 1 [0096.384] FindNextFileW (in: hFindFile=0xfe69a0, lpFindFileData=0xcfe904 | out: lpFindFileData=0xcfe904*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0096.384] FindClose (in: hFindFile=0xfe69a0 | out: hFindFile=0xfe69a0) returned 1 [0096.384] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeb8c) returned 1 [0096.384] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeb98) returned 1 [0096.384] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfebd0) returned 1 [0096.384] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\EASk6o6CF0e kL2L\\wJpBbkO-ZoXM", nBufferLength=0x105, lpBuffer=0xcfe684, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\EASk6o6CF0e kL2L\\wJpBbkO-ZoXM", lpFilePart=0x0) returned 0x37 [0096.385] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\EASk6o6CF0e kL2L\\wJpBbkO-ZoXM\\*", lpFindFileData=0xcfe8f8 | out: lpFindFileData=0xcfe8f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x53179580, ftCreationTime.dwHighDateTime=0x1d4cf43, ftLastAccessTime.dwLowDateTime=0xf4b83c50, ftLastAccessTime.dwHighDateTime=0x1d4cd8b, ftLastWriteTime.dwLowDateTime=0xf4b83c50, ftLastWriteTime.dwHighDateTime=0x1d4cd8b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xfe6720 [0096.385] FindNextFileW (in: hFindFile=0xfe6720, lpFindFileData=0xcfe904 | out: lpFindFileData=0xcfe904*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x53179580, ftCreationTime.dwHighDateTime=0x1d4cf43, ftLastAccessTime.dwLowDateTime=0xf4b83c50, ftLastAccessTime.dwHighDateTime=0x1d4cd8b, ftLastWriteTime.dwLowDateTime=0xf4b83c50, ftLastWriteTime.dwHighDateTime=0x1d4cd8b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0096.385] FindNextFileW (in: hFindFile=0xfe6720, lpFindFileData=0xcfe904 | out: lpFindFileData=0xcfe904*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x983b9a40, ftCreationTime.dwHighDateTime=0x1d4c59c, ftLastAccessTime.dwLowDateTime=0x53103940, ftLastAccessTime.dwHighDateTime=0x1d4c8f2, ftLastWriteTime.dwLowDateTime=0x53103940, ftLastWriteTime.dwHighDateTime=0x1d4c8f2, nFileSizeHigh=0x0, nFileSizeLow=0x8cff, dwReserved0=0x0, dwReserved1=0x0, cFileName="DKBSIs0RzHs4awqD.xlsx", cAlternateFileName="DKBSIS~1.XLS")) returned 1 [0096.385] FindNextFileW (in: hFindFile=0xfe6720, lpFindFileData=0xcfe904 | out: lpFindFileData=0xcfe904*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x93e95730, ftCreationTime.dwHighDateTime=0x1d4c9ba, ftLastAccessTime.dwLowDateTime=0xf48d83b0, ftLastAccessTime.dwHighDateTime=0x1d4d179, ftLastWriteTime.dwLowDateTime=0xf48d83b0, ftLastWriteTime.dwHighDateTime=0x1d4d179, nFileSizeHigh=0x0, nFileSizeLow=0x5c35, dwReserved0=0x0, dwReserved1=0x0, cFileName="G0s5gRTbdhtMVv.pdf", cAlternateFileName="G0S5GR~1.PDF")) returned 1 [0096.385] FindNextFileW (in: hFindFile=0xfe6720, lpFindFileData=0xcfe904 | out: lpFindFileData=0xcfe904*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x449dea70, ftCreationTime.dwHighDateTime=0x1d4d319, ftLastAccessTime.dwLowDateTime=0x8909dd0, ftLastAccessTime.dwHighDateTime=0x1d4c70b, ftLastWriteTime.dwLowDateTime=0x8909dd0, ftLastWriteTime.dwHighDateTime=0x1d4c70b, nFileSizeHigh=0x0, nFileSizeLow=0x708d, dwReserved0=0x0, dwReserved1=0x0, cFileName="hWLk0ZUxjX.odp", cAlternateFileName="HWLK0Z~1.ODP")) returned 1 [0096.386] FindNextFileW (in: hFindFile=0xfe6720, lpFindFileData=0xcfe904 | out: lpFindFileData=0xcfe904*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x990122f0, ftCreationTime.dwHighDateTime=0x1d4c967, ftLastAccessTime.dwLowDateTime=0x510c8ca0, ftLastAccessTime.dwHighDateTime=0x1d4d40c, ftLastWriteTime.dwLowDateTime=0x510c8ca0, ftLastWriteTime.dwHighDateTime=0x1d4d40c, nFileSizeHigh=0x0, nFileSizeLow=0x6ad5, dwReserved0=0x0, dwReserved1=0x0, cFileName="LDesP3 g3nRtMBVX22el.pptx", cAlternateFileName="LDESP3~1.PPT")) returned 1 [0096.386] FindNextFileW (in: hFindFile=0xfe6720, lpFindFileData=0xcfe904 | out: lpFindFileData=0xcfe904*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa3241300, ftCreationTime.dwHighDateTime=0x1d4cbb0, ftLastAccessTime.dwLowDateTime=0x24fca670, ftLastAccessTime.dwHighDateTime=0x1d4c6fd, ftLastWriteTime.dwLowDateTime=0x24fca670, ftLastWriteTime.dwHighDateTime=0x1d4c6fd, nFileSizeHigh=0x0, nFileSizeLow=0xee08, dwReserved0=0x0, dwReserved1=0x0, cFileName="_rgf.docx", cAlternateFileName="_RGF~1.DOC")) returned 1 [0096.386] FindNextFileW (in: hFindFile=0xfe6720, lpFindFileData=0xcfe904 | out: lpFindFileData=0xcfe904*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa3241300, ftCreationTime.dwHighDateTime=0x1d4cbb0, ftLastAccessTime.dwLowDateTime=0x24fca670, ftLastAccessTime.dwHighDateTime=0x1d4c6fd, ftLastWriteTime.dwLowDateTime=0x24fca670, ftLastWriteTime.dwHighDateTime=0x1d4c6fd, nFileSizeHigh=0x0, nFileSizeLow=0xee08, dwReserved0=0x0, dwReserved1=0x0, cFileName="_rgf.docx", cAlternateFileName="_RGF~1.DOC")) returned 0 [0096.386] FindClose (in: hFindFile=0xfe6720 | out: hFindFile=0xfe6720) returned 1 [0096.386] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeb8c) returned 1 [0096.386] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeb98) returned 1 [0096.387] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\EASk6o6CF0e kL2L\\wJpBbkO-ZoXM\\DKBSIs0RzHs4awqD.xlsx", nBufferLength=0x105, lpBuffer=0xcfe538, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\EASk6o6CF0e kL2L\\wJpBbkO-ZoXM\\DKBSIs0RzHs4awqD.xlsx", lpFilePart=0x0) returned 0x4d [0096.387] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfea7c) returned 1 [0096.387] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Documents\\EASk6o6CF0e kL2L\\wJpBbkO-ZoXM\\DKBSIs0RzHs4awqD.xlsx" (normalized: "c:\\users\\fd1hvy\\documents\\eask6o6cf0e kl2l\\wjpbbko-zoxm\\dkbsis0rzhs4awqd.xlsx"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2b8 [0096.387] GetFileType (hFile=0x2b8) returned 0x1 [0096.387] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfea78) returned 1 [0096.387] GetFileType (hFile=0x2b8) returned 0x1 [0096.387] GetFileSize (in: hFile=0x2b8, lpFileSizeHigh=0xcfeb78 | out: lpFileSizeHigh=0xcfeb78*=0x0) returned 0x8cff [0096.387] ReadFile (in: hFile=0x2b8, lpBuffer=0x2d5b060, nNumberOfBytesToRead=0x8cff, lpNumberOfBytesRead=0xcfeb24, lpOverlapped=0x0 | out: lpBuffer=0x2d5b060*, lpNumberOfBytesRead=0xcfeb24*=0x8cff, lpOverlapped=0x0) returned 1 [0096.387] CloseHandle (hObject=0x2b8) returned 1 [0096.406] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", nBufferLength=0x105, lpBuffer=0xcfe63c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", lpFilePart=0x0) returned 0x2c [0096.406] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeaf0) returned 1 [0096.406] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8" (normalized: "c:\\users\\fd1hvy\\desktop\\read_this.txt.shade8"), fInfoLevelId=0x0, lpFileInformation=0xcfeb6c | out: lpFileInformation=0xcfeb6c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0096.406] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeaec) returned 1 [0096.406] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\EASk6o6CF0e kL2L\\wJpBbkO-ZoXM\\DKBSIs0RzHs4awqD.xlsx", nBufferLength=0x105, lpBuffer=0xcfe524, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\EASk6o6CF0e kL2L\\wJpBbkO-ZoXM\\DKBSIs0RzHs4awqD.xlsx", lpFilePart=0x0) returned 0x4d [0096.406] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfea68) returned 1 [0096.406] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Documents\\EASk6o6CF0e kL2L\\wJpBbkO-ZoXM\\DKBSIs0RzHs4awqD.xlsx" (normalized: "c:\\users\\fd1hvy\\documents\\eask6o6cf0e kl2l\\wjpbbko-zoxm\\dkbsis0rzhs4awqd.xlsx"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2b8 [0096.407] GetFileType (hFile=0x2b8) returned 0x1 [0096.407] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfea64) returned 1 [0096.408] GetFileType (hFile=0x2b8) returned 0x1 [0096.408] WriteFile (in: hFile=0x2b8, lpBuffer=0x2be7f28*, nNumberOfBytesToWrite=0x8d00, lpNumberOfBytesWritten=0xcfeb18, lpOverlapped=0x0 | out: lpBuffer=0x2be7f28*, lpNumberOfBytesWritten=0xcfeb18*=0x8d00, lpOverlapped=0x0) returned 1 [0096.409] CloseHandle (hObject=0x2b8) returned 1 [0096.410] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\EASk6o6CF0e kL2L\\wJpBbkO-ZoXM\\DKBSIs0RzHs4awqD.xlsx", nBufferLength=0x105, lpBuffer=0xcfe648, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\EASk6o6CF0e kL2L\\wJpBbkO-ZoXM\\DKBSIs0RzHs4awqD.xlsx", lpFilePart=0x0) returned 0x4d [0096.410] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\EASk6o6CF0e kL2L\\wJpBbkO-ZoXM\\DKBSIs0RzHs4awqD.xlsx.shade8", nBufferLength=0x105, lpBuffer=0xcfe648, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\EASk6o6CF0e kL2L\\wJpBbkO-ZoXM\\DKBSIs0RzHs4awqD.xlsx.shade8", lpFilePart=0x0) returned 0x54 [0096.410] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeafc) returned 1 [0096.410] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\EASk6o6CF0e kL2L\\wJpBbkO-ZoXM\\DKBSIs0RzHs4awqD.xlsx" (normalized: "c:\\users\\fd1hvy\\documents\\eask6o6cf0e kl2l\\wjpbbko-zoxm\\dkbsis0rzhs4awqd.xlsx"), fInfoLevelId=0x0, lpFileInformation=0xcfeb78 | out: lpFileInformation=0xcfeb78*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x983b9a40, ftCreationTime.dwHighDateTime=0x1d4c59c, ftLastAccessTime.dwLowDateTime=0x53103940, ftLastAccessTime.dwHighDateTime=0x1d4c8f2, ftLastWriteTime.dwLowDateTime=0x8212264c, ftLastWriteTime.dwHighDateTime=0x1d57301, nFileSizeHigh=0x0, nFileSizeLow=0x8d00)) returned 1 [0096.411] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeaf8) returned 1 [0096.411] MoveFileW (lpExistingFileName="C:\\Users\\FD1HVy\\Documents\\EASk6o6CF0e kL2L\\wJpBbkO-ZoXM\\DKBSIs0RzHs4awqD.xlsx" (normalized: "c:\\users\\fd1hvy\\documents\\eask6o6cf0e kl2l\\wjpbbko-zoxm\\dkbsis0rzhs4awqd.xlsx"), lpNewFileName="C:\\Users\\FD1HVy\\Documents\\EASk6o6CF0e kL2L\\wJpBbkO-ZoXM\\DKBSIs0RzHs4awqD.xlsx.shade8" (normalized: "c:\\users\\fd1hvy\\documents\\eask6o6cf0e kl2l\\wjpbbko-zoxm\\dkbsis0rzhs4awqd.xlsx.shade8")) returned 1 [0096.411] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\EASk6o6CF0e kL2L\\wJpBbkO-ZoXM\\G0s5gRTbdhtMVv.pdf", nBufferLength=0x105, lpBuffer=0xcfe538, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\EASk6o6CF0e kL2L\\wJpBbkO-ZoXM\\G0s5gRTbdhtMVv.pdf", lpFilePart=0x0) returned 0x4a [0096.411] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfea7c) returned 1 [0096.411] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Documents\\EASk6o6CF0e kL2L\\wJpBbkO-ZoXM\\G0s5gRTbdhtMVv.pdf" (normalized: "c:\\users\\fd1hvy\\documents\\eask6o6cf0e kl2l\\wjpbbko-zoxm\\g0s5grtbdhtmvv.pdf"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2b8 [0096.411] GetFileType (hFile=0x2b8) returned 0x1 [0096.411] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfea78) returned 1 [0096.411] GetFileType (hFile=0x2b8) returned 0x1 [0096.411] GetFileSize (in: hFile=0x2b8, lpFileSizeHigh=0xcfeb78 | out: lpFileSizeHigh=0xcfeb78*=0x0) returned 0x5c35 [0096.412] ReadFile (in: hFile=0x2b8, lpBuffer=0x2bf1204, nNumberOfBytesToRead=0x5c35, lpNumberOfBytesRead=0xcfeb24, lpOverlapped=0x0 | out: lpBuffer=0x2bf1204*, lpNumberOfBytesRead=0xcfeb24*=0x5c35, lpOverlapped=0x0) returned 1 [0096.412] CloseHandle (hObject=0x2b8) returned 1 [0096.607] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", nBufferLength=0x105, lpBuffer=0xcfe63c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", lpFilePart=0x0) returned 0x2c [0096.607] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeaf0) returned 1 [0096.608] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8" (normalized: "c:\\users\\fd1hvy\\desktop\\read_this.txt.shade8"), fInfoLevelId=0x0, lpFileInformation=0xcfeb6c | out: lpFileInformation=0xcfeb6c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0096.608] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeaec) returned 1 [0096.608] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\EASk6o6CF0e kL2L\\wJpBbkO-ZoXM\\G0s5gRTbdhtMVv.pdf", nBufferLength=0x105, lpBuffer=0xcfe524, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\EASk6o6CF0e kL2L\\wJpBbkO-ZoXM\\G0s5gRTbdhtMVv.pdf", lpFilePart=0x0) returned 0x4a [0096.697] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfea68) returned 1 [0096.697] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Documents\\EASk6o6CF0e kL2L\\wJpBbkO-ZoXM\\G0s5gRTbdhtMVv.pdf" (normalized: "c:\\users\\fd1hvy\\documents\\eask6o6cf0e kl2l\\wjpbbko-zoxm\\g0s5grtbdhtmvv.pdf"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2b8 [0096.710] GetFileType (hFile=0x2b8) returned 0x1 [0096.710] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfea64) returned 1 [0096.710] GetFileType (hFile=0x2b8) returned 0x1 [0096.710] WriteFile (in: hFile=0x2b8, lpBuffer=0x2c5ae8c*, nNumberOfBytesToWrite=0x5c40, lpNumberOfBytesWritten=0xcfeb18, lpOverlapped=0x0 | out: lpBuffer=0x2c5ae8c*, lpNumberOfBytesWritten=0xcfeb18*=0x5c40, lpOverlapped=0x0) returned 1 [0096.711] CloseHandle (hObject=0x2b8) returned 1 [0096.712] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\EASk6o6CF0e kL2L\\wJpBbkO-ZoXM\\G0s5gRTbdhtMVv.pdf", nBufferLength=0x105, lpBuffer=0xcfe648, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\EASk6o6CF0e kL2L\\wJpBbkO-ZoXM\\G0s5gRTbdhtMVv.pdf", lpFilePart=0x0) returned 0x4a [0096.712] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\EASk6o6CF0e kL2L\\wJpBbkO-ZoXM\\G0s5gRTbdhtMVv.pdf.shade8", nBufferLength=0x105, lpBuffer=0xcfe648, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\EASk6o6CF0e kL2L\\wJpBbkO-ZoXM\\G0s5gRTbdhtMVv.pdf.shade8", lpFilePart=0x0) returned 0x51 [0096.713] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeafc) returned 1 [0096.713] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\EASk6o6CF0e kL2L\\wJpBbkO-ZoXM\\G0s5gRTbdhtMVv.pdf" (normalized: "c:\\users\\fd1hvy\\documents\\eask6o6cf0e kl2l\\wjpbbko-zoxm\\g0s5grtbdhtmvv.pdf"), fInfoLevelId=0x0, lpFileInformation=0xcfeb78 | out: lpFileInformation=0xcfeb78*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x93e95730, ftCreationTime.dwHighDateTime=0x1d4c9ba, ftLastAccessTime.dwLowDateTime=0xf48d83b0, ftLastAccessTime.dwHighDateTime=0x1d4d179, ftLastWriteTime.dwLowDateTime=0x823f7248, ftLastWriteTime.dwHighDateTime=0x1d57301, nFileSizeHigh=0x0, nFileSizeLow=0x5c40)) returned 1 [0096.713] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeaf8) returned 1 [0096.713] MoveFileW (lpExistingFileName="C:\\Users\\FD1HVy\\Documents\\EASk6o6CF0e kL2L\\wJpBbkO-ZoXM\\G0s5gRTbdhtMVv.pdf" (normalized: "c:\\users\\fd1hvy\\documents\\eask6o6cf0e kl2l\\wjpbbko-zoxm\\g0s5grtbdhtmvv.pdf"), lpNewFileName="C:\\Users\\FD1HVy\\Documents\\EASk6o6CF0e kL2L\\wJpBbkO-ZoXM\\G0s5gRTbdhtMVv.pdf.shade8" (normalized: "c:\\users\\fd1hvy\\documents\\eask6o6cf0e kl2l\\wjpbbko-zoxm\\g0s5grtbdhtmvv.pdf.shade8")) returned 1 [0096.713] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\EASk6o6CF0e kL2L\\wJpBbkO-ZoXM\\LDesP3 g3nRtMBVX22el.pptx", nBufferLength=0x105, lpBuffer=0xcfe538, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\EASk6o6CF0e kL2L\\wJpBbkO-ZoXM\\LDesP3 g3nRtMBVX22el.pptx", lpFilePart=0x0) returned 0x51 [0096.713] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfea7c) returned 1 [0096.713] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Documents\\EASk6o6CF0e kL2L\\wJpBbkO-ZoXM\\LDesP3 g3nRtMBVX22el.pptx" (normalized: "c:\\users\\fd1hvy\\documents\\eask6o6cf0e kl2l\\wjpbbko-zoxm\\ldesp3 g3nrtmbvx22el.pptx"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2b8 [0096.714] GetFileType (hFile=0x2b8) returned 0x1 [0096.714] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfea78) returned 1 [0096.714] GetFileType (hFile=0x2b8) returned 0x1 [0096.714] GetFileSize (in: hFile=0x2b8, lpFileSizeHigh=0xcfeb78 | out: lpFileSizeHigh=0xcfeb78*=0x0) returned 0x6ad5 [0096.714] ReadFile (in: hFile=0x2b8, lpBuffer=0x2c610bc, nNumberOfBytesToRead=0x6ad5, lpNumberOfBytesRead=0xcfeb24, lpOverlapped=0x0 | out: lpBuffer=0x2c610bc*, lpNumberOfBytesRead=0xcfeb24*=0x6ad5, lpOverlapped=0x0) returned 1 [0096.714] CloseHandle (hObject=0x2b8) returned 1 [0096.730] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", nBufferLength=0x105, lpBuffer=0xcfe63c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", lpFilePart=0x0) returned 0x2c [0096.730] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeaf0) returned 1 [0096.730] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8" (normalized: "c:\\users\\fd1hvy\\desktop\\read_this.txt.shade8"), fInfoLevelId=0x0, lpFileInformation=0xcfeb6c | out: lpFileInformation=0xcfeb6c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0096.731] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeaec) returned 1 [0096.731] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\EASk6o6CF0e kL2L\\wJpBbkO-ZoXM\\LDesP3 g3nRtMBVX22el.pptx", nBufferLength=0x105, lpBuffer=0xcfe524, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\EASk6o6CF0e kL2L\\wJpBbkO-ZoXM\\LDesP3 g3nRtMBVX22el.pptx", lpFilePart=0x0) returned 0x51 [0096.731] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfea68) returned 1 [0096.731] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Documents\\EASk6o6CF0e kL2L\\wJpBbkO-ZoXM\\LDesP3 g3nRtMBVX22el.pptx" (normalized: "c:\\users\\fd1hvy\\documents\\eask6o6cf0e kl2l\\wjpbbko-zoxm\\ldesp3 g3nrtmbvx22el.pptx"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2b8 [0096.732] GetFileType (hFile=0x2b8) returned 0x1 [0096.732] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfea64) returned 1 [0096.732] GetFileType (hFile=0x2b8) returned 0x1 [0096.732] WriteFile (in: hFile=0x2b8, lpBuffer=0x2ccf508*, nNumberOfBytesToWrite=0x6ae0, lpNumberOfBytesWritten=0xcfeb18, lpOverlapped=0x0 | out: lpBuffer=0x2ccf508*, lpNumberOfBytesWritten=0xcfeb18*=0x6ae0, lpOverlapped=0x0) returned 1 [0096.782] CloseHandle (hObject=0x2b8) returned 1 [0096.784] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\EASk6o6CF0e kL2L\\wJpBbkO-ZoXM\\LDesP3 g3nRtMBVX22el.pptx", nBufferLength=0x105, lpBuffer=0xcfe648, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\EASk6o6CF0e kL2L\\wJpBbkO-ZoXM\\LDesP3 g3nRtMBVX22el.pptx", lpFilePart=0x0) returned 0x51 [0096.784] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\EASk6o6CF0e kL2L\\wJpBbkO-ZoXM\\LDesP3 g3nRtMBVX22el.pptx.shade8", nBufferLength=0x105, lpBuffer=0xcfe648, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\EASk6o6CF0e kL2L\\wJpBbkO-ZoXM\\LDesP3 g3nRtMBVX22el.pptx.shade8", lpFilePart=0x0) returned 0x58 [0096.784] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeafc) returned 1 [0096.784] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\EASk6o6CF0e kL2L\\wJpBbkO-ZoXM\\LDesP3 g3nRtMBVX22el.pptx" (normalized: "c:\\users\\fd1hvy\\documents\\eask6o6cf0e kl2l\\wjpbbko-zoxm\\ldesp3 g3nrtmbvx22el.pptx"), fInfoLevelId=0x0, lpFileInformation=0xcfeb78 | out: lpFileInformation=0xcfeb78*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x990122f0, ftCreationTime.dwHighDateTime=0x1d4c967, ftLastAccessTime.dwLowDateTime=0x510c8ca0, ftLastAccessTime.dwHighDateTime=0x1d4d40c, ftLastWriteTime.dwLowDateTime=0x824b5dce, ftLastWriteTime.dwHighDateTime=0x1d57301, nFileSizeHigh=0x0, nFileSizeLow=0x6ae0)) returned 1 [0096.784] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeaf8) returned 1 [0096.784] MoveFileW (lpExistingFileName="C:\\Users\\FD1HVy\\Documents\\EASk6o6CF0e kL2L\\wJpBbkO-ZoXM\\LDesP3 g3nRtMBVX22el.pptx" (normalized: "c:\\users\\fd1hvy\\documents\\eask6o6cf0e kl2l\\wjpbbko-zoxm\\ldesp3 g3nrtmbvx22el.pptx"), lpNewFileName="C:\\Users\\FD1HVy\\Documents\\EASk6o6CF0e kL2L\\wJpBbkO-ZoXM\\LDesP3 g3nRtMBVX22el.pptx.shade8" (normalized: "c:\\users\\fd1hvy\\documents\\eask6o6cf0e kl2l\\wjpbbko-zoxm\\ldesp3 g3nrtmbvx22el.pptx.shade8")) returned 1 [0096.785] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\EASk6o6CF0e kL2L\\wJpBbkO-ZoXM\\_rgf.docx", nBufferLength=0x105, lpBuffer=0xcfe538, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\EASk6o6CF0e kL2L\\wJpBbkO-ZoXM\\_rgf.docx", lpFilePart=0x0) returned 0x41 [0096.785] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfea7c) returned 1 [0096.785] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Documents\\EASk6o6CF0e kL2L\\wJpBbkO-ZoXM\\_rgf.docx" (normalized: "c:\\users\\fd1hvy\\documents\\eask6o6cf0e kl2l\\wjpbbko-zoxm\\_rgf.docx"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2b8 [0096.785] GetFileType (hFile=0x2b8) returned 0x1 [0096.785] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfea78) returned 1 [0096.785] GetFileType (hFile=0x2b8) returned 0x1 [0096.785] GetFileSize (in: hFile=0x2b8, lpFileSizeHigh=0xcfeb78 | out: lpFileSizeHigh=0xcfeb78*=0x0) returned 0xee08 [0096.786] ReadFile (in: hFile=0x2b8, lpBuffer=0x2cd65c4, nNumberOfBytesToRead=0xee08, lpNumberOfBytesRead=0xcfeb24, lpOverlapped=0x0 | out: lpBuffer=0x2cd65c4*, lpNumberOfBytesRead=0xcfeb24*=0xee08, lpOverlapped=0x0) returned 1 [0096.786] CloseHandle (hObject=0x2b8) returned 1 [0096.803] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", nBufferLength=0x105, lpBuffer=0xcfe63c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", lpFilePart=0x0) returned 0x2c [0096.803] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeaf0) returned 1 [0096.803] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8" (normalized: "c:\\users\\fd1hvy\\desktop\\read_this.txt.shade8"), fInfoLevelId=0x0, lpFileInformation=0xcfeb6c | out: lpFileInformation=0xcfeb6c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0096.803] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeaec) returned 1 [0096.803] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\EASk6o6CF0e kL2L\\wJpBbkO-ZoXM\\_rgf.docx", nBufferLength=0x105, lpBuffer=0xcfe524, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\EASk6o6CF0e kL2L\\wJpBbkO-ZoXM\\_rgf.docx", lpFilePart=0x0) returned 0x41 [0096.803] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfea68) returned 1 [0096.804] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Documents\\EASk6o6CF0e kL2L\\wJpBbkO-ZoXM\\_rgf.docx" (normalized: "c:\\users\\fd1hvy\\documents\\eask6o6cf0e kl2l\\wjpbbko-zoxm\\_rgf.docx"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2b8 [0096.805] GetFileType (hFile=0x2b8) returned 0x1 [0096.805] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfea64) returned 1 [0096.805] GetFileType (hFile=0x2b8) returned 0x1 [0096.805] WriteFile (in: hFile=0x2b8, lpBuffer=0x2d4fdf0*, nNumberOfBytesToWrite=0xee10, lpNumberOfBytesWritten=0xcfeb18, lpOverlapped=0x0 | out: lpBuffer=0x2d4fdf0*, lpNumberOfBytesWritten=0xcfeb18*=0xee10, lpOverlapped=0x0) returned 1 [0096.807] CloseHandle (hObject=0x2b8) returned 1 [0096.809] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\EASk6o6CF0e kL2L\\wJpBbkO-ZoXM\\_rgf.docx", nBufferLength=0x105, lpBuffer=0xcfe648, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\EASk6o6CF0e kL2L\\wJpBbkO-ZoXM\\_rgf.docx", lpFilePart=0x0) returned 0x41 [0096.809] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\EASk6o6CF0e kL2L\\wJpBbkO-ZoXM\\_rgf.docx.shade8", nBufferLength=0x105, lpBuffer=0xcfe648, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\EASk6o6CF0e kL2L\\wJpBbkO-ZoXM\\_rgf.docx.shade8", lpFilePart=0x0) returned 0x48 [0096.809] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeafc) returned 1 [0096.809] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\EASk6o6CF0e kL2L\\wJpBbkO-ZoXM\\_rgf.docx" (normalized: "c:\\users\\fd1hvy\\documents\\eask6o6cf0e kl2l\\wjpbbko-zoxm\\_rgf.docx"), fInfoLevelId=0x0, lpFileInformation=0xcfeb78 | out: lpFileInformation=0xcfeb78*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa3241300, ftCreationTime.dwHighDateTime=0x1d4cbb0, ftLastAccessTime.dwLowDateTime=0x24fca670, ftLastAccessTime.dwHighDateTime=0x1d4c6fd, ftLastWriteTime.dwLowDateTime=0x824dc20a, ftLastWriteTime.dwHighDateTime=0x1d57301, nFileSizeHigh=0x0, nFileSizeLow=0xee10)) returned 1 [0096.809] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeaf8) returned 1 [0096.809] MoveFileW (lpExistingFileName="C:\\Users\\FD1HVy\\Documents\\EASk6o6CF0e kL2L\\wJpBbkO-ZoXM\\_rgf.docx" (normalized: "c:\\users\\fd1hvy\\documents\\eask6o6cf0e kl2l\\wjpbbko-zoxm\\_rgf.docx"), lpNewFileName="C:\\Users\\FD1HVy\\Documents\\EASk6o6CF0e kL2L\\wJpBbkO-ZoXM\\_rgf.docx.shade8" (normalized: "c:\\users\\fd1hvy\\documents\\eask6o6cf0e kl2l\\wjpbbko-zoxm\\_rgf.docx.shade8")) returned 1 [0096.810] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfec44) returned 1 [0096.810] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\My Music", nBufferLength=0x105, lpBuffer=0xcfe6f8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\My Music", lpFilePart=0x0) returned 0x22 [0096.810] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\My Music\\*", lpFindFileData=0xcfe96c | out: lpFindFileData=0xcfe96c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0096.810] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfec08) returned 1 [0096.898] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfec44) returned 1 [0096.898] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\My Pictures", nBufferLength=0x105, lpBuffer=0xcfe6f8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\My Pictures", lpFilePart=0x0) returned 0x25 [0096.898] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\My Pictures\\*", lpFindFileData=0xcfe96c | out: lpFindFileData=0xcfe96c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0096.899] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfec08) returned 1 [0096.900] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfec44) returned 1 [0096.900] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\My Shapes", nBufferLength=0x105, lpBuffer=0xcfe6f8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\My Shapes", lpFilePart=0x0) returned 0x23 [0096.900] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\My Shapes\\*", lpFindFileData=0xcfe96c | out: lpFindFileData=0xcfe96c*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc1a0f60e, ftCreationTime.dwHighDateTime=0x1d47c35, ftLastAccessTime.dwLowDateTime=0xc1bc4716, ftLastAccessTime.dwHighDateTime=0x1d47c35, ftLastWriteTime.dwLowDateTime=0xc1bc4716, ftLastWriteTime.dwHighDateTime=0x1d47c35, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xfe64e0 [0096.901] FindNextFileW (in: hFindFile=0xfe64e0, lpFindFileData=0xcfe978 | out: lpFindFileData=0xcfe978*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc1a0f60e, ftCreationTime.dwHighDateTime=0x1d47c35, ftLastAccessTime.dwLowDateTime=0xc1bc4716, ftLastAccessTime.dwHighDateTime=0x1d47c35, ftLastWriteTime.dwLowDateTime=0xc1bc4716, ftLastWriteTime.dwHighDateTime=0x1d47c35, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0096.902] FindNextFileW (in: hFindFile=0xfe64e0, lpFindFileData=0xcfe978 | out: lpFindFileData=0xcfe978*(dwFileAttributes=0x2, ftCreationTime.dwLowDateTime=0xc1bc4716, ftCreationTime.dwHighDateTime=0x1d47c35, ftLastAccessTime.dwLowDateTime=0xc1bc4716, ftLastAccessTime.dwHighDateTime=0x1d47c35, ftLastWriteTime.dwLowDateTime=0xc1bea8c6, ftLastWriteTime.dwHighDateTime=0x1d47c35, nFileSizeHigh=0x0, nFileSizeLow=0xd8, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0096.902] FindNextFileW (in: hFindFile=0xfe64e0, lpFindFileData=0xcfe978 | out: lpFindFileData=0xcfe978*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc1a0f60e, ftCreationTime.dwHighDateTime=0x1d47c35, ftLastAccessTime.dwLowDateTime=0xc1a0f60e, ftLastAccessTime.dwHighDateTime=0x1d47c35, ftLastWriteTime.dwLowDateTime=0xc1a0f60e, ftLastWriteTime.dwHighDateTime=0x1d47c35, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Favorites.vssx", cAlternateFileName="FAVORI~1.VSS")) returned 1 [0096.902] FindNextFileW (in: hFindFile=0xfe64e0, lpFindFileData=0xcfe978 | out: lpFindFileData=0xcfe978*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0xc1bc4716, ftCreationTime.dwHighDateTime=0x1d47c35, ftLastAccessTime.dwLowDateTime=0xd44481c9, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xc1bc4716, ftLastWriteTime.dwHighDateTime=0x1d47c35, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="_private", cAlternateFileName="")) returned 1 [0096.903] FindNextFileW (in: hFindFile=0xfe64e0, lpFindFileData=0xcfe978 | out: lpFindFileData=0xcfe978*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0xc1bc4716, ftCreationTime.dwHighDateTime=0x1d47c35, ftLastAccessTime.dwLowDateTime=0xd44481c9, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xc1bc4716, ftLastWriteTime.dwHighDateTime=0x1d47c35, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="_private", cAlternateFileName="")) returned 0 [0096.903] FindClose (in: hFindFile=0xfe64e0 | out: hFindFile=0xfe64e0) returned 1 [0096.903] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfec00) returned 1 [0096.903] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfec0c) returned 1 [0096.903] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfec44) returned 1 [0096.903] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\My Shapes", nBufferLength=0x105, lpBuffer=0xcfe6f8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\My Shapes", lpFilePart=0x0) returned 0x23 [0096.903] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\My Shapes\\*", lpFindFileData=0xcfe96c | out: lpFindFileData=0xcfe96c*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc1a0f60e, ftCreationTime.dwHighDateTime=0x1d47c35, ftLastAccessTime.dwLowDateTime=0xc1bc4716, ftLastAccessTime.dwHighDateTime=0x1d47c35, ftLastWriteTime.dwLowDateTime=0xc1bc4716, ftLastWriteTime.dwHighDateTime=0x1d47c35, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xfe64e0 [0096.903] FindNextFileW (in: hFindFile=0xfe64e0, lpFindFileData=0xcfe978 | out: lpFindFileData=0xcfe978*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0xc1a0f60e, ftCreationTime.dwHighDateTime=0x1d47c35, ftLastAccessTime.dwLowDateTime=0xc1bc4716, ftLastAccessTime.dwHighDateTime=0x1d47c35, ftLastWriteTime.dwLowDateTime=0xc1bc4716, ftLastWriteTime.dwHighDateTime=0x1d47c35, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0096.904] FindNextFileW (in: hFindFile=0xfe64e0, lpFindFileData=0xcfe978 | out: lpFindFileData=0xcfe978*(dwFileAttributes=0x2, ftCreationTime.dwLowDateTime=0xc1bc4716, ftCreationTime.dwHighDateTime=0x1d47c35, ftLastAccessTime.dwLowDateTime=0xc1bc4716, ftLastAccessTime.dwHighDateTime=0x1d47c35, ftLastWriteTime.dwLowDateTime=0xc1bea8c6, ftLastWriteTime.dwHighDateTime=0x1d47c35, nFileSizeHigh=0x0, nFileSizeLow=0xd8, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0096.904] FindNextFileW (in: hFindFile=0xfe64e0, lpFindFileData=0xcfe978 | out: lpFindFileData=0xcfe978*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc1a0f60e, ftCreationTime.dwHighDateTime=0x1d47c35, ftLastAccessTime.dwLowDateTime=0xc1a0f60e, ftLastAccessTime.dwHighDateTime=0x1d47c35, ftLastWriteTime.dwLowDateTime=0xc1a0f60e, ftLastWriteTime.dwHighDateTime=0x1d47c35, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Favorites.vssx", cAlternateFileName="FAVORI~1.VSS")) returned 1 [0096.904] FindNextFileW (in: hFindFile=0xfe64e0, lpFindFileData=0xcfe978 | out: lpFindFileData=0xcfe978*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0xc1bc4716, ftCreationTime.dwHighDateTime=0x1d47c35, ftLastAccessTime.dwLowDateTime=0xd44481c9, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xc1bc4716, ftLastWriteTime.dwHighDateTime=0x1d47c35, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="_private", cAlternateFileName="")) returned 1 [0096.904] FindNextFileW (in: hFindFile=0xfe64e0, lpFindFileData=0xcfe978 | out: lpFindFileData=0xcfe978*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0096.904] FindClose (in: hFindFile=0xfe64e0 | out: hFindFile=0xfe64e0) returned 1 [0096.904] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfec00) returned 1 [0096.904] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfec0c) returned 1 [0096.904] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfebd0) returned 1 [0096.904] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\My Shapes\\_private", nBufferLength=0x105, lpBuffer=0xcfe684, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\My Shapes\\_private", lpFilePart=0x0) returned 0x2c [0096.904] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\My Shapes\\_private\\*", lpFindFileData=0xcfe8f8 | out: lpFindFileData=0xcfe8f8*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0xc1bc4716, ftCreationTime.dwHighDateTime=0x1d47c35, ftLastAccessTime.dwLowDateTime=0xd44481c9, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xc1bc4716, ftLastWriteTime.dwHighDateTime=0x1d47c35, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xfe6960 [0096.905] FindNextFileW (in: hFindFile=0xfe6960, lpFindFileData=0xcfe904 | out: lpFindFileData=0xcfe904*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0xc1bc4716, ftCreationTime.dwHighDateTime=0x1d47c35, ftLastAccessTime.dwLowDateTime=0xd44481c9, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xc1bc4716, ftLastWriteTime.dwHighDateTime=0x1d47c35, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0096.905] FindNextFileW (in: hFindFile=0xfe6960, lpFindFileData=0xcfe904 | out: lpFindFileData=0xcfe904*(dwFileAttributes=0x2, ftCreationTime.dwLowDateTime=0xc1bc4716, ftCreationTime.dwHighDateTime=0x1d47c35, ftLastAccessTime.dwLowDateTime=0xc1bc4716, ftLastAccessTime.dwHighDateTime=0x1d47c35, ftLastWriteTime.dwLowDateTime=0xc1bea8c6, ftLastWriteTime.dwHighDateTime=0x1d47c35, nFileSizeHigh=0x0, nFileSizeLow=0x74e6, dwReserved0=0x0, dwReserved1=0x0, cFileName="folder.ico", cAlternateFileName="")) returned 1 [0096.906] FindNextFileW (in: hFindFile=0xfe6960, lpFindFileData=0xcfe904 | out: lpFindFileData=0xcfe904*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0096.906] FindClose (in: hFindFile=0xfe6960 | out: hFindFile=0xfe6960) returned 1 [0096.906] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeb8c) returned 1 [0096.906] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeb98) returned 1 [0096.906] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfebd0) returned 1 [0096.906] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\My Shapes\\_private", nBufferLength=0x105, lpBuffer=0xcfe684, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\My Shapes\\_private", lpFilePart=0x0) returned 0x2c [0096.906] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\My Shapes\\_private\\*", lpFindFileData=0xcfe8f8 | out: lpFindFileData=0xcfe8f8*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0xc1bc4716, ftCreationTime.dwHighDateTime=0x1d47c35, ftLastAccessTime.dwLowDateTime=0xd44481c9, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xc1bc4716, ftLastWriteTime.dwHighDateTime=0x1d47c35, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xfe6960 [0096.906] FindNextFileW (in: hFindFile=0xfe6960, lpFindFileData=0xcfe904 | out: lpFindFileData=0xcfe904*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0xc1bc4716, ftCreationTime.dwHighDateTime=0x1d47c35, ftLastAccessTime.dwLowDateTime=0xd44481c9, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xc1bc4716, ftLastWriteTime.dwHighDateTime=0x1d47c35, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0096.906] FindNextFileW (in: hFindFile=0xfe6960, lpFindFileData=0xcfe904 | out: lpFindFileData=0xcfe904*(dwFileAttributes=0x2, ftCreationTime.dwLowDateTime=0xc1bc4716, ftCreationTime.dwHighDateTime=0x1d47c35, ftLastAccessTime.dwLowDateTime=0xc1bc4716, ftLastAccessTime.dwHighDateTime=0x1d47c35, ftLastWriteTime.dwLowDateTime=0xc1bea8c6, ftLastWriteTime.dwHighDateTime=0x1d47c35, nFileSizeHigh=0x0, nFileSizeLow=0x74e6, dwReserved0=0x0, dwReserved1=0x0, cFileName="folder.ico", cAlternateFileName="")) returned 1 [0096.907] FindNextFileW (in: hFindFile=0xfe6960, lpFindFileData=0xcfe904 | out: lpFindFileData=0xcfe904*(dwFileAttributes=0x2, ftCreationTime.dwLowDateTime=0xc1bc4716, ftCreationTime.dwHighDateTime=0x1d47c35, ftLastAccessTime.dwLowDateTime=0xc1bc4716, ftLastAccessTime.dwHighDateTime=0x1d47c35, ftLastWriteTime.dwLowDateTime=0xc1bea8c6, ftLastWriteTime.dwHighDateTime=0x1d47c35, nFileSizeHigh=0x0, nFileSizeLow=0x74e6, dwReserved0=0x0, dwReserved1=0x0, cFileName="folder.ico", cAlternateFileName="")) returned 0 [0096.907] FindClose (in: hFindFile=0xfe6960 | out: hFindFile=0xfe6960) returned 1 [0096.907] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeb8c) returned 1 [0096.907] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeb98) returned 1 [0096.907] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\My Shapes\\_private\\folder.ico", nBufferLength=0x105, lpBuffer=0xcfe538, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\My Shapes\\_private\\folder.ico", lpFilePart=0x0) returned 0x37 [0096.907] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfea7c) returned 1 [0096.907] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Documents\\My Shapes\\_private\\folder.ico" (normalized: "c:\\users\\fd1hvy\\documents\\my shapes\\_private\\folder.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2b8 [0096.907] GetFileType (hFile=0x2b8) returned 0x1 [0096.907] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfea78) returned 1 [0096.907] GetFileType (hFile=0x2b8) returned 0x1 [0096.907] GetFileSize (in: hFile=0x2b8, lpFileSizeHigh=0xcfeb78 | out: lpFileSizeHigh=0xcfeb78*=0x0) returned 0x74e6 [0096.907] ReadFile (in: hFile=0x2b8, lpBuffer=0x2d63ed0, nNumberOfBytesToRead=0x74e6, lpNumberOfBytesRead=0xcfeb24, lpOverlapped=0x0 | out: lpBuffer=0x2d63ed0*, lpNumberOfBytesRead=0xcfeb24*=0x74e6, lpOverlapped=0x0) returned 1 [0096.909] CloseHandle (hObject=0x2b8) returned 1 [0097.187] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", nBufferLength=0x105, lpBuffer=0xcfe63c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", lpFilePart=0x0) returned 0x2c [0097.187] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeaf0) returned 1 [0097.187] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8" (normalized: "c:\\users\\fd1hvy\\desktop\\read_this.txt.shade8"), fInfoLevelId=0x0, lpFileInformation=0xcfeb6c | out: lpFileInformation=0xcfeb6c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0097.188] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeaec) returned 1 [0097.188] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\My Shapes\\_private\\folder.ico", nBufferLength=0x105, lpBuffer=0xcfe524, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\My Shapes\\_private\\folder.ico", lpFilePart=0x0) returned 0x37 [0097.188] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfea68) returned 1 [0097.188] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Documents\\My Shapes\\_private\\folder.ico" (normalized: "c:\\users\\fd1hvy\\documents\\my shapes\\_private\\folder.ico"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0xffffffff [0097.192] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfd440) returned 1 [0097.192] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfec44) returned 1 [0097.192] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\My Videos", nBufferLength=0x105, lpBuffer=0xcfe6f8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\My Videos", lpFilePart=0x0) returned 0x23 [0097.192] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\My Videos\\*", lpFindFileData=0xcfe96c | out: lpFindFileData=0xcfe96c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0097.192] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfec08) returned 1 [0097.193] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfec44) returned 1 [0097.193] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\Outlook Files", nBufferLength=0x105, lpBuffer=0xcfe6f8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\Outlook Files", lpFilePart=0x0) returned 0x27 [0097.193] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\Outlook Files\\*", lpFindFileData=0xcfe96c | out: lpFindFileData=0xcfe96c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa73182d0, ftCreationTime.dwHighDateTime=0x1d327c8, ftLastAccessTime.dwLowDateTime=0xa87f514a, ftLastAccessTime.dwHighDateTime=0x1d327c8, ftLastWriteTime.dwLowDateTime=0xddc1fe1e, ftLastWriteTime.dwHighDateTime=0x1d327c8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xfe67e0 [0097.194] FindNextFileW (in: hFindFile=0xfe67e0, lpFindFileData=0xcfe978 | out: lpFindFileData=0xcfe978*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa73182d0, ftCreationTime.dwHighDateTime=0x1d327c8, ftLastAccessTime.dwLowDateTime=0xa87f514a, ftLastAccessTime.dwHighDateTime=0x1d327c8, ftLastWriteTime.dwLowDateTime=0xddc1fe1e, ftLastWriteTime.dwHighDateTime=0x1d327c8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0097.194] FindNextFileW (in: hFindFile=0xfe67e0, lpFindFileData=0xcfe978 | out: lpFindFileData=0xcfe978*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xa736477a, ftCreationTime.dwHighDateTime=0x1d327c8, ftLastAccessTime.dwLowDateTime=0xa736477a, ftLastAccessTime.dwHighDateTime=0x1d327c8, ftLastWriteTime.dwLowDateTime=0xddbf9d33, ftLastWriteTime.dwHighDateTime=0x1d327c8, nFileSizeHigh=0x0, nFileSizeLow=0x42400, dwReserved0=0x0, dwReserved1=0x0, cFileName="kkcie@kdj.kd.pst", cAlternateFileName="KKCIE@~1.PST")) returned 1 [0097.195] FindNextFileW (in: hFindFile=0xfe67e0, lpFindFileData=0xcfe978 | out: lpFindFileData=0xcfe978*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0097.195] FindClose (in: hFindFile=0xfe67e0 | out: hFindFile=0xfe67e0) returned 1 [0097.195] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfec00) returned 1 [0097.195] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfec0c) returned 1 [0097.195] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfec44) returned 1 [0097.195] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\Outlook Files", nBufferLength=0x105, lpBuffer=0xcfe6f8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\Outlook Files", lpFilePart=0x0) returned 0x27 [0097.195] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\Outlook Files\\*", lpFindFileData=0xcfe96c | out: lpFindFileData=0xcfe96c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa73182d0, ftCreationTime.dwHighDateTime=0x1d327c8, ftLastAccessTime.dwLowDateTime=0xa87f514a, ftLastAccessTime.dwHighDateTime=0x1d327c8, ftLastWriteTime.dwLowDateTime=0xddc1fe1e, ftLastWriteTime.dwHighDateTime=0x1d327c8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xfe6960 [0097.195] FindNextFileW (in: hFindFile=0xfe6960, lpFindFileData=0xcfe978 | out: lpFindFileData=0xcfe978*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa73182d0, ftCreationTime.dwHighDateTime=0x1d327c8, ftLastAccessTime.dwLowDateTime=0xa87f514a, ftLastAccessTime.dwHighDateTime=0x1d327c8, ftLastWriteTime.dwLowDateTime=0xddc1fe1e, ftLastWriteTime.dwHighDateTime=0x1d327c8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0097.195] FindNextFileW (in: hFindFile=0xfe6960, lpFindFileData=0xcfe978 | out: lpFindFileData=0xcfe978*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xa736477a, ftCreationTime.dwHighDateTime=0x1d327c8, ftLastAccessTime.dwLowDateTime=0xa736477a, ftLastAccessTime.dwHighDateTime=0x1d327c8, ftLastWriteTime.dwLowDateTime=0xddbf9d33, ftLastWriteTime.dwHighDateTime=0x1d327c8, nFileSizeHigh=0x0, nFileSizeLow=0x42400, dwReserved0=0x0, dwReserved1=0x0, cFileName="kkcie@kdj.kd.pst", cAlternateFileName="KKCIE@~1.PST")) returned 1 [0097.196] FindNextFileW (in: hFindFile=0xfe6960, lpFindFileData=0xcfe978 | out: lpFindFileData=0xcfe978*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xa736477a, ftCreationTime.dwHighDateTime=0x1d327c8, ftLastAccessTime.dwLowDateTime=0xa736477a, ftLastAccessTime.dwHighDateTime=0x1d327c8, ftLastWriteTime.dwLowDateTime=0xddbf9d33, ftLastWriteTime.dwHighDateTime=0x1d327c8, nFileSizeHigh=0x0, nFileSizeLow=0x42400, dwReserved0=0x0, dwReserved1=0x0, cFileName="kkcie@kdj.kd.pst", cAlternateFileName="KKCIE@~1.PST")) returned 0 [0097.196] FindClose (in: hFindFile=0xfe6960 | out: hFindFile=0xfe6960) returned 1 [0097.196] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfec00) returned 1 [0097.196] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfec0c) returned 1 [0097.196] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfec44) returned 1 [0097.196] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\p6BQ5-YjI-RteFLY", nBufferLength=0x105, lpBuffer=0xcfe6f8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\p6BQ5-YjI-RteFLY", lpFilePart=0x0) returned 0x2a [0097.196] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\p6BQ5-YjI-RteFLY\\*", lpFindFileData=0xcfe96c | out: lpFindFileData=0xcfe96c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x9d712fb0, ftCreationTime.dwHighDateTime=0x1d4cfe8, ftLastAccessTime.dwLowDateTime=0xc4b15cf0, ftLastAccessTime.dwHighDateTime=0x1d4d405, ftLastWriteTime.dwLowDateTime=0xc4b15cf0, ftLastWriteTime.dwHighDateTime=0x1d4d405, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xfe65e0 [0097.196] FindNextFileW (in: hFindFile=0xfe65e0, lpFindFileData=0xcfe978 | out: lpFindFileData=0xcfe978*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x9d712fb0, ftCreationTime.dwHighDateTime=0x1d4cfe8, ftLastAccessTime.dwLowDateTime=0xc4b15cf0, ftLastAccessTime.dwHighDateTime=0x1d4d405, ftLastWriteTime.dwLowDateTime=0xc4b15cf0, ftLastWriteTime.dwHighDateTime=0x1d4d405, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0097.196] FindNextFileW (in: hFindFile=0xfe65e0, lpFindFileData=0xcfe978 | out: lpFindFileData=0xcfe978*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x746070b0, ftCreationTime.dwHighDateTime=0x1d4c6b3, ftLastAccessTime.dwLowDateTime=0xc5205d30, ftLastAccessTime.dwHighDateTime=0x1d4d31a, ftLastWriteTime.dwLowDateTime=0xc5205d30, ftLastWriteTime.dwHighDateTime=0x1d4d31a, nFileSizeHigh=0x0, nFileSizeLow=0x7efa, dwReserved0=0x0, dwReserved1=0x0, cFileName="aR2H.ppt", cAlternateFileName="")) returned 1 [0097.197] FindNextFileW (in: hFindFile=0xfe65e0, lpFindFileData=0xcfe978 | out: lpFindFileData=0xcfe978*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd93e1fa0, ftCreationTime.dwHighDateTime=0x1d4cbea, ftLastAccessTime.dwLowDateTime=0xc5f59380, ftLastAccessTime.dwHighDateTime=0x1d4cdb4, ftLastWriteTime.dwLowDateTime=0xc5f59380, ftLastWriteTime.dwHighDateTime=0x1d4cdb4, nFileSizeHigh=0x0, nFileSizeLow=0xc987, dwReserved0=0x0, dwReserved1=0x0, cFileName="CgR79Kfzbg-3Qbk9s6.xlsx", cAlternateFileName="CGR79K~1.XLS")) returned 1 [0097.197] FindNextFileW (in: hFindFile=0xfe65e0, lpFindFileData=0xcfe978 | out: lpFindFileData=0xcfe978*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5908abd0, ftCreationTime.dwHighDateTime=0x1d4cce3, ftLastAccessTime.dwLowDateTime=0x77db98f0, ftLastAccessTime.dwHighDateTime=0x1d4ccee, ftLastWriteTime.dwLowDateTime=0x77db98f0, ftLastWriteTime.dwHighDateTime=0x1d4ccee, nFileSizeHigh=0x0, nFileSizeLow=0x7af0, dwReserved0=0x0, dwReserved1=0x0, cFileName="i41j6mn 1jdQoeE5Sy.ppt", cAlternateFileName="I41J6M~1.PPT")) returned 1 [0097.197] FindNextFileW (in: hFindFile=0xfe65e0, lpFindFileData=0xcfe978 | out: lpFindFileData=0xcfe978*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2ee43cd0, ftCreationTime.dwHighDateTime=0x1d4c675, ftLastAccessTime.dwLowDateTime=0x8a714770, ftLastAccessTime.dwHighDateTime=0x1d4cb32, ftLastWriteTime.dwLowDateTime=0x8a714770, ftLastWriteTime.dwHighDateTime=0x1d4cb32, nFileSizeHigh=0x0, nFileSizeLow=0x11db6, dwReserved0=0x0, dwReserved1=0x0, cFileName="VO0GHdnz.pps", cAlternateFileName="")) returned 1 [0097.197] FindNextFileW (in: hFindFile=0xfe65e0, lpFindFileData=0xcfe978 | out: lpFindFileData=0xcfe978*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7a6c6d70, ftCreationTime.dwHighDateTime=0x1d4cab3, ftLastAccessTime.dwLowDateTime=0xd2a33680, ftLastAccessTime.dwHighDateTime=0x1d4ced3, ftLastWriteTime.dwLowDateTime=0xd2a33680, ftLastWriteTime.dwHighDateTime=0x1d4ced3, nFileSizeHigh=0x0, nFileSizeLow=0x448b, dwReserved0=0x0, dwReserved1=0x0, cFileName="Xe354cZANCjG3D.docx", cAlternateFileName="XE354C~1.DOC")) returned 1 [0097.197] FindNextFileW (in: hFindFile=0xfe65e0, lpFindFileData=0xcfe978 | out: lpFindFileData=0xcfe978*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0097.197] FindClose (in: hFindFile=0xfe65e0 | out: hFindFile=0xfe65e0) returned 1 [0097.197] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfec00) returned 1 [0097.197] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfec0c) returned 1 [0097.197] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfec44) returned 1 [0097.197] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\p6BQ5-YjI-RteFLY", nBufferLength=0x105, lpBuffer=0xcfe6f8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\p6BQ5-YjI-RteFLY", lpFilePart=0x0) returned 0x2a [0097.198] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\p6BQ5-YjI-RteFLY\\*", lpFindFileData=0xcfe96c | out: lpFindFileData=0xcfe96c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x9d712fb0, ftCreationTime.dwHighDateTime=0x1d4cfe8, ftLastAccessTime.dwLowDateTime=0xc4b15cf0, ftLastAccessTime.dwHighDateTime=0x1d4d405, ftLastWriteTime.dwLowDateTime=0xc4b15cf0, ftLastWriteTime.dwHighDateTime=0x1d4d405, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xfe6520 [0097.198] FindNextFileW (in: hFindFile=0xfe6520, lpFindFileData=0xcfe978 | out: lpFindFileData=0xcfe978*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x9d712fb0, ftCreationTime.dwHighDateTime=0x1d4cfe8, ftLastAccessTime.dwLowDateTime=0xc4b15cf0, ftLastAccessTime.dwHighDateTime=0x1d4d405, ftLastWriteTime.dwLowDateTime=0xc4b15cf0, ftLastWriteTime.dwHighDateTime=0x1d4d405, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0097.198] FindNextFileW (in: hFindFile=0xfe6520, lpFindFileData=0xcfe978 | out: lpFindFileData=0xcfe978*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x746070b0, ftCreationTime.dwHighDateTime=0x1d4c6b3, ftLastAccessTime.dwLowDateTime=0xc5205d30, ftLastAccessTime.dwHighDateTime=0x1d4d31a, ftLastWriteTime.dwLowDateTime=0xc5205d30, ftLastWriteTime.dwHighDateTime=0x1d4d31a, nFileSizeHigh=0x0, nFileSizeLow=0x7efa, dwReserved0=0x0, dwReserved1=0x0, cFileName="aR2H.ppt", cAlternateFileName="")) returned 1 [0097.198] FindNextFileW (in: hFindFile=0xfe6520, lpFindFileData=0xcfe978 | out: lpFindFileData=0xcfe978*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd93e1fa0, ftCreationTime.dwHighDateTime=0x1d4cbea, ftLastAccessTime.dwLowDateTime=0xc5f59380, ftLastAccessTime.dwHighDateTime=0x1d4cdb4, ftLastWriteTime.dwLowDateTime=0xc5f59380, ftLastWriteTime.dwHighDateTime=0x1d4cdb4, nFileSizeHigh=0x0, nFileSizeLow=0xc987, dwReserved0=0x0, dwReserved1=0x0, cFileName="CgR79Kfzbg-3Qbk9s6.xlsx", cAlternateFileName="CGR79K~1.XLS")) returned 1 [0097.198] FindNextFileW (in: hFindFile=0xfe6520, lpFindFileData=0xcfe978 | out: lpFindFileData=0xcfe978*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5908abd0, ftCreationTime.dwHighDateTime=0x1d4cce3, ftLastAccessTime.dwLowDateTime=0x77db98f0, ftLastAccessTime.dwHighDateTime=0x1d4ccee, ftLastWriteTime.dwLowDateTime=0x77db98f0, ftLastWriteTime.dwHighDateTime=0x1d4ccee, nFileSizeHigh=0x0, nFileSizeLow=0x7af0, dwReserved0=0x0, dwReserved1=0x0, cFileName="i41j6mn 1jdQoeE5Sy.ppt", cAlternateFileName="I41J6M~1.PPT")) returned 1 [0097.198] FindNextFileW (in: hFindFile=0xfe6520, lpFindFileData=0xcfe978 | out: lpFindFileData=0xcfe978*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2ee43cd0, ftCreationTime.dwHighDateTime=0x1d4c675, ftLastAccessTime.dwLowDateTime=0x8a714770, ftLastAccessTime.dwHighDateTime=0x1d4cb32, ftLastWriteTime.dwLowDateTime=0x8a714770, ftLastWriteTime.dwHighDateTime=0x1d4cb32, nFileSizeHigh=0x0, nFileSizeLow=0x11db6, dwReserved0=0x0, dwReserved1=0x0, cFileName="VO0GHdnz.pps", cAlternateFileName="")) returned 1 [0097.199] FindNextFileW (in: hFindFile=0xfe6520, lpFindFileData=0xcfe978 | out: lpFindFileData=0xcfe978*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7a6c6d70, ftCreationTime.dwHighDateTime=0x1d4cab3, ftLastAccessTime.dwLowDateTime=0xd2a33680, ftLastAccessTime.dwHighDateTime=0x1d4ced3, ftLastWriteTime.dwLowDateTime=0xd2a33680, ftLastWriteTime.dwHighDateTime=0x1d4ced3, nFileSizeHigh=0x0, nFileSizeLow=0x448b, dwReserved0=0x0, dwReserved1=0x0, cFileName="Xe354cZANCjG3D.docx", cAlternateFileName="XE354C~1.DOC")) returned 1 [0097.199] FindNextFileW (in: hFindFile=0xfe6520, lpFindFileData=0xcfe978 | out: lpFindFileData=0xcfe978*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7a6c6d70, ftCreationTime.dwHighDateTime=0x1d4cab3, ftLastAccessTime.dwLowDateTime=0xd2a33680, ftLastAccessTime.dwHighDateTime=0x1d4ced3, ftLastWriteTime.dwLowDateTime=0xd2a33680, ftLastWriteTime.dwHighDateTime=0x1d4ced3, nFileSizeHigh=0x0, nFileSizeLow=0x448b, dwReserved0=0x0, dwReserved1=0x0, cFileName="Xe354cZANCjG3D.docx", cAlternateFileName="XE354C~1.DOC")) returned 0 [0097.199] FindClose (in: hFindFile=0xfe6520 | out: hFindFile=0xfe6520) returned 1 [0097.199] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfec00) returned 1 [0097.199] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfec0c) returned 1 [0097.199] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\p6BQ5-YjI-RteFLY\\aR2H.ppt", nBufferLength=0x105, lpBuffer=0xcfe5ac, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\p6BQ5-YjI-RteFLY\\aR2H.ppt", lpFilePart=0x0) returned 0x33 [0097.199] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeaf0) returned 1 [0097.199] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Documents\\p6BQ5-YjI-RteFLY\\aR2H.ppt" (normalized: "c:\\users\\fd1hvy\\documents\\p6bq5-yji-rtefly\\ar2h.ppt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2b8 [0097.199] GetFileType (hFile=0x2b8) returned 0x1 [0097.199] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeaec) returned 1 [0097.199] GetFileType (hFile=0x2b8) returned 0x1 [0097.199] GetFileSize (in: hFile=0x2b8, lpFileSizeHigh=0xcfebec | out: lpFileSizeHigh=0xcfebec*=0x0) returned 0x7efa [0097.200] ReadFile (in: hFile=0x2b8, lpBuffer=0x2de0520, nNumberOfBytesToRead=0x7efa, lpNumberOfBytesRead=0xcfeb98, lpOverlapped=0x0 | out: lpBuffer=0x2de0520*, lpNumberOfBytesRead=0xcfeb98*=0x7efa, lpOverlapped=0x0) returned 1 [0097.200] CloseHandle (hObject=0x2b8) returned 1 [0097.323] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", nBufferLength=0x105, lpBuffer=0xcfe6b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", lpFilePart=0x0) returned 0x2c [0097.323] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeb64) returned 1 [0097.323] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8" (normalized: "c:\\users\\fd1hvy\\desktop\\read_this.txt.shade8"), fInfoLevelId=0x0, lpFileInformation=0xcfebe0 | out: lpFileInformation=0xcfebe0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0097.323] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeb60) returned 1 [0097.323] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\p6BQ5-YjI-RteFLY\\aR2H.ppt", nBufferLength=0x105, lpBuffer=0xcfe598, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\p6BQ5-YjI-RteFLY\\aR2H.ppt", lpFilePart=0x0) returned 0x33 [0097.323] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeadc) returned 1 [0097.323] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Documents\\p6BQ5-YjI-RteFLY\\aR2H.ppt" (normalized: "c:\\users\\fd1hvy\\documents\\p6bq5-yji-rtefly\\ar2h.ppt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2b8 [0097.325] GetFileType (hFile=0x2b8) returned 0x1 [0097.325] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfead8) returned 1 [0097.325] GetFileType (hFile=0x2b8) returned 0x1 [0097.325] WriteFile (in: hFile=0x2b8, lpBuffer=0x2c5d80c*, nNumberOfBytesToWrite=0x7f00, lpNumberOfBytesWritten=0xcfeb8c, lpOverlapped=0x0 | out: lpBuffer=0x2c5d80c*, lpNumberOfBytesWritten=0xcfeb8c*=0x7f00, lpOverlapped=0x0) returned 1 [0097.326] CloseHandle (hObject=0x2b8) returned 1 [0097.329] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\p6BQ5-YjI-RteFLY\\aR2H.ppt", nBufferLength=0x105, lpBuffer=0xcfe6bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\p6BQ5-YjI-RteFLY\\aR2H.ppt", lpFilePart=0x0) returned 0x33 [0097.329] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\p6BQ5-YjI-RteFLY\\aR2H.ppt.shade8", nBufferLength=0x105, lpBuffer=0xcfe6bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\p6BQ5-YjI-RteFLY\\aR2H.ppt.shade8", lpFilePart=0x0) returned 0x3a [0097.329] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeb70) returned 1 [0097.329] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\p6BQ5-YjI-RteFLY\\aR2H.ppt" (normalized: "c:\\users\\fd1hvy\\documents\\p6bq5-yji-rtefly\\ar2h.ppt"), fInfoLevelId=0x0, lpFileInformation=0xcfebec | out: lpFileInformation=0xcfebec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x746070b0, ftCreationTime.dwHighDateTime=0x1d4c6b3, ftLastAccessTime.dwLowDateTime=0xc5205d30, ftLastAccessTime.dwHighDateTime=0x1d4d31a, ftLastWriteTime.dwLowDateTime=0x829ed1a1, ftLastWriteTime.dwHighDateTime=0x1d57301, nFileSizeHigh=0x0, nFileSizeLow=0x7f00)) returned 1 [0097.329] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeb6c) returned 1 [0097.329] MoveFileW (lpExistingFileName="C:\\Users\\FD1HVy\\Documents\\p6BQ5-YjI-RteFLY\\aR2H.ppt" (normalized: "c:\\users\\fd1hvy\\documents\\p6bq5-yji-rtefly\\ar2h.ppt"), lpNewFileName="C:\\Users\\FD1HVy\\Documents\\p6BQ5-YjI-RteFLY\\aR2H.ppt.shade8" (normalized: "c:\\users\\fd1hvy\\documents\\p6bq5-yji-rtefly\\ar2h.ppt.shade8")) returned 1 [0097.330] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\p6BQ5-YjI-RteFLY\\CgR79Kfzbg-3Qbk9s6.xlsx", nBufferLength=0x105, lpBuffer=0xcfe5ac, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\p6BQ5-YjI-RteFLY\\CgR79Kfzbg-3Qbk9s6.xlsx", lpFilePart=0x0) returned 0x42 [0097.330] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeaf0) returned 1 [0097.330] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Documents\\p6BQ5-YjI-RteFLY\\CgR79Kfzbg-3Qbk9s6.xlsx" (normalized: "c:\\users\\fd1hvy\\documents\\p6bq5-yji-rtefly\\cgr79kfzbg-3qbk9s6.xlsx"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2b8 [0097.331] GetFileType (hFile=0x2b8) returned 0x1 [0097.331] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeaec) returned 1 [0097.331] GetFileType (hFile=0x2b8) returned 0x1 [0097.331] GetFileSize (in: hFile=0x2b8, lpFileSizeHigh=0xcfebec | out: lpFileSizeHigh=0xcfebec*=0x0) returned 0xc987 [0097.331] ReadFile (in: hFile=0x2b8, lpBuffer=0x2c65bf8, nNumberOfBytesToRead=0xc987, lpNumberOfBytesRead=0xcfeb98, lpOverlapped=0x0 | out: lpBuffer=0x2c65bf8*, lpNumberOfBytesRead=0xcfeb98*=0xc987, lpOverlapped=0x0) returned 1 [0097.332] CloseHandle (hObject=0x2b8) returned 1 [0097.370] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", nBufferLength=0x105, lpBuffer=0xcfe6b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", lpFilePart=0x0) returned 0x2c [0097.370] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeb64) returned 1 [0097.370] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8" (normalized: "c:\\users\\fd1hvy\\desktop\\read_this.txt.shade8"), fInfoLevelId=0x0, lpFileInformation=0xcfebe0 | out: lpFileInformation=0xcfebe0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0097.370] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeb60) returned 1 [0097.370] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\p6BQ5-YjI-RteFLY\\CgR79Kfzbg-3Qbk9s6.xlsx", nBufferLength=0x105, lpBuffer=0xcfe598, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\p6BQ5-YjI-RteFLY\\CgR79Kfzbg-3Qbk9s6.xlsx", lpFilePart=0x0) returned 0x42 [0097.370] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeadc) returned 1 [0097.370] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Documents\\p6BQ5-YjI-RteFLY\\CgR79Kfzbg-3Qbk9s6.xlsx" (normalized: "c:\\users\\fd1hvy\\documents\\p6bq5-yji-rtefly\\cgr79kfzbg-3qbk9s6.xlsx"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2b8 [0097.372] GetFileType (hFile=0x2b8) returned 0x1 [0097.372] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfead8) returned 1 [0097.372] GetFileType (hFile=0x2b8) returned 0x1 [0097.372] WriteFile (in: hFile=0x2b8, lpBuffer=0x2cd8804*, nNumberOfBytesToWrite=0xc990, lpNumberOfBytesWritten=0xcfeb8c, lpOverlapped=0x0 | out: lpBuffer=0x2cd8804*, lpNumberOfBytesWritten=0xcfeb8c*=0xc990, lpOverlapped=0x0) returned 1 [0097.374] CloseHandle (hObject=0x2b8) returned 1 [0097.377] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\p6BQ5-YjI-RteFLY\\CgR79Kfzbg-3Qbk9s6.xlsx", nBufferLength=0x105, lpBuffer=0xcfe6bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\p6BQ5-YjI-RteFLY\\CgR79Kfzbg-3Qbk9s6.xlsx", lpFilePart=0x0) returned 0x42 [0097.377] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\p6BQ5-YjI-RteFLY\\CgR79Kfzbg-3Qbk9s6.xlsx.shade8", nBufferLength=0x105, lpBuffer=0xcfe6bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\p6BQ5-YjI-RteFLY\\CgR79Kfzbg-3Qbk9s6.xlsx.shade8", lpFilePart=0x0) returned 0x49 [0097.377] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeb70) returned 1 [0097.377] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\p6BQ5-YjI-RteFLY\\CgR79Kfzbg-3Qbk9s6.xlsx" (normalized: "c:\\users\\fd1hvy\\documents\\p6bq5-yji-rtefly\\cgr79kfzbg-3qbk9s6.xlsx"), fInfoLevelId=0x0, lpFileInformation=0xcfebec | out: lpFileInformation=0xcfebec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd93e1fa0, ftCreationTime.dwHighDateTime=0x1d4cbea, ftLastAccessTime.dwLowDateTime=0xc5f59380, ftLastAccessTime.dwHighDateTime=0x1d4cdb4, ftLastWriteTime.dwLowDateTime=0x82a5f8e0, ftLastWriteTime.dwHighDateTime=0x1d57301, nFileSizeHigh=0x0, nFileSizeLow=0xc990)) returned 1 [0097.377] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeb6c) returned 1 [0097.377] MoveFileW (lpExistingFileName="C:\\Users\\FD1HVy\\Documents\\p6BQ5-YjI-RteFLY\\CgR79Kfzbg-3Qbk9s6.xlsx" (normalized: "c:\\users\\fd1hvy\\documents\\p6bq5-yji-rtefly\\cgr79kfzbg-3qbk9s6.xlsx"), lpNewFileName="C:\\Users\\FD1HVy\\Documents\\p6BQ5-YjI-RteFLY\\CgR79Kfzbg-3Qbk9s6.xlsx.shade8" (normalized: "c:\\users\\fd1hvy\\documents\\p6bq5-yji-rtefly\\cgr79kfzbg-3qbk9s6.xlsx.shade8")) returned 1 [0097.378] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\p6BQ5-YjI-RteFLY\\i41j6mn 1jdQoeE5Sy.ppt", nBufferLength=0x105, lpBuffer=0xcfe5ac, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\p6BQ5-YjI-RteFLY\\i41j6mn 1jdQoeE5Sy.ppt", lpFilePart=0x0) returned 0x41 [0097.378] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeaf0) returned 1 [0097.378] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Documents\\p6BQ5-YjI-RteFLY\\i41j6mn 1jdQoeE5Sy.ppt" (normalized: "c:\\users\\fd1hvy\\documents\\p6bq5-yji-rtefly\\i41j6mn 1jdqoee5sy.ppt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2b8 [0097.378] GetFileType (hFile=0x2b8) returned 0x1 [0097.378] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeaec) returned 1 [0097.378] GetFileType (hFile=0x2b8) returned 0x1 [0097.378] GetFileSize (in: hFile=0x2b8, lpFileSizeHigh=0xcfebec | out: lpFileSizeHigh=0xcfebec*=0x0) returned 0x7af0 [0097.379] ReadFile (in: hFile=0x2b8, lpBuffer=0x2ce5710, nNumberOfBytesToRead=0x7af0, lpNumberOfBytesRead=0xcfeb98, lpOverlapped=0x0 | out: lpBuffer=0x2ce5710*, lpNumberOfBytesRead=0xcfeb98*=0x7af0, lpOverlapped=0x0) returned 1 [0097.379] CloseHandle (hObject=0x2b8) returned 1 [0097.464] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", nBufferLength=0x105, lpBuffer=0xcfe6b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", lpFilePart=0x0) returned 0x2c [0097.464] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeb64) returned 1 [0097.464] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8" (normalized: "c:\\users\\fd1hvy\\desktop\\read_this.txt.shade8"), fInfoLevelId=0x0, lpFileInformation=0xcfebe0 | out: lpFileInformation=0xcfebe0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0097.464] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeb60) returned 1 [0097.464] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\p6BQ5-YjI-RteFLY\\i41j6mn 1jdQoeE5Sy.ppt", nBufferLength=0x105, lpBuffer=0xcfe598, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\p6BQ5-YjI-RteFLY\\i41j6mn 1jdQoeE5Sy.ppt", lpFilePart=0x0) returned 0x41 [0097.464] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeadc) returned 1 [0097.465] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Documents\\p6BQ5-YjI-RteFLY\\i41j6mn 1jdQoeE5Sy.ppt" (normalized: "c:\\users\\fd1hvy\\documents\\p6bq5-yji-rtefly\\i41j6mn 1jdqoee5sy.ppt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2b8 [0097.466] GetFileType (hFile=0x2b8) returned 0x1 [0097.466] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfead8) returned 1 [0097.466] GetFileType (hFile=0x2b8) returned 0x1 [0097.466] WriteFile (in: hFile=0x2b8, lpBuffer=0x2d58bf8*, nNumberOfBytesToWrite=0x7b00, lpNumberOfBytesWritten=0xcfeb8c, lpOverlapped=0x0 | out: lpBuffer=0x2d58bf8*, lpNumberOfBytesWritten=0xcfeb8c*=0x7b00, lpOverlapped=0x0) returned 1 [0097.467] CloseHandle (hObject=0x2b8) returned 1 [0097.469] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\p6BQ5-YjI-RteFLY\\i41j6mn 1jdQoeE5Sy.ppt", nBufferLength=0x105, lpBuffer=0xcfe6bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\p6BQ5-YjI-RteFLY\\i41j6mn 1jdQoeE5Sy.ppt", lpFilePart=0x0) returned 0x41 [0097.469] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\p6BQ5-YjI-RteFLY\\i41j6mn 1jdQoeE5Sy.ppt.shade8", nBufferLength=0x105, lpBuffer=0xcfe6bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\p6BQ5-YjI-RteFLY\\i41j6mn 1jdQoeE5Sy.ppt.shade8", lpFilePart=0x0) returned 0x48 [0097.469] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeb70) returned 1 [0097.469] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\p6BQ5-YjI-RteFLY\\i41j6mn 1jdQoeE5Sy.ppt" (normalized: "c:\\users\\fd1hvy\\documents\\p6bq5-yji-rtefly\\i41j6mn 1jdqoee5sy.ppt"), fInfoLevelId=0x0, lpFileInformation=0xcfebec | out: lpFileInformation=0xcfebec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5908abd0, ftCreationTime.dwHighDateTime=0x1d4cce3, ftLastAccessTime.dwLowDateTime=0x77db98f0, ftLastAccessTime.dwHighDateTime=0x1d4ccee, ftLastWriteTime.dwLowDateTime=0x82b4466f, ftLastWriteTime.dwHighDateTime=0x1d57301, nFileSizeHigh=0x0, nFileSizeLow=0x7b00)) returned 1 [0097.469] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeb6c) returned 1 [0097.469] MoveFileW (lpExistingFileName="C:\\Users\\FD1HVy\\Documents\\p6BQ5-YjI-RteFLY\\i41j6mn 1jdQoeE5Sy.ppt" (normalized: "c:\\users\\fd1hvy\\documents\\p6bq5-yji-rtefly\\i41j6mn 1jdqoee5sy.ppt"), lpNewFileName="C:\\Users\\FD1HVy\\Documents\\p6BQ5-YjI-RteFLY\\i41j6mn 1jdQoeE5Sy.ppt.shade8" (normalized: "c:\\users\\fd1hvy\\documents\\p6bq5-yji-rtefly\\i41j6mn 1jdqoee5sy.ppt.shade8")) returned 1 [0097.470] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\p6BQ5-YjI-RteFLY\\Xe354cZANCjG3D.docx", nBufferLength=0x105, lpBuffer=0xcfe5ac, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\p6BQ5-YjI-RteFLY\\Xe354cZANCjG3D.docx", lpFilePart=0x0) returned 0x3e [0097.470] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeaf0) returned 1 [0097.470] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Documents\\p6BQ5-YjI-RteFLY\\Xe354cZANCjG3D.docx" (normalized: "c:\\users\\fd1hvy\\documents\\p6bq5-yji-rtefly\\xe354czancjg3d.docx"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2b8 [0097.470] GetFileType (hFile=0x2b8) returned 0x1 [0097.470] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeaec) returned 1 [0097.470] GetFileType (hFile=0x2b8) returned 0x1 [0097.470] GetFileSize (in: hFile=0x2b8, lpFileSizeHigh=0xcfebec | out: lpFileSizeHigh=0xcfebec*=0x0) returned 0x448b [0097.470] ReadFile (in: hFile=0x2b8, lpBuffer=0x2d60c78, nNumberOfBytesToRead=0x448b, lpNumberOfBytesRead=0xcfeb98, lpOverlapped=0x0 | out: lpBuffer=0x2d60c78*, lpNumberOfBytesRead=0xcfeb98*=0x448b, lpOverlapped=0x0) returned 1 [0097.470] CloseHandle (hObject=0x2b8) returned 1 [0097.486] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", nBufferLength=0x105, lpBuffer=0xcfe6b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", lpFilePart=0x0) returned 0x2c [0097.486] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeb64) returned 1 [0097.486] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8" (normalized: "c:\\users\\fd1hvy\\desktop\\read_this.txt.shade8"), fInfoLevelId=0x0, lpFileInformation=0xcfebe0 | out: lpFileInformation=0xcfebe0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0097.486] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeb60) returned 1 [0097.486] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\p6BQ5-YjI-RteFLY\\Xe354cZANCjG3D.docx", nBufferLength=0x105, lpBuffer=0xcfe598, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\p6BQ5-YjI-RteFLY\\Xe354cZANCjG3D.docx", lpFilePart=0x0) returned 0x3e [0097.486] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeadc) returned 1 [0097.486] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Documents\\p6BQ5-YjI-RteFLY\\Xe354cZANCjG3D.docx" (normalized: "c:\\users\\fd1hvy\\documents\\p6bq5-yji-rtefly\\xe354czancjg3d.docx"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2b8 [0097.487] GetFileType (hFile=0x2b8) returned 0x1 [0097.487] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfead8) returned 1 [0097.487] GetFileType (hFile=0x2b8) returned 0x1 [0097.487] WriteFile (in: hFile=0x2b8, lpBuffer=0x2dc3134*, nNumberOfBytesToWrite=0x4490, lpNumberOfBytesWritten=0xcfeb8c, lpOverlapped=0x0 | out: lpBuffer=0x2dc3134*, lpNumberOfBytesWritten=0xcfeb8c*=0x4490, lpOverlapped=0x0) returned 1 [0097.489] CloseHandle (hObject=0x2b8) returned 1 [0097.490] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\p6BQ5-YjI-RteFLY\\Xe354cZANCjG3D.docx", nBufferLength=0x105, lpBuffer=0xcfe6bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\p6BQ5-YjI-RteFLY\\Xe354cZANCjG3D.docx", lpFilePart=0x0) returned 0x3e [0097.490] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\p6BQ5-YjI-RteFLY\\Xe354cZANCjG3D.docx.shade8", nBufferLength=0x105, lpBuffer=0xcfe6bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Documents\\p6BQ5-YjI-RteFLY\\Xe354cZANCjG3D.docx.shade8", lpFilePart=0x0) returned 0x45 [0097.490] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeb70) returned 1 [0097.490] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Documents\\p6BQ5-YjI-RteFLY\\Xe354cZANCjG3D.docx" (normalized: "c:\\users\\fd1hvy\\documents\\p6bq5-yji-rtefly\\xe354czancjg3d.docx"), fInfoLevelId=0x0, lpFileInformation=0xcfebec | out: lpFileInformation=0xcfebec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7a6c6d70, ftCreationTime.dwHighDateTime=0x1d4cab3, ftLastAccessTime.dwLowDateTime=0xd2a33680, ftLastAccessTime.dwHighDateTime=0x1d4ced3, ftLastWriteTime.dwLowDateTime=0x82b6d230, ftLastWriteTime.dwHighDateTime=0x1d57301, nFileSizeHigh=0x0, nFileSizeLow=0x4490)) returned 1 [0097.490] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeb6c) returned 1 [0097.490] MoveFileW (lpExistingFileName="C:\\Users\\FD1HVy\\Documents\\p6BQ5-YjI-RteFLY\\Xe354cZANCjG3D.docx" (normalized: "c:\\users\\fd1hvy\\documents\\p6bq5-yji-rtefly\\xe354czancjg3d.docx"), lpNewFileName="C:\\Users\\FD1HVy\\Documents\\p6BQ5-YjI-RteFLY\\Xe354cZANCjG3D.docx.shade8" (normalized: "c:\\users\\fd1hvy\\documents\\p6bq5-yji-rtefly\\xe354czancjg3d.docx.shade8")) returned 1 [0097.491] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfecb8) returned 1 [0097.491] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Downloads", nBufferLength=0x105, lpBuffer=0xcfe76c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Downloads", lpFilePart=0x0) returned 0x19 [0097.491] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\Downloads\\*", lpFindFileData=0xcfe9e0 | out: lpFindFileData=0xcfe9e0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x3476bd48, ftCreationTime.dwHighDateTime=0x1d32722, ftLastAccessTime.dwLowDateTime=0xc19bd8f2, ftLastAccessTime.dwHighDateTime=0x1d327cc, ftLastWriteTime.dwLowDateTime=0xc19bd8f2, ftLastWriteTime.dwHighDateTime=0x1d327cc, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xfe67e0 [0097.491] FindNextFileW (in: hFindFile=0xfe67e0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x3476bd48, ftCreationTime.dwHighDateTime=0x1d32722, ftLastAccessTime.dwLowDateTime=0xc19bd8f2, ftLastAccessTime.dwHighDateTime=0x1d327cc, ftLastWriteTime.dwLowDateTime=0xc19bd8f2, ftLastWriteTime.dwHighDateTime=0x1d327cc, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0097.491] FindNextFileW (in: hFindFile=0xfe67e0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x44137e3b, ftCreationTime.dwHighDateTime=0x1d32722, ftLastAccessTime.dwLowDateTime=0x44137e3b, ftLastAccessTime.dwHighDateTime=0x1d32722, ftLastWriteTime.dwLowDateTime=0xce3d633b, ftLastWriteTime.dwHighDateTime=0x1d32743, nFileSizeHigh=0x0, nFileSizeLow=0x11a, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0097.491] FindNextFileW (in: hFindFile=0xfe67e0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0097.492] FindClose (in: hFindFile=0xfe67e0 | out: hFindFile=0xfe67e0) returned 1 [0097.492] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfec74) returned 1 [0097.492] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfec80) returned 1 [0097.492] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfecb8) returned 1 [0097.492] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Downloads", nBufferLength=0x105, lpBuffer=0xcfe76c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Downloads", lpFilePart=0x0) returned 0x19 [0097.492] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\Downloads\\*", lpFindFileData=0xcfe9e0 | out: lpFindFileData=0xcfe9e0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x3476bd48, ftCreationTime.dwHighDateTime=0x1d32722, ftLastAccessTime.dwLowDateTime=0xc19bd8f2, ftLastAccessTime.dwHighDateTime=0x1d327cc, ftLastWriteTime.dwLowDateTime=0xc19bd8f2, ftLastWriteTime.dwHighDateTime=0x1d327cc, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xfe64a0 [0097.492] FindNextFileW (in: hFindFile=0xfe64a0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x3476bd48, ftCreationTime.dwHighDateTime=0x1d32722, ftLastAccessTime.dwLowDateTime=0xc19bd8f2, ftLastAccessTime.dwHighDateTime=0x1d327cc, ftLastWriteTime.dwLowDateTime=0xc19bd8f2, ftLastWriteTime.dwHighDateTime=0x1d327cc, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0097.493] FindNextFileW (in: hFindFile=0xfe64a0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x44137e3b, ftCreationTime.dwHighDateTime=0x1d32722, ftLastAccessTime.dwLowDateTime=0x44137e3b, ftLastAccessTime.dwHighDateTime=0x1d32722, ftLastWriteTime.dwLowDateTime=0xce3d633b, ftLastWriteTime.dwHighDateTime=0x1d32743, nFileSizeHigh=0x0, nFileSizeLow=0x11a, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0097.493] FindNextFileW (in: hFindFile=0xfe64a0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x44137e3b, ftCreationTime.dwHighDateTime=0x1d32722, ftLastAccessTime.dwLowDateTime=0x44137e3b, ftLastAccessTime.dwHighDateTime=0x1d32722, ftLastWriteTime.dwLowDateTime=0xce3d633b, ftLastWriteTime.dwHighDateTime=0x1d32743, nFileSizeHigh=0x0, nFileSizeLow=0x11a, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 0 [0097.493] FindClose (in: hFindFile=0xfe64a0 | out: hFindFile=0xfe64a0) returned 1 [0097.493] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfec74) returned 1 [0097.493] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfec80) returned 1 [0097.493] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfecb8) returned 1 [0097.493] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures", nBufferLength=0x105, lpBuffer=0xcfe76c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Pictures", lpFilePart=0x0) returned 0x18 [0097.493] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\*", lpFindFileData=0xcfe9e0 | out: lpFindFileData=0xcfe9e0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x3476bd48, ftCreationTime.dwHighDateTime=0x1d32722, ftLastAccessTime.dwLowDateTime=0x4cecd03f, ftLastAccessTime.dwHighDateTime=0x1d57301, ftLastWriteTime.dwLowDateTime=0x4cecd03f, ftLastWriteTime.dwHighDateTime=0x1d57301, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xfe64a0 [0097.493] FindNextFileW (in: hFindFile=0xfe64a0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x3476bd48, ftCreationTime.dwHighDateTime=0x1d32722, ftLastAccessTime.dwLowDateTime=0x4cecd03f, ftLastAccessTime.dwHighDateTime=0x1d57301, ftLastWriteTime.dwLowDateTime=0x4cecd03f, ftLastWriteTime.dwHighDateTime=0x1d57301, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0097.494] FindNextFileW (in: hFindFile=0xfe64a0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4efd02f0, ftCreationTime.dwHighDateTime=0x1d4d4cf, ftLastAccessTime.dwLowDateTime=0xc35e7ae0, ftLastAccessTime.dwHighDateTime=0x1d4cf96, ftLastWriteTime.dwLowDateTime=0xc35e7ae0, ftLastWriteTime.dwHighDateTime=0x1d4cf96, nFileSizeHigh=0x0, nFileSizeLow=0x13e93, dwReserved0=0x0, dwReserved1=0x0, cFileName="-T-q.png", cAlternateFileName="")) returned 1 [0097.494] FindNextFileW (in: hFindFile=0xfe64a0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd6d090f0, ftCreationTime.dwHighDateTime=0x1d4d30f, ftLastAccessTime.dwLowDateTime=0x1aaa7f10, ftLastAccessTime.dwHighDateTime=0x1d4d1a4, ftLastWriteTime.dwLowDateTime=0x1aaa7f10, ftLastWriteTime.dwHighDateTime=0x1d4d1a4, nFileSizeHigh=0x0, nFileSizeLow=0x13c9d, dwReserved0=0x0, dwReserved1=0x0, cFileName="0ygqwwt0eQO5oou2.bmp", cAlternateFileName="0YGQWW~1.BMP")) returned 1 [0097.494] FindNextFileW (in: hFindFile=0xfe64a0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1a95d00, ftCreationTime.dwHighDateTime=0x1d4d245, ftLastAccessTime.dwLowDateTime=0xc8840310, ftLastAccessTime.dwHighDateTime=0x1d4d184, ftLastWriteTime.dwLowDateTime=0xc8840310, ftLastWriteTime.dwHighDateTime=0x1d4d184, nFileSizeHigh=0x0, nFileSizeLow=0x7633, dwReserved0=0x0, dwReserved1=0x0, cFileName="1Ftl3457R8jo963.bmp", cAlternateFileName="1FTL34~1.BMP")) returned 1 [0097.494] FindNextFileW (in: hFindFile=0xfe64a0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4b126f60, ftCreationTime.dwHighDateTime=0x1d4cb18, ftLastAccessTime.dwLowDateTime=0xdb67210, ftLastAccessTime.dwHighDateTime=0x1d4d397, ftLastWriteTime.dwLowDateTime=0xdb67210, ftLastWriteTime.dwHighDateTime=0x1d4d397, nFileSizeHigh=0x0, nFileSizeLow=0x148b0, dwReserved0=0x0, dwReserved1=0x0, cFileName="36ckktA6J.png", cAlternateFileName="36CKKT~1.PNG")) returned 1 [0097.494] FindNextFileW (in: hFindFile=0xfe64a0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc626b0d0, ftCreationTime.dwHighDateTime=0x1d4d2f2, ftLastAccessTime.dwLowDateTime=0x70ebe690, ftLastAccessTime.dwHighDateTime=0x1d4d2ec, ftLastWriteTime.dwLowDateTime=0x70ebe690, ftLastWriteTime.dwHighDateTime=0x1d4d2ec, nFileSizeHigh=0x0, nFileSizeLow=0x1e3e, dwReserved0=0x0, dwReserved1=0x0, cFileName="bZIVnb1dr J4hcK.gif", cAlternateFileName="BZIVNB~1.GIF")) returned 1 [0097.494] FindNextFileW (in: hFindFile=0xfe64a0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x51278b1d, ftCreationTime.dwHighDateTime=0x1d32715, ftLastAccessTime.dwLowDateTime=0xd45b4543, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x51278b1d, ftLastWriteTime.dwHighDateTime=0x1d32715, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Camera Roll", cAlternateFileName="CAMERA~1")) returned 1 [0097.494] FindNextFileW (in: hFindFile=0xfe64a0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfbc96870, ftCreationTime.dwHighDateTime=0x1d4d259, ftLastAccessTime.dwLowDateTime=0xd642b3d0, ftLastAccessTime.dwHighDateTime=0x1d4d025, ftLastWriteTime.dwLowDateTime=0xd642b3d0, ftLastWriteTime.dwHighDateTime=0x1d4d025, nFileSizeHigh=0x0, nFileSizeLow=0x16099, dwReserved0=0x0, dwReserved1=0x0, cFileName="D0OoRLm pp4.bmp", cAlternateFileName="D0OORL~1.BMP")) returned 1 [0097.495] FindNextFileW (in: hFindFile=0xfe64a0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x44053085, ftCreationTime.dwHighDateTime=0x1d32722, ftLastAccessTime.dwLowDateTime=0x44053085, ftLastAccessTime.dwHighDateTime=0x1d32722, ftLastWriteTime.dwLowDateTime=0xce2f1526, ftLastWriteTime.dwHighDateTime=0x1d32743, nFileSizeHigh=0x0, nFileSizeLow=0x1f8, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0097.495] FindNextFileW (in: hFindFile=0xfe64a0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc7580770, ftCreationTime.dwHighDateTime=0x1d4d34b, ftLastAccessTime.dwLowDateTime=0xae629890, ftLastAccessTime.dwHighDateTime=0x1d4cfe3, ftLastWriteTime.dwLowDateTime=0xae629890, ftLastWriteTime.dwHighDateTime=0x1d4cfe3, nFileSizeHigh=0x0, nFileSizeLow=0x138e2, dwReserved0=0x0, dwReserved1=0x0, cFileName="E Vy1IxaWC6C_Ejd.gif", cAlternateFileName="EVY1IX~1.GIF")) returned 1 [0097.495] FindNextFileW (in: hFindFile=0xfe64a0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x90b3970, ftCreationTime.dwHighDateTime=0x1d4cf79, ftLastAccessTime.dwLowDateTime=0x60d8c850, ftLastAccessTime.dwHighDateTime=0x1d4ced6, ftLastWriteTime.dwLowDateTime=0x60d8c850, ftLastWriteTime.dwHighDateTime=0x1d4ced6, nFileSizeHigh=0x0, nFileSizeLow=0x1b23, dwReserved0=0x0, dwReserved1=0x0, cFileName="fjbbxYMj8I9SpT7.bmp", cAlternateFileName="FJBBXY~1.BMP")) returned 1 [0097.495] FindNextFileW (in: hFindFile=0xfe64a0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe4a2ebe0, ftCreationTime.dwHighDateTime=0x1d4d2d0, ftLastAccessTime.dwLowDateTime=0x82284cd0, ftLastAccessTime.dwHighDateTime=0x1d4cc31, ftLastWriteTime.dwLowDateTime=0x82284cd0, ftLastWriteTime.dwHighDateTime=0x1d4cc31, nFileSizeHigh=0x0, nFileSizeLow=0x260f, dwReserved0=0x0, dwReserved1=0x0, cFileName="fpYv3fQ.bmp", cAlternateFileName="")) returned 1 [0097.495] FindNextFileW (in: hFindFile=0xfe64a0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1c404ff0, ftCreationTime.dwHighDateTime=0x1d4cfa4, ftLastAccessTime.dwLowDateTime=0x87bf5880, ftLastAccessTime.dwHighDateTime=0x1d4d322, ftLastWriteTime.dwLowDateTime=0x87bf5880, ftLastWriteTime.dwHighDateTime=0x1d4d322, nFileSizeHigh=0x0, nFileSizeLow=0x1342a, dwReserved0=0x0, dwReserved1=0x0, cFileName="GaZiCtGeRTs.jpg", cAlternateFileName="GAZICT~1.JPG")) returned 1 [0097.495] FindNextFileW (in: hFindFile=0xfe64a0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xabcf7240, ftCreationTime.dwHighDateTime=0x1d4ce7d, ftLastAccessTime.dwLowDateTime=0x6564c3c0, ftLastAccessTime.dwHighDateTime=0x1d4d4a2, ftLastWriteTime.dwLowDateTime=0x6564c3c0, ftLastWriteTime.dwHighDateTime=0x1d4d4a2, nFileSizeHigh=0x0, nFileSizeLow=0x16c73, dwReserved0=0x0, dwReserved1=0x0, cFileName="gJ9zBTPD-1GubPMj.bmp", cAlternateFileName="GJ9ZBT~1.BMP")) returned 1 [0097.495] FindNextFileW (in: hFindFile=0xfe64a0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf3bad9b0, ftCreationTime.dwHighDateTime=0x1d4ca8f, ftLastAccessTime.dwLowDateTime=0xa99806c0, ftLastAccessTime.dwHighDateTime=0x1d4cea7, ftLastWriteTime.dwLowDateTime=0xa99806c0, ftLastWriteTime.dwHighDateTime=0x1d4cea7, nFileSizeHigh=0x0, nFileSizeLow=0x8289, dwReserved0=0x0, dwReserved1=0x0, cFileName="GMmGEhIb3Psm.bmp", cAlternateFileName="GMMGEH~1.BMP")) returned 1 [0097.496] FindNextFileW (in: hFindFile=0xfe64a0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8ee65170, ftCreationTime.dwHighDateTime=0x1d4c898, ftLastAccessTime.dwLowDateTime=0xbefc9120, ftLastAccessTime.dwHighDateTime=0x1d4c9d4, ftLastWriteTime.dwLowDateTime=0xbefc9120, ftLastWriteTime.dwHighDateTime=0x1d4c9d4, nFileSizeHigh=0x0, nFileSizeLow=0x2c9b, dwReserved0=0x0, dwReserved1=0x0, cFileName="hC QJQt.jpg", cAlternateFileName="HCQJQT~1.JPG")) returned 1 [0097.496] FindNextFileW (in: hFindFile=0xfe64a0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x88ff07a0, ftCreationTime.dwHighDateTime=0x1d4d326, ftLastAccessTime.dwLowDateTime=0x8ab9e540, ftLastAccessTime.dwHighDateTime=0x1d4cf7c, ftLastWriteTime.dwLowDateTime=0x8ab9e540, ftLastWriteTime.dwHighDateTime=0x1d4cf7c, nFileSizeHigh=0x0, nFileSizeLow=0x1170e, dwReserved0=0x0, dwReserved1=0x0, cFileName="hpkUf.png", cAlternateFileName="")) returned 1 [0097.496] FindNextFileW (in: hFindFile=0xfe64a0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb6d9cfa0, ftCreationTime.dwHighDateTime=0x1d4c8c4, ftLastAccessTime.dwLowDateTime=0x675d22b0, ftLastAccessTime.dwHighDateTime=0x1d4cf4f, ftLastWriteTime.dwLowDateTime=0x675d22b0, ftLastWriteTime.dwHighDateTime=0x1d4cf4f, nFileSizeHigh=0x0, nFileSizeLow=0xcbc3, dwReserved0=0x0, dwReserved1=0x0, cFileName="iPpxvZ3GzU6BEwn7.png", cAlternateFileName="IPPXVZ~1.PNG")) returned 1 [0097.496] FindNextFileW (in: hFindFile=0xfe64a0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd6686dc0, ftCreationTime.dwHighDateTime=0x1d4c731, ftLastAccessTime.dwLowDateTime=0x624f9980, ftLastAccessTime.dwHighDateTime=0x1d4cd18, ftLastWriteTime.dwLowDateTime=0x624f9980, ftLastWriteTime.dwHighDateTime=0x1d4cd18, nFileSizeHigh=0x0, nFileSizeLow=0x13f61, dwReserved0=0x0, dwReserved1=0x0, cFileName="js vjvS.gif", cAlternateFileName="JSVJVS~1.GIF")) returned 1 [0097.496] FindNextFileW (in: hFindFile=0xfe64a0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1ca6cca0, ftCreationTime.dwHighDateTime=0x1d4cf25, ftLastAccessTime.dwLowDateTime=0x7f62d970, ftLastAccessTime.dwHighDateTime=0x1d4cd1c, ftLastWriteTime.dwLowDateTime=0x7f62d970, ftLastWriteTime.dwHighDateTime=0x1d4cd1c, nFileSizeHigh=0x0, nFileSizeLow=0xc810, dwReserved0=0x0, dwReserved1=0x0, cFileName="kgazIq33.jpg", cAlternateFileName="")) returned 1 [0097.496] FindNextFileW (in: hFindFile=0xfe64a0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1e2578c0, ftCreationTime.dwHighDateTime=0x1d4cfa6, ftLastAccessTime.dwLowDateTime=0xf7c19930, ftLastAccessTime.dwHighDateTime=0x1d4c900, ftLastWriteTime.dwLowDateTime=0xf7c19930, ftLastWriteTime.dwHighDateTime=0x1d4c900, nFileSizeHigh=0x0, nFileSizeLow=0x13b3a, dwReserved0=0x0, dwReserved1=0x0, cFileName="LsII.png", cAlternateFileName="")) returned 1 [0097.496] FindNextFileW (in: hFindFile=0xfe64a0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x899cc620, ftCreationTime.dwHighDateTime=0x1d4d024, ftLastAccessTime.dwLowDateTime=0x1b7d6270, ftLastAccessTime.dwHighDateTime=0x1d4d183, ftLastWriteTime.dwLowDateTime=0x1b7d6270, ftLastWriteTime.dwHighDateTime=0x1d4d183, nFileSizeHigh=0x0, nFileSizeLow=0x105e8, dwReserved0=0x0, dwReserved1=0x0, cFileName="q9PQ6m6FTZlaVRyn.png", cAlternateFileName="Q9PQ6M~1.PNG")) returned 1 [0097.496] FindNextFileW (in: hFindFile=0xfe64a0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x43aadba0, ftCreationTime.dwHighDateTime=0x1d4d11b, ftLastAccessTime.dwLowDateTime=0xbd6e2970, ftLastAccessTime.dwHighDateTime=0x1d4cd78, ftLastWriteTime.dwLowDateTime=0xbd6e2970, ftLastWriteTime.dwHighDateTime=0x1d4cd78, nFileSizeHigh=0x0, nFileSizeLow=0xfe61, dwReserved0=0x0, dwReserved1=0x0, cFileName="qx cC l6OaDw3F3ir.png", cAlternateFileName="QXCCL6~1.PNG")) returned 1 [0097.497] FindNextFileW (in: hFindFile=0xfe64a0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xbd8516f0, ftCreationTime.dwHighDateTime=0x1d4d2d5, ftLastAccessTime.dwLowDateTime=0xec9a38d0, ftLastAccessTime.dwHighDateTime=0x1d4d55a, ftLastWriteTime.dwLowDateTime=0xec9a38d0, ftLastWriteTime.dwHighDateTime=0x1d4d55a, nFileSizeHigh=0x0, nFileSizeLow=0x9618, dwReserved0=0x0, dwReserved1=0x0, cFileName="R_kad31fE8n9kjn.png", cAlternateFileName="R_KAD3~1.PNG")) returned 1 [0097.497] FindNextFileW (in: hFindFile=0xfe64a0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x51311410, ftCreationTime.dwHighDateTime=0x1d32715, ftLastAccessTime.dwLowDateTime=0xd45b4e37, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x51311410, ftLastWriteTime.dwHighDateTime=0x1d32715, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Saved Pictures", cAlternateFileName="SAVEDP~1")) returned 1 [0097.497] FindNextFileW (in: hFindFile=0xfe64a0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa5b57300, ftCreationTime.dwHighDateTime=0x1d4d0e4, ftLastAccessTime.dwLowDateTime=0x3065f20, ftLastAccessTime.dwHighDateTime=0x1d4c5c7, ftLastWriteTime.dwLowDateTime=0x3065f20, ftLastWriteTime.dwHighDateTime=0x1d4c5c7, nFileSizeHigh=0x0, nFileSizeLow=0x15248, dwReserved0=0x0, dwReserved1=0x0, cFileName="SmOiiqxGWcF7XTLv.gif", cAlternateFileName="SMOIIQ~1.GIF")) returned 1 [0097.497] FindNextFileW (in: hFindFile=0xfe64a0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4b592820, ftCreationTime.dwHighDateTime=0x1d4d175, ftLastAccessTime.dwLowDateTime=0xcbbbce50, ftLastAccessTime.dwHighDateTime=0x1d4ccca, ftLastWriteTime.dwLowDateTime=0xcbbbce50, ftLastWriteTime.dwHighDateTime=0x1d4ccca, nFileSizeHigh=0x0, nFileSizeLow=0x866b, dwReserved0=0x0, dwReserved1=0x0, cFileName="SvYNlt iTipCbGeaY21.jpg", cAlternateFileName="SVYNLT~1.JPG")) returned 1 [0097.497] FindNextFileW (in: hFindFile=0xfe64a0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e50810, ftCreationTime.dwHighDateTime=0x1d4c793, ftLastAccessTime.dwLowDateTime=0xb5a20a00, ftLastAccessTime.dwHighDateTime=0x1d4d227, ftLastWriteTime.dwLowDateTime=0xb5a20a00, ftLastWriteTime.dwHighDateTime=0x1d4d227, nFileSizeHigh=0x0, nFileSizeLow=0xda79, dwReserved0=0x0, dwReserved1=0x0, cFileName="sYGib zY69_.png", cAlternateFileName="SYGIBZ~1.PNG")) returned 1 [0097.497] FindNextFileW (in: hFindFile=0xfe64a0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2b7197a0, ftCreationTime.dwHighDateTime=0x1d4cad0, ftLastAccessTime.dwLowDateTime=0xc9a4bb40, ftLastAccessTime.dwHighDateTime=0x1d4c5d1, ftLastWriteTime.dwLowDateTime=0xc9a4bb40, ftLastWriteTime.dwHighDateTime=0x1d4c5d1, nFileSizeHigh=0x0, nFileSizeLow=0x8463, dwReserved0=0x0, dwReserved1=0x0, cFileName="T5dowEUb06bqYQQ.jpg", cAlternateFileName="T5DOWE~1.JPG")) returned 1 [0097.498] FindNextFileW (in: hFindFile=0xfe64a0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x29790ed0, ftCreationTime.dwHighDateTime=0x1d4c6a5, ftLastAccessTime.dwLowDateTime=0xe985e110, ftLastAccessTime.dwHighDateTime=0x1d4d232, ftLastWriteTime.dwLowDateTime=0xe985e110, ftLastWriteTime.dwHighDateTime=0x1d4d232, nFileSizeHigh=0x0, nFileSizeLow=0xfe89, dwReserved0=0x0, dwReserved1=0x0, cFileName="T8OYYDf88tBVLqF.gif", cAlternateFileName="T8OYYD~1.GIF")) returned 1 [0097.498] FindNextFileW (in: hFindFile=0xfe64a0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xaa04d8a0, ftCreationTime.dwHighDateTime=0x1d4cf73, ftLastAccessTime.dwLowDateTime=0xb5045c80, ftLastAccessTime.dwHighDateTime=0x1d4d46e, ftLastWriteTime.dwLowDateTime=0xb5045c80, ftLastWriteTime.dwHighDateTime=0x1d4d46e, nFileSizeHigh=0x0, nFileSizeLow=0x183da, dwReserved0=0x0, dwReserved1=0x0, cFileName="TAPqVvs0CF1ZIwzhmbw.gif", cAlternateFileName="TAPQVV~1.GIF")) returned 1 [0097.498] FindNextFileW (in: hFindFile=0xfe64a0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e09a80, ftCreationTime.dwHighDateTime=0x1d4d334, ftLastAccessTime.dwLowDateTime=0x5bd384b0, ftLastAccessTime.dwHighDateTime=0x1d4cc6c, ftLastWriteTime.dwLowDateTime=0x5bd384b0, ftLastWriteTime.dwHighDateTime=0x1d4cc6c, nFileSizeHigh=0x0, nFileSizeLow=0x223f, dwReserved0=0x0, dwReserved1=0x0, cFileName="u8d1cx.gif", cAlternateFileName="")) returned 1 [0097.498] FindNextFileW (in: hFindFile=0xfe64a0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9205a9f0, ftCreationTime.dwHighDateTime=0x1d4c884, ftLastAccessTime.dwLowDateTime=0x2b342490, ftLastAccessTime.dwHighDateTime=0x1d4c65e, ftLastWriteTime.dwLowDateTime=0x2b342490, ftLastWriteTime.dwHighDateTime=0x1d4c65e, nFileSizeHigh=0x0, nFileSizeLow=0x1506f, dwReserved0=0x0, dwReserved1=0x0, cFileName="ua7o.bmp", cAlternateFileName="")) returned 1 [0097.498] FindNextFileW (in: hFindFile=0xfe64a0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x91998450, ftCreationTime.dwHighDateTime=0x1d4c979, ftLastAccessTime.dwLowDateTime=0x720f11e0, ftLastAccessTime.dwHighDateTime=0x1d4ca7d, ftLastWriteTime.dwLowDateTime=0x720f11e0, ftLastWriteTime.dwHighDateTime=0x1d4ca7d, nFileSizeHigh=0x0, nFileSizeLow=0x10b3a, dwReserved0=0x0, dwReserved1=0x0, cFileName="wbyq.jpg", cAlternateFileName="")) returned 1 [0097.498] FindNextFileW (in: hFindFile=0xfe64a0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3902a820, ftCreationTime.dwHighDateTime=0x1d4cb73, ftLastAccessTime.dwLowDateTime=0xafd1d520, ftLastAccessTime.dwHighDateTime=0x1d4d145, ftLastWriteTime.dwLowDateTime=0xafd1d520, ftLastWriteTime.dwHighDateTime=0x1d4d145, nFileSizeHigh=0x0, nFileSizeLow=0xd05d, dwReserved0=0x0, dwReserved1=0x0, cFileName="xLS-jVD.bmp", cAlternateFileName="")) returned 1 [0097.517] FindNextFileW (in: hFindFile=0xfe64a0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4f863920, ftCreationTime.dwHighDateTime=0x1d4caa8, ftLastAccessTime.dwLowDateTime=0xfe6f47a0, ftLastAccessTime.dwHighDateTime=0x1d4c5c2, ftLastWriteTime.dwLowDateTime=0xfe6f47a0, ftLastWriteTime.dwHighDateTime=0x1d4c5c2, nFileSizeHigh=0x0, nFileSizeLow=0xd0e4, dwReserved0=0x0, dwReserved1=0x0, cFileName="y1HZN.gif", cAlternateFileName="")) returned 1 [0097.517] FindNextFileW (in: hFindFile=0xfe64a0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4ae05650, ftCreationTime.dwHighDateTime=0x1d4d00f, ftLastAccessTime.dwLowDateTime=0x3897b200, ftLastAccessTime.dwHighDateTime=0x1d4cf3c, ftLastWriteTime.dwLowDateTime=0x3897b200, ftLastWriteTime.dwHighDateTime=0x1d4cf3c, nFileSizeHigh=0x0, nFileSizeLow=0x9181, dwReserved0=0x0, dwReserved1=0x0, cFileName="Y2g5s0bUdYCWTLgdwhk.png", cAlternateFileName="Y2G5S0~1.PNG")) returned 1 [0097.517] FindNextFileW (in: hFindFile=0xfe64a0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4fba4b0, ftCreationTime.dwHighDateTime=0x1d4c9d3, ftLastAccessTime.dwLowDateTime=0x209d5600, ftLastAccessTime.dwHighDateTime=0x1d4cf37, ftLastWriteTime.dwLowDateTime=0x209d5600, ftLastWriteTime.dwHighDateTime=0x1d4cf37, nFileSizeHigh=0x0, nFileSizeLow=0x16ab8, dwReserved0=0x0, dwReserved1=0x0, cFileName="Ydho.png", cAlternateFileName="")) returned 1 [0097.518] FindNextFileW (in: hFindFile=0xfe64a0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9acc95a0, ftCreationTime.dwHighDateTime=0x1d4d1e2, ftLastAccessTime.dwLowDateTime=0x3bae6dc0, ftLastAccessTime.dwHighDateTime=0x1d4ce11, ftLastWriteTime.dwLowDateTime=0x3bae6dc0, ftLastWriteTime.dwHighDateTime=0x1d4ce11, nFileSizeHigh=0x0, nFileSizeLow=0xdac2, dwReserved0=0x0, dwReserved1=0x0, cFileName="yRDk8a4KrUdSBF0.bmp", cAlternateFileName="YRDK8A~1.BMP")) returned 1 [0097.518] FindNextFileW (in: hFindFile=0xfe64a0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x21d8fcc0, ftCreationTime.dwHighDateTime=0x1d4d439, ftLastAccessTime.dwLowDateTime=0x7a665e30, ftLastAccessTime.dwHighDateTime=0x1d4d35f, ftLastWriteTime.dwLowDateTime=0x7a665e30, ftLastWriteTime.dwHighDateTime=0x1d4d35f, nFileSizeHigh=0x0, nFileSizeLow=0x7e7f, dwReserved0=0x0, dwReserved1=0x0, cFileName="Z4feoFk.png", cAlternateFileName="")) returned 1 [0097.518] FindNextFileW (in: hFindFile=0xfe64a0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a30c9a0, ftCreationTime.dwHighDateTime=0x1d4d12c, ftLastAccessTime.dwLowDateTime=0xd05f3df0, ftLastAccessTime.dwHighDateTime=0x1d4cea7, ftLastWriteTime.dwLowDateTime=0xd05f3df0, ftLastWriteTime.dwHighDateTime=0x1d4cea7, nFileSizeHigh=0x0, nFileSizeLow=0xc531, dwReserved0=0x0, dwReserved1=0x0, cFileName="Z7HvtM6H.bmp", cAlternateFileName="")) returned 1 [0097.518] FindNextFileW (in: hFindFile=0xfe64a0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x582c7370, ftCreationTime.dwHighDateTime=0x1d4cf92, ftLastAccessTime.dwLowDateTime=0xe23fa8c0, ftLastAccessTime.dwHighDateTime=0x1d4d497, ftLastWriteTime.dwLowDateTime=0xe23fa8c0, ftLastWriteTime.dwHighDateTime=0x1d4d497, nFileSizeHigh=0x0, nFileSizeLow=0x17398, dwReserved0=0x0, dwReserved1=0x0, cFileName="_9pLGWM1hkc.gif", cAlternateFileName="_9PLGW~1.GIF")) returned 1 [0097.518] FindNextFileW (in: hFindFile=0xfe64a0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0097.518] FindClose (in: hFindFile=0xfe64a0 | out: hFindFile=0xfe64a0) returned 1 [0097.518] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfec74) returned 1 [0097.519] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfec80) returned 1 [0097.519] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfecb8) returned 1 [0097.519] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures", nBufferLength=0x105, lpBuffer=0xcfe76c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Pictures", lpFilePart=0x0) returned 0x18 [0097.519] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\*", lpFindFileData=0xcfe9e0 | out: lpFindFileData=0xcfe9e0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x3476bd48, ftCreationTime.dwHighDateTime=0x1d32722, ftLastAccessTime.dwLowDateTime=0x4cecd03f, ftLastAccessTime.dwHighDateTime=0x1d57301, ftLastWriteTime.dwLowDateTime=0x4cecd03f, ftLastWriteTime.dwHighDateTime=0x1d57301, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xfe66e0 [0097.519] FindNextFileW (in: hFindFile=0xfe66e0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x3476bd48, ftCreationTime.dwHighDateTime=0x1d32722, ftLastAccessTime.dwLowDateTime=0x4cecd03f, ftLastAccessTime.dwHighDateTime=0x1d57301, ftLastWriteTime.dwLowDateTime=0x4cecd03f, ftLastWriteTime.dwHighDateTime=0x1d57301, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0097.519] FindNextFileW (in: hFindFile=0xfe66e0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4efd02f0, ftCreationTime.dwHighDateTime=0x1d4d4cf, ftLastAccessTime.dwLowDateTime=0xc35e7ae0, ftLastAccessTime.dwHighDateTime=0x1d4cf96, ftLastWriteTime.dwLowDateTime=0xc35e7ae0, ftLastWriteTime.dwHighDateTime=0x1d4cf96, nFileSizeHigh=0x0, nFileSizeLow=0x13e93, dwReserved0=0x0, dwReserved1=0x0, cFileName="-T-q.png", cAlternateFileName="")) returned 1 [0097.519] FindNextFileW (in: hFindFile=0xfe66e0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd6d090f0, ftCreationTime.dwHighDateTime=0x1d4d30f, ftLastAccessTime.dwLowDateTime=0x1aaa7f10, ftLastAccessTime.dwHighDateTime=0x1d4d1a4, ftLastWriteTime.dwLowDateTime=0x1aaa7f10, ftLastWriteTime.dwHighDateTime=0x1d4d1a4, nFileSizeHigh=0x0, nFileSizeLow=0x13c9d, dwReserved0=0x0, dwReserved1=0x0, cFileName="0ygqwwt0eQO5oou2.bmp", cAlternateFileName="0YGQWW~1.BMP")) returned 1 [0097.520] FindNextFileW (in: hFindFile=0xfe66e0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1a95d00, ftCreationTime.dwHighDateTime=0x1d4d245, ftLastAccessTime.dwLowDateTime=0xc8840310, ftLastAccessTime.dwHighDateTime=0x1d4d184, ftLastWriteTime.dwLowDateTime=0xc8840310, ftLastWriteTime.dwHighDateTime=0x1d4d184, nFileSizeHigh=0x0, nFileSizeLow=0x7633, dwReserved0=0x0, dwReserved1=0x0, cFileName="1Ftl3457R8jo963.bmp", cAlternateFileName="1FTL34~1.BMP")) returned 1 [0097.520] FindNextFileW (in: hFindFile=0xfe66e0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4b126f60, ftCreationTime.dwHighDateTime=0x1d4cb18, ftLastAccessTime.dwLowDateTime=0xdb67210, ftLastAccessTime.dwHighDateTime=0x1d4d397, ftLastWriteTime.dwLowDateTime=0xdb67210, ftLastWriteTime.dwHighDateTime=0x1d4d397, nFileSizeHigh=0x0, nFileSizeLow=0x148b0, dwReserved0=0x0, dwReserved1=0x0, cFileName="36ckktA6J.png", cAlternateFileName="36CKKT~1.PNG")) returned 1 [0097.520] FindNextFileW (in: hFindFile=0xfe66e0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc626b0d0, ftCreationTime.dwHighDateTime=0x1d4d2f2, ftLastAccessTime.dwLowDateTime=0x70ebe690, ftLastAccessTime.dwHighDateTime=0x1d4d2ec, ftLastWriteTime.dwLowDateTime=0x70ebe690, ftLastWriteTime.dwHighDateTime=0x1d4d2ec, nFileSizeHigh=0x0, nFileSizeLow=0x1e3e, dwReserved0=0x0, dwReserved1=0x0, cFileName="bZIVnb1dr J4hcK.gif", cAlternateFileName="BZIVNB~1.GIF")) returned 1 [0097.520] FindNextFileW (in: hFindFile=0xfe66e0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x51278b1d, ftCreationTime.dwHighDateTime=0x1d32715, ftLastAccessTime.dwLowDateTime=0xd45b4543, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x51278b1d, ftLastWriteTime.dwHighDateTime=0x1d32715, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Camera Roll", cAlternateFileName="CAMERA~1")) returned 1 [0097.520] FindNextFileW (in: hFindFile=0xfe66e0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfbc96870, ftCreationTime.dwHighDateTime=0x1d4d259, ftLastAccessTime.dwLowDateTime=0xd642b3d0, ftLastAccessTime.dwHighDateTime=0x1d4d025, ftLastWriteTime.dwLowDateTime=0xd642b3d0, ftLastWriteTime.dwHighDateTime=0x1d4d025, nFileSizeHigh=0x0, nFileSizeLow=0x16099, dwReserved0=0x0, dwReserved1=0x0, cFileName="D0OoRLm pp4.bmp", cAlternateFileName="D0OORL~1.BMP")) returned 1 [0097.520] FindNextFileW (in: hFindFile=0xfe66e0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x44053085, ftCreationTime.dwHighDateTime=0x1d32722, ftLastAccessTime.dwLowDateTime=0x44053085, ftLastAccessTime.dwHighDateTime=0x1d32722, ftLastWriteTime.dwLowDateTime=0xce2f1526, ftLastWriteTime.dwHighDateTime=0x1d32743, nFileSizeHigh=0x0, nFileSizeLow=0x1f8, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0097.521] FindNextFileW (in: hFindFile=0xfe66e0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc7580770, ftCreationTime.dwHighDateTime=0x1d4d34b, ftLastAccessTime.dwLowDateTime=0xae629890, ftLastAccessTime.dwHighDateTime=0x1d4cfe3, ftLastWriteTime.dwLowDateTime=0xae629890, ftLastWriteTime.dwHighDateTime=0x1d4cfe3, nFileSizeHigh=0x0, nFileSizeLow=0x138e2, dwReserved0=0x0, dwReserved1=0x0, cFileName="E Vy1IxaWC6C_Ejd.gif", cAlternateFileName="EVY1IX~1.GIF")) returned 1 [0097.521] FindNextFileW (in: hFindFile=0xfe66e0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x90b3970, ftCreationTime.dwHighDateTime=0x1d4cf79, ftLastAccessTime.dwLowDateTime=0x60d8c850, ftLastAccessTime.dwHighDateTime=0x1d4ced6, ftLastWriteTime.dwLowDateTime=0x60d8c850, ftLastWriteTime.dwHighDateTime=0x1d4ced6, nFileSizeHigh=0x0, nFileSizeLow=0x1b23, dwReserved0=0x0, dwReserved1=0x0, cFileName="fjbbxYMj8I9SpT7.bmp", cAlternateFileName="FJBBXY~1.BMP")) returned 1 [0097.521] FindNextFileW (in: hFindFile=0xfe66e0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe4a2ebe0, ftCreationTime.dwHighDateTime=0x1d4d2d0, ftLastAccessTime.dwLowDateTime=0x82284cd0, ftLastAccessTime.dwHighDateTime=0x1d4cc31, ftLastWriteTime.dwLowDateTime=0x82284cd0, ftLastWriteTime.dwHighDateTime=0x1d4cc31, nFileSizeHigh=0x0, nFileSizeLow=0x260f, dwReserved0=0x0, dwReserved1=0x0, cFileName="fpYv3fQ.bmp", cAlternateFileName="")) returned 1 [0097.521] FindNextFileW (in: hFindFile=0xfe66e0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1c404ff0, ftCreationTime.dwHighDateTime=0x1d4cfa4, ftLastAccessTime.dwLowDateTime=0x87bf5880, ftLastAccessTime.dwHighDateTime=0x1d4d322, ftLastWriteTime.dwLowDateTime=0x87bf5880, ftLastWriteTime.dwHighDateTime=0x1d4d322, nFileSizeHigh=0x0, nFileSizeLow=0x1342a, dwReserved0=0x0, dwReserved1=0x0, cFileName="GaZiCtGeRTs.jpg", cAlternateFileName="GAZICT~1.JPG")) returned 1 [0097.521] FindNextFileW (in: hFindFile=0xfe66e0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xabcf7240, ftCreationTime.dwHighDateTime=0x1d4ce7d, ftLastAccessTime.dwLowDateTime=0x6564c3c0, ftLastAccessTime.dwHighDateTime=0x1d4d4a2, ftLastWriteTime.dwLowDateTime=0x6564c3c0, ftLastWriteTime.dwHighDateTime=0x1d4d4a2, nFileSizeHigh=0x0, nFileSizeLow=0x16c73, dwReserved0=0x0, dwReserved1=0x0, cFileName="gJ9zBTPD-1GubPMj.bmp", cAlternateFileName="GJ9ZBT~1.BMP")) returned 1 [0097.522] FindNextFileW (in: hFindFile=0xfe66e0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf3bad9b0, ftCreationTime.dwHighDateTime=0x1d4ca8f, ftLastAccessTime.dwLowDateTime=0xa99806c0, ftLastAccessTime.dwHighDateTime=0x1d4cea7, ftLastWriteTime.dwLowDateTime=0xa99806c0, ftLastWriteTime.dwHighDateTime=0x1d4cea7, nFileSizeHigh=0x0, nFileSizeLow=0x8289, dwReserved0=0x0, dwReserved1=0x0, cFileName="GMmGEhIb3Psm.bmp", cAlternateFileName="GMMGEH~1.BMP")) returned 1 [0097.522] FindNextFileW (in: hFindFile=0xfe66e0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8ee65170, ftCreationTime.dwHighDateTime=0x1d4c898, ftLastAccessTime.dwLowDateTime=0xbefc9120, ftLastAccessTime.dwHighDateTime=0x1d4c9d4, ftLastWriteTime.dwLowDateTime=0xbefc9120, ftLastWriteTime.dwHighDateTime=0x1d4c9d4, nFileSizeHigh=0x0, nFileSizeLow=0x2c9b, dwReserved0=0x0, dwReserved1=0x0, cFileName="hC QJQt.jpg", cAlternateFileName="HCQJQT~1.JPG")) returned 1 [0097.522] FindNextFileW (in: hFindFile=0xfe66e0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x88ff07a0, ftCreationTime.dwHighDateTime=0x1d4d326, ftLastAccessTime.dwLowDateTime=0x8ab9e540, ftLastAccessTime.dwHighDateTime=0x1d4cf7c, ftLastWriteTime.dwLowDateTime=0x8ab9e540, ftLastWriteTime.dwHighDateTime=0x1d4cf7c, nFileSizeHigh=0x0, nFileSizeLow=0x1170e, dwReserved0=0x0, dwReserved1=0x0, cFileName="hpkUf.png", cAlternateFileName="")) returned 1 [0097.522] FindNextFileW (in: hFindFile=0xfe66e0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb6d9cfa0, ftCreationTime.dwHighDateTime=0x1d4c8c4, ftLastAccessTime.dwLowDateTime=0x675d22b0, ftLastAccessTime.dwHighDateTime=0x1d4cf4f, ftLastWriteTime.dwLowDateTime=0x675d22b0, ftLastWriteTime.dwHighDateTime=0x1d4cf4f, nFileSizeHigh=0x0, nFileSizeLow=0xcbc3, dwReserved0=0x0, dwReserved1=0x0, cFileName="iPpxvZ3GzU6BEwn7.png", cAlternateFileName="IPPXVZ~1.PNG")) returned 1 [0097.522] FindNextFileW (in: hFindFile=0xfe66e0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd6686dc0, ftCreationTime.dwHighDateTime=0x1d4c731, ftLastAccessTime.dwLowDateTime=0x624f9980, ftLastAccessTime.dwHighDateTime=0x1d4cd18, ftLastWriteTime.dwLowDateTime=0x624f9980, ftLastWriteTime.dwHighDateTime=0x1d4cd18, nFileSizeHigh=0x0, nFileSizeLow=0x13f61, dwReserved0=0x0, dwReserved1=0x0, cFileName="js vjvS.gif", cAlternateFileName="JSVJVS~1.GIF")) returned 1 [0097.522] FindNextFileW (in: hFindFile=0xfe66e0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1ca6cca0, ftCreationTime.dwHighDateTime=0x1d4cf25, ftLastAccessTime.dwLowDateTime=0x7f62d970, ftLastAccessTime.dwHighDateTime=0x1d4cd1c, ftLastWriteTime.dwLowDateTime=0x7f62d970, ftLastWriteTime.dwHighDateTime=0x1d4cd1c, nFileSizeHigh=0x0, nFileSizeLow=0xc810, dwReserved0=0x0, dwReserved1=0x0, cFileName="kgazIq33.jpg", cAlternateFileName="")) returned 1 [0097.523] FindNextFileW (in: hFindFile=0xfe66e0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1e2578c0, ftCreationTime.dwHighDateTime=0x1d4cfa6, ftLastAccessTime.dwLowDateTime=0xf7c19930, ftLastAccessTime.dwHighDateTime=0x1d4c900, ftLastWriteTime.dwLowDateTime=0xf7c19930, ftLastWriteTime.dwHighDateTime=0x1d4c900, nFileSizeHigh=0x0, nFileSizeLow=0x13b3a, dwReserved0=0x0, dwReserved1=0x0, cFileName="LsII.png", cAlternateFileName="")) returned 1 [0097.523] FindNextFileW (in: hFindFile=0xfe66e0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x899cc620, ftCreationTime.dwHighDateTime=0x1d4d024, ftLastAccessTime.dwLowDateTime=0x1b7d6270, ftLastAccessTime.dwHighDateTime=0x1d4d183, ftLastWriteTime.dwLowDateTime=0x1b7d6270, ftLastWriteTime.dwHighDateTime=0x1d4d183, nFileSizeHigh=0x0, nFileSizeLow=0x105e8, dwReserved0=0x0, dwReserved1=0x0, cFileName="q9PQ6m6FTZlaVRyn.png", cAlternateFileName="Q9PQ6M~1.PNG")) returned 1 [0097.523] FindNextFileW (in: hFindFile=0xfe66e0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x43aadba0, ftCreationTime.dwHighDateTime=0x1d4d11b, ftLastAccessTime.dwLowDateTime=0xbd6e2970, ftLastAccessTime.dwHighDateTime=0x1d4cd78, ftLastWriteTime.dwLowDateTime=0xbd6e2970, ftLastWriteTime.dwHighDateTime=0x1d4cd78, nFileSizeHigh=0x0, nFileSizeLow=0xfe61, dwReserved0=0x0, dwReserved1=0x0, cFileName="qx cC l6OaDw3F3ir.png", cAlternateFileName="QXCCL6~1.PNG")) returned 1 [0097.523] FindNextFileW (in: hFindFile=0xfe66e0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xbd8516f0, ftCreationTime.dwHighDateTime=0x1d4d2d5, ftLastAccessTime.dwLowDateTime=0xec9a38d0, ftLastAccessTime.dwHighDateTime=0x1d4d55a, ftLastWriteTime.dwLowDateTime=0xec9a38d0, ftLastWriteTime.dwHighDateTime=0x1d4d55a, nFileSizeHigh=0x0, nFileSizeLow=0x9618, dwReserved0=0x0, dwReserved1=0x0, cFileName="R_kad31fE8n9kjn.png", cAlternateFileName="R_KAD3~1.PNG")) returned 1 [0097.523] FindNextFileW (in: hFindFile=0xfe66e0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x51311410, ftCreationTime.dwHighDateTime=0x1d32715, ftLastAccessTime.dwLowDateTime=0xd45b4e37, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x51311410, ftLastWriteTime.dwHighDateTime=0x1d32715, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Saved Pictures", cAlternateFileName="SAVEDP~1")) returned 1 [0097.523] FindNextFileW (in: hFindFile=0xfe66e0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa5b57300, ftCreationTime.dwHighDateTime=0x1d4d0e4, ftLastAccessTime.dwLowDateTime=0x3065f20, ftLastAccessTime.dwHighDateTime=0x1d4c5c7, ftLastWriteTime.dwLowDateTime=0x3065f20, ftLastWriteTime.dwHighDateTime=0x1d4c5c7, nFileSizeHigh=0x0, nFileSizeLow=0x15248, dwReserved0=0x0, dwReserved1=0x0, cFileName="SmOiiqxGWcF7XTLv.gif", cAlternateFileName="SMOIIQ~1.GIF")) returned 1 [0097.524] FindNextFileW (in: hFindFile=0xfe66e0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4b592820, ftCreationTime.dwHighDateTime=0x1d4d175, ftLastAccessTime.dwLowDateTime=0xcbbbce50, ftLastAccessTime.dwHighDateTime=0x1d4ccca, ftLastWriteTime.dwLowDateTime=0xcbbbce50, ftLastWriteTime.dwHighDateTime=0x1d4ccca, nFileSizeHigh=0x0, nFileSizeLow=0x866b, dwReserved0=0x0, dwReserved1=0x0, cFileName="SvYNlt iTipCbGeaY21.jpg", cAlternateFileName="SVYNLT~1.JPG")) returned 1 [0097.524] FindNextFileW (in: hFindFile=0xfe66e0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e50810, ftCreationTime.dwHighDateTime=0x1d4c793, ftLastAccessTime.dwLowDateTime=0xb5a20a00, ftLastAccessTime.dwHighDateTime=0x1d4d227, ftLastWriteTime.dwLowDateTime=0xb5a20a00, ftLastWriteTime.dwHighDateTime=0x1d4d227, nFileSizeHigh=0x0, nFileSizeLow=0xda79, dwReserved0=0x0, dwReserved1=0x0, cFileName="sYGib zY69_.png", cAlternateFileName="SYGIBZ~1.PNG")) returned 1 [0097.524] FindNextFileW (in: hFindFile=0xfe66e0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2b7197a0, ftCreationTime.dwHighDateTime=0x1d4cad0, ftLastAccessTime.dwLowDateTime=0xc9a4bb40, ftLastAccessTime.dwHighDateTime=0x1d4c5d1, ftLastWriteTime.dwLowDateTime=0xc9a4bb40, ftLastWriteTime.dwHighDateTime=0x1d4c5d1, nFileSizeHigh=0x0, nFileSizeLow=0x8463, dwReserved0=0x0, dwReserved1=0x0, cFileName="T5dowEUb06bqYQQ.jpg", cAlternateFileName="T5DOWE~1.JPG")) returned 1 [0097.524] FindNextFileW (in: hFindFile=0xfe66e0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x29790ed0, ftCreationTime.dwHighDateTime=0x1d4c6a5, ftLastAccessTime.dwLowDateTime=0xe985e110, ftLastAccessTime.dwHighDateTime=0x1d4d232, ftLastWriteTime.dwLowDateTime=0xe985e110, ftLastWriteTime.dwHighDateTime=0x1d4d232, nFileSizeHigh=0x0, nFileSizeLow=0xfe89, dwReserved0=0x0, dwReserved1=0x0, cFileName="T8OYYDf88tBVLqF.gif", cAlternateFileName="T8OYYD~1.GIF")) returned 1 [0097.524] FindNextFileW (in: hFindFile=0xfe66e0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xaa04d8a0, ftCreationTime.dwHighDateTime=0x1d4cf73, ftLastAccessTime.dwLowDateTime=0xb5045c80, ftLastAccessTime.dwHighDateTime=0x1d4d46e, ftLastWriteTime.dwLowDateTime=0xb5045c80, ftLastWriteTime.dwHighDateTime=0x1d4d46e, nFileSizeHigh=0x0, nFileSizeLow=0x183da, dwReserved0=0x0, dwReserved1=0x0, cFileName="TAPqVvs0CF1ZIwzhmbw.gif", cAlternateFileName="TAPQVV~1.GIF")) returned 1 [0097.524] FindNextFileW (in: hFindFile=0xfe66e0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e09a80, ftCreationTime.dwHighDateTime=0x1d4d334, ftLastAccessTime.dwLowDateTime=0x5bd384b0, ftLastAccessTime.dwHighDateTime=0x1d4cc6c, ftLastWriteTime.dwLowDateTime=0x5bd384b0, ftLastWriteTime.dwHighDateTime=0x1d4cc6c, nFileSizeHigh=0x0, nFileSizeLow=0x223f, dwReserved0=0x0, dwReserved1=0x0, cFileName="u8d1cx.gif", cAlternateFileName="")) returned 1 [0097.525] FindNextFileW (in: hFindFile=0xfe66e0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9205a9f0, ftCreationTime.dwHighDateTime=0x1d4c884, ftLastAccessTime.dwLowDateTime=0x2b342490, ftLastAccessTime.dwHighDateTime=0x1d4c65e, ftLastWriteTime.dwLowDateTime=0x2b342490, ftLastWriteTime.dwHighDateTime=0x1d4c65e, nFileSizeHigh=0x0, nFileSizeLow=0x1506f, dwReserved0=0x0, dwReserved1=0x0, cFileName="ua7o.bmp", cAlternateFileName="")) returned 1 [0097.525] FindNextFileW (in: hFindFile=0xfe66e0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x91998450, ftCreationTime.dwHighDateTime=0x1d4c979, ftLastAccessTime.dwLowDateTime=0x720f11e0, ftLastAccessTime.dwHighDateTime=0x1d4ca7d, ftLastWriteTime.dwLowDateTime=0x720f11e0, ftLastWriteTime.dwHighDateTime=0x1d4ca7d, nFileSizeHigh=0x0, nFileSizeLow=0x10b3a, dwReserved0=0x0, dwReserved1=0x0, cFileName="wbyq.jpg", cAlternateFileName="")) returned 1 [0097.525] FindNextFileW (in: hFindFile=0xfe66e0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3902a820, ftCreationTime.dwHighDateTime=0x1d4cb73, ftLastAccessTime.dwLowDateTime=0xafd1d520, ftLastAccessTime.dwHighDateTime=0x1d4d145, ftLastWriteTime.dwLowDateTime=0xafd1d520, ftLastWriteTime.dwHighDateTime=0x1d4d145, nFileSizeHigh=0x0, nFileSizeLow=0xd05d, dwReserved0=0x0, dwReserved1=0x0, cFileName="xLS-jVD.bmp", cAlternateFileName="")) returned 1 [0097.525] FindNextFileW (in: hFindFile=0xfe66e0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4f863920, ftCreationTime.dwHighDateTime=0x1d4caa8, ftLastAccessTime.dwLowDateTime=0xfe6f47a0, ftLastAccessTime.dwHighDateTime=0x1d4c5c2, ftLastWriteTime.dwLowDateTime=0xfe6f47a0, ftLastWriteTime.dwHighDateTime=0x1d4c5c2, nFileSizeHigh=0x0, nFileSizeLow=0xd0e4, dwReserved0=0x0, dwReserved1=0x0, cFileName="y1HZN.gif", cAlternateFileName="")) returned 1 [0097.525] FindNextFileW (in: hFindFile=0xfe66e0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4ae05650, ftCreationTime.dwHighDateTime=0x1d4d00f, ftLastAccessTime.dwLowDateTime=0x3897b200, ftLastAccessTime.dwHighDateTime=0x1d4cf3c, ftLastWriteTime.dwLowDateTime=0x3897b200, ftLastWriteTime.dwHighDateTime=0x1d4cf3c, nFileSizeHigh=0x0, nFileSizeLow=0x9181, dwReserved0=0x0, dwReserved1=0x0, cFileName="Y2g5s0bUdYCWTLgdwhk.png", cAlternateFileName="Y2G5S0~1.PNG")) returned 1 [0097.525] FindNextFileW (in: hFindFile=0xfe66e0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4fba4b0, ftCreationTime.dwHighDateTime=0x1d4c9d3, ftLastAccessTime.dwLowDateTime=0x209d5600, ftLastAccessTime.dwHighDateTime=0x1d4cf37, ftLastWriteTime.dwLowDateTime=0x209d5600, ftLastWriteTime.dwHighDateTime=0x1d4cf37, nFileSizeHigh=0x0, nFileSizeLow=0x16ab8, dwReserved0=0x0, dwReserved1=0x0, cFileName="Ydho.png", cAlternateFileName="")) returned 1 [0097.526] FindNextFileW (in: hFindFile=0xfe66e0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9acc95a0, ftCreationTime.dwHighDateTime=0x1d4d1e2, ftLastAccessTime.dwLowDateTime=0x3bae6dc0, ftLastAccessTime.dwHighDateTime=0x1d4ce11, ftLastWriteTime.dwLowDateTime=0x3bae6dc0, ftLastWriteTime.dwHighDateTime=0x1d4ce11, nFileSizeHigh=0x0, nFileSizeLow=0xdac2, dwReserved0=0x0, dwReserved1=0x0, cFileName="yRDk8a4KrUdSBF0.bmp", cAlternateFileName="YRDK8A~1.BMP")) returned 1 [0097.526] FindNextFileW (in: hFindFile=0xfe66e0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x21d8fcc0, ftCreationTime.dwHighDateTime=0x1d4d439, ftLastAccessTime.dwLowDateTime=0x7a665e30, ftLastAccessTime.dwHighDateTime=0x1d4d35f, ftLastWriteTime.dwLowDateTime=0x7a665e30, ftLastWriteTime.dwHighDateTime=0x1d4d35f, nFileSizeHigh=0x0, nFileSizeLow=0x7e7f, dwReserved0=0x0, dwReserved1=0x0, cFileName="Z4feoFk.png", cAlternateFileName="")) returned 1 [0097.526] FindNextFileW (in: hFindFile=0xfe66e0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a30c9a0, ftCreationTime.dwHighDateTime=0x1d4d12c, ftLastAccessTime.dwLowDateTime=0xd05f3df0, ftLastAccessTime.dwHighDateTime=0x1d4cea7, ftLastWriteTime.dwLowDateTime=0xd05f3df0, ftLastWriteTime.dwHighDateTime=0x1d4cea7, nFileSizeHigh=0x0, nFileSizeLow=0xc531, dwReserved0=0x0, dwReserved1=0x0, cFileName="Z7HvtM6H.bmp", cAlternateFileName="")) returned 1 [0097.526] FindNextFileW (in: hFindFile=0xfe66e0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x582c7370, ftCreationTime.dwHighDateTime=0x1d4cf92, ftLastAccessTime.dwLowDateTime=0xe23fa8c0, ftLastAccessTime.dwHighDateTime=0x1d4d497, ftLastWriteTime.dwLowDateTime=0xe23fa8c0, ftLastWriteTime.dwHighDateTime=0x1d4d497, nFileSizeHigh=0x0, nFileSizeLow=0x17398, dwReserved0=0x0, dwReserved1=0x0, cFileName="_9pLGWM1hkc.gif", cAlternateFileName="_9PLGW~1.GIF")) returned 1 [0097.526] FindNextFileW (in: hFindFile=0xfe66e0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x582c7370, ftCreationTime.dwHighDateTime=0x1d4cf92, ftLastAccessTime.dwLowDateTime=0xe23fa8c0, ftLastAccessTime.dwHighDateTime=0x1d4d497, ftLastWriteTime.dwLowDateTime=0xe23fa8c0, ftLastWriteTime.dwHighDateTime=0x1d4d497, nFileSizeHigh=0x0, nFileSizeLow=0x17398, dwReserved0=0x0, dwReserved1=0x0, cFileName="_9pLGWM1hkc.gif", cAlternateFileName="_9PLGW~1.GIF")) returned 0 [0097.526] FindClose (in: hFindFile=0xfe66e0 | out: hFindFile=0xfe66e0) returned 1 [0097.527] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfec74) returned 1 [0097.527] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfec80) returned 1 [0097.527] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\-T-q.png", nBufferLength=0x105, lpBuffer=0xcfe620, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Pictures\\-T-q.png", lpFilePart=0x0) returned 0x21 [0097.527] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeb64) returned 1 [0097.527] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Pictures\\-T-q.png" (normalized: "c:\\users\\fd1hvy\\pictures\\-t-q.png"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2b8 [0097.527] GetFileType (hFile=0x2b8) returned 0x1 [0097.527] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeb60) returned 1 [0097.527] GetFileType (hFile=0x2b8) returned 0x1 [0097.527] GetFileSize (in: hFile=0x2b8, lpFileSizeHigh=0xcfec60 | out: lpFileSizeHigh=0xcfec60*=0x0) returned 0x13e93 [0097.527] ReadFile (in: hFile=0x2b8, lpBuffer=0x2dcf888, nNumberOfBytesToRead=0x13e93, lpNumberOfBytesRead=0xcfec0c, lpOverlapped=0x0 | out: lpBuffer=0x2dcf888*, lpNumberOfBytesRead=0xcfec0c*=0x13e93, lpOverlapped=0x0) returned 1 [0097.528] CloseHandle (hObject=0x2b8) returned 1 [0097.785] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", nBufferLength=0x105, lpBuffer=0xcfe724, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", lpFilePart=0x0) returned 0x2c [0097.785] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfebd8) returned 1 [0097.785] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8" (normalized: "c:\\users\\fd1hvy\\desktop\\read_this.txt.shade8"), fInfoLevelId=0x0, lpFileInformation=0xcfec54 | out: lpFileInformation=0xcfec54*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0097.785] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfebd4) returned 1 [0097.785] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\-T-q.png", nBufferLength=0x105, lpBuffer=0xcfe60c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Pictures\\-T-q.png", lpFilePart=0x0) returned 0x21 [0097.785] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeb50) returned 1 [0097.785] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Pictures\\-T-q.png" (normalized: "c:\\users\\fd1hvy\\pictures\\-t-q.png"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2b8 [0097.787] GetFileType (hFile=0x2b8) returned 0x1 [0097.787] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeb4c) returned 1 [0097.787] GetFileType (hFile=0x2b8) returned 0x1 [0097.787] WriteFile (in: hFile=0x2b8, lpBuffer=0x2c7d6a0*, nNumberOfBytesToWrite=0x13ea0, lpNumberOfBytesWritten=0xcfec00, lpOverlapped=0x0 | out: lpBuffer=0x2c7d6a0*, lpNumberOfBytesWritten=0xcfec00*=0x13ea0, lpOverlapped=0x0) returned 1 [0097.789] CloseHandle (hObject=0x2b8) returned 1 [0097.791] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\-T-q.png", nBufferLength=0x105, lpBuffer=0xcfe730, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Pictures\\-T-q.png", lpFilePart=0x0) returned 0x21 [0097.791] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\-T-q.png.shade8", nBufferLength=0x105, lpBuffer=0xcfe730, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Pictures\\-T-q.png.shade8", lpFilePart=0x0) returned 0x28 [0097.791] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfebe4) returned 1 [0097.791] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\-T-q.png" (normalized: "c:\\users\\fd1hvy\\pictures\\-t-q.png"), fInfoLevelId=0x0, lpFileInformation=0xcfec60 | out: lpFileInformation=0xcfec60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4efd02f0, ftCreationTime.dwHighDateTime=0x1d4d4cf, ftLastAccessTime.dwLowDateTime=0xc35e7ae0, ftLastAccessTime.dwHighDateTime=0x1d4cf96, ftLastWriteTime.dwLowDateTime=0x82e3f66a, ftLastWriteTime.dwHighDateTime=0x1d57301, nFileSizeHigh=0x0, nFileSizeLow=0x13ea0)) returned 1 [0097.791] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfebe0) returned 1 [0097.791] MoveFileW (lpExistingFileName="C:\\Users\\FD1HVy\\Pictures\\-T-q.png" (normalized: "c:\\users\\fd1hvy\\pictures\\-t-q.png"), lpNewFileName="C:\\Users\\FD1HVy\\Pictures\\-T-q.png.shade8" (normalized: "c:\\users\\fd1hvy\\pictures\\-t-q.png.shade8")) returned 1 [0097.792] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\0ygqwwt0eQO5oou2.bmp", nBufferLength=0x105, lpBuffer=0xcfe620, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Pictures\\0ygqwwt0eQO5oou2.bmp", lpFilePart=0x0) returned 0x2d [0097.792] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeb64) returned 1 [0097.792] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Pictures\\0ygqwwt0eQO5oou2.bmp" (normalized: "c:\\users\\fd1hvy\\pictures\\0ygqwwt0eqo5oou2.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2b8 [0097.792] GetFileType (hFile=0x2b8) returned 0x1 [0097.792] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeb60) returned 1 [0097.792] GetFileType (hFile=0x2b8) returned 0x1 [0097.792] GetFileSize (in: hFile=0x2b8, lpFileSizeHigh=0xcfec60 | out: lpFileSizeHigh=0xcfec60*=0x0) returned 0x13c9d [0097.792] ReadFile (in: hFile=0x2b8, lpBuffer=0x2c9196c, nNumberOfBytesToRead=0x13c9d, lpNumberOfBytesRead=0xcfec0c, lpOverlapped=0x0 | out: lpBuffer=0x2c9196c*, lpNumberOfBytesRead=0xcfec0c*=0x13c9d, lpOverlapped=0x0) returned 1 [0097.793] CloseHandle (hObject=0x2b8) returned 1 [0097.864] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", nBufferLength=0x105, lpBuffer=0xcfe724, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", lpFilePart=0x0) returned 0x2c [0097.864] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfebd8) returned 1 [0097.864] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8" (normalized: "c:\\users\\fd1hvy\\desktop\\read_this.txt.shade8"), fInfoLevelId=0x0, lpFileInformation=0xcfec54 | out: lpFileInformation=0xcfec54*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0097.864] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfebd4) returned 1 [0097.864] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\0ygqwwt0eQO5oou2.bmp", nBufferLength=0x105, lpBuffer=0xcfe60c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Pictures\\0ygqwwt0eQO5oou2.bmp", lpFilePart=0x0) returned 0x2d [0097.864] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeb50) returned 1 [0097.864] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Pictures\\0ygqwwt0eQO5oou2.bmp" (normalized: "c:\\users\\fd1hvy\\pictures\\0ygqwwt0eqo5oou2.bmp"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2b8 [0097.866] GetFileType (hFile=0x2b8) returned 0x1 [0097.866] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeb4c) returned 1 [0097.866] GetFileType (hFile=0x2b8) returned 0x1 [0097.866] WriteFile (in: hFile=0x2b8, lpBuffer=0x2d19ea8*, nNumberOfBytesToWrite=0x13ca0, lpNumberOfBytesWritten=0xcfec00, lpOverlapped=0x0 | out: lpBuffer=0x2d19ea8*, lpNumberOfBytesWritten=0xcfec00*=0x13ca0, lpOverlapped=0x0) returned 1 [0097.869] CloseHandle (hObject=0x2b8) returned 1 [0097.871] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\0ygqwwt0eQO5oou2.bmp", nBufferLength=0x105, lpBuffer=0xcfe730, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Pictures\\0ygqwwt0eQO5oou2.bmp", lpFilePart=0x0) returned 0x2d [0097.871] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\0ygqwwt0eQO5oou2.bmp.shade8", nBufferLength=0x105, lpBuffer=0xcfe730, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Pictures\\0ygqwwt0eQO5oou2.bmp.shade8", lpFilePart=0x0) returned 0x34 [0097.871] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfebe4) returned 1 [0097.871] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\0ygqwwt0eQO5oou2.bmp" (normalized: "c:\\users\\fd1hvy\\pictures\\0ygqwwt0eqo5oou2.bmp"), fInfoLevelId=0x0, lpFileInformation=0xcfec60 | out: lpFileInformation=0xcfec60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd6d090f0, ftCreationTime.dwHighDateTime=0x1d4d30f, ftLastAccessTime.dwLowDateTime=0x1aaa7f10, ftLastAccessTime.dwHighDateTime=0x1d4d1a4, ftLastWriteTime.dwLowDateTime=0x82efe1da, ftLastWriteTime.dwHighDateTime=0x1d57301, nFileSizeHigh=0x0, nFileSizeLow=0x13ca0)) returned 1 [0097.871] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfebe0) returned 1 [0097.871] MoveFileW (lpExistingFileName="C:\\Users\\FD1HVy\\Pictures\\0ygqwwt0eQO5oou2.bmp" (normalized: "c:\\users\\fd1hvy\\pictures\\0ygqwwt0eqo5oou2.bmp"), lpNewFileName="C:\\Users\\FD1HVy\\Pictures\\0ygqwwt0eQO5oou2.bmp.shade8" (normalized: "c:\\users\\fd1hvy\\pictures\\0ygqwwt0eqo5oou2.bmp.shade8")) returned 1 [0097.872] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\1Ftl3457R8jo963.bmp", nBufferLength=0x105, lpBuffer=0xcfe620, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Pictures\\1Ftl3457R8jo963.bmp", lpFilePart=0x0) returned 0x2c [0097.872] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeb64) returned 1 [0097.872] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Pictures\\1Ftl3457R8jo963.bmp" (normalized: "c:\\users\\fd1hvy\\pictures\\1ftl3457r8jo963.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2b8 [0097.872] GetFileType (hFile=0x2b8) returned 0x1 [0097.872] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeb60) returned 1 [0097.872] GetFileType (hFile=0x2b8) returned 0x1 [0097.872] GetFileSize (in: hFile=0x2b8, lpFileSizeHigh=0xcfec60 | out: lpFileSizeHigh=0xcfec60*=0x0) returned 0x7633 [0097.872] ReadFile (in: hFile=0x2b8, lpBuffer=0x2d2dfe8, nNumberOfBytesToRead=0x7633, lpNumberOfBytesRead=0xcfec0c, lpOverlapped=0x0 | out: lpBuffer=0x2d2dfe8*, lpNumberOfBytesRead=0xcfec0c*=0x7633, lpOverlapped=0x0) returned 1 [0097.873] CloseHandle (hObject=0x2b8) returned 1 [0097.889] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", nBufferLength=0x105, lpBuffer=0xcfe724, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", lpFilePart=0x0) returned 0x2c [0097.889] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfebd8) returned 1 [0097.889] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8" (normalized: "c:\\users\\fd1hvy\\desktop\\read_this.txt.shade8"), fInfoLevelId=0x0, lpFileInformation=0xcfec54 | out: lpFileInformation=0xcfec54*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0097.889] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfebd4) returned 1 [0097.889] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\1Ftl3457R8jo963.bmp", nBufferLength=0x105, lpBuffer=0xcfe60c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Pictures\\1Ftl3457R8jo963.bmp", lpFilePart=0x0) returned 0x2c [0097.936] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeb50) returned 1 [0097.937] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Pictures\\1Ftl3457R8jo963.bmp" (normalized: "c:\\users\\fd1hvy\\pictures\\1ftl3457r8jo963.bmp"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2b8 [0097.938] GetFileType (hFile=0x2b8) returned 0x1 [0097.938] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeb4c) returned 1 [0097.938] GetFileType (hFile=0x2b8) returned 0x1 [0097.938] WriteFile (in: hFile=0x2b8, lpBuffer=0x2d9fd14*, nNumberOfBytesToWrite=0x7640, lpNumberOfBytesWritten=0xcfec00, lpOverlapped=0x0 | out: lpBuffer=0x2d9fd14*, lpNumberOfBytesWritten=0xcfec00*=0x7640, lpOverlapped=0x0) returned 1 [0097.939] CloseHandle (hObject=0x2b8) returned 1 [0097.941] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\1Ftl3457R8jo963.bmp", nBufferLength=0x105, lpBuffer=0xcfe730, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Pictures\\1Ftl3457R8jo963.bmp", lpFilePart=0x0) returned 0x2c [0097.941] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\1Ftl3457R8jo963.bmp.shade8", nBufferLength=0x105, lpBuffer=0xcfe730, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Pictures\\1Ftl3457R8jo963.bmp.shade8", lpFilePart=0x0) returned 0x33 [0097.941] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfebe4) returned 1 [0097.941] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\1Ftl3457R8jo963.bmp" (normalized: "c:\\users\\fd1hvy\\pictures\\1ftl3457r8jo963.bmp"), fInfoLevelId=0x0, lpFileInformation=0xcfec60 | out: lpFileInformation=0xcfec60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1a95d00, ftCreationTime.dwHighDateTime=0x1d4d245, ftLastAccessTime.dwLowDateTime=0xc8840310, ftLastAccessTime.dwHighDateTime=0x1d4d184, ftLastWriteTime.dwLowDateTime=0x82fbcd3a, ftLastWriteTime.dwHighDateTime=0x1d57301, nFileSizeHigh=0x0, nFileSizeLow=0x7640)) returned 1 [0097.941] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfebe0) returned 1 [0097.941] MoveFileW (lpExistingFileName="C:\\Users\\FD1HVy\\Pictures\\1Ftl3457R8jo963.bmp" (normalized: "c:\\users\\fd1hvy\\pictures\\1ftl3457r8jo963.bmp"), lpNewFileName="C:\\Users\\FD1HVy\\Pictures\\1Ftl3457R8jo963.bmp.shade8" (normalized: "c:\\users\\fd1hvy\\pictures\\1ftl3457r8jo963.bmp.shade8")) returned 1 [0097.942] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\36ckktA6J.png", nBufferLength=0x105, lpBuffer=0xcfe620, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Pictures\\36ckktA6J.png", lpFilePart=0x0) returned 0x26 [0097.942] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeb64) returned 1 [0097.942] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Pictures\\36ckktA6J.png" (normalized: "c:\\users\\fd1hvy\\pictures\\36ckkta6j.png"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2b8 [0097.942] GetFileType (hFile=0x2b8) returned 0x1 [0097.942] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeb60) returned 1 [0097.942] GetFileType (hFile=0x2b8) returned 0x1 [0097.942] GetFileSize (in: hFile=0x2b8, lpFileSizeHigh=0xcfec60 | out: lpFileSizeHigh=0xcfec60*=0x0) returned 0x148b0 [0097.942] ReadFile (in: hFile=0x2b8, lpBuffer=0x2da77d0, nNumberOfBytesToRead=0x148b0, lpNumberOfBytesRead=0xcfec0c, lpOverlapped=0x0 | out: lpBuffer=0x2da77d0*, lpNumberOfBytesRead=0xcfec0c*=0x148b0, lpOverlapped=0x0) returned 1 [0097.943] CloseHandle (hObject=0x2b8) returned 1 [0098.041] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", nBufferLength=0x105, lpBuffer=0xcfe724, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", lpFilePart=0x0) returned 0x2c [0098.041] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfebd8) returned 1 [0098.041] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8" (normalized: "c:\\users\\fd1hvy\\desktop\\read_this.txt.shade8"), fInfoLevelId=0x0, lpFileInformation=0xcfec54 | out: lpFileInformation=0xcfec54*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0098.042] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfebd4) returned 1 [0098.042] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\36ckktA6J.png", nBufferLength=0x105, lpBuffer=0xcfe60c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Pictures\\36ckktA6J.png", lpFilePart=0x0) returned 0x26 [0098.042] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeb50) returned 1 [0098.042] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Pictures\\36ckktA6J.png" (normalized: "c:\\users\\fd1hvy\\pictures\\36ckkta6j.png"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2b8 [0098.044] GetFileType (hFile=0x2b8) returned 0x1 [0098.044] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeb4c) returned 1 [0098.044] GetFileType (hFile=0x2b8) returned 0x1 [0098.044] WriteFile (in: hFile=0x2b8, lpBuffer=0x2e3200c*, nNumberOfBytesToWrite=0x148c0, lpNumberOfBytesWritten=0xcfec00, lpOverlapped=0x0 | out: lpBuffer=0x2e3200c*, lpNumberOfBytesWritten=0xcfec00*=0x148c0, lpOverlapped=0x0) returned 1 [0098.046] CloseHandle (hObject=0x2b8) returned 1 [0098.050] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\36ckktA6J.png", nBufferLength=0x105, lpBuffer=0xcfe730, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Pictures\\36ckktA6J.png", lpFilePart=0x0) returned 0x26 [0098.050] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\36ckktA6J.png.shade8", nBufferLength=0x105, lpBuffer=0xcfe730, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Pictures\\36ckktA6J.png.shade8", lpFilePart=0x0) returned 0x2d [0098.050] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfebe4) returned 1 [0098.050] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\36ckktA6J.png" (normalized: "c:\\users\\fd1hvy\\pictures\\36ckkta6j.png"), fInfoLevelId=0x0, lpFileInformation=0xcfec60 | out: lpFileInformation=0xcfec60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4b126f60, ftCreationTime.dwHighDateTime=0x1d4cb18, ftLastAccessTime.dwLowDateTime=0xdb67210, ftLastAccessTime.dwHighDateTime=0x1d4d397, ftLastWriteTime.dwLowDateTime=0x830ce41f, ftLastWriteTime.dwHighDateTime=0x1d57301, nFileSizeHigh=0x0, nFileSizeLow=0x148c0)) returned 1 [0098.050] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfebe0) returned 1 [0098.050] MoveFileW (lpExistingFileName="C:\\Users\\FD1HVy\\Pictures\\36ckktA6J.png" (normalized: "c:\\users\\fd1hvy\\pictures\\36ckkta6j.png"), lpNewFileName="C:\\Users\\FD1HVy\\Pictures\\36ckktA6J.png.shade8" (normalized: "c:\\users\\fd1hvy\\pictures\\36ckkta6j.png.shade8")) returned 1 [0098.074] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\D0OoRLm pp4.bmp", nBufferLength=0x105, lpBuffer=0xcfe620, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Pictures\\D0OoRLm pp4.bmp", lpFilePart=0x0) returned 0x28 [0098.074] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeb64) returned 1 [0098.075] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Pictures\\D0OoRLm pp4.bmp" (normalized: "c:\\users\\fd1hvy\\pictures\\d0oorlm pp4.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2b8 [0098.075] GetFileType (hFile=0x2b8) returned 0x1 [0098.075] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeb60) returned 1 [0098.075] GetFileType (hFile=0x2b8) returned 0x1 [0098.075] GetFileSize (in: hFile=0x2b8, lpFileSizeHigh=0xcfec60 | out: lpFileSizeHigh=0xcfec60*=0x0) returned 0x16099 [0098.076] ReadFile (in: hFile=0x2b8, lpBuffer=0x3d32598, nNumberOfBytesToRead=0x16099, lpNumberOfBytesRead=0xcfec0c, lpOverlapped=0x0 | out: lpBuffer=0x3d32598*, lpNumberOfBytesRead=0xcfec0c*=0x16099, lpOverlapped=0x0) returned 1 [0098.076] CloseHandle (hObject=0x2b8) returned 1 [0098.099] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", nBufferLength=0x105, lpBuffer=0xcfe724, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", lpFilePart=0x0) returned 0x2c [0098.099] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfebd8) returned 1 [0098.099] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8" (normalized: "c:\\users\\fd1hvy\\desktop\\read_this.txt.shade8"), fInfoLevelId=0x0, lpFileInformation=0xcfec54 | out: lpFileInformation=0xcfec54*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0098.099] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfebd4) returned 1 [0098.099] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\D0OoRLm pp4.bmp", nBufferLength=0x105, lpBuffer=0xcfe60c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Pictures\\D0OoRLm pp4.bmp", lpFilePart=0x0) returned 0x28 [0098.099] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeb50) returned 1 [0098.099] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Pictures\\D0OoRLm pp4.bmp" (normalized: "c:\\users\\fd1hvy\\pictures\\d0oorlm pp4.bmp"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2b8 [0098.101] GetFileType (hFile=0x2b8) returned 0x1 [0098.101] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeb4c) returned 1 [0098.101] GetFileType (hFile=0x2b8) returned 0x1 [0098.101] WriteFile (in: hFile=0x2b8, lpBuffer=0x3da08f0*, nNumberOfBytesToWrite=0x160a0, lpNumberOfBytesWritten=0xcfec00, lpOverlapped=0x0 | out: lpBuffer=0x3da08f0*, lpNumberOfBytesWritten=0xcfec00*=0x160a0, lpOverlapped=0x0) returned 1 [0098.103] CloseHandle (hObject=0x2b8) returned 1 [0098.105] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\D0OoRLm pp4.bmp", nBufferLength=0x105, lpBuffer=0xcfe730, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Pictures\\D0OoRLm pp4.bmp", lpFilePart=0x0) returned 0x28 [0098.106] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\D0OoRLm pp4.bmp.shade8", nBufferLength=0x105, lpBuffer=0xcfe730, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Pictures\\D0OoRLm pp4.bmp.shade8", lpFilePart=0x0) returned 0x2f [0098.106] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfebe4) returned 1 [0098.106] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\D0OoRLm pp4.bmp" (normalized: "c:\\users\\fd1hvy\\pictures\\d0oorlm pp4.bmp"), fInfoLevelId=0x0, lpFileInformation=0xcfec60 | out: lpFileInformation=0xcfec60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfbc96870, ftCreationTime.dwHighDateTime=0x1d4d259, ftLastAccessTime.dwLowDateTime=0xd642b3d0, ftLastAccessTime.dwHighDateTime=0x1d4d025, ftLastWriteTime.dwLowDateTime=0x8313c49b, ftLastWriteTime.dwHighDateTime=0x1d57301, nFileSizeHigh=0x0, nFileSizeLow=0x160a0)) returned 1 [0098.106] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfebe0) returned 1 [0098.106] MoveFileW (lpExistingFileName="C:\\Users\\FD1HVy\\Pictures\\D0OoRLm pp4.bmp" (normalized: "c:\\users\\fd1hvy\\pictures\\d0oorlm pp4.bmp"), lpNewFileName="C:\\Users\\FD1HVy\\Pictures\\D0OoRLm pp4.bmp.shade8" (normalized: "c:\\users\\fd1hvy\\pictures\\d0oorlm pp4.bmp.shade8")) returned 1 [0098.106] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\fjbbxYMj8I9SpT7.bmp", nBufferLength=0x105, lpBuffer=0xcfe620, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Pictures\\fjbbxYMj8I9SpT7.bmp", lpFilePart=0x0) returned 0x2c [0098.106] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeb64) returned 1 [0098.106] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Pictures\\fjbbxYMj8I9SpT7.bmp" (normalized: "c:\\users\\fd1hvy\\pictures\\fjbbxymj8i9spt7.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2b8 [0098.107] GetFileType (hFile=0x2b8) returned 0x1 [0098.107] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeb60) returned 1 [0098.107] GetFileType (hFile=0x2b8) returned 0x1 [0098.107] GetFileSize (in: hFile=0x2b8, lpFileSizeHigh=0xcfec60 | out: lpFileSizeHigh=0xcfec60*=0x0) returned 0x1b23 [0098.107] ReadFile (in: hFile=0x2b8, lpBuffer=0x2e93fbc, nNumberOfBytesToRead=0x1b23, lpNumberOfBytesRead=0xcfec0c, lpOverlapped=0x0 | out: lpBuffer=0x2e93fbc*, lpNumberOfBytesRead=0xcfec0c*=0x1b23, lpOverlapped=0x0) returned 1 [0098.108] CloseHandle (hObject=0x2b8) returned 1 [0098.145] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", nBufferLength=0x105, lpBuffer=0xcfe724, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", lpFilePart=0x0) returned 0x2c [0098.145] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfebd8) returned 1 [0098.145] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8" (normalized: "c:\\users\\fd1hvy\\desktop\\read_this.txt.shade8"), fInfoLevelId=0x0, lpFileInformation=0xcfec54 | out: lpFileInformation=0xcfec54*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0098.145] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfebd4) returned 1 [0098.145] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\fjbbxYMj8I9SpT7.bmp", nBufferLength=0x105, lpBuffer=0xcfe60c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Pictures\\fjbbxYMj8I9SpT7.bmp", lpFilePart=0x0) returned 0x2c [0098.145] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeb50) returned 1 [0098.145] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Pictures\\fjbbxYMj8I9SpT7.bmp" (normalized: "c:\\users\\fd1hvy\\pictures\\fjbbxymj8i9spt7.bmp"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2b8 [0098.146] GetFileType (hFile=0x2b8) returned 0x1 [0098.146] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeb4c) returned 1 [0098.146] GetFileType (hFile=0x2b8) returned 0x1 [0098.146] WriteFile (in: hFile=0x2b8, lpBuffer=0x2ee9598*, nNumberOfBytesToWrite=0x1b30, lpNumberOfBytesWritten=0xcfec00, lpOverlapped=0x0 | out: lpBuffer=0x2ee9598*, lpNumberOfBytesWritten=0xcfec00*=0x1b30, lpOverlapped=0x0) returned 1 [0098.147] CloseHandle (hObject=0x2b8) returned 1 [0098.148] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\fjbbxYMj8I9SpT7.bmp", nBufferLength=0x105, lpBuffer=0xcfe730, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Pictures\\fjbbxYMj8I9SpT7.bmp", lpFilePart=0x0) returned 0x2c [0098.148] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\fjbbxYMj8I9SpT7.bmp.shade8", nBufferLength=0x105, lpBuffer=0xcfe730, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Pictures\\fjbbxYMj8I9SpT7.bmp.shade8", lpFilePart=0x0) returned 0x33 [0098.148] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfebe4) returned 1 [0098.148] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\fjbbxYMj8I9SpT7.bmp" (normalized: "c:\\users\\fd1hvy\\pictures\\fjbbxymj8i9spt7.bmp"), fInfoLevelId=0x0, lpFileInformation=0xcfec60 | out: lpFileInformation=0xcfec60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x90b3970, ftCreationTime.dwHighDateTime=0x1d4cf79, ftLastAccessTime.dwLowDateTime=0x60d8c850, ftLastAccessTime.dwHighDateTime=0x1d4ced6, ftLastWriteTime.dwLowDateTime=0x831aec3c, ftLastWriteTime.dwHighDateTime=0x1d57301, nFileSizeHigh=0x0, nFileSizeLow=0x1b30)) returned 1 [0098.149] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfebe0) returned 1 [0098.149] MoveFileW (lpExistingFileName="C:\\Users\\FD1HVy\\Pictures\\fjbbxYMj8I9SpT7.bmp" (normalized: "c:\\users\\fd1hvy\\pictures\\fjbbxymj8i9spt7.bmp"), lpNewFileName="C:\\Users\\FD1HVy\\Pictures\\fjbbxYMj8I9SpT7.bmp.shade8" (normalized: "c:\\users\\fd1hvy\\pictures\\fjbbxymj8i9spt7.bmp.shade8")) returned 1 [0098.149] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\fpYv3fQ.bmp", nBufferLength=0x105, lpBuffer=0xcfe620, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Pictures\\fpYv3fQ.bmp", lpFilePart=0x0) returned 0x24 [0098.149] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeb64) returned 1 [0098.149] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Pictures\\fpYv3fQ.bmp" (normalized: "c:\\users\\fd1hvy\\pictures\\fpyv3fq.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2b8 [0098.149] GetFileType (hFile=0x2b8) returned 0x1 [0098.149] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeb60) returned 1 [0098.149] GetFileType (hFile=0x2b8) returned 0x1 [0098.150] GetFileSize (in: hFile=0x2b8, lpFileSizeHigh=0xcfec60 | out: lpFileSizeHigh=0xcfec60*=0x0) returned 0x260f [0098.150] ReadFile (in: hFile=0x2b8, lpBuffer=0x2eeb53c, nNumberOfBytesToRead=0x260f, lpNumberOfBytesRead=0xcfec0c, lpOverlapped=0x0 | out: lpBuffer=0x2eeb53c*, lpNumberOfBytesRead=0xcfec0c*=0x260f, lpOverlapped=0x0) returned 1 [0098.150] CloseHandle (hObject=0x2b8) returned 1 [0098.227] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", nBufferLength=0x105, lpBuffer=0xcfe724, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", lpFilePart=0x0) returned 0x2c [0098.227] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfebd8) returned 1 [0098.227] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8" (normalized: "c:\\users\\fd1hvy\\desktop\\read_this.txt.shade8"), fInfoLevelId=0x0, lpFileInformation=0xcfec54 | out: lpFileInformation=0xcfec54*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0098.227] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfebd4) returned 1 [0098.227] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\fpYv3fQ.bmp", nBufferLength=0x105, lpBuffer=0xcfe60c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Pictures\\fpYv3fQ.bmp", lpFilePart=0x0) returned 0x24 [0098.228] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeb50) returned 1 [0098.228] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Pictures\\fpYv3fQ.bmp" (normalized: "c:\\users\\fd1hvy\\pictures\\fpyv3fq.bmp"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2b8 [0098.229] GetFileType (hFile=0x2b8) returned 0x1 [0098.229] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeb4c) returned 1 [0098.229] GetFileType (hFile=0x2b8) returned 0x1 [0098.229] WriteFile (in: hFile=0x2b8, lpBuffer=0x2c5eb04*, nNumberOfBytesToWrite=0x2610, lpNumberOfBytesWritten=0xcfec00, lpOverlapped=0x0 | out: lpBuffer=0x2c5eb04*, lpNumberOfBytesWritten=0xcfec00*=0x2610, lpOverlapped=0x0) returned 1 [0098.230] CloseHandle (hObject=0x2b8) returned 1 [0098.231] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\fpYv3fQ.bmp", nBufferLength=0x105, lpBuffer=0xcfe730, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Pictures\\fpYv3fQ.bmp", lpFilePart=0x0) returned 0x24 [0098.231] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\fpYv3fQ.bmp.shade8", nBufferLength=0x105, lpBuffer=0xcfe730, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Pictures\\fpYv3fQ.bmp.shade8", lpFilePart=0x0) returned 0x2b [0098.231] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfebe4) returned 1 [0098.231] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\fpYv3fQ.bmp" (normalized: "c:\\users\\fd1hvy\\pictures\\fpyv3fq.bmp"), fInfoLevelId=0x0, lpFileInformation=0xcfec60 | out: lpFileInformation=0xcfec60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe4a2ebe0, ftCreationTime.dwHighDateTime=0x1d4d2d0, ftLastAccessTime.dwLowDateTime=0x82284cd0, ftLastAccessTime.dwHighDateTime=0x1d4cc31, ftLastWriteTime.dwLowDateTime=0x8326d7c7, ftLastWriteTime.dwHighDateTime=0x1d57301, nFileSizeHigh=0x0, nFileSizeLow=0x2610)) returned 1 [0098.231] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfebe0) returned 1 [0098.231] MoveFileW (lpExistingFileName="C:\\Users\\FD1HVy\\Pictures\\fpYv3fQ.bmp" (normalized: "c:\\users\\fd1hvy\\pictures\\fpyv3fq.bmp"), lpNewFileName="C:\\Users\\FD1HVy\\Pictures\\fpYv3fQ.bmp.shade8" (normalized: "c:\\users\\fd1hvy\\pictures\\fpyv3fq.bmp.shade8")) returned 1 [0098.231] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\GaZiCtGeRTs.jpg", nBufferLength=0x105, lpBuffer=0xcfe620, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Pictures\\GaZiCtGeRTs.jpg", lpFilePart=0x0) returned 0x28 [0098.232] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeb64) returned 1 [0098.232] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Pictures\\GaZiCtGeRTs.jpg" (normalized: "c:\\users\\fd1hvy\\pictures\\gazictgerts.jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2b8 [0098.232] GetFileType (hFile=0x2b8) returned 0x1 [0098.232] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeb60) returned 1 [0098.232] GetFileType (hFile=0x2b8) returned 0x1 [0098.232] GetFileSize (in: hFile=0x2b8, lpFileSizeHigh=0xcfec60 | out: lpFileSizeHigh=0xcfec60*=0x0) returned 0x1342a [0098.232] ReadFile (in: hFile=0x2b8, lpBuffer=0x2c61548, nNumberOfBytesToRead=0x1342a, lpNumberOfBytesRead=0xcfec0c, lpOverlapped=0x0 | out: lpBuffer=0x2c61548*, lpNumberOfBytesRead=0xcfec0c*=0x1342a, lpOverlapped=0x0) returned 1 [0098.232] CloseHandle (hObject=0x2b8) returned 1 [0098.262] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", nBufferLength=0x105, lpBuffer=0xcfe724, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", lpFilePart=0x0) returned 0x2c [0098.262] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfebd8) returned 1 [0098.262] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8" (normalized: "c:\\users\\fd1hvy\\desktop\\read_this.txt.shade8"), fInfoLevelId=0x0, lpFileInformation=0xcfec54 | out: lpFileInformation=0xcfec54*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0098.262] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfebd4) returned 1 [0098.262] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\GaZiCtGeRTs.jpg", nBufferLength=0x105, lpBuffer=0xcfe60c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Pictures\\GaZiCtGeRTs.jpg", lpFilePart=0x0) returned 0x28 [0098.263] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeb50) returned 1 [0098.263] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Pictures\\GaZiCtGeRTs.jpg" (normalized: "c:\\users\\fd1hvy\\pictures\\gazictgerts.jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2b8 [0098.264] GetFileType (hFile=0x2b8) returned 0x1 [0098.264] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeb4c) returned 1 [0098.264] GetFileType (hFile=0x2b8) returned 0x1 [0098.264] WriteFile (in: hFile=0x2b8, lpBuffer=0x2ce8134*, nNumberOfBytesToWrite=0x13430, lpNumberOfBytesWritten=0xcfec00, lpOverlapped=0x0 | out: lpBuffer=0x2ce8134*, lpNumberOfBytesWritten=0xcfec00*=0x13430, lpOverlapped=0x0) returned 1 [0098.266] CloseHandle (hObject=0x2b8) returned 1 [0098.268] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\GaZiCtGeRTs.jpg", nBufferLength=0x105, lpBuffer=0xcfe730, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Pictures\\GaZiCtGeRTs.jpg", lpFilePart=0x0) returned 0x28 [0098.268] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\GaZiCtGeRTs.jpg.shade8", nBufferLength=0x105, lpBuffer=0xcfe730, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Pictures\\GaZiCtGeRTs.jpg.shade8", lpFilePart=0x0) returned 0x2f [0098.268] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfebe4) returned 1 [0098.268] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\GaZiCtGeRTs.jpg" (normalized: "c:\\users\\fd1hvy\\pictures\\gazictgerts.jpg"), fInfoLevelId=0x0, lpFileInformation=0xcfec60 | out: lpFileInformation=0xcfec60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1c404ff0, ftCreationTime.dwHighDateTime=0x1d4cfa4, ftLastAccessTime.dwLowDateTime=0x87bf5880, ftLastAccessTime.dwHighDateTime=0x1d4d322, ftLastWriteTime.dwLowDateTime=0x832dff00, ftLastWriteTime.dwHighDateTime=0x1d57301, nFileSizeHigh=0x0, nFileSizeLow=0x13430)) returned 1 [0098.268] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfebe0) returned 1 [0098.269] MoveFileW (lpExistingFileName="C:\\Users\\FD1HVy\\Pictures\\GaZiCtGeRTs.jpg" (normalized: "c:\\users\\fd1hvy\\pictures\\gazictgerts.jpg"), lpNewFileName="C:\\Users\\FD1HVy\\Pictures\\GaZiCtGeRTs.jpg.shade8" (normalized: "c:\\users\\fd1hvy\\pictures\\gazictgerts.jpg.shade8")) returned 1 [0098.269] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\gJ9zBTPD-1GubPMj.bmp", nBufferLength=0x105, lpBuffer=0xcfe620, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Pictures\\gJ9zBTPD-1GubPMj.bmp", lpFilePart=0x0) returned 0x2d [0098.269] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeb64) returned 1 [0098.269] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Pictures\\gJ9zBTPD-1GubPMj.bmp" (normalized: "c:\\users\\fd1hvy\\pictures\\gj9zbtpd-1gubpmj.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2b8 [0098.269] GetFileType (hFile=0x2b8) returned 0x1 [0098.269] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeb60) returned 1 [0098.270] GetFileType (hFile=0x2b8) returned 0x1 [0098.270] GetFileSize (in: hFile=0x2b8, lpFileSizeHigh=0xcfec60 | out: lpFileSizeHigh=0xcfec60*=0x0) returned 0x16c73 [0098.270] ReadFile (in: hFile=0x2b8, lpBuffer=0x3ddd210, nNumberOfBytesToRead=0x16c73, lpNumberOfBytesRead=0xcfec0c, lpOverlapped=0x0 | out: lpBuffer=0x3ddd210*, lpNumberOfBytesRead=0xcfec0c*=0x16c73, lpOverlapped=0x0) returned 1 [0098.270] CloseHandle (hObject=0x2b8) returned 1 [0098.294] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", nBufferLength=0x105, lpBuffer=0xcfe724, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", lpFilePart=0x0) returned 0x2c [0098.294] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfebd8) returned 1 [0098.294] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8" (normalized: "c:\\users\\fd1hvy\\desktop\\read_this.txt.shade8"), fInfoLevelId=0x0, lpFileInformation=0xcfec54 | out: lpFileInformation=0xcfec54*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0098.294] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfebd4) returned 1 [0098.294] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\gJ9zBTPD-1GubPMj.bmp", nBufferLength=0x105, lpBuffer=0xcfe60c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Pictures\\gJ9zBTPD-1GubPMj.bmp", lpFilePart=0x0) returned 0x2d [0098.294] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeb50) returned 1 [0098.294] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Pictures\\gJ9zBTPD-1GubPMj.bmp" (normalized: "c:\\users\\fd1hvy\\pictures\\gj9zbtpd-1gubpmj.bmp"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2b8 [0098.295] GetFileType (hFile=0x2b8) returned 0x1 [0098.295] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeb4c) returned 1 [0098.295] GetFileType (hFile=0x2b8) returned 0x1 [0098.296] WriteFile (in: hFile=0x2b8, lpBuffer=0x3e4f0c0*, nNumberOfBytesToWrite=0x16c80, lpNumberOfBytesWritten=0xcfec00, lpOverlapped=0x0 | out: lpBuffer=0x3e4f0c0*, lpNumberOfBytesWritten=0xcfec00*=0x16c80, lpOverlapped=0x0) returned 1 [0098.298] CloseHandle (hObject=0x2b8) returned 1 [0098.300] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\gJ9zBTPD-1GubPMj.bmp", nBufferLength=0x105, lpBuffer=0xcfe730, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Pictures\\gJ9zBTPD-1GubPMj.bmp", lpFilePart=0x0) returned 0x2d [0098.300] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\gJ9zBTPD-1GubPMj.bmp.shade8", nBufferLength=0x105, lpBuffer=0xcfe730, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Pictures\\gJ9zBTPD-1GubPMj.bmp.shade8", lpFilePart=0x0) returned 0x34 [0098.300] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfebe4) returned 1 [0098.300] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\gJ9zBTPD-1GubPMj.bmp" (normalized: "c:\\users\\fd1hvy\\pictures\\gj9zbtpd-1gubpmj.bmp"), fInfoLevelId=0x0, lpFileInformation=0xcfec60 | out: lpFileInformation=0xcfec60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xabcf7240, ftCreationTime.dwHighDateTime=0x1d4ce7d, ftLastAccessTime.dwLowDateTime=0x6564c3c0, ftLastAccessTime.dwHighDateTime=0x1d4d4a2, ftLastWriteTime.dwLowDateTime=0x8332c2fb, ftLastWriteTime.dwHighDateTime=0x1d57301, nFileSizeHigh=0x0, nFileSizeLow=0x16c80)) returned 1 [0098.301] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfebe0) returned 1 [0098.301] MoveFileW (lpExistingFileName="C:\\Users\\FD1HVy\\Pictures\\gJ9zBTPD-1GubPMj.bmp" (normalized: "c:\\users\\fd1hvy\\pictures\\gj9zbtpd-1gubpmj.bmp"), lpNewFileName="C:\\Users\\FD1HVy\\Pictures\\gJ9zBTPD-1GubPMj.bmp.shade8" (normalized: "c:\\users\\fd1hvy\\pictures\\gj9zbtpd-1gubpmj.bmp.shade8")) returned 1 [0098.301] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\GMmGEhIb3Psm.bmp", nBufferLength=0x105, lpBuffer=0xcfe620, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Pictures\\GMmGEhIb3Psm.bmp", lpFilePart=0x0) returned 0x29 [0098.301] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeb64) returned 1 [0098.301] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Pictures\\GMmGEhIb3Psm.bmp" (normalized: "c:\\users\\fd1hvy\\pictures\\gmmgehib3psm.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2b8 [0098.301] GetFileType (hFile=0x2b8) returned 0x1 [0098.301] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeb60) returned 1 [0098.301] GetFileType (hFile=0x2b8) returned 0x1 [0098.302] GetFileSize (in: hFile=0x2b8, lpFileSizeHigh=0xcfec60 | out: lpFileSizeHigh=0xcfec60*=0x0) returned 0x8289 [0098.302] ReadFile (in: hFile=0x2b8, lpBuffer=0x2d48c64, nNumberOfBytesToRead=0x8289, lpNumberOfBytesRead=0xcfec0c, lpOverlapped=0x0 | out: lpBuffer=0x2d48c64*, lpNumberOfBytesRead=0xcfec0c*=0x8289, lpOverlapped=0x0) returned 1 [0098.302] CloseHandle (hObject=0x2b8) returned 1 [0098.321] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", nBufferLength=0x105, lpBuffer=0xcfe724, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", lpFilePart=0x0) returned 0x2c [0098.321] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfebd8) returned 1 [0098.321] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8" (normalized: "c:\\users\\fd1hvy\\desktop\\read_this.txt.shade8"), fInfoLevelId=0x0, lpFileInformation=0xcfec54 | out: lpFileInformation=0xcfec54*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0098.321] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfebd4) returned 1 [0098.321] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\GMmGEhIb3Psm.bmp", nBufferLength=0x105, lpBuffer=0xcfe60c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Pictures\\GMmGEhIb3Psm.bmp", lpFilePart=0x0) returned 0x29 [0098.321] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeb50) returned 1 [0098.321] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Pictures\\GMmGEhIb3Psm.bmp" (normalized: "c:\\users\\fd1hvy\\pictures\\gmmgehib3psm.bmp"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2b8 [0098.322] GetFileType (hFile=0x2b8) returned 0x1 [0098.322] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeb4c) returned 1 [0098.323] GetFileType (hFile=0x2b8) returned 0x1 [0098.323] WriteFile (in: hFile=0x2b8, lpBuffer=0x2dbe720*, nNumberOfBytesToWrite=0x8290, lpNumberOfBytesWritten=0xcfec00, lpOverlapped=0x0 | out: lpBuffer=0x2dbe720*, lpNumberOfBytesWritten=0xcfec00*=0x8290, lpOverlapped=0x0) returned 1 [0098.324] CloseHandle (hObject=0x2b8) returned 1 [0098.325] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\GMmGEhIb3Psm.bmp", nBufferLength=0x105, lpBuffer=0xcfe730, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Pictures\\GMmGEhIb3Psm.bmp", lpFilePart=0x0) returned 0x29 [0098.326] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\GMmGEhIb3Psm.bmp.shade8", nBufferLength=0x105, lpBuffer=0xcfe730, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Pictures\\GMmGEhIb3Psm.bmp.shade8", lpFilePart=0x0) returned 0x30 [0098.326] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfebe4) returned 1 [0098.326] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\GMmGEhIb3Psm.bmp" (normalized: "c:\\users\\fd1hvy\\pictures\\gmmgehib3psm.bmp"), fInfoLevelId=0x0, lpFileInformation=0xcfec60 | out: lpFileInformation=0xcfec60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf3bad9b0, ftCreationTime.dwHighDateTime=0x1d4ca8f, ftLastAccessTime.dwLowDateTime=0xa99806c0, ftLastAccessTime.dwHighDateTime=0x1d4cea7, ftLastWriteTime.dwLowDateTime=0x833524a9, ftLastWriteTime.dwHighDateTime=0x1d57301, nFileSizeHigh=0x0, nFileSizeLow=0x8290)) returned 1 [0098.326] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfebe0) returned 1 [0098.326] MoveFileW (lpExistingFileName="C:\\Users\\FD1HVy\\Pictures\\GMmGEhIb3Psm.bmp" (normalized: "c:\\users\\fd1hvy\\pictures\\gmmgehib3psm.bmp"), lpNewFileName="C:\\Users\\FD1HVy\\Pictures\\GMmGEhIb3Psm.bmp.shade8" (normalized: "c:\\users\\fd1hvy\\pictures\\gmmgehib3psm.bmp.shade8")) returned 1 [0098.326] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\hC QJQt.jpg", nBufferLength=0x105, lpBuffer=0xcfe620, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Pictures\\hC QJQt.jpg", lpFilePart=0x0) returned 0x24 [0098.326] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeb64) returned 1 [0098.326] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Pictures\\hC QJQt.jpg" (normalized: "c:\\users\\fd1hvy\\pictures\\hc qjqt.jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2b8 [0098.326] GetFileType (hFile=0x2b8) returned 0x1 [0098.327] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeb60) returned 1 [0098.327] GetFileType (hFile=0x2b8) returned 0x1 [0098.327] GetFileSize (in: hFile=0x2b8, lpFileSizeHigh=0xcfec60 | out: lpFileSizeHigh=0xcfec60*=0x0) returned 0x2c9b [0098.327] ReadFile (in: hFile=0x2b8, lpBuffer=0x2dc6e08, nNumberOfBytesToRead=0x2c9b, lpNumberOfBytesRead=0xcfec0c, lpOverlapped=0x0 | out: lpBuffer=0x2dc6e08*, lpNumberOfBytesRead=0xcfec0c*=0x2c9b, lpOverlapped=0x0) returned 1 [0098.327] CloseHandle (hObject=0x2b8) returned 1 [0098.369] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", nBufferLength=0x105, lpBuffer=0xcfe724, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", lpFilePart=0x0) returned 0x2c [0098.369] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfebd8) returned 1 [0098.369] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8" (normalized: "c:\\users\\fd1hvy\\desktop\\read_this.txt.shade8"), fInfoLevelId=0x0, lpFileInformation=0xcfec54 | out: lpFileInformation=0xcfec54*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0098.369] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfebd4) returned 1 [0098.369] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\hC QJQt.jpg", nBufferLength=0x105, lpBuffer=0xcfe60c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Pictures\\hC QJQt.jpg", lpFilePart=0x0) returned 0x24 [0098.369] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeb50) returned 1 [0098.370] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Pictures\\hC QJQt.jpg" (normalized: "c:\\users\\fd1hvy\\pictures\\hc qjqt.jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2b8 [0098.371] GetFileType (hFile=0x2b8) returned 0x1 [0098.371] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeb4c) returned 1 [0098.371] GetFileType (hFile=0x2b8) returned 0x1 [0098.371] WriteFile (in: hFile=0x2b8, lpBuffer=0x2c25434*, nNumberOfBytesToWrite=0x2ca0, lpNumberOfBytesWritten=0xcfec00, lpOverlapped=0x0 | out: lpBuffer=0x2c25434*, lpNumberOfBytesWritten=0xcfec00*=0x2ca0, lpOverlapped=0x0) returned 1 [0098.372] CloseHandle (hObject=0x2b8) returned 1 [0098.373] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\hC QJQt.jpg", nBufferLength=0x105, lpBuffer=0xcfe730, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Pictures\\hC QJQt.jpg", lpFilePart=0x0) returned 0x24 [0098.373] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\hC QJQt.jpg.shade8", nBufferLength=0x105, lpBuffer=0xcfe730, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Pictures\\hC QJQt.jpg.shade8", lpFilePart=0x0) returned 0x2b [0098.373] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfebe4) returned 1 [0098.374] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\hC QJQt.jpg" (normalized: "c:\\users\\fd1hvy\\pictures\\hc qjqt.jpg"), fInfoLevelId=0x0, lpFileInformation=0xcfec60 | out: lpFileInformation=0xcfec60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8ee65170, ftCreationTime.dwHighDateTime=0x1d4c898, ftLastAccessTime.dwLowDateTime=0xbefc9120, ftLastAccessTime.dwHighDateTime=0x1d4c9d4, ftLastWriteTime.dwLowDateTime=0x833c4cc0, ftLastWriteTime.dwHighDateTime=0x1d57301, nFileSizeHigh=0x0, nFileSizeLow=0x2ca0)) returned 1 [0098.374] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfebe0) returned 1 [0098.374] MoveFileW (lpExistingFileName="C:\\Users\\FD1HVy\\Pictures\\hC QJQt.jpg" (normalized: "c:\\users\\fd1hvy\\pictures\\hc qjqt.jpg"), lpNewFileName="C:\\Users\\FD1HVy\\Pictures\\hC QJQt.jpg.shade8" (normalized: "c:\\users\\fd1hvy\\pictures\\hc qjqt.jpg.shade8")) returned 1 [0098.374] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\hpkUf.png", nBufferLength=0x105, lpBuffer=0xcfe620, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Pictures\\hpkUf.png", lpFilePart=0x0) returned 0x22 [0098.374] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeb64) returned 1 [0098.374] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Pictures\\hpkUf.png" (normalized: "c:\\users\\fd1hvy\\pictures\\hpkuf.png"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2b8 [0098.375] GetFileType (hFile=0x2b8) returned 0x1 [0098.375] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeb60) returned 1 [0098.375] GetFileType (hFile=0x2b8) returned 0x1 [0098.375] GetFileSize (in: hFile=0x2b8, lpFileSizeHigh=0xcfec60 | out: lpFileSizeHigh=0xcfec60*=0x0) returned 0x1170e [0098.375] ReadFile (in: hFile=0x2b8, lpBuffer=0x2c284f0, nNumberOfBytesToRead=0x1170e, lpNumberOfBytesRead=0xcfec0c, lpOverlapped=0x0 | out: lpBuffer=0x2c284f0*, lpNumberOfBytesRead=0xcfec0c*=0x1170e, lpOverlapped=0x0) returned 1 [0098.375] CloseHandle (hObject=0x2b8) returned 1 [0098.526] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", nBufferLength=0x105, lpBuffer=0xcfe724, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", lpFilePart=0x0) returned 0x2c [0098.526] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfebd8) returned 1 [0098.526] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8" (normalized: "c:\\users\\fd1hvy\\desktop\\read_this.txt.shade8"), fInfoLevelId=0x0, lpFileInformation=0xcfec54 | out: lpFileInformation=0xcfec54*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0098.527] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfebd4) returned 1 [0098.527] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\hpkUf.png", nBufferLength=0x105, lpBuffer=0xcfe60c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Pictures\\hpkUf.png", lpFilePart=0x0) returned 0x22 [0098.527] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeb50) returned 1 [0098.527] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Pictures\\hpkUf.png" (normalized: "c:\\users\\fd1hvy\\pictures\\hpkuf.png"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2b8 [0098.528] GetFileType (hFile=0x2b8) returned 0x1 [0098.528] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeb4c) returned 1 [0098.528] GetFileType (hFile=0x2b8) returned 0x1 [0098.528] WriteFile (in: hFile=0x2b8, lpBuffer=0x2ca997c*, nNumberOfBytesToWrite=0x11710, lpNumberOfBytesWritten=0xcfec00, lpOverlapped=0x0 | out: lpBuffer=0x2ca997c*, lpNumberOfBytesWritten=0xcfec00*=0x11710, lpOverlapped=0x0) returned 1 [0098.530] CloseHandle (hObject=0x2b8) returned 1 [0098.534] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\hpkUf.png", nBufferLength=0x105, lpBuffer=0xcfe730, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Pictures\\hpkUf.png", lpFilePart=0x0) returned 0x22 [0098.535] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\hpkUf.png.shade8", nBufferLength=0x105, lpBuffer=0xcfe730, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Pictures\\hpkUf.png.shade8", lpFilePart=0x0) returned 0x29 [0098.535] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfebe4) returned 1 [0098.535] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\hpkUf.png" (normalized: "c:\\users\\fd1hvy\\pictures\\hpkuf.png"), fInfoLevelId=0x0, lpFileInformation=0xcfec60 | out: lpFileInformation=0xcfec60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x88ff07a0, ftCreationTime.dwHighDateTime=0x1d4d326, ftLastAccessTime.dwLowDateTime=0x8ab9e540, ftLastAccessTime.dwHighDateTime=0x1d4cf7c, ftLastWriteTime.dwLowDateTime=0x835686bf, ftLastWriteTime.dwHighDateTime=0x1d57301, nFileSizeHigh=0x0, nFileSizeLow=0x11710)) returned 1 [0098.535] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfebe0) returned 1 [0098.535] MoveFileW (lpExistingFileName="C:\\Users\\FD1HVy\\Pictures\\hpkUf.png" (normalized: "c:\\users\\fd1hvy\\pictures\\hpkuf.png"), lpNewFileName="C:\\Users\\FD1HVy\\Pictures\\hpkUf.png.shade8" (normalized: "c:\\users\\fd1hvy\\pictures\\hpkuf.png.shade8")) returned 1 [0098.535] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\iPpxvZ3GzU6BEwn7.png", nBufferLength=0x105, lpBuffer=0xcfe620, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Pictures\\iPpxvZ3GzU6BEwn7.png", lpFilePart=0x0) returned 0x2d [0098.535] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeb64) returned 1 [0098.536] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Pictures\\iPpxvZ3GzU6BEwn7.png" (normalized: "c:\\users\\fd1hvy\\pictures\\ippxvz3gzu6bewn7.png"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2b8 [0098.536] GetFileType (hFile=0x2b8) returned 0x1 [0098.536] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeb60) returned 1 [0098.536] GetFileType (hFile=0x2b8) returned 0x1 [0098.536] GetFileSize (in: hFile=0x2b8, lpFileSizeHigh=0xcfec60 | out: lpFileSizeHigh=0xcfec60*=0x0) returned 0xcbc3 [0098.536] ReadFile (in: hFile=0x2b8, lpBuffer=0x2cbb4c0, nNumberOfBytesToRead=0xcbc3, lpNumberOfBytesRead=0xcfec0c, lpOverlapped=0x0 | out: lpBuffer=0x2cbb4c0*, lpNumberOfBytesRead=0xcfec0c*=0xcbc3, lpOverlapped=0x0) returned 1 [0098.536] CloseHandle (hObject=0x2b8) returned 1 [0098.556] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", nBufferLength=0x105, lpBuffer=0xcfe724, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", lpFilePart=0x0) returned 0x2c [0098.556] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfebd8) returned 1 [0098.556] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8" (normalized: "c:\\users\\fd1hvy\\desktop\\read_this.txt.shade8"), fInfoLevelId=0x0, lpFileInformation=0xcfec54 | out: lpFileInformation=0xcfec54*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0098.556] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfebd4) returned 1 [0098.556] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\iPpxvZ3GzU6BEwn7.png", nBufferLength=0x105, lpBuffer=0xcfe60c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Pictures\\iPpxvZ3GzU6BEwn7.png", lpFilePart=0x0) returned 0x2d [0098.556] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeb50) returned 1 [0098.556] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Pictures\\iPpxvZ3GzU6BEwn7.png" (normalized: "c:\\users\\fd1hvy\\pictures\\ippxvz3gzu6bewn7.png"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2b8 [0098.557] GetFileType (hFile=0x2b8) returned 0x1 [0098.557] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeb4c) returned 1 [0098.557] GetFileType (hFile=0x2b8) returned 0x1 [0098.557] WriteFile (in: hFile=0x2b8, lpBuffer=0x2d2e630*, nNumberOfBytesToWrite=0xcbd0, lpNumberOfBytesWritten=0xcfec00, lpOverlapped=0x0 | out: lpBuffer=0x2d2e630*, lpNumberOfBytesWritten=0xcfec00*=0xcbd0, lpOverlapped=0x0) returned 1 [0098.559] CloseHandle (hObject=0x2b8) returned 1 [0098.561] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\iPpxvZ3GzU6BEwn7.png", nBufferLength=0x105, lpBuffer=0xcfe730, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Pictures\\iPpxvZ3GzU6BEwn7.png", lpFilePart=0x0) returned 0x2d [0098.561] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\iPpxvZ3GzU6BEwn7.png.shade8", nBufferLength=0x105, lpBuffer=0xcfe730, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Pictures\\iPpxvZ3GzU6BEwn7.png.shade8", lpFilePart=0x0) returned 0x34 [0098.561] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfebe4) returned 1 [0098.561] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\iPpxvZ3GzU6BEwn7.png" (normalized: "c:\\users\\fd1hvy\\pictures\\ippxvz3gzu6bewn7.png"), fInfoLevelId=0x0, lpFileInformation=0xcfec60 | out: lpFileInformation=0xcfec60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb6d9cfa0, ftCreationTime.dwHighDateTime=0x1d4c8c4, ftLastAccessTime.dwLowDateTime=0x675d22b0, ftLastAccessTime.dwHighDateTime=0x1d4cf4f, ftLastWriteTime.dwLowDateTime=0x8358e9f1, ftLastWriteTime.dwHighDateTime=0x1d57301, nFileSizeHigh=0x0, nFileSizeLow=0xcbd0)) returned 1 [0098.561] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfebe0) returned 1 [0098.561] MoveFileW (lpExistingFileName="C:\\Users\\FD1HVy\\Pictures\\iPpxvZ3GzU6BEwn7.png" (normalized: "c:\\users\\fd1hvy\\pictures\\ippxvz3gzu6bewn7.png"), lpNewFileName="C:\\Users\\FD1HVy\\Pictures\\iPpxvZ3GzU6BEwn7.png.shade8" (normalized: "c:\\users\\fd1hvy\\pictures\\ippxvz3gzu6bewn7.png.shade8")) returned 1 [0098.610] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\kgazIq33.jpg", nBufferLength=0x105, lpBuffer=0xcfe620, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Pictures\\kgazIq33.jpg", lpFilePart=0x0) returned 0x25 [0098.610] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeb64) returned 1 [0098.610] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Pictures\\kgazIq33.jpg" (normalized: "c:\\users\\fd1hvy\\pictures\\kgaziq33.jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2b8 [0098.610] GetFileType (hFile=0x2b8) returned 0x1 [0098.610] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeb60) returned 1 [0098.611] GetFileType (hFile=0x2b8) returned 0x1 [0098.611] GetFileSize (in: hFile=0x2b8, lpFileSizeHigh=0xcfec60 | out: lpFileSizeHigh=0xcfec60*=0x0) returned 0xc810 [0098.611] ReadFile (in: hFile=0x2b8, lpBuffer=0x2d3b69c, nNumberOfBytesToRead=0xc810, lpNumberOfBytesRead=0xcfec0c, lpOverlapped=0x0 | out: lpBuffer=0x2d3b69c*, lpNumberOfBytesRead=0xcfec0c*=0xc810, lpOverlapped=0x0) returned 1 [0098.611] CloseHandle (hObject=0x2b8) returned 1 [0098.628] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", nBufferLength=0x105, lpBuffer=0xcfe724, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", lpFilePart=0x0) returned 0x2c [0098.628] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfebd8) returned 1 [0098.628] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8" (normalized: "c:\\users\\fd1hvy\\desktop\\read_this.txt.shade8"), fInfoLevelId=0x0, lpFileInformation=0xcfec54 | out: lpFileInformation=0xcfec54*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0098.628] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfebd4) returned 1 [0098.628] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\kgazIq33.jpg", nBufferLength=0x105, lpBuffer=0xcfe60c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Pictures\\kgazIq33.jpg", lpFilePart=0x0) returned 0x25 [0098.628] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeb50) returned 1 [0098.628] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Pictures\\kgazIq33.jpg" (normalized: "c:\\users\\fd1hvy\\pictures\\kgaziq33.jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2b8 [0098.630] GetFileType (hFile=0x2b8) returned 0x1 [0098.630] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeb4c) returned 1 [0098.630] GetFileType (hFile=0x2b8) returned 0x1 [0098.630] WriteFile (in: hFile=0x2b8, lpBuffer=0x2dadcf8*, nNumberOfBytesToWrite=0xc820, lpNumberOfBytesWritten=0xcfec00, lpOverlapped=0x0 | out: lpBuffer=0x2dadcf8*, lpNumberOfBytesWritten=0xcfec00*=0xc820, lpOverlapped=0x0) returned 1 [0098.631] CloseHandle (hObject=0x2b8) returned 1 [0098.633] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\kgazIq33.jpg", nBufferLength=0x105, lpBuffer=0xcfe730, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Pictures\\kgazIq33.jpg", lpFilePart=0x0) returned 0x25 [0098.633] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\kgazIq33.jpg.shade8", nBufferLength=0x105, lpBuffer=0xcfe730, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Pictures\\kgazIq33.jpg.shade8", lpFilePart=0x0) returned 0x2c [0098.633] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfebe4) returned 1 [0098.634] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\kgazIq33.jpg" (normalized: "c:\\users\\fd1hvy\\pictures\\kgaziq33.jpg"), fInfoLevelId=0x0, lpFileInformation=0xcfec60 | out: lpFileInformation=0xcfec60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1ca6cca0, ftCreationTime.dwHighDateTime=0x1d4cf25, ftLastAccessTime.dwLowDateTime=0x7f62d970, ftLastAccessTime.dwHighDateTime=0x1d4cd1c, ftLastWriteTime.dwLowDateTime=0x8364d51a, ftLastWriteTime.dwHighDateTime=0x1d57301, nFileSizeHigh=0x0, nFileSizeLow=0xc820)) returned 1 [0098.634] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfebe0) returned 1 [0098.634] MoveFileW (lpExistingFileName="C:\\Users\\FD1HVy\\Pictures\\kgazIq33.jpg" (normalized: "c:\\users\\fd1hvy\\pictures\\kgaziq33.jpg"), lpNewFileName="C:\\Users\\FD1HVy\\Pictures\\kgazIq33.jpg.shade8" (normalized: "c:\\users\\fd1hvy\\pictures\\kgaziq33.jpg.shade8")) returned 1 [0098.634] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\LsII.png", nBufferLength=0x105, lpBuffer=0xcfe620, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Pictures\\LsII.png", lpFilePart=0x0) returned 0x21 [0098.634] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeb64) returned 1 [0098.635] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Pictures\\LsII.png" (normalized: "c:\\users\\fd1hvy\\pictures\\lsii.png"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2b8 [0098.635] GetFileType (hFile=0x2b8) returned 0x1 [0098.635] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeb60) returned 1 [0098.635] GetFileType (hFile=0x2b8) returned 0x1 [0098.635] GetFileSize (in: hFile=0x2b8, lpFileSizeHigh=0xcfec60 | out: lpFileSizeHigh=0xcfec60*=0x0) returned 0x13b3a [0098.635] ReadFile (in: hFile=0x2b8, lpBuffer=0x2dba93c, nNumberOfBytesToRead=0x13b3a, lpNumberOfBytesRead=0xcfec0c, lpOverlapped=0x0 | out: lpBuffer=0x2dba93c*, lpNumberOfBytesRead=0xcfec0c*=0x13b3a, lpOverlapped=0x0) returned 1 [0098.636] CloseHandle (hObject=0x2b8) returned 1 [0098.666] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", nBufferLength=0x105, lpBuffer=0xcfe724, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", lpFilePart=0x0) returned 0x2c [0098.666] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfebd8) returned 1 [0098.666] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8" (normalized: "c:\\users\\fd1hvy\\desktop\\read_this.txt.shade8"), fInfoLevelId=0x0, lpFileInformation=0xcfec54 | out: lpFileInformation=0xcfec54*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0098.666] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfebd4) returned 1 [0098.666] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\LsII.png", nBufferLength=0x105, lpBuffer=0xcfe60c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Pictures\\LsII.png", lpFilePart=0x0) returned 0x21 [0098.666] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeb50) returned 1 [0098.666] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Pictures\\LsII.png" (normalized: "c:\\users\\fd1hvy\\pictures\\lsii.png"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2b8 [0098.668] GetFileType (hFile=0x2b8) returned 0x1 [0098.668] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeb4c) returned 1 [0098.668] GetFileType (hFile=0x2b8) returned 0x1 [0098.668] WriteFile (in: hFile=0x2b8, lpBuffer=0x2c526f4*, nNumberOfBytesToWrite=0x13b40, lpNumberOfBytesWritten=0xcfec00, lpOverlapped=0x0 | out: lpBuffer=0x2c526f4*, lpNumberOfBytesWritten=0xcfec00*=0x13b40, lpOverlapped=0x0) returned 1 [0098.670] CloseHandle (hObject=0x2b8) returned 1 [0098.673] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\LsII.png", nBufferLength=0x105, lpBuffer=0xcfe730, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Pictures\\LsII.png", lpFilePart=0x0) returned 0x21 [0098.673] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\LsII.png.shade8", nBufferLength=0x105, lpBuffer=0xcfe730, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Pictures\\LsII.png.shade8", lpFilePart=0x0) returned 0x28 [0098.673] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfebe4) returned 1 [0098.673] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\LsII.png" (normalized: "c:\\users\\fd1hvy\\pictures\\lsii.png"), fInfoLevelId=0x0, lpFileInformation=0xcfec60 | out: lpFileInformation=0xcfec60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1e2578c0, ftCreationTime.dwHighDateTime=0x1d4cfa6, ftLastAccessTime.dwLowDateTime=0xf7c19930, ftLastAccessTime.dwHighDateTime=0x1d4c900, ftLastWriteTime.dwLowDateTime=0x836bfbb3, ftLastWriteTime.dwHighDateTime=0x1d57301, nFileSizeHigh=0x0, nFileSizeLow=0x13b40)) returned 1 [0098.674] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfebe0) returned 1 [0098.674] MoveFileW (lpExistingFileName="C:\\Users\\FD1HVy\\Pictures\\LsII.png" (normalized: "c:\\users\\fd1hvy\\pictures\\lsii.png"), lpNewFileName="C:\\Users\\FD1HVy\\Pictures\\LsII.png.shade8" (normalized: "c:\\users\\fd1hvy\\pictures\\lsii.png.shade8")) returned 1 [0098.674] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\q9PQ6m6FTZlaVRyn.png", nBufferLength=0x105, lpBuffer=0xcfe620, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Pictures\\q9PQ6m6FTZlaVRyn.png", lpFilePart=0x0) returned 0x2d [0098.674] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeb64) returned 1 [0098.674] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Pictures\\q9PQ6m6FTZlaVRyn.png" (normalized: "c:\\users\\fd1hvy\\pictures\\q9pq6m6ftzlavryn.png"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2b8 [0098.674] GetFileType (hFile=0x2b8) returned 0x1 [0098.674] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeb60) returned 1 [0098.674] GetFileType (hFile=0x2b8) returned 0x1 [0098.674] GetFileSize (in: hFile=0x2b8, lpFileSizeHigh=0xcfec60 | out: lpFileSizeHigh=0xcfec60*=0x0) returned 0x105e8 [0098.675] ReadFile (in: hFile=0x2b8, lpBuffer=0x2c66660, nNumberOfBytesToRead=0x105e8, lpNumberOfBytesRead=0xcfec0c, lpOverlapped=0x0 | out: lpBuffer=0x2c66660*, lpNumberOfBytesRead=0xcfec0c*=0x105e8, lpOverlapped=0x0) returned 1 [0098.675] CloseHandle (hObject=0x2b8) returned 1 [0098.745] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", nBufferLength=0x105, lpBuffer=0xcfe724, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", lpFilePart=0x0) returned 0x2c [0098.745] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfebd8) returned 1 [0098.745] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8" (normalized: "c:\\users\\fd1hvy\\desktop\\read_this.txt.shade8"), fInfoLevelId=0x0, lpFileInformation=0xcfec54 | out: lpFileInformation=0xcfec54*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0098.745] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfebd4) returned 1 [0098.745] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\q9PQ6m6FTZlaVRyn.png", nBufferLength=0x105, lpBuffer=0xcfe60c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Pictures\\q9PQ6m6FTZlaVRyn.png", lpFilePart=0x0) returned 0x2d [0098.745] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeb50) returned 1 [0098.746] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Pictures\\q9PQ6m6FTZlaVRyn.png" (normalized: "c:\\users\\fd1hvy\\pictures\\q9pq6m6ftzlavryn.png"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2b8 [0098.747] GetFileType (hFile=0x2b8) returned 0x1 [0098.747] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeb4c) returned 1 [0098.747] GetFileType (hFile=0x2b8) returned 0x1 [0098.747] WriteFile (in: hFile=0x2b8, lpBuffer=0x2ce4788*, nNumberOfBytesToWrite=0x105f0, lpNumberOfBytesWritten=0xcfec00, lpOverlapped=0x0 | out: lpBuffer=0x2ce4788*, lpNumberOfBytesWritten=0xcfec00*=0x105f0, lpOverlapped=0x0) returned 1 [0098.749] CloseHandle (hObject=0x2b8) returned 1 [0098.752] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\q9PQ6m6FTZlaVRyn.png", nBufferLength=0x105, lpBuffer=0xcfe730, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Pictures\\q9PQ6m6FTZlaVRyn.png", lpFilePart=0x0) returned 0x2d [0098.752] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\q9PQ6m6FTZlaVRyn.png.shade8", nBufferLength=0x105, lpBuffer=0xcfe730, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Pictures\\q9PQ6m6FTZlaVRyn.png.shade8", lpFilePart=0x0) returned 0x34 [0098.752] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfebe4) returned 1 [0098.752] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\q9PQ6m6FTZlaVRyn.png" (normalized: "c:\\users\\fd1hvy\\pictures\\q9pq6m6ftzlavryn.png"), fInfoLevelId=0x0, lpFileInformation=0xcfec60 | out: lpFileInformation=0xcfec60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x899cc620, ftCreationTime.dwHighDateTime=0x1d4d024, ftLastAccessTime.dwLowDateTime=0x1b7d6270, ftLastAccessTime.dwHighDateTime=0x1d4d183, ftLastWriteTime.dwLowDateTime=0x83783ca2, ftLastWriteTime.dwHighDateTime=0x1d57301, nFileSizeHigh=0x0, nFileSizeLow=0x105f0)) returned 1 [0098.753] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfebe0) returned 1 [0098.753] MoveFileW (lpExistingFileName="C:\\Users\\FD1HVy\\Pictures\\q9PQ6m6FTZlaVRyn.png" (normalized: "c:\\users\\fd1hvy\\pictures\\q9pq6m6ftzlavryn.png"), lpNewFileName="C:\\Users\\FD1HVy\\Pictures\\q9PQ6m6FTZlaVRyn.png.shade8" (normalized: "c:\\users\\fd1hvy\\pictures\\q9pq6m6ftzlavryn.png.shade8")) returned 1 [0098.761] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\qx cC l6OaDw3F3ir.png", nBufferLength=0x105, lpBuffer=0xcfe620, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Pictures\\qx cC l6OaDw3F3ir.png", lpFilePart=0x0) returned 0x2e [0098.761] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeb64) returned 1 [0098.761] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Pictures\\qx cC l6OaDw3F3ir.png" (normalized: "c:\\users\\fd1hvy\\pictures\\qx cc l6oadw3f3ir.png"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2b8 [0098.761] GetFileType (hFile=0x2b8) returned 0x1 [0098.761] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeb60) returned 1 [0098.761] GetFileType (hFile=0x2b8) returned 0x1 [0098.761] GetFileSize (in: hFile=0x2b8, lpFileSizeHigh=0xcfec60 | out: lpFileSizeHigh=0xcfec60*=0x0) returned 0xfe61 [0098.762] ReadFile (in: hFile=0x2b8, lpBuffer=0x2cf5220, nNumberOfBytesToRead=0xfe61, lpNumberOfBytesRead=0xcfec0c, lpOverlapped=0x0 | out: lpBuffer=0x2cf5220*, lpNumberOfBytesRead=0xcfec0c*=0xfe61, lpOverlapped=0x0) returned 1 [0098.762] CloseHandle (hObject=0x2b8) returned 1 [0098.810] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", nBufferLength=0x105, lpBuffer=0xcfe724, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", lpFilePart=0x0) returned 0x2c [0098.810] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfebd8) returned 1 [0098.810] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8" (normalized: "c:\\users\\fd1hvy\\desktop\\read_this.txt.shade8"), fInfoLevelId=0x0, lpFileInformation=0xcfec54 | out: lpFileInformation=0xcfec54*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0098.810] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfebd4) returned 1 [0098.810] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\qx cC l6OaDw3F3ir.png", nBufferLength=0x105, lpBuffer=0xcfe60c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Pictures\\qx cC l6OaDw3F3ir.png", lpFilePart=0x0) returned 0x2e [0098.810] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeb50) returned 1 [0098.810] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Pictures\\qx cC l6OaDw3F3ir.png" (normalized: "c:\\users\\fd1hvy\\pictures\\qx cc l6oadw3f3ir.png"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2b8 [0098.811] GetFileType (hFile=0x2b8) returned 0x1 [0098.812] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeb4c) returned 1 [0098.812] GetFileType (hFile=0x2b8) returned 0x1 [0098.812] WriteFile (in: hFile=0x2b8, lpBuffer=0x2bed07c*, nNumberOfBytesToWrite=0xfe70, lpNumberOfBytesWritten=0xcfec00, lpOverlapped=0x0 | out: lpBuffer=0x2bed07c*, lpNumberOfBytesWritten=0xcfec00*=0xfe70, lpOverlapped=0x0) returned 1 [0098.814] CloseHandle (hObject=0x2b8) returned 1 [0098.816] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\qx cC l6OaDw3F3ir.png", nBufferLength=0x105, lpBuffer=0xcfe730, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Pictures\\qx cC l6OaDw3F3ir.png", lpFilePart=0x0) returned 0x2e [0098.816] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\qx cC l6OaDw3F3ir.png.shade8", nBufferLength=0x105, lpBuffer=0xcfe730, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Pictures\\qx cC l6OaDw3F3ir.png.shade8", lpFilePart=0x0) returned 0x35 [0098.816] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfebe4) returned 1 [0098.816] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\qx cC l6OaDw3F3ir.png" (normalized: "c:\\users\\fd1hvy\\pictures\\qx cc l6oadw3f3ir.png"), fInfoLevelId=0x0, lpFileInformation=0xcfec60 | out: lpFileInformation=0xcfec60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x43aadba0, ftCreationTime.dwHighDateTime=0x1d4d11b, ftLastAccessTime.dwLowDateTime=0xbd6e2970, ftLastAccessTime.dwHighDateTime=0x1d4cd78, ftLastWriteTime.dwLowDateTime=0x8381ac1d, ftLastWriteTime.dwHighDateTime=0x1d57301, nFileSizeHigh=0x0, nFileSizeLow=0xfe70)) returned 1 [0098.817] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfebe0) returned 1 [0098.817] MoveFileW (lpExistingFileName="C:\\Users\\FD1HVy\\Pictures\\qx cC l6OaDw3F3ir.png" (normalized: "c:\\users\\fd1hvy\\pictures\\qx cc l6oadw3f3ir.png"), lpNewFileName="C:\\Users\\FD1HVy\\Pictures\\qx cC l6OaDw3F3ir.png.shade8" (normalized: "c:\\users\\fd1hvy\\pictures\\qx cc l6oadw3f3ir.png.shade8")) returned 1 [0098.817] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\R_kad31fE8n9kjn.png", nBufferLength=0x105, lpBuffer=0xcfe620, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Pictures\\R_kad31fE8n9kjn.png", lpFilePart=0x0) returned 0x2c [0098.817] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeb64) returned 1 [0098.817] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Pictures\\R_kad31fE8n9kjn.png" (normalized: "c:\\users\\fd1hvy\\pictures\\r_kad31fe8n9kjn.png"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2b8 [0098.818] GetFileType (hFile=0x2b8) returned 0x1 [0098.818] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeb60) returned 1 [0098.818] GetFileType (hFile=0x2b8) returned 0x1 [0098.818] GetFileSize (in: hFile=0x2b8, lpFileSizeHigh=0xcfec60 | out: lpFileSizeHigh=0xcfec60*=0x0) returned 0x9618 [0098.818] ReadFile (in: hFile=0x2b8, lpBuffer=0x2bfd394, nNumberOfBytesToRead=0x9618, lpNumberOfBytesRead=0xcfec0c, lpOverlapped=0x0 | out: lpBuffer=0x2bfd394*, lpNumberOfBytesRead=0xcfec0c*=0x9618, lpOverlapped=0x0) returned 1 [0098.818] CloseHandle (hObject=0x2b8) returned 1 [0098.934] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", nBufferLength=0x105, lpBuffer=0xcfe724, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", lpFilePart=0x0) returned 0x2c [0098.934] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfebd8) returned 1 [0098.934] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8" (normalized: "c:\\users\\fd1hvy\\desktop\\read_this.txt.shade8"), fInfoLevelId=0x0, lpFileInformation=0xcfec54 | out: lpFileInformation=0xcfec54*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0098.934] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfebd4) returned 1 [0098.934] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\R_kad31fE8n9kjn.png", nBufferLength=0x105, lpBuffer=0xcfe60c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Pictures\\R_kad31fE8n9kjn.png", lpFilePart=0x0) returned 0x2c [0098.934] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeb50) returned 1 [0098.934] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Pictures\\R_kad31fE8n9kjn.png" (normalized: "c:\\users\\fd1hvy\\pictures\\r_kad31fe8n9kjn.png"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2b8 [0098.936] GetFileType (hFile=0x2b8) returned 0x1 [0098.936] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeb4c) returned 1 [0098.936] GetFileType (hFile=0x2b8) returned 0x1 [0098.936] WriteFile (in: hFile=0x2b8, lpBuffer=0x2c79178*, nNumberOfBytesToWrite=0x9620, lpNumberOfBytesWritten=0xcfec00, lpOverlapped=0x0 | out: lpBuffer=0x2c79178*, lpNumberOfBytesWritten=0xcfec00*=0x9620, lpOverlapped=0x0) returned 1 [0098.938] CloseHandle (hObject=0x2b8) returned 1 [0098.966] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\R_kad31fE8n9kjn.png", nBufferLength=0x105, lpBuffer=0xcfe730, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Pictures\\R_kad31fE8n9kjn.png", lpFilePart=0x0) returned 0x2c [0098.966] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\R_kad31fE8n9kjn.png.shade8", nBufferLength=0x105, lpBuffer=0xcfe730, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Pictures\\R_kad31fE8n9kjn.png.shade8", lpFilePart=0x0) returned 0x33 [0098.966] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfebe4) returned 1 [0098.966] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\R_kad31fE8n9kjn.png" (normalized: "c:\\users\\fd1hvy\\pictures\\r_kad31fe8n9kjn.png"), fInfoLevelId=0x0, lpFileInformation=0xcfec60 | out: lpFileInformation=0xcfec60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xbd8516f0, ftCreationTime.dwHighDateTime=0x1d4d2d5, ftLastAccessTime.dwLowDateTime=0xec9a38d0, ftLastAccessTime.dwHighDateTime=0x1d4d55a, ftLastWriteTime.dwLowDateTime=0x8398da58, ftLastWriteTime.dwHighDateTime=0x1d57301, nFileSizeHigh=0x0, nFileSizeLow=0x9620)) returned 1 [0098.967] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfebe0) returned 1 [0098.967] MoveFileW (lpExistingFileName="C:\\Users\\FD1HVy\\Pictures\\R_kad31fE8n9kjn.png" (normalized: "c:\\users\\fd1hvy\\pictures\\r_kad31fe8n9kjn.png"), lpNewFileName="C:\\Users\\FD1HVy\\Pictures\\R_kad31fE8n9kjn.png.shade8" (normalized: "c:\\users\\fd1hvy\\pictures\\r_kad31fe8n9kjn.png.shade8")) returned 1 [0098.967] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\SvYNlt iTipCbGeaY21.jpg", nBufferLength=0x105, lpBuffer=0xcfe620, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Pictures\\SvYNlt iTipCbGeaY21.jpg", lpFilePart=0x0) returned 0x30 [0098.967] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeb64) returned 1 [0098.967] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Pictures\\SvYNlt iTipCbGeaY21.jpg" (normalized: "c:\\users\\fd1hvy\\pictures\\svynlt itipcbgeay21.jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2b8 [0098.968] GetFileType (hFile=0x2b8) returned 0x1 [0098.968] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeb60) returned 1 [0098.968] GetFileType (hFile=0x2b8) returned 0x1 [0098.968] GetFileSize (in: hFile=0x2b8, lpFileSizeHigh=0xcfec60 | out: lpFileSizeHigh=0xcfec60*=0x0) returned 0x866b [0098.968] ReadFile (in: hFile=0x2b8, lpBuffer=0x2c82c54, nNumberOfBytesToRead=0x866b, lpNumberOfBytesRead=0xcfec0c, lpOverlapped=0x0 | out: lpBuffer=0x2c82c54*, lpNumberOfBytesRead=0xcfec0c*=0x866b, lpOverlapped=0x0) returned 1 [0098.968] CloseHandle (hObject=0x2b8) returned 1 [0098.986] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", nBufferLength=0x105, lpBuffer=0xcfe724, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", lpFilePart=0x0) returned 0x2c [0098.987] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfebd8) returned 1 [0098.987] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8" (normalized: "c:\\users\\fd1hvy\\desktop\\read_this.txt.shade8"), fInfoLevelId=0x0, lpFileInformation=0xcfec54 | out: lpFileInformation=0xcfec54*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0098.987] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfebd4) returned 1 [0098.987] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\SvYNlt iTipCbGeaY21.jpg", nBufferLength=0x105, lpBuffer=0xcfe60c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Pictures\\SvYNlt iTipCbGeaY21.jpg", lpFilePart=0x0) returned 0x30 [0098.987] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeb50) returned 1 [0098.987] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Pictures\\SvYNlt iTipCbGeaY21.jpg" (normalized: "c:\\users\\fd1hvy\\pictures\\svynlt itipcbgeay21.jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2b8 [0098.988] GetFileType (hFile=0x2b8) returned 0x1 [0098.988] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeb4c) returned 1 [0098.988] GetFileType (hFile=0x2b8) returned 0x1 [0098.988] WriteFile (in: hFile=0x2b8, lpBuffer=0x2cf9a70*, nNumberOfBytesToWrite=0x8670, lpNumberOfBytesWritten=0xcfec00, lpOverlapped=0x0 | out: lpBuffer=0x2cf9a70*, lpNumberOfBytesWritten=0xcfec00*=0x8670, lpOverlapped=0x0) returned 1 [0099.052] CloseHandle (hObject=0x2b8) returned 1 [0099.053] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\SvYNlt iTipCbGeaY21.jpg", nBufferLength=0x105, lpBuffer=0xcfe730, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Pictures\\SvYNlt iTipCbGeaY21.jpg", lpFilePart=0x0) returned 0x30 [0099.054] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\SvYNlt iTipCbGeaY21.jpg.shade8", nBufferLength=0x105, lpBuffer=0xcfe730, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Pictures\\SvYNlt iTipCbGeaY21.jpg.shade8", lpFilePart=0x0) returned 0x37 [0099.054] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfebe4) returned 1 [0099.054] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\SvYNlt iTipCbGeaY21.jpg" (normalized: "c:\\users\\fd1hvy\\pictures\\svynlt itipcbgeay21.jpg"), fInfoLevelId=0x0, lpFileInformation=0xcfec60 | out: lpFileInformation=0xcfec60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4b592820, ftCreationTime.dwHighDateTime=0x1d4d175, ftLastAccessTime.dwLowDateTime=0xcbbbce50, ftLastAccessTime.dwHighDateTime=0x1d4ccca, ftLastWriteTime.dwLowDateTime=0x83a4c95c, ftLastWriteTime.dwHighDateTime=0x1d57301, nFileSizeHigh=0x0, nFileSizeLow=0x8670)) returned 1 [0099.054] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfebe0) returned 1 [0099.054] MoveFileW (lpExistingFileName="C:\\Users\\FD1HVy\\Pictures\\SvYNlt iTipCbGeaY21.jpg" (normalized: "c:\\users\\fd1hvy\\pictures\\svynlt itipcbgeay21.jpg"), lpNewFileName="C:\\Users\\FD1HVy\\Pictures\\SvYNlt iTipCbGeaY21.jpg.shade8" (normalized: "c:\\users\\fd1hvy\\pictures\\svynlt itipcbgeay21.jpg.shade8")) returned 1 [0099.055] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\sYGib zY69_.png", nBufferLength=0x105, lpBuffer=0xcfe620, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Pictures\\sYGib zY69_.png", lpFilePart=0x0) returned 0x28 [0099.055] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeb64) returned 1 [0099.055] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Pictures\\sYGib zY69_.png" (normalized: "c:\\users\\fd1hvy\\pictures\\sygib zy69_.png"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2b8 [0099.055] GetFileType (hFile=0x2b8) returned 0x1 [0099.055] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeb60) returned 1 [0099.055] GetFileType (hFile=0x2b8) returned 0x1 [0099.055] GetFileSize (in: hFile=0x2b8, lpFileSizeHigh=0xcfec60 | out: lpFileSizeHigh=0xcfec60*=0x0) returned 0xda79 [0099.055] ReadFile (in: hFile=0x2b8, lpBuffer=0x2d0258c, nNumberOfBytesToRead=0xda79, lpNumberOfBytesRead=0xcfec0c, lpOverlapped=0x0 | out: lpBuffer=0x2d0258c*, lpNumberOfBytesRead=0xcfec0c*=0xda79, lpOverlapped=0x0) returned 1 [0099.055] CloseHandle (hObject=0x2b8) returned 1 [0099.074] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", nBufferLength=0x105, lpBuffer=0xcfe724, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", lpFilePart=0x0) returned 0x2c [0099.074] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfebd8) returned 1 [0099.074] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8" (normalized: "c:\\users\\fd1hvy\\desktop\\read_this.txt.shade8"), fInfoLevelId=0x0, lpFileInformation=0xcfec54 | out: lpFileInformation=0xcfec54*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0099.074] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfebd4) returned 1 [0099.074] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\sYGib zY69_.png", nBufferLength=0x105, lpBuffer=0xcfe60c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Pictures\\sYGib zY69_.png", lpFilePart=0x0) returned 0x28 [0099.074] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeb50) returned 1 [0099.074] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Pictures\\sYGib zY69_.png" (normalized: "c:\\users\\fd1hvy\\pictures\\sygib zy69_.png"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2b8 [0099.076] GetFileType (hFile=0x2b8) returned 0x1 [0099.076] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeb4c) returned 1 [0099.076] GetFileType (hFile=0x2b8) returned 0x1 [0099.076] WriteFile (in: hFile=0x2b8, lpBuffer=0x2d7830c*, nNumberOfBytesToWrite=0xda80, lpNumberOfBytesWritten=0xcfec00, lpOverlapped=0x0 | out: lpBuffer=0x2d7830c*, lpNumberOfBytesWritten=0xcfec00*=0xda80, lpOverlapped=0x0) returned 1 [0099.078] CloseHandle (hObject=0x2b8) returned 1 [0099.080] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\sYGib zY69_.png", nBufferLength=0x105, lpBuffer=0xcfe730, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Pictures\\sYGib zY69_.png", lpFilePart=0x0) returned 0x28 [0099.080] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\sYGib zY69_.png.shade8", nBufferLength=0x105, lpBuffer=0xcfe730, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Pictures\\sYGib zY69_.png.shade8", lpFilePart=0x0) returned 0x2f [0099.080] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfebe4) returned 1 [0099.080] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\sYGib zY69_.png" (normalized: "c:\\users\\fd1hvy\\pictures\\sygib zy69_.png"), fInfoLevelId=0x0, lpFileInformation=0xcfec60 | out: lpFileInformation=0xcfec60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e50810, ftCreationTime.dwHighDateTime=0x1d4c793, ftLastAccessTime.dwLowDateTime=0xb5a20a00, ftLastAccessTime.dwHighDateTime=0x1d4d227, ftLastWriteTime.dwLowDateTime=0x83a98e19, ftLastWriteTime.dwHighDateTime=0x1d57301, nFileSizeHigh=0x0, nFileSizeLow=0xda80)) returned 1 [0099.080] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfebe0) returned 1 [0099.080] MoveFileW (lpExistingFileName="C:\\Users\\FD1HVy\\Pictures\\sYGib zY69_.png" (normalized: "c:\\users\\fd1hvy\\pictures\\sygib zy69_.png"), lpNewFileName="C:\\Users\\FD1HVy\\Pictures\\sYGib zY69_.png.shade8" (normalized: "c:\\users\\fd1hvy\\pictures\\sygib zy69_.png.shade8")) returned 1 [0099.080] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\T5dowEUb06bqYQQ.jpg", nBufferLength=0x105, lpBuffer=0xcfe620, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Pictures\\T5dowEUb06bqYQQ.jpg", lpFilePart=0x0) returned 0x2c [0099.081] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeb64) returned 1 [0099.081] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Pictures\\T5dowEUb06bqYQQ.jpg" (normalized: "c:\\users\\fd1hvy\\pictures\\t5doweub06bqyqq.jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2b8 [0099.081] GetFileType (hFile=0x2b8) returned 0x1 [0099.081] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeb60) returned 1 [0099.081] GetFileType (hFile=0x2b8) returned 0x1 [0099.081] GetFileSize (in: hFile=0x2b8, lpFileSizeHigh=0xcfec60 | out: lpFileSizeHigh=0xcfec60*=0x0) returned 0x8463 [0099.081] ReadFile (in: hFile=0x2b8, lpBuffer=0x2d861f8, nNumberOfBytesToRead=0x8463, lpNumberOfBytesRead=0xcfec0c, lpOverlapped=0x0 | out: lpBuffer=0x2d861f8*, lpNumberOfBytesRead=0xcfec0c*=0x8463, lpOverlapped=0x0) returned 1 [0099.081] CloseHandle (hObject=0x2b8) returned 1 [0099.101] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", nBufferLength=0x105, lpBuffer=0xcfe724, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", lpFilePart=0x0) returned 0x2c [0099.101] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfebd8) returned 1 [0099.101] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8" (normalized: "c:\\users\\fd1hvy\\desktop\\read_this.txt.shade8"), fInfoLevelId=0x0, lpFileInformation=0xcfec54 | out: lpFileInformation=0xcfec54*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0099.102] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfebd4) returned 1 [0099.102] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\T5dowEUb06bqYQQ.jpg", nBufferLength=0x105, lpBuffer=0xcfe60c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Pictures\\T5dowEUb06bqYQQ.jpg", lpFilePart=0x0) returned 0x2c [0099.102] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeb50) returned 1 [0099.102] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Pictures\\T5dowEUb06bqYQQ.jpg" (normalized: "c:\\users\\fd1hvy\\pictures\\t5doweub06bqyqq.jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2b8 [0099.103] GetFileType (hFile=0x2b8) returned 0x1 [0099.103] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeb4c) returned 1 [0099.103] GetFileType (hFile=0x2b8) returned 0x1 [0099.103] WriteFile (in: hFile=0x2b8, lpBuffer=0x2dfc614*, nNumberOfBytesToWrite=0x8470, lpNumberOfBytesWritten=0xcfec00, lpOverlapped=0x0 | out: lpBuffer=0x2dfc614*, lpNumberOfBytesWritten=0xcfec00*=0x8470, lpOverlapped=0x0) returned 1 [0099.109] CloseHandle (hObject=0x2b8) returned 1 [0099.110] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\T5dowEUb06bqYQQ.jpg", nBufferLength=0x105, lpBuffer=0xcfe730, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Pictures\\T5dowEUb06bqYQQ.jpg", lpFilePart=0x0) returned 0x2c [0099.111] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\T5dowEUb06bqYQQ.jpg.shade8", nBufferLength=0x105, lpBuffer=0xcfe730, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Pictures\\T5dowEUb06bqYQQ.jpg.shade8", lpFilePart=0x0) returned 0x33 [0099.111] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfebe4) returned 1 [0099.111] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\T5dowEUb06bqYQQ.jpg" (normalized: "c:\\users\\fd1hvy\\pictures\\t5doweub06bqyqq.jpg"), fInfoLevelId=0x0, lpFileInformation=0xcfec60 | out: lpFileInformation=0xcfec60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2b7197a0, ftCreationTime.dwHighDateTime=0x1d4cad0, ftLastAccessTime.dwLowDateTime=0xc9a4bb40, ftLastAccessTime.dwHighDateTime=0x1d4c5d1, ftLastWriteTime.dwLowDateTime=0x83ae52ea, ftLastWriteTime.dwHighDateTime=0x1d57301, nFileSizeHigh=0x0, nFileSizeLow=0x8470)) returned 1 [0099.111] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfebe0) returned 1 [0099.111] MoveFileW (lpExistingFileName="C:\\Users\\FD1HVy\\Pictures\\T5dowEUb06bqYQQ.jpg" (normalized: "c:\\users\\fd1hvy\\pictures\\t5doweub06bqyqq.jpg"), lpNewFileName="C:\\Users\\FD1HVy\\Pictures\\T5dowEUb06bqYQQ.jpg.shade8" (normalized: "c:\\users\\fd1hvy\\pictures\\t5doweub06bqyqq.jpg.shade8")) returned 1 [0099.111] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\ua7o.bmp", nBufferLength=0x105, lpBuffer=0xcfe620, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Pictures\\ua7o.bmp", lpFilePart=0x0) returned 0x21 [0099.111] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeb64) returned 1 [0099.111] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Pictures\\ua7o.bmp" (normalized: "c:\\users\\fd1hvy\\pictures\\ua7o.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2b8 [0099.112] GetFileType (hFile=0x2b8) returned 0x1 [0099.112] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeb60) returned 1 [0099.112] GetFileType (hFile=0x2b8) returned 0x1 [0099.112] GetFileSize (in: hFile=0x2b8, lpFileSizeHigh=0xcfec60 | out: lpFileSizeHigh=0xcfec60*=0x0) returned 0x1506f [0099.112] ReadFile (in: hFile=0x2b8, lpBuffer=0x3c32fd8, nNumberOfBytesToRead=0x1506f, lpNumberOfBytesRead=0xcfec0c, lpOverlapped=0x0 | out: lpBuffer=0x3c32fd8*, lpNumberOfBytesRead=0xcfec0c*=0x1506f, lpOverlapped=0x0) returned 1 [0099.114] CloseHandle (hObject=0x2b8) returned 1 [0099.152] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", nBufferLength=0x105, lpBuffer=0xcfe724, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", lpFilePart=0x0) returned 0x2c [0099.152] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfebd8) returned 1 [0099.152] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8" (normalized: "c:\\users\\fd1hvy\\desktop\\read_this.txt.shade8"), fInfoLevelId=0x0, lpFileInformation=0xcfec54 | out: lpFileInformation=0xcfec54*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0099.152] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfebd4) returned 1 [0099.152] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\ua7o.bmp", nBufferLength=0x105, lpBuffer=0xcfe60c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Pictures\\ua7o.bmp", lpFilePart=0x0) returned 0x21 [0099.152] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeb50) returned 1 [0099.152] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Pictures\\ua7o.bmp" (normalized: "c:\\users\\fd1hvy\\pictures\\ua7o.bmp"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2b8 [0099.154] GetFileType (hFile=0x2b8) returned 0x1 [0099.154] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeb4c) returned 1 [0099.154] GetFileType (hFile=0x2b8) returned 0x1 [0099.154] WriteFile (in: hFile=0x2b8, lpBuffer=0x3c9c248*, nNumberOfBytesToWrite=0x15070, lpNumberOfBytesWritten=0xcfec00, lpOverlapped=0x0 | out: lpBuffer=0x3c9c248*, lpNumberOfBytesWritten=0xcfec00*=0x15070, lpOverlapped=0x0) returned 1 [0099.156] CloseHandle (hObject=0x2b8) returned 1 [0099.159] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\ua7o.bmp", nBufferLength=0x105, lpBuffer=0xcfe730, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Pictures\\ua7o.bmp", lpFilePart=0x0) returned 0x21 [0099.159] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\ua7o.bmp.shade8", nBufferLength=0x105, lpBuffer=0xcfe730, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Pictures\\ua7o.bmp.shade8", lpFilePart=0x0) returned 0x28 [0099.159] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfebe4) returned 1 [0099.159] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\ua7o.bmp" (normalized: "c:\\users\\fd1hvy\\pictures\\ua7o.bmp"), fInfoLevelId=0x0, lpFileInformation=0xcfec60 | out: lpFileInformation=0xcfec60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9205a9f0, ftCreationTime.dwHighDateTime=0x1d4c884, ftLastAccessTime.dwLowDateTime=0x2b342490, ftLastAccessTime.dwHighDateTime=0x1d4c65e, ftLastWriteTime.dwLowDateTime=0x83b57a1f, ftLastWriteTime.dwHighDateTime=0x1d57301, nFileSizeHigh=0x0, nFileSizeLow=0x15070)) returned 1 [0099.159] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfebe0) returned 1 [0099.159] MoveFileW (lpExistingFileName="C:\\Users\\FD1HVy\\Pictures\\ua7o.bmp" (normalized: "c:\\users\\fd1hvy\\pictures\\ua7o.bmp"), lpNewFileName="C:\\Users\\FD1HVy\\Pictures\\ua7o.bmp.shade8" (normalized: "c:\\users\\fd1hvy\\pictures\\ua7o.bmp.shade8")) returned 1 [0099.160] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\wbyq.jpg", nBufferLength=0x105, lpBuffer=0xcfe620, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Pictures\\wbyq.jpg", lpFilePart=0x0) returned 0x21 [0099.160] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeb64) returned 1 [0099.160] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Pictures\\wbyq.jpg" (normalized: "c:\\users\\fd1hvy\\pictures\\wbyq.jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2b8 [0099.160] GetFileType (hFile=0x2b8) returned 0x1 [0099.160] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeb60) returned 1 [0099.160] GetFileType (hFile=0x2b8) returned 0x1 [0099.160] GetFileSize (in: hFile=0x2b8, lpFileSizeHigh=0xcfec60 | out: lpFileSizeHigh=0xcfec60*=0x0) returned 0x10b3a [0099.160] ReadFile (in: hFile=0x2b8, lpBuffer=0x2e52120, nNumberOfBytesToRead=0x10b3a, lpNumberOfBytesRead=0xcfec0c, lpOverlapped=0x0 | out: lpBuffer=0x2e52120*, lpNumberOfBytesRead=0xcfec0c*=0x10b3a, lpOverlapped=0x0) returned 1 [0099.161] CloseHandle (hObject=0x2b8) returned 1 [0099.180] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", nBufferLength=0x105, lpBuffer=0xcfe724, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", lpFilePart=0x0) returned 0x2c [0099.180] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfebd8) returned 1 [0099.180] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8" (normalized: "c:\\users\\fd1hvy\\desktop\\read_this.txt.shade8"), fInfoLevelId=0x0, lpFileInformation=0xcfec54 | out: lpFileInformation=0xcfec54*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0099.180] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfebd4) returned 1 [0099.180] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\wbyq.jpg", nBufferLength=0x105, lpBuffer=0xcfe60c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Pictures\\wbyq.jpg", lpFilePart=0x0) returned 0x21 [0099.180] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeb50) returned 1 [0099.181] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Pictures\\wbyq.jpg" (normalized: "c:\\users\\fd1hvy\\pictures\\wbyq.jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2b8 [0099.182] GetFileType (hFile=0x2b8) returned 0x1 [0099.182] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeb4c) returned 1 [0099.182] GetFileType (hFile=0x2b8) returned 0x1 [0099.182] WriteFile (in: hFile=0x2b8, lpBuffer=0x2ed10e0*, nNumberOfBytesToWrite=0x10b40, lpNumberOfBytesWritten=0xcfec00, lpOverlapped=0x0 | out: lpBuffer=0x2ed10e0*, lpNumberOfBytesWritten=0xcfec00*=0x10b40, lpOverlapped=0x0) returned 1 [0099.184] CloseHandle (hObject=0x2b8) returned 1 [0099.189] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\wbyq.jpg", nBufferLength=0x105, lpBuffer=0xcfe730, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Pictures\\wbyq.jpg", lpFilePart=0x0) returned 0x21 [0099.189] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\wbyq.jpg.shade8", nBufferLength=0x105, lpBuffer=0xcfe730, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Pictures\\wbyq.jpg.shade8", lpFilePart=0x0) returned 0x28 [0099.189] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfebe4) returned 1 [0099.189] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\wbyq.jpg" (normalized: "c:\\users\\fd1hvy\\pictures\\wbyq.jpg"), fInfoLevelId=0x0, lpFileInformation=0xcfec60 | out: lpFileInformation=0xcfec60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x91998450, ftCreationTime.dwHighDateTime=0x1d4c979, ftLastAccessTime.dwLowDateTime=0x720f11e0, ftLastAccessTime.dwHighDateTime=0x1d4ca7d, ftLastWriteTime.dwLowDateTime=0x83ba3eaf, ftLastWriteTime.dwHighDateTime=0x1d57301, nFileSizeHigh=0x0, nFileSizeLow=0x10b40)) returned 1 [0099.189] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfebe0) returned 1 [0099.189] MoveFileW (lpExistingFileName="C:\\Users\\FD1HVy\\Pictures\\wbyq.jpg" (normalized: "c:\\users\\fd1hvy\\pictures\\wbyq.jpg"), lpNewFileName="C:\\Users\\FD1HVy\\Pictures\\wbyq.jpg.shade8" (normalized: "c:\\users\\fd1hvy\\pictures\\wbyq.jpg.shade8")) returned 1 [0099.190] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\xLS-jVD.bmp", nBufferLength=0x105, lpBuffer=0xcfe620, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Pictures\\xLS-jVD.bmp", lpFilePart=0x0) returned 0x24 [0099.190] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeb64) returned 1 [0099.190] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Pictures\\xLS-jVD.bmp" (normalized: "c:\\users\\fd1hvy\\pictures\\xls-jvd.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2b8 [0099.190] GetFileType (hFile=0x2b8) returned 0x1 [0099.190] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeb60) returned 1 [0099.190] GetFileType (hFile=0x2b8) returned 0x1 [0099.190] GetFileSize (in: hFile=0x2b8, lpFileSizeHigh=0xcfec60 | out: lpFileSizeHigh=0xcfec60*=0x0) returned 0xd05d [0099.193] ReadFile (in: hFile=0x2b8, lpBuffer=0x2bed1e0, nNumberOfBytesToRead=0xd05d, lpNumberOfBytesRead=0xcfec0c, lpOverlapped=0x0 | out: lpBuffer=0x2bed1e0*, lpNumberOfBytesRead=0xcfec0c*=0xd05d, lpOverlapped=0x0) returned 1 [0099.194] CloseHandle (hObject=0x2b8) returned 1 [0099.254] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", nBufferLength=0x105, lpBuffer=0xcfe724, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", lpFilePart=0x0) returned 0x2c [0099.254] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfebd8) returned 1 [0099.255] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8" (normalized: "c:\\users\\fd1hvy\\desktop\\read_this.txt.shade8"), fInfoLevelId=0x0, lpFileInformation=0xcfec54 | out: lpFileInformation=0xcfec54*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0099.255] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfebd4) returned 1 [0099.255] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\xLS-jVD.bmp", nBufferLength=0x105, lpBuffer=0xcfe60c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Pictures\\xLS-jVD.bmp", lpFilePart=0x0) returned 0x24 [0099.255] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeb50) returned 1 [0099.255] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Pictures\\xLS-jVD.bmp" (normalized: "c:\\users\\fd1hvy\\pictures\\xls-jvd.bmp"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2b8 [0099.256] GetFileType (hFile=0x2b8) returned 0x1 [0099.256] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeb4c) returned 1 [0099.256] GetFileType (hFile=0x2b8) returned 0x1 [0099.256] WriteFile (in: hFile=0x2b8, lpBuffer=0x2c6125c*, nNumberOfBytesToWrite=0xd060, lpNumberOfBytesWritten=0xcfec00, lpOverlapped=0x0 | out: lpBuffer=0x2c6125c*, lpNumberOfBytesWritten=0xcfec00*=0xd060, lpOverlapped=0x0) returned 1 [0099.258] CloseHandle (hObject=0x2b8) returned 1 [0099.260] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\xLS-jVD.bmp", nBufferLength=0x105, lpBuffer=0xcfe730, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Pictures\\xLS-jVD.bmp", lpFilePart=0x0) returned 0x24 [0099.260] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\xLS-jVD.bmp.shade8", nBufferLength=0x105, lpBuffer=0xcfe730, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Pictures\\xLS-jVD.bmp.shade8", lpFilePart=0x0) returned 0x2b [0099.260] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfebe4) returned 1 [0099.261] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\xLS-jVD.bmp" (normalized: "c:\\users\\fd1hvy\\pictures\\xls-jvd.bmp"), fInfoLevelId=0x0, lpFileInformation=0xcfec60 | out: lpFileInformation=0xcfec60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3902a820, ftCreationTime.dwHighDateTime=0x1d4cb73, ftLastAccessTime.dwLowDateTime=0xafd1d520, ftLastAccessTime.dwHighDateTime=0x1d4d145, ftLastWriteTime.dwLowDateTime=0x83c3c804, ftLastWriteTime.dwHighDateTime=0x1d57301, nFileSizeHigh=0x0, nFileSizeLow=0xd060)) returned 1 [0099.261] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfebe0) returned 1 [0099.261] MoveFileW (lpExistingFileName="C:\\Users\\FD1HVy\\Pictures\\xLS-jVD.bmp" (normalized: "c:\\users\\fd1hvy\\pictures\\xls-jvd.bmp"), lpNewFileName="C:\\Users\\FD1HVy\\Pictures\\xLS-jVD.bmp.shade8" (normalized: "c:\\users\\fd1hvy\\pictures\\xls-jvd.bmp.shade8")) returned 1 [0099.262] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\Y2g5s0bUdYCWTLgdwhk.png", nBufferLength=0x105, lpBuffer=0xcfe620, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Pictures\\Y2g5s0bUdYCWTLgdwhk.png", lpFilePart=0x0) returned 0x30 [0099.262] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeb64) returned 1 [0099.262] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Pictures\\Y2g5s0bUdYCWTLgdwhk.png" (normalized: "c:\\users\\fd1hvy\\pictures\\y2g5s0budycwtlgdwhk.png"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2b8 [0099.262] GetFileType (hFile=0x2b8) returned 0x1 [0099.262] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeb60) returned 1 [0099.262] GetFileType (hFile=0x2b8) returned 0x1 [0099.262] GetFileSize (in: hFile=0x2b8, lpFileSizeHigh=0xcfec60 | out: lpFileSizeHigh=0xcfec60*=0x0) returned 0x9181 [0099.272] ReadFile (in: hFile=0x2b8, lpBuffer=0x2c6e728, nNumberOfBytesToRead=0x9181, lpNumberOfBytesRead=0xcfec0c, lpOverlapped=0x0 | out: lpBuffer=0x2c6e728*, lpNumberOfBytesRead=0xcfec0c*=0x9181, lpOverlapped=0x0) returned 1 [0099.273] CloseHandle (hObject=0x2b8) returned 1 [0099.290] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", nBufferLength=0x105, lpBuffer=0xcfe724, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", lpFilePart=0x0) returned 0x2c [0099.290] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfebd8) returned 1 [0099.290] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8" (normalized: "c:\\users\\fd1hvy\\desktop\\read_this.txt.shade8"), fInfoLevelId=0x0, lpFileInformation=0xcfec54 | out: lpFileInformation=0xcfec54*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0099.290] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfebd4) returned 1 [0099.290] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\Y2g5s0bUdYCWTLgdwhk.png", nBufferLength=0x105, lpBuffer=0xcfe60c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Pictures\\Y2g5s0bUdYCWTLgdwhk.png", lpFilePart=0x0) returned 0x30 [0099.290] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeb50) returned 1 [0099.290] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Pictures\\Y2g5s0bUdYCWTLgdwhk.png" (normalized: "c:\\users\\fd1hvy\\pictures\\y2g5s0budycwtlgdwhk.png"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2b8 [0099.292] GetFileType (hFile=0x2b8) returned 0x1 [0099.292] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeb4c) returned 1 [0099.292] GetFileType (hFile=0x2b8) returned 0x1 [0099.292] WriteFile (in: hFile=0x2b8, lpBuffer=0x2ce8ce4*, nNumberOfBytesToWrite=0x9190, lpNumberOfBytesWritten=0xcfec00, lpOverlapped=0x0 | out: lpBuffer=0x2ce8ce4*, lpNumberOfBytesWritten=0xcfec00*=0x9190, lpOverlapped=0x0) returned 1 [0099.293] CloseHandle (hObject=0x2b8) returned 1 [0099.297] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\Y2g5s0bUdYCWTLgdwhk.png", nBufferLength=0x105, lpBuffer=0xcfe730, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Pictures\\Y2g5s0bUdYCWTLgdwhk.png", lpFilePart=0x0) returned 0x30 [0099.297] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\Y2g5s0bUdYCWTLgdwhk.png.shade8", nBufferLength=0x105, lpBuffer=0xcfe730, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Pictures\\Y2g5s0bUdYCWTLgdwhk.png.shade8", lpFilePart=0x0) returned 0x37 [0099.297] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfebe4) returned 1 [0099.297] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\Y2g5s0bUdYCWTLgdwhk.png" (normalized: "c:\\users\\fd1hvy\\pictures\\y2g5s0budycwtlgdwhk.png"), fInfoLevelId=0x0, lpFileInformation=0xcfec60 | out: lpFileInformation=0xcfec60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4ae05650, ftCreationTime.dwHighDateTime=0x1d4d00f, ftLastAccessTime.dwLowDateTime=0x3897b200, ftLastAccessTime.dwHighDateTime=0x1d4cf3c, ftLastWriteTime.dwLowDateTime=0x83caf04e, ftLastWriteTime.dwHighDateTime=0x1d57301, nFileSizeHigh=0x0, nFileSizeLow=0x9190)) returned 1 [0099.297] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfebe0) returned 1 [0099.297] MoveFileW (lpExistingFileName="C:\\Users\\FD1HVy\\Pictures\\Y2g5s0bUdYCWTLgdwhk.png" (normalized: "c:\\users\\fd1hvy\\pictures\\y2g5s0budycwtlgdwhk.png"), lpNewFileName="C:\\Users\\FD1HVy\\Pictures\\Y2g5s0bUdYCWTLgdwhk.png.shade8" (normalized: "c:\\users\\fd1hvy\\pictures\\y2g5s0budycwtlgdwhk.png.shade8")) returned 1 [0099.298] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\Ydho.png", nBufferLength=0x105, lpBuffer=0xcfe620, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Pictures\\Ydho.png", lpFilePart=0x0) returned 0x21 [0099.298] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeb64) returned 1 [0099.298] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Pictures\\Ydho.png" (normalized: "c:\\users\\fd1hvy\\pictures\\ydho.png"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2b8 [0099.298] GetFileType (hFile=0x2b8) returned 0x1 [0099.298] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeb60) returned 1 [0099.298] GetFileType (hFile=0x2b8) returned 0x1 [0099.298] GetFileSize (in: hFile=0x2b8, lpFileSizeHigh=0xcfec60 | out: lpFileSizeHigh=0xcfec60*=0x0) returned 0x16ab8 [0099.299] ReadFile (in: hFile=0x2b8, lpBuffer=0x3ceca18, nNumberOfBytesToRead=0x16ab8, lpNumberOfBytesRead=0xcfec0c, lpOverlapped=0x0 | out: lpBuffer=0x3ceca18*, lpNumberOfBytesRead=0xcfec0c*=0x16ab8, lpOverlapped=0x0) returned 1 [0099.301] CloseHandle (hObject=0x2b8) returned 1 [0099.327] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", nBufferLength=0x105, lpBuffer=0xcfe724, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", lpFilePart=0x0) returned 0x2c [0099.328] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfebd8) returned 1 [0099.328] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8" (normalized: "c:\\users\\fd1hvy\\desktop\\read_this.txt.shade8"), fInfoLevelId=0x0, lpFileInformation=0xcfec54 | out: lpFileInformation=0xcfec54*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0099.328] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfebd4) returned 1 [0099.328] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\Ydho.png", nBufferLength=0x105, lpBuffer=0xcfe60c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Pictures\\Ydho.png", lpFilePart=0x0) returned 0x21 [0099.328] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeb50) returned 1 [0099.328] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Pictures\\Ydho.png" (normalized: "c:\\users\\fd1hvy\\pictures\\ydho.png"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2b8 [0099.330] GetFileType (hFile=0x2b8) returned 0x1 [0099.330] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeb4c) returned 1 [0099.330] GetFileType (hFile=0x2b8) returned 0x1 [0099.330] WriteFile (in: hFile=0x2b8, lpBuffer=0x3d5e010*, nNumberOfBytesToWrite=0x16ac0, lpNumberOfBytesWritten=0xcfec00, lpOverlapped=0x0 | out: lpBuffer=0x3d5e010*, lpNumberOfBytesWritten=0xcfec00*=0x16ac0, lpOverlapped=0x0) returned 1 [0099.332] CloseHandle (hObject=0x2b8) returned 1 [0099.335] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\Ydho.png", nBufferLength=0x105, lpBuffer=0xcfe730, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Pictures\\Ydho.png", lpFilePart=0x0) returned 0x21 [0099.335] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\Ydho.png.shade8", nBufferLength=0x105, lpBuffer=0xcfe730, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Pictures\\Ydho.png.shade8", lpFilePart=0x0) returned 0x28 [0099.335] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfebe4) returned 1 [0099.335] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\Ydho.png" (normalized: "c:\\users\\fd1hvy\\pictures\\ydho.png"), fInfoLevelId=0x0, lpFileInformation=0xcfec60 | out: lpFileInformation=0xcfec60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4fba4b0, ftCreationTime.dwHighDateTime=0x1d4c9d3, ftLastAccessTime.dwLowDateTime=0x209d5600, ftLastAccessTime.dwHighDateTime=0x1d4cf37, ftLastWriteTime.dwLowDateTime=0x83cfb43c, ftLastWriteTime.dwHighDateTime=0x1d57301, nFileSizeHigh=0x0, nFileSizeLow=0x16ac0)) returned 1 [0099.335] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfebe0) returned 1 [0099.335] MoveFileW (lpExistingFileName="C:\\Users\\FD1HVy\\Pictures\\Ydho.png" (normalized: "c:\\users\\fd1hvy\\pictures\\ydho.png"), lpNewFileName="C:\\Users\\FD1HVy\\Pictures\\Ydho.png.shade8" (normalized: "c:\\users\\fd1hvy\\pictures\\ydho.png.shade8")) returned 1 [0099.336] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\yRDk8a4KrUdSBF0.bmp", nBufferLength=0x105, lpBuffer=0xcfe620, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Pictures\\yRDk8a4KrUdSBF0.bmp", lpFilePart=0x0) returned 0x2c [0099.336] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeb64) returned 1 [0099.336] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Pictures\\yRDk8a4KrUdSBF0.bmp" (normalized: "c:\\users\\fd1hvy\\pictures\\yrdk8a4krudsbf0.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2b8 [0099.336] GetFileType (hFile=0x2b8) returned 0x1 [0099.336] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeb60) returned 1 [0099.336] GetFileType (hFile=0x2b8) returned 0x1 [0099.336] GetFileSize (in: hFile=0x2b8, lpFileSizeHigh=0xcfec60 | out: lpFileSizeHigh=0xcfec60*=0x0) returned 0xdac2 [0099.336] ReadFile (in: hFile=0x2b8, lpBuffer=0x2d3f520, nNumberOfBytesToRead=0xdac2, lpNumberOfBytesRead=0xcfec0c, lpOverlapped=0x0 | out: lpBuffer=0x2d3f520*, lpNumberOfBytesRead=0xcfec0c*=0xdac2, lpOverlapped=0x0) returned 1 [0099.337] CloseHandle (hObject=0x2b8) returned 1 [0099.363] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", nBufferLength=0x105, lpBuffer=0xcfe724, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", lpFilePart=0x0) returned 0x2c [0099.363] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfebd8) returned 1 [0099.363] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8" (normalized: "c:\\users\\fd1hvy\\desktop\\read_this.txt.shade8"), fInfoLevelId=0x0, lpFileInformation=0xcfec54 | out: lpFileInformation=0xcfec54*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0099.363] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfebd4) returned 1 [0099.363] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\yRDk8a4KrUdSBF0.bmp", nBufferLength=0x105, lpBuffer=0xcfe60c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Pictures\\yRDk8a4KrUdSBF0.bmp", lpFilePart=0x0) returned 0x2c [0099.363] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeb50) returned 1 [0099.363] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Pictures\\yRDk8a4KrUdSBF0.bmp" (normalized: "c:\\users\\fd1hvy\\pictures\\yrdk8a4krudsbf0.bmp"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2b8 [0099.365] GetFileType (hFile=0x2b8) returned 0x1 [0099.365] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeb4c) returned 1 [0099.365] GetFileType (hFile=0x2b8) returned 0x1 [0099.365] WriteFile (in: hFile=0x2b8, lpBuffer=0x2db5390*, nNumberOfBytesToWrite=0xdad0, lpNumberOfBytesWritten=0xcfec00, lpOverlapped=0x0 | out: lpBuffer=0x2db5390*, lpNumberOfBytesWritten=0xcfec00*=0xdad0, lpOverlapped=0x0) returned 1 [0099.366] CloseHandle (hObject=0x2b8) returned 1 [0099.368] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\yRDk8a4KrUdSBF0.bmp", nBufferLength=0x105, lpBuffer=0xcfe730, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Pictures\\yRDk8a4KrUdSBF0.bmp", lpFilePart=0x0) returned 0x2c [0099.368] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\yRDk8a4KrUdSBF0.bmp.shade8", nBufferLength=0x105, lpBuffer=0xcfe730, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Pictures\\yRDk8a4KrUdSBF0.bmp.shade8", lpFilePart=0x0) returned 0x33 [0099.368] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfebe4) returned 1 [0099.368] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\yRDk8a4KrUdSBF0.bmp" (normalized: "c:\\users\\fd1hvy\\pictures\\yrdk8a4krudsbf0.bmp"), fInfoLevelId=0x0, lpFileInformation=0xcfec60 | out: lpFileInformation=0xcfec60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9acc95a0, ftCreationTime.dwHighDateTime=0x1d4d1e2, ftLastAccessTime.dwLowDateTime=0x3bae6dc0, ftLastAccessTime.dwHighDateTime=0x1d4ce11, ftLastWriteTime.dwLowDateTime=0x83d477d7, ftLastWriteTime.dwHighDateTime=0x1d57301, nFileSizeHigh=0x0, nFileSizeLow=0xdad0)) returned 1 [0099.369] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfebe0) returned 1 [0099.369] MoveFileW (lpExistingFileName="C:\\Users\\FD1HVy\\Pictures\\yRDk8a4KrUdSBF0.bmp" (normalized: "c:\\users\\fd1hvy\\pictures\\yrdk8a4krudsbf0.bmp"), lpNewFileName="C:\\Users\\FD1HVy\\Pictures\\yRDk8a4KrUdSBF0.bmp.shade8" (normalized: "c:\\users\\fd1hvy\\pictures\\yrdk8a4krudsbf0.bmp.shade8")) returned 1 [0099.369] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\Z4feoFk.png", nBufferLength=0x105, lpBuffer=0xcfe620, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Pictures\\Z4feoFk.png", lpFilePart=0x0) returned 0x24 [0099.369] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeb64) returned 1 [0099.369] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Pictures\\Z4feoFk.png" (normalized: "c:\\users\\fd1hvy\\pictures\\z4feofk.png"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2b8 [0099.369] GetFileType (hFile=0x2b8) returned 0x1 [0099.369] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeb60) returned 1 [0099.369] GetFileType (hFile=0x2b8) returned 0x1 [0099.370] GetFileSize (in: hFile=0x2b8, lpFileSizeHigh=0xcfec60 | out: lpFileSizeHigh=0xcfec60*=0x0) returned 0x7e7f [0099.370] ReadFile (in: hFile=0x2b8, lpBuffer=0x2dc32d4, nNumberOfBytesToRead=0x7e7f, lpNumberOfBytesRead=0xcfec0c, lpOverlapped=0x0 | out: lpBuffer=0x2dc32d4*, lpNumberOfBytesRead=0xcfec0c*=0x7e7f, lpOverlapped=0x0) returned 1 [0099.370] CloseHandle (hObject=0x2b8) returned 1 [0099.433] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", nBufferLength=0x105, lpBuffer=0xcfe724, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", lpFilePart=0x0) returned 0x2c [0099.433] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfebd8) returned 1 [0099.433] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8" (normalized: "c:\\users\\fd1hvy\\desktop\\read_this.txt.shade8"), fInfoLevelId=0x0, lpFileInformation=0xcfec54 | out: lpFileInformation=0xcfec54*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0099.434] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfebd4) returned 1 [0099.434] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\Z4feoFk.png", nBufferLength=0x105, lpBuffer=0xcfe60c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Pictures\\Z4feoFk.png", lpFilePart=0x0) returned 0x24 [0099.434] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeb50) returned 1 [0099.434] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Pictures\\Z4feoFk.png" (normalized: "c:\\users\\fd1hvy\\pictures\\z4feofk.png"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2b8 [0099.435] GetFileType (hFile=0x2b8) returned 0x1 [0099.435] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeb4c) returned 1 [0099.435] GetFileType (hFile=0x2b8) returned 0x1 [0099.435] WriteFile (in: hFile=0x2b8, lpBuffer=0x2c3fc78*, nNumberOfBytesToWrite=0x7e80, lpNumberOfBytesWritten=0xcfec00, lpOverlapped=0x0 | out: lpBuffer=0x2c3fc78*, lpNumberOfBytesWritten=0xcfec00*=0x7e80, lpOverlapped=0x0) returned 1 [0099.437] CloseHandle (hObject=0x2b8) returned 1 [0099.438] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\Z4feoFk.png", nBufferLength=0x105, lpBuffer=0xcfe730, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Pictures\\Z4feoFk.png", lpFilePart=0x0) returned 0x24 [0099.438] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\Z4feoFk.png.shade8", nBufferLength=0x105, lpBuffer=0xcfe730, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Pictures\\Z4feoFk.png.shade8", lpFilePart=0x0) returned 0x2b [0099.438] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfebe4) returned 1 [0099.438] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\Z4feoFk.png" (normalized: "c:\\users\\fd1hvy\\pictures\\z4feofk.png"), fInfoLevelId=0x0, lpFileInformation=0xcfec60 | out: lpFileInformation=0xcfec60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x21d8fcc0, ftCreationTime.dwHighDateTime=0x1d4d439, ftLastAccessTime.dwLowDateTime=0x7a665e30, ftLastAccessTime.dwHighDateTime=0x1d4d35f, ftLastWriteTime.dwLowDateTime=0x83e06417, ftLastWriteTime.dwHighDateTime=0x1d57301, nFileSizeHigh=0x0, nFileSizeLow=0x7e80)) returned 1 [0099.438] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfebe0) returned 1 [0099.439] MoveFileW (lpExistingFileName="C:\\Users\\FD1HVy\\Pictures\\Z4feoFk.png" (normalized: "c:\\users\\fd1hvy\\pictures\\z4feofk.png"), lpNewFileName="C:\\Users\\FD1HVy\\Pictures\\Z4feoFk.png.shade8" (normalized: "c:\\users\\fd1hvy\\pictures\\z4feofk.png.shade8")) returned 1 [0099.439] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\Z7HvtM6H.bmp", nBufferLength=0x105, lpBuffer=0xcfe620, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Pictures\\Z7HvtM6H.bmp", lpFilePart=0x0) returned 0x25 [0099.439] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeb64) returned 1 [0099.439] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Pictures\\Z7HvtM6H.bmp" (normalized: "c:\\users\\fd1hvy\\pictures\\z7hvtm6h.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2b8 [0099.439] GetFileType (hFile=0x2b8) returned 0x1 [0099.439] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeb60) returned 1 [0099.439] GetFileType (hFile=0x2b8) returned 0x1 [0099.439] GetFileSize (in: hFile=0x2b8, lpFileSizeHigh=0xcfec60 | out: lpFileSizeHigh=0xcfec60*=0x0) returned 0xc531 [0099.440] ReadFile (in: hFile=0x2b8, lpBuffer=0x2c47f20, nNumberOfBytesToRead=0xc531, lpNumberOfBytesRead=0xcfec0c, lpOverlapped=0x0 | out: lpBuffer=0x2c47f20*, lpNumberOfBytesRead=0xcfec0c*=0xc531, lpOverlapped=0x0) returned 1 [0099.440] CloseHandle (hObject=0x2b8) returned 1 [0099.458] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", nBufferLength=0x105, lpBuffer=0xcfe724, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", lpFilePart=0x0) returned 0x2c [0099.458] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfebd8) returned 1 [0099.458] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8" (normalized: "c:\\users\\fd1hvy\\desktop\\read_this.txt.shade8"), fInfoLevelId=0x0, lpFileInformation=0xcfec54 | out: lpFileInformation=0xcfec54*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0099.458] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfebd4) returned 1 [0099.458] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\Z7HvtM6H.bmp", nBufferLength=0x105, lpBuffer=0xcfe60c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Pictures\\Z7HvtM6H.bmp", lpFilePart=0x0) returned 0x25 [0099.458] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeb50) returned 1 [0099.458] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Pictures\\Z7HvtM6H.bmp" (normalized: "c:\\users\\fd1hvy\\pictures\\z7hvtm6h.bmp"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2b8 [0099.459] GetFileType (hFile=0x2b8) returned 0x1 [0099.460] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeb4c) returned 1 [0099.460] GetFileType (hFile=0x2b8) returned 0x1 [0099.460] WriteFile (in: hFile=0x2b8, lpBuffer=0x2cb9e3c*, nNumberOfBytesToWrite=0xc540, lpNumberOfBytesWritten=0xcfec00, lpOverlapped=0x0 | out: lpBuffer=0x2cb9e3c*, lpNumberOfBytesWritten=0xcfec00*=0xc540, lpOverlapped=0x0) returned 1 [0099.461] CloseHandle (hObject=0x2b8) returned 1 [0099.463] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\Z7HvtM6H.bmp", nBufferLength=0x105, lpBuffer=0xcfe730, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Pictures\\Z7HvtM6H.bmp", lpFilePart=0x0) returned 0x25 [0099.463] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\Z7HvtM6H.bmp.shade8", nBufferLength=0x105, lpBuffer=0xcfe730, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Pictures\\Z7HvtM6H.bmp.shade8", lpFilePart=0x0) returned 0x2c [0099.463] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfebe4) returned 1 [0099.463] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\Z7HvtM6H.bmp" (normalized: "c:\\users\\fd1hvy\\pictures\\z7hvtm6h.bmp"), fInfoLevelId=0x0, lpFileInformation=0xcfec60 | out: lpFileInformation=0xcfec60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a30c9a0, ftCreationTime.dwHighDateTime=0x1d4d12c, ftLastAccessTime.dwLowDateTime=0xd05f3df0, ftLastAccessTime.dwHighDateTime=0x1d4cea7, ftLastWriteTime.dwLowDateTime=0x83e2c698, ftLastWriteTime.dwHighDateTime=0x1d57301, nFileSizeHigh=0x0, nFileSizeLow=0xc540)) returned 1 [0099.463] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfebe0) returned 1 [0099.463] MoveFileW (lpExistingFileName="C:\\Users\\FD1HVy\\Pictures\\Z7HvtM6H.bmp" (normalized: "c:\\users\\fd1hvy\\pictures\\z7hvtm6h.bmp"), lpNewFileName="C:\\Users\\FD1HVy\\Pictures\\Z7HvtM6H.bmp.shade8" (normalized: "c:\\users\\fd1hvy\\pictures\\z7hvtm6h.bmp.shade8")) returned 1 [0099.464] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfec44) returned 1 [0099.464] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\Camera Roll", nBufferLength=0x105, lpBuffer=0xcfe6f8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Pictures\\Camera Roll", lpFilePart=0x0) returned 0x24 [0099.464] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\Camera Roll\\*", lpFindFileData=0xcfe96c | out: lpFindFileData=0xcfe96c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x51278b1d, ftCreationTime.dwHighDateTime=0x1d32715, ftLastAccessTime.dwLowDateTime=0xd45b4543, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x51278b1d, ftLastWriteTime.dwHighDateTime=0x1d32715, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xfe65a0 [0099.465] FindNextFileW (in: hFindFile=0xfe65a0, lpFindFileData=0xcfe978 | out: lpFindFileData=0xcfe978*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x51278b1d, ftCreationTime.dwHighDateTime=0x1d32715, ftLastAccessTime.dwLowDateTime=0xd45b4543, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x51278b1d, ftLastWriteTime.dwHighDateTime=0x1d32715, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0099.465] FindNextFileW (in: hFindFile=0xfe65a0, lpFindFileData=0xcfe978 | out: lpFindFileData=0xcfe978*(dwFileAttributes=0x6, ftCreationTime.dwLowDateTime=0x51278b1d, ftCreationTime.dwHighDateTime=0x1d32715, ftLastAccessTime.dwLowDateTime=0x51278b1d, ftLastAccessTime.dwHighDateTime=0x1d32715, ftLastWriteTime.dwLowDateTime=0x51278b1d, ftLastWriteTime.dwHighDateTime=0x1d32715, nFileSizeHigh=0x0, nFileSizeLow=0xbe, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0099.465] FindNextFileW (in: hFindFile=0xfe65a0, lpFindFileData=0xcfe978 | out: lpFindFileData=0xcfe978*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0099.479] FindClose (in: hFindFile=0xfe65a0 | out: hFindFile=0xfe65a0) returned 1 [0099.479] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfec00) returned 1 [0099.479] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfec0c) returned 1 [0099.479] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfec44) returned 1 [0099.480] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\Camera Roll", nBufferLength=0x105, lpBuffer=0xcfe6f8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Pictures\\Camera Roll", lpFilePart=0x0) returned 0x24 [0099.480] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\Camera Roll\\*", lpFindFileData=0xcfe96c | out: lpFindFileData=0xcfe96c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x51278b1d, ftCreationTime.dwHighDateTime=0x1d32715, ftLastAccessTime.dwLowDateTime=0xd45b4543, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x51278b1d, ftLastWriteTime.dwHighDateTime=0x1d32715, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xfe65a0 [0099.480] FindNextFileW (in: hFindFile=0xfe65a0, lpFindFileData=0xcfe978 | out: lpFindFileData=0xcfe978*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x51278b1d, ftCreationTime.dwHighDateTime=0x1d32715, ftLastAccessTime.dwLowDateTime=0xd45b4543, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x51278b1d, ftLastWriteTime.dwHighDateTime=0x1d32715, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0099.480] FindNextFileW (in: hFindFile=0xfe65a0, lpFindFileData=0xcfe978 | out: lpFindFileData=0xcfe978*(dwFileAttributes=0x6, ftCreationTime.dwLowDateTime=0x51278b1d, ftCreationTime.dwHighDateTime=0x1d32715, ftLastAccessTime.dwLowDateTime=0x51278b1d, ftLastAccessTime.dwHighDateTime=0x1d32715, ftLastWriteTime.dwLowDateTime=0x51278b1d, ftLastWriteTime.dwHighDateTime=0x1d32715, nFileSizeHigh=0x0, nFileSizeLow=0xbe, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0099.480] FindNextFileW (in: hFindFile=0xfe65a0, lpFindFileData=0xcfe978 | out: lpFindFileData=0xcfe978*(dwFileAttributes=0x6, ftCreationTime.dwLowDateTime=0x51278b1d, ftCreationTime.dwHighDateTime=0x1d32715, ftLastAccessTime.dwLowDateTime=0x51278b1d, ftLastAccessTime.dwHighDateTime=0x1d32715, ftLastWriteTime.dwLowDateTime=0x51278b1d, ftLastWriteTime.dwHighDateTime=0x1d32715, nFileSizeHigh=0x0, nFileSizeLow=0xbe, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 0 [0099.480] FindClose (in: hFindFile=0xfe65a0 | out: hFindFile=0xfe65a0) returned 1 [0099.481] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfec00) returned 1 [0099.481] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfec0c) returned 1 [0099.481] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfec44) returned 1 [0099.481] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\Saved Pictures", nBufferLength=0x105, lpBuffer=0xcfe6f8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Pictures\\Saved Pictures", lpFilePart=0x0) returned 0x27 [0099.481] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\Saved Pictures\\*", lpFindFileData=0xcfe96c | out: lpFindFileData=0xcfe96c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x51311410, ftCreationTime.dwHighDateTime=0x1d32715, ftLastAccessTime.dwLowDateTime=0xd45b4e37, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x51311410, ftLastWriteTime.dwHighDateTime=0x1d32715, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xfe65a0 [0099.481] FindNextFileW (in: hFindFile=0xfe65a0, lpFindFileData=0xcfe978 | out: lpFindFileData=0xcfe978*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x51311410, ftCreationTime.dwHighDateTime=0x1d32715, ftLastAccessTime.dwLowDateTime=0xd45b4e37, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x51311410, ftLastWriteTime.dwHighDateTime=0x1d32715, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0099.481] FindNextFileW (in: hFindFile=0xfe65a0, lpFindFileData=0xcfe978 | out: lpFindFileData=0xcfe978*(dwFileAttributes=0x6, ftCreationTime.dwLowDateTime=0x51311410, ftCreationTime.dwHighDateTime=0x1d32715, ftLastAccessTime.dwLowDateTime=0x51311410, ftLastAccessTime.dwHighDateTime=0x1d32715, ftLastWriteTime.dwLowDateTime=0x51311410, ftLastWriteTime.dwHighDateTime=0x1d32715, nFileSizeHigh=0x0, nFileSizeLow=0xbe, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0099.482] FindNextFileW (in: hFindFile=0xfe65a0, lpFindFileData=0xcfe978 | out: lpFindFileData=0xcfe978*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0099.482] FindClose (in: hFindFile=0xfe65a0 | out: hFindFile=0xfe65a0) returned 1 [0099.486] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfec00) returned 1 [0099.486] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfec0c) returned 1 [0099.487] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfec44) returned 1 [0099.487] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\Saved Pictures", nBufferLength=0x105, lpBuffer=0xcfe6f8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Pictures\\Saved Pictures", lpFilePart=0x0) returned 0x27 [0099.487] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\Pictures\\Saved Pictures\\*", lpFindFileData=0xcfe96c | out: lpFindFileData=0xcfe96c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x51311410, ftCreationTime.dwHighDateTime=0x1d32715, ftLastAccessTime.dwLowDateTime=0xd45b4e37, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x51311410, ftLastWriteTime.dwHighDateTime=0x1d32715, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xfe65a0 [0099.487] FindNextFileW (in: hFindFile=0xfe65a0, lpFindFileData=0xcfe978 | out: lpFindFileData=0xcfe978*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x51311410, ftCreationTime.dwHighDateTime=0x1d32715, ftLastAccessTime.dwLowDateTime=0xd45b4e37, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x51311410, ftLastWriteTime.dwHighDateTime=0x1d32715, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0099.487] FindNextFileW (in: hFindFile=0xfe65a0, lpFindFileData=0xcfe978 | out: lpFindFileData=0xcfe978*(dwFileAttributes=0x6, ftCreationTime.dwLowDateTime=0x51311410, ftCreationTime.dwHighDateTime=0x1d32715, ftLastAccessTime.dwLowDateTime=0x51311410, ftLastAccessTime.dwHighDateTime=0x1d32715, ftLastWriteTime.dwLowDateTime=0x51311410, ftLastWriteTime.dwHighDateTime=0x1d32715, nFileSizeHigh=0x0, nFileSizeLow=0xbe, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0099.487] FindNextFileW (in: hFindFile=0xfe65a0, lpFindFileData=0xcfe978 | out: lpFindFileData=0xcfe978*(dwFileAttributes=0x6, ftCreationTime.dwLowDateTime=0x51311410, ftCreationTime.dwHighDateTime=0x1d32715, ftLastAccessTime.dwLowDateTime=0x51311410, ftLastAccessTime.dwHighDateTime=0x1d32715, ftLastWriteTime.dwLowDateTime=0x51311410, ftLastWriteTime.dwHighDateTime=0x1d32715, nFileSizeHigh=0x0, nFileSizeLow=0xbe, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 0 [0099.487] FindClose (in: hFindFile=0xfe65a0 | out: hFindFile=0xfe65a0) returned 1 [0099.487] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfec00) returned 1 [0099.488] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfec0c) returned 1 [0099.488] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfecb8) returned 1 [0099.488] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Music", nBufferLength=0x105, lpBuffer=0xcfe76c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Music", lpFilePart=0x0) returned 0x15 [0099.488] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\Music\\*", lpFindFileData=0xcfe9e0 | out: lpFindFileData=0xcfe9e0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x3476bd48, ftCreationTime.dwHighDateTime=0x1d32722, ftLastAccessTime.dwLowDateTime=0x4c4d12ec, ftLastAccessTime.dwHighDateTime=0x1d57301, ftLastWriteTime.dwLowDateTime=0x4c4d12ec, ftLastWriteTime.dwHighDateTime=0x1d57301, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xfe67a0 [0099.488] FindNextFileW (in: hFindFile=0xfe67a0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x3476bd48, ftCreationTime.dwHighDateTime=0x1d32722, ftLastAccessTime.dwLowDateTime=0x4c4d12ec, ftLastAccessTime.dwHighDateTime=0x1d57301, ftLastWriteTime.dwLowDateTime=0x4c4d12ec, ftLastWriteTime.dwHighDateTime=0x1d57301, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0099.488] FindNextFileW (in: hFindFile=0xfe67a0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x9d038210, ftCreationTime.dwHighDateTime=0x1d4d30f, ftLastAccessTime.dwLowDateTime=0xdb9de940, ftLastAccessTime.dwHighDateTime=0x1d4ccf5, ftLastWriteTime.dwLowDateTime=0xdb9de940, ftLastWriteTime.dwHighDateTime=0x1d4ccf5, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="8xoHpHwf65aRqdFKyFMC", cAlternateFileName="8XOHPH~1")) returned 1 [0099.488] FindNextFileW (in: hFindFile=0xfe67a0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae2573e0, ftCreationTime.dwHighDateTime=0x1d4cad2, ftLastAccessTime.dwLowDateTime=0xf674be20, ftLastAccessTime.dwHighDateTime=0x1d4d064, ftLastWriteTime.dwLowDateTime=0xf674be20, ftLastWriteTime.dwHighDateTime=0x1d4d064, nFileSizeHigh=0x0, nFileSizeLow=0x3bbb, dwReserved0=0x0, dwReserved1=0x0, cFileName="Cvenk.mp3", cAlternateFileName="")) returned 1 [0099.488] FindNextFileW (in: hFindFile=0xfe67a0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x4409f518, ftCreationTime.dwHighDateTime=0x1d32722, ftLastAccessTime.dwLowDateTime=0x4409f518, ftLastAccessTime.dwHighDateTime=0x1d32722, ftLastWriteTime.dwLowDateTime=0xce3d633b, ftLastWriteTime.dwHighDateTime=0x1d32743, nFileSizeHigh=0x0, nFileSizeLow=0x1f8, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0099.489] FindNextFileW (in: hFindFile=0xfe67a0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x78ca2ff0, ftCreationTime.dwHighDateTime=0x1d4ca83, ftLastAccessTime.dwLowDateTime=0xf7900850, ftLastAccessTime.dwHighDateTime=0x1d4c5d3, ftLastWriteTime.dwLowDateTime=0xf7900850, ftLastWriteTime.dwHighDateTime=0x1d4c5d3, nFileSizeHigh=0x0, nFileSizeLow=0x836, dwReserved0=0x0, dwReserved1=0x0, cFileName="G0LE.mp3", cAlternateFileName="")) returned 1 [0099.489] FindNextFileW (in: hFindFile=0xfe67a0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x64e349c0, ftCreationTime.dwHighDateTime=0x1d4cbc5, ftLastAccessTime.dwLowDateTime=0xd2ec4ce0, ftLastAccessTime.dwHighDateTime=0x1d4c711, ftLastWriteTime.dwLowDateTime=0xd2ec4ce0, ftLastWriteTime.dwHighDateTime=0x1d4c711, nFileSizeHigh=0x0, nFileSizeLow=0x17047, dwReserved0=0x0, dwReserved1=0x0, cFileName="NRK0DO2H4_mpt13UCJA.wav", cAlternateFileName="NRK0DO~1.WAV")) returned 1 [0099.489] FindNextFileW (in: hFindFile=0xfe67a0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x970696a0, ftCreationTime.dwHighDateTime=0x1d4c6a2, ftLastAccessTime.dwLowDateTime=0xdf7b03e0, ftLastAccessTime.dwHighDateTime=0x1d4d52e, ftLastWriteTime.dwLowDateTime=0xdf7b03e0, ftLastWriteTime.dwHighDateTime=0x1d4d52e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="tnbAj4-aB0K", cAlternateFileName="TNBAJ4~1")) returned 1 [0099.489] FindNextFileW (in: hFindFile=0xfe67a0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x527e8f00, ftCreationTime.dwHighDateTime=0x1d4ccc0, ftLastAccessTime.dwLowDateTime=0xc24d8120, ftLastAccessTime.dwHighDateTime=0x1d4c774, ftLastWriteTime.dwLowDateTime=0xc24d8120, ftLastWriteTime.dwHighDateTime=0x1d4c774, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="uKXWa1PtjbZApm2LEb", cAlternateFileName="UKXWA1~1")) returned 1 [0099.489] FindNextFileW (in: hFindFile=0xfe67a0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd4112080, ftCreationTime.dwHighDateTime=0x1d4c5e2, ftLastAccessTime.dwLowDateTime=0xee553ac0, ftLastAccessTime.dwHighDateTime=0x1d4d3a3, ftLastWriteTime.dwLowDateTime=0xee553ac0, ftLastWriteTime.dwHighDateTime=0x1d4d3a3, nFileSizeHigh=0x0, nFileSizeLow=0x172f8, dwReserved0=0x0, dwReserved1=0x0, cFileName="uNiqqOlNI5mv.wav", cAlternateFileName="UNIQQO~1.WAV")) returned 1 [0099.489] FindNextFileW (in: hFindFile=0xfe67a0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x9386c1f0, ftCreationTime.dwHighDateTime=0x1d4c5e2, ftLastAccessTime.dwLowDateTime=0x85ed15b0, ftLastAccessTime.dwHighDateTime=0x1d4cde1, ftLastWriteTime.dwLowDateTime=0x85ed15b0, ftLastWriteTime.dwHighDateTime=0x1d4cde1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="wPjihQO", cAlternateFileName="")) returned 1 [0099.490] FindNextFileW (in: hFindFile=0xfe67a0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb50871d0, ftCreationTime.dwHighDateTime=0x1d4c5e1, ftLastAccessTime.dwLowDateTime=0x74e521e0, ftLastAccessTime.dwHighDateTime=0x1d4c733, ftLastWriteTime.dwLowDateTime=0x74e521e0, ftLastWriteTime.dwHighDateTime=0x1d4c733, nFileSizeHigh=0x0, nFileSizeLow=0x12539, dwReserved0=0x0, dwReserved1=0x0, cFileName="YcGBFAFtwTcYj.m4a", cAlternateFileName="YCGBFA~1.M4A")) returned 1 [0099.490] FindNextFileW (in: hFindFile=0xfe67a0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x81140170, ftCreationTime.dwHighDateTime=0x1d4cb93, ftLastAccessTime.dwLowDateTime=0x4ad600f0, ftLastAccessTime.dwHighDateTime=0x1d4c75a, ftLastWriteTime.dwLowDateTime=0x4ad600f0, ftLastWriteTime.dwHighDateTime=0x1d4c75a, nFileSizeHigh=0x0, nFileSizeLow=0xa33e, dwReserved0=0x0, dwReserved1=0x0, cFileName="__zKi8s.mp3", cAlternateFileName="")) returned 1 [0099.490] FindNextFileW (in: hFindFile=0xfe67a0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0099.490] FindClose (in: hFindFile=0xfe67a0 | out: hFindFile=0xfe67a0) returned 1 [0099.490] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfec74) returned 1 [0099.490] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfec80) returned 1 [0099.490] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfecb8) returned 1 [0099.490] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Music", nBufferLength=0x105, lpBuffer=0xcfe76c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Music", lpFilePart=0x0) returned 0x15 [0099.490] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\Music\\*", lpFindFileData=0xcfe9e0 | out: lpFindFileData=0xcfe9e0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x3476bd48, ftCreationTime.dwHighDateTime=0x1d32722, ftLastAccessTime.dwLowDateTime=0x4c4d12ec, ftLastAccessTime.dwHighDateTime=0x1d57301, ftLastWriteTime.dwLowDateTime=0x4c4d12ec, ftLastWriteTime.dwHighDateTime=0x1d57301, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xfe6960 [0099.490] FindNextFileW (in: hFindFile=0xfe6960, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x3476bd48, ftCreationTime.dwHighDateTime=0x1d32722, ftLastAccessTime.dwLowDateTime=0x4c4d12ec, ftLastAccessTime.dwHighDateTime=0x1d57301, ftLastWriteTime.dwLowDateTime=0x4c4d12ec, ftLastWriteTime.dwHighDateTime=0x1d57301, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0099.491] FindNextFileW (in: hFindFile=0xfe6960, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x9d038210, ftCreationTime.dwHighDateTime=0x1d4d30f, ftLastAccessTime.dwLowDateTime=0xdb9de940, ftLastAccessTime.dwHighDateTime=0x1d4ccf5, ftLastWriteTime.dwLowDateTime=0xdb9de940, ftLastWriteTime.dwHighDateTime=0x1d4ccf5, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="8xoHpHwf65aRqdFKyFMC", cAlternateFileName="8XOHPH~1")) returned 1 [0099.491] FindNextFileW (in: hFindFile=0xfe6960, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae2573e0, ftCreationTime.dwHighDateTime=0x1d4cad2, ftLastAccessTime.dwLowDateTime=0xf674be20, ftLastAccessTime.dwHighDateTime=0x1d4d064, ftLastWriteTime.dwLowDateTime=0xf674be20, ftLastWriteTime.dwHighDateTime=0x1d4d064, nFileSizeHigh=0x0, nFileSizeLow=0x3bbb, dwReserved0=0x0, dwReserved1=0x0, cFileName="Cvenk.mp3", cAlternateFileName="")) returned 1 [0099.491] FindNextFileW (in: hFindFile=0xfe6960, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x4409f518, ftCreationTime.dwHighDateTime=0x1d32722, ftLastAccessTime.dwLowDateTime=0x4409f518, ftLastAccessTime.dwHighDateTime=0x1d32722, ftLastWriteTime.dwLowDateTime=0xce3d633b, ftLastWriteTime.dwHighDateTime=0x1d32743, nFileSizeHigh=0x0, nFileSizeLow=0x1f8, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0099.491] FindNextFileW (in: hFindFile=0xfe6960, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x78ca2ff0, ftCreationTime.dwHighDateTime=0x1d4ca83, ftLastAccessTime.dwLowDateTime=0xf7900850, ftLastAccessTime.dwHighDateTime=0x1d4c5d3, ftLastWriteTime.dwLowDateTime=0xf7900850, ftLastWriteTime.dwHighDateTime=0x1d4c5d3, nFileSizeHigh=0x0, nFileSizeLow=0x836, dwReserved0=0x0, dwReserved1=0x0, cFileName="G0LE.mp3", cAlternateFileName="")) returned 1 [0099.491] FindNextFileW (in: hFindFile=0xfe6960, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x64e349c0, ftCreationTime.dwHighDateTime=0x1d4cbc5, ftLastAccessTime.dwLowDateTime=0xd2ec4ce0, ftLastAccessTime.dwHighDateTime=0x1d4c711, ftLastWriteTime.dwLowDateTime=0xd2ec4ce0, ftLastWriteTime.dwHighDateTime=0x1d4c711, nFileSizeHigh=0x0, nFileSizeLow=0x17047, dwReserved0=0x0, dwReserved1=0x0, cFileName="NRK0DO2H4_mpt13UCJA.wav", cAlternateFileName="NRK0DO~1.WAV")) returned 1 [0099.492] FindNextFileW (in: hFindFile=0xfe6960, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x970696a0, ftCreationTime.dwHighDateTime=0x1d4c6a2, ftLastAccessTime.dwLowDateTime=0xdf7b03e0, ftLastAccessTime.dwHighDateTime=0x1d4d52e, ftLastWriteTime.dwLowDateTime=0xdf7b03e0, ftLastWriteTime.dwHighDateTime=0x1d4d52e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="tnbAj4-aB0K", cAlternateFileName="TNBAJ4~1")) returned 1 [0099.492] FindNextFileW (in: hFindFile=0xfe6960, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x527e8f00, ftCreationTime.dwHighDateTime=0x1d4ccc0, ftLastAccessTime.dwLowDateTime=0xc24d8120, ftLastAccessTime.dwHighDateTime=0x1d4c774, ftLastWriteTime.dwLowDateTime=0xc24d8120, ftLastWriteTime.dwHighDateTime=0x1d4c774, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="uKXWa1PtjbZApm2LEb", cAlternateFileName="UKXWA1~1")) returned 1 [0099.492] FindNextFileW (in: hFindFile=0xfe6960, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd4112080, ftCreationTime.dwHighDateTime=0x1d4c5e2, ftLastAccessTime.dwLowDateTime=0xee553ac0, ftLastAccessTime.dwHighDateTime=0x1d4d3a3, ftLastWriteTime.dwLowDateTime=0xee553ac0, ftLastWriteTime.dwHighDateTime=0x1d4d3a3, nFileSizeHigh=0x0, nFileSizeLow=0x172f8, dwReserved0=0x0, dwReserved1=0x0, cFileName="uNiqqOlNI5mv.wav", cAlternateFileName="UNIQQO~1.WAV")) returned 1 [0099.492] FindNextFileW (in: hFindFile=0xfe6960, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x9386c1f0, ftCreationTime.dwHighDateTime=0x1d4c5e2, ftLastAccessTime.dwLowDateTime=0x85ed15b0, ftLastAccessTime.dwHighDateTime=0x1d4cde1, ftLastWriteTime.dwLowDateTime=0x85ed15b0, ftLastWriteTime.dwHighDateTime=0x1d4cde1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="wPjihQO", cAlternateFileName="")) returned 1 [0099.492] FindNextFileW (in: hFindFile=0xfe6960, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb50871d0, ftCreationTime.dwHighDateTime=0x1d4c5e1, ftLastAccessTime.dwLowDateTime=0x74e521e0, ftLastAccessTime.dwHighDateTime=0x1d4c733, ftLastWriteTime.dwLowDateTime=0x74e521e0, ftLastWriteTime.dwHighDateTime=0x1d4c733, nFileSizeHigh=0x0, nFileSizeLow=0x12539, dwReserved0=0x0, dwReserved1=0x0, cFileName="YcGBFAFtwTcYj.m4a", cAlternateFileName="YCGBFA~1.M4A")) returned 1 [0099.492] FindNextFileW (in: hFindFile=0xfe6960, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x81140170, ftCreationTime.dwHighDateTime=0x1d4cb93, ftLastAccessTime.dwLowDateTime=0x4ad600f0, ftLastAccessTime.dwHighDateTime=0x1d4c75a, ftLastWriteTime.dwLowDateTime=0x4ad600f0, ftLastWriteTime.dwHighDateTime=0x1d4c75a, nFileSizeHigh=0x0, nFileSizeLow=0xa33e, dwReserved0=0x0, dwReserved1=0x0, cFileName="__zKi8s.mp3", cAlternateFileName="")) returned 1 [0099.492] FindNextFileW (in: hFindFile=0xfe6960, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x81140170, ftCreationTime.dwHighDateTime=0x1d4cb93, ftLastAccessTime.dwLowDateTime=0x4ad600f0, ftLastAccessTime.dwHighDateTime=0x1d4c75a, ftLastWriteTime.dwLowDateTime=0x4ad600f0, ftLastWriteTime.dwHighDateTime=0x1d4c75a, nFileSizeHigh=0x0, nFileSizeLow=0xa33e, dwReserved0=0x0, dwReserved1=0x0, cFileName="__zKi8s.mp3", cAlternateFileName="")) returned 0 [0099.493] FindClose (in: hFindFile=0xfe6960 | out: hFindFile=0xfe6960) returned 1 [0099.493] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfec74) returned 1 [0099.493] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfec80) returned 1 [0099.493] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Music\\Cvenk.mp3", nBufferLength=0x105, lpBuffer=0xcfe620, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Music\\Cvenk.mp3", lpFilePart=0x0) returned 0x1f [0099.493] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeb64) returned 1 [0099.493] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Music\\Cvenk.mp3" (normalized: "c:\\users\\fd1hvy\\music\\cvenk.mp3"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2b8 [0099.493] GetFileType (hFile=0x2b8) returned 0x1 [0099.493] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeb60) returned 1 [0099.493] GetFileType (hFile=0x2b8) returned 0x1 [0099.493] GetFileSize (in: hFile=0x2b8, lpFileSizeHigh=0xcfec60 | out: lpFileSizeHigh=0xcfec60*=0x0) returned 0x3bbb [0099.493] ReadFile (in: hFile=0x2b8, lpBuffer=0x2cca8f8, nNumberOfBytesToRead=0x3bbb, lpNumberOfBytesRead=0xcfec0c, lpOverlapped=0x0 | out: lpBuffer=0x2cca8f8*, lpNumberOfBytesRead=0xcfec0c*=0x3bbb, lpOverlapped=0x0) returned 1 [0099.494] CloseHandle (hObject=0x2b8) returned 1 [0099.510] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", nBufferLength=0x105, lpBuffer=0xcfe724, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", lpFilePart=0x0) returned 0x2c [0099.510] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfebd8) returned 1 [0099.510] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8" (normalized: "c:\\users\\fd1hvy\\desktop\\read_this.txt.shade8"), fInfoLevelId=0x0, lpFileInformation=0xcfec54 | out: lpFileInformation=0xcfec54*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0099.510] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfebd4) returned 1 [0099.510] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Music\\Cvenk.mp3", nBufferLength=0x105, lpBuffer=0xcfe60c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Music\\Cvenk.mp3", lpFilePart=0x0) returned 0x1f [0099.510] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeb50) returned 1 [0099.510] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Music\\Cvenk.mp3" (normalized: "c:\\users\\fd1hvy\\music\\cvenk.mp3"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2b8 [0099.511] GetFileType (hFile=0x2b8) returned 0x1 [0099.512] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeb4c) returned 1 [0099.512] GetFileType (hFile=0x2b8) returned 0x1 [0099.512] WriteFile (in: hFile=0x2b8, lpBuffer=0x2d2a1a4*, nNumberOfBytesToWrite=0x3bc0, lpNumberOfBytesWritten=0xcfec00, lpOverlapped=0x0 | out: lpBuffer=0x2d2a1a4*, lpNumberOfBytesWritten=0xcfec00*=0x3bc0, lpOverlapped=0x0) returned 1 [0099.513] CloseHandle (hObject=0x2b8) returned 1 [0099.514] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Music\\Cvenk.mp3", nBufferLength=0x105, lpBuffer=0xcfe730, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Music\\Cvenk.mp3", lpFilePart=0x0) returned 0x1f [0099.514] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Music\\Cvenk.mp3.shade8", nBufferLength=0x105, lpBuffer=0xcfe730, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Music\\Cvenk.mp3.shade8", lpFilePart=0x0) returned 0x26 [0099.514] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfebe4) returned 1 [0099.515] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Music\\Cvenk.mp3" (normalized: "c:\\users\\fd1hvy\\music\\cvenk.mp3"), fInfoLevelId=0x0, lpFileInformation=0xcfec60 | out: lpFileInformation=0xcfec60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xae2573e0, ftCreationTime.dwHighDateTime=0x1d4cad2, ftLastAccessTime.dwLowDateTime=0xf674be20, ftLastAccessTime.dwHighDateTime=0x1d4d064, ftLastWriteTime.dwLowDateTime=0x83ec500c, ftLastWriteTime.dwHighDateTime=0x1d57301, nFileSizeHigh=0x0, nFileSizeLow=0x3bc0)) returned 1 [0099.515] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfebe0) returned 1 [0099.515] MoveFileW (lpExistingFileName="C:\\Users\\FD1HVy\\Music\\Cvenk.mp3" (normalized: "c:\\users\\fd1hvy\\music\\cvenk.mp3"), lpNewFileName="C:\\Users\\FD1HVy\\Music\\Cvenk.mp3.shade8" (normalized: "c:\\users\\fd1hvy\\music\\cvenk.mp3.shade8")) returned 1 [0099.515] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Music\\G0LE.mp3", nBufferLength=0x105, lpBuffer=0xcfe620, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Music\\G0LE.mp3", lpFilePart=0x0) returned 0x1e [0099.515] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeb64) returned 1 [0099.515] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Music\\G0LE.mp3" (normalized: "c:\\users\\fd1hvy\\music\\g0le.mp3"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2b8 [0099.515] GetFileType (hFile=0x2b8) returned 0x1 [0099.515] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeb60) returned 1 [0099.516] GetFileType (hFile=0x2b8) returned 0x1 [0099.516] GetFileSize (in: hFile=0x2b8, lpFileSizeHigh=0xcfec60 | out: lpFileSizeHigh=0xcfec60*=0x0) returned 0x836 [0099.516] ReadFile (in: hFile=0x2b8, lpBuffer=0x2d2e9a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcfec0c, lpOverlapped=0x0 | out: lpBuffer=0x2d2e9a8*, lpNumberOfBytesRead=0xcfec0c*=0x836, lpOverlapped=0x0) returned 1 [0099.516] CloseHandle (hObject=0x2b8) returned 1 [0099.537] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", nBufferLength=0x105, lpBuffer=0xcfe724, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", lpFilePart=0x0) returned 0x2c [0099.537] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfebd8) returned 1 [0099.537] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8" (normalized: "c:\\users\\fd1hvy\\desktop\\read_this.txt.shade8"), fInfoLevelId=0x0, lpFileInformation=0xcfec54 | out: lpFileInformation=0xcfec54*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0099.537] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfebd4) returned 1 [0099.537] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Music\\G0LE.mp3", nBufferLength=0x105, lpBuffer=0xcfe60c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Music\\G0LE.mp3", lpFilePart=0x0) returned 0x1e [0099.537] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeb50) returned 1 [0099.537] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Music\\G0LE.mp3" (normalized: "c:\\users\\fd1hvy\\music\\g0le.mp3"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2b8 [0099.538] GetFileType (hFile=0x2b8) returned 0x1 [0099.538] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeb4c) returned 1 [0099.538] GetFileType (hFile=0x2b8) returned 0x1 [0099.539] WriteFile (in: hFile=0x2b8, lpBuffer=0x2d7f2e0*, nNumberOfBytesToWrite=0x840, lpNumberOfBytesWritten=0xcfebd4, lpOverlapped=0x0 | out: lpBuffer=0x2d7f2e0*, lpNumberOfBytesWritten=0xcfebd4*=0x840, lpOverlapped=0x0) returned 1 [0099.539] CloseHandle (hObject=0x2b8) returned 1 [0099.540] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Music\\G0LE.mp3", nBufferLength=0x105, lpBuffer=0xcfe730, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Music\\G0LE.mp3", lpFilePart=0x0) returned 0x1e [0099.540] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Music\\G0LE.mp3.shade8", nBufferLength=0x105, lpBuffer=0xcfe730, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Music\\G0LE.mp3.shade8", lpFilePart=0x0) returned 0x25 [0099.541] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfebe4) returned 1 [0099.541] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Music\\G0LE.mp3" (normalized: "c:\\users\\fd1hvy\\music\\g0le.mp3"), fInfoLevelId=0x0, lpFileInformation=0xcfec60 | out: lpFileInformation=0xcfec60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x78ca2ff0, ftCreationTime.dwHighDateTime=0x1d4ca83, ftLastAccessTime.dwLowDateTime=0xf7900850, ftLastAccessTime.dwHighDateTime=0x1d4c5d3, ftLastWriteTime.dwLowDateTime=0x83eeb2d7, ftLastWriteTime.dwHighDateTime=0x1d57301, nFileSizeHigh=0x0, nFileSizeLow=0x840)) returned 1 [0099.541] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfebe0) returned 1 [0099.541] MoveFileW (lpExistingFileName="C:\\Users\\FD1HVy\\Music\\G0LE.mp3" (normalized: "c:\\users\\fd1hvy\\music\\g0le.mp3"), lpNewFileName="C:\\Users\\FD1HVy\\Music\\G0LE.mp3.shade8" (normalized: "c:\\users\\fd1hvy\\music\\g0le.mp3.shade8")) returned 1 [0099.541] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Music\\__zKi8s.mp3", nBufferLength=0x105, lpBuffer=0xcfe620, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Music\\__zKi8s.mp3", lpFilePart=0x0) returned 0x21 [0099.541] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeb64) returned 1 [0099.541] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Music\\__zKi8s.mp3" (normalized: "c:\\users\\fd1hvy\\music\\__zki8s.mp3"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2b8 [0099.542] GetFileType (hFile=0x2b8) returned 0x1 [0099.542] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeb60) returned 1 [0099.542] GetFileType (hFile=0x2b8) returned 0x1 [0099.542] GetFileSize (in: hFile=0x2b8, lpFileSizeHigh=0xcfec60 | out: lpFileSizeHigh=0xcfec60*=0x0) returned 0xa33e [0099.542] ReadFile (in: hFile=0x2b8, lpBuffer=0x2d80518, nNumberOfBytesToRead=0xa33e, lpNumberOfBytesRead=0xcfec0c, lpOverlapped=0x0 | out: lpBuffer=0x2d80518*, lpNumberOfBytesRead=0xcfec0c*=0xa33e, lpOverlapped=0x0) returned 1 [0099.542] CloseHandle (hObject=0x2b8) returned 1 [0099.574] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", nBufferLength=0x105, lpBuffer=0xcfe724, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", lpFilePart=0x0) returned 0x2c [0099.574] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfebd8) returned 1 [0099.574] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8" (normalized: "c:\\users\\fd1hvy\\desktop\\read_this.txt.shade8"), fInfoLevelId=0x0, lpFileInformation=0xcfec54 | out: lpFileInformation=0xcfec54*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0099.574] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfebd4) returned 1 [0099.575] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Music\\__zKi8s.mp3", nBufferLength=0x105, lpBuffer=0xcfe60c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Music\\__zKi8s.mp3", lpFilePart=0x0) returned 0x21 [0099.575] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeb50) returned 1 [0099.575] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Music\\__zKi8s.mp3" (normalized: "c:\\users\\fd1hvy\\music\\__zki8s.mp3"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2b8 [0099.576] GetFileType (hFile=0x2b8) returned 0x1 [0099.576] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeb4c) returned 1 [0099.576] GetFileType (hFile=0x2b8) returned 0x1 [0099.576] WriteFile (in: hFile=0x2b8, lpBuffer=0x2c0c8e0*, nNumberOfBytesToWrite=0xa340, lpNumberOfBytesWritten=0xcfec00, lpOverlapped=0x0 | out: lpBuffer=0x2c0c8e0*, lpNumberOfBytesWritten=0xcfec00*=0xa340, lpOverlapped=0x0) returned 1 [0099.578] CloseHandle (hObject=0x2b8) returned 1 [0099.580] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Music\\__zKi8s.mp3", nBufferLength=0x105, lpBuffer=0xcfe730, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Music\\__zKi8s.mp3", lpFilePart=0x0) returned 0x21 [0099.580] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Music\\__zKi8s.mp3.shade8", nBufferLength=0x105, lpBuffer=0xcfe730, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Music\\__zKi8s.mp3.shade8", lpFilePart=0x0) returned 0x28 [0099.580] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfebe4) returned 1 [0099.580] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Music\\__zKi8s.mp3" (normalized: "c:\\users\\fd1hvy\\music\\__zki8s.mp3"), fInfoLevelId=0x0, lpFileInformation=0xcfec60 | out: lpFileInformation=0xcfec60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x81140170, ftCreationTime.dwHighDateTime=0x1d4cb93, ftLastAccessTime.dwLowDateTime=0x4ad600f0, ftLastAccessTime.dwHighDateTime=0x1d4c75a, ftLastWriteTime.dwLowDateTime=0x83f5d960, ftLastWriteTime.dwHighDateTime=0x1d57301, nFileSizeHigh=0x0, nFileSizeLow=0xa340)) returned 1 [0099.580] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfebe0) returned 1 [0099.580] MoveFileW (lpExistingFileName="C:\\Users\\FD1HVy\\Music\\__zKi8s.mp3" (normalized: "c:\\users\\fd1hvy\\music\\__zki8s.mp3"), lpNewFileName="C:\\Users\\FD1HVy\\Music\\__zKi8s.mp3.shade8" (normalized: "c:\\users\\fd1hvy\\music\\__zki8s.mp3.shade8")) returned 1 [0099.580] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfec44) returned 1 [0099.580] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Music\\8xoHpHwf65aRqdFKyFMC", nBufferLength=0x105, lpBuffer=0xcfe6f8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Music\\8xoHpHwf65aRqdFKyFMC", lpFilePart=0x0) returned 0x2a [0099.581] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\Music\\8xoHpHwf65aRqdFKyFMC\\*", lpFindFileData=0xcfe96c | out: lpFindFileData=0xcfe96c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x9d038210, ftCreationTime.dwHighDateTime=0x1d4d30f, ftLastAccessTime.dwLowDateTime=0xdb9de940, ftLastAccessTime.dwHighDateTime=0x1d4ccf5, ftLastWriteTime.dwLowDateTime=0xdb9de940, ftLastWriteTime.dwHighDateTime=0x1d4ccf5, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xfe66e0 [0099.581] FindNextFileW (in: hFindFile=0xfe66e0, lpFindFileData=0xcfe978 | out: lpFindFileData=0xcfe978*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x9d038210, ftCreationTime.dwHighDateTime=0x1d4d30f, ftLastAccessTime.dwLowDateTime=0xdb9de940, ftLastAccessTime.dwHighDateTime=0x1d4ccf5, ftLastWriteTime.dwLowDateTime=0xdb9de940, ftLastWriteTime.dwHighDateTime=0x1d4ccf5, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0099.581] FindNextFileW (in: hFindFile=0xfe66e0, lpFindFileData=0xcfe978 | out: lpFindFileData=0xcfe978*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7e16260, ftCreationTime.dwHighDateTime=0x1d4cdab, ftLastAccessTime.dwLowDateTime=0xcbf697d0, ftLastAccessTime.dwHighDateTime=0x1d4ce53, ftLastWriteTime.dwLowDateTime=0xcbf697d0, ftLastWriteTime.dwHighDateTime=0x1d4ce53, nFileSizeHigh=0x0, nFileSizeLow=0x137ef, dwReserved0=0x0, dwReserved1=0x0, cFileName="4CpAnYfL7gzvdtKPDn0.m4a", cAlternateFileName="4CPANY~1.M4A")) returned 1 [0099.581] FindNextFileW (in: hFindFile=0xfe66e0, lpFindFileData=0xcfe978 | out: lpFindFileData=0xcfe978*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xbb9bbc60, ftCreationTime.dwHighDateTime=0x1d4d468, ftLastAccessTime.dwLowDateTime=0x73fcafb0, ftLastAccessTime.dwHighDateTime=0x1d4c7cd, ftLastWriteTime.dwLowDateTime=0x73fcafb0, ftLastWriteTime.dwHighDateTime=0x1d4c7cd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="gSc1", cAlternateFileName="")) returned 1 [0099.581] FindNextFileW (in: hFindFile=0xfe66e0, lpFindFileData=0xcfe978 | out: lpFindFileData=0xcfe978*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe49285f0, ftCreationTime.dwHighDateTime=0x1d4c800, ftLastAccessTime.dwLowDateTime=0xa5c88f90, ftLastAccessTime.dwHighDateTime=0x1d4c9c2, ftLastWriteTime.dwLowDateTime=0xa5c88f90, ftLastWriteTime.dwHighDateTime=0x1d4c9c2, nFileSizeHigh=0x0, nFileSizeLow=0xbd69, dwReserved0=0x0, dwReserved1=0x0, cFileName="PW5I8pp_3pw22hhzSuLT.wav", cAlternateFileName="PW5I8P~1.WAV")) returned 1 [0099.581] FindNextFileW (in: hFindFile=0xfe66e0, lpFindFileData=0xcfe978 | out: lpFindFileData=0xcfe978*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x23f8d10, ftCreationTime.dwHighDateTime=0x1d4caf3, ftLastAccessTime.dwLowDateTime=0x3b5e3010, ftLastAccessTime.dwHighDateTime=0x1d4cdff, ftLastWriteTime.dwLowDateTime=0x3b5e3010, ftLastWriteTime.dwHighDateTime=0x1d4cdff, nFileSizeHigh=0x0, nFileSizeLow=0x6cfb, dwReserved0=0x0, dwReserved1=0x0, cFileName="QKBWOFO.mp3", cAlternateFileName="")) returned 1 [0099.582] FindNextFileW (in: hFindFile=0xfe66e0, lpFindFileData=0xcfe978 | out: lpFindFileData=0xcfe978*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x78906da0, ftCreationTime.dwHighDateTime=0x1d4cee9, ftLastAccessTime.dwLowDateTime=0x585b2200, ftLastAccessTime.dwHighDateTime=0x1d4c7e6, ftLastWriteTime.dwLowDateTime=0x585b2200, ftLastWriteTime.dwHighDateTime=0x1d4c7e6, nFileSizeHigh=0x0, nFileSizeLow=0x1456c, dwReserved0=0x0, dwReserved1=0x0, cFileName="SbjGI9ABy5 ReLEt.mp3", cAlternateFileName="SBJGI9~1.MP3")) returned 1 [0099.582] FindNextFileW (in: hFindFile=0xfe66e0, lpFindFileData=0xcfe978 | out: lpFindFileData=0xcfe978*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3eabddb0, ftCreationTime.dwHighDateTime=0x1d4d450, ftLastAccessTime.dwLowDateTime=0x9b53f7c0, ftLastAccessTime.dwHighDateTime=0x1d4d2d7, ftLastWriteTime.dwLowDateTime=0x9b53f7c0, ftLastWriteTime.dwHighDateTime=0x1d4d2d7, nFileSizeHigh=0x0, nFileSizeLow=0x128cf, dwReserved0=0x0, dwReserved1=0x0, cFileName="yCPmhzulejzQdoP.m4a", cAlternateFileName="YCPMHZ~1.M4A")) returned 1 [0099.582] FindNextFileW (in: hFindFile=0xfe66e0, lpFindFileData=0xcfe978 | out: lpFindFileData=0xcfe978*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0099.582] FindClose (in: hFindFile=0xfe66e0 | out: hFindFile=0xfe66e0) returned 1 [0099.582] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfec00) returned 1 [0099.582] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfec0c) returned 1 [0099.582] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfec44) returned 1 [0099.582] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Music\\8xoHpHwf65aRqdFKyFMC", nBufferLength=0x105, lpBuffer=0xcfe6f8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Music\\8xoHpHwf65aRqdFKyFMC", lpFilePart=0x0) returned 0x2a [0099.582] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\Music\\8xoHpHwf65aRqdFKyFMC\\*", lpFindFileData=0xcfe96c | out: lpFindFileData=0xcfe96c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x9d038210, ftCreationTime.dwHighDateTime=0x1d4d30f, ftLastAccessTime.dwLowDateTime=0xdb9de940, ftLastAccessTime.dwHighDateTime=0x1d4ccf5, ftLastWriteTime.dwLowDateTime=0xdb9de940, ftLastWriteTime.dwHighDateTime=0x1d4ccf5, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xfe67e0 [0099.583] FindNextFileW (in: hFindFile=0xfe67e0, lpFindFileData=0xcfe978 | out: lpFindFileData=0xcfe978*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x9d038210, ftCreationTime.dwHighDateTime=0x1d4d30f, ftLastAccessTime.dwLowDateTime=0xdb9de940, ftLastAccessTime.dwHighDateTime=0x1d4ccf5, ftLastWriteTime.dwLowDateTime=0xdb9de940, ftLastWriteTime.dwHighDateTime=0x1d4ccf5, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0099.583] FindNextFileW (in: hFindFile=0xfe67e0, lpFindFileData=0xcfe978 | out: lpFindFileData=0xcfe978*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7e16260, ftCreationTime.dwHighDateTime=0x1d4cdab, ftLastAccessTime.dwLowDateTime=0xcbf697d0, ftLastAccessTime.dwHighDateTime=0x1d4ce53, ftLastWriteTime.dwLowDateTime=0xcbf697d0, ftLastWriteTime.dwHighDateTime=0x1d4ce53, nFileSizeHigh=0x0, nFileSizeLow=0x137ef, dwReserved0=0x0, dwReserved1=0x0, cFileName="4CpAnYfL7gzvdtKPDn0.m4a", cAlternateFileName="4CPANY~1.M4A")) returned 1 [0099.583] FindNextFileW (in: hFindFile=0xfe67e0, lpFindFileData=0xcfe978 | out: lpFindFileData=0xcfe978*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xbb9bbc60, ftCreationTime.dwHighDateTime=0x1d4d468, ftLastAccessTime.dwLowDateTime=0x73fcafb0, ftLastAccessTime.dwHighDateTime=0x1d4c7cd, ftLastWriteTime.dwLowDateTime=0x73fcafb0, ftLastWriteTime.dwHighDateTime=0x1d4c7cd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="gSc1", cAlternateFileName="")) returned 1 [0099.583] FindNextFileW (in: hFindFile=0xfe67e0, lpFindFileData=0xcfe978 | out: lpFindFileData=0xcfe978*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe49285f0, ftCreationTime.dwHighDateTime=0x1d4c800, ftLastAccessTime.dwLowDateTime=0xa5c88f90, ftLastAccessTime.dwHighDateTime=0x1d4c9c2, ftLastWriteTime.dwLowDateTime=0xa5c88f90, ftLastWriteTime.dwHighDateTime=0x1d4c9c2, nFileSizeHigh=0x0, nFileSizeLow=0xbd69, dwReserved0=0x0, dwReserved1=0x0, cFileName="PW5I8pp_3pw22hhzSuLT.wav", cAlternateFileName="PW5I8P~1.WAV")) returned 1 [0099.583] FindNextFileW (in: hFindFile=0xfe67e0, lpFindFileData=0xcfe978 | out: lpFindFileData=0xcfe978*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x23f8d10, ftCreationTime.dwHighDateTime=0x1d4caf3, ftLastAccessTime.dwLowDateTime=0x3b5e3010, ftLastAccessTime.dwHighDateTime=0x1d4cdff, ftLastWriteTime.dwLowDateTime=0x3b5e3010, ftLastWriteTime.dwHighDateTime=0x1d4cdff, nFileSizeHigh=0x0, nFileSizeLow=0x6cfb, dwReserved0=0x0, dwReserved1=0x0, cFileName="QKBWOFO.mp3", cAlternateFileName="")) returned 1 [0099.583] FindNextFileW (in: hFindFile=0xfe67e0, lpFindFileData=0xcfe978 | out: lpFindFileData=0xcfe978*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x78906da0, ftCreationTime.dwHighDateTime=0x1d4cee9, ftLastAccessTime.dwLowDateTime=0x585b2200, ftLastAccessTime.dwHighDateTime=0x1d4c7e6, ftLastWriteTime.dwLowDateTime=0x585b2200, ftLastWriteTime.dwHighDateTime=0x1d4c7e6, nFileSizeHigh=0x0, nFileSizeLow=0x1456c, dwReserved0=0x0, dwReserved1=0x0, cFileName="SbjGI9ABy5 ReLEt.mp3", cAlternateFileName="SBJGI9~1.MP3")) returned 1 [0099.584] FindNextFileW (in: hFindFile=0xfe67e0, lpFindFileData=0xcfe978 | out: lpFindFileData=0xcfe978*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3eabddb0, ftCreationTime.dwHighDateTime=0x1d4d450, ftLastAccessTime.dwLowDateTime=0x9b53f7c0, ftLastAccessTime.dwHighDateTime=0x1d4d2d7, ftLastWriteTime.dwLowDateTime=0x9b53f7c0, ftLastWriteTime.dwHighDateTime=0x1d4d2d7, nFileSizeHigh=0x0, nFileSizeLow=0x128cf, dwReserved0=0x0, dwReserved1=0x0, cFileName="yCPmhzulejzQdoP.m4a", cAlternateFileName="YCPMHZ~1.M4A")) returned 1 [0099.584] FindNextFileW (in: hFindFile=0xfe67e0, lpFindFileData=0xcfe978 | out: lpFindFileData=0xcfe978*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3eabddb0, ftCreationTime.dwHighDateTime=0x1d4d450, ftLastAccessTime.dwLowDateTime=0x9b53f7c0, ftLastAccessTime.dwHighDateTime=0x1d4d2d7, ftLastWriteTime.dwLowDateTime=0x9b53f7c0, ftLastWriteTime.dwHighDateTime=0x1d4d2d7, nFileSizeHigh=0x0, nFileSizeLow=0x128cf, dwReserved0=0x0, dwReserved1=0x0, cFileName="yCPmhzulejzQdoP.m4a", cAlternateFileName="YCPMHZ~1.M4A")) returned 0 [0099.584] FindClose (in: hFindFile=0xfe67e0 | out: hFindFile=0xfe67e0) returned 1 [0099.584] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfec00) returned 1 [0099.584] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfec0c) returned 1 [0099.584] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Music\\8xoHpHwf65aRqdFKyFMC\\QKBWOFO.mp3", nBufferLength=0x105, lpBuffer=0xcfe5ac, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Music\\8xoHpHwf65aRqdFKyFMC\\QKBWOFO.mp3", lpFilePart=0x0) returned 0x36 [0099.584] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeaf0) returned 1 [0099.584] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Music\\8xoHpHwf65aRqdFKyFMC\\QKBWOFO.mp3" (normalized: "c:\\users\\fd1hvy\\music\\8xohphwf65arqdfkyfmc\\qkbwofo.mp3"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2b8 [0099.584] GetFileType (hFile=0x2b8) returned 0x1 [0099.584] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeaec) returned 1 [0099.585] GetFileType (hFile=0x2b8) returned 0x1 [0099.585] GetFileSize (in: hFile=0x2b8, lpFileSizeHigh=0xcfebec | out: lpFileSizeHigh=0xcfebec*=0x0) returned 0x6cfb [0099.585] ReadFile (in: hFile=0x2b8, lpBuffer=0x2c19124, nNumberOfBytesToRead=0x6cfb, lpNumberOfBytesRead=0xcfeb98, lpOverlapped=0x0 | out: lpBuffer=0x2c19124*, lpNumberOfBytesRead=0xcfeb98*=0x6cfb, lpOverlapped=0x0) returned 1 [0099.585] CloseHandle (hObject=0x2b8) returned 1 [0099.665] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", nBufferLength=0x105, lpBuffer=0xcfe6b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", lpFilePart=0x0) returned 0x2c [0099.665] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeb64) returned 1 [0099.665] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8" (normalized: "c:\\users\\fd1hvy\\desktop\\read_this.txt.shade8"), fInfoLevelId=0x0, lpFileInformation=0xcfebe0 | out: lpFileInformation=0xcfebe0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0099.666] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeb60) returned 1 [0099.666] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Music\\8xoHpHwf65aRqdFKyFMC\\QKBWOFO.mp3", nBufferLength=0x105, lpBuffer=0xcfe598, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Music\\8xoHpHwf65aRqdFKyFMC\\QKBWOFO.mp3", lpFilePart=0x0) returned 0x36 [0099.666] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeadc) returned 1 [0099.666] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Music\\8xoHpHwf65aRqdFKyFMC\\QKBWOFO.mp3" (normalized: "c:\\users\\fd1hvy\\music\\8xohphwf65arqdfkyfmc\\qkbwofo.mp3"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2b8 [0099.667] GetFileType (hFile=0x2b8) returned 0x1 [0099.667] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfead8) returned 1 [0099.667] GetFileType (hFile=0x2b8) returned 0x1 [0099.667] WriteFile (in: hFile=0x2b8, lpBuffer=0x2c8816c*, nNumberOfBytesToWrite=0x6d00, lpNumberOfBytesWritten=0xcfeb8c, lpOverlapped=0x0 | out: lpBuffer=0x2c8816c*, lpNumberOfBytesWritten=0xcfeb8c*=0x6d00, lpOverlapped=0x0) returned 1 [0099.668] CloseHandle (hObject=0x2b8) returned 1 [0099.671] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Music\\8xoHpHwf65aRqdFKyFMC\\QKBWOFO.mp3", nBufferLength=0x105, lpBuffer=0xcfe6bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Music\\8xoHpHwf65aRqdFKyFMC\\QKBWOFO.mp3", lpFilePart=0x0) returned 0x36 [0099.671] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Music\\8xoHpHwf65aRqdFKyFMC\\QKBWOFO.mp3.shade8", nBufferLength=0x105, lpBuffer=0xcfe6bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Music\\8xoHpHwf65aRqdFKyFMC\\QKBWOFO.mp3.shade8", lpFilePart=0x0) returned 0x3d [0099.671] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeb70) returned 1 [0099.671] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Music\\8xoHpHwf65aRqdFKyFMC\\QKBWOFO.mp3" (normalized: "c:\\users\\fd1hvy\\music\\8xohphwf65arqdfkyfmc\\qkbwofo.mp3"), fInfoLevelId=0x0, lpFileInformation=0xcfebec | out: lpFileInformation=0xcfebec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x23f8d10, ftCreationTime.dwHighDateTime=0x1d4caf3, ftLastAccessTime.dwLowDateTime=0x3b5e3010, ftLastAccessTime.dwHighDateTime=0x1d4cdff, ftLastWriteTime.dwLowDateTime=0x8404274a, ftLastWriteTime.dwHighDateTime=0x1d57301, nFileSizeHigh=0x0, nFileSizeLow=0x6d00)) returned 1 [0099.671] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeb6c) returned 1 [0099.671] MoveFileW (lpExistingFileName="C:\\Users\\FD1HVy\\Music\\8xoHpHwf65aRqdFKyFMC\\QKBWOFO.mp3" (normalized: "c:\\users\\fd1hvy\\music\\8xohphwf65arqdfkyfmc\\qkbwofo.mp3"), lpNewFileName="C:\\Users\\FD1HVy\\Music\\8xoHpHwf65aRqdFKyFMC\\QKBWOFO.mp3.shade8" (normalized: "c:\\users\\fd1hvy\\music\\8xohphwf65arqdfkyfmc\\qkbwofo.mp3.shade8")) returned 1 [0099.671] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Music\\8xoHpHwf65aRqdFKyFMC\\SbjGI9ABy5 ReLEt.mp3", nBufferLength=0x105, lpBuffer=0xcfe5ac, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Music\\8xoHpHwf65aRqdFKyFMC\\SbjGI9ABy5 ReLEt.mp3", lpFilePart=0x0) returned 0x3f [0099.671] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeaf0) returned 1 [0099.672] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Music\\8xoHpHwf65aRqdFKyFMC\\SbjGI9ABy5 ReLEt.mp3" (normalized: "c:\\users\\fd1hvy\\music\\8xohphwf65arqdfkyfmc\\sbjgi9aby5 relet.mp3"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2b8 [0099.672] GetFileType (hFile=0x2b8) returned 0x1 [0099.672] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeaec) returned 1 [0099.672] GetFileType (hFile=0x2b8) returned 0x1 [0099.672] GetFileSize (in: hFile=0x2b8, lpFileSizeHigh=0xcfebec | out: lpFileSizeHigh=0xcfebec*=0x0) returned 0x1456c [0099.672] ReadFile (in: hFile=0x2b8, lpBuffer=0x2c8f368, nNumberOfBytesToRead=0x1456c, lpNumberOfBytesRead=0xcfeb98, lpOverlapped=0x0 | out: lpBuffer=0x2c8f368*, lpNumberOfBytesRead=0xcfeb98*=0x1456c, lpOverlapped=0x0) returned 1 [0099.673] CloseHandle (hObject=0x2b8) returned 1 [0099.693] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", nBufferLength=0x105, lpBuffer=0xcfe6b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", lpFilePart=0x0) returned 0x2c [0099.694] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeb64) returned 1 [0099.694] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8" (normalized: "c:\\users\\fd1hvy\\desktop\\read_this.txt.shade8"), fInfoLevelId=0x0, lpFileInformation=0xcfebe0 | out: lpFileInformation=0xcfebe0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0099.694] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeb60) returned 1 [0099.694] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Music\\8xoHpHwf65aRqdFKyFMC\\SbjGI9ABy5 ReLEt.mp3", nBufferLength=0x105, lpBuffer=0xcfe598, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Music\\8xoHpHwf65aRqdFKyFMC\\SbjGI9ABy5 ReLEt.mp3", lpFilePart=0x0) returned 0x3f [0099.694] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeadc) returned 1 [0099.694] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Music\\8xoHpHwf65aRqdFKyFMC\\SbjGI9ABy5 ReLEt.mp3" (normalized: "c:\\users\\fd1hvy\\music\\8xohphwf65arqdfkyfmc\\sbjgi9aby5 relet.mp3"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2b8 [0099.695] GetFileType (hFile=0x2b8) returned 0x1 [0099.695] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfead8) returned 1 [0099.695] GetFileType (hFile=0x2b8) returned 0x1 [0099.695] WriteFile (in: hFile=0x2b8, lpBuffer=0x2d191b4*, nNumberOfBytesToWrite=0x14570, lpNumberOfBytesWritten=0xcfeb8c, lpOverlapped=0x0 | out: lpBuffer=0x2d191b4*, lpNumberOfBytesWritten=0xcfeb8c*=0x14570, lpOverlapped=0x0) returned 1 [0099.697] CloseHandle (hObject=0x2b8) returned 1 [0099.707] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Music\\8xoHpHwf65aRqdFKyFMC\\SbjGI9ABy5 ReLEt.mp3", nBufferLength=0x105, lpBuffer=0xcfe6bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Music\\8xoHpHwf65aRqdFKyFMC\\SbjGI9ABy5 ReLEt.mp3", lpFilePart=0x0) returned 0x3f [0099.707] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Music\\8xoHpHwf65aRqdFKyFMC\\SbjGI9ABy5 ReLEt.mp3.shade8", nBufferLength=0x105, lpBuffer=0xcfe6bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Music\\8xoHpHwf65aRqdFKyFMC\\SbjGI9ABy5 ReLEt.mp3.shade8", lpFilePart=0x0) returned 0x46 [0099.708] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeb70) returned 1 [0099.708] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Music\\8xoHpHwf65aRqdFKyFMC\\SbjGI9ABy5 ReLEt.mp3" (normalized: "c:\\users\\fd1hvy\\music\\8xohphwf65arqdfkyfmc\\sbjgi9aby5 relet.mp3"), fInfoLevelId=0x0, lpFileInformation=0xcfebec | out: lpFileInformation=0xcfebec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x78906da0, ftCreationTime.dwHighDateTime=0x1d4cee9, ftLastAccessTime.dwLowDateTime=0x585b2200, ftLastAccessTime.dwHighDateTime=0x1d4c7e6, ftLastWriteTime.dwLowDateTime=0x8408f18c, ftLastWriteTime.dwHighDateTime=0x1d57301, nFileSizeHigh=0x0, nFileSizeLow=0x14570)) returned 1 [0099.708] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeb6c) returned 1 [0099.708] MoveFileW (lpExistingFileName="C:\\Users\\FD1HVy\\Music\\8xoHpHwf65aRqdFKyFMC\\SbjGI9ABy5 ReLEt.mp3" (normalized: "c:\\users\\fd1hvy\\music\\8xohphwf65arqdfkyfmc\\sbjgi9aby5 relet.mp3"), lpNewFileName="C:\\Users\\FD1HVy\\Music\\8xoHpHwf65aRqdFKyFMC\\SbjGI9ABy5 ReLEt.mp3.shade8" (normalized: "c:\\users\\fd1hvy\\music\\8xohphwf65arqdfkyfmc\\sbjgi9aby5 relet.mp3.shade8")) returned 1 [0099.708] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfebd0) returned 1 [0099.708] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Music\\8xoHpHwf65aRqdFKyFMC\\gSc1", nBufferLength=0x105, lpBuffer=0xcfe684, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Music\\8xoHpHwf65aRqdFKyFMC\\gSc1", lpFilePart=0x0) returned 0x2f [0099.709] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\Music\\8xoHpHwf65aRqdFKyFMC\\gSc1\\*", lpFindFileData=0xcfe8f8 | out: lpFindFileData=0xcfe8f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xbb9bbc60, ftCreationTime.dwHighDateTime=0x1d4d468, ftLastAccessTime.dwLowDateTime=0x73fcafb0, ftLastAccessTime.dwHighDateTime=0x1d4c7cd, ftLastWriteTime.dwLowDateTime=0x73fcafb0, ftLastWriteTime.dwHighDateTime=0x1d4c7cd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xfe63e0 [0099.709] FindNextFileW (in: hFindFile=0xfe63e0, lpFindFileData=0xcfe904 | out: lpFindFileData=0xcfe904*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xbb9bbc60, ftCreationTime.dwHighDateTime=0x1d4d468, ftLastAccessTime.dwLowDateTime=0x73fcafb0, ftLastAccessTime.dwHighDateTime=0x1d4c7cd, ftLastWriteTime.dwLowDateTime=0x73fcafb0, ftLastWriteTime.dwHighDateTime=0x1d4c7cd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0099.709] FindNextFileW (in: hFindFile=0xfe63e0, lpFindFileData=0xcfe904 | out: lpFindFileData=0xcfe904*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8cbf17d0, ftCreationTime.dwHighDateTime=0x1d4d421, ftLastAccessTime.dwLowDateTime=0x660b14e0, ftLastAccessTime.dwHighDateTime=0x1d4cfcb, ftLastWriteTime.dwLowDateTime=0x660b14e0, ftLastWriteTime.dwHighDateTime=0x1d4cfcb, nFileSizeHigh=0x0, nFileSizeLow=0x75c3, dwReserved0=0x0, dwReserved1=0x0, cFileName="CFzVv9YT-4OUV.wav", cAlternateFileName="CFZVV9~1.WAV")) returned 1 [0099.709] FindNextFileW (in: hFindFile=0xfe63e0, lpFindFileData=0xcfe904 | out: lpFindFileData=0xcfe904*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x87a75270, ftCreationTime.dwHighDateTime=0x1d4cab8, ftLastAccessTime.dwLowDateTime=0xe9840b30, ftLastAccessTime.dwHighDateTime=0x1d4d3c5, ftLastWriteTime.dwLowDateTime=0xe9840b30, ftLastWriteTime.dwHighDateTime=0x1d4d3c5, nFileSizeHigh=0x0, nFileSizeLow=0x111af, dwReserved0=0x0, dwReserved1=0x0, cFileName="IEJPo6bRcr1-eu_OA2.mp3", cAlternateFileName="IEJPO6~1.MP3")) returned 1 [0099.709] FindNextFileW (in: hFindFile=0xfe63e0, lpFindFileData=0xcfe904 | out: lpFindFileData=0xcfe904*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe7bc5e80, ftCreationTime.dwHighDateTime=0x1d4d29c, ftLastAccessTime.dwLowDateTime=0x680e71f0, ftLastAccessTime.dwHighDateTime=0x1d4d16b, ftLastWriteTime.dwLowDateTime=0x680e71f0, ftLastWriteTime.dwHighDateTime=0x1d4d16b, nFileSizeHigh=0x0, nFileSizeLow=0x17e2d, dwReserved0=0x0, dwReserved1=0x0, cFileName="nGtchcYOV0WpVA.wav", cAlternateFileName="NGTCHC~1.WAV")) returned 1 [0099.709] FindNextFileW (in: hFindFile=0xfe63e0, lpFindFileData=0xcfe904 | out: lpFindFileData=0xcfe904*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x93581b90, ftCreationTime.dwHighDateTime=0x1d4caea, ftLastAccessTime.dwLowDateTime=0x72cf7750, ftLastAccessTime.dwHighDateTime=0x1d4c7ee, ftLastWriteTime.dwLowDateTime=0x72cf7750, ftLastWriteTime.dwHighDateTime=0x1d4c7ee, nFileSizeHigh=0x0, nFileSizeLow=0x7252, dwReserved0=0x0, dwReserved1=0x0, cFileName="pPyCIkaqb-elp.wav", cAlternateFileName="PPYCIK~1.WAV")) returned 1 [0099.710] FindNextFileW (in: hFindFile=0xfe63e0, lpFindFileData=0xcfe904 | out: lpFindFileData=0xcfe904*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd2450170, ftCreationTime.dwHighDateTime=0x1d4cbd4, ftLastAccessTime.dwLowDateTime=0x3c303560, ftLastAccessTime.dwHighDateTime=0x1d4d34a, ftLastWriteTime.dwLowDateTime=0x3c303560, ftLastWriteTime.dwHighDateTime=0x1d4d34a, nFileSizeHigh=0x0, nFileSizeLow=0xdb67, dwReserved0=0x0, dwReserved1=0x0, cFileName="WcvMR45xj_Nq0V.m4a", cAlternateFileName="WCVMR4~1.M4A")) returned 1 [0099.710] FindNextFileW (in: hFindFile=0xfe63e0, lpFindFileData=0xcfe904 | out: lpFindFileData=0xcfe904*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4c2f4b10, ftCreationTime.dwHighDateTime=0x1d4d51e, ftLastAccessTime.dwLowDateTime=0xaebd9aa0, ftLastAccessTime.dwHighDateTime=0x1d4d174, ftLastWriteTime.dwLowDateTime=0xaebd9aa0, ftLastWriteTime.dwHighDateTime=0x1d4d174, nFileSizeHigh=0x0, nFileSizeLow=0xbe35, dwReserved0=0x0, dwReserved1=0x0, cFileName="XP_onuvdVA-4.m4a", cAlternateFileName="XP_ONU~1.M4A")) returned 1 [0099.710] FindNextFileW (in: hFindFile=0xfe63e0, lpFindFileData=0xcfe904 | out: lpFindFileData=0xcfe904*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0099.710] FindClose (in: hFindFile=0xfe63e0 | out: hFindFile=0xfe63e0) returned 1 [0099.710] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeb8c) returned 1 [0099.710] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeb98) returned 1 [0099.710] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfebd0) returned 1 [0099.710] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Music\\8xoHpHwf65aRqdFKyFMC\\gSc1", nBufferLength=0x105, lpBuffer=0xcfe684, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Music\\8xoHpHwf65aRqdFKyFMC\\gSc1", lpFilePart=0x0) returned 0x2f [0099.710] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\Music\\8xoHpHwf65aRqdFKyFMC\\gSc1\\*", lpFindFileData=0xcfe8f8 | out: lpFindFileData=0xcfe8f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xbb9bbc60, ftCreationTime.dwHighDateTime=0x1d4d468, ftLastAccessTime.dwLowDateTime=0x73fcafb0, ftLastAccessTime.dwHighDateTime=0x1d4c7cd, ftLastWriteTime.dwLowDateTime=0x73fcafb0, ftLastWriteTime.dwHighDateTime=0x1d4c7cd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xfe69a0 [0099.711] FindNextFileW (in: hFindFile=0xfe69a0, lpFindFileData=0xcfe904 | out: lpFindFileData=0xcfe904*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xbb9bbc60, ftCreationTime.dwHighDateTime=0x1d4d468, ftLastAccessTime.dwLowDateTime=0x73fcafb0, ftLastAccessTime.dwHighDateTime=0x1d4c7cd, ftLastWriteTime.dwLowDateTime=0x73fcafb0, ftLastWriteTime.dwHighDateTime=0x1d4c7cd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0099.711] FindNextFileW (in: hFindFile=0xfe69a0, lpFindFileData=0xcfe904 | out: lpFindFileData=0xcfe904*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8cbf17d0, ftCreationTime.dwHighDateTime=0x1d4d421, ftLastAccessTime.dwLowDateTime=0x660b14e0, ftLastAccessTime.dwHighDateTime=0x1d4cfcb, ftLastWriteTime.dwLowDateTime=0x660b14e0, ftLastWriteTime.dwHighDateTime=0x1d4cfcb, nFileSizeHigh=0x0, nFileSizeLow=0x75c3, dwReserved0=0x0, dwReserved1=0x0, cFileName="CFzVv9YT-4OUV.wav", cAlternateFileName="CFZVV9~1.WAV")) returned 1 [0099.711] FindNextFileW (in: hFindFile=0xfe69a0, lpFindFileData=0xcfe904 | out: lpFindFileData=0xcfe904*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x87a75270, ftCreationTime.dwHighDateTime=0x1d4cab8, ftLastAccessTime.dwLowDateTime=0xe9840b30, ftLastAccessTime.dwHighDateTime=0x1d4d3c5, ftLastWriteTime.dwLowDateTime=0xe9840b30, ftLastWriteTime.dwHighDateTime=0x1d4d3c5, nFileSizeHigh=0x0, nFileSizeLow=0x111af, dwReserved0=0x0, dwReserved1=0x0, cFileName="IEJPo6bRcr1-eu_OA2.mp3", cAlternateFileName="IEJPO6~1.MP3")) returned 1 [0099.711] FindNextFileW (in: hFindFile=0xfe69a0, lpFindFileData=0xcfe904 | out: lpFindFileData=0xcfe904*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe7bc5e80, ftCreationTime.dwHighDateTime=0x1d4d29c, ftLastAccessTime.dwLowDateTime=0x680e71f0, ftLastAccessTime.dwHighDateTime=0x1d4d16b, ftLastWriteTime.dwLowDateTime=0x680e71f0, ftLastWriteTime.dwHighDateTime=0x1d4d16b, nFileSizeHigh=0x0, nFileSizeLow=0x17e2d, dwReserved0=0x0, dwReserved1=0x0, cFileName="nGtchcYOV0WpVA.wav", cAlternateFileName="NGTCHC~1.WAV")) returned 1 [0099.711] FindNextFileW (in: hFindFile=0xfe69a0, lpFindFileData=0xcfe904 | out: lpFindFileData=0xcfe904*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x93581b90, ftCreationTime.dwHighDateTime=0x1d4caea, ftLastAccessTime.dwLowDateTime=0x72cf7750, ftLastAccessTime.dwHighDateTime=0x1d4c7ee, ftLastWriteTime.dwLowDateTime=0x72cf7750, ftLastWriteTime.dwHighDateTime=0x1d4c7ee, nFileSizeHigh=0x0, nFileSizeLow=0x7252, dwReserved0=0x0, dwReserved1=0x0, cFileName="pPyCIkaqb-elp.wav", cAlternateFileName="PPYCIK~1.WAV")) returned 1 [0099.711] FindNextFileW (in: hFindFile=0xfe69a0, lpFindFileData=0xcfe904 | out: lpFindFileData=0xcfe904*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd2450170, ftCreationTime.dwHighDateTime=0x1d4cbd4, ftLastAccessTime.dwLowDateTime=0x3c303560, ftLastAccessTime.dwHighDateTime=0x1d4d34a, ftLastWriteTime.dwLowDateTime=0x3c303560, ftLastWriteTime.dwHighDateTime=0x1d4d34a, nFileSizeHigh=0x0, nFileSizeLow=0xdb67, dwReserved0=0x0, dwReserved1=0x0, cFileName="WcvMR45xj_Nq0V.m4a", cAlternateFileName="WCVMR4~1.M4A")) returned 1 [0099.712] FindNextFileW (in: hFindFile=0xfe69a0, lpFindFileData=0xcfe904 | out: lpFindFileData=0xcfe904*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4c2f4b10, ftCreationTime.dwHighDateTime=0x1d4d51e, ftLastAccessTime.dwLowDateTime=0xaebd9aa0, ftLastAccessTime.dwHighDateTime=0x1d4d174, ftLastWriteTime.dwLowDateTime=0xaebd9aa0, ftLastWriteTime.dwHighDateTime=0x1d4d174, nFileSizeHigh=0x0, nFileSizeLow=0xbe35, dwReserved0=0x0, dwReserved1=0x0, cFileName="XP_onuvdVA-4.m4a", cAlternateFileName="XP_ONU~1.M4A")) returned 1 [0099.712] FindNextFileW (in: hFindFile=0xfe69a0, lpFindFileData=0xcfe904 | out: lpFindFileData=0xcfe904*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4c2f4b10, ftCreationTime.dwHighDateTime=0x1d4d51e, ftLastAccessTime.dwLowDateTime=0xaebd9aa0, ftLastAccessTime.dwHighDateTime=0x1d4d174, ftLastWriteTime.dwLowDateTime=0xaebd9aa0, ftLastWriteTime.dwHighDateTime=0x1d4d174, nFileSizeHigh=0x0, nFileSizeLow=0xbe35, dwReserved0=0x0, dwReserved1=0x0, cFileName="XP_onuvdVA-4.m4a", cAlternateFileName="XP_ONU~1.M4A")) returned 0 [0099.712] FindClose (in: hFindFile=0xfe69a0 | out: hFindFile=0xfe69a0) returned 1 [0099.712] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeb8c) returned 1 [0099.712] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeb98) returned 1 [0099.712] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Music\\8xoHpHwf65aRqdFKyFMC\\gSc1\\IEJPo6bRcr1-eu_OA2.mp3", nBufferLength=0x105, lpBuffer=0xcfe538, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Music\\8xoHpHwf65aRqdFKyFMC\\gSc1\\IEJPo6bRcr1-eu_OA2.mp3", lpFilePart=0x0) returned 0x46 [0099.712] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfea7c) returned 1 [0099.712] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Music\\8xoHpHwf65aRqdFKyFMC\\gSc1\\IEJPo6bRcr1-eu_OA2.mp3" (normalized: "c:\\users\\fd1hvy\\music\\8xohphwf65arqdfkyfmc\\gsc1\\iejpo6brcr1-eu_oa2.mp3"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2b8 [0099.712] GetFileType (hFile=0x2b8) returned 0x1 [0099.712] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfea78) returned 1 [0099.712] GetFileType (hFile=0x2b8) returned 0x1 [0099.713] GetFileSize (in: hFile=0x2b8, lpFileSizeHigh=0xcfeb78 | out: lpFileSizeHigh=0xcfeb78*=0x0) returned 0x111af [0099.713] ReadFile (in: hFile=0x2b8, lpBuffer=0x2d2fff4, nNumberOfBytesToRead=0x111af, lpNumberOfBytesRead=0xcfeb24, lpOverlapped=0x0 | out: lpBuffer=0x2d2fff4*, lpNumberOfBytesRead=0xcfeb24*=0x111af, lpOverlapped=0x0) returned 1 [0099.713] CloseHandle (hObject=0x2b8) returned 1 [0099.735] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", nBufferLength=0x105, lpBuffer=0xcfe63c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", lpFilePart=0x0) returned 0x2c [0099.735] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeaf0) returned 1 [0099.735] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8" (normalized: "c:\\users\\fd1hvy\\desktop\\read_this.txt.shade8"), fInfoLevelId=0x0, lpFileInformation=0xcfeb6c | out: lpFileInformation=0xcfeb6c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0099.735] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeaec) returned 1 [0099.735] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Music\\8xoHpHwf65aRqdFKyFMC\\gSc1\\IEJPo6bRcr1-eu_OA2.mp3", nBufferLength=0x105, lpBuffer=0xcfe524, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Music\\8xoHpHwf65aRqdFKyFMC\\gSc1\\IEJPo6bRcr1-eu_OA2.mp3", lpFilePart=0x0) returned 0x46 [0099.735] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfea68) returned 1 [0099.735] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Music\\8xoHpHwf65aRqdFKyFMC\\gSc1\\IEJPo6bRcr1-eu_OA2.mp3" (normalized: "c:\\users\\fd1hvy\\music\\8xohphwf65arqdfkyfmc\\gsc1\\iejpo6brcr1-eu_oa2.mp3"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2b8 [0099.736] GetFileType (hFile=0x2b8) returned 0x1 [0099.736] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfea64) returned 1 [0099.736] GetFileType (hFile=0x2b8) returned 0x1 [0099.737] WriteFile (in: hFile=0x2b8, lpBuffer=0x2db0304*, nNumberOfBytesToWrite=0x111b0, lpNumberOfBytesWritten=0xcfeb18, lpOverlapped=0x0 | out: lpBuffer=0x2db0304*, lpNumberOfBytesWritten=0xcfeb18*=0x111b0, lpOverlapped=0x0) returned 1 [0099.738] CloseHandle (hObject=0x2b8) returned 1 [0099.741] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Music\\8xoHpHwf65aRqdFKyFMC\\gSc1\\IEJPo6bRcr1-eu_OA2.mp3", nBufferLength=0x105, lpBuffer=0xcfe648, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Music\\8xoHpHwf65aRqdFKyFMC\\gSc1\\IEJPo6bRcr1-eu_OA2.mp3", lpFilePart=0x0) returned 0x46 [0099.741] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Music\\8xoHpHwf65aRqdFKyFMC\\gSc1\\IEJPo6bRcr1-eu_OA2.mp3.shade8", nBufferLength=0x105, lpBuffer=0xcfe648, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Music\\8xoHpHwf65aRqdFKyFMC\\gSc1\\IEJPo6bRcr1-eu_OA2.mp3.shade8", lpFilePart=0x0) returned 0x4d [0099.741] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeafc) returned 1 [0099.741] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Music\\8xoHpHwf65aRqdFKyFMC\\gSc1\\IEJPo6bRcr1-eu_OA2.mp3" (normalized: "c:\\users\\fd1hvy\\music\\8xohphwf65arqdfkyfmc\\gsc1\\iejpo6brcr1-eu_oa2.mp3"), fInfoLevelId=0x0, lpFileInformation=0xcfeb78 | out: lpFileInformation=0xcfeb78*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x87a75270, ftCreationTime.dwHighDateTime=0x1d4cab8, ftLastAccessTime.dwLowDateTime=0xe9840b30, ftLastAccessTime.dwHighDateTime=0x1d4d3c5, ftLastWriteTime.dwLowDateTime=0x840daf86, ftLastWriteTime.dwHighDateTime=0x1d57301, nFileSizeHigh=0x0, nFileSizeLow=0x111b0)) returned 1 [0099.741] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeaf8) returned 1 [0099.741] MoveFileW (lpExistingFileName="C:\\Users\\FD1HVy\\Music\\8xoHpHwf65aRqdFKyFMC\\gSc1\\IEJPo6bRcr1-eu_OA2.mp3" (normalized: "c:\\users\\fd1hvy\\music\\8xohphwf65arqdfkyfmc\\gsc1\\iejpo6brcr1-eu_oa2.mp3"), lpNewFileName="C:\\Users\\FD1HVy\\Music\\8xoHpHwf65aRqdFKyFMC\\gSc1\\IEJPo6bRcr1-eu_OA2.mp3.shade8" (normalized: "c:\\users\\fd1hvy\\music\\8xohphwf65arqdfkyfmc\\gsc1\\iejpo6brcr1-eu_oa2.mp3.shade8")) returned 1 [0099.742] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfec44) returned 1 [0099.742] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Music\\tnbAj4-aB0K", nBufferLength=0x105, lpBuffer=0xcfe6f8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Music\\tnbAj4-aB0K", lpFilePart=0x0) returned 0x21 [0099.742] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\Music\\tnbAj4-aB0K\\*", lpFindFileData=0xcfe96c | out: lpFindFileData=0xcfe96c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x970696a0, ftCreationTime.dwHighDateTime=0x1d4c6a2, ftLastAccessTime.dwLowDateTime=0xdf7b03e0, ftLastAccessTime.dwHighDateTime=0x1d4d52e, ftLastWriteTime.dwLowDateTime=0xdf7b03e0, ftLastWriteTime.dwHighDateTime=0x1d4d52e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xfe66e0 [0099.742] FindNextFileW (in: hFindFile=0xfe66e0, lpFindFileData=0xcfe978 | out: lpFindFileData=0xcfe978*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x970696a0, ftCreationTime.dwHighDateTime=0x1d4c6a2, ftLastAccessTime.dwLowDateTime=0xdf7b03e0, ftLastAccessTime.dwHighDateTime=0x1d4d52e, ftLastWriteTime.dwLowDateTime=0xdf7b03e0, ftLastWriteTime.dwHighDateTime=0x1d4d52e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0099.742] FindNextFileW (in: hFindFile=0xfe66e0, lpFindFileData=0xcfe978 | out: lpFindFileData=0xcfe978*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9fbebc20, ftCreationTime.dwHighDateTime=0x1d4c777, ftLastAccessTime.dwLowDateTime=0xd1a4bd50, ftLastAccessTime.dwHighDateTime=0x1d4d4e9, ftLastWriteTime.dwLowDateTime=0xd1a4bd50, ftLastWriteTime.dwHighDateTime=0x1d4d4e9, nFileSizeHigh=0x0, nFileSizeLow=0xfe7a, dwReserved0=0x0, dwReserved1=0x0, cFileName="eNQP.m4a", cAlternateFileName="")) returned 1 [0099.743] FindNextFileW (in: hFindFile=0xfe66e0, lpFindFileData=0xcfe978 | out: lpFindFileData=0xcfe978*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x24224d70, ftCreationTime.dwHighDateTime=0x1d4cdcb, ftLastAccessTime.dwLowDateTime=0xae8729f0, ftLastAccessTime.dwHighDateTime=0x1d4c974, ftLastWriteTime.dwLowDateTime=0xae8729f0, ftLastWriteTime.dwHighDateTime=0x1d4c974, nFileSizeHigh=0x0, nFileSizeLow=0x148fd, dwReserved0=0x0, dwReserved1=0x0, cFileName="pF-rmxtwP0psAjdtlsr.wav", cAlternateFileName="PF-RMX~1.WAV")) returned 1 [0099.743] FindNextFileW (in: hFindFile=0xfe66e0, lpFindFileData=0xcfe978 | out: lpFindFileData=0xcfe978*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xef16fc50, ftCreationTime.dwHighDateTime=0x1d4c57a, ftLastAccessTime.dwLowDateTime=0x201b6c30, ftLastAccessTime.dwHighDateTime=0x1d4d031, ftLastWriteTime.dwLowDateTime=0x201b6c30, ftLastWriteTime.dwHighDateTime=0x1d4d031, nFileSizeHigh=0x0, nFileSizeLow=0xf1bd, dwReserved0=0x0, dwReserved1=0x0, cFileName="Tf6do2U8Osd Qbh.m4a", cAlternateFileName="TF6DO2~1.M4A")) returned 1 [0099.743] FindNextFileW (in: hFindFile=0xfe66e0, lpFindFileData=0xcfe978 | out: lpFindFileData=0xcfe978*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1de7fcf0, ftCreationTime.dwHighDateTime=0x1d4caf8, ftLastAccessTime.dwLowDateTime=0xa1a373b0, ftLastAccessTime.dwHighDateTime=0x1d4c811, ftLastWriteTime.dwLowDateTime=0xa1a373b0, ftLastWriteTime.dwHighDateTime=0x1d4c811, nFileSizeHigh=0x0, nFileSizeLow=0x10289, dwReserved0=0x0, dwReserved1=0x0, cFileName="VDgGD26eRKQg3yZCsg.wav", cAlternateFileName="VDGGD2~1.WAV")) returned 1 [0099.743] FindNextFileW (in: hFindFile=0xfe66e0, lpFindFileData=0xcfe978 | out: lpFindFileData=0xcfe978*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x62b7ba50, ftCreationTime.dwHighDateTime=0x1d4d3e0, ftLastAccessTime.dwLowDateTime=0x7cedce40, ftLastAccessTime.dwHighDateTime=0x1d4d260, ftLastWriteTime.dwLowDateTime=0x7cedce40, ftLastWriteTime.dwHighDateTime=0x1d4d260, nFileSizeHigh=0x0, nFileSizeLow=0xd569, dwReserved0=0x0, dwReserved1=0x0, cFileName="ZLTem3L4zV.m4a", cAlternateFileName="ZLTEM3~1.M4A")) returned 1 [0099.743] FindNextFileW (in: hFindFile=0xfe66e0, lpFindFileData=0xcfe978 | out: lpFindFileData=0xcfe978*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0099.743] FindClose (in: hFindFile=0xfe66e0 | out: hFindFile=0xfe66e0) returned 1 [0099.743] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfec00) returned 1 [0099.743] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfec0c) returned 1 [0099.744] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfec44) returned 1 [0099.744] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Music\\tnbAj4-aB0K", nBufferLength=0x105, lpBuffer=0xcfe6f8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Music\\tnbAj4-aB0K", lpFilePart=0x0) returned 0x21 [0099.744] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\Music\\tnbAj4-aB0K\\*", lpFindFileData=0xcfe96c | out: lpFindFileData=0xcfe96c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x970696a0, ftCreationTime.dwHighDateTime=0x1d4c6a2, ftLastAccessTime.dwLowDateTime=0xdf7b03e0, ftLastAccessTime.dwHighDateTime=0x1d4d52e, ftLastWriteTime.dwLowDateTime=0xdf7b03e0, ftLastWriteTime.dwHighDateTime=0x1d4d52e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xfe6760 [0099.744] FindNextFileW (in: hFindFile=0xfe6760, lpFindFileData=0xcfe978 | out: lpFindFileData=0xcfe978*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x970696a0, ftCreationTime.dwHighDateTime=0x1d4c6a2, ftLastAccessTime.dwLowDateTime=0xdf7b03e0, ftLastAccessTime.dwHighDateTime=0x1d4d52e, ftLastWriteTime.dwLowDateTime=0xdf7b03e0, ftLastWriteTime.dwHighDateTime=0x1d4d52e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0099.744] FindNextFileW (in: hFindFile=0xfe6760, lpFindFileData=0xcfe978 | out: lpFindFileData=0xcfe978*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9fbebc20, ftCreationTime.dwHighDateTime=0x1d4c777, ftLastAccessTime.dwLowDateTime=0xd1a4bd50, ftLastAccessTime.dwHighDateTime=0x1d4d4e9, ftLastWriteTime.dwLowDateTime=0xd1a4bd50, ftLastWriteTime.dwHighDateTime=0x1d4d4e9, nFileSizeHigh=0x0, nFileSizeLow=0xfe7a, dwReserved0=0x0, dwReserved1=0x0, cFileName="eNQP.m4a", cAlternateFileName="")) returned 1 [0099.744] FindNextFileW (in: hFindFile=0xfe6760, lpFindFileData=0xcfe978 | out: lpFindFileData=0xcfe978*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x24224d70, ftCreationTime.dwHighDateTime=0x1d4cdcb, ftLastAccessTime.dwLowDateTime=0xae8729f0, ftLastAccessTime.dwHighDateTime=0x1d4c974, ftLastWriteTime.dwLowDateTime=0xae8729f0, ftLastWriteTime.dwHighDateTime=0x1d4c974, nFileSizeHigh=0x0, nFileSizeLow=0x148fd, dwReserved0=0x0, dwReserved1=0x0, cFileName="pF-rmxtwP0psAjdtlsr.wav", cAlternateFileName="PF-RMX~1.WAV")) returned 1 [0099.744] FindNextFileW (in: hFindFile=0xfe6760, lpFindFileData=0xcfe978 | out: lpFindFileData=0xcfe978*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xef16fc50, ftCreationTime.dwHighDateTime=0x1d4c57a, ftLastAccessTime.dwLowDateTime=0x201b6c30, ftLastAccessTime.dwHighDateTime=0x1d4d031, ftLastWriteTime.dwLowDateTime=0x201b6c30, ftLastWriteTime.dwHighDateTime=0x1d4d031, nFileSizeHigh=0x0, nFileSizeLow=0xf1bd, dwReserved0=0x0, dwReserved1=0x0, cFileName="Tf6do2U8Osd Qbh.m4a", cAlternateFileName="TF6DO2~1.M4A")) returned 1 [0099.745] FindNextFileW (in: hFindFile=0xfe6760, lpFindFileData=0xcfe978 | out: lpFindFileData=0xcfe978*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1de7fcf0, ftCreationTime.dwHighDateTime=0x1d4caf8, ftLastAccessTime.dwLowDateTime=0xa1a373b0, ftLastAccessTime.dwHighDateTime=0x1d4c811, ftLastWriteTime.dwLowDateTime=0xa1a373b0, ftLastWriteTime.dwHighDateTime=0x1d4c811, nFileSizeHigh=0x0, nFileSizeLow=0x10289, dwReserved0=0x0, dwReserved1=0x0, cFileName="VDgGD26eRKQg3yZCsg.wav", cAlternateFileName="VDGGD2~1.WAV")) returned 1 [0099.745] FindNextFileW (in: hFindFile=0xfe6760, lpFindFileData=0xcfe978 | out: lpFindFileData=0xcfe978*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x62b7ba50, ftCreationTime.dwHighDateTime=0x1d4d3e0, ftLastAccessTime.dwLowDateTime=0x7cedce40, ftLastAccessTime.dwHighDateTime=0x1d4d260, ftLastWriteTime.dwLowDateTime=0x7cedce40, ftLastWriteTime.dwHighDateTime=0x1d4d260, nFileSizeHigh=0x0, nFileSizeLow=0xd569, dwReserved0=0x0, dwReserved1=0x0, cFileName="ZLTem3L4zV.m4a", cAlternateFileName="ZLTEM3~1.M4A")) returned 1 [0099.745] FindNextFileW (in: hFindFile=0xfe6760, lpFindFileData=0xcfe978 | out: lpFindFileData=0xcfe978*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x62b7ba50, ftCreationTime.dwHighDateTime=0x1d4d3e0, ftLastAccessTime.dwLowDateTime=0x7cedce40, ftLastAccessTime.dwHighDateTime=0x1d4d260, ftLastWriteTime.dwLowDateTime=0x7cedce40, ftLastWriteTime.dwHighDateTime=0x1d4d260, nFileSizeHigh=0x0, nFileSizeLow=0xd569, dwReserved0=0x0, dwReserved1=0x0, cFileName="ZLTem3L4zV.m4a", cAlternateFileName="ZLTEM3~1.M4A")) returned 0 [0099.745] FindClose (in: hFindFile=0xfe6760 | out: hFindFile=0xfe6760) returned 1 [0099.745] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfec00) returned 1 [0099.745] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfec0c) returned 1 [0099.745] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfec44) returned 1 [0099.745] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Music\\uKXWa1PtjbZApm2LEb", nBufferLength=0x105, lpBuffer=0xcfe6f8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Music\\uKXWa1PtjbZApm2LEb", lpFilePart=0x0) returned 0x28 [0099.745] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\Music\\uKXWa1PtjbZApm2LEb\\*", lpFindFileData=0xcfe96c | out: lpFindFileData=0xcfe96c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x527e8f00, ftCreationTime.dwHighDateTime=0x1d4ccc0, ftLastAccessTime.dwLowDateTime=0xc24d8120, ftLastAccessTime.dwHighDateTime=0x1d4c774, ftLastWriteTime.dwLowDateTime=0xc24d8120, ftLastWriteTime.dwHighDateTime=0x1d4c774, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xfe69e0 [0099.746] FindNextFileW (in: hFindFile=0xfe69e0, lpFindFileData=0xcfe978 | out: lpFindFileData=0xcfe978*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x527e8f00, ftCreationTime.dwHighDateTime=0x1d4ccc0, ftLastAccessTime.dwLowDateTime=0xc24d8120, ftLastAccessTime.dwHighDateTime=0x1d4c774, ftLastWriteTime.dwLowDateTime=0xc24d8120, ftLastWriteTime.dwHighDateTime=0x1d4c774, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0099.746] FindNextFileW (in: hFindFile=0xfe69e0, lpFindFileData=0xcfe978 | out: lpFindFileData=0xcfe978*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x44388b10, ftCreationTime.dwHighDateTime=0x1d4c5f6, ftLastAccessTime.dwLowDateTime=0x9deede10, ftLastAccessTime.dwHighDateTime=0x1d4c83b, ftLastWriteTime.dwLowDateTime=0x9deede10, ftLastWriteTime.dwHighDateTime=0x1d4c83b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="LFWVJ01Ad", cAlternateFileName="LFWVJ0~1")) returned 1 [0099.746] FindNextFileW (in: hFindFile=0xfe69e0, lpFindFileData=0xcfe978 | out: lpFindFileData=0xcfe978*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x96af7c90, ftCreationTime.dwHighDateTime=0x1d4cfcf, ftLastAccessTime.dwLowDateTime=0x682170, ftLastAccessTime.dwHighDateTime=0x1d4c8e4, ftLastWriteTime.dwLowDateTime=0x682170, ftLastWriteTime.dwHighDateTime=0x1d4c8e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="O 6eRN cahdm2RA0wAkE", cAlternateFileName="O6ERNC~1")) returned 1 [0099.746] FindNextFileW (in: hFindFile=0xfe69e0, lpFindFileData=0xcfe978 | out: lpFindFileData=0xcfe978*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xded72f30, ftCreationTime.dwHighDateTime=0x1d4c58a, ftLastAccessTime.dwLowDateTime=0x935b5e20, ftLastAccessTime.dwHighDateTime=0x1d4d104, ftLastWriteTime.dwLowDateTime=0x935b5e20, ftLastWriteTime.dwHighDateTime=0x1d4d104, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Rglo0bBTnKx1", cAlternateFileName="RGLO0B~1")) returned 1 [0099.746] FindNextFileW (in: hFindFile=0xfe69e0, lpFindFileData=0xcfe978 | out: lpFindFileData=0xcfe978*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xded72f30, ftCreationTime.dwHighDateTime=0x1d4c58a, ftLastAccessTime.dwLowDateTime=0x935b5e20, ftLastAccessTime.dwHighDateTime=0x1d4d104, ftLastWriteTime.dwLowDateTime=0x935b5e20, ftLastWriteTime.dwHighDateTime=0x1d4d104, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Rglo0bBTnKx1", cAlternateFileName="RGLO0B~1")) returned 0 [0099.750] FindClose (in: hFindFile=0xfe69e0 | out: hFindFile=0xfe69e0) returned 1 [0099.750] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfec00) returned 1 [0099.750] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfec0c) returned 1 [0099.750] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfec44) returned 1 [0099.750] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Music\\uKXWa1PtjbZApm2LEb", nBufferLength=0x105, lpBuffer=0xcfe6f8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Music\\uKXWa1PtjbZApm2LEb", lpFilePart=0x0) returned 0x28 [0099.750] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\Music\\uKXWa1PtjbZApm2LEb\\*", lpFindFileData=0xcfe96c | out: lpFindFileData=0xcfe96c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x527e8f00, ftCreationTime.dwHighDateTime=0x1d4ccc0, ftLastAccessTime.dwLowDateTime=0xc24d8120, ftLastAccessTime.dwHighDateTime=0x1d4c774, ftLastWriteTime.dwLowDateTime=0xc24d8120, ftLastWriteTime.dwHighDateTime=0x1d4c774, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xfe69e0 [0099.750] FindNextFileW (in: hFindFile=0xfe69e0, lpFindFileData=0xcfe978 | out: lpFindFileData=0xcfe978*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x527e8f00, ftCreationTime.dwHighDateTime=0x1d4ccc0, ftLastAccessTime.dwLowDateTime=0xc24d8120, ftLastAccessTime.dwHighDateTime=0x1d4c774, ftLastWriteTime.dwLowDateTime=0xc24d8120, ftLastWriteTime.dwHighDateTime=0x1d4c774, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0099.750] FindNextFileW (in: hFindFile=0xfe69e0, lpFindFileData=0xcfe978 | out: lpFindFileData=0xcfe978*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x44388b10, ftCreationTime.dwHighDateTime=0x1d4c5f6, ftLastAccessTime.dwLowDateTime=0x9deede10, ftLastAccessTime.dwHighDateTime=0x1d4c83b, ftLastWriteTime.dwLowDateTime=0x9deede10, ftLastWriteTime.dwHighDateTime=0x1d4c83b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="LFWVJ01Ad", cAlternateFileName="LFWVJ0~1")) returned 1 [0099.750] FindNextFileW (in: hFindFile=0xfe69e0, lpFindFileData=0xcfe978 | out: lpFindFileData=0xcfe978*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x96af7c90, ftCreationTime.dwHighDateTime=0x1d4cfcf, ftLastAccessTime.dwLowDateTime=0x682170, ftLastAccessTime.dwHighDateTime=0x1d4c8e4, ftLastWriteTime.dwLowDateTime=0x682170, ftLastWriteTime.dwHighDateTime=0x1d4c8e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="O 6eRN cahdm2RA0wAkE", cAlternateFileName="O6ERNC~1")) returned 1 [0099.751] FindNextFileW (in: hFindFile=0xfe69e0, lpFindFileData=0xcfe978 | out: lpFindFileData=0xcfe978*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xded72f30, ftCreationTime.dwHighDateTime=0x1d4c58a, ftLastAccessTime.dwLowDateTime=0x935b5e20, ftLastAccessTime.dwHighDateTime=0x1d4d104, ftLastWriteTime.dwLowDateTime=0x935b5e20, ftLastWriteTime.dwHighDateTime=0x1d4d104, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Rglo0bBTnKx1", cAlternateFileName="RGLO0B~1")) returned 1 [0099.751] FindNextFileW (in: hFindFile=0xfe69e0, lpFindFileData=0xcfe978 | out: lpFindFileData=0xcfe978*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0099.751] FindClose (in: hFindFile=0xfe69e0 | out: hFindFile=0xfe69e0) returned 1 [0099.751] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfec00) returned 1 [0099.751] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfec0c) returned 1 [0099.751] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfebd0) returned 1 [0099.751] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Music\\uKXWa1PtjbZApm2LEb\\LFWVJ01Ad", nBufferLength=0x105, lpBuffer=0xcfe684, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Music\\uKXWa1PtjbZApm2LEb\\LFWVJ01Ad", lpFilePart=0x0) returned 0x32 [0099.751] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\Music\\uKXWa1PtjbZApm2LEb\\LFWVJ01Ad\\*", lpFindFileData=0xcfe8f8 | out: lpFindFileData=0xcfe8f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x44388b10, ftCreationTime.dwHighDateTime=0x1d4c5f6, ftLastAccessTime.dwLowDateTime=0x9deede10, ftLastAccessTime.dwHighDateTime=0x1d4c83b, ftLastWriteTime.dwLowDateTime=0x9deede10, ftLastWriteTime.dwHighDateTime=0x1d4c83b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xfe63e0 [0099.751] FindNextFileW (in: hFindFile=0xfe63e0, lpFindFileData=0xcfe904 | out: lpFindFileData=0xcfe904*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x44388b10, ftCreationTime.dwHighDateTime=0x1d4c5f6, ftLastAccessTime.dwLowDateTime=0x9deede10, ftLastAccessTime.dwHighDateTime=0x1d4c83b, ftLastWriteTime.dwLowDateTime=0x9deede10, ftLastWriteTime.dwHighDateTime=0x1d4c83b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0099.752] FindNextFileW (in: hFindFile=0xfe63e0, lpFindFileData=0xcfe904 | out: lpFindFileData=0xcfe904*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa52444a0, ftCreationTime.dwHighDateTime=0x1d4c722, ftLastAccessTime.dwLowDateTime=0x4b4bad10, ftLastAccessTime.dwHighDateTime=0x1d4d195, ftLastWriteTime.dwLowDateTime=0x4b4bad10, ftLastWriteTime.dwHighDateTime=0x1d4d195, nFileSizeHigh=0x0, nFileSizeLow=0x1602a, dwReserved0=0x0, dwReserved1=0x0, cFileName="02SaSBZW.mp3", cAlternateFileName="")) returned 1 [0099.752] FindNextFileW (in: hFindFile=0xfe63e0, lpFindFileData=0xcfe904 | out: lpFindFileData=0xcfe904*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf403d890, ftCreationTime.dwHighDateTime=0x1d4cc5b, ftLastAccessTime.dwLowDateTime=0x9b4b08c0, ftLastAccessTime.dwHighDateTime=0x1d4cc21, ftLastWriteTime.dwLowDateTime=0x9b4b08c0, ftLastWriteTime.dwHighDateTime=0x1d4cc21, nFileSizeHigh=0x0, nFileSizeLow=0x173e3, dwReserved0=0x0, dwReserved1=0x0, cFileName="5UJY-zalavfZ1gVeT1ZW.wav", cAlternateFileName="5UJY-Z~1.WAV")) returned 1 [0099.752] FindNextFileW (in: hFindFile=0xfe63e0, lpFindFileData=0xcfe904 | out: lpFindFileData=0xcfe904*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf2177850, ftCreationTime.dwHighDateTime=0x1d4cb9f, ftLastAccessTime.dwLowDateTime=0xd1f11750, ftLastAccessTime.dwHighDateTime=0x1d4cd90, ftLastWriteTime.dwLowDateTime=0xd1f11750, ftLastWriteTime.dwHighDateTime=0x1d4cd90, nFileSizeHigh=0x0, nFileSizeLow=0x187b6, dwReserved0=0x0, dwReserved1=0x0, cFileName="BRPUq7z.mp3", cAlternateFileName="")) returned 1 [0099.752] FindNextFileW (in: hFindFile=0xfe63e0, lpFindFileData=0xcfe904 | out: lpFindFileData=0xcfe904*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x177ab880, ftCreationTime.dwHighDateTime=0x1d4d28c, ftLastAccessTime.dwLowDateTime=0x6d1dfde0, ftLastAccessTime.dwHighDateTime=0x1d4cf37, ftLastWriteTime.dwLowDateTime=0x6d1dfde0, ftLastWriteTime.dwHighDateTime=0x1d4cf37, nFileSizeHigh=0x0, nFileSizeLow=0xbaf6, dwReserved0=0x0, dwReserved1=0x0, cFileName="DGx7vOTPNlq BISYL.mp3", cAlternateFileName="DGX7VO~1.MP3")) returned 1 [0099.752] FindNextFileW (in: hFindFile=0xfe63e0, lpFindFileData=0xcfe904 | out: lpFindFileData=0xcfe904*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0099.752] FindClose (in: hFindFile=0xfe63e0 | out: hFindFile=0xfe63e0) returned 1 [0099.752] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeb8c) returned 1 [0099.752] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeb98) returned 1 [0099.752] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfebd0) returned 1 [0099.752] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Music\\uKXWa1PtjbZApm2LEb\\LFWVJ01Ad", nBufferLength=0x105, lpBuffer=0xcfe684, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Music\\uKXWa1PtjbZApm2LEb\\LFWVJ01Ad", lpFilePart=0x0) returned 0x32 [0099.752] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\Music\\uKXWa1PtjbZApm2LEb\\LFWVJ01Ad\\*", lpFindFileData=0xcfe8f8 | out: lpFindFileData=0xcfe8f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x44388b10, ftCreationTime.dwHighDateTime=0x1d4c5f6, ftLastAccessTime.dwLowDateTime=0x9deede10, ftLastAccessTime.dwHighDateTime=0x1d4c83b, ftLastWriteTime.dwLowDateTime=0x9deede10, ftLastWriteTime.dwHighDateTime=0x1d4c83b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xfe65e0 [0099.753] FindNextFileW (in: hFindFile=0xfe65e0, lpFindFileData=0xcfe904 | out: lpFindFileData=0xcfe904*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x44388b10, ftCreationTime.dwHighDateTime=0x1d4c5f6, ftLastAccessTime.dwLowDateTime=0x9deede10, ftLastAccessTime.dwHighDateTime=0x1d4c83b, ftLastWriteTime.dwLowDateTime=0x9deede10, ftLastWriteTime.dwHighDateTime=0x1d4c83b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0099.753] FindNextFileW (in: hFindFile=0xfe65e0, lpFindFileData=0xcfe904 | out: lpFindFileData=0xcfe904*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa52444a0, ftCreationTime.dwHighDateTime=0x1d4c722, ftLastAccessTime.dwLowDateTime=0x4b4bad10, ftLastAccessTime.dwHighDateTime=0x1d4d195, ftLastWriteTime.dwLowDateTime=0x4b4bad10, ftLastWriteTime.dwHighDateTime=0x1d4d195, nFileSizeHigh=0x0, nFileSizeLow=0x1602a, dwReserved0=0x0, dwReserved1=0x0, cFileName="02SaSBZW.mp3", cAlternateFileName="")) returned 1 [0099.753] FindNextFileW (in: hFindFile=0xfe65e0, lpFindFileData=0xcfe904 | out: lpFindFileData=0xcfe904*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf403d890, ftCreationTime.dwHighDateTime=0x1d4cc5b, ftLastAccessTime.dwLowDateTime=0x9b4b08c0, ftLastAccessTime.dwHighDateTime=0x1d4cc21, ftLastWriteTime.dwLowDateTime=0x9b4b08c0, ftLastWriteTime.dwHighDateTime=0x1d4cc21, nFileSizeHigh=0x0, nFileSizeLow=0x173e3, dwReserved0=0x0, dwReserved1=0x0, cFileName="5UJY-zalavfZ1gVeT1ZW.wav", cAlternateFileName="5UJY-Z~1.WAV")) returned 1 [0099.753] FindNextFileW (in: hFindFile=0xfe65e0, lpFindFileData=0xcfe904 | out: lpFindFileData=0xcfe904*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf2177850, ftCreationTime.dwHighDateTime=0x1d4cb9f, ftLastAccessTime.dwLowDateTime=0xd1f11750, ftLastAccessTime.dwHighDateTime=0x1d4cd90, ftLastWriteTime.dwLowDateTime=0xd1f11750, ftLastWriteTime.dwHighDateTime=0x1d4cd90, nFileSizeHigh=0x0, nFileSizeLow=0x187b6, dwReserved0=0x0, dwReserved1=0x0, cFileName="BRPUq7z.mp3", cAlternateFileName="")) returned 1 [0099.753] FindNextFileW (in: hFindFile=0xfe65e0, lpFindFileData=0xcfe904 | out: lpFindFileData=0xcfe904*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x177ab880, ftCreationTime.dwHighDateTime=0x1d4d28c, ftLastAccessTime.dwLowDateTime=0x6d1dfde0, ftLastAccessTime.dwHighDateTime=0x1d4cf37, ftLastWriteTime.dwLowDateTime=0x6d1dfde0, ftLastWriteTime.dwHighDateTime=0x1d4cf37, nFileSizeHigh=0x0, nFileSizeLow=0xbaf6, dwReserved0=0x0, dwReserved1=0x0, cFileName="DGx7vOTPNlq BISYL.mp3", cAlternateFileName="DGX7VO~1.MP3")) returned 1 [0099.753] FindNextFileW (in: hFindFile=0xfe65e0, lpFindFileData=0xcfe904 | out: lpFindFileData=0xcfe904*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x177ab880, ftCreationTime.dwHighDateTime=0x1d4d28c, ftLastAccessTime.dwLowDateTime=0x6d1dfde0, ftLastAccessTime.dwHighDateTime=0x1d4cf37, ftLastWriteTime.dwLowDateTime=0x6d1dfde0, ftLastWriteTime.dwHighDateTime=0x1d4cf37, nFileSizeHigh=0x0, nFileSizeLow=0xbaf6, dwReserved0=0x0, dwReserved1=0x0, cFileName="DGx7vOTPNlq BISYL.mp3", cAlternateFileName="DGX7VO~1.MP3")) returned 0 [0099.753] FindClose (in: hFindFile=0xfe65e0 | out: hFindFile=0xfe65e0) returned 1 [0099.754] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeb8c) returned 1 [0099.754] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeb98) returned 1 [0099.754] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Music\\uKXWa1PtjbZApm2LEb\\LFWVJ01Ad\\02SaSBZW.mp3", nBufferLength=0x105, lpBuffer=0xcfe538, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Music\\uKXWa1PtjbZApm2LEb\\LFWVJ01Ad\\02SaSBZW.mp3", lpFilePart=0x0) returned 0x3f [0099.754] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfea7c) returned 1 [0099.754] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Music\\uKXWa1PtjbZApm2LEb\\LFWVJ01Ad\\02SaSBZW.mp3" (normalized: "c:\\users\\fd1hvy\\music\\ukxwa1ptjbzapm2leb\\lfwvj01ad\\02sasbzw.mp3"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2b8 [0099.754] GetFileType (hFile=0x2b8) returned 0x1 [0099.754] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfea78) returned 1 [0099.754] GetFileType (hFile=0x2b8) returned 0x1 [0099.754] GetFileSize (in: hFile=0x2b8, lpFileSizeHigh=0xcfeb78 | out: lpFileSizeHigh=0xcfeb78*=0x0) returned 0x1602a [0099.755] ReadFile (in: hFile=0x2b8, lpBuffer=0x3df3950, nNumberOfBytesToRead=0x1602a, lpNumberOfBytesRead=0xcfeb24, lpOverlapped=0x0 | out: lpBuffer=0x3df3950*, lpNumberOfBytesRead=0xcfeb24*=0x1602a, lpOverlapped=0x0) returned 1 [0099.756] CloseHandle (hObject=0x2b8) returned 1 [0099.781] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", nBufferLength=0x105, lpBuffer=0xcfe63c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", lpFilePart=0x0) returned 0x2c [0099.781] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeaf0) returned 1 [0099.781] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8" (normalized: "c:\\users\\fd1hvy\\desktop\\read_this.txt.shade8"), fInfoLevelId=0x0, lpFileInformation=0xcfeb6c | out: lpFileInformation=0xcfeb6c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0099.781] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeaec) returned 1 [0099.781] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Music\\uKXWa1PtjbZApm2LEb\\LFWVJ01Ad\\02SaSBZW.mp3", nBufferLength=0x105, lpBuffer=0xcfe524, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Music\\uKXWa1PtjbZApm2LEb\\LFWVJ01Ad\\02SaSBZW.mp3", lpFilePart=0x0) returned 0x3f [0099.781] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfea68) returned 1 [0099.781] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Music\\uKXWa1PtjbZApm2LEb\\LFWVJ01Ad\\02SaSBZW.mp3" (normalized: "c:\\users\\fd1hvy\\music\\ukxwa1ptjbzapm2leb\\lfwvj01ad\\02sasbzw.mp3"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2b8 [0099.783] GetFileType (hFile=0x2b8) returned 0x1 [0099.783] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfea64) returned 1 [0099.783] GetFileType (hFile=0x2b8) returned 0x1 [0099.783] WriteFile (in: hFile=0x2b8, lpBuffer=0x3e61a78*, nNumberOfBytesToWrite=0x16030, lpNumberOfBytesWritten=0xcfeb18, lpOverlapped=0x0 | out: lpBuffer=0x3e61a78*, lpNumberOfBytesWritten=0xcfeb18*=0x16030, lpOverlapped=0x0) returned 1 [0099.785] CloseHandle (hObject=0x2b8) returned 1 [0099.787] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Music\\uKXWa1PtjbZApm2LEb\\LFWVJ01Ad\\02SaSBZW.mp3", nBufferLength=0x105, lpBuffer=0xcfe648, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Music\\uKXWa1PtjbZApm2LEb\\LFWVJ01Ad\\02SaSBZW.mp3", lpFilePart=0x0) returned 0x3f [0099.787] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Music\\uKXWa1PtjbZApm2LEb\\LFWVJ01Ad\\02SaSBZW.mp3.shade8", nBufferLength=0x105, lpBuffer=0xcfe648, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Music\\uKXWa1PtjbZApm2LEb\\LFWVJ01Ad\\02SaSBZW.mp3.shade8", lpFilePart=0x0) returned 0x46 [0099.788] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeafc) returned 1 [0099.788] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Music\\uKXWa1PtjbZApm2LEb\\LFWVJ01Ad\\02SaSBZW.mp3" (normalized: "c:\\users\\fd1hvy\\music\\ukxwa1ptjbzapm2leb\\lfwvj01ad\\02sasbzw.mp3"), fInfoLevelId=0x0, lpFileInformation=0xcfeb78 | out: lpFileInformation=0xcfeb78*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa52444a0, ftCreationTime.dwHighDateTime=0x1d4c722, ftLastAccessTime.dwLowDateTime=0x4b4bad10, ftLastAccessTime.dwHighDateTime=0x1d4d195, ftLastWriteTime.dwLowDateTime=0x8414d7c2, ftLastWriteTime.dwHighDateTime=0x1d57301, nFileSizeHigh=0x0, nFileSizeLow=0x16030)) returned 1 [0099.788] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeaf8) returned 1 [0099.788] MoveFileW (lpExistingFileName="C:\\Users\\FD1HVy\\Music\\uKXWa1PtjbZApm2LEb\\LFWVJ01Ad\\02SaSBZW.mp3" (normalized: "c:\\users\\fd1hvy\\music\\ukxwa1ptjbzapm2leb\\lfwvj01ad\\02sasbzw.mp3"), lpNewFileName="C:\\Users\\FD1HVy\\Music\\uKXWa1PtjbZApm2LEb\\LFWVJ01Ad\\02SaSBZW.mp3.shade8" (normalized: "c:\\users\\fd1hvy\\music\\ukxwa1ptjbzapm2leb\\lfwvj01ad\\02sasbzw.mp3.shade8")) returned 1 [0099.788] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Music\\uKXWa1PtjbZApm2LEb\\LFWVJ01Ad\\BRPUq7z.mp3", nBufferLength=0x105, lpBuffer=0xcfe538, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Music\\uKXWa1PtjbZApm2LEb\\LFWVJ01Ad\\BRPUq7z.mp3", lpFilePart=0x0) returned 0x3e [0099.788] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfea7c) returned 1 [0099.789] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Music\\uKXWa1PtjbZApm2LEb\\LFWVJ01Ad\\BRPUq7z.mp3" (normalized: "c:\\users\\fd1hvy\\music\\ukxwa1ptjbzapm2leb\\lfwvj01ad\\brpuq7z.mp3"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2b8 [0099.789] GetFileType (hFile=0x2b8) returned 0x1 [0099.789] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfea78) returned 1 [0099.789] GetFileType (hFile=0x2b8) returned 0x1 [0099.789] GetFileSize (in: hFile=0x2b8, lpFileSizeHigh=0xcfeb78 | out: lpFileSizeHigh=0xcfeb78*=0x0) returned 0x187b6 [0099.789] ReadFile (in: hFile=0x2b8, lpBuffer=0x3e77ac8, nNumberOfBytesToRead=0x187b6, lpNumberOfBytesRead=0xcfeb24, lpOverlapped=0x0 | out: lpBuffer=0x3e77ac8*, lpNumberOfBytesRead=0xcfeb24*=0x187b6, lpOverlapped=0x0) returned 1 [0099.804] CloseHandle (hObject=0x2b8) returned 1 [0099.914] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", nBufferLength=0x105, lpBuffer=0xcfe63c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", lpFilePart=0x0) returned 0x2c [0099.914] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeaf0) returned 1 [0099.915] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8" (normalized: "c:\\users\\fd1hvy\\desktop\\read_this.txt.shade8"), fInfoLevelId=0x0, lpFileInformation=0xcfeb6c | out: lpFileInformation=0xcfeb6c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0099.915] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeaec) returned 1 [0099.915] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Music\\uKXWa1PtjbZApm2LEb\\LFWVJ01Ad\\BRPUq7z.mp3", nBufferLength=0x105, lpBuffer=0xcfe524, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Music\\uKXWa1PtjbZApm2LEb\\LFWVJ01Ad\\BRPUq7z.mp3", lpFilePart=0x0) returned 0x3e [0099.915] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfea68) returned 1 [0099.915] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Music\\uKXWa1PtjbZApm2LEb\\LFWVJ01Ad\\BRPUq7z.mp3" (normalized: "c:\\users\\fd1hvy\\music\\ukxwa1ptjbzapm2leb\\lfwvj01ad\\brpuq7z.mp3"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2b8 [0099.917] GetFileType (hFile=0x2b8) returned 0x1 [0099.917] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfea64) returned 1 [0099.917] GetFileType (hFile=0x2b8) returned 0x1 [0099.917] WriteFile (in: hFile=0x2b8, lpBuffer=0x3ef21c0*, nNumberOfBytesToWrite=0x187c0, lpNumberOfBytesWritten=0xcfeb18, lpOverlapped=0x0 | out: lpBuffer=0x3ef21c0*, lpNumberOfBytesWritten=0xcfeb18*=0x187c0, lpOverlapped=0x0) returned 1 [0099.966] CloseHandle (hObject=0x2b8) returned 1 [0099.970] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Music\\uKXWa1PtjbZApm2LEb\\LFWVJ01Ad\\BRPUq7z.mp3", nBufferLength=0x105, lpBuffer=0xcfe648, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Music\\uKXWa1PtjbZApm2LEb\\LFWVJ01Ad\\BRPUq7z.mp3", lpFilePart=0x0) returned 0x3e [0099.970] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Music\\uKXWa1PtjbZApm2LEb\\LFWVJ01Ad\\BRPUq7z.mp3.shade8", nBufferLength=0x105, lpBuffer=0xcfe648, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Music\\uKXWa1PtjbZApm2LEb\\LFWVJ01Ad\\BRPUq7z.mp3.shade8", lpFilePart=0x0) returned 0x45 [0099.970] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeafc) returned 1 [0099.970] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Music\\uKXWa1PtjbZApm2LEb\\LFWVJ01Ad\\BRPUq7z.mp3" (normalized: "c:\\users\\fd1hvy\\music\\ukxwa1ptjbzapm2leb\\lfwvj01ad\\brpuq7z.mp3"), fInfoLevelId=0x0, lpFileInformation=0xcfeb78 | out: lpFileInformation=0xcfeb78*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf2177850, ftCreationTime.dwHighDateTime=0x1d4cb9f, ftLastAccessTime.dwLowDateTime=0xd1f11750, ftLastAccessTime.dwHighDateTime=0x1d4cd90, ftLastWriteTime.dwLowDateTime=0x843172e9, ftLastWriteTime.dwHighDateTime=0x1d57301, nFileSizeHigh=0x0, nFileSizeLow=0x187c0)) returned 1 [0099.970] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeaf8) returned 1 [0099.970] MoveFileW (lpExistingFileName="C:\\Users\\FD1HVy\\Music\\uKXWa1PtjbZApm2LEb\\LFWVJ01Ad\\BRPUq7z.mp3" (normalized: "c:\\users\\fd1hvy\\music\\ukxwa1ptjbzapm2leb\\lfwvj01ad\\brpuq7z.mp3"), lpNewFileName="C:\\Users\\FD1HVy\\Music\\uKXWa1PtjbZApm2LEb\\LFWVJ01Ad\\BRPUq7z.mp3.shade8" (normalized: "c:\\users\\fd1hvy\\music\\ukxwa1ptjbzapm2leb\\lfwvj01ad\\brpuq7z.mp3.shade8")) returned 1 [0099.971] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Music\\uKXWa1PtjbZApm2LEb\\LFWVJ01Ad\\DGx7vOTPNlq BISYL.mp3", nBufferLength=0x105, lpBuffer=0xcfe538, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Music\\uKXWa1PtjbZApm2LEb\\LFWVJ01Ad\\DGx7vOTPNlq BISYL.mp3", lpFilePart=0x0) returned 0x48 [0099.971] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfea7c) returned 1 [0099.971] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Music\\uKXWa1PtjbZApm2LEb\\LFWVJ01Ad\\DGx7vOTPNlq BISYL.mp3" (normalized: "c:\\users\\fd1hvy\\music\\ukxwa1ptjbzapm2leb\\lfwvj01ad\\dgx7votpnlq bisyl.mp3"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2b8 [0099.971] GetFileType (hFile=0x2b8) returned 0x1 [0099.971] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfea78) returned 1 [0099.972] GetFileType (hFile=0x2b8) returned 0x1 [0099.972] GetFileSize (in: hFile=0x2b8, lpFileSizeHigh=0xcfeb78 | out: lpFileSizeHigh=0xcfeb78*=0x0) returned 0xbaf6 [0099.972] ReadFile (in: hFile=0x2b8, lpBuffer=0x2c26dbc, nNumberOfBytesToRead=0xbaf6, lpNumberOfBytesRead=0xcfeb24, lpOverlapped=0x0 | out: lpBuffer=0x2c26dbc*, lpNumberOfBytesRead=0xcfeb24*=0xbaf6, lpOverlapped=0x0) returned 1 [0099.972] CloseHandle (hObject=0x2b8) returned 1 [0100.172] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", nBufferLength=0x105, lpBuffer=0xcfe63c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", lpFilePart=0x0) returned 0x2c [0100.172] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeaf0) returned 1 [0100.172] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8" (normalized: "c:\\users\\fd1hvy\\desktop\\read_this.txt.shade8"), fInfoLevelId=0x0, lpFileInformation=0xcfeb6c | out: lpFileInformation=0xcfeb6c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0100.172] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeaec) returned 1 [0100.172] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Music\\uKXWa1PtjbZApm2LEb\\LFWVJ01Ad\\DGx7vOTPNlq BISYL.mp3", nBufferLength=0x105, lpBuffer=0xcfe524, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Music\\uKXWa1PtjbZApm2LEb\\LFWVJ01Ad\\DGx7vOTPNlq BISYL.mp3", lpFilePart=0x0) returned 0x48 [0100.172] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfea68) returned 1 [0100.172] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Music\\uKXWa1PtjbZApm2LEb\\LFWVJ01Ad\\DGx7vOTPNlq BISYL.mp3" (normalized: "c:\\users\\fd1hvy\\music\\ukxwa1ptjbzapm2leb\\lfwvj01ad\\dgx7votpnlq bisyl.mp3"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2b8 [0100.173] GetFileType (hFile=0x2b8) returned 0x1 [0100.174] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfea64) returned 1 [0100.174] GetFileType (hFile=0x2b8) returned 0x1 [0100.174] WriteFile (in: hFile=0x2b8, lpBuffer=0x2be4378*, nNumberOfBytesToWrite=0xbb00, lpNumberOfBytesWritten=0xcfeb18, lpOverlapped=0x0 | out: lpBuffer=0x2be4378*, lpNumberOfBytesWritten=0xcfeb18*=0xbb00, lpOverlapped=0x0) returned 1 [0100.175] CloseHandle (hObject=0x2b8) returned 1 [0100.177] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Music\\uKXWa1PtjbZApm2LEb\\LFWVJ01Ad\\DGx7vOTPNlq BISYL.mp3", nBufferLength=0x105, lpBuffer=0xcfe648, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Music\\uKXWa1PtjbZApm2LEb\\LFWVJ01Ad\\DGx7vOTPNlq BISYL.mp3", lpFilePart=0x0) returned 0x48 [0100.177] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Music\\uKXWa1PtjbZApm2LEb\\LFWVJ01Ad\\DGx7vOTPNlq BISYL.mp3.shade8", nBufferLength=0x105, lpBuffer=0xcfe648, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Music\\uKXWa1PtjbZApm2LEb\\LFWVJ01Ad\\DGx7vOTPNlq BISYL.mp3.shade8", lpFilePart=0x0) returned 0x4f [0100.177] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeafc) returned 1 [0100.177] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Music\\uKXWa1PtjbZApm2LEb\\LFWVJ01Ad\\DGx7vOTPNlq BISYL.mp3" (normalized: "c:\\users\\fd1hvy\\music\\ukxwa1ptjbzapm2leb\\lfwvj01ad\\dgx7votpnlq bisyl.mp3"), fInfoLevelId=0x0, lpFileInformation=0xcfeb78 | out: lpFileInformation=0xcfeb78*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x177ab880, ftCreationTime.dwHighDateTime=0x1d4d28c, ftLastAccessTime.dwLowDateTime=0x6d1dfde0, ftLastAccessTime.dwHighDateTime=0x1d4cf37, ftLastWriteTime.dwLowDateTime=0x84507188, ftLastWriteTime.dwHighDateTime=0x1d57301, nFileSizeHigh=0x0, nFileSizeLow=0xbb00)) returned 1 [0100.177] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeaf8) returned 1 [0100.177] MoveFileW (lpExistingFileName="C:\\Users\\FD1HVy\\Music\\uKXWa1PtjbZApm2LEb\\LFWVJ01Ad\\DGx7vOTPNlq BISYL.mp3" (normalized: "c:\\users\\fd1hvy\\music\\ukxwa1ptjbzapm2leb\\lfwvj01ad\\dgx7votpnlq bisyl.mp3"), lpNewFileName="C:\\Users\\FD1HVy\\Music\\uKXWa1PtjbZApm2LEb\\LFWVJ01Ad\\DGx7vOTPNlq BISYL.mp3.shade8" (normalized: "c:\\users\\fd1hvy\\music\\ukxwa1ptjbzapm2leb\\lfwvj01ad\\dgx7votpnlq bisyl.mp3.shade8")) returned 1 [0100.178] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfebd0) returned 1 [0100.178] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Music\\uKXWa1PtjbZApm2LEb\\O 6eRN cahdm2RA0wAkE", nBufferLength=0x105, lpBuffer=0xcfe684, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Music\\uKXWa1PtjbZApm2LEb\\O 6eRN cahdm2RA0wAkE", lpFilePart=0x0) returned 0x3d [0100.178] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\Music\\uKXWa1PtjbZApm2LEb\\O 6eRN cahdm2RA0wAkE\\*", lpFindFileData=0xcfe8f8 | out: lpFindFileData=0xcfe8f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x96af7c90, ftCreationTime.dwHighDateTime=0x1d4cfcf, ftLastAccessTime.dwLowDateTime=0x682170, ftLastAccessTime.dwHighDateTime=0x1d4c8e4, ftLastWriteTime.dwLowDateTime=0x682170, ftLastWriteTime.dwHighDateTime=0x1d4c8e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xfe67a0 [0100.178] FindNextFileW (in: hFindFile=0xfe67a0, lpFindFileData=0xcfe904 | out: lpFindFileData=0xcfe904*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x96af7c90, ftCreationTime.dwHighDateTime=0x1d4cfcf, ftLastAccessTime.dwLowDateTime=0x682170, ftLastAccessTime.dwHighDateTime=0x1d4c8e4, ftLastWriteTime.dwLowDateTime=0x682170, ftLastWriteTime.dwHighDateTime=0x1d4c8e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0100.178] FindNextFileW (in: hFindFile=0xfe67a0, lpFindFileData=0xcfe904 | out: lpFindFileData=0xcfe904*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x82b14d20, ftCreationTime.dwHighDateTime=0x1d4d3eb, ftLastAccessTime.dwLowDateTime=0x1ae078e0, ftLastAccessTime.dwHighDateTime=0x1d4d375, ftLastWriteTime.dwLowDateTime=0x1ae078e0, ftLastWriteTime.dwHighDateTime=0x1d4d375, nFileSizeHigh=0x0, nFileSizeLow=0x17f2b, dwReserved0=0x0, dwReserved1=0x0, cFileName="8AWvvCxjzGXbAZ29.wav", cAlternateFileName="8AWVVC~1.WAV")) returned 1 [0100.179] FindNextFileW (in: hFindFile=0xfe67a0, lpFindFileData=0xcfe904 | out: lpFindFileData=0xcfe904*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1d8192f0, ftCreationTime.dwHighDateTime=0x1d4c727, ftLastAccessTime.dwLowDateTime=0xe50ddac0, ftLastAccessTime.dwHighDateTime=0x1d4c8a0, ftLastWriteTime.dwLowDateTime=0xe50ddac0, ftLastWriteTime.dwHighDateTime=0x1d4c8a0, nFileSizeHigh=0x0, nFileSizeLow=0xb15, dwReserved0=0x0, dwReserved1=0x0, cFileName="GvpkvTxnUXFECQImT.wav", cAlternateFileName="GVPKVT~1.WAV")) returned 1 [0100.179] FindNextFileW (in: hFindFile=0xfe67a0, lpFindFileData=0xcfe904 | out: lpFindFileData=0xcfe904*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc8b064e0, ftCreationTime.dwHighDateTime=0x1d4d3e2, ftLastAccessTime.dwLowDateTime=0x8f89a4c0, ftLastAccessTime.dwHighDateTime=0x1d4c9f5, ftLastWriteTime.dwLowDateTime=0x8f89a4c0, ftLastWriteTime.dwHighDateTime=0x1d4c9f5, nFileSizeHigh=0x0, nFileSizeLow=0x1cd8, dwReserved0=0x0, dwReserved1=0x0, cFileName="jCRflz5tqOdJFiCip.mp3", cAlternateFileName="JCRFLZ~1.MP3")) returned 1 [0100.179] FindNextFileW (in: hFindFile=0xfe67a0, lpFindFileData=0xcfe904 | out: lpFindFileData=0xcfe904*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8e158860, ftCreationTime.dwHighDateTime=0x1d4cd84, ftLastAccessTime.dwLowDateTime=0x12e93d40, ftLastAccessTime.dwHighDateTime=0x1d4c9eb, ftLastWriteTime.dwLowDateTime=0x12e93d40, ftLastWriteTime.dwHighDateTime=0x1d4c9eb, nFileSizeHigh=0x0, nFileSizeLow=0x1548e, dwReserved0=0x0, dwReserved1=0x0, cFileName="SPrcX0T_X6.wav", cAlternateFileName="SPRCX0~1.WAV")) returned 1 [0100.179] FindNextFileW (in: hFindFile=0xfe67a0, lpFindFileData=0xcfe904 | out: lpFindFileData=0xcfe904*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x91c129c0, ftCreationTime.dwHighDateTime=0x1d4c9eb, ftLastAccessTime.dwLowDateTime=0x9df792c0, ftLastAccessTime.dwHighDateTime=0x1d4d543, ftLastWriteTime.dwLowDateTime=0x9df792c0, ftLastWriteTime.dwHighDateTime=0x1d4d543, nFileSizeHigh=0x0, nFileSizeLow=0x15c7d, dwReserved0=0x0, dwReserved1=0x0, cFileName="T579GrUCDHy1 rBpI.m4a", cAlternateFileName="T579GR~1.M4A")) returned 1 [0100.179] FindNextFileW (in: hFindFile=0xfe67a0, lpFindFileData=0xcfe904 | out: lpFindFileData=0xcfe904*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0100.179] FindClose (in: hFindFile=0xfe67a0 | out: hFindFile=0xfe67a0) returned 1 [0100.179] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeb8c) returned 1 [0100.180] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeb98) returned 1 [0100.180] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfebd0) returned 1 [0100.180] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Music\\uKXWa1PtjbZApm2LEb\\O 6eRN cahdm2RA0wAkE", nBufferLength=0x105, lpBuffer=0xcfe684, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Music\\uKXWa1PtjbZApm2LEb\\O 6eRN cahdm2RA0wAkE", lpFilePart=0x0) returned 0x3d [0100.180] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\Music\\uKXWa1PtjbZApm2LEb\\O 6eRN cahdm2RA0wAkE\\*", lpFindFileData=0xcfe8f8 | out: lpFindFileData=0xcfe8f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x96af7c90, ftCreationTime.dwHighDateTime=0x1d4cfcf, ftLastAccessTime.dwLowDateTime=0x682170, ftLastAccessTime.dwHighDateTime=0x1d4c8e4, ftLastWriteTime.dwLowDateTime=0x682170, ftLastWriteTime.dwHighDateTime=0x1d4c8e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xfe6660 [0100.180] FindNextFileW (in: hFindFile=0xfe6660, lpFindFileData=0xcfe904 | out: lpFindFileData=0xcfe904*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x96af7c90, ftCreationTime.dwHighDateTime=0x1d4cfcf, ftLastAccessTime.dwLowDateTime=0x682170, ftLastAccessTime.dwHighDateTime=0x1d4c8e4, ftLastWriteTime.dwLowDateTime=0x682170, ftLastWriteTime.dwHighDateTime=0x1d4c8e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0100.180] FindNextFileW (in: hFindFile=0xfe6660, lpFindFileData=0xcfe904 | out: lpFindFileData=0xcfe904*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x82b14d20, ftCreationTime.dwHighDateTime=0x1d4d3eb, ftLastAccessTime.dwLowDateTime=0x1ae078e0, ftLastAccessTime.dwHighDateTime=0x1d4d375, ftLastWriteTime.dwLowDateTime=0x1ae078e0, ftLastWriteTime.dwHighDateTime=0x1d4d375, nFileSizeHigh=0x0, nFileSizeLow=0x17f2b, dwReserved0=0x0, dwReserved1=0x0, cFileName="8AWvvCxjzGXbAZ29.wav", cAlternateFileName="8AWVVC~1.WAV")) returned 1 [0100.180] FindNextFileW (in: hFindFile=0xfe6660, lpFindFileData=0xcfe904 | out: lpFindFileData=0xcfe904*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1d8192f0, ftCreationTime.dwHighDateTime=0x1d4c727, ftLastAccessTime.dwLowDateTime=0xe50ddac0, ftLastAccessTime.dwHighDateTime=0x1d4c8a0, ftLastWriteTime.dwLowDateTime=0xe50ddac0, ftLastWriteTime.dwHighDateTime=0x1d4c8a0, nFileSizeHigh=0x0, nFileSizeLow=0xb15, dwReserved0=0x0, dwReserved1=0x0, cFileName="GvpkvTxnUXFECQImT.wav", cAlternateFileName="GVPKVT~1.WAV")) returned 1 [0100.181] FindNextFileW (in: hFindFile=0xfe6660, lpFindFileData=0xcfe904 | out: lpFindFileData=0xcfe904*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc8b064e0, ftCreationTime.dwHighDateTime=0x1d4d3e2, ftLastAccessTime.dwLowDateTime=0x8f89a4c0, ftLastAccessTime.dwHighDateTime=0x1d4c9f5, ftLastWriteTime.dwLowDateTime=0x8f89a4c0, ftLastWriteTime.dwHighDateTime=0x1d4c9f5, nFileSizeHigh=0x0, nFileSizeLow=0x1cd8, dwReserved0=0x0, dwReserved1=0x0, cFileName="jCRflz5tqOdJFiCip.mp3", cAlternateFileName="JCRFLZ~1.MP3")) returned 1 [0100.181] FindNextFileW (in: hFindFile=0xfe6660, lpFindFileData=0xcfe904 | out: lpFindFileData=0xcfe904*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8e158860, ftCreationTime.dwHighDateTime=0x1d4cd84, ftLastAccessTime.dwLowDateTime=0x12e93d40, ftLastAccessTime.dwHighDateTime=0x1d4c9eb, ftLastWriteTime.dwLowDateTime=0x12e93d40, ftLastWriteTime.dwHighDateTime=0x1d4c9eb, nFileSizeHigh=0x0, nFileSizeLow=0x1548e, dwReserved0=0x0, dwReserved1=0x0, cFileName="SPrcX0T_X6.wav", cAlternateFileName="SPRCX0~1.WAV")) returned 1 [0100.181] FindNextFileW (in: hFindFile=0xfe6660, lpFindFileData=0xcfe904 | out: lpFindFileData=0xcfe904*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x91c129c0, ftCreationTime.dwHighDateTime=0x1d4c9eb, ftLastAccessTime.dwLowDateTime=0x9df792c0, ftLastAccessTime.dwHighDateTime=0x1d4d543, ftLastWriteTime.dwLowDateTime=0x9df792c0, ftLastWriteTime.dwHighDateTime=0x1d4d543, nFileSizeHigh=0x0, nFileSizeLow=0x15c7d, dwReserved0=0x0, dwReserved1=0x0, cFileName="T579GrUCDHy1 rBpI.m4a", cAlternateFileName="T579GR~1.M4A")) returned 1 [0100.181] FindNextFileW (in: hFindFile=0xfe6660, lpFindFileData=0xcfe904 | out: lpFindFileData=0xcfe904*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x91c129c0, ftCreationTime.dwHighDateTime=0x1d4c9eb, ftLastAccessTime.dwLowDateTime=0x9df792c0, ftLastAccessTime.dwHighDateTime=0x1d4d543, ftLastWriteTime.dwLowDateTime=0x9df792c0, ftLastWriteTime.dwHighDateTime=0x1d4d543, nFileSizeHigh=0x0, nFileSizeLow=0x15c7d, dwReserved0=0x0, dwReserved1=0x0, cFileName="T579GrUCDHy1 rBpI.m4a", cAlternateFileName="T579GR~1.M4A")) returned 0 [0100.181] FindClose (in: hFindFile=0xfe6660 | out: hFindFile=0xfe6660) returned 1 [0100.181] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeb8c) returned 1 [0100.181] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeb98) returned 1 [0100.182] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Music\\uKXWa1PtjbZApm2LEb\\O 6eRN cahdm2RA0wAkE\\jCRflz5tqOdJFiCip.mp3", nBufferLength=0x105, lpBuffer=0xcfe538, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Music\\uKXWa1PtjbZApm2LEb\\O 6eRN cahdm2RA0wAkE\\jCRflz5tqOdJFiCip.mp3", lpFilePart=0x0) returned 0x53 [0100.182] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfea7c) returned 1 [0100.182] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Music\\uKXWa1PtjbZApm2LEb\\O 6eRN cahdm2RA0wAkE\\jCRflz5tqOdJFiCip.mp3" (normalized: "c:\\users\\fd1hvy\\music\\ukxwa1ptjbzapm2leb\\o 6ern cahdm2ra0wake\\jcrflz5tqodjficip.mp3"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2b8 [0100.182] GetFileType (hFile=0x2b8) returned 0x1 [0100.182] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfea78) returned 1 [0100.182] GetFileType (hFile=0x2b8) returned 0x1 [0100.182] GetFileSize (in: hFile=0x2b8, lpFileSizeHigh=0xcfeb78 | out: lpFileSizeHigh=0xcfeb78*=0x0) returned 0x1cd8 [0100.182] ReadFile (in: hFile=0x2b8, lpBuffer=0x2bf291c, nNumberOfBytesToRead=0x1cd8, lpNumberOfBytesRead=0xcfeb24, lpOverlapped=0x0 | out: lpBuffer=0x2bf291c*, lpNumberOfBytesRead=0xcfeb24*=0x1cd8, lpOverlapped=0x0) returned 1 [0100.182] CloseHandle (hObject=0x2b8) returned 1 [0100.256] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", nBufferLength=0x105, lpBuffer=0xcfe63c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", lpFilePart=0x0) returned 0x2c [0100.256] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeaf0) returned 1 [0100.256] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8" (normalized: "c:\\users\\fd1hvy\\desktop\\read_this.txt.shade8"), fInfoLevelId=0x0, lpFileInformation=0xcfeb6c | out: lpFileInformation=0xcfeb6c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0100.256] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeaec) returned 1 [0100.256] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Music\\uKXWa1PtjbZApm2LEb\\O 6eRN cahdm2RA0wAkE\\jCRflz5tqOdJFiCip.mp3", nBufferLength=0x105, lpBuffer=0xcfe524, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Music\\uKXWa1PtjbZApm2LEb\\O 6eRN cahdm2RA0wAkE\\jCRflz5tqOdJFiCip.mp3", lpFilePart=0x0) returned 0x53 [0100.256] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfea68) returned 1 [0100.256] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Music\\uKXWa1PtjbZApm2LEb\\O 6eRN cahdm2RA0wAkE\\jCRflz5tqOdJFiCip.mp3" (normalized: "c:\\users\\fd1hvy\\music\\ukxwa1ptjbzapm2leb\\o 6ern cahdm2ra0wake\\jcrflz5tqodjficip.mp3"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2b8 [0100.258] GetFileType (hFile=0x2b8) returned 0x1 [0100.258] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfea64) returned 1 [0100.258] GetFileType (hFile=0x2b8) returned 0x1 [0100.258] WriteFile (in: hFile=0x2b8, lpBuffer=0x2c488c0*, nNumberOfBytesToWrite=0x1ce0, lpNumberOfBytesWritten=0xcfeb18, lpOverlapped=0x0 | out: lpBuffer=0x2c488c0*, lpNumberOfBytesWritten=0xcfeb18*=0x1ce0, lpOverlapped=0x0) returned 1 [0100.259] CloseHandle (hObject=0x2b8) returned 1 [0100.260] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Music\\uKXWa1PtjbZApm2LEb\\O 6eRN cahdm2RA0wAkE\\jCRflz5tqOdJFiCip.mp3", nBufferLength=0x105, lpBuffer=0xcfe648, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Music\\uKXWa1PtjbZApm2LEb\\O 6eRN cahdm2RA0wAkE\\jCRflz5tqOdJFiCip.mp3", lpFilePart=0x0) returned 0x53 [0100.260] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Music\\uKXWa1PtjbZApm2LEb\\O 6eRN cahdm2RA0wAkE\\jCRflz5tqOdJFiCip.mp3.shade8", nBufferLength=0x105, lpBuffer=0xcfe648, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Music\\uKXWa1PtjbZApm2LEb\\O 6eRN cahdm2RA0wAkE\\jCRflz5tqOdJFiCip.mp3.shade8", lpFilePart=0x0) returned 0x5a [0100.260] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeafc) returned 1 [0100.260] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Music\\uKXWa1PtjbZApm2LEb\\O 6eRN cahdm2RA0wAkE\\jCRflz5tqOdJFiCip.mp3" (normalized: "c:\\users\\fd1hvy\\music\\ukxwa1ptjbzapm2leb\\o 6ern cahdm2ra0wake\\jcrflz5tqodjficip.mp3"), fInfoLevelId=0x0, lpFileInformation=0xcfeb78 | out: lpFileInformation=0xcfeb78*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc8b064e0, ftCreationTime.dwHighDateTime=0x1d4d3e2, ftLastAccessTime.dwLowDateTime=0x8f89a4c0, ftLastAccessTime.dwHighDateTime=0x1d4c9f5, ftLastWriteTime.dwLowDateTime=0x845c5ea0, ftLastWriteTime.dwHighDateTime=0x1d57301, nFileSizeHigh=0x0, nFileSizeLow=0x1ce0)) returned 1 [0100.260] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeaf8) returned 1 [0100.260] MoveFileW (lpExistingFileName="C:\\Users\\FD1HVy\\Music\\uKXWa1PtjbZApm2LEb\\O 6eRN cahdm2RA0wAkE\\jCRflz5tqOdJFiCip.mp3" (normalized: "c:\\users\\fd1hvy\\music\\ukxwa1ptjbzapm2leb\\o 6ern cahdm2ra0wake\\jcrflz5tqodjficip.mp3"), lpNewFileName="C:\\Users\\FD1HVy\\Music\\uKXWa1PtjbZApm2LEb\\O 6eRN cahdm2RA0wAkE\\jCRflz5tqOdJFiCip.mp3.shade8" (normalized: "c:\\users\\fd1hvy\\music\\ukxwa1ptjbzapm2leb\\o 6ern cahdm2ra0wake\\jcrflz5tqodjficip.mp3.shade8")) returned 1 [0100.261] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfebd0) returned 1 [0100.261] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Music\\uKXWa1PtjbZApm2LEb\\Rglo0bBTnKx1", nBufferLength=0x105, lpBuffer=0xcfe684, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Music\\uKXWa1PtjbZApm2LEb\\Rglo0bBTnKx1", lpFilePart=0x0) returned 0x35 [0100.261] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\Music\\uKXWa1PtjbZApm2LEb\\Rglo0bBTnKx1\\*", lpFindFileData=0xcfe8f8 | out: lpFindFileData=0xcfe8f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xded72f30, ftCreationTime.dwHighDateTime=0x1d4c58a, ftLastAccessTime.dwLowDateTime=0x935b5e20, ftLastAccessTime.dwHighDateTime=0x1d4d104, ftLastWriteTime.dwLowDateTime=0x935b5e20, ftLastWriteTime.dwHighDateTime=0x1d4d104, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xfe65a0 [0100.262] FindNextFileW (in: hFindFile=0xfe65a0, lpFindFileData=0xcfe904 | out: lpFindFileData=0xcfe904*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xded72f30, ftCreationTime.dwHighDateTime=0x1d4c58a, ftLastAccessTime.dwLowDateTime=0x935b5e20, ftLastAccessTime.dwHighDateTime=0x1d4d104, ftLastWriteTime.dwLowDateTime=0x935b5e20, ftLastWriteTime.dwHighDateTime=0x1d4d104, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0100.262] FindNextFileW (in: hFindFile=0xfe65a0, lpFindFileData=0xcfe904 | out: lpFindFileData=0xcfe904*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9d1cdd10, ftCreationTime.dwHighDateTime=0x1d4d007, ftLastAccessTime.dwLowDateTime=0x9ab626c0, ftLastAccessTime.dwHighDateTime=0x1d4cba8, ftLastWriteTime.dwLowDateTime=0x9ab626c0, ftLastWriteTime.dwHighDateTime=0x1d4cba8, nFileSizeHigh=0x0, nFileSizeLow=0x13513, dwReserved0=0x0, dwReserved1=0x0, cFileName="a0nfTBKLbgFTtoJS8JKW.m4a", cAlternateFileName="A0NFTB~1.M4A")) returned 1 [0100.262] FindNextFileW (in: hFindFile=0xfe65a0, lpFindFileData=0xcfe904 | out: lpFindFileData=0xcfe904*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x962d62c0, ftCreationTime.dwHighDateTime=0x1d4d2d9, ftLastAccessTime.dwLowDateTime=0x57b23790, ftLastAccessTime.dwHighDateTime=0x1d4cfd8, ftLastWriteTime.dwLowDateTime=0x57b23790, ftLastWriteTime.dwHighDateTime=0x1d4cfd8, nFileSizeHigh=0x0, nFileSizeLow=0x14f7e, dwReserved0=0x0, dwReserved1=0x0, cFileName="DN_q8WdgrXsA14.wav", cAlternateFileName="DN_Q8W~1.WAV")) returned 1 [0100.262] FindNextFileW (in: hFindFile=0xfe65a0, lpFindFileData=0xcfe904 | out: lpFindFileData=0xcfe904*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x23d9dde0, ftCreationTime.dwHighDateTime=0x1d4d0ac, ftLastAccessTime.dwLowDateTime=0xecf2abd0, ftLastAccessTime.dwHighDateTime=0x1d4d1a6, ftLastWriteTime.dwLowDateTime=0xecf2abd0, ftLastWriteTime.dwHighDateTime=0x1d4d1a6, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="kjP8", cAlternateFileName="")) returned 1 [0100.276] FindNextFileW (in: hFindFile=0xfe65a0, lpFindFileData=0xcfe904 | out: lpFindFileData=0xcfe904*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x23d9dde0, ftCreationTime.dwHighDateTime=0x1d4d0ac, ftLastAccessTime.dwLowDateTime=0xecf2abd0, ftLastAccessTime.dwHighDateTime=0x1d4d1a6, ftLastWriteTime.dwLowDateTime=0xecf2abd0, ftLastWriteTime.dwHighDateTime=0x1d4d1a6, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="kjP8", cAlternateFileName="")) returned 0 [0100.276] FindClose (in: hFindFile=0xfe65a0 | out: hFindFile=0xfe65a0) returned 1 [0100.276] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeb8c) returned 1 [0100.276] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeb98) returned 1 [0100.276] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfebd0) returned 1 [0100.276] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Music\\uKXWa1PtjbZApm2LEb\\Rglo0bBTnKx1", nBufferLength=0x105, lpBuffer=0xcfe684, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Music\\uKXWa1PtjbZApm2LEb\\Rglo0bBTnKx1", lpFilePart=0x0) returned 0x35 [0100.276] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\Music\\uKXWa1PtjbZApm2LEb\\Rglo0bBTnKx1\\*", lpFindFileData=0xcfe8f8 | out: lpFindFileData=0xcfe8f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xded72f30, ftCreationTime.dwHighDateTime=0x1d4c58a, ftLastAccessTime.dwLowDateTime=0x935b5e20, ftLastAccessTime.dwHighDateTime=0x1d4d104, ftLastWriteTime.dwLowDateTime=0x935b5e20, ftLastWriteTime.dwHighDateTime=0x1d4d104, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xfe65a0 [0100.277] FindNextFileW (in: hFindFile=0xfe65a0, lpFindFileData=0xcfe904 | out: lpFindFileData=0xcfe904*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xded72f30, ftCreationTime.dwHighDateTime=0x1d4c58a, ftLastAccessTime.dwLowDateTime=0x935b5e20, ftLastAccessTime.dwHighDateTime=0x1d4d104, ftLastWriteTime.dwLowDateTime=0x935b5e20, ftLastWriteTime.dwHighDateTime=0x1d4d104, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0100.277] FindNextFileW (in: hFindFile=0xfe65a0, lpFindFileData=0xcfe904 | out: lpFindFileData=0xcfe904*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9d1cdd10, ftCreationTime.dwHighDateTime=0x1d4d007, ftLastAccessTime.dwLowDateTime=0x9ab626c0, ftLastAccessTime.dwHighDateTime=0x1d4cba8, ftLastWriteTime.dwLowDateTime=0x9ab626c0, ftLastWriteTime.dwHighDateTime=0x1d4cba8, nFileSizeHigh=0x0, nFileSizeLow=0x13513, dwReserved0=0x0, dwReserved1=0x0, cFileName="a0nfTBKLbgFTtoJS8JKW.m4a", cAlternateFileName="A0NFTB~1.M4A")) returned 1 [0100.277] FindNextFileW (in: hFindFile=0xfe65a0, lpFindFileData=0xcfe904 | out: lpFindFileData=0xcfe904*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x962d62c0, ftCreationTime.dwHighDateTime=0x1d4d2d9, ftLastAccessTime.dwLowDateTime=0x57b23790, ftLastAccessTime.dwHighDateTime=0x1d4cfd8, ftLastWriteTime.dwLowDateTime=0x57b23790, ftLastWriteTime.dwHighDateTime=0x1d4cfd8, nFileSizeHigh=0x0, nFileSizeLow=0x14f7e, dwReserved0=0x0, dwReserved1=0x0, cFileName="DN_q8WdgrXsA14.wav", cAlternateFileName="DN_Q8W~1.WAV")) returned 1 [0100.277] FindNextFileW (in: hFindFile=0xfe65a0, lpFindFileData=0xcfe904 | out: lpFindFileData=0xcfe904*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x23d9dde0, ftCreationTime.dwHighDateTime=0x1d4d0ac, ftLastAccessTime.dwLowDateTime=0xecf2abd0, ftLastAccessTime.dwHighDateTime=0x1d4d1a6, ftLastWriteTime.dwLowDateTime=0xecf2abd0, ftLastWriteTime.dwHighDateTime=0x1d4d1a6, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="kjP8", cAlternateFileName="")) returned 1 [0100.277] FindNextFileW (in: hFindFile=0xfe65a0, lpFindFileData=0xcfe904 | out: lpFindFileData=0xcfe904*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0100.278] FindClose (in: hFindFile=0xfe65a0 | out: hFindFile=0xfe65a0) returned 1 [0100.278] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeb8c) returned 1 [0100.278] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeb98) returned 1 [0100.278] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeb5c) returned 1 [0100.278] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Music\\uKXWa1PtjbZApm2LEb\\Rglo0bBTnKx1\\kjP8", nBufferLength=0x105, lpBuffer=0xcfe610, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Music\\uKXWa1PtjbZApm2LEb\\Rglo0bBTnKx1\\kjP8", lpFilePart=0x0) returned 0x3a [0100.278] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\Music\\uKXWa1PtjbZApm2LEb\\Rglo0bBTnKx1\\kjP8\\*", lpFindFileData=0xcfe884 | out: lpFindFileData=0xcfe884*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x23d9dde0, ftCreationTime.dwHighDateTime=0x1d4d0ac, ftLastAccessTime.dwLowDateTime=0xecf2abd0, ftLastAccessTime.dwHighDateTime=0x1d4d1a6, ftLastWriteTime.dwLowDateTime=0xecf2abd0, ftLastWriteTime.dwHighDateTime=0x1d4d1a6, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xfe64e0 [0100.278] FindNextFileW (in: hFindFile=0xfe64e0, lpFindFileData=0xcfe890 | out: lpFindFileData=0xcfe890*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x23d9dde0, ftCreationTime.dwHighDateTime=0x1d4d0ac, ftLastAccessTime.dwLowDateTime=0xecf2abd0, ftLastAccessTime.dwHighDateTime=0x1d4d1a6, ftLastWriteTime.dwLowDateTime=0xecf2abd0, ftLastWriteTime.dwHighDateTime=0x1d4d1a6, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0100.278] FindNextFileW (in: hFindFile=0xfe64e0, lpFindFileData=0xcfe890 | out: lpFindFileData=0xcfe890*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb3ef390, ftCreationTime.dwHighDateTime=0x1d4d090, ftLastAccessTime.dwLowDateTime=0xfdabd4f0, ftLastAccessTime.dwHighDateTime=0x1d4d486, ftLastWriteTime.dwLowDateTime=0xfdabd4f0, ftLastWriteTime.dwHighDateTime=0x1d4d486, nFileSizeHigh=0x0, nFileSizeLow=0x10b1, dwReserved0=0x0, dwReserved1=0x0, cFileName="dEHIM2PBM rjSD.wav", cAlternateFileName="DEHIM2~1.WAV")) returned 1 [0100.278] FindNextFileW (in: hFindFile=0xfe64e0, lpFindFileData=0xcfe890 | out: lpFindFileData=0xcfe890*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb6156fd0, ftCreationTime.dwHighDateTime=0x1d4c864, ftLastAccessTime.dwLowDateTime=0x90e281f0, ftLastAccessTime.dwHighDateTime=0x1d4c5ab, ftLastWriteTime.dwLowDateTime=0x90e281f0, ftLastWriteTime.dwHighDateTime=0x1d4c5ab, nFileSizeHigh=0x0, nFileSizeLow=0xfef5, dwReserved0=0x0, dwReserved1=0x0, cFileName="hWnHS8cPuVdh2Ls.mp3", cAlternateFileName="HWNHS8~1.MP3")) returned 1 [0100.279] FindNextFileW (in: hFindFile=0xfe64e0, lpFindFileData=0xcfe890 | out: lpFindFileData=0xcfe890*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0100.279] FindClose (in: hFindFile=0xfe64e0 | out: hFindFile=0xfe64e0) returned 1 [0100.279] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeb18) returned 1 [0100.279] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeb24) returned 1 [0100.279] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeb5c) returned 1 [0100.279] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Music\\uKXWa1PtjbZApm2LEb\\Rglo0bBTnKx1\\kjP8", nBufferLength=0x105, lpBuffer=0xcfe610, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Music\\uKXWa1PtjbZApm2LEb\\Rglo0bBTnKx1\\kjP8", lpFilePart=0x0) returned 0x3a [0100.279] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\Music\\uKXWa1PtjbZApm2LEb\\Rglo0bBTnKx1\\kjP8\\*", lpFindFileData=0xcfe884 | out: lpFindFileData=0xcfe884*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x23d9dde0, ftCreationTime.dwHighDateTime=0x1d4d0ac, ftLastAccessTime.dwLowDateTime=0xecf2abd0, ftLastAccessTime.dwHighDateTime=0x1d4d1a6, ftLastWriteTime.dwLowDateTime=0xecf2abd0, ftLastWriteTime.dwHighDateTime=0x1d4d1a6, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xfe6a60 [0100.279] FindNextFileW (in: hFindFile=0xfe6a60, lpFindFileData=0xcfe890 | out: lpFindFileData=0xcfe890*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x23d9dde0, ftCreationTime.dwHighDateTime=0x1d4d0ac, ftLastAccessTime.dwLowDateTime=0xecf2abd0, ftLastAccessTime.dwHighDateTime=0x1d4d1a6, ftLastWriteTime.dwLowDateTime=0xecf2abd0, ftLastWriteTime.dwHighDateTime=0x1d4d1a6, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0100.279] FindNextFileW (in: hFindFile=0xfe6a60, lpFindFileData=0xcfe890 | out: lpFindFileData=0xcfe890*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb3ef390, ftCreationTime.dwHighDateTime=0x1d4d090, ftLastAccessTime.dwLowDateTime=0xfdabd4f0, ftLastAccessTime.dwHighDateTime=0x1d4d486, ftLastWriteTime.dwLowDateTime=0xfdabd4f0, ftLastWriteTime.dwHighDateTime=0x1d4d486, nFileSizeHigh=0x0, nFileSizeLow=0x10b1, dwReserved0=0x0, dwReserved1=0x0, cFileName="dEHIM2PBM rjSD.wav", cAlternateFileName="DEHIM2~1.WAV")) returned 1 [0100.280] FindNextFileW (in: hFindFile=0xfe6a60, lpFindFileData=0xcfe890 | out: lpFindFileData=0xcfe890*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb6156fd0, ftCreationTime.dwHighDateTime=0x1d4c864, ftLastAccessTime.dwLowDateTime=0x90e281f0, ftLastAccessTime.dwHighDateTime=0x1d4c5ab, ftLastWriteTime.dwLowDateTime=0x90e281f0, ftLastWriteTime.dwHighDateTime=0x1d4c5ab, nFileSizeHigh=0x0, nFileSizeLow=0xfef5, dwReserved0=0x0, dwReserved1=0x0, cFileName="hWnHS8cPuVdh2Ls.mp3", cAlternateFileName="HWNHS8~1.MP3")) returned 1 [0100.280] FindNextFileW (in: hFindFile=0xfe6a60, lpFindFileData=0xcfe890 | out: lpFindFileData=0xcfe890*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb6156fd0, ftCreationTime.dwHighDateTime=0x1d4c864, ftLastAccessTime.dwLowDateTime=0x90e281f0, ftLastAccessTime.dwHighDateTime=0x1d4c5ab, ftLastWriteTime.dwLowDateTime=0x90e281f0, ftLastWriteTime.dwHighDateTime=0x1d4c5ab, nFileSizeHigh=0x0, nFileSizeLow=0xfef5, dwReserved0=0x0, dwReserved1=0x0, cFileName="hWnHS8cPuVdh2Ls.mp3", cAlternateFileName="HWNHS8~1.MP3")) returned 0 [0100.280] FindClose (in: hFindFile=0xfe6a60 | out: hFindFile=0xfe6a60) returned 1 [0100.280] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeb18) returned 1 [0100.280] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeb24) returned 1 [0100.280] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Music\\uKXWa1PtjbZApm2LEb\\Rglo0bBTnKx1\\kjP8\\hWnHS8cPuVdh2Ls.mp3", nBufferLength=0x105, lpBuffer=0xcfe4c4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Music\\uKXWa1PtjbZApm2LEb\\Rglo0bBTnKx1\\kjP8\\hWnHS8cPuVdh2Ls.mp3", lpFilePart=0x0) returned 0x4e [0100.280] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfea08) returned 1 [0100.280] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Music\\uKXWa1PtjbZApm2LEb\\Rglo0bBTnKx1\\kjP8\\hWnHS8cPuVdh2Ls.mp3" (normalized: "c:\\users\\fd1hvy\\music\\ukxwa1ptjbzapm2leb\\rglo0bbtnkx1\\kjp8\\hwnhs8cpuvdh2ls.mp3"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2b8 [0100.280] GetFileType (hFile=0x2b8) returned 0x1 [0100.280] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfea04) returned 1 [0100.281] GetFileType (hFile=0x2b8) returned 0x1 [0100.281] GetFileSize (in: hFile=0x2b8, lpFileSizeHigh=0xcfeb04 | out: lpFileSizeHigh=0xcfeb04*=0x0) returned 0xfef5 [0100.281] ReadFile (in: hFile=0x2b8, lpBuffer=0x2c4ddd4, nNumberOfBytesToRead=0xfef5, lpNumberOfBytesRead=0xcfeab0, lpOverlapped=0x0 | out: lpBuffer=0x2c4ddd4*, lpNumberOfBytesRead=0xcfeab0*=0xfef5, lpOverlapped=0x0) returned 1 [0100.281] CloseHandle (hObject=0x2b8) returned 1 [0100.299] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", nBufferLength=0x105, lpBuffer=0xcfe5c8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", lpFilePart=0x0) returned 0x2c [0100.299] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfea7c) returned 1 [0100.299] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8" (normalized: "c:\\users\\fd1hvy\\desktop\\read_this.txt.shade8"), fInfoLevelId=0x0, lpFileInformation=0xcfeaf8 | out: lpFileInformation=0xcfeaf8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0100.300] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfea78) returned 1 [0100.300] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Music\\uKXWa1PtjbZApm2LEb\\Rglo0bBTnKx1\\kjP8\\hWnHS8cPuVdh2Ls.mp3", nBufferLength=0x105, lpBuffer=0xcfe4b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Music\\uKXWa1PtjbZApm2LEb\\Rglo0bBTnKx1\\kjP8\\hWnHS8cPuVdh2Ls.mp3", lpFilePart=0x0) returned 0x4e [0100.300] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfe9f4) returned 1 [0100.300] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Music\\uKXWa1PtjbZApm2LEb\\Rglo0bBTnKx1\\kjP8\\hWnHS8cPuVdh2Ls.mp3" (normalized: "c:\\users\\fd1hvy\\music\\ukxwa1ptjbzapm2leb\\rglo0bbtnkx1\\kjp8\\hwnhs8cpuvdh2ls.mp3"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2b8 [0100.301] GetFileType (hFile=0x2b8) returned 0x1 [0100.301] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfe9f0) returned 1 [0100.301] GetFileType (hFile=0x2b8) returned 0x1 [0100.301] WriteFile (in: hFile=0x2b8, lpBuffer=0x2cca8d4*, nNumberOfBytesToWrite=0xff00, lpNumberOfBytesWritten=0xcfeaa4, lpOverlapped=0x0 | out: lpBuffer=0x2cca8d4*, lpNumberOfBytesWritten=0xcfeaa4*=0xff00, lpOverlapped=0x0) returned 1 [0100.303] CloseHandle (hObject=0x2b8) returned 1 [0100.306] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Music\\uKXWa1PtjbZApm2LEb\\Rglo0bBTnKx1\\kjP8\\hWnHS8cPuVdh2Ls.mp3", nBufferLength=0x105, lpBuffer=0xcfe5d4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Music\\uKXWa1PtjbZApm2LEb\\Rglo0bBTnKx1\\kjP8\\hWnHS8cPuVdh2Ls.mp3", lpFilePart=0x0) returned 0x4e [0100.306] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Music\\uKXWa1PtjbZApm2LEb\\Rglo0bBTnKx1\\kjP8\\hWnHS8cPuVdh2Ls.mp3.shade8", nBufferLength=0x105, lpBuffer=0xcfe5d4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Music\\uKXWa1PtjbZApm2LEb\\Rglo0bBTnKx1\\kjP8\\hWnHS8cPuVdh2Ls.mp3.shade8", lpFilePart=0x0) returned 0x55 [0100.306] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfea88) returned 1 [0100.306] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Music\\uKXWa1PtjbZApm2LEb\\Rglo0bBTnKx1\\kjP8\\hWnHS8cPuVdh2Ls.mp3" (normalized: "c:\\users\\fd1hvy\\music\\ukxwa1ptjbzapm2leb\\rglo0bbtnkx1\\kjp8\\hwnhs8cpuvdh2ls.mp3"), fInfoLevelId=0x0, lpFileInformation=0xcfeb04 | out: lpFileInformation=0xcfeb04*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb6156fd0, ftCreationTime.dwHighDateTime=0x1d4c864, ftLastAccessTime.dwLowDateTime=0x90e281f0, ftLastAccessTime.dwHighDateTime=0x1d4c5ab, ftLastWriteTime.dwLowDateTime=0x846386cf, ftLastWriteTime.dwHighDateTime=0x1d57301, nFileSizeHigh=0x0, nFileSizeLow=0xff00)) returned 1 [0100.306] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfea84) returned 1 [0100.306] MoveFileW (lpExistingFileName="C:\\Users\\FD1HVy\\Music\\uKXWa1PtjbZApm2LEb\\Rglo0bBTnKx1\\kjP8\\hWnHS8cPuVdh2Ls.mp3" (normalized: "c:\\users\\fd1hvy\\music\\ukxwa1ptjbzapm2leb\\rglo0bbtnkx1\\kjp8\\hwnhs8cpuvdh2ls.mp3"), lpNewFileName="C:\\Users\\FD1HVy\\Music\\uKXWa1PtjbZApm2LEb\\Rglo0bBTnKx1\\kjP8\\hWnHS8cPuVdh2Ls.mp3.shade8" (normalized: "c:\\users\\fd1hvy\\music\\ukxwa1ptjbzapm2leb\\rglo0bbtnkx1\\kjp8\\hwnhs8cpuvdh2ls.mp3.shade8")) returned 1 [0100.307] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfec44) returned 1 [0100.307] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Music\\wPjihQO", nBufferLength=0x105, lpBuffer=0xcfe6f8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Music\\wPjihQO", lpFilePart=0x0) returned 0x1d [0100.307] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\Music\\wPjihQO\\*", lpFindFileData=0xcfe96c | out: lpFindFileData=0xcfe96c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x9386c1f0, ftCreationTime.dwHighDateTime=0x1d4c5e2, ftLastAccessTime.dwLowDateTime=0x85ed15b0, ftLastAccessTime.dwHighDateTime=0x1d4cde1, ftLastWriteTime.dwLowDateTime=0x85ed15b0, ftLastWriteTime.dwHighDateTime=0x1d4cde1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xfe69e0 [0100.307] FindNextFileW (in: hFindFile=0xfe69e0, lpFindFileData=0xcfe978 | out: lpFindFileData=0xcfe978*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x9386c1f0, ftCreationTime.dwHighDateTime=0x1d4c5e2, ftLastAccessTime.dwLowDateTime=0x85ed15b0, ftLastAccessTime.dwHighDateTime=0x1d4cde1, ftLastWriteTime.dwLowDateTime=0x85ed15b0, ftLastWriteTime.dwHighDateTime=0x1d4cde1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0100.307] FindNextFileW (in: hFindFile=0xfe69e0, lpFindFileData=0xcfe978 | out: lpFindFileData=0xcfe978*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf58dea90, ftCreationTime.dwHighDateTime=0x1d4cb14, ftLastAccessTime.dwLowDateTime=0xf426ca00, ftLastAccessTime.dwHighDateTime=0x1d4d497, ftLastWriteTime.dwLowDateTime=0xf426ca00, ftLastWriteTime.dwHighDateTime=0x1d4d497, nFileSizeHigh=0x0, nFileSizeLow=0x187e7, dwReserved0=0x0, dwReserved1=0x0, cFileName="1cg-Vnj6U13w.wav", cAlternateFileName="1CG-VN~1.WAV")) returned 1 [0100.308] FindNextFileW (in: hFindFile=0xfe69e0, lpFindFileData=0xcfe978 | out: lpFindFileData=0xcfe978*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8e9d5760, ftCreationTime.dwHighDateTime=0x1d4d2a5, ftLastAccessTime.dwLowDateTime=0x2e5beac0, ftLastAccessTime.dwHighDateTime=0x1d4d17d, ftLastWriteTime.dwLowDateTime=0x2e5beac0, ftLastWriteTime.dwHighDateTime=0x1d4d17d, nFileSizeHigh=0x0, nFileSizeLow=0xed0e, dwReserved0=0x0, dwReserved1=0x0, cFileName="VxRe-WtS8.mp3", cAlternateFileName="VXRE-W~1.MP3")) returned 1 [0100.308] FindNextFileW (in: hFindFile=0xfe69e0, lpFindFileData=0xcfe978 | out: lpFindFileData=0xcfe978*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x568b8b70, ftCreationTime.dwHighDateTime=0x1d4ce23, ftLastAccessTime.dwLowDateTime=0x8548a9d0, ftLastAccessTime.dwHighDateTime=0x1d4c706, ftLastWriteTime.dwLowDateTime=0x8548a9d0, ftLastWriteTime.dwHighDateTime=0x1d4c706, nFileSizeHigh=0x0, nFileSizeLow=0x3297, dwReserved0=0x0, dwReserved1=0x0, cFileName="XmpXvkktcdDvRu.mp3", cAlternateFileName="XMPXVK~1.MP3")) returned 1 [0100.308] FindNextFileW (in: hFindFile=0xfe69e0, lpFindFileData=0xcfe978 | out: lpFindFileData=0xcfe978*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0100.308] FindClose (in: hFindFile=0xfe69e0 | out: hFindFile=0xfe69e0) returned 1 [0100.308] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfec00) returned 1 [0100.308] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfec0c) returned 1 [0100.308] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfec44) returned 1 [0100.309] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Music\\wPjihQO", nBufferLength=0x105, lpBuffer=0xcfe6f8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Music\\wPjihQO", lpFilePart=0x0) returned 0x1d [0100.309] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\Music\\wPjihQO\\*", lpFindFileData=0xcfe96c | out: lpFindFileData=0xcfe96c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x9386c1f0, ftCreationTime.dwHighDateTime=0x1d4c5e2, ftLastAccessTime.dwLowDateTime=0x85ed15b0, ftLastAccessTime.dwHighDateTime=0x1d4cde1, ftLastWriteTime.dwLowDateTime=0x85ed15b0, ftLastWriteTime.dwHighDateTime=0x1d4cde1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xfe6720 [0100.309] FindNextFileW (in: hFindFile=0xfe6720, lpFindFileData=0xcfe978 | out: lpFindFileData=0xcfe978*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x9386c1f0, ftCreationTime.dwHighDateTime=0x1d4c5e2, ftLastAccessTime.dwLowDateTime=0x85ed15b0, ftLastAccessTime.dwHighDateTime=0x1d4cde1, ftLastWriteTime.dwLowDateTime=0x85ed15b0, ftLastWriteTime.dwHighDateTime=0x1d4cde1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0100.312] FindNextFileW (in: hFindFile=0xfe6720, lpFindFileData=0xcfe978 | out: lpFindFileData=0xcfe978*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf58dea90, ftCreationTime.dwHighDateTime=0x1d4cb14, ftLastAccessTime.dwLowDateTime=0xf426ca00, ftLastAccessTime.dwHighDateTime=0x1d4d497, ftLastWriteTime.dwLowDateTime=0xf426ca00, ftLastWriteTime.dwHighDateTime=0x1d4d497, nFileSizeHigh=0x0, nFileSizeLow=0x187e7, dwReserved0=0x0, dwReserved1=0x0, cFileName="1cg-Vnj6U13w.wav", cAlternateFileName="1CG-VN~1.WAV")) returned 1 [0100.312] FindNextFileW (in: hFindFile=0xfe6720, lpFindFileData=0xcfe978 | out: lpFindFileData=0xcfe978*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8e9d5760, ftCreationTime.dwHighDateTime=0x1d4d2a5, ftLastAccessTime.dwLowDateTime=0x2e5beac0, ftLastAccessTime.dwHighDateTime=0x1d4d17d, ftLastWriteTime.dwLowDateTime=0x2e5beac0, ftLastWriteTime.dwHighDateTime=0x1d4d17d, nFileSizeHigh=0x0, nFileSizeLow=0xed0e, dwReserved0=0x0, dwReserved1=0x0, cFileName="VxRe-WtS8.mp3", cAlternateFileName="VXRE-W~1.MP3")) returned 1 [0100.312] FindNextFileW (in: hFindFile=0xfe6720, lpFindFileData=0xcfe978 | out: lpFindFileData=0xcfe978*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x568b8b70, ftCreationTime.dwHighDateTime=0x1d4ce23, ftLastAccessTime.dwLowDateTime=0x8548a9d0, ftLastAccessTime.dwHighDateTime=0x1d4c706, ftLastWriteTime.dwLowDateTime=0x8548a9d0, ftLastWriteTime.dwHighDateTime=0x1d4c706, nFileSizeHigh=0x0, nFileSizeLow=0x3297, dwReserved0=0x0, dwReserved1=0x0, cFileName="XmpXvkktcdDvRu.mp3", cAlternateFileName="XMPXVK~1.MP3")) returned 1 [0100.313] FindNextFileW (in: hFindFile=0xfe6720, lpFindFileData=0xcfe978 | out: lpFindFileData=0xcfe978*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x568b8b70, ftCreationTime.dwHighDateTime=0x1d4ce23, ftLastAccessTime.dwLowDateTime=0x8548a9d0, ftLastAccessTime.dwHighDateTime=0x1d4c706, ftLastWriteTime.dwLowDateTime=0x8548a9d0, ftLastWriteTime.dwHighDateTime=0x1d4c706, nFileSizeHigh=0x0, nFileSizeLow=0x3297, dwReserved0=0x0, dwReserved1=0x0, cFileName="XmpXvkktcdDvRu.mp3", cAlternateFileName="XMPXVK~1.MP3")) returned 0 [0100.313] FindClose (in: hFindFile=0xfe6720 | out: hFindFile=0xfe6720) returned 1 [0100.313] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfec00) returned 1 [0100.313] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfec0c) returned 1 [0100.313] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Music\\wPjihQO\\VxRe-WtS8.mp3", nBufferLength=0x105, lpBuffer=0xcfe5ac, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Music\\wPjihQO\\VxRe-WtS8.mp3", lpFilePart=0x0) returned 0x2b [0100.313] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeaf0) returned 1 [0100.313] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Music\\wPjihQO\\VxRe-WtS8.mp3" (normalized: "c:\\users\\fd1hvy\\music\\wpjihqo\\vxre-wts8.mp3"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2b8 [0100.313] GetFileType (hFile=0x2b8) returned 0x1 [0100.313] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeaec) returned 1 [0100.313] GetFileType (hFile=0x2b8) returned 0x1 [0100.313] GetFileSize (in: hFile=0x2b8, lpFileSizeHigh=0xcfebec | out: lpFileSizeHigh=0xcfebec*=0x0) returned 0xed0e [0100.314] ReadFile (in: hFile=0x2b8, lpBuffer=0x2cdc12c, nNumberOfBytesToRead=0xed0e, lpNumberOfBytesRead=0xcfeb98, lpOverlapped=0x0 | out: lpBuffer=0x2cdc12c*, lpNumberOfBytesRead=0xcfeb98*=0xed0e, lpOverlapped=0x0) returned 1 [0100.314] CloseHandle (hObject=0x2b8) returned 1 [0100.332] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", nBufferLength=0x105, lpBuffer=0xcfe6b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", lpFilePart=0x0) returned 0x2c [0100.332] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeb64) returned 1 [0100.332] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8" (normalized: "c:\\users\\fd1hvy\\desktop\\read_this.txt.shade8"), fInfoLevelId=0x0, lpFileInformation=0xcfebe0 | out: lpFileInformation=0xcfebe0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0100.332] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeb60) returned 1 [0100.332] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Music\\wPjihQO\\VxRe-WtS8.mp3", nBufferLength=0x105, lpBuffer=0xcfe598, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Music\\wPjihQO\\VxRe-WtS8.mp3", lpFilePart=0x0) returned 0x2b [0100.332] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeadc) returned 1 [0100.332] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Music\\wPjihQO\\VxRe-WtS8.mp3" (normalized: "c:\\users\\fd1hvy\\music\\wpjihqo\\vxre-wts8.mp3"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2b8 [0100.334] GetFileType (hFile=0x2b8) returned 0x1 [0100.334] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfead8) returned 1 [0100.334] GetFileType (hFile=0x2b8) returned 0x1 [0100.334] WriteFile (in: hFile=0x2b8, lpBuffer=0x2d5565c*, nNumberOfBytesToWrite=0xed10, lpNumberOfBytesWritten=0xcfeb8c, lpOverlapped=0x0 | out: lpBuffer=0x2d5565c*, lpNumberOfBytesWritten=0xcfeb8c*=0xed10, lpOverlapped=0x0) returned 1 [0100.335] CloseHandle (hObject=0x2b8) returned 1 [0100.337] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Music\\wPjihQO\\VxRe-WtS8.mp3", nBufferLength=0x105, lpBuffer=0xcfe6bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Music\\wPjihQO\\VxRe-WtS8.mp3", lpFilePart=0x0) returned 0x2b [0100.337] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Music\\wPjihQO\\VxRe-WtS8.mp3.shade8", nBufferLength=0x105, lpBuffer=0xcfe6bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Music\\wPjihQO\\VxRe-WtS8.mp3.shade8", lpFilePart=0x0) returned 0x32 [0100.337] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeb70) returned 1 [0100.338] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Music\\wPjihQO\\VxRe-WtS8.mp3" (normalized: "c:\\users\\fd1hvy\\music\\wpjihqo\\vxre-wts8.mp3"), fInfoLevelId=0x0, lpFileInformation=0xcfebec | out: lpFileInformation=0xcfebec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8e9d5760, ftCreationTime.dwHighDateTime=0x1d4d2a5, ftLastAccessTime.dwLowDateTime=0x2e5beac0, ftLastAccessTime.dwHighDateTime=0x1d4d17d, ftLastWriteTime.dwLowDateTime=0x84684a94, ftLastWriteTime.dwHighDateTime=0x1d57301, nFileSizeHigh=0x0, nFileSizeLow=0xed10)) returned 1 [0100.338] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeb6c) returned 1 [0100.338] MoveFileW (lpExistingFileName="C:\\Users\\FD1HVy\\Music\\wPjihQO\\VxRe-WtS8.mp3" (normalized: "c:\\users\\fd1hvy\\music\\wpjihqo\\vxre-wts8.mp3"), lpNewFileName="C:\\Users\\FD1HVy\\Music\\wPjihQO\\VxRe-WtS8.mp3.shade8" (normalized: "c:\\users\\fd1hvy\\music\\wpjihqo\\vxre-wts8.mp3.shade8")) returned 1 [0100.338] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Music\\wPjihQO\\XmpXvkktcdDvRu.mp3", nBufferLength=0x105, lpBuffer=0xcfe5ac, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Music\\wPjihQO\\XmpXvkktcdDvRu.mp3", lpFilePart=0x0) returned 0x30 [0100.338] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeaf0) returned 1 [0100.338] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Music\\wPjihQO\\XmpXvkktcdDvRu.mp3" (normalized: "c:\\users\\fd1hvy\\music\\wpjihqo\\xmpxvkktcddvru.mp3"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2b8 [0100.339] GetFileType (hFile=0x2b8) returned 0x1 [0100.339] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeaec) returned 1 [0100.339] GetFileType (hFile=0x2b8) returned 0x1 [0100.339] GetFileSize (in: hFile=0x2b8, lpFileSizeHigh=0xcfebec | out: lpFileSizeHigh=0xcfebec*=0x0) returned 0x3297 [0100.339] ReadFile (in: hFile=0x2b8, lpBuffer=0x2d647f4, nNumberOfBytesToRead=0x3297, lpNumberOfBytesRead=0xcfeb98, lpOverlapped=0x0 | out: lpBuffer=0x2d647f4*, lpNumberOfBytesRead=0xcfeb98*=0x3297, lpOverlapped=0x0) returned 1 [0100.339] CloseHandle (hObject=0x2b8) returned 1 [0100.355] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", nBufferLength=0x105, lpBuffer=0xcfe6b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", lpFilePart=0x0) returned 0x2c [0100.355] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeb64) returned 1 [0100.355] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8" (normalized: "c:\\users\\fd1hvy\\desktop\\read_this.txt.shade8"), fInfoLevelId=0x0, lpFileInformation=0xcfebe0 | out: lpFileInformation=0xcfebe0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0100.355] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeb60) returned 1 [0100.355] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Music\\wPjihQO\\XmpXvkktcdDvRu.mp3", nBufferLength=0x105, lpBuffer=0xcfe598, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Music\\wPjihQO\\XmpXvkktcdDvRu.mp3", lpFilePart=0x0) returned 0x30 [0100.355] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeadc) returned 1 [0100.356] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Music\\wPjihQO\\XmpXvkktcdDvRu.mp3" (normalized: "c:\\users\\fd1hvy\\music\\wpjihqo\\xmpxvkktcddvru.mp3"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2b8 [0100.363] GetFileType (hFile=0x2b8) returned 0x1 [0100.363] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfead8) returned 1 [0100.363] GetFileType (hFile=0x2b8) returned 0x1 [0100.363] WriteFile (in: hFile=0x2b8, lpBuffer=0x2dc1300*, nNumberOfBytesToWrite=0x32a0, lpNumberOfBytesWritten=0xcfeb8c, lpOverlapped=0x0 | out: lpBuffer=0x2dc1300*, lpNumberOfBytesWritten=0xcfeb8c*=0x32a0, lpOverlapped=0x0) returned 1 [0100.365] CloseHandle (hObject=0x2b8) returned 1 [0100.366] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Music\\wPjihQO\\XmpXvkktcdDvRu.mp3", nBufferLength=0x105, lpBuffer=0xcfe6bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Music\\wPjihQO\\XmpXvkktcdDvRu.mp3", lpFilePart=0x0) returned 0x30 [0100.366] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Music\\wPjihQO\\XmpXvkktcdDvRu.mp3.shade8", nBufferLength=0x105, lpBuffer=0xcfe6bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Music\\wPjihQO\\XmpXvkktcdDvRu.mp3.shade8", lpFilePart=0x0) returned 0x37 [0100.366] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeb70) returned 1 [0100.366] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Music\\wPjihQO\\XmpXvkktcdDvRu.mp3" (normalized: "c:\\users\\fd1hvy\\music\\wpjihqo\\xmpxvkktcddvru.mp3"), fInfoLevelId=0x0, lpFileInformation=0xcfebec | out: lpFileInformation=0xcfebec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x568b8b70, ftCreationTime.dwHighDateTime=0x1d4ce23, ftLastAccessTime.dwLowDateTime=0x8548a9d0, ftLastAccessTime.dwHighDateTime=0x1d4c706, ftLastWriteTime.dwLowDateTime=0x846d0fd9, ftLastWriteTime.dwHighDateTime=0x1d57301, nFileSizeHigh=0x0, nFileSizeLow=0x32a0)) returned 1 [0100.366] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeb6c) returned 1 [0100.366] MoveFileW (lpExistingFileName="C:\\Users\\FD1HVy\\Music\\wPjihQO\\XmpXvkktcdDvRu.mp3" (normalized: "c:\\users\\fd1hvy\\music\\wpjihqo\\xmpxvkktcddvru.mp3"), lpNewFileName="C:\\Users\\FD1HVy\\Music\\wPjihQO\\XmpXvkktcdDvRu.mp3.shade8" (normalized: "c:\\users\\fd1hvy\\music\\wpjihqo\\xmpxvkktcddvru.mp3.shade8")) returned 1 [0100.367] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfecb8) returned 1 [0100.367] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\OneDrive", nBufferLength=0x105, lpBuffer=0xcfe76c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\OneDrive", lpFilePart=0x0) returned 0x18 [0100.367] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\OneDrive\\*", lpFindFileData=0xcfe9e0 | out: lpFindFileData=0xcfe9e0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x3f0f0bc5, ftCreationTime.dwHighDateTime=0x1d32715, ftLastAccessTime.dwLowDateTime=0xd4516574, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x94022772, ftLastWriteTime.dwHighDateTime=0x1d39f5d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xfe64e0 [0100.371] FindNextFileW (in: hFindFile=0xfe64e0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x3f0f0bc5, ftCreationTime.dwHighDateTime=0x1d32715, ftLastAccessTime.dwLowDateTime=0xd4516574, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x94022772, ftLastWriteTime.dwHighDateTime=0x1d39f5d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0100.371] FindNextFileW (in: hFindFile=0xfe64e0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x6, ftCreationTime.dwLowDateTime=0x3f0f0bc5, ftCreationTime.dwHighDateTime=0x1d32715, ftLastAccessTime.dwLowDateTime=0x3f0f0bc5, ftLastAccessTime.dwHighDateTime=0x1d32715, ftLastWriteTime.dwLowDateTime=0x93ef127a, ftLastWriteTime.dwHighDateTime=0x1d39f5d, nFileSizeHigh=0x0, nFileSizeLow=0x61, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0100.371] FindNextFileW (in: hFindFile=0xfe64e0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0100.371] FindClose (in: hFindFile=0xfe64e0 | out: hFindFile=0xfe64e0) returned 1 [0100.371] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfec74) returned 1 [0100.371] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfec80) returned 1 [0100.371] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfecb8) returned 1 [0100.372] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\OneDrive", nBufferLength=0x105, lpBuffer=0xcfe76c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\OneDrive", lpFilePart=0x0) returned 0x18 [0100.372] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\OneDrive\\*", lpFindFileData=0xcfe9e0 | out: lpFindFileData=0xcfe9e0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x3f0f0bc5, ftCreationTime.dwHighDateTime=0x1d32715, ftLastAccessTime.dwLowDateTime=0xd4516574, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x94022772, ftLastWriteTime.dwHighDateTime=0x1d39f5d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xfe6a20 [0100.372] FindNextFileW (in: hFindFile=0xfe6a20, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x3f0f0bc5, ftCreationTime.dwHighDateTime=0x1d32715, ftLastAccessTime.dwLowDateTime=0xd4516574, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x94022772, ftLastWriteTime.dwHighDateTime=0x1d39f5d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0100.372] FindNextFileW (in: hFindFile=0xfe6a20, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x6, ftCreationTime.dwLowDateTime=0x3f0f0bc5, ftCreationTime.dwHighDateTime=0x1d32715, ftLastAccessTime.dwLowDateTime=0x3f0f0bc5, ftLastAccessTime.dwHighDateTime=0x1d32715, ftLastWriteTime.dwLowDateTime=0x93ef127a, ftLastWriteTime.dwHighDateTime=0x1d39f5d, nFileSizeHigh=0x0, nFileSizeLow=0x61, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0100.372] FindNextFileW (in: hFindFile=0xfe6a20, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x6, ftCreationTime.dwLowDateTime=0x3f0f0bc5, ftCreationTime.dwHighDateTime=0x1d32715, ftLastAccessTime.dwLowDateTime=0x3f0f0bc5, ftLastAccessTime.dwHighDateTime=0x1d32715, ftLastWriteTime.dwLowDateTime=0x93ef127a, ftLastWriteTime.dwHighDateTime=0x1d39f5d, nFileSizeHigh=0x0, nFileSizeLow=0x61, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 0 [0100.373] FindClose (in: hFindFile=0xfe6a20 | out: hFindFile=0xfe6a20) returned 1 [0100.373] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfec74) returned 1 [0100.373] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfec80) returned 1 [0100.373] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfecb8) returned 1 [0100.373] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Saved Games", nBufferLength=0x105, lpBuffer=0xcfe76c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Saved Games", lpFilePart=0x0) returned 0x1b [0100.373] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\Saved Games\\*", lpFindFileData=0xcfe9e0 | out: lpFindFileData=0xcfe9e0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x3476bd48, ftCreationTime.dwHighDateTime=0x1d32722, ftLastAccessTime.dwLowDateTime=0xd45b644a, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xce4e13d2, ftLastWriteTime.dwHighDateTime=0x1d32743, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xfe6a20 [0100.373] FindNextFileW (in: hFindFile=0xfe6a20, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x3476bd48, ftCreationTime.dwHighDateTime=0x1d32722, ftLastAccessTime.dwLowDateTime=0xd45b644a, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xce4e13d2, ftLastWriteTime.dwHighDateTime=0x1d32743, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0100.373] FindNextFileW (in: hFindFile=0xfe6a20, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x441f699e, ftCreationTime.dwHighDateTime=0x1d32722, ftLastAccessTime.dwLowDateTime=0x441f699e, ftLastAccessTime.dwHighDateTime=0x1d32722, ftLastWriteTime.dwLowDateTime=0xce4e13d2, ftLastWriteTime.dwHighDateTime=0x1d32743, nFileSizeHigh=0x0, nFileSizeLow=0x11a, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0100.373] FindNextFileW (in: hFindFile=0xfe6a20, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0100.374] FindClose (in: hFindFile=0xfe6a20 | out: hFindFile=0xfe6a20) returned 1 [0100.374] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfec74) returned 1 [0100.374] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfec80) returned 1 [0100.374] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfecb8) returned 1 [0100.374] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Saved Games", nBufferLength=0x105, lpBuffer=0xcfe76c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Saved Games", lpFilePart=0x0) returned 0x1b [0100.374] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\Saved Games\\*", lpFindFileData=0xcfe9e0 | out: lpFindFileData=0xcfe9e0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x3476bd48, ftCreationTime.dwHighDateTime=0x1d32722, ftLastAccessTime.dwLowDateTime=0xd45b644a, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xce4e13d2, ftLastWriteTime.dwHighDateTime=0x1d32743, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xfe6660 [0100.374] FindNextFileW (in: hFindFile=0xfe6660, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x3476bd48, ftCreationTime.dwHighDateTime=0x1d32722, ftLastAccessTime.dwLowDateTime=0xd45b644a, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xce4e13d2, ftLastWriteTime.dwHighDateTime=0x1d32743, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0100.374] FindNextFileW (in: hFindFile=0xfe6660, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x441f699e, ftCreationTime.dwHighDateTime=0x1d32722, ftLastAccessTime.dwLowDateTime=0x441f699e, ftLastAccessTime.dwHighDateTime=0x1d32722, ftLastWriteTime.dwLowDateTime=0xce4e13d2, ftLastWriteTime.dwHighDateTime=0x1d32743, nFileSizeHigh=0x0, nFileSizeLow=0x11a, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0100.375] FindNextFileW (in: hFindFile=0xfe6660, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x441f699e, ftCreationTime.dwHighDateTime=0x1d32722, ftLastAccessTime.dwLowDateTime=0x441f699e, ftLastAccessTime.dwHighDateTime=0x1d32722, ftLastWriteTime.dwLowDateTime=0xce4e13d2, ftLastWriteTime.dwHighDateTime=0x1d32743, nFileSizeHigh=0x0, nFileSizeLow=0x11a, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 0 [0100.375] FindClose (in: hFindFile=0xfe6660 | out: hFindFile=0xfe6660) returned 1 [0100.375] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfec74) returned 1 [0100.375] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfec80) returned 1 [0100.375] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfecb8) returned 1 [0100.375] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Favorites", nBufferLength=0x105, lpBuffer=0xcfe76c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Favorites", lpFilePart=0x0) returned 0x19 [0100.375] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\Favorites\\*", lpFindFileData=0xcfe9e0 | out: lpFindFileData=0xcfe9e0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x3476bd48, ftCreationTime.dwHighDateTime=0x1d32722, ftLastAccessTime.dwLowDateTime=0xd4499d75, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xce2f1526, ftLastWriteTime.dwHighDateTime=0x1d32743, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xfe6660 [0100.375] FindNextFileW (in: hFindFile=0xfe6660, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x3476bd48, ftCreationTime.dwHighDateTime=0x1d32722, ftLastAccessTime.dwLowDateTime=0xd4499d75, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xce2f1526, ftLastWriteTime.dwHighDateTime=0x1d32743, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0100.375] FindNextFileW (in: hFindFile=0xfe6660, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x43598c8e, ftCreationTime.dwHighDateTime=0x1d32722, ftLastAccessTime.dwLowDateTime=0x43b9f870, ftLastAccessTime.dwHighDateTime=0x1d327ed, ftLastWriteTime.dwLowDateTime=0x43b9f870, ftLastWriteTime.dwHighDateTime=0x1d327ed, nFileSizeHigh=0x0, nFileSizeLow=0xd0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Bing.url", cAlternateFileName="")) returned 1 [0100.376] FindNextFileW (in: hFindFile=0xfe6660, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x440792d0, ftCreationTime.dwHighDateTime=0x1d32722, ftLastAccessTime.dwLowDateTime=0x440792d0, ftLastAccessTime.dwHighDateTime=0x1d32722, ftLastWriteTime.dwLowDateTime=0xce2f1526, ftLastWriteTime.dwHighDateTime=0x1d32743, nFileSizeHigh=0x0, nFileSizeLow=0x192, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0100.376] FindNextFileW (in: hFindFile=0xfe6660, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x43087f08, ftCreationTime.dwHighDateTime=0x1d32722, ftLastAccessTime.dwLowDateTime=0xd449a79e, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x3be1eb23, ftLastWriteTime.dwHighDateTime=0x1d32742, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Links", cAlternateFileName="")) returned 1 [0100.376] FindNextFileW (in: hFindFile=0xfe6660, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x43087f08, ftCreationTime.dwHighDateTime=0x1d32722, ftLastAccessTime.dwLowDateTime=0xd449a79e, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x3be1eb23, ftLastWriteTime.dwHighDateTime=0x1d32742, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Links", cAlternateFileName="")) returned 0 [0100.376] FindClose (in: hFindFile=0xfe6660 | out: hFindFile=0xfe6660) returned 1 [0100.376] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfec74) returned 1 [0100.376] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfec80) returned 1 [0100.376] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfecb8) returned 1 [0100.376] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Favorites", nBufferLength=0x105, lpBuffer=0xcfe76c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Favorites", lpFilePart=0x0) returned 0x19 [0100.376] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\Favorites\\*", lpFindFileData=0xcfe9e0 | out: lpFindFileData=0xcfe9e0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x3476bd48, ftCreationTime.dwHighDateTime=0x1d32722, ftLastAccessTime.dwLowDateTime=0xd4499d75, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xce2f1526, ftLastWriteTime.dwHighDateTime=0x1d32743, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xfe64e0 [0100.377] FindNextFileW (in: hFindFile=0xfe64e0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x3476bd48, ftCreationTime.dwHighDateTime=0x1d32722, ftLastAccessTime.dwLowDateTime=0xd4499d75, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xce2f1526, ftLastWriteTime.dwHighDateTime=0x1d32743, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0100.377] FindNextFileW (in: hFindFile=0xfe64e0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x43598c8e, ftCreationTime.dwHighDateTime=0x1d32722, ftLastAccessTime.dwLowDateTime=0x43b9f870, ftLastAccessTime.dwHighDateTime=0x1d327ed, ftLastWriteTime.dwLowDateTime=0x43b9f870, ftLastWriteTime.dwHighDateTime=0x1d327ed, nFileSizeHigh=0x0, nFileSizeLow=0xd0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Bing.url", cAlternateFileName="")) returned 1 [0100.377] FindNextFileW (in: hFindFile=0xfe64e0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x440792d0, ftCreationTime.dwHighDateTime=0x1d32722, ftLastAccessTime.dwLowDateTime=0x440792d0, ftLastAccessTime.dwHighDateTime=0x1d32722, ftLastWriteTime.dwLowDateTime=0xce2f1526, ftLastWriteTime.dwHighDateTime=0x1d32743, nFileSizeHigh=0x0, nFileSizeLow=0x192, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0100.377] FindNextFileW (in: hFindFile=0xfe64e0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x43087f08, ftCreationTime.dwHighDateTime=0x1d32722, ftLastAccessTime.dwLowDateTime=0xd449a79e, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x3be1eb23, ftLastWriteTime.dwHighDateTime=0x1d32742, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Links", cAlternateFileName="")) returned 1 [0100.377] FindNextFileW (in: hFindFile=0xfe64e0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0100.377] FindClose (in: hFindFile=0xfe64e0 | out: hFindFile=0xfe64e0) returned 1 [0100.377] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfec74) returned 1 [0100.377] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfec80) returned 1 [0100.378] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfec44) returned 1 [0100.378] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Favorites\\Links", nBufferLength=0x105, lpBuffer=0xcfe6f8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Favorites\\Links", lpFilePart=0x0) returned 0x1f [0100.378] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\Favorites\\Links\\*", lpFindFileData=0xcfe96c | out: lpFindFileData=0xcfe96c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x43087f08, ftCreationTime.dwHighDateTime=0x1d32722, ftLastAccessTime.dwLowDateTime=0xd449a79e, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x3be1eb23, ftLastWriteTime.dwHighDateTime=0x1d32742, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xfe6660 [0100.378] FindNextFileW (in: hFindFile=0xfe6660, lpFindFileData=0xcfe978 | out: lpFindFileData=0xcfe978*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x43087f08, ftCreationTime.dwHighDateTime=0x1d32722, ftLastAccessTime.dwLowDateTime=0xd449a79e, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x3be1eb23, ftLastWriteTime.dwHighDateTime=0x1d32742, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0100.378] FindNextFileW (in: hFindFile=0xfe6660, lpFindFileData=0xcfe978 | out: lpFindFileData=0xcfe978*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x4360b38e, ftCreationTime.dwHighDateTime=0x1d32722, ftLastAccessTime.dwLowDateTime=0x4360b38e, ftLastAccessTime.dwHighDateTime=0x1d32722, ftLastWriteTime.dwLowDateTime=0x4360b38e, ftLastWriteTime.dwHighDateTime=0x1d32722, nFileSizeHigh=0x0, nFileSizeLow=0x50, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0100.378] FindNextFileW (in: hFindFile=0xfe6660, lpFindFileData=0xcfe978 | out: lpFindFileData=0xcfe978*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0100.378] FindClose (in: hFindFile=0xfe6660 | out: hFindFile=0xfe6660) returned 1 [0100.379] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfec00) returned 1 [0100.379] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfec0c) returned 1 [0100.379] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfec44) returned 1 [0100.379] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Favorites\\Links", nBufferLength=0x105, lpBuffer=0xcfe6f8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Favorites\\Links", lpFilePart=0x0) returned 0x1f [0100.379] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\Favorites\\Links\\*", lpFindFileData=0xcfe96c | out: lpFindFileData=0xcfe96c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x43087f08, ftCreationTime.dwHighDateTime=0x1d32722, ftLastAccessTime.dwLowDateTime=0xd449a79e, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x3be1eb23, ftLastWriteTime.dwHighDateTime=0x1d32742, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xfe64e0 [0100.379] FindNextFileW (in: hFindFile=0xfe64e0, lpFindFileData=0xcfe978 | out: lpFindFileData=0xcfe978*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x43087f08, ftCreationTime.dwHighDateTime=0x1d32722, ftLastAccessTime.dwLowDateTime=0xd449a79e, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0x3be1eb23, ftLastWriteTime.dwHighDateTime=0x1d32742, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0100.379] FindNextFileW (in: hFindFile=0xfe64e0, lpFindFileData=0xcfe978 | out: lpFindFileData=0xcfe978*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x4360b38e, ftCreationTime.dwHighDateTime=0x1d32722, ftLastAccessTime.dwLowDateTime=0x4360b38e, ftLastAccessTime.dwHighDateTime=0x1d32722, ftLastWriteTime.dwLowDateTime=0x4360b38e, ftLastWriteTime.dwHighDateTime=0x1d32722, nFileSizeHigh=0x0, nFileSizeLow=0x50, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0100.379] FindNextFileW (in: hFindFile=0xfe64e0, lpFindFileData=0xcfe978 | out: lpFindFileData=0xcfe978*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x4360b38e, ftCreationTime.dwHighDateTime=0x1d32722, ftLastAccessTime.dwLowDateTime=0x4360b38e, ftLastAccessTime.dwHighDateTime=0x1d32722, ftLastWriteTime.dwLowDateTime=0x4360b38e, ftLastWriteTime.dwHighDateTime=0x1d32722, nFileSizeHigh=0x0, nFileSizeLow=0x50, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 0 [0100.379] FindClose (in: hFindFile=0xfe64e0 | out: hFindFile=0xfe64e0) returned 1 [0100.380] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfec00) returned 1 [0100.380] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfec0c) returned 1 [0100.380] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfecb8) returned 1 [0100.380] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Searches", nBufferLength=0x105, lpBuffer=0xcfe76c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Searches", lpFilePart=0x0) returned 0x18 [0100.380] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\Searches\\*", lpFindFileData=0xcfe9e0 | out: lpFindFileData=0xcfe9e0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x44137e3b, ftCreationTime.dwHighDateTime=0x1d32722, ftLastAccessTime.dwLowDateTime=0xd462426d, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xce389e99, ftLastWriteTime.dwHighDateTime=0x1d32743, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xfe68a0 [0100.380] FindNextFileW (in: hFindFile=0xfe68a0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x44137e3b, ftCreationTime.dwHighDateTime=0x1d32722, ftLastAccessTime.dwLowDateTime=0xd462426d, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xce389e99, ftLastWriteTime.dwHighDateTime=0x1d32743, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0100.380] FindNextFileW (in: hFindFile=0xfe68a0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x44137e3b, ftCreationTime.dwHighDateTime=0x1d32722, ftLastAccessTime.dwLowDateTime=0x44137e3b, ftLastAccessTime.dwHighDateTime=0x1d32722, ftLastWriteTime.dwLowDateTime=0xce389e99, ftLastWriteTime.dwHighDateTime=0x1d32743, nFileSizeHigh=0x0, nFileSizeLow=0x20c, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0100.380] FindNextFileW (in: hFindFile=0xfe68a0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x23, ftCreationTime.dwLowDateTime=0x44269063, ftCreationTime.dwHighDateTime=0x1d32722, ftLastAccessTime.dwLowDateTime=0x44269063, ftLastAccessTime.dwHighDateTime=0x1d32722, ftLastWriteTime.dwLowDateTime=0x44269063, ftLastWriteTime.dwHighDateTime=0x1d32722, nFileSizeHigh=0x0, nFileSizeLow=0xf8, dwReserved0=0x0, dwReserved1=0x0, cFileName="Everywhere.search-ms", cAlternateFileName="EVERYW~1.SEA")) returned 1 [0100.381] FindNextFileW (in: hFindFile=0xfe68a0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x23, ftCreationTime.dwLowDateTime=0x44242e24, ftCreationTime.dwHighDateTime=0x1d32722, ftLastAccessTime.dwLowDateTime=0x44242e24, ftLastAccessTime.dwHighDateTime=0x1d32722, ftLastWriteTime.dwLowDateTime=0x44242e24, ftLastWriteTime.dwHighDateTime=0x1d32722, nFileSizeHigh=0x0, nFileSizeLow=0xf8, dwReserved0=0x0, dwReserved1=0x0, cFileName="Indexed Locations.search-ms", cAlternateFileName="INDEXE~1.SEA")) returned 1 [0100.381] FindNextFileW (in: hFindFile=0xfe68a0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2b71b019, ftCreationTime.dwHighDateTime=0x1d32722, ftLastAccessTime.dwLowDateTime=0x2b71b019, ftLastAccessTime.dwHighDateTime=0x1d32722, ftLastWriteTime.dwLowDateTime=0x2b71b019, ftLastWriteTime.dwHighDateTime=0x1d32722, nFileSizeHigh=0x0, nFileSizeLow=0x357, dwReserved0=0x0, dwReserved1=0x0, cFileName="winrt--{S-1-5-21-1051304884-625712362-2192934891-1000}-.searchconnector-ms", cAlternateFileName="WINRT-~1.SEA")) returned 1 [0100.381] FindNextFileW (in: hFindFile=0xfe68a0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0100.381] FindClose (in: hFindFile=0xfe68a0 | out: hFindFile=0xfe68a0) returned 1 [0100.381] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfec74) returned 1 [0100.381] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfec80) returned 1 [0100.381] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfecb8) returned 1 [0100.381] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Searches", nBufferLength=0x105, lpBuffer=0xcfe76c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Searches", lpFilePart=0x0) returned 0x18 [0100.381] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\Searches\\*", lpFindFileData=0xcfe9e0 | out: lpFindFileData=0xcfe9e0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x44137e3b, ftCreationTime.dwHighDateTime=0x1d32722, ftLastAccessTime.dwLowDateTime=0xd462426d, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xce389e99, ftLastWriteTime.dwHighDateTime=0x1d32743, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xfe68a0 [0100.382] FindNextFileW (in: hFindFile=0xfe68a0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x44137e3b, ftCreationTime.dwHighDateTime=0x1d32722, ftLastAccessTime.dwLowDateTime=0xd462426d, ftLastAccessTime.dwHighDateTime=0x1d47ca3, ftLastWriteTime.dwLowDateTime=0xce389e99, ftLastWriteTime.dwHighDateTime=0x1d32743, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0100.382] FindNextFileW (in: hFindFile=0xfe68a0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x44137e3b, ftCreationTime.dwHighDateTime=0x1d32722, ftLastAccessTime.dwLowDateTime=0x44137e3b, ftLastAccessTime.dwHighDateTime=0x1d32722, ftLastWriteTime.dwLowDateTime=0xce389e99, ftLastWriteTime.dwHighDateTime=0x1d32743, nFileSizeHigh=0x0, nFileSizeLow=0x20c, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0100.382] FindNextFileW (in: hFindFile=0xfe68a0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x23, ftCreationTime.dwLowDateTime=0x44269063, ftCreationTime.dwHighDateTime=0x1d32722, ftLastAccessTime.dwLowDateTime=0x44269063, ftLastAccessTime.dwHighDateTime=0x1d32722, ftLastWriteTime.dwLowDateTime=0x44269063, ftLastWriteTime.dwHighDateTime=0x1d32722, nFileSizeHigh=0x0, nFileSizeLow=0xf8, dwReserved0=0x0, dwReserved1=0x0, cFileName="Everywhere.search-ms", cAlternateFileName="EVERYW~1.SEA")) returned 1 [0100.382] FindNextFileW (in: hFindFile=0xfe68a0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x23, ftCreationTime.dwLowDateTime=0x44242e24, ftCreationTime.dwHighDateTime=0x1d32722, ftLastAccessTime.dwLowDateTime=0x44242e24, ftLastAccessTime.dwHighDateTime=0x1d32722, ftLastWriteTime.dwLowDateTime=0x44242e24, ftLastWriteTime.dwHighDateTime=0x1d32722, nFileSizeHigh=0x0, nFileSizeLow=0xf8, dwReserved0=0x0, dwReserved1=0x0, cFileName="Indexed Locations.search-ms", cAlternateFileName="INDEXE~1.SEA")) returned 1 [0100.382] FindNextFileW (in: hFindFile=0xfe68a0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2b71b019, ftCreationTime.dwHighDateTime=0x1d32722, ftLastAccessTime.dwLowDateTime=0x2b71b019, ftLastAccessTime.dwHighDateTime=0x1d32722, ftLastWriteTime.dwLowDateTime=0x2b71b019, ftLastWriteTime.dwHighDateTime=0x1d32722, nFileSizeHigh=0x0, nFileSizeLow=0x357, dwReserved0=0x0, dwReserved1=0x0, cFileName="winrt--{S-1-5-21-1051304884-625712362-2192934891-1000}-.searchconnector-ms", cAlternateFileName="WINRT-~1.SEA")) returned 1 [0100.383] FindNextFileW (in: hFindFile=0xfe68a0, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2b71b019, ftCreationTime.dwHighDateTime=0x1d32722, ftLastAccessTime.dwLowDateTime=0x2b71b019, ftLastAccessTime.dwHighDateTime=0x1d32722, ftLastWriteTime.dwLowDateTime=0x2b71b019, ftLastWriteTime.dwHighDateTime=0x1d32722, nFileSizeHigh=0x0, nFileSizeLow=0x357, dwReserved0=0x0, dwReserved1=0x0, cFileName="winrt--{S-1-5-21-1051304884-625712362-2192934891-1000}-.searchconnector-ms", cAlternateFileName="WINRT-~1.SEA")) returned 0 [0100.383] FindClose (in: hFindFile=0xfe68a0 | out: hFindFile=0xfe68a0) returned 1 [0100.383] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfec74) returned 1 [0100.383] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfec80) returned 1 [0100.383] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfecb8) returned 1 [0100.383] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Videos", nBufferLength=0x105, lpBuffer=0xcfe76c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Videos", lpFilePart=0x0) returned 0x16 [0100.383] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\Videos\\*", lpFindFileData=0xcfe9e0 | out: lpFindFileData=0xcfe9e0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x3476bd48, ftCreationTime.dwHighDateTime=0x1d32722, ftLastAccessTime.dwLowDateTime=0x4ce5a8e0, ftLastAccessTime.dwHighDateTime=0x1d57301, ftLastWriteTime.dwLowDateTime=0x4ce5a8e0, ftLastWriteTime.dwHighDateTime=0x1d57301, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xfe6a20 [0100.383] FindNextFileW (in: hFindFile=0xfe6a20, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x3476bd48, ftCreationTime.dwHighDateTime=0x1d32722, ftLastAccessTime.dwLowDateTime=0x4ce5a8e0, ftLastAccessTime.dwHighDateTime=0x1d57301, ftLastWriteTime.dwLowDateTime=0x4ce5a8e0, ftLastWriteTime.dwHighDateTime=0x1d57301, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0100.383] FindNextFileW (in: hFindFile=0xfe6a20, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7bcce150, ftCreationTime.dwHighDateTime=0x1d4d115, ftLastAccessTime.dwLowDateTime=0x41f76b40, ftLastAccessTime.dwHighDateTime=0x1d4cbb5, ftLastWriteTime.dwLowDateTime=0x41f76b40, ftLastWriteTime.dwHighDateTime=0x1d4cbb5, nFileSizeHigh=0x0, nFileSizeLow=0x10816, dwReserved0=0x0, dwReserved1=0x0, cFileName="8YGJ_6UTMNVDTwnwqh.avi", cAlternateFileName="8YGJ_6~1.AVI")) returned 1 [0100.384] FindNextFileW (in: hFindFile=0xfe6a20, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x74e4f920, ftCreationTime.dwHighDateTime=0x1d4d48c, ftLastAccessTime.dwLowDateTime=0x431de2b0, ftLastAccessTime.dwHighDateTime=0x1d4ce4e, ftLastWriteTime.dwLowDateTime=0x431de2b0, ftLastWriteTime.dwHighDateTime=0x1d4ce4e, nFileSizeHigh=0x0, nFileSizeLow=0x42c2, dwReserved0=0x0, dwReserved1=0x0, cFileName="9 _FCQBGlKcrw.mkv", cAlternateFileName="9_FCQB~1.MKV")) returned 1 [0100.384] FindNextFileW (in: hFindFile=0xfe6a20, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x43f94523, ftCreationTime.dwHighDateTime=0x1d32722, ftLastAccessTime.dwLowDateTime=0x43f94523, ftLastAccessTime.dwHighDateTime=0x1d32722, ftLastWriteTime.dwLowDateTime=0xce317778, ftLastWriteTime.dwHighDateTime=0x1d32743, nFileSizeHigh=0x0, nFileSizeLow=0x1f8, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0100.384] FindNextFileW (in: hFindFile=0xfe6a20, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa7a5ae30, ftCreationTime.dwHighDateTime=0x1d4d3ed, ftLastAccessTime.dwLowDateTime=0xad8c4870, ftLastAccessTime.dwHighDateTime=0x1d4d075, ftLastWriteTime.dwLowDateTime=0xad8c4870, ftLastWriteTime.dwHighDateTime=0x1d4d075, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="eHX zx0_c", cAlternateFileName="EHXZX0~1")) returned 1 [0100.384] FindNextFileW (in: hFindFile=0xfe6a20, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb2709090, ftCreationTime.dwHighDateTime=0x1d4ce3f, ftLastAccessTime.dwLowDateTime=0xbd4b7d0, ftLastAccessTime.dwHighDateTime=0x1d4ce07, ftLastWriteTime.dwLowDateTime=0xbd4b7d0, ftLastWriteTime.dwHighDateTime=0x1d4ce07, nFileSizeHigh=0x0, nFileSizeLow=0x10123, dwReserved0=0x0, dwReserved1=0x0, cFileName="gQsZHaZRnXA KR-N.swf", cAlternateFileName="GQSZHA~1.SWF")) returned 1 [0100.384] FindNextFileW (in: hFindFile=0xfe6a20, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa87c7a20, ftCreationTime.dwHighDateTime=0x1d4d535, ftLastAccessTime.dwLowDateTime=0xe15cf600, ftLastAccessTime.dwHighDateTime=0x1d4c8c7, ftLastWriteTime.dwLowDateTime=0xe15cf600, ftLastWriteTime.dwHighDateTime=0x1d4c8c7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="vKNP_HE9n_djMTLR", cAlternateFileName="VKNP_H~1")) returned 1 [0100.384] FindNextFileW (in: hFindFile=0xfe6a20, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa87c7a20, ftCreationTime.dwHighDateTime=0x1d4d535, ftLastAccessTime.dwLowDateTime=0xe15cf600, ftLastAccessTime.dwHighDateTime=0x1d4c8c7, ftLastWriteTime.dwLowDateTime=0xe15cf600, ftLastWriteTime.dwHighDateTime=0x1d4c8c7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="vKNP_HE9n_djMTLR", cAlternateFileName="VKNP_H~1")) returned 0 [0100.384] FindClose (in: hFindFile=0xfe6a20 | out: hFindFile=0xfe6a20) returned 1 [0100.385] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfec74) returned 1 [0100.385] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfec80) returned 1 [0100.385] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfecb8) returned 1 [0100.385] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Videos", nBufferLength=0x105, lpBuffer=0xcfe76c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Videos", lpFilePart=0x0) returned 0x16 [0100.385] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\Videos\\*", lpFindFileData=0xcfe9e0 | out: lpFindFileData=0xcfe9e0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x3476bd48, ftCreationTime.dwHighDateTime=0x1d32722, ftLastAccessTime.dwLowDateTime=0x4ce5a8e0, ftLastAccessTime.dwHighDateTime=0x1d57301, ftLastWriteTime.dwLowDateTime=0x4ce5a8e0, ftLastWriteTime.dwHighDateTime=0x1d57301, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xfe6a20 [0100.385] FindNextFileW (in: hFindFile=0xfe6a20, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x3476bd48, ftCreationTime.dwHighDateTime=0x1d32722, ftLastAccessTime.dwLowDateTime=0x4ce5a8e0, ftLastAccessTime.dwHighDateTime=0x1d57301, ftLastWriteTime.dwLowDateTime=0x4ce5a8e0, ftLastWriteTime.dwHighDateTime=0x1d57301, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0100.385] FindNextFileW (in: hFindFile=0xfe6a20, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7bcce150, ftCreationTime.dwHighDateTime=0x1d4d115, ftLastAccessTime.dwLowDateTime=0x41f76b40, ftLastAccessTime.dwHighDateTime=0x1d4cbb5, ftLastWriteTime.dwLowDateTime=0x41f76b40, ftLastWriteTime.dwHighDateTime=0x1d4cbb5, nFileSizeHigh=0x0, nFileSizeLow=0x10816, dwReserved0=0x0, dwReserved1=0x0, cFileName="8YGJ_6UTMNVDTwnwqh.avi", cAlternateFileName="8YGJ_6~1.AVI")) returned 1 [0100.385] FindNextFileW (in: hFindFile=0xfe6a20, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x74e4f920, ftCreationTime.dwHighDateTime=0x1d4d48c, ftLastAccessTime.dwLowDateTime=0x431de2b0, ftLastAccessTime.dwHighDateTime=0x1d4ce4e, ftLastWriteTime.dwLowDateTime=0x431de2b0, ftLastWriteTime.dwHighDateTime=0x1d4ce4e, nFileSizeHigh=0x0, nFileSizeLow=0x42c2, dwReserved0=0x0, dwReserved1=0x0, cFileName="9 _FCQBGlKcrw.mkv", cAlternateFileName="9_FCQB~1.MKV")) returned 1 [0100.386] FindNextFileW (in: hFindFile=0xfe6a20, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x43f94523, ftCreationTime.dwHighDateTime=0x1d32722, ftLastAccessTime.dwLowDateTime=0x43f94523, ftLastAccessTime.dwHighDateTime=0x1d32722, ftLastWriteTime.dwLowDateTime=0xce317778, ftLastWriteTime.dwHighDateTime=0x1d32743, nFileSizeHigh=0x0, nFileSizeLow=0x1f8, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0100.386] FindNextFileW (in: hFindFile=0xfe6a20, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa7a5ae30, ftCreationTime.dwHighDateTime=0x1d4d3ed, ftLastAccessTime.dwLowDateTime=0xad8c4870, ftLastAccessTime.dwHighDateTime=0x1d4d075, ftLastWriteTime.dwLowDateTime=0xad8c4870, ftLastWriteTime.dwHighDateTime=0x1d4d075, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="eHX zx0_c", cAlternateFileName="EHXZX0~1")) returned 1 [0100.386] FindNextFileW (in: hFindFile=0xfe6a20, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb2709090, ftCreationTime.dwHighDateTime=0x1d4ce3f, ftLastAccessTime.dwLowDateTime=0xbd4b7d0, ftLastAccessTime.dwHighDateTime=0x1d4ce07, ftLastWriteTime.dwLowDateTime=0xbd4b7d0, ftLastWriteTime.dwHighDateTime=0x1d4ce07, nFileSizeHigh=0x0, nFileSizeLow=0x10123, dwReserved0=0x0, dwReserved1=0x0, cFileName="gQsZHaZRnXA KR-N.swf", cAlternateFileName="GQSZHA~1.SWF")) returned 1 [0100.386] FindNextFileW (in: hFindFile=0xfe6a20, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa87c7a20, ftCreationTime.dwHighDateTime=0x1d4d535, ftLastAccessTime.dwLowDateTime=0xe15cf600, ftLastAccessTime.dwHighDateTime=0x1d4c8c7, ftLastWriteTime.dwLowDateTime=0xe15cf600, ftLastWriteTime.dwHighDateTime=0x1d4c8c7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="vKNP_HE9n_djMTLR", cAlternateFileName="VKNP_H~1")) returned 1 [0100.386] FindNextFileW (in: hFindFile=0xfe6a20, lpFindFileData=0xcfe9ec | out: lpFindFileData=0xcfe9ec*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0100.386] FindClose (in: hFindFile=0xfe6a20 | out: hFindFile=0xfe6a20) returned 1 [0100.386] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfec74) returned 1 [0100.386] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfec80) returned 1 [0100.387] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Videos\\8YGJ_6UTMNVDTwnwqh.avi", nBufferLength=0x105, lpBuffer=0xcfe620, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Videos\\8YGJ_6UTMNVDTwnwqh.avi", lpFilePart=0x0) returned 0x2d [0100.387] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeb64) returned 1 [0100.387] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Videos\\8YGJ_6UTMNVDTwnwqh.avi" (normalized: "c:\\users\\fd1hvy\\videos\\8ygj_6utmnvdtwnwqh.avi"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2b8 [0100.387] GetFileType (hFile=0x2b8) returned 0x1 [0100.387] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeb60) returned 1 [0100.387] GetFileType (hFile=0x2b8) returned 0x1 [0100.387] GetFileSize (in: hFile=0x2b8, lpFileSizeHigh=0xcfec60 | out: lpFileSizeHigh=0xcfec60*=0x0) returned 0x10816 [0100.387] ReadFile (in: hFile=0x2b8, lpBuffer=0x2dcb4a0, nNumberOfBytesToRead=0x10816, lpNumberOfBytesRead=0xcfec0c, lpOverlapped=0x0 | out: lpBuffer=0x2dcb4a0*, lpNumberOfBytesRead=0xcfec0c*=0x10816, lpOverlapped=0x0) returned 1 [0100.388] CloseHandle (hObject=0x2b8) returned 1 [0100.452] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", nBufferLength=0x105, lpBuffer=0xcfe724, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", lpFilePart=0x0) returned 0x2c [0100.452] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfebd8) returned 1 [0100.452] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8" (normalized: "c:\\users\\fd1hvy\\desktop\\read_this.txt.shade8"), fInfoLevelId=0x0, lpFileInformation=0xcfec54 | out: lpFileInformation=0xcfec54*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0100.452] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfebd4) returned 1 [0100.452] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Videos\\8YGJ_6UTMNVDTwnwqh.avi", nBufferLength=0x105, lpBuffer=0xcfe60c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Videos\\8YGJ_6UTMNVDTwnwqh.avi", lpFilePart=0x0) returned 0x2d [0100.452] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeb50) returned 1 [0100.452] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Videos\\8YGJ_6UTMNVDTwnwqh.avi" (normalized: "c:\\users\\fd1hvy\\videos\\8ygj_6utmnvdtwnwqh.avi"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2b8 [0100.454] GetFileType (hFile=0x2b8) returned 0x1 [0100.454] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeb4c) returned 1 [0100.454] GetFileType (hFile=0x2b8) returned 0x1 [0100.454] WriteFile (in: hFile=0x2b8, lpBuffer=0x2c5ac9c*, nNumberOfBytesToWrite=0x10820, lpNumberOfBytesWritten=0xcfec00, lpOverlapped=0x0 | out: lpBuffer=0x2c5ac9c*, lpNumberOfBytesWritten=0xcfec00*=0x10820, lpOverlapped=0x0) returned 1 [0100.455] CloseHandle (hObject=0x2b8) returned 1 [0100.458] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Videos\\8YGJ_6UTMNVDTwnwqh.avi", nBufferLength=0x105, lpBuffer=0xcfe730, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Videos\\8YGJ_6UTMNVDTwnwqh.avi", lpFilePart=0x0) returned 0x2d [0100.458] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Videos\\8YGJ_6UTMNVDTwnwqh.avi.shade8", nBufferLength=0x105, lpBuffer=0xcfe730, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Videos\\8YGJ_6UTMNVDTwnwqh.avi.shade8", lpFilePart=0x0) returned 0x34 [0100.458] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfebe4) returned 1 [0100.458] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Videos\\8YGJ_6UTMNVDTwnwqh.avi" (normalized: "c:\\users\\fd1hvy\\videos\\8ygj_6utmnvdtwnwqh.avi"), fInfoLevelId=0x0, lpFileInformation=0xcfec60 | out: lpFileInformation=0xcfec60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7bcce150, ftCreationTime.dwHighDateTime=0x1d4d115, ftLastAccessTime.dwLowDateTime=0x41f76b40, ftLastAccessTime.dwHighDateTime=0x1d4cbb5, ftLastWriteTime.dwLowDateTime=0x847b5cd8, ftLastWriteTime.dwHighDateTime=0x1d57301, nFileSizeHigh=0x0, nFileSizeLow=0x10820)) returned 1 [0100.458] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfebe0) returned 1 [0100.458] MoveFileW (lpExistingFileName="C:\\Users\\FD1HVy\\Videos\\8YGJ_6UTMNVDTwnwqh.avi" (normalized: "c:\\users\\fd1hvy\\videos\\8ygj_6utmnvdtwnwqh.avi"), lpNewFileName="C:\\Users\\FD1HVy\\Videos\\8YGJ_6UTMNVDTwnwqh.avi.shade8" (normalized: "c:\\users\\fd1hvy\\videos\\8ygj_6utmnvdtwnwqh.avi.shade8")) returned 1 [0100.459] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Videos\\9 _FCQBGlKcrw.mkv", nBufferLength=0x105, lpBuffer=0xcfe620, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Videos\\9 _FCQBGlKcrw.mkv", lpFilePart=0x0) returned 0x28 [0100.459] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeb64) returned 1 [0100.459] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Videos\\9 _FCQBGlKcrw.mkv" (normalized: "c:\\users\\fd1hvy\\videos\\9 _fcqbglkcrw.mkv"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2b8 [0100.459] GetFileType (hFile=0x2b8) returned 0x1 [0100.459] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeb60) returned 1 [0100.459] GetFileType (hFile=0x2b8) returned 0x1 [0100.459] GetFileSize (in: hFile=0x2b8, lpFileSizeHigh=0xcfec60 | out: lpFileSizeHigh=0xcfec60*=0x0) returned 0x42c2 [0100.459] ReadFile (in: hFile=0x2b8, lpBuffer=0x2c6b954, nNumberOfBytesToRead=0x42c2, lpNumberOfBytesRead=0xcfec0c, lpOverlapped=0x0 | out: lpBuffer=0x2c6b954*, lpNumberOfBytesRead=0xcfec0c*=0x42c2, lpOverlapped=0x0) returned 1 [0100.459] CloseHandle (hObject=0x2b8) returned 1 [0100.484] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", nBufferLength=0x105, lpBuffer=0xcfe724, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", lpFilePart=0x0) returned 0x2c [0100.484] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfebd8) returned 1 [0100.484] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8" (normalized: "c:\\users\\fd1hvy\\desktop\\read_this.txt.shade8"), fInfoLevelId=0x0, lpFileInformation=0xcfec54 | out: lpFileInformation=0xcfec54*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0100.484] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfebd4) returned 1 [0100.484] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Videos\\9 _FCQBGlKcrw.mkv", nBufferLength=0x105, lpBuffer=0xcfe60c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Videos\\9 _FCQBGlKcrw.mkv", lpFilePart=0x0) returned 0x28 [0100.484] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeb50) returned 1 [0100.484] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Videos\\9 _FCQBGlKcrw.mkv" (normalized: "c:\\users\\fd1hvy\\videos\\9 _fcqbglkcrw.mkv"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2b8 [0100.486] GetFileType (hFile=0x2b8) returned 0x1 [0100.486] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeb4c) returned 1 [0100.486] GetFileType (hFile=0x2b8) returned 0x1 [0100.486] WriteFile (in: hFile=0x2b8, lpBuffer=0x2ccd6ac*, nNumberOfBytesToWrite=0x42d0, lpNumberOfBytesWritten=0xcfec00, lpOverlapped=0x0 | out: lpBuffer=0x2ccd6ac*, lpNumberOfBytesWritten=0xcfec00*=0x42d0, lpOverlapped=0x0) returned 1 [0100.487] CloseHandle (hObject=0x2b8) returned 1 [0100.489] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Videos\\9 _FCQBGlKcrw.mkv", nBufferLength=0x105, lpBuffer=0xcfe730, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Videos\\9 _FCQBGlKcrw.mkv", lpFilePart=0x0) returned 0x28 [0100.489] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Videos\\9 _FCQBGlKcrw.mkv.shade8", nBufferLength=0x105, lpBuffer=0xcfe730, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Videos\\9 _FCQBGlKcrw.mkv.shade8", lpFilePart=0x0) returned 0x2f [0100.489] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfebe4) returned 1 [0100.489] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Videos\\9 _FCQBGlKcrw.mkv" (normalized: "c:\\users\\fd1hvy\\videos\\9 _fcqbglkcrw.mkv"), fInfoLevelId=0x0, lpFileInformation=0xcfec60 | out: lpFileInformation=0xcfec60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x74e4f920, ftCreationTime.dwHighDateTime=0x1d4d48c, ftLastAccessTime.dwLowDateTime=0x431de2b0, ftLastAccessTime.dwHighDateTime=0x1d4ce4e, ftLastWriteTime.dwLowDateTime=0x8480215b, ftLastWriteTime.dwHighDateTime=0x1d57301, nFileSizeHigh=0x0, nFileSizeLow=0x42d0)) returned 1 [0100.489] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfebe0) returned 1 [0100.489] MoveFileW (lpExistingFileName="C:\\Users\\FD1HVy\\Videos\\9 _FCQBGlKcrw.mkv" (normalized: "c:\\users\\fd1hvy\\videos\\9 _fcqbglkcrw.mkv"), lpNewFileName="C:\\Users\\FD1HVy\\Videos\\9 _FCQBGlKcrw.mkv.shade8" (normalized: "c:\\users\\fd1hvy\\videos\\9 _fcqbglkcrw.mkv.shade8")) returned 1 [0100.490] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfec44) returned 1 [0100.490] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Videos\\eHX zx0_c", nBufferLength=0x105, lpBuffer=0xcfe6f8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Videos\\eHX zx0_c", lpFilePart=0x0) returned 0x20 [0100.490] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\Videos\\eHX zx0_c\\*", lpFindFileData=0xcfe96c | out: lpFindFileData=0xcfe96c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa7a5ae30, ftCreationTime.dwHighDateTime=0x1d4d3ed, ftLastAccessTime.dwLowDateTime=0xad8c4870, ftLastAccessTime.dwHighDateTime=0x1d4d075, ftLastWriteTime.dwLowDateTime=0xad8c4870, ftLastWriteTime.dwHighDateTime=0x1d4d075, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xfe69a0 [0100.490] FindNextFileW (in: hFindFile=0xfe69a0, lpFindFileData=0xcfe978 | out: lpFindFileData=0xcfe978*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa7a5ae30, ftCreationTime.dwHighDateTime=0x1d4d3ed, ftLastAccessTime.dwLowDateTime=0xad8c4870, ftLastAccessTime.dwHighDateTime=0x1d4d075, ftLastWriteTime.dwLowDateTime=0xad8c4870, ftLastWriteTime.dwHighDateTime=0x1d4d075, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0100.491] FindNextFileW (in: hFindFile=0xfe69a0, lpFindFileData=0xcfe978 | out: lpFindFileData=0xcfe978*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xbd8daca0, ftCreationTime.dwHighDateTime=0x1d4c8c8, ftLastAccessTime.dwLowDateTime=0x5a5c2e30, ftLastAccessTime.dwHighDateTime=0x1d4cb80, ftLastWriteTime.dwLowDateTime=0x5a5c2e30, ftLastWriteTime.dwHighDateTime=0x1d4cb80, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="9sERZTGVCGoRB9xf4w", cAlternateFileName="9SERZT~1")) returned 1 [0100.491] FindNextFileW (in: hFindFile=0xfe69a0, lpFindFileData=0xcfe978 | out: lpFindFileData=0xcfe978*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6b98d2b0, ftCreationTime.dwHighDateTime=0x1d4c8cf, ftLastAccessTime.dwLowDateTime=0xdcd49370, ftLastAccessTime.dwHighDateTime=0x1d4d517, ftLastWriteTime.dwLowDateTime=0xdcd49370, ftLastWriteTime.dwHighDateTime=0x1d4d517, nFileSizeHigh=0x0, nFileSizeLow=0xcc1c, dwReserved0=0x0, dwReserved1=0x0, cFileName="FNb7Wht8f.flv", cAlternateFileName="FNB7WH~1.FLV")) returned 1 [0100.491] FindNextFileW (in: hFindFile=0xfe69a0, lpFindFileData=0xcfe978 | out: lpFindFileData=0xcfe978*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x990975a0, ftCreationTime.dwHighDateTime=0x1d4d0e1, ftLastAccessTime.dwLowDateTime=0xe3a1acb0, ftLastAccessTime.dwHighDateTime=0x1d4d058, ftLastWriteTime.dwLowDateTime=0xe3a1acb0, ftLastWriteTime.dwHighDateTime=0x1d4d058, nFileSizeHigh=0x0, nFileSizeLow=0x11d21, dwReserved0=0x0, dwReserved1=0x0, cFileName="N s0HqpST4wCqfyHxso.mkv", cAlternateFileName="NS0HQP~1.MKV")) returned 1 [0100.491] FindNextFileW (in: hFindFile=0xfe69a0, lpFindFileData=0xcfe978 | out: lpFindFileData=0xcfe978*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x4daf47d0, ftCreationTime.dwHighDateTime=0x1d4c6da, ftLastAccessTime.dwLowDateTime=0x335c4da0, ftLastAccessTime.dwHighDateTime=0x1d4d5ae, ftLastWriteTime.dwLowDateTime=0x335c4da0, ftLastWriteTime.dwHighDateTime=0x1d4d5ae, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="pzrFntx4S", cAlternateFileName="PZRFNT~1")) returned 1 [0100.492] FindNextFileW (in: hFindFile=0xfe69a0, lpFindFileData=0xcfe978 | out: lpFindFileData=0xcfe978*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x4daf47d0, ftCreationTime.dwHighDateTime=0x1d4c6da, ftLastAccessTime.dwLowDateTime=0x335c4da0, ftLastAccessTime.dwHighDateTime=0x1d4d5ae, ftLastWriteTime.dwLowDateTime=0x335c4da0, ftLastWriteTime.dwHighDateTime=0x1d4d5ae, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="pzrFntx4S", cAlternateFileName="PZRFNT~1")) returned 0 [0100.492] FindClose (in: hFindFile=0xfe69a0 | out: hFindFile=0xfe69a0) returned 1 [0100.492] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfec00) returned 1 [0100.492] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfec0c) returned 1 [0100.492] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfec44) returned 1 [0100.492] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Videos\\eHX zx0_c", nBufferLength=0x105, lpBuffer=0xcfe6f8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Videos\\eHX zx0_c", lpFilePart=0x0) returned 0x20 [0100.492] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\Videos\\eHX zx0_c\\*", lpFindFileData=0xcfe96c | out: lpFindFileData=0xcfe96c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa7a5ae30, ftCreationTime.dwHighDateTime=0x1d4d3ed, ftLastAccessTime.dwLowDateTime=0xad8c4870, ftLastAccessTime.dwHighDateTime=0x1d4d075, ftLastWriteTime.dwLowDateTime=0xad8c4870, ftLastWriteTime.dwHighDateTime=0x1d4d075, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xfe6920 [0100.492] FindNextFileW (in: hFindFile=0xfe6920, lpFindFileData=0xcfe978 | out: lpFindFileData=0xcfe978*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa7a5ae30, ftCreationTime.dwHighDateTime=0x1d4d3ed, ftLastAccessTime.dwLowDateTime=0xad8c4870, ftLastAccessTime.dwHighDateTime=0x1d4d075, ftLastWriteTime.dwLowDateTime=0xad8c4870, ftLastWriteTime.dwHighDateTime=0x1d4d075, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0100.493] FindNextFileW (in: hFindFile=0xfe6920, lpFindFileData=0xcfe978 | out: lpFindFileData=0xcfe978*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xbd8daca0, ftCreationTime.dwHighDateTime=0x1d4c8c8, ftLastAccessTime.dwLowDateTime=0x5a5c2e30, ftLastAccessTime.dwHighDateTime=0x1d4cb80, ftLastWriteTime.dwLowDateTime=0x5a5c2e30, ftLastWriteTime.dwHighDateTime=0x1d4cb80, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="9sERZTGVCGoRB9xf4w", cAlternateFileName="9SERZT~1")) returned 1 [0100.493] FindNextFileW (in: hFindFile=0xfe6920, lpFindFileData=0xcfe978 | out: lpFindFileData=0xcfe978*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6b98d2b0, ftCreationTime.dwHighDateTime=0x1d4c8cf, ftLastAccessTime.dwLowDateTime=0xdcd49370, ftLastAccessTime.dwHighDateTime=0x1d4d517, ftLastWriteTime.dwLowDateTime=0xdcd49370, ftLastWriteTime.dwHighDateTime=0x1d4d517, nFileSizeHigh=0x0, nFileSizeLow=0xcc1c, dwReserved0=0x0, dwReserved1=0x0, cFileName="FNb7Wht8f.flv", cAlternateFileName="FNB7WH~1.FLV")) returned 1 [0100.493] FindNextFileW (in: hFindFile=0xfe6920, lpFindFileData=0xcfe978 | out: lpFindFileData=0xcfe978*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x990975a0, ftCreationTime.dwHighDateTime=0x1d4d0e1, ftLastAccessTime.dwLowDateTime=0xe3a1acb0, ftLastAccessTime.dwHighDateTime=0x1d4d058, ftLastWriteTime.dwLowDateTime=0xe3a1acb0, ftLastWriteTime.dwHighDateTime=0x1d4d058, nFileSizeHigh=0x0, nFileSizeLow=0x11d21, dwReserved0=0x0, dwReserved1=0x0, cFileName="N s0HqpST4wCqfyHxso.mkv", cAlternateFileName="NS0HQP~1.MKV")) returned 1 [0100.493] FindNextFileW (in: hFindFile=0xfe6920, lpFindFileData=0xcfe978 | out: lpFindFileData=0xcfe978*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x4daf47d0, ftCreationTime.dwHighDateTime=0x1d4c6da, ftLastAccessTime.dwLowDateTime=0x335c4da0, ftLastAccessTime.dwHighDateTime=0x1d4d5ae, ftLastWriteTime.dwLowDateTime=0x335c4da0, ftLastWriteTime.dwHighDateTime=0x1d4d5ae, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="pzrFntx4S", cAlternateFileName="PZRFNT~1")) returned 1 [0100.493] FindNextFileW (in: hFindFile=0xfe6920, lpFindFileData=0xcfe978 | out: lpFindFileData=0xcfe978*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0100.494] FindClose (in: hFindFile=0xfe6920 | out: hFindFile=0xfe6920) returned 1 [0100.494] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfec00) returned 1 [0100.494] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfec0c) returned 1 [0100.494] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Videos\\eHX zx0_c\\N s0HqpST4wCqfyHxso.mkv", nBufferLength=0x105, lpBuffer=0xcfe5ac, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Videos\\eHX zx0_c\\N s0HqpST4wCqfyHxso.mkv", lpFilePart=0x0) returned 0x38 [0100.494] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeaf0) returned 1 [0100.494] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Videos\\eHX zx0_c\\N s0HqpST4wCqfyHxso.mkv" (normalized: "c:\\users\\fd1hvy\\videos\\ehx zx0_c\\n s0hqpst4wcqfyhxso.mkv"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2b8 [0100.494] GetFileType (hFile=0x2b8) returned 0x1 [0100.494] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeaec) returned 1 [0100.494] GetFileType (hFile=0x2b8) returned 0x1 [0100.494] GetFileSize (in: hFile=0x2b8, lpFileSizeHigh=0xcfebec | out: lpFileSizeHigh=0xcfebec*=0x0) returned 0x11d21 [0100.495] ReadFile (in: hFile=0x2b8, lpBuffer=0x2cd35a0, nNumberOfBytesToRead=0x11d21, lpNumberOfBytesRead=0xcfeb98, lpOverlapped=0x0 | out: lpBuffer=0x2cd35a0*, lpNumberOfBytesRead=0xcfeb98*=0x11d21, lpOverlapped=0x0) returned 1 [0100.495] CloseHandle (hObject=0x2b8) returned 1 [0100.558] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", nBufferLength=0x105, lpBuffer=0xcfe6b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", lpFilePart=0x0) returned 0x2c [0100.558] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeb64) returned 1 [0100.558] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8" (normalized: "c:\\users\\fd1hvy\\desktop\\read_this.txt.shade8"), fInfoLevelId=0x0, lpFileInformation=0xcfebe0 | out: lpFileInformation=0xcfebe0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0100.558] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeb60) returned 1 [0100.558] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Videos\\eHX zx0_c\\N s0HqpST4wCqfyHxso.mkv", nBufferLength=0x105, lpBuffer=0xcfe598, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Videos\\eHX zx0_c\\N s0HqpST4wCqfyHxso.mkv", lpFilePart=0x0) returned 0x38 [0100.558] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeadc) returned 1 [0100.558] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Videos\\eHX zx0_c\\N s0HqpST4wCqfyHxso.mkv" (normalized: "c:\\users\\fd1hvy\\videos\\ehx zx0_c\\n s0hqpst4wcqfyhxso.mkv"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2b8 [0100.560] GetFileType (hFile=0x2b8) returned 0x1 [0100.560] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfead8) returned 1 [0100.560] GetFileType (hFile=0x2b8) returned 0x1 [0100.560] WriteFile (in: hFile=0x2b8, lpBuffer=0x2d55b30*, nNumberOfBytesToWrite=0x11d30, lpNumberOfBytesWritten=0xcfeb8c, lpOverlapped=0x0 | out: lpBuffer=0x2d55b30*, lpNumberOfBytesWritten=0xcfeb8c*=0x11d30, lpOverlapped=0x0) returned 1 [0100.563] CloseHandle (hObject=0x2b8) returned 1 [0100.565] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Videos\\eHX zx0_c\\N s0HqpST4wCqfyHxso.mkv", nBufferLength=0x105, lpBuffer=0xcfe6bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Videos\\eHX zx0_c\\N s0HqpST4wCqfyHxso.mkv", lpFilePart=0x0) returned 0x38 [0100.565] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Videos\\eHX zx0_c\\N s0HqpST4wCqfyHxso.mkv.shade8", nBufferLength=0x105, lpBuffer=0xcfe6bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Videos\\eHX zx0_c\\N s0HqpST4wCqfyHxso.mkv.shade8", lpFilePart=0x0) returned 0x3f [0100.565] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeb70) returned 1 [0100.566] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Videos\\eHX zx0_c\\N s0HqpST4wCqfyHxso.mkv" (normalized: "c:\\users\\fd1hvy\\videos\\ehx zx0_c\\n s0hqpst4wcqfyhxso.mkv"), fInfoLevelId=0x0, lpFileInformation=0xcfebec | out: lpFileInformation=0xcfebec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x990975a0, ftCreationTime.dwHighDateTime=0x1d4d0e1, ftLastAccessTime.dwLowDateTime=0xe3a1acb0, ftLastAccessTime.dwHighDateTime=0x1d4d058, ftLastWriteTime.dwLowDateTime=0x848c0c79, ftLastWriteTime.dwHighDateTime=0x1d57301, nFileSizeHigh=0x0, nFileSizeLow=0x11d30)) returned 1 [0100.566] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeb6c) returned 1 [0100.566] MoveFileW (lpExistingFileName="C:\\Users\\FD1HVy\\Videos\\eHX zx0_c\\N s0HqpST4wCqfyHxso.mkv" (normalized: "c:\\users\\fd1hvy\\videos\\ehx zx0_c\\n s0hqpst4wcqfyhxso.mkv"), lpNewFileName="C:\\Users\\FD1HVy\\Videos\\eHX zx0_c\\N s0HqpST4wCqfyHxso.mkv.shade8" (normalized: "c:\\users\\fd1hvy\\videos\\ehx zx0_c\\n s0hqpst4wcqfyhxso.mkv.shade8")) returned 1 [0100.567] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfebd0) returned 1 [0100.567] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Videos\\eHX zx0_c\\9sERZTGVCGoRB9xf4w", nBufferLength=0x105, lpBuffer=0xcfe684, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Videos\\eHX zx0_c\\9sERZTGVCGoRB9xf4w", lpFilePart=0x0) returned 0x33 [0100.567] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\Videos\\eHX zx0_c\\9sERZTGVCGoRB9xf4w\\*", lpFindFileData=0xcfe8f8 | out: lpFindFileData=0xcfe8f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xbd8daca0, ftCreationTime.dwHighDateTime=0x1d4c8c8, ftLastAccessTime.dwLowDateTime=0x5a5c2e30, ftLastAccessTime.dwHighDateTime=0x1d4cb80, ftLastWriteTime.dwLowDateTime=0x5a5c2e30, ftLastWriteTime.dwHighDateTime=0x1d4cb80, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xfe6520 [0100.567] FindNextFileW (in: hFindFile=0xfe6520, lpFindFileData=0xcfe904 | out: lpFindFileData=0xcfe904*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xbd8daca0, ftCreationTime.dwHighDateTime=0x1d4c8c8, ftLastAccessTime.dwLowDateTime=0x5a5c2e30, ftLastAccessTime.dwHighDateTime=0x1d4cb80, ftLastWriteTime.dwLowDateTime=0x5a5c2e30, ftLastWriteTime.dwHighDateTime=0x1d4cb80, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0100.567] FindNextFileW (in: hFindFile=0xfe6520, lpFindFileData=0xcfe904 | out: lpFindFileData=0xcfe904*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x19275e0, ftCreationTime.dwHighDateTime=0x1d4cf61, ftLastAccessTime.dwLowDateTime=0x8ab68040, ftLastAccessTime.dwHighDateTime=0x1d4c670, ftLastWriteTime.dwLowDateTime=0x8ab68040, ftLastWriteTime.dwHighDateTime=0x1d4c670, nFileSizeHigh=0x0, nFileSizeLow=0x138a4, dwReserved0=0x0, dwReserved1=0x0, cFileName="9 kNqzst0HfRpFR27W1.mkv", cAlternateFileName="9KNQZS~1.MKV")) returned 1 [0100.567] FindNextFileW (in: hFindFile=0xfe6520, lpFindFileData=0xcfe904 | out: lpFindFileData=0xcfe904*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa56c240, ftCreationTime.dwHighDateTime=0x1d4cb05, ftLastAccessTime.dwLowDateTime=0xfb53b3a0, ftLastAccessTime.dwHighDateTime=0x1d4c71e, ftLastWriteTime.dwLowDateTime=0xfb53b3a0, ftLastWriteTime.dwHighDateTime=0x1d4c71e, nFileSizeHigh=0x0, nFileSizeLow=0x760c, dwReserved0=0x0, dwReserved1=0x0, cFileName="cZsBv.avi", cAlternateFileName="")) returned 1 [0100.568] FindNextFileW (in: hFindFile=0xfe6520, lpFindFileData=0xcfe904 | out: lpFindFileData=0xcfe904*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x53ce91d0, ftCreationTime.dwHighDateTime=0x1d4cf35, ftLastAccessTime.dwLowDateTime=0x2957b8d0, ftLastAccessTime.dwHighDateTime=0x1d4d5c7, ftLastWriteTime.dwLowDateTime=0x2957b8d0, ftLastWriteTime.dwHighDateTime=0x1d4d5c7, nFileSizeHigh=0x0, nFileSizeLow=0x28b1, dwReserved0=0x0, dwReserved1=0x0, cFileName="gp0Bym0 qsqZvsQ9XZ.mkv", cAlternateFileName="GP0BYM~1.MKV")) returned 1 [0100.568] FindNextFileW (in: hFindFile=0xfe6520, lpFindFileData=0xcfe904 | out: lpFindFileData=0xcfe904*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2fe9d510, ftCreationTime.dwHighDateTime=0x1d4d2ee, ftLastAccessTime.dwLowDateTime=0x4fb2bbe0, ftLastAccessTime.dwHighDateTime=0x1d4c77d, ftLastWriteTime.dwLowDateTime=0x4fb2bbe0, ftLastWriteTime.dwHighDateTime=0x1d4c77d, nFileSizeHigh=0x0, nFileSizeLow=0x76e1, dwReserved0=0x0, dwReserved1=0x0, cFileName="ieD 5xHHb4tpf.mp4", cAlternateFileName="IED5XH~1.MP4")) returned 1 [0100.568] FindNextFileW (in: hFindFile=0xfe6520, lpFindFileData=0xcfe904 | out: lpFindFileData=0xcfe904*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6d87b900, ftCreationTime.dwHighDateTime=0x1d4ca51, ftLastAccessTime.dwLowDateTime=0xdc0c1e0, ftLastAccessTime.dwHighDateTime=0x1d4d250, ftLastWriteTime.dwLowDateTime=0xdc0c1e0, ftLastWriteTime.dwHighDateTime=0x1d4d250, nFileSizeHigh=0x0, nFileSizeLow=0x9f58, dwReserved0=0x0, dwReserved1=0x0, cFileName="lgEBL xrCOPqpwsQP.avi", cAlternateFileName="LGEBLX~1.AVI")) returned 1 [0100.568] FindNextFileW (in: hFindFile=0xfe6520, lpFindFileData=0xcfe904 | out: lpFindFileData=0xcfe904*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x559e65c0, ftCreationTime.dwHighDateTime=0x1d4c914, ftLastAccessTime.dwLowDateTime=0xebd9e310, ftLastAccessTime.dwHighDateTime=0x1d4ced8, ftLastWriteTime.dwLowDateTime=0xebd9e310, ftLastWriteTime.dwHighDateTime=0x1d4ced8, nFileSizeHigh=0x0, nFileSizeLow=0x865e, dwReserved0=0x0, dwReserved1=0x0, cFileName="NtdsC5O9vSVUGsKA.swf", cAlternateFileName="NTDSC5~1.SWF")) returned 1 [0100.568] FindNextFileW (in: hFindFile=0xfe6520, lpFindFileData=0xcfe904 | out: lpFindFileData=0xcfe904*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x256a1300, ftCreationTime.dwHighDateTime=0x1d4c765, ftLastAccessTime.dwLowDateTime=0xfd446c40, ftLastAccessTime.dwHighDateTime=0x1d4c930, ftLastWriteTime.dwLowDateTime=0xfd446c40, ftLastWriteTime.dwHighDateTime=0x1d4c930, nFileSizeHigh=0x0, nFileSizeLow=0xd4fa, dwReserved0=0x0, dwReserved1=0x0, cFileName="_mutrv03l51BsMFU.flv", cAlternateFileName="_MUTRV~1.FLV")) returned 1 [0100.568] FindNextFileW (in: hFindFile=0xfe6520, lpFindFileData=0xcfe904 | out: lpFindFileData=0xcfe904*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0100.569] FindClose (in: hFindFile=0xfe6520 | out: hFindFile=0xfe6520) returned 1 [0100.569] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeb8c) returned 1 [0100.569] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeb98) returned 1 [0100.569] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfebd0) returned 1 [0100.569] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Videos\\eHX zx0_c\\9sERZTGVCGoRB9xf4w", nBufferLength=0x105, lpBuffer=0xcfe684, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Videos\\eHX zx0_c\\9sERZTGVCGoRB9xf4w", lpFilePart=0x0) returned 0x33 [0100.569] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\Videos\\eHX zx0_c\\9sERZTGVCGoRB9xf4w\\*", lpFindFileData=0xcfe8f8 | out: lpFindFileData=0xcfe8f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xbd8daca0, ftCreationTime.dwHighDateTime=0x1d4c8c8, ftLastAccessTime.dwLowDateTime=0x5a5c2e30, ftLastAccessTime.dwHighDateTime=0x1d4cb80, ftLastWriteTime.dwLowDateTime=0x5a5c2e30, ftLastWriteTime.dwHighDateTime=0x1d4cb80, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xfe6a20 [0100.569] FindNextFileW (in: hFindFile=0xfe6a20, lpFindFileData=0xcfe904 | out: lpFindFileData=0xcfe904*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xbd8daca0, ftCreationTime.dwHighDateTime=0x1d4c8c8, ftLastAccessTime.dwLowDateTime=0x5a5c2e30, ftLastAccessTime.dwHighDateTime=0x1d4cb80, ftLastWriteTime.dwLowDateTime=0x5a5c2e30, ftLastWriteTime.dwHighDateTime=0x1d4cb80, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0100.570] FindNextFileW (in: hFindFile=0xfe6a20, lpFindFileData=0xcfe904 | out: lpFindFileData=0xcfe904*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x19275e0, ftCreationTime.dwHighDateTime=0x1d4cf61, ftLastAccessTime.dwLowDateTime=0x8ab68040, ftLastAccessTime.dwHighDateTime=0x1d4c670, ftLastWriteTime.dwLowDateTime=0x8ab68040, ftLastWriteTime.dwHighDateTime=0x1d4c670, nFileSizeHigh=0x0, nFileSizeLow=0x138a4, dwReserved0=0x0, dwReserved1=0x0, cFileName="9 kNqzst0HfRpFR27W1.mkv", cAlternateFileName="9KNQZS~1.MKV")) returned 1 [0100.570] FindNextFileW (in: hFindFile=0xfe6a20, lpFindFileData=0xcfe904 | out: lpFindFileData=0xcfe904*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa56c240, ftCreationTime.dwHighDateTime=0x1d4cb05, ftLastAccessTime.dwLowDateTime=0xfb53b3a0, ftLastAccessTime.dwHighDateTime=0x1d4c71e, ftLastWriteTime.dwLowDateTime=0xfb53b3a0, ftLastWriteTime.dwHighDateTime=0x1d4c71e, nFileSizeHigh=0x0, nFileSizeLow=0x760c, dwReserved0=0x0, dwReserved1=0x0, cFileName="cZsBv.avi", cAlternateFileName="")) returned 1 [0100.570] FindNextFileW (in: hFindFile=0xfe6a20, lpFindFileData=0xcfe904 | out: lpFindFileData=0xcfe904*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x53ce91d0, ftCreationTime.dwHighDateTime=0x1d4cf35, ftLastAccessTime.dwLowDateTime=0x2957b8d0, ftLastAccessTime.dwHighDateTime=0x1d4d5c7, ftLastWriteTime.dwLowDateTime=0x2957b8d0, ftLastWriteTime.dwHighDateTime=0x1d4d5c7, nFileSizeHigh=0x0, nFileSizeLow=0x28b1, dwReserved0=0x0, dwReserved1=0x0, cFileName="gp0Bym0 qsqZvsQ9XZ.mkv", cAlternateFileName="GP0BYM~1.MKV")) returned 1 [0100.570] FindNextFileW (in: hFindFile=0xfe6a20, lpFindFileData=0xcfe904 | out: lpFindFileData=0xcfe904*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2fe9d510, ftCreationTime.dwHighDateTime=0x1d4d2ee, ftLastAccessTime.dwLowDateTime=0x4fb2bbe0, ftLastAccessTime.dwHighDateTime=0x1d4c77d, ftLastWriteTime.dwLowDateTime=0x4fb2bbe0, ftLastWriteTime.dwHighDateTime=0x1d4c77d, nFileSizeHigh=0x0, nFileSizeLow=0x76e1, dwReserved0=0x0, dwReserved1=0x0, cFileName="ieD 5xHHb4tpf.mp4", cAlternateFileName="IED5XH~1.MP4")) returned 1 [0100.570] FindNextFileW (in: hFindFile=0xfe6a20, lpFindFileData=0xcfe904 | out: lpFindFileData=0xcfe904*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6d87b900, ftCreationTime.dwHighDateTime=0x1d4ca51, ftLastAccessTime.dwLowDateTime=0xdc0c1e0, ftLastAccessTime.dwHighDateTime=0x1d4d250, ftLastWriteTime.dwLowDateTime=0xdc0c1e0, ftLastWriteTime.dwHighDateTime=0x1d4d250, nFileSizeHigh=0x0, nFileSizeLow=0x9f58, dwReserved0=0x0, dwReserved1=0x0, cFileName="lgEBL xrCOPqpwsQP.avi", cAlternateFileName="LGEBLX~1.AVI")) returned 1 [0100.571] FindNextFileW (in: hFindFile=0xfe6a20, lpFindFileData=0xcfe904 | out: lpFindFileData=0xcfe904*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x559e65c0, ftCreationTime.dwHighDateTime=0x1d4c914, ftLastAccessTime.dwLowDateTime=0xebd9e310, ftLastAccessTime.dwHighDateTime=0x1d4ced8, ftLastWriteTime.dwLowDateTime=0xebd9e310, ftLastWriteTime.dwHighDateTime=0x1d4ced8, nFileSizeHigh=0x0, nFileSizeLow=0x865e, dwReserved0=0x0, dwReserved1=0x0, cFileName="NtdsC5O9vSVUGsKA.swf", cAlternateFileName="NTDSC5~1.SWF")) returned 1 [0100.571] FindNextFileW (in: hFindFile=0xfe6a20, lpFindFileData=0xcfe904 | out: lpFindFileData=0xcfe904*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x256a1300, ftCreationTime.dwHighDateTime=0x1d4c765, ftLastAccessTime.dwLowDateTime=0xfd446c40, ftLastAccessTime.dwHighDateTime=0x1d4c930, ftLastWriteTime.dwLowDateTime=0xfd446c40, ftLastWriteTime.dwHighDateTime=0x1d4c930, nFileSizeHigh=0x0, nFileSizeLow=0xd4fa, dwReserved0=0x0, dwReserved1=0x0, cFileName="_mutrv03l51BsMFU.flv", cAlternateFileName="_MUTRV~1.FLV")) returned 1 [0100.571] FindNextFileW (in: hFindFile=0xfe6a20, lpFindFileData=0xcfe904 | out: lpFindFileData=0xcfe904*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x256a1300, ftCreationTime.dwHighDateTime=0x1d4c765, ftLastAccessTime.dwLowDateTime=0xfd446c40, ftLastAccessTime.dwHighDateTime=0x1d4c930, ftLastWriteTime.dwLowDateTime=0xfd446c40, ftLastWriteTime.dwHighDateTime=0x1d4c930, nFileSizeHigh=0x0, nFileSizeLow=0xd4fa, dwReserved0=0x0, dwReserved1=0x0, cFileName="_mutrv03l51BsMFU.flv", cAlternateFileName="_MUTRV~1.FLV")) returned 0 [0100.571] FindClose (in: hFindFile=0xfe6a20 | out: hFindFile=0xfe6a20) returned 1 [0100.571] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeb8c) returned 1 [0100.571] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeb98) returned 1 [0100.572] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Videos\\eHX zx0_c\\9sERZTGVCGoRB9xf4w\\9 kNqzst0HfRpFR27W1.mkv", nBufferLength=0x105, lpBuffer=0xcfe538, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Videos\\eHX zx0_c\\9sERZTGVCGoRB9xf4w\\9 kNqzst0HfRpFR27W1.mkv", lpFilePart=0x0) returned 0x4b [0100.572] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfea7c) returned 1 [0100.572] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Videos\\eHX zx0_c\\9sERZTGVCGoRB9xf4w\\9 kNqzst0HfRpFR27W1.mkv" (normalized: "c:\\users\\fd1hvy\\videos\\ehx zx0_c\\9serztgvcgorb9xf4w\\9 knqzst0hfrpfr27w1.mkv"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2b8 [0100.572] GetFileType (hFile=0x2b8) returned 0x1 [0100.572] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfea78) returned 1 [0100.572] GetFileType (hFile=0x2b8) returned 0x1 [0100.572] GetFileSize (in: hFile=0x2b8, lpFileSizeHigh=0xcfeb78 | out: lpFileSizeHigh=0xcfeb78*=0x0) returned 0x138a4 [0100.572] ReadFile (in: hFile=0x2b8, lpBuffer=0x2d6a5bc, nNumberOfBytesToRead=0x138a4, lpNumberOfBytesRead=0xcfeb24, lpOverlapped=0x0 | out: lpBuffer=0x2d6a5bc*, lpNumberOfBytesRead=0xcfeb24*=0x138a4, lpOverlapped=0x0) returned 1 [0100.573] CloseHandle (hObject=0x2b8) returned 1 [0100.606] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", nBufferLength=0x105, lpBuffer=0xcfe63c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", lpFilePart=0x0) returned 0x2c [0100.606] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeaf0) returned 1 [0100.606] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8" (normalized: "c:\\users\\fd1hvy\\desktop\\read_this.txt.shade8"), fInfoLevelId=0x0, lpFileInformation=0xcfeb6c | out: lpFileInformation=0xcfeb6c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0100.607] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeaec) returned 1 [0100.607] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Videos\\eHX zx0_c\\9sERZTGVCGoRB9xf4w\\9 kNqzst0HfRpFR27W1.mkv", nBufferLength=0x105, lpBuffer=0xcfe524, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Videos\\eHX zx0_c\\9sERZTGVCGoRB9xf4w\\9 kNqzst0HfRpFR27W1.mkv", lpFilePart=0x0) returned 0x4b [0100.607] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfea68) returned 1 [0100.607] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Videos\\eHX zx0_c\\9sERZTGVCGoRB9xf4w\\9 kNqzst0HfRpFR27W1.mkv" (normalized: "c:\\users\\fd1hvy\\videos\\ehx zx0_c\\9serztgvcgorb9xf4w\\9 knqzst0hfrpfr27w1.mkv"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2b8 [0100.609] GetFileType (hFile=0x2b8) returned 0x1 [0100.609] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfea64) returned 1 [0100.609] GetFileType (hFile=0x2b8) returned 0x1 [0100.609] WriteFile (in: hFile=0x2b8, lpBuffer=0x2c099f4*, nNumberOfBytesToWrite=0x138b0, lpNumberOfBytesWritten=0xcfeb18, lpOverlapped=0x0 | out: lpBuffer=0x2c099f4*, lpNumberOfBytesWritten=0xcfeb18*=0x138b0, lpOverlapped=0x0) returned 1 [0100.611] CloseHandle (hObject=0x2b8) returned 1 [0100.614] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Videos\\eHX zx0_c\\9sERZTGVCGoRB9xf4w\\9 kNqzst0HfRpFR27W1.mkv", nBufferLength=0x105, lpBuffer=0xcfe648, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Videos\\eHX zx0_c\\9sERZTGVCGoRB9xf4w\\9 kNqzst0HfRpFR27W1.mkv", lpFilePart=0x0) returned 0x4b [0100.614] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Videos\\eHX zx0_c\\9sERZTGVCGoRB9xf4w\\9 kNqzst0HfRpFR27W1.mkv.shade8", nBufferLength=0x105, lpBuffer=0xcfe648, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Videos\\eHX zx0_c\\9sERZTGVCGoRB9xf4w\\9 kNqzst0HfRpFR27W1.mkv.shade8", lpFilePart=0x0) returned 0x52 [0100.614] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeafc) returned 1 [0100.614] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Videos\\eHX zx0_c\\9sERZTGVCGoRB9xf4w\\9 kNqzst0HfRpFR27W1.mkv" (normalized: "c:\\users\\fd1hvy\\videos\\ehx zx0_c\\9serztgvcgorb9xf4w\\9 knqzst0hfrpfr27w1.mkv"), fInfoLevelId=0x0, lpFileInformation=0xcfeb78 | out: lpFileInformation=0xcfeb78*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x19275e0, ftCreationTime.dwHighDateTime=0x1d4cf61, ftLastAccessTime.dwLowDateTime=0x8ab68040, ftLastAccessTime.dwHighDateTime=0x1d4c670, ftLastWriteTime.dwLowDateTime=0x84933513, ftLastWriteTime.dwHighDateTime=0x1d57301, nFileSizeHigh=0x0, nFileSizeLow=0x138b0)) returned 1 [0100.614] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeaf8) returned 1 [0100.614] MoveFileW (lpExistingFileName="C:\\Users\\FD1HVy\\Videos\\eHX zx0_c\\9sERZTGVCGoRB9xf4w\\9 kNqzst0HfRpFR27W1.mkv" (normalized: "c:\\users\\fd1hvy\\videos\\ehx zx0_c\\9serztgvcgorb9xf4w\\9 knqzst0hfrpfr27w1.mkv"), lpNewFileName="C:\\Users\\FD1HVy\\Videos\\eHX zx0_c\\9sERZTGVCGoRB9xf4w\\9 kNqzst0HfRpFR27W1.mkv.shade8" (normalized: "c:\\users\\fd1hvy\\videos\\ehx zx0_c\\9serztgvcgorb9xf4w\\9 knqzst0hfrpfr27w1.mkv.shade8")) returned 1 [0100.615] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Videos\\eHX zx0_c\\9sERZTGVCGoRB9xf4w\\cZsBv.avi", nBufferLength=0x105, lpBuffer=0xcfe538, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Videos\\eHX zx0_c\\9sERZTGVCGoRB9xf4w\\cZsBv.avi", lpFilePart=0x0) returned 0x3d [0100.615] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfea7c) returned 1 [0100.615] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Videos\\eHX zx0_c\\9sERZTGVCGoRB9xf4w\\cZsBv.avi" (normalized: "c:\\users\\fd1hvy\\videos\\ehx zx0_c\\9serztgvcgorb9xf4w\\czsbv.avi"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2b8 [0100.615] GetFileType (hFile=0x2b8) returned 0x1 [0100.615] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfea78) returned 1 [0100.615] GetFileType (hFile=0x2b8) returned 0x1 [0100.615] GetFileSize (in: hFile=0x2b8, lpFileSizeHigh=0xcfeb78 | out: lpFileSizeHigh=0xcfeb78*=0x0) returned 0x760c [0100.615] ReadFile (in: hFile=0x2b8, lpBuffer=0x2c1d850, nNumberOfBytesToRead=0x760c, lpNumberOfBytesRead=0xcfeb24, lpOverlapped=0x0 | out: lpBuffer=0x2c1d850*, lpNumberOfBytesRead=0xcfeb24*=0x760c, lpOverlapped=0x0) returned 1 [0100.616] CloseHandle (hObject=0x2b8) returned 1 [0100.690] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", nBufferLength=0x105, lpBuffer=0xcfe63c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", lpFilePart=0x0) returned 0x2c [0100.690] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeaf0) returned 1 [0100.690] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8" (normalized: "c:\\users\\fd1hvy\\desktop\\read_this.txt.shade8"), fInfoLevelId=0x0, lpFileInformation=0xcfeb6c | out: lpFileInformation=0xcfeb6c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0100.691] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeaec) returned 1 [0100.691] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Videos\\eHX zx0_c\\9sERZTGVCGoRB9xf4w\\cZsBv.avi", nBufferLength=0x105, lpBuffer=0xcfe524, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Videos\\eHX zx0_c\\9sERZTGVCGoRB9xf4w\\cZsBv.avi", lpFilePart=0x0) returned 0x3d [0100.691] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfea68) returned 1 [0100.691] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Videos\\eHX zx0_c\\9sERZTGVCGoRB9xf4w\\cZsBv.avi" (normalized: "c:\\users\\fd1hvy\\videos\\ehx zx0_c\\9serztgvcgorb9xf4w\\czsbv.avi"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2b8 [0100.692] GetFileType (hFile=0x2b8) returned 0x1 [0100.692] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfea64) returned 1 [0100.692] GetFileType (hFile=0x2b8) returned 0x1 [0100.692] WriteFile (in: hFile=0x2b8, lpBuffer=0x2c8f5e4*, nNumberOfBytesToWrite=0x7610, lpNumberOfBytesWritten=0xcfeb18, lpOverlapped=0x0 | out: lpBuffer=0x2c8f5e4*, lpNumberOfBytesWritten=0xcfeb18*=0x7610, lpOverlapped=0x0) returned 1 [0100.694] CloseHandle (hObject=0x2b8) returned 1 [0100.696] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Videos\\eHX zx0_c\\9sERZTGVCGoRB9xf4w\\cZsBv.avi", nBufferLength=0x105, lpBuffer=0xcfe648, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Videos\\eHX zx0_c\\9sERZTGVCGoRB9xf4w\\cZsBv.avi", lpFilePart=0x0) returned 0x3d [0100.696] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Videos\\eHX zx0_c\\9sERZTGVCGoRB9xf4w\\cZsBv.avi.shade8", nBufferLength=0x105, lpBuffer=0xcfe648, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Videos\\eHX zx0_c\\9sERZTGVCGoRB9xf4w\\cZsBv.avi.shade8", lpFilePart=0x0) returned 0x44 [0100.696] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeafc) returned 1 [0100.696] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Videos\\eHX zx0_c\\9sERZTGVCGoRB9xf4w\\cZsBv.avi" (normalized: "c:\\users\\fd1hvy\\videos\\ehx zx0_c\\9serztgvcgorb9xf4w\\czsbv.avi"), fInfoLevelId=0x0, lpFileInformation=0xcfeb78 | out: lpFileInformation=0xcfeb78*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa56c240, ftCreationTime.dwHighDateTime=0x1d4cb05, ftLastAccessTime.dwLowDateTime=0xfb53b3a0, ftLastAccessTime.dwHighDateTime=0x1d4c71e, ftLastWriteTime.dwLowDateTime=0x849f2039, ftLastWriteTime.dwHighDateTime=0x1d57301, nFileSizeHigh=0x0, nFileSizeLow=0x7610)) returned 1 [0100.696] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeaf8) returned 1 [0100.696] MoveFileW (lpExistingFileName="C:\\Users\\FD1HVy\\Videos\\eHX zx0_c\\9sERZTGVCGoRB9xf4w\\cZsBv.avi" (normalized: "c:\\users\\fd1hvy\\videos\\ehx zx0_c\\9serztgvcgorb9xf4w\\czsbv.avi"), lpNewFileName="C:\\Users\\FD1HVy\\Videos\\eHX zx0_c\\9sERZTGVCGoRB9xf4w\\cZsBv.avi.shade8" (normalized: "c:\\users\\fd1hvy\\videos\\ehx zx0_c\\9serztgvcgorb9xf4w\\czsbv.avi.shade8")) returned 1 [0100.697] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Videos\\eHX zx0_c\\9sERZTGVCGoRB9xf4w\\gp0Bym0 qsqZvsQ9XZ.mkv", nBufferLength=0x105, lpBuffer=0xcfe538, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Videos\\eHX zx0_c\\9sERZTGVCGoRB9xf4w\\gp0Bym0 qsqZvsQ9XZ.mkv", lpFilePart=0x0) returned 0x4a [0100.697] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfea7c) returned 1 [0100.697] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Videos\\eHX zx0_c\\9sERZTGVCGoRB9xf4w\\gp0Bym0 qsqZvsQ9XZ.mkv" (normalized: "c:\\users\\fd1hvy\\videos\\ehx zx0_c\\9serztgvcgorb9xf4w\\gp0bym0 qsqzvsq9xz.mkv"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2b8 [0100.697] GetFileType (hFile=0x2b8) returned 0x1 [0100.697] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfea78) returned 1 [0100.697] GetFileType (hFile=0x2b8) returned 0x1 [0100.697] GetFileSize (in: hFile=0x2b8, lpFileSizeHigh=0xcfeb78 | out: lpFileSizeHigh=0xcfeb78*=0x0) returned 0x28b1 [0100.697] ReadFile (in: hFile=0x2b8, lpBuffer=0x2c97140, nNumberOfBytesToRead=0x28b1, lpNumberOfBytesRead=0xcfeb24, lpOverlapped=0x0 | out: lpBuffer=0x2c97140*, lpNumberOfBytesRead=0xcfeb24*=0x28b1, lpOverlapped=0x0) returned 1 [0100.698] CloseHandle (hObject=0x2b8) returned 1 [0100.728] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", nBufferLength=0x105, lpBuffer=0xcfe63c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", lpFilePart=0x0) returned 0x2c [0100.728] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeaf0) returned 1 [0100.728] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8" (normalized: "c:\\users\\fd1hvy\\desktop\\read_this.txt.shade8"), fInfoLevelId=0x0, lpFileInformation=0xcfeb6c | out: lpFileInformation=0xcfeb6c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0100.728] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeaec) returned 1 [0100.728] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Videos\\eHX zx0_c\\9sERZTGVCGoRB9xf4w\\gp0Bym0 qsqZvsQ9XZ.mkv", nBufferLength=0x105, lpBuffer=0xcfe524, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Videos\\eHX zx0_c\\9sERZTGVCGoRB9xf4w\\gp0Bym0 qsqZvsQ9XZ.mkv", lpFilePart=0x0) returned 0x4a [0100.728] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfea68) returned 1 [0100.728] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Videos\\eHX zx0_c\\9sERZTGVCGoRB9xf4w\\gp0Bym0 qsqZvsQ9XZ.mkv" (normalized: "c:\\users\\fd1hvy\\videos\\ehx zx0_c\\9serztgvcgorb9xf4w\\gp0bym0 qsqzvsq9xz.mkv"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2b8 [0100.729] GetFileType (hFile=0x2b8) returned 0x1 [0100.729] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfea64) returned 1 [0100.729] GetFileType (hFile=0x2b8) returned 0x1 [0100.729] WriteFile (in: hFile=0x2b8, lpBuffer=0x2cf0aec*, nNumberOfBytesToWrite=0x28c0, lpNumberOfBytesWritten=0xcfeb18, lpOverlapped=0x0 | out: lpBuffer=0x2cf0aec*, lpNumberOfBytesWritten=0xcfeb18*=0x28c0, lpOverlapped=0x0) returned 1 [0100.731] CloseHandle (hObject=0x2b8) returned 1 [0100.733] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Videos\\eHX zx0_c\\9sERZTGVCGoRB9xf4w\\gp0Bym0 qsqZvsQ9XZ.mkv", nBufferLength=0x105, lpBuffer=0xcfe648, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Videos\\eHX zx0_c\\9sERZTGVCGoRB9xf4w\\gp0Bym0 qsqZvsQ9XZ.mkv", lpFilePart=0x0) returned 0x4a [0100.733] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Videos\\eHX zx0_c\\9sERZTGVCGoRB9xf4w\\gp0Bym0 qsqZvsQ9XZ.mkv.shade8", nBufferLength=0x105, lpBuffer=0xcfe648, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Videos\\eHX zx0_c\\9sERZTGVCGoRB9xf4w\\gp0Bym0 qsqZvsQ9XZ.mkv.shade8", lpFilePart=0x0) returned 0x51 [0100.733] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeafc) returned 1 [0100.733] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Videos\\eHX zx0_c\\9sERZTGVCGoRB9xf4w\\gp0Bym0 qsqZvsQ9XZ.mkv" (normalized: "c:\\users\\fd1hvy\\videos\\ehx zx0_c\\9serztgvcgorb9xf4w\\gp0bym0 qsqzvsq9xz.mkv"), fInfoLevelId=0x0, lpFileInformation=0xcfeb78 | out: lpFileInformation=0xcfeb78*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x53ce91d0, ftCreationTime.dwHighDateTime=0x1d4cf35, ftLastAccessTime.dwLowDateTime=0x2957b8d0, ftLastAccessTime.dwHighDateTime=0x1d4d5c7, ftLastWriteTime.dwLowDateTime=0x84a64793, ftLastWriteTime.dwHighDateTime=0x1d57301, nFileSizeHigh=0x0, nFileSizeLow=0x28c0)) returned 1 [0100.733] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeaf8) returned 1 [0100.733] MoveFileW (lpExistingFileName="C:\\Users\\FD1HVy\\Videos\\eHX zx0_c\\9sERZTGVCGoRB9xf4w\\gp0Bym0 qsqZvsQ9XZ.mkv" (normalized: "c:\\users\\fd1hvy\\videos\\ehx zx0_c\\9serztgvcgorb9xf4w\\gp0bym0 qsqzvsq9xz.mkv"), lpNewFileName="C:\\Users\\FD1HVy\\Videos\\eHX zx0_c\\9sERZTGVCGoRB9xf4w\\gp0Bym0 qsqZvsQ9XZ.mkv.shade8" (normalized: "c:\\users\\fd1hvy\\videos\\ehx zx0_c\\9serztgvcgorb9xf4w\\gp0bym0 qsqzvsq9xz.mkv.shade8")) returned 1 [0100.734] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Videos\\eHX zx0_c\\9sERZTGVCGoRB9xf4w\\ieD 5xHHb4tpf.mp4", nBufferLength=0x105, lpBuffer=0xcfe538, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Videos\\eHX zx0_c\\9sERZTGVCGoRB9xf4w\\ieD 5xHHb4tpf.mp4", lpFilePart=0x0) returned 0x45 [0100.734] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfea7c) returned 1 [0100.734] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Videos\\eHX zx0_c\\9sERZTGVCGoRB9xf4w\\ieD 5xHHb4tpf.mp4" (normalized: "c:\\users\\fd1hvy\\videos\\ehx zx0_c\\9serztgvcgorb9xf4w\\ied 5xhhb4tpf.mp4"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2b8 [0100.734] GetFileType (hFile=0x2b8) returned 0x1 [0100.734] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfea78) returned 1 [0100.734] GetFileType (hFile=0x2b8) returned 0x1 [0100.734] GetFileSize (in: hFile=0x2b8, lpFileSizeHigh=0xcfeb78 | out: lpFileSizeHigh=0xcfeb78*=0x0) returned 0x76e1 [0100.734] ReadFile (in: hFile=0x2b8, lpBuffer=0x2cf3964, nNumberOfBytesToRead=0x76e1, lpNumberOfBytesRead=0xcfeb24, lpOverlapped=0x0 | out: lpBuffer=0x2cf3964*, lpNumberOfBytesRead=0xcfeb24*=0x76e1, lpOverlapped=0x0) returned 1 [0100.735] CloseHandle (hObject=0x2b8) returned 1 [0100.759] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", nBufferLength=0x105, lpBuffer=0xcfe63c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", lpFilePart=0x0) returned 0x2c [0100.759] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeaf0) returned 1 [0100.759] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8" (normalized: "c:\\users\\fd1hvy\\desktop\\read_this.txt.shade8"), fInfoLevelId=0x0, lpFileInformation=0xcfeb6c | out: lpFileInformation=0xcfeb6c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0100.759] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeaec) returned 1 [0100.759] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Videos\\eHX zx0_c\\9sERZTGVCGoRB9xf4w\\ieD 5xHHb4tpf.mp4", nBufferLength=0x105, lpBuffer=0xcfe524, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Videos\\eHX zx0_c\\9sERZTGVCGoRB9xf4w\\ieD 5xHHb4tpf.mp4", lpFilePart=0x0) returned 0x45 [0100.759] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfea68) returned 1 [0100.759] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Videos\\eHX zx0_c\\9sERZTGVCGoRB9xf4w\\ieD 5xHHb4tpf.mp4" (normalized: "c:\\users\\fd1hvy\\videos\\ehx zx0_c\\9serztgvcgorb9xf4w\\ied 5xhhb4tpf.mp4"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2b8 [0100.760] GetFileType (hFile=0x2b8) returned 0x1 [0100.761] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfea64) returned 1 [0100.761] GetFileType (hFile=0x2b8) returned 0x1 [0100.761] WriteFile (in: hFile=0x2b8, lpBuffer=0x2d65a00*, nNumberOfBytesToWrite=0x76f0, lpNumberOfBytesWritten=0xcfeb18, lpOverlapped=0x0 | out: lpBuffer=0x2d65a00*, lpNumberOfBytesWritten=0xcfeb18*=0x76f0, lpOverlapped=0x0) returned 1 [0100.764] CloseHandle (hObject=0x2b8) returned 1 [0100.765] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Videos\\eHX zx0_c\\9sERZTGVCGoRB9xf4w\\ieD 5xHHb4tpf.mp4", nBufferLength=0x105, lpBuffer=0xcfe648, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Videos\\eHX zx0_c\\9sERZTGVCGoRB9xf4w\\ieD 5xHHb4tpf.mp4", lpFilePart=0x0) returned 0x45 [0100.766] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Videos\\eHX zx0_c\\9sERZTGVCGoRB9xf4w\\ieD 5xHHb4tpf.mp4.shade8", nBufferLength=0x105, lpBuffer=0xcfe648, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Videos\\eHX zx0_c\\9sERZTGVCGoRB9xf4w\\ieD 5xHHb4tpf.mp4.shade8", lpFilePart=0x0) returned 0x4c [0100.766] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeafc) returned 1 [0100.766] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Videos\\eHX zx0_c\\9sERZTGVCGoRB9xf4w\\ieD 5xHHb4tpf.mp4" (normalized: "c:\\users\\fd1hvy\\videos\\ehx zx0_c\\9serztgvcgorb9xf4w\\ied 5xhhb4tpf.mp4"), fInfoLevelId=0x0, lpFileInformation=0xcfeb78 | out: lpFileInformation=0xcfeb78*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2fe9d510, ftCreationTime.dwHighDateTime=0x1d4d2ee, ftLastAccessTime.dwLowDateTime=0x4fb2bbe0, ftLastAccessTime.dwHighDateTime=0x1d4c77d, ftLastWriteTime.dwLowDateTime=0x84ab0cd2, ftLastWriteTime.dwHighDateTime=0x1d57301, nFileSizeHigh=0x0, nFileSizeLow=0x76f0)) returned 1 [0100.766] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeaf8) returned 1 [0100.766] MoveFileW (lpExistingFileName="C:\\Users\\FD1HVy\\Videos\\eHX zx0_c\\9sERZTGVCGoRB9xf4w\\ieD 5xHHb4tpf.mp4" (normalized: "c:\\users\\fd1hvy\\videos\\ehx zx0_c\\9serztgvcgorb9xf4w\\ied 5xhhb4tpf.mp4"), lpNewFileName="C:\\Users\\FD1HVy\\Videos\\eHX zx0_c\\9sERZTGVCGoRB9xf4w\\ieD 5xHHb4tpf.mp4.shade8" (normalized: "c:\\users\\fd1hvy\\videos\\ehx zx0_c\\9serztgvcgorb9xf4w\\ied 5xhhb4tpf.mp4.shade8")) returned 1 [0100.767] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Videos\\eHX zx0_c\\9sERZTGVCGoRB9xf4w\\lgEBL xrCOPqpwsQP.avi", nBufferLength=0x105, lpBuffer=0xcfe538, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Videos\\eHX zx0_c\\9sERZTGVCGoRB9xf4w\\lgEBL xrCOPqpwsQP.avi", lpFilePart=0x0) returned 0x49 [0100.767] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfea7c) returned 1 [0100.767] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Videos\\eHX zx0_c\\9sERZTGVCGoRB9xf4w\\lgEBL xrCOPqpwsQP.avi" (normalized: "c:\\users\\fd1hvy\\videos\\ehx zx0_c\\9serztgvcgorb9xf4w\\lgebl xrcopqpwsqp.avi"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2b8 [0100.767] GetFileType (hFile=0x2b8) returned 0x1 [0100.767] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfea78) returned 1 [0100.767] GetFileType (hFile=0x2b8) returned 0x1 [0100.767] GetFileSize (in: hFile=0x2b8, lpFileSizeHigh=0xcfeb78 | out: lpFileSizeHigh=0xcfeb78*=0x0) returned 0x9f58 [0100.767] ReadFile (in: hFile=0x2b8, lpBuffer=0x2d6d684, nNumberOfBytesToRead=0x9f58, lpNumberOfBytesRead=0xcfeb24, lpOverlapped=0x0 | out: lpBuffer=0x2d6d684*, lpNumberOfBytesRead=0xcfeb24*=0x9f58, lpOverlapped=0x0) returned 1 [0100.768] CloseHandle (hObject=0x2b8) returned 1 [0100.791] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", nBufferLength=0x105, lpBuffer=0xcfe63c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", lpFilePart=0x0) returned 0x2c [0100.791] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeaf0) returned 1 [0100.791] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8" (normalized: "c:\\users\\fd1hvy\\desktop\\read_this.txt.shade8"), fInfoLevelId=0x0, lpFileInformation=0xcfeb6c | out: lpFileInformation=0xcfeb6c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0100.791] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeaec) returned 1 [0100.792] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Videos\\eHX zx0_c\\9sERZTGVCGoRB9xf4w\\lgEBL xrCOPqpwsQP.avi", nBufferLength=0x105, lpBuffer=0xcfe524, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Videos\\eHX zx0_c\\9sERZTGVCGoRB9xf4w\\lgEBL xrCOPqpwsQP.avi", lpFilePart=0x0) returned 0x49 [0100.792] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfea68) returned 1 [0100.792] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Videos\\eHX zx0_c\\9sERZTGVCGoRB9xf4w\\lgEBL xrCOPqpwsQP.avi" (normalized: "c:\\users\\fd1hvy\\videos\\ehx zx0_c\\9serztgvcgorb9xf4w\\lgebl xrcopqpwsqp.avi"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2b8 [0100.793] GetFileType (hFile=0x2b8) returned 0x1 [0100.793] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfea64) returned 1 [0100.793] GetFileType (hFile=0x2b8) returned 0x1 [0100.793] WriteFile (in: hFile=0x2b8, lpBuffer=0x2dec14c*, nNumberOfBytesToWrite=0x9f60, lpNumberOfBytesWritten=0xcfeb18, lpOverlapped=0x0 | out: lpBuffer=0x2dec14c*, lpNumberOfBytesWritten=0xcfeb18*=0x9f60, lpOverlapped=0x0) returned 1 [0100.795] CloseHandle (hObject=0x2b8) returned 1 [0100.803] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Videos\\eHX zx0_c\\9sERZTGVCGoRB9xf4w\\lgEBL xrCOPqpwsQP.avi", nBufferLength=0x105, lpBuffer=0xcfe648, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Videos\\eHX zx0_c\\9sERZTGVCGoRB9xf4w\\lgEBL xrCOPqpwsQP.avi", lpFilePart=0x0) returned 0x49 [0100.803] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Videos\\eHX zx0_c\\9sERZTGVCGoRB9xf4w\\lgEBL xrCOPqpwsQP.avi.shade8", nBufferLength=0x105, lpBuffer=0xcfe648, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Videos\\eHX zx0_c\\9sERZTGVCGoRB9xf4w\\lgEBL xrCOPqpwsQP.avi.shade8", lpFilePart=0x0) returned 0x50 [0100.803] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeafc) returned 1 [0100.803] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Videos\\eHX zx0_c\\9sERZTGVCGoRB9xf4w\\lgEBL xrCOPqpwsQP.avi" (normalized: "c:\\users\\fd1hvy\\videos\\ehx zx0_c\\9serztgvcgorb9xf4w\\lgebl xrcopqpwsqp.avi"), fInfoLevelId=0x0, lpFileInformation=0xcfeb78 | out: lpFileInformation=0xcfeb78*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6d87b900, ftCreationTime.dwHighDateTime=0x1d4ca51, ftLastAccessTime.dwLowDateTime=0xdc0c1e0, ftLastAccessTime.dwHighDateTime=0x1d4d250, ftLastWriteTime.dwLowDateTime=0x84afd222, ftLastWriteTime.dwHighDateTime=0x1d57301, nFileSizeHigh=0x0, nFileSizeLow=0x9f60)) returned 1 [0100.803] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeaf8) returned 1 [0100.803] MoveFileW (lpExistingFileName="C:\\Users\\FD1HVy\\Videos\\eHX zx0_c\\9sERZTGVCGoRB9xf4w\\lgEBL xrCOPqpwsQP.avi" (normalized: "c:\\users\\fd1hvy\\videos\\ehx zx0_c\\9serztgvcgorb9xf4w\\lgebl xrcopqpwsqp.avi"), lpNewFileName="C:\\Users\\FD1HVy\\Videos\\eHX zx0_c\\9sERZTGVCGoRB9xf4w\\lgEBL xrCOPqpwsQP.avi.shade8" (normalized: "c:\\users\\fd1hvy\\videos\\ehx zx0_c\\9serztgvcgorb9xf4w\\lgebl xrcopqpwsqp.avi.shade8")) returned 1 [0100.804] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfebd0) returned 1 [0100.804] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Videos\\eHX zx0_c\\pzrFntx4S", nBufferLength=0x105, lpBuffer=0xcfe684, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Videos\\eHX zx0_c\\pzrFntx4S", lpFilePart=0x0) returned 0x2a [0100.804] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\Videos\\eHX zx0_c\\pzrFntx4S\\*", lpFindFileData=0xcfe8f8 | out: lpFindFileData=0xcfe8f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x4daf47d0, ftCreationTime.dwHighDateTime=0x1d4c6da, ftLastAccessTime.dwLowDateTime=0x335c4da0, ftLastAccessTime.dwHighDateTime=0x1d4d5ae, ftLastWriteTime.dwLowDateTime=0x335c4da0, ftLastWriteTime.dwHighDateTime=0x1d4d5ae, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xfe66e0 [0100.804] FindNextFileW (in: hFindFile=0xfe66e0, lpFindFileData=0xcfe904 | out: lpFindFileData=0xcfe904*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x4daf47d0, ftCreationTime.dwHighDateTime=0x1d4c6da, ftLastAccessTime.dwLowDateTime=0x335c4da0, ftLastAccessTime.dwHighDateTime=0x1d4d5ae, ftLastWriteTime.dwLowDateTime=0x335c4da0, ftLastWriteTime.dwHighDateTime=0x1d4d5ae, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0100.805] FindNextFileW (in: hFindFile=0xfe66e0, lpFindFileData=0xcfe904 | out: lpFindFileData=0xcfe904*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8b27a200, ftCreationTime.dwHighDateTime=0x1d4ca28, ftLastAccessTime.dwLowDateTime=0x36d23030, ftLastAccessTime.dwHighDateTime=0x1d4cdbb, ftLastWriteTime.dwLowDateTime=0x36d23030, ftLastWriteTime.dwHighDateTime=0x1d4cdbb, nFileSizeHigh=0x0, nFileSizeLow=0x7720, dwReserved0=0x0, dwReserved1=0x0, cFileName="3wY7y4 UtKyhhhQXY5CN.mkv", cAlternateFileName="3WY7Y4~1.MKV")) returned 1 [0100.805] FindNextFileW (in: hFindFile=0xfe66e0, lpFindFileData=0xcfe904 | out: lpFindFileData=0xcfe904*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdb173ff0, ftCreationTime.dwHighDateTime=0x1d4c8ca, ftLastAccessTime.dwLowDateTime=0x3a2cf1a0, ftLastAccessTime.dwHighDateTime=0x1d4ccc3, ftLastWriteTime.dwLowDateTime=0x3a2cf1a0, ftLastWriteTime.dwHighDateTime=0x1d4ccc3, nFileSizeHigh=0x0, nFileSizeLow=0x10f55, dwReserved0=0x0, dwReserved1=0x0, cFileName="ewm A3H.mp4", cAlternateFileName="EWMA3H~1.MP4")) returned 1 [0100.805] FindNextFileW (in: hFindFile=0xfe66e0, lpFindFileData=0xcfe904 | out: lpFindFileData=0xcfe904*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc291c810, ftCreationTime.dwHighDateTime=0x1d4c91f, ftLastAccessTime.dwLowDateTime=0x4550b360, ftLastAccessTime.dwHighDateTime=0x1d4d01e, ftLastWriteTime.dwLowDateTime=0x4550b360, ftLastWriteTime.dwHighDateTime=0x1d4d01e, nFileSizeHigh=0x0, nFileSizeLow=0x836f, dwReserved0=0x0, dwReserved1=0x0, cFileName="MLu4Wqm4.flv", cAlternateFileName="")) returned 1 [0100.805] FindNextFileW (in: hFindFile=0xfe66e0, lpFindFileData=0xcfe904 | out: lpFindFileData=0xcfe904*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb728cac0, ftCreationTime.dwHighDateTime=0x1d4c797, ftLastAccessTime.dwLowDateTime=0x33959e40, ftLastAccessTime.dwHighDateTime=0x1d4cb07, ftLastWriteTime.dwLowDateTime=0x33959e40, ftLastWriteTime.dwHighDateTime=0x1d4cb07, nFileSizeHigh=0x0, nFileSizeLow=0x7f4b, dwReserved0=0x0, dwReserved1=0x0, cFileName="MNtp4hzxjr_UVIE Ql.mkv", cAlternateFileName="MNTP4H~1.MKV")) returned 1 [0100.805] FindNextFileW (in: hFindFile=0xfe66e0, lpFindFileData=0xcfe904 | out: lpFindFileData=0xcfe904*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x37208430, ftCreationTime.dwHighDateTime=0x1d4cdf0, ftLastAccessTime.dwLowDateTime=0x36f0db60, ftLastAccessTime.dwHighDateTime=0x1d4cfe2, ftLastWriteTime.dwLowDateTime=0x36f0db60, ftLastWriteTime.dwHighDateTime=0x1d4cfe2, nFileSizeHigh=0x0, nFileSizeLow=0x128e4, dwReserved0=0x0, dwReserved1=0x0, cFileName="NIDJz8jRHom.flv", cAlternateFileName="NIDJZ8~1.FLV")) returned 1 [0100.805] FindNextFileW (in: hFindFile=0xfe66e0, lpFindFileData=0xcfe904 | out: lpFindFileData=0xcfe904*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb8ff49c0, ftCreationTime.dwHighDateTime=0x1d4cf3d, ftLastAccessTime.dwLowDateTime=0x1fb9db50, ftLastAccessTime.dwHighDateTime=0x1d4d01d, ftLastWriteTime.dwLowDateTime=0x1fb9db50, ftLastWriteTime.dwHighDateTime=0x1d4d01d, nFileSizeHigh=0x0, nFileSizeLow=0xb7e, dwReserved0=0x0, dwReserved1=0x0, cFileName="sYRcCs6AarCtb.mp4", cAlternateFileName="SYRCCS~1.MP4")) returned 1 [0100.805] FindNextFileW (in: hFindFile=0xfe66e0, lpFindFileData=0xcfe904 | out: lpFindFileData=0xcfe904*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0100.806] FindClose (in: hFindFile=0xfe66e0 | out: hFindFile=0xfe66e0) returned 1 [0100.806] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeb8c) returned 1 [0100.806] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeb98) returned 1 [0100.806] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfebd0) returned 1 [0100.806] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Videos\\eHX zx0_c\\pzrFntx4S", nBufferLength=0x105, lpBuffer=0xcfe684, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Videos\\eHX zx0_c\\pzrFntx4S", lpFilePart=0x0) returned 0x2a [0100.806] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\Videos\\eHX zx0_c\\pzrFntx4S\\*", lpFindFileData=0xcfe8f8 | out: lpFindFileData=0xcfe8f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x4daf47d0, ftCreationTime.dwHighDateTime=0x1d4c6da, ftLastAccessTime.dwLowDateTime=0x335c4da0, ftLastAccessTime.dwHighDateTime=0x1d4d5ae, ftLastWriteTime.dwLowDateTime=0x335c4da0, ftLastWriteTime.dwHighDateTime=0x1d4d5ae, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xfe65a0 [0100.806] FindNextFileW (in: hFindFile=0xfe65a0, lpFindFileData=0xcfe904 | out: lpFindFileData=0xcfe904*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x4daf47d0, ftCreationTime.dwHighDateTime=0x1d4c6da, ftLastAccessTime.dwLowDateTime=0x335c4da0, ftLastAccessTime.dwHighDateTime=0x1d4d5ae, ftLastWriteTime.dwLowDateTime=0x335c4da0, ftLastWriteTime.dwHighDateTime=0x1d4d5ae, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0100.806] FindNextFileW (in: hFindFile=0xfe65a0, lpFindFileData=0xcfe904 | out: lpFindFileData=0xcfe904*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8b27a200, ftCreationTime.dwHighDateTime=0x1d4ca28, ftLastAccessTime.dwLowDateTime=0x36d23030, ftLastAccessTime.dwHighDateTime=0x1d4cdbb, ftLastWriteTime.dwLowDateTime=0x36d23030, ftLastWriteTime.dwHighDateTime=0x1d4cdbb, nFileSizeHigh=0x0, nFileSizeLow=0x7720, dwReserved0=0x0, dwReserved1=0x0, cFileName="3wY7y4 UtKyhhhQXY5CN.mkv", cAlternateFileName="3WY7Y4~1.MKV")) returned 1 [0100.807] FindNextFileW (in: hFindFile=0xfe65a0, lpFindFileData=0xcfe904 | out: lpFindFileData=0xcfe904*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdb173ff0, ftCreationTime.dwHighDateTime=0x1d4c8ca, ftLastAccessTime.dwLowDateTime=0x3a2cf1a0, ftLastAccessTime.dwHighDateTime=0x1d4ccc3, ftLastWriteTime.dwLowDateTime=0x3a2cf1a0, ftLastWriteTime.dwHighDateTime=0x1d4ccc3, nFileSizeHigh=0x0, nFileSizeLow=0x10f55, dwReserved0=0x0, dwReserved1=0x0, cFileName="ewm A3H.mp4", cAlternateFileName="EWMA3H~1.MP4")) returned 1 [0100.807] FindNextFileW (in: hFindFile=0xfe65a0, lpFindFileData=0xcfe904 | out: lpFindFileData=0xcfe904*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc291c810, ftCreationTime.dwHighDateTime=0x1d4c91f, ftLastAccessTime.dwLowDateTime=0x4550b360, ftLastAccessTime.dwHighDateTime=0x1d4d01e, ftLastWriteTime.dwLowDateTime=0x4550b360, ftLastWriteTime.dwHighDateTime=0x1d4d01e, nFileSizeHigh=0x0, nFileSizeLow=0x836f, dwReserved0=0x0, dwReserved1=0x0, cFileName="MLu4Wqm4.flv", cAlternateFileName="")) returned 1 [0100.807] FindNextFileW (in: hFindFile=0xfe65a0, lpFindFileData=0xcfe904 | out: lpFindFileData=0xcfe904*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb728cac0, ftCreationTime.dwHighDateTime=0x1d4c797, ftLastAccessTime.dwLowDateTime=0x33959e40, ftLastAccessTime.dwHighDateTime=0x1d4cb07, ftLastWriteTime.dwLowDateTime=0x33959e40, ftLastWriteTime.dwHighDateTime=0x1d4cb07, nFileSizeHigh=0x0, nFileSizeLow=0x7f4b, dwReserved0=0x0, dwReserved1=0x0, cFileName="MNtp4hzxjr_UVIE Ql.mkv", cAlternateFileName="MNTP4H~1.MKV")) returned 1 [0100.807] FindNextFileW (in: hFindFile=0xfe65a0, lpFindFileData=0xcfe904 | out: lpFindFileData=0xcfe904*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x37208430, ftCreationTime.dwHighDateTime=0x1d4cdf0, ftLastAccessTime.dwLowDateTime=0x36f0db60, ftLastAccessTime.dwHighDateTime=0x1d4cfe2, ftLastWriteTime.dwLowDateTime=0x36f0db60, ftLastWriteTime.dwHighDateTime=0x1d4cfe2, nFileSizeHigh=0x0, nFileSizeLow=0x128e4, dwReserved0=0x0, dwReserved1=0x0, cFileName="NIDJz8jRHom.flv", cAlternateFileName="NIDJZ8~1.FLV")) returned 1 [0100.808] FindNextFileW (in: hFindFile=0xfe65a0, lpFindFileData=0xcfe904 | out: lpFindFileData=0xcfe904*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb8ff49c0, ftCreationTime.dwHighDateTime=0x1d4cf3d, ftLastAccessTime.dwLowDateTime=0x1fb9db50, ftLastAccessTime.dwHighDateTime=0x1d4d01d, ftLastWriteTime.dwLowDateTime=0x1fb9db50, ftLastWriteTime.dwHighDateTime=0x1d4d01d, nFileSizeHigh=0x0, nFileSizeLow=0xb7e, dwReserved0=0x0, dwReserved1=0x0, cFileName="sYRcCs6AarCtb.mp4", cAlternateFileName="SYRCCS~1.MP4")) returned 1 [0100.808] FindNextFileW (in: hFindFile=0xfe65a0, lpFindFileData=0xcfe904 | out: lpFindFileData=0xcfe904*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb8ff49c0, ftCreationTime.dwHighDateTime=0x1d4cf3d, ftLastAccessTime.dwLowDateTime=0x1fb9db50, ftLastAccessTime.dwHighDateTime=0x1d4d01d, ftLastWriteTime.dwLowDateTime=0x1fb9db50, ftLastWriteTime.dwHighDateTime=0x1d4d01d, nFileSizeHigh=0x0, nFileSizeLow=0xb7e, dwReserved0=0x0, dwReserved1=0x0, cFileName="sYRcCs6AarCtb.mp4", cAlternateFileName="SYRCCS~1.MP4")) returned 0 [0100.808] FindClose (in: hFindFile=0xfe65a0 | out: hFindFile=0xfe65a0) returned 1 [0100.808] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeb8c) returned 1 [0100.808] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeb98) returned 1 [0100.808] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Videos\\eHX zx0_c\\pzrFntx4S\\3wY7y4 UtKyhhhQXY5CN.mkv", nBufferLength=0x105, lpBuffer=0xcfe538, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Videos\\eHX zx0_c\\pzrFntx4S\\3wY7y4 UtKyhhhQXY5CN.mkv", lpFilePart=0x0) returned 0x43 [0100.809] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfea7c) returned 1 [0100.809] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Videos\\eHX zx0_c\\pzrFntx4S\\3wY7y4 UtKyhhhQXY5CN.mkv" (normalized: "c:\\users\\fd1hvy\\videos\\ehx zx0_c\\pzrfntx4s\\3wy7y4 utkyhhhqxy5cn.mkv"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2b8 [0100.809] GetFileType (hFile=0x2b8) returned 0x1 [0100.809] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfea78) returned 1 [0100.809] GetFileType (hFile=0x2b8) returned 0x1 [0100.811] GetFileSize (in: hFile=0x2b8, lpFileSizeHigh=0xcfeb78 | out: lpFileSizeHigh=0xcfeb78*=0x0) returned 0x7720 [0100.811] ReadFile (in: hFile=0x2b8, lpBuffer=0x2df8768, nNumberOfBytesToRead=0x7720, lpNumberOfBytesRead=0xcfeb24, lpOverlapped=0x0 | out: lpBuffer=0x2df8768*, lpNumberOfBytesRead=0xcfeb24*=0x7720, lpOverlapped=0x0) returned 1 [0100.812] CloseHandle (hObject=0x2b8) returned 1 [0100.835] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", nBufferLength=0x105, lpBuffer=0xcfe63c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", lpFilePart=0x0) returned 0x2c [0100.835] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeaf0) returned 1 [0100.835] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8" (normalized: "c:\\users\\fd1hvy\\desktop\\read_this.txt.shade8"), fInfoLevelId=0x0, lpFileInformation=0xcfeb6c | out: lpFileInformation=0xcfeb6c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0100.835] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeaec) returned 1 [0100.835] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Videos\\eHX zx0_c\\pzrFntx4S\\3wY7y4 UtKyhhhQXY5CN.mkv", nBufferLength=0x105, lpBuffer=0xcfe524, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Videos\\eHX zx0_c\\pzrFntx4S\\3wY7y4 UtKyhhhQXY5CN.mkv", lpFilePart=0x0) returned 0x43 [0100.835] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfea68) returned 1 [0100.835] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Videos\\eHX zx0_c\\pzrFntx4S\\3wY7y4 UtKyhhhQXY5CN.mkv" (normalized: "c:\\users\\fd1hvy\\videos\\ehx zx0_c\\pzrfntx4s\\3wy7y4 utkyhhhqxy5cn.mkv"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2b8 [0100.842] GetFileType (hFile=0x2b8) returned 0x1 [0100.842] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfea64) returned 1 [0100.842] GetFileType (hFile=0x2b8) returned 0x1 [0100.842] WriteFile (in: hFile=0x2b8, lpBuffer=0x2e6a940*, nNumberOfBytesToWrite=0x7730, lpNumberOfBytesWritten=0xcfeb18, lpOverlapped=0x0 | out: lpBuffer=0x2e6a940*, lpNumberOfBytesWritten=0xcfeb18*=0x7730, lpOverlapped=0x0) returned 1 [0100.843] CloseHandle (hObject=0x2b8) returned 1 [0100.845] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Videos\\eHX zx0_c\\pzrFntx4S\\3wY7y4 UtKyhhhQXY5CN.mkv", nBufferLength=0x105, lpBuffer=0xcfe648, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Videos\\eHX zx0_c\\pzrFntx4S\\3wY7y4 UtKyhhhQXY5CN.mkv", lpFilePart=0x0) returned 0x43 [0100.845] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Videos\\eHX zx0_c\\pzrFntx4S\\3wY7y4 UtKyhhhQXY5CN.mkv.shade8", nBufferLength=0x105, lpBuffer=0xcfe648, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Videos\\eHX zx0_c\\pzrFntx4S\\3wY7y4 UtKyhhhQXY5CN.mkv.shade8", lpFilePart=0x0) returned 0x4a [0100.845] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeafc) returned 1 [0100.845] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Videos\\eHX zx0_c\\pzrFntx4S\\3wY7y4 UtKyhhhQXY5CN.mkv" (normalized: "c:\\users\\fd1hvy\\videos\\ehx zx0_c\\pzrfntx4s\\3wy7y4 utkyhhhqxy5cn.mkv"), fInfoLevelId=0x0, lpFileInformation=0xcfeb78 | out: lpFileInformation=0xcfeb78*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8b27a200, ftCreationTime.dwHighDateTime=0x1d4ca28, ftLastAccessTime.dwLowDateTime=0x36d23030, ftLastAccessTime.dwHighDateTime=0x1d4cdbb, ftLastWriteTime.dwLowDateTime=0x84b6f88b, ftLastWriteTime.dwHighDateTime=0x1d57301, nFileSizeHigh=0x0, nFileSizeLow=0x7730)) returned 1 [0100.845] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeaf8) returned 1 [0100.846] MoveFileW (lpExistingFileName="C:\\Users\\FD1HVy\\Videos\\eHX zx0_c\\pzrFntx4S\\3wY7y4 UtKyhhhQXY5CN.mkv" (normalized: "c:\\users\\fd1hvy\\videos\\ehx zx0_c\\pzrfntx4s\\3wy7y4 utkyhhhqxy5cn.mkv"), lpNewFileName="C:\\Users\\FD1HVy\\Videos\\eHX zx0_c\\pzrFntx4S\\3wY7y4 UtKyhhhQXY5CN.mkv.shade8" (normalized: "c:\\users\\fd1hvy\\videos\\ehx zx0_c\\pzrfntx4s\\3wy7y4 utkyhhhqxy5cn.mkv.shade8")) returned 1 [0100.846] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Videos\\eHX zx0_c\\pzrFntx4S\\ewm A3H.mp4", nBufferLength=0x105, lpBuffer=0xcfe538, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Videos\\eHX zx0_c\\pzrFntx4S\\ewm A3H.mp4", lpFilePart=0x0) returned 0x36 [0100.846] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfea7c) returned 1 [0100.846] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Videos\\eHX zx0_c\\pzrFntx4S\\ewm A3H.mp4" (normalized: "c:\\users\\fd1hvy\\videos\\ehx zx0_c\\pzrfntx4s\\ewm a3h.mp4"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2b8 [0100.847] GetFileType (hFile=0x2b8) returned 0x1 [0100.847] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfea78) returned 1 [0100.847] GetFileType (hFile=0x2b8) returned 0x1 [0100.847] GetFileSize (in: hFile=0x2b8, lpFileSizeHigh=0xcfeb78 | out: lpFileSizeHigh=0xcfeb78*=0x0) returned 0x10f55 [0100.847] ReadFile (in: hFile=0x2b8, lpBuffer=0x2e725cc, nNumberOfBytesToRead=0x10f55, lpNumberOfBytesRead=0xcfeb24, lpOverlapped=0x0 | out: lpBuffer=0x2e725cc*, lpNumberOfBytesRead=0xcfeb24*=0x10f55, lpOverlapped=0x0) returned 1 [0100.847] CloseHandle (hObject=0x2b8) returned 1 [0100.886] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", nBufferLength=0x105, lpBuffer=0xcfe63c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", lpFilePart=0x0) returned 0x2c [0100.886] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeaf0) returned 1 [0100.886] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8" (normalized: "c:\\users\\fd1hvy\\desktop\\read_this.txt.shade8"), fInfoLevelId=0x0, lpFileInformation=0xcfeb6c | out: lpFileInformation=0xcfeb6c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0100.887] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeaec) returned 1 [0100.887] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Videos\\eHX zx0_c\\pzrFntx4S\\ewm A3H.mp4", nBufferLength=0x105, lpBuffer=0xcfe524, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Videos\\eHX zx0_c\\pzrFntx4S\\ewm A3H.mp4", lpFilePart=0x0) returned 0x36 [0100.887] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfea68) returned 1 [0100.887] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Videos\\eHX zx0_c\\pzrFntx4S\\ewm A3H.mp4" (normalized: "c:\\users\\fd1hvy\\videos\\ehx zx0_c\\pzrfntx4s\\ewm a3h.mp4"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2b8 [0100.889] GetFileType (hFile=0x2b8) returned 0x1 [0100.889] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfea64) returned 1 [0100.889] GetFileType (hFile=0x2b8) returned 0x1 [0100.889] WriteFile (in: hFile=0x2b8, lpBuffer=0x2ef21ec*, nNumberOfBytesToWrite=0x10f60, lpNumberOfBytesWritten=0xcfeb18, lpOverlapped=0x0 | out: lpBuffer=0x2ef21ec*, lpNumberOfBytesWritten=0xcfeb18*=0x10f60, lpOverlapped=0x0) returned 1 [0100.891] CloseHandle (hObject=0x2b8) returned 1 [0100.894] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Videos\\eHX zx0_c\\pzrFntx4S\\ewm A3H.mp4", nBufferLength=0x105, lpBuffer=0xcfe648, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Videos\\eHX zx0_c\\pzrFntx4S\\ewm A3H.mp4", lpFilePart=0x0) returned 0x36 [0100.894] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Videos\\eHX zx0_c\\pzrFntx4S\\ewm A3H.mp4.shade8", nBufferLength=0x105, lpBuffer=0xcfe648, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Videos\\eHX zx0_c\\pzrFntx4S\\ewm A3H.mp4.shade8", lpFilePart=0x0) returned 0x3d [0100.894] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeafc) returned 1 [0100.894] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Videos\\eHX zx0_c\\pzrFntx4S\\ewm A3H.mp4" (normalized: "c:\\users\\fd1hvy\\videos\\ehx zx0_c\\pzrfntx4s\\ewm a3h.mp4"), fInfoLevelId=0x0, lpFileInformation=0xcfeb78 | out: lpFileInformation=0xcfeb78*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdb173ff0, ftCreationTime.dwHighDateTime=0x1d4c8ca, ftLastAccessTime.dwLowDateTime=0x3a2cf1a0, ftLastAccessTime.dwHighDateTime=0x1d4ccc3, ftLastWriteTime.dwLowDateTime=0x84be1f58, ftLastWriteTime.dwHighDateTime=0x1d57301, nFileSizeHigh=0x0, nFileSizeLow=0x10f60)) returned 1 [0100.894] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeaf8) returned 1 [0100.894] MoveFileW (lpExistingFileName="C:\\Users\\FD1HVy\\Videos\\eHX zx0_c\\pzrFntx4S\\ewm A3H.mp4" (normalized: "c:\\users\\fd1hvy\\videos\\ehx zx0_c\\pzrfntx4s\\ewm a3h.mp4"), lpNewFileName="C:\\Users\\FD1HVy\\Videos\\eHX zx0_c\\pzrFntx4S\\ewm A3H.mp4.shade8" (normalized: "c:\\users\\fd1hvy\\videos\\ehx zx0_c\\pzrfntx4s\\ewm a3h.mp4.shade8")) returned 1 [0100.895] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Videos\\eHX zx0_c\\pzrFntx4S\\MNtp4hzxjr_UVIE Ql.mkv", nBufferLength=0x105, lpBuffer=0xcfe538, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Videos\\eHX zx0_c\\pzrFntx4S\\MNtp4hzxjr_UVIE Ql.mkv", lpFilePart=0x0) returned 0x41 [0100.895] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfea7c) returned 1 [0100.895] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Videos\\eHX zx0_c\\pzrFntx4S\\MNtp4hzxjr_UVIE Ql.mkv" (normalized: "c:\\users\\fd1hvy\\videos\\ehx zx0_c\\pzrfntx4s\\mntp4hzxjr_uvie ql.mkv"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2b8 [0100.895] GetFileType (hFile=0x2b8) returned 0x1 [0100.895] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfea78) returned 1 [0100.895] GetFileType (hFile=0x2b8) returned 0x1 [0100.895] GetFileSize (in: hFile=0x2b8, lpFileSizeHigh=0xcfeb78 | out: lpFileSizeHigh=0xcfeb78*=0x0) returned 0x7f4b [0100.896] ReadFile (in: hFile=0x2b8, lpBuffer=0x2f03668, nNumberOfBytesToRead=0x7f4b, lpNumberOfBytesRead=0xcfeb24, lpOverlapped=0x0 | out: lpBuffer=0x2f03668*, lpNumberOfBytesRead=0xcfeb24*=0x7f4b, lpOverlapped=0x0) returned 1 [0100.897] CloseHandle (hObject=0x2b8) returned 1 [0100.981] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", nBufferLength=0x105, lpBuffer=0xcfe63c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", lpFilePart=0x0) returned 0x2c [0100.981] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeaf0) returned 1 [0100.981] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8" (normalized: "c:\\users\\fd1hvy\\desktop\\read_this.txt.shade8"), fInfoLevelId=0x0, lpFileInformation=0xcfeb6c | out: lpFileInformation=0xcfeb6c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0100.981] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeaec) returned 1 [0100.981] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Videos\\eHX zx0_c\\pzrFntx4S\\MNtp4hzxjr_UVIE Ql.mkv", nBufferLength=0x105, lpBuffer=0xcfe524, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Videos\\eHX zx0_c\\pzrFntx4S\\MNtp4hzxjr_UVIE Ql.mkv", lpFilePart=0x0) returned 0x41 [0100.981] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfea68) returned 1 [0100.981] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Videos\\eHX zx0_c\\pzrFntx4S\\MNtp4hzxjr_UVIE Ql.mkv" (normalized: "c:\\users\\fd1hvy\\videos\\ehx zx0_c\\pzrfntx4s\\mntp4hzxjr_uvie ql.mkv"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2b8 [0100.983] GetFileType (hFile=0x2b8) returned 0x1 [0100.983] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfea64) returned 1 [0100.983] GetFileType (hFile=0x2b8) returned 0x1 [0100.983] WriteFile (in: hFile=0x2b8, lpBuffer=0x2c6498c*, nNumberOfBytesToWrite=0x7f50, lpNumberOfBytesWritten=0xcfeb18, lpOverlapped=0x0 | out: lpBuffer=0x2c6498c*, lpNumberOfBytesWritten=0xcfeb18*=0x7f50, lpOverlapped=0x0) returned 1 [0100.985] CloseHandle (hObject=0x2b8) returned 1 [0100.986] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Videos\\eHX zx0_c\\pzrFntx4S\\MNtp4hzxjr_UVIE Ql.mkv", nBufferLength=0x105, lpBuffer=0xcfe648, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Videos\\eHX zx0_c\\pzrFntx4S\\MNtp4hzxjr_UVIE Ql.mkv", lpFilePart=0x0) returned 0x41 [0100.986] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Videos\\eHX zx0_c\\pzrFntx4S\\MNtp4hzxjr_UVIE Ql.mkv.shade8", nBufferLength=0x105, lpBuffer=0xcfe648, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Videos\\eHX zx0_c\\pzrFntx4S\\MNtp4hzxjr_UVIE Ql.mkv.shade8", lpFilePart=0x0) returned 0x48 [0100.987] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeafc) returned 1 [0100.987] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Videos\\eHX zx0_c\\pzrFntx4S\\MNtp4hzxjr_UVIE Ql.mkv" (normalized: "c:\\users\\fd1hvy\\videos\\ehx zx0_c\\pzrfntx4s\\mntp4hzxjr_uvie ql.mkv"), fInfoLevelId=0x0, lpFileInformation=0xcfeb78 | out: lpFileInformation=0xcfeb78*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb728cac0, ftCreationTime.dwHighDateTime=0x1d4c797, ftLastAccessTime.dwLowDateTime=0x33959e40, ftLastAccessTime.dwHighDateTime=0x1d4cb07, ftLastWriteTime.dwLowDateTime=0x84cc6d21, ftLastWriteTime.dwHighDateTime=0x1d57301, nFileSizeHigh=0x0, nFileSizeLow=0x7f50)) returned 1 [0100.987] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeaf8) returned 1 [0100.987] MoveFileW (lpExistingFileName="C:\\Users\\FD1HVy\\Videos\\eHX zx0_c\\pzrFntx4S\\MNtp4hzxjr_UVIE Ql.mkv" (normalized: "c:\\users\\fd1hvy\\videos\\ehx zx0_c\\pzrfntx4s\\mntp4hzxjr_uvie ql.mkv"), lpNewFileName="C:\\Users\\FD1HVy\\Videos\\eHX zx0_c\\pzrFntx4S\\MNtp4hzxjr_UVIE Ql.mkv.shade8" (normalized: "c:\\users\\fd1hvy\\videos\\ehx zx0_c\\pzrfntx4s\\mntp4hzxjr_uvie ql.mkv.shade8")) returned 1 [0100.988] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Videos\\eHX zx0_c\\pzrFntx4S\\sYRcCs6AarCtb.mp4", nBufferLength=0x105, lpBuffer=0xcfe538, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Videos\\eHX zx0_c\\pzrFntx4S\\sYRcCs6AarCtb.mp4", lpFilePart=0x0) returned 0x3c [0100.988] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfea7c) returned 1 [0100.988] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Videos\\eHX zx0_c\\pzrFntx4S\\sYRcCs6AarCtb.mp4" (normalized: "c:\\users\\fd1hvy\\videos\\ehx zx0_c\\pzrfntx4s\\syrccs6aarctb.mp4"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2b8 [0100.988] GetFileType (hFile=0x2b8) returned 0x1 [0100.988] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfea78) returned 1 [0100.988] GetFileType (hFile=0x2b8) returned 0x1 [0100.988] GetFileSize (in: hFile=0x2b8, lpFileSizeHigh=0xcfeb78 | out: lpFileSizeHigh=0xcfeb78*=0x0) returned 0xb7e [0100.988] ReadFile (in: hFile=0x2b8, lpBuffer=0x2c6d9e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcfeb24, lpOverlapped=0x0 | out: lpBuffer=0x2c6d9e0*, lpNumberOfBytesRead=0xcfeb24*=0xb7e, lpOverlapped=0x0) returned 1 [0100.988] CloseHandle (hObject=0x2b8) returned 1 [0101.057] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", nBufferLength=0x105, lpBuffer=0xcfe63c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", lpFilePart=0x0) returned 0x2c [0101.057] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeaf0) returned 1 [0101.057] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8" (normalized: "c:\\users\\fd1hvy\\desktop\\read_this.txt.shade8"), fInfoLevelId=0x0, lpFileInformation=0xcfeb6c | out: lpFileInformation=0xcfeb6c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0101.058] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeaec) returned 1 [0101.058] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Videos\\eHX zx0_c\\pzrFntx4S\\sYRcCs6AarCtb.mp4", nBufferLength=0x105, lpBuffer=0xcfe524, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Videos\\eHX zx0_c\\pzrFntx4S\\sYRcCs6AarCtb.mp4", lpFilePart=0x0) returned 0x3c [0101.058] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfea68) returned 1 [0101.058] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Videos\\eHX zx0_c\\pzrFntx4S\\sYRcCs6AarCtb.mp4" (normalized: "c:\\users\\fd1hvy\\videos\\ehx zx0_c\\pzrfntx4s\\syrccs6aarctb.mp4"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2b8 [0101.060] GetFileType (hFile=0x2b8) returned 0x1 [0101.060] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfea64) returned 1 [0101.060] GetFileType (hFile=0x2b8) returned 0x1 [0101.060] WriteFile (in: hFile=0x2b8, lpBuffer=0x2cbf4f8*, nNumberOfBytesToWrite=0xb80, lpNumberOfBytesWritten=0xcfeaec, lpOverlapped=0x0 | out: lpBuffer=0x2cbf4f8*, lpNumberOfBytesWritten=0xcfeaec*=0xb80, lpOverlapped=0x0) returned 1 [0101.061] CloseHandle (hObject=0x2b8) returned 1 [0101.062] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Videos\\eHX zx0_c\\pzrFntx4S\\sYRcCs6AarCtb.mp4", nBufferLength=0x105, lpBuffer=0xcfe648, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Videos\\eHX zx0_c\\pzrFntx4S\\sYRcCs6AarCtb.mp4", lpFilePart=0x0) returned 0x3c [0101.062] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Videos\\eHX zx0_c\\pzrFntx4S\\sYRcCs6AarCtb.mp4.shade8", nBufferLength=0x105, lpBuffer=0xcfe648, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Videos\\eHX zx0_c\\pzrFntx4S\\sYRcCs6AarCtb.mp4.shade8", lpFilePart=0x0) returned 0x43 [0101.062] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeafc) returned 1 [0101.062] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Videos\\eHX zx0_c\\pzrFntx4S\\sYRcCs6AarCtb.mp4" (normalized: "c:\\users\\fd1hvy\\videos\\ehx zx0_c\\pzrfntx4s\\syrccs6aarctb.mp4"), fInfoLevelId=0x0, lpFileInformation=0xcfeb78 | out: lpFileInformation=0xcfeb78*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb8ff49c0, ftCreationTime.dwHighDateTime=0x1d4cf3d, ftLastAccessTime.dwLowDateTime=0x1fb9db50, ftLastAccessTime.dwHighDateTime=0x1d4d01d, ftLastWriteTime.dwLowDateTime=0x84d859bd, ftLastWriteTime.dwHighDateTime=0x1d57301, nFileSizeHigh=0x0, nFileSizeLow=0xb80)) returned 1 [0101.062] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeaf8) returned 1 [0101.062] MoveFileW (lpExistingFileName="C:\\Users\\FD1HVy\\Videos\\eHX zx0_c\\pzrFntx4S\\sYRcCs6AarCtb.mp4" (normalized: "c:\\users\\fd1hvy\\videos\\ehx zx0_c\\pzrfntx4s\\syrccs6aarctb.mp4"), lpNewFileName="C:\\Users\\FD1HVy\\Videos\\eHX zx0_c\\pzrFntx4S\\sYRcCs6AarCtb.mp4.shade8" (normalized: "c:\\users\\fd1hvy\\videos\\ehx zx0_c\\pzrfntx4s\\syrccs6aarctb.mp4.shade8")) returned 1 [0101.063] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfec44) returned 1 [0101.063] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Videos\\vKNP_HE9n_djMTLR", nBufferLength=0x105, lpBuffer=0xcfe6f8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Videos\\vKNP_HE9n_djMTLR", lpFilePart=0x0) returned 0x27 [0101.063] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\Videos\\vKNP_HE9n_djMTLR\\*", lpFindFileData=0xcfe96c | out: lpFindFileData=0xcfe96c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa87c7a20, ftCreationTime.dwHighDateTime=0x1d4d535, ftLastAccessTime.dwLowDateTime=0xe15cf600, ftLastAccessTime.dwHighDateTime=0x1d4c8c7, ftLastWriteTime.dwLowDateTime=0xe15cf600, ftLastWriteTime.dwHighDateTime=0x1d4c8c7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xfe6960 [0101.064] FindNextFileW (in: hFindFile=0xfe6960, lpFindFileData=0xcfe978 | out: lpFindFileData=0xcfe978*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa87c7a20, ftCreationTime.dwHighDateTime=0x1d4d535, ftLastAccessTime.dwLowDateTime=0xe15cf600, ftLastAccessTime.dwHighDateTime=0x1d4c8c7, ftLastWriteTime.dwLowDateTime=0xe15cf600, ftLastWriteTime.dwHighDateTime=0x1d4c8c7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0101.064] FindNextFileW (in: hFindFile=0xfe6960, lpFindFileData=0xcfe978 | out: lpFindFileData=0xcfe978*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x5bd89ea0, ftCreationTime.dwHighDateTime=0x1d4c5e6, ftLastAccessTime.dwLowDateTime=0x3a746a20, ftLastAccessTime.dwHighDateTime=0x1d4c90e, ftLastWriteTime.dwLowDateTime=0x3a746a20, ftLastWriteTime.dwHighDateTime=0x1d4c90e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="bOUZyxkf8", cAlternateFileName="BOUZYX~1")) returned 1 [0101.064] FindNextFileW (in: hFindFile=0xfe6960, lpFindFileData=0xcfe978 | out: lpFindFileData=0xcfe978*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xaad589d0, ftCreationTime.dwHighDateTime=0x1d4ca07, ftLastAccessTime.dwLowDateTime=0xfaf3b5d0, ftLastAccessTime.dwHighDateTime=0x1d4caee, ftLastWriteTime.dwLowDateTime=0xfaf3b5d0, ftLastWriteTime.dwHighDateTime=0x1d4caee, nFileSizeHigh=0x0, nFileSizeLow=0x3abd, dwReserved0=0x0, dwReserved1=0x0, cFileName="gNSx6vN.flv", cAlternateFileName="")) returned 1 [0101.064] FindNextFileW (in: hFindFile=0xfe6960, lpFindFileData=0xcfe978 | out: lpFindFileData=0xcfe978*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a50d610, ftCreationTime.dwHighDateTime=0x1d4cd4d, ftLastAccessTime.dwLowDateTime=0x3de6760, ftLastAccessTime.dwHighDateTime=0x1d4d564, ftLastWriteTime.dwLowDateTime=0x3de6760, ftLastWriteTime.dwHighDateTime=0x1d4d564, nFileSizeHigh=0x0, nFileSizeLow=0x66ac, dwReserved0=0x0, dwReserved1=0x0, cFileName="GZxU9e9.mp4", cAlternateFileName="")) returned 1 [0101.064] FindNextFileW (in: hFindFile=0xfe6960, lpFindFileData=0xcfe978 | out: lpFindFileData=0xcfe978*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x88641420, ftCreationTime.dwHighDateTime=0x1d4cd68, ftLastAccessTime.dwLowDateTime=0x61d671d0, ftLastAccessTime.dwHighDateTime=0x1d4cb6b, ftLastWriteTime.dwLowDateTime=0x61d671d0, ftLastWriteTime.dwHighDateTime=0x1d4cb6b, nFileSizeHigh=0x0, nFileSizeLow=0x3ebf, dwReserved0=0x0, dwReserved1=0x0, cFileName="swxqRQnEKCqJB W Ebi.avi", cAlternateFileName="SWXQRQ~1.AVI")) returned 1 [0101.065] FindNextFileW (in: hFindFile=0xfe6960, lpFindFileData=0xcfe978 | out: lpFindFileData=0xcfe978*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0101.065] FindClose (in: hFindFile=0xfe6960 | out: hFindFile=0xfe6960) returned 1 [0101.065] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfec00) returned 1 [0101.065] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfec0c) returned 1 [0101.065] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfec44) returned 1 [0101.065] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Videos\\vKNP_HE9n_djMTLR", nBufferLength=0x105, lpBuffer=0xcfe6f8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Videos\\vKNP_HE9n_djMTLR", lpFilePart=0x0) returned 0x27 [0101.065] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\Videos\\vKNP_HE9n_djMTLR\\*", lpFindFileData=0xcfe96c | out: lpFindFileData=0xcfe96c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa87c7a20, ftCreationTime.dwHighDateTime=0x1d4d535, ftLastAccessTime.dwLowDateTime=0xe15cf600, ftLastAccessTime.dwHighDateTime=0x1d4c8c7, ftLastWriteTime.dwLowDateTime=0xe15cf600, ftLastWriteTime.dwHighDateTime=0x1d4c8c7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xfe69a0 [0101.065] FindNextFileW (in: hFindFile=0xfe69a0, lpFindFileData=0xcfe978 | out: lpFindFileData=0xcfe978*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa87c7a20, ftCreationTime.dwHighDateTime=0x1d4d535, ftLastAccessTime.dwLowDateTime=0xe15cf600, ftLastAccessTime.dwHighDateTime=0x1d4c8c7, ftLastWriteTime.dwLowDateTime=0xe15cf600, ftLastWriteTime.dwHighDateTime=0x1d4c8c7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0101.066] FindNextFileW (in: hFindFile=0xfe69a0, lpFindFileData=0xcfe978 | out: lpFindFileData=0xcfe978*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x5bd89ea0, ftCreationTime.dwHighDateTime=0x1d4c5e6, ftLastAccessTime.dwLowDateTime=0x3a746a20, ftLastAccessTime.dwHighDateTime=0x1d4c90e, ftLastWriteTime.dwLowDateTime=0x3a746a20, ftLastWriteTime.dwHighDateTime=0x1d4c90e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="bOUZyxkf8", cAlternateFileName="BOUZYX~1")) returned 1 [0101.066] FindNextFileW (in: hFindFile=0xfe69a0, lpFindFileData=0xcfe978 | out: lpFindFileData=0xcfe978*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xaad589d0, ftCreationTime.dwHighDateTime=0x1d4ca07, ftLastAccessTime.dwLowDateTime=0xfaf3b5d0, ftLastAccessTime.dwHighDateTime=0x1d4caee, ftLastWriteTime.dwLowDateTime=0xfaf3b5d0, ftLastWriteTime.dwHighDateTime=0x1d4caee, nFileSizeHigh=0x0, nFileSizeLow=0x3abd, dwReserved0=0x0, dwReserved1=0x0, cFileName="gNSx6vN.flv", cAlternateFileName="")) returned 1 [0101.066] FindNextFileW (in: hFindFile=0xfe69a0, lpFindFileData=0xcfe978 | out: lpFindFileData=0xcfe978*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a50d610, ftCreationTime.dwHighDateTime=0x1d4cd4d, ftLastAccessTime.dwLowDateTime=0x3de6760, ftLastAccessTime.dwHighDateTime=0x1d4d564, ftLastWriteTime.dwLowDateTime=0x3de6760, ftLastWriteTime.dwHighDateTime=0x1d4d564, nFileSizeHigh=0x0, nFileSizeLow=0x66ac, dwReserved0=0x0, dwReserved1=0x0, cFileName="GZxU9e9.mp4", cAlternateFileName="")) returned 1 [0101.066] FindNextFileW (in: hFindFile=0xfe69a0, lpFindFileData=0xcfe978 | out: lpFindFileData=0xcfe978*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x88641420, ftCreationTime.dwHighDateTime=0x1d4cd68, ftLastAccessTime.dwLowDateTime=0x61d671d0, ftLastAccessTime.dwHighDateTime=0x1d4cb6b, ftLastWriteTime.dwLowDateTime=0x61d671d0, ftLastWriteTime.dwHighDateTime=0x1d4cb6b, nFileSizeHigh=0x0, nFileSizeLow=0x3ebf, dwReserved0=0x0, dwReserved1=0x0, cFileName="swxqRQnEKCqJB W Ebi.avi", cAlternateFileName="SWXQRQ~1.AVI")) returned 1 [0101.066] FindNextFileW (in: hFindFile=0xfe69a0, lpFindFileData=0xcfe978 | out: lpFindFileData=0xcfe978*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x88641420, ftCreationTime.dwHighDateTime=0x1d4cd68, ftLastAccessTime.dwLowDateTime=0x61d671d0, ftLastAccessTime.dwHighDateTime=0x1d4cb6b, ftLastWriteTime.dwLowDateTime=0x61d671d0, ftLastWriteTime.dwHighDateTime=0x1d4cb6b, nFileSizeHigh=0x0, nFileSizeLow=0x3ebf, dwReserved0=0x0, dwReserved1=0x0, cFileName="swxqRQnEKCqJB W Ebi.avi", cAlternateFileName="SWXQRQ~1.AVI")) returned 0 [0101.067] FindClose (in: hFindFile=0xfe69a0 | out: hFindFile=0xfe69a0) returned 1 [0101.067] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfec00) returned 1 [0101.067] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfec0c) returned 1 [0101.067] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Videos\\vKNP_HE9n_djMTLR\\GZxU9e9.mp4", nBufferLength=0x105, lpBuffer=0xcfe5ac, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Videos\\vKNP_HE9n_djMTLR\\GZxU9e9.mp4", lpFilePart=0x0) returned 0x33 [0101.067] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeaf0) returned 1 [0101.067] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Videos\\vKNP_HE9n_djMTLR\\GZxU9e9.mp4" (normalized: "c:\\users\\fd1hvy\\videos\\vknp_he9n_djmtlr\\gzxu9e9.mp4"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2b8 [0101.067] GetFileType (hFile=0x2b8) returned 0x1 [0101.067] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeaec) returned 1 [0101.067] GetFileType (hFile=0x2b8) returned 0x1 [0101.067] GetFileSize (in: hFile=0x2b8, lpFileSizeHigh=0xcfebec | out: lpFileSizeHigh=0xcfebec*=0x0) returned 0x66ac [0101.067] ReadFile (in: hFile=0x2b8, lpBuffer=0x2cc2028, nNumberOfBytesToRead=0x66ac, lpNumberOfBytesRead=0xcfeb98, lpOverlapped=0x0 | out: lpBuffer=0x2cc2028*, lpNumberOfBytesRead=0xcfeb98*=0x66ac, lpOverlapped=0x0) returned 1 [0101.068] CloseHandle (hObject=0x2b8) returned 1 [0101.124] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", nBufferLength=0x105, lpBuffer=0xcfe6b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", lpFilePart=0x0) returned 0x2c [0101.124] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeb64) returned 1 [0101.124] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8" (normalized: "c:\\users\\fd1hvy\\desktop\\read_this.txt.shade8"), fInfoLevelId=0x0, lpFileInformation=0xcfebe0 | out: lpFileInformation=0xcfebe0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0101.125] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeb60) returned 1 [0101.125] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Videos\\vKNP_HE9n_djMTLR\\GZxU9e9.mp4", nBufferLength=0x105, lpBuffer=0xcfe598, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Videos\\vKNP_HE9n_djMTLR\\GZxU9e9.mp4", lpFilePart=0x0) returned 0x33 [0101.125] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeadc) returned 1 [0101.125] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Videos\\vKNP_HE9n_djMTLR\\GZxU9e9.mp4" (normalized: "c:\\users\\fd1hvy\\videos\\vknp_he9n_djmtlr\\gzxu9e9.mp4"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2b8 [0101.126] GetFileType (hFile=0x2b8) returned 0x1 [0101.126] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfead8) returned 1 [0101.126] GetFileType (hFile=0x2b8) returned 0x1 [0101.126] WriteFile (in: hFile=0x2b8, lpBuffer=0x2d2ef80*, nNumberOfBytesToWrite=0x66b0, lpNumberOfBytesWritten=0xcfeb8c, lpOverlapped=0x0 | out: lpBuffer=0x2d2ef80*, lpNumberOfBytesWritten=0xcfeb8c*=0x66b0, lpOverlapped=0x0) returned 1 [0101.128] CloseHandle (hObject=0x2b8) returned 1 [0101.129] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Videos\\vKNP_HE9n_djMTLR\\GZxU9e9.mp4", nBufferLength=0x105, lpBuffer=0xcfe6bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Videos\\vKNP_HE9n_djMTLR\\GZxU9e9.mp4", lpFilePart=0x0) returned 0x33 [0101.130] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Videos\\vKNP_HE9n_djMTLR\\GZxU9e9.mp4.shade8", nBufferLength=0x105, lpBuffer=0xcfe6bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Videos\\vKNP_HE9n_djMTLR\\GZxU9e9.mp4.shade8", lpFilePart=0x0) returned 0x3a [0101.130] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeb70) returned 1 [0101.130] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Videos\\vKNP_HE9n_djMTLR\\GZxU9e9.mp4" (normalized: "c:\\users\\fd1hvy\\videos\\vknp_he9n_djmtlr\\gzxu9e9.mp4"), fInfoLevelId=0x0, lpFileInformation=0xcfebec | out: lpFileInformation=0xcfebec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a50d610, ftCreationTime.dwHighDateTime=0x1d4cd4d, ftLastAccessTime.dwLowDateTime=0x3de6760, ftLastAccessTime.dwHighDateTime=0x1d4d564, ftLastWriteTime.dwLowDateTime=0x84e1e29e, ftLastWriteTime.dwHighDateTime=0x1d57301, nFileSizeHigh=0x0, nFileSizeLow=0x66b0)) returned 1 [0101.130] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeb6c) returned 1 [0101.130] MoveFileW (lpExistingFileName="C:\\Users\\FD1HVy\\Videos\\vKNP_HE9n_djMTLR\\GZxU9e9.mp4" (normalized: "c:\\users\\fd1hvy\\videos\\vknp_he9n_djmtlr\\gzxu9e9.mp4"), lpNewFileName="C:\\Users\\FD1HVy\\Videos\\vKNP_HE9n_djMTLR\\GZxU9e9.mp4.shade8" (normalized: "c:\\users\\fd1hvy\\videos\\vknp_he9n_djmtlr\\gzxu9e9.mp4.shade8")) returned 1 [0101.131] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Videos\\vKNP_HE9n_djMTLR\\swxqRQnEKCqJB W Ebi.avi", nBufferLength=0x105, lpBuffer=0xcfe5ac, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Videos\\vKNP_HE9n_djMTLR\\swxqRQnEKCqJB W Ebi.avi", lpFilePart=0x0) returned 0x3f [0101.131] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeaf0) returned 1 [0101.131] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Videos\\vKNP_HE9n_djMTLR\\swxqRQnEKCqJB W Ebi.avi" (normalized: "c:\\users\\fd1hvy\\videos\\vknp_he9n_djmtlr\\swxqrqnekcqjb w ebi.avi"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2b8 [0101.131] GetFileType (hFile=0x2b8) returned 0x1 [0101.131] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeaec) returned 1 [0101.131] GetFileType (hFile=0x2b8) returned 0x1 [0101.131] GetFileSize (in: hFile=0x2b8, lpFileSizeHigh=0xcfebec | out: lpFileSizeHigh=0xcfebec*=0x0) returned 0x3ebf [0101.131] ReadFile (in: hFile=0x2b8, lpBuffer=0x2d35b18, nNumberOfBytesToRead=0x3ebf, lpNumberOfBytesRead=0xcfeb98, lpOverlapped=0x0 | out: lpBuffer=0x2d35b18*, lpNumberOfBytesRead=0xcfeb98*=0x3ebf, lpOverlapped=0x0) returned 1 [0101.131] CloseHandle (hObject=0x2b8) returned 1 [0101.154] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", nBufferLength=0x105, lpBuffer=0xcfe6b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", lpFilePart=0x0) returned 0x2c [0101.154] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeb64) returned 1 [0101.154] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8" (normalized: "c:\\users\\fd1hvy\\desktop\\read_this.txt.shade8"), fInfoLevelId=0x0, lpFileInformation=0xcfebe0 | out: lpFileInformation=0xcfebe0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0101.155] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeb60) returned 1 [0101.155] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Videos\\vKNP_HE9n_djMTLR\\swxqRQnEKCqJB W Ebi.avi", nBufferLength=0x105, lpBuffer=0xcfe598, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Videos\\vKNP_HE9n_djMTLR\\swxqRQnEKCqJB W Ebi.avi", lpFilePart=0x0) returned 0x3f [0101.155] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeadc) returned 1 [0101.155] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Videos\\vKNP_HE9n_djMTLR\\swxqRQnEKCqJB W Ebi.avi" (normalized: "c:\\users\\fd1hvy\\videos\\vknp_he9n_djmtlr\\swxqrqnekcqjb w ebi.avi"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2b8 [0101.156] GetFileType (hFile=0x2b8) returned 0x1 [0101.156] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfead8) returned 1 [0101.156] GetFileType (hFile=0x2b8) returned 0x1 [0101.156] WriteFile (in: hFile=0x2b8, lpBuffer=0x2d962c4*, nNumberOfBytesToWrite=0x3ec0, lpNumberOfBytesWritten=0xcfeb8c, lpOverlapped=0x0 | out: lpBuffer=0x2d962c4*, lpNumberOfBytesWritten=0xcfeb8c*=0x3ec0, lpOverlapped=0x0) returned 1 [0101.157] CloseHandle (hObject=0x2b8) returned 1 [0101.159] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Videos\\vKNP_HE9n_djMTLR\\swxqRQnEKCqJB W Ebi.avi", nBufferLength=0x105, lpBuffer=0xcfe6bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Videos\\vKNP_HE9n_djMTLR\\swxqRQnEKCqJB W Ebi.avi", lpFilePart=0x0) returned 0x3f [0101.159] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Videos\\vKNP_HE9n_djMTLR\\swxqRQnEKCqJB W Ebi.avi.shade8", nBufferLength=0x105, lpBuffer=0xcfe6bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Videos\\vKNP_HE9n_djMTLR\\swxqRQnEKCqJB W Ebi.avi.shade8", lpFilePart=0x0) returned 0x46 [0101.159] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeb70) returned 1 [0101.159] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Videos\\vKNP_HE9n_djMTLR\\swxqRQnEKCqJB W Ebi.avi" (normalized: "c:\\users\\fd1hvy\\videos\\vknp_he9n_djmtlr\\swxqrqnekcqjb w ebi.avi"), fInfoLevelId=0x0, lpFileInformation=0xcfebec | out: lpFileInformation=0xcfebec*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x88641420, ftCreationTime.dwHighDateTime=0x1d4cd68, ftLastAccessTime.dwLowDateTime=0x61d671d0, ftLastAccessTime.dwHighDateTime=0x1d4cb6b, ftLastWriteTime.dwLowDateTime=0x84e6a6b2, ftLastWriteTime.dwHighDateTime=0x1d57301, nFileSizeHigh=0x0, nFileSizeLow=0x3ec0)) returned 1 [0101.159] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeb6c) returned 1 [0101.159] MoveFileW (lpExistingFileName="C:\\Users\\FD1HVy\\Videos\\vKNP_HE9n_djMTLR\\swxqRQnEKCqJB W Ebi.avi" (normalized: "c:\\users\\fd1hvy\\videos\\vknp_he9n_djmtlr\\swxqrqnekcqjb w ebi.avi"), lpNewFileName="C:\\Users\\FD1HVy\\Videos\\vKNP_HE9n_djMTLR\\swxqRQnEKCqJB W Ebi.avi.shade8" (normalized: "c:\\users\\fd1hvy\\videos\\vknp_he9n_djmtlr\\swxqrqnekcqjb w ebi.avi.shade8")) returned 1 [0101.160] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfebd0) returned 1 [0101.160] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Videos\\vKNP_HE9n_djMTLR\\bOUZyxkf8", nBufferLength=0x105, lpBuffer=0xcfe684, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Videos\\vKNP_HE9n_djMTLR\\bOUZyxkf8", lpFilePart=0x0) returned 0x31 [0101.160] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\Videos\\vKNP_HE9n_djMTLR\\bOUZyxkf8\\*", lpFindFileData=0xcfe8f8 | out: lpFindFileData=0xcfe8f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x5bd89ea0, ftCreationTime.dwHighDateTime=0x1d4c5e6, ftLastAccessTime.dwLowDateTime=0x3a746a20, ftLastAccessTime.dwHighDateTime=0x1d4c90e, ftLastWriteTime.dwLowDateTime=0x3a746a20, ftLastWriteTime.dwHighDateTime=0x1d4c90e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xfe65a0 [0101.161] FindNextFileW (in: hFindFile=0xfe65a0, lpFindFileData=0xcfe904 | out: lpFindFileData=0xcfe904*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x5bd89ea0, ftCreationTime.dwHighDateTime=0x1d4c5e6, ftLastAccessTime.dwLowDateTime=0x3a746a20, ftLastAccessTime.dwHighDateTime=0x1d4c90e, ftLastWriteTime.dwLowDateTime=0x3a746a20, ftLastWriteTime.dwHighDateTime=0x1d4c90e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0101.161] FindNextFileW (in: hFindFile=0xfe65a0, lpFindFileData=0xcfe904 | out: lpFindFileData=0xcfe904*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x83dc1340, ftCreationTime.dwHighDateTime=0x1d4c83f, ftLastAccessTime.dwLowDateTime=0xa4b4c6b0, ftLastAccessTime.dwHighDateTime=0x1d4d5d8, ftLastWriteTime.dwLowDateTime=0xa4b4c6b0, ftLastWriteTime.dwHighDateTime=0x1d4d5d8, nFileSizeHigh=0x0, nFileSizeLow=0x13098, dwReserved0=0x0, dwReserved1=0x0, cFileName="2KHsJclPXRvj85lzQkM.flv", cAlternateFileName="2KHSJC~1.FLV")) returned 1 [0101.161] FindNextFileW (in: hFindFile=0xfe65a0, lpFindFileData=0xcfe904 | out: lpFindFileData=0xcfe904*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6228bf00, ftCreationTime.dwHighDateTime=0x1d4c722, ftLastAccessTime.dwLowDateTime=0xeed164f0, ftLastAccessTime.dwHighDateTime=0x1d4d048, ftLastWriteTime.dwLowDateTime=0xeed164f0, ftLastWriteTime.dwHighDateTime=0x1d4d048, nFileSizeHigh=0x0, nFileSizeLow=0x1319e, dwReserved0=0x0, dwReserved1=0x0, cFileName="6R3dt4oFv8miWc.mkv", cAlternateFileName="6R3DT4~1.MKV")) returned 1 [0101.161] FindNextFileW (in: hFindFile=0xfe65a0, lpFindFileData=0xcfe904 | out: lpFindFileData=0xcfe904*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x82c9e330, ftCreationTime.dwHighDateTime=0x1d4ced2, ftLastAccessTime.dwLowDateTime=0x3c3cd290, ftLastAccessTime.dwHighDateTime=0x1d4d3d9, ftLastWriteTime.dwLowDateTime=0x3c3cd290, ftLastWriteTime.dwHighDateTime=0x1d4d3d9, nFileSizeHigh=0x0, nFileSizeLow=0x13c38, dwReserved0=0x0, dwReserved1=0x0, cFileName="B1kAUUgoW_w.mkv", cAlternateFileName="B1KAUU~1.MKV")) returned 1 [0101.161] FindNextFileW (in: hFindFile=0xfe65a0, lpFindFileData=0xcfe904 | out: lpFindFileData=0xcfe904*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x4a41d840, ftCreationTime.dwHighDateTime=0x1d4d384, ftLastAccessTime.dwLowDateTime=0xab3d0a20, ftLastAccessTime.dwHighDateTime=0x1d4ca47, ftLastWriteTime.dwLowDateTime=0xab3d0a20, ftLastWriteTime.dwHighDateTime=0x1d4ca47, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="DI1rARkHyyowDr8r_zul", cAlternateFileName="DI1RAR~1")) returned 1 [0101.162] FindNextFileW (in: hFindFile=0xfe65a0, lpFindFileData=0xcfe904 | out: lpFindFileData=0xcfe904*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x99beafd0, ftCreationTime.dwHighDateTime=0x1d4d49a, ftLastAccessTime.dwLowDateTime=0x4c333940, ftLastAccessTime.dwHighDateTime=0x1d4c9c6, ftLastWriteTime.dwLowDateTime=0x4c333940, ftLastWriteTime.dwHighDateTime=0x1d4c9c6, nFileSizeHigh=0x0, nFileSizeLow=0xa57, dwReserved0=0x0, dwReserved1=0x0, cFileName="IZpwl1rGRLixPwlSk.mkv", cAlternateFileName="IZPWL1~1.MKV")) returned 1 [0101.162] FindNextFileW (in: hFindFile=0xfe65a0, lpFindFileData=0xcfe904 | out: lpFindFileData=0xcfe904*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xbfe25520, ftCreationTime.dwHighDateTime=0x1d4c943, ftLastAccessTime.dwLowDateTime=0x2a7d4ee0, ftLastAccessTime.dwHighDateTime=0x1d4cbc8, ftLastWriteTime.dwLowDateTime=0x2a7d4ee0, ftLastWriteTime.dwHighDateTime=0x1d4cbc8, nFileSizeHigh=0x0, nFileSizeLow=0x4bd8, dwReserved0=0x0, dwReserved1=0x0, cFileName="qOvu44.avi", cAlternateFileName="")) returned 1 [0101.162] FindNextFileW (in: hFindFile=0xfe65a0, lpFindFileData=0xcfe904 | out: lpFindFileData=0xcfe904*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xeef3f970, ftCreationTime.dwHighDateTime=0x1d4cd19, ftLastAccessTime.dwLowDateTime=0xd532db30, ftLastAccessTime.dwHighDateTime=0x1d4d27a, ftLastWriteTime.dwLowDateTime=0xd532db30, ftLastWriteTime.dwHighDateTime=0x1d4d27a, nFileSizeHigh=0x0, nFileSizeLow=0x15311, dwReserved0=0x0, dwReserved1=0x0, cFileName="XNtvy2DK RQC4U.flv", cAlternateFileName="XNTVY2~1.FLV")) returned 1 [0101.162] FindNextFileW (in: hFindFile=0xfe65a0, lpFindFileData=0xcfe904 | out: lpFindFileData=0xcfe904*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0101.162] FindClose (in: hFindFile=0xfe65a0 | out: hFindFile=0xfe65a0) returned 1 [0101.163] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeb8c) returned 1 [0101.163] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeb98) returned 1 [0101.163] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfebd0) returned 1 [0101.163] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Videos\\vKNP_HE9n_djMTLR\\bOUZyxkf8", nBufferLength=0x105, lpBuffer=0xcfe684, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Videos\\vKNP_HE9n_djMTLR\\bOUZyxkf8", lpFilePart=0x0) returned 0x31 [0101.163] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\Videos\\vKNP_HE9n_djMTLR\\bOUZyxkf8\\*", lpFindFileData=0xcfe8f8 | out: lpFindFileData=0xcfe8f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x5bd89ea0, ftCreationTime.dwHighDateTime=0x1d4c5e6, ftLastAccessTime.dwLowDateTime=0x3a746a20, ftLastAccessTime.dwHighDateTime=0x1d4c90e, ftLastWriteTime.dwLowDateTime=0x3a746a20, ftLastWriteTime.dwHighDateTime=0x1d4c90e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xfe65a0 [0101.163] FindNextFileW (in: hFindFile=0xfe65a0, lpFindFileData=0xcfe904 | out: lpFindFileData=0xcfe904*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x5bd89ea0, ftCreationTime.dwHighDateTime=0x1d4c5e6, ftLastAccessTime.dwLowDateTime=0x3a746a20, ftLastAccessTime.dwHighDateTime=0x1d4c90e, ftLastWriteTime.dwLowDateTime=0x3a746a20, ftLastWriteTime.dwHighDateTime=0x1d4c90e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0101.163] FindNextFileW (in: hFindFile=0xfe65a0, lpFindFileData=0xcfe904 | out: lpFindFileData=0xcfe904*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x83dc1340, ftCreationTime.dwHighDateTime=0x1d4c83f, ftLastAccessTime.dwLowDateTime=0xa4b4c6b0, ftLastAccessTime.dwHighDateTime=0x1d4d5d8, ftLastWriteTime.dwLowDateTime=0xa4b4c6b0, ftLastWriteTime.dwHighDateTime=0x1d4d5d8, nFileSizeHigh=0x0, nFileSizeLow=0x13098, dwReserved0=0x0, dwReserved1=0x0, cFileName="2KHsJclPXRvj85lzQkM.flv", cAlternateFileName="2KHSJC~1.FLV")) returned 1 [0101.163] FindNextFileW (in: hFindFile=0xfe65a0, lpFindFileData=0xcfe904 | out: lpFindFileData=0xcfe904*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6228bf00, ftCreationTime.dwHighDateTime=0x1d4c722, ftLastAccessTime.dwLowDateTime=0xeed164f0, ftLastAccessTime.dwHighDateTime=0x1d4d048, ftLastWriteTime.dwLowDateTime=0xeed164f0, ftLastWriteTime.dwHighDateTime=0x1d4d048, nFileSizeHigh=0x0, nFileSizeLow=0x1319e, dwReserved0=0x0, dwReserved1=0x0, cFileName="6R3dt4oFv8miWc.mkv", cAlternateFileName="6R3DT4~1.MKV")) returned 1 [0101.164] FindNextFileW (in: hFindFile=0xfe65a0, lpFindFileData=0xcfe904 | out: lpFindFileData=0xcfe904*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x82c9e330, ftCreationTime.dwHighDateTime=0x1d4ced2, ftLastAccessTime.dwLowDateTime=0x3c3cd290, ftLastAccessTime.dwHighDateTime=0x1d4d3d9, ftLastWriteTime.dwLowDateTime=0x3c3cd290, ftLastWriteTime.dwHighDateTime=0x1d4d3d9, nFileSizeHigh=0x0, nFileSizeLow=0x13c38, dwReserved0=0x0, dwReserved1=0x0, cFileName="B1kAUUgoW_w.mkv", cAlternateFileName="B1KAUU~1.MKV")) returned 1 [0101.164] FindNextFileW (in: hFindFile=0xfe65a0, lpFindFileData=0xcfe904 | out: lpFindFileData=0xcfe904*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x4a41d840, ftCreationTime.dwHighDateTime=0x1d4d384, ftLastAccessTime.dwLowDateTime=0xab3d0a20, ftLastAccessTime.dwHighDateTime=0x1d4ca47, ftLastWriteTime.dwLowDateTime=0xab3d0a20, ftLastWriteTime.dwHighDateTime=0x1d4ca47, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="DI1rARkHyyowDr8r_zul", cAlternateFileName="DI1RAR~1")) returned 1 [0101.165] FindNextFileW (in: hFindFile=0xfe65a0, lpFindFileData=0xcfe904 | out: lpFindFileData=0xcfe904*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x99beafd0, ftCreationTime.dwHighDateTime=0x1d4d49a, ftLastAccessTime.dwLowDateTime=0x4c333940, ftLastAccessTime.dwHighDateTime=0x1d4c9c6, ftLastWriteTime.dwLowDateTime=0x4c333940, ftLastWriteTime.dwHighDateTime=0x1d4c9c6, nFileSizeHigh=0x0, nFileSizeLow=0xa57, dwReserved0=0x0, dwReserved1=0x0, cFileName="IZpwl1rGRLixPwlSk.mkv", cAlternateFileName="IZPWL1~1.MKV")) returned 1 [0101.165] FindNextFileW (in: hFindFile=0xfe65a0, lpFindFileData=0xcfe904 | out: lpFindFileData=0xcfe904*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xbfe25520, ftCreationTime.dwHighDateTime=0x1d4c943, ftLastAccessTime.dwLowDateTime=0x2a7d4ee0, ftLastAccessTime.dwHighDateTime=0x1d4cbc8, ftLastWriteTime.dwLowDateTime=0x2a7d4ee0, ftLastWriteTime.dwHighDateTime=0x1d4cbc8, nFileSizeHigh=0x0, nFileSizeLow=0x4bd8, dwReserved0=0x0, dwReserved1=0x0, cFileName="qOvu44.avi", cAlternateFileName="")) returned 1 [0101.165] FindNextFileW (in: hFindFile=0xfe65a0, lpFindFileData=0xcfe904 | out: lpFindFileData=0xcfe904*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xeef3f970, ftCreationTime.dwHighDateTime=0x1d4cd19, ftLastAccessTime.dwLowDateTime=0xd532db30, ftLastAccessTime.dwHighDateTime=0x1d4d27a, ftLastWriteTime.dwLowDateTime=0xd532db30, ftLastWriteTime.dwHighDateTime=0x1d4d27a, nFileSizeHigh=0x0, nFileSizeLow=0x15311, dwReserved0=0x0, dwReserved1=0x0, cFileName="XNtvy2DK RQC4U.flv", cAlternateFileName="XNTVY2~1.FLV")) returned 1 [0101.165] FindNextFileW (in: hFindFile=0xfe65a0, lpFindFileData=0xcfe904 | out: lpFindFileData=0xcfe904*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xeef3f970, ftCreationTime.dwHighDateTime=0x1d4cd19, ftLastAccessTime.dwLowDateTime=0xd532db30, ftLastAccessTime.dwHighDateTime=0x1d4d27a, ftLastWriteTime.dwLowDateTime=0xd532db30, ftLastWriteTime.dwHighDateTime=0x1d4d27a, nFileSizeHigh=0x0, nFileSizeLow=0x15311, dwReserved0=0x0, dwReserved1=0x0, cFileName="XNtvy2DK RQC4U.flv", cAlternateFileName="XNTVY2~1.FLV")) returned 0 [0101.166] FindClose (in: hFindFile=0xfe65a0 | out: hFindFile=0xfe65a0) returned 1 [0101.166] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeb8c) returned 1 [0101.166] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeb98) returned 1 [0101.166] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Videos\\vKNP_HE9n_djMTLR\\bOUZyxkf8\\6R3dt4oFv8miWc.mkv", nBufferLength=0x105, lpBuffer=0xcfe538, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Videos\\vKNP_HE9n_djMTLR\\bOUZyxkf8\\6R3dt4oFv8miWc.mkv", lpFilePart=0x0) returned 0x44 [0101.166] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfea7c) returned 1 [0101.166] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Videos\\vKNP_HE9n_djMTLR\\bOUZyxkf8\\6R3dt4oFv8miWc.mkv" (normalized: "c:\\users\\fd1hvy\\videos\\vknp_he9n_djmtlr\\bouzyxkf8\\6r3dt4ofv8miwc.mkv"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2b8 [0101.166] GetFileType (hFile=0x2b8) returned 0x1 [0101.166] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfea78) returned 1 [0101.166] GetFileType (hFile=0x2b8) returned 0x1 [0101.166] GetFileSize (in: hFile=0x2b8, lpFileSizeHigh=0xcfeb78 | out: lpFileSizeHigh=0xcfeb78*=0x0) returned 0x1319e [0101.166] ReadFile (in: hFile=0x2b8, lpBuffer=0x2d9ce14, nNumberOfBytesToRead=0x1319e, lpNumberOfBytesRead=0xcfeb24, lpOverlapped=0x0 | out: lpBuffer=0x2d9ce14*, lpNumberOfBytesRead=0xcfeb24*=0x1319e, lpOverlapped=0x0) returned 1 [0101.167] CloseHandle (hObject=0x2b8) returned 1 [0101.196] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", nBufferLength=0x105, lpBuffer=0xcfe63c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", lpFilePart=0x0) returned 0x2c [0101.196] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeaf0) returned 1 [0101.196] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8" (normalized: "c:\\users\\fd1hvy\\desktop\\read_this.txt.shade8"), fInfoLevelId=0x0, lpFileInformation=0xcfeb6c | out: lpFileInformation=0xcfeb6c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0101.197] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeaec) returned 1 [0101.197] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Videos\\vKNP_HE9n_djMTLR\\bOUZyxkf8\\6R3dt4oFv8miWc.mkv", nBufferLength=0x105, lpBuffer=0xcfe524, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Videos\\vKNP_HE9n_djMTLR\\bOUZyxkf8\\6R3dt4oFv8miWc.mkv", lpFilePart=0x0) returned 0x44 [0101.197] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfea68) returned 1 [0101.197] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Videos\\vKNP_HE9n_djMTLR\\bOUZyxkf8\\6R3dt4oFv8miWc.mkv" (normalized: "c:\\users\\fd1hvy\\videos\\vknp_he9n_djmtlr\\bouzyxkf8\\6r3dt4ofv8miwc.mkv"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2b8 [0101.198] GetFileType (hFile=0x2b8) returned 0x1 [0101.199] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfea64) returned 1 [0101.199] GetFileType (hFile=0x2b8) returned 0x1 [0101.199] WriteFile (in: hFile=0x2b8, lpBuffer=0x2e230f4*, nNumberOfBytesToWrite=0x131a0, lpNumberOfBytesWritten=0xcfeb18, lpOverlapped=0x0 | out: lpBuffer=0x2e230f4*, lpNumberOfBytesWritten=0xcfeb18*=0x131a0, lpOverlapped=0x0) returned 1 [0101.201] CloseHandle (hObject=0x2b8) returned 1 [0101.204] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Videos\\vKNP_HE9n_djMTLR\\bOUZyxkf8\\6R3dt4oFv8miWc.mkv", nBufferLength=0x105, lpBuffer=0xcfe648, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Videos\\vKNP_HE9n_djMTLR\\bOUZyxkf8\\6R3dt4oFv8miWc.mkv", lpFilePart=0x0) returned 0x44 [0101.204] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Videos\\vKNP_HE9n_djMTLR\\bOUZyxkf8\\6R3dt4oFv8miWc.mkv.shade8", nBufferLength=0x105, lpBuffer=0xcfe648, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Videos\\vKNP_HE9n_djMTLR\\bOUZyxkf8\\6R3dt4oFv8miWc.mkv.shade8", lpFilePart=0x0) returned 0x4b [0101.204] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeafc) returned 1 [0101.204] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Videos\\vKNP_HE9n_djMTLR\\bOUZyxkf8\\6R3dt4oFv8miWc.mkv" (normalized: "c:\\users\\fd1hvy\\videos\\vknp_he9n_djmtlr\\bouzyxkf8\\6r3dt4ofv8miwc.mkv"), fInfoLevelId=0x0, lpFileInformation=0xcfeb78 | out: lpFileInformation=0xcfeb78*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6228bf00, ftCreationTime.dwHighDateTime=0x1d4c722, ftLastAccessTime.dwLowDateTime=0xeed164f0, ftLastAccessTime.dwHighDateTime=0x1d4d048, ftLastWriteTime.dwLowDateTime=0x84edd05e, ftLastWriteTime.dwHighDateTime=0x1d57301, nFileSizeHigh=0x0, nFileSizeLow=0x131a0)) returned 1 [0101.204] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeaf8) returned 1 [0101.204] MoveFileW (lpExistingFileName="C:\\Users\\FD1HVy\\Videos\\vKNP_HE9n_djMTLR\\bOUZyxkf8\\6R3dt4oFv8miWc.mkv" (normalized: "c:\\users\\fd1hvy\\videos\\vknp_he9n_djmtlr\\bouzyxkf8\\6r3dt4ofv8miwc.mkv"), lpNewFileName="C:\\Users\\FD1HVy\\Videos\\vKNP_HE9n_djMTLR\\bOUZyxkf8\\6R3dt4oFv8miWc.mkv.shade8" (normalized: "c:\\users\\fd1hvy\\videos\\vknp_he9n_djmtlr\\bouzyxkf8\\6r3dt4ofv8miwc.mkv.shade8")) returned 1 [0101.205] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Videos\\vKNP_HE9n_djMTLR\\bOUZyxkf8\\B1kAUUgoW_w.mkv", nBufferLength=0x105, lpBuffer=0xcfe538, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Videos\\vKNP_HE9n_djMTLR\\bOUZyxkf8\\B1kAUUgoW_w.mkv", lpFilePart=0x0) returned 0x41 [0101.205] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfea7c) returned 1 [0101.205] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Videos\\vKNP_HE9n_djMTLR\\bOUZyxkf8\\B1kAUUgoW_w.mkv" (normalized: "c:\\users\\fd1hvy\\videos\\vknp_he9n_djmtlr\\bouzyxkf8\\b1kauugow_w.mkv"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2b8 [0101.205] GetFileType (hFile=0x2b8) returned 0x1 [0101.205] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfea78) returned 1 [0101.205] GetFileType (hFile=0x2b8) returned 0x1 [0101.205] GetFileSize (in: hFile=0x2b8, lpFileSizeHigh=0xcfeb78 | out: lpFileSizeHigh=0xcfeb78*=0x0) returned 0x13c38 [0101.213] ReadFile (in: hFile=0x2b8, lpBuffer=0x2c1dcc0, nNumberOfBytesToRead=0x13c38, lpNumberOfBytesRead=0xcfeb24, lpOverlapped=0x0 | out: lpBuffer=0x2c1dcc0*, lpNumberOfBytesRead=0xcfeb24*=0x13c38, lpOverlapped=0x0) returned 1 [0101.213] CloseHandle (hObject=0x2b8) returned 1 [0101.389] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", nBufferLength=0x105, lpBuffer=0xcfe63c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", lpFilePart=0x0) returned 0x2c [0101.389] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeaf0) returned 1 [0101.389] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8" (normalized: "c:\\users\\fd1hvy\\desktop\\read_this.txt.shade8"), fInfoLevelId=0x0, lpFileInformation=0xcfeb6c | out: lpFileInformation=0xcfeb6c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0101.389] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeaec) returned 1 [0101.389] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Videos\\vKNP_HE9n_djMTLR\\bOUZyxkf8\\B1kAUUgoW_w.mkv", nBufferLength=0x105, lpBuffer=0xcfe524, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Videos\\vKNP_HE9n_djMTLR\\bOUZyxkf8\\B1kAUUgoW_w.mkv", lpFilePart=0x0) returned 0x41 [0101.389] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfea68) returned 1 [0101.389] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Videos\\vKNP_HE9n_djMTLR\\bOUZyxkf8\\B1kAUUgoW_w.mkv" (normalized: "c:\\users\\fd1hvy\\videos\\vknp_he9n_djmtlr\\bouzyxkf8\\b1kauugow_w.mkv"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2b8 [0101.391] GetFileType (hFile=0x2b8) returned 0x1 [0101.391] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfea64) returned 1 [0101.391] GetFileType (hFile=0x2b8) returned 0x1 [0101.391] WriteFile (in: hFile=0x2b8, lpBuffer=0x2ca60d8*, nNumberOfBytesToWrite=0x13c40, lpNumberOfBytesWritten=0xcfeb18, lpOverlapped=0x0 | out: lpBuffer=0x2ca60d8*, lpNumberOfBytesWritten=0xcfeb18*=0x13c40, lpOverlapped=0x0) returned 1 [0101.393] CloseHandle (hObject=0x2b8) returned 1 [0101.396] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Videos\\vKNP_HE9n_djMTLR\\bOUZyxkf8\\B1kAUUgoW_w.mkv", nBufferLength=0x105, lpBuffer=0xcfe648, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Videos\\vKNP_HE9n_djMTLR\\bOUZyxkf8\\B1kAUUgoW_w.mkv", lpFilePart=0x0) returned 0x41 [0101.396] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Videos\\vKNP_HE9n_djMTLR\\bOUZyxkf8\\B1kAUUgoW_w.mkv.shade8", nBufferLength=0x105, lpBuffer=0xcfe648, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Videos\\vKNP_HE9n_djMTLR\\bOUZyxkf8\\B1kAUUgoW_w.mkv.shade8", lpFilePart=0x0) returned 0x48 [0101.396] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeafc) returned 1 [0101.396] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Videos\\vKNP_HE9n_djMTLR\\bOUZyxkf8\\B1kAUUgoW_w.mkv" (normalized: "c:\\users\\fd1hvy\\videos\\vknp_he9n_djmtlr\\bouzyxkf8\\b1kauugow_w.mkv"), fInfoLevelId=0x0, lpFileInformation=0xcfeb78 | out: lpFileInformation=0xcfeb78*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x82c9e330, ftCreationTime.dwHighDateTime=0x1d4ced2, ftLastAccessTime.dwLowDateTime=0x3c3cd290, ftLastAccessTime.dwHighDateTime=0x1d4d3d9, ftLastWriteTime.dwLowDateTime=0x850a6934, ftLastWriteTime.dwHighDateTime=0x1d57301, nFileSizeHigh=0x0, nFileSizeLow=0x13c40)) returned 1 [0101.396] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeaf8) returned 1 [0101.396] MoveFileW (lpExistingFileName="C:\\Users\\FD1HVy\\Videos\\vKNP_HE9n_djMTLR\\bOUZyxkf8\\B1kAUUgoW_w.mkv" (normalized: "c:\\users\\fd1hvy\\videos\\vknp_he9n_djmtlr\\bouzyxkf8\\b1kauugow_w.mkv"), lpNewFileName="C:\\Users\\FD1HVy\\Videos\\vKNP_HE9n_djMTLR\\bOUZyxkf8\\B1kAUUgoW_w.mkv.shade8" (normalized: "c:\\users\\fd1hvy\\videos\\vknp_he9n_djmtlr\\bouzyxkf8\\b1kauugow_w.mkv.shade8")) returned 1 [0101.396] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Videos\\vKNP_HE9n_djMTLR\\bOUZyxkf8\\IZpwl1rGRLixPwlSk.mkv", nBufferLength=0x105, lpBuffer=0xcfe538, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Videos\\vKNP_HE9n_djMTLR\\bOUZyxkf8\\IZpwl1rGRLixPwlSk.mkv", lpFilePart=0x0) returned 0x47 [0101.396] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfea7c) returned 1 [0101.397] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Videos\\vKNP_HE9n_djMTLR\\bOUZyxkf8\\IZpwl1rGRLixPwlSk.mkv" (normalized: "c:\\users\\fd1hvy\\videos\\vknp_he9n_djmtlr\\bouzyxkf8\\izpwl1rgrlixpwlsk.mkv"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2b8 [0101.397] GetFileType (hFile=0x2b8) returned 0x1 [0101.397] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfea78) returned 1 [0101.397] GetFileType (hFile=0x2b8) returned 0x1 [0101.397] GetFileSize (in: hFile=0x2b8, lpFileSizeHigh=0xcfeb78 | out: lpFileSizeHigh=0xcfeb78*=0x0) returned 0xa57 [0101.397] ReadFile (in: hFile=0x2b8, lpBuffer=0x2cbace8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xcfeb24, lpOverlapped=0x0 | out: lpBuffer=0x2cbace8*, lpNumberOfBytesRead=0xcfeb24*=0xa57, lpOverlapped=0x0) returned 1 [0101.397] CloseHandle (hObject=0x2b8) returned 1 [0101.415] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", nBufferLength=0x105, lpBuffer=0xcfe63c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", lpFilePart=0x0) returned 0x2c [0101.415] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeaf0) returned 1 [0101.415] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8" (normalized: "c:\\users\\fd1hvy\\desktop\\read_this.txt.shade8"), fInfoLevelId=0x0, lpFileInformation=0xcfeb6c | out: lpFileInformation=0xcfeb6c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0101.415] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeaec) returned 1 [0101.415] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Videos\\vKNP_HE9n_djMTLR\\bOUZyxkf8\\IZpwl1rGRLixPwlSk.mkv", nBufferLength=0x105, lpBuffer=0xcfe524, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Videos\\vKNP_HE9n_djMTLR\\bOUZyxkf8\\IZpwl1rGRLixPwlSk.mkv", lpFilePart=0x0) returned 0x47 [0101.415] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfea68) returned 1 [0101.415] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Videos\\vKNP_HE9n_djMTLR\\bOUZyxkf8\\IZpwl1rGRLixPwlSk.mkv" (normalized: "c:\\users\\fd1hvy\\videos\\vknp_he9n_djmtlr\\bouzyxkf8\\izpwl1rgrlixpwlsk.mkv"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2b8 [0101.416] GetFileType (hFile=0x2b8) returned 0x1 [0101.416] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfea64) returned 1 [0101.416] GetFileType (hFile=0x2b8) returned 0x1 [0101.416] WriteFile (in: hFile=0x2b8, lpBuffer=0x2d0c128*, nNumberOfBytesToWrite=0xa60, lpNumberOfBytesWritten=0xcfeaec, lpOverlapped=0x0 | out: lpBuffer=0x2d0c128*, lpNumberOfBytesWritten=0xcfeaec*=0xa60, lpOverlapped=0x0) returned 1 [0101.417] CloseHandle (hObject=0x2b8) returned 1 [0101.418] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Videos\\vKNP_HE9n_djMTLR\\bOUZyxkf8\\IZpwl1rGRLixPwlSk.mkv", nBufferLength=0x105, lpBuffer=0xcfe648, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Videos\\vKNP_HE9n_djMTLR\\bOUZyxkf8\\IZpwl1rGRLixPwlSk.mkv", lpFilePart=0x0) returned 0x47 [0101.418] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Videos\\vKNP_HE9n_djMTLR\\bOUZyxkf8\\IZpwl1rGRLixPwlSk.mkv.shade8", nBufferLength=0x105, lpBuffer=0xcfe648, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Videos\\vKNP_HE9n_djMTLR\\bOUZyxkf8\\IZpwl1rGRLixPwlSk.mkv.shade8", lpFilePart=0x0) returned 0x4e [0101.418] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeafc) returned 1 [0101.418] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Videos\\vKNP_HE9n_djMTLR\\bOUZyxkf8\\IZpwl1rGRLixPwlSk.mkv" (normalized: "c:\\users\\fd1hvy\\videos\\vknp_he9n_djmtlr\\bouzyxkf8\\izpwl1rgrlixpwlsk.mkv"), fInfoLevelId=0x0, lpFileInformation=0xcfeb78 | out: lpFileInformation=0xcfeb78*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x99beafd0, ftCreationTime.dwHighDateTime=0x1d4d49a, ftLastAccessTime.dwLowDateTime=0x4c333940, ftLastAccessTime.dwHighDateTime=0x1d4c9c6, ftLastWriteTime.dwLowDateTime=0x850ccc6b, ftLastWriteTime.dwHighDateTime=0x1d57301, nFileSizeHigh=0x0, nFileSizeLow=0xa60)) returned 1 [0101.419] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeaf8) returned 1 [0101.419] MoveFileW (lpExistingFileName="C:\\Users\\FD1HVy\\Videos\\vKNP_HE9n_djMTLR\\bOUZyxkf8\\IZpwl1rGRLixPwlSk.mkv" (normalized: "c:\\users\\fd1hvy\\videos\\vknp_he9n_djmtlr\\bouzyxkf8\\izpwl1rgrlixpwlsk.mkv"), lpNewFileName="C:\\Users\\FD1HVy\\Videos\\vKNP_HE9n_djMTLR\\bOUZyxkf8\\IZpwl1rGRLixPwlSk.mkv.shade8" (normalized: "c:\\users\\fd1hvy\\videos\\vknp_he9n_djmtlr\\bouzyxkf8\\izpwl1rgrlixpwlsk.mkv.shade8")) returned 1 [0101.419] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Videos\\vKNP_HE9n_djMTLR\\bOUZyxkf8\\qOvu44.avi", nBufferLength=0x105, lpBuffer=0xcfe538, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Videos\\vKNP_HE9n_djMTLR\\bOUZyxkf8\\qOvu44.avi", lpFilePart=0x0) returned 0x3c [0101.419] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfea7c) returned 1 [0101.419] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Videos\\vKNP_HE9n_djMTLR\\bOUZyxkf8\\qOvu44.avi" (normalized: "c:\\users\\fd1hvy\\videos\\vknp_he9n_djmtlr\\bouzyxkf8\\qovu44.avi"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2b8 [0101.419] GetFileType (hFile=0x2b8) returned 0x1 [0101.419] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfea78) returned 1 [0101.419] GetFileType (hFile=0x2b8) returned 0x1 [0101.419] GetFileSize (in: hFile=0x2b8, lpFileSizeHigh=0xcfeb78 | out: lpFileSizeHigh=0xcfeb78*=0x0) returned 0x4bd8 [0101.420] ReadFile (in: hFile=0x2b8, lpBuffer=0x2d0d448, nNumberOfBytesToRead=0x4bd8, lpNumberOfBytesRead=0xcfeb24, lpOverlapped=0x0 | out: lpBuffer=0x2d0d448*, lpNumberOfBytesRead=0xcfeb24*=0x4bd8, lpOverlapped=0x0) returned 1 [0101.420] CloseHandle (hObject=0x2b8) returned 1 [0101.436] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", nBufferLength=0x105, lpBuffer=0xcfe63c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8", lpFilePart=0x0) returned 0x2c [0101.436] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeaf0) returned 1 [0101.437] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt.shade8" (normalized: "c:\\users\\fd1hvy\\desktop\\read_this.txt.shade8"), fInfoLevelId=0x0, lpFileInformation=0xcfeb6c | out: lpFileInformation=0xcfeb6c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0101.437] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeaec) returned 1 [0101.437] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Videos\\vKNP_HE9n_djMTLR\\bOUZyxkf8\\qOvu44.avi", nBufferLength=0x105, lpBuffer=0xcfe524, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Videos\\vKNP_HE9n_djMTLR\\bOUZyxkf8\\qOvu44.avi", lpFilePart=0x0) returned 0x3c [0101.437] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfea68) returned 1 [0101.437] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Videos\\vKNP_HE9n_djMTLR\\bOUZyxkf8\\qOvu44.avi" (normalized: "c:\\users\\fd1hvy\\videos\\vknp_he9n_djmtlr\\bouzyxkf8\\qovu44.avi"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2b8 [0101.438] GetFileType (hFile=0x2b8) returned 0x1 [0101.438] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfea64) returned 1 [0101.438] GetFileType (hFile=0x2b8) returned 0x1 [0101.438] WriteFile (in: hFile=0x2b8, lpBuffer=0x2d71d90*, nNumberOfBytesToWrite=0x4be0, lpNumberOfBytesWritten=0xcfeb18, lpOverlapped=0x0 | out: lpBuffer=0x2d71d90*, lpNumberOfBytesWritten=0xcfeb18*=0x4be0, lpOverlapped=0x0) returned 1 [0101.439] CloseHandle (hObject=0x2b8) returned 1 [0101.440] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Videos\\vKNP_HE9n_djMTLR\\bOUZyxkf8\\qOvu44.avi", nBufferLength=0x105, lpBuffer=0xcfe648, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Videos\\vKNP_HE9n_djMTLR\\bOUZyxkf8\\qOvu44.avi", lpFilePart=0x0) returned 0x3c [0101.440] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Videos\\vKNP_HE9n_djMTLR\\bOUZyxkf8\\qOvu44.avi.shade8", nBufferLength=0x105, lpBuffer=0xcfe648, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Videos\\vKNP_HE9n_djMTLR\\bOUZyxkf8\\qOvu44.avi.shade8", lpFilePart=0x0) returned 0x43 [0101.440] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeafc) returned 1 [0101.441] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\Videos\\vKNP_HE9n_djMTLR\\bOUZyxkf8\\qOvu44.avi" (normalized: "c:\\users\\fd1hvy\\videos\\vknp_he9n_djmtlr\\bouzyxkf8\\qovu44.avi"), fInfoLevelId=0x0, lpFileInformation=0xcfeb78 | out: lpFileInformation=0xcfeb78*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xbfe25520, ftCreationTime.dwHighDateTime=0x1d4c943, ftLastAccessTime.dwLowDateTime=0x2a7d4ee0, ftLastAccessTime.dwHighDateTime=0x1d4cbc8, ftLastWriteTime.dwLowDateTime=0x8511910e, ftLastWriteTime.dwHighDateTime=0x1d57301, nFileSizeHigh=0x0, nFileSizeLow=0x4be0)) returned 1 [0101.441] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeaf8) returned 1 [0101.441] MoveFileW (lpExistingFileName="C:\\Users\\FD1HVy\\Videos\\vKNP_HE9n_djMTLR\\bOUZyxkf8\\qOvu44.avi" (normalized: "c:\\users\\fd1hvy\\videos\\vknp_he9n_djmtlr\\bouzyxkf8\\qovu44.avi"), lpNewFileName="C:\\Users\\FD1HVy\\Videos\\vKNP_HE9n_djMTLR\\bOUZyxkf8\\qOvu44.avi.shade8" (normalized: "c:\\users\\fd1hvy\\videos\\vknp_he9n_djmtlr\\bouzyxkf8\\qovu44.avi.shade8")) returned 1 [0101.441] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeb5c) returned 1 [0101.442] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Videos\\vKNP_HE9n_djMTLR\\bOUZyxkf8\\DI1rARkHyyowDr8r_zul", nBufferLength=0x105, lpBuffer=0xcfe610, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Videos\\vKNP_HE9n_djMTLR\\bOUZyxkf8\\DI1rARkHyyowDr8r_zul", lpFilePart=0x0) returned 0x46 [0101.442] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\Videos\\vKNP_HE9n_djMTLR\\bOUZyxkf8\\DI1rARkHyyowDr8r_zul\\*", lpFindFileData=0xcfe884 | out: lpFindFileData=0xcfe884*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x4a41d840, ftCreationTime.dwHighDateTime=0x1d4d384, ftLastAccessTime.dwLowDateTime=0xab3d0a20, ftLastAccessTime.dwHighDateTime=0x1d4ca47, ftLastWriteTime.dwLowDateTime=0xab3d0a20, ftLastWriteTime.dwHighDateTime=0x1d4ca47, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xfe6920 [0101.442] FindNextFileW (in: hFindFile=0xfe6920, lpFindFileData=0xcfe890 | out: lpFindFileData=0xcfe890*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x4a41d840, ftCreationTime.dwHighDateTime=0x1d4d384, ftLastAccessTime.dwLowDateTime=0xab3d0a20, ftLastAccessTime.dwHighDateTime=0x1d4ca47, ftLastWriteTime.dwLowDateTime=0xab3d0a20, ftLastWriteTime.dwHighDateTime=0x1d4ca47, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0101.442] FindNextFileW (in: hFindFile=0xfe6920, lpFindFileData=0xcfe890 | out: lpFindFileData=0xcfe890*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x63fbf690, ftCreationTime.dwHighDateTime=0x1d4c9ce, ftLastAccessTime.dwLowDateTime=0x78256430, ftLastAccessTime.dwHighDateTime=0x1d4c640, ftLastWriteTime.dwLowDateTime=0x78256430, ftLastWriteTime.dwHighDateTime=0x1d4c640, nFileSizeHigh=0x0, nFileSizeLow=0x5fe4, dwReserved0=0x0, dwReserved1=0x0, cFileName="IK5wChNl0EwYc2Bx.swf", cAlternateFileName="IK5WCH~1.SWF")) returned 1 [0101.442] FindNextFileW (in: hFindFile=0xfe6920, lpFindFileData=0xcfe890 | out: lpFindFileData=0xcfe890*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0101.443] FindClose (in: hFindFile=0xfe6920 | out: hFindFile=0xfe6920) returned 1 [0101.443] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeb18) returned 1 [0101.443] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeb24) returned 1 [0101.443] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfeb5c) returned 1 [0101.443] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Videos\\vKNP_HE9n_djMTLR\\bOUZyxkf8\\DI1rARkHyyowDr8r_zul", nBufferLength=0x105, lpBuffer=0xcfe610, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Videos\\vKNP_HE9n_djMTLR\\bOUZyxkf8\\DI1rARkHyyowDr8r_zul", lpFilePart=0x0) returned 0x46 [0101.443] FindFirstFileW (in: lpFileName="C:\\Users\\FD1HVy\\Videos\\vKNP_HE9n_djMTLR\\bOUZyxkf8\\DI1rARkHyyowDr8r_zul\\*", lpFindFileData=0xcfe884 | out: lpFindFileData=0xcfe884*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x4a41d840, ftCreationTime.dwHighDateTime=0x1d4d384, ftLastAccessTime.dwLowDateTime=0xab3d0a20, ftLastAccessTime.dwHighDateTime=0x1d4ca47, ftLastWriteTime.dwLowDateTime=0xab3d0a20, ftLastWriteTime.dwHighDateTime=0x1d4ca47, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0xfe66a0 [0101.443] FindNextFileW (in: hFindFile=0xfe66a0, lpFindFileData=0xcfe890 | out: lpFindFileData=0xcfe890*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x4a41d840, ftCreationTime.dwHighDateTime=0x1d4d384, ftLastAccessTime.dwLowDateTime=0xab3d0a20, ftLastAccessTime.dwHighDateTime=0x1d4ca47, ftLastWriteTime.dwLowDateTime=0xab3d0a20, ftLastWriteTime.dwHighDateTime=0x1d4ca47, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0101.444] FindNextFileW (in: hFindFile=0xfe66a0, lpFindFileData=0xcfe890 | out: lpFindFileData=0xcfe890*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x63fbf690, ftCreationTime.dwHighDateTime=0x1d4c9ce, ftLastAccessTime.dwLowDateTime=0x78256430, ftLastAccessTime.dwHighDateTime=0x1d4c640, ftLastWriteTime.dwLowDateTime=0x78256430, ftLastWriteTime.dwHighDateTime=0x1d4c640, nFileSizeHigh=0x0, nFileSizeLow=0x5fe4, dwReserved0=0x0, dwReserved1=0x0, cFileName="IK5wChNl0EwYc2Bx.swf", cAlternateFileName="IK5WCH~1.SWF")) returned 1 [0101.444] FindNextFileW (in: hFindFile=0xfe66a0, lpFindFileData=0xcfe890 | out: lpFindFileData=0xcfe890*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x63fbf690, ftCreationTime.dwHighDateTime=0x1d4c9ce, ftLastAccessTime.dwLowDateTime=0x78256430, ftLastAccessTime.dwHighDateTime=0x1d4c640, ftLastWriteTime.dwLowDateTime=0x78256430, ftLastWriteTime.dwHighDateTime=0x1d4c640, nFileSizeHigh=0x0, nFileSizeLow=0x5fe4, dwReserved0=0x0, dwReserved1=0x0, cFileName="IK5wChNl0EwYc2Bx.swf", cAlternateFileName="IK5WCH~1.SWF")) returned 0 [0101.444] FindClose (in: hFindFile=0xfe66a0 | out: hFindFile=0xfe66a0) returned 1 [0101.444] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeb18) returned 1 [0101.444] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeb24) returned 1 [0101.457] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt", nBufferLength=0x105, lpBuffer=0xcfe750, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt", lpFilePart=0x0) returned 0x25 [0101.457] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfec94) returned 1 [0101.457] CreateFileW (lpFileName="C:\\Users\\FD1HVy\\Desktop\\READ_THIS.txt" (normalized: "c:\\users\\fd1hvy\\desktop\\read_this.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2b8 [0101.457] GetFileType (hFile=0x2b8) returned 0x1 [0101.458] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfec90) returned 1 [0101.458] GetFileType (hFile=0x2b8) returned 0x1 [0101.459] WriteFile (in: hFile=0x2b8, lpBuffer=0x2d79f58*, nNumberOfBytesToWrite=0x2e, lpNumberOfBytesWritten=0xcfecf4, lpOverlapped=0x0 | out: lpBuffer=0x2d79f58*, lpNumberOfBytesWritten=0xcfecf4*=0x2e, lpOverlapped=0x0) returned 1 [0101.460] CloseHandle (hObject=0x2b8) returned 1 [0101.514] GetCurrentProcess () returned 0xffffffff [0101.514] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0xcfe9ac | out: TokenHandle=0xcfe9ac*=0x2cc) returned 1 [0101.530] GetCurrentProcess () returned 0xffffffff [0101.530] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0xcfe9bc | out: TokenHandle=0xcfe9bc*=0x2bc) returned 1 [0101.591] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x3e4 [0101.591] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x3f4 [0101.594] GetCurrentProcess () returned 0xffffffff [0101.594] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0xcfe9cc | out: TokenHandle=0xcfe9cc*=0x3f8) returned 1 [0101.598] GetCurrentProcess () returned 0xffffffff [0101.598] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0xcfe9dc | out: TokenHandle=0xcfe9dc*=0x3fc) returned 1 [0101.601] QueryPerformanceFrequency (in: lpFrequency=0xe45a98 | out: lpFrequency=0xe45a98*=100000000) returned 1 [0101.601] QueryPerformanceCounter (in: lpPerformanceCount=0xcfed50 | out: lpPerformanceCount=0xcfed50*=19282637642) returned 1 [0101.606] GetCurrentProcess () returned 0xffffffff [0101.606] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0xcfe998 | out: TokenHandle=0xcfe998*=0x404) returned 1 [0101.610] GetCurrentProcess () returned 0xffffffff [0101.611] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0xcfe9a8 | out: TokenHandle=0xcfe9a8*=0x408) returned 1 [0101.687] GetCurrentProcess () returned 0xffffffff [0101.687] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0xcfe9ac | out: TokenHandle=0xcfe9ac*=0x40c) returned 1 [0101.688] GetCurrentProcess () returned 0xffffffff [0101.688] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0xcfe9bc | out: TokenHandle=0xcfe9bc*=0x410) returned 1 [0101.692] GetCurrentProcess () returned 0xffffffff [0101.692] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0xcfec34 | out: TokenHandle=0xcfec34*=0x414) returned 1 [0101.699] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Windows NT\\CurrentVersion", ulOptions=0x0, samDesired=0x20019, phkResult=0xcfdd6c | out: phkResult=0xcfdd6c*=0x418) returned 0x0 [0101.701] RegQueryValueExW (in: hKey=0x418, lpValueName="InstallationType", lpReserved=0x0, lpType=0xcfdd8c, lpData=0x0, lpcbData=0xcfdd88*=0x0 | out: lpType=0xcfdd8c*=0x1, lpData=0x0, lpcbData=0xcfdd88*=0xe) returned 0x0 [0101.701] RegQueryValueExW (in: hKey=0x418, lpValueName="InstallationType", lpReserved=0x0, lpType=0xcfdd8c, lpData=0x2d85098, lpcbData=0xcfdd88*=0xe | out: lpType=0xcfdd8c*=0x1, lpData="Client", lpcbData=0xcfdd88*=0xe) returned 0x0 [0101.702] RegCloseKey (hKey=0x418) returned 0x0 [0102.305] CoTaskMemAlloc (cb=0xcc0) returned 0x101fc78 [0102.306] RasEnumConnectionsW (in: param_1=0x101fc78, param_2=0xcfec44, param_3=0xcfec48 | out: param_1=0x101fc78, param_2=0xcfec44, param_3=0xcfec48) returned 0x0 [0102.601] CoTaskMemFree (pv=0x101fc78) [0103.164] WSAStartup (in: wVersionRequired=0x202, lpWSAData=0xcfea30 | out: lpWSAData=0xcfea30) returned 0 [0103.171] WSASocketW (af=2, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x0) returned 0x47c [0103.507] setsockopt (s=0x47c, level=65535, optname=128, optval="\x01", optlen=4) returned -1 [0103.507] closesocket (s=0x47c) returned 0 [0103.508] WSASocketW (af=23, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x0) returned 0x47c [0103.512] setsockopt (s=0x47c, level=65535, optname=128, optval="\x01", optlen=4) returned -1 [0103.512] closesocket (s=0x47c) returned 0 [0103.512] WSASocketW (af=2, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x47c [0103.513] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x480 [0103.513] ioctlsocket (in: s=0x47c, cmd=-2147195266, argp=0xcfec4c | out: argp=0xcfec4c) returned 0 [0103.514] WSASocketW (af=23, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x484 [0103.514] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x488 [0103.514] ioctlsocket (in: s=0x484, cmd=-2147195266, argp=0xcfec4c | out: argp=0xcfec4c) returned 0 [0103.515] WSAIoctl (in: s=0x47c, dwIoControlCode=0x28000017, lpvInBuffer=0x0, cbInBuffer=0x0, lpvOutBuffer=0x0, cbOutBuffer=0x0, lpcbBytesReturned=0xcfec34, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpvOutBuffer=0x0, lpcbBytesReturned=0xcfec34, lpOverlapped=0x0) returned -1 [0103.516] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2733, dwLanguageId=0x0, lpBuffer=0xcfe964, nSize=0x101, Arguments=0x0 | out: lpBuffer="A non-blocking socket operation could not be completed immediately.\r\n") returned 0x45 [0103.518] WSAEventSelect (s=0x47c, hEventObject=0x480, lNetworkEvents=512) returned 0 [0103.519] WSAIoctl (in: s=0x484, dwIoControlCode=0x28000017, lpvInBuffer=0x0, cbInBuffer=0x0, lpvOutBuffer=0x0, cbOutBuffer=0x0, lpcbBytesReturned=0xcfec34, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpvOutBuffer=0x0, lpcbBytesReturned=0xcfec34, lpOverlapped=0x0) returned -1 [0103.519] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2733, dwLanguageId=0x0, lpBuffer=0xcfe964, nSize=0x101, Arguments=0x0 | out: lpBuffer="A non-blocking socket operation could not be completed immediately.\r\n") returned 0x45 [0103.519] WSAEventSelect (s=0x484, hEventObject=0x488, lNetworkEvents=512) returned 0 [0103.519] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x490 [0103.519] RasConnectionNotificationW (param_1=0xffffffff, param_2=0x490, param_3=0x3) returned 0x0 [0103.526] RegOpenCurrentUser (in: samDesired=0x20019, phkResult=0xcfec60 | out: phkResult=0xcfec60*=0x4a8) returned 0x0 [0103.527] RegOpenKeyExW (in: hKey=0x4a8, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0xcfec14 | out: phkResult=0xcfec14*=0x4ac) returned 0x0 [0103.528] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x4b0 [0103.528] RegNotifyChangeKeyValue (hKey=0x4ac, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x4b0, fAsynchronous=1) returned 0x0 [0103.529] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0xcfec18 | out: phkResult=0xcfec18*=0x4b4) returned 0x0 [0103.529] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x4b8 [0103.529] RegNotifyChangeKeyValue (hKey=0x4b4, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x4b8, fAsynchronous=1) returned 0x0 [0103.529] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings", ulOptions=0x0, samDesired=0x20019, phkResult=0xcfec18 | out: phkResult=0xcfec18*=0x4bc) returned 0x0 [0103.530] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x4c0 [0103.530] RegNotifyChangeKeyValue (hKey=0x4bc, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x4c0, fAsynchronous=1) returned 0x0 [0103.530] GetCurrentProcess () returned 0xffffffff [0103.530] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0xcfec04 | out: TokenHandle=0xcfec04*=0x4c4) returned 1 [0103.534] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework", ulOptions=0x0, samDesired=0x20019, phkResult=0xcfe510 | out: phkResult=0xcfe510*=0x4c8) returned 0x0 [0103.534] RegQueryValueExW (in: hKey=0x4c8, lpValueName="LegacyWPADSupport", lpReserved=0x0, lpType=0xcfe52c, lpData=0x0, lpcbData=0xcfe528*=0x0 | out: lpType=0xcfe52c*=0x0, lpData=0x0, lpcbData=0xcfe528*=0x0) returned 0x2 [0103.534] RegCloseKey (hKey=0x4c8) returned 0x0 [0104.031] WinHttpOpen (pszAgentW=0x0, dwAccessType=0x1, pszProxyW=0x0, pszProxyBypassW=0x0, dwFlags=0x0) returned 0x10269f8 [0104.489] WinHttpSetTimeouts (hInternet=0x10269f8, nResolveTimeout=60000, nConnectTimeout=60000, nSendTimeout=60000, nReceiveTimeout=60000) returned 1 [0104.489] WinHttpGetIEProxyConfigForCurrentUser (in: pProxyConfig=0xcfec14 | out: pProxyConfig=0xcfec14) returned 1 [0104.856] CoTaskMemAlloc (cb=0x20e) returned 0x102af00 [0104.856] GetEnvironmentVariableW (in: lpName="PinnableBufferCache_System.Net.HttpWebRequest_Disabled", lpBuffer=0x102af00, nSize=0x105 | out: lpBuffer="쌘Ă軠ߠ") returned 0x0 [0104.856] CoTaskMemFree (pv=0x102af00) [0104.856] CoTaskMemAlloc (cb=0x20e) returned 0x102af00 [0104.856] GetEnvironmentVariableW (in: lpName="PinnableBufferCache_System.Net.HttpWebRequest_MinCount", lpBuffer=0x102af00, nSize=0x105 | out: lpBuffer="쌘Ă軠ߠ") returned 0x0 [0104.856] CoTaskMemFree (pv=0x102af00) [0104.862] EtwEventRegister (in: ProviderId=0x2d87e30, EnableCallback=0x5260636, CallbackContext=0x0, RegHandle=0x2d87e0c | out: RegHandle=0x2d87e0c) returned 0x0 [0104.862] EtwEventSetInformation (RegHandle=0x100e420, InformationClass=0x5c, EventInformation=0x2, InformationLength=0x2d87dcc) returned 0x0 [0104.865] GetCurrentProcess () returned 0xffffffff [0104.865] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0xcfe974 | out: TokenHandle=0xcfe974*=0x50c) returned 1 [0104.867] GetCurrentProcess () returned 0xffffffff [0104.867] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0xcfe984 | out: TokenHandle=0xcfe984*=0x510) returned 1 [0104.934] SetEvent (hEvent=0x3e4) returned 1 [0104.959] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0xcfeb7c*=0x490, lpdwindex=0xcfe99c | out: lpdwindex=0xcfe99c) returned 0x80010115 [0105.332] NtdllDefWindowProc_W (hWnd=0x4021e, Msg=0x219, wParam=0x7, lParam=0x0) returned 0x1 [0105.369] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0xcfeb5c*=0x480, lpdwindex=0xcfe97c | out: lpdwindex=0xcfe97c) returned 0x80010115 [0105.369] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0xcfeb5c*=0x488, lpdwindex=0xcfe97c | out: lpdwindex=0xcfe97c) returned 0x80010115 [0105.369] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0xcfebb0*=0x4b0, lpdwindex=0xcfe9cc | out: lpdwindex=0xcfe9cc) returned 0x80010115 [0105.370] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0xcfebb0*=0x4b8, lpdwindex=0xcfe9cc | out: lpdwindex=0xcfe9cc) returned 0x80010115 [0105.370] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0xcfebb0*=0x4c0, lpdwindex=0xcfe9cc | out: lpdwindex=0xcfe9cc) returned 0x80010115 [0105.371] WinHttpGetProxyForUrl (in: hSession=0x10269f8, lpcwszUrl="https://www.google.com/", pAutoProxyOptions=0xcfeb48, pProxyInfo=0xcfebb8 | out: pProxyInfo=0xcfebb8) returned 0 [0105.609] GetCurrentProcess () returned 0xffffffff [0105.609] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0xcfe8ec | out: TokenHandle=0xcfe8ec*=0x578) returned 1 [0105.610] GetCurrentProcess () returned 0xffffffff [0105.610] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0xcfe8fc | out: TokenHandle=0xcfe8fc*=0x57c) returned 1 [0105.611] GetTimeZoneInformation (in: lpTimeZoneInformation=0xcfea6c | out: lpTimeZoneInformation=0xcfea6c) returned 0x2 [0105.613] GetDynamicTimeZoneInformation (in: pTimeZoneInformation=0xcfe8c8 | out: pTimeZoneInformation=0xcfe8c8) returned 0x2 [0105.614] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Time Zones\\W. Europe Standard Time", ulOptions=0x0, samDesired=0x20019, phkResult=0xcfe9ac | out: phkResult=0xcfe9ac*=0x580) returned 0x0 [0105.615] RegQueryValueExW (in: hKey=0x580, lpValueName="TZI", lpReserved=0x0, lpType=0xcfe9c8, lpData=0x0, lpcbData=0xcfe9c4*=0x0 | out: lpType=0xcfe9c8*=0x3, lpData=0x0, lpcbData=0xcfe9c4*=0x2c) returned 0x0 [0105.615] RegQueryValueExW (in: hKey=0x580, lpValueName="TZI", lpReserved=0x0, lpType=0xcfe9c8, lpData=0x2d8af34, lpcbData=0xcfe9c4*=0x2c | out: lpType=0xcfe9c8*=0x3, lpData=0x2d8af34*, lpcbData=0xcfe9c4*=0x2c) returned 0x0 [0105.616] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Time Zones\\W. Europe Standard Time\\Dynamic DST", ulOptions=0x0, samDesired=0x20019, phkResult=0xcfe800 | out: phkResult=0xcfe800*=0x0) returned 0x2 [0105.617] RegQueryValueExW (in: hKey=0x580, lpValueName="MUI_Display", lpReserved=0x0, lpType=0xcfe9a0, lpData=0x0, lpcbData=0xcfe99c*=0x0 | out: lpType=0xcfe9a0*=0x1, lpData=0x0, lpcbData=0xcfe99c*=0x20) returned 0x0 [0105.617] RegQueryValueExW (in: hKey=0x580, lpValueName="MUI_Display", lpReserved=0x0, lpType=0xcfe9a0, lpData=0x2d8b358, lpcbData=0xcfe99c*=0x20 | out: lpType=0xcfe9a0*=0x1, lpData="@tzres.dll,-320", lpcbData=0xcfe99c*=0x20) returned 0x0 [0105.617] RegQueryValueExW (in: hKey=0x580, lpValueName="MUI_Std", lpReserved=0x0, lpType=0xcfe9a0, lpData=0x0, lpcbData=0xcfe99c*=0x0 | out: lpType=0xcfe9a0*=0x1, lpData=0x0, lpcbData=0xcfe99c*=0x20) returned 0x0 [0105.617] RegQueryValueExW (in: hKey=0x580, lpValueName="MUI_Std", lpReserved=0x0, lpType=0xcfe9a0, lpData=0x2d8b3b0, lpcbData=0xcfe99c*=0x20 | out: lpType=0xcfe9a0*=0x1, lpData="@tzres.dll,-322", lpcbData=0xcfe99c*=0x20) returned 0x0 [0105.617] RegQueryValueExW (in: hKey=0x580, lpValueName="MUI_Dlt", lpReserved=0x0, lpType=0xcfe9a0, lpData=0x0, lpcbData=0xcfe99c*=0x0 | out: lpType=0xcfe9a0*=0x1, lpData=0x0, lpcbData=0xcfe99c*=0x20) returned 0x0 [0105.617] RegQueryValueExW (in: hKey=0x580, lpValueName="MUI_Dlt", lpReserved=0x0, lpType=0xcfe9a0, lpData=0x2d8b408, lpcbData=0xcfe99c*=0x20 | out: lpType=0xcfe9a0*=0x1, lpData="@tzres.dll,-321", lpcbData=0xcfe99c*=0x20) returned 0x0 [0105.627] CoTaskMemAlloc (cb=0x20c) returned 0x10364b0 [0105.627] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0x10364b0 | out: pszPath="C:\\WINDOWS\\system32") returned 0x0 [0105.628] CoTaskMemFree (pv=0x10364b0) [0105.628] CoTaskMemAlloc (cb=0x20e) returned 0x10364b0 [0105.628] GetFileMUIPath (in: dwFlags=0x10, pcwszFilePath="C:\\WINDOWS\\system32\\tzres.dll", pwszLanguage=0x0, pcchLanguage=0xcfe9bc, pwszFileMUIPath=0x10364b0, pcchFileMUIPath=0xcfe9c0, pululEnumerator=0xcfe9b4 | out: pwszLanguage=0x0, pcchLanguage=0xcfe9bc, pwszFileMUIPath="C:\\WINDOWS\\system32\\en-US\\tzres.dll.mui", pcchFileMUIPath=0xcfe9c0, pululEnumerator=0xcfe9b4) returned 1 [0105.631] CoTaskMemFree (pv=0x0) [0105.631] CoTaskMemFree (pv=0x10364b0) [0105.631] LoadLibraryExW (lpLibFileName="C:\\WINDOWS\\system32\\en-US\\tzres.dll.mui", hFile=0x0, dwFlags=0x2) returned 0x51e0001 [0105.636] CoTaskMemAlloc (cb=0x3ec) returned 0x103b9f8 [0105.636] LoadStringW (in: hInstance=0x51e0001, uID=0x140, lpBuffer=0x103b9f8, cchBufferMax=500 | out: lpBuffer="(UTC+01:00) Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna") returned 0x3c [0105.636] CoTaskMemFree (pv=0x103b9f8) [0105.637] FreeLibrary (hLibModule=0x51e0001) returned 1 [0105.637] CoTaskMemAlloc (cb=0x20c) returned 0x10364b0 [0105.637] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0x10364b0 | out: pszPath="C:\\WINDOWS\\system32") returned 0x0 [0105.638] CoTaskMemFree (pv=0x10364b0) [0105.638] CoTaskMemAlloc (cb=0x20e) returned 0x10364b0 [0105.638] GetFileMUIPath (in: dwFlags=0x10, pcwszFilePath="C:\\WINDOWS\\system32\\tzres.dll", pwszLanguage=0x0, pcchLanguage=0xcfe9bc, pwszFileMUIPath=0x10364b0, pcchFileMUIPath=0xcfe9c0, pululEnumerator=0xcfe9b4 | out: pwszLanguage=0x0, pcchLanguage=0xcfe9bc, pwszFileMUIPath="C:\\WINDOWS\\system32\\en-US\\tzres.dll.mui", pcchFileMUIPath=0xcfe9c0, pululEnumerator=0xcfe9b4) returned 1 [0105.638] CoTaskMemFree (pv=0x0) [0105.638] CoTaskMemFree (pv=0x10364b0) [0105.638] LoadLibraryExW (lpLibFileName="C:\\WINDOWS\\system32\\en-US\\tzres.dll.mui", hFile=0x0, dwFlags=0x2) returned 0x51e0001 [0105.639] CoTaskMemAlloc (cb=0x3ec) returned 0x103b9f8 [0105.639] LoadStringW (in: hInstance=0x51e0001, uID=0x142, lpBuffer=0x103b9f8, cchBufferMax=500 | out: lpBuffer="W. Europe Standard Time") returned 0x17 [0105.639] CoTaskMemFree (pv=0x103b9f8) [0105.639] FreeLibrary (hLibModule=0x51e0001) returned 1 [0105.640] CoTaskMemAlloc (cb=0x20c) returned 0x10364b0 [0105.640] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0x10364b0 | out: pszPath="C:\\WINDOWS\\system32") returned 0x0 [0105.640] CoTaskMemFree (pv=0x10364b0) [0105.640] CoTaskMemAlloc (cb=0x20e) returned 0x10364b0 [0105.640] GetFileMUIPath (in: dwFlags=0x10, pcwszFilePath="C:\\WINDOWS\\system32\\tzres.dll", pwszLanguage=0x0, pcchLanguage=0xcfe9bc, pwszFileMUIPath=0x10364b0, pcchFileMUIPath=0xcfe9c0, pululEnumerator=0xcfe9b4 | out: pwszLanguage=0x0, pcchLanguage=0xcfe9bc, pwszFileMUIPath="C:\\WINDOWS\\system32\\en-US\\tzres.dll.mui", pcchFileMUIPath=0xcfe9c0, pululEnumerator=0xcfe9b4) returned 1 [0105.641] CoTaskMemFree (pv=0x0) [0105.641] CoTaskMemFree (pv=0x10364b0) [0105.641] LoadLibraryExW (lpLibFileName="C:\\WINDOWS\\system32\\en-US\\tzres.dll.mui", hFile=0x0, dwFlags=0x2) returned 0x51e0001 [0105.642] CoTaskMemAlloc (cb=0x3ec) returned 0x103b9f8 [0105.642] LoadStringW (in: hInstance=0x51e0001, uID=0x141, lpBuffer=0x103b9f8, cchBufferMax=500 | out: lpBuffer="W. Europe Daylight Time") returned 0x17 [0105.642] CoTaskMemFree (pv=0x103b9f8) [0105.642] FreeLibrary (hLibModule=0x51e0001) returned 1 [0105.643] RegCloseKey (hKey=0x580) returned 0x0 [0105.643] SetEvent (hEvent=0x3e4) returned 1 [0105.667] GetNetworkParams (in: pFixedInfo=0x0, pOutBufLen=0xcfebc8 | out: pFixedInfo=0x0, pOutBufLen=0xcfebc8) returned 0x6f [0106.271] LocalAlloc (uFlags=0x0, uBytes=0x248) returned 0x102fc90 [0106.271] GetNetworkParams (in: pFixedInfo=0x102fc90, pOutBufLen=0xcfebc8 | out: pFixedInfo=0x102fc90, pOutBufLen=0xcfebc8) returned 0x0 [0106.418] LocalFree (hMem=0x102fc90) returned 0x0 [0106.419] CoTaskMemAlloc (cb=0x20e) returned 0x102fc90 [0106.420] GetEnvironmentVariableW (in: lpName="PinnableBufferCache_System.Net.Connection_Disabled", lpBuffer=0x102fc90, nSize=0x105 | out: lpBuffer="맸ă晘ă") returned 0x0 [0106.420] CoTaskMemFree (pv=0x102fc90) [0106.420] CoTaskMemAlloc (cb=0x20e) returned 0x102fc90 [0106.420] GetEnvironmentVariableW (in: lpName="PinnableBufferCache_System.Net.Connection_MinCount", lpBuffer=0x102fc90, nSize=0x105 | out: lpBuffer="맸ă晘ă") returned 0x0 [0106.420] CoTaskMemFree (pv=0x102fc90) [0106.423] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x5ac [0106.424] WSASocketW (af=23, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x580 [0106.425] GetAddrInfoW (in: pNodeName="www.google.com", pServiceName=0x0, pHints=0xcfeab0*(ai_flags=2, ai_family=0, ai_socktype=0, ai_protocol=0, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0xcfea58 | out: ppResult=0xcfea58*=0x101e660*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="www.google.com", ai_addr=0x1045ae0*(sa_family=2, sin_port=0x0, sin_addr="172.217.16.164"), ai_next=0x0)) returned 0 [0106.843] FreeAddrInfoW (pAddrInfo=0x101e660*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="www.google.com", ai_addr=0x1045ae0*(sa_family=2, sin_port=0x0, sin_addr="172.217.16.164"), ai_next=0x0)) [0106.846] WSASocketW (af=2, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x5b4 [0106.846] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x5bc [0106.846] ioctlsocket (in: s=0x5b4, cmd=-2147195266, argp=0xcfea84 | out: argp=0xcfea84) returned 0 [0106.846] WSASocketW (af=23, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x5c0 [0106.847] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x5c4 [0106.847] ioctlsocket (in: s=0x5c0, cmd=-2147195266, argp=0xcfea84 | out: argp=0xcfea84) returned 0 [0106.847] WSAIoctl (in: s=0x5b4, dwIoControlCode=0x28000017, lpvInBuffer=0x0, cbInBuffer=0x0, lpvOutBuffer=0x0, cbOutBuffer=0x0, lpcbBytesReturned=0xcfea6c, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpvOutBuffer=0x0, lpcbBytesReturned=0xcfea6c, lpOverlapped=0x0) returned -1 [0106.847] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2733, dwLanguageId=0x0, lpBuffer=0xcfe79c, nSize=0x101, Arguments=0x0 | out: lpBuffer="A non-blocking socket operation could not be completed immediately.\r\n") returned 0x45 [0106.847] WSAEventSelect (s=0x5b4, hEventObject=0x5bc, lNetworkEvents=512) returned 0 [0106.847] WSAIoctl (in: s=0x5c0, dwIoControlCode=0x28000017, lpvInBuffer=0x0, cbInBuffer=0x0, lpvOutBuffer=0x0, cbOutBuffer=0x0, lpcbBytesReturned=0xcfea6c, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpvOutBuffer=0x0, lpcbBytesReturned=0xcfea6c, lpOverlapped=0x0) returned -1 [0106.848] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2733, dwLanguageId=0x0, lpBuffer=0xcfe79c, nSize=0x101, Arguments=0x0 | out: lpBuffer="A non-blocking socket operation could not be completed immediately.\r\n") returned 0x45 [0106.848] WSAEventSelect (s=0x5c0, hEventObject=0x5c4, lNetworkEvents=512) returned 0 [0106.848] GetAdaptersAddresses () returned 0x6f [0106.856] LocalAlloc (uFlags=0x0, uBytes=0x810) returned 0x1046180 [0106.856] GetAdaptersAddresses () returned 0x0 [0106.890] LocalFree (hMem=0x1046180) returned 0x0 [0106.930] WSAConnect (in: s=0x5ac, name=0x2d96dc8*(sa_family=2, sin_port=0x1bb, sin_addr="172.217.16.164"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0 [0106.949] closesocket (s=0x580) returned 0 [0106.962] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319", ulOptions=0x0, samDesired=0x20019, phkResult=0xcfe9b8 | out: phkResult=0xcfe9b8*=0x580) returned 0x0 [0106.963] RegQueryValueExW (in: hKey=0x580, lpValueName="HWRPortReuseOnSocketBind", lpReserved=0x0, lpType=0xcfe9d4, lpData=0x0, lpcbData=0xcfe9d0*=0x0 | out: lpType=0xcfe9d4*=0x0, lpData=0x0, lpcbData=0xcfe9d0*=0x0) returned 0x2 [0106.963] RegCloseKey (hKey=0x580) returned 0x0 [0106.974] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319", ulOptions=0x0, samDesired=0x20019, phkResult=0xcfe9bc | out: phkResult=0xcfe9bc*=0x580) returned 0x0 [0106.975] RegQueryValueExW (in: hKey=0x580, lpValueName="SchUseStrongCrypto", lpReserved=0x0, lpType=0xcfe9d8, lpData=0x0, lpcbData=0xcfe9d4*=0x0 | out: lpType=0xcfe9d8*=0x0, lpData=0x0, lpcbData=0xcfe9d4*=0x0) returned 0x2 [0106.975] RegCloseKey (hKey=0x580) returned 0x0 [0106.978] GetCurrentProcessId () returned 0x2ac [0106.980] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x2ac) returned 0x580 [0106.989] EnumProcessModules (in: hProcess=0x580, lphModule=0x2d994f4, cb=0x100, lpcbNeeded=0xcfe9c4 | out: lphModule=0x2d994f4, lpcbNeeded=0xcfe9c4) returned 1 [0106.989] EnumProcessModules (in: hProcess=0x580, lphModule=0x2d99600, cb=0x200, lpcbNeeded=0xcfe9c4 | out: lphModule=0x2d99600, lpcbNeeded=0xcfe9c4) returned 1 [0106.990] GetModuleInformation (in: hProcess=0x580, hModule=0x400000, lpmodinfo=0x2d99840, cb=0xc | out: lpmodinfo=0x2d99840*(lpBaseOfDll=0x400000, SizeOfImage=0x96000, EntryPoint=0x0)) returned 1 [0106.990] CoTaskMemAlloc (cb=0x804) returned 0x1046180 [0106.990] GetModuleBaseNameW (in: hProcess=0x580, hModule=0x400000, lpBaseName=0x1046180, nSize=0x800 | out: lpBaseName="fatura.exe") returned 0xa [0106.991] CoTaskMemFree (pv=0x1046180) [0106.991] CoTaskMemAlloc (cb=0x804) returned 0x1046180 [0106.991] GetModuleFileNameExW (in: hProcess=0x580, hModule=0x400000, lpFilename=0x1046180, nSize=0x800 | out: lpFilename="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\fatura.exe" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\fatura.exe")) returned 0x2d [0106.991] CoTaskMemFree (pv=0x1046180) [0106.991] CloseHandle (hObject=0x580) returned 1 [0106.992] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\fatura.exe", nBufferLength=0x105, lpBuffer=0xcfe4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\fatura.exe", lpFilePart=0x0) returned 0x2d [0106.992] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319\\System.Net.ServicePointManager.SchSendAuxRecord", ulOptions=0x0, samDesired=0x20019, phkResult=0xcfe9bc | out: phkResult=0xcfe9bc*=0x0) returned 0x2 [0106.993] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319", ulOptions=0x0, samDesired=0x20019, phkResult=0xcfe9bc | out: phkResult=0xcfe9bc*=0x580) returned 0x0 [0106.994] RegQueryValueExW (in: hKey=0x580, lpValueName="SchSendAuxRecord", lpReserved=0x0, lpType=0xcfe9d8, lpData=0x0, lpcbData=0xcfe9d4*=0x0 | out: lpType=0xcfe9d8*=0x0, lpData=0x0, lpcbData=0xcfe9d4*=0x0) returned 0x2 [0106.994] RegCloseKey (hKey=0x580) returned 0x0 [0107.020] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319", ulOptions=0x0, samDesired=0x20019, phkResult=0xcfe9bc | out: phkResult=0xcfe9bc*=0x580) returned 0x0 [0107.021] RegQueryValueExW (in: hKey=0x580, lpValueName="SystemDefaultTlsVersions", lpReserved=0x0, lpType=0xcfe9d8, lpData=0x0, lpcbData=0xcfe9d4*=0x0 | out: lpType=0xcfe9d8*=0x0, lpData=0x0, lpcbData=0xcfe9d4*=0x0) returned 0x2 [0107.021] RegCloseKey (hKey=0x580) returned 0x0 [0107.028] GetCurrentProcessId () returned 0x2ac [0107.028] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x2ac) returned 0x580 [0107.028] EnumProcessModules (in: hProcess=0x580, lphModule=0x2d9c4d4, cb=0x100, lpcbNeeded=0xcfe9bc | out: lphModule=0x2d9c4d4, lpcbNeeded=0xcfe9bc) returned 1 [0107.028] EnumProcessModules (in: hProcess=0x580, lphModule=0x2d9c5e0, cb=0x200, lpcbNeeded=0xcfe9bc | out: lphModule=0x2d9c5e0, lpcbNeeded=0xcfe9bc) returned 1 [0107.028] GetModuleInformation (in: hProcess=0x580, hModule=0x400000, lpmodinfo=0x2d9c820, cb=0xc | out: lpmodinfo=0x2d9c820*(lpBaseOfDll=0x400000, SizeOfImage=0x96000, EntryPoint=0x0)) returned 1 [0107.028] CoTaskMemAlloc (cb=0x804) returned 0x1046180 [0107.028] GetModuleBaseNameW (in: hProcess=0x580, hModule=0x400000, lpBaseName=0x1046180, nSize=0x800 | out: lpBaseName="fatura.exe") returned 0xa [0107.028] CoTaskMemFree (pv=0x1046180) [0107.029] CoTaskMemAlloc (cb=0x804) returned 0x1046180 [0107.029] GetModuleFileNameExW (in: hProcess=0x580, hModule=0x400000, lpFilename=0x1046180, nSize=0x800 | out: lpFilename="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\fatura.exe" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\fatura.exe")) returned 0x2d [0107.029] CoTaskMemFree (pv=0x1046180) [0107.029] CloseHandle (hObject=0x580) returned 1 [0107.029] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\fatura.exe", nBufferLength=0x105, lpBuffer=0xcfe4b8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\fatura.exe", lpFilePart=0x0) returned 0x2d [0107.029] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319\\System.Net.ServicePointManager.RequireCertificateEKUs", ulOptions=0x0, samDesired=0x20019, phkResult=0xcfe9b4 | out: phkResult=0xcfe9b4*=0x0) returned 0x2 [0107.030] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319", ulOptions=0x0, samDesired=0x20019, phkResult=0xcfe9b4 | out: phkResult=0xcfe9b4*=0x580) returned 0x0 [0107.031] RegQueryValueExW (in: hKey=0x580, lpValueName="RequireCertificateEKUs", lpReserved=0x0, lpType=0xcfe9d0, lpData=0x0, lpcbData=0xcfe9cc*=0x0 | out: lpType=0xcfe9d0*=0x0, lpData=0x0, lpcbData=0xcfe9cc*=0x0) returned 0x2 [0107.031] RegCloseKey (hKey=0x580) returned 0x0 [0107.035] LocalAlloc (uFlags=0x0, uBytes=0x24) returned 0xffa940 [0107.051] CryptFindOIDInfo (dwKeyType=0x2, pvKey=0xffa940, dwGroupId=0x0) returned 0x0 [0107.070] LocalFree (hMem=0xffa940) returned 0x0 [0107.070] LocalAlloc (uFlags=0x0, uBytes=0x24) returned 0x1046870 [0107.070] CryptFindOIDInfo (dwKeyType=0x2, pvKey=0x1046870, dwGroupId=0x0) returned 0x0 [0107.070] LocalFree (hMem=0x1046870) returned 0x0 [0107.214] EnumerateSecurityPackagesW (in: pcPackages=0xcfe9f8, ppPackageInfo=0xcfe98c | out: pcPackages=0xcfe9f8, ppPackageInfo=0xcfe98c) returned 0x0 [0107.227] FreeContextBuffer (in: pvContextBuffer=0x104ebe0 | out: pvContextBuffer=0x104ebe0) returned 0x0 [0107.345] GetCurrentProcess () returned 0xffffffff [0107.345] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0xcfe7bc | out: TokenHandle=0xcfe7bc*=0x5cc) returned 1 [0107.347] AcquireCredentialsHandleW (in: pPrincipal=0x0, pPackage=0x2d9eef0, fCredentialUse=0x2, pvLogonId=0x0, pAuthData=0xcfe810, pGetKeyFn=0x0, pvGetKeyArgument=0x0, phCredential=0x2da069c, ptsExpiry=0xcfe794 | out: phCredential=0x2da069c, ptsExpiry=0xcfe794) returned 0x0 [0107.679] InitializeSecurityContextW (in: phCredential=0xcfe7d0, phContext=0x0, pTargetName=0x2d96ebc, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x0, Reserved2=0x0, phNewContext=0x2da08a0, pOutput=0x2da0838, pfContextAttr=0x2d9eec4, ptsExpiry=0xcfe7c8 | out: phNewContext=0x2da08a0, pOutput=0x2da0838, pfContextAttr=0x2d9eec4, ptsExpiry=0xcfe7c8) returned 0x90312 [0107.679] FreeContextBuffer (in: pvContextBuffer=0xff5130 | out: pvContextBuffer=0xff5130) returned 0x0 [0107.683] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x75e90000 [0107.683] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x400, lpWideCharStr="AppPolicyGetClrCompat", cchWideChar=21, lpMultiByteStr=0xcfe810, cbMultiByte=23, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AppPolicyGetClrCompatã\x87o`ùéÔðù=qXïÏ", lpUsedDefaultChar=0x0) returned 21 [0107.684] GetProcAddress (hModule=0x75e90000, lpProcName="AppPolicyGetClrCompat") returned 0x74f768b0 [0107.685] AppPolicyGetClrCompat () returned 0x0 [0107.686] send (s=0x5ac, buf=0x2da08b4*, len=122, flags=0) returned 122 [0107.688] recv (in: s=0x5ac, buf=0x2da08b4, len=5, flags=0 | out: buf=0x2da08b4*) returned 5 [0107.723] recv (in: s=0x5ac, buf=0x2da08b9, len=63, flags=0 | out: buf=0x2da08b9*) returned 63 [0107.724] InitializeSecurityContextW (in: phCredential=0xcfe728, phContext=0xcfe7b8, pTargetName=0x2d96ebc, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x2da0c8c, Reserved2=0x0, phNewContext=0x2da08a0, pOutput=0x2da0ca0, pfContextAttr=0x2d9eec4, ptsExpiry=0xcfe720 | out: phNewContext=0x2da08a0, pOutput=0x2da0ca0, pfContextAttr=0x2d9eec4, ptsExpiry=0xcfe720) returned 0x90312 [0107.724] recv (in: s=0x5ac, buf=0x2da0d30, len=5, flags=0 | out: buf=0x2da0d30*) returned 5 [0107.724] recv (in: s=0x5ac, buf=0x2da0d49, len=2333, flags=0 | out: buf=0x2da0d49*) returned 2333 [0107.725] InitializeSecurityContextW (in: phCredential=0xcfe684, phContext=0xcfe714, pTargetName=0x2d96ebc, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x2da16d8, Reserved2=0x0, phNewContext=0x2da08a0, pOutput=0x2da16ec, pfContextAttr=0x2d9eec4, ptsExpiry=0xcfe67c | out: phNewContext=0x2da08a0, pOutput=0x2da16ec, pfContextAttr=0x2d9eec4, ptsExpiry=0xcfe67c) returned 0x90312 [0107.728] recv (in: s=0x5ac, buf=0x2da177c, len=5, flags=0 | out: buf=0x2da177c*) returned 5 [0107.729] recv (in: s=0x5ac, buf=0x2da1795, len=113, flags=0 | out: buf=0x2da1795*) returned 113 [0107.729] InitializeSecurityContextW (in: phCredential=0xcfe5e0, phContext=0xcfe670, pTargetName=0x2d96ebc, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x2da1878, Reserved2=0x0, phNewContext=0x2da08a0, pOutput=0x2da188c, pfContextAttr=0x2d9eec4, ptsExpiry=0xcfe5d8 | out: phNewContext=0x2da08a0, pOutput=0x2da188c, pfContextAttr=0x2d9eec4, ptsExpiry=0xcfe5d8) returned 0x90312 [0107.729] recv (in: s=0x5ac, buf=0x2da191c, len=5, flags=0 | out: buf=0x2da191c*) returned 5 [0107.729] recv (in: s=0x5ac, buf=0x2da1935, len=4, flags=0 | out: buf=0x2da1935*) returned 4 [0107.729] InitializeSecurityContextW (in: phCredential=0xcfe53c, phContext=0xcfe5cc, pTargetName=0x2d96ebc, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x2da19ac, Reserved2=0x0, phNewContext=0x2da08a0, pOutput=0x2da19c0, pfContextAttr=0x2d9eec4, ptsExpiry=0xcfe534 | out: phNewContext=0x2da08a0, pOutput=0x2da19c0, pfContextAttr=0x2d9eec4, ptsExpiry=0xcfe534) returned 0x90312 [0107.756] FreeContextBuffer (in: pvContextBuffer=0x1000d40 | out: pvContextBuffer=0x1000d40) returned 0x0 [0107.756] send (s=0x5ac, buf=0x2da1a3c*, len=101, flags=0) returned 101 [0107.757] recv (in: s=0x5ac, buf=0x2da1a3c, len=5, flags=0 | out: buf=0x2da1a3c*) returned 5 [0107.804] recv (in: s=0x5ac, buf=0x2da1ac9, len=228, flags=0 | out: buf=0x2da1ac9*) returned 228 [0107.804] InitializeSecurityContextW (in: phCredential=0xcfe498, phContext=0xcfe528, pTargetName=0x2d96ebc, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x2da1c20, Reserved2=0x0, phNewContext=0x2da08a0, pOutput=0x2da1c34, pfContextAttr=0x2d9eec4, ptsExpiry=0xcfe490 | out: phNewContext=0x2da08a0, pOutput=0x2da1c34, pfContextAttr=0x2d9eec4, ptsExpiry=0xcfe490) returned 0x90312 [0107.805] recv (in: s=0x5ac, buf=0x2da1cc4, len=5, flags=0 | out: buf=0x2da1cc4*) returned 5 [0107.805] recv (in: s=0x5ac, buf=0x2da1cdd, len=1, flags=0 | out: buf=0x2da1cdd*) returned 1 [0107.805] InitializeSecurityContextW (in: phCredential=0xcfe3f4, phContext=0xcfe484, pTargetName=0x2d96ebc, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x2da1d50, Reserved2=0x0, phNewContext=0x2da08a0, pOutput=0x2da1d64, pfContextAttr=0x2d9eec4, ptsExpiry=0xcfe3ec | out: phNewContext=0x2da08a0, pOutput=0x2da1d64, pfContextAttr=0x2d9eec4, ptsExpiry=0xcfe3ec) returned 0x90312 [0107.805] recv (in: s=0x5ac, buf=0x2da1df4, len=5, flags=0 | out: buf=0x2da1df4*) returned 5 [0107.806] recv (in: s=0x5ac, buf=0x2da1e0d, len=48, flags=0 | out: buf=0x2da1e0d*) returned 48 [0107.806] InitializeSecurityContextW (in: phCredential=0xcfe350, phContext=0xcfe3e0, pTargetName=0x2d96ebc, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x2da1eb0, Reserved2=0x0, phNewContext=0x2da08a0, pOutput=0x2da1ec4, pfContextAttr=0x2d9eec4, ptsExpiry=0xcfe348 | out: phNewContext=0x2da08a0, pOutput=0x2da1ec4, pfContextAttr=0x2d9eec4, ptsExpiry=0xcfe348) returned 0x0 [0108.416] QueryContextAttributesW (in: phContext=0x2da08a0, ulAttribute=0x4, pBuffer=0x2da1f70 | out: pBuffer=0x2da1f70) returned 0x0 [0108.416] QueryContextAttributesW (in: phContext=0x2da08a0, ulAttribute=0x5a, pBuffer=0x2da1fc8 | out: pBuffer=0x2da1fc8) returned 0x0 [0108.417] QueryContextAttributesW (in: phContext=0x2da08a0, ulAttribute=0x53, pBuffer=0x2da2074 | out: pBuffer=0x2da2074) returned 0x0 [0108.425] CertDuplicateCertificateContext (pCertContext=0x1049e28) returned 0x1049e28 [0108.425] CertDuplicateStore (hCertStore=0x1040f18) returned 0x1040f18 [0108.426] CertEnumCertificatesInStore (hCertStore=0x1040f18, pPrevCertContext=0x0) returned 0x1049c48 [0108.426] CertDuplicateCertificateContext (pCertContext=0x1049c48) returned 0x1049c48 [0108.426] CertEnumCertificatesInStore (hCertStore=0x1040f18, pPrevCertContext=0x1049c48) returned 0x1049e28 [0108.427] CertDuplicateCertificateContext (pCertContext=0x1049e28) returned 0x1049e28 [0108.427] CertEnumCertificatesInStore (hCertStore=0x1040f18, pPrevCertContext=0x1049e28) returned 0x0 [0108.427] CertCloseStore (hCertStore=0x1040f18, dwFlags=0x0) returned 1 [0108.427] CertFreeCertificateContext (pCertContext=0x1049e28) returned 1 [0108.439] CertOpenStore (lpszStoreProvider=0x2, dwEncodingType=0x10001, hCryptProv=0x0, dwFlags=0x2204, pvPara=0x0) returned 0x1041788 [0108.460] CertAddCRLLinkToStore (in: hCertStore=0x1041788, pCrlContext=0x1049c48, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1 [0108.461] CertAddCRLLinkToStore (in: hCertStore=0x1041788, pCrlContext=0x1049e28, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1 [0108.461] LocalAlloc (uFlags=0x40, uBytes=0x16) returned 0x1045400 [0108.465] CertGetCertificateChain (in: hChainEngine=0x0, pCertContext=0x1049e28, pTime=0xcfe360, hAdditionalStore=0x1041788, pChainPara=0xcfe2a0, dwFlags=0x0, pvReserved=0x0, ppChainContext=0xcfe294 | out: ppChainContext=0xcfe294) returned 1 [0108.528] LocalFree (hMem=0x1045400) returned 0x0 [0108.528] CertDuplicateCertificateChain (pChainContext=0x10505e0) returned 0x10505e0 [0108.529] CertDuplicateCertificateContext (pCertContext=0x1049e28) returned 0x1049e28 [0108.529] CertDuplicateCertificateContext (pCertContext=0x1049e78) returned 0x1049e78 [0108.529] CertDuplicateCertificateContext (pCertContext=0x104a198) returned 0x104a198 [0108.529] CertFreeCertificateChain (pChainContext=0x10505e0) [0108.530] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x1, pChainContext=0x10505e0, pPolicyPara=0xcfe440, pPolicyStatus=0xcfe42c | out: pPolicyStatus=0xcfe42c) returned 1 [0108.531] SetLastError (dwErrCode=0x0) [0108.533] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x4, pChainContext=0x10505e0, pPolicyPara=0xcfe4a0, pPolicyStatus=0xcfe454 | out: pPolicyStatus=0xcfe454) returned 1 [0108.539] CertFreeCertificateChain (pChainContext=0x10505e0) [0108.539] CertFreeCertificateContext (pCertContext=0x1049e28) returned 1 [0108.542] CoTaskMemAlloc (cb=0x20e) returned 0x7e29d00 [0108.542] GetEnvironmentVariableW (in: lpName="PinnableBufferCache_System.Net.SslStream_Disabled", lpBuffer=0x7e29d00, nSize=0x105 | out: lpBuffer="֐ą晘ă") returned 0x0 [0108.542] CoTaskMemFree (pv=0x7e29d00) [0108.542] CoTaskMemAlloc (cb=0x20e) returned 0x7e29d00 [0108.542] GetEnvironmentVariableW (in: lpName="PinnableBufferCache_System.Net.SslStream_MinCount", lpBuffer=0x7e29d00, nSize=0x105 | out: lpBuffer="֐ą晘ă") returned 0x0 [0108.542] CoTaskMemFree (pv=0x7e29d00) [0108.542] CoTaskMemAlloc (cb=0x20e) returned 0x7e29d00 [0108.542] GetEnvironmentVariableW (in: lpName="PinnableBufferCache_System.Net.SslStream_Disabled", lpBuffer=0x7e29d00, nSize=0x105 | out: lpBuffer="֐ą晘ă") returned 0x0 [0108.542] CoTaskMemFree (pv=0x7e29d00) [0108.542] CoTaskMemAlloc (cb=0x20e) returned 0x7e29d00 [0108.542] GetEnvironmentVariableW (in: lpName="PinnableBufferCache_System.Net.SslStream_MinCount", lpBuffer=0x7e29d00, nSize=0x105 | out: lpBuffer="֐ą晘ă") returned 0x0 [0108.543] CoTaskMemFree (pv=0x7e29d00) [0108.544] EncryptMessage (in: phContext=0x2da08a0, fQOP=0x0, pMessage=0x2daa1a8, MessageSeqNo=0x0 | out: pMessage=0x2daa1a8) returned 0x0 [0108.552] send (s=0x5ac, buf=0x2da8c80*, len=138, flags=0) returned 138 [0108.553] setsockopt (s=0x5ac, level=65535, optname=4102, optval=" \x86\x01", optlen=4) returned 0 [0108.554] recv (in: s=0x5ac, buf=0x2db64b8, len=5, flags=0 | out: buf=0x2db64b8*) returned 5 [0108.752] recv (in: s=0x5ac, buf=0x2db64bd, len=1424, flags=0 | out: buf=0x2db64bd*) returned 1424 [0108.754] DecryptMessage (in: phContext=0x2da08a0, pMessage=0x2dba578, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2dba578, pfQOP=0x0) returned 0x0 [0108.771] setsockopt (s=0x5ac, level=65535, optname=4102, optval="ô\x01", optlen=4) returned 0 [0108.772] QueryPerformanceCounter (in: lpPerformanceCount=0xcfed40 | out: lpPerformanceCount=0xcfed40*=19999663243) returned 1 [0108.772] QueryPerformanceCounter (in: lpPerformanceCount=0xcfed08 | out: lpPerformanceCount=0xcfed08*=19999671066) returned 1 [0108.776] recv (in: s=0x5ac, buf=0x2db64b8, len=5, flags=0 | out: buf=0x2db64b8*) returned 5 [0108.776] recv (in: s=0x5ac, buf=0x2db64bd, len=1424, flags=0 | out: buf=0x2db64bd*) returned 1424 [0108.776] DecryptMessage (in: phContext=0x2da08a0, pMessage=0x2dbe048, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2dbe048, pfQOP=0x0) returned 0x0 [0108.777] QueryPerformanceCounter (in: lpPerformanceCount=0xcfed08 | out: lpPerformanceCount=0xcfed08*=20000173949) returned 1 [0108.777] recv (in: s=0x5ac, buf=0x2db64b8, len=5, flags=0 | out: buf=0x2db64b8*) returned 5 [0108.777] recv (in: s=0x5ac, buf=0x2db64bd, len=1424, flags=0 | out: buf=0x2db64bd*) returned 1424 [0108.777] DecryptMessage (in: phContext=0x2da08a0, pMessage=0x2dbe168, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2dbe168, pfQOP=0x0) returned 0x0 [0108.777] QueryPerformanceCounter (in: lpPerformanceCount=0xcfed08 | out: lpPerformanceCount=0xcfed08*=20000209703) returned 1 [0108.777] recv (in: s=0x5ac, buf=0x2db64b8, len=5, flags=0 | out: buf=0x2db64b8*) returned 5 [0108.777] recv (in: s=0x5ac, buf=0x2db64bd, len=1424, flags=0 | out: buf=0x2db64bd*) returned 1424 [0108.777] DecryptMessage (in: phContext=0x2da08a0, pMessage=0x2dbe288, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2dbe288, pfQOP=0x0) returned 0x0 [0108.777] QueryPerformanceCounter (in: lpPerformanceCount=0xcfed08 | out: lpPerformanceCount=0xcfed08*=20000243432) returned 1 [0108.777] recv (in: s=0x5ac, buf=0x2db64b8, len=5, flags=0 | out: buf=0x2db64b8*) returned 5 [0108.777] recv (in: s=0x5ac, buf=0x2db64bd, len=1424, flags=0 | out: buf=0x2db64bd*) returned 1424 [0108.778] DecryptMessage (in: phContext=0x2da08a0, pMessage=0x2dbe3a8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2dbe3a8, pfQOP=0x0) returned 0x0 [0108.778] QueryPerformanceCounter (in: lpPerformanceCount=0xcfed08 | out: lpPerformanceCount=0xcfed08*=20000277144) returned 1 [0108.778] recv (in: s=0x5ac, buf=0x2db64b8, len=5, flags=0 | out: buf=0x2db64b8*) returned 5 [0108.778] recv (in: s=0x5ac, buf=0x2db64bd, len=1424, flags=0 | out: buf=0x2db64bd*) returned 1424 [0108.778] DecryptMessage (in: phContext=0x2da08a0, pMessage=0x2dbe4c8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2dbe4c8, pfQOP=0x0) returned 0x0 [0108.778] QueryPerformanceCounter (in: lpPerformanceCount=0xcfed08 | out: lpPerformanceCount=0xcfed08*=20000310458) returned 1 [0108.778] recv (in: s=0x5ac, buf=0x2db64b8, len=5, flags=0 | out: buf=0x2db64b8*) returned 5 [0108.778] recv (in: s=0x5ac, buf=0x2db64bd, len=1424, flags=0 | out: buf=0x2db64bd*) returned 1424 [0108.778] DecryptMessage (in: phContext=0x2da08a0, pMessage=0x2dbe5e8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2dbe5e8, pfQOP=0x0) returned 0x0 [0108.778] QueryPerformanceCounter (in: lpPerformanceCount=0xcfed08 | out: lpPerformanceCount=0xcfed08*=20000343765) returned 1 [0108.778] recv (in: s=0x5ac, buf=0x2db64b8, len=5, flags=0 | out: buf=0x2db64b8*) returned 5 [0108.779] recv (in: s=0x5ac, buf=0x2db64bd, len=1424, flags=0 | out: buf=0x2db64bd*) returned 1424 [0108.779] DecryptMessage (in: phContext=0x2da08a0, pMessage=0x2dbe708, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2dbe708, pfQOP=0x0) returned 0x0 [0108.779] QueryPerformanceCounter (in: lpPerformanceCount=0xcfed08 | out: lpPerformanceCount=0xcfed08*=20000413102) returned 1 [0108.779] recv (in: s=0x5ac, buf=0x2db64b8, len=5, flags=0 | out: buf=0x2db64b8*) returned 5 [0108.779] recv (in: s=0x5ac, buf=0x2db64bd, len=1424, flags=0 | out: buf=0x2db64bd*) returned 1424 [0108.779] DecryptMessage (in: phContext=0x2da08a0, pMessage=0x2dbe828, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2dbe828, pfQOP=0x0) returned 0x0 [0108.779] QueryPerformanceCounter (in: lpPerformanceCount=0xcfed08 | out: lpPerformanceCount=0xcfed08*=20000447645) returned 1 [0108.779] recv (in: s=0x5ac, buf=0x2db64b8, len=5, flags=0 | out: buf=0x2db64b8*) returned 5 [0108.780] recv (in: s=0x5ac, buf=0x2db64bd, len=1424, flags=0 | out: buf=0x2db64bd*) returned 1424 [0108.780] DecryptMessage (in: phContext=0x2da08a0, pMessage=0x2dbe948, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2dbe948, pfQOP=0x0) returned 0x0 [0108.780] QueryPerformanceCounter (in: lpPerformanceCount=0xcfed08 | out: lpPerformanceCount=0xcfed08*=20000480681) returned 1 [0108.780] recv (in: s=0x5ac, buf=0x2db64b8, len=5, flags=0 | out: buf=0x2db64b8*) returned 5 [0108.780] recv (in: s=0x5ac, buf=0x2db64bd, len=1424, flags=0 | out: buf=0x2db64bd*) returned 1424 [0108.780] DecryptMessage (in: phContext=0x2da08a0, pMessage=0x2dbea68, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2dbea68, pfQOP=0x0) returned 0x0 [0108.780] QueryPerformanceCounter (in: lpPerformanceCount=0xcfed08 | out: lpPerformanceCount=0xcfed08*=20000514810) returned 1 [0108.780] recv (in: s=0x5ac, buf=0x2db64b8, len=5, flags=0 | out: buf=0x2db64b8*) returned 5 [0108.780] recv (in: s=0x5ac, buf=0x2db64bd, len=1424, flags=0 | out: buf=0x2db64bd*) returned 1424 [0108.780] DecryptMessage (in: phContext=0x2da08a0, pMessage=0x2dbeb88, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2dbeb88, pfQOP=0x0) returned 0x0 [0108.780] QueryPerformanceCounter (in: lpPerformanceCount=0xcfed08 | out: lpPerformanceCount=0xcfed08*=20000547620) returned 1 [0108.780] recv (in: s=0x5ac, buf=0x2db64b8, len=5, flags=0 | out: buf=0x2db64b8*) returned 5 [0108.781] recv (in: s=0x5ac, buf=0x2db64bd, len=1424, flags=0 | out: buf=0x2db64bd*) returned 1424 [0108.781] DecryptMessage (in: phContext=0x2da08a0, pMessage=0x2dbeca8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2dbeca8, pfQOP=0x0) returned 0x0 [0108.781] QueryPerformanceCounter (in: lpPerformanceCount=0xcfed08 | out: lpPerformanceCount=0xcfed08*=20000579708) returned 1 [0108.781] recv (in: s=0x5ac, buf=0x2db64b8, len=5, flags=0 | out: buf=0x2db64b8*) returned 5 [0108.781] recv (in: s=0x5ac, buf=0x2db64bd, len=1424, flags=0 | out: buf=0x2db64bd*) returned 1424 [0108.781] DecryptMessage (in: phContext=0x2da08a0, pMessage=0x2dbedc8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2dbedc8, pfQOP=0x0) returned 0x0 [0108.781] QueryPerformanceCounter (in: lpPerformanceCount=0xcfed08 | out: lpPerformanceCount=0xcfed08*=20000614369) returned 1 [0108.781] recv (in: s=0x5ac, buf=0x2db64b8, len=5, flags=0 | out: buf=0x2db64b8*) returned 5 [0108.781] recv (in: s=0x5ac, buf=0x2db64bd, len=1424, flags=0 | out: buf=0x2db64bd*) returned 1424 [0108.781] DecryptMessage (in: phContext=0x2da08a0, pMessage=0x2dbeee8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2dbeee8, pfQOP=0x0) returned 0x0 [0108.781] QueryPerformanceCounter (in: lpPerformanceCount=0xcfed08 | out: lpPerformanceCount=0xcfed08*=20000647266) returned 1 [0108.781] recv (in: s=0x5ac, buf=0x2db64b8, len=5, flags=0 | out: buf=0x2db64b8*) returned 5 [0108.782] recv (in: s=0x5ac, buf=0x2db64bd, len=1424, flags=0 | out: buf=0x2db64bd*) returned 1424 [0108.782] DecryptMessage (in: phContext=0x2da08a0, pMessage=0x2dbf008, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2dbf008, pfQOP=0x0) returned 0x0 [0108.782] QueryPerformanceCounter (in: lpPerformanceCount=0xcfed08 | out: lpPerformanceCount=0xcfed08*=20000680310) returned 1 [0108.782] recv (in: s=0x5ac, buf=0x2db64b8, len=5, flags=0 | out: buf=0x2db64b8*) returned 5 [0108.782] recv (in: s=0x5ac, buf=0x2db64bd, len=1424, flags=0 | out: buf=0x2db64bd*) returned 1424 [0108.782] DecryptMessage (in: phContext=0x2da08a0, pMessage=0x2dbf128, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2dbf128, pfQOP=0x0) returned 0x0 [0108.782] QueryPerformanceCounter (in: lpPerformanceCount=0xcfed08 | out: lpPerformanceCount=0xcfed08*=20000715160) returned 1 [0108.782] recv (in: s=0x5ac, buf=0x2db64b8, len=5, flags=0 | out: buf=0x2db64b8*) returned 5 [0108.782] recv (in: s=0x5ac, buf=0x2db64bd, len=1424, flags=0 | out: buf=0x2db64bd*) returned 1424 [0108.782] DecryptMessage (in: phContext=0x2da08a0, pMessage=0x2dbf248, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2dbf248, pfQOP=0x0) returned 0x0 [0108.782] QueryPerformanceCounter (in: lpPerformanceCount=0xcfed08 | out: lpPerformanceCount=0xcfed08*=20000748601) returned 1 [0108.782] recv (in: s=0x5ac, buf=0x2db64b8, len=5, flags=0 | out: buf=0x2db64b8*) returned 5 [0108.783] recv (in: s=0x5ac, buf=0x2db64bd, len=1424, flags=0 | out: buf=0x2db64bd*) returned 1424 [0108.783] DecryptMessage (in: phContext=0x2da08a0, pMessage=0x2dbf368, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2dbf368, pfQOP=0x0) returned 0x0 [0108.783] QueryPerformanceCounter (in: lpPerformanceCount=0xcfed08 | out: lpPerformanceCount=0xcfed08*=20000782072) returned 1 [0108.783] recv (in: s=0x5ac, buf=0x2db64b8, len=5, flags=0 | out: buf=0x2db64b8*) returned 5 [0108.783] recv (in: s=0x5ac, buf=0x2db64bd, len=1424, flags=0 | out: buf=0x2db64bd*) returned 1424 [0108.783] DecryptMessage (in: phContext=0x2da08a0, pMessage=0x2dbf488, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2dbf488, pfQOP=0x0) returned 0x0 [0108.783] QueryPerformanceCounter (in: lpPerformanceCount=0xcfed08 | out: lpPerformanceCount=0xcfed08*=20000814109) returned 1 [0108.783] recv (in: s=0x5ac, buf=0x2db64b8, len=5, flags=0 | out: buf=0x2db64b8*) returned 5 [0108.783] recv (in: s=0x5ac, buf=0x2db64bd, len=464, flags=0 | out: buf=0x2db64bd*) returned 464 [0108.783] DecryptMessage (in: phContext=0x2da08a0, pMessage=0x2dbf5a8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2dbf5a8, pfQOP=0x0) returned 0x0 [0108.784] QueryPerformanceCounter (in: lpPerformanceCount=0xcfed08 | out: lpPerformanceCount=0xcfed08*=20000860186) returned 1 [0108.784] recv (in: s=0x5ac, buf=0x2db64b8, len=5, flags=0 | out: buf=0x2db64b8*) returned 5 [0108.784] recv (in: s=0x5ac, buf=0x2db64bd, len=144, flags=0 | out: buf=0x2db64bd*) returned 144 [0108.784] DecryptMessage (in: phContext=0x2da08a0, pMessage=0x2dbf6c8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2dbf6c8, pfQOP=0x0) returned 0x0 [0108.784] QueryPerformanceCounter (in: lpPerformanceCount=0xcfed08 | out: lpPerformanceCount=0xcfed08*=20000918661) returned 1 [0108.784] recv (in: s=0x5ac, buf=0x2db64b8, len=5, flags=0 | out: buf=0x2db64b8*) returned 5 [0108.784] recv (in: s=0x5ac, buf=0x2db64bd, len=1424, flags=0 | out: buf=0x2db64bd*) returned 1424 [0108.784] DecryptMessage (in: phContext=0x2da08a0, pMessage=0x2dbf7e8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2dbf7e8, pfQOP=0x0) returned 0x0 [0108.784] QueryPerformanceCounter (in: lpPerformanceCount=0xcfed08 | out: lpPerformanceCount=0xcfed08*=20000958983) returned 1 [0108.785] recv (in: s=0x5ac, buf=0x2db64b8, len=5, flags=0 | out: buf=0x2db64b8*) returned 5 [0108.785] recv (in: s=0x5ac, buf=0x2db64bd, len=1424, flags=0 | out: buf=0x2db64bd*) returned 1424 [0108.785] DecryptMessage (in: phContext=0x2da08a0, pMessage=0x2dbf908, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2dbf908, pfQOP=0x0) returned 0x0 [0108.785] QueryPerformanceCounter (in: lpPerformanceCount=0xcfed08 | out: lpPerformanceCount=0xcfed08*=20000993480) returned 1 [0108.785] recv (in: s=0x5ac, buf=0x2db64b8, len=5, flags=0 | out: buf=0x2db64b8*) returned 5 [0108.785] recv (in: s=0x5ac, buf=0x2db64bd, len=1424, flags=0 | out: buf=0x2db64bd*) returned 1424 [0108.785] DecryptMessage (in: phContext=0x2da08a0, pMessage=0x2dbfa28, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2dbfa28, pfQOP=0x0) returned 0x0 [0108.785] QueryPerformanceCounter (in: lpPerformanceCount=0xcfed08 | out: lpPerformanceCount=0xcfed08*=20001025473) returned 1 [0108.785] recv (in: s=0x5ac, buf=0x2db64b8, len=5, flags=0 | out: buf=0x2db64b8*) returned 5 [0108.785] recv (in: s=0x5ac, buf=0x2db64bd, len=1424, flags=0 | out: buf=0x2db64bd*) returned 1424 [0108.785] DecryptMessage (in: phContext=0x2da08a0, pMessage=0x2dbfb48, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2dbfb48, pfQOP=0x0) returned 0x0 [0108.785] QueryPerformanceCounter (in: lpPerformanceCount=0xcfed08 | out: lpPerformanceCount=0xcfed08*=20001059266) returned 1 [0108.786] recv (in: s=0x5ac, buf=0x2db64b8, len=5, flags=0 | out: buf=0x2db64b8*) returned 5 [0108.786] recv (in: s=0x5ac, buf=0x2db64bd, len=1424, flags=0 | out: buf=0x2db64bd*) returned 1424 [0108.786] DecryptMessage (in: phContext=0x2da08a0, pMessage=0x2dbfc68, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2dbfc68, pfQOP=0x0) returned 0x0 [0108.786] QueryPerformanceCounter (in: lpPerformanceCount=0xcfed08 | out: lpPerformanceCount=0xcfed08*=20001092248) returned 1 [0108.786] recv (in: s=0x5ac, buf=0x2db64b8, len=5, flags=0 | out: buf=0x2db64b8*) returned 5 [0108.786] recv (in: s=0x5ac, buf=0x2db64bd, len=1424, flags=0 | out: buf=0x2db64bd*) returned 1424 [0108.786] DecryptMessage (in: phContext=0x2da08a0, pMessage=0x2dbfd88, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2dbfd88, pfQOP=0x0) returned 0x0 [0108.786] QueryPerformanceCounter (in: lpPerformanceCount=0xcfed08 | out: lpPerformanceCount=0xcfed08*=20001124417) returned 1 [0108.786] recv (in: s=0x5ac, buf=0x2db64b8, len=5, flags=0 | out: buf=0x2db64b8*) returned 5 [0108.786] recv (in: s=0x5ac, buf=0x2db64bd, len=1424, flags=0 | out: buf=0x2db64bd*) returned 1424 [0108.786] DecryptMessage (in: phContext=0x2da08a0, pMessage=0x2dbfea8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2dbfea8, pfQOP=0x0) returned 0x0 [0108.786] QueryPerformanceCounter (in: lpPerformanceCount=0xcfed08 | out: lpPerformanceCount=0xcfed08*=20001157217) returned 1 [0108.787] recv (in: s=0x5ac, buf=0x2db64b8, len=5, flags=0 | out: buf=0x2db64b8*) returned 5 [0108.787] recv (in: s=0x5ac, buf=0x2db64bd, len=1424, flags=0 | out: buf=0x2db64bd*) returned 1424 [0108.787] DecryptMessage (in: phContext=0x2da08a0, pMessage=0x2dbffc8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2dbffc8, pfQOP=0x0) returned 0x0 [0108.787] QueryPerformanceCounter (in: lpPerformanceCount=0xcfed08 | out: lpPerformanceCount=0xcfed08*=20001189525) returned 1 [0108.787] recv (in: s=0x5ac, buf=0x2db64b8, len=5, flags=0 | out: buf=0x2db64b8*) returned 5 [0108.787] recv (in: s=0x5ac, buf=0x2db64bd, len=1424, flags=0 | out: buf=0x2db64bd*) returned 1424 [0108.787] DecryptMessage (in: phContext=0x2da08a0, pMessage=0x2dc00e8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2dc00e8, pfQOP=0x0) returned 0x0 [0108.787] QueryPerformanceCounter (in: lpPerformanceCount=0xcfed08 | out: lpPerformanceCount=0xcfed08*=20001222988) returned 1 [0108.787] recv (in: s=0x5ac, buf=0x2db64b8, len=5, flags=0 | out: buf=0x2db64b8*) returned 5 [0108.787] recv (in: s=0x5ac, buf=0x2db64bd, len=1424, flags=0 | out: buf=0x2db64bd*) returned 1424 [0108.787] DecryptMessage (in: phContext=0x2da08a0, pMessage=0x2dc0208, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2dc0208, pfQOP=0x0) returned 0x0 [0108.787] QueryPerformanceCounter (in: lpPerformanceCount=0xcfed08 | out: lpPerformanceCount=0xcfed08*=20001255145) returned 1 [0108.788] recv (in: s=0x5ac, buf=0x2db64b8, len=5, flags=0 | out: buf=0x2db64b8*) returned 5 [0108.788] recv (in: s=0x5ac, buf=0x2db64bd, len=1424, flags=0 | out: buf=0x2db64bd*) returned 1424 [0108.788] DecryptMessage (in: phContext=0x2da08a0, pMessage=0x2dc0328, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2dc0328, pfQOP=0x0) returned 0x0 [0108.788] QueryPerformanceCounter (in: lpPerformanceCount=0xcfed08 | out: lpPerformanceCount=0xcfed08*=20001288582) returned 1 [0108.788] recv (in: s=0x5ac, buf=0x2db64b8, len=5, flags=0 | out: buf=0x2db64b8*) returned 5 [0108.788] recv (in: s=0x5ac, buf=0x2db64bd, len=1424, flags=0 | out: buf=0x2db64bd*) returned 1424 [0108.788] DecryptMessage (in: phContext=0x2da08a0, pMessage=0x2dc0448, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2dc0448, pfQOP=0x0) returned 0x0 [0108.788] QueryPerformanceCounter (in: lpPerformanceCount=0xcfed08 | out: lpPerformanceCount=0xcfed08*=20001321973) returned 1 [0108.788] recv (in: s=0x5ac, buf=0x2db64b8, len=5, flags=0 | out: buf=0x2db64b8*) returned 5 [0108.788] recv (in: s=0x5ac, buf=0x2db64bd, len=1424, flags=0 | out: buf=0x2db64bd*) returned 1424 [0108.788] DecryptMessage (in: phContext=0x2da08a0, pMessage=0x2dc0568, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2dc0568, pfQOP=0x0) returned 0x0 [0108.789] QueryPerformanceCounter (in: lpPerformanceCount=0xcfed08 | out: lpPerformanceCount=0xcfed08*=20001364590) returned 1 [0108.789] recv (in: s=0x5ac, buf=0x2db64b8, len=5, flags=0 | out: buf=0x2db64b8*) returned 5 [0108.789] recv (in: s=0x5ac, buf=0x2db64bd, len=1424, flags=0 | out: buf=0x2db64bd*) returned 1424 [0108.789] DecryptMessage (in: phContext=0x2da08a0, pMessage=0x2dc0688, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2dc0688, pfQOP=0x0) returned 0x0 [0108.789] QueryPerformanceCounter (in: lpPerformanceCount=0xcfed08 | out: lpPerformanceCount=0xcfed08*=20001396440) returned 1 [0108.789] recv (in: s=0x5ac, buf=0x2db64b8, len=5, flags=0 | out: buf=0x2db64b8*) returned 5 [0108.789] recv (in: s=0x5ac, buf=0x2db64bd, len=1424, flags=0 | out: buf=0x2db64bd*) returned 1424 [0108.789] DecryptMessage (in: phContext=0x2da08a0, pMessage=0x2dc07a8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2dc07a8, pfQOP=0x0) returned 0x0 [0108.789] QueryPerformanceCounter (in: lpPerformanceCount=0xcfed08 | out: lpPerformanceCount=0xcfed08*=20001429639) returned 1 [0108.789] recv (in: s=0x5ac, buf=0x2db64b8, len=5, flags=0 | out: buf=0x2db64b8*) returned 5 [0108.789] recv (in: s=0x5ac, buf=0x2db64bd, len=1424, flags=0 | out: buf=0x2db64bd*) returned 1424 [0108.789] DecryptMessage (in: phContext=0x2da08a0, pMessage=0x2dc08c8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2dc08c8, pfQOP=0x0) returned 0x0 [0108.790] QueryPerformanceCounter (in: lpPerformanceCount=0xcfed08 | out: lpPerformanceCount=0xcfed08*=20001463218) returned 1 [0108.790] recv (in: s=0x5ac, buf=0x2db64b8, len=5, flags=0 | out: buf=0x2db64b8*) returned 5 [0108.790] recv (in: s=0x5ac, buf=0x2db64bd, len=176, flags=0 | out: buf=0x2db64bd*) returned 176 [0108.790] DecryptMessage (in: phContext=0x2da08a0, pMessage=0x2dc09e8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2dc09e8, pfQOP=0x0) returned 0x0 [0108.790] QueryPerformanceCounter (in: lpPerformanceCount=0xcfed08 | out: lpPerformanceCount=0xcfed08*=20001495311) returned 1 [0108.790] recv (in: s=0x5ac, buf=0x2db64b8, len=5, flags=0 | out: buf=0x2db64b8*) returned 5 [0108.790] recv (in: s=0x5ac, buf=0x2db64bd, len=32, flags=0 | out: buf=0x2db64bd*) returned 32 [0108.790] DecryptMessage (in: phContext=0x2da08a0, pMessage=0x2dc0b08, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2dc0b08, pfQOP=0x0) returned 0x0 [0108.790] SetEvent (hEvent=0x3e4) returned 1 [0108.790] QueryPerformanceCounter (in: lpPerformanceCount=0xcfed2c | out: lpPerformanceCount=0xcfed2c*=20001549535) returned 1 [0108.801] GetFullPathNameW (in: lpFileName="C:\\FD1HVy\\shade8.jpg", nBufferLength=0x105, lpBuffer=0xcfe78c, lpFilePart=0x0 | out: lpBuffer="C:\\FD1HVy\\shade8.jpg", lpFilePart=0x0) returned 0x14 [0108.801] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfecd0) returned 1 [0108.801] CreateFileW (lpFileName="C:\\FD1HVy\\shade8.jpg" (normalized: "c:\\fd1hvy\\shade8.jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x6a8 [0108.803] GetFileType (hFile=0x6a8) returned 0x1 [0108.803] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfeccc) returned 1 [0108.803] GetFileType (hFile=0x6a8) returned 0x1 [0108.805] QueryPerformanceCounter (in: lpPerformanceCount=0xcfed54 | out: lpPerformanceCount=0xcfed54*=20003012661) returned 1 [0108.805] SetEvent (hEvent=0x3e4) returned 1 [0108.806] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0xcfeb5c*=0x490, lpdwindex=0xcfe97c | out: lpdwindex=0xcfe97c) returned 0x80010115 [0108.806] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0xcfeb3c*=0x480, lpdwindex=0xcfe95c | out: lpdwindex=0xcfe95c) returned 0x80010115 [0108.807] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0xcfeb3c*=0x488, lpdwindex=0xcfe95c | out: lpdwindex=0xcfe95c) returned 0x80010115 [0108.807] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0xcfeb90*=0x4b0, lpdwindex=0xcfe9ac | out: lpdwindex=0xcfe9ac) returned 0x80010115 [0108.808] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0xcfeb90*=0x4b8, lpdwindex=0xcfe9ac | out: lpdwindex=0xcfe9ac) returned 0x80010115 [0108.808] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0xcfeb90*=0x4c0, lpdwindex=0xcfe9ac | out: lpdwindex=0xcfe9ac) returned 0x80010115 [0108.809] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x6b0 [0108.809] WSASocketW (af=23, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x6b4 [0108.810] GetAddrInfoW (in: pNodeName="i.imgur.com", pServiceName=0x0, pHints=0xcfea90*(ai_flags=2, ai_family=0, ai_socktype=0, ai_protocol=0, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0xcfea38 | out: ppResult=0xcfea38*=0x104e2e0*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="prod.imgur.map.fastlylb.net", ai_addr=0x1045e70*(sa_family=2, sin_port=0x0, sin_addr="151.101.112.193"), ai_next=0x0)) returned 0 [0108.829] FreeAddrInfoW (pAddrInfo=0x104e2e0*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="prod.imgur.map.fastlylb.net", ai_addr=0x1045e70*(sa_family=2, sin_port=0x0, sin_addr="151.101.112.193"), ai_next=0x0)) [0108.830] GetAddrInfoW (in: pNodeName="i.imgur.com", pServiceName=0x0, pHints=0xcfea90*(ai_flags=131072, ai_family=0, ai_socktype=0, ai_protocol=0, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0xcfea38 | out: ppResult=0xcfea38*=0x104e060*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="i.imgur.com", ai_addr=0x1045cd8*(sa_family=2, sin_port=0x0, sin_addr="151.101.112.193"), ai_next=0x0)) returned 0 [0108.832] FreeAddrInfoW (pAddrInfo=0x104e060*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="i.imgur.com", ai_addr=0x1045cd8*(sa_family=2, sin_port=0x0, sin_addr="151.101.112.193"), ai_next=0x0)) [0108.833] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0xcfe9d4*=0x5bc, lpdwindex=0xcfe7f4 | out: lpdwindex=0xcfe7f4) returned 0x80010115 [0108.834] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0xcfe9d4*=0x5c4, lpdwindex=0xcfe7f4 | out: lpdwindex=0xcfe7f4) returned 0x80010115 [0108.835] WSAConnect (in: s=0x6b0, name=0x2dd3674*(sa_family=2, sin_port=0x50, sin_addr="151.101.112.193"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0 [0108.853] closesocket (s=0x6b4) returned 0 [0108.853] send (s=0x6b0, buf=0x2d97c98*, len=72, flags=0) returned 72 [0108.854] setsockopt (s=0x6b0, level=65535, optname=4102, optval=" \x86\x01", optlen=4) returned 0 [0108.854] recv (in: s=0x6b0, buf=0x2d9238c, len=4096, flags=0 | out: buf=0x2d9238c*) returned 4096 [0108.880] setsockopt (s=0x6b0, level=65535, optname=4102, optval="à\x93\x04", optlen=4) returned 0 [0108.880] recv (in: s=0x6b0, buf=0x2dd43e8, len=65536, flags=0 | out: buf=0x2dd43e8*) returned 10304 [0108.881] WriteFile (in: hFile=0x6a8, lpBuffer=0x2de4418*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0xcfed14, lpOverlapped=0x0 | out: lpBuffer=0x2de4418*, lpNumberOfBytesWritten=0xcfed14*=0x1000, lpOverlapped=0x0) returned 1 [0108.882] WriteFile (in: hFile=0x6a8, lpBuffer=0x2dd45f4*, nNumberOfBytesToWrite=0x2634, lpNumberOfBytesWritten=0xcfed14, lpOverlapped=0x0 | out: lpBuffer=0x2dd45f4*, lpNumberOfBytesWritten=0xcfed14*=0x2634, lpOverlapped=0x0) returned 1 [0108.882] recv (in: s=0x6b0, buf=0x2dd43e8, len=65536, flags=0 | out: buf=0x2dd43e8*) returned 31680 [0108.916] WriteFile (in: hFile=0x6a8, lpBuffer=0x2dd43e8*, nNumberOfBytesToWrite=0x7bc0, lpNumberOfBytesWritten=0xcfed14, lpOverlapped=0x0 | out: lpBuffer=0x2dd43e8*, lpNumberOfBytesWritten=0xcfed14*=0x7bc0, lpOverlapped=0x0) returned 1 [0108.917] recv (in: s=0x6b0, buf=0x2dd43e8, len=65536, flags=0 | out: buf=0x2dd43e8*) returned 54720 [0108.917] WriteFile (in: hFile=0x6a8, lpBuffer=0x2dd43e8*, nNumberOfBytesToWrite=0xd5c0, lpNumberOfBytesWritten=0xcfed14, lpOverlapped=0x0 | out: lpBuffer=0x2dd43e8*, lpNumberOfBytesWritten=0xcfed14*=0xd5c0, lpOverlapped=0x0) returned 1 [0108.918] recv (in: s=0x6b0, buf=0x2dd43e8, len=65536, flags=0 | out: buf=0x2dd43e8*) returned 31680 [0108.930] WriteFile (in: hFile=0x6a8, lpBuffer=0x2dd43e8*, nNumberOfBytesToWrite=0x7bc0, lpNumberOfBytesWritten=0xcfed14, lpOverlapped=0x0 | out: lpBuffer=0x2dd43e8*, lpNumberOfBytesWritten=0xcfed14*=0x7bc0, lpOverlapped=0x0) returned 1 [0108.931] recv (in: s=0x6b0, buf=0x2dd43e8, len=65536, flags=0 | out: buf=0x2dd43e8*) returned 34368 [0108.931] WriteFile (in: hFile=0x6a8, lpBuffer=0x2dd43e8*, nNumberOfBytesToWrite=0x8640, lpNumberOfBytesWritten=0xcfed14, lpOverlapped=0x0 | out: lpBuffer=0x2dd43e8*, lpNumberOfBytesWritten=0xcfed14*=0x8640, lpOverlapped=0x0) returned 1 [0108.931] recv (in: s=0x6b0, buf=0x2dd43e8, len=65536, flags=0 | out: buf=0x2dd43e8*) returned 31680 [0108.945] WriteFile (in: hFile=0x6a8, lpBuffer=0x2dd43e8*, nNumberOfBytesToWrite=0x7bc0, lpNumberOfBytesWritten=0xcfed14, lpOverlapped=0x0 | out: lpBuffer=0x2dd43e8*, lpNumberOfBytesWritten=0xcfed14*=0x7bc0, lpOverlapped=0x0) returned 1 [0108.946] recv (in: s=0x6b0, buf=0x2dd43e8, len=65536, flags=0 | out: buf=0x2dd43e8*) returned 34368 [0108.946] WriteFile (in: hFile=0x6a8, lpBuffer=0x2dd43e8*, nNumberOfBytesToWrite=0x8640, lpNumberOfBytesWritten=0xcfed14, lpOverlapped=0x0 | out: lpBuffer=0x2dd43e8*, lpNumberOfBytesWritten=0xcfed14*=0x8640, lpOverlapped=0x0) returned 1 [0108.947] recv (in: s=0x6b0, buf=0x2dd43e8, len=65536, flags=0 | out: buf=0x2dd43e8*) returned 60672 [0108.959] WriteFile (in: hFile=0x6a8, lpBuffer=0x2dd43e8*, nNumberOfBytesToWrite=0xed00, lpNumberOfBytesWritten=0xcfed14, lpOverlapped=0x0 | out: lpBuffer=0x2dd43e8*, lpNumberOfBytesWritten=0xcfed14*=0xed00, lpOverlapped=0x0) returned 1 [0108.961] recv (in: s=0x6b0, buf=0x2dd43e8, len=65536, flags=0 | out: buf=0x2dd43e8*) returned 5376 [0108.961] WriteFile (in: hFile=0x6a8, lpBuffer=0x2dd43e8*, nNumberOfBytesToWrite=0x1500, lpNumberOfBytesWritten=0xcfed14, lpOverlapped=0x0 | out: lpBuffer=0x2dd43e8*, lpNumberOfBytesWritten=0xcfed14*=0x1500, lpOverlapped=0x0) returned 1 [0108.961] recv (in: s=0x6b0, buf=0x2dd43e8, len=65536, flags=0 | out: buf=0x2dd43e8*) returned 57984 [0108.972] WriteFile (in: hFile=0x6a8, lpBuffer=0x2dd43e8*, nNumberOfBytesToWrite=0xe280, lpNumberOfBytesWritten=0xcfed14, lpOverlapped=0x0 | out: lpBuffer=0x2dd43e8*, lpNumberOfBytesWritten=0xcfed14*=0xe280, lpOverlapped=0x0) returned 1 [0108.973] recv (in: s=0x6b0, buf=0x2dd43e8, len=16145, flags=0 | out: buf=0x2dd43e8*) returned 16145 [0108.974] WriteFile (in: hFile=0x6a8, lpBuffer=0x2dd43e8*, nNumberOfBytesToWrite=0x3f11, lpNumberOfBytesWritten=0xcfed14, lpOverlapped=0x0 | out: lpBuffer=0x2dd43e8*, lpNumberOfBytesWritten=0xcfed14*=0x3f11, lpOverlapped=0x0) returned 1 [0108.974] CloseHandle (hObject=0x6a8) returned 1 [0108.994] SystemParametersInfoW (in: uiAction=0x14, uiParam=0x0, pvParam="C:\\FD1HVy\\shade8.jpg" (normalized: "c:\\fd1hvy\\shade8.jpg"), fWinIni=0x3 | out: pvParam=0x2d7af64) returned 1 [0109.304] CallWindowProcW (lpPrevWndFunc=0x77c35690, hWnd=0x4021c, Msg=0x1a, wParam=0x14, lParam=0x9ad0b8) returned 0x0 [0109.304] CallWindowProcW (lpPrevWndFunc=0x77c35690, hWnd=0x30226, Msg=0x1a, wParam=0x14, lParam=0x9ad0b8) returned 0x0 [0109.306] SystemParametersInfoW (in: uiAction=0x26, uiParam=0x0, pvParam=0xcfe940, fWinIni=0x0 | out: pvParam=0xcfe940) returned 1 [0109.307] PostMessageW (hWnd=0x4021e, Msg=0x201a, wParam=0x14, lParam=0xfe11a8) returned 1 [0109.307] NtdllDefWindowProc_W (hWnd=0x4021e, Msg=0x1a, wParam=0x14, lParam=0x9ad0b8) returned 0x0 [0109.818] QueryPerformanceCounter (in: lpPerformanceCount=0xcfed18 | out: lpPerformanceCount=0xcfed18*=20104311021) returned 1 [0109.818] SetEvent (hEvent=0x3e4) returned 1 [0109.818] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0xcfeb20*=0x490, lpdwindex=0xcfe93c | out: lpdwindex=0xcfe93c) returned 0x80010115 [0109.819] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0xcfeb00*=0x480, lpdwindex=0xcfe91c | out: lpdwindex=0xcfe91c) returned 0x80010115 [0109.819] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0xcfeb00*=0x488, lpdwindex=0xcfe91c | out: lpdwindex=0xcfe91c) returned 0x80010115 [0109.820] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0xcfeb54*=0x4b0, lpdwindex=0xcfe974 | out: lpdwindex=0xcfe974) returned 0x80010115 [0109.820] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0xcfeb54*=0x4b8, lpdwindex=0xcfe974 | out: lpdwindex=0xcfe974) returned 0x80010115 [0109.820] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0xcfeb54*=0x4c0, lpdwindex=0xcfe974 | out: lpdwindex=0xcfe974) returned 0x80010115 [0109.821] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x6a8 [0109.821] WSASocketW (af=23, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x6b4 [0109.822] GetAddrInfoW (in: pNodeName="radioisangano.com", pServiceName=0x0, pHints=0xcfea54*(ai_flags=2, ai_family=0, ai_socktype=0, ai_protocol=0, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0xcfe9fc | out: ppResult=0xcfe9fc*=0x104de58*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="radioisangano.com", ai_addr=0x1045e70*(sa_family=2, sin_port=0x0, sin_addr="50.87.145.8"), ai_next=0x0)) returned 0 [0109.914] FreeAddrInfoW (pAddrInfo=0x104de58*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="radioisangano.com", ai_addr=0x1045e70*(sa_family=2, sin_port=0x0, sin_addr="50.87.145.8"), ai_next=0x0)) [0109.914] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0xcfe998*=0x5bc, lpdwindex=0xcfe7b4 | out: lpdwindex=0xcfe7b4) returned 0x80010115 [0109.915] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0xcfe998*=0x5c4, lpdwindex=0xcfe7b4 | out: lpdwindex=0xcfe7b4) returned 0x80010115 [0109.915] WSAConnect (in: s=0x6a8, name=0x2de821c*(sa_family=2, sin_port=0x50, sin_addr="50.87.145.8"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0 [0110.140] closesocket (s=0x6b4) returned 0 [0110.140] send (s=0x6a8, buf=0x2d97c98*, len=140, flags=0) returned 140 [0110.140] setsockopt (s=0x6a8, level=65535, optname=4102, optval=" \x86\x01", optlen=4) returned 0 [0110.141] recv (in: s=0x6a8, buf=0x2dd11c0, len=4096, flags=0 | out: buf=0x2dd11c0*) returned 212 [0110.549] GetWindowThreadProcessId (in: hWnd=0x30226, lpdwProcessId=0xcfee20 | out: lpdwProcessId=0xcfee20) returned 0x344 [0110.549] GetCurrentThreadId () returned 0x344 [0110.549] RegisterClipboardFormatW (lpszFormat="WindowsForms12_ThreadCallbackMessage") returned 0xc151 [0110.549] PostMessageW (hWnd=0x30226, Msg=0xc151, wParam=0x0, lParam=0x0) returned 1 [0110.550] GetWindowTextLengthW (hWnd=0x30226) returned 5 [0110.550] CallWindowProcW (lpPrevWndFunc=0x77c35690, hWnd=0x30226, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x5 [0110.550] GetSystemMetrics (nIndex=42) returned 0 [0110.550] GetWindowTextW (in: hWnd=0x30226, lpString=0xcfeda0, nMaxCount=6 | out: lpString="shade") returned 5 [0110.550] CallWindowProcW (lpPrevWndFunc=0x77c35690, hWnd=0x30226, Msg=0xd, wParam=0x6, lParam=0xcfeda0) returned 0x5 [0110.553] OleInitialize (pvReserved=0x0) returned 0x0 [0110.553] CoRegisterMessageFilter (in: lpMessageFilter=0x0, lplpMessageFilter=0xcff34c | out: lplpMessageFilter=0xcff34c*=0x0) returned 0x0 [0110.554] PeekMessageW (in: lpMsg=0xcff320, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0xcff320) returned 1 [0110.554] IsWindowUnicode (hWnd=0x30226) returned 1 [0110.555] GetMessageW (in: lpMsg=0xcff320, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0xcff320) returned 1 [0110.555] TranslateMessage (lpMsg=0xcff320) returned 0 [0110.556] DispatchMessageW (lpMsg=0xcff320) returned 0x0 [0110.556] CallWindowProcW (lpPrevWndFunc=0x77c35690, hWnd=0x30226, Msg=0x46, wParam=0x0, lParam=0xcff074) returned 0x0 [0110.556] CallWindowProcW (lpPrevWndFunc=0x77c35690, hWnd=0x30226, Msg=0x83, wParam=0x1, lParam=0xcff04c) returned 0x0 [0110.556] CallWindowProcW (lpPrevWndFunc=0x77c35690, hWnd=0x30226, Msg=0x85, wParam=0x1, lParam=0x0) returned 0x0 [0110.557] GetWindowPlacement (in: hWnd=0x30226, lpwndpl=0xcfedbc | out: lpwndpl=0xcfedbc) returned 1 [0110.557] GetClientRect (in: hWnd=0x30226, lpRect=0xcfed68 | out: lpRect=0xcfed68) returned 1 [0110.557] GetWindowTextLengthW (hWnd=0x30226) returned 5 [0110.557] CallWindowProcW (lpPrevWndFunc=0x77c35690, hWnd=0x30226, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x5 [0110.558] GetSystemMetrics (nIndex=42) returned 0 [0110.558] GetWindowTextW (in: hWnd=0x30226, lpString=0xcfec34, nMaxCount=6 | out: lpString="shade") returned 5 [0110.558] CallWindowProcW (lpPrevWndFunc=0x77c35690, hWnd=0x30226, Msg=0xd, wParam=0x6, lParam=0xcfec34) returned 0x5 [0110.558] GetClientRect (in: hWnd=0x30226, lpRect=0xcfec70 | out: lpRect=0xcfec70) returned 1 [0110.558] GetCurrentObject (hdc=0x60100ce, type=0x1) returned 0xb00017 [0110.558] GetCurrentObject (hdc=0x60100ce, type=0x2) returned 0x900010 [0110.558] GetCurrentObject (hdc=0x60100ce, type=0x7) returned 0x32050730 [0110.558] GetCurrentObject (hdc=0x60100ce, type=0x6) returned 0x8a01c2 [0110.558] SaveDC (hdc=0x60100ce) returned 1 [0110.558] GetNearestColor (hdc=0x60100ce, color=0xf0f0f0) returned 0xf0f0f0 [0110.558] CreateSolidBrush (color=0xf0f0f0) returned 0x2f100677 [0110.558] FillRect (hDC=0x60100ce, lprc=0xcfeb10, hbr=0x2f100677) returned 1 [0110.559] DeleteObject (ho=0x2f100677) returned 1 [0110.559] RestoreDC (hdc=0x60100ce, nSavedDC=-1) returned 1 [0110.559] GetWindowPlacement (in: hWnd=0x30226, lpwndpl=0xcfeda0 | out: lpwndpl=0xcfeda0) returned 1 [0110.559] CallWindowProcW (lpPrevWndFunc=0x77c35690, hWnd=0x30226, Msg=0x47, wParam=0x0, lParam=0xcff074) returned 0x0 [0110.559] GetClientRect (in: hWnd=0x30226, lpRect=0xcfed50 | out: lpRect=0xcfed50) returned 1 [0110.559] GetWindowRect (in: hWnd=0x30226, lpRect=0xcfed50 | out: lpRect=0xcfed50) returned 1 [0110.560] CallWindowProcW (lpPrevWndFunc=0x77c35690, hWnd=0x30226, Msg=0x83, wParam=0x1, lParam=0xcfeb8c) returned 0x0 [0110.561] CallWindowProcW (lpPrevWndFunc=0x77c35690, hWnd=0x30226, Msg=0x85, wParam=0x1, lParam=0x0) returned 0x0 [0110.561] GetWindowPlacement (in: hWnd=0x30226, lpwndpl=0xcfe8fc | out: lpwndpl=0xcfe8fc) returned 1 [0110.561] GetClientRect (in: hWnd=0x30226, lpRect=0xcfe8a8 | out: lpRect=0xcfe8a8) returned 1 [0110.561] GetWindowTextLengthW (hWnd=0x30226) returned 5 [0110.561] CallWindowProcW (lpPrevWndFunc=0x77c35690, hWnd=0x30226, Msg=0xe, wParam=0x0, lParam=0x0) returned 0x5 [0110.561] GetSystemMetrics (nIndex=42) returned 0 [0110.561] GetWindowTextW (in: hWnd=0x30226, lpString=0xcfe774, nMaxCount=6 | out: lpString="shade") returned 5 [0110.561] CallWindowProcW (lpPrevWndFunc=0x77c35690, hWnd=0x30226, Msg=0xd, wParam=0x6, lParam=0xcfe774) returned 0x5 [0110.562] GetClientRect (in: hWnd=0x30226, lpRect=0xcfe7b0 | out: lpRect=0xcfe7b0) returned 1 [0110.562] GetCurrentObject (hdc=0x1b0106f5, type=0x1) returned 0xb00017 [0110.562] GetCurrentObject (hdc=0x1b0106f5, type=0x2) returned 0x900010 [0110.562] GetCurrentObject (hdc=0x1b0106f5, type=0x7) returned 0x32050730 [0110.562] GetCurrentObject (hdc=0x1b0106f5, type=0x6) returned 0x8a01c2 [0110.562] SaveDC (hdc=0x1b0106f5) returned 1 [0110.562] GetNearestColor (hdc=0x1b0106f5, color=0xf0f0f0) returned 0xf0f0f0 [0110.562] CreateSolidBrush (color=0xf0f0f0) returned 0x30100677 [0110.562] FillRect (hDC=0x1b0106f5, lprc=0xcfe650, hbr=0x30100677) returned 1 [0110.562] DeleteObject (ho=0x30100677) returned 1 [0110.562] RestoreDC (hdc=0x1b0106f5, nSavedDC=-1) returned 1 [0110.563] CallWindowProcW (lpPrevWndFunc=0x77c35690, hWnd=0x30226, Msg=0x31f, wParam=0x1, lParam=0x0) returned 0x0 [0110.563] PeekMessageW (in: lpMsg=0xcff320, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0xcff320) returned 1 [0110.563] IsWindowUnicode (hWnd=0x4021c) returned 1 [0110.563] GetMessageW (in: lpMsg=0xcff320, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0xcff320) returned 1 [0110.563] TranslateMessage (lpMsg=0xcff320) returned 0 [0110.563] DispatchMessageW (lpMsg=0xcff320) returned 0x0 [0110.563] CallWindowProcW (lpPrevWndFunc=0x77c35690, hWnd=0x4021c, Msg=0x31f, wParam=0x1, lParam=0x0) returned 0x0 [0110.563] PeekMessageW (in: lpMsg=0xcff320, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0xcff320) returned 1 [0110.563] IsWindowUnicode (hWnd=0x4021e) returned 1 [0110.563] GetMessageW (in: lpMsg=0xcff320, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0xcff320) returned 1 [0110.563] TranslateMessage (lpMsg=0xcff320) returned 0 [0110.563] DispatchMessageW (lpMsg=0xcff320) returned 0x0 [0110.574] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\fatura.exe", nBufferLength=0x105, lpBuffer=0xcfe9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\fatura.exe", lpFilePart=0x0) returned 0x2d [0110.574] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\fatura.exe", nBufferLength=0x105, lpBuffer=0xcfe948, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\fatura.exe", lpFilePart=0x0) returned 0x2d [0110.574] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\fatura.exe", nBufferLength=0x105, lpBuffer=0xcfe9a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\fatura.exe", lpFilePart=0x0) returned 0x2d [0110.574] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0xcfee54) returned 1 [0110.574] GetFileAttributesExW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\fatura.exe" (normalized: "c:\\users\\fd1hvy\\appdata\\local\\temp\\fatura.exe"), fInfoLevelId=0x0, lpFileInformation=0xcfeed0 | out: lpFileInformation=0xcfeed0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0110.574] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0xcfee50) returned 1 [0110.578] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\fatura.exe", nBufferLength=0x105, lpBuffer=0xcfe9a8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\fatura.exe", lpFilePart=0x0) returned 0x2d [0110.578] GetFullPathNameW (in: lpFileName="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\fatura.exe", nBufferLength=0x105, lpBuffer=0xcfe93c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\FD1HVy\\AppData\\Local\\Temp\\fatura.exe", lpFilePart=0x0) returned 0x2d [0110.587] GetWindowThreadProcessId (in: hWnd=0x20244, lpdwProcessId=0xcfef4c | out: lpdwProcessId=0xcfef4c) returned 0x344 [0110.587] GetCurrentThreadId () returned 0x344 [0110.605] GetWindowThreadProcessId (in: hWnd=0x20244, lpdwProcessId=0xcfef4c | out: lpdwProcessId=0xcfef4c) returned 0x344 [0110.605] GetCurrentThreadId () returned 0x344 [0110.606] LocalFree (hMem=0xfe11a8) returned 0x0 [0110.606] NtdllDefWindowProc_W (hWnd=0x4021e, Msg=0x201a, wParam=0x14, lParam=0xfe11a8) returned 0x0 [0110.606] PeekMessageW (in: lpMsg=0xcff320, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0xcff320) returned 1 [0110.606] GetMessageA (in: lpMsg=0xcff320, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0xcff320) returned 0 [0110.610] DestroyCursor (hCursor=0x140205) returned 1 [0110.612] GetWindowLongW (hWnd=0x30226, nIndex=-20) returned 590208 [0110.612] DestroyWindow (hWnd=0x30226) returned 1 [0110.612] CallWindowProcW (lpPrevWndFunc=0x77c35690, hWnd=0x30226, Msg=0x90, wParam=0x0, lParam=0x0) returned 0x0 [0110.612] CallWindowProcW (lpPrevWndFunc=0x77c35690, hWnd=0x30226, Msg=0x46, wParam=0x0, lParam=0xcff0d4) returned 0x0 [0110.617] GetWindowPlacement (in: hWnd=0x30226, lpwndpl=0xcfee00 | out: lpwndpl=0xcfee00) returned 1 [0110.617] CallWindowProcW (lpPrevWndFunc=0x77c35690, hWnd=0x30226, Msg=0x47, wParam=0x0, lParam=0xcff0d4) returned 0x0 [0110.617] GetClientRect (in: hWnd=0x30226, lpRect=0xcfedb0 | out: lpRect=0xcfedb0) returned 1 [0110.617] GetWindowRect (in: hWnd=0x30226, lpRect=0xcfedb0 | out: lpRect=0xcfedb0) returned 1 [0110.618] PostThreadMessageW (idThread=0x344, Msg=0x12, wParam=0x0, lParam=0x0) returned 1 [0110.618] CallWindowProcW (lpPrevWndFunc=0x77c35690, hWnd=0x30226, Msg=0x2, wParam=0x0, lParam=0x0) returned 0x0 [0110.618] CallWindowProcW (lpPrevWndFunc=0x77c35690, hWnd=0x30226, Msg=0x82, wParam=0x0, lParam=0x0) returned 0x0 [0110.618] DestroyWindow (hWnd=0x4021c) returned 1 [0110.619] CallWindowProcW (lpPrevWndFunc=0x77c35690, hWnd=0x4021c, Msg=0x90, wParam=0x0, lParam=0x0) returned 0x0 [0110.619] CallWindowProcW (lpPrevWndFunc=0x77c35690, hWnd=0x4021c, Msg=0x2, wParam=0x0, lParam=0x0) returned 0x0 [0110.619] CallWindowProcW (lpPrevWndFunc=0x77c35690, hWnd=0x4021c, Msg=0x82, wParam=0x0, lParam=0x0) returned 0x0 [0110.628] GetCurrentThreadId () returned 0x344 [0110.652] EnumThreadWindows (dwThreadId=0x344, lpfn=0x52604de, lParam=0x0) returned 1 [0110.652] IsWindowVisible (hWnd=0x4021e) returned 0 [0110.652] IsWindowVisible (hWnd=0x40220) returned 0 [0110.653] GetCurrentThreadId () returned 0x344 [0110.653] GetCurrentThreadId () returned 0x344 [0110.653] EnumThreadWindows (dwThreadId=0x344, lpfn=0x5260506, lParam=0x0) returned 1 [0110.654] IsWindowVisible (hWnd=0x4021e) returned 0 [0110.654] IsWindowVisible (hWnd=0x40220) returned 0 [0110.655] OleUninitialize () [0110.655] CloseHandle (hObject=0x2d8) returned 1 [0110.655] DeactivateActCtx (dwFlags=0x0, ulCookie=0x1be80002) returned 1 [0110.656] CoGetContextToken (in: pToken=0xcffcd0 | out: pToken=0xcffcd0) returned 0x0 [0110.656] CObjectContext::QueryInterface () returned 0x0 [0110.656] CObjectContext::GetCurrentThreadType () returned 0x0 [0110.656] Release () returned 0x0 [0110.657] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x13880, cHandles=0x1, pHandles=0xfa2918*=0x17c, lpdwindex=0xcffb74 | out: lpdwindex=0xcffb74) returned 0x0 Thread: id = 104 os_tid = 0xda4 Thread: id = 108 os_tid = 0xf60 Thread: id = 109 os_tid = 0x9e4 [0080.542] CoGetContextToken (in: pToken=0x4c9f614 | out: pToken=0x4c9f614) returned 0x800401f0 [0080.542] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0080.542] RoInitialize () returned 0x1 [0080.542] RoUninitialize () returned 0x0 [0088.392] CloseHandle (hObject=0x2bc) returned 1 [0088.392] CloseHandle (hObject=0x2cc) returned 1 [0088.392] CloseHandle (hObject=0x2b8) returned 1 [0088.392] CloseHandle (hObject=0x2c4) returned 1 [0088.392] CloseHandle (hObject=0x2d0) returned 1 [0088.392] CloseHandle (hObject=0x2c0) returned 1 [0088.392] CloseHandle (hObject=0x2b4) returned 1 [0088.393] CloseHandle (hObject=0x2c8) returned 1 [0110.700] SetWindowLongW (hWnd=0x20244, nIndex=-4, dwNewLong=2009290384) returned 86377958 [0110.701] SetClassLongW (hWnd=0x20244, nIndex=-24, dwNewLong=2009290384) returned 0x52605be [0110.702] PostMessageW (hWnd=0x20244, Msg=0x10, wParam=0x0, lParam=0x0) returned 1 [0110.702] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0110.703] UnregisterClassW (lpClassName="WindowsForms10.Window.0.app.0.141b42a_r9_ad1", hInstance=0x400000) returned 1 [0110.703] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0110.703] UnregisterClassW (lpClassName="WindowsForms10.Window.8.app.0.141b42a_r9_ad1", hInstance=0x400000) returned 0 [0110.703] EtwEventUnregister (RegHandle=0xfd6a80) returned 0x0 [0110.703] EtwEventUnregister (RegHandle=0x100e420) returned 0x0 [0110.705] IsWindow (hWnd=0x4021e) returned 1 [0110.706] GetModuleHandleW (lpModuleName="user32.dll") returned 0x74b70000 [0110.706] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x400, lpWideCharStr="DefWindowProcW", cchWideChar=14, lpMultiByteStr=0x4c9f3b4, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DefWindowProcW\x87o`ùéÔðù=q8öÉ\x04\x01", lpUsedDefaultChar=0x0) returned 14 [0110.707] GetProcAddress (hModule=0x74b70000, lpProcName="DefWindowProcW") returned 0x77c35690 [0110.707] SetWindowLongW (hWnd=0x4021e, nIndex=-4, dwNewLong=2009290384) returned 86378118 [0110.707] SetClassLongW (hWnd=0x4021e, nIndex=-24, dwNewLong=2009290384) returned 0x5260686 [0110.708] IsWindow (hWnd=0x4021e) returned 1 [0110.708] DestroyWindow (hWnd=0x4021e) returned 0 [0110.708] PostMessageW (hWnd=0x4021e, Msg=0x10, wParam=0x0, lParam=0x0) returned 1 [0110.708] SetConsoleCtrlHandler (HandlerRoutine=0x526065e, Add=0) returned 1 [0110.719] GdipDeleteFont (font=0x51fef48) returned 0x0 [0110.720] DeleteObject (ho=0x280a072c) returned 1 [0110.720] DestroyCursor (hCursor=0xb0121) returned 1 [0110.721] CloseHandle (hObject=0x5cc) returned 1 [0110.721] setsockopt (s=0x6b0, level=65535, optname=128, optval="\x01", optlen=4) returned 0 [0110.721] closesocket (s=0x6b0) returned 0 [0110.723] setsockopt (s=0x6a8, level=65535, optname=128, optval="\x01", optlen=4) returned 0 [0110.723] closesocket (s=0x6a8) returned 0 [0110.725] setsockopt (s=0x5c0, level=65535, optname=128, optval="\x01", optlen=4) returned -1 [0110.725] closesocket (s=0x5c0) returned 0 [0110.725] CloseHandle (hObject=0x5c4) returned 1 [0110.726] setsockopt (s=0x5b4, level=65535, optname=128, optval="\x01", optlen=4) returned -1 [0110.726] closesocket (s=0x5b4) returned 0 [0110.726] CloseHandle (hObject=0x5bc) returned 1 [0110.726] setsockopt (s=0x5ac, level=65535, optname=128, optval="\x01", optlen=4) returned 0 [0110.727] closesocket (s=0x5ac) returned 0 [0110.728] CloseHandle (hObject=0x57c) returned 1 [0110.728] CloseHandle (hObject=0x578) returned 1 [0110.729] CloseHandle (hObject=0x510) returned 1 [0110.729] CloseHandle (hObject=0x50c) returned 1 [0110.729] WinHttpCloseHandle (hInternet=0x10269f8) returned 1 [0110.730] CloseHandle (hObject=0x4c4) returned 1 [0110.731] CloseHandle (hObject=0x4c0) returned 1 [0110.731] RegCloseKey (hKey=0x4bc) returned 0x0 [0110.731] CloseHandle (hObject=0x4b8) returned 1 [0110.731] RegCloseKey (hKey=0x4b4) returned 0x0 [0110.732] CloseHandle (hObject=0x4b0) returned 1 [0110.732] RegCloseKey (hKey=0x4ac) returned 0x0 [0110.732] RegCloseKey (hKey=0x4a8) returned 0x0 [0110.732] CloseHandle (hObject=0x490) returned 1 [0110.733] setsockopt (s=0x484, level=65535, optname=128, optval="\x01", optlen=4) returned -1 [0110.733] closesocket (s=0x484) returned 0 [0110.733] CloseHandle (hObject=0x488) returned 1 [0110.733] setsockopt (s=0x47c, level=65535, optname=128, optval="\x01", optlen=4) returned -1 [0110.733] closesocket (s=0x47c) returned 0 [0110.734] CloseHandle (hObject=0x480) returned 1 [0110.734] CloseHandle (hObject=0x414) returned 1 [0110.734] CloseHandle (hObject=0x410) returned 1 [0110.735] CloseHandle (hObject=0x40c) returned 1 [0110.735] CloseHandle (hObject=0x408) returned 1 [0110.735] CloseHandle (hObject=0x404) returned 1 [0110.735] CloseHandle (hObject=0x3fc) returned 1 [0110.736] CloseHandle (hObject=0x3f8) returned 1 [0110.736] CertFreeCertificateContext (pCertContext=0x104a198) returned 1 [0110.736] CertFreeCertificateContext (pCertContext=0x1049e78) returned 1 [0110.737] CertFreeCertificateContext (pCertContext=0x1049e28) returned 1 [0110.737] CloseHandle (hObject=0x2bc) returned 1 [0110.737] CloseHandle (hObject=0x2cc) returned 1 [0110.737] CloseHandle (hObject=0x2b8) returned 1 [0110.738] UnmapViewOfFile (lpBaseAddress=0x5270000) returned 1 [0110.745] CertCloseStore (hCertStore=0x1041788, dwFlags=0x0) returned 1 [0110.757] CertFreeCertificateContext (pCertContext=0x1049e28) returned 1 [0110.758] CertFreeCertificateContext (pCertContext=0x1049c48) returned 1 [0110.759] RegCloseKey (hKey=0x80000004) returned 0x0 [0110.759] FreeCredentialsHandle (phCredential=0x2da069c) returned 0x0 [0110.760] DeleteSecurityContext (phContext=0x2da08a0) returned 0x0 [0110.762] SleepEx (dwMilliseconds=0xffffffff, bAlertable=0) Thread: id = 110 os_tid = 0xc6c Thread: id = 111 os_tid = 0xddc [0110.208] CoGetContextToken (in: pToken=0x7ddfc4c | out: pToken=0x7ddfc4c) returned 0x0 [0110.208] CObjectContext::QueryInterface () returned 0x0 [0110.208] CObjectContext::GetCurrentThreadType () returned 0x0 [0110.208] Release () returned 0x0 Thread: id = 112 os_tid = 0x540 Thread: id = 113 os_tid = 0x784 Thread: id = 114 os_tid = 0xe7c [0104.952] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0104.952] RoInitialize () returned 0x1 [0104.952] RoUninitialize () returned 0x0 [0104.955] ResetEvent (hEvent=0x3e4) returned 1 Thread: id = 115 os_tid = 0xcec Thread: id = 116 os_tid = 0x7f0 Thread: id = 117 os_tid = 0xf5c Thread: id = 118 os_tid = 0x744 Thread: id = 119 os_tid = 0xdb4 Thread: id = 120 os_tid = 0xe38